[dev.link] all: merge branch 'master' into dev.link
Clean merge.
Change-Id: I4a73cd4bac2f4d35d2c07c39f2bc01c6075fadab
diff --git a/doc/articles/wiki/final-noclosure.go b/doc/articles/wiki/final-noclosure.go
index e7a5a34..d894e7d 100644
--- a/doc/articles/wiki/final-noclosure.go
+++ b/doc/articles/wiki/final-noclosure.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/final-noerror.go b/doc/articles/wiki/final-noerror.go
index 42a22da..250236d 100644
--- a/doc/articles/wiki/final-noerror.go
+++ b/doc/articles/wiki/final-noerror.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/final-parsetemplate.go b/doc/articles/wiki/final-parsetemplate.go
index a9aa7f2..0b90cbd 100644
--- a/doc/articles/wiki/final-parsetemplate.go
+++ b/doc/articles/wiki/final-parsetemplate.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/final-template.go b/doc/articles/wiki/final-template.go
index 7ea480e..5028664 100644
--- a/doc/articles/wiki/final-template.go
+++ b/doc/articles/wiki/final-template.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/final-test.patch b/doc/articles/wiki/final-test.patch
deleted file mode 100644
index fd7d625..0000000
--- a/doc/articles/wiki/final-test.patch
+++ /dev/null
@@ -1,27 +0,0 @@
---- final.go 2017-08-31 13:19:00.422925489 -0700
-+++ final-test.go 2017-08-31 13:23:43.381391659 -0700
-@@ -8,6 +8,7 @@
- "html/template"
- "io/ioutil"
- "log"
-+ "net"
- "net/http"
- "regexp"
- )
-@@ -86,5 +87,15 @@
- http.HandleFunc("/edit/", makeHandler(editHandler))
- http.HandleFunc("/save/", makeHandler(saveHandler))
-
-- log.Fatal(http.ListenAndServe(":8080", nil))
-+ l, err := net.Listen("tcp", "127.0.0.1:0")
-+ if err != nil {
-+ log.Fatal(err)
-+ }
-+ err = ioutil.WriteFile("final-test-port.txt", []byte(l.Addr().String()), 0644)
-+ if err != nil {
-+ log.Fatal(err)
-+ }
-+ s := &http.Server{}
-+ s.Serve(l)
-+ return
- }
diff --git a/doc/articles/wiki/final.go b/doc/articles/wiki/final.go
index 0f6646b..b1439b0 100644
--- a/doc/articles/wiki/final.go
+++ b/doc/articles/wiki/final.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/final_test.go b/doc/articles/wiki/final_test.go
new file mode 100644
index 0000000..7644699
--- /dev/null
+++ b/doc/articles/wiki/final_test.go
@@ -0,0 +1,24 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ignore
+
+package main
+
+import (
+ "fmt"
+ "log"
+ "net"
+ "net/http"
+)
+
+func serve() error {
+ l, err := net.Listen("tcp", "127.0.0.1:0")
+ if err != nil {
+ log.Fatal(err)
+ }
+ fmt.Println(l.Addr().String())
+ s := &http.Server{}
+ return s.Serve(l)
+}
diff --git a/doc/articles/wiki/get.go b/doc/articles/wiki/get.go
deleted file mode 100644
index b3e464b..0000000
--- a/doc/articles/wiki/get.go
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2011 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
- "flag"
- "fmt"
- "io"
- "log"
- "net"
- "net/http"
- "os"
- "strings"
- "time"
-)
-
-var (
- post = flag.String("post", "", "urlencoded form data to POST")
- addr = flag.Bool("addr", false, "find open address and print to stdout")
- wait = flag.Duration("wait_for_port", 0, "if non-zero, the amount of time to wait for the address to become available")
-)
-
-func main() {
- flag.Parse()
- if *addr {
- l, err := net.Listen("tcp", "127.0.0.1:0")
- if err != nil {
- log.Fatal(err)
- }
- defer l.Close()
- fmt.Print(l.Addr())
- return
- }
- url := flag.Arg(0)
- if url == "" {
- log.Fatal("no url supplied")
- }
- var r *http.Response
- var err error
- loopUntil := time.Now().Add(*wait)
- for {
- if *post != "" {
- b := strings.NewReader(*post)
- r, err = http.Post(url, "application/x-www-form-urlencoded", b)
- } else {
- r, err = http.Get(url)
- }
- if err == nil || *wait == 0 || time.Now().After(loopUntil) {
- break
- }
- time.Sleep(100 * time.Millisecond)
- }
- if err != nil {
- log.Fatal(err)
- }
- defer r.Body.Close()
- _, err = io.Copy(os.Stdout, r.Body)
- if err != nil {
- log.Fatal(err)
- }
-}
diff --git a/doc/articles/wiki/go.mod b/doc/articles/wiki/go.mod
new file mode 100644
index 0000000..38153ed
--- /dev/null
+++ b/doc/articles/wiki/go.mod
@@ -0,0 +1,3 @@
+module doc/articles/wiki
+
+go 1.14
diff --git a/doc/articles/wiki/http-sample.go b/doc/articles/wiki/http-sample.go
index 9bc2084..803b88c 100644
--- a/doc/articles/wiki/http-sample.go
+++ b/doc/articles/wiki/http-sample.go
@@ -1,3 +1,5 @@
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/notemplate.go b/doc/articles/wiki/notemplate.go
index 0fda7a9..4b358f2 100644
--- a/doc/articles/wiki/notemplate.go
+++ b/doc/articles/wiki/notemplate.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/part1-noerror.go b/doc/articles/wiki/part1-noerror.go
index 7577b7b..913c6dc 100644
--- a/doc/articles/wiki/part1-noerror.go
+++ b/doc/articles/wiki/part1-noerror.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/part1.go b/doc/articles/wiki/part1.go
index d7bf1be..2ff1abd 100644
--- a/doc/articles/wiki/part1.go
+++ b/doc/articles/wiki/part1.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/part2.go b/doc/articles/wiki/part2.go
index 30f9dcf..db92f4c 100644
--- a/doc/articles/wiki/part2.go
+++ b/doc/articles/wiki/part2.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/part3-errorhandling.go b/doc/articles/wiki/part3-errorhandling.go
index 34b13a6..2c8b42d 100644
--- a/doc/articles/wiki/part3-errorhandling.go
+++ b/doc/articles/wiki/part3-errorhandling.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/part3.go b/doc/articles/wiki/part3.go
index 5e5d505..437ea33 100644
--- a/doc/articles/wiki/part3.go
+++ b/doc/articles/wiki/part3.go
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// +build ignore
+
package main
import (
diff --git a/doc/articles/wiki/test.bash b/doc/articles/wiki/test.bash
deleted file mode 100755
index cec51fd..0000000
--- a/doc/articles/wiki/test.bash
+++ /dev/null
@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2010 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-set -e
-
-if ! which patch > /dev/null; then
- echo "Skipping test; patch command not found."
- exit 0
-fi
-
-wiki_pid=
-cleanup() {
- kill $wiki_pid
- rm -f test_*.out Test.txt final-test.go final-test.bin final-test-port.txt a.out get.bin
-}
-trap cleanup 0 INT
-
-rm -f get.bin final-test.bin a.out
-
-# If called with -all, check that all code snippets compile.
-if [ "$1" = "-all" ]; then
- for fn in *.go; do
- go build -o a.out $fn
- done
-fi
-
-go build -o get.bin get.go
-cp final.go final-test.go
-patch final-test.go final-test.patch > /dev/null
-go build -o final-test.bin final-test.go
-./final-test.bin &
-wiki_pid=$!
-
-l=0
-while [ ! -f ./final-test-port.txt ]
-do
- l=$(($l+1))
- if [ "$l" -gt 5 ]
- then
- echo "port not available within 5 seconds"
- exit 1
- break
- fi
- sleep 1
-done
-
-addr=$(cat final-test-port.txt)
-./get.bin http://$addr/edit/Test > test_edit.out
-diff -u test_edit.out test_edit.good
-./get.bin -post=body=some%20content http://$addr/save/Test > test_save.out
-diff -u test_save.out test_view.good # should be the same as viewing
-diff -u Test.txt test_Test.txt.good
-./get.bin http://$addr/view/Test > test_view.out
-diff -u test_view.out test_view.good
-
-echo PASS
diff --git a/doc/articles/wiki/wiki_test.go b/doc/articles/wiki/wiki_test.go
new file mode 100644
index 0000000..1d976fd
--- /dev/null
+++ b/doc/articles/wiki/wiki_test.go
@@ -0,0 +1,165 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main_test
+
+import (
+ "bytes"
+ "fmt"
+ "io/ioutil"
+ "net/http"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+ "testing"
+)
+
+func TestSnippetsCompile(t *testing.T) {
+ if testing.Short() {
+ t.Skip("skipping slow builds in short mode")
+ }
+
+ goFiles, err := filepath.Glob("*.go")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ for _, f := range goFiles {
+ if strings.HasSuffix(f, "_test.go") {
+ continue
+ }
+ f := f
+ t.Run(f, func(t *testing.T) {
+ t.Parallel()
+
+ cmd := exec.Command("go", "build", "-o", os.DevNull, f)
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Errorf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, out)
+ }
+ })
+ }
+}
+
+func TestWikiServer(t *testing.T) {
+ must := func(err error) {
+ if err != nil {
+ t.Helper()
+ t.Fatal(err)
+ }
+ }
+
+ dir, err := ioutil.TempDir("", t.Name())
+ must(err)
+ defer os.RemoveAll(dir)
+
+ // We're testing a walkthrough example of how to write a server.
+ //
+ // That server hard-codes a port number to make the walkthrough simpler, but
+ // we can't assume that the hard-coded port is available on an arbitrary
+ // builder. So we'll patch out the hard-coded port, and replace it with a
+ // function that writes the server's address to stdout
+ // so that we can read it and know where to send the test requests.
+
+ finalGo, err := ioutil.ReadFile("final.go")
+ must(err)
+ const patchOld = `log.Fatal(http.ListenAndServe(":8080", nil))`
+ patched := bytes.ReplaceAll(finalGo, []byte(patchOld), []byte(`log.Fatal(serve())`))
+ if bytes.Equal(patched, finalGo) {
+ t.Fatalf("Can't patch final.go: %q not found.", patchOld)
+ }
+ must(ioutil.WriteFile(filepath.Join(dir, "final_patched.go"), patched, 0644))
+
+ // Build the server binary from the patched sources.
+ // The 'go' command requires that they all be in the same directory.
+ // final_test.go provides the implemtation for our serve function.
+ must(copyFile(filepath.Join(dir, "final_srv.go"), "final_test.go"))
+ cmd := exec.Command("go", "build",
+ "-o", filepath.Join(dir, "final.exe"),
+ filepath.Join(dir, "final_patched.go"),
+ filepath.Join(dir, "final_srv.go"))
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Fatalf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, out)
+ }
+
+ // Run the server in our temporary directory so that it can
+ // write its content there. It also needs a couple of template files,
+ // and looks for them in the same directory.
+ must(copyFile(filepath.Join(dir, "edit.html"), "edit.html"))
+ must(copyFile(filepath.Join(dir, "view.html"), "view.html"))
+ cmd = exec.Command(filepath.Join(dir, "final.exe"))
+ cmd.Dir = dir
+ stderr := bytes.NewBuffer(nil)
+ cmd.Stderr = stderr
+ stdout, err := cmd.StdoutPipe()
+ must(err)
+ must(cmd.Start())
+
+ defer func() {
+ cmd.Process.Kill()
+ err := cmd.Wait()
+ if stderr.Len() > 0 {
+ t.Logf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, stderr)
+ }
+ }()
+
+ var addr string
+ if _, err := fmt.Fscanln(stdout, &addr); err != nil || addr == "" {
+ t.Fatalf("Failed to read server address: %v", err)
+ }
+
+ // The server is up and has told us its address.
+ // Make sure that its HTTP API works as described in the article.
+
+ r, err := http.Get(fmt.Sprintf("http://%s/edit/Test", addr))
+ must(err)
+ responseMustMatchFile(t, r, "test_edit.good")
+
+ r, err = http.Post(fmt.Sprintf("http://%s/save/Test", addr),
+ "application/x-www-form-urlencoded",
+ strings.NewReader("body=some%20content"))
+ must(err)
+ responseMustMatchFile(t, r, "test_view.good")
+
+ gotTxt, err := ioutil.ReadFile(filepath.Join(dir, "Test.txt"))
+ must(err)
+ wantTxt, err := ioutil.ReadFile("test_Test.txt.good")
+ must(err)
+ if !bytes.Equal(wantTxt, gotTxt) {
+ t.Fatalf("Test.txt differs from expected after posting to /save.\ngot:\n%s\nwant:\n%s", gotTxt, wantTxt)
+ }
+
+ r, err = http.Get(fmt.Sprintf("http://%s/view/Test", addr))
+ must(err)
+ responseMustMatchFile(t, r, "test_view.good")
+}
+
+func responseMustMatchFile(t *testing.T, r *http.Response, filename string) {
+ t.Helper()
+
+ defer r.Body.Close()
+ body, err := ioutil.ReadAll(r.Body)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ wantBody, err := ioutil.ReadFile(filename)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ if !bytes.Equal(body, wantBody) {
+ t.Fatalf("%v: body does not match %s.\ngot:\n%s\nwant:\n%s", r.Request.URL, filename, body, wantBody)
+ }
+}
+
+func copyFile(dst, src string) error {
+ buf, err := ioutil.ReadFile(src)
+ if err != nil {
+ return err
+ }
+ return ioutil.WriteFile(dst, buf, 0644)
+}
diff --git a/doc/codewalk/codewalk_test.go b/doc/codewalk/codewalk_test.go
new file mode 100644
index 0000000..31f078a
--- /dev/null
+++ b/doc/codewalk/codewalk_test.go
@@ -0,0 +1,52 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main_test
+
+import (
+ "bytes"
+ "os"
+ "os/exec"
+ "strings"
+ "testing"
+)
+
+// TestMarkov tests the code dependency of markov.xml.
+func TestMarkov(t *testing.T) {
+ cmd := exec.Command("go", "run", "markov.go")
+ cmd.Stdin = strings.NewReader("foo")
+ cmd.Stderr = bytes.NewBuffer(nil)
+ out, err := cmd.Output()
+ if err != nil {
+ t.Fatalf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, cmd.Stderr)
+ }
+
+ if !bytes.Equal(out, []byte("foo\n")) {
+ t.Fatalf(`%s with input "foo" did not output "foo":\n%s`, strings.Join(cmd.Args, " "), out)
+ }
+}
+
+// TestPig tests the code dependency of functions.xml.
+func TestPig(t *testing.T) {
+ cmd := exec.Command("go", "run", "pig.go")
+ cmd.Stderr = bytes.NewBuffer(nil)
+ out, err := cmd.Output()
+ if err != nil {
+ t.Fatalf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, cmd.Stderr)
+ }
+
+ const want = "Wins, losses staying at k = 100: 210/990 (21.2%), 780/990 (78.8%)\n"
+ if !bytes.Contains(out, []byte(want)) {
+ t.Fatalf(`%s: unexpected output\ngot:\n%s\nwant output containing:\n%s`, strings.Join(cmd.Args, " "), out, want)
+ }
+}
+
+// TestURLPoll tests the code dependency of sharemem.xml.
+func TestURLPoll(t *testing.T) {
+ cmd := exec.Command("go", "build", "-o", os.DevNull, "urlpoll.go")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Fatalf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, out)
+ }
+}
diff --git a/doc/codewalk/run b/doc/codewalk/run
deleted file mode 100755
index afc64c1..0000000
--- a/doc/codewalk/run
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 2013 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-set -e
-
-function fail {
- echo FAIL: doc/codewalk/$1
- exit 1
-}
-
-# markov.xml
-echo foo | go run markov.go | grep foo > /dev/null || fail markov
-
-# functions.xml
-go run pig.go | grep 'Wins, losses staying at k = 100: 210/990 (21.2%), 780/990 (78.8%)' > /dev/null || fail pig
-
-# sharemem.xml: only build the example, as it uses the network
-go build urlpoll.go || fail urlpoll
-rm -f urlpoll
diff --git a/doc/progs/run.go b/doc/progs/run.go
index 06ea130..baef3f7 100644
--- a/doc/progs/run.go
+++ b/doc/progs/run.go
@@ -16,6 +16,7 @@
"regexp"
"runtime"
"strings"
+ "time"
)
const usage = `go run run.go [tests]
@@ -26,6 +27,8 @@
`
func main() {
+ start := time.Now()
+
flag.Usage = func() {
fmt.Fprintf(os.Stderr, usage)
flag.PrintDefaults()
@@ -70,6 +73,9 @@
}
}
os.Remove(tmpdir)
+ if rc == 0 {
+ fmt.Printf("ok\t%s\t%s\n", filepath.Base(os.Args[0]), time.Since(start).Round(time.Millisecond))
+ }
os.Exit(rc)
}
@@ -78,7 +84,7 @@
// and checks that the output matches the regexp want.
func test(tmpdir, file, want string) error {
// Build the program.
- prog := filepath.Join(tmpdir, file)
+ prog := filepath.Join(tmpdir, file+".exe")
cmd := exec.Command("go", "build", "-o", prog, file+".go")
out, err := cmd.CombinedOutput()
if err != nil {
diff --git a/misc/cgo/life/overlaydir_test.go b/misc/cgo/life/overlaydir_test.go
index f381ea6..a25b125 100644
--- a/misc/cgo/life/overlaydir_test.go
+++ b/misc/cgo/life/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/stdio/overlaydir_test.go b/misc/cgo/stdio/overlaydir_test.go
index 8a8dcdb..5d6858f 100644
--- a/misc/cgo/stdio/overlaydir_test.go
+++ b/misc/cgo/stdio/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/test/overlaydir_test.go b/misc/cgo/test/overlaydir_test.go
index 1b5c67d..cad9577 100644
--- a/misc/cgo/test/overlaydir_test.go
+++ b/misc/cgo/test/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testcarchive/overlaydir_test.go b/misc/cgo/testcarchive/overlaydir_test.go
index 68878e4..ee35dd5 100644
--- a/misc/cgo/testcarchive/overlaydir_test.go
+++ b/misc/cgo/testcarchive/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testcshared/cshared_test.go b/misc/cgo/testcshared/cshared_test.go
index daef3a9..194dec9 100644
--- a/misc/cgo/testcshared/cshared_test.go
+++ b/misc/cgo/testcshared/cshared_test.go
@@ -103,7 +103,7 @@
// TODO(crawshaw): can we do better?
cc = append(cc, []string{"-framework", "CoreFoundation", "-framework", "Foundation"}...)
case "android":
- cc = append(cc, "-pie", "-fuse-ld=gold")
+ cc = append(cc, "-pie")
}
libgodir := GOOS + "_" + GOARCH
switch GOOS {
diff --git a/misc/cgo/testcshared/overlaydir_test.go b/misc/cgo/testcshared/overlaydir_test.go
index 1eaabf6..0c23ec0 100644
--- a/misc/cgo/testcshared/overlaydir_test.go
+++ b/misc/cgo/testcshared/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testgodefs/test.bash b/misc/cgo/testgodefs/test.bash
deleted file mode 100755
index e4ce2ee..0000000
--- a/misc/cgo/testgodefs/test.bash
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright 2014 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-# We are testing cgo -godefs, which translates Go files that use
-# import "C" into Go files with Go definitions of types defined in the
-# import "C" block. Add more tests here.
-FILE_PREFIXES="anonunion issue8478 fieldtypedef"
-
-cd testdata
-
-RM=
-for FP in $FILE_PREFIXES
-do
- go tool cgo -godefs -srcdir . ${FP}.go > ${FP}_defs.go
- RM="${RM} ${FP}_defs.go"
-done
-
-go build -o testgodefs . && ./testgodefs
-EXIT=$?
-rm -rf _obj testgodefs ${RM}
-exit $EXIT
diff --git a/misc/cgo/testgodefs/testgodefs_test.go b/misc/cgo/testgodefs/testgodefs_test.go
new file mode 100644
index 0000000..c02c3ff
--- /dev/null
+++ b/misc/cgo/testgodefs/testgodefs_test.go
@@ -0,0 +1,83 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package testgodefs
+
+import (
+ "bytes"
+ "io/ioutil"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+ "testing"
+)
+
+// We are testing cgo -godefs, which translates Go files that use
+// import "C" into Go files with Go definitions of types defined in the
+// import "C" block. Add more tests here.
+var filePrefixes = []string{
+ "anonunion",
+ "issue8478",
+ "fieldtypedef",
+}
+
+func TestGoDefs(t *testing.T) {
+ testdata, err := filepath.Abs("testdata")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ gopath, err := ioutil.TempDir("", "testgodefs-gopath")
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer os.RemoveAll(gopath)
+
+ dir := filepath.Join(gopath, "src", "testgodefs")
+ if err := os.MkdirAll(dir, 0755); err != nil {
+ t.Fatal(err)
+ }
+
+ for _, fp := range filePrefixes {
+ cmd := exec.Command("go", "tool", "cgo",
+ "-godefs",
+ "-srcdir", testdata,
+ "-objdir", dir,
+ fp+".go")
+ cmd.Stderr = new(bytes.Buffer)
+
+ out, err := cmd.Output()
+ if err != nil {
+ t.Fatalf("%s: %v\n%s", strings.Join(cmd.Args, " "), err, cmd.Stderr)
+ }
+
+ if err := ioutil.WriteFile(filepath.Join(dir, fp+"_defs.go"), out, 0644); err != nil {
+ t.Fatal(err)
+ }
+ }
+
+ main, err := ioutil.ReadFile(filepath.Join("testdata", "main.go"))
+ if err != nil {
+ t.Fatal(err)
+ }
+ if err := ioutil.WriteFile(filepath.Join(dir, "main.go"), main, 0644); err != nil {
+ t.Fatal(err)
+ }
+
+ if err := ioutil.WriteFile(filepath.Join(dir, "go.mod"), []byte("module testgodefs\ngo 1.14\n"), 0644); err != nil {
+ t.Fatal(err)
+ }
+
+ // Use 'go run' to build and run the resulting binary in a single step,
+ // instead of invoking 'go build' and the resulting binary separately, so that
+ // this test can pass on mobile builders, which do not copy artifacts back
+ // from remote invocations.
+ cmd := exec.Command("go", "run", ".")
+ cmd.Env = append(os.Environ(), "GOPATH="+gopath)
+ cmd.Dir = dir
+ if out, err := cmd.CombinedOutput(); err != nil {
+ t.Fatalf("%s [%s]: %v\n%s", strings.Join(cmd.Args, " "), dir, err, out)
+ }
+}
diff --git a/misc/cgo/testplugin/overlaydir_test.go b/misc/cgo/testplugin/overlaydir_test.go
index b68436ac..ffb107c 100644
--- a/misc/cgo/testplugin/overlaydir_test.go
+++ b/misc/cgo/testplugin/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testplugin/plugin_test.go b/misc/cgo/testplugin/plugin_test.go
index 7e2b6eb..bf7abcb 100644
--- a/misc/cgo/testplugin/plugin_test.go
+++ b/misc/cgo/testplugin/plugin_test.go
@@ -14,7 +14,6 @@
"os"
"os/exec"
"path/filepath"
- "runtime"
"strings"
"testing"
"time"
@@ -114,11 +113,7 @@
func TestDWARFSections(t *testing.T) {
// test that DWARF sections are emitted for plugins and programs importing "plugin"
- if runtime.GOOS != "darwin" {
- // On macOS, for some reason, the linker doesn't add debug sections to .so,
- // see issue #27502.
- goCmd(t, "run", "./checkdwarf/main.go", "plugin2.so", "plugin2.UnexportedNameReuse")
- }
+ goCmd(t, "run", "./checkdwarf/main.go", "plugin2.so", "plugin2.UnexportedNameReuse")
goCmd(t, "run", "./checkdwarf/main.go", "./host.exe", "main.main")
}
diff --git a/misc/cgo/testshared/overlaydir_test.go b/misc/cgo/testshared/overlaydir_test.go
index 68be056..3a7c9b0 100644
--- a/misc/cgo/testshared/overlaydir_test.go
+++ b/misc/cgo/testshared/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testso/overlaydir_test.go b/misc/cgo/testso/overlaydir_test.go
index 10c874d..91732d1 100644
--- a/misc/cgo/testso/overlaydir_test.go
+++ b/misc/cgo/testso/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/cgo/testsovar/overlaydir_test.go b/misc/cgo/testsovar/overlaydir_test.go
index 10c874d..91732d1 100644
--- a/misc/cgo/testsovar/overlaydir_test.go
+++ b/misc/cgo/testsovar/overlaydir_test.go
@@ -52,7 +52,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/reboot/overlaydir_test.go b/misc/reboot/overlaydir_test.go
index b38a8ef..6e77b2e 100644
--- a/misc/reboot/overlaydir_test.go
+++ b/misc/reboot/overlaydir_test.go
@@ -51,7 +51,7 @@
// Always copy directories (don't symlink them).
// If we add a file in the overlay, we don't want to add it in the original.
if info.IsDir() {
- return os.Mkdir(dstPath, perm)
+ return os.Mkdir(dstPath, perm|0200)
}
// If the OS supports symlinks, use them instead of copying bytes.
diff --git a/misc/trace/trace_viewer_full.html b/misc/trace/trace_viewer_full.html
index 2936069..c8689ba 100644
--- a/misc/trace/trace_viewer_full.html
+++ b/misc/trace/trace_viewer_full.html
@@ -6307,7 +6307,7 @@
className=className.toLowerCase();if(opt_parentConstructor&&!opt_parentConstructor.tagName){throw new Error('opt_parentConstructor was not '+'created by tr.ui.b.define');}
let tagName=className;let tagNS=undefined;if(opt_parentConstructor){if(opt_tagNS){throw new Error('Must not specify tagNS if parentConstructor is given');}
let parent=opt_parentConstructor;while(parent&&parent.tagName){tagName=parent.tagName;tagNS=parent.tagNS;parent=parent.parentConstructor;}}else{tagNS=opt_tagNS;}
-function f(){if(opt_parentConstructor&&f.prototype.__proto__!==opt_parentConstructor.prototype){throw new Error(className+' prototye\'s __proto__ field is messed up. '+'It MUST be the prototype of '+opt_parentConstructor.tagName);}
+function f(){if(opt_parentConstructor&&f.prototype.__proto__!==opt_parentConstructor.prototype){throw new Error(className+' prototype\'s __proto__ field is messed up. '+'It MUST be the prototype of '+opt_parentConstructor.tagName);}
let el;if(tagNS===undefined){el=tr.doc.createElement(tagName);}else{el=tr.doc.createElementNS(tagNS,tagName);}
f.decorate.call(this,el,arguments);return el;}
f.decorate=function(el){el.__proto__=f.prototype;el.decorate.apply(el,arguments[1]);el.constructor=f;};f.className=className;f.tagName=tagName;f.tagNS=tagNS;f.parentConstructor=(opt_parentConstructor?opt_parentConstructor:undefined);f.toString=function(){if(!f.parentConstructor){return f.tagName;}
diff --git a/src/cmd/compile/internal/gc/bexport.go b/src/cmd/compile/internal/gc/bexport.go
index e67506f..5ced66c 100644
--- a/src/cmd/compile/internal/gc/bexport.go
+++ b/src/cmd/compile/internal/gc/bexport.go
@@ -127,7 +127,7 @@
)
// untype returns the "pseudo" untyped type for a Ctype (import/export use only).
-// (we can't use an pre-initialized array because we must be sure all types are
+// (we can't use a pre-initialized array because we must be sure all types are
// set up)
func untype(ctype Ctype) *types.Type {
switch ctype {
diff --git a/src/cmd/compile/internal/gc/escape.go b/src/cmd/compile/internal/gc/escape.go
index 0f71f99..76c91ba 100644
--- a/src/cmd/compile/internal/gc/escape.go
+++ b/src/cmd/compile/internal/gc/escape.go
@@ -1226,8 +1226,17 @@
// explainPath prints an explanation of how src flows to the walk root.
func (e *Escape) explainPath(root, src *EscLocation) {
+ visited := make(map[*EscLocation]bool)
+
pos := linestr(src.n.Pos)
for {
+ // Prevent infinite loop.
+ if visited[src] {
+ fmt.Printf("%s: warning: truncated explanation due to assignment cycle; see golang.org/issue/35518\n", pos)
+ break
+ }
+ visited[src] = true
+
dst := src.dst
edge := &dst.edges[src.dstEdgeIdx]
if edge.src != src {
diff --git a/src/cmd/compile/internal/gc/inl.go b/src/cmd/compile/internal/gc/inl.go
index 7dfff34..48c7de3 100644
--- a/src/cmd/compile/internal/gc/inl.go
+++ b/src/cmd/compile/internal/gc/inl.go
@@ -27,6 +27,7 @@
package gc
import (
+ "cmd/compile/internal/logopt"
"cmd/compile/internal/types"
"cmd/internal/obj"
"cmd/internal/src"
@@ -115,10 +116,15 @@
}
var reason string // reason, if any, that the function was not inlined
- if Debug['m'] > 1 {
+ if Debug['m'] > 1 || logopt.Enabled() {
defer func() {
if reason != "" {
- fmt.Printf("%v: cannot inline %v: %s\n", fn.Line(), fn.Func.Nname, reason)
+ if Debug['m'] > 1 {
+ fmt.Printf("%v: cannot inline %v: %s\n", fn.Line(), fn.Func.Nname, reason)
+ }
+ if logopt.Enabled() {
+ logopt.LogOpt(fn.Pos, "cannotInlineFunction", "inline", fn.funcname(), reason)
+ }
}
}()
}
@@ -223,6 +229,9 @@
} else if Debug['m'] != 0 {
fmt.Printf("%v: can inline %v\n", fn.Line(), n)
}
+ if logopt.Enabled() {
+ logopt.LogOpt(fn.Pos, "canInlineFunction", "inline", fn.funcname(), fmt.Sprintf("cost: %d", inlineMaxBudget-visitor.budget))
+ }
}
// inlFlood marks n's inline body for export and recursively ensures
@@ -412,7 +421,7 @@
v.budget--
// When debugging, don't stop early, to get full cost of inlining this function
- if v.budget < 0 && Debug['m'] < 2 {
+ if v.budget < 0 && Debug['m'] < 2 && !logopt.Enabled() {
return true
}
@@ -826,11 +835,18 @@
if fn.Func.Inl.Cost > maxCost {
// The inlined function body is too big. Typically we use this check to restrict
// inlining into very big functions. See issue 26546 and 17566.
+ if logopt.Enabled() {
+ logopt.LogOpt(n.Pos, "cannotInlineCall", "inline", Curfn.funcname(),
+ fmt.Sprintf("cost %d of %s exceeds max large caller cost %d", fn.Func.Inl.Cost, fn.pkgFuncName(), maxCost))
+ }
return n
}
if fn == Curfn || fn.Name.Defn == Curfn {
// Can't recursively inline a function into itself.
+ if logopt.Enabled() {
+ logopt.LogOpt(n.Pos, "cannotInlineCall", "inline", fmt.Sprintf("recursive call to %s", Curfn.funcname()))
+ }
return n
}
@@ -857,6 +873,9 @@
if Debug['m'] > 2 {
fmt.Printf("%v: Before inlining: %+v\n", n.Line(), n)
}
+ if logopt.Enabled() {
+ logopt.LogOpt(n.Pos, "inlineCall", "inline", Curfn.funcname(), fn.pkgFuncName())
+ }
if ssaDump != "" && ssaDump == Curfn.funcname() {
ssaDumpInlined = append(ssaDumpInlined, fn)
diff --git a/src/cmd/compile/internal/gc/plive.go b/src/cmd/compile/internal/gc/plive.go
index c205a09..5b9f314 100644
--- a/src/cmd/compile/internal/gc/plive.go
+++ b/src/cmd/compile/internal/gc/plive.go
@@ -652,7 +652,7 @@
lv.unsafePoints = bvalloc(int32(lv.f.NumValues()))
- // Mark architecture-specific unsafe pointes.
+ // Mark architecture-specific unsafe points.
for _, b := range lv.f.Blocks {
for _, v := range b.Values {
if v.Op.UnsafePoint() {
diff --git a/src/cmd/compile/internal/gc/range.go b/src/cmd/compile/internal/gc/range.go
index 4744324..1cf0a08 100644
--- a/src/cmd/compile/internal/gc/range.go
+++ b/src/cmd/compile/internal/gc/range.go
@@ -101,7 +101,7 @@
v2 = n.List.Second()
}
- // this is not only a optimization but also a requirement in the spec.
+ // this is not only an optimization but also a requirement in the spec.
// "if the second iteration variable is the blank identifier, the range
// clause is equivalent to the same clause with only the first variable
// present."
@@ -216,7 +216,7 @@
return n
}
- // orderstmt arranged for a copy of the array/slice variable if needed.
+ // order.stmt arranged for a copy of the array/slice variable if needed.
ha := a
hv1 := temp(types.Types[TINT])
@@ -291,7 +291,7 @@
n.List.Set1(a)
case TMAP:
- // orderstmt allocated the iterator for us.
+ // order.stmt allocated the iterator for us.
// we only use a once, so no copy needed.
ha := a
@@ -327,7 +327,7 @@
}
case TCHAN:
- // orderstmt arranged for a copy of the channel variable.
+ // order.stmt arranged for a copy of the channel variable.
ha := a
n.Left = nil
@@ -371,7 +371,7 @@
// // original body
// }
- // orderstmt arranged for a copy of the string variable.
+ // order.stmt arranged for a copy of the string variable.
ha := a
hv1 := temp(types.Types[TINT])
diff --git a/src/cmd/compile/internal/gc/syntax.go b/src/cmd/compile/internal/gc/syntax.go
index 57820f3..de18795 100644
--- a/src/cmd/compile/internal/gc/syntax.go
+++ b/src/cmd/compile/internal/gc/syntax.go
@@ -269,6 +269,35 @@
return n.Func.Nname.Sym.Name
}
+// pkgFuncName returns the name of the function referenced by n, with package prepended.
+// This differs from the compiler's internal convention where local functions lack a package
+// because the ultimate consumer of this is a human looking at an IDE; package is only empty
+// if the compilation package is actually the empty string.
+func (n *Node) pkgFuncName() string {
+ var s *types.Sym
+ if n == nil {
+ return "<nil>"
+ }
+ if n.Op == ONAME {
+ s = n.Sym
+ } else {
+ if n.Func == nil || n.Func.Nname == nil {
+ return "<nil>"
+ }
+ s = n.Func.Nname.Sym
+ }
+ pkg := s.Pkg
+
+ p := myimportpath
+ if pkg != nil && pkg.Path != "" {
+ p = pkg.Path
+ }
+ if p == "" {
+ return s.Name
+ }
+ return p + "." + s.Name
+}
+
// Name holds Node fields used only by named nodes (ONAME, OTYPE, OPACK, OLABEL, some OLITERAL).
type Name struct {
Pack *Node // real package for import . names
diff --git a/src/cmd/compile/internal/gc/walk.go b/src/cmd/compile/internal/gc/walk.go
index 82ec6f9..ef88db4 100644
--- a/src/cmd/compile/internal/gc/walk.go
+++ b/src/cmd/compile/internal/gc/walk.go
@@ -651,7 +651,7 @@
case ORECV:
// x = <-c; n.Left is x, n.Right.Left is c.
- // orderstmt made sure x is addressable.
+ // order.stmt made sure x is addressable.
n.Right.Left = walkexpr(n.Right.Left, init)
n1 := nod(OADDR, n.Left, nil)
@@ -753,7 +753,7 @@
key = r.Right
} else {
// standard version takes key by reference
- // orderexpr made sure key is addressable.
+ // order.expr made sure key is addressable.
key = nod(OADDR, r.Right, nil)
}
@@ -806,7 +806,7 @@
t := map_.Type
fast := mapfast(t)
if fast == mapslow {
- // orderstmt made sure key is addressable.
+ // order.stmt made sure key is addressable.
key = nod(OADDR, key, nil)
}
n = mkcall1(mapfndel(mapdelete[fast], t), nil, init, typename(t), map_, key)
@@ -945,7 +945,7 @@
// Orderexpr arranged for n.Left to be a temporary for all
// the conversions it could see. Comparison of an interface
// with a non-interface, especially in a switch on interface value
- // with non-interface cases, is not visible to orderstmt, so we
+ // with non-interface cases, is not visible to order.stmt, so we
// have to fall back on allocating a temp here.
if !islvalue(v) {
v = copyexpr(v, v.Type, init)
@@ -1098,7 +1098,7 @@
fast := mapfast(t)
if fast == mapslow {
// standard version takes key by reference.
- // orderexpr made sure key is addressable.
+ // order.expr made sure key is addressable.
key = nod(OADDR, key, nil)
}
n = mkcall1(mapfn(mapassign[fast], t), nil, init, typename(t), map_, key)
@@ -1107,7 +1107,7 @@
fast := mapfast(t)
if fast == mapslow {
// standard version takes key by reference.
- // orderexpr made sure key is addressable.
+ // order.expr made sure key is addressable.
key = nod(OADDR, key, nil)
}
@@ -2526,7 +2526,7 @@
}
func addstr(n *Node, init *Nodes) *Node {
- // orderexpr rewrote OADDSTR to have a list of strings.
+ // order.expr rewrote OADDSTR to have a list of strings.
c := n.List.Len()
if c < 2 {
@@ -2559,7 +2559,7 @@
var fn string
if c <= 5 {
// small numbers of strings use direct runtime helpers.
- // note: orderexpr knows this cutoff too.
+ // note: order.expr knows this cutoff too.
fn = fmt.Sprintf("concatstring%d", c)
} else {
// large numbers of strings are passed to the runtime as a slice.
diff --git a/src/cmd/compile/internal/logopt/log_opts.go b/src/cmd/compile/internal/logopt/log_opts.go
index 2ce4d29..40640545 100644
--- a/src/cmd/compile/internal/logopt/log_opts.go
+++ b/src/cmd/compile/internal/logopt/log_opts.go
@@ -364,6 +364,15 @@
return DocumentURI(url.String())
}
+// Return filename, replacing a first occurrence of $GOROOT with the
+// actual value of the GOROOT (because LSP does not speak "$GOROOT").
+func uprootedPath(filename string) string {
+ if ! strings.HasPrefix(filename, "$GOROOT/") {
+ return filename
+ }
+ return objabi.GOROOT + filename[len("$GOROOT"):]
+}
+
// FlushLoggedOpts flushes all the accumulated optimization log entries.
func FlushLoggedOpts(ctxt *obj.Link, slashPkgPath string) {
if Format == None {
@@ -399,12 +408,12 @@
}
p0 := posTmp[0]
-
- if currentFile != p0.Filename() {
+ p0f := uprootedPath(p0.Filename())
+ if currentFile != p0f {
if w != nil {
w.Close()
}
- currentFile = p0.Filename()
+ currentFile = p0f
w = writerForLSP(subdirpath, currentFile)
encoder = json.NewEncoder(w)
encoder.Encode(VersionHeader{Version: 0, Package: slashPkgPath, Goos: objabi.GOOS, Goarch: objabi.GOARCH, GcVersion: objabi.Version, File: currentFile})
@@ -424,7 +433,7 @@
for i := 1; i < l; i++ {
p := posTmp[i]
- loc := Location{URI: uriIfy(p.Filename()),
+ loc := Location{URI: uriIfy(uprootedPath(p.Filename())),
Range: Range{Start: Position{p.Line(), p.Col()},
End: Position{p.Line(), p.Col()}}}
diagnostic.RelatedInformation = append(diagnostic.RelatedInformation, DiagnosticRelatedInformation{Location: loc, Message: "inlineLoc"})
diff --git a/src/cmd/compile/internal/logopt/logopt_test.go b/src/cmd/compile/internal/logopt/logopt_test.go
index f2270fc..98b8a71 100644
--- a/src/cmd/compile/internal/logopt/logopt_test.go
+++ b/src/cmd/compile/internal/logopt/logopt_test.go
@@ -106,6 +106,9 @@
// below shows proper inlining and nilcheck
want(t, slogged, `{"range":{"start":{"line":9,"character":13},"end":{"line":9,"character":13}},"severity":3,"code":"nilcheck","source":"go compiler","message":"","relatedInformation":[{"location":{"uri":"file://tmpdir/file.go","range":{"start":{"line":4,"character":11},"end":{"line":4,"character":11}}},"message":"inlineLoc"}]}`)
want(t, slogged, `{"range":{"start":{"line":11,"character":6},"end":{"line":11,"character":6}},"severity":3,"code":"isInBounds","source":"go compiler","message":""}`)
+ want(t, slogged, `{"range":{"start":{"line":7,"character":6},"end":{"line":7,"character":6}},"severity":3,"code":"canInlineFunction","source":"go compiler","message":"cost: 35"}`)
+ want(t, slogged, `{"range":{"start":{"line":9,"character":13},"end":{"line":9,"character":13}},"severity":3,"code":"inlineCall","source":"go compiler","message":"x.bar"}`)
+ want(t, slogged, `{"range":{"start":{"line":8,"character":9},"end":{"line":8,"character":9}},"severity":3,"code":"inlineCall","source":"go compiler","message":"x.bar"}`)
})
}
diff --git a/src/cmd/compile/internal/ssa/block.go b/src/cmd/compile/internal/ssa/block.go
index 73ab7e3..eadd570 100644
--- a/src/cmd/compile/internal/ssa/block.go
+++ b/src/cmd/compile/internal/ssa/block.go
@@ -223,7 +223,7 @@
}
// Reset sets the block to the provided kind and clears all the blocks control
-// and auxilliary values. Other properties of the block, such as its successors,
+// and auxiliary values. Other properties of the block, such as its successors,
// predecessors and values are left unmodified.
func (b *Block) Reset(kind BlockKind) {
b.Kind = kind
diff --git a/src/cmd/compile/internal/ssa/gen/ARM64.rules b/src/cmd/compile/internal/ssa/gen/ARM64.rules
index a9bf644..e1b41d5 100644
--- a/src/cmd/compile/internal/ssa/gen/ARM64.rules
+++ b/src/cmd/compile/internal/ssa/gen/ARM64.rules
@@ -359,7 +359,7 @@
(Geq32U x y) -> (GreaterEqualU (CMPW x y))
(Geq64U x y) -> (GreaterEqualU (CMP x y))
-// Optimize comparision between a floating-point value and 0.0 with "FCMP $(0.0), Fn"
+// Optimize comparison between a floating-point value and 0.0 with "FCMP $(0.0), Fn"
(FCMPS x (FMOVSconst [0])) -> (FCMPS0 x)
(FCMPS (FMOVSconst [0]) x) -> (InvertFlags (FCMPS0 x))
(FCMPD x (FMOVDconst [0])) -> (FCMPD0 x)
diff --git a/src/cmd/compile/internal/ssa/gen/generic.rules b/src/cmd/compile/internal/ssa/gen/generic.rules
index 12ca57e..87cfd3d 100644
--- a/src/cmd/compile/internal/ssa/gen/generic.rules
+++ b/src/cmd/compile/internal/ssa/gen/generic.rules
@@ -1180,7 +1180,7 @@
// Divisibility checks x%c == 0 convert to multiply and rotate.
// Note, x%c == 0 is rewritten as x == c*(x/c) during the opt pass
-// where (x/c) is peformed using multiplication with magic constants.
+// where (x/c) is performed using multiplication with magic constants.
// To rewrite x%c == 0 requires pattern matching the rewritten expression
// and checking that the division by the same constant wasn't already calculated.
// This check is made by counting uses of the magic constant multiplication.
diff --git a/src/cmd/compile/internal/ssa/nilcheck_test.go b/src/cmd/compile/internal/ssa/nilcheck_test.go
index e984069..f728e8e 100644
--- a/src/cmd/compile/internal/ssa/nilcheck_test.go
+++ b/src/cmd/compile/internal/ssa/nilcheck_test.go
@@ -294,7 +294,7 @@
}
}
-// TestNilcheckInFalseBranch tests that nil checks in the false branch of an nilcheck
+// TestNilcheckInFalseBranch tests that nil checks in the false branch of a nilcheck
// block are *not* removed.
func TestNilcheckInFalseBranch(t *testing.T) {
c := testConfig(t)
diff --git a/src/cmd/dist/buildtool.go b/src/cmd/dist/buildtool.go
index 60faeda..12baccb 100644
--- a/src/cmd/dist/buildtool.go
+++ b/src/cmd/dist/buildtool.go
@@ -81,6 +81,7 @@
"cmd/link/internal/mips",
"cmd/link/internal/mips64",
"cmd/link/internal/ppc64",
+ "cmd/link/internal/riscv64",
"cmd/link/internal/s390x",
"cmd/link/internal/sym",
"cmd/link/internal/x86",
diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
index cc54554..dc22aad 100644
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@@ -100,11 +100,11 @@
slurp, err := exec.Command("go", "env", "CGO_ENABLED").Output()
if err != nil {
- log.Fatalf("Error running go env CGO_ENABLED: %v", err)
+ fatalf("Error running go env CGO_ENABLED: %v", err)
}
t.cgoEnabled, _ = strconv.ParseBool(strings.TrimSpace(string(slurp)))
if flag.NArg() > 0 && t.runRxStr != "" {
- log.Fatalf("the -run regular expression flag is mutually exclusive with test name arguments")
+ fatalf("the -run regular expression flag is mutually exclusive with test name arguments")
}
t.runNames = flag.Args()
@@ -154,7 +154,7 @@
if s := os.Getenv("GO_TEST_TIMEOUT_SCALE"); s != "" {
t.timeoutScale, err = strconv.Atoi(s)
if err != nil {
- log.Fatalf("failed to parse $GO_TEST_TIMEOUT_SCALE = %q as integer: %v", s, err)
+ fatalf("failed to parse $GO_TEST_TIMEOUT_SCALE = %q as integer: %v", s, err)
}
}
@@ -187,13 +187,18 @@
for _, name := range t.runNames {
if !t.isRegisteredTestName(name) {
- log.Fatalf("unknown test %q", name)
+ fatalf("unknown test %q", name)
}
}
// On a few builders, make GOROOT unwritable to catch tests writing to it.
if strings.HasPrefix(os.Getenv("GO_BUILDER_NAME"), "linux-") {
- t.makeGOROOTUnwritable()
+ if os.Getuid() == 0 {
+ // Don't bother making GOROOT unwritable:
+ // we're running as root, so permissions would have no effect.
+ } else {
+ xatexit(t.makeGOROOTUnwritable())
+ }
}
for _, dt := range t.tests {
@@ -208,18 +213,19 @@
if t.keepGoing {
log.Printf("Failed: %v", err)
} else {
- log.Fatalf("Failed: %v", err)
+ fatalf("Failed: %v", err)
}
}
}
t.runPending(nil)
timelog("end", "dist test")
+
if t.failed {
fmt.Println("\nFAILED")
- os.Exit(1)
+ xexit(1)
} else if incomplete[goos+"/"+goarch] {
fmt.Println("\nFAILED (incomplete port)")
- os.Exit(1)
+ xexit(1)
} else if t.partial {
fmt.Println("\nALL TESTS PASSED (some were excluded)")
} else {
@@ -253,7 +259,7 @@
if v := os.Getenv("GO_TEST_SHORT"); v != "" {
short, err := strconv.ParseBool(v)
if err != nil {
- log.Fatalf("invalid GO_TEST_SHORT %q: %v", v, err)
+ fatalf("invalid GO_TEST_SHORT %q: %v", v, err)
}
if !short {
return "-short=false"
@@ -424,7 +430,7 @@
cmd.Stderr = new(bytes.Buffer)
all, err := cmd.Output()
if err != nil {
- log.Fatalf("Error running go list std cmd: %v:\n%s", err, cmd.Stderr)
+ fatalf("Error running go list std cmd: %v:\n%s", err, cmd.Stderr)
}
pkgs := strings.Fields(string(all))
for _, pkg := range pkgs {
@@ -536,7 +542,7 @@
err := cmd.Run()
if rerr := os.Rename(moved, goroot); rerr != nil {
- log.Fatalf("failed to restore GOROOT: %v", rerr)
+ fatalf("failed to restore GOROOT: %v", rerr)
}
return err
},
@@ -664,15 +670,13 @@
})
}
- if t.hasBash() && t.cgoEnabled && goos != "android" && goos != "darwin" {
- t.registerTest("testgodefs", "../misc/cgo/testgodefs", "./test.bash")
- }
-
// Don't run these tests with $GO_GCFLAGS because most of them
// assume that they can run "go install" with no -gcflags and not
// recompile the entire standard library. If make.bash ran with
// special -gcflags, that's not true.
if t.cgoEnabled && gogcflags == "" {
+ t.registerHostTest("testgodefs", "../misc/cgo/testgodefs", "misc/cgo/testgodefs", ".")
+
t.registerTest("testso", "../misc/cgo/testso", t.goTest(), t.timeout(600), ".")
t.registerTest("testsovar", "../misc/cgo/testsovar", t.goTest(), t.timeout(600), ".")
if t.supportedBuildmode("c-archive") {
@@ -703,10 +707,10 @@
// Doc tests only run on builders.
// They find problems approximately never.
- if t.hasBash() && goos != "js" && goos != "android" && !t.iOS() && os.Getenv("GO_BUILDER_NAME") != "" {
- t.registerTest("doc_progs", "../doc/progs", "time", "go", "run", "run.go")
- t.registerTest("wiki", "../doc/articles/wiki", "./test.bash")
- t.registerTest("codewalk", "../doc/codewalk", "time", "./run")
+ if goos != "js" && goos != "android" && !t.iOS() && os.Getenv("GO_BUILDER_NAME") != "" {
+ t.registerTest("doc_progs", "../doc/progs", "go", "run", "run.go")
+ t.registerTest("wiki", "../doc/articles/wiki", t.goTest(), ".")
+ t.registerTest("codewalk", "../doc/codewalk", t.goTest(), "codewalk_test.go")
}
if goos != "android" && !t.iOS() {
@@ -741,7 +745,7 @@
heading: "API check",
fn: func(dt *distTest) error {
if t.compileOnly {
- t.addCmd(dt, "src", "go", "build", filepath.Join(goroot, "src/cmd/api/run.go"))
+ t.addCmd(dt, "src", "go", "build", "-o", os.DevNull, filepath.Join(goroot, "src/cmd/api/run.go"))
return nil
}
t.addCmd(dt, "src", "go", "run", filepath.Join(goroot, "src/cmd/api/run.go"))
@@ -988,7 +992,7 @@
return false
default:
- log.Fatalf("internal error: unknown buildmode %s", mode)
+ fatalf("internal error: unknown buildmode %s", mode)
return false
}
}
@@ -1007,13 +1011,31 @@
}
func (t *tester) runHostTest(dir, pkg string) error {
- defer os.Remove(filepath.Join(goroot, dir, "test.test"))
- cmd := t.dirCmd(dir, t.goTest(), "-c", "-o", "test.test", pkg)
+ out, err := exec.Command("go", "env", "GOEXE", "GOTMPDIR").Output()
+ if err != nil {
+ return err
+ }
+
+ parts := strings.Split(string(out), "\n")
+ if len(parts) < 2 {
+ return fmt.Errorf("'go env GOEXE GOTMPDIR' output contains <2 lines")
+ }
+ GOEXE := strings.TrimSpace(parts[0])
+ GOTMPDIR := strings.TrimSpace(parts[1])
+
+ f, err := ioutil.TempFile(GOTMPDIR, "test.test-*"+GOEXE)
+ if err != nil {
+ return err
+ }
+ f.Close()
+ defer os.Remove(f.Name())
+
+ cmd := t.dirCmd(dir, t.goTest(), "-c", "-o", f.Name(), pkg)
cmd.Env = append(os.Environ(), "GOARCH="+gohostarch, "GOOS="+gohostos)
if err := cmd.Run(); err != nil {
return err
}
- return t.dirCmd(dir, "./test.test", "-test.short").Run()
+ return t.dirCmd(dir, f.Name(), "-test.short").Run()
}
func (t *tester) cgoTest(dt *distTest) error {
@@ -1165,7 +1187,7 @@
checkNotStale("go", "std")
}
if t.failed && !t.keepGoing {
- log.Fatal("FAILED")
+ fatalf("FAILED")
}
if dt := nextTest; dt != nil {
@@ -1336,17 +1358,21 @@
func (t *tester) testDirTest(dt *distTest, shard, shards int) error {
runtest.Do(func() {
- const exe = "runtest.exe" // named exe for Windows, but harmless elsewhere
- cmd := t.dirCmd("test", "go", "build", "-o", exe, "run.go")
- cmd.Env = append(os.Environ(), "GOOS="+gohostos, "GOARCH="+gohostarch)
- runtest.exe = filepath.Join(cmd.Dir, exe)
- if err := cmd.Run(); err != nil {
+ f, err := ioutil.TempFile("", "runtest-*.exe") // named exe for Windows, but harmless elsewhere
+ if err != nil {
runtest.err = err
return
}
+ f.Close()
+
+ runtest.exe = f.Name()
xatexit(func() {
os.Remove(runtest.exe)
})
+
+ cmd := t.dirCmd("test", "go", "build", "-o", runtest.exe, "run.go")
+ cmd.Env = append(os.Environ(), "GOOS="+gohostos, "GOARCH="+gohostarch)
+ runtest.err = cmd.Run()
})
if runtest.err != nil {
return runtest.err
@@ -1405,32 +1431,45 @@
// makeGOROOTUnwritable makes all $GOROOT files & directories non-writable to
// check that no tests accidentally write to $GOROOT.
-func (t *tester) makeGOROOTUnwritable() {
- if os.Getenv("GO_BUILDER_NAME") == "" {
- panic("not a builder")
- }
- if os.Getenv("GOROOT") == "" {
+func (t *tester) makeGOROOTUnwritable() (undo func()) {
+ dir := os.Getenv("GOROOT")
+ if dir == "" {
panic("GOROOT not set")
}
- err := filepath.Walk(os.Getenv("GOROOT"), func(name string, fi os.FileInfo, err error) error {
- if err != nil {
- return err
+
+ type pathMode struct {
+ path string
+ mode os.FileMode
+ }
+ var dirs []pathMode // in lexical order
+
+ undo = func() {
+ for i := range dirs {
+ os.Chmod(dirs[i].path, dirs[i].mode) // best effort
}
- if !fi.Mode().IsRegular() && !fi.IsDir() {
- return nil
- }
- mode := fi.Mode()
- newMode := mode & ^os.FileMode(0222)
- if newMode != mode {
- if err := os.Chmod(name, newMode); err != nil {
- return err
+ }
+
+ filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
+ if err == nil {
+ mode := info.Mode()
+ if mode&0222 != 0 && (mode.IsDir() || mode.IsRegular()) {
+ dirs = append(dirs, pathMode{path, mode})
}
}
return nil
})
- if err != nil {
- log.Fatalf("making builder's files read-only: %v", err)
+
+ // Run over list backward to chmod children before parents.
+ for i := len(dirs) - 1; i >= 0; i-- {
+ err := os.Chmod(dirs[i].path, dirs[i].mode&^0222)
+ if err != nil {
+ dirs = dirs[i:] // Only undo what we did so far.
+ undo()
+ fatalf("failed to make GOROOT read-only: %v", err)
+ }
}
+
+ return undo
}
// shouldUsePrecompiledStdTest reports whether "dist test" should use
diff --git a/src/cmd/doc/doc_test.go b/src/cmd/doc/doc_test.go
index 5c6ec85..c0959ac 100644
--- a/src/cmd/doc/doc_test.go
+++ b/src/cmd/doc/doc_test.go
@@ -176,6 +176,7 @@
`Comment about block of variables`,
`VarFive = 5`,
`var ExportedVariable = 1`,
+ `var ExportedVarOfUnExported unexportedType`,
`var LongLine = newLongLine\(`,
`var MultiLineVar = map\[struct {`,
`FUNCTIONS`,
@@ -210,6 +211,13 @@
`func \(unexportedType\)`,
},
},
+ // Package with just the package declaration. Issue 31457.
+ {
+ "only package declaration",
+ []string{"-all", p + "/nested/empty"},
+ []string{`package empty .*import`},
+ nil,
+ },
// Package dump -short
{
"full package with -short",
diff --git a/src/cmd/doc/pkg.go b/src/cmd/doc/pkg.go
index fa31eba..7b8bd1a 100644
--- a/src/cmd/doc/pkg.go
+++ b/src/cmd/doc/pkg.go
@@ -53,14 +53,18 @@
}
func (pb *pkgBuffer) Write(p []byte) (int, error) {
- if !pb.printed && len(p) > 0 {
+ pb.packageClause()
+ return pb.Buffer.Write(p)
+}
+
+func (pb *pkgBuffer) packageClause() {
+ if !pb.printed {
pb.printed = true
// Only show package clause for commands if requested explicitly.
if pb.pkg.pkg.Name != "main" || showCmd {
pb.pkg.packageClause()
}
}
- return pb.Buffer.Write(p)
}
type PackageError string // type returned by pkg.Fatalf.
@@ -172,18 +176,18 @@
constructor := make(map[*doc.Func]bool)
for _, typ := range docPkg.Types {
docPkg.Consts = append(docPkg.Consts, typ.Consts...)
- for _, value := range typ.Consts {
- typedValue[value] = true
- }
docPkg.Vars = append(docPkg.Vars, typ.Vars...)
- for _, value := range typ.Vars {
- typedValue[value] = true
- }
docPkg.Funcs = append(docPkg.Funcs, typ.Funcs...)
- for _, fun := range typ.Funcs {
- // We don't count it as a constructor bound to the type
- // if the type itself is not exported.
- if isExported(typ.Name) {
+ if isExported(typ.Name) {
+ for _, value := range typ.Consts {
+ typedValue[value] = true
+ }
+ for _, value := range typ.Vars {
+ typedValue[value] = true
+ }
+ for _, fun := range typ.Funcs {
+ // We don't count it as a constructor bound to the type
+ // if the type itself is not exported.
constructor[fun] = true
}
}
@@ -210,6 +214,8 @@
}
func (pkg *Package) flush() {
+ // Print the package clause in case it wasn't written already.
+ pkg.buf.packageClause()
_, err := pkg.writer.Write(pkg.buf.Bytes())
if err != nil {
log.Fatal(err)
diff --git a/src/cmd/doc/testdata/nested/empty/empty.go b/src/cmd/doc/testdata/nested/empty/empty.go
new file mode 100644
index 0000000..609cf0e
--- /dev/null
+++ b/src/cmd/doc/testdata/nested/empty/empty.go
@@ -0,0 +1 @@
+package empty
diff --git a/src/cmd/doc/testdata/pkg.go b/src/cmd/doc/testdata/pkg.go
index 759b772..d695bdf 100644
--- a/src/cmd/doc/testdata/pkg.go
+++ b/src/cmd/doc/testdata/pkg.go
@@ -35,6 +35,8 @@
// Comment about exported variable.
var ExportedVariable = 1
+var ExportedVarOfUnExported unexportedType
+
// Comment about internal variable.
var internalVariable = 2
diff --git a/src/cmd/go.mod b/src/cmd/go.mod
index 896b863..ab756c8 100644
--- a/src/cmd/go.mod
+++ b/src/cmd/go.mod
@@ -3,7 +3,7 @@
go 1.14
require (
- github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
+ github.com/google/pprof v0.0.0-20191105193234-27840fff0d09
github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 // indirect
golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550
diff --git a/src/cmd/go.sum b/src/cmd/go.sum
index fa14805..09bfada 100644
--- a/src/cmd/go.sum
+++ b/src/cmd/go.sum
@@ -1,5 +1,5 @@
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f h1:Jnx61latede7zDD3DiiP4gmNz33uK0U5HDUaF0a/HVQ=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191105193234-27840fff0d09 h1:k2LrtvxLSqJVi/o6O71W+AdZgHzU/mNX7kOXzWUORn0=
+github.com/google/pprof v0.0.0-20191105193234-27840fff0d09/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44 h1:pKqc8lAAA6rcwpvsephnRuZp4VHbfszZRClvqAE6Sq8=
github.com/ianlancetaylor/demangle v0.0.0-20180524225900-fc6590592b44/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
golang.org/x/arch v0.0.0-20190815191158-8a70ba74b3a1 h1:A71BZbKSu+DtCNry/x5JKn20C+64DirDHmePEA8k0FY=
diff --git a/src/cmd/go/alldocs.go b/src/cmd/go/alldocs.go
index 0be368d..add11a4 100644
--- a/src/cmd/go/alldocs.go
+++ b/src/cmd/go/alldocs.go
@@ -148,7 +148,7 @@
// build code that will be linked against shared libraries previously
// created with -buildmode=shared.
// -mod mode
-// module download mode to use: readonly or vendor.
+// module download mode to use: readonly, vendor, or mod.
// See 'go help modules' for more.
// -modcacherw
// leave newly-created directories in the module cache read-write
@@ -2495,6 +2495,9 @@
// directory holds the correct copies of dependencies and ignores
// the dependency descriptions in go.mod.
//
+// If invoked with -mod=mod, the go command loads modules from the module cache
+// even if there is a vendor directory present.
+//
// Pseudo-versions
//
// The go.mod file and the go command more generally use semantic versions as
diff --git a/src/cmd/go/go_test.go b/src/cmd/go/go_test.go
index 1016a73..6056d9b 100644
--- a/src/cmd/go/go_test.go
+++ b/src/cmd/go/go_test.go
@@ -1436,17 +1436,6 @@
tg.run(append([]string{"test"}, files...)...)
}
-func TestNonCanonicalImportPaths(t *testing.T) {
- tg := testgo(t)
- defer tg.cleanup()
- tg.parallel()
- tg.setenv("GOPATH", filepath.Join(tg.pwd(), "testdata"))
- tg.runFail("build", "canonical/d")
- tg.grepStderr("package canonical/d", "did not report canonical/d")
- tg.grepStderr("imports canonical/b", "did not report canonical/b")
- tg.grepStderr("imports canonical/a/: non-canonical", "did not report canonical/a/")
-}
-
func TestVersionControlErrorMessageIncludesCorrectDirectory(t *testing.T) {
tg := testgo(t)
defer tg.cleanup()
@@ -5225,38 +5214,6 @@
tg.run("test", "-cover", "-short", "math", "strings")
}
-func TestCacheVet(t *testing.T) {
- skipIfGccgo(t, "gccgo has no standard packages")
- tg := testgo(t)
- defer tg.cleanup()
- tg.parallel()
-
- if strings.Contains(os.Getenv("GODEBUG"), "gocacheverify") {
- t.Skip("GODEBUG gocacheverify")
- }
- if testing.Short() {
- // In short mode, reuse cache.
- // Test failures may be masked if the cache has just the right entries already
- // (not a concern during all.bash, which runs in a clean cache).
- if cfg.Getenv("GOCACHE") == "off" {
- tooSlow(t)
- }
- } else {
- tg.makeTempdir()
- tg.setenv("GOCACHE", tg.path("cache"))
- }
-
- // Check that second vet reuses cgo-derived inputs.
- // The first command could be build instead of vet,
- // except that if the cache is empty and there's a net.a
- // in GOROOT/pkg, the build will not bother to regenerate
- // and cache the cgo outputs, whereas vet always will.
- tg.run("vet", "os/user")
- tg.run("vet", "-x", "os/user")
- tg.grepStderrNot(`^(clang|gcc)`, "should not have run compiler")
- tg.grepStderrNot(`[\\/]cgo `, "should not have run cgo")
-}
-
func TestIssue22588(t *testing.T) {
// Don't get confused by stderr coming from tools.
tg := testgo(t)
@@ -5704,14 +5661,6 @@
tg.mustExist(p1)
}
-func TestFmtLoadErrors(t *testing.T) {
- tg := testgo(t)
- defer tg.cleanup()
- tg.setenv("GOPATH", filepath.Join(tg.pwd(), "testdata"))
- tg.runFail("fmt", "does-not-exist")
- tg.run("fmt", "-n", "exclude")
-}
-
func TestGoTestMinusN(t *testing.T) {
// Intent here is to verify that 'go test -n' works without crashing.
// This reuses flag_test.go, but really any test would do.
diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go
index 6a6f77e..8fc33e3 100644
--- a/src/cmd/go/internal/load/pkg.go
+++ b/src/cmd/go/internal/load/pkg.go
@@ -670,6 +670,11 @@
// we create from the full directory to the package.
// Otherwise it is the usual import path.
// For vendored imports, it is the expanded form.
+ //
+ // Note that when modules are enabled, local import paths are normally
+ // canonicalized by modload.ImportPaths before now. However, if there's an
+ // error resolving a local path, it will be returned untransformed
+ // so that 'go list -e' reports something useful.
importKey := importSpec{
path: path,
parentPath: parentPath,
diff --git a/src/cmd/go/internal/modcmd/download.go b/src/cmd/go/internal/modcmd/download.go
index 6ea18ea..768ce94 100644
--- a/src/cmd/go/internal/modcmd/download.go
+++ b/src/cmd/go/internal/modcmd/download.go
@@ -89,7 +89,7 @@
for _, arg := range args {
switch arg {
case modload.Target.Path, targetAtLatest, targetAtUpgrade, targetAtPatch:
- os.Stderr.WriteString("go mod download: skipping argument "+ arg + " that resolves to the main module\n")
+ os.Stderr.WriteString("go mod download: skipping argument " + arg + " that resolves to the main module\n")
}
}
}
@@ -102,9 +102,9 @@
if info.Replace != nil {
info = info.Replace
}
- if (module.Version{Path: info.Path, Version: info.Version} == modload.Target) {
- // skipping main module.
- // go mod download without dependencies is silent.
+ if info.Version == "" && info.Error == nil {
+ // main module or module replaced with file path.
+ // Nothing to download.
continue
}
m := &moduleJSON{
diff --git a/src/cmd/go/internal/modfetch/codehost/git_test.go b/src/cmd/go/internal/modfetch/codehost/git_test.go
index 39c904f..cc32a1e 100644
--- a/src/cmd/go/internal/modfetch/codehost/git_test.go
+++ b/src/cmd/go/internal/modfetch/codehost/git_test.go
@@ -78,7 +78,16 @@
func testRepo(remote string) (Repo, error) {
if remote == "localGitRepo" {
- return LocalGitRepo(filepath.ToSlash(localGitRepo))
+ // Convert absolute path to file URL. LocalGitRepo will not accept
+ // Windows absolute paths because they look like a host:path remote.
+ // TODO(golang.org/issue/32456): use url.FromFilePath when implemented.
+ var url string
+ if strings.HasPrefix(localGitRepo, "/") {
+ url = "file://" + localGitRepo
+ } else {
+ url = "file:///" + filepath.ToSlash(localGitRepo)
+ }
+ return LocalGitRepo(url)
}
kind := "git"
for _, k := range []string{"hg"} {
diff --git a/src/cmd/go/internal/modfetch/coderepo.go b/src/cmd/go/internal/modfetch/coderepo.go
index 03dd4b0..849e8c7 100644
--- a/src/cmd/go/internal/modfetch/coderepo.go
+++ b/src/cmd/go/internal/modfetch/coderepo.go
@@ -719,9 +719,6 @@
// because of replacement modules. This might be a fork of
// the real module, found at a different path, usable only in
// a replace directive.
- //
- // TODO(bcmills): This doesn't seem right. Investigate further.
- // (Notably: why can't we replace foo/v2 with fork-of-foo/v3?)
dir2 := path.Join(r.codeDir, r.pathMajor[1:])
file2 = path.Join(dir2, "go.mod")
gomod2, err2 := r.code.ReadFile(rev, file2, codehost.MaxGoMod)
@@ -747,11 +744,11 @@
// Not v2/go.mod, so it's either go.mod or nothing. Which is it?
if found1 {
- // Explicit go.mod with matching module path OK.
+ // Explicit go.mod with matching major version ok.
return rev, r.codeDir, gomod1, nil
}
if err1 == nil {
- // Explicit go.mod with non-matching module path disallowed.
+ // Explicit go.mod with non-matching major version disallowed.
suffix := ""
if file2 != "" {
suffix = fmt.Sprintf(" (and ...%s/go.mod does not exist)", r.pathMajor)
@@ -762,6 +759,9 @@
if r.pathMajor != "" { // ".v1", ".v2" for gopkg.in
return "", "", nil, fmt.Errorf("%s has non-...%s module path %q%s at revision %s", file1, r.pathMajor, mpath1, suffix, rev)
}
+ if _, _, ok := module.SplitPathVersion(mpath1); !ok {
+ return "", "", nil, fmt.Errorf("%s has malformed module path %q%s at revision %s", file1, mpath1, suffix, rev)
+ }
return "", "", nil, fmt.Errorf("%s has post-%s module path %q%s at revision %s", file1, semver.Major(version), mpath1, suffix, rev)
}
@@ -778,24 +778,43 @@
return "", "", nil, fmt.Errorf("missing %s/go.mod at revision %s", r.pathPrefix, rev)
}
+// isMajor reports whether the versions allowed for mpath are compatible with
+// the major version(s) implied by pathMajor, or false if mpath has an invalid
+// version suffix.
func isMajor(mpath, pathMajor string) bool {
if mpath == "" {
+ // If we don't have a path, we don't know what version(s) it is compatible with.
+ return false
+ }
+ _, mpathMajor, ok := module.SplitPathVersion(mpath)
+ if !ok {
+ // An invalid module path is not compatible with any version.
return false
}
if pathMajor == "" {
- // mpath must NOT have version suffix.
- i := len(mpath)
- for i > 0 && '0' <= mpath[i-1] && mpath[i-1] <= '9' {
- i--
- }
- if i < len(mpath) && i >= 2 && mpath[i-1] == 'v' && mpath[i-2] == '/' {
- // Found valid suffix.
+ // All of the valid versions for a gopkg.in module that requires major
+ // version v0 or v1 are compatible with the "v0 or v1" implied by an empty
+ // pathMajor.
+ switch module.PathMajorPrefix(mpathMajor) {
+ case "", "v0", "v1":
+ return true
+ default:
return false
}
- return true
}
- // Otherwise pathMajor is ".v1", ".v2" (gopkg.in), or "/v2", "/v3" etc.
- return strings.HasSuffix(mpath, pathMajor)
+ if mpathMajor == "" {
+ // Even if pathMajor is ".v0" or ".v1", we can't be sure that a module
+ // without a suffix is tagged appropriately. Besides, we don't expect clones
+ // of non-gopkg.in modules to have gopkg.in paths, so a non-empty,
+ // non-gopkg.in mpath is probably the wrong module for any such pathMajor
+ // anyway.
+ return false
+ }
+ // If both pathMajor and mpathMajor are non-empty, then we only care that they
+ // have the same major-version validation rules. A clone fetched via a /v2
+ // path might replace a module with path gopkg.in/foo.v2-unstable, and that's
+ // ok.
+ return pathMajor[1:] == mpathMajor[1:]
}
func (r *codeRepo) GoMod(version string) (data []byte, err error) {
diff --git a/src/cmd/go/internal/modload/build.go b/src/cmd/go/internal/modload/build.go
index 352ec73..5a281a9 100644
--- a/src/cmd/go/internal/modload/build.go
+++ b/src/cmd/go/internal/modload/build.go
@@ -45,11 +45,19 @@
return ""
}
+// PackageModuleInfo returns information about the module that provides
+// a given package. If modules are not enabled or if the package is in the
+// standard library or if the package was not successfully loaded with
+// ImportPaths or a similar loading function, nil is returned.
func PackageModuleInfo(pkgpath string) *modinfo.ModulePublic {
if isStandardImportPath(pkgpath) || !Enabled() {
return nil
}
- return moduleInfo(findModule(pkgpath, pkgpath), true)
+ m, ok := findModule(pkgpath)
+ if !ok {
+ return nil
+ }
+ return moduleInfo(m, true)
}
func ModuleInfo(path string) *modinfo.ModulePublic {
@@ -199,12 +207,11 @@
if isStandardImportPath(path) || !Enabled() {
return ""
}
-
- target := findModule(path, path)
+ target := mustFindModule(path, path)
mdeps := make(map[module.Version]bool)
for _, dep := range deps {
if !isStandardImportPath(dep) {
- mdeps[findModule(path, dep)] = true
+ mdeps[mustFindModule(path, dep)] = true
}
}
var mods []module.Version
@@ -239,9 +246,12 @@
return buf.String()
}
-// findModule returns the module containing the package at path,
-// needed to build the package at target.
-func findModule(target, path string) module.Version {
+// mustFindModule is like findModule, but it calls base.Fatalf if the
+// module can't be found.
+//
+// TODO(jayconrod): remove this. Callers should use findModule and return
+// errors instead of relying on base.Fatalf.
+func mustFindModule(target, path string) module.Version {
pkg, ok := loaded.pkgCache.Get(path).(*loadPkg)
if ok {
if pkg.err != nil {
@@ -261,6 +271,20 @@
panic("unreachable")
}
+// findModule searches for the module that contains the package at path.
+// If the package was loaded with ImportPaths or one of the other loading
+// functions, its containing module and true are returned. Otherwise,
+// module.Version{} and false are returend.
+func findModule(path string) (module.Version, bool) {
+ if pkg, ok := loaded.pkgCache.Get(path).(*loadPkg); ok {
+ return pkg.mod, pkg.mod != module.Version{}
+ }
+ if path == "command-line-arguments" {
+ return Target, true
+ }
+ return module.Version{}, false
+}
+
func ModInfoProg(info string, isgccgo bool) []byte {
// Inject a variable with the debug information as runtime.modinfo,
// but compile it in package main so that it is specific to the binary.
diff --git a/src/cmd/go/internal/modload/help.go b/src/cmd/go/internal/modload/help.go
index 1927c1c..b47f3de 100644
--- a/src/cmd/go/internal/modload/help.go
+++ b/src/cmd/go/internal/modload/help.go
@@ -179,6 +179,9 @@
directory holds the correct copies of dependencies and ignores
the dependency descriptions in go.mod.
+If invoked with -mod=mod, the go command loads modules from the module cache
+even if there is a vendor directory present.
+
Pseudo-versions
The go.mod file and the go command more generally use semantic versions as
diff --git a/src/cmd/go/internal/modload/load.go b/src/cmd/go/internal/modload/load.go
index ca6c260..2df7bd0 100644
--- a/src/cmd/go/internal/modload/load.go
+++ b/src/cmd/go/internal/modload/load.go
@@ -94,11 +94,11 @@
pkgs := m.Pkgs
m.Pkgs = m.Pkgs[:0]
for _, pkg := range pkgs {
- dir := pkg
- if !filepath.IsAbs(dir) {
+ var dir string
+ if !filepath.IsAbs(pkg) {
dir = filepath.Join(base.Cwd, pkg)
} else {
- dir = filepath.Clean(dir)
+ dir = filepath.Clean(pkg)
}
// golang.org/issue/32917: We should resolve a relative path to a
diff --git a/src/cmd/go/internal/search/search.go b/src/cmd/go/internal/search/search.go
index ef3835b..ad33e60 100644
--- a/src/cmd/go/internal/search/search.go
+++ b/src/cmd/go/internal/search/search.go
@@ -125,32 +125,43 @@
modRoot = dir
}
-// MatchPackagesInFS is like allPackages but is passed a pattern
-// beginning ./ or ../, meaning it should scan the tree rooted
-// at the given directory. There are ... in the pattern too.
-// (See go help packages for pattern syntax.)
+// MatchPackagesInFS is like MatchPackages but is passed a pattern that
+// begins with an absolute path or "./" or "../". On Windows, the pattern may
+// use slash or backslash separators or a mix of both.
+//
+// MatchPackagesInFS scans the tree rooted at the directory that contains the
+// first "..." wildcard and returns a match with packages that
func MatchPackagesInFS(pattern string) *Match {
m := &Match{
Pattern: pattern,
Literal: false,
}
+ // Clean the path and create a matching predicate.
+ // filepath.Clean removes "./" prefixes (and ".\" on Windows). We need to
+ // preserve these, since they are meaningful in MatchPattern and in
+ // returned import paths.
+ cleanPattern := filepath.Clean(pattern)
+ isLocal := strings.HasPrefix(pattern, "./") || (os.PathSeparator == '\\' && strings.HasPrefix(pattern, `.\`))
+ prefix := ""
+ if cleanPattern != "." && isLocal {
+ prefix = "./"
+ cleanPattern = "." + string(os.PathSeparator) + cleanPattern
+ }
+ slashPattern := filepath.ToSlash(cleanPattern)
+ match := MatchPattern(slashPattern)
+
// Find directory to begin the scan.
// Could be smarter but this one optimization
// is enough for now, since ... is usually at the
// end of a path.
- i := strings.Index(pattern, "...")
- dir, _ := path.Split(pattern[:i])
+ i := strings.Index(cleanPattern, "...")
+ dir, _ := filepath.Split(cleanPattern[:i])
// pattern begins with ./ or ../.
// path.Clean will discard the ./ but not the ../.
// We need to preserve the ./ for pattern matching
// and in the returned import paths.
- prefix := ""
- if strings.HasPrefix(pattern, "./") {
- prefix = "./"
- }
- match := MatchPattern(pattern)
if modRoot != "" {
abs, err := filepath.Abs(dir)
@@ -381,21 +392,26 @@
v = a[i:]
}
- // Arguments are supposed to be import paths, but
- // as a courtesy to Windows developers, rewrite \ to /
- // in command-line arguments. Handles .\... and so on.
- if filepath.Separator == '\\' {
- p = strings.ReplaceAll(p, `\`, `/`)
- }
-
- // Put argument in canonical form, but preserve leading ./.
- if strings.HasPrefix(p, "./") {
- p = "./" + path.Clean(p)
- if p == "./." {
- p = "."
- }
+ // Arguments may be either file paths or import paths.
+ // As a courtesy to Windows developers, rewrite \ to /
+ // in arguments that look like import paths.
+ // Don't replace slashes in absolute paths.
+ if filepath.IsAbs(p) {
+ p = filepath.Clean(p)
} else {
- p = path.Clean(p)
+ if filepath.Separator == '\\' {
+ p = strings.ReplaceAll(p, `\`, `/`)
+ }
+
+ // Put argument in canonical form, but preserve leading ./.
+ if strings.HasPrefix(p, "./") {
+ p = "./" + path.Clean(p)
+ if p == "./." {
+ p = "."
+ }
+ } else {
+ p = path.Clean(p)
+ }
}
out = append(out, p+v)
diff --git a/src/cmd/go/internal/work/build.go b/src/cmd/go/internal/work/build.go
index 45dd165..e3b25c9 100644
--- a/src/cmd/go/internal/work/build.go
+++ b/src/cmd/go/internal/work/build.go
@@ -100,7 +100,7 @@
build code that will be linked against shared libraries previously
created with -buildmode=shared.
-mod mode
- module download mode to use: readonly or vendor.
+ module download mode to use: readonly, vendor, or mod.
See 'go help modules' for more.
-modcacherw
leave newly-created directories in the module cache read-write
diff --git a/src/cmd/go/internal/work/exec.go b/src/cmd/go/internal/work/exec.go
index a50de51..0287af7 100644
--- a/src/cmd/go/internal/work/exec.go
+++ b/src/cmd/go/internal/work/exec.go
@@ -206,8 +206,12 @@
// The compiler hides the exact value of $GOROOT
// when building things in GOROOT.
// Assume b.WorkDir is being trimmed properly.
+ // When -trimpath is used with a package built from the module cache,
+ // use the module path and version instead of the directory.
if !p.Goroot && !cfg.BuildTrimpath && !strings.HasPrefix(p.Dir, b.WorkDir) {
fmt.Fprintf(h, "dir %s\n", p.Dir)
+ } else if cfg.BuildTrimpath && p.Module != nil {
+ fmt.Fprintf(h, "module %s@%s\n", p.Module.Path, p.Module.Version)
}
fmt.Fprintf(h, "goos %s goarch %s\n", cfg.Goos, cfg.Goarch)
fmt.Fprintf(h, "import %q\n", p.ImportPath)
@@ -1610,12 +1614,12 @@
// Be careful about removing/overwriting dst.
// Do not remove/overwrite if dst exists and is a directory
- // or a non-object file.
+ // or a non-empty non-object file.
if fi, err := os.Stat(dst); err == nil {
if fi.IsDir() {
return fmt.Errorf("build output %q already exists and is a directory", dst)
}
- if !force && fi.Mode().IsRegular() && !isObject(dst) {
+ if !force && fi.Mode().IsRegular() && fi.Size() != 0 && !isObject(dst) {
return fmt.Errorf("build output %q already exists and is not an object file", dst)
}
}
diff --git a/src/cmd/go/internal/work/init.go b/src/cmd/go/internal/work/init.go
index ba3168a..078c248 100644
--- a/src/cmd/go/internal/work/init.go
+++ b/src/cmd/go/internal/work/init.go
@@ -200,8 +200,6 @@
case "linux/amd64", "linux/arm", "linux/arm64", "linux/386", "linux/s390x", "linux/ppc64le",
"android/amd64", "android/arm", "android/arm64", "android/386":
case "darwin/amd64":
- // Skip DWARF generation due to #21647
- forcedLdflags = append(forcedLdflags, "-w")
case "freebsd/amd64":
default:
base.Fatalf("-buildmode=plugin not supported on %s\n", platform)
diff --git a/src/cmd/go/script_test.go b/src/cmd/go/script_test.go
index 942fca8..fbe4698 100644
--- a/src/cmd/go/script_test.go
+++ b/src/cmd/go/script_test.go
@@ -292,6 +292,17 @@
}).(bool)
break
}
+ if strings.HasPrefix(cond.tag, "GODEBUG:") {
+ value := strings.TrimPrefix(cond.tag, "GODEBUG:")
+ parts := strings.Split(os.Getenv("GODEBUG"), ",")
+ for _, p := range parts {
+ if strings.TrimSpace(p) == value {
+ ok = true
+ break
+ }
+ }
+ break
+ }
if !imports.KnownArch[cond.tag] && !imports.KnownOS[cond.tag] && cond.tag != "gc" && cond.tag != "gccgo" {
ts.fatalf("unknown condition %q", cond.tag)
}
diff --git a/src/cmd/go/testdata/mod/example.com_stack_v1.0.0.txt b/src/cmd/go/testdata/mod/example.com_stack_v1.0.0.txt
new file mode 100644
index 0000000..787b7ae
--- /dev/null
+++ b/src/cmd/go/testdata/mod/example.com_stack_v1.0.0.txt
@@ -0,0 +1,18 @@
+Module with a function that prints file name for the top stack frame.
+Different versions of this module are identical, but they should return
+different file names with -trimpath.
+-- .mod --
+module example.com/stack
+
+go 1.14
+-- .info --
+{"Version":"v1.0.0"}
+-- stack.go --
+package stack
+
+import "runtime"
+
+func TopFile() string {
+ _, file, _, _ := runtime.Caller(0)
+ return file
+}
diff --git a/src/cmd/go/testdata/mod/example.com_stack_v1.0.1.txt b/src/cmd/go/testdata/mod/example.com_stack_v1.0.1.txt
new file mode 100644
index 0000000..c715dd2
--- /dev/null
+++ b/src/cmd/go/testdata/mod/example.com_stack_v1.0.1.txt
@@ -0,0 +1,18 @@
+Module with a function that prints file name for the top stack frame.
+Different versions of this module are identical, but they should return
+different file names with -trimpath.
+-- .mod --
+module example.com/stack
+
+go 1.14
+-- .info --
+{"Version":"v1.0.1"}
+-- stack.go --
+package stack
+
+import "runtime"
+
+func TopFile() string {
+ _, file, _, _ := runtime.Caller(0)
+ return file
+}
diff --git a/src/cmd/go/testdata/script/README b/src/cmd/go/testdata/script/README
index ec886b1..1fd9639 100644
--- a/src/cmd/go/testdata/script/README
+++ b/src/cmd/go/testdata/script/README
@@ -77,6 +77,7 @@
- [root] for os.Geteuid() == 0
- [symlink] for testenv.HasSymlink()
- [exec:prog] for whether prog is available for execution (found by exec.LookPath)
+ - [GODEBUG:value] for whether value is one of the comma-separated entries in the GODEBUG variable
A condition can be negated: [!short] means to run the rest of the line
when testing.Short() is false. Multiple conditions may be given for a single
diff --git a/src/cmd/go/testdata/script/build_cache_trimpath.txt b/src/cmd/go/testdata/script/build_cache_trimpath.txt
index 39367ae..9a4b9d7 100644
--- a/src/cmd/go/testdata/script/build_cache_trimpath.txt
+++ b/src/cmd/go/testdata/script/build_cache_trimpath.txt
@@ -1,3 +1,4 @@
+[short] skip
env GO111MODULE=on
# Set up fresh GOCACHE.
@@ -12,9 +13,35 @@
stderr '(compile|gccgo)( |\.exe)'
stderr 'link( |\.exe)'
+# Two distinct versions of the same module with identical content should
+# still be cached separately.
+# Verifies golang.org/issue/35412.
+go get -d example.com/stack@v1.0.0
+go run -trimpath printstack.go
+stdout '^example.com/stack@v1.0.0/stack.go$'
+go get -d example.com/stack@v1.0.1
+go run -trimpath printstack.go
+stdout '^example.com/stack@v1.0.1/stack.go$'
+
-- $WORK/hello.go --
package main
func main() { println("hello") }
+-- $WORK/printstack.go --
+// +build ignore
+
+package main
+
+import (
+ "fmt"
+
+ "example.com/stack"
+)
+
+func main() {
+ fmt.Println(stack.TopFile())
+}
-- $WORK/go.mod --
module m
+
+go 1.14
diff --git a/src/cmd/go/testdata/script/build_trimpath.txt b/src/cmd/go/testdata/script/build_trimpath.txt
index 2c39e4c..121392f 100644
--- a/src/cmd/go/testdata/script/build_trimpath.txt
+++ b/src/cmd/go/testdata/script/build_trimpath.txt
@@ -1,61 +1,93 @@
[short] skip
-
-env -r GOROOT_REGEXP=$GOROOT
-env -r WORK_REGEXP='$WORK' # don't expand $WORK; grep replaces $WORK in text before matching.
-env GOROOT GOROOT_REGEXP WORK WORK_REGEXP
+env GO111MODULE=on
# A binary built without -trimpath should contain the current workspace
# and GOROOT for debugging and stack traces.
cd a
-go build -o hello.exe hello.go
-grep -q $WORK_REGEXP hello.exe
-grep -q $GOROOT_REGEXP hello.exe
+go build -o $WORK/paths-a.exe paths.go
+exec $WORK/paths-a.exe $WORK/paths-a.exe
+stdout 'binary contains GOPATH: true'
+stdout 'binary contains GOROOT: true'
# A binary built with -trimpath should not contain the current workspace
# or GOROOT.
-go build -trimpath -o hello.exe hello.go
-! grep -q $GOROOT_REGEXP hello.exe
-! grep -q $WORK_REGEXP hello.exe
+go build -trimpath -o $WORK/paths-a.exe paths.go
+exec $WORK/paths-a.exe $WORK/paths-a.exe
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
# A binary from an external module built with -trimpath should not contain
# the current workspace or GOROOT.
cd $WORK
-env GO111MODULE=on
go get -trimpath rsc.io/fortune
-! grep -q $GOROOT_REGEXP $GOPATH/bin/fortune$GOEXE
-! grep -q $WORK_REGEXP $GOPATH/bin/fortune$GOEXE
+exec $WORK/paths-a.exe $GOPATH/bin/fortune$GOEXE
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
# Two binaries built from identical packages in different directories
# should be identical.
-cd $GOPATH/src/a
-go build -trimpath -o $WORK/a-GOPATH.exe .
-cd $WORK/_alt/src/a
-go build -trimpath -o $WORK/a-alt.exe .
-cmp -q $WORK/a-GOPATH.exe $WORK/a-alt.exe
+# TODO(golang.org/issue/35435): at the moment, they are not.
+#mkdir $GOPATH/src/b
+#cp $GOPATH/src/a/go.mod $GOPATH/src/b/go.mod
+#cp $GOPATH/src/a/paths.go $GOPATH/src/b/paths.go
+#cd $GOPATH/src/b
+#go build -trimpath -o $WORK/paths-b.exe .
+#cmp -q $WORK/paths-a.exe $WORK/paths-b.exe
[!exec:gccgo] stop
-# Binaries built using gccgo should also be identical to each other.
+# A binary built with gccgo without -trimpath should contain the current
+# GOPATH and GOROOT.
env GO111MODULE=off # The current released gccgo does not support builds in module mode.
cd $GOPATH/src/a
-go build -compiler=gccgo -trimpath -o $WORK/gccgo-GOPATH.exe .
+go build -compiler=gccgo -o $WORK/gccgo-paths-a.exe .
+exec $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-a.exe
+stdout 'binary contains GOPATH: true'
+stdout 'binary contains GOROOT: false' # gccgo doesn't load std from GOROOT.
-env old_gopath=$GOPATH
-env GOPATH=$WORK/_alt
-cd $WORK/_alt/src/a
-go build -compiler=gccgo -trimpath -o $WORK/gccgo-alt.exe .
-cd $WORK
-! grep -q $GOROOT_REGEXP gccgo-GOPATH.exe
-! grep -q $WORK_REGEXP gccgo-GOPATH.exe
-cmp -q gccgo-GOPATH.exe gccgo-alt.exe
+# A binary built with gccgo with -trimpath should not contain GOPATH or GOROOT.
+go build -compiler=gccgo -trimpath -o $WORK/gccgo-paths-b.exe .
+exec $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-b.exe
+stdout 'binary contains GOPATH: false'
+stdout 'binary contains GOROOT: false'
--- $GOPATH/src/a/hello.go --
+# Two binaries built from identical packages in different directories
+# should be identical.
+# TODO(golang.org/issue/35435): at the moment, they are not.
+#cd ../b
+#go build -compiler=gccgo -trimpath -o $WORK/gccgo-paths-b.exe .
+#cmp -q $WORK/gccgo-paths-a.exe $WORK/gccgo-paths-b.exe
+
+-- $GOPATH/src/a/paths.go --
package main
-func main() { println("hello") }
+
+import (
+ "bytes"
+ "fmt"
+ "io/ioutil"
+ "log"
+ "os"
+ "path/filepath"
+)
+
+func main() {
+ exe := os.Args[1]
+ data, err := ioutil.ReadFile(exe)
+ if err != nil {
+ log.Fatal(err)
+ }
+
+ gopath := []byte(filepath.ToSlash(os.Getenv("GOPATH")))
+ if len(gopath) == 0 {
+ log.Fatal("GOPATH not set")
+ }
+ fmt.Printf("binary contains GOPATH: %v\n", bytes.Contains(data, gopath))
+
+ goroot := []byte(filepath.ToSlash(os.Getenv("GOROOT")))
+ if len(goroot) == 0 {
+ log.Fatal("GOROOT not set")
+ }
+ fmt.Printf("binary contains GOROOT: %v\n", bytes.Contains(data, goroot))
+}
-- $GOPATH/src/a/go.mod --
module example.com/a
--- $WORK/_alt/src/a/hello.go --
-package main
-func main() { println("hello") }
--- $WORK/_alt/src/a/go.mod --
-module example.com/a
diff --git a/src/cmd/go/testdata/script/cache_vet.txt b/src/cmd/go/testdata/script/cache_vet.txt
new file mode 100644
index 0000000..d61e9bc
--- /dev/null
+++ b/src/cmd/go/testdata/script/cache_vet.txt
@@ -0,0 +1,22 @@
+env GO111MODULE=off
+
+[short] skip
+[GODEBUG:gocacheverify] skip
+[gccgo] skip # gccgo has no standard packages
+
+# Start with a clean build cache:
+# test failures may be masked if the cache has just the right entries already.
+env GOCACHE=$WORK/cache
+
+# Run 'go vet os/user' once to warm up the cache.
+go vet os/user
+
+# Check that second vet reuses cgo-derived inputs.
+# The first command could be build instead of vet,
+# except that if the cache is empty and there's a net.a
+# in GOROOT/pkg, the build will not bother to regenerate
+# and cache the cgo outputs, whereas vet always will.
+
+go vet -x os/user
+! stderr '^(clang|gcc)' # should not have run compiler
+! stderr '[\\/]cgo ' # should not have run cgo
diff --git a/src/cmd/go/testdata/script/fmt_load_errors.txt b/src/cmd/go/testdata/script/fmt_load_errors.txt
new file mode 100644
index 0000000..297ec0f
--- /dev/null
+++ b/src/cmd/go/testdata/script/fmt_load_errors.txt
@@ -0,0 +1,19 @@
+env GO111MODULE=off
+
+! go fmt does-not-exist
+
+go fmt -n exclude
+stdout 'exclude[/\\]x\.go'
+stdout 'exclude[/\\]x_linux\.go'
+
+-- exclude/empty/x.txt --
+-- exclude/ignore/_x.go --
+package x
+-- exclude/x.go --
+// +build linux,!linux
+
+package x
+-- exclude/x_linux.go --
+// +build windows
+
+package x
diff --git a/src/cmd/go/testdata/script/mod_download_replace_file.txt b/src/cmd/go/testdata/script/mod_download_replace_file.txt
new file mode 100644
index 0000000..f6ab4fe
--- /dev/null
+++ b/src/cmd/go/testdata/script/mod_download_replace_file.txt
@@ -0,0 +1,16 @@
+# This test checks that 'go mod download' produces no output for
+# the main module (when specified implicitly) and for a module replaced
+# with a file path.
+# Verifies golang.org/issue/35505.
+go mod download -json all
+cmp stdout no-output
+
+-- go.mod --
+module example.com/a
+
+require example.com/b v1.0.0
+
+replace example.com/b => ./local/b
+-- local/b/go.mod --
+module example.com/b
+-- no-output --
diff --git a/src/cmd/go/testdata/script/mod_empty_err.txt b/src/cmd/go/testdata/script/mod_empty_err.txt
new file mode 100644
index 0000000..729f848
--- /dev/null
+++ b/src/cmd/go/testdata/script/mod_empty_err.txt
@@ -0,0 +1,36 @@
+# This test checks error messages for non-existant packages in module mode.
+# Veries golang.org/issue/35414
+env GO111MODULE=on
+cd $WORK
+
+go list -e -f {{.Error}} .
+stdout 'package \.: no Go files in \$WORK'
+
+go list -e -f {{.Error}} ./empty
+stdout 'package \./empty: no Go files in \$WORK[/\\]empty'
+
+go list -e -f {{.Error}} ./exclude
+stdout 'package \./exclude: build constraints exclude all Go files in \$WORK[/\\]exclude'
+
+go list -e -f {{.Error}} ./missing
+stdout 'package \./missing: cannot find package "." in:\s*\$WORK[/\\]missing'
+
+# use 'go build -n' because 'go list' reports no error.
+! go build -n ./testonly
+stderr 'example.com/m/testonly: no non-test Go files in \$WORK[/\\]testonly'
+
+-- $WORK/go.mod --
+module example.com/m
+
+go 1.14
+
+-- $WORK/empty/empty.txt --
+-- $WORK/exclude/exclude.go --
+// +build exclude
+
+package exclude
+-- $WORK/testonly/testonly_test.go --
+package testonly_test
+-- $WORK/excluded-stdout --
+package ./excluded: cannot find package "." in:
+ $WORK/excluded
diff --git a/src/cmd/go/testdata/script/mod_getx.txt b/src/cmd/go/testdata/script/mod_getx.txt
index 36f3342..ccb8d13 100644
--- a/src/cmd/go/testdata/script/mod_getx.txt
+++ b/src/cmd/go/testdata/script/mod_getx.txt
@@ -1,5 +1,6 @@
[short] skip
[!net] skip
+[!exec:git] skip
env GO111MODULE=on
env GOPROXY=direct
diff --git a/src/cmd/go/testdata/script/mod_list_dir.txt b/src/cmd/go/testdata/script/mod_list_dir.txt
index a8023cc..f6994c1 100644
--- a/src/cmd/go/testdata/script/mod_list_dir.txt
+++ b/src/cmd/go/testdata/script/mod_list_dir.txt
@@ -12,10 +12,10 @@
go list -f '{{.ImportPath}}' .
stdout ^x$
! go list -f '{{.ImportPath}}' $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
-stderr '^can.t load package: package '$WORK'[/\\]gopath/pkg/mod/rsc.io/quote@v1.5.2: can only use path@version syntax with .go get.'
+stderr '^can.t load package: package '$WORK'[/\\]gopath[/\\]pkg[/\\]mod[/\\]rsc.io[/\\]quote@v1.5.2: can only use path@version syntax with .go get.'
go list -e -f '{{with .Error}}{{.}}{{end}}' $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
-stdout '^package '$WORK'[/\\]gopath/pkg/mod/rsc.io/quote@v1.5.2: can only use path@version syntax with .go get.'
+stdout '^package '$WORK'[/\\]gopath[/\\]pkg[/\\]mod[/\\]rsc.io[/\\]quote@v1.5.2: can only use path@version syntax with .go get.'
go mod download rsc.io/quote@v1.5.2
go list -f '{{.ImportPath}}' $GOPATH/pkg/mod/rsc.io/quote@v1.5.2
stdout '^rsc.io/quote$'
diff --git a/src/cmd/go/testdata/script/mod_prefer_compatible.txt b/src/cmd/go/testdata/script/mod_prefer_compatible.txt
index c5cf17c..aa6260f 100644
--- a/src/cmd/go/testdata/script/mod_prefer_compatible.txt
+++ b/src/cmd/go/testdata/script/mod_prefer_compatible.txt
@@ -34,6 +34,7 @@
# order to determine whether it contains a go.mod file, and part of the point of
# the proxy is to avoid fetching unnecessary data.)
+[!exec:git] stop
env GOPROXY=direct
go list -versions -m github.com/russross/blackfriday github.com/russross/blackfriday
diff --git a/src/cmd/go/testdata/script/mod_replace_gopkgin.txt b/src/cmd/go/testdata/script/mod_replace_gopkgin.txt
new file mode 100644
index 0000000..6608fb1
--- /dev/null
+++ b/src/cmd/go/testdata/script/mod_replace_gopkgin.txt
@@ -0,0 +1,28 @@
+# Regression test for golang.org/issue/34254:
+# a clone of gopkg.in/[…].vN should be replaceable by
+# a fork hosted at corp.example.com/[…]/vN,
+# even if there is an explicit go.mod file containing the
+# gopkg.in path.
+
+[short] skip
+[!net] skip
+[!exec:git] skip
+
+env GO111MODULE=on
+env GOPROXY=direct
+env GOSUMDB=off
+
+# Replacing gopkg.in/[…].vN with a repository with a root go.mod file
+# specifying […].vN and a compatible version should succeed, even if
+# the replacement path is not a gopkg.in path.
+cd dot-to-dot
+go list gopkg.in/src-d/go-git.v4
+
+-- dot-to-dot/go.mod --
+module golang.org/issue/34254
+
+go 1.13
+
+require gopkg.in/src-d/go-git.v4 v4.13.1
+
+replace gopkg.in/src-d/go-git.v4 v4.13.1 => github.com/src-d/go-git/v4 v4.13.1
diff --git a/src/cmd/go/testdata/script/mod_sumdb_file_path.txt b/src/cmd/go/testdata/script/mod_sumdb_file_path.txt
index 7ccce23..6108c0a 100644
--- a/src/cmd/go/testdata/script/mod_sumdb_file_path.txt
+++ b/src/cmd/go/testdata/script/mod_sumdb_file_path.txt
@@ -13,7 +13,7 @@
[windows] env GOPROXY=file:///$WORK/sumproxy,https://proxy.golang.org
[!windows] env GOPROXY=file://$WORK/sumproxy,https://proxy.golang.org
! go get -d golang.org/x/text@v0.3.2
-stderr '^go get golang.org/x/text@v0.3.2: golang.org/x/text@v0.3.2: verifying module: golang.org/x/text@v0.3.2: reading file://.*/sumdb/sum.golang.org/lookup/golang.org/x/text@v0.3.2: (no such file or directory|.*cannot find the file specified.*)'
+stderr '^go get golang.org/x/text@v0.3.2: golang.org/x/text@v0.3.2: verifying module: golang.org/x/text@v0.3.2: reading file://.*/sumdb/sum.golang.org/lookup/golang.org/x/text@v0.3.2: (no such file or directory|.*cannot find the path specified.*)'
# If the proxy does not claim to support the database,
# checksum verification should fall through to the next proxy,
diff --git a/src/cmd/go/testdata/script/mod_vendor_auto.txt b/src/cmd/go/testdata/script/mod_vendor_auto.txt
index a15db7c..53120dc 100644
--- a/src/cmd/go/testdata/script/mod_vendor_auto.txt
+++ b/src/cmd/go/testdata/script/mod_vendor_auto.txt
@@ -62,7 +62,7 @@
go mod edit -go=1.14
! go list -f {{.Dir}} -tags tools all
-stderr '^go: inconsistent vendoring in '$WORK/auto':$'
+stderr '^go: inconsistent vendoring in '$WORK[/\\]auto':$'
stderr '^\texample.com/printversion@v1.0.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt'
stderr '^\texample.com/unused: is replaced in go.mod, but not marked as replaced in vendor/modules.txt'
stderr '^\texample.com/version@v1.2.0: is replaced in go.mod, but not marked as replaced in vendor/modules.txt'
@@ -131,7 +131,7 @@
cp go.mod.orig go.mod
go mod edit -go=1.14
! go list -f {{.Dir}} -tags tools all
-stderr '^go: inconsistent vendoring in '$WORK/auto':$'
+stderr '^go: inconsistent vendoring in '$WORK[/\\]auto':$'
stderr '^\texample.com/printversion@v1.0.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt'
stderr '^\texample.com/unused: is replaced in go.mod, but not marked as replaced in vendor/modules.txt'
stderr '^\texample.com/version@v1.2.0: is replaced in go.mod, but not marked as replaced in vendor/modules.txt'
@@ -149,7 +149,7 @@
# ...but a version mismatch for an explicit dependency should be noticed.
cp $WORK/modules-bad-1.13.txt vendor/modules.txt
! go list -mod=vendor -f {{.Dir}} -tags tools all
-stderr '^go: inconsistent vendoring in '$WORK/auto':$'
+stderr '^go: inconsistent vendoring in '$WORK[/\\]auto':$'
stderr '^\texample.com/printversion@v1.0.0: is explicitly required in go.mod, but vendor/modules.txt indicates example.com/printversion@v1.1.0$'
stderr '\n\nrun .go mod vendor. to sync, or use -mod=mod or -mod=readonly to ignore the vendor directory$'
diff --git a/src/cmd/go/testdata/script/noncanonical_import.txt b/src/cmd/go/testdata/script/noncanonical_import.txt
new file mode 100644
index 0000000..7fdc071
--- /dev/null
+++ b/src/cmd/go/testdata/script/noncanonical_import.txt
@@ -0,0 +1,21 @@
+env GO111MODULE=off
+
+! go build canonical/d
+stderr 'package canonical/d'
+stderr 'imports canonical/b'
+stderr 'imports canonical/a/: non-canonical'
+
+-- canonical/a/a.go --
+package a
+
+import _ "c"
+-- canonical/b/b.go --
+package b
+
+import _ "canonical/a/"
+-- canonical/a/vendor/c/c.go --
+package c
+-- canonical/d/d.go --
+package d
+
+import _ "canonical/b"
diff --git a/src/cmd/go/testdata/script/test_compile_tempfile.txt b/src/cmd/go/testdata/script/test_compile_tempfile.txt
new file mode 100644
index 0000000..9124108
--- /dev/null
+++ b/src/cmd/go/testdata/script/test_compile_tempfile.txt
@@ -0,0 +1,11 @@
+[short] skip
+
+# Ensure that the target of 'go build -o' can be an existing, empty file so that
+# its name can be reserved using ioutil.TempFile or the 'mktemp` command.
+
+go build -o empty-file$GOEXE main.go
+
+-- main.go --
+package main
+func main() {}
+-- empty-file$GOEXE --
diff --git a/src/cmd/go/testdata/script/version.txt b/src/cmd/go/testdata/script/version.txt
index 9086f04..4252624 100644
--- a/src/cmd/go/testdata/script/version.txt
+++ b/src/cmd/go/testdata/script/version.txt
@@ -1,6 +1,7 @@
env GO111MODULE=on
[short] skip
+# Check that 'go version' and 'go version -m' work on a binary built in module mode.
go build -o fortune.exe rsc.io/fortune
go version fortune.exe
stdout '^fortune.exe: .+'
@@ -8,6 +9,10 @@
stdout '^\tpath\trsc.io/fortune'
stdout '^\tmod\trsc.io/fortune\tv1.0.0'
+# Repeat the test with -buildmode=pie.
+# TODO(golang.org/issue/27144): don't skip after -buildmode=pie is implemented
+# on Windows.
+[windows] skip # -buildmode=pie not supported
go build -buildmode=pie -o external.exe rsc.io/fortune
go version external.exe
stdout '^external.exe: .+'
diff --git a/src/cmd/go/testdata/src/canonical/a/a.go b/src/cmd/go/testdata/src/canonical/a/a.go
deleted file mode 100644
index 486cc48..0000000
--- a/src/cmd/go/testdata/src/canonical/a/a.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package a
-
-import _ "c"
diff --git a/src/cmd/go/testdata/src/canonical/a/vendor/c/c.go b/src/cmd/go/testdata/src/canonical/a/vendor/c/c.go
deleted file mode 100644
index 7f96c221..0000000
--- a/src/cmd/go/testdata/src/canonical/a/vendor/c/c.go
+++ /dev/null
@@ -1 +0,0 @@
-package c
diff --git a/src/cmd/go/testdata/src/canonical/b/b.go b/src/cmd/go/testdata/src/canonical/b/b.go
deleted file mode 100644
index ce0f4ce..0000000
--- a/src/cmd/go/testdata/src/canonical/b/b.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package b
-
-import _ "canonical/a/"
diff --git a/src/cmd/go/testdata/src/canonical/d/d.go b/src/cmd/go/testdata/src/canonical/d/d.go
deleted file mode 100644
index ef7dd7d..0000000
--- a/src/cmd/go/testdata/src/canonical/d/d.go
+++ /dev/null
@@ -1,3 +0,0 @@
-package d
-
-import _ "canonical/b"
diff --git a/src/cmd/internal/obj/arm64/obj7.go b/src/cmd/internal/obj/arm64/obj7.go
index e7cb16b..a2a019f 100644
--- a/src/cmd/internal/obj/arm64/obj7.go
+++ b/src/cmd/internal/obj/arm64/obj7.go
@@ -629,6 +629,19 @@
q1.To.Reg = REGSP
q1.Spadj = c.autosize
+ if c.ctxt.Headtype == objabi.Hdarwin {
+ // iOS does not support SA_ONSTACK. We will run the signal handler
+ // on the G stack. If we write below SP, it may be clobbered by
+ // the signal handler. So we save LR after decrementing SP.
+ q1 = obj.Appendp(q1, c.newprog)
+ q1.Pos = p.Pos
+ q1.As = AMOVD
+ q1.From.Type = obj.TYPE_REG
+ q1.From.Reg = REGLINK
+ q1.To.Type = obj.TYPE_MEM
+ q1.To.Reg = REGSP
+ }
+
q1 = c.ctxt.EndUnsafePoint(q1, c.newprog, -1)
} else {
// small frame, update SP and save LR in a single MOVD.W instruction
diff --git a/src/cmd/internal/obj/x86/asm6.go b/src/cmd/internal/obj/x86/asm6.go
index 3a33bc3..cfeb179 100644
--- a/src/cmd/internal/obj/x86/asm6.go
+++ b/src/cmd/internal/obj/x86/asm6.go
@@ -1984,6 +1984,22 @@
fmt.Printf(" rel %#.4x/%d %s%+d\n", uint32(r.Off), r.Siz, r.Sym.Name, r.Add)
}
}
+
+ // Mark nonpreemptible instruction sequences.
+ // The 2-instruction TLS access sequence
+ // MOVQ TLS, BX
+ // MOVQ 0(BX)(TLS*1), BX
+ // is not async preemptible, as if it is preempted and resumed on
+ // a different thread, the TLS address may become invalid.
+ if !CanUse1InsnTLS(ctxt) {
+ useTLS := func(p *obj.Prog) bool {
+ // Only need to mark the second instruction, which has
+ // REG_TLS as Index. (It is okay to interrupt and restart
+ // the first instruction.)
+ return p.From.Index == REG_TLS
+ }
+ obj.MarkUnsafePoints(ctxt, s.Func.Text, newprog, useTLS)
+ }
}
func instinit(ctxt *obj.Link) {
diff --git a/src/cmd/internal/objabi/reloctype.go b/src/cmd/internal/objabi/reloctype.go
index aed7e2a..dc64828 100644
--- a/src/cmd/internal/objabi/reloctype.go
+++ b/src/cmd/internal/objabi/reloctype.go
@@ -64,6 +64,8 @@
// R_CALLMIPS (only used on mips64) resolves to non-PC-relative target address
// of a CALL (JAL) instruction, by encoding the address into the instruction.
R_CALLMIPS
+ // R_CALLRISCV marks RISC-V CALLs for stack checking.
+ R_CALLRISCV
R_CONST
R_PCREL
// R_TLS_LE, used on 386, amd64, and ARM, resolves to the offset of the
@@ -200,6 +202,16 @@
// relocated symbol rather than the symbol's address.
R_ADDRPOWER_TOCREL_DS
+ // RISC-V.
+
+ // R_RISCV_PCREL_ITYPE resolves a 32-bit PC-relative address using an
+ // AUIPC + I-type instruction pair.
+ R_RISCV_PCREL_ITYPE
+
+ // R_RISCV_PCREL_STYPE resolves a 32-bit PC-relative address using an
+ // AUIPC + S-type instruction pair.
+ R_RISCV_PCREL_STYPE
+
// R_PCRELDBL relocates s390x 2-byte aligned PC-relative addresses.
// TODO(mundaym): remove once variants can be serialized - see issue 14218.
R_PCRELDBL
@@ -210,6 +222,7 @@
// R_ADDRMIPSTLS (only used on mips64) resolves to the low 16 bits of a TLS
// address (offset from thread pointer), by encoding it into the instruction.
R_ADDRMIPSTLS
+
// R_ADDRCUOFF resolves to a pointer-sized offset from the start of the
// symbol's DWARF compile unit.
R_ADDRCUOFF
@@ -230,7 +243,7 @@
// the target address in register or memory.
func (r RelocType) IsDirectCall() bool {
switch r {
- case R_CALL, R_CALLARM, R_CALLARM64, R_CALLMIPS, R_CALLPOWER:
+ case R_CALL, R_CALLARM, R_CALLARM64, R_CALLMIPS, R_CALLPOWER, R_CALLRISCV:
return true
}
return false
diff --git a/src/cmd/internal/objabi/reloctype_string.go b/src/cmd/internal/objabi/reloctype_string.go
index a1c4c1a..83dfe71 100644
--- a/src/cmd/internal/objabi/reloctype_string.go
+++ b/src/cmd/internal/objabi/reloctype_string.go
@@ -4,9 +4,9 @@
import "strconv"
-const _RelocType_name = "R_ADDRR_ADDRPOWERR_ADDRARM64R_ADDRMIPSR_ADDROFFR_WEAKADDROFFR_SIZER_CALLR_CALLARMR_CALLARM64R_CALLINDR_CALLPOWERR_CALLMIPSR_CONSTR_PCRELR_TLS_LER_TLS_IER_GOTOFFR_PLT0R_PLT1R_PLT2R_USEFIELDR_USETYPER_METHODOFFR_POWER_TOCR_GOTPCRELR_JMPMIPSR_DWARFSECREFR_DWARFFILEREFR_ARM64_TLS_LER_ARM64_TLS_IER_ARM64_GOTPCRELR_ARM64_GOTR_ARM64_PCRELR_ARM64_LDST8R_ARM64_LDST32R_ARM64_LDST64R_ARM64_LDST128R_POWER_TLS_LER_POWER_TLS_IER_POWER_TLSR_ADDRPOWER_DSR_ADDRPOWER_GOTR_ADDRPOWER_PCRELR_ADDRPOWER_TOCRELR_ADDRPOWER_TOCREL_DSR_PCRELDBLR_ADDRMIPSUR_ADDRMIPSTLSR_ADDRCUOFFR_WASMIMPORTR_XCOFFREF"
+const _RelocType_name = "R_ADDRR_ADDRPOWERR_ADDRARM64R_ADDRMIPSR_ADDROFFR_WEAKADDROFFR_SIZER_CALLR_CALLARMR_CALLARM64R_CALLINDR_CALLPOWERR_CALLMIPSR_CALLRISCVR_CONSTR_PCRELR_TLS_LER_TLS_IER_GOTOFFR_PLT0R_PLT1R_PLT2R_USEFIELDR_USETYPER_METHODOFFR_POWER_TOCR_GOTPCRELR_JMPMIPSR_DWARFSECREFR_DWARFFILEREFR_ARM64_TLS_LER_ARM64_TLS_IER_ARM64_GOTPCRELR_ARM64_GOTR_ARM64_PCRELR_ARM64_LDST8R_ARM64_LDST32R_ARM64_LDST64R_ARM64_LDST128R_POWER_TLS_LER_POWER_TLS_IER_POWER_TLSR_ADDRPOWER_DSR_ADDRPOWER_GOTR_ADDRPOWER_PCRELR_ADDRPOWER_TOCRELR_ADDRPOWER_TOCREL_DSR_RISCV_PCREL_ITYPER_RISCV_PCREL_STYPER_PCRELDBLR_ADDRMIPSUR_ADDRMIPSTLSR_ADDRCUOFFR_WASMIMPORTR_XCOFFREF"
-var _RelocType_index = [...]uint16{0, 6, 17, 28, 38, 47, 60, 66, 72, 81, 92, 101, 112, 122, 129, 136, 144, 152, 160, 166, 172, 178, 188, 197, 208, 219, 229, 238, 251, 265, 279, 293, 309, 320, 333, 346, 360, 374, 389, 403, 417, 428, 442, 457, 474, 492, 513, 523, 534, 547, 558, 570, 580}
+var _RelocType_index = [...]uint16{0, 6, 17, 28, 38, 47, 60, 66, 72, 81, 92, 101, 112, 122, 133, 140, 147, 155, 163, 171, 177, 183, 189, 199, 208, 219, 230, 240, 249, 262, 276, 290, 304, 320, 331, 344, 357, 371, 385, 400, 414, 428, 439, 453, 468, 485, 503, 524, 543, 562, 572, 583, 596, 607, 619, 629}
func (i RelocType) String() string {
i -= 1
diff --git a/src/cmd/link/dwarf_test.go b/src/cmd/link/dwarf_test.go
index f33082e..37d570f 100644
--- a/src/cmd/link/dwarf_test.go
+++ b/src/cmd/link/dwarf_test.go
@@ -168,6 +168,9 @@
func TestDWARF(t *testing.T) {
testDWARF(t, "", true)
if !testing.Short() {
+ if runtime.GOOS == "windows" {
+ t.Skip("skipping Windows/c-archive; see Issue 35512 for more.")
+ }
t.Run("c-archive", func(t *testing.T) {
testDWARF(t, "c-archive", true)
})
diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go
index 3f5b6d4..dcbe136 100644
--- a/src/cmd/link/internal/ld/config.go
+++ b/src/cmd/link/internal/ld/config.go
@@ -258,7 +258,10 @@
Exitf("internal linking requested %sbut external linking required: %s", via, extReason)
}
case LinkExternal:
- if objabi.GOARCH == "ppc64" && objabi.GOOS != "aix" {
+ switch {
+ case objabi.GOARCH == "riscv64":
+ Exitf("external linking not supported for %s/riscv64", objabi.GOOS)
+ case objabi.GOARCH == "ppc64" && objabi.GOOS != "aix":
Exitf("external linking not supported for %s/ppc64", objabi.GOOS)
}
}
diff --git a/src/cmd/link/internal/ld/data.go b/src/cmd/link/internal/ld/data.go
index 3c24717..32d1111 100644
--- a/src/cmd/link/internal/ld/data.go
+++ b/src/cmd/link/internal/ld/data.go
@@ -157,8 +157,8 @@
if r.Sym != nil && ((r.Sym.Type == sym.Sxxx && !r.Sym.Attr.VisibilityHidden()) || r.Sym.Type == sym.SXREF) {
// When putting the runtime but not main into a shared library
// these symbols are undefined and that's OK.
- if ctxt.BuildMode == BuildModeShared {
- if r.Sym.Name == "main.main" || r.Sym.Name == "main..inittask" {
+ if ctxt.BuildMode == BuildModeShared || ctxt.BuildMode == BuildModePlugin {
+ if r.Sym.Name == "main.main" || (ctxt.BuildMode != BuildModePlugin && r.Sym.Name == "main..inittask") {
r.Sym.Type = sym.SDYNIMPORT
} else if strings.HasPrefix(r.Sym.Name, "go.info.") {
// Skip go.info symbols. They are only needed to communicate
diff --git a/src/cmd/link/internal/ld/dwarf.go b/src/cmd/link/internal/ld/dwarf.go
index f5af90b..6eba39b 100644
--- a/src/cmd/link/internal/ld/dwarf.go
+++ b/src/cmd/link/internal/ld/dwarf.go
@@ -944,6 +944,11 @@
if s.FuncInfo == nil {
continue
}
+ // Skip linker-created functions (ex: runtime.addmoduledata), since they
+ // don't have DWARF to begin with.
+ if s.Unit == nil {
+ continue
+ }
unit := s.Unit
// Update PC ranges.
//
@@ -1128,7 +1133,7 @@
lastAddr = addr
// Output the line table.
- // TODO: Now that we have all the debug information in seperate
+ // TODO: Now that we have all the debug information in separate
// symbols, it would make sense to use a rope, and concatenate them all
// together rather then the append() below. This would allow us to have
// the compiler emit the DW_LNE_set_address and a rope data structure
diff --git a/src/cmd/link/internal/ld/elf.go b/src/cmd/link/internal/ld/elf.go
index 91198ef..69cad38 100644
--- a/src/cmd/link/internal/ld/elf.go
+++ b/src/cmd/link/internal/ld/elf.go
@@ -176,6 +176,7 @@
EM_MIPS_RS4_BE = 10
EM_ALPHA_STD = 41
EM_ALPHA = 0x9026
+ EM_RISCV = 243
SHN_UNDEF = 0
SHN_LORESERVE = 0xff00
SHN_LOPROC = 0xff00
@@ -485,7 +486,7 @@
func Elfinit(ctxt *Link) {
ctxt.IsELF = true
- if ctxt.Arch.InFamily(sys.AMD64, sys.ARM64, sys.MIPS64, sys.PPC64, sys.S390X) {
+ if ctxt.Arch.InFamily(sys.AMD64, sys.ARM64, sys.MIPS64, sys.PPC64, sys.RISCV64, sys.S390X) {
elfRelType = ".rela"
} else {
elfRelType = ".rel"
@@ -500,7 +501,7 @@
ehdr.flags = 2 /* Version 2 ABI */
}
fallthrough
- case sys.AMD64, sys.ARM64, sys.MIPS64:
+ case sys.AMD64, sys.ARM64, sys.MIPS64, sys.RISCV64:
if ctxt.Arch.Family == sys.MIPS64 {
ehdr.flags = 0x20000004 /* MIPS 3 CPIC */
}
@@ -1758,6 +1759,8 @@
eh.machine = EM_386
case sys.PPC64:
eh.machine = EM_PPC64
+ case sys.RISCV64:
+ eh.machine = EM_RISCV
case sys.S390X:
eh.machine = EM_S390
}
diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go
index 5564a27..20852b5 100644
--- a/src/cmd/link/internal/ld/lib.go
+++ b/src/cmd/link/internal/ld/lib.go
@@ -429,7 +429,7 @@
// We now have enough information to determine the link mode.
determineLinkMode(ctxt)
- if ctxt.LinkMode == LinkExternal && !iscgo && ctxt.LibraryByPkg["runtime/cgo"] == nil && !(objabi.GOOS == "darwin" && (ctxt.Arch.Family == sys.AMD64 || ctxt.Arch.Family == sys.I386)) {
+ if ctxt.LinkMode == LinkExternal && !iscgo && ctxt.LibraryByPkg["runtime/cgo"] == nil && !(objabi.GOOS == "darwin" && ctxt.BuildMode != BuildModePlugin && (ctxt.Arch.Family == sys.AMD64 || ctxt.Arch.Family == sys.I386)) {
// This indicates a user requested -linkmode=external.
// The startup code uses an import of runtime/cgo to decide
// whether to initialize the TLS. So give it one. This could
@@ -1294,7 +1294,7 @@
// from the beginning of the section (like sym.STYPE).
argv = append(argv, "-Wl,-znocopyreloc")
- if ctxt.Arch.InFamily(sys.ARM, sys.ARM64) && (objabi.GOOS == "linux" || objabi.GOOS == "android") {
+ if ctxt.Arch.InFamily(sys.ARM, sys.ARM64) && objabi.GOOS == "linux" {
// On ARM, the GNU linker will generate COPY relocations
// even with -znocopyreloc set.
// https://sourceware.org/bugzilla/show_bug.cgi?id=19962
diff --git a/src/cmd/link/internal/ld/macho.go b/src/cmd/link/internal/ld/macho.go
index 8756da4..e50eddd 100644
--- a/src/cmd/link/internal/ld/macho.go
+++ b/src/cmd/link/internal/ld/macho.go
@@ -404,21 +404,26 @@
}
}
if machoPlatform == 0 {
- machoPlatform = PLATFORM_MACOS
- if ctxt.LinkMode == LinkInternal {
- // For lldb, must say LC_VERSION_MIN_MACOSX or else
- // it won't know that this Mach-O binary is from OS X
- // (could be iOS or WatchOS instead).
- // Go on iOS uses linkmode=external, and linkmode=external
- // adds this itself. So we only need this code for linkmode=internal
- // and we can assume OS X.
- //
- // See golang.org/issues/12941.
- //
- // The version must be at least 10.9; see golang.org/issues/30488.
- ml := newMachoLoad(ctxt.Arch, LC_VERSION_MIN_MACOSX, 2)
- ml.data[0] = 10<<16 | 9<<8 | 0<<0 // OS X version 10.9.0
- ml.data[1] = 10<<16 | 9<<8 | 0<<0 // SDK 10.9.0
+ switch ctxt.Arch.Family {
+ default:
+ machoPlatform = PLATFORM_MACOS
+ if ctxt.LinkMode == LinkInternal {
+ // For lldb, must say LC_VERSION_MIN_MACOSX or else
+ // it won't know that this Mach-O binary is from OS X
+ // (could be iOS or WatchOS instead).
+ // Go on iOS uses linkmode=external, and linkmode=external
+ // adds this itself. So we only need this code for linkmode=internal
+ // and we can assume OS X.
+ //
+ // See golang.org/issues/12941.
+ //
+ // The version must be at least 10.9; see golang.org/issues/30488.
+ ml := newMachoLoad(ctxt.Arch, LC_VERSION_MIN_MACOSX, 2)
+ ml.data[0] = 10<<16 | 9<<8 | 0<<0 // OS X version 10.9.0
+ ml.data[1] = 10<<16 | 9<<8 | 0<<0 // SDK 10.9.0
+ }
+ case sys.ARM, sys.ARM64:
+ machoPlatform = PLATFORM_IOS
}
}
diff --git a/src/cmd/link/internal/loadpe/ldpe.go b/src/cmd/link/internal/loadpe/ldpe.go
index 32f043c..ab3aeef 100644
--- a/src/cmd/link/internal/loadpe/ldpe.go
+++ b/src/cmd/link/internal/loadpe/ldpe.go
@@ -452,16 +452,16 @@
case sys.AMD64:
if name == "__imp___acrt_iob_func" {
// Do not rename __imp___acrt_iob_func into __acrt_iob_func,
- // becasue __imp___acrt_iob_func symbol is real
- // (see commit b295099 from git://git.code.sf.net/p/mingw-w64/mingw-w64 for detials).
+ // because __imp___acrt_iob_func symbol is real
+ // (see commit b295099 from git://git.code.sf.net/p/mingw-w64/mingw-w64 for details).
} else {
name = strings.TrimPrefix(name, "__imp_") // __imp_Name => Name
}
case sys.I386:
if name == "__imp____acrt_iob_func" {
// Do not rename __imp____acrt_iob_func into ___acrt_iob_func,
- // becasue __imp____acrt_iob_func symbol is real
- // (see commit b295099 from git://git.code.sf.net/p/mingw-w64/mingw-w64 for detials).
+ // because __imp____acrt_iob_func symbol is real
+ // (see commit b295099 from git://git.code.sf.net/p/mingw-w64/mingw-w64 for details).
} else {
name = strings.TrimPrefix(name, "__imp_") // __imp_Name => Name
}
diff --git a/src/cmd/link/internal/riscv64/asm.go b/src/cmd/link/internal/riscv64/asm.go
new file mode 100644
index 0000000..111ff9d
--- /dev/null
+++ b/src/cmd/link/internal/riscv64/asm.go
@@ -0,0 +1,122 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package riscv64
+
+import (
+ "cmd/internal/objabi"
+ "cmd/internal/sys"
+ "cmd/link/internal/ld"
+ "cmd/link/internal/sym"
+ "fmt"
+ "log"
+)
+
+func gentext(ctxt *ld.Link) {
+}
+
+func adddynrela(ctxt *ld.Link, rel *sym.Symbol, s *sym.Symbol, r *sym.Reloc) {
+ log.Fatalf("adddynrela not implemented")
+}
+
+func adddynrel(ctxt *ld.Link, s *sym.Symbol, r *sym.Reloc) bool {
+ log.Fatalf("adddynrel not implemented")
+ return false
+}
+
+func elfreloc1(ctxt *ld.Link, r *sym.Reloc, sectoff int64) bool {
+ log.Fatalf("elfreloc1")
+ return false
+}
+
+func elfsetupplt(ctxt *ld.Link) {
+ log.Fatalf("elfsetuplt")
+}
+
+func machoreloc1(arch *sys.Arch, out *ld.OutBuf, s *sym.Symbol, r *sym.Reloc, sectoff int64) bool {
+ log.Fatalf("machoreloc1 not implemented")
+ return false
+}
+
+func archreloc(ctxt *ld.Link, r *sym.Reloc, s *sym.Symbol, val int64) (int64, bool) {
+ // TODO(jsing): Implement.
+ log.Fatalf("archreloc not implemented")
+ return val, false
+}
+
+func archrelocvariant(ctxt *ld.Link, r *sym.Reloc, s *sym.Symbol, t int64) int64 {
+ log.Fatalf("archrelocvariant")
+ return -1
+}
+
+func asmb(ctxt *ld.Link) {
+ if ctxt.IsELF {
+ ld.Asmbelfsetup()
+ }
+
+ sect := ld.Segtext.Sections[0]
+ ctxt.Out.SeekSet(int64(sect.Vaddr - ld.Segtext.Vaddr + ld.Segtext.Fileoff))
+ ld.Codeblk(ctxt, int64(sect.Vaddr), int64(sect.Length))
+ for _, sect = range ld.Segtext.Sections[1:] {
+ ctxt.Out.SeekSet(int64(sect.Vaddr - ld.Segtext.Vaddr + ld.Segtext.Fileoff))
+ ld.Datblk(ctxt, int64(sect.Vaddr), int64(sect.Length))
+ }
+
+ if ld.Segrodata.Filelen > 0 {
+ ctxt.Out.SeekSet(int64(ld.Segrodata.Fileoff))
+ ld.Datblk(ctxt, int64(ld.Segrodata.Vaddr), int64(ld.Segrodata.Filelen))
+ }
+ if ld.Segrelrodata.Filelen > 0 {
+ ctxt.Out.SeekSet(int64(ld.Segrelrodata.Fileoff))
+ ld.Datblk(ctxt, int64(ld.Segrelrodata.Vaddr), int64(ld.Segrelrodata.Filelen))
+ }
+
+ ctxt.Out.SeekSet(int64(ld.Segdata.Fileoff))
+ ld.Datblk(ctxt, int64(ld.Segdata.Vaddr), int64(ld.Segdata.Filelen))
+
+ ctxt.Out.SeekSet(int64(ld.Segdwarf.Fileoff))
+ ld.Dwarfblk(ctxt, int64(ld.Segdwarf.Vaddr), int64(ld.Segdwarf.Filelen))
+}
+
+func asmb2(ctxt *ld.Link) {
+ ld.Symsize = 0
+ ld.Lcsize = 0
+ symo := uint32(0)
+
+ if !*ld.FlagS {
+ if !ctxt.IsELF {
+ ld.Errorf(nil, "unsupported executable format")
+ }
+
+ symo = uint32(ld.Segdwarf.Fileoff + ld.Segdwarf.Filelen)
+ symo = uint32(ld.Rnd(int64(symo), int64(*ld.FlagRound)))
+ ctxt.Out.SeekSet(int64(symo))
+
+ ld.Asmelfsym(ctxt)
+ ctxt.Out.Flush()
+ ctxt.Out.Write(ld.Elfstrdat)
+
+ if ctxt.LinkMode == ld.LinkExternal {
+ ld.Elfemitreloc(ctxt)
+ }
+ }
+
+ ctxt.Out.SeekSet(0)
+ switch ctxt.HeadType {
+ case objabi.Hlinux:
+ ld.Asmbelf(ctxt, int64(symo))
+ default:
+ ld.Errorf(nil, "unsupported operating system")
+ }
+ ctxt.Out.Flush()
+
+ if *ld.FlagC {
+ fmt.Printf("textsize=%d\n", ld.Segtext.Filelen)
+ fmt.Printf("datsize=%d\n", ld.Segdata.Filelen)
+ fmt.Printf("bsssize=%d\n", ld.Segdata.Length-ld.Segdata.Filelen)
+ fmt.Printf("symsize=%d\n", ld.Symsize)
+ fmt.Printf("lcsize=%d\n", ld.Lcsize)
+ fmt.Printf("total=%d\n", ld.Segtext.Filelen+ld.Segdata.Length+uint64(ld.Symsize)+uint64(ld.Lcsize))
+ }
+}
diff --git a/src/cmd/link/internal/riscv64/l.go b/src/cmd/link/internal/riscv64/l.go
new file mode 100644
index 0000000..a302657
--- /dev/null
+++ b/src/cmd/link/internal/riscv64/l.go
@@ -0,0 +1,14 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package riscv64
+
+const (
+ maxAlign = 32 // max data alignment
+ minAlign = 1
+ funcAlign = 8
+
+ dwarfRegLR = 1
+ dwarfRegSP = 2
+)
diff --git a/src/cmd/link/internal/riscv64/obj.go b/src/cmd/link/internal/riscv64/obj.go
new file mode 100644
index 0000000..c1e4680
--- /dev/null
+++ b/src/cmd/link/internal/riscv64/obj.go
@@ -0,0 +1,60 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package riscv64
+
+import (
+ "cmd/internal/objabi"
+ "cmd/internal/sys"
+ "cmd/link/internal/ld"
+)
+
+func Init() (*sys.Arch, ld.Arch) {
+ arch := sys.ArchRISCV64
+
+ theArch := ld.Arch{
+ Funcalign: funcAlign,
+ Maxalign: maxAlign,
+ Minalign: minAlign,
+ Dwarfregsp: dwarfRegSP,
+ Dwarfreglr: dwarfRegLR,
+
+ Adddynrel: adddynrel,
+ Archinit: archinit,
+ Archreloc: archreloc,
+ Archrelocvariant: archrelocvariant,
+ Asmb: asmb,
+ Asmb2: asmb2,
+ Elfreloc1: elfreloc1,
+ Elfsetupplt: elfsetupplt,
+ Gentext: gentext,
+ Machoreloc1: machoreloc1,
+
+ Linuxdynld: "/lib/ld.so.1",
+
+ Freebsddynld: "XXX",
+ Netbsddynld: "XXX",
+ Openbsddynld: "XXX",
+ Dragonflydynld: "XXX",
+ Solarisdynld: "XXX",
+ }
+
+ return arch, theArch
+}
+
+func archinit(ctxt *ld.Link) {
+ switch ctxt.HeadType {
+ case objabi.Hlinux:
+ ld.Elfinit(ctxt)
+ ld.HEADR = ld.ELFRESERVE
+ if *ld.FlagTextAddr == -1 {
+ *ld.FlagTextAddr = 0x10000 + int64(ld.HEADR)
+ }
+ if *ld.FlagRound == -1 {
+ *ld.FlagRound = 0x10000
+ }
+ default:
+ ld.Exitf("unknown -H option: %v", ctxt.HeadType)
+ }
+}
diff --git a/src/cmd/link/main.go b/src/cmd/link/main.go
index 99550b0..6b4ca97 100644
--- a/src/cmd/link/main.go
+++ b/src/cmd/link/main.go
@@ -14,6 +14,7 @@
"cmd/link/internal/mips"
"cmd/link/internal/mips64"
"cmd/link/internal/ppc64"
+ "cmd/link/internal/riscv64"
"cmd/link/internal/s390x"
"cmd/link/internal/wasm"
"cmd/link/internal/x86"
@@ -57,6 +58,8 @@
arch, theArch = mips64.Init()
case "ppc64", "ppc64le":
arch, theArch = ppc64.Init()
+ case "riscv64":
+ arch, theArch = riscv64.Init()
case "s390x":
arch, theArch = s390x.Init()
case "wasm":
diff --git a/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go b/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
index f1077dd..89b8882 100644
--- a/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
+++ b/src/cmd/vendor/github.com/google/pprof/internal/driver/webhtml.go
@@ -14,10 +14,12 @@
package driver
-import "html/template"
+import (
+ "html/template"
-import "github.com/google/pprof/third_party/d3"
-import "github.com/google/pprof/third_party/d3flamegraph"
+ "github.com/google/pprof/third_party/d3"
+ "github.com/google/pprof/third_party/d3flamegraph"
+)
// addTemplates adds a set of template definitions to templates.
func addTemplates(templates *template.Template) {
@@ -91,7 +93,7 @@
text-align: left;
}
.header input {
- background: white url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' style='pointer-events:none;display:block;width:100%25;height:100%25;fill:#757575'%3E%3Cpath d='M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61.0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z'/%3E%3C/svg%3E") no-repeat 4px center/20px 20px;
+ background: white url("data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24' style='pointer-events:none;display:block;width:100%25;height:100%25;fill:%23757575'%3E%3Cpath d='M15.5 14h-.79l-.28-.27C15.41 12.59 16 11.11 16 9.5 16 5.91 13.09 3 9.5 3S3 5.91 3 9.5 5.91 16 9.5 16c1.61.0 3.09-.59 4.23-1.57l.27.28v.79l5 4.99L20.49 19l-4.99-5zm-6 0C7.01 14 5 11.99 5 9.5S7.01 5 9.5 5 14 7.01 14 9.5 11.99 14 9.5 14z'/%3E%3C/svg%3E") no-repeat 4px center/20px 20px;
border: 1px solid #d1d2d3;
border-radius: 2px 0 0 2px;
padding: 0.25em;
@@ -610,8 +612,9 @@
function handleKey(e) {
if (e.keyCode != 13) return;
- window.location.href =
- updateUrl(new URL(window.location.href), 'f');
+ setHrefParams(window.location, function (params) {
+ params.set('f', search.value);
+ });
e.preventDefault();
}
@@ -650,9 +653,11 @@
})
// add matching items that are not currently selected.
- for (let n = 0; n < nodes.length; n++) {
- if (!selected.has(n) && match(nodes[n])) {
- select(n, document.getElementById('node' + n));
+ if (nodes) {
+ for (let n = 0; n < nodes.length; n++) {
+ if (!selected.has(n) && match(nodes[n])) {
+ select(n, document.getElementById('node' + n));
+ }
}
}
@@ -1089,6 +1094,7 @@
.transitionDuration(750)
.transitionEase(d3.easeCubic)
.inverted(true)
+ .sort(true)
.title('')
.tooltip(false)
.details(document.getElementById('flamegraphdetails'));
diff --git a/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go b/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go
index 5c7f449..4006085 100644
--- a/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go
+++ b/src/cmd/vendor/github.com/google/pprof/internal/driver/webui.go
@@ -334,7 +334,7 @@
return nil, err
}
- // Fix dot bug related to unquoted amperands.
+ // Fix dot bug related to unquoted ampersands.
svg := bytes.Replace(out.Bytes(), []byte("&;"), []byte("&;"), -1)
// Cleanup for embedding by dropping stuff before the <svg> start.
diff --git a/src/cmd/vendor/github.com/google/pprof/internal/graph/graph.go b/src/cmd/vendor/github.com/google/pprof/internal/graph/graph.go
index 757be02..d2397a9 100644
--- a/src/cmd/vendor/github.com/google/pprof/internal/graph/graph.go
+++ b/src/cmd/vendor/github.com/google/pprof/internal/graph/graph.go
@@ -28,9 +28,19 @@
)
var (
+ // Removes package name and method arugments for Java method names.
+ // See tests for examples.
javaRegExp = regexp.MustCompile(`^(?:[a-z]\w*\.)*([A-Z][\w\$]*\.(?:<init>|[a-z][\w\$]*(?:\$\d+)?))(?:(?:\()|$)`)
- goRegExp = regexp.MustCompile(`^(?:[\w\-\.]+\/)+(.+)`)
- cppRegExp = regexp.MustCompile(`^(?:(?:\(anonymous namespace\)::)(\w+$))|(?:(?:\(anonymous namespace\)::)?(?:[_a-zA-Z]\w*\::|)*(_*[A-Z]\w*::~?[_a-zA-Z]\w*)$)`)
+ // Removes package name and method arugments for Go function names.
+ // See tests for examples.
+ goRegExp = regexp.MustCompile(`^(?:[\w\-\.]+\/)+(.+)`)
+ // Strips C++ namespace prefix from a C++ function / method name.
+ // NOTE: Make sure to keep the template parameters in the name. Normally,
+ // template parameters are stripped from the C++ names but when
+ // -symbolize=demangle=templates flag is used, they will not be.
+ // See tests for examples.
+ cppRegExp = regexp.MustCompile(`^(?:[_a-zA-Z]\w*::)+(_*[A-Z]\w*::~?[_a-zA-Z]\w*(?:<.*>)?)`)
+ cppAnonymousPrefixRegExp = regexp.MustCompile(`^\(anonymous namespace\)::`)
)
// Graph summarizes a performance profile into a format that is
@@ -191,7 +201,7 @@
// works as a unique identifier; however, in a tree multiple nodes may share
// identical NodeInfos. A *Node does uniquely identify a node so we can use that
// instead. Though a *Node also uniquely identifies a node in a graph,
-// currently, during trimming, graphs are rebult from scratch using only the
+// currently, during trimming, graphs are rebuilt from scratch using only the
// NodeSet, so there would not be the required context of the initial graph to
// allow for the use of *Node.
type NodePtrSet map[*Node]bool
@@ -429,6 +439,7 @@
// ShortenFunctionName returns a shortened version of a function's name.
func ShortenFunctionName(f string) string {
+ f = cppAnonymousPrefixRegExp.ReplaceAllString(f, "")
for _, re := range []*regexp.Regexp{goRegExp, javaRegExp, cppRegExp} {
if matches := re.FindStringSubmatch(f); len(matches) >= 2 {
return strings.Join(matches[1:], "")
diff --git a/src/cmd/vendor/github.com/google/pprof/internal/plugin/plugin.go b/src/cmd/vendor/github.com/google/pprof/internal/plugin/plugin.go
index 23338bc..a304284 100644
--- a/src/cmd/vendor/github.com/google/pprof/internal/plugin/plugin.go
+++ b/src/cmd/vendor/github.com/google/pprof/internal/plugin/plugin.go
@@ -34,7 +34,7 @@
UI UI
// HTTPServer is a function that should block serving http requests,
- // including the handlers specfied in args. If non-nil, pprof will
+ // including the handlers specified in args. If non-nil, pprof will
// invoke this function if necessary to provide a web interface.
//
// If HTTPServer is nil, pprof will use its own internal HTTP server.
diff --git a/src/cmd/vendor/modules.txt b/src/cmd/vendor/modules.txt
index 6fda775..e1a880c 100644
--- a/src/cmd/vendor/modules.txt
+++ b/src/cmd/vendor/modules.txt
@@ -1,4 +1,4 @@
-# github.com/google/pprof v0.0.0-20190515194954-54271f7e092f
+# github.com/google/pprof v0.0.0-20191105193234-27840fff0d09
## explicit
github.com/google/pprof/driver
github.com/google/pprof/internal/binutils
diff --git a/src/crypto/dsa/dsa_test.go b/src/crypto/dsa/dsa_test.go
index 7332a3a..28ac00e 100644
--- a/src/crypto/dsa/dsa_test.go
+++ b/src/crypto/dsa/dsa_test.go
@@ -108,7 +108,7 @@
}
if Verify(&pub, []byte("testing"), fromHex("2"), fromHex("4")) {
- t.Errorf("Verify unexpected success with non-existant mod inverse of Q")
+ t.Errorf("Verify unexpected success with non-existent mod inverse of Q")
}
}
diff --git a/src/crypto/elliptic/p256.go b/src/crypto/elliptic/p256.go
index 80e123a..aa9eeb5 100644
--- a/src/crypto/elliptic/p256.go
+++ b/src/crypto/elliptic/p256.go
@@ -85,7 +85,7 @@
// Field elements are represented as nine, unsigned 32-bit words.
//
-// The value of an field element is:
+// The value of a field element is:
// x[0] + (x[1] * 2**29) + (x[2] * 2**57) + ... + (x[8] * 2**228)
//
// That is, each limb is alternately 29 or 28-bits wide in little-endian
diff --git a/src/crypto/tls/alert.go b/src/crypto/tls/alert.go
index 24199a7..22b3eca 100644
--- a/src/crypto/tls/alert.go
+++ b/src/crypto/tls/alert.go
@@ -40,6 +40,7 @@
alertNoRenegotiation alert = 100
alertMissingExtension alert = 109
alertUnsupportedExtension alert = 110
+ alertUnrecognizedName alert = 112
alertNoApplicationProtocol alert = 120
)
@@ -69,6 +70,7 @@
alertNoRenegotiation: "no renegotiation",
alertMissingExtension: "missing extension",
alertUnsupportedExtension: "unsupported extension",
+ alertUnrecognizedName: "unrecognized name",
alertNoApplicationProtocol: "no application protocol",
}
diff --git a/src/crypto/tls/auth.go b/src/crypto/tls/auth.go
index 72e2abf..009f8d3 100644
--- a/src/crypto/tls/auth.go
+++ b/src/crypto/tls/auth.go
@@ -18,69 +18,6 @@
"io"
)
-// pickSignatureAlgorithm selects a signature algorithm that is compatible with
-// the given public key and the list of algorithms from the peer and this side.
-// The lists of signature algorithms (peerSigAlgs and ourSigAlgs) are ignored
-// for tlsVersion < VersionTLS12.
-//
-// The returned SignatureScheme codepoint is only meaningful for TLS 1.2,
-// previous TLS versions have a fixed hash function.
-func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16) (sigAlg SignatureScheme, sigType uint8, hashFunc crypto.Hash, err error) {
- if tlsVersion < VersionTLS12 || len(peerSigAlgs) == 0 {
- // For TLS 1.1 and before, the signature algorithm could not be
- // negotiated and the hash is fixed based on the signature type. For TLS
- // 1.2, if the client didn't send signature_algorithms extension then we
- // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1.
- switch pubkey.(type) {
- case *rsa.PublicKey:
- if tlsVersion < VersionTLS12 {
- return 0, signaturePKCS1v15, crypto.MD5SHA1, nil
- } else {
- return PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1, nil
- }
- case *ecdsa.PublicKey:
- return ECDSAWithSHA1, signatureECDSA, crypto.SHA1, nil
- case ed25519.PublicKey:
- if tlsVersion < VersionTLS12 {
- // RFC 8422 specifies support for Ed25519 in TLS 1.0 and 1.1,
- // but it requires holding on to a handshake transcript to do a
- // full signature, and not even OpenSSL bothers with the
- // complexity, so we can't even test it properly.
- return 0, 0, 0, fmt.Errorf("tls: Ed25519 public keys are not supported before TLS 1.2")
- }
- return Ed25519, signatureEd25519, directSigning, nil
- default:
- return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey)
- }
- }
- for _, sigAlg := range peerSigAlgs {
- if !isSupportedSignatureAlgorithm(sigAlg, ourSigAlgs) {
- continue
- }
- sigType, hashAlg, err := typeAndHashFromSignatureScheme(sigAlg)
- if err != nil {
- return 0, 0, 0, fmt.Errorf("tls: internal error: %v", err)
- }
- switch pubkey.(type) {
- case *rsa.PublicKey:
- if sigType == signaturePKCS1v15 || sigType == signatureRSAPSS {
- return sigAlg, sigType, hashAlg, nil
- }
- case *ecdsa.PublicKey:
- if sigType == signatureECDSA {
- return sigAlg, sigType, hashAlg, nil
- }
- case ed25519.PublicKey:
- if sigType == signatureEd25519 {
- return sigAlg, sigType, hashAlg, nil
- }
- default:
- return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey)
- }
- }
- return 0, 0, 0, errors.New("tls: peer doesn't support any common signature algorithms")
-}
-
// verifyHandshakeSignature verifies a signature against pre-hashed
// (if required) handshake contents.
func verifyHandshakeSignature(sigType uint8, pubkey crypto.PublicKey, hashFunc crypto.Hash, signed, sig []byte) error {
@@ -164,59 +101,159 @@
return h.Sum(nil)
}
+// typeAndHashFromSignatureScheme returns the corresponding signature type and
+// crypto.Hash for a given TLS SignatureScheme.
+func typeAndHashFromSignatureScheme(signatureAlgorithm SignatureScheme) (sigType uint8, hash crypto.Hash, err error) {
+ switch signatureAlgorithm {
+ case PKCS1WithSHA1, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512:
+ sigType = signaturePKCS1v15
+ case PSSWithSHA256, PSSWithSHA384, PSSWithSHA512:
+ sigType = signatureRSAPSS
+ case ECDSAWithSHA1, ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512:
+ sigType = signatureECDSA
+ case Ed25519:
+ sigType = signatureEd25519
+ default:
+ return 0, 0, fmt.Errorf("unsupported signature algorithm: %#04x", signatureAlgorithm)
+ }
+ switch signatureAlgorithm {
+ case PKCS1WithSHA1, ECDSAWithSHA1:
+ hash = crypto.SHA1
+ case PKCS1WithSHA256, PSSWithSHA256, ECDSAWithP256AndSHA256:
+ hash = crypto.SHA256
+ case PKCS1WithSHA384, PSSWithSHA384, ECDSAWithP384AndSHA384:
+ hash = crypto.SHA384
+ case PKCS1WithSHA512, PSSWithSHA512, ECDSAWithP521AndSHA512:
+ hash = crypto.SHA512
+ case Ed25519:
+ hash = directSigning
+ default:
+ return 0, 0, fmt.Errorf("unsupported signature algorithm: %#04x", signatureAlgorithm)
+ }
+ return sigType, hash, nil
+}
+
+// legacyTypeAndHashFromPublicKey returns the fixed signature type and crypto.Hash for
+// a given public key used with TLS 1.0 and 1.1, before the introduction of
+// signature algorithm negotiation.
+func legacyTypeAndHashFromPublicKey(pub crypto.PublicKey) (sigType uint8, hash crypto.Hash, err error) {
+ switch pub.(type) {
+ case *rsa.PublicKey:
+ return signaturePKCS1v15, crypto.MD5SHA1, nil
+ case *ecdsa.PublicKey:
+ return signatureECDSA, crypto.SHA1, nil
+ case ed25519.PublicKey:
+ // RFC 8422 specifies support for Ed25519 in TLS 1.0 and 1.1,
+ // but it requires holding on to a handshake transcript to do a
+ // full signature, and not even OpenSSL bothers with the
+ // complexity, so we can't even test it properly.
+ return 0, 0, fmt.Errorf("tls: Ed25519 public keys are not supported before TLS 1.2")
+ default:
+ return 0, 0, fmt.Errorf("tls: unsupported public key: %T", pub)
+ }
+}
+
+var rsaSignatureSchemes = []struct {
+ scheme SignatureScheme
+ minModulusBytes int
+ maxVersion uint16
+}{
+ // RSA-PSS is used with PSSSaltLengthEqualsHash, and requires
+ // emLen >= hLen + sLen + 2
+ {PSSWithSHA256, crypto.SHA256.Size()*2 + 2, VersionTLS13},
+ {PSSWithSHA384, crypto.SHA384.Size()*2 + 2, VersionTLS13},
+ {PSSWithSHA512, crypto.SHA512.Size()*2 + 2, VersionTLS13},
+ // PKCS#1 v1.5 uses prefixes from hashPrefixes in crypto/rsa, and requires
+ // emLen >= len(prefix) + hLen + 11
+ // TLS 1.3 dropped support for PKCS#1 v1.5 in favor of RSA-PSS.
+ {PKCS1WithSHA256, 19 + crypto.SHA256.Size() + 11, VersionTLS12},
+ {PKCS1WithSHA384, 19 + crypto.SHA384.Size() + 11, VersionTLS12},
+ {PKCS1WithSHA512, 19 + crypto.SHA512.Size() + 11, VersionTLS12},
+ {PKCS1WithSHA1, 15 + crypto.SHA1.Size() + 11, VersionTLS12},
+}
+
// signatureSchemesForCertificate returns the list of supported SignatureSchemes
-// for a given certificate, based on the public key and the protocol version.
+// for a given certificate, based on the public key and the protocol version,
+// and optionally filtered by its explicit SupportedSignatureAlgorithms.
//
-// It does not support the crypto.Decrypter interface, so shouldn't be used for
-// server certificates in TLS 1.2 and earlier, and it must be kept in sync with
-// supportedSignatureAlgorithms.
+// This function must be kept in sync with supportedSignatureAlgorithms.
func signatureSchemesForCertificate(version uint16, cert *Certificate) []SignatureScheme {
priv, ok := cert.PrivateKey.(crypto.Signer)
if !ok {
return nil
}
+ var sigAlgs []SignatureScheme
switch pub := priv.Public().(type) {
case *ecdsa.PublicKey:
if version != VersionTLS13 {
// In TLS 1.2 and earlier, ECDSA algorithms are not
// constrained to a single curve.
- return []SignatureScheme{
+ sigAlgs = []SignatureScheme{
ECDSAWithP256AndSHA256,
ECDSAWithP384AndSHA384,
ECDSAWithP521AndSHA512,
ECDSAWithSHA1,
}
+ break
}
switch pub.Curve {
case elliptic.P256():
- return []SignatureScheme{ECDSAWithP256AndSHA256}
+ sigAlgs = []SignatureScheme{ECDSAWithP256AndSHA256}
case elliptic.P384():
- return []SignatureScheme{ECDSAWithP384AndSHA384}
+ sigAlgs = []SignatureScheme{ECDSAWithP384AndSHA384}
case elliptic.P521():
- return []SignatureScheme{ECDSAWithP521AndSHA512}
+ sigAlgs = []SignatureScheme{ECDSAWithP521AndSHA512}
default:
return nil
}
case *rsa.PublicKey:
- if version != VersionTLS13 {
- return []SignatureScheme{
- PKCS1WithSHA256,
- PKCS1WithSHA384,
- PKCS1WithSHA512,
- PKCS1WithSHA1,
+ size := pub.Size()
+ sigAlgs = make([]SignatureScheme, 0, len(rsaSignatureSchemes))
+ for _, candidate := range rsaSignatureSchemes {
+ if size >= candidate.minModulusBytes && version <= candidate.maxVersion {
+ sigAlgs = append(sigAlgs, candidate.scheme)
}
}
- return []SignatureScheme{
- PSSWithSHA256,
- PSSWithSHA384,
- PSSWithSHA512,
- }
case ed25519.PublicKey:
- return []SignatureScheme{Ed25519}
+ sigAlgs = []SignatureScheme{Ed25519}
default:
return nil
}
+
+ if cert.SupportedSignatureAlgorithms != nil {
+ var filteredSigAlgs []SignatureScheme
+ for _, sigAlg := range sigAlgs {
+ if isSupportedSignatureAlgorithm(sigAlg, cert.SupportedSignatureAlgorithms) {
+ filteredSigAlgs = append(filteredSigAlgs, sigAlg)
+ }
+ }
+ return filteredSigAlgs
+ }
+ return sigAlgs
+}
+
+// selectSignatureScheme picks a SignatureScheme from the peer's preference list
+// that works with the selected certificate. It's only called for protocol
+// versions that support signature algorithms, so TLS 1.2 and 1.3.
+func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureScheme) (SignatureScheme, error) {
+ supportedAlgs := signatureSchemesForCertificate(vers, c)
+ if len(supportedAlgs) == 0 {
+ return 0, unsupportedCertificateError(c)
+ }
+ if len(peerAlgs) == 0 && vers == VersionTLS12 {
+ // For TLS 1.2, if the client didn't send signature_algorithms then we
+ // can assume that it supports SHA1. See RFC 5246, Section 7.4.1.4.1.
+ peerAlgs = []SignatureScheme{PKCS1WithSHA1, ECDSAWithSHA1}
+ }
+ // Pick signature scheme in the peer's preference order, as our
+ // preference order is not configurable.
+ for _, preferredAlg := range peerAlgs {
+ if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
+ return preferredAlg, nil
+ }
+ }
+ return 0, errors.New("tls: peer doesn't support any of the certificate's signature algorithms")
}
// unsupportedCertificateError returns a helpful error for certificates with
@@ -246,10 +283,15 @@
return fmt.Errorf("tls: unsupported certificate curve (%s)", pub.Curve.Params().Name)
}
case *rsa.PublicKey:
+ return fmt.Errorf("tls: certificate RSA key size too small for supported signature algorithms")
case ed25519.PublicKey:
default:
return fmt.Errorf("tls: unsupported certificate key (%T)", pub)
}
+ if cert.SupportedSignatureAlgorithms != nil {
+ return fmt.Errorf("tls: peer doesn't support the certificate custom signature algorithms")
+ }
+
return fmt.Errorf("tls: internal error: unsupported key (%T)", cert.PrivateKey)
}
diff --git a/src/crypto/tls/auth_test.go b/src/crypto/tls/auth_test.go
index 8a38ce0..c8d8c8f 100644
--- a/src/crypto/tls/auth_test.go
+++ b/src/crypto/tls/auth_test.go
@@ -6,71 +6,68 @@
import (
"crypto"
- "crypto/ed25519"
"testing"
)
func TestSignatureSelection(t *testing.T) {
- rsaCert := &testRSAPrivateKey.PublicKey
- ecdsaCert := &testECDSAPrivateKey.PublicKey
- ed25519Cert := testEd25519PrivateKey.Public().(ed25519.PublicKey)
- sigsPKCS1WithSHA := []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}
- sigsPSSWithSHA := []SignatureScheme{PSSWithSHA256, PSSWithSHA384}
- sigsECDSAWithSHA := []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}
+ rsaCert := &Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ pkcs1Cert := &Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256},
+ }
+ ecdsaCert := &Certificate{
+ Certificate: [][]byte{testP256Certificate},
+ PrivateKey: testP256PrivateKey,
+ }
+ ed25519Cert := &Certificate{
+ Certificate: [][]byte{testEd25519Certificate},
+ PrivateKey: testEd25519PrivateKey,
+ }
tests := []struct {
- pubkey crypto.PublicKey
+ cert *Certificate
peerSigAlgs []SignatureScheme
- ourSigAlgs []SignatureScheme
tlsVersion uint16
- expectedSigAlg SignatureScheme // if tlsVersion == VersionTLS12
+ expectedSigAlg SignatureScheme
expectedSigType uint8
expectedHash crypto.Hash
}{
- // Hash is fixed for RSA in TLS 1.1 and before.
- // https://tools.ietf.org/html/rfc4346#page-44
- {rsaCert, nil, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
- {rsaCert, nil, nil, VersionTLS10, 0, signaturePKCS1v15, crypto.MD5SHA1},
-
- // Before TLS 1.2, there is no signature_algorithms extension
- // nor field in CertificateRequest and digitally-signed and thus
- // it should be ignored.
- {rsaCert, sigsPKCS1WithSHA, nil, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
- {rsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signaturePKCS1v15, crypto.MD5SHA1},
- // Use SHA-1 for TLS 1.0 and 1.1 with ECDSA, see https://tools.ietf.org/html/rfc4492#page-20
- {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS11, 0, signatureECDSA, crypto.SHA1},
- {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS10, 0, signatureECDSA, crypto.SHA1},
+ {rsaCert, []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
+ {rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
+ {rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
+ {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
+ {rsaCert, []SignatureScheme{PSSWithSHA384, PKCS1WithSHA1}, VersionTLS13, PSSWithSHA384, signatureRSAPSS, crypto.SHA384},
+ {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
+ {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
+ {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, VersionTLS13, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
+ {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning},
+ {ed25519Cert, []SignatureScheme{Ed25519}, VersionTLS13, Ed25519, signatureEd25519, directSigning},
// TLS 1.2 without signature_algorithms extension
- // https://tools.ietf.org/html/rfc5246#page-47
- {rsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
- {ecdsaCert, nil, sigsPKCS1WithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
+ {rsaCert, nil, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
+ {ecdsaCert, nil, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
- {rsaCert, []SignatureScheme{PKCS1WithSHA1}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1},
- {rsaCert, []SignatureScheme{PKCS1WithSHA256}, sigsPKCS1WithSHA, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},
- // "sha_hash" may denote hashes other than SHA-1
- // https://tools.ietf.org/html/draft-ietf-tls-rfc4492bis-17#page-17
- {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithSHA1, signatureECDSA, crypto.SHA1},
- {ecdsaCert, []SignatureScheme{ECDSAWithP256AndSHA256}, sigsECDSAWithSHA, VersionTLS12, ECDSAWithP256AndSHA256, signatureECDSA, crypto.SHA256},
-
- // RSASSA-PSS is defined in TLS 1.3 for TLS 1.2
- // https://tools.ietf.org/html/draft-ietf-tls-tls13-21#page-45
- {rsaCert, []SignatureScheme{PSSWithSHA256}, sigsPSSWithSHA, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
-
- // All results are fixed for Ed25519. RFC 8422, Section 5.10.
- {ed25519Cert, []SignatureScheme{Ed25519}, []SignatureScheme{ECDSAWithSHA1, Ed25519}, VersionTLS12, Ed25519, signatureEd25519, directSigning},
- {ed25519Cert, nil, nil, VersionTLS12, Ed25519, signatureEd25519, directSigning},
+ // TLS 1.2 does not restrict the ECDSA curve (our ecdsaCert is P-256)
+ {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS12, ECDSAWithP384AndSHA384, signatureECDSA, crypto.SHA384},
}
for testNo, test := range tests {
- sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)
+ sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
if err != nil {
- t.Errorf("test[%d]: unexpected error: %v", testNo, err)
+ t.Errorf("test[%d]: unexpected selectSignatureScheme error: %v", testNo, err)
}
- if test.tlsVersion == VersionTLS12 && test.expectedSigAlg != sigAlg {
+ if test.expectedSigAlg != sigAlg {
t.Errorf("test[%d]: expected signature scheme %#x, got %#x", testNo, test.expectedSigAlg, sigAlg)
}
+ sigType, hashFunc, err := typeAndHashFromSignatureScheme(sigAlg)
+ if err != nil {
+ t.Errorf("test[%d]: unexpected typeAndHashFromSignatureScheme error: %v", testNo, err)
+ }
if test.expectedSigType != sigType {
t.Errorf("test[%d]: expected signature algorithm %#x, got %#x", testNo, test.expectedSigType, sigType)
}
@@ -79,27 +76,93 @@
}
}
+ brokenCert := &Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ SupportedSignatureAlgorithms: []SignatureScheme{Ed25519},
+ }
+
badTests := []struct {
- pubkey crypto.PublicKey
+ cert *Certificate
peerSigAlgs []SignatureScheme
- ourSigAlgs []SignatureScheme
tlsVersion uint16
}{
- {rsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},
- {ecdsaCert, sigsPKCS1WithSHA, sigsPKCS1WithSHA, VersionTLS12},
- {ecdsaCert, sigsECDSAWithSHA, sigsPKCS1WithSHA, VersionTLS12},
- {rsaCert, []SignatureScheme{0}, sigsPKCS1WithSHA, VersionTLS12},
- {ed25519Cert, sigsECDSAWithSHA, sigsECDSAWithSHA, VersionTLS12},
- {ed25519Cert, []SignatureScheme{Ed25519}, sigsECDSAWithSHA, VersionTLS12},
- {ecdsaCert, []SignatureScheme{Ed25519}, []SignatureScheme{Ed25519}, VersionTLS12},
- {ed25519Cert, nil, nil, VersionTLS11},
- {ed25519Cert, nil, nil, VersionTLS10},
+ {rsaCert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
+ {ecdsaCert, []SignatureScheme{PKCS1WithSHA256, PKCS1WithSHA1}, VersionTLS12},
+ {rsaCert, []SignatureScheme{0}, VersionTLS12},
+ {ed25519Cert, []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithSHA1}, VersionTLS12},
+ {ecdsaCert, []SignatureScheme{Ed25519}, VersionTLS12},
+ {brokenCert, []SignatureScheme{Ed25519}, VersionTLS12},
+ {brokenCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS12},
+ // RFC 5246, Section 7.4.1.4.1, says to only consider {sha1,ecdsa} as
+ // default when the extension is missing, and RFC 8422 does not update
+ // it. Anyway, if a stack supports Ed25519 it better support sigalgs.
+ {ed25519Cert, nil, VersionTLS12},
+ // TLS 1.3 has no default signature_algorithms.
+ {rsaCert, nil, VersionTLS13},
+ {ecdsaCert, nil, VersionTLS13},
+ {ed25519Cert, nil, VersionTLS13},
+ // Wrong curve, which TLS 1.3 checks
+ {ecdsaCert, []SignatureScheme{ECDSAWithP384AndSHA384}, VersionTLS13},
+ // TLS 1.3 does not support PKCS1v1.5 or SHA-1.
+ {rsaCert, []SignatureScheme{PKCS1WithSHA256}, VersionTLS13},
+ {pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS13},
+ {ecdsaCert, []SignatureScheme{ECDSAWithSHA1}, VersionTLS13},
+ // The key can be too small for the hash.
+ {rsaCert, []SignatureScheme{PSSWithSHA512}, VersionTLS12},
}
for testNo, test := range badTests {
- sigAlg, sigType, hashFunc, err := pickSignatureAlgorithm(test.pubkey, test.peerSigAlgs, test.ourSigAlgs, test.tlsVersion)
+ sigAlg, err := selectSignatureScheme(test.tlsVersion, test.cert, test.peerSigAlgs)
if err == nil {
- t.Errorf("test[%d]: unexpected success, got %#x %#x %#x", testNo, sigAlg, sigType, hashFunc)
+ t.Errorf("test[%d]: unexpected success, got %#x", testNo, sigAlg)
+ }
+ }
+}
+
+func TestLegacyTypeAndHash(t *testing.T) {
+ sigType, hashFunc, err := legacyTypeAndHashFromPublicKey(testRSAPrivateKey.Public())
+ if err != nil {
+ t.Errorf("RSA: unexpected error: %v", err)
+ }
+ if expectedSigType := signaturePKCS1v15; expectedSigType != sigType {
+ t.Errorf("RSA: expected signature type %#x, got %#x", expectedSigType, sigType)
+ }
+ if expectedHashFunc := crypto.MD5SHA1; expectedHashFunc != hashFunc {
+ t.Errorf("RSA: expected hash %#x, got %#x", expectedHashFunc, sigType)
+ }
+
+ sigType, hashFunc, err = legacyTypeAndHashFromPublicKey(testECDSAPrivateKey.Public())
+ if err != nil {
+ t.Errorf("ECDSA: unexpected error: %v", err)
+ }
+ if expectedSigType := signatureECDSA; expectedSigType != sigType {
+ t.Errorf("ECDSA: expected signature type %#x, got %#x", expectedSigType, sigType)
+ }
+ if expectedHashFunc := crypto.SHA1; expectedHashFunc != hashFunc {
+ t.Errorf("ECDSA: expected hash %#x, got %#x", expectedHashFunc, sigType)
+ }
+
+ // Ed25519 is not supported by TLS 1.0 and 1.1.
+ _, _, err = legacyTypeAndHashFromPublicKey(testEd25519PrivateKey.Public())
+ if err == nil {
+ t.Errorf("Ed25519: unexpected success")
+ }
+}
+
+// TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms
+// have valid type and hash information.
+func TestSupportedSignatureAlgorithms(t *testing.T) {
+ for _, sigAlg := range supportedSignatureAlgorithms {
+ sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg)
+ if err != nil {
+ t.Errorf("%#04x: unexpected error: %v", sigAlg, err)
+ }
+ if sigType == 0 {
+ t.Errorf("%#04x: missing signature type", sigAlg)
+ }
+ if hash == 0 && sigAlg != Ed25519 {
+ t.Errorf("%#04x: missing hash", sigAlg)
}
}
}
diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go
index 9567a34..ea16ef9 100644
--- a/src/crypto/tls/cipher_suites.go
+++ b/src/crypto/tls/cipher_suites.go
@@ -14,10 +14,100 @@
"crypto/sha1"
"crypto/sha256"
"crypto/x509"
- "golang.org/x/crypto/chacha20poly1305"
+ "fmt"
"hash"
+
+ "golang.org/x/crypto/chacha20poly1305"
)
+// CipherSuite is a TLS cipher suite. Note that most functions in this package
+// accept and expose cipher suite IDs instead of this type.
+type CipherSuite struct {
+ ID uint16
+ Name string
+
+ // Supported versions is the list of TLS protocol versions that can
+ // negotiate this cipher suite.
+ SupportedVersions []uint16
+
+ // Insecure is true if the cipher suite has known security issues
+ // due to its primitives, design, or implementation.
+ Insecure bool
+}
+
+var (
+ supportedUpToTLS12 = []uint16{VersionTLS10, VersionTLS11, VersionTLS12}
+ supportedOnlyTLS12 = []uint16{VersionTLS12}
+ supportedOnlyTLS13 = []uint16{VersionTLS13}
+)
+
+// CipherSuites returns a list of cipher suites currently implemented by this
+// package, excluding those with security issues, which are returned by
+// InsecureCipherSuites.
+//
+// The list is sorted by ID. Note that the default cipher suites selected by
+// this package might depend on logic that can't be captured by a static list.
+func CipherSuites() []*CipherSuite {
+ return []*CipherSuite{
+ {TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
+ {TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
+
+ {TLS_AES_128_GCM_SHA256, "TLS_AES_128_GCM_SHA256", supportedOnlyTLS13, false},
+ {TLS_AES_256_GCM_SHA384, "TLS_AES_256_GCM_SHA384", supportedOnlyTLS13, false},
+ {TLS_CHACHA20_POLY1305_SHA256, "TLS_CHACHA20_POLY1305_SHA256", supportedOnlyTLS13, false},
+
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, false},
+ {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
+ {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
+ {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, false},
+ {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, false},
+ {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
+ {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", supportedOnlyTLS12, false},
+ }
+}
+
+// InsecureCipherSuites returns a list of cipher suites currently implemented by
+// this package and which have security issues.
+//
+// Most applications should not use the cipher suites in this list, and should
+// only use those returned by CipherSuites.
+func InsecureCipherSuites() []*CipherSuite {
+ // RC4 suites are broken because RC4 is.
+ // CBC-SHA256 suites have no Lucky13 countermeasures.
+ return []*CipherSuite{
+ {TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
+ {TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
+ {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
+ {TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
+ {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
+ {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
+ }
+}
+
+// CipherSuiteName returns the standard name for the passed cipher suite ID
+// (e.g. "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"), or a fallback representation
+// of the ID value if the cipher suite is not implemented by this package.
+func CipherSuiteName(id uint16) string {
+ for _, c := range CipherSuites() {
+ if c.ID == id {
+ return c.Name
+ }
+ }
+ for _, c := range InsecureCipherSuites() {
+ if c.ID == id {
+ return c.Name
+ }
+ }
+ return fmt.Sprintf("0x%04X", id)
+}
+
// a keyAgreement implements the client and server side of a TLS key agreement
// protocol by generating and processing key exchange messages.
type keyAgreement interface {
@@ -38,7 +128,7 @@
}
const (
- // suiteECDH indicates that the cipher suite involves elliptic curve
+ // suiteECDHE indicates that the cipher suite involves elliptic curve
// Diffie-Hellman. This means that it should only be selected when the
// client indicates that it supports ECC with a curve and point format
// that we're happy with.
@@ -103,6 +193,24 @@
{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECSign | suiteDefaultOff, cipherRC4, macSHA1, nil},
}
+// selectCipherSuite returns the first cipher suite from ids which is also in
+// supportedIDs and passes the ok filter.
+func selectCipherSuite(ids, supportedIDs []uint16, ok func(*cipherSuite) bool) *cipherSuite {
+ for _, id := range ids {
+ candidate := cipherSuiteByID(id)
+ if candidate == nil || !ok(candidate) {
+ continue
+ }
+
+ for _, suppID := range supportedIDs {
+ if id == suppID {
+ return candidate
+ }
+ }
+ }
+ return nil
+}
+
// A cipherSuiteTLS13 defines only the pair of the AEAD algorithm and hash
// algorithm to be used with HKDF. See RFC 8446, Appendix B.4.
type cipherSuiteTLS13 struct {
@@ -387,31 +495,31 @@
// A list of cipher suite IDs that are, or have been, implemented by this
// package.
//
-// Taken from https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
+// See https://www.iana.org/assignments/tls-parameters/tls-parameters.xml
const (
// TLS 1.0 - 1.2 cipher suites.
- TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
- TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
- TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
- TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
- TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c
- TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c
- TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a
- TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca8
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca9
+ TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a
+ TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f
+ TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035
+ TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c
+ TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c
+ TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca8
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca9
// TLS 1.3 cipher suites.
TLS_AES_128_GCM_SHA256 uint16 = 0x1301
@@ -421,4 +529,9 @@
// TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
// that the client is doing version fallback. See RFC 7507.
TLS_FALLBACK_SCSV uint16 = 0x5600
+
+ // Legacy names for the corresponding cipher suites with the correct _SHA256
+ // suffix, retained for backward compatibility.
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
)
diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go
index bad1ed0..1e77d5c 100644
--- a/src/crypto/tls/common.go
+++ b/src/crypto/tls/common.go
@@ -5,9 +5,14 @@
package tls
import (
+ "bytes"
"container/list"
"crypto"
+ "crypto/ecdsa"
+ "crypto/ed25519"
+ "crypto/elliptic"
"crypto/rand"
+ "crypto/rsa"
"crypto/sha512"
"crypto/x509"
"errors"
@@ -187,21 +192,6 @@
ECDSAWithSHA1,
}
-// supportedSignatureAlgorithmsTLS12 contains the signature and hash algorithms
-// that are supported in TLS 1.2, where it is possible to distinguish the
-// protocol version. This is temporary, see Issue 32425.
-var supportedSignatureAlgorithmsTLS12 = []SignatureScheme{
- PKCS1WithSHA256,
- ECDSAWithP256AndSHA256,
- Ed25519,
- PKCS1WithSHA384,
- PKCS1WithSHA512,
- ECDSAWithP384AndSHA384,
- ECDSAWithP521AndSHA512,
- PKCS1WithSHA1,
- ECDSAWithSHA1,
-}
-
// helloRetryRequestRandom is set as the Random value of a ServerHello
// to signal that the message is actually a HelloRetryRequest.
var helloRetryRequestRandom = []byte{ // See RFC 8446, Section 4.1.3.
@@ -339,40 +329,8 @@
ECDSAWithSHA1 SignatureScheme = 0x0203
)
-// typeAndHashFromSignatureScheme returns the corresponding signature type and
-// crypto.Hash for a given TLS SignatureScheme.
-func typeAndHashFromSignatureScheme(signatureAlgorithm SignatureScheme) (sigType uint8, hash crypto.Hash, err error) {
- switch signatureAlgorithm {
- case PKCS1WithSHA1, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512:
- sigType = signaturePKCS1v15
- case PSSWithSHA256, PSSWithSHA384, PSSWithSHA512:
- sigType = signatureRSAPSS
- case ECDSAWithSHA1, ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512:
- sigType = signatureECDSA
- case Ed25519:
- sigType = signatureEd25519
- default:
- return 0, 0, fmt.Errorf("unsupported signature algorithm: %#04x", signatureAlgorithm)
- }
- switch signatureAlgorithm {
- case PKCS1WithSHA1, ECDSAWithSHA1:
- hash = crypto.SHA1
- case PKCS1WithSHA256, PSSWithSHA256, ECDSAWithP256AndSHA256:
- hash = crypto.SHA256
- case PKCS1WithSHA384, PSSWithSHA384, ECDSAWithP384AndSHA384:
- hash = crypto.SHA384
- case PKCS1WithSHA512, PSSWithSHA512, ECDSAWithP521AndSHA512:
- hash = crypto.SHA512
- case Ed25519:
- hash = directSigning
- default:
- return 0, 0, fmt.Errorf("unsupported signature algorithm: %#04x", signatureAlgorithm)
- }
- return sigType, hash, nil
-}
-
// ClientHelloInfo contains information from a ClientHello message in order to
-// guide certificate selection in the GetCertificate callback.
+// guide application logic in the GetCertificate and GetConfigForClient callbacks.
type ClientHelloInfo struct {
// CipherSuites lists the CipherSuites supported by the client (e.g.
// TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).
@@ -416,6 +374,10 @@
// from, or write to, this connection; that will cause the TLS
// connection to fail.
Conn net.Conn
+
+ // config is embedded by the GetCertificate or GetConfigForClient caller,
+ // for use with SupportsCertificate.
+ config *Config
}
// CertificateRequestInfo contains information from a server's
@@ -431,6 +393,9 @@
// SignatureSchemes lists the signature schemes that the server is
// willing to verify.
SignatureSchemes []SignatureScheme
+
+ // Version is the TLS version that was negotiated for this connection.
+ Version uint16
}
// RenegotiationSupport enumerates the different levels of support for TLS
@@ -477,19 +442,26 @@
// If Time is nil, TLS uses time.Now.
Time func() time.Time
- // Certificates contains one or more certificate chains to present to
- // the other side of the connection. Server configurations must include
- // at least one certificate or else set GetCertificate. Clients doing
- // client-authentication may set either Certificates or
- // GetClientCertificate.
+ // Certificates contains one or more certificate chains to present to the
+ // other side of the connection. The first certificate compatible with the
+ // peer's requirements is selected automatically.
+ //
+ // Server configurations must set one of Certificates, GetCertificate or
+ // GetConfigForClient. Clients doing client-authentication may set either
+ // Certificates or GetClientCertificate.
+ //
+ // Note: if there are multiple Certificates, and they don't have the
+ // optional field Leaf set, certificate selection will incur a significant
+ // per-handshake performance cost.
Certificates []Certificate
// NameToCertificate maps from a certificate name to an element of
// Certificates. Note that a certificate name can be of the form
// '*.example.com' and so doesn't have to be a domain name as such.
- // See Config.BuildNameToCertificate
- // The nil value causes the first element of Certificates to be used
- // for all connections.
+ //
+ // Deprecated: NameToCertificate only allows associating a single
+ // certificate with a given name. Leave this field nil to let the library
+ // select the first compatible chain from Certificates.
NameToCertificate map[string]*Certificate
// GetCertificate returns a Certificate based on the given
@@ -498,7 +470,7 @@
//
// If GetCertificate is nil or returns nil, then the certificate is
// retrieved from NameToCertificate. If NameToCertificate is nil, the
- // first element of Certificates will be used.
+ // best element of Certificates will be used.
GetCertificate func(*ClientHelloInfo) (*Certificate, error)
// GetClientCertificate, if not nil, is called when a server requests a
@@ -866,6 +838,15 @@
return c.CurvePreferences
}
+func (c *Config) supportsCurve(curve CurveID) bool {
+ for _, cc := range c.curvePreferences() {
+ if cc == curve {
+ return true
+ }
+ }
+ return false
+}
+
// mutualVersion returns the protocol version to use given the advertised
// versions of the peer. Priority is given to the peer preference order.
func (c *Config) mutualVersion(peerVersions []uint16) (uint16, bool) {
@@ -880,6 +861,8 @@
return 0, false
}
+var errNoCertificates = errors.New("tls: no certificates configured")
+
// getCertificate returns the best certificate for the given ClientHelloInfo,
// defaulting to the first element of c.Certificates.
func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) {
@@ -892,52 +875,246 @@
}
if len(c.Certificates) == 0 {
- return nil, errors.New("tls: no certificates configured")
+ return nil, errNoCertificates
}
- if len(c.Certificates) == 1 || c.NameToCertificate == nil {
+ if len(c.Certificates) == 1 {
// There's only one choice, so no point doing any work.
return &c.Certificates[0], nil
}
- name := strings.ToLower(clientHello.ServerName)
- for len(name) > 0 && name[len(name)-1] == '.' {
- name = name[:len(name)-1]
- }
-
- if cert, ok := c.NameToCertificate[name]; ok {
- return cert, nil
- }
-
- // try replacing labels in the name with wildcards until we get a
- // match.
- labels := strings.Split(name, ".")
- for i := range labels {
- labels[i] = "*"
- candidate := strings.Join(labels, ".")
- if cert, ok := c.NameToCertificate[candidate]; ok {
+ if c.NameToCertificate != nil {
+ name := strings.ToLower(clientHello.ServerName)
+ if cert, ok := c.NameToCertificate[name]; ok {
return cert, nil
}
+ if len(name) > 0 {
+ labels := strings.Split(name, ".")
+ labels[0] = "*"
+ wildcardName := strings.Join(labels, ".")
+ if cert, ok := c.NameToCertificate[wildcardName]; ok {
+ return cert, nil
+ }
+ }
+ }
+
+ for _, cert := range c.Certificates {
+ if err := clientHello.SupportsCertificate(&cert); err == nil {
+ return &cert, nil
+ }
}
// If nothing matches, return the first certificate.
return &c.Certificates[0], nil
}
+// SupportsCertificate returns nil if the provided certificate is supported by
+// the client that sent the ClientHello. Otherwise, it returns an error
+// describing the reason for the incompatibility.
+//
+// If this ClientHelloInfo was passed to a GetConfigForClient or GetCertificate
+// callback, this method will take into account the associated Config. Note that
+// if GetConfigForClient returns a different Config, the change can't be
+// accounted for by this method.
+//
+// This function will call x509.ParseCertificate unless c.Leaf is set, which can
+// incur a significant performance cost.
+func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error {
+ // Note we don't currently support certificate_authorities nor
+ // signature_algorithms_cert, and don't check the algorithms of the
+ // signatures on the chain (which anyway are a SHOULD, see RFC 8446,
+ // Section 4.4.2.2).
+
+ config := chi.config
+ if config == nil {
+ config = &Config{}
+ }
+ vers, ok := config.mutualVersion(chi.SupportedVersions)
+ if !ok {
+ return errors.New("no mutually supported protocol versions")
+ }
+
+ // If the client specified the name they are trying to connect to, the
+ // certificate needs to be valid for it.
+ if chi.ServerName != "" {
+ x509Cert, err := c.leaf()
+ if err != nil {
+ return fmt.Errorf("failed to parse certificate: %w", err)
+ }
+ if err := x509Cert.VerifyHostname(chi.ServerName); err != nil {
+ return fmt.Errorf("certificate is not valid for requested server name: %w", err)
+ }
+ }
+
+ // supportsRSAFallback returns nil if the certificate and connection support
+ // the static RSA key exchange, and unsupported otherwise. The logic for
+ // supporting static RSA is completely disjoint from the logic for
+ // supporting signed key exchanges, so we just check it as a fallback.
+ supportsRSAFallback := func(unsupported error) error {
+ // TLS 1.3 dropped support for the static RSA key exchange.
+ if vers == VersionTLS13 {
+ return unsupported
+ }
+ // The static RSA key exchange works by decrypting a challenge with the
+ // RSA private key, not by signing, so check the PrivateKey implements
+ // crypto.Decrypter, like *rsa.PrivateKey does.
+ if priv, ok := c.PrivateKey.(crypto.Decrypter); ok {
+ if _, ok := priv.Public().(*rsa.PublicKey); !ok {
+ return unsupported
+ }
+ } else {
+ return unsupported
+ }
+ // Finally, there needs to be a mutual cipher suite that uses the static
+ // RSA key exchange instead of ECDHE.
+ rsaCipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool {
+ if c.flags&suiteECDHE != 0 {
+ return false
+ }
+ if vers < VersionTLS12 && c.flags&suiteTLS12 != 0 {
+ return false
+ }
+ return true
+ })
+ if rsaCipherSuite == nil {
+ return unsupported
+ }
+ return nil
+ }
+
+ // If the client sent the signature_algorithms extension, ensure it supports
+ // schemes we can use with this certificate and TLS version.
+ if len(chi.SignatureSchemes) > 0 {
+ if _, err := selectSignatureScheme(vers, c, chi.SignatureSchemes); err != nil {
+ return supportsRSAFallback(err)
+ }
+ }
+
+ // In TLS 1.3 we are done because supported_groups is only relevant to the
+ // ECDHE computation, point format negotiation is removed, cipher suites are
+ // only relevant to the AEAD choice, and static RSA does not exist.
+ if vers == VersionTLS13 {
+ return nil
+ }
+
+ // The only signed key exchange we support is ECDHE.
+ if !supportsECDHE(config, chi.SupportedCurves, chi.SupportedPoints) {
+ return supportsRSAFallback(errors.New("client doesn't support ECDHE, can only use legacy RSA key exchange"))
+ }
+
+ var ecdsaCipherSuite bool
+ if priv, ok := c.PrivateKey.(crypto.Signer); ok {
+ switch pub := priv.Public().(type) {
+ case *ecdsa.PublicKey:
+ var curve CurveID
+ switch pub.Curve {
+ case elliptic.P256():
+ curve = CurveP256
+ case elliptic.P384():
+ curve = CurveP384
+ case elliptic.P521():
+ curve = CurveP521
+ default:
+ return supportsRSAFallback(unsupportedCertificateError(c))
+ }
+ var curveOk bool
+ for _, c := range chi.SupportedCurves {
+ if c == curve && config.supportsCurve(c) {
+ curveOk = true
+ break
+ }
+ }
+ if !curveOk {
+ return errors.New("client doesn't support certificate curve")
+ }
+ ecdsaCipherSuite = true
+ case ed25519.PublicKey:
+ if vers < VersionTLS12 || len(chi.SignatureSchemes) == 0 {
+ return errors.New("connection doesn't support Ed25519")
+ }
+ ecdsaCipherSuite = true
+ case *rsa.PublicKey:
+ default:
+ return supportsRSAFallback(unsupportedCertificateError(c))
+ }
+ } else {
+ return supportsRSAFallback(unsupportedCertificateError(c))
+ }
+
+ // Make sure that there is a mutually supported cipher suite that works with
+ // this certificate. Cipher suite selection will then apply the logic in
+ // reverse to pick it. See also serverHandshakeState.cipherSuiteOk.
+ cipherSuite := selectCipherSuite(chi.CipherSuites, config.cipherSuites(), func(c *cipherSuite) bool {
+ if c.flags&suiteECDHE == 0 {
+ return false
+ }
+ if c.flags&suiteECSign != 0 {
+ if !ecdsaCipherSuite {
+ return false
+ }
+ } else {
+ if ecdsaCipherSuite {
+ return false
+ }
+ }
+ if vers < VersionTLS12 && c.flags&suiteTLS12 != 0 {
+ return false
+ }
+ return true
+ })
+ if cipherSuite == nil {
+ return supportsRSAFallback(errors.New("client doesn't support any cipher suites compatible with the certificate"))
+ }
+
+ return nil
+}
+
+// SupportsCertificate returns nil if the provided certificate is supported by
+// the server that sent the CertificateRequest. Otherwise, it returns an error
+// describing the reason for the incompatibility.
+func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error {
+ if _, err := selectSignatureScheme(cri.Version, c, cri.SignatureSchemes); err != nil {
+ return err
+ }
+
+ if len(cri.AcceptableCAs) == 0 {
+ return nil
+ }
+
+ for j, cert := range c.Certificate {
+ x509Cert := c.Leaf
+ // Parse the certificate if this isn't the leaf node, or if
+ // chain.Leaf was nil.
+ if j != 0 || x509Cert == nil {
+ var err error
+ if x509Cert, err = x509.ParseCertificate(cert); err != nil {
+ return fmt.Errorf("failed to parse certificate #%d in the chain: %w", j, err)
+ }
+ }
+
+ for _, ca := range cri.AcceptableCAs {
+ if bytes.Equal(x509Cert.RawIssuer, ca) {
+ return nil
+ }
+ }
+ }
+ return errors.New("chain is not signed by an acceptable CA")
+}
+
// BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
// from the CommonName and SubjectAlternateName fields of each of the leaf
// certificates.
+//
+// Deprecated: NameToCertificate only allows associating a single certificate
+// with a given name. Leave that field nil to let the library select the first
+// compatible chain from Certificates.
func (c *Config) BuildNameToCertificate() {
c.NameToCertificate = make(map[string]*Certificate)
for i := range c.Certificates {
cert := &c.Certificates[i]
- x509Cert := cert.Leaf
- if x509Cert == nil {
- var err error
- x509Cert, err = x509.ParseCertificate(cert.Certificate[0])
- if err != nil {
- continue
- }
+ x509Cert, err := cert.leaf()
+ if err != nil {
+ continue
}
if len(x509Cert.Subject.CommonName) > 0 {
c.NameToCertificate[x509Cert.Subject.CommonName] = cert
@@ -982,19 +1159,30 @@
// For a server up to TLS 1.2, it can also implement crypto.Decrypter with
// an RSA PublicKey.
PrivateKey crypto.PrivateKey
+ // SupportedSignatureAlgorithms is an optional list restricting what
+ // signature algorithms the PrivateKey can be used for.
+ SupportedSignatureAlgorithms []SignatureScheme
// OCSPStaple contains an optional OCSP response which will be served
// to clients that request it.
OCSPStaple []byte
// SignedCertificateTimestamps contains an optional list of Signed
// Certificate Timestamps which will be served to clients that request it.
SignedCertificateTimestamps [][]byte
- // Leaf is the parsed form of the leaf certificate, which may be
- // initialized using x509.ParseCertificate to reduce per-handshake
- // processing for TLS clients doing client authentication. If nil, the
- // leaf certificate will be parsed as needed.
+ // Leaf is the parsed form of the leaf certificate, which may be initialized
+ // using x509.ParseCertificate to reduce per-handshake processing. If nil,
+ // the leaf certificate will be parsed as needed.
Leaf *x509.Certificate
}
+// leaf returns the parsed leaf certificate, either from c.Leaf or by parsing
+// the corresponding c.Certificate[0].
+func (c *Certificate) leaf() (*x509.Certificate, error) {
+ if c.Leaf != nil {
+ return c.Leaf, nil
+ }
+ return x509.ParseCertificate(c.Certificate[0])
+}
+
type handshakeMessage interface {
marshal() []byte
unmarshal([]byte) bool
diff --git a/src/crypto/tls/conn_test.go b/src/crypto/tls/conn_test.go
index 57f6105..78935b1 100644
--- a/src/crypto/tls/conn_test.go
+++ b/src/crypto/tls/conn_test.go
@@ -72,8 +72,6 @@
var certFooExampleCom = `308201753082011fa00302010202101bbdb6070b0aeffc49008cde74deef29300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343234345a170d3137303831373231343234345a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100f00ac69d8ca2829f26216c7b50f1d4bbabad58d447706476cd89a2f3e1859943748aa42c15eedc93ac7c49e40d3b05ed645cb6b81c4efba60d961f44211a54eb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100a0957fca6d1e0f1ef4b247348c7a8ca092c29c9c0ecc1898ea6b8065d23af6d922a410dd2335a0ea15edd1394cef9f62c9e876a21e35250a0b4fe1ddceba0f36`
-var certDoubleWildcardExampleCom = `308201753082011fa003020102021039d262d8538db8ffba30d204e02ddeb5300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343331335a170d3137303831373231343331335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100abb6bd84b8b9be3fb9415d00f22b4ddcaec7c99855b9d818c09003e084578430e5cfd2e35faa3561f036d496aa43a9ca6e6cf23c72a763c04ae324004f6cbdbb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300d06092a864886f70d01010b05000341004837521004a5b6bc7ad5d6c0dae60bb7ee0fa5e4825be35e2bb6ef07ee29396ca30ceb289431bcfd363888ba2207139933ac7c6369fa8810c819b2e2966abb4b`
-
func TestCertificateSelection(t *testing.T) {
config := Config{
Certificates: []Certificate{
@@ -86,9 +84,6 @@
{
Certificate: [][]byte{fromHex(certFooExampleCom)},
},
- {
- Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)},
- },
},
}
@@ -124,11 +119,8 @@
if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 {
t.Errorf("foo.example.com returned certificate %d, not 2", n)
}
- if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 3 {
- t.Errorf("foo.bar.example.com returned certificate %d, not 3", n)
- }
- if n := pointerToIndex(certificateForName("foo.bar.baz.example.com")); n != 0 {
- t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n)
+ if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 0 {
+ t.Errorf("foo.bar.example.com returned certificate %d, not 0", n)
}
}
diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go
index dd7d10b..4fb528c 100644
--- a/src/crypto/tls/handshake_client.go
+++ b/src/crypto/tls/handshake_client.go
@@ -16,7 +16,6 @@
"fmt"
"io"
"net"
- "strconv"
"strings"
"sync/atomic"
"time"
@@ -518,7 +517,7 @@
certRequested = true
hs.finishedHash.Write(certReq.marshal())
- cri := certificateRequestInfoFromMsg(certReq)
+ cri := certificateRequestInfoFromMsg(c.vers, certReq)
if chainToSend, err = c.getClientCertificate(cri); err != nil {
c.sendAlert(alertInternalError)
return err
@@ -562,9 +561,7 @@
}
if chainToSend != nil && len(chainToSend.Certificate) > 0 {
- certVerify := &certificateVerifyMsg{
- hasSignatureAlgorithm: c.vers >= VersionTLS12,
- }
+ certVerify := &certificateVerifyMsg{}
key, ok := chainToSend.PrivateKey.(crypto.Signer)
if !ok {
@@ -572,19 +569,32 @@
return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey)
}
- signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(key.Public(), certReq.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, c.vers)
- if err != nil {
- c.sendAlert(alertInternalError)
- return err
- }
- // SignatureAndHashAlgorithm was introduced in TLS 1.2.
- if certVerify.hasSignatureAlgorithm {
+ var sigType uint8
+ var sigHash crypto.Hash
+ if c.vers >= VersionTLS12 {
+ signatureAlgorithm, err := selectSignatureScheme(c.vers, chainToSend, certReq.supportedSignatureAlgorithms)
+ if err != nil {
+ c.sendAlert(alertIllegalParameter)
+ return err
+ }
+ sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+ if err != nil {
+ return c.sendAlert(alertInternalError)
+ }
+ certVerify.hasSignatureAlgorithm = true
certVerify.signatureAlgorithm = signatureAlgorithm
+ } else {
+ sigType, sigHash, err = legacyTypeAndHashFromPublicKey(key.Public())
+ if err != nil {
+ c.sendAlert(alertIllegalParameter)
+ return err
+ }
}
- signed := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
- signOpts := crypto.SignerOpts(hashFunc)
+
+ signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
+ signOpts := crypto.SignerOpts(sigHash)
if sigType == signatureRSAPSS {
- signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: hashFunc}
+ signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
}
certVerify.signature, err = key.Sign(c.config.rand(), signed, signOpts)
if err != nil {
@@ -839,7 +849,12 @@
// certificateRequestInfoFromMsg generates a CertificateRequestInfo from a TLS
// <= 1.2 CertificateRequest, making an effort to fill in missing information.
-func certificateRequestInfoFromMsg(certReq *certificateRequestMsg) *CertificateRequestInfo {
+func certificateRequestInfoFromMsg(vers uint16, certReq *certificateRequestMsg) *CertificateRequestInfo {
+ cri := &CertificateRequestInfo{
+ AcceptableCAs: certReq.certificateAuthorities,
+ Version: vers,
+ }
+
var rsaAvail, ecAvail bool
for _, certType := range certReq.certificateTypes {
switch certType {
@@ -850,10 +865,6 @@
}
}
- cri := &CertificateRequestInfo{
- AcceptableCAs: certReq.certificateAuthorities,
- }
-
if !certReq.hasSignatureAlgorithm {
// Prior to TLS 1.2, the signature schemes were not
// included in the certificate request message. In this
@@ -898,43 +909,11 @@
return c.config.GetClientCertificate(cri)
}
- // We need to search our list of client certs for one
- // where SignatureAlgorithm is acceptable to the server and the
- // Issuer is in AcceptableCAs.
- for i, chain := range c.config.Certificates {
- sigOK := false
- for _, alg := range signatureSchemesForCertificate(c.vers, &chain) {
- if isSupportedSignatureAlgorithm(alg, cri.SignatureSchemes) {
- sigOK = true
- break
- }
- }
- if !sigOK {
+ for _, chain := range c.config.Certificates {
+ if err := cri.SupportsCertificate(&chain); err != nil {
continue
}
-
- if len(cri.AcceptableCAs) == 0 {
- return &chain, nil
- }
-
- for j, cert := range chain.Certificate {
- x509Cert := chain.Leaf
- // Parse the certificate if this isn't the leaf node, or if
- // chain.Leaf was nil.
- if j != 0 || x509Cert == nil {
- var err error
- if x509Cert, err = x509.ParseCertificate(cert); err != nil {
- c.sendAlert(alertInternalError)
- return nil, errors.New("tls: failed to parse configured certificate chain #" + strconv.Itoa(i) + ": " + err.Error())
- }
- }
-
- for _, ca := range cri.AcceptableCAs {
- if bytes.Equal(x509Cert.RawIssuer, ca) {
- return &chain, nil
- }
- }
- }
+ return &chain, nil
}
// No acceptable certificate found. Don't send a certificate.
diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go
index d7b2db9..6bd3c37 100644
--- a/src/crypto/tls/handshake_client_test.go
+++ b/src/crypto/tls/handshake_client_test.go
@@ -837,19 +837,8 @@
cert: testRSAPSSCertificate,
key: testRSAPrivateKey,
}
- runClientTestTLS13(t, test)
-
- // In our TLS 1.2 client, RSA-PSS is only supported for server certificates.
- // See Issue 32425.
- test = &clientTest{
- name: "ClientCert-RSA-RSAPSS",
- args: []string{"-cipher", "AES128", "-Verify", "1", "-client_sigalgs",
- "rsa_pkcs1_sha256", "-sigalgs", "rsa_pss_rsae_sha256"},
- config: config,
- cert: testRSAPSSCertificate,
- key: testRSAPrivateKey,
- }
runClientTestTLS12(t, test)
+ runClientTestTLS13(t, test)
}
func TestHandshakeClientCertRSAPKCS1v15(t *testing.T) {
diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index b21ce3b..8994591 100644
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -526,6 +526,7 @@
cert, err := c.getClientCertificate(&CertificateRequestInfo{
AcceptableCAs: hs.certReq.certificateAuthorities,
SignatureSchemes: hs.certReq.supportedSignatureAlgorithms,
+ Version: c.vers,
})
if err != nil {
return err
@@ -550,24 +551,12 @@
certVerifyMsg := new(certificateVerifyMsg)
certVerifyMsg.hasSignatureAlgorithm = true
- supportedAlgs := signatureSchemesForCertificate(c.vers, cert)
- if supportedAlgs == nil {
- c.sendAlert(alertInternalError)
- return unsupportedCertificateError(cert)
- }
- // Pick signature scheme in server preference order, as the client
- // preference order is not configurable.
- for _, preferredAlg := range hs.certReq.supportedSignatureAlgorithms {
- if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
- certVerifyMsg.signatureAlgorithm = preferredAlg
- break
- }
- }
- if certVerifyMsg.signatureAlgorithm == 0 {
+ certVerifyMsg.signatureAlgorithm, err = selectSignatureScheme(c.vers, cert, hs.certReq.supportedSignatureAlgorithms)
+ if err != nil {
// getClientCertificate returned a certificate incompatible with the
// CertificateRequestInfo supported signature algorithms.
c.sendAlert(alertHandshakeFailure)
- return errors.New("tls: server doesn't support selected certificate")
+ return err
}
sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerifyMsg.signatureAlgorithm)
diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go
index bd45c0b..b16415a 100644
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@@ -24,7 +24,7 @@
clientHello *clientHelloMsg
hello *serverHelloMsg
suite *cipherSuite
- ecdhOk bool
+ ecdheOk bool
ecSignOk bool
rsaDecryptOk bool
rsaSignOk bool
@@ -175,36 +175,6 @@
hs.hello = new(serverHelloMsg)
hs.hello.vers = c.vers
- supportedCurve := false
- preferredCurves := c.config.curvePreferences()
-Curves:
- for _, curve := range hs.clientHello.supportedCurves {
- for _, supported := range preferredCurves {
- if supported == curve {
- supportedCurve = true
- break Curves
- }
- }
- }
-
- supportedPointFormat := false
- for _, pointFormat := range hs.clientHello.supportedPoints {
- if pointFormat == pointFormatUncompressed {
- supportedPointFormat = true
- break
- }
- }
- hs.ecdhOk = supportedCurve && supportedPointFormat
-
- if supportedPointFormat {
- // Although omiting the ec_point_formats extension is permitted, some
- // old OpenSSL version will refuse to handshake if not present.
- //
- // Per RFC 4492, section 5.1.2, implementations MUST support the
- // uncompressed point format. See golang.org/issue/31943.
- hs.hello.supportedPoints = []uint8{pointFormatUncompressed}
- }
-
foundCompression := false
// We only support null compression, so check that the client offered it.
for _, compression := range hs.clientHello.compressionMethods {
@@ -257,13 +227,28 @@
hs.cert, err = c.config.getCertificate(clientHelloInfo(c, hs.clientHello))
if err != nil {
- c.sendAlert(alertInternalError)
+ if err == errNoCertificates {
+ c.sendAlert(alertUnrecognizedName)
+ } else {
+ c.sendAlert(alertInternalError)
+ }
return err
}
if hs.clientHello.scts {
hs.hello.scts = hs.cert.SignedCertificateTimestamps
}
+ hs.ecdheOk = supportsECDHE(c.config, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
+
+ if hs.ecdheOk {
+ // Although omitting the ec_point_formats extension is permitted, some
+ // old OpenSSL version will refuse to handshake if not present.
+ //
+ // Per RFC 4492, section 5.1.2, implementations MUST support the
+ // uncompressed point format. See golang.org/issue/31943.
+ hs.hello.supportedPoints = []uint8{pointFormatUncompressed}
+ }
+
if priv, ok := hs.cert.PrivateKey.(crypto.Signer); ok {
switch priv.Public().(type) {
case *ecdsa.PublicKey:
@@ -290,6 +275,28 @@
return nil
}
+// supportsECDHE returns whether ECDHE key exchanges can be used with this
+// pre-TLS 1.3 client.
+func supportsECDHE(c *Config, supportedCurves []CurveID, supportedPoints []uint8) bool {
+ supportsCurve := false
+ for _, curve := range supportedCurves {
+ if c.supportsCurve(curve) {
+ supportsCurve = true
+ break
+ }
+ }
+
+ supportsPointFormat := false
+ for _, pointFormat := range supportedPoints {
+ if pointFormat == pointFormatUncompressed {
+ supportsPointFormat = true
+ break
+ }
+ }
+
+ return supportsCurve && supportsPointFormat
+}
+
func (hs *serverHandshakeState) pickCipherSuite() error {
c := hs.c
@@ -302,12 +309,7 @@
supportedList = c.config.cipherSuites()
}
- for _, id := range preferenceList {
- if hs.setCipherSuite(id, supportedList, c.vers) {
- break
- }
- }
-
+ hs.suite = selectCipherSuite(preferenceList, supportedList, hs.cipherSuiteOk)
if hs.suite == nil {
c.sendAlert(alertHandshakeFailure)
return errors.New("tls: no cipher suite supported by both client and server")
@@ -327,6 +329,27 @@
return nil
}
+func (hs *serverHandshakeState) cipherSuiteOk(c *cipherSuite) bool {
+ if c.flags&suiteECDHE != 0 {
+ if !hs.ecdheOk {
+ return false
+ }
+ if c.flags&suiteECSign != 0 {
+ if !hs.ecSignOk {
+ return false
+ }
+ } else if !hs.rsaSignOk {
+ return false
+ }
+ } else if !hs.rsaDecryptOk {
+ return false
+ }
+ if hs.c.vers < VersionTLS12 && c.flags&suiteTLS12 != 0 {
+ return false
+ }
+ return true
+}
+
// checkForResumption reports whether we should perform resumption on this connection.
func (hs *serverHandshakeState) checkForResumption() bool {
c := hs.c
@@ -363,7 +386,9 @@
}
// Check that we also support the ciphersuite from the session.
- if !hs.setCipherSuite(hs.sessionState.cipherSuite, c.config.cipherSuites(), hs.sessionState.vers) {
+ hs.suite = selectCipherSuite([]uint16{hs.sessionState.cipherSuite},
+ c.config.cipherSuites(), hs.cipherSuiteOk)
+ if hs.suite == nil {
return false
}
@@ -467,7 +492,7 @@
}
if c.vers >= VersionTLS12 {
certReq.hasSignatureAlgorithm = true
- certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithmsTLS12
+ certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
}
// An empty list of certificateAuthorities signals to
@@ -562,15 +587,27 @@
return unexpectedMessageError(certVerify, msg)
}
- // Determine the signature type.
- _, sigType, hashFunc, err := pickSignatureAlgorithm(pub, []SignatureScheme{certVerify.signatureAlgorithm}, certReq.supportedSignatureAlgorithms, c.vers)
- if err != nil {
- c.sendAlert(alertIllegalParameter)
- return err
+ var sigType uint8
+ var sigHash crypto.Hash
+ if c.vers >= VersionTLS12 {
+ if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, certReq.supportedSignatureAlgorithms) {
+ c.sendAlert(alertIllegalParameter)
+ return errors.New("tls: client certificate used with invalid signature algorithm")
+ }
+ sigType, sigHash, err = typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm)
+ if err != nil {
+ return c.sendAlert(alertInternalError)
+ }
+ } else {
+ sigType, sigHash, err = legacyTypeAndHashFromPublicKey(pub)
+ if err != nil {
+ c.sendAlert(alertIllegalParameter)
+ return err
+ }
}
- signed := hs.finishedHash.hashForClientCertificate(sigType, hashFunc, hs.masterSecret)
- if err := verifyHandshakeSignature(sigType, pub, hashFunc, signed, certVerify.signature); err != nil {
+ signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
+ if err := verifyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil {
c.sendAlert(alertDecryptError)
return errors.New("tls: invalid signature by the client certificate: " + err.Error())
}
@@ -753,43 +790,6 @@
return nil
}
-// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState
-// suite if that cipher suite is acceptable to use.
-// It returns a bool indicating if the suite was set.
-func (hs *serverHandshakeState) setCipherSuite(id uint16, supportedCipherSuites []uint16, version uint16) bool {
- for _, supported := range supportedCipherSuites {
- if id != supported {
- continue
- }
- candidate := cipherSuiteByID(id)
- if candidate == nil {
- continue
- }
- // Don't select a ciphersuite which we can't
- // support for this client.
- if candidate.flags&suiteECDHE != 0 {
- if !hs.ecdhOk {
- continue
- }
- if candidate.flags&suiteECSign != 0 {
- if !hs.ecSignOk {
- continue
- }
- } else if !hs.rsaSignOk {
- continue
- }
- } else if !hs.rsaDecryptOk {
- continue
- }
- if version < VersionTLS12 && candidate.flags&suiteTLS12 != 0 {
- continue
- }
- hs.suite = candidate
- return true
- }
- return false
-}
-
func clientHelloInfo(c *Conn, clientHello *clientHelloMsg) *ClientHelloInfo {
supportedVersions := clientHello.supportedVersions
if len(clientHello.supportedVersions) == 0 {
@@ -805,5 +805,6 @@
SupportedProtos: clientHello.alpnProtocols,
SupportedVersions: supportedVersions,
Conn: c.conn,
+ config: c.config,
}
}
diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index df1b2fa..1e5da1e 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -8,6 +8,7 @@
"bytes"
"crypto"
"crypto/elliptic"
+ "crypto/x509"
"encoding/pem"
"errors"
"fmt"
@@ -273,7 +274,7 @@
}
func TestTLSPointFormats(t *testing.T) {
- // Test that a Server returns the ec_point_format extention when ECC is
+ // Test that a Server returns the ec_point_format extension when ECC is
// negotiated, and not returned on RSA handshake.
tests := []struct {
name string
@@ -1179,16 +1180,20 @@
}
func TestHandshakeServerRSAPSS(t *testing.T) {
+ // We send rsa_pss_rsae_sha512 first, as the test key won't fit, and we
+ // verify the server implementation will disregard the client preference in
+ // that case. See Issue 29793.
test := &serverTest{
- name: "RSA-RSAPSS",
- command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"},
- expectHandshakeErrorIncluding: "peer doesn't support any common signature algorithms", // See Issue 32425.
+ name: "RSA-RSAPSS",
+ command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha512:rsa_pss_rsae_sha256"},
}
runServerTestTLS12(t, test)
+ runServerTestTLS13(t, test)
test = &serverTest{
- name: "RSA-RSAPSS",
- command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"},
+ name: "RSA-RSAPSS-TooSmall",
+ command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha512"},
+ expectHandshakeErrorIncluding: "peer doesn't support any of the certificate's signature algorithms",
}
runServerTestTLS13(t, test)
}
@@ -1353,16 +1358,9 @@
command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
"-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"},
config: config,
- expectedPeerCerts: []string{}, // See Issue 32425.
- }
- runServerTestTLS12(t, test)
- test = &serverTest{
- name: "ClientAuthRequestedAndGiven",
- command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA",
- "-cert", certPath, "-key", keyPath, "-client_sigalgs", "rsa_pss_rsae_sha256"},
- config: config,
expectedPeerCerts: []string{clientCertificatePEM},
}
+ runServerTestTLS12(t, test)
runServerTestTLS13(t, test)
test = &serverTest{
@@ -1649,16 +1647,33 @@
config.MinVersion = VersionTLS13
server := Server(serverConn, config)
err := server.Handshake()
- expectError(t, err, "key size too small for PSS signature")
+ expectError(t, err, "key size too small")
close(done)
}()
err = client.Handshake()
expectError(t, err, "handshake failure")
<-done
+}
- // In TLS 1.2 RSA-PSS is not used, so this should succeed. See Issue 32425.
+func TestMultipleCertificates(t *testing.T) {
+ clientConfig := testConfig.Clone()
+ clientConfig.CipherSuites = []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}
+ clientConfig.MaxVersion = VersionTLS12
+
serverConfig := testConfig.Clone()
- serverConfig.Certificates = []Certificate{cert}
- serverConfig.MaxVersion = VersionTLS12
- testHandshake(t, testConfig, serverConfig)
+ serverConfig.Certificates = []Certificate{{
+ Certificate: [][]byte{testECDSACertificate},
+ PrivateKey: testECDSAPrivateKey,
+ }, {
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ }}
+
+ _, clientState, err := testHandshake(t, clientConfig, serverConfig)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if got := clientState.PeerCertificates[0].PublicKeyAlgorithm; got != x509.RSA {
+ t.Errorf("expected RSA certificate, got %v", got)
+ }
}
diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index 8887b80..5432145 100644
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -356,36 +356,26 @@
return nil
}
- // This implements a very simplistic certificate selection strategy for now:
- // getCertificate delegates to the application Config.GetCertificate, or
- // selects based on the server_name only. If the selected certificate's
- // public key does not match the client signature_algorithms, the handshake
- // is aborted. No attention is given to signature_algorithms_cert, and it is
- // not passed to the application Config.GetCertificate. This will need to
- // improve according to RFC 8446, sections 4.4.2.2 and 4.2.3.
+ // signature_algorithms is required in TLS 1.3. See RFC 8446, Section 4.2.3.
+ if len(hs.clientHello.supportedSignatureAlgorithms) == 0 {
+ return c.sendAlert(alertMissingExtension)
+ }
+
certificate, err := c.config.getCertificate(clientHelloInfo(c, hs.clientHello))
if err != nil {
- c.sendAlert(alertInternalError)
+ if err == errNoCertificates {
+ c.sendAlert(alertUnrecognizedName)
+ } else {
+ c.sendAlert(alertInternalError)
+ }
return err
}
- supportedAlgs := signatureSchemesForCertificate(c.vers, certificate)
- if supportedAlgs == nil {
- c.sendAlert(alertInternalError)
- return unsupportedCertificateError(certificate)
- }
- // Pick signature scheme in client preference order, as the server
- // preference order is not configurable.
- for _, preferredAlg := range hs.clientHello.supportedSignatureAlgorithms {
- if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
- hs.sigAlg = preferredAlg
- break
- }
- }
- if hs.sigAlg == 0 {
- // getCertificate returned a certificate incompatible with the
- // ClientHello supported signature algorithms.
+ hs.sigAlg, err = selectSignatureScheme(c.vers, certificate, hs.clientHello.supportedSignatureAlgorithms)
+ if err != nil {
+ // getCertificate returned a certificate that is unsupported or
+ // incompatible with the client's signature algorithms.
c.sendAlert(alertHandshakeFailure)
- return errors.New("tls: client doesn't support selected certificate")
+ return err
}
hs.cert = certificate
diff --git a/src/crypto/tls/handshake_test.go b/src/crypto/tls/handshake_test.go
index baf8adb..f55cd16 100644
--- a/src/crypto/tls/handshake_test.go
+++ b/src/crypto/tls/handshake_test.go
@@ -275,9 +275,9 @@
var c1 net.Conn
c1, err = net.Dial(addr.Network(), addr.String())
if err != nil {
- if runtime.GOOS == "dragonfly" && isConnRefused(err) {
- // golang.org/issue/29583: Dragonfly sometimes returned a spurious
- // ECONNREFUSED.
+ if runtime.GOOS == "dragonfly" && (isConnRefused(err) || os.IsTimeout(err)) {
+ // golang.org/issue/29583: Dragonfly sometimes returns a spurious
+ // ECONNREFUSED or ETIMEDOUT.
<-tooSlow.C
continue
}
diff --git a/src/crypto/tls/key_agreement.go b/src/crypto/tls/key_agreement.go
index 496dc2d..03aa861 100644
--- a/src/crypto/tls/key_agreement.go
+++ b/src/crypto/tls/key_agreement.go
@@ -11,6 +11,7 @@
"crypto/sha1"
"crypto/x509"
"errors"
+ "fmt"
"io"
)
@@ -142,16 +143,11 @@
}
func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) {
- preferredCurves := config.curvePreferences()
-
var curveID CurveID
-NextCandidate:
- for _, candidate := range preferredCurves {
- for _, c := range clientHello.supportedCurves {
- if candidate == c {
- curveID = c
- break NextCandidate
- }
+ for _, c := range clientHello.supportedCurves {
+ if config.supportsCurve(c) {
+ curveID = c
+ break
}
}
@@ -170,31 +166,45 @@
// See RFC 4492, Section 5.4.
ecdhePublic := params.PublicKey()
- serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
- serverECDHParams[0] = 3 // named curve
- serverECDHParams[1] = byte(curveID >> 8)
- serverECDHParams[2] = byte(curveID)
- serverECDHParams[3] = byte(len(ecdhePublic))
- copy(serverECDHParams[4:], ecdhePublic)
+ serverECDHEParams := make([]byte, 1+2+1+len(ecdhePublic))
+ serverECDHEParams[0] = 3 // named curve
+ serverECDHEParams[1] = byte(curveID >> 8)
+ serverECDHEParams[2] = byte(curveID)
+ serverECDHEParams[3] = byte(len(ecdhePublic))
+ copy(serverECDHEParams[4:], ecdhePublic)
priv, ok := cert.PrivateKey.(crypto.Signer)
if !ok {
- return nil, errors.New("tls: certificate private key does not implement crypto.Signer")
+ return nil, fmt.Errorf("tls: certificate private key of type %T does not implement crypto.Signer", cert.PrivateKey)
}
- signatureAlgorithm, sigType, hashFunc, err := pickSignatureAlgorithm(priv.Public(), clientHello.supportedSignatureAlgorithms, supportedSignatureAlgorithmsTLS12, ka.version)
- if err != nil {
- return nil, err
+ var signatureAlgorithm SignatureScheme
+ var sigType uint8
+ var sigHash crypto.Hash
+ if ka.version >= VersionTLS12 {
+ signatureAlgorithm, err = selectSignatureScheme(ka.version, cert, clientHello.supportedSignatureAlgorithms)
+ if err != nil {
+ return nil, err
+ }
+ sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ sigType, sigHash, err = legacyTypeAndHashFromPublicKey(priv.Public())
+ if err != nil {
+ return nil, err
+ }
}
if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
return nil, errors.New("tls: certificate cannot be used with the selected cipher suite")
}
- signed := hashForServerKeyExchange(sigType, hashFunc, ka.version, clientHello.random, hello.random, serverECDHParams)
+ signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, hello.random, serverECDHEParams)
- signOpts := crypto.SignerOpts(hashFunc)
+ signOpts := crypto.SignerOpts(sigHash)
if sigType == signatureRSAPSS {
- signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: hashFunc}
+ signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash}
}
sig, err := priv.Sign(config.rand(), signed, signOpts)
if err != nil {
@@ -206,9 +216,9 @@
if ka.version >= VersionTLS12 {
sigAndHashLen = 2
}
- skx.key = make([]byte, len(serverECDHParams)+sigAndHashLen+2+len(sig))
- copy(skx.key, serverECDHParams)
- k := skx.key[len(serverECDHParams):]
+ skx.key = make([]byte, len(serverECDHEParams)+sigAndHashLen+2+len(sig))
+ copy(skx.key, serverECDHEParams)
+ k := skx.key[len(serverECDHEParams):]
if ka.version >= VersionTLS12 {
k[0] = byte(signatureAlgorithm >> 8)
k[1] = byte(signatureAlgorithm)
@@ -247,8 +257,8 @@
if publicLen+4 > len(skx.key) {
return errServerKeyExchange
}
- serverECDHParams := skx.key[:4+publicLen]
- publicKey := serverECDHParams[4:]
+ serverECDHEParams := skx.key[:4+publicLen]
+ publicKey := serverECDHEParams[4:]
sig := skx.key[4+publicLen:]
if len(sig) < 2 {
@@ -276,18 +286,27 @@
ka.ckx.ciphertext[0] = byte(len(ourPublicKey))
copy(ka.ckx.ciphertext[1:], ourPublicKey)
- var signatureAlgorithm SignatureScheme
+ var sigType uint8
+ var sigHash crypto.Hash
if ka.version >= VersionTLS12 {
- // handle SignatureAndHashAlgorithm
- signatureAlgorithm = SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
+ signatureAlgorithm := SignatureScheme(sig[0])<<8 | SignatureScheme(sig[1])
sig = sig[2:]
if len(sig) < 2 {
return errServerKeyExchange
}
- }
- _, sigType, hashFunc, err := pickSignatureAlgorithm(cert.PublicKey, []SignatureScheme{signatureAlgorithm}, clientHello.supportedSignatureAlgorithms, ka.version)
- if err != nil {
- return err
+
+ if !isSupportedSignatureAlgorithm(signatureAlgorithm, clientHello.supportedSignatureAlgorithms) {
+ return errors.New("tls: certificate used with invalid signature algorithm")
+ }
+ sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
+ if err != nil {
+ return err
+ }
+ } else {
+ sigType, sigHash, err = legacyTypeAndHashFromPublicKey(cert.PublicKey)
+ if err != nil {
+ return err
+ }
}
if (sigType == signaturePKCS1v15 || sigType == signatureRSAPSS) != ka.isRSA {
return errServerKeyExchange
@@ -299,8 +318,8 @@
}
sig = sig[2:]
- signed := hashForServerKeyExchange(sigType, hashFunc, ka.version, clientHello.random, serverHello.random, serverECDHParams)
- if err := verifyHandshakeSignature(sigType, cert.PublicKey, hashFunc, signed, sig); err != nil {
+ signed := hashForServerKeyExchange(sigType, sigHash, ka.version, clientHello.random, serverHello.random, serverECDHEParams)
+ if err := verifyHandshakeSignature(sigType, cert.PublicKey, sigHash, signed, sig); err != nil {
return errors.New("tls: invalid signature by the server certificate: " + err.Error())
}
return nil
diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go
index 83e5480..2aab323 100644
--- a/src/crypto/tls/key_schedule.go
+++ b/src/crypto/tls/key_schedule.go
@@ -7,14 +7,14 @@
import (
"crypto/elliptic"
"crypto/hmac"
- "crypto/subtle"
"errors"
- "golang.org/x/crypto/cryptobyte"
- "golang.org/x/crypto/curve25519"
- "golang.org/x/crypto/hkdf"
"hash"
"io"
"math/big"
+
+ "golang.org/x/crypto/cryptobyte"
+ "golang.org/x/crypto/curve25519"
+ "golang.org/x/crypto/hkdf"
)
// This file contains the functions necessary to compute the TLS 1.3 key
@@ -111,12 +111,15 @@
func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, error) {
if curveID == X25519 {
- p := &x25519Parameters{}
- if _, err := io.ReadFull(rand, p.privateKey[:]); err != nil {
+ privateKey := make([]byte, curve25519.ScalarSize)
+ if _, err := io.ReadFull(rand, privateKey); err != nil {
return nil, err
}
- curve25519.ScalarBaseMult(&p.publicKey, &p.privateKey)
- return p, nil
+ publicKey, err := curve25519.X25519(privateKey, curve25519.Basepoint)
+ if err != nil {
+ return nil, err
+ }
+ return &x25519Parameters{privateKey: privateKey, publicKey: publicKey}, nil
}
curve, ok := curveForCurveID(curveID)
@@ -178,8 +181,8 @@
}
type x25519Parameters struct {
- privateKey [32]byte
- publicKey [32]byte
+ privateKey []byte
+ publicKey []byte
}
func (p *x25519Parameters) CurveID() CurveID {
@@ -191,19 +194,9 @@
}
func (p *x25519Parameters) SharedKey(peerPublicKey []byte) []byte {
- if len(peerPublicKey) != 32 {
+ sharedKey, err := curve25519.X25519(p.privateKey, peerPublicKey)
+ if err != nil {
return nil
}
-
- var theirPublicKey, sharedKey [32]byte
- copy(theirPublicKey[:], peerPublicKey)
- curve25519.ScalarMult(&sharedKey, &p.privateKey, &theirPublicKey)
-
- // Check for low-order inputs. See RFC 8422, Section 5.11.
- var allZeroes [32]byte
- if subtle.ConstantTimeCompare(allZeroes[:], sharedKey[:]) == 1 {
- return nil
- }
-
- return sharedKey[:]
+ return sharedKey
}
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
index 22115d5..3975b07 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 41 6b 69 65 47 |....Y...U..AkieG|
-00000010 8c 15 2f d5 6d 1a 3d 0c ff 56 ad 42 31 6c 1f 86 |../.m.=..V.B1l..|
-00000020 06 62 e3 e4 18 9c 5c 47 9e 8c 66 20 af ba 7c 62 |.b....\G..f ..|b|
-00000030 c2 32 f4 49 f1 8d f4 ba 7a 51 23 32 46 96 7e b8 |.2.I....zQ#2F.~.|
-00000040 f0 2c ae 0a d4 04 49 16 4a 64 79 c8 c0 30 00 00 |.,....I.Jdy..0..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 d4 20 b3 4c 6a |....Y...U... .Lj|
+00000010 69 44 3f f7 ab 15 35 85 ca 71 02 b0 70 18 8e d6 |iD?...5..q..p...|
+00000020 61 d5 34 08 42 de cf a1 57 32 96 20 8c b4 72 dd |a.4.B...W2. ..r.|
+00000030 63 93 e6 13 9d 4a ec 75 d9 a1 a6 9e 5e 02 f5 63 |c....J.u....^..c|
+00000040 29 1a 78 9f 94 9f 6c 58 b5 91 ae 63 c0 30 00 00 |).x...lX...c.0..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -60,17 +60,17 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 9e 80 b0 95 af 3b 4c |........ .....;L|
-000002d0 e7 fb 97 65 d0 36 8f 97 88 0d 3b 5d a0 21 a8 78 |...e.6....;].!.x|
-000002e0 81 39 4c 80 5c 58 52 6e 68 08 04 00 80 41 c6 e7 |.9L.\XRnh....A..|
-000002f0 c9 48 c1 be 17 a6 a3 3c 3a de c8 c8 86 6e 70 37 |.H.....<:....np7|
-00000300 2f d3 ed 8a dd 3a 73 5c b5 23 49 a8 4a fe e9 2b |/....:s\.#I.J..+|
-00000310 4e 99 43 b8 e8 05 f9 fe 90 bf 74 be 92 3d d8 a3 |N.C.......t..=..|
-00000320 c2 b2 38 80 1c 82 1f 35 e1 2e 04 bf a6 0a ec 3f |..8....5.......?|
-00000330 81 4c a2 2b 19 8f 91 4c 51 b5 0d 52 1e 69 84 0a |.L.+...LQ..R.i..|
-00000340 b0 cb de 41 1a bd a6 3d 50 9a ca d2 c0 26 11 3f |...A...=P....&.?|
-00000350 cd 80 b4 2d 6e 03 f2 c5 2b cd 9c b6 a4 d8 e6 cf |...-n...+.......|
-00000360 ec 1d 7a a9 17 59 6c 89 17 2f 64 0a 7c 16 03 03 |..z..Yl../d.|...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 a2 bd 95 3e 0c 9f ad |........ ...>...|
+000002d0 11 59 e0 6a c1 21 0c 6c 86 cc f1 ce bd a0 30 5d |.Y.j.!.l......0]|
+000002e0 53 1e 75 f9 55 af 49 7b 31 08 04 00 80 d4 8b 11 |S.u.U.I{1.......|
+000002f0 ca 22 14 79 a3 e8 b6 c7 d0 d6 1b 17 42 93 47 30 |.".y........B.G0|
+00000300 ab 50 0e c9 0c 92 88 96 b4 63 4e 4e ac 7f dd c8 |.P.......cNN....|
+00000310 8f 85 07 5b 95 c5 0a c0 4e 6d 4f 51 ba d8 d7 db |...[....NmOQ....|
+00000320 14 70 80 4f 68 d9 b4 39 e7 48 27 21 76 4c 79 a4 |.p.Oh..9.H'!vLy.|
+00000330 60 91 d7 2f 75 69 04 1a da 71 ff b8 4d 78 d8 e7 |`../ui...q..Mx..|
+00000340 ca f2 f2 1e 71 21 b3 a0 44 a7 6c 99 16 a1 c9 f8 |....q!..D.l.....|
+00000350 f0 de e8 99 12 7b 3d a2 e3 15 fa 63 62 e9 1b 72 |.....{=....cb..r|
+00000360 c8 bb 27 38 4a 48 66 1d dd fb ef 6f d1 16 03 03 |..'8JHf....o....|
00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
@@ -112,26 +112,26 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 04 01 00 80 29 22 23 51 c5 71 4a |.........)"#Q.qJ|
-00000240 32 eb 72 6b f2 c8 46 99 df fe d5 a7 0c 55 3c 40 |2.rk..F......U<@|
-00000250 e1 1e 09 4c 40 83 8a 0d 67 27 63 21 d2 36 66 8f |...L@...g'c!.6f.|
-00000260 cb 97 4b 87 8a ed 9a 44 81 97 34 4b 9b 12 27 f5 |..K....D..4K..'.|
-00000270 d8 63 9b 1f cf d7 b4 2b 54 99 86 2d cd 36 9f 3e |.c.....+T..-.6.>|
-00000280 92 af 5a a6 0c 8a e0 e3 d3 b9 9b 47 ea 67 61 69 |..Z........G.gai|
-00000290 d8 c1 86 1d fd 43 d4 1f 5c f5 48 d8 4a 97 a7 0f |.....C..\.H.J...|
-000002a0 57 59 b0 5f e8 24 3f 9e 1d 96 3d 4b be 9c fa e3 |WY._.$?...=K....|
-000002b0 3b 34 7e aa 67 d7 cc ea 78 14 03 03 00 01 01 16 |;4~.g...x.......|
-000002c0 03 03 00 28 00 00 00 00 00 00 00 00 33 b3 7b c9 |...(........3.{.|
-000002d0 3f e8 7d 08 3d 65 a3 22 fa e3 04 79 d9 9f 54 a3 |?.}.=e."...y..T.|
-000002e0 45 e7 64 b2 5d 95 cf dd 88 cc ba 0b |E.d.].......|
+00000230 88 0f 00 00 84 08 04 00 80 2e bf 05 22 82 a7 d6 |............"...|
+00000240 e9 08 ff 9b 10 d3 4a 6c c4 73 5c 78 88 05 0c 15 |......Jl.s\x....|
+00000250 b7 8c 78 49 64 2d 58 67 ef 8f db c0 67 fa 32 6e |..xId-Xg....g.2n|
+00000260 65 45 90 a0 69 5c fb ba e0 16 1c d4 81 1d 24 89 |eE..i\........$.|
+00000270 35 27 14 15 19 0b 86 ee 6a f2 b4 a5 27 61 5f 1f |5'......j...'a_.|
+00000280 cc 47 7c 01 ed a9 ff ed 61 45 3f 53 1c 82 c8 cd |.G|.....aE?S....|
+00000290 48 e4 89 82 12 d7 d2 ff fa 32 b3 e6 9d ce 75 75 |H........2....uu|
+000002a0 d1 cd b2 a8 56 a6 a6 63 da 8d ed 27 13 01 9a 56 |....V..c...'...V|
+000002b0 a2 26 b4 6c af 27 f6 4f 1b 14 03 03 00 01 01 16 |.&.l.'.O........|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 f0 e8 32 33 |...(..........23|
+000002d0 50 df 73 17 3c 58 f2 c9 30 2e 5d e9 00 4f 4b 33 |P.s.<X..0.]..OK3|
+000002e0 22 12 f7 f0 62 d0 62 3e ed 36 b8 58 |"...b.b>.6.X|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 7e 38 ab 82 0c |..........(~8...|
-00000010 fd fa b9 83 3e 77 ed 22 b5 9d d3 c1 ca cd 18 c5 |....>w."........|
-00000020 1c 01 a0 b8 8b 96 20 92 7b bd 0a 33 ee fe be 75 |...... .{..3...u|
-00000030 95 6e 0c |.n.|
+00000000 14 03 03 00 01 01 16 03 03 00 28 14 ce b1 86 0e |..........(.....|
+00000010 9f ce 73 25 44 b7 3e a9 25 db a8 93 d9 39 33 75 |..s%D.>.%....93u|
+00000020 2f a9 7f 97 6a 76 28 fe e2 84 5f 1e 84 66 b4 c8 |/...jv(..._..f..|
+00000030 45 e7 64 |E.d|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 9d f0 cd |................|
-00000010 53 8d 1a 45 ae 4a e4 01 97 dd ac f1 00 d3 aa b6 |S..E.J..........|
-00000020 bf c9 bc 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 aa 1b 41 d5 f5 68 41 b8 32 94 9b 23 f8 60 7b 60 |..A..hA.2..#.`{`|
-00000040 2c 8a |,.|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 3b 17 73 |.............;.s|
+00000010 78 d6 3a b4 6d 3a 61 52 f6 a5 8c dd 18 3e ff 04 |x.:.m:aR.....>..|
+00000020 d9 3f 22 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.?".............|
+00000030 32 8d 5d 07 14 a9 d2 1c dd 1e 2f 3d 89 a9 8f 1d |2.]......./=....|
+00000040 08 0f |..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
index db82b38..2d608a7 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-ECDSA
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 59 e6 a5 3d 5a |....Y...U..Y..=Z|
-00000010 bf 25 a3 16 e7 e3 da cb ac b7 11 09 0a 1a 8a c5 |.%..............|
-00000020 33 a2 a6 58 12 27 cd 52 15 28 c9 20 23 9a f5 d3 |3..X.'.R.(. #...|
-00000030 d4 df 49 1d 01 87 12 36 03 c6 36 17 39 d0 db 62 |..I....6..6.9..b|
-00000040 22 48 7e 57 20 ab a3 7c b0 53 7e f1 c0 09 00 00 |"H~W ..|.S~.....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 3c ba b1 d8 8d |....Y...U..<....|
+00000010 f5 52 f4 a4 70 fc 12 54 20 85 eb 23 bc b8 0b e0 |.R..p..T ..#....|
+00000020 80 b6 ab 9b c5 34 84 57 bc ae 95 20 e3 51 8d 40 |.....4.W... .Q.@|
+00000030 93 cc 9f e4 fd 77 82 c8 12 54 6a 23 08 db ff e5 |.....w...Tj#....|
+00000040 87 8d 72 41 60 51 6a 11 5f 0a 9a d2 c0 09 00 00 |..rA`Qj._.......|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..|
00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....|
@@ -55,23 +55,23 @@
00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....|
00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.|
00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....|
-00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 a7 6b |*............ .k|
-00000280 75 97 e7 04 a7 19 99 af c7 73 72 82 59 7d 16 46 |u........sr.Y}.F|
-00000290 de 80 c2 d3 36 c7 e8 42 89 ca 8d db 11 39 04 03 |....6..B.....9..|
-000002a0 00 8a 30 81 87 02 41 73 4f fe e2 00 9d bf 60 0a |..0...AsO.....`.|
-000002b0 36 0b 97 8a fc 3e 8c 1d ac ff a2 0b 7a dc 8d 2f |6....>......z../|
-000002c0 d7 90 da 18 a0 14 8a 7c 51 4c a6 ae ec 13 ee 5e |.......|QL.....^|
-000002d0 1a 60 aa 2f 5a d2 05 48 fb bb bb 3a 1a dc fa 21 |.`./Z..H...:...!|
-000002e0 df 7b 6d 83 23 d6 62 0f 02 42 01 7f 5a 36 6d f4 |.{m.#.b..B..Z6m.|
-000002f0 0d f5 d0 6f d9 71 52 f8 eb e3 ed 7c 40 fd 64 14 |...o.qR....|@.d.|
-00000300 c1 31 4d 4b 78 70 5d 9f 61 18 3b 87 01 10 94 e5 |.1MKxp].a.;.....|
-00000310 7b 83 34 2d cd 90 50 db 10 62 8d 36 40 45 20 c0 |{.4-..P..b.6@E .|
-00000320 db ce de 5e b3 63 de 60 db bb fe be 16 03 03 00 |...^.c.`........|
-00000330 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 06 |:...6...@.......|
-00000340 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 |................|
-00000350 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 03 |................|
-00000360 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 04 |................|
-00000370 0e 00 00 00 |....|
+00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 86 f3 |*............ ..|
+00000280 1e c5 fb 1f 91 44 0e e5 e4 3e 0a cd 75 a2 fb 4c |.....D...>..u..L|
+00000290 a2 b9 07 f7 33 ce cc cd 61 a5 8c ba 6a 35 04 03 |....3...a...j5..|
+000002a0 00 8b 30 81 88 02 42 01 f4 8d 4f 3e c8 73 b5 b4 |..0...B...O>.s..|
+000002b0 b5 2b ac 2a 27 68 56 a1 45 ce b6 1d c6 37 ce de |.+.*'hV.E....7..|
+000002c0 bd 96 90 5e e2 1c c8 84 b2 84 57 25 81 d4 c3 7a |...^......W%...z|
+000002d0 db b2 3d 24 2b 17 3a 4a 7e 92 1a bb 0c fb b6 05 |..=$+.:J~.......|
+000002e0 cd 0e 85 4c 3d 4b 24 2a 2a 02 42 00 f6 91 d6 82 |...L=K$**.B.....|
+000002f0 9e 81 98 5f 64 59 ce 16 85 fc 65 19 0c 50 ca ea |..._dY....e..P..|
+00000300 8a ba 1e 61 a8 71 cf 2c eb 94 24 ac 34 75 6e 5c |...a.q.,..$.4un\|
+00000310 dc 92 ba b8 bd 42 75 ef 6d 67 5f 06 5c e3 6c c2 |.....Bu.mg_.\.l.|
+00000320 aa 5e 29 25 66 00 68 c8 5d 9c 6f bb e0 16 03 03 |.^)%f.h.].o.....|
+00000330 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
+00000340 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
+00000350 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
+00000360 03 02 02 02 04 02 05 02 06 02 00 00 16 03 03 00 |................|
+00000370 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -108,31 +108,31 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 04 01 00 80 88 59 ec 09 a4 c9 5e |..........Y....^|
-00000240 37 b4 e3 04 71 52 1a 5a 6d d6 9b f6 09 14 01 c2 |7...qR.Zm.......|
-00000250 3e 07 19 2f ec 15 d9 5b 12 6a 6e de 78 a3 ac 58 |>../...[.jn.x..X|
-00000260 40 44 f2 66 0a 12 a5 62 37 8b af 5a 3a 20 be f2 |@D.f...b7..Z: ..|
-00000270 6f 43 c8 00 69 21 c8 fd b0 cf 00 74 c3 96 a0 8b |oC..i!.....t....|
-00000280 6f ce c1 09 e6 90 1d 8e 53 40 b8 44 83 b9 46 9c |o.......S@.D..F.|
-00000290 78 3b c1 0a 36 68 a5 04 e8 b5 ed 6d 7d 09 21 8c |x;..6h.....m}.!.|
-000002a0 0e 00 0c 5e d0 2b 47 c9 f6 31 f6 8f 7b b6 2d 8d |...^.+G..1..{.-.|
-000002b0 ec 4e c2 0d 08 c5 1b 26 b6 14 03 03 00 01 01 16 |.N.....&........|
+00000230 88 0f 00 00 84 08 04 00 80 53 85 ea dc a6 86 2d |.........S.....-|
+00000240 e7 8c 0b 68 f9 57 7f f5 77 d8 fe 35 28 91 e7 2f |...h.W..w..5(../|
+00000250 8a 2c 36 cf d7 8c 9f 3d f2 e2 99 41 11 b2 3c a2 |.,6....=...A..<.|
+00000260 5e f3 68 1f b5 d4 f8 90 8a e2 5e 02 48 00 2b eb |^.h.......^.H.+.|
+00000270 f0 e6 8c 28 af 11 80 82 ea 35 06 fd 0a 5f d7 1a |...(.....5..._..|
+00000280 e9 63 29 08 8c aa 18 1e 7c 08 81 21 c8 aa 86 b1 |.c).....|..!....|
+00000290 cf 94 db f6 8d 15 dc cc ae cf 41 2c 32 b1 3f 0c |..........A,2.?.|
+000002a0 96 0e 5c ed 82 74 cc fc 35 f4 38 80 29 00 c1 3a |..\..t..5.8.)..:|
+000002b0 70 d4 07 07 9c 49 9e 7b 91 14 03 03 00 01 01 16 |p....I.{........|
000002c0 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 |...@............|
-000002d0 00 00 00 00 e7 64 7d 04 bb bf dd 2a ac fd 96 81 |.....d}....*....|
-000002e0 25 d8 3e 6c 1d 53 c7 79 31 4d 13 c3 71 d3 da c0 |%.>l.S.y1M..q...|
-000002f0 f8 74 11 bb 6b 9d 62 66 ed f0 97 ab 43 fe 12 cb |.t..k.bf....C...|
-00000300 da 8d c2 4b |...K|
+000002d0 00 00 00 00 f3 da dc d7 12 d6 f6 19 75 a8 02 68 |............u..h|
+000002e0 57 0e e1 90 75 d1 fc b8 32 a3 34 16 d6 8d 2a f5 |W...u...2.4...*.|
+000002f0 65 f2 a7 67 2c 2c a4 73 6a b6 f2 ad 2d 7f 8a ce |e..g,,.sj...-...|
+00000300 a7 12 16 97 |....|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 40 35 ee 36 65 9a |..........@5.6e.|
-00000010 e5 ac c7 30 18 b6 ff f9 fd fa 66 88 a7 73 be ba |...0......f..s..|
-00000020 d5 89 59 26 cf 2d 8d 31 48 f0 fb 09 c1 66 ef eb |..Y&.-.1H....f..|
-00000030 94 30 b7 47 71 a1 cb 03 34 37 14 f5 76 14 13 a9 |.0.Gq...47..v...|
-00000040 6f d7 4d 59 c1 63 f8 db 8b 74 36 |o.MY.c...t6|
+00000000 14 03 03 00 01 01 16 03 03 00 40 dc 11 a1 a2 fb |..........@.....|
+00000010 55 0c 9e e0 e2 55 1a ca cd 5b df 1f 39 9e 08 51 |U....U...[..9..Q|
+00000020 bd 6b 72 40 93 f8 23 7a 32 9d 85 18 20 b7 39 b0 |.kr@..#z2... .9.|
+00000030 03 d3 10 6a 8e 66 6d e6 d5 38 03 c6 e5 b8 dc d7 |...j.fm..8......|
+00000040 3c 27 1d d2 a9 59 f9 18 7d 15 90 |<'...Y..}..|
>>> Flow 5 (client to server)
00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-00000010 00 00 00 00 00 19 16 39 bc a3 30 b5 1d ae e5 a9 |.......9..0.....|
-00000020 74 89 1e d1 77 86 8f 85 55 fa af cb 0a 94 45 f4 |t...w...U.....E.|
-00000030 a9 fa 21 c5 54 15 03 03 00 30 00 00 00 00 00 00 |..!.T....0......|
-00000040 00 00 00 00 00 00 00 00 00 00 40 17 27 41 8c ae |..........@.'A..|
-00000050 74 59 34 f0 2e 72 34 4e 98 6e d8 da 17 07 b3 14 |tY4..r4N.n......|
-00000060 d8 c8 2c ad b6 3e 44 5a 3e d7 |..,..>DZ>.|
+00000010 00 00 00 00 00 c2 92 ee 96 31 60 90 d5 ee a6 1c |.........1`.....|
+00000020 ed 3c 03 40 8c e7 0c db 7f b0 11 dc 7e 58 e1 aa |.<.@........~X..|
+00000030 4c d7 68 2a 91 15 03 03 00 30 00 00 00 00 00 00 |L.h*.....0......|
+00000040 00 00 00 00 00 00 00 00 00 00 b6 61 51 ac 66 a5 |...........aQ.f.|
+00000050 d1 ef d3 ee c8 d3 48 72 d5 e0 ef 7d ca 6a ec b2 |......Hr...}.j..|
+00000060 77 ff 2d a8 32 6d be 6e a7 42 |w.-.2m.n.B|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
index 02b11a6..cdc7104 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSA
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 43 a0 10 ae 54 |....Y...U..C...T|
-00000010 09 23 be 14 d7 1d b3 64 66 5e 39 4e 42 ed 58 3a |.#.....df^9NB.X:|
-00000020 1b de 35 eb ee 9b 86 44 fe 2b a8 20 e7 f1 4a 47 |..5....D.+. ..JG|
-00000030 b1 6b f0 fb d7 ed 3c 33 4a 52 bc 9b 39 c0 16 d3 |.k....<3JR..9...|
-00000040 f4 0a 7c 38 7e b3 95 31 7a c7 c8 f4 c0 2f 00 00 |..|8~..1z..../..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 f3 28 ca c9 ac |....Y...U...(...|
+00000010 29 bb 15 80 56 d2 37 09 fa 7d 23 04 d4 79 e7 1d |)...V.7..}#..y..|
+00000020 bb 4e c5 60 c8 44 39 02 6a e9 e0 20 b5 ae 39 87 |.N.`.D9.j.. ..9.|
+00000030 4e 24 2f 33 02 fe 72 d6 2a 4d 0c 8c da 36 7b 28 |N$/3..r.*M...6{(|
+00000040 3c 06 aa b2 60 68 91 7a ae d8 7b e2 c0 2f 00 00 |<...`h.z..{../..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -60,17 +60,17 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 e7 c6 c3 84 0a b7 55 |........ ......U|
-000002d0 ff fb ae 43 10 da 03 0d 7d 91 77 90 cd 05 6a ab |...C....}.w...j.|
-000002e0 08 35 5a 38 23 79 45 9f 54 08 04 00 80 d8 b8 a1 |.5Z8#yE.T.......|
-000002f0 67 15 39 93 cc d0 ac e7 55 85 3e 62 f3 a6 d8 35 |g.9.....U.>b...5|
-00000300 5e bb 60 4e 33 70 05 47 b8 9e 8c e6 85 65 09 e2 |^.`N3p.G.....e..|
-00000310 95 4f 8a d9 4b cb 60 62 3c ef 57 81 ed b4 20 cf |.O..K.`b<.W... .|
-00000320 b1 71 d9 62 57 60 fa 07 89 12 a1 90 8f 8f 06 4a |.q.bW`.........J|
-00000330 56 c3 81 e0 b6 11 9e ce 33 fe 0f 4e b2 84 cc 4b |V.......3..N...K|
-00000340 dc d4 71 e4 43 04 61 11 a9 a6 8a 20 43 a7 0e b6 |..q.C.a.... C...|
-00000350 a8 97 43 1b e0 a9 b1 0f e8 19 68 0a 5d 38 d9 69 |..C.......h.]8.i|
-00000360 22 65 16 aa 05 16 11 cd 66 4a 4f be 90 16 03 03 |"e......fJO.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 d4 df 5d 10 ee ba a6 |........ ..]....|
+000002d0 51 d7 1b fb bf ed bc d6 b9 34 44 e7 af 23 0e 9b |Q........4D..#..|
+000002e0 45 af ba 7a 89 63 03 a9 4c 08 04 00 80 30 2c 0f |E..z.c..L....0,.|
+000002f0 2e d9 e4 1d c2 90 01 1c cc cf d4 fe 06 6d c3 aa |.............m..|
+00000300 59 d9 d9 bc 16 2f 2c b1 be 90 a3 93 a7 be bc 4d |Y..../,........M|
+00000310 d8 f4 ac 21 36 59 a8 21 94 ef d3 c4 53 14 34 18 |...!6Y.!....S.4.|
+00000320 c9 10 d5 77 fd 1e ad 15 0f 23 d7 73 90 7a c0 7b |...w.....#.s.z.{|
+00000330 b3 b2 e2 df 15 42 35 ce 38 05 52 02 77 b7 b2 2b |.....B5.8.R.w..+|
+00000340 6b 88 6a ce d4 20 99 9d e4 fe e8 38 1e 01 b7 78 |k.j.. .....8...x|
+00000350 3c ea ac 8e ef 2f 7e e8 22 08 78 42 b7 db 84 80 |<..../~.".xB....|
+00000360 8c 61 8a c5 cc d7 1f 6a 8d 5c 1d 2d 0d 16 03 03 |.a.....j.\.-....|
00000370 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 03 05 03 |.:...6...@......|
00000380 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................|
00000390 08 06 04 01 05 01 06 01 03 03 02 03 03 01 02 01 |................|
@@ -112,26 +112,26 @@
00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.|
00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...|
00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....|
-00000230 88 0f 00 00 84 04 01 00 80 2e af 25 b4 ff 00 08 |...........%....|
-00000240 c8 dc 24 49 d5 9b d0 fe b5 81 8d 4e 15 d4 63 bf |..$I.......N..c.|
-00000250 8e 4c a4 7d 96 58 a2 4b f4 25 a8 e3 39 fc df 2d |.L.}.X.K.%..9..-|
-00000260 7c a0 20 61 86 35 8e 7e ba a5 2c f3 07 ad 84 36 ||. a.5.~..,....6|
-00000270 df ef 66 e9 78 d8 5f b3 17 45 31 d4 4a 38 5c 6c |..f.x._..E1.J8\l|
-00000280 03 73 3b 74 60 c9 00 d1 64 59 c9 a5 39 00 fc bf |.s;t`...dY..9...|
-00000290 9c 3a 99 46 4b 71 90 64 8a 24 2e 37 cf 8a 42 c2 |.:.FKq.d.$.7..B.|
-000002a0 56 a6 94 97 60 c5 56 ba de 71 78 6c f2 be ce 16 |V...`.V..qxl....|
-000002b0 47 ca 0d 95 3c cc b8 6f b2 14 03 03 00 01 01 16 |G...<..o........|
-000002c0 03 03 00 28 00 00 00 00 00 00 00 00 8e 0e 3b 43 |...(..........;C|
-000002d0 63 52 24 16 91 bc 50 85 ef 34 ad b9 f0 45 e7 4c |cR$...P..4...E.L|
-000002e0 9a 07 1d 46 53 2c 89 79 0f 27 dc 9d |...FS,.y.'..|
+00000230 88 0f 00 00 84 08 04 00 80 b8 96 b3 c8 66 a9 fb |.............f..|
+00000240 da 1b 82 65 9d 57 e5 e5 e5 60 c9 43 df 6e 99 53 |...e.W...`.C.n.S|
+00000250 45 95 b8 58 d1 19 05 50 e1 a7 3c e8 07 ad 57 09 |E..X...P..<...W.|
+00000260 9c 95 13 ea 80 24 53 56 b1 13 2d 59 9d e9 60 0f |.....$SV..-Y..`.|
+00000270 75 97 d3 4f 82 3a b5 41 3e 90 75 ea 28 97 00 e7 |u..O.:.A>.u.(...|
+00000280 74 c9 04 1d d0 16 ba 40 75 9c ae a0 bd 00 b1 a9 |t......@u.......|
+00000290 86 d5 1a f2 30 45 72 99 ea b2 eb 61 b1 63 72 c5 |....0Er....a.cr.|
+000002a0 ad b1 60 a8 fa bd 95 95 17 03 4c 8e 87 4b 44 e5 |..`.......L..KD.|
+000002b0 ec f3 e0 48 33 b8 a9 74 78 14 03 03 00 01 01 16 |...H3..tx.......|
+000002c0 03 03 00 28 00 00 00 00 00 00 00 00 e6 a6 db ee |...(............|
+000002d0 7d fb 48 9f 81 a6 78 6a db a1 9a bb c8 da 7b b2 |}.H...xj......{.|
+000002e0 6a 01 66 fb 85 a7 2f 35 40 77 b6 b2 |j.f.../5@w..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 2f 40 03 cf 5a |..........(/@..Z|
-00000010 76 6c 87 87 8d 99 4c e8 76 73 6a 62 1d a5 31 bc |vl....L.vsjb..1.|
-00000020 2e 7e 23 8c 50 bf 07 b9 13 53 4a 59 a0 9b 74 b7 |.~#.P....SJY..t.|
-00000030 53 21 2d |S!-|
+00000000 14 03 03 00 01 01 16 03 03 00 28 b3 9c 30 b6 a2 |..........(..0..|
+00000010 cb cf 75 38 10 e7 80 39 0e 87 39 9c d9 da 2c 53 |..u8...9..9...,S|
+00000020 1a 64 2d 33 ff 21 25 e9 3c f2 ec 6d a4 59 f4 30 |.d-3.!%.<..m.Y.0|
+00000030 ea 41 24 |.A$|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 83 69 b1 |..............i.|
-00000010 20 19 eb db d4 58 e7 f1 5a 95 b0 d3 9d 3b 74 ad | ....X..Z....;t.|
-00000020 bc 94 c4 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................|
-00000030 7d 89 89 25 40 be 0d fc 24 d0 ff 5a 0f 24 5d f2 |}..%@...$..Z.$].|
-00000040 a3 ab |..|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 65 72 8f |.............er.|
+00000010 4a 5f 08 c1 f9 37 5d 30 bc c6 e6 5f a8 23 35 69 |J_...7]0..._.#5i|
+00000020 d3 3c 7a 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.<z.............|
+00000030 b0 48 2e 2e ed 4d 9c db 3a fc ff e6 57 83 fc 90 |.H...M..:...W...|
+00000040 aa 78 |.x|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
index f788e6f..3f74080 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
+++ b/src/crypto/tls/testdata/Client-TLSv12-ClientCert-RSA-RSAPSS
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 be 63 44 bb 7e |....Y...U...cD.~|
-00000010 0d 88 88 15 b1 ed 7e 75 03 57 25 1a 0c 52 42 31 |......~u.W%..RB1|
-00000020 f8 e1 46 e3 11 27 ff 05 5e 26 2e 20 e6 31 d0 a6 |..F..'..^&. .1..|
-00000030 d9 7c 69 a6 57 09 ee 50 c5 3c 5e 1d a0 a7 2b 7a |.|i.W..P.<^...+z|
-00000040 7c dd 04 b4 38 45 c9 90 a0 98 33 68 c0 2f 00 00 ||...8E....3h./..|
+00000000 16 03 03 00 59 02 00 00 55 03 03 29 bc e2 fe ae |....Y...U..)....|
+00000010 0a db 37 e6 39 d5 48 24 3d 0f e5 d7 6b a3 69 dd |..7.9.H$=...k.i.|
+00000020 ce 09 fd 28 03 c2 7e 38 db c9 ec 20 d2 5e 3f 94 |...(..~8... .^?.|
+00000030 b0 2c 5e 4c 77 c2 94 c3 f2 a9 d0 91 4f 96 45 0e |.,^Lw.......O.E.|
+00000040 d3 34 fc 9f e0 a5 e6 fc 1e 8a c1 00 c0 2f 00 00 |.4.........../..|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 66 0b 00 02 62 00 02 5f 00 02 5c 30 82 02 |..f...b.._..\0..|
00000070 58 30 82 01 8d a0 03 02 01 02 02 11 00 f2 99 26 |X0.............&|
@@ -61,18 +61,18 @@
000002a0 11 89 66 79 d1 8e 88 0e 0b a0 9e 30 2a c0 67 ef |..fy.......0*.g.|
000002b0 ca 46 02 88 e9 53 81 22 69 22 97 ad 80 93 d4 f7 |.F...S."i"......|
000002c0 dd 70 14 24 d7 70 0a 46 a1 16 03 03 00 ac 0c 00 |.p.$.p.F........|
-000002d0 00 a8 03 00 1d 20 60 8e 8a 17 8a fc b4 4f 01 ad |..... `......O..|
-000002e0 f8 ef 44 f3 fc af 2a 90 57 7d ba 1d dd a6 17 cc |..D...*.W}......|
-000002f0 c6 4a 5f a2 fb 47 08 04 00 80 46 d8 62 04 19 4a |.J_..G....F.b..J|
-00000300 29 9b cc 3c 2c 0d 7e 67 3d 97 c0 32 65 90 28 e2 |)..<,.~g=..2e.(.|
-00000310 e9 df 7d 9b e1 62 82 a9 0b 22 99 a0 ae b9 7a 31 |..}..b..."....z1|
-00000320 75 c2 6e 61 e7 a5 64 b9 72 ce b8 04 b2 ca 14 78 |u.na..d.r......x|
-00000330 d4 b4 c2 b4 57 b4 a4 70 f9 d1 bf d0 77 e3 f5 66 |....W..p....w..f|
-00000340 c0 3f dd b2 40 30 3d d5 e9 a6 d1 49 79 ac ea b9 |.?..@0=....Iy...|
-00000350 38 43 52 3c a0 1c be 0d 18 a2 fc c0 a6 43 80 91 |8CR<.........C..|
-00000360 3f c5 c2 3a 43 31 92 ff 58 a8 40 52 b3 99 0f c4 |?..:C1..X.@R....|
-00000370 c6 00 89 0b b9 f4 9e 28 cd bf 16 03 03 00 0c 0d |.......(........|
-00000380 00 00 08 01 01 00 02 04 01 00 00 16 03 03 00 04 |................|
+000002d0 00 a8 03 00 1d 20 9e e4 39 3a b3 d5 f9 51 16 d4 |..... ..9:...Q..|
+000002e0 a8 e1 0a 6d ad 3c ca 01 97 d6 a1 ce 03 2a 67 4a |...m.<.......*gJ|
+000002f0 49 06 eb ed c6 24 08 04 00 80 b3 b7 9e fd 97 9b |I....$..........|
+00000300 b0 d6 35 89 21 53 ff a8 4b 59 59 26 37 ac 2f 36 |..5.!S..KYY&7./6|
+00000310 27 3d 5a 04 3f 50 ed 36 e0 5f 1a d7 1b 36 47 94 |'=Z.?P.6._...6G.|
+00000320 45 ec 8c 0b 8f 0f fc df ec 3c 56 f0 d0 28 45 94 |E........<V..(E.|
+00000330 96 c7 35 bb 42 31 a6 6e eb 27 cf cf 7e 21 cf 2f |..5.B1.n.'..~!./|
+00000340 a1 90 5d 2b 32 23 b3 de 40 a7 b6 56 c1 73 29 56 |..]+2#..@..V.s)V|
+00000350 3d 73 fe 34 b2 0b 58 97 16 e6 a1 1c 47 0e 24 a7 |=s.4..X.....G.$.|
+00000360 0d c9 a0 51 70 82 b1 d1 a6 a1 bc b4 49 77 c4 c4 |...Qp.......Iw..|
+00000370 87 ae c8 49 e6 80 ae d0 dd ca 16 03 03 00 0c 0d |...I............|
+00000380 00 00 08 01 01 00 02 08 04 00 00 16 03 03 00 04 |................|
00000390 0e 00 00 00 |....|
>>> Flow 3 (client to server)
00000000 16 03 03 02 66 0b 00 02 62 00 02 5f 00 02 5c 30 |....f...b.._..\0|
@@ -116,27 +116,27 @@
00000260 d4 f7 dd 70 14 24 d7 70 0a 46 a1 16 03 03 00 25 |...p.$.p.F.....%|
00000270 10 00 00 21 20 2f e5 7d a3 47 cd 62 43 15 28 da |...! /.}.G.bC.(.|
00000280 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........|
-00000290 5f 58 cb 3b 74 16 03 03 00 88 0f 00 00 84 04 01 |_X.;t...........|
-000002a0 00 80 d5 bf 41 e0 65 7b 32 16 bb a3 92 48 f6 0e |....A.e{2....H..|
-000002b0 31 eb ca a2 b7 1c b3 3a b4 8f 91 0e 44 e8 9e ad |1......:....D...|
-000002c0 f7 71 4c 71 20 da 59 29 09 4f 0b 1e fb 92 c5 ce |.qLq .Y).O......|
-000002d0 7b a3 26 de 89 be f5 cc b6 be dc af 09 6a f9 a2 |{.&..........j..|
-000002e0 f0 65 5c 39 2d ad 2c 46 ce df 26 09 2e 99 5d 9e |.e\9-.,F..&...].|
-000002f0 58 2b cf 1f ed b5 1a 4b 21 0b d8 ec 14 fb bb f2 |X+.....K!.......|
-00000300 eb 41 9d 1c 6a 06 d8 38 b9 68 fc 1d 90 ad ff 9c |.A..j..8.h......|
-00000310 91 c1 4a ff b0 49 59 8a 0b 25 26 eb 28 b1 a5 f8 |..J..IY..%&.(...|
-00000320 0d 8e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 |............(...|
-00000330 00 00 00 00 00 cd a4 31 83 38 57 c8 91 98 4c 6c |.......1.8W...Ll|
-00000340 76 c7 e1 d8 af f9 47 ee 45 75 f4 51 6c e5 7e da |v.....G.Eu.Ql.~.|
-00000350 00 0f da 44 49 |...DI|
+00000290 5f 58 cb 3b 74 16 03 03 00 88 0f 00 00 84 08 04 |_X.;t...........|
+000002a0 00 80 a6 6b 99 15 5e 97 33 4f a8 0e 59 af 15 22 |...k..^.3O..Y.."|
+000002b0 f3 6e be 02 6e e4 20 d5 81 c0 b4 74 5a e2 20 32 |.n..n. ....tZ. 2|
+000002c0 2b 7f 9c e6 94 32 4d 30 bf 93 86 9b 75 4d f1 9f |+....2M0....uM..|
+000002d0 e4 48 28 00 27 fa 7c 45 2e fe d7 0b dc 03 c4 6b |.H(.'.|E.......k|
+000002e0 42 ad a2 32 d7 9d ea d6 52 05 3f ed 87 fd b9 9d |B..2....R.?.....|
+000002f0 58 fd d6 9f 28 6d 45 07 de 5b 4a 8e f4 4d 19 0b |X...(mE..[J..M..|
+00000300 cf 4e 64 75 73 ae cd e9 ae f9 af 27 d0 b9 eb 4c |.Ndus......'...L|
+00000310 98 ad 66 6d 4e bf 2c 39 87 f3 72 3e 4e bc a1 8f |..fmN.,9..r>N...|
+00000320 a8 1e 14 03 03 00 01 01 16 03 03 00 28 00 00 00 |............(...|
+00000330 00 00 00 00 00 04 3c cc ae cd 19 52 6b 1e 0e cc |......<....Rk...|
+00000340 dd a9 ac 2f 2a c6 94 4c 09 f3 ee 2f b5 5a 13 1e |.../*..L.../.Z..|
+00000350 4f 54 a0 ae c2 |OT...|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 28 7f 1d 85 46 4c |..........(...FL|
-00000010 7f 93 d7 e3 c1 3f a7 71 69 16 90 9a a6 f8 9a 22 |.....?.qi......"|
-00000020 a5 8b 0e 6d 6a f2 08 7e 40 6d ba 87 74 e4 e6 1d |...mj..~@m..t...|
-00000030 ba 5e ff |.^.|
+00000000 14 03 03 00 01 01 16 03 03 00 28 6d 44 cb 35 8b |..........(mD.5.|
+00000010 15 5c f9 f8 1e ae 4f 8c 8c d9 90 9e 6c cf 13 f6 |.\....O.....l...|
+00000020 12 29 f5 f7 d6 ff da e2 48 7d 68 ec ad 1a 6c 39 |.)......H}h...l9|
+00000030 c5 77 6c |.wl|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 2a 5a a1 |.............*Z.|
-00000010 d5 31 ba 8b 9d 3f f1 54 e0 53 cf 84 70 3b f5 bf |.1...?.T.S..p;..|
-00000020 11 3c ad 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.<..............|
-00000030 1b ad 23 3d 37 69 87 9d b5 60 f1 8a 13 d6 09 ab |..#=7i...`......|
-00000040 a4 9b |..|
+00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 2a ce da |.............*..|
+00000010 11 1c 7d 49 0d aa 44 d4 d6 d4 7f 64 2b 49 47 20 |..}I..D....d+IG |
+00000020 5a 21 bb 15 03 03 00 1a 00 00 00 00 00 00 00 02 |Z!..............|
+00000030 fc 10 75 a7 22 f9 74 1c 3a d2 b2 a8 04 2d 37 5f |..u.".t.:....-7_|
+00000040 c2 76 |.v|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
index 96f7b00..48a99ed 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateOnce
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 1c 04 37 7b 4d |....Y...U....7{M|
-00000010 49 2a 45 1d e8 db 60 7e 7d be 7b 2d ff a2 dc aa |I*E...`~}.{-....|
-00000020 b7 5e 66 f9 67 bf 58 f7 f1 0a 7b 20 f2 72 71 31 |.^f.g.X...{ .rq1|
-00000030 2a 6e 5e 2b e4 29 ef bc 3a 56 45 26 53 b4 9f 98 |*n^+.)..:VE&S...|
-00000040 fb 07 d5 2f b3 f3 f0 3b 02 1f 00 9b cc a8 00 00 |.../...;........|
+00000000 16 03 03 00 59 02 00 00 55 03 03 f1 d8 72 0c 79 |....Y...U....r.y|
+00000010 e2 ca 92 11 1c 30 cc 45 00 9b ea 3d a3 ed 23 d5 |.....0.E...=..#.|
+00000020 22 f0 da 9c 03 32 7b c3 13 d3 df 20 8f 7a 61 43 |"....2{.... .zaC|
+00000030 cb 72 46 5e c1 39 78 42 32 97 cc 2b 90 2e 53 59 |.rF^.9xB2..+..SY|
+00000040 31 38 ec 7b 2b 8a f3 80 e0 03 f0 0e cc a8 00 00 |18.{+...........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -60,185 +60,185 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 6f fe 48 78 c0 68 41 |........ o.Hx.hA|
-000002d0 fa 5a 33 f5 9b e0 b2 ae 93 e9 0c 5a 78 60 32 67 |.Z3........Zx`2g|
-000002e0 de cf 17 26 20 88 3a f5 5e 08 04 00 80 58 d9 c5 |...& .:.^....X..|
-000002f0 f0 c3 9e f5 4d a5 20 3e ed da a2 7d b9 2a 9b 95 |....M. >...}.*..|
-00000300 ec 1c 2a c1 28 22 3e 36 4f 5a fe eb 2a 6a 9e 9e |..*.(">6OZ..*j..|
-00000310 01 83 31 93 d1 bd 0f 6f ff 9d e8 4e 7a cb 9d 8f |..1....o...Nz...|
-00000320 63 92 bc f2 0e 37 1f e0 8a 1e 22 2c eb 53 e8 25 |c....7....",.S.%|
-00000330 15 20 97 1f 0c 75 5a 9d 6a aa e6 a6 86 d9 5d 4d |. ...uZ.j.....]M|
-00000340 b8 58 d1 03 63 d4 8d cb 0b 4d 97 2e eb 50 13 39 |.X..c....M...P.9|
-00000350 07 5c d9 a8 bf cf eb 05 47 0a 48 30 5b 71 c0 ea |.\......G.H0[q..|
-00000360 cb 4f 22 27 1a d2 58 02 ca 07 bd 03 f1 16 03 03 |.O"'..X.........|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 96 cb 1d cd f6 2f ff |........ ...../.|
+000002d0 fe 32 ef d6 18 a2 6b 57 66 cd 3d 50 42 56 dc a4 |.2....kWf.=PBV..|
+000002e0 5f fe e4 91 ce d1 17 34 3c 08 04 00 80 b1 47 de |_......4<.....G.|
+000002f0 b3 19 b0 fd 02 35 eb 3c a1 04 d3 6b 53 84 20 c7 |.....5.<...kS. .|
+00000300 08 4b 96 12 23 ae bf ca a8 83 1d 90 16 ae d3 7c |.K..#..........||
+00000310 fa 1b b4 f0 bb bb 4e 3f 70 13 2f 40 6c d4 76 61 |......N?p./@l.va|
+00000320 5b 23 85 3f e7 37 ef e1 55 47 8d 01 e1 24 22 7f |[#.?.7..UG...$".|
+00000330 a4 2c 6f 97 47 5f d6 69 bf b4 db 4b b8 a1 ad 66 |.,o.G_.i...K...f|
+00000340 5f d5 5d b6 06 ac 93 ed d7 06 cb b5 a4 d4 4b a7 |_.]...........K.|
+00000350 7b de f7 73 60 af ad 23 f4 6a f1 bf 2a ee 5b 4e |{..s`..#.j..*.[N|
+00000360 83 94 d7 95 3b e5 5e a5 3d 1a 0a 7a 9e 16 03 03 |....;.^.=..z....|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 f9 b0 26 8b 30 54 a5 80 7e 5b 47 |.... ..&.0T..~[G|
-00000040 2e b1 28 07 ef 12 93 33 5a 8d 5e de 8d 56 d5 c3 |..(....3Z.^..V..|
-00000050 3c 05 a8 f1 5e |<...^|
+00000030 16 03 03 00 20 f2 6f 2e 79 5c db 90 b8 2e cf 59 |.... .o.y\.....Y|
+00000040 0a 56 69 86 f1 71 0c ff a9 7c 0b a0 e7 c9 8d 17 |.Vi..q...|......|
+00000050 65 ad a5 6c 82 |e..l.|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 c1 77 25 ba a7 |.......... .w%..|
-00000010 08 ba 0d 1e 8b e2 eb 11 77 d8 c7 e2 20 e0 60 da |........w... .`.|
-00000020 97 f5 42 f4 12 bb 94 35 b7 ee c8 |..B....5...|
+00000000 14 03 03 00 01 01 16 03 03 00 20 d5 90 08 84 71 |.......... ....q|
+00000010 bc 09 48 be ad 59 11 76 c6 39 bb 94 8c 60 80 29 |..H..Y.v.9...`.)|
+00000020 44 1a 0d fe 5c 00 4c bc 47 3c 1e |D...\.L.G<.|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 6f f6 5b 37 2f 21 25 ae e9 30 be |.....o.[7/!%..0.|
-00000010 ce b4 66 f7 fd 9a 5a 02 9d 43 e8 |..f...Z..C.|
+00000000 17 03 03 00 16 42 cd 1c e5 91 35 b0 c1 4d df e4 |.....B....5..M..|
+00000010 b0 ca f3 8a 7a 41 85 31 7a 7d 59 |....zA.1z}Y|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 8f be 53 56 e9 19 ec 85 79 d0 cc |.......SV....y..|
-00000010 8d ab 43 3c b2 7b a3 55 57 |..C<.{.UW|
+00000000 16 03 03 00 14 3b 0f 40 64 9f ff 8f b9 85 18 af |.....;.@d.......|
+00000010 b4 bc e7 33 8a 9b 03 de ed |...3.....|
>>> Flow 7 (client to server)
-00000000 16 03 03 01 16 ab 36 6a 25 3d 93 3c 71 b6 5b 91 |......6j%=.<q.[.|
-00000010 8d 58 37 42 24 7f d9 16 71 64 64 49 f1 4b ff d8 |.X7B$...qddI.K..|
-00000020 47 8f 2a 27 93 d2 63 a1 7e bf 76 94 b5 e5 a6 d4 |G.*'..c.~.v.....|
-00000030 79 97 60 76 18 a5 4a 47 85 89 49 01 48 5c ff 73 |y.`v..JG..I.H\.s|
-00000040 99 b4 44 9d f6 53 44 2e b8 21 75 b5 d6 98 c7 33 |..D..SD..!u....3|
-00000050 7c 1a 25 7f 8d 79 db 7f 05 8c 9e e4 d8 9c 4b 57 ||.%..y........KW|
-00000060 45 70 42 ba 2c c1 45 f4 69 04 5a 87 ab f7 e4 d1 |EpB.,.E.i.Z.....|
-00000070 6a ed e9 cf ab 79 1c bc dc c6 2d 72 1b 94 51 17 |j....y....-r..Q.|
-00000080 2f 2a 1a f2 0f 85 66 97 15 81 4b 99 e7 75 ec 19 |/*....f...K..u..|
-00000090 61 20 a7 92 f3 14 e1 a0 f8 a0 ad ba 9f ef d5 5d |a .............]|
-000000a0 f1 92 ff 50 1b 66 9f e0 39 c4 58 a5 59 c5 eb 46 |...P.f..9.X.Y..F|
-000000b0 4b f5 53 6d 04 dd bc b4 71 d8 2b cf 4d 73 67 74 |K.Sm....q.+.Msgt|
-000000c0 c1 8d ab d2 53 0a 91 ce 90 03 ed e4 d8 23 1a ff |....S........#..|
-000000d0 2c 70 1a 42 bc fb 80 5b a8 97 aa 9b 6e 27 2c ec |,p.B...[....n',.|
-000000e0 78 30 5c 9f 6f 5d 65 dd f3 e2 41 9c ad 8d 12 58 |x0\.o]e...A....X|
-000000f0 39 ef ed cf 0b 73 28 c7 f4 37 f3 a2 16 39 18 c5 |9....s(..7...9..|
-00000100 db b8 b6 db b9 b2 56 f2 9b 60 38 9f 82 60 45 06 |......V..`8..`E.|
-00000110 3e 6b cf 9c 2f 1e 5d 0b ff 80 cb |>k../.]....|
+00000000 16 03 03 01 16 17 a7 61 5b 22 97 6e eb dd 43 84 |.......a[".n..C.|
+00000010 b9 ac 15 c2 76 7d 1f c0 e3 46 11 af c0 59 7d cc |....v}...F...Y}.|
+00000020 d4 5d 02 90 28 bb b3 7c 85 76 46 34 7c bf 2b bf |.]..(..|.vF4|.+.|
+00000030 c4 e9 e1 46 b0 15 7e af c1 03 4a 17 b3 7a 03 cd |...F..~...J..z..|
+00000040 e0 90 b1 1b 59 ac 1f 33 b0 41 c3 47 ee 58 af 5b |....Y..3.A.G.X.[|
+00000050 5b c4 7a 92 02 e2 34 8d cd 70 20 c4 59 5e 25 f2 |[.z...4..p .Y^%.|
+00000060 28 b1 f2 a5 e0 c4 f9 d0 ae cc 2b 1e ea d4 5a fe |(.........+...Z.|
+00000070 62 97 bc d7 57 94 5c b8 ce 4c 62 1a e5 29 02 1e |b...W.\..Lb..)..|
+00000080 0e 68 1d 8a 17 f9 47 55 ac 65 cf 13 88 d3 95 0d |.h....GU.e......|
+00000090 d7 e0 d8 03 f8 f6 6f 9c 5b de 5c 80 c3 34 7e 82 |......o.[.\..4~.|
+000000a0 5c 8b c4 a3 99 c8 1e f0 f2 e5 6e 73 40 62 31 8e |\.........ns@b1.|
+000000b0 3b 08 62 ba a8 b9 18 c4 84 a0 b4 9f 68 81 2f ae |;.b.........h./.|
+000000c0 8d 7c cc 54 ba 4a ec 26 a5 8a 9b a7 bd 36 17 2c |.|.T.J.&.....6.,|
+000000d0 52 69 4c 57 81 64 e6 34 88 27 81 d2 32 eb d2 8d |RiLW.d.4.'..2...|
+000000e0 4d 8d c1 8b 14 b3 07 19 63 f8 d6 4a 9a 7d 3f c1 |M.......c..J.}?.|
+000000f0 af 18 72 f7 2d c8 7e 82 52 28 51 80 59 0c 9b 9f |..r.-.~.R(Q.Y...|
+00000100 ac 40 69 25 0e 6d d7 4a 72 b5 18 f8 78 b9 52 c3 |.@i%.m.Jr...x.R.|
+00000110 d6 32 6c 7d 29 70 a8 33 18 d0 4b |.2l})p.3..K|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 21 a2 14 95 1e 02 74 1b aa c5 ec |.....!.....t....|
-00000010 3f 9f 1a 88 67 00 8b 16 68 54 52 bb df f7 4c 75 |?...g...hTR...Lu|
-00000020 57 49 e3 00 1e b2 6f 61 67 eb ac 1e 77 31 bc e1 |WI....oag...w1..|
-00000030 66 a9 db 13 8b 43 d3 73 f9 57 97 1d 75 bd fc 78 |f....C.s.W..u..x|
-00000040 1b 0c 92 a4 66 95 d6 89 3d 86 63 a6 e8 15 5d d2 |....f...=.c...].|
-00000050 65 4c b5 2b f7 3d be 81 17 e6 23 64 65 26 68 b8 |eL.+.=....#de&h.|
-00000060 14 6b 68 24 78 19 84 a4 a1 82 d2 b6 6f d1 58 68 |.kh$x.......o.Xh|
-00000070 43 db 14 90 af 15 3c 8d 0c 5d b3 26 f3 14 7f cf |C.....<..].&....|
-00000080 09 05 2a 2a 5d 21 16 03 03 02 69 f3 b0 da 24 57 |..**]!....i...$W|
-00000090 c9 6b 11 b6 67 20 2c 5f 64 53 ca a5 71 26 95 89 |.k..g ,_dS..q&..|
-000000a0 47 be 7d 27 dd a9 6e 8e af 45 de 5d bd 37 8c 2b |G.}'..n..E.].7.+|
-000000b0 b0 d8 d0 49 7e f1 cf 1c 47 a9 0f 5f fa 99 56 46 |...I~...G.._..VF|
-000000c0 a2 41 f7 f6 08 5f 97 6b 14 64 01 aa b2 f6 55 34 |.A..._.k.d....U4|
-000000d0 25 76 f3 ef 29 a3 cc 99 f5 06 ac 30 d1 00 db 36 |%v..)......0...6|
-000000e0 9b 41 c0 45 2e d4 bc b9 02 87 0f 0a 0e 2d 9d 56 |.A.E.........-.V|
-000000f0 df b8 94 8e 54 a8 6d 0a 8d b8 71 3c c0 76 0a 94 |....T.m...q<.v..|
-00000100 6d dc c6 5b 24 7e c5 48 25 67 15 44 2b 48 d0 cd |m..[$~.H%g.D+H..|
-00000110 82 d8 c8 5e 0c 20 32 95 a9 f8 d5 31 cd f7 44 da |...^. 2....1..D.|
-00000120 05 c4 cb e9 04 48 72 ac ca 7b 26 e6 76 d2 01 18 |.....Hr..{&.v...|
-00000130 c0 34 88 29 7c 8c dc 35 e3 25 c9 11 f0 2b 1f 44 |.4.)|..5.%...+.D|
-00000140 d8 7d ea 1d 6a 57 b2 2c 52 8e 89 50 e3 e4 1c 51 |.}..jW.,R..P...Q|
-00000150 91 0c 6d fd 8d ad 91 77 b1 34 02 83 96 7e 39 5f |..m....w.4...~9_|
-00000160 bc ed b1 05 3b f0 d3 f0 b3 05 54 e8 47 36 32 b1 |....;.....T.G62.|
-00000170 88 c9 31 7e d8 41 12 3b 55 25 b3 bc e3 9f a5 17 |..1~.A.;U%......|
-00000180 a8 45 21 68 e6 12 83 0e 80 13 d5 80 4d 89 0d fb |.E!h........M...|
-00000190 9f 06 84 35 04 e8 0e bc 8c e7 17 83 7a 0f 68 34 |...5........z.h4|
-000001a0 ee db 10 78 31 85 34 e0 d8 f4 d2 3d fa 1c 18 49 |...x1.4....=...I|
-000001b0 25 c9 b9 53 ee b1 62 ff 13 77 36 8e 59 73 f7 9b |%..S..b..w6.Ys..|
-000001c0 5f 4d 01 2d 41 dc 9e 2e f7 f4 4c f7 27 eb e3 35 |_M.-A.....L.'..5|
-000001d0 91 41 b5 7f 28 eb 04 2c f6 db 80 aa 3d 4e ac 2b |.A..(..,....=N.+|
-000001e0 9d 95 c8 97 cf 35 f5 49 0d c7 b1 4f bf 41 eb 4a |.....5.I...O.A.J|
-000001f0 9a a6 56 b8 8a 75 53 17 dc d4 ad ab 82 25 e8 0a |..V..uS......%..|
-00000200 ae 8b c0 a3 8e 67 4b d1 96 04 45 1d c8 12 32 3f |.....gK...E...2?|
-00000210 7e 4c 48 95 9f 24 8c 01 cf c3 78 10 d6 12 63 37 |~LH..$....x...c7|
-00000220 38 58 d3 31 97 25 9d 43 29 29 86 fb 9a 47 b5 c1 |8X.1.%.C))...G..|
-00000230 81 dc ab 4b be 57 bf 9f 0c 0b 28 fc 13 15 4e 2d |...K.W....(...N-|
-00000240 58 97 78 3e 7f eb bf a1 cf a1 8d ab fe 3a 47 77 |X.x>.........:Gw|
-00000250 c1 fb b7 b8 82 42 37 95 60 20 be 91 26 ca 2c 48 |.....B7.` ..&.,H|
-00000260 44 57 6c 75 24 22 93 32 cf 83 f8 0c 75 b5 4a f1 |DWlu$".2....u.J.|
-00000270 88 d0 8e 1d 4e c7 93 1b ba ea 14 04 38 f6 7a c2 |....N.......8.z.|
-00000280 d2 4b 7c 9c 1b 8b 31 6c d8 09 88 6a 6d a1 61 d6 |.K|...1l...jm.a.|
-00000290 ee 80 ea 76 c0 d9 5a 49 31 3b dd 0f b5 5a a1 29 |...v..ZI1;...Z.)|
-000002a0 d4 ff db 68 48 96 26 e7 a7 82 10 e9 6e 5c c4 66 |...hH.&.....n\.f|
-000002b0 d5 e0 87 c3 66 d8 7c 4e bf a5 31 0f fa 6e f6 21 |....f.|N..1..n.!|
-000002c0 4d fe ea f0 36 91 9e 18 81 c0 21 4f 77 eb 65 c0 |M...6.....!Ow.e.|
-000002d0 fe 84 45 22 dd 28 03 eb e5 ce 15 62 e1 b8 9f 0e |..E".(.....b....|
-000002e0 aa 9d bc 5c 38 41 01 74 17 d0 92 a5 80 e4 4b 58 |...\8A.t......KX|
-000002f0 42 bb 42 5d 16 03 03 00 bc 09 fb 78 c1 36 2e 27 |B.B].......x.6.'|
-00000300 b2 44 17 1a a8 2b f5 cd 98 78 a4 c1 1c f2 e7 53 |.D...+...x.....S|
-00000310 92 ef c1 88 83 78 37 23 08 f5 7f 5d 9f d1 c4 32 |.....x7#...]...2|
-00000320 df 01 c6 9c 3e a8 11 31 f4 77 69 94 d7 67 bc 62 |....>..1.wi..g.b|
-00000330 8e 18 57 0a cd d8 ba db cd 2b e8 f9 37 77 16 13 |..W......+..7w..|
-00000340 be 18 53 2a 50 0b 0a d7 9a f0 7d 10 d3 13 bb 82 |..S*P.....}.....|
-00000350 36 5c aa d1 17 ad 83 69 47 7f 81 5c 36 53 81 e3 |6\.....iG..\6S..|
-00000360 1d 65 9f ac b2 3e 76 77 5a 6a 39 e5 df 92 55 e6 |.e...>vwZj9...U.|
-00000370 90 96 9c b9 54 ac 09 17 ce f5 43 9f 3e 1e 3a b6 |....T.....C.>.:.|
-00000380 cb 61 da 1a 3e e0 b4 51 30 3e 22 09 0b 05 a7 6e |.a..>..Q0>"....n|
-00000390 5a df 82 d2 ab b9 d8 d2 37 a7 d7 b5 7f a9 ea 49 |Z.......7......I|
-000003a0 2f 64 57 33 5a 19 7f a3 2f 6a 7e 40 18 19 4a 61 |/dW3Z.../j~@..Ja|
-000003b0 05 92 35 8b 50 16 03 03 00 4a 50 1e e6 f4 47 dd |..5.P....JP...G.|
-000003c0 fb 02 b4 22 71 e7 1e b1 51 28 9f 2d 40 64 2c 85 |..."q...Q(.-@d,.|
-000003d0 47 33 69 3e b0 e4 c7 eb a6 31 13 76 45 39 e7 50 |G3i>.....1.vE9.P|
-000003e0 94 86 2e dd e1 58 f2 83 60 86 07 94 29 ce 69 12 |.....X..`...).i.|
-000003f0 0f 89 e3 89 2f 00 50 2b 56 ed 1d fe 25 55 9f 33 |..../.P+V...%U.3|
-00000400 3d 30 93 3c 16 03 03 00 14 0e 3f df b0 79 70 a7 |=0.<......?..yp.|
-00000410 08 bb 01 ff 08 44 69 65 49 81 9f e5 3a |.....DieI...:|
+00000000 16 03 03 00 81 8b e2 a1 f5 15 55 13 f6 f2 fa 95 |..........U.....|
+00000010 3b bb 0f 3d 3e 9b 3c b1 60 cb 69 7f 63 62 2d 9b |;..=>.<.`.i.cb-.|
+00000020 20 47 3a 7d 5e d0 98 38 49 c3 94 f8 1d 56 1d 69 | G:}^..8I....V.i|
+00000030 27 65 bc ca 63 22 65 61 60 67 49 35 f0 eb 83 1b |'e..c"ea`gI5....|
+00000040 44 c4 f0 91 64 5a 81 b5 06 4b 3e 3a ef 3b 5c b0 |D...dZ...K>:.;\.|
+00000050 81 b4 36 df f3 0d a3 0a 1c 40 03 fa 81 48 42 70 |..6......@...HBp|
+00000060 bf 4c b3 6b 67 19 7b 83 05 a1 31 a3 1c 79 49 2c |.L.kg.{...1..yI,|
+00000070 1f 58 bc 7d 98 4e 5b 64 44 3d 3c 43 fb 77 c7 7c |.X.}.N[dD=<C.w.||
+00000080 65 aa 0a 3d 49 a1 16 03 03 02 69 de 2a 3b 96 9f |e..=I.....i.*;..|
+00000090 21 b4 5d de 2b b6 c5 03 ec ab 79 35 eb da 8b 1f |!.].+.....y5....|
+000000a0 f8 c4 58 7c d1 af 3d 6e f9 73 63 2b dc 2e a5 4f |..X|..=n.sc+...O|
+000000b0 88 93 24 5e d7 2a ab 0a a5 0f bf 5d 2d 74 9c 19 |..$^.*.....]-t..|
+000000c0 3a 97 88 f7 17 25 ad 6a 81 3a f1 e3 bb 4c 7a b6 |:....%.j.:...Lz.|
+000000d0 4c b0 f3 25 e5 66 06 14 b0 a3 3d 3a 25 36 4c e1 |L..%.f....=:%6L.|
+000000e0 62 25 fc ac 22 7b 25 0d f9 5f 5b a6 1b 7f b9 14 |b%.."{%.._[.....|
+000000f0 4d 71 81 6b de 9d 6a 40 80 ba 88 20 60 c6 e2 50 |Mq.k..j@... `..P|
+00000100 c6 a6 3d 01 ee 04 dc ad 3c 95 a7 ef a7 dd 3a 6c |..=.....<.....:l|
+00000110 0f f2 c2 c2 e0 fc 3c d2 75 88 ad 1a 23 94 2a 69 |......<.u...#.*i|
+00000120 28 66 c2 8a 5c 34 69 da cc 5d 13 dd 86 fc 66 13 |(f..\4i..]....f.|
+00000130 de c2 c6 86 6d 4a b4 ea b0 99 61 38 72 1e 7f 36 |....mJ....a8r..6|
+00000140 df 32 4b a7 12 23 8f f3 d1 8d d7 2f d1 65 67 4f |.2K..#...../.egO|
+00000150 10 07 03 6a b2 87 aa a4 b0 41 c9 20 f4 84 5e b7 |...j.....A. ..^.|
+00000160 5e 4d 47 d4 7f 6c 8d 2e a5 bb 7d 07 1b 5b e5 50 |^MG..l....}..[.P|
+00000170 5d 27 c0 8b f8 5e a7 a8 ef d7 f3 b0 6d 07 7a 9b |]'...^......m.z.|
+00000180 1d 54 5a 18 c7 4f 6f b8 92 44 16 ec 92 43 1a 1a |.TZ..Oo..D...C..|
+00000190 a8 d0 a3 40 25 b0 ff 35 9c b7 4c f9 cd 06 59 a6 |...@%..5..L...Y.|
+000001a0 25 ca 4a b7 34 31 0a 23 29 3a 09 8b 7b 05 15 b0 |%.J.41.#):..{...|
+000001b0 67 ae 1b 8b f4 67 16 e0 c1 67 a1 58 09 c9 10 f0 |g....g...g.X....|
+000001c0 f0 62 02 52 14 6d 02 3d e6 ab 16 fb 7f 38 69 7c |.b.R.m.=.....8i||
+000001d0 d1 f3 db 69 3c cd 78 28 b2 fa 94 1c a0 2f b7 bb |...i<.x(...../..|
+000001e0 31 4f f6 56 2a 98 5a d1 bf 5d e4 0d ec 8f 47 42 |1O.V*.Z..]....GB|
+000001f0 62 a6 59 39 77 d8 bd 11 71 64 b4 2b 65 2a 10 5d |b.Y9w...qd.+e*.]|
+00000200 46 51 bf 8d b6 13 df 61 b8 1e 37 ad fc c0 86 a9 |FQ.....a..7.....|
+00000210 b4 09 2f 33 8e 93 4a 5b 32 f4 f9 7d 01 a8 b8 09 |../3..J[2..}....|
+00000220 8e da 90 8f a7 fb 82 76 fd 6b 7e 93 57 13 e1 99 |.......v.k~.W...|
+00000230 cb b8 12 0a da c2 62 0e 0c 65 53 d4 5b 75 c2 22 |......b..eS.[u."|
+00000240 3f 91 5c e6 c4 12 48 78 c4 6d 2c 1f 45 dc a2 a1 |?.\...Hx.m,.E...|
+00000250 73 cf 69 97 8b 64 42 d5 22 06 de 04 4b 8c f5 5f |s.i..dB."...K.._|
+00000260 d6 97 1a 73 4f 4e d2 55 e1 8d 8c 21 fd 7f 26 1c |...sON.U...!..&.|
+00000270 53 9f 69 c9 01 11 be 4e d0 ab 78 56 af bb 0a 0f |S.i....N..xV....|
+00000280 73 cb c5 d2 07 4a 16 a0 71 9f dd 46 17 0e 86 5e |s....J..q..F...^|
+00000290 e2 90 34 7d af b1 86 6c e3 33 cf ff 2f bf ea 8e |..4}...l.3../...|
+000002a0 62 7e 7f b9 f7 c4 1b 4c 61 b6 8d 6f a9 b4 56 27 |b~.....La..o..V'|
+000002b0 0a 0d fa d7 d9 ce 6a 1a e3 4e 4d f8 04 c8 74 75 |......j..NM...tu|
+000002c0 07 6f 38 96 c7 04 df a4 e0 6a 08 c5 5b 93 b7 c1 |.o8......j..[...|
+000002d0 fb 4d 4f 01 67 3c 8b 03 93 f7 46 c2 db 2f 41 2d |.MO.g<....F../A-|
+000002e0 e1 d6 dd 39 d5 0c dc 6a 10 c2 50 fe 34 64 79 9a |...9...j..P.4dy.|
+000002f0 5e 88 35 89 16 03 03 00 bc d1 42 6c 11 23 45 dd |^.5.......Bl.#E.|
+00000300 41 9e 81 0a 3d d1 c1 99 6f 91 b5 16 96 e6 d3 eb |A...=...o.......|
+00000310 9b 8f c3 30 14 7f 19 d5 9a fa ea 9c de 53 23 7c |...0.........S#||
+00000320 d8 49 d2 c5 e7 7c ff 96 22 0a 57 fc 11 ed b9 ca |.I...|..".W.....|
+00000330 2e 18 a5 30 7e 3a d2 86 70 de 48 28 83 a1 3b 65 |...0~:..p.H(..;e|
+00000340 67 b9 2e 89 87 92 0e eb b5 70 1d 36 7b 98 4b 8e |g........p.6{.K.|
+00000350 12 49 db 85 18 dc e1 f4 51 a9 bb e4 5c ae 56 31 |.I......Q...\.V1|
+00000360 c1 56 84 bb e5 42 ec d1 41 e7 a7 4e 08 d7 5f 1d |.V...B..A..N.._.|
+00000370 67 9a ed 10 b6 80 ff ea 36 70 ac a0 a9 ec 4a e3 |g.......6p....J.|
+00000380 37 ae bf f3 bd a9 aa 3f b0 14 f6 0b 05 18 09 dd |7......?........|
+00000390 29 b4 97 55 88 24 59 ce 5b 42 e2 b5 1f 04 76 f3 |)..U.$Y.[B....v.|
+000003a0 f1 c0 49 7d 47 ef 5e 6c c3 ed 30 2c a0 a1 df c6 |..I}G.^l..0,....|
+000003b0 12 13 22 8b 65 16 03 03 00 4a 3e 6c f8 63 5b 93 |..".e....J>l.c[.|
+000003c0 f0 c6 3a 58 e0 6c 6b 70 46 d0 be 6f 13 34 7a 30 |..:X.lkpF..o.4z0|
+000003d0 e6 e4 b2 fd 39 ee 79 b1 7e 73 5e 9b 2d d9 3f 4f |....9.y.~s^.-.?O|
+000003e0 61 d5 53 37 79 57 15 a3 3a 7c b7 02 cc 76 25 1d |a.S7yW..:|...v%.|
+000003f0 96 8b dd 9e 32 8b 1a 9e 37 b1 1a b8 f2 4f ef 3c |....2...7....O.<|
+00000400 78 e1 b9 07 16 03 03 00 14 bf da c1 d4 16 fd 48 |x..............H|
+00000410 a9 ad 59 6d 8c dc e1 6c fd 73 ca 9c 1b |..Ym...l.s...|
>>> Flow 9 (client to server)
-00000000 16 03 03 02 69 b8 47 2d 3a 7a e4 d0 2b 45 b2 38 |....i.G-:z..+E.8|
-00000010 1e 6f 8d 3d e1 26 91 92 d7 1f e9 a4 2c d8 30 2c |.o.=.&......,.0,|
-00000020 ce 68 50 e7 80 77 63 e1 bd c7 c8 1b 6f ca b0 bf |.hP..wc.....o...|
-00000030 82 1d 75 85 2c 5d b2 f6 9a f2 b6 9b c4 24 54 86 |..u.,].......$T.|
-00000040 b8 fb dc ae 09 25 c4 42 fc 4d f2 18 5b a3 92 31 |.....%.B.M..[..1|
-00000050 8a 78 1f 1a 74 d4 43 0b 24 2f 14 2b 0e 05 3a 8d |.x..t.C.$/.+..:.|
-00000060 7a 1c 21 2f cd 7b 9d 6c 32 b1 f6 14 fa 9d f5 be |z.!/.{.l2.......|
-00000070 9c f1 8e 75 b9 27 82 ba e7 fc 14 39 2a 6f 3e 59 |...u.'.....9*o>Y|
-00000080 d6 bc 6c 3f f1 33 5e fa bb 07 bc e4 0b 7e 4a 5d |..l?.3^......~J]|
-00000090 2b e8 9b d5 00 d2 cc 8f 94 01 82 0e bb 28 f9 d2 |+............(..|
-000000a0 1f ee 0c ff 9c 4d 37 5b 23 5b 23 a5 39 fe cd 2b |.....M7[#[#.9..+|
-000000b0 ef 30 46 b7 c1 0e a3 fc fd f6 1b d3 78 fb d9 93 |.0F.........x...|
-000000c0 3a 52 fe 91 dc 42 63 85 09 64 63 3a 9d 9f 21 74 |:R...Bc..dc:..!t|
-000000d0 c6 d9 e4 b5 cc ef 94 96 0f c1 d0 45 f6 e6 b9 32 |...........E...2|
-000000e0 01 74 88 24 bb d9 d6 25 23 14 de 25 f4 7e 9c 77 |.t.$...%#..%.~.w|
-000000f0 82 83 7e 59 dc c3 f7 d9 e4 b1 95 e0 bb 6e 66 e4 |..~Y.........nf.|
-00000100 bd cb a2 72 a0 63 d4 39 9f 57 a7 d1 88 7a 59 64 |...r.c.9.W...zYd|
-00000110 38 45 bb fc 5a 02 81 4c 2e e5 e4 1c 7d e9 e8 f0 |8E..Z..L....}...|
-00000120 e1 b7 88 f5 a6 ee d0 b7 e5 2f 9e 15 d5 76 8d f7 |........./...v..|
-00000130 68 0f 7b 6a 48 e7 19 3a bc ef f5 fc 72 a4 62 ce |h.{jH..:....r.b.|
-00000140 a6 66 e5 e8 74 03 c0 4d b4 14 e4 0c 36 fd 99 0b |.f..t..M....6...|
-00000150 0e 4f b6 5e 4c db dc 51 fe ae e9 07 37 92 6c 35 |.O.^L..Q....7.l5|
-00000160 f7 99 6c b9 36 c2 b9 7c 5e ef 72 c1 1f ba fb 18 |..l.6..|^.r.....|
-00000170 57 24 f2 d4 21 cf 46 bd 71 3d 62 63 ba 1c 0f 8b |W$..!.F.q=bc....|
-00000180 f4 a6 fc ea 27 de 48 b8 ed e3 6e 4b 30 66 fa 1e |....'.H...nK0f..|
-00000190 22 7b 49 e2 03 96 8a 6a 3c 6a 1a 62 81 cc 06 dd |"{I....j<j.b....|
-000001a0 a7 6b dd 3c 1b 39 e3 36 5a 8c ec 22 71 35 af fc |.k.<.9.6Z.."q5..|
-000001b0 74 11 68 2f bd 9a 61 57 39 1a e7 c5 df 62 45 fc |t.h/..aW9....bE.|
-000001c0 b5 84 f0 b8 6a 63 6f dd 16 24 74 4d 81 34 3e 4c |....jco..$tM.4>L|
-000001d0 e7 b9 9f 90 aa 1f 39 13 e2 4b 8c ff b5 13 d1 d2 |......9..K......|
-000001e0 cd ac ce 8c 2b bc b3 b3 fc f7 37 db 61 8f 6b 90 |....+.....7.a.k.|
-000001f0 c2 bc 6e e3 8e fa d9 16 ab 62 c7 3f d7 e1 0b a8 |..n......b.?....|
-00000200 2b 8a 0d b6 2c 90 dc 6e b4 44 e0 13 32 fb 80 23 |+...,..n.D..2..#|
-00000210 a9 e4 18 ea 8d c7 8a 14 0a 82 8d 3b 21 88 bf bf |...........;!...|
-00000220 ff 10 3c 08 6b 65 70 4c b5 88 7d 9c 92 43 15 55 |..<.kepL..}..C.U|
-00000230 18 e9 cf 15 5d 55 3a f0 a1 46 ca d4 9e f3 c0 16 |....]U:..F......|
-00000240 4b ee f6 17 95 e0 af 1e 85 54 62 dd 56 88 6b e1 |K........Tb.V.k.|
-00000250 29 ac f9 4f dc 5c 89 16 19 6b 21 c9 6c c8 1e 1d |)..O.\...k!.l...|
-00000260 89 7c cc a4 9b 1f c8 ce 67 c6 83 79 6a d6 16 03 |.|......g..yj...|
-00000270 03 00 35 6f 33 7d 96 3c 8d 66 a5 d1 7a 8b bc fa |..5o3}.<.f..z...|
-00000280 ca f0 89 9d 2b 37 0c f5 aa 14 07 f2 58 be d1 d3 |....+7......X...|
-00000290 ec 73 dd b6 33 e2 df 46 1a d3 ee e8 26 d9 be 2b |.s..3..F....&..+|
-000002a0 43 25 3b e2 78 72 10 43 16 03 03 00 98 18 03 96 |C%;.xr.C........|
-000002b0 9c eb 31 50 72 15 0e 9b ff c7 6b b0 60 32 08 c6 |..1Pr.....k.`2..|
-000002c0 ef 70 f9 0c 22 4a a2 0f 77 31 b3 ea d0 12 65 af |.p.."J..w1....e.|
-000002d0 c9 28 0f f9 5b b7 f3 75 9c 5a 6e df a1 6a e6 d5 |.(..[..u.Zn..j..|
-000002e0 82 0b 18 05 94 aa dd 93 e5 1d 60 06 47 f5 3e b1 |..........`.G.>.|
-000002f0 d5 e8 e7 b7 9f 43 bf 4b 8a 5e 48 3b f1 42 f6 c0 |.....C.K.^H;.B..|
-00000300 c3 65 86 e2 bc 7a 75 1d 93 cf 7f 3d 11 d3 85 c3 |.e...zu....=....|
-00000310 c3 90 90 0b 77 e1 d7 64 da 71 3c 55 de 7c b9 71 |....w..d.q<U.|.q|
-00000320 ea d9 7a ae a6 dd 7e e0 a4 2e 88 89 79 2c 40 dc |..z...~.....y,@.|
-00000330 dd 95 b0 04 6a 76 90 70 2b c7 42 b0 2e 04 79 0c |....jv.p+.B...y.|
-00000340 4e cb ca f0 81 14 03 03 00 11 29 9f c8 82 93 26 |N.........)....&|
-00000350 07 ce a1 23 50 1a 75 38 36 e0 92 16 03 03 00 20 |...#P.u86...... |
-00000360 75 41 82 00 9b 89 29 9b 59 2f 45 01 3e a9 ae c6 |uA....).Y/E.>...|
-00000370 f8 7e fd 4d bd 3b 0e bc 9b 74 27 09 33 c3 27 2a |.~.M.;...t'.3.'*|
+00000000 16 03 03 02 69 11 1e 53 9b b7 57 6d ea 89 bb 37 |....i..S..Wm...7|
+00000010 1b c6 01 bd 27 db fa 17 cc 5d 20 be ee 5b a9 64 |....'....] ..[.d|
+00000020 48 4e 4a 4c 82 65 8e 3d 42 d6 ce 5c a8 50 d4 fa |HNJL.e.=B..\.P..|
+00000030 0f 02 b2 19 90 b5 4e ae 6c e9 d6 b7 b8 64 ca 0e |......N.l....d..|
+00000040 09 2d a9 7b ab 0f b8 83 97 b6 e0 eb bf 03 5a 1c |.-.{..........Z.|
+00000050 e7 16 31 67 30 46 60 26 df 19 cf 5f fa 40 36 43 |..1g0F`&..._.@6C|
+00000060 91 d5 7c 2f 5f 29 74 03 e0 90 cd 55 25 e5 1e fe |..|/_)t....U%...|
+00000070 6b 13 ec 58 29 b0 f4 a3 b2 8d ba 4e 3b f1 11 d8 |k..X)......N;...|
+00000080 85 49 50 b9 e0 03 89 a1 0f da ce 57 83 aa 4a 8c |.IP........W..J.|
+00000090 3b 15 d5 10 47 01 22 32 4f 78 87 69 4c bf a6 6e |;...G."2Ox.iL..n|
+000000a0 d4 e6 a5 1e fa 5b ff b0 38 a5 fa 83 1d 45 c5 18 |.....[..8....E..|
+000000b0 72 65 91 6c 41 d2 21 be 5b 1d e9 f5 19 eb d0 5a |re.lA.!.[......Z|
+000000c0 7e 0d 81 c9 ca f0 97 9e cc 9b 5c 77 6b 9c 15 d3 |~.........\wk...|
+000000d0 bd 43 4d 42 e5 f9 82 a9 d6 f2 44 93 ae 74 a3 fd |.CMB......D..t..|
+000000e0 c5 1f 15 13 a0 ea d2 f3 4c 4c ea 2d fe 3b 6e 7b |........LL.-.;n{|
+000000f0 f4 11 f7 2e 7d 45 26 a0 d9 29 4e 4d ec 90 e2 3e |....}E&..)NM...>|
+00000100 51 52 dd 6e e1 b5 77 b1 a2 f5 17 b5 34 7f e8 8f |QR.n..w.....4...|
+00000110 38 9c d6 1c b5 6c 2d 99 00 a1 41 95 15 c5 e5 bf |8....l-...A.....|
+00000120 c1 67 fb ea 53 6c a8 85 8c c4 a6 74 e3 dc f7 90 |.g..Sl.....t....|
+00000130 b8 cc 99 39 1a a1 c6 51 db 65 e9 b8 ad 2b 1f 35 |...9...Q.e...+.5|
+00000140 b5 90 ae f7 af c2 d0 a9 92 eb 63 21 24 4f 5e 62 |..........c!$O^b|
+00000150 ba 69 ce 1a c8 41 79 db c0 6c ef bc cf 19 4a 2c |.i...Ay..l....J,|
+00000160 e0 66 6e 72 97 2d 75 e5 ee 14 82 e8 26 98 fe c4 |.fnr.-u.....&...|
+00000170 8a 17 c4 fb 48 2a d7 7e d9 3e 5b f9 d4 7d 0e da |....H*.~.>[..}..|
+00000180 56 44 5e 33 9d 5f 97 ab d1 60 a8 ee 3d 16 6a 2a |VD^3._...`..=.j*|
+00000190 33 b1 7d e2 e6 86 cd 88 ac e1 48 49 4e 19 a2 b0 |3.}.......HIN...|
+000001a0 16 53 ec ff b8 a4 f7 35 2d a7 7a 04 86 66 42 52 |.S.....5-.z..fBR|
+000001b0 51 3d 21 62 c5 35 9c e5 cb f9 bf 7b d1 12 b0 18 |Q=!b.5.....{....|
+000001c0 7b 6f 88 d9 ef d2 1a 45 3e 51 ac 3e c8 87 8c 47 |{o.....E>Q.>...G|
+000001d0 08 d0 90 b5 66 f6 4e c3 75 74 68 c8 7d 14 3a 2b |....f.N.uth.}.:+|
+000001e0 83 7d 12 78 37 9e 11 02 3d 63 ba 78 b6 ba 6d 26 |.}.x7...=c.x..m&|
+000001f0 30 b0 bf a9 23 1e 83 aa 3d a8 02 5b 77 5f 2a 95 |0...#...=..[w_*.|
+00000200 d0 b9 c8 22 a3 a9 fe b0 32 99 8a 46 67 10 b3 d9 |..."....2..Fg...|
+00000210 3e 84 02 ec a2 68 7e 69 db 51 99 37 ee 49 66 0b |>....h~i.Q.7.If.|
+00000220 af e1 cd b0 25 74 dc ce 29 ed 70 1c 3a bb f2 99 |....%t..).p.:...|
+00000230 03 86 6d af 3f 78 4a 86 70 b8 85 15 02 91 be f6 |..m.?xJ.p.......|
+00000240 4f f2 73 98 00 c6 76 20 c2 19 c6 e9 6c d0 e5 09 |O.s...v ....l...|
+00000250 5c 12 c8 1c a1 3d b7 41 18 26 cb ea d0 92 61 53 |\....=.A.&....aS|
+00000260 06 7c f8 5e a8 27 de 76 4e 83 49 2a ab 82 16 03 |.|.^.'.vN.I*....|
+00000270 03 00 35 4f b7 51 7c c8 51 25 a4 58 de 8b 4a e2 |..5O.Q|.Q%.X..J.|
+00000280 97 cc 48 d0 4d be 9b 8a 44 3b 22 43 b9 82 a4 a5 |..H.M...D;"C....|
+00000290 76 38 0b ae 91 d3 20 75 18 50 f3 1b eb 11 fd 86 |v8.... u.P......|
+000002a0 4a 1a f1 e8 2a f8 e0 60 16 03 03 00 98 ae e6 1b |J...*..`........|
+000002b0 b1 00 f9 14 93 55 be 63 ea 5b 5e d4 18 37 6b 14 |.....U.c.[^..7k.|
+000002c0 5c 8e fb 82 51 e1 57 24 b7 4a 8b 55 74 79 70 55 |\...Q.W$.J.UtypU|
+000002d0 de 33 82 14 0a 39 0d 91 92 9a 11 c0 4a dd 12 49 |.3...9......J..I|
+000002e0 ea 1a 41 df fd f2 4a 79 c3 0a d5 93 5c ea 82 ff |..A...Jy....\...|
+000002f0 16 4a 20 91 25 34 5d 72 9d ea 0e 40 dd 6d 86 fd |.J .%4]r...@.m..|
+00000300 e9 d1 d9 db 61 e6 62 17 6b 09 47 c4 a7 32 1c 22 |....a.b.k.G..2."|
+00000310 f6 e4 41 2a 3e 2b d0 c3 92 56 c5 b8 5f 6d 25 44 |..A*>+...V.._m%D|
+00000320 81 e7 1a ed 70 6a a6 94 89 d1 ad 8d d1 c0 df a2 |....pj..........|
+00000330 26 6f 20 0b 0e 51 15 dd 05 86 36 88 72 3f e1 5d |&o ..Q....6.r?.]|
+00000340 da 9d d3 76 e4 14 03 03 00 11 52 70 cd 84 39 32 |...v......Rp..92|
+00000350 7c c0 58 53 9b 32 00 96 14 b6 57 16 03 03 00 20 ||.XS.2....W.... |
+00000360 98 94 aa 9f 77 71 42 3e 48 e8 74 8e 27 60 54 c2 |....wqB>H.t.'`T.|
+00000370 55 ac 52 99 37 21 f3 1e 30 93 5f 71 06 19 e5 1c |U.R.7!..0._q....|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 3d 29 da dc b6 5a 09 66 34 6e 00 |.....=)...Z.f4n.|
-00000010 65 8c 29 d2 18 bd 16 03 03 00 20 63 55 d1 84 7d |e.)....... cU..}|
-00000020 3e cc 2d f5 d3 48 c2 5c 72 d8 6b cf 69 b4 ed 5f |>.-..H.\r.k.i.._|
-00000030 07 96 53 13 1e 53 59 18 c1 bb c7 17 03 03 00 19 |..S..SY.........|
-00000040 30 5b 6d d2 26 db ef c1 a9 00 e6 ce 87 86 9b 71 |0[m.&..........q|
-00000050 dd fb aa 79 aa b6 39 1e 70 |...y..9.p|
+00000000 14 03 03 00 11 45 8e f9 74 04 d0 44 c6 94 80 60 |.....E..t..D...`|
+00000010 c1 50 7d b2 64 76 16 03 03 00 20 d5 65 8a b9 26 |.P}.dv.... .e..&|
+00000020 54 70 26 de c6 8a 8f 61 a3 b1 9e 8b 49 40 f7 24 |Tp&....a....I@.$|
+00000030 4f 75 e0 94 e6 e7 68 51 38 8a 37 17 03 03 00 19 |Ou....hQ8.7.....|
+00000040 42 7e 5a e2 46 7b ba 7d 0d 07 20 2a c0 56 fe aa |B~Z.F{.}.. *.V..|
+00000050 01 eb ca d2 29 1d ff 85 10 |....)....|
>>> Flow 11 (client to server)
-00000000 15 03 03 00 12 32 8f cd ef b8 3e 96 01 07 ca 0b |.....2....>.....|
-00000010 83 21 83 97 78 25 64 |.!..x%d|
+00000000 15 03 03 00 12 1d 01 c7 d5 d5 d1 ce 8c 52 15 8f |.............R..|
+00000010 75 1e 97 fa 38 5c 65 |u...8\e|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
index 983174f..006e2d7 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwice
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 34 8b db 6b 9e |....Y...U..4..k.|
-00000010 68 c3 92 09 72 4f 02 6c b9 7a ac 74 72 0b 32 01 |h...rO.l.z.tr.2.|
-00000020 f4 86 9e b5 53 db da 96 c2 65 2a 20 8f 89 24 79 |....S....e* ..$y|
-00000030 8a a5 38 7a 52 68 7a a9 cc d0 5a 04 4d ce 87 0e |..8zRhz...Z.M...|
-00000040 64 48 51 e0 00 cb 60 f0 b4 e9 99 27 cc a8 00 00 |dHQ...`....'....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 47 d0 f5 d9 f0 |....Y...U..G....|
+00000010 59 d1 bf 28 d0 39 36 c0 bc d1 25 fd 5a 63 18 06 |Y..(.96...%.Zc..|
+00000020 1e 8a 5c a6 6f d0 f9 b4 02 23 e1 20 df a0 2a 74 |..\.o....#. ..*t|
+00000030 1a 52 8b d9 90 01 c2 86 69 12 b8 13 58 aa 59 b0 |.R......i...X.Y.|
+00000040 66 79 ff 01 9b 9a 72 1c a6 83 e6 91 cc a8 00 00 |fy....r.........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -60,284 +60,284 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 63 06 67 5c 4e da 3f |........ c.g\N.?|
-000002d0 0a 02 78 46 92 fe 8f ed 41 ac 1a d5 04 e6 ca 4a |..xF....A......J|
-000002e0 7e 9c d0 32 e8 ee f3 9c 5d 08 04 00 80 c0 51 ba |~..2....].....Q.|
-000002f0 71 28 00 53 c6 40 63 20 d4 bd 52 60 d2 f6 e2 57 |q(.S.@c ..R`...W|
-00000300 ba 6f a8 bf 42 2a 11 b5 9a eb 9f b6 53 77 87 72 |.o..B*......Sw.r|
-00000310 ea 7d bf f8 f4 cf 1d 76 6c 03 75 9d df 88 b1 13 |.}.....vl.u.....|
-00000320 66 5c 43 41 1e 97 52 32 86 d0 22 3c f6 ca 90 a5 |f\CA..R2.."<....|
-00000330 ba cf 75 94 1f 22 93 c0 0c c9 82 a5 eb d2 07 85 |..u.."..........|
-00000340 a0 39 9e 5d fa 88 1f 62 25 09 c3 97 c1 1d 4e a2 |.9.]...b%.....N.|
-00000350 fe 98 96 b8 c0 eb b9 18 07 2d e1 cf 9b fd 25 ba |.........-....%.|
-00000360 93 fb 73 e5 7e 36 27 b3 11 00 58 95 f8 16 03 03 |..s.~6'...X.....|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 20 97 bd 85 2f cb 85 |........ .../..|
+000002d0 be a8 9c e3 ae 6b 23 a5 5b 18 65 5c f5 cc 24 2b |.....k#.[.e\..$+|
+000002e0 34 2c 5f c8 4d e9 86 35 0b 08 04 00 80 d2 b6 ee |4,_.M..5........|
+000002f0 86 76 aa 1d 9c 1c ee ef 0e 59 63 1d ec f1 cf a1 |.v.......Yc.....|
+00000300 f3 5b 6d da 99 9c 40 07 bf 28 ad 72 cd 80 6c 9d |.[m...@..(.r..l.|
+00000310 bf a2 20 33 2d d0 67 ef 90 28 88 2b d0 8e c6 9d |.. 3-.g..(.+....|
+00000320 87 7a 18 8f 80 ce 25 92 13 8d ef 38 0a 14 f9 67 |.z....%....8...g|
+00000330 88 94 ef af 97 d2 21 90 9e 24 2f af 1e bb fa 10 |......!..$/.....|
+00000340 4c a7 9f f5 27 63 e6 d8 1a 86 53 c6 3c 15 a8 6c |L...'c....S.<..l|
+00000350 b9 bc 8f c4 38 1a 4b 34 36 ec af b2 1e d0 bf 58 |....8.K46......X|
+00000360 74 36 ad fb e4 f0 fd 9d 6d 01 cf 51 6c 16 03 03 |t6......m..Ql...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 02 50 f6 74 83 31 96 36 c1 22 99 |.... .P.t.1.6.".|
-00000040 1d d7 99 b2 8c 2b 04 3a bd 3e 19 e5 ef 71 dc 72 |.....+.:.>...q.r|
-00000050 b2 0d c8 d1 3f |....?|
+00000030 16 03 03 00 20 e8 d5 df da 49 9a 94 10 30 90 81 |.... ....I...0..|
+00000040 c6 19 54 d4 0d e2 0d e0 d9 a3 c0 21 7f a6 d1 cc |..T........!....|
+00000050 ea 75 2e 17 01 |.u...|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 9b a3 02 3e 55 |.......... ...>U|
-00000010 4a e6 4c 7f 9a a6 a2 65 bd 74 ff ad c5 ce 43 21 |J.L....e.t....C!|
-00000020 d3 b1 d1 89 0c 15 7d 7d a7 d8 4c |......}}..L|
+00000000 14 03 03 00 01 01 16 03 03 00 20 f3 92 03 fb 7b |.......... ....{|
+00000010 0f 32 0b 5b dd 9e eb c3 26 2c 92 4d 58 35 a8 96 |.2.[....&,.MX5..|
+00000020 74 d6 d8 0f 61 b2 7d b6 8d ec e6 |t...a.}....|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 4c 5e 0a 69 e1 e8 fc 52 f0 3d ea |.....L^.i...R.=.|
-00000010 33 f5 02 6b 47 49 cd a5 b5 94 4e |3..kGI....N|
+00000000 17 03 03 00 16 ab 69 44 d0 fe 95 93 ae f9 1b d7 |......iD........|
+00000010 33 6c 59 a5 41 cc d2 1b ca 2c 63 |3lY.A....,c|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 6a 8d 46 e1 33 c6 63 9d 27 3e e8 |.....j.F.3.c.'>.|
-00000010 7f 31 74 7f 4f 60 b3 f7 aa |.1t.O`...|
+00000000 16 03 03 00 14 99 96 92 c4 82 c8 27 77 a6 f4 ca |...........'w...|
+00000010 e5 5b ff 78 bc 54 b6 d7 cd |.[.x.T...|
>>> Flow 7 (client to server)
-00000000 16 03 03 01 16 6f 4d 64 ff 20 fa 1c 19 26 bc 99 |.....oMd. ...&..|
-00000010 ec 09 be e7 6d 88 73 1e 4f c6 74 35 f7 5c b3 e5 |....m.s.O.t5.\..|
-00000020 f6 d1 2a 90 7f c3 34 dc 83 6b a9 f1 32 01 a1 84 |..*...4..k..2...|
-00000030 0c 4c 06 db 88 d4 19 31 d2 46 1f 2c 3d 13 75 5b |.L.....1.F.,=.u[|
-00000040 f3 e5 d0 b7 a8 4f 2c b2 89 35 78 82 78 b7 f5 c6 |.....O,..5x.x...|
-00000050 ea a2 1d f3 24 9d e2 01 25 e2 96 a1 06 57 5c 50 |....$...%....W\P|
-00000060 d6 5b 56 24 18 6e b4 ce 6a 2e c7 01 65 99 3f 35 |.[V$.n..j...e.?5|
-00000070 c1 07 48 75 ad 0b 1a b3 58 df 83 42 f8 78 eb 92 |..Hu....X..B.x..|
-00000080 e8 70 c9 34 af db e8 d6 b0 c8 37 ac b2 d7 18 ba |.p.4......7.....|
-00000090 a3 1d 35 09 2e 2f 82 e0 3a 68 fd 7f ba 4d 5c 5c |..5../..:h...M\\|
-000000a0 6c 6d ac 24 60 bf e0 37 a9 17 8d 6d 8a 69 96 23 |lm.$`..7...m.i.#|
-000000b0 4f c7 53 a0 48 65 58 cc 01 03 df 33 36 5a 8a 7e |O.S.HeX....36Z.~|
-000000c0 3f 84 33 26 3f 02 66 48 82 22 22 b7 7d 62 7e 56 |?.3&?.fH."".}b~V|
-000000d0 94 df 43 df 08 fc 70 f6 bb 1a dd 19 b1 ea ea a2 |..C...p.........|
-000000e0 6f 36 ab b0 d2 77 e6 c8 f6 70 a6 a6 a3 0d ab c8 |o6...w...p......|
-000000f0 dc d1 9b a2 05 43 44 0c 17 8d 47 86 55 77 56 34 |.....CD...G.UwV4|
-00000100 d7 71 2c 75 9a d4 70 e4 77 5e 1a b7 b1 13 ae 14 |.q,u..p.w^......|
-00000110 d0 99 a0 9e 50 9c 35 94 4d 34 e5 |....P.5.M4.|
+00000000 16 03 03 01 16 d9 6a 26 33 e5 d8 df 32 d1 f5 84 |......j&3...2...|
+00000010 1f 37 7f 07 6a ae be 20 84 20 dc 28 31 8e 46 32 |.7..j.. . .(1.F2|
+00000020 0b 96 c8 22 28 fb 98 d9 8e 6f 6d 97 66 55 e2 1e |..."(....om.fU..|
+00000030 b5 b8 e4 9b 52 25 28 c2 72 cb 9e 14 4c ba 58 6c |....R%(.r...L.Xl|
+00000040 3b 33 da 56 db fe 14 d3 4c b4 ce a9 57 64 ae 4e |;3.V....L...Wd.N|
+00000050 5f c5 a7 e6 f4 01 51 d7 81 f4 1d ca fa 3f 86 e7 |_.....Q......?..|
+00000060 9f 64 28 6e 3f e4 ef 79 77 20 64 45 ed a2 16 e1 |.d(n?..yw dE....|
+00000070 b4 63 99 9f 62 6d b7 6d f4 ad 1f fe d9 de 00 84 |.c..bm.m........|
+00000080 4b bb 0c bc c8 82 a8 1d 8a ac f6 10 2d 5d d4 c7 |K...........-]..|
+00000090 37 f8 fc 89 24 ea c4 b8 87 f4 f4 f0 4b cd db e2 |7...$.......K...|
+000000a0 15 03 95 1e c1 10 7c e8 6d 99 6c e0 bc e1 0a a5 |......|.m.l.....|
+000000b0 d8 36 eb 59 93 6d 1c 96 1c 61 1b 11 36 04 58 6b |.6.Y.m...a..6.Xk|
+000000c0 c5 b0 fb 8e 9f 21 4a 25 a1 59 ee 5d 1b e3 e3 98 |.....!J%.Y.]....|
+000000d0 71 0a d8 3f 18 f2 b2 1c 6f ec 6d 87 13 b9 d3 25 |q..?....o.m....%|
+000000e0 53 c1 00 78 be 99 82 f6 27 05 24 01 10 1c 59 19 |S..x....'.$...Y.|
+000000f0 94 6a af 7e e5 ae c5 03 14 04 e2 fe 5e 59 e8 e0 |.j.~........^Y..|
+00000100 45 3d af c0 40 ea 84 0a 13 9c d3 0f d4 69 3f 3e |E=..@........i?>|
+00000110 97 83 ac b5 b9 07 56 9a 19 44 ca |......V..D.|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 28 ba 2e 7a 2b 59 83 ae aa ba c7 |.....(..z+Y.....|
-00000010 d7 49 a5 ca c0 fc 8b 49 f5 10 77 ac e7 ae 12 de |.I.....I..w.....|
-00000020 0d ad 0e 2c d9 ee 99 c4 95 7b 09 b2 91 27 44 6a |...,.....{...'Dj|
-00000030 7c 08 ce bb 98 4a 1c 8c 47 30 21 c7 5d 1e 86 39 ||....J..G0!.]..9|
-00000040 79 07 48 2a ac 90 7b 26 46 6a a5 b1 7c df fa ae |y.H*..{&Fj..|...|
-00000050 0f 20 c8 f0 b5 65 57 2b d5 1f 14 cc bc 7e 94 42 |. ...eW+.....~.B|
-00000060 b6 30 c1 d7 eb 8d 39 0f 65 7a b7 d0 38 21 eb b0 |.0....9.ez..8!..|
-00000070 2d 04 5a 8b 9c 8b 24 91 fe de ac 1f f5 4f aa 74 |-.Z...$......O.t|
-00000080 71 e1 98 8b df 2f 16 03 03 02 69 fb 1f be be 41 |q..../....i....A|
-00000090 51 00 c5 48 bc a3 18 78 2c dc e3 59 d2 0d 23 c7 |Q..H...x,..Y..#.|
-000000a0 2b 03 f3 ce 08 81 62 8a e9 59 52 06 2a cd 7f fe |+.....b..YR.*...|
-000000b0 f4 58 5a a4 6c d1 fa f2 1e 31 7e c5 14 39 dc 37 |.XZ.l....1~..9.7|
-000000c0 27 4f 70 ef 79 7e b1 d1 32 1b 3c cf 08 e2 8a 44 |'Op.y~..2.<....D|
-000000d0 56 48 ea 85 8b 86 1d 77 ea 75 f2 c6 8b 14 9d 57 |VH.....w.u.....W|
-000000e0 17 87 29 64 e1 ef 1a 46 25 ed e1 d3 e6 90 63 8d |..)d...F%.....c.|
-000000f0 30 b6 4d 3c 98 68 45 95 78 11 2c c5 4e 2c 2b 3a |0.M<.hE.x.,.N,+:|
-00000100 a8 8b 02 1c b9 15 09 ea 59 30 c7 a8 d5 28 f3 45 |........Y0...(.E|
-00000110 77 eb bc bc 4a d9 82 4a 7d 8b 5e e1 36 17 ba 95 |w...J..J}.^.6...|
-00000120 34 ea 7e d7 b8 0d 8c 63 07 30 d9 07 49 df b0 ea |4.~....c.0..I...|
-00000130 aa 5e 95 7f 90 ab 09 79 31 88 27 00 9e bd 84 5b |.^.....y1.'....[|
-00000140 ab f6 be 18 10 42 11 49 bd ce 42 dc 2b ae 8f 00 |.....B.I..B.+...|
-00000150 a1 74 5a d1 e3 0b ba 62 57 5f 0e 65 e4 13 ce 78 |.tZ....bW_.e...x|
-00000160 b1 da 89 03 f6 42 cd 1b fe 03 0c f4 89 77 07 bd |.....B.......w..|
-00000170 fa 07 5a 4a 86 1f 47 15 2a 18 ec 26 36 e9 c7 04 |..ZJ..G.*..&6...|
-00000180 75 bb 66 e1 32 97 65 e2 e8 2c b1 bc 39 14 3a d6 |u.f.2.e..,..9.:.|
-00000190 77 d0 15 32 e5 58 eb 49 52 15 c6 d6 9c 4e 2d 97 |w..2.X.IR....N-.|
-000001a0 5c 59 5a 51 11 71 1e 3b 1e 25 b8 20 ef 16 d0 27 |\YZQ.q.;.%. ...'|
-000001b0 f9 ad 01 61 96 8c 50 a2 60 86 99 8c b3 cf 04 07 |...a..P.`.......|
-000001c0 de 8a b3 85 53 95 28 e7 6c db 26 42 b2 6c 51 3c |....S.(.l.&B.lQ<|
-000001d0 b7 54 98 ff 78 48 b2 8e 11 b9 3b 59 b9 38 0b 48 |.T..xH....;Y.8.H|
-000001e0 ac 11 b3 0c b2 f7 98 58 64 ce 16 ae 78 9f 39 ce |.......Xd...x.9.|
-000001f0 20 2b c3 14 74 54 17 54 8e a1 b7 ed 48 77 37 a0 | +..tT.T....Hw7.|
-00000200 12 18 77 b2 ab 51 d2 e3 fc 6a af b3 a2 4b 60 87 |..w..Q...j...K`.|
-00000210 fb f9 0c e8 33 84 e1 6b 95 f0 af 04 c3 c7 b7 0d |....3..k........|
-00000220 bd f2 a6 26 f4 b2 15 c0 9e 90 1b cf 66 3f f8 1e |...&........f?..|
-00000230 64 bf 91 30 b9 2f 31 5b 76 99 67 50 6e b3 fa 00 |d..0./1[v.gPn...|
-00000240 1f 1f 50 1d 52 ea f9 98 7d 59 3a 1d 10 b5 cf 00 |..P.R...}Y:.....|
-00000250 49 a6 72 78 2c e8 2a b2 64 38 34 55 25 b1 4f f7 |I.rx,.*.d84U%.O.|
-00000260 3d 5d 18 d8 63 c4 34 b9 78 15 19 c8 6c d8 03 e9 |=]..c.4.x...l...|
-00000270 0b cb bd 0c b1 32 9c 32 57 ad 7f bd cd db 99 77 |.....2.2W......w|
-00000280 7f 2a 01 60 c6 ce 99 a9 a0 17 ae 02 0c 72 67 b2 |.*.`.........rg.|
-00000290 0e d3 24 c4 88 96 7f ab c2 46 fb fe 47 b0 72 a0 |..$......F..G.r.|
-000002a0 87 6b 22 00 ee 97 ce 13 eb ab 5b 41 2e 60 79 a1 |.k".......[A.`y.|
-000002b0 4b d1 8f d2 d0 5b 02 77 9c 29 1e ea 3e 30 a9 8f |K....[.w.)..>0..|
-000002c0 07 b7 22 2a d7 64 50 cf 0a 34 6b db b8 8d e4 f6 |.."*.dP..4k.....|
-000002d0 50 71 65 54 0f e0 87 93 ca 3e 1b 68 29 2f d9 dd |PqeT.....>.h)/..|
-000002e0 15 76 f0 c3 1c a4 ca e9 5f 17 29 87 bb 0a 5b 74 |.v......_.)...[t|
-000002f0 6c 2d 13 63 16 03 03 00 bc a6 81 fa a1 7b 6e 54 |l-.c.........{nT|
-00000300 0b 47 30 a5 e9 ca e6 86 db f9 af 19 5e fe ae a6 |.G0.........^...|
-00000310 91 c8 e9 c0 c5 17 b4 a6 2b cd 40 ee 9e fc 2d ef |........+.@...-.|
-00000320 8c 68 6c ce 05 66 b1 80 7d 6f 07 91 6e 9f 23 ab |.hl..f..}o..n.#.|
-00000330 f2 a7 d1 99 d1 5f ed 58 b1 aa 7f 31 f4 7f 2a ea |....._.X...1..*.|
-00000340 3e 21 a0 4e 1c 49 d9 ab 1e 43 84 dc 42 cf f5 75 |>!.N.I...C..B..u|
-00000350 ae fc 97 a3 e7 b8 51 1b 68 1b f5 83 2b 2d b0 a5 |......Q.h...+-..|
-00000360 7c f9 f2 21 c1 68 d9 e2 4f bf f5 1e e6 90 7b 54 ||..!.h..O.....{T|
-00000370 2c 45 d2 35 a1 5c da 57 be ce 90 a7 56 90 f2 55 |,E.5.\.W....V..U|
-00000380 08 9e b1 52 09 12 b9 f1 8b fd fb 1a f2 9f 39 bf |...R..........9.|
-00000390 73 c2 9c dc 6c 0f 19 9b 37 ec 91 86 27 ec 1a e8 |s...l...7...'...|
-000003a0 92 f8 a2 05 71 12 e6 8b 04 0c f3 b4 4d 93 d4 b4 |....q.......M...|
-000003b0 69 7b c3 9c 22 16 03 03 00 4a ba fe c0 02 30 02 |i{.."....J....0.|
-000003c0 33 02 67 87 19 20 13 90 48 80 a1 93 97 cc a6 26 |3.g.. ..H......&|
-000003d0 51 14 4d 2b 60 3d da 72 f0 99 51 2a 8b b4 54 ff |Q.M+`=.r..Q*..T.|
-000003e0 47 6b 6c b4 6a 92 a9 9c 3c c0 ee ae 79 25 de 17 |Gkl.j...<...y%..|
-000003f0 61 cf 06 37 6f 84 e8 b8 4c 7b 9a c1 a1 ff 6e c5 |a..7o...L{....n.|
-00000400 f3 0b 7d 8d 16 03 03 00 14 a9 38 b9 f0 df 71 c5 |..}.......8...q.|
-00000410 1f fa 77 04 1e b4 4c 2b 64 01 e6 59 cb |..w...L+d..Y.|
+00000000 16 03 03 00 81 4b d8 09 ef 6a 5b a2 c2 e0 2c b3 |.....K...j[...,.|
+00000010 fa e9 21 b3 64 c7 51 8d d4 14 14 ba 7b 2f f8 1a |..!.d.Q.....{/..|
+00000020 e9 f8 7a 69 8b 0b b4 5f 26 c5 b6 2e dd c9 90 04 |..zi..._&.......|
+00000030 7d af fd 56 f7 9a 0d 56 09 6c 74 48 49 74 90 71 |}..V...V.ltHIt.q|
+00000040 e1 ee 66 4c 1a da 66 43 50 fa 94 2c 84 21 10 f0 |..fL..fCP..,.!..|
+00000050 00 85 a7 c2 ea 73 19 52 b7 f2 2a e8 17 17 23 67 |.....s.R..*...#g|
+00000060 b6 80 d6 3f e0 a1 ed 81 66 89 0a 0d 48 9f 7f dc |...?....f...H...|
+00000070 79 c4 27 9b c0 b8 68 ef 2a 5b ab df 8f 82 d6 ff |y.'...h.*[......|
+00000080 84 38 f8 a4 f2 98 16 03 03 02 69 1f c6 1c dc 85 |.8........i.....|
+00000090 f1 66 8d 7f 7f aa 36 cd c6 d4 cc 38 c8 8d 98 75 |.f....6....8...u|
+000000a0 92 d2 db b4 49 0c 09 cc af e6 5b 07 64 76 34 c8 |....I.....[.dv4.|
+000000b0 41 49 85 5e b4 68 ac 35 04 72 00 70 33 f7 5f a7 |AI.^.h.5.r.p3._.|
+000000c0 84 40 34 03 2f 89 25 06 a1 50 dc ea d7 c4 29 57 |.@4./.%..P....)W|
+000000d0 f9 5b 57 63 14 02 1e 74 db 5d 02 cf c4 f1 89 f6 |.[Wc...t.]......|
+000000e0 6a 77 ce 87 5c 3a 61 b8 7d 02 f0 0e 6e 85 2a 51 |jw..\:a.}...n.*Q|
+000000f0 d8 ad 4a 9f 65 04 4c 00 d0 35 76 01 dc 03 cf ca |..J.e.L..5v.....|
+00000100 6b 11 83 9e 70 33 82 f6 cb eb 4c da 44 76 89 ab |k...p3....L.Dv..|
+00000110 d4 65 01 e6 08 7b 2a 3d 49 02 39 85 e8 ff 53 fd |.e...{*=I.9...S.|
+00000120 d0 ce 2a f0 11 3c 02 8f bd b8 2f ea 81 a1 64 10 |..*..<..../...d.|
+00000130 7b c2 8b 72 f3 32 7b 36 80 13 17 8b 83 dc ce 3a |{..r.2{6.......:|
+00000140 29 44 06 66 c9 c3 83 cc 28 38 c5 02 7c 3d b6 30 |)D.f....(8..|=.0|
+00000150 55 07 a0 08 bb b3 e1 1e a8 a5 74 60 51 be ee dd |U.........t`Q...|
+00000160 aa 83 09 e9 f3 c7 a5 1e 20 fc 6d d5 82 af f5 b6 |........ .m.....|
+00000170 5b 23 dd 81 ce 78 5a 3c 92 c3 96 e1 aa e5 ad 24 |[#...xZ<.......$|
+00000180 da 89 41 44 8b 0b 42 df e5 28 11 8e 9a e0 06 51 |..AD..B..(.....Q|
+00000190 80 93 15 31 ec 8c 3e 60 92 ab a5 ec 25 5c c5 10 |...1..>`....%\..|
+000001a0 ac 0f 01 1b c4 36 d5 f0 52 c7 0b f7 9b 40 9b c0 |.....6..R....@..|
+000001b0 18 ad 1c eb 49 ed 8e 27 b6 35 b4 20 e0 e6 df 04 |....I..'.5. ....|
+000001c0 69 d6 b5 56 04 30 d4 3d b0 9f e6 21 66 e7 97 cb |i..V.0.=...!f...|
+000001d0 2f bd b2 b2 c1 be 4b 4f 6e 88 60 a1 cb eb b4 86 |/.....KOn.`.....|
+000001e0 92 07 da 3c fa 8b 1a de 1c e7 6b c0 53 70 e7 ee |...<......k.Sp..|
+000001f0 2f 70 4f e0 2a a3 b4 dc af 64 4f 5a 44 f9 ff fc |/pO.*....dOZD...|
+00000200 7f 2f 7e 22 13 47 ed f4 ec 0c fa 01 21 e3 c1 d6 |./~".G......!...|
+00000210 c7 53 f4 de 6c 91 c5 85 bd 3c a7 f3 d6 e7 f3 31 |.S..l....<.....1|
+00000220 13 59 b7 ee 0b f7 6a 88 76 94 ab 45 41 9e ab d7 |.Y....j.v..EA...|
+00000230 71 59 7e 45 ed 4d a0 12 4a 81 6a 15 05 a9 21 94 |qY~E.M..J.j...!.|
+00000240 40 f0 1d aa 7e b3 d4 6d a6 ff 46 94 e6 d0 16 46 |@...~..m..F....F|
+00000250 60 ac c5 15 94 d5 f7 76 1e 8b 90 e6 17 ff 5c 21 |`......v......\!|
+00000260 d0 f9 98 25 0f 98 8b 6c 0f 2c 2a 92 0a f0 90 3d |...%...l.,*....=|
+00000270 ef 9a 40 67 21 83 f7 5c 95 24 97 f6 45 51 81 4c |..@g!..\.$..EQ.L|
+00000280 4b e1 64 0a f5 dd 02 fd 8d 21 d1 ef f8 96 70 4b |K.d......!....pK|
+00000290 58 aa 3c f9 b1 f1 e9 fd 31 ea fc 68 4b c9 fa 79 |X.<.....1..hK..y|
+000002a0 6d 2e 54 d7 1c 9d 5d 62 fc 43 2f cb 6a 48 4d 2e |m.T...]b.C/.jHM.|
+000002b0 07 71 7b f2 b3 e6 08 8b 13 ca f0 e9 c1 d2 cc 7a |.q{............z|
+000002c0 9a 49 e9 7b aa e8 bb d2 cf 97 73 b8 9a 3f 8b 01 |.I.{......s..?..|
+000002d0 b9 cf c6 81 fd 99 fc c9 43 08 35 2c a0 fb 38 32 |........C.5,..82|
+000002e0 8b d8 5b d4 20 41 a0 57 e6 34 c1 d8 66 6e 16 e7 |..[. A.W.4..fn..|
+000002f0 78 4f e8 58 16 03 03 00 bc d3 91 f3 88 2f ec 1c |xO.X........./..|
+00000300 da 94 cb b0 69 70 a2 41 4c fd 40 0d a0 97 01 34 |....ip.AL.@....4|
+00000310 35 83 e6 3f a8 b0 c9 26 8d f1 8a c1 f6 a6 ab a4 |5..?...&........|
+00000320 63 65 5a 10 38 d2 87 a7 8d ae ca 9e c6 23 7e c6 |ceZ.8........#~.|
+00000330 c8 45 37 e8 7c 4b 40 5a 5b 68 19 bb 36 83 81 41 |.E7.|K@Z[h..6..A|
+00000340 b2 fe 7c 39 7e 9f 95 3a 45 2e 9f 96 35 26 81 73 |..|9~..:E...5&.s|
+00000350 4d 0f c3 09 61 32 eb 64 4b 46 76 c1 0e ca cf 02 |M...a2.dKFv.....|
+00000360 6a f3 75 f3 bf aa b0 f8 43 e3 6b d1 c4 27 3e fe |j.u.....C.k..'>.|
+00000370 06 a2 49 e4 bb 56 c5 c0 5d 36 81 06 97 ed ff a2 |..I..V..]6......|
+00000380 99 78 43 0a c5 20 df a3 ac b7 8f 61 a2 ff 48 66 |.xC.. .....a..Hf|
+00000390 ea c1 b6 57 38 fc 36 7c dd 30 b5 ce 58 b1 18 82 |...W8.6|.0..X...|
+000003a0 e5 2a 54 d8 4d da f1 fc 98 06 97 43 d5 dc d9 3e |.*T.M......C...>|
+000003b0 d4 f8 a3 76 9c 16 03 03 00 4a 78 c0 f2 02 60 a4 |...v.....Jx...`.|
+000003c0 8e 9a cd 31 30 e9 16 df ce 98 bb 95 50 a0 05 48 |...10.......P..H|
+000003d0 6c c2 ce c5 e2 77 f2 4a d0 45 80 97 98 d4 38 d1 |l....w.J.E....8.|
+000003e0 90 04 91 48 cb 52 40 d3 a4 cb 8d 68 dc 64 9c 07 |...H.R@....h.d..|
+000003f0 cb 8c b9 3b f8 44 fe 47 69 67 fb 2d ab 44 db d0 |...;.D.Gig.-.D..|
+00000400 58 55 83 81 16 03 03 00 14 51 82 e0 57 8e cb 4a |XU.......Q..W..J|
+00000410 d4 59 6e 58 f7 6d 44 3f f5 83 64 52 51 |.YnX.mD?..dRQ|
>>> Flow 9 (client to server)
-00000000 16 03 03 02 69 fb 20 8a eb 44 f8 0a 95 61 0a 01 |....i. ..D...a..|
-00000010 48 6c ef 59 52 6f 99 7d 6e ce 7e 00 5e 67 f4 cd |Hl.YRo.}n.~.^g..|
-00000020 19 08 39 12 a0 43 44 59 0f 9c 21 34 06 fe 09 6f |..9..CDY..!4...o|
-00000030 3d de 99 a3 f8 96 03 12 78 eb 76 a7 ee 09 b4 49 |=.......x.v....I|
-00000040 50 42 48 09 f1 7b 54 aa e9 45 73 29 e8 41 47 9a |PBH..{T..Es).AG.|
-00000050 d5 8c fa bc f8 54 96 23 30 cb 36 ac cd 75 a4 16 |.....T.#0.6..u..|
-00000060 ee 88 cc 74 25 5d 2e e2 88 d9 9d dc 87 bd 77 8b |...t%]........w.|
-00000070 ac 98 20 34 cb c7 1c 71 44 b1 3c a6 42 11 bd 20 |.. 4...qD.<.B.. |
-00000080 65 74 c3 36 c9 e3 6d ae 7e 37 9a b7 33 d8 6c 11 |et.6..m.~7..3.l.|
-00000090 93 49 a4 e8 14 11 27 72 9c c8 44 75 21 5d 82 1e |.I....'r..Du!]..|
-000000a0 71 ca 7d 46 95 5f 2e c4 80 be 90 2f 5a 13 92 28 |q.}F._...../Z..(|
-000000b0 dc 54 5b e6 a0 9c c7 f8 bd 97 bd e5 6c 05 d2 68 |.T[.........l..h|
-000000c0 c3 f3 54 1c 9e bc a3 20 c1 de f1 e7 3a 7e 5a fd |..T.... ....:~Z.|
-000000d0 4f 22 f7 d4 e7 19 fb 94 6f fd bd 15 39 bf 9e 4b |O"......o...9..K|
-000000e0 63 35 19 0b 59 28 47 f3 56 ae 4c 13 50 30 b5 d1 |c5..Y(G.V.L.P0..|
-000000f0 d1 a9 a2 32 dc 23 5e 47 e9 dd 8c d5 32 12 d9 0d |...2.#^G....2...|
-00000100 78 04 bc ae f9 81 5c e3 05 88 c9 89 72 c6 7d 86 |x.....\.....r.}.|
-00000110 c6 55 aa 39 cd 9e 9e 5e ce 00 ce 51 fa 54 ee ba |.U.9...^...Q.T..|
-00000120 64 a6 9c a8 88 00 a8 ed 6a 7a 63 cc d8 60 a4 52 |d.......jzc..`.R|
-00000130 a9 2f 23 c5 ca 96 12 d5 ec 11 46 84 1f d3 43 74 |./#.......F...Ct|
-00000140 db 87 13 42 18 71 b9 ff 18 d4 3b b5 c5 87 c8 c0 |...B.q....;.....|
-00000150 91 fb 8c 7e c8 39 77 0e e0 52 bb 58 18 fa d8 5a |...~.9w..R.X...Z|
-00000160 e0 e5 ab 4b 08 36 be 1d 6a ae a3 44 af 54 90 2f |...K.6..j..D.T./|
-00000170 4f fb bc a5 d4 be c2 74 4e a1 22 61 10 09 5e 35 |O......tN."a..^5|
-00000180 1c ab 1c 73 de 20 37 38 d0 5f 6c 24 f8 8d 79 22 |...s. 78._l$..y"|
-00000190 0a b0 53 86 04 1e 73 36 57 dc c0 fb 98 15 ea 5e |..S...s6W......^|
-000001a0 85 1d 8f 7f 7a 59 27 8d ce 5d df 29 c8 4d 10 d2 |....zY'..].).M..|
-000001b0 87 79 9b 60 ff 17 a1 24 41 0d 12 99 dc ad ad 76 |.y.`...$A......v|
-000001c0 00 74 a3 5a 73 9e 0c f4 90 0e bb 5a 11 5a 89 c7 |.t.Zs......Z.Z..|
-000001d0 71 79 1a 72 f9 6f 19 6d eb 29 32 39 4d da 69 e4 |qy.r.o.m.)29M.i.|
-000001e0 e9 f8 3a b0 b8 10 76 c0 21 3b 95 76 ec 01 7d f2 |..:...v.!;.v..}.|
-000001f0 10 15 5f 1d 94 b1 13 e8 ca c4 07 c4 aa d1 50 65 |.._...........Pe|
-00000200 5b 1f e9 ec 50 52 f6 33 38 e7 16 e4 e5 78 29 a1 |[...PR.38....x).|
-00000210 41 6c 4f dc 07 bb 28 59 7f 1d cb 61 4d 2d 1e 43 |AlO...(Y...aM-.C|
-00000220 b5 d5 8f b8 84 ec 4d 1c c7 5c 62 b7 21 71 83 74 |......M..\b.!q.t|
-00000230 58 3b 70 92 c8 c8 af 7d f6 da 75 9d 30 99 cf 33 |X;p....}..u.0..3|
-00000240 4e f0 8f 5e 44 1b 0d 35 83 80 b9 8c 80 23 a6 29 |N..^D..5.....#.)|
-00000250 34 0c 88 8f 55 da 85 f8 92 89 4c 34 6a 73 98 bd |4...U.....L4js..|
-00000260 86 70 11 7e a3 b7 04 0a 24 07 34 6c 06 64 16 03 |.p.~....$.4l.d..|
-00000270 03 00 35 08 d2 96 51 e2 6f 68 ae 19 04 9c 59 e4 |..5...Q.oh....Y.|
-00000280 09 72 da 6a 8e ee 4f 87 b3 b3 1e 89 0b a5 45 32 |.r.j..O.......E2|
-00000290 98 a4 f3 af 64 d7 71 37 2a a5 d4 53 5a 0a 03 05 |....d.q7*..SZ...|
-000002a0 d6 33 c2 ff 5f 2d 6d 94 16 03 03 00 98 49 3c 15 |.3.._-m......I<.|
-000002b0 0a e5 ac 39 54 97 f5 2a dd 05 02 87 16 1c 6c ae |...9T..*......l.|
-000002c0 4e 62 1e 27 81 54 66 13 9a d1 1d d2 2c 5b 17 20 |Nb.'.Tf.....,[. |
-000002d0 a4 69 b5 69 ec 3a 59 bd 8b d2 5d f3 84 c7 65 a2 |.i.i.:Y...]...e.|
-000002e0 ad 02 57 bf 3f 72 c5 ce 61 24 09 7e e4 f4 2a a6 |..W.?r..a$.~..*.|
-000002f0 81 29 d0 9c 0f c5 d5 67 7a b0 e4 42 2f a5 5f 00 |.).....gz..B/._.|
-00000300 42 ea ef 8b c8 55 c6 c4 27 26 e5 f7 57 2e 35 f8 |B....U..'&..W.5.|
-00000310 e2 cc 41 6a 29 e2 66 b3 44 fe 2b f9 de 7d 32 96 |..Aj).f.D.+..}2.|
-00000320 96 e6 cf 57 2c b8 73 bc e2 c2 89 20 8a 71 d3 03 |...W,.s.... .q..|
-00000330 02 7e 95 ef 94 f6 68 b5 94 4b b4 ec a4 e0 10 42 |.~....h..K.....B|
-00000340 c4 9e f2 28 dd 14 03 03 00 11 96 52 4d c7 17 35 |...(.......RM..5|
-00000350 cf 9a 66 5f 73 c3 f5 40 60 12 11 16 03 03 00 20 |..f_s..@`...... |
-00000360 67 eb 03 bf 5c 0f b8 d5 7d e4 14 0a 81 32 50 2a |g...\...}....2P*|
-00000370 6b 02 53 f6 37 00 ef ef 8a 5f ee 3a bf 5b 84 b9 |k.S.7...._.:.[..|
+00000000 16 03 03 02 69 96 85 13 d5 b1 07 ec bb 1c c1 be |....i...........|
+00000010 a3 42 10 c8 e0 ec f8 f1 67 29 d5 52 ef bb 32 e8 |.B......g).R..2.|
+00000020 7b e5 a7 3f ab 71 2d 74 20 f7 8a a7 1f bf 7c 4b |{..?.q-t .....|K|
+00000030 8b 95 db 07 3c ad 86 5e b3 98 32 e9 5a ce 96 08 |....<..^..2.Z...|
+00000040 c5 64 44 27 fb bc 44 29 49 44 32 3f 64 e8 86 1b |.dD'..D)ID2?d...|
+00000050 54 63 74 3d a1 99 4d 4a 3e 5a 76 71 39 81 de df |Tct=..MJ>Zvq9...|
+00000060 90 e4 f6 ac 96 15 0b 70 ad 7e 8a 1d 69 86 65 6e |.......p.~..i.en|
+00000070 63 bf fb f2 6f 21 d5 66 ad f1 b1 09 05 04 f9 09 |c...o!.f........|
+00000080 0e 0c 12 74 c1 cd f1 5e fa f1 1b cd 3b 2b 13 8f |...t...^....;+..|
+00000090 fb f6 fd b0 ca ea 73 1b 38 ad db 6b fd 29 34 db |......s.8..k.)4.|
+000000a0 51 4a 44 97 a7 2f 2a 98 d6 cc d5 c4 b9 17 23 ab |QJD../*.......#.|
+000000b0 09 27 15 a5 35 3b 2b 7e b2 3b fd 12 1b 11 90 4d |.'..5;+~.;.....M|
+000000c0 81 1b 84 bb fd 72 09 31 5e 78 0e f6 b6 60 44 bb |.....r.1^x...`D.|
+000000d0 6c 06 72 0b ba ba 60 f6 c1 cb 7e 45 a9 25 44 3d |l.r...`...~E.%D=|
+000000e0 ba da 71 99 bb 79 b3 73 ef eb c2 cc 07 87 76 f5 |..q..y.s......v.|
+000000f0 e9 7c d9 47 8c fc 7d b7 a0 70 72 04 1e 3d 9b 2f |.|.G..}..pr..=./|
+00000100 85 9f c8 2f d9 20 4e 00 97 d6 dd dc ae a1 04 96 |.../. N.........|
+00000110 83 e1 4f f3 0d ad 9c ce 5f e7 7b 88 7a b7 d2 ce |..O....._.{.z...|
+00000120 0a 61 95 d2 78 e3 45 a8 10 5e d9 ae d2 e1 22 bf |.a..x.E..^....".|
+00000130 59 9c 4a 2c 28 fb c1 b6 89 3b 65 8c 94 a9 f0 7c |Y.J,(....;e....||
+00000140 86 98 8f 22 c4 18 47 e4 f0 b9 42 dd 34 ab 2a 8e |..."..G...B.4.*.|
+00000150 fc 8f ce 09 ec 6f 57 6b d1 ab 32 fd 84 e2 9f 7e |.....oWk..2....~|
+00000160 f5 b7 5d 26 aa 37 da e9 f3 18 6f 56 74 03 ff 1e |..]&.7....oVt...|
+00000170 87 95 fb 93 57 2e 32 fb b3 cf d2 0d 42 02 4f 6a |....W.2.....B.Oj|
+00000180 9e de ee 6a e6 7e e5 d2 ba cb 00 5d ff b4 6d 7f |...j.~.....]..m.|
+00000190 23 5e 93 be e9 3a c1 b4 78 30 53 90 07 e4 a7 af |#^...:..x0S.....|
+000001a0 da e1 29 7d 50 a5 76 ec a8 5e 96 50 45 26 c4 9d |..)}P.v..^.PE&..|
+000001b0 c1 99 98 c6 1a bf 93 c1 63 b3 0a 2d af c8 29 7d |........c..-..)}|
+000001c0 ef b2 d3 8f aa 93 fb be 39 c0 a1 65 51 e8 6e c4 |........9..eQ.n.|
+000001d0 45 cb 2a 52 b7 ec e0 48 c0 b2 cc c7 72 12 18 e0 |E.*R...H....r...|
+000001e0 c7 9f fa 09 97 95 16 9f f4 5d 70 c5 d6 7f 23 d5 |.........]p...#.|
+000001f0 53 98 d0 80 50 9b 52 46 11 d4 97 ea 47 26 f5 6f |S...P.RF....G&.o|
+00000200 66 7b 8a cc f8 8d 70 c7 ec fa 72 de ba ac d4 b2 |f{....p...r.....|
+00000210 be 7d d8 78 44 dd de 66 53 26 f4 c0 8a 67 61 cb |.}.xD..fS&...ga.|
+00000220 46 34 3d 6f 9e 9b dc ee 4a b9 5c 67 2b d9 87 2a |F4=o....J.\g+..*|
+00000230 35 42 1c 3e b8 08 c9 32 13 a6 6f fc 4d cc be dd |5B.>...2..o.M...|
+00000240 ad 76 19 1c 2d b3 6e 04 a1 17 05 93 b9 69 27 42 |.v..-.n......i'B|
+00000250 23 13 7b c0 f1 53 9c b5 1d 8e 5c f6 40 7e 5a e9 |#.{..S....\.@~Z.|
+00000260 20 dd 18 7a 0c f2 7b 5a ec 3d 4e 3b 29 b2 16 03 | ..z..{Z.=N;)...|
+00000270 03 00 35 15 15 54 38 4e 87 f1 c1 9a 90 b2 74 df |..5..T8N......t.|
+00000280 72 34 aa 0b 41 f3 df b4 c5 fd 50 00 2a 36 a8 d5 |r4..A.....P.*6..|
+00000290 c4 49 ac b8 58 3e 89 48 cb a9 4e b1 a9 0f ee 51 |.I..X>.H..N....Q|
+000002a0 37 d3 60 ca 23 76 68 0b 16 03 03 00 98 53 3c 0e |7.`.#vh......S<.|
+000002b0 d5 3b d3 78 9f 47 5d 9e 1b b6 04 5f d4 04 66 55 |.;.x.G]...._..fU|
+000002c0 68 bd d7 ab 54 b7 e5 9a 12 9b 0c 1d 75 7b c7 35 |h...T.......u{.5|
+000002d0 e3 9e 9d a0 8f 61 7a 32 d1 a7 23 2a b6 ba 48 7c |.....az2..#*..H||
+000002e0 1a 62 66 61 b4 3d e8 e3 a9 4e 85 7a 8d 5b f3 69 |.bfa.=...N.z.[.i|
+000002f0 c8 bc 0a 8a c7 e4 df 78 9b a8 cf 1d 37 14 90 a5 |.......x....7...|
+00000300 a8 ce f7 1f e7 a3 e5 d8 97 be 95 fd d3 c0 d0 81 |................|
+00000310 bf a6 e1 b3 6b 29 ee c6 16 3c 4c 68 6e b4 42 72 |....k)...<Lhn.Br|
+00000320 84 a0 97 0f 0e b2 44 0c 4f c6 df 04 b7 bf d8 e7 |......D.O.......|
+00000330 08 af 33 35 56 ed 6b cc 42 a8 9f 8e 59 9c 9c 32 |..35V.k.B...Y..2|
+00000340 29 77 87 6e d6 14 03 03 00 11 97 7a db d1 50 96 |)w.n.......z..P.|
+00000350 68 b7 04 90 79 fd f3 79 ed f3 de 16 03 03 00 20 |h...y..y....... |
+00000360 16 57 80 e9 30 65 46 29 74 09 32 70 13 1f f8 5d |.W..0eF)t.2p...]|
+00000370 54 3f 14 4b af a1 51 b3 cd 1f e6 01 d6 68 11 fc |T?.K..Q......h..|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 ab e7 45 c8 02 30 54 0f 5a ea 63 |.......E..0T.Z.c|
-00000010 42 ea 39 9b 46 ba 16 03 03 00 20 60 56 50 ad d0 |B.9.F..... `VP..|
-00000020 fe 7d 56 a2 e1 d9 87 76 96 3b b3 27 3b 7f be e4 |.}V....v.;.';...|
-00000030 98 d0 7a 6a a2 e3 37 1c f5 a9 a1 17 03 03 00 19 |..zj..7.........|
-00000040 67 ee fd 6d 58 de bd b8 df aa 4d 36 e4 93 83 7b |g..mX.....M6...{|
-00000050 e5 bd d1 ba 5c f3 2f aa a8 16 03 03 00 14 73 29 |....\./.......s)|
-00000060 15 c9 16 62 a2 97 81 f8 44 94 86 c1 94 37 9f 19 |...b....D....7..|
-00000070 1d c2 |..|
+00000000 14 03 03 00 11 1b a8 a8 a9 c6 a8 85 60 bc 14 0d |............`...|
+00000010 86 ce a5 0f 45 17 16 03 03 00 20 cb 3a 73 db 55 |....E..... .:s.U|
+00000020 05 7e 3e 4b 6d d0 eb ca 68 39 bf 71 ba 6c e5 0c |.~>Km...h9.q.l..|
+00000030 a7 90 d6 c1 b8 55 87 c6 20 40 35 17 03 03 00 19 |.....U.. @5.....|
+00000040 28 50 71 7c f0 7c 1e 61 fb de 5d d1 bb 77 f6 c8 |(Pq|.|.a..]..w..|
+00000050 a4 76 8d ab d4 c2 fe 27 96 16 03 03 00 14 e4 7e |.v.....'.......~|
+00000060 51 bb 26 a8 9c 0c b0 25 7a 57 b9 98 c2 20 5a 50 |Q.&....%zW... ZP|
+00000070 07 ca |..|
>>> Flow 11 (client to server)
-00000000 16 03 03 01 16 bb 29 a6 76 e4 5a ec 09 4e a7 6a |......).v.Z..N.j|
-00000010 66 d7 6e 39 fc 5a dd be 9f 34 1e cb 3a b3 3f 1e |f.n9.Z...4..:.?.|
-00000020 48 ad 0b e0 0e 43 b1 3e 57 f3 4a d1 c7 c6 1a f0 |H....C.>W.J.....|
-00000030 a8 3e d1 37 de 95 ad 0f 92 85 ee b2 2b 1c 30 2f |.>.7........+.0/|
-00000040 f5 70 ca 42 28 0c c2 e4 06 73 d5 eb 31 d2 86 f7 |.p.B(....s..1...|
-00000050 d6 42 5d e0 b0 a6 c0 94 2c 52 0b 18 2c 95 9c 2a |.B].....,R..,..*|
-00000060 56 4d a4 17 fb 51 49 be 3a 37 27 87 c7 d5 94 56 |VM...QI.:7'....V|
-00000070 88 c5 94 a6 ff a1 dd cf 2b 70 e1 6c a9 39 1b e7 |........+p.l.9..|
-00000080 69 c3 0e ef 08 d2 fb 6d 54 8a 80 64 99 6a b3 e4 |i......mT..d.j..|
-00000090 2e 44 62 ce 1c 4d 7a 0a 45 cd ba 52 23 47 6d 05 |.Db..Mz.E..R#Gm.|
-000000a0 97 03 c6 c4 c7 5a ca bf 38 73 b4 8c e5 a5 14 1b |.....Z..8s......|
-000000b0 10 ea 29 17 af f6 37 bd 7f 56 88 b2 63 92 9f b9 |..)...7..V..c...|
-000000c0 6c 18 9b 1b ad ce ac f0 97 45 3e 72 e0 10 8e 64 |l........E>r...d|
-000000d0 80 dc cd a1 f9 10 d1 cd 46 2a 98 cd 40 94 5b dc |........F*..@.[.|
-000000e0 f5 07 05 96 f3 74 db 91 3c 45 f1 6e b7 f9 52 e8 |.....t..<E.n..R.|
-000000f0 95 05 c3 fc 95 f7 3d 91 45 cd fe b1 13 01 78 e0 |......=.E.....x.|
-00000100 31 fc e2 0d 5b 97 5b 92 43 0a 83 21 c4 f2 3f d3 |1...[.[.C..!..?.|
-00000110 3f 1a a0 52 e0 d0 fe a7 03 6c 1a |?..R.....l.|
+00000000 16 03 03 01 16 66 3c 1a 62 c3 4a f9 e4 66 01 d4 |.....f<.b.J..f..|
+00000010 f7 e8 5a fb 95 c4 40 33 d4 af 61 78 d6 54 91 2b |..Z...@3..ax.T.+|
+00000020 62 72 d5 7b b8 2c 71 11 4e 0c 2d 79 6d 41 b1 9e |br.{.,q.N.-ymA..|
+00000030 df 59 d8 e0 5c 72 98 b5 29 55 1e 9b 01 a5 af 2c |.Y..\r..)U.....,|
+00000040 c3 87 4b f0 c8 ca 4d 56 fb 3a 7e 04 e5 b6 4f 6d |..K...MV.:~...Om|
+00000050 1e 53 26 5d af fb 17 ee 97 87 45 2f df 1b 21 80 |.S&]......E/..!.|
+00000060 21 81 2b 18 2d 2d e9 3c c4 01 32 91 b7 88 27 9e |!.+.--.<..2...'.|
+00000070 26 40 e7 6a 27 c5 a0 b4 a3 ed 4d 4b a4 e3 0b c7 |&@.j'.....MK....|
+00000080 49 42 ca ef e9 16 5c 98 8d ab fc 7d 00 83 03 89 |IB....\....}....|
+00000090 a4 97 1e 3f 9e d8 ba c5 f5 2a 0b 0a ed a0 a5 59 |...?.....*.....Y|
+000000a0 27 03 36 7e 94 d8 9a 3c fc f6 f6 52 b6 a7 fa 36 |'.6~...<...R...6|
+000000b0 04 83 2f e7 99 e5 1c 56 27 48 13 a0 59 ca ca 3b |../....V'H..Y..;|
+000000c0 36 2d 25 e8 6f 6a cb 07 74 f8 1b 7d ba 3e 6e e1 |6-%.oj..t..}.>n.|
+000000d0 1d 3e 93 c6 23 f4 eb bf ad 62 21 1a da 53 e1 13 |.>..#....b!..S..|
+000000e0 0a 3a 9c 57 48 d5 ee d3 72 af c3 74 fc 74 67 7d |.:.WH...r..t.tg}|
+000000f0 b4 76 fc 21 55 67 49 92 fc 71 5d 42 69 d6 01 b5 |.v.!UgI..q]Bi...|
+00000100 83 4e b8 cd f9 ed 28 41 ae 95 2f d6 69 b0 d3 b8 |.N....(A../.i...|
+00000110 bd 06 d6 00 74 44 c9 47 aa 8e 1d |....tD.G...|
>>> Flow 12 (server to client)
-00000000 16 03 03 00 81 47 d2 a4 b9 04 d0 39 aa 1f d3 7a |.....G.....9...z|
-00000010 f2 c3 a5 03 8a 35 6c 6b bf 18 02 62 d3 ab 8a 0f |.....5lk...b....|
-00000020 99 69 f3 84 45 7a 09 28 09 68 3a 67 8a ee 94 b1 |.i..Ez.(.h:g....|
-00000030 d3 2a e6 37 b7 f1 88 df c0 18 42 96 78 4e cf 3b |.*.7......B.xN.;|
-00000040 e9 35 50 af ee 96 52 e9 1c 58 47 79 87 97 ce d9 |.5P...R..XGy....|
-00000050 71 9b 4a 47 bc 60 8f 95 ea 75 4e c8 3e ca 79 0f |q.JG.`...uN.>.y.|
-00000060 22 b2 37 19 12 d6 08 4d 01 93 d9 86 ed 4c 9e 42 |".7....M.....L.B|
-00000070 fb 9b 37 26 98 33 74 cf 84 f4 e1 23 81 6f b6 b2 |..7&.3t....#.o..|
-00000080 a9 27 e7 88 50 77 16 03 03 02 69 6b 78 db e3 0e |.'..Pw....ikx...|
-00000090 cc 07 a4 96 1f 75 13 6d fe cd 3d 36 8c b0 44 e9 |.....u.m..=6..D.|
-000000a0 4a 3a 41 26 c9 8c 2f 25 28 9d a8 7b dd df 28 6a |J:A&../%(..{..(j|
-000000b0 fc ef 87 d4 06 dd 4e 05 ff 40 e3 6c 49 94 ad 1c |......N..@.lI...|
-000000c0 c2 30 cc 41 35 39 a2 70 95 db de a7 c0 aa 05 c0 |.0.A59.p........|
-000000d0 a2 a7 18 8e ba 70 ee 4b 0d 8d de 98 c7 8a 58 9c |.....p.K......X.|
-000000e0 8b 51 f7 8f bb 7c 8f f7 60 53 9e 11 7e 5c e6 25 |.Q...|..`S..~\.%|
-000000f0 be 22 aa 0a 3d 35 1c ac 2b 7d 98 fc 01 3a a9 9d |."..=5..+}...:..|
-00000100 bf b5 d1 ae 10 52 ae 17 f6 df fc 24 38 0b f2 64 |.....R.....$8..d|
-00000110 a8 9a 5c ff cb 42 bd 9d af 41 4d 6b 22 67 94 ac |..\..B...AMk"g..|
-00000120 6b 95 2e 43 41 5d 5e c9 67 29 5f f8 8e 13 9d 18 |k..CA]^.g)_.....|
-00000130 3c d4 ff 20 66 ff a6 d1 84 1a 33 31 27 5d 28 b5 |<.. f.....31'](.|
-00000140 24 57 43 c1 83 6a e7 8c 35 0c a7 6f 5e 78 e8 84 |$WC..j..5..o^x..|
-00000150 7c ee 9a 94 dc fd f7 a4 10 3d bb 66 0a 17 14 e7 ||........=.f....|
-00000160 d7 29 47 f7 70 76 d6 ec b2 3c e2 a0 22 e6 c5 c3 |.)G.pv...<.."...|
-00000170 bf a6 94 72 8b 70 eb 2b b8 4f c9 7d 72 22 75 ce |...r.p.+.O.}r"u.|
-00000180 b9 c2 34 08 ac 87 d3 a8 35 81 f7 5e 20 02 0c e8 |..4.....5..^ ...|
-00000190 0a 47 4e 37 4a 03 6d b1 c5 8f 29 77 80 c7 6c 5c |.GN7J.m...)w..l\|
-000001a0 c3 3e 6f 3d 02 ee 5e f2 fb 20 a2 ad c1 5b 2c 02 |.>o=..^.. ...[,.|
-000001b0 ef dd 81 e7 ea af f0 01 4f 0b eb f8 a1 82 3d ee |........O.....=.|
-000001c0 be b5 09 df f2 34 49 f0 e8 f3 bc 7e e7 6a 14 0d |.....4I....~.j..|
-000001d0 e4 aa e5 38 8a 2c 15 01 52 48 83 46 50 13 2b 71 |...8.,..RH.FP.+q|
-000001e0 f4 48 1a 3d 3f 14 dc 3c ba fc a8 68 57 44 5d f1 |.H.=?..<...hWD].|
-000001f0 f4 7f 23 8d ca f1 75 99 8c 36 99 38 b9 06 85 d0 |..#...u..6.8....|
-00000200 a6 76 8b ae 7e 2a 26 cb cc 9e 8c 7c 98 e6 00 86 |.v..~*&....|....|
-00000210 a9 d4 cb 42 8c 04 dc 6b 37 1e 8b e2 98 90 0f b3 |...B...k7.......|
-00000220 c0 ea 07 1c 92 45 39 65 12 90 41 23 93 55 59 13 |.....E9e..A#.UY.|
-00000230 22 e1 68 05 cc 5d ef a2 40 85 fb 61 d5 53 cb 77 |".h..]..@..a.S.w|
-00000240 63 7b 16 bf c6 17 57 fb 58 1e d2 86 1a 4a 79 a2 |c{....W.X....Jy.|
-00000250 1f da 2c 64 65 1c 7c 13 21 1b 33 22 36 0e 03 41 |..,de.|.!.3"6..A|
-00000260 8e 6a 78 98 ae 29 71 3e 5c be 5f 83 55 f4 80 2d |.jx..)q>\._.U..-|
-00000270 b8 2a b8 84 bd 97 7c 60 03 ae 67 77 44 47 70 c2 |.*....|`..gwDGp.|
-00000280 09 0d 1b ed a8 17 8e 84 97 1a b4 75 c2 48 86 bd |...........u.H..|
-00000290 b1 3c 1f 7c 1a 5b 60 10 a0 66 aa 8e f7 ba 9b e8 |.<.|.[`..f......|
-000002a0 35 6c 46 f0 67 3f f1 8b 5f a0 be 31 2e 45 22 80 |5lF.g?.._..1.E".|
-000002b0 ba d1 ff 88 f0 c8 bd 31 84 64 6a 07 02 75 bd 99 |.......1.dj..u..|
-000002c0 f1 aa 3c 9d 0e b8 f4 76 b3 24 4f 68 f0 83 b1 da |..<....v.$Oh....|
-000002d0 eb 70 1e 27 f4 17 90 a4 bc e5 1f d8 8b ee a1 e4 |.p.'............|
-000002e0 1e c5 f4 a2 5b c3 0c 6d 2e c8 0e 67 89 4b d9 fe |....[..m...g.K..|
-000002f0 9b a0 15 97 16 03 03 00 bc 2c e6 a2 fe 1b d7 1e |.........,......|
-00000300 38 85 ef 39 d1 d6 df ae c4 7f af b2 ff c2 92 0b |8..9............|
-00000310 37 e3 5c a9 6c 2c 9e f7 0e a3 88 ee 09 14 6b eb |7.\.l,........k.|
-00000320 46 81 74 4a a7 f8 39 82 7d a0 16 69 e4 17 52 f0 |F.tJ..9.}..i..R.|
-00000330 16 5f f7 2a a1 a0 a2 bb 41 4c 0c f9 9c e3 af 5e |._.*....AL.....^|
-00000340 bd 43 47 2d 6d 4a 88 60 95 52 29 94 3d ec 75 d4 |.CG-mJ.`.R).=.u.|
-00000350 dc f5 01 4a 57 fd 7b 96 13 75 5b ed a8 9d 29 5f |...JW.{..u[...)_|
-00000360 5f 28 dc 04 3a 91 0f 6b d6 7d 32 fe 75 cd 61 49 |_(..:..k.}2.u.aI|
-00000370 1b 6d b3 c6 41 87 6b 2d 09 e1 3d 8e f5 fb 9b b7 |.m..A.k-..=.....|
-00000380 04 9a 01 ab 82 e5 2b 17 4f 93 d7 ef 31 79 10 b0 |......+.O...1y..|
-00000390 1c cb 17 5b 8a 7a e9 22 ea 83 68 93 68 f6 85 34 |...[.z."..h.h..4|
-000003a0 d1 4d 75 5a b3 69 46 42 92 04 09 47 b1 8e 67 ad |.MuZ.iFB...G..g.|
-000003b0 47 4e 2c 02 48 16 03 03 00 14 b0 40 bb eb e1 a6 |GN,.H......@....|
-000003c0 94 fd d0 8a e1 91 a7 c9 d2 4b f8 95 95 c7 |.........K....|
+00000000 16 03 03 00 81 d3 99 6f 14 2b a1 f4 d7 45 c9 94 |.......o.+...E..|
+00000010 69 0b b3 72 f4 2c 2e 5c 80 96 09 20 2f 63 a1 e4 |i..r.,.\... /c..|
+00000020 8b df d7 22 11 71 bd 17 db da 2d c6 78 e8 9a 95 |...".q....-.x...|
+00000030 6b 39 34 a2 13 7f 39 77 8b e5 1b 6c 4b 20 79 40 |k94...9w...lK y@|
+00000040 a1 d9 69 89 b1 e2 60 8a 75 88 ae 83 b9 4f 42 a4 |..i...`.u....OB.|
+00000050 c9 c7 44 ac 0d 3f 1c ca 49 f9 a7 05 e2 c7 05 cd |..D..?..I.......|
+00000060 30 30 d2 f9 c2 87 60 33 3b 25 d0 e0 5e c2 bd 98 |00....`3;%..^...|
+00000070 9c 51 d8 38 c9 ef 04 f4 39 30 50 b6 35 53 f6 95 |.Q.8....90P.5S..|
+00000080 eb 5d 67 05 62 9a 16 03 03 02 69 39 94 a1 8d 01 |.]g.b.....i9....|
+00000090 37 64 c6 be bb 9c 22 9d 56 e8 68 ab 0f 7a 3a e7 |7d....".V.h..z:.|
+000000a0 2d 26 b7 ba 3e 54 38 b3 32 9d 7b d7 43 c4 d2 b3 |-&..>T8.2.{.C...|
+000000b0 9a 84 62 73 03 7a f2 68 ec 3e 41 d2 68 c9 22 1a |..bs.z.h.>A.h.".|
+000000c0 e9 4d 9c e8 80 6a a9 9e 6a bd 67 5d 77 97 8b f7 |.M...j..j.g]w...|
+000000d0 32 cb 3a cb c2 c0 a1 40 7e 63 81 5f 19 a5 71 20 |2.:....@~c._..q |
+000000e0 c3 76 88 ae 5c d4 bd 54 08 e7 7e e7 77 7e 3d 91 |.v..\..T..~.w~=.|
+000000f0 b5 40 f7 7e 95 d5 e3 f2 e5 4a 57 f6 d9 94 df 07 |.@.~.....JW.....|
+00000100 56 45 09 c4 bc 65 05 04 57 f4 00 c5 91 4c dc 4d |VE...e..W....L.M|
+00000110 a0 1e c6 e2 37 35 d0 5a e9 79 ce f5 91 6d 3e 39 |....75.Z.y...m>9|
+00000120 c3 68 6a 76 6d f3 29 1d e0 ef b2 20 3e 2a ac 11 |.hjvm.).... >*..|
+00000130 7e 11 2d a3 84 60 94 b5 8e 3a e6 4b 34 70 aa f8 |~.-..`...:.K4p..|
+00000140 e3 f9 0f 2c a4 bf 5b 27 7e c9 5e 6f c0 11 b4 ff |...,..['~.^o....|
+00000150 53 6b 98 ee 20 77 87 87 fc 8e 30 1b 8f 74 29 af |Sk.. w....0..t).|
+00000160 a2 c7 e8 c1 da e5 d7 0f 70 ec 27 23 46 3f 16 b1 |........p.'#F?..|
+00000170 59 bd 43 76 09 1d 8c f4 eb 17 10 a5 c1 1a e0 c6 |Y.Cv............|
+00000180 45 e2 d2 dc 6d f4 9a 87 36 ef 71 18 5c 1d e7 7c |E...m...6.q.\..||
+00000190 40 d6 4c 16 ee 58 75 d7 56 9f 2e 17 80 1d 74 1c |@.L..Xu.V.....t.|
+000001a0 fd 86 7c 2b 05 ac ef 07 18 a3 98 73 fa 9c 16 6c |..|+.......s...l|
+000001b0 14 95 37 91 1e a2 c7 47 a8 87 11 35 30 d8 ed 60 |..7....G...50..`|
+000001c0 ba 65 ee 66 2b 1f db 67 c2 d0 71 26 3d ae 17 94 |.e.f+..g..q&=...|
+000001d0 f0 f6 65 01 bb 1d 85 7e b3 d8 2c f1 96 c5 d5 e0 |..e....~..,.....|
+000001e0 97 a4 3e df 97 ff 8f 4b e3 72 49 c4 5b 87 4e 06 |..>....K.rI.[.N.|
+000001f0 93 11 75 04 7b 80 9d 1c a7 85 a3 2c f1 16 8a b9 |..u.{......,....|
+00000200 78 6b 27 1e 9a e3 86 eb f9 42 95 10 02 d5 b6 01 |xk'......B......|
+00000210 b3 94 04 63 49 50 9e 11 71 07 aa a1 d6 9d d1 db |...cIP..q.......|
+00000220 f4 ea 2e bb fa ca 1e 00 53 75 70 de 0a 72 eb 55 |........Sup..r.U|
+00000230 ab b7 ff 30 ad 5e 7e 13 90 75 42 5d 07 07 21 0f |...0.^~..uB]..!.|
+00000240 db a6 f4 61 9c bf 31 34 e4 98 bb c4 ac 41 2d 76 |...a..14.....A-v|
+00000250 fb 6c 30 b0 e2 98 5f ed d9 a8 42 d7 75 a1 bc 36 |.l0..._...B.u..6|
+00000260 f2 3e c5 ac 50 ae c7 2e 42 35 6c 1a 47 aa 1f 0a |.>..P...B5l.G...|
+00000270 2f ff 6e 0a a5 c4 b5 a5 92 3f 54 d0 4e 62 6e 3e |/.n......?T.Nbn>|
+00000280 cb 07 2d 4d 1a fb 94 5b f8 d0 5b 26 34 2b 1b 26 |..-M...[..[&4+.&|
+00000290 8c dd 91 a7 66 21 89 d0 11 24 a5 5f 99 ae 62 84 |....f!...$._..b.|
+000002a0 34 9c d2 45 71 74 8c 68 db 8b ad 6f df 08 35 38 |4..Eqt.h...o..58|
+000002b0 ed 5c 3b 3e 55 a1 c3 16 b6 61 f4 4d 6d d0 2a 5d |.\;>U....a.Mm.*]|
+000002c0 10 fb 64 c9 6f 87 6f 3d ff d1 a0 97 64 b4 12 f9 |..d.o.o=....d...|
+000002d0 2a a8 46 59 1b e4 6b d8 c9 3e ac 14 00 4f 1a e6 |*.FY..k..>...O..|
+000002e0 26 9b 86 32 a3 9b 37 eb c1 cf 9a 70 16 2e 4a b0 |&..2..7....p..J.|
+000002f0 6e e5 fc c2 16 03 03 00 bc bf c4 ea e0 dc be fe |n...............|
+00000300 33 7f ef 2b d9 50 f7 87 d5 30 2b 09 bb 63 1e 4c |3..+.P...0+..c.L|
+00000310 9c 3c a9 10 4e 04 e1 85 29 44 f9 ea 32 61 12 6e |.<..N...)D..2a.n|
+00000320 63 0f d9 e7 e9 c8 81 a0 eb 4e fe 90 bf f4 f4 af |c........N......|
+00000330 22 66 21 86 dc 2c f6 ed b1 be eb b1 ac 14 f5 ce |"f!..,..........|
+00000340 6c b9 a8 45 e4 3f 09 d1 b1 f3 69 f7 df c4 f0 6c |l..E.?....i....l|
+00000350 48 f6 15 80 8a b8 b0 39 0e e9 22 9a 5c 72 f9 fa |H......9..".\r..|
+00000360 95 01 9d ca e4 68 ef 72 e2 34 28 a5 04 5d d2 30 |.....h.r.4(..].0|
+00000370 c6 33 80 a8 f1 8f fb 6c ec 15 c3 7c 68 7c a2 2e |.3.....l...|h|..|
+00000380 4d ba 64 af fb f5 b8 f7 6b 6b 8c 5c 56 dc dd 69 |M.d.....kk.\V..i|
+00000390 39 d8 73 75 e3 be 17 09 3f 80 ed cc 12 5b ca d9 |9.su....?....[..|
+000003a0 e6 e2 50 88 41 0b 39 8e 84 6f fb 6a c3 8e 4f fc |..P.A.9..o.j..O.|
+000003b0 dc 18 ca 02 18 16 03 03 00 14 5e ac 52 4d 0b 89 |..........^.RM..|
+000003c0 33 7d fe 1c d9 b5 1d 1c 2b 6d d4 4f 12 33 |3}......+m.O.3|
>>> Flow 13 (client to server)
-00000000 16 03 03 00 35 25 1e 49 ad bf 9c 37 e2 d0 2b aa |....5%.I...7..+.|
-00000010 44 91 d5 61 e7 a5 16 b2 cb 93 43 d7 a0 2b b7 19 |D..a......C..+..|
-00000020 f2 41 d8 36 65 95 4a bb 68 1b 65 7b de 89 a5 af |.A.6e.J.h.e{....|
-00000030 1a aa ec bf b4 66 97 fc 76 d0 14 03 03 00 11 94 |.....f..v.......|
-00000040 b0 9b 4d 47 6e 63 e3 3d c4 a7 36 94 3f d2 04 a3 |..MGnc.=..6.?...|
-00000050 16 03 03 00 20 34 f5 58 f2 80 c9 19 41 07 d8 6c |.... 4.X....A..l|
-00000060 6f 64 e7 e9 76 65 cf a8 61 97 27 29 28 f8 0c 7a |od..ve..a.')(..z|
-00000070 2c 5e 05 c6 53 |,^..S|
+00000000 16 03 03 00 35 a4 b8 43 07 6e 71 c9 b4 fa e1 9c |....5..C.nq.....|
+00000010 a7 9d 0b 47 d8 ea 8b bd ea c2 f5 bf 36 fa 88 95 |...G........6...|
+00000020 3b 98 b3 7e 19 21 9b 0f 58 76 e8 de 5b 24 d3 b5 |;..~.!..Xv..[$..|
+00000030 81 bd 11 ce 86 02 b0 d1 3b ac 14 03 03 00 11 3f |........;......?|
+00000040 4e a4 96 06 71 44 5f 57 30 5e 1a bc 22 8d 42 97 |N...qD_W0^..".B.|
+00000050 16 03 03 00 20 23 e7 90 a5 0a 32 b4 69 06 d7 77 |.... #....2.i..w|
+00000060 df ef f6 2f b8 d8 22 39 08 4f 39 02 e0 7f 62 93 |.../.."9.O9...b.|
+00000070 02 b9 8e a5 b6 |.....|
>>> Flow 14 (server to client)
-00000000 14 03 03 00 11 c3 73 b6 63 12 88 86 2b cb a8 94 |......s.c...+...|
-00000010 9b c4 10 9f 98 cb 16 03 03 00 20 1e 06 97 84 3f |.......... ....?|
-00000020 7f 2e 8d 1a 81 1d da d1 f5 53 5d a4 89 9e 90 22 |.........S]...."|
-00000030 fd 14 58 d1 f7 b2 cd eb 42 2f e8 17 03 03 00 19 |..X.....B/......|
-00000040 1f e3 dc 74 9d 6b 81 43 cb 31 6b 48 31 50 15 e8 |...t.k.C.1kH1P..|
-00000050 80 f0 60 c4 43 f6 50 9a 3c |..`.C.P.<|
+00000000 14 03 03 00 11 0e 2d 1e 73 95 29 15 86 03 a2 da |......-.s.).....|
+00000010 6c f4 d2 02 2c 57 16 03 03 00 20 cd a2 f5 b6 da |l...,W.... .....|
+00000020 0c 35 45 96 54 c3 96 5d d8 e6 03 49 7b 5c d4 6f |.5E.T..]...I{\.o|
+00000030 02 da 27 9e 2f a7 09 57 1b de 7b 17 03 03 00 19 |..'./..W..{.....|
+00000040 18 06 7d aa 5c 93 a9 b3 d3 14 0b 76 78 a2 57 73 |..}.\......vx.Ws|
+00000050 2f a3 4f 66 c4 b3 ee 21 95 |/.Of...!.|
>>> Flow 15 (client to server)
-00000000 15 03 03 00 12 33 e5 90 b6 f4 60 f4 da 3f f5 c4 |.....3....`..?..|
-00000010 5c a1 a1 75 01 04 8a |\..u...|
+00000000 15 03 03 00 12 55 f7 2f b2 a2 e7 59 6c f6 a9 2d |.....U./...Yl..-|
+00000010 d1 17 88 01 49 c6 f2 |....I..|
diff --git a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
index f9a7a11..441fa0f 100644
--- a/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
+++ b/src/crypto/tls/testdata/Client-TLSv12-RenegotiateTwiceRejected
@@ -16,11 +16,11 @@
000000e0 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
000000f0 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 |.........._X.;t|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 59 02 00 00 55 03 03 52 6a c1 e9 3d |....Y...U..Rj..=|
-00000010 5e 12 f4 95 42 33 5e 56 98 6b e5 b9 c0 e2 b4 02 |^...B3^V.k......|
-00000020 3e 99 0c 26 52 66 69 35 ef 4a 66 20 bb ee b5 86 |>..&Rfi5.Jf ....|
-00000030 ec 40 54 e7 ef 93 8e cd e4 bd c2 57 e7 2b d3 86 |.@T........W.+..|
-00000040 44 93 8f 4f 3a e3 4d eb 53 88 b0 43 cc a8 00 00 |D..O:.M.S..C....|
+00000000 16 03 03 00 59 02 00 00 55 03 03 bb ec 39 c5 f2 |....Y...U....9..|
+00000010 dd a8 26 56 80 09 60 f5 d8 0a 93 6d 08 c4 30 c2 |..&V..`....m..0.|
+00000020 cf 0c 44 86 49 a3 19 84 20 38 98 20 0d 8b 81 b5 |..D.I... 8. ....|
+00000030 a7 42 37 27 1b 9c be 36 8f 9b 49 31 4f 73 67 a7 |.B7'...6..I1Osg.|
+00000040 78 9f 46 e5 9e 3b 45 ff e9 16 11 ca cc a8 00 00 |x.F..;E.........|
00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................|
00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..|
00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............|
@@ -60,188 +60,188 @@
00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.|
000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..|
000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......|
-000002c0 ac 0c 00 00 a8 03 00 1d 20 dc 94 bc ee 1b 36 ac |........ .....6.|
-000002d0 13 5f 6a b8 12 89 3b 05 8f 76 cf 1e 9c 20 2e 75 |._j...;..v... .u|
-000002e0 7c a4 f4 23 7f 74 72 97 74 08 04 00 80 b9 22 bb ||..#.tr.t.....".|
-000002f0 8e 21 42 cd 1e 68 2c 47 f0 b1 7f 2d 26 ac 7b a6 |.!B..h,G...-&.{.|
-00000300 10 b0 a7 72 31 99 ce be 5e e3 a5 c0 18 a6 18 50 |...r1...^......P|
-00000310 d8 98 9c 0a f5 15 0f db be 76 50 4b 09 8d f0 94 |.........vPK....|
-00000320 a3 48 23 7b d0 13 5e 2c 71 c1 8b e4 56 2b 69 88 |.H#{..^,q...V+i.|
-00000330 88 78 b4 b7 7c 0f 29 6c 73 21 b3 e5 26 a5 10 04 |.x..|.)ls!..&...|
-00000340 23 93 77 06 81 ff 23 df 06 be 82 4e ac 42 80 10 |#.w...#....N.B..|
-00000350 ea db 84 f9 96 98 8e bb bf ab b4 b6 fc 21 88 02 |.............!..|
-00000360 49 cb a3 4c 89 ee 19 cb 4d 71 6f fc 37 16 03 03 |I..L....Mqo.7...|
+000002c0 ac 0c 00 00 a8 03 00 1d 20 2f ad 87 a5 c9 9e c7 |........ /......|
+000002d0 f6 f1 05 9a 44 97 57 34 6b 3a 30 54 4c 0e 47 5e |....D.W4k:0TL.G^|
+000002e0 16 d3 c9 c2 25 a8 47 e5 63 08 04 00 80 9f 54 b4 |....%.G.c.....T.|
+000002f0 c1 aa bb 15 07 5c b1 52 ef bd 26 fa ec ce 70 31 |.....\.R..&...p1|
+00000300 90 fb f5 4d d2 26 0c 64 6f b3 9f 7f 27 c7 a5 b2 |...M.&.do...'...|
+00000310 d1 6d cf 0e 9c 91 e3 c4 20 f7 e3 ae 95 ff 6d ce |.m...... .....m.|
+00000320 80 b5 30 89 6c a2 dd 31 26 5b 24 19 7a 30 f7 43 |..0.l..1&[$.z0.C|
+00000330 71 a8 e9 1a 27 ee 46 86 44 56 b1 f3 2e e1 bd d5 |q...'.F.DV......|
+00000340 79 99 34 0c 9b 01 e6 bb 0f ad 96 4a 68 0f 10 79 |y.4........Jh..y|
+00000350 e9 91 7f 06 e6 02 32 ba 8c b6 a2 0c 4b 6d 09 f6 |......2.....Km..|
+00000360 28 8f 94 e8 10 e1 ca 48 6c de 56 c2 5c 16 03 03 |(......Hl.V.\...|
00000370 00 04 0e 00 00 00 |......|
>>> Flow 3 (client to server)
00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.|
00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....|
00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......|
-00000030 16 03 03 00 20 6e 65 ea 6e 03 fb f9 4e 00 8f d1 |.... ne.n...N...|
-00000040 99 24 83 3a 38 ef 28 7b 16 43 70 b5 af 0d de 37 |.$.:8.({.Cp....7|
-00000050 cd bf ac 83 09 |.....|
+00000030 16 03 03 00 20 d5 77 86 8e 32 60 6b 0f 0f 36 33 |.... .w..2`k..63|
+00000040 89 fe 51 b8 69 3a 1f 37 b3 d1 eb 43 ab e0 f6 db |..Q.i:.7...C....|
+00000050 8b 9d 3c 0d 9a |..<..|
>>> Flow 4 (server to client)
-00000000 14 03 03 00 01 01 16 03 03 00 20 ef 39 04 ca 70 |.......... .9..p|
-00000010 71 ee f8 1b 72 10 b7 6a 89 cd 85 ee a4 81 a4 87 |q...r..j........|
-00000020 88 1b c7 5b 18 d9 95 fe 31 d9 c8 |...[....1..|
+00000000 14 03 03 00 01 01 16 03 03 00 20 ed 78 35 a3 71 |.......... .x5.q|
+00000010 34 a9 40 b2 be 15 dc a9 10 86 e0 de 94 23 e9 51 |4.@..........#.Q|
+00000020 2c 01 1e 34 19 07 53 20 59 ac f9 |,..4..S Y..|
>>> Flow 5 (client to server)
-00000000 17 03 03 00 16 58 8c 23 1b 8d 7f 44 92 a4 5d 88 |.....X.#...D..].|
-00000010 3e ee 7c 98 90 14 b4 61 e9 5c ea |>.|....a.\.|
+00000000 17 03 03 00 16 f3 a2 5f da 1c 09 70 76 af 14 83 |......._...pv...|
+00000010 e5 7f 6f c9 9a 61 7f d9 e6 86 3c |..o..a....<|
>>> Flow 6 (server to client)
-00000000 16 03 03 00 14 32 2b 55 14 4a 65 21 51 b0 72 e0 |.....2+U.Je!Q.r.|
-00000010 4c 57 b0 b1 78 0b e3 30 de |LW..x..0.|
+00000000 16 03 03 00 14 71 23 15 46 93 87 94 38 01 d0 1b |.....q#.F...8...|
+00000010 1a 34 db 58 17 d0 ac 62 87 |.4.X...b.|
>>> Flow 7 (client to server)
-00000000 16 03 03 01 16 ff 7a 5b 80 e0 cd 83 55 3d b5 97 |......z[....U=..|
-00000010 60 d2 51 1e 75 d2 5d b9 ea 2a 5f 67 43 03 7c 50 |`.Q.u.]..*_gC.|P|
-00000020 25 5d a2 81 5f fa 0f be 08 9d 80 ac 73 16 bc 64 |%].._.......s..d|
-00000030 51 54 33 09 cc 05 90 24 c0 ee 99 a9 d1 8f 1b 3e |QT3....$.......>|
-00000040 9f 6a e8 b6 83 b0 30 fe e6 6b 6e 37 dd 95 95 30 |.j....0..kn7...0|
-00000050 64 46 c7 fc 15 54 84 ef 3d 1a 28 2d ee 3b aa 19 |dF...T..=.(-.;..|
-00000060 60 21 f9 d1 98 04 b4 0f 08 79 34 1f aa 12 2e 60 |`!.......y4....`|
-00000070 93 ff 87 16 56 55 24 c7 96 00 3b c2 72 7f 9d 96 |....VU$...;.r...|
-00000080 8b b7 2b 50 8f 99 df f5 4c 6a 42 0a cc 2f 27 f2 |..+P....LjB../'.|
-00000090 88 6d 42 e3 20 c8 1f 01 2b fb e9 b3 aa f3 2f 02 |.mB. ...+...../.|
-000000a0 fa 78 34 38 00 0f 1d f9 c7 5a 08 ae 56 19 c2 6c |.x48.....Z..V..l|
-000000b0 0b b0 d1 40 0d 0e 57 d2 00 be 3d 65 9c c1 86 00 |...@..W...=e....|
-000000c0 4c a5 1b a6 67 4d 39 cd ba fe 96 3c c5 25 dd 43 |L...gM9....<.%.C|
-000000d0 7b 49 f0 b5 8a 66 46 d4 65 6b 2d da 55 13 14 48 |{I...fF.ek-.U..H|
-000000e0 76 c8 2c 3d a4 4d 7a 14 1e 70 32 06 b3 96 cd 4e |v.,=.Mz..p2....N|
-000000f0 bd 4f 06 a8 83 ae 30 83 b6 6b 61 2e 08 73 0e 14 |.O....0..ka..s..|
-00000100 08 13 3d f0 7c ec cf 78 ff b4 25 21 15 5e 80 14 |..=.|..x..%!.^..|
-00000110 80 4f af c7 9e 44 04 33 da cb 27 |.O...D.3..'|
+00000000 16 03 03 01 16 46 70 b5 5f 98 fc af a8 cb d6 7c |.....Fp._......||
+00000010 8c 1e 60 c3 68 25 20 7b 95 9a 0c 04 b3 2c 52 b2 |..`.h% {.....,R.|
+00000020 30 f9 db cf 64 48 0a 46 9b 7a 11 76 11 5c 22 0c |0...dH.F.z.v.\".|
+00000030 ef fa e6 6e a1 90 29 b3 64 aa ff 4d cb 7d 4d 91 |...n..).d..M.}M.|
+00000040 c0 05 99 a0 3d 25 b2 1e 7c c4 d2 94 6b bf f0 f7 |....=%..|...k...|
+00000050 0f 6a 3b 4c 66 c7 8a 26 9e 4f 79 68 50 5c f9 92 |.j;Lf..&.OyhP\..|
+00000060 97 e1 a5 86 aa f2 e9 d5 8a a1 96 a7 37 82 71 7d |............7.q}|
+00000070 7d 7e b6 77 a3 3d 84 40 58 0d 66 cd 52 6c 9b 18 |}~.w.=.@X.f.Rl..|
+00000080 e2 c4 f0 dc 3d 9e 0e b8 49 ca 64 f3 71 c5 24 34 |....=...I.d.q.$4|
+00000090 e7 ca c3 87 f6 b9 2c 6a 95 12 4d 9d 4a 4d fe 8a |......,j..M.JM..|
+000000a0 51 16 6e c9 00 64 c0 d1 da ae e6 14 66 d2 a8 80 |Q.n..d......f...|
+000000b0 35 ae 86 f6 64 f8 56 87 8a 40 46 43 ae d1 d1 fb |5...d.V..@FC....|
+000000c0 64 1d 00 a1 3d e9 d9 7a b5 fb 71 2a db 76 5a 74 |d...=..z..q*.vZt|
+000000d0 03 c3 79 df e6 90 e9 7e de f9 0e 70 7a 65 3c 68 |..y....~...pze<h|
+000000e0 4f 2e c0 b8 13 e6 9d 1b 86 b8 65 57 fa dc 46 a7 |O.........eW..F.|
+000000f0 26 ba c3 64 fa b3 6f d5 e8 98 1f 10 d5 a5 1f 3e |&..d..o........>|
+00000100 cc f9 8d a6 56 37 0d ff 92 8f 1b 36 b3 3d 0b f5 |....V7.....6.=..|
+00000110 5b fb fb 1e 4d c8 cb 84 39 5b 87 |[...M...9[.|
>>> Flow 8 (server to client)
-00000000 16 03 03 00 81 f5 0b a1 9d 19 be 84 54 fd 42 47 |............T.BG|
-00000010 d9 4e f8 35 02 91 06 7e 53 5c ea 64 8b c4 34 ac |.N.5...~S\.d..4.|
-00000020 f9 93 54 36 5d 13 d0 0d 75 9f 8f 22 20 70 17 45 |..T6]...u.." p.E|
-00000030 37 a9 ed c2 34 23 8b bc c8 87 5f a2 ff 9c 54 48 |7...4#...._...TH|
-00000040 1b d4 85 60 39 4b 53 75 6f 65 d0 33 a7 b6 90 7d |...`9KSuoe.3...}|
-00000050 4f 84 28 cc 59 ab af bd 85 4b 40 ed 72 ff 30 c6 |O.(.Y....K@.r.0.|
-00000060 a5 01 8b fa 03 52 7e 0d a8 5d 86 89 9b 4e c4 05 |.....R~..]...N..|
-00000070 83 fb d4 aa f9 13 8b 06 b1 2b 89 82 12 d2 a3 e2 |.........+......|
-00000080 79 d6 6a 07 ef a0 16 03 03 02 69 65 b4 cc 90 43 |y.j.......ie...C|
-00000090 f7 6f 92 59 1b 47 32 e4 51 be 16 8c bb 7b ef 68 |.o.Y.G2.Q....{.h|
-000000a0 60 38 9c 5f 5a f6 04 da 78 1d 4e 89 a7 e9 5b e0 |`8._Z...x.N...[.|
-000000b0 27 7d 82 fa 6f 44 df 5d 59 b3 5b 4c 01 76 3e bd |'}..oD.]Y.[L.v>.|
-000000c0 d7 b5 0b 9a 9d be d4 ec 03 9d e5 a5 e0 e2 f2 a3 |................|
-000000d0 7f b2 87 ed 09 46 b2 e1 6a e2 39 e9 82 0d fb 62 |.....F..j.9....b|
-000000e0 a4 ef 1e 29 75 96 68 da f9 8d 75 86 df 0c 57 9c |...)u.h...u...W.|
-000000f0 48 e9 3e de 16 ab 22 b2 6d 37 38 d6 33 44 bd 38 |H.>...".m78.3D.8|
-00000100 16 2c 49 1c 2c 17 1a 28 05 45 eb 65 44 4e 1a 02 |.,I.,..(.E.eDN..|
-00000110 fc 2f 5c c9 e8 d8 16 e6 4f 5f f4 bd b4 d7 ec 73 |./\.....O_.....s|
-00000120 2f d1 f5 5b 68 69 b6 6a 59 8e 0b 24 2d 7c 69 96 |/..[hi.jY..$-|i.|
-00000130 a6 99 66 3e 38 25 82 30 ba 1a b5 b9 66 23 ea 60 |..f>8%.0....f#.`|
-00000140 b6 30 5e f5 29 80 8a 75 fc 96 f0 af 3d d2 8e 83 |.0^.)..u....=...|
-00000150 5e 00 fc 76 1c 69 cc 2b e8 d2 70 21 95 65 da 2c |^..v.i.+..p!.e.,|
-00000160 ed c3 fd a4 31 de 00 e5 3a b1 81 38 fc 68 da 0f |....1...:..8.h..|
-00000170 b0 8c 32 f4 67 08 ed 31 0d fc e1 9b 20 8c 79 99 |..2.g..1.... .y.|
-00000180 bd 52 e6 eb 27 04 a5 94 1c e9 a0 5a 18 bf 7b 59 |.R..'......Z..{Y|
-00000190 22 e6 5c 63 84 2f 0a f6 ef b8 c9 c0 cf 82 0d 07 |".\c./..........|
-000001a0 42 66 65 0b d5 5e ea 27 0d f9 de 7e 13 a9 c2 b5 |Bfe..^.'...~....|
-000001b0 ea e2 22 4f a0 13 dc 12 69 9a ec ed d4 44 b2 bc |.."O....i....D..|
-000001c0 88 65 09 ea 50 ca d6 48 c2 f2 12 9e b3 ab 29 c5 |.e..P..H......).|
-000001d0 61 72 3d 0e 77 bd 96 d9 ff 24 4d 7f 4d 22 e0 67 |ar=.w....$M.M".g|
-000001e0 54 02 18 42 e7 78 0c 18 28 89 24 a8 4a a1 cc 70 |T..B.x..(.$.J..p|
-000001f0 a2 a1 4f ee a0 b6 1f 7e cb 9b 20 95 1f 10 63 60 |..O....~.. ...c`|
-00000200 df fe ce 37 9e 9e ce ff fa 49 4f 4c 5b c0 f6 35 |...7.....IOL[..5|
-00000210 b7 eb e1 ac 85 64 11 6e 83 61 6f da d9 e9 09 a6 |.....d.n.ao.....|
-00000220 10 eb c2 da 62 9c ac e0 2e 0a ff 21 2e f7 94 6d |....b......!...m|
-00000230 a6 56 f9 1c 39 52 f3 c7 29 a9 d6 b2 8c a9 4f bf |.V..9R..).....O.|
-00000240 62 c8 74 cb 80 3d 3e 4d d1 25 4c 29 14 21 cd 13 |b.t..=>M.%L).!..|
-00000250 b0 92 5a ca 9b 10 f6 4c 91 6e f7 c3 55 5e 0e f0 |..Z....L.n..U^..|
-00000260 e2 8f 2f 65 f9 b8 c2 43 0c 38 45 86 22 15 ed 8f |../e...C.8E."...|
-00000270 6b 49 ff 45 e5 59 b7 54 f8 c9 d3 b0 f6 71 82 7b |kI.E.Y.T.....q.{|
-00000280 7d 52 be 6c 33 f2 27 5c f8 33 96 05 64 fa b2 b9 |}R.l3.'\.3..d...|
-00000290 ae 74 23 91 46 6f 9b 42 5b 96 1c c4 1c f4 5e b0 |.t#.Fo.B[.....^.|
-000002a0 c7 78 0f f3 da d3 01 ae 25 6c c1 10 31 47 e9 0d |.x......%l..1G..|
-000002b0 84 27 5d 5a 23 35 07 3c 2d ea e8 dc cd d3 c6 85 |.']Z#5.<-.......|
-000002c0 86 ff 48 07 b8 97 d5 c5 10 f4 47 46 af 87 d9 03 |..H.......GF....|
-000002d0 24 3d b0 80 33 46 2a 4d 15 77 5c 21 3c a4 13 99 |$=..3F*M.w\!<...|
-000002e0 6c 9e ce 69 81 2e 90 c9 ba 9a 95 91 30 cc 8d 9b |l..i........0...|
-000002f0 6c 55 c4 09 16 03 03 00 bc 30 d3 15 d7 3b 42 a9 |lU.......0...;B.|
-00000300 9b a2 1f c8 ff 90 43 4c 0f 9c 4e 59 98 23 a2 9e |......CL..NY.#..|
-00000310 17 e0 ea 06 ae 8f 23 e6 85 f9 ca 80 39 34 78 a3 |......#.....94x.|
-00000320 7b 7e 61 88 86 35 e3 8e a3 61 2d f9 24 6e e4 b1 |{~a..5...a-.$n..|
-00000330 c2 7d 56 bc 9d e0 12 3d e5 90 10 b9 39 d5 64 6b |.}V....=....9.dk|
-00000340 a8 91 75 d7 95 e7 e6 ce 8f 11 b0 66 87 f5 48 5d |..u........f..H]|
-00000350 c9 a1 56 b1 71 e9 74 5f 48 a6 06 32 dc 66 7b 0b |..V.q.t_H..2.f{.|
-00000360 85 66 36 e9 d3 13 2d d8 60 8c b2 89 c5 2a de b7 |.f6...-.`....*..|
-00000370 48 63 e0 8e 27 65 3a 01 6f be 75 45 ec 2a 61 c4 |Hc..'e:.o.uE.*a.|
-00000380 a8 0b cf 95 93 a2 d6 27 fa 71 82 92 3a 95 39 a7 |.......'.q..:.9.|
-00000390 fc e5 33 e3 f2 0e a4 94 94 bb e6 65 25 3a 6f 6e |..3........e%:on|
-000003a0 da a0 6d fc 57 2b 46 f8 ab 55 0e 5a 1e 56 92 68 |..m.W+F..U.Z.V.h|
-000003b0 7e 88 f4 d0 b2 16 03 03 00 4a 08 e0 60 21 59 5d |~........J..`!Y]|
-000003c0 29 3e ba b9 1d 13 3a a0 e3 b2 76 39 29 00 92 d0 |)>....:...v9)...|
-000003d0 24 a6 d9 fd e2 2b c8 5d 6b 78 ea 75 ce 68 93 1b |$....+.]kx.u.h..|
-000003e0 3b b8 59 e4 6b 60 5b 4a 28 7a e9 1d 04 72 a8 e0 |;.Y.k`[J(z...r..|
-000003f0 64 31 e4 86 da a9 f2 00 36 55 bd 56 02 d4 b3 48 |d1......6U.V...H|
-00000400 a7 21 69 11 16 03 03 00 14 44 1c 39 61 56 3d 7e |.!i......D.9aV=~|
-00000410 ca dd cb 34 06 10 4f 5f 32 45 63 c1 98 |...4..O_2Ec..|
+00000000 16 03 03 00 81 25 44 f6 91 ed d5 01 fa 88 d6 74 |.....%D........t|
+00000010 f7 cd 6d ba 85 76 1d bd ef 7b 31 51 db b4 42 a3 |..m..v...{1Q..B.|
+00000020 0a 89 3f 47 dc ca 18 39 84 5d 5a 4e d2 cd ba 75 |..?G...9.]ZN...u|
+00000030 b9 75 53 28 8c 85 6e 84 02 39 0a d2 59 ee ac 2f |.uS(..n..9..Y../|
+00000040 fe a3 e4 fb 8c a1 72 e3 9f 28 8b 13 92 a8 5b 70 |......r..(....[p|
+00000050 24 f0 1b 6d 19 aa f1 b2 bf 8a 1f e2 3a 3e 3f e2 |$..m........:>?.|
+00000060 57 16 12 9e e8 21 11 66 b9 96 71 36 46 e1 2e fc |W....!.f..q6F...|
+00000070 1e 40 a2 e2 6a 4d 4b 91 7a 50 0b d0 87 d1 04 16 |.@..jMK.zP......|
+00000080 2f 47 4d f2 c9 68 16 03 03 02 69 9a 28 7b f7 fc |/GM..h....i.({..|
+00000090 8b e7 2b 40 88 1c 30 c1 5a f6 1d 51 a9 a8 5e 70 |..+@..0.Z..Q..^p|
+000000a0 73 1c 43 a7 3c 11 7e d5 92 78 b1 4f fd 5d 55 c6 |s.C.<.~..x.O.]U.|
+000000b0 5a ef 83 88 b2 e2 33 2a 27 cd 2e e8 d2 f4 2b d4 |Z.....3*'.....+.|
+000000c0 d5 b0 35 54 f6 a1 9c 07 75 10 8b 5d b9 dc bb 83 |..5T....u..]....|
+000000d0 76 43 f6 7e 70 2f 7c fe 8e 64 ca 00 65 df a4 e1 |vC.~p/|..d..e...|
+000000e0 a9 ad 71 79 d6 83 21 f6 9c 1b 88 d4 bb 51 3c 8a |..qy..!......Q<.|
+000000f0 8c e5 c2 13 30 bd 6b 60 29 01 3e a0 cc 19 69 54 |....0.k`).>...iT|
+00000100 f0 2d dd a9 a1 24 a3 cc 13 9b 9a 8b f5 06 88 a9 |.-...$..........|
+00000110 9d ec c1 6f 0c b2 dd b3 60 be 23 ee 67 26 2d 65 |...o....`.#.g&-e|
+00000120 b1 99 9a 5b 92 c5 06 79 47 c6 4d 39 36 83 3b 4b |...[...yG.M96.;K|
+00000130 96 f0 03 41 5c f9 fa 7c 3e d5 bf 67 1c a3 cf 6f |...A\..|>..g...o|
+00000140 26 98 e0 2a 2d 64 60 c2 71 b1 b3 35 ba 8a 38 00 |&..*-d`.q..5..8.|
+00000150 88 cf 5a a5 2b 89 83 f3 04 ad 24 97 fa 34 69 fd |..Z.+.....$..4i.|
+00000160 d7 70 00 09 ce 0f 60 f7 84 7d e3 5e 19 a9 1b dd |.p....`..}.^....|
+00000170 45 3f 34 ae d4 c5 5c 1f 32 81 69 ea 22 44 1d c6 |E?4...\.2.i."D..|
+00000180 a3 ca 99 c5 44 09 76 cb e2 ed 2e fd 23 09 d4 ea |....D.v.....#...|
+00000190 62 cf cb 93 88 02 ca 8c 90 05 c9 0e 8d ff 8f e1 |b...............|
+000001a0 2d ef 52 1c ed 01 53 ef a6 ee 11 11 b7 2b c8 b4 |-.R...S......+..|
+000001b0 6e 32 8c 54 7a 2b 19 e1 32 3e d0 92 87 81 76 04 |n2.Tz+..2>....v.|
+000001c0 c0 fd 99 3b 04 00 fb 76 d7 ed b0 81 e3 81 8c 1f |...;...v........|
+000001d0 2b a0 59 d6 41 cd 8d 7d b6 62 9d ab 60 33 24 f5 |+.Y.A..}.b..`3$.|
+000001e0 ec 70 8b b2 46 60 8f 53 c8 a3 f1 47 df e0 e8 b0 |.p..F`.S...G....|
+000001f0 9a cf 61 d4 d0 f5 0b b6 cd 85 47 1b b2 26 7d f2 |..a.......G..&}.|
+00000200 0a 32 af 5c 25 2a cc d2 66 9a 36 a1 68 95 34 18 |.2.\%*..f.6.h.4.|
+00000210 2d 9a 5a 62 a7 39 be 00 70 59 63 38 6a f9 53 b7 |-.Zb.9..pYc8j.S.|
+00000220 6d dd d4 cd c4 d2 12 b0 67 06 b5 d3 28 06 e4 43 |m.......g...(..C|
+00000230 98 b5 13 9f 1a d5 5e 07 70 f9 96 3c 66 a0 60 d6 |......^.p..<f.`.|
+00000240 79 1f 67 98 0b 38 ab 5a 1c 6f b0 31 e9 d9 6e 58 |y.g..8.Z.o.1..nX|
+00000250 28 c4 c5 82 9f 57 12 ae 35 12 c5 5c 29 f9 50 93 |(....W..5..\).P.|
+00000260 07 d8 e4 b8 36 5a 1e 10 a9 ee 33 5d ce 9c fe b8 |....6Z....3]....|
+00000270 78 11 99 2a 88 9d ce 49 6f 1c 73 41 65 5f c2 d5 |x..*...Io.sAe_..|
+00000280 46 a7 25 27 bc 3d 69 25 04 3a 37 ee e6 8a c0 d8 |F.%'.=i%.:7.....|
+00000290 e8 72 7a a9 21 03 9a 63 c9 f5 16 76 c4 11 b9 12 |.rz.!..c...v....|
+000002a0 03 cf ec 91 a0 6b 90 24 ba 0b f6 f2 4a 41 0d 9f |.....k.$....JA..|
+000002b0 32 23 a3 df 3c ff c3 44 01 9c 77 5a 01 3f 00 d0 |2#..<..D..wZ.?..|
+000002c0 44 4d 48 23 58 9f 18 99 97 9c 32 7f cb 40 bb 35 |DMH#X.....2..@.5|
+000002d0 1f b8 06 07 28 7d 39 5a 47 66 12 95 30 07 24 b1 |....(}9ZGf..0.$.|
+000002e0 81 bc ea c0 6d 10 15 82 5f fe 68 50 1d aa 61 19 |....m..._.hP..a.|
+000002f0 c9 47 7c dc 16 03 03 00 bc e8 5f 40 20 1a cd d8 |.G|......._@ ...|
+00000300 5b b7 1e db 9d c0 10 96 e2 11 86 bc 0c e1 5f bd |[............._.|
+00000310 9c cc 70 37 85 87 94 3c cd 7d 0a c3 56 1e 18 9a |..p7...<.}..V...|
+00000320 dc 21 4b e6 e1 63 c0 e6 2e 32 69 96 7e a0 cf cc |.!K..c...2i.~...|
+00000330 58 74 a9 31 97 c1 e4 87 79 7f e7 7e 94 32 93 8d |Xt.1....y..~.2..|
+00000340 31 97 51 27 26 cf ac e9 f9 34 ae 3e 1d f0 e9 5a |1.Q'&....4.>...Z|
+00000350 71 82 05 10 8e be 0b 83 39 44 28 45 c6 e1 4a 85 |q.......9D(E..J.|
+00000360 c0 bf 3f 80 9b 61 97 82 d1 54 37 5f bc b2 f7 1f |..?..a...T7_....|
+00000370 a1 ef 0f c5 be 74 96 3b e8 89 30 3f d7 06 18 77 |.....t.;..0?...w|
+00000380 ed 3b aa 6e df 0c 15 e1 3e b1 36 ae 85 23 7d 9a |.;.n....>.6..#}.|
+00000390 17 c3 f4 91 3a ac b1 64 03 a9 59 19 89 c2 d9 ad |....:..d..Y.....|
+000003a0 82 d7 8e 85 36 cb 81 61 0d 3a 24 a1 84 55 37 bb |....6..a.:$..U7.|
+000003b0 13 80 61 38 ef 16 03 03 00 4a 88 8d 13 b9 32 18 |..a8.....J....2.|
+000003c0 3c e2 72 b5 5c 0b 81 87 a0 ef 87 53 89 b1 f4 8b |<.r.\......S....|
+000003d0 6a 87 68 c4 7d 59 2c 44 46 bb b1 40 8e 0a 45 4e |j.h.}Y,DF..@..EN|
+000003e0 b8 a1 ba 72 bb 71 f9 52 55 c7 44 cd b3 56 82 68 |...r.q.RU.D..V.h|
+000003f0 8c 57 39 58 0b 40 12 4f 5d a2 91 3a ab 68 55 19 |.W9X.@.O]..:.hU.|
+00000400 26 dc ed 30 16 03 03 00 14 52 f8 53 d9 fc a6 a3 |&..0.....R.S....|
+00000410 89 c4 5a 2d 66 46 17 16 c3 bb f9 3c ca |..Z-fF.....<.|
>>> Flow 9 (client to server)
-00000000 16 03 03 02 69 68 d9 de 2a 4d 03 fe 05 cc b8 d3 |....ih..*M......|
-00000010 c8 f0 3d df 1c 73 f1 bd 55 08 45 c4 2a 6b a1 c8 |..=..s..U.E.*k..|
-00000020 35 7d 56 b7 b9 15 63 ba 09 31 59 8b f8 ce a0 f8 |5}V...c..1Y.....|
-00000030 1b 3b 5f 5e 1c 3d bb 26 43 cb 7b f3 ba 3b a2 38 |.;_^.=.&C.{..;.8|
-00000040 a3 d5 bd 0b 65 16 7c e3 79 cc ed 17 04 34 60 e7 |....e.|.y....4`.|
-00000050 1e 60 52 72 13 e4 6b ef 32 99 86 94 49 30 47 df |.`Rr..k.2...I0G.|
-00000060 e2 6c 6d 3f 6c 19 e4 4e b9 df 42 e3 c8 47 2c d0 |.lm?l..N..B..G,.|
-00000070 be 2c 94 3b 1d 3e 3a b3 06 67 c3 25 9b 24 4e 8e |.,.;.>:..g.%.$N.|
-00000080 dc c7 50 ab 72 bd b4 d1 ff f7 3f 6d 13 89 55 8c |..P.r.....?m..U.|
-00000090 14 a1 ae fe ad a0 bb 8f fe 51 ac 5b eb 23 3d d0 |.........Q.[.#=.|
-000000a0 9e b8 5e 34 8c dd 47 79 9c 73 f5 6b 47 ff 10 7d |..^4..Gy.s.kG..}|
-000000b0 ac 1d a7 54 5e b5 0f 75 86 67 13 70 d5 66 da 55 |...T^..u.g.p.f.U|
-000000c0 0b 48 a0 88 ae f9 81 92 33 0b 29 79 42 f7 c2 98 |.H......3.)yB...|
-000000d0 2c 2f 32 c7 df 35 ff 4a 44 10 fa 9f 66 ce 4b 9a |,/2..5.JD...f.K.|
-000000e0 3c 5b b3 7d ac 3b 9a 68 bb 40 3d 36 6b 72 98 c5 |<[.}.;.h.@=6kr..|
-000000f0 85 3c b0 75 1c d6 45 0f f9 4d 26 2d ec 67 90 ed |.<.u..E..M&-.g..|
-00000100 88 33 92 7d 99 22 c4 08 90 64 17 1e 06 03 d5 a3 |.3.}."...d......|
-00000110 72 a6 92 99 d3 c8 46 9f e7 f9 15 bb dd ba e5 f7 |r.....F.........|
-00000120 d9 06 af 5c 1c a0 03 c7 fe 51 b5 41 0c 8f 6d ad |...\.....Q.A..m.|
-00000130 f2 41 23 a5 44 38 8a bb b3 d9 3c e8 5e 99 98 23 |.A#.D8....<.^..#|
-00000140 9c 87 3d f8 10 df 58 c2 dd b9 2c 7e 56 a1 75 84 |..=...X...,~V.u.|
-00000150 a2 e5 66 20 58 ed fe f7 04 ff 93 e0 6e 9f 1e f3 |..f X.......n...|
-00000160 a9 8a 9a 37 38 d2 7c 4d 74 88 f5 bd 2b 5a 05 bc |...78.|Mt...+Z..|
-00000170 53 a1 48 ab 98 ca 91 bb fa f3 62 a9 0a fa 89 e6 |S.H.......b.....|
-00000180 22 06 1d 59 72 32 51 d6 f6 de e8 89 b6 eb 96 f2 |"..Yr2Q.........|
-00000190 4d e0 82 0d b8 ec a7 09 84 79 18 70 3e 09 ba 9a |M........y.p>...|
-000001a0 98 27 13 e8 e6 e5 9d 7c df 4d 42 a8 41 be 62 e0 |.'.....|.MB.A.b.|
-000001b0 1d 48 24 5d 35 e5 a5 ff f5 67 85 cf b8 53 e1 5e |.H$]5....g...S.^|
-000001c0 dd 82 40 9e d3 94 fd 7b 1b b3 13 d8 98 a8 1f 21 |..@....{.......!|
-000001d0 1a 04 5a df 3c 8f 3a c0 dc 86 8b e1 39 0a 03 8e |..Z.<.:.....9...|
-000001e0 8c 9a 4c d5 15 32 2d 1c 0f ad 43 25 e6 5a 77 f9 |..L..2-...C%.Zw.|
-000001f0 2d e5 a0 a0 b2 32 43 0f 11 55 bb c2 e1 c6 45 2a |-....2C..U....E*|
-00000200 da a0 6c 14 49 0f a7 d7 40 b1 1a c8 72 2a a8 26 |..l.I...@...r*.&|
-00000210 45 f4 66 9a e0 42 aa 25 ac 28 ec 8c a2 df 48 cc |E.f..B.%.(....H.|
-00000220 c3 a9 9e 9e af 38 88 82 43 8f 99 02 79 90 3e d9 |.....8..C...y.>.|
-00000230 9e d0 75 a5 95 83 ec 44 2b 13 1c d8 eb 3f 2c 5d |..u....D+....?,]|
-00000240 1b 7e e2 fe 47 89 08 5b 58 dc 3d ea 32 5e a1 af |.~..G..[X.=.2^..|
-00000250 c5 e8 90 b8 28 4b 58 55 34 46 ef 2a d6 a0 9b 0b |....(KXU4F.*....|
-00000260 73 b9 8b b4 38 63 08 92 03 4c 8c 12 be a8 16 03 |s...8c...L......|
-00000270 03 00 35 f5 3c 22 cc bc cf c3 ad 84 1d dc f4 b6 |..5.<"..........|
-00000280 e0 4a 1c b9 e5 d8 a6 b7 a2 8c fb 40 11 12 40 5c |.J.........@..@\|
-00000290 e2 f4 ce ac 83 93 69 71 19 85 43 19 9e 30 ee 97 |......iq..C..0..|
-000002a0 02 8e 69 8f 4d 1d 2c 0f 16 03 03 00 98 94 e4 82 |..i.M.,.........|
-000002b0 1d 6b d2 ce 76 6d 68 55 db bb 91 73 6e e9 73 05 |.k..vmhU...sn.s.|
-000002c0 6a d3 eb 48 f1 d7 f6 52 ba 49 6a f2 f7 74 c8 56 |j..H...R.Ij..t.V|
-000002d0 ba f5 e5 97 cb a0 b7 ab 37 2c ff 7a a6 42 e6 78 |........7,.z.B.x|
-000002e0 51 8a 9c bf fa 05 b7 66 04 6d 83 d1 0d e8 18 d0 |Q......f.m......|
-000002f0 f2 b3 4d 4d 2d c0 f7 ac d1 55 b8 03 d7 dc d7 c2 |..MM-....U......|
-00000300 73 72 54 c9 29 e4 98 29 a3 95 11 7e 56 52 87 09 |srT.)..)...~VR..|
-00000310 05 fe 74 e2 f1 74 c7 f6 f2 28 4f 2c 24 92 ac ae |..t..t...(O,$...|
-00000320 1c df 4e f9 db ce 3c db 48 60 6b 4d 12 9c f7 de |..N...<.H`kM....|
-00000330 26 73 25 d2 e7 d1 2e fd b5 5e c4 66 2a 60 4a 04 |&s%......^.f*`J.|
-00000340 2d b9 6c b1 d2 14 03 03 00 11 58 08 81 e4 4d c4 |-.l.......X...M.|
-00000350 93 47 e2 45 e2 44 73 36 3a fe ba 16 03 03 00 20 |.G.E.Ds6:...... |
-00000360 25 2d 76 2c 22 34 e9 ed 11 a5 84 ee d3 63 df 17 |%-v,"4.......c..|
-00000370 88 be 86 7c 51 35 fb 7e aa a6 b9 a2 02 59 f7 00 |...|Q5.~.....Y..|
+00000000 16 03 03 02 69 fe 0d 45 cb 57 12 fa 9e 10 d7 b3 |....i..E.W......|
+00000010 a5 dd 33 0e 39 41 77 63 8e 99 e0 5b b9 5e 94 0a |..3.9Awc...[.^..|
+00000020 48 b2 6b e9 61 ab f2 74 6b 5e a3 f9 3f 9c 29 0b |H.k.a..tk^..?.).|
+00000030 6b 34 29 92 d8 c8 2c 61 84 f2 3b 0f c2 5c e5 19 |k4)...,a..;..\..|
+00000040 6a f0 e2 03 e3 93 a6 1e 4e 87 79 6b 07 dc 18 d2 |j.......N.yk....|
+00000050 9a 25 be f3 d6 ab 2a be f8 68 65 68 92 8a 80 04 |.%....*..heh....|
+00000060 26 eb 62 ae 6b bc 81 27 82 76 25 e0 6b ac 04 e9 |&.b.k..'.v%.k...|
+00000070 67 68 13 f6 7b 7e 24 c2 75 27 8a c9 3a 7a 2f aa |gh..{~$.u'..:z/.|
+00000080 a2 37 d9 73 97 bc 4b 09 ba 1b 2c ba 08 85 c6 82 |.7.s..K...,.....|
+00000090 50 a3 e0 00 6e a8 7c 14 ab 38 ae c4 82 ee 05 4b |P...n.|..8.....K|
+000000a0 9a c0 19 62 1e de ef 7f 8c a4 a0 0e 29 0f b4 09 |...b........)...|
+000000b0 f1 b9 39 ae 09 1b 6e 6f ee 3d 31 72 70 09 51 44 |..9...no.=1rp.QD|
+000000c0 1c 33 64 6d ae 8d da a5 e0 7b a3 49 19 2c 3f dd |.3dm.....{.I.,?.|
+000000d0 6b 1e d1 a7 bb 8a 13 8c e9 aa 5f b3 fd 88 89 5a |k........._....Z|
+000000e0 4a 30 dd d0 1e 6a 8c 8a 0d 35 82 01 64 c1 42 ff |J0...j...5..d.B.|
+000000f0 60 ac 3d 62 bf 31 3e ab 42 7e b0 da 4a cc 9c d8 |`.=b.1>.B~..J...|
+00000100 0e 92 97 a2 40 48 48 ce 66 49 bd 1b 8a ee ed 46 |....@HH.fI.....F|
+00000110 18 98 b9 43 b8 76 e8 93 07 3c 38 6e c2 cd 9c ce |...C.v...<8n....|
+00000120 e2 38 f0 d7 ee ad c7 4a c4 ed 3b fd 2e f2 9b 43 |.8.....J..;....C|
+00000130 6c fe 75 d7 4d 61 2a c5 16 e2 3d af 98 5b 76 f5 |l.u.Ma*...=..[v.|
+00000140 3e 96 b9 81 b3 cb 0c 91 89 44 6e d6 66 c4 f2 dd |>........Dn.f...|
+00000150 c9 21 09 91 95 f2 99 29 62 54 44 03 b0 fe 84 bb |.!.....)bTD.....|
+00000160 96 86 c4 ca 6e 7f c9 f9 1a 80 38 42 7d 54 b3 6f |....n.....8B}T.o|
+00000170 2a 2d c3 19 54 60 3f fb 00 95 65 6a 85 4b a2 8f |*-..T`?...ej.K..|
+00000180 6a 3d 38 61 e9 36 c2 25 92 3b 53 f2 ea bb 60 42 |j=8a.6.%.;S...`B|
+00000190 ab 83 83 c0 2e 95 6d 5a 19 61 9f b3 29 ee b2 52 |......mZ.a..)..R|
+000001a0 5f 27 16 46 d9 ad 62 45 d5 81 9a 93 ef a1 4f e7 |_'.F..bE......O.|
+000001b0 0e e0 71 bf cd 49 68 e7 13 f1 71 59 8c f5 2d 05 |..q..Ih...qY..-.|
+000001c0 5d 65 c4 6e 2c 91 c5 d3 40 c4 2f df c8 f6 59 55 |]e.n,...@./...YU|
+000001d0 05 6b c1 b7 59 15 8e b8 85 1b 75 dd 44 9e b7 f3 |.k..Y.....u.D...|
+000001e0 00 73 bf c6 93 d4 43 27 bd 60 79 1a 28 93 2d 64 |.s....C'.`y.(.-d|
+000001f0 fb 2f 77 a6 79 22 54 f3 c3 3c 3f cd 4d ea 79 3b |./w.y"T..<?.M.y;|
+00000200 aa 4c e6 86 55 8d e0 5c ce 00 1e d4 fa ab bb de |.L..U..\........|
+00000210 8f 41 95 15 d3 6a 21 02 cb 4a f5 b6 2d 8c da 99 |.A...j!..J..-...|
+00000220 93 1f 9f 81 cf 77 f8 01 0a ab 77 03 5c a3 bd 3a |.....w....w.\..:|
+00000230 ba 07 51 17 50 06 c9 51 f8 f1 ec 3f 60 44 df 1b |..Q.P..Q...?`D..|
+00000240 06 05 bd 8f 17 99 00 73 38 e5 bb fb 08 1b e7 ea |.......s8.......|
+00000250 b5 36 e0 4e 67 d9 11 90 5e d9 8e 63 7b f9 03 4b |.6.Ng...^..c{..K|
+00000260 ef cd 4d 2c d9 4b eb 8a bb 62 85 03 16 e2 16 03 |..M,.K...b......|
+00000270 03 00 35 d1 39 57 66 1b 70 63 8f 6a b4 1d 5f 5e |..5.9Wf.pc.j.._^|
+00000280 dd 31 7e 5b 0e e3 d5 98 90 8b 60 33 0c 10 7c 01 |.1~[......`3..|.|
+00000290 4c 40 88 e9 a3 8c 61 ab dc 4a e2 ce 0a fc 56 7b |L@....a..J....V{|
+000002a0 ef e3 19 60 62 18 97 7c 16 03 03 00 98 2f 65 76 |...`b..|...../ev|
+000002b0 15 2e 76 82 e8 70 6d c4 17 72 e7 30 9c 14 af d4 |..v..pm..r.0....|
+000002c0 0f 1e ec b5 5c 80 31 dc 15 fc 81 06 20 f1 e5 99 |....\.1..... ...|
+000002d0 67 c6 eb cc 77 57 2c 55 85 dc f9 9f 6f 19 7a d0 |g...wW,U....o.z.|
+000002e0 a0 45 17 b9 8c e4 19 46 ef dc 28 e1 e7 87 93 e0 |.E.....F..(.....|
+000002f0 c5 83 70 28 23 90 b9 c2 53 a3 67 d8 09 1f 47 0e |..p(#...S.g...G.|
+00000300 a3 de bf a3 07 2d e7 3b a5 e9 11 c4 30 59 fb cd |.....-.;....0Y..|
+00000310 5d 6a d0 47 6f 43 a4 bd 2f 56 67 7d b2 c8 f5 2a |]j.GoC../Vg}...*|
+00000320 9b ce ea 10 ec 83 f8 bc 87 19 c8 97 a9 ee 80 3c |...............<|
+00000330 cb de 1a 22 60 ed 77 f7 57 5f 20 54 62 ca b0 e7 |..."`.w.W_ Tb...|
+00000340 75 a0 ba fc 32 14 03 03 00 11 86 a9 6a 14 1a 4c |u...2.......j..L|
+00000350 1d 21 1f 3c c2 19 85 02 88 f5 f6 16 03 03 00 20 |.!.<........... |
+00000360 03 f9 fc ed cf 15 ed 86 d2 69 49 d7 e2 01 06 96 |.........iI.....|
+00000370 42 74 89 3f bf 98 56 0f c1 1b 61 b6 36 3b ae 87 |Bt.?..V...a.6;..|
>>> Flow 10 (server to client)
-00000000 14 03 03 00 11 bb 91 ed b9 75 be 6c 2c b8 7c 57 |.........u.l,.|W|
-00000010 0b 44 2e 6d 68 4a 16 03 03 00 20 49 17 51 ce 23 |.D.mhJ.... I.Q.#|
-00000020 ff 71 ad f5 45 75 01 43 4d d2 f8 08 d8 e5 4d d7 |.q..Eu.CM.....M.|
-00000030 1c 35 5e 8b 18 54 e5 f6 0c b5 2e 17 03 03 00 19 |.5^..T..........|
-00000040 ec 43 1a 6d 9e fb 53 cd 55 1a 72 2e da d1 ea 58 |.C.m..S.U.r....X|
-00000050 66 17 a9 1c be fc d9 72 dd 16 03 03 00 14 c2 98 |f......r........|
-00000060 a4 ac d5 0c a2 10 61 8b 55 3a 69 b6 26 33 4f fe |......a.U:i.&3O.|
-00000070 2d 42 |-B|
+00000000 14 03 03 00 11 00 e4 ef 62 c1 c0 72 f3 98 4d 5a |........b..r..MZ|
+00000010 6a c8 7e 29 92 b8 16 03 03 00 20 ff 7e fc cb b5 |j.~)...... .~...|
+00000020 07 5f ea 8a 89 2a 46 1b c6 33 41 fe f9 f4 1e 3a |._...*F..3A....:|
+00000030 9d 8b 1d 8f 9b 7b 89 07 b4 e8 59 17 03 03 00 19 |.....{....Y.....|
+00000040 a3 ba 0c 9b 54 cd 59 6a e1 db 33 80 38 a9 95 a1 |....T.Yj..3.8...|
+00000050 95 5b a5 5f ad 3c d0 52 f7 16 03 03 00 14 e6 22 |.[._.<.R......."|
+00000060 84 a7 02 10 1e ee 58 88 a5 b8 e8 bf 0a 9b 61 46 |......X.......aF|
+00000070 0c ae |..|
>>> Flow 11 (client to server)
-00000000 15 03 03 00 12 d4 c8 e4 36 30 00 40 d1 d5 9a 9d |........60.@....|
-00000010 3c 2d eb 4f e0 6e a3 15 03 03 00 12 4d b6 67 e4 |<-.O.n......M.g.|
-00000020 02 d0 89 50 ef 4b 8a 1f 49 f2 f0 14 b6 7e |...P.K..I....~|
+00000000 15 03 03 00 12 7f 90 91 7b 93 4e 24 25 5e cb 35 |........{.N$%^.5|
+00000010 2c eb ee 29 6a b3 a3 15 03 03 00 12 3d b7 30 fe |,..)j.......=.0.|
+00000020 63 90 c3 2d 17 a0 e1 ed 8d bb a4 f6 f6 17 |c..-..........|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ALPN b/src/crypto/tls/testdata/Server-TLSv12-ALPN
index 8ad62b2..f6ddb97 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ALPN
+++ b/src/crypto/tls/testdata/Server-TLSv12-ALPN
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 e3 01 00 00 df 03 03 6c cf 4e 4c 7a |...........l.NLz|
-00000010 79 f3 b9 ce eb 69 38 ec fa 9d 5b 38 01 d5 a2 8a |y....i8...[8....|
-00000020 cf b5 d7 b5 b8 50 96 7f 73 7b 37 00 00 38 c0 2c |.....P..s{7..8.,|
+00000000 16 03 01 00 e3 01 00 00 df 03 03 e7 33 0d 6a 2d |............3.j-|
+00000010 87 bc b4 a1 11 ee 1a 4e 91 f5 fb ad 29 70 d4 6d |.......N....)p.m|
+00000020 05 be ec f3 e2 b1 0d 4e da a4 b5 00 00 38 c0 2c |.......N.....8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
@@ -60,38 +60,38 @@
000002a0 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac |=.`.\!.;........|
000002b0 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 |....... /.}.G.bC|
000002c0 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 |.(.._.).0.......|
-000002d0 ed 90 99 5f 58 cb 3b 74 04 01 00 80 a5 2d f2 48 |..._X.;t.....-.H|
-000002e0 73 8a c9 b6 91 a7 41 1c 82 86 71 28 20 e4 e1 0a |s.....A...q( ...|
-000002f0 71 e4 64 fb 80 26 08 7a fb be 4d f8 37 ae 5a c4 |q.d..&.z..M.7.Z.|
-00000300 58 ab 63 13 d0 97 4a df 11 88 da fb ea 12 8a 1f |X.c...J.........|
-00000310 16 e7 22 3d ee 34 81 5a 80 bc e7 ae 43 65 d3 93 |.."=.4.Z....Ce..|
-00000320 01 60 2d ee ed 1c 9f 14 64 07 71 dd ef 9a 40 43 |.`-.....d.q...@C|
-00000330 b4 71 15 97 b2 cf 62 42 ef f0 99 71 30 4f ce d0 |.q....bB...q0O..|
-00000340 d3 b6 6a c1 b0 11 53 b1 b9 fc 8e 0b 2a 2a c3 b8 |..j...S.....**..|
-00000350 aa 35 0d bd e5 ac 69 2a 1d 02 0c 29 16 03 03 00 |.5....i*...)....|
+000002d0 ed 90 99 5f 58 cb 3b 74 08 04 00 80 b6 a2 61 f9 |..._X.;t......a.|
+000002e0 30 40 0b 5c 2c 92 b4 7b e3 42 79 00 11 4d 6b 85 |0@.\,..{.By..Mk.|
+000002f0 df 2e 19 c2 fc a8 bc 16 0b c0 8d 02 55 99 a7 06 |............U...|
+00000300 fa 4c 4d 4c 27 de 6d 3d 1e 7a 6f 2c fc eb 9e 15 |.LML'.m=.zo,....|
+00000310 40 6f 0c 81 b3 e1 4d 78 b7 38 c6 50 8f 5b 63 ac |@o....Mx.8.P.[c.|
+00000320 20 4f a6 06 aa 00 84 f5 01 f4 68 7a 5a 16 c5 da | O........hzZ...|
+00000330 71 b2 4f 04 6e 59 88 14 8c 81 01 91 a8 e8 c1 18 |q.O.nY..........|
+00000340 a8 07 e8 7a f4 dc b9 e7 7f c5 ce 2c 32 8d fe d6 |...z.......,2...|
+00000350 1f 0e a5 f0 f4 c7 dd 39 13 a1 ca 6d 16 03 03 00 |.......9...m....|
00000360 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 6f d3 49 75 37 d6 |....%...! o.Iu7.|
-00000010 a2 00 86 0d 56 7a 21 f8 65 bf b4 f8 8f 24 3b 29 |....Vz!.e....$;)|
-00000020 85 05 c1 53 8e 7d b1 34 fa 40 14 03 03 00 01 01 |...S.}.4.@......|
-00000030 16 03 03 00 28 e8 73 e4 4c 86 08 57 d0 35 e1 ec |....(.s.L..W.5..|
-00000040 44 36 b0 c4 ab 70 64 dc f7 ce e4 9e 83 22 cb 55 |D6...pd......".U|
-00000050 6c ba 7b 02 bf 00 35 bd 65 b3 5e 49 b8 |l.{...5.e.^I.|
+00000000 16 03 03 00 25 10 00 00 21 20 d7 fa 22 66 b4 c8 |....%...! .."f..|
+00000010 67 2c 45 93 bf 38 3a 13 21 45 d5 29 95 5b 0d 5c |g,E..8:.!E.).[.\|
+00000020 79 d2 d6 9b ef bd 7d eb a9 21 14 03 03 00 01 01 |y.....}..!......|
+00000030 16 03 03 00 28 a2 81 84 32 29 01 69 28 f9 56 cc |....(...2).i(.V.|
+00000040 c9 72 51 5c 22 38 51 12 e1 55 a1 d6 8c cf 66 75 |.rQ\"8Q..U....fu|
+00000050 b4 bd 49 60 d0 e4 7e 9e fe 56 d1 62 36 |..I`..~..V.b6|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 6c 6a 7e 4b cf 4d cd ab 64 0f 0f |o...alj~K.M..d..|
-00000040 b3 3f 2c b1 de 5f 2c ca 16 1f f5 cc 5a 1c a3 41 |.?,.._,.....Z..A|
-00000050 88 6d fb 88 63 c3 b9 c7 bd 7a c4 14 7f 07 7a 85 |.m..c....z....z.|
-00000060 9e 56 c8 ec 60 33 94 c9 db d5 3a d2 6a f2 66 6a |.V..`3....:.j.fj|
-00000070 e6 43 42 8c 0a 1b f7 db 5e 90 08 eb 5b ea c2 0e |.CB.....^...[...|
-00000080 48 b1 6d f3 7a 32 42 14 03 03 00 01 01 16 03 03 |H.m.z2B.........|
-00000090 00 28 00 00 00 00 00 00 00 00 21 fa 55 8f 07 9b |.(........!.U...|
-000000a0 0d 35 73 08 27 67 44 11 7e ae 3e 60 b6 e2 18 4e |.5s.'gD.~.>`...N|
-000000b0 d5 75 28 4c 9e 98 2d b3 e6 55 17 03 03 00 25 00 |.u(L..-..U....%.|
-000000c0 00 00 00 00 00 00 01 23 db 6a 59 85 c2 10 e9 96 |.......#.jY.....|
-000000d0 52 6d 0b ab c0 e6 17 55 8f 7a d8 7a c4 e2 2a 27 |Rm.....U.z.z..*'|
-000000e0 80 0e 58 a3 15 03 03 00 1a 00 00 00 00 00 00 00 |..X.............|
-000000f0 02 a8 1b e9 e8 5c 6e 57 19 86 19 d6 ef 81 db f5 |.....\nW........|
-00000100 95 e1 8d |...|
+00000030 6f ec 80 83 61 cf 87 48 45 0d 9d a5 bf 38 b4 9f |o...a..HE....8..|
+00000040 19 a9 cd ca 63 79 2d c3 ae 70 74 56 44 99 fb cc |....cy-..ptVD...|
+00000050 7d 31 c2 67 75 fe 57 1b fd 6b 2f cd df ec fa 5b |}1.gu.W..k/....[|
+00000060 23 47 19 7e 84 33 94 d7 de e2 b9 ff 75 7d dc 80 |#G.~.3......u}..|
+00000070 9e 55 94 8e 15 94 70 8f b5 21 0e 4e f7 4c e6 44 |.U....p..!.N.L.D|
+00000080 01 a3 9d 67 5f 05 73 14 03 03 00 01 01 16 03 03 |...g_.s.........|
+00000090 00 28 00 00 00 00 00 00 00 00 3a 49 dc e2 aa ce |.(........:I....|
+000000a0 a8 43 27 08 a8 6b 7c ae 3f 07 18 e1 04 a9 e6 24 |.C'..k|.?......$|
+000000b0 0e 9e 0a 0f af a4 c3 6e 90 2d 17 03 03 00 25 00 |.......n.-....%.|
+000000c0 00 00 00 00 00 00 01 41 e1 9b 4c 8a 1a e8 10 bf |.......A..L.....|
+000000d0 9f fd 76 e4 43 c2 cf 04 ee 68 6a 02 3c 97 fc ec |..v.C....hj.<...|
+000000e0 c4 0a 74 1d 15 03 03 00 1a 00 00 00 00 00 00 00 |..t.............|
+000000f0 02 1c 9b b1 b6 07 fa 33 a8 70 03 d9 27 29 ea 61 |.......3.p..').a|
+00000100 96 c2 48 |..H|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch b/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
index af668a5..f8b88a6 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
+++ b/src/crypto/tls/testdata/Server-TLSv12-ALPN-NoMatch
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 e3 01 00 00 df 03 03 3e 91 68 7c f4 |...........>.h|.|
-00000010 a8 fc b3 ee 4c d2 f6 d2 9f a9 0a ea 15 b4 81 f3 |....L...........|
-00000020 ff da 13 eb 88 e9 aa 4d 31 74 f7 00 00 38 c0 2c |.......M1t...8.,|
+00000000 16 03 01 00 e3 01 00 00 df 03 03 ed dd 7f 68 1d |..............h.|
+00000010 9e 83 bc 08 01 39 8e 97 76 91 cb cb 24 73 15 f5 |.....9..v...$s..|
+00000020 17 17 db 78 69 ca e1 ed 0f fc bc 00 00 38 c0 2c |...xi........8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
@@ -59,38 +59,38 @@
00000290 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 |...=.`.\!.;.....|
000002a0 03 00 ac 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 |.......... /.}.G|
000002b0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....|
-000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 01 00 80 82 |......_X.;t.....|
-000002d0 5c 44 f1 80 64 3b bd 64 fd 13 17 63 63 3d fa 1f |\D..d;.d...cc=..|
-000002e0 7a 68 98 6c 95 55 ca f7 c9 f0 28 57 db c0 ec ed |zh.l.U....(W....|
-000002f0 b5 a5 a9 63 8e e7 1e be 3f 2e 78 c6 b4 b0 7c 1e |...c....?.x...|.|
-00000300 aa 3e 3e 1f bb a9 95 78 73 a1 e7 45 10 c0 b6 14 |.>>....xs..E....|
-00000310 40 b3 dd a3 56 37 fd 89 f7 15 7e 35 e1 4a 93 9e |@...V7....~5.J..|
-00000320 ed f9 c6 07 2f 72 63 f0 03 49 a1 9a 24 95 da 2b |..../rc..I..$..+|
-00000330 a1 e6 a8 4a 3b 96 c9 23 59 2a 1a 16 3f 20 f5 aa |...J;..#Y*..? ..|
-00000340 85 06 2f 97 33 d1 9e 14 6a 4b c7 04 09 20 07 16 |../.3...jK... ..|
+000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 08 04 00 80 59 |......_X.;t....Y|
+000002d0 85 20 dc b1 4c d2 17 4d 20 73 1a a7 f7 ab 40 52 |. ..L..M s....@R|
+000002e0 73 e7 02 21 eb 55 e2 c9 73 c0 c2 8a ed a3 fd 07 |s..!.U..s.......|
+000002f0 0b 5b 30 c2 1e 63 a1 c2 27 41 6c 5a ca 6e 12 d3 |.[0..c..'AlZ.n..|
+00000300 4a 87 15 29 7f 44 06 3d 14 76 98 45 e5 27 84 09 |J..).D.=.v.E.'..|
+00000310 44 be f3 c4 ce 79 31 e9 92 06 b6 d2 d9 19 d1 24 |D....y1........$|
+00000320 7d 44 6a 57 ea 9d 12 e3 e7 a1 16 86 10 fc 7a 66 |}DjW..........zf|
+00000330 00 3a f0 f0 ed e7 7c 20 82 0a 26 5d 92 79 8a 5b |.:....| ..&].y.[|
+00000340 55 98 fc 1a c1 2f c0 07 ce b8 03 3a 01 da 62 16 |U..../.....:..b.|
00000350 03 03 00 04 0e 00 00 00 |........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 13 9a 7e ca 83 9c |....%...! ..~...|
-00000010 8b d9 5c 73 eb ea 46 10 a6 be b4 40 4a bd 0e 94 |..\s..F....@J...|
-00000020 5b b9 26 08 4c 84 ba 2e 01 16 14 03 03 00 01 01 |[.&.L...........|
-00000030 16 03 03 00 28 9c ad 4c 10 62 fb 92 8d 7f 05 34 |....(..L.b.....4|
-00000040 09 26 60 3f 0c ad 00 d5 7f 7c db 3b 80 57 7a c9 |.&`?.....|.;.Wz.|
-00000050 16 9d cf a2 5f 48 f2 c8 90 80 dd 98 4d |...._H......M|
+00000000 16 03 03 00 25 10 00 00 21 20 d9 f2 e4 c5 cf 38 |....%...! .....8|
+00000010 23 30 2e b6 d9 0f 3b a2 d7 2f eb d5 74 a8 29 12 |#0....;../..t.).|
+00000020 5f 27 bc 81 96 6b 12 5a bb 2f 14 03 03 00 01 01 |_'...k.Z./......|
+00000030 16 03 03 00 28 4b a1 12 ce 11 2a 0f 79 7c 56 eb |....(K....*.y|V.|
+00000040 bb 9f 7d 91 c7 53 25 d6 ae 0b 98 f1 b5 ea ef 51 |..}..S%........Q|
+00000050 8b 3a fb d1 6c ae 3d bb b7 67 d9 ba 36 |.:..l.=..g..6|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 5f 70 47 31 42 7d 4d 8f ac 3a 97 |o...a_pG1B}M..:.|
-00000040 2d 3e 63 9e 69 6f 85 a6 01 be 0c 91 6b ff 81 3e |->c.io......k..>|
-00000050 f9 86 fe 7e c6 8c 24 e6 b7 fd b2 57 fd 1e 7c a3 |...~..$....W..|.|
-00000060 02 59 37 6d 30 33 94 d8 30 58 cf 4e eb 24 9d ad |.Y7m03..0X.N.$..|
-00000070 53 b1 52 ed 14 e6 a7 0d 70 97 e4 e9 4e e1 2b 1d |S.R.....p...N.+.|
-00000080 4f 99 98 e5 5a 34 36 14 03 03 00 01 01 16 03 03 |O...Z46.........|
-00000090 00 28 00 00 00 00 00 00 00 00 31 06 c0 75 c8 df |.(........1..u..|
-000000a0 bd 47 0a c1 05 34 86 4a 4b 40 0a c0 fb 88 51 0c |.G...4.JK@....Q.|
-000000b0 9e d3 6d 32 2a ab 2e 23 cc 5b 17 03 03 00 25 00 |..m2*..#.[....%.|
-000000c0 00 00 00 00 00 00 01 f9 47 ce e1 bf 21 5f fb f7 |........G...!_..|
-000000d0 4c a7 11 99 6e 27 e2 a9 28 d3 39 1b db ef e5 1d |L...n'..(.9.....|
-000000e0 75 e6 b1 1a 15 03 03 00 1a 00 00 00 00 00 00 00 |u...............|
-000000f0 02 ae a4 74 3c 39 f2 3c 5a 7c 5f a1 25 a2 40 56 |...t<9.<Z|_.%.@V|
-00000100 ab 79 e3 |.y.|
+00000030 6f ec 80 83 61 40 f9 2b 9e a7 30 60 fb 46 36 c4 |o...a@.+..0`.F6.|
+00000040 0e b3 2a c4 73 64 2e 12 6c 0d f5 b9 6f 05 ae 27 |..*.sd..l...o..'|
+00000050 d7 a3 47 c5 67 31 3e 95 84 bf 42 e1 b9 0d 90 40 |..G.g1>...B....@|
+00000060 01 50 0d 32 4b 33 94 5c a3 1d b9 db e5 c5 24 02 |.P.2K3.\......$.|
+00000070 48 31 ad 70 8e c7 e9 60 a5 7e ea 91 7b 01 79 06 |H1.p...`.~..{.y.|
+00000080 66 f9 c4 9d bd 65 a5 14 03 03 00 01 01 16 03 03 |f....e..........|
+00000090 00 28 00 00 00 00 00 00 00 00 32 be b5 c5 4d 83 |.(........2...M.|
+000000a0 41 97 f6 26 0f aa 06 35 d5 9e f8 12 1c 04 f7 b6 |A..&...5........|
+000000b0 16 9f f9 a4 43 b8 56 ea 4a 82 17 03 03 00 25 00 |....C.V.J.....%.|
+000000c0 00 00 00 00 00 00 01 1a 8e 6b 4a 69 02 56 46 eb |.........kJi.VF.|
+000000d0 26 12 47 a3 9d 9a 8a 09 20 4a 6c b2 d0 6a 14 48 |&.G..... Jl..j.H|
+000000e0 be d5 f0 48 15 03 03 00 1a 00 00 00 00 00 00 00 |...H............|
+000000f0 02 0e 01 9d 60 90 01 60 99 a0 f5 df 6d 38 e5 76 |....`..`....m8.v|
+00000100 4d d7 d7 |M..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
index 48c02f2..802aa1a 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
+++ b/src/crypto/tls/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 cb 01 00 00 c7 03 03 aa 7b c0 07 1f |............{...|
-00000010 c3 45 6b b4 8d cc 6a 9d aa 2f 76 2c e5 0b dc 95 |.Ek...j../v,....|
-00000020 67 4f 03 e4 a5 d0 36 61 e9 dc 97 00 00 38 c0 2c |gO....6a.....8.,|
+00000000 16 03 01 00 cb 01 00 00 c7 03 03 27 8a e9 f3 58 |...........'...X|
+00000010 5a 08 90 d6 d4 97 23 b6 a7 92 73 3a a3 3c c1 a1 |Z.....#...s:.<..|
+00000020 ca 06 23 c8 ed 4a 19 26 73 c9 62 00 00 38 c0 2c |..#..J.&s.b..8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
@@ -57,36 +57,36 @@
00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........|
000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.|
000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
-000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 70 1f f4 82 04 |.._X.;t....p....|
-000002d0 3b ca 50 b4 61 d7 b1 f5 c0 4e fe 80 f4 de 3f 72 |;.P.a....N....?r|
-000002e0 b0 8d eb 8d 37 56 c8 b0 92 81 7b b1 a0 c5 1d b8 |....7V....{.....|
-000002f0 9e 4f 6e b4 60 6c 2c 48 66 67 97 aa 41 34 c1 99 |.On.`l,Hfg..A4..|
-00000300 1e 2f cf ef d0 98 53 3b 50 5b db ed 8b 0b 92 7b |./....S;P[.....{|
-00000310 20 63 10 56 4c b6 c2 b8 78 8f fb 88 7b 78 9e ee | c.VL...x...{x..|
-00000320 33 78 2e 7d 14 01 8a c8 e0 59 11 f7 b4 4d 5f 8b |3x.}.....Y...M_.|
-00000330 6e 35 1c af 24 bf 54 a9 f2 ca fa 2a 2c 13 b1 fc |n5..$.T....*,...|
-00000340 c8 69 4b 55 3c 13 b3 2e 69 0f 4a 16 03 03 00 04 |.iKU<...i.J.....|
+000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 42 86 d0 0a 5b |.._X.;t....B...[|
+000002d0 d7 97 20 4d be 16 b8 eb 51 66 28 3b f9 45 35 f5 |.. M....Qf(;.E5.|
+000002e0 de 1d 28 c9 36 63 5b 7b f6 a7 64 79 fb 39 20 c3 |..(.6c[{..dy.9 .|
+000002f0 dd db 38 3e af 89 ce 91 f7 bd 51 b4 5e 01 d8 9b |..8>......Q.^...|
+00000300 54 62 58 24 3b c2 43 59 a4 11 1a 2b 67 c5 5f 79 |TbX$;.CY...+g._y|
+00000310 fe 68 9d c7 e6 8b 36 8b f9 cb 00 b0 b3 0f 52 fb |.h....6.......R.|
+00000320 fe a5 e6 c6 26 9b d1 a2 17 4e e2 58 7f b2 80 78 |....&....N.X...x|
+00000330 10 b4 0a 47 e1 18 92 d4 a5 5a 86 06 36 ca f7 b6 |...G.....Z..6...|
+00000340 1c 83 81 0e eb 32 7d fe 06 c5 03 16 03 03 00 04 |.....2}.........|
00000350 0e 00 00 00 |....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 f6 5e a3 41 79 62 |....%...! .^.Ayb|
-00000010 ca 1e fe 4e 11 90 8b 79 55 d4 b9 1f 7b f8 06 0f |...N...yU...{...|
-00000020 7c 7c e9 18 3f 1d 24 da d0 64 14 03 03 00 01 01 |||..?.$..d......|
-00000030 16 03 03 00 40 86 11 cb 65 6e bc cd 1c 4a 94 2e |....@...en...J..|
-00000040 7f 19 97 74 31 4b 2d a3 95 7e ae dd c7 fd 74 a0 |...t1K-..~....t.|
-00000050 52 5b 11 0b d0 85 7e 57 6e 42 54 a1 cf a2 15 50 |R[....~WnBT....P|
-00000060 10 c0 30 5e 52 b8 b5 60 9d 05 43 62 24 c6 50 9b |..0^R..`..Cb$.P.|
-00000070 18 ea 3b ee b2 |..;..|
+00000000 16 03 03 00 25 10 00 00 21 20 14 7f fb 7d 0c ef |....%...! ...}..|
+00000010 48 c4 8f 75 24 19 5f ee 5f 51 08 35 74 cf c3 ea |H..u$._._Q.5t...|
+00000020 67 20 c4 f9 49 b2 cf 69 5a 77 14 03 03 00 01 01 |g ..I..iZw......|
+00000030 16 03 03 00 40 2b d2 f4 dc 36 98 ef 1d 43 f9 3e |....@+...6...C.>|
+00000040 83 33 c0 71 a6 e3 ac f1 3c cc 94 e4 d0 fe 81 bc |.3.q....<.......|
+00000050 94 56 15 eb 6a 7b 17 33 e1 a0 ef d5 7a 86 af ea |.V..j{.3....z...|
+00000060 1f bb d5 8c 80 56 d5 e4 08 cd 68 bf c0 53 c2 56 |.....V....h..S.V|
+00000070 aa b3 38 1e 4e |..8.N|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 6a 48 9f e1 36 |...........jH..6|
-00000020 95 3d 08 0b f2 66 15 f6 fb 95 79 b3 79 3a 2d 3d |.=...f....y.y:-=|
-00000030 eb 3c 19 25 d4 8c 76 85 61 80 cb 3e 48 15 7b d3 |.<.%..v.a..>H.{.|
-00000040 c0 ae 8f 46 24 62 2b 4c dc 50 43 17 03 03 00 40 |...F$b+L.PC....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 45 07 c3 ba 8c |...........E....|
+00000020 d8 9f b6 f1 6a 14 bb b1 4e 84 3f 25 6a 3d ef f6 |....j...N.?%j=..|
+00000030 88 89 1a 91 22 ef e3 ed ba 2a a3 7c 5b db e0 1d |...."....*.|[...|
+00000040 b5 8d 7a ed e7 ad e1 31 b2 12 f5 17 03 03 00 40 |..z....1.......@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 8e f8 58 1c aa 7e f6 0d 83 4d 02 44 8c 05 08 ca |..X..~...M.D....|
-00000070 d9 bd aa d0 de b3 c3 dd 35 e3 52 e4 4c 6a 9c 54 |........5.R.Lj.T|
-00000080 5c a3 02 e1 65 b0 07 52 21 b9 58 5e 17 f8 32 66 |\...e..R!.X^..2f|
+00000060 a6 f3 0b 33 f7 7a 7c fb fb b5 e6 eb 6e 0a 26 aa |...3.z|.....n.&.|
+00000070 06 3b a6 bc 08 e5 3a b6 c9 a3 f3 77 28 93 45 08 |.;....:....w(.E.|
+00000080 1d 54 5e a3 92 cd 89 a3 e6 34 ec 52 70 c0 97 3c |.T^......4.Rp..<|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 27 d3 6c 76 d8 d3 78 0a 30 d8 9e |.....'.lv..x.0..|
-000000b0 88 2b f6 20 07 b4 52 0e 5d 3f 4c 0b 31 74 fb ae |.+. ..R.]?L.1t..|
-000000c0 88 ca ce 4c 89 |...L.|
+000000a0 00 00 00 00 00 2d 0d 96 57 b8 6f 90 1e 84 4d 35 |.....-..W.o...M5|
+000000b0 91 52 42 6b 8d a3 6b 21 22 60 1a c9 38 7f 5a ef |.RBk..k!"`..8.Z.|
+000000c0 6e dd 84 06 79 |n...y|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
index 81bce3c..3177653 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 2b 20 bb aa d1 |...........+ ...|
-00000010 96 b8 47 d0 22 43 50 24 e2 92 cc 5b 73 e8 15 6a |..G."CP$...[s..j|
-00000020 51 74 b6 13 08 d7 5e 6a 0a 21 59 00 00 04 00 2f |Qt....^j.!Y..../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 a8 4e d1 44 14 |............N.D.|
+00000010 46 11 b2 4f 03 b6 6f 89 cf fd dd 9b 6a dd 4d 1e |F..O..o.....j.M.|
+00000020 51 02 a2 10 d9 d3 a1 d8 54 a2 4a 00 00 04 00 2f |Q.......T.J..../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -51,10 +51,10 @@
00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.|
00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...|
00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=|
-00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 1d 0d |.`.\!.;.........|
-000002a0 00 00 19 02 01 40 00 12 04 01 04 03 08 07 05 01 |.....@..........|
-000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................|
-000002c0 04 0e 00 00 00 |.....|
+00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 23 0d |.`.\!.;.......#.|
+000002a0 00 00 1f 02 01 40 00 18 08 04 04 03 08 07 08 05 |.....@..........|
+000002b0 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 |................|
+000002c0 00 00 16 03 03 00 04 0e 00 00 00 |...........|
>>> Flow 3 (client to server)
00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0|
00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5|
@@ -89,40 +89,40 @@
000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.|
000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W|
00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..|
-00000210 03 03 00 86 10 00 00 82 00 80 ba b8 01 ea 83 88 |................|
-00000220 8c 6b fb f0 67 68 e2 15 97 6d 75 08 84 bf 7b 91 |.k..gh...mu...{.|
-00000230 98 30 5f 0e 76 95 37 a0 d9 58 f6 44 f3 b0 4d 15 |.0_.v.7..X.D..M.|
-00000240 d0 e2 d3 fd 3b 9d d9 72 5d 4c f1 c3 51 b7 ce 49 |....;..r]L..Q..I|
-00000250 76 8c 06 38 cf e0 e9 68 bc 59 0b c3 ca 22 63 4e |v..8...h.Y..."cN|
-00000260 3e 51 70 f8 4c c7 00 d1 0b a5 cc 18 75 1f d7 d4 |>Qp.L.......u...|
-00000270 ea 46 05 14 c2 fb b2 b0 be 61 80 9d 27 e1 5c 2d |.F.......a..'.\-|
-00000280 c7 fe 8d 83 6d 26 b9 42 2c 49 e7 ff 51 e9 8a 5f |....m&.B,I..Q.._|
-00000290 4d fe de a0 bb 88 4a 39 3f 9e 16 03 03 00 93 0f |M.....J9?.......|
-000002a0 00 00 8f 04 03 00 8b 30 81 88 02 42 01 32 72 99 |.......0...B.2r.|
-000002b0 d7 53 6b d0 6b c4 4c 4f 6e b2 31 1b 5c 7e 5e e1 |.Sk.k.LOn.1.\~^.|
-000002c0 91 5b ba 30 be 53 28 66 c9 fc 4b d7 46 61 c2 70 |.[.0.S(f..K.Fa.p|
-000002d0 a0 75 2e 93 f3 b1 06 5b b3 0f 4f ad 8f dd 32 5d |.u.....[..O...2]|
-000002e0 00 72 2d 79 92 e2 5c cf c8 68 02 0c 32 21 02 42 |.r-y..\..h..2!.B|
-000002f0 01 26 d1 55 c9 f5 79 a3 83 b8 a7 99 a2 e5 c7 32 |.&.U..y........2|
-00000300 53 5d 56 90 1e 0f 13 44 5e 7b 44 8e 1f 49 fc 11 |S]V....D^{D..I..|
-00000310 d3 ab b2 cc 63 69 2e 67 a3 54 07 3a 90 e7 b6 f4 |....ci.g.T.:....|
-00000320 3f ab 96 e9 24 c1 0f c9 f2 c5 fd 56 8a c6 68 33 |?...$......V..h3|
-00000330 cc 1b 14 03 03 00 01 01 16 03 03 00 40 53 43 c1 |............@SC.|
-00000340 68 90 3f c7 f7 14 be db 64 1c ff d6 40 99 02 c1 |h.?.....d...@...|
-00000350 5a 19 1d 4b 78 d4 b2 2b 2d 24 9d f3 4d e9 4c 10 |Z..Kx..+-$..M.L.|
-00000360 1e d8 10 79 43 85 7b ec 7a 0a 3b 11 d9 8a 3c 4f |...yC.{.z.;...<O|
-00000370 1f 45 20 f8 01 d3 02 84 8f 40 02 df ab |.E ......@...|
+00000210 03 03 00 86 10 00 00 82 00 80 94 7b c5 f9 b7 fa |...........{....|
+00000220 08 d2 59 d4 d5 ae 30 7f 9b d6 97 8e f8 ab 5c dc |..Y...0.......\.|
+00000230 b2 f2 f7 c2 f3 4a 2d c0 88 11 84 42 bf fe b9 ca |.....J-....B....|
+00000240 6f 6e b2 a4 c3 50 f1 bc 22 6e 12 bf 18 e2 12 1c |on...P.."n......|
+00000250 c2 53 f5 b4 03 f2 c8 a4 a6 29 da cd 3e 62 6d c0 |.S.......)..>bm.|
+00000260 34 58 5d 3b 1c 84 6e a6 d7 7c 63 67 0c 1a 7c a4 |4X];..n..|cg..|.|
+00000270 ea 66 ce 70 6c 6d fd c9 d5 b5 63 38 93 02 7c 3b |.f.plm....c8..|;|
+00000280 b2 0b 62 ff 32 2d 6a d0 59 27 e6 34 cc a6 25 aa |..b.2-j.Y'.4..%.|
+00000290 5b 77 4a f6 79 72 1f bf 30 f1 16 03 03 00 92 0f |[wJ.yr..0.......|
+000002a0 00 00 8e 04 03 00 8a 30 81 87 02 42 01 dc 84 5b |.......0...B...[|
+000002b0 f3 56 ac 18 07 45 f0 3d 2c 96 e8 ff 12 c0 59 0e |.V...E.=,.....Y.|
+000002c0 de ef 93 98 88 09 dd 82 14 65 20 72 a9 f2 bc 2d |.........e r...-|
+000002d0 7a d1 d7 f0 fe 99 f1 80 54 b8 30 b2 b9 01 3d a6 |z.......T.0...=.|
+000002e0 f2 c0 cd 8e 68 a2 e7 92 85 aa 13 8f 49 1c 02 41 |....h.......I..A|
+000002f0 2c 4c 7d f6 27 ea 31 e1 4d 68 b3 39 4a 2d 26 ae |,L}.'.1.Mh.9J-&.|
+00000300 42 4a 6c 4e cc fb bf b7 0b 1a bf df 57 0c fe b1 |BJlN........W...|
+00000310 fd fc bd a2 08 a2 fc 4f 91 89 ec e0 ea e3 b3 38 |.......O.......8|
+00000320 2f ba 17 8e 07 0a 4d cd a8 73 a4 e9 a3 02 ee 42 |/.....M..s.....B|
+00000330 07 14 03 03 00 01 01 16 03 03 00 40 75 26 df cd |...........@u&..|
+00000340 34 27 db 19 2f da d4 0d 0a ec b4 d5 03 1a a1 34 |4'../..........4|
+00000350 fa fd df a9 31 1e e0 78 87 f6 9b 31 4a 27 4d 4e |....1..x...1J'MN|
+00000360 54 d4 b0 a2 1a 72 52 02 89 47 93 a6 c4 57 d3 b8 |T....rR..G...W..|
+00000370 60 e5 1e db 60 ea fd 08 6f 13 fc 9d |`...`...o...|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 42 bc 5f a1 6d |...........B._.m|
-00000020 da de 00 73 b7 95 ff da ed 1b d3 0f a3 aa 62 4a |...s..........bJ|
-00000030 fb 93 82 35 a2 40 9e 23 20 01 d1 66 a7 f9 b6 c0 |...5.@.# ..f....|
-00000040 3b 8f 06 fa 27 54 12 c1 8b 7a d7 17 03 03 00 40 |;...'T...z.....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 b7 39 51 e9 91 |............9Q..|
+00000020 8a f0 d0 a9 6d fb 0e 30 bd 74 44 94 48 b0 6e a7 |....m..0.tD.H.n.|
+00000030 ab a8 8c ce 87 da 93 73 e1 da cc 53 e8 32 03 fe |.......s...S.2..|
+00000040 57 66 cf e1 ed ef e6 6f 80 32 eb 17 03 03 00 40 |Wf.....o.2.....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 15 e6 69 f0 0d a9 68 5f ed a3 b8 52 88 7e 16 81 |..i...h_...R.~..|
-00000070 83 02 01 e0 b4 5a d1 5e 96 81 e3 93 8e cf 67 4a |.....Z.^......gJ|
-00000080 ca 22 57 cb e9 f1 0f ff 3c 8f 89 66 c2 34 6a a5 |."W.....<..f.4j.|
+00000060 37 8f 8a d3 8e 0a f5 24 28 95 5e 19 e1 40 b8 2a |7......$(.^..@.*|
+00000070 eb 4f 2a ec 6d 4d 7f f3 fb 63 52 46 52 57 c1 4a |.O*.mM...cRFRW.J|
+00000080 ec cc a0 6b 2e 49 41 51 38 25 e3 af 82 53 2a 15 |...k.IAQ8%...S*.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 b4 70 ac 30 67 7c b0 b6 64 f2 42 |......p.0g|..d.B|
-000000b0 dc 48 ee 49 a4 8a 65 e9 d6 2b fa 23 0f ce f3 fe |.H.I..e..+.#....|
-000000c0 ef da 41 2d fb |..A-.|
+000000a0 00 00 00 00 00 83 24 3c 9d 31 f3 41 a5 35 8c 01 |......$<.1.A.5..|
+000000b0 70 f4 b7 6e 2b 9e 1a 48 cf ce a4 68 2a 2c 53 18 |p..n+..H...h*,S.|
+000000c0 1e 26 24 50 92 |.&$P.|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
index 3b8637a..d535cb4 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndEd25519Given
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 cb 01 00 00 c7 03 03 2d 7b 98 67 fd |...........-{.g.|
-00000010 15 73 16 b6 88 26 58 78 6a 0c 62 31 15 af d2 61 |.s...&Xxj.b1...a|
-00000020 db da 39 ad ea 4c c5 8e 8b 6e db 00 00 38 c0 2c |..9..L...n...8.,|
+00000000 16 03 01 00 cb 01 00 00 c7 03 03 6e 46 fb 23 fe |...........nF.#.|
+00000010 6d b0 f4 4f bf fb c6 93 f8 29 f8 93 0e 13 51 9e |m..O.....)....Q.|
+00000020 d7 cc e8 bb d1 c1 69 06 66 4f 45 00 00 38 c0 2c |......i.fOE..8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
@@ -57,18 +57,18 @@
00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........|
000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.|
000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
-000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 a1 1b 61 99 05 |.._X.;t......a..|
-000002d0 2b f6 6c a9 5c 27 84 f1 c9 5c 01 a7 e8 d0 ae cd |+.l.\'...\......|
-000002e0 53 dc 9e 84 59 56 23 58 c0 ff fa d0 e8 24 76 2e |S...YV#X.....$v.|
-000002f0 d4 53 a8 f5 b0 72 6b 84 3c 6c 27 7d 82 28 cc b6 |.S...rk.<l'}.(..|
-00000300 1b 60 86 e0 18 92 f1 10 1c 35 95 80 80 ba a4 b0 |.`.......5......|
-00000310 11 26 88 12 ab ca e2 c8 9c 23 de e8 c4 ed e3 7e |.&.......#.....~|
-00000320 63 47 fd 9b ba b4 6d 54 3e 6e dc bc fe 6d 57 4d |cG....mT>n...mWM|
-00000330 a9 59 c4 d5 be 83 f7 31 12 57 05 0f 9b ea 12 38 |.Y.....1.W.....8|
-00000340 df 89 44 bd d1 62 06 69 f0 17 88 16 03 03 00 1d |..D..b.i........|
-00000350 0d 00 00 19 02 01 40 00 12 04 01 04 03 08 07 05 |......@.........|
-00000360 01 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 |................|
-00000370 00 04 0e 00 00 00 |......|
+000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 17 9f 15 d6 26 |.._X.;t........&|
+000002d0 36 78 d9 7f e6 48 27 56 a5 96 22 9f 9c f6 92 a0 |6x...H'V..".....|
+000002e0 dc 7d eb 66 6e b8 94 34 74 ac 96 50 63 f1 cd 92 |.}.fn..4t..Pc...|
+000002f0 bc 31 d2 f5 30 70 b2 d6 f3 09 0c 87 6a 8b f5 46 |.1..0p......j..F|
+00000300 0d 9a 87 4c de 94 80 49 43 26 28 e9 67 fa a8 1f |...L...IC&(.g...|
+00000310 dd 36 5c b1 49 05 37 ac 2d db b8 22 bf ed 64 dc |.6\.I.7.-.."..d.|
+00000320 50 53 12 3e e6 5a 78 fc b2 c5 6f 4c a9 86 40 da |PS.>.Zx...oL..@.|
+00000330 0a 9b 71 62 6d 12 c9 b7 9a 8b ca bd a5 77 37 0c |..qbm........w7.|
+00000340 1c f1 66 2c 63 2d 7b c6 6b f1 48 16 03 03 00 23 |..f,c-{.k.H....#|
+00000350 0d 00 00 1f 02 01 40 00 18 08 04 04 03 08 07 08 |......@.........|
+00000360 05 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 |................|
+00000370 03 00 00 16 03 03 00 04 0e 00 00 00 |............|
>>> Flow 3 (client to server)
00000000 16 03 03 01 3c 0b 00 01 38 00 01 35 00 01 32 30 |....<...8..5..20|
00000010 82 01 2e 30 81 e1 a0 03 02 01 02 02 10 17 d1 81 |...0............|
@@ -90,23 +90,23 @@
00000110 8a 4e 34 40 39 d6 b3 10 dc 19 fe a0 22 71 b3 f5 |.N4@9......."q..|
00000120 8f a1 58 0d cd f4 f1 85 24 bf e6 3d 14 df df ed |..X.....$..=....|
00000130 0e e1 17 d8 11 a2 60 d0 8a 37 23 2a c2 46 aa 3a |......`..7#*.F.:|
-00000140 08 16 03 03 00 25 10 00 00 21 20 30 f2 c3 99 77 |.....%...! 0...w|
-00000150 04 d5 ad 0b fb d2 b5 5c 6c b0 e3 0b b5 e5 04 0b |.......\l.......|
-00000160 b5 65 19 8e 85 80 03 d2 c0 72 78 16 03 03 00 48 |.e.......rx....H|
-00000170 0f 00 00 44 08 07 00 40 a3 f1 99 a1 4c 28 9e a6 |...D...@....L(..|
-00000180 33 9d e9 8e be 1d 12 c2 fa 47 9e bf 5f d7 33 40 |3........G.._.3@|
-00000190 49 70 88 15 90 9b d0 0f d5 09 19 7f 72 54 9b d3 |Ip..........rT..|
-000001a0 22 10 26 57 c0 9a a2 ff 5a a1 4e e4 f2 77 41 8d |".&W....Z.N..wA.|
-000001b0 22 72 19 73 52 95 33 07 14 03 03 00 01 01 16 03 |"r.sR.3.........|
-000001c0 03 00 28 29 27 c1 4a 89 61 eb d4 d0 4d 46 92 39 |..()'.J.a...MF.9|
-000001d0 a3 88 00 86 c1 43 84 1b a4 8e 36 34 95 6a d7 f3 |.....C....64.j..|
-000001e0 dc db 4f c3 40 d5 e1 c5 b6 6d e3 |..O.@....m.|
+00000140 08 16 03 03 00 25 10 00 00 21 20 87 e9 7b d5 6c |.....%...! ..{.l|
+00000150 ed 43 f2 56 e4 00 5c 30 8b ec 63 cb ef da 90 aa |.C.V..\0..c.....|
+00000160 e2 eb 0e ad 23 db 90 c5 02 47 7c 16 03 03 00 48 |....#....G|....H|
+00000170 0f 00 00 44 08 07 00 40 71 03 0f a9 ed a8 cf 3c |...D...@q......<|
+00000180 73 e6 ae 21 92 93 68 10 bc e0 fd 07 d8 58 30 7c |s..!..h......X0||
+00000190 8d f2 1d ee e6 20 4c a4 6a 4b b8 66 6c 51 b5 1a |..... L.jK.flQ..|
+000001a0 06 f1 5d 13 83 43 60 6f b1 f7 56 97 b2 ef c6 b8 |..]..C`o..V.....|
+000001b0 97 0b 9a fe 46 3e 9a 00 14 03 03 00 01 01 16 03 |....F>..........|
+000001c0 03 00 28 de 17 73 c1 91 60 06 3d 0c 9c d0 5a c9 |..(..s..`.=...Z.|
+000001d0 f2 2b f4 80 8b e8 01 dc 84 ff a1 16 08 1e af 76 |.+.............v|
+000001e0 f2 fc 34 52 3f 87 60 9e 06 ff c2 |..4R?.`....|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 4e 43 e3 b5 1b 15 20 a6 d2 c2 f8 c0 c5 |...NC.... ......|
-00000020 57 d3 e2 e8 aa 54 76 34 eb 34 86 a1 35 e3 ef f7 |W....Tv4.4..5...|
-00000030 3d d6 2a 17 03 03 00 25 00 00 00 00 00 00 00 01 |=.*....%........|
-00000040 da 34 41 ff cb 93 b8 f2 1f 0c fa 18 58 46 50 d5 |.4A.........XFP.|
-00000050 d3 c8 23 01 11 c1 8c 05 cc cb 03 98 6a 15 03 03 |..#.........j...|
-00000060 00 1a 00 00 00 00 00 00 00 02 13 73 b1 7f 98 3b |...........s...;|
-00000070 06 e6 02 70 65 71 08 3d 6a 9a bf 4d |...peq.=j..M|
+00000010 00 00 00 db 9b a0 e5 96 0d ca 2b ce 8a 3c 9e bc |..........+..<..|
+00000020 43 1a ad 0d fb a1 7e 0d 39 7d 3f b4 79 bd ee 7a |C.....~.9}?.y..z|
+00000030 e4 a1 6e 17 03 03 00 25 00 00 00 00 00 00 00 01 |..n....%........|
+00000040 05 bd 7f 40 dd 89 b2 fd 3c ef a6 72 a0 dd 9f be |...@....<..r....|
+00000050 ee 27 ca a6 e0 f1 c8 3c 69 3c 35 02 48 15 03 03 |.'.....<i<5.H...|
+00000060 00 1a 00 00 00 00 00 00 00 02 42 e8 f0 d5 87 4f |..........B....O|
+00000070 d7 a4 90 bc ba b9 b6 be 73 fd 03 92 |........s...|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
index 881221c..e0e8f7c 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndGiven
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 60 01 c9 bf 97 |...........`....|
-00000010 f2 9f 16 23 1c 65 1a 18 d8 0c e6 e1 35 c0 cc 20 |...#.e......5.. |
-00000020 3c 3b ac f1 e6 61 29 e3 42 fd ec 00 00 04 00 2f |<;...a).B....../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 b1 ad 52 31 a1 |.............R1.|
+00000010 0a ff 18 7f 32 d2 83 f2 e2 9d 54 03 6f fc 58 66 |....2.....T.o.Xf|
+00000020 29 e8 3e bc c3 4d d9 75 6e 06 53 00 00 04 00 2f |).>..M.un.S..../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -51,37 +51,77 @@
00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.|
00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...|
00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=|
-00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 1d 0d |.`.\!.;.........|
-000002a0 00 00 19 02 01 40 00 12 04 01 04 03 08 07 05 01 |.....@..........|
-000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................|
-000002c0 04 0e 00 00 00 |.....|
+00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 23 0d |.`.\!.;.......#.|
+000002a0 00 00 1f 02 01 40 00 18 08 04 04 03 08 07 08 05 |.....@..........|
+000002b0 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 |................|
+000002c0 00 00 16 03 03 00 04 0e 00 00 00 |...........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................|
-00000010 86 10 00 00 82 00 80 7a f5 39 0c 3d e7 5f 7e 15 |.......z.9.=._~.|
-00000020 13 c3 0f 36 02 d2 28 e0 49 8b da 1a 7f 4b 30 2b |...6..(.I....K0+|
-00000030 01 f4 a9 73 68 98 5f 49 f1 18 fb de 2f 5c 65 d3 |...sh._I..../\e.|
-00000040 c8 3d 48 1e 0b 9b 71 7a 01 e2 b9 86 0a df 8f 72 |.=H...qz.......r|
-00000050 a1 55 c0 ac fd 08 8d 13 0b 0f ba cc 86 7f da d2 |.U..............|
-00000060 17 80 17 c9 9f bf ea 26 32 65 76 bf f6 6d 08 0d |.......&2ev..m..|
-00000070 67 aa 5f ce 2d ab 54 3c d0 b1 08 37 99 e1 28 7f |g._.-.T<...7..(.|
-00000080 ea ba 33 ea 40 e3 79 79 75 9b 9a d0 ee 81 fd 49 |..3.@.yyu......I|
-00000090 fe 0a 19 33 87 3d 1c 14 03 03 00 01 01 16 03 03 |...3.=..........|
-000000a0 00 40 b4 d8 e4 b3 dc 2f 66 04 ea 58 90 e7 db bb |.@...../f..X....|
-000000b0 e4 ac 38 5f bd 9d e7 26 cb 4d fd f4 49 c5 d9 83 |..8_...&.M..I...|
-000000c0 2f b0 c7 37 39 e8 99 a1 77 7e 84 ec a2 38 f2 c7 |/..79...w~...8..|
-000000d0 eb 6e 0a 0d b0 fe 8e 14 e1 7f 06 a9 d3 cc bb de |.n..............|
-000000e0 20 31 | 1|
+00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
+00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
+00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.|
+00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1|
+00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C|
+00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523|
+00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231|
+00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac|
+00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.|
+00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....|
+000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x|
+000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.|
+000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4|
+000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..|
+000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#|
+000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....|
+00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......|
+00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..|
+00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U|
+00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U|
+00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......|
+00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.|
+00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0|
+00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........|
+00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..|
+00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]|
+000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A|
+000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...|
+000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...|
+000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
+000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
+000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
+00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 48 d4 42 |.5...........H.B|
+00000210 f3 7f 89 ce 32 5a 89 32 c4 4e 6a 66 f7 0d 3d 63 |....2Z.2.Njf..=c|
+00000220 e9 69 74 b5 f4 5e cb 99 74 6c c5 85 39 a3 24 ab |.it..^..tl..9.$.|
+00000230 a0 0c 16 1b 9b 0f b5 57 8f 97 30 de ae 44 fd da |.......W..0..D..|
+00000240 9f 0d 09 47 d7 a1 f7 aa 88 1d a5 e2 6d de 5b 92 |...G........m.[.|
+00000250 25 8e 84 7e fd 21 fe 00 c2 c7 d8 4c df 0c 40 07 |%..~.!.....L..@.|
+00000260 7a e6 61 45 37 6d 36 fd e8 44 8e 9c c7 04 31 46 |z.aE7m6..D....1F|
+00000270 6b 24 51 37 e0 09 84 ba 56 39 5e df 99 9f 6e 8a |k$Q7....V9^...n.|
+00000280 35 b2 27 a1 29 83 fb f7 c9 06 88 c5 6a 16 03 03 |5.'.).......j...|
+00000290 00 88 0f 00 00 84 08 04 00 80 01 b3 d6 d0 58 c4 |..............X.|
+000002a0 bc 36 b2 c5 6e a2 90 77 52 33 19 a1 9c 2f a4 ed |.6..n..wR3.../..|
+000002b0 76 b7 7b 67 ce 36 e2 37 b3 23 68 78 c0 2f 80 d4 |v.{g.6.7.#hx./..|
+000002c0 58 0e fc 11 dc 85 b6 9c 25 7f 02 48 b9 a3 24 8c |X.......%..H..$.|
+000002d0 26 94 8c 6d 8d 87 6c 9b 20 97 b2 49 ea b6 4c 16 |&..m..l. ..I..L.|
+000002e0 03 96 0a 93 e7 15 e4 cb 5a 43 5c 11 77 0e a9 cb |........ZC\.w...|
+000002f0 5e c6 4a d3 84 9a 27 e7 81 84 56 ad fa 4b b3 fe |^.J...'...V..K..|
+00000300 03 d9 91 1a cf 6e 5b 5e f9 b0 fb 59 27 29 e2 09 |.....n[^...Y')..|
+00000310 db 63 69 05 28 7c 95 45 7b da 14 03 03 00 01 01 |.ci.(|.E{.......|
+00000320 16 03 03 00 40 20 4f 52 fa e4 4b 92 8e 3f 52 18 |....@ OR..K..?R.|
+00000330 42 ba 07 93 fe 1d 11 ee d9 2f 37 55 88 cd 03 18 |B......../7U....|
+00000340 e7 44 95 b4 c2 69 91 38 f1 39 ba 14 f6 59 98 22 |.D...i.8.9...Y."|
+00000350 64 a1 a0 a3 b9 2e ec cb 14 dc 85 60 b4 95 3a 5a |d..........`..:Z|
+00000360 77 a7 65 eb 02 |w.e..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 ad e1 97 3e d5 |..............>.|
-00000020 e5 87 5b ca 11 6c 5a be fc ca f8 2d 45 fc ab 5c |..[..lZ....-E..\|
-00000030 52 c1 80 3f 42 5a 9a 11 d4 fb 44 85 fa af 91 39 |R..?BZ....D....9|
-00000040 d3 5b 50 54 6e 72 02 3b 45 86 b2 17 03 03 00 40 |.[PTnr.;E......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 56 f9 31 18 46 |...........V.1.F|
+00000020 ce f2 b8 78 c8 34 ec b4 33 d4 ee 42 9f cc a1 40 |...x.4..3..B...@|
+00000030 45 fc 81 bd 33 86 93 6e 0d 59 01 15 2e 71 ae 8d |E...3..n.Y...q..|
+00000040 18 1a 10 6d 86 d5 17 7d 80 3f a3 17 03 03 00 40 |...m...}.?.....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 f8 f9 53 33 a1 09 cc 3e 1d ea 42 71 94 59 20 5b |..S3...>..Bq.Y [|
-00000070 49 fa 74 5d 1f 3d e1 73 ec c7 d6 00 bb 9d b1 6e |I.t].=.s.......n|
-00000080 05 15 c3 5d 46 9e 46 8c ff 27 1a 75 73 bc 63 a4 |...]F.F..'.us.c.|
+00000060 c1 b4 84 5e 61 48 33 a2 91 ae 7c d9 ee 9a fc 78 |...^aH3...|....x|
+00000070 57 c9 7d 1f fa c8 16 dc 6b c1 ec ff 1b 3f 4d d2 |W.}.....k....?M.|
+00000080 69 57 aa e2 95 13 c5 92 81 14 63 bd ba 29 b9 3f |iW........c..).?|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 84 1a 2c 3f 4b 18 83 d8 fa 38 15 |.......,?K....8.|
-000000b0 d8 6c 53 2b 28 8b 47 1c 9b 98 61 ef fa 03 61 9d |.lS+(.G...a...a.|
-000000c0 50 e9 af 27 43 |P..'C|
+000000a0 00 00 00 00 00 b8 22 70 50 65 d6 ae 00 6b f7 e1 |......"pPe...k..|
+000000b0 76 1d 03 d7 f7 80 56 74 73 af f2 6c 70 6f cb 4a |v.....Vts..lpo.J|
+000000c0 b3 2a 18 1b b5 |.*...|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
index f6852c2..b38cb41 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedAndPKCS1v15Given
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 16 32 0d 12 93 |............2...|
-00000010 63 17 b6 8a 51 a1 c6 66 ea 29 8e 08 80 ce 69 9b |c...Q..f.)....i.|
-00000020 51 67 12 97 69 ce 40 a6 39 6d df 00 00 04 00 2f |Qg..i.@.9m...../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 a1 ef 12 cf c0 |................|
+00000010 c2 32 71 56 71 e0 e9 24 ae 63 20 58 0f c0 39 b3 |.2qVq..$.c X..9.|
+00000020 74 89 9d 9c 00 96 e5 78 9c 0a 84 00 00 04 00 2f |t......x......./|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -51,10 +51,10 @@
00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.|
00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...|
00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=|
-00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 1d 0d |.`.\!.;.........|
-000002a0 00 00 19 02 01 40 00 12 04 01 04 03 08 07 05 01 |.....@..........|
-000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................|
-000002c0 04 0e 00 00 00 |.....|
+00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 23 0d |.`.\!.;.......#.|
+000002a0 00 00 1f 02 01 40 00 18 08 04 04 03 08 07 08 05 |.....@..........|
+000002b0 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 |................|
+000002c0 00 00 16 03 03 00 04 0e 00 00 00 |...........|
>>> Flow 3 (client to server)
00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0|
00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.|
@@ -88,40 +88,40 @@
000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......|
000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{|
000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....|
-00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 71 e7 9c |.5...........q..|
-00000210 f8 d5 e4 9a 06 c1 03 5f 9b c0 4a 5b e0 1a 3e a7 |......._..J[..>.|
-00000220 d7 fc 18 a7 39 d1 9b ec dc bf 20 06 ff fb 21 e2 |....9..... ...!.|
-00000230 0a 3f 0c 6e 17 e3 02 ed 8d 8f 40 8c 02 c5 c2 81 |.?.n......@.....|
-00000240 85 3f 08 35 38 5b 21 53 67 58 5a 3b 00 5b 37 e7 |.?.58[!SgXZ;.[7.|
-00000250 36 3f d0 7f de 0a 2e b7 be ff 58 9b 26 0b ad e0 |6?........X.&...|
-00000260 54 b1 e9 23 19 9b dd d6 2f 19 c7 17 77 90 28 39 |T..#..../...w.(9|
-00000270 17 c9 57 cc 29 d9 5f 6c 8c 21 e1 5d e7 f8 fd 57 |..W.)._l.!.]...W|
-00000280 30 54 2c 08 3a c1 fe 4e 55 cc f4 b5 c1 16 03 03 |0T,.:..NU.......|
-00000290 00 88 0f 00 00 84 04 01 00 80 84 4c b0 c7 7b f8 |...........L..{.|
-000002a0 12 94 e2 5f 55 23 d1 27 3d af 5c e8 09 03 9a 96 |..._U#.'=.\.....|
-000002b0 3c b1 d8 53 c5 9a e3 12 ab 42 95 99 ea 97 e4 45 |<..S.....B.....E|
-000002c0 41 81 da 28 33 40 d8 7e a2 13 f0 d9 db 29 22 f2 |A..(3@.~.....)".|
-000002d0 3b 71 2f 1e 5a 35 2b 20 7b 0e d1 9a d3 60 c9 08 |;q/.Z5+ {....`..|
-000002e0 ee f2 4b e5 79 1e d8 ba 88 14 c7 79 9d 84 2b 1a |..K.y......y..+.|
-000002f0 95 71 86 da bb b6 21 44 19 e9 76 c2 c4 c9 5e 87 |.q....!D..v...^.|
-00000300 47 68 3f 13 58 bb 86 7a 06 de c3 b9 f1 e4 ad 20 |Gh?.X..z....... |
-00000310 2b df 03 af e7 ac 5a e3 a6 e0 14 03 03 00 01 01 |+.....Z.........|
-00000320 16 03 03 00 40 fb 46 ec db 2d f6 24 26 f2 c2 d8 |....@.F..-.$&...|
-00000330 db 2e f7 3a 52 5f eb 24 cf f6 1f 2e 85 dc 1b 36 |...:R_.$.......6|
-00000340 73 e9 57 39 32 9b c6 c3 01 46 54 5d d2 d1 16 70 |s.W92....FT]...p|
-00000350 99 5d 5a 5f 59 cf 94 3a b6 3c c0 2c 9f b5 78 a5 |.]Z_Y..:.<.,..x.|
-00000360 94 34 0a 8c 7b |.4..{|
+00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 64 8b 67 |.5...........d.g|
+00000210 fe b0 0e a0 a6 2b 95 2b 35 24 91 d0 29 6e 0a 3b |.....+.+5$..)n.;|
+00000220 bc 32 5f 28 30 a9 6e f3 b8 4a 1d 7c 11 7c c5 03 |.2_(0.n..J.|.|..|
+00000230 70 51 99 8f f5 2e 91 78 b9 65 23 3c 3a 7f a7 63 |pQ.....x.e#<:..c|
+00000240 1f ad 30 3c 91 b1 d8 79 76 b4 94 a7 76 26 20 c7 |..0<...yv...v& .|
+00000250 f1 93 17 13 8a 25 6e 9e 84 9e e5 21 b8 87 46 8d |.....%n....!..F.|
+00000260 46 37 7f ef 25 e2 8f 6e 52 58 cc a9 5c 40 ee 5e |F7..%..nRX..\@.^|
+00000270 f8 25 04 e9 e1 1e 33 31 ea 9e bd 79 e8 d8 f8 0b |.%....31...y....|
+00000280 a5 5d 63 79 1f 83 bc df 14 c9 92 a6 82 16 03 03 |.]cy............|
+00000290 00 88 0f 00 00 84 04 01 00 80 06 8a 73 2b 2d 45 |............s+-E|
+000002a0 09 3c cf 66 d9 ef d0 44 d0 89 07 03 67 56 b5 c9 |.<.f...D....gV..|
+000002b0 de 89 49 32 6e 44 b0 01 db 10 8b 1a 68 5c 2e 0b |..I2nD......h\..|
+000002c0 38 e7 75 60 0b 68 96 2e 3b ba bd a8 ce 1e ee 3d |8.u`.h..;......=|
+000002d0 e6 a4 c4 3a 5c d0 14 3b 64 52 56 ef 5b 74 45 3c |...:\..;dRV.[tE<|
+000002e0 2b eb f6 0b 6c 15 37 5c c3 d3 6d 4c 32 ea 3d 40 |+...l.7\..mL2.=@|
+000002f0 7b 60 35 16 44 a4 3c 4a 2e 85 d9 a2 a5 a6 79 11 |{`5.D.<J......y.|
+00000300 f1 78 9a 95 40 c8 df 0b df 90 52 1e 64 f2 18 90 |.x..@.....R.d...|
+00000310 b0 b4 d5 65 4b 20 7d 78 8b 30 14 03 03 00 01 01 |...eK }x.0......|
+00000320 16 03 03 00 40 12 47 b2 df 72 33 bc 87 3a dc 45 |....@.G..r3..:.E|
+00000330 38 27 6d d1 05 82 34 99 82 ca 5b 4d 27 d1 c6 d9 |8'm...4...[M'...|
+00000340 7c e5 a1 ff fa aa d2 e4 2d 1a b9 b7 c4 b4 86 a6 ||.......-.......|
+00000350 04 5e 6f 09 b0 98 c8 79 95 96 44 aa 1f a3 f3 c5 |.^o....y..D.....|
+00000360 c5 78 2f 7f 68 |.x/.h|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 60 65 ec 59 67 |...........`e.Yg|
-00000020 82 8c d4 8d ff 27 8a 4a 89 8a c9 c1 e2 8f 7c 64 |.....'.J......|d|
-00000030 ef e1 e7 aa b4 f4 87 d5 cd 6a 85 d6 e4 be 88 9c |.........j......|
-00000040 d8 76 5e bb fa 49 9c bd 3c 0d ca 17 03 03 00 40 |.v^..I..<......@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 1a 60 c5 8b a5 |............`...|
+00000020 6d be c2 a0 c7 23 e6 f8 e8 fb e7 31 7c 7f 37 67 |m....#.....1|.7g|
+00000030 7c 1e 39 2b ea cd 26 47 5c 7f 19 ad 78 be 11 3d ||.9+..&G\...x..=|
+00000040 98 f5 c8 97 22 1d 23 45 55 2b 25 17 03 03 00 40 |....".#EU+%....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 98 e2 1e e0 5b 93 32 35 d5 64 40 d9 69 c0 d6 7b |....[.25.d@.i..{|
-00000070 69 15 cb 7c b4 13 a9 ba 4b f5 94 b7 dc cf be d1 |i..|....K.......|
-00000080 99 eb 32 4e 63 11 47 b1 4f 21 2e 5d b8 d5 f9 ce |..2Nc.G.O!.]....|
+00000060 e0 a5 72 92 b6 6c ee e8 2d 7f cf d9 df 2d 4f 70 |..r..l..-....-Op|
+00000070 18 8a c3 9c 10 89 0f 11 df 83 d7 4c 35 ea 4e 19 |...........L5.N.|
+00000080 7f ab 8b f0 0e de 32 6e 86 d1 e9 78 90 f6 3b e7 |......2n...x..;.|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 e4 59 53 2f 50 df 1a ca b1 e6 20 |......YS/P..... |
-000000b0 95 af be 3a 3d 07 ee 88 ad a2 a7 f1 3f e8 3c 79 |...:=.......?.<y|
-000000c0 3d 51 8d d0 ae |=Q...|
+000000a0 00 00 00 00 00 db 5e ed de c0 26 10 13 a8 18 46 |......^...&....F|
+000000b0 70 3e a4 bd b7 df a1 bd 86 06 c6 97 ae cb ca f6 |p>..............|
+000000c0 8d 0f 85 82 f7 |.....|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
index e7c9512..6f7c288 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
+++ b/src/crypto/tls/testdata/Server-TLSv12-ClientAuthRequestedNotGiven
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 18 45 b4 d2 2b |............E..+|
-00000010 f8 ee 76 2b 34 90 f5 b9 f7 c3 47 0d 17 f0 6c 79 |..v+4.....G...ly|
-00000020 5b 5f 67 be 19 2f 95 cb 65 7a 99 00 00 04 00 2f |[_g../..ez...../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 07 72 d5 84 85 |............r...|
+00000010 48 68 f6 83 2f 1d 22 96 61 9d 27 60 b9 70 d2 5f |Hh../.".a.'`.p._|
+00000020 5e 9e 41 cb 82 9b 61 c6 ae af a7 00 00 04 00 2f |^.A...a......../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -51,37 +51,37 @@
00000260 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d |.\.....l..s..Cw.|
00000270 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db |......@.a.Lr+...|
00000280 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d |F..M...>...B...=|
-00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 1d 0d |.`.\!.;.........|
-000002a0 00 00 19 02 01 40 00 12 04 01 04 03 08 07 05 01 |.....@..........|
-000002b0 06 01 05 03 06 03 02 01 02 03 00 00 16 03 03 00 |................|
-000002c0 04 0e 00 00 00 |.....|
+00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 23 0d |.`.\!.;.......#.|
+000002a0 00 00 1f 02 01 40 00 18 08 04 04 03 08 07 08 05 |.....@..........|
+000002b0 08 06 04 01 05 01 06 01 05 03 06 03 02 01 02 03 |................|
+000002c0 00 00 16 03 03 00 04 0e 00 00 00 |...........|
>>> Flow 3 (client to server)
00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................|
-00000010 86 10 00 00 82 00 80 5d b8 79 0c ad 12 47 d1 5b |.......].y...G.[|
-00000020 eb 95 c4 46 82 4d 47 43 33 8c 93 85 c6 30 49 8d |...F.MGC3....0I.|
-00000030 8e 7f 9a a1 e9 51 7e 9b 2d e9 cf aa f2 83 8e 88 |.....Q~.-.......|
-00000040 70 f2 31 0a 97 bf 63 95 01 c5 80 59 4d 91 64 5c |p.1...c....YM.d\|
-00000050 72 bb e8 85 8c 1c 71 44 8e f8 d8 85 4d 8b 35 94 |r.....qD....M.5.|
-00000060 56 25 12 e1 de cc 13 0b 78 11 91 6e f4 dc 32 6c |V%......x..n..2l|
-00000070 ca a2 38 7d f3 b9 1d 6c 8e c3 fb 8e ec 6f 6a 85 |..8}...l.....oj.|
-00000080 fa d5 64 53 3a 61 38 65 4c 1a 59 84 ff e6 49 34 |..dS:a8eL.Y...I4|
-00000090 11 19 36 c6 b5 20 46 14 03 03 00 01 01 16 03 03 |..6.. F.........|
-000000a0 00 40 a0 23 99 9a 9b dc 39 a3 fe ca 5a c4 2b 08 |.@.#....9...Z.+.|
-000000b0 26 74 ef 22 eb b2 d1 c2 27 3a 8e db fb 24 94 b2 |&t."....':...$..|
-000000c0 43 29 f8 2c c0 27 42 31 9c d6 43 78 6d 41 25 b6 |C).,.'B1..CxmA%.|
-000000d0 d1 93 cd a1 f5 38 04 46 04 db a2 cf 8e aa 01 0b |.....8.F........|
-000000e0 bc d7 |..|
+00000010 86 10 00 00 82 00 80 60 6d 7c a2 1e 90 d3 14 55 |.......`m|.....U|
+00000020 2b 65 e6 14 10 59 51 ba f0 55 89 1d f6 d2 6e 85 |+e...YQ..U....n.|
+00000030 58 16 fc 45 a2 88 ae 24 b6 77 c0 f4 9e 6f de 76 |X..E...$.w...o.v|
+00000040 d4 9c 06 a3 6c 4f 54 da e5 41 e4 f8 fd 2d ca c6 |....lOT..A...-..|
+00000050 c4 7f 5a d4 c5 7b 3e 04 30 3e 64 b1 f5 c2 24 8f |..Z..{>.0>d...$.|
+00000060 49 98 2c f7 29 89 06 7e 5e 8f 9e 8e 6c fc 4c 08 |I.,.)..~^...l.L.|
+00000070 3e 05 f9 90 86 d9 38 b8 04 ff 7e a1 c2 a5 38 66 |>.....8...~...8f|
+00000080 41 63 7a 8e d2 7b 27 22 0e a1 0c 17 1e d7 9f 29 |Acz..{'".......)|
+00000090 5c fa fe 2d 11 b3 4a 14 03 03 00 01 01 16 03 03 |\..-..J.........|
+000000a0 00 40 e3 e5 62 d6 c9 93 bd 91 a4 60 2e 2d 9d 0b |.@..b......`.-..|
+000000b0 ce 75 2a e9 19 ed 36 03 ff 97 ee b7 b9 61 04 1b |.u*...6......a..|
+000000c0 a9 a3 4c 8a a0 c9 40 c4 92 55 bb ed 17 1f 38 c4 |..L...@..U....8.|
+000000d0 45 46 1f d6 53 b7 3b 6b 09 b6 d7 f1 a4 0e 25 21 |EF..S.;k......%!|
+000000e0 10 21 |.!|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....|
-00000010 00 00 00 00 00 00 00 00 00 00 00 3b 76 44 7e ec |...........;vD~.|
-00000020 36 85 ec 6e 67 23 c9 c6 3b 19 b6 cc 7a ac ed 93 |6..ng#..;...z...|
-00000030 b5 b7 68 55 36 30 00 1f c2 61 78 22 8a 5f 12 9b |..hU60...ax"._..|
-00000040 2b 50 b1 d8 32 61 18 7e 33 d9 3e 17 03 03 00 40 |+P..2a.~3.>....@|
+00000010 00 00 00 00 00 00 00 00 00 00 00 17 ce 12 8e 1a |................|
+00000020 1f c2 d2 9c c9 28 c0 89 cb fa 8c 48 28 a2 d2 93 |.....(.....H(...|
+00000030 a6 aa 43 35 5f 29 ab e2 c6 f9 70 f6 8f d9 da af |..C5_)....p.....|
+00000040 da 2a 02 24 9c 74 57 3d a2 0f 6d 17 03 03 00 40 |.*.$.tW=..m....@|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000060 eb 05 00 ae b3 e5 14 3e d7 74 f1 4e e2 b1 3f de |.......>.t.N..?.|
-00000070 b7 4f 33 3b 1b 2e 9b 0c ad dd 53 1e ee a8 15 9a |.O3;......S.....|
-00000080 aa 96 5b 60 3f f0 17 b2 b1 80 b4 d7 a1 39 59 21 |..[`?........9Y!|
+00000060 58 99 9f 9b 65 fd 53 7e 4a 82 47 99 d7 16 b7 4f |X...e.S~J.G....O|
+00000070 84 7d 49 c0 af 42 84 54 e1 31 dc 01 00 de 8c 08 |.}I..B.T.1......|
+00000080 a3 ee 9b 32 b4 f0 30 d1 ae 8e f5 5d 11 ad eb fb |...2..0....]....|
00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........|
-000000a0 00 00 00 00 00 68 61 4c 17 55 dd ec fc 81 e7 42 |.....haL.U.....B|
-000000b0 38 d6 29 11 d7 42 f4 14 b6 2c c6 b1 bb 90 36 77 |8.)..B...,....6w|
-000000c0 d7 30 f0 b7 e6 |.0...|
+000000a0 00 00 00 00 00 94 b8 23 55 00 7e 3a ba 67 86 03 |.......#U.~:.g..|
+000000b0 e6 19 11 4a 7d 58 69 6f 79 bb be 6d ba a7 9f a2 |...J}Xioy..m....|
+000000c0 1a 30 b7 83 2e |.0...|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
index 14356d9..ecf765b 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
+++ b/src/crypto/tls/testdata/Server-TLSv12-ExportKeyingMaterial
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 cf 01 00 00 cb 03 03 02 b2 16 12 62 |...............b|
-00000010 7d 08 3f 5b db 85 14 34 91 6a 6a 59 48 20 01 21 |}.?[...4.jjYH .!|
-00000020 e7 94 d7 09 a2 5c c1 c7 96 32 bf 00 00 38 c0 2c |.....\...2...8.,|
+00000000 16 03 01 00 cf 01 00 00 cb 03 03 62 4c 73 03 fd |...........bLs..|
+00000010 24 98 d0 f6 41 49 83 94 04 c8 17 51 3e 18 5d 6d |$...AI.....Q>.]m|
+00000020 8a b8 52 c0 cf 0b 60 1e 02 53 d2 00 00 38 c0 2c |..R...`..S...8.,|
00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..|
00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....|
00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<|
@@ -58,38 +58,38 @@
00000290 d4 db fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 |...=.`.\!.;.....|
000002a0 03 00 ac 0c 00 00 a8 03 00 1d 20 2f e5 7d a3 47 |.......... /.}.G|
000002b0 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af |.bC.(.._.).0....|
-000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 04 01 00 80 6d |......_X.;t....m|
-000002d0 c7 4d e0 77 4f de 7a 2f 1f b2 fd 0c ba 64 3b 5b |.M.wO.z/.....d;[|
-000002e0 3c 1a cd b8 ab fb e5 08 ce 92 d7 b7 67 41 cb 69 |<...........gA.i|
-000002f0 48 af 6d 39 c7 df 9c 9d ed 4e f1 fb 78 2c 95 f0 |H.m9.....N..x,..|
-00000300 7d ab 5b 3a f9 36 f7 6e c6 34 4c 74 e7 9e e6 05 |}.[:.6.n.4Lt....|
-00000310 50 9e a7 44 aa 02 3f 56 11 61 33 ea 09 cd b0 99 |P..D..?V.a3.....|
-00000320 76 74 97 27 38 8b 9a 6a 5a 0c 85 e5 1c b0 03 bd |vt.'8..jZ.......|
-00000330 93 32 b5 b4 4b 1d 5f f5 6e 24 9a 74 7b 97 50 36 |.2..K._.n$.t{.P6|
-00000340 bb 2b da aa e8 8f a4 6b 79 2c 71 00 3c 80 46 16 |.+.....ky,q.<.F.|
+000002c0 c4 cf c2 ed 90 99 5f 58 cb 3b 74 08 04 00 80 2d |......_X.;t....-|
+000002d0 54 87 fa c9 e5 97 ad a0 6d 54 89 b1 37 24 af df |T.......mT..7$..|
+000002e0 0f 3e ef 34 f7 6a 5f 1b 06 a5 b9 b4 6d 46 7f b1 |.>.4.j_.....mF..|
+000002f0 ab e4 5c dd c1 3f 98 93 61 e5 81 8a 6c 3d 2f b3 |..\..?..a...l=/.|
+00000300 3c 59 b9 78 45 ba bd 02 b1 a0 72 cb c3 59 b1 55 |<Y.xE.....r..Y.U|
+00000310 da a3 a8 ea ac b2 8a c0 23 e7 e7 ca c9 9f 5d 1b |........#.....].|
+00000320 a8 b4 7c c3 9f cf c5 3c 5f 07 d8 49 8c 95 f1 ce |..|....<_..I....|
+00000330 27 d0 d1 3f 74 44 df e4 12 ea e2 0e 43 6e d2 53 |'..?tD......Cn.S|
+00000340 7e 39 41 d7 71 c1 3c 2c a6 0b 4e e3 4d 9a 02 16 |~9A.q.<,..N.M...|
00000350 03 03 00 04 0e 00 00 00 |........|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 16 a7 b0 ae 6b 77 |....%...! ....kw|
-00000010 94 bf 95 89 8f fd e9 b7 51 a6 0c d3 15 10 df 33 |........Q......3|
-00000020 75 1d 36 3c 0f 0c b9 2d 69 26 14 03 03 00 01 01 |u.6<...-i&......|
-00000030 16 03 03 00 28 9d af 91 d5 d6 f1 77 c6 20 fb dd |....(......w. ..|
-00000040 a1 a3 f1 78 dc b3 8d c5 24 b7 a5 b3 7d 85 f2 25 |...x....$...}..%|
-00000050 3e 21 80 f9 b4 0c c0 54 b3 a6 86 c0 1f |>!.....T.....|
+00000000 16 03 03 00 25 10 00 00 21 20 37 47 1b 8d ef 6c |....%...! 7G...l|
+00000010 dc 59 b2 a5 a2 f6 8e 1b f6 1b ab da ec 9c a7 ff |.Y..............|
+00000020 4a f9 0e 9b 02 b0 8f bc a1 55 14 03 03 00 01 01 |J........U......|
+00000030 16 03 03 00 28 a2 53 52 8b df 86 63 d9 f8 a8 7e |....(.SR...c...~|
+00000040 f5 b4 19 1a 5d 02 9a 48 94 68 6d a2 90 13 93 42 |....]..H.hm....B|
+00000050 87 52 92 50 7c 45 91 b9 91 49 83 66 a6 |.R.P|E...I.f.|
>>> Flow 4 (server to client)
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
-00000030 6f ec 80 83 61 5e eb 27 83 df 5c 51 b3 54 a2 d6 |o...a^.'..\Q.T..|
-00000040 25 19 62 42 8d f3 07 54 c8 5a 2e e8 5a 87 de 1d |%.bB...T.Z..Z...|
-00000050 56 68 95 5d 12 1a 16 1f ad f8 cf 13 fe 33 61 f5 |Vh.].........3a.|
-00000060 4e 96 99 b5 9e 33 94 0c 46 e3 ae f4 b1 6e e3 80 |N....3..F....n..|
-00000070 20 c4 73 bc 84 77 25 f4 7a 5d a8 5b 7b 1f a5 6b | .s..w%.z].[{..k|
-00000080 45 6b 91 d6 2c 30 29 14 03 03 00 01 01 16 03 03 |Ek..,0).........|
-00000090 00 28 00 00 00 00 00 00 00 00 90 98 58 ce 49 7b |.(..........X.I{|
-000000a0 b0 4a 70 9e 7e 4c 81 ab 91 bd 53 f3 31 ba a0 55 |.Jp.~L....S.1..U|
-000000b0 78 ca 32 4d 70 42 f0 df 46 5e 17 03 03 00 25 00 |x.2MpB..F^....%.|
-000000c0 00 00 00 00 00 00 01 84 1b a4 0c be b3 e8 c4 0c |................|
-000000d0 69 33 08 ca e4 3e 74 a4 68 5f a1 47 76 f8 45 4a |i3...>t.h_.Gv.EJ|
-000000e0 98 c4 61 62 15 03 03 00 1a 00 00 00 00 00 00 00 |..ab............|
-000000f0 02 b7 f8 17 12 35 de 44 39 1a b7 ae b4 f0 aa 64 |.....5.D9......d|
-00000100 32 54 c0 |2T.|
+00000030 6f ec 80 83 61 a2 90 f4 4c 03 c8 09 b9 a6 c6 6f |o...a...L......o|
+00000040 c7 52 57 3f 3f 92 71 f3 f8 02 43 69 19 f0 bf 78 |.RW??.q...Ci...x|
+00000050 6a 00 cc 0a 96 6f 80 5d 62 42 9b 6b 7c 00 e0 26 |j....o.]bB.k|..&|
+00000060 90 ef d9 26 f1 33 94 6e 13 9a ec be 91 00 1e 64 |...&.3.n.......d|
+00000070 eb 12 ae b9 74 f9 85 d1 b7 91 bd e1 e2 da ac b0 |....t...........|
+00000080 71 ca 1b 65 1a e7 83 14 03 03 00 01 01 16 03 03 |q..e............|
+00000090 00 28 00 00 00 00 00 00 00 00 fa e4 1b 3b 28 9b |.(...........;(.|
+000000a0 f8 28 d7 26 d7 6a 67 33 1f 4a 39 d9 ac 59 6f fc |.(.&.jg3.J9..Yo.|
+000000b0 2b 84 6c b9 73 70 9b 30 8c d0 17 03 03 00 25 00 |+.l.sp.0......%.|
+000000c0 00 00 00 00 00 00 01 0c 6e 13 cf 3d 10 65 2f e5 |........n..=.e/.|
+000000d0 4f fd f9 b6 34 11 c2 05 60 d5 16 66 68 65 29 fa |O...4...`..fhe).|
+000000e0 e6 97 e4 dc 15 03 03 00 1a 00 00 00 00 00 00 00 |................|
+000000f0 02 58 9a 0d 41 6f 0f 72 c7 43 16 46 83 dd 26 5f |.X..Ao.r.C.F..&_|
+00000100 3a ee 1a |:..|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-P256 b/src/crypto/tls/testdata/Server-TLSv12-P256
index de74935..58b9bed 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-P256
+++ b/src/crypto/tls/testdata/Server-TLSv12-P256
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 8f 01 00 00 8b 03 03 a2 40 15 b5 1c |............@...|
-00000010 cf f4 cc bd c4 63 af 33 7b 7c 13 a1 03 3d 21 05 |.....c.3{|...=!.|
-00000020 7e ff bb 50 e1 1b ec 2a 82 c0 ca 00 00 04 c0 2f |~..P...*......./|
+00000000 16 03 01 00 8f 01 00 00 8b 03 03 49 de 51 77 8e |...........I.Qw.|
+00000010 58 03 e9 25 0b 9a 88 ef 35 2d 35 a8 30 29 22 61 |X..%....5-5.0)"a|
+00000020 ae b4 af 8a a1 2c 45 59 40 5f aa 00 00 04 c0 2f |.....,EY@_...../|
00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 04 00 02 00 17 00 16 00 00 00 17 00 00 |................|
@@ -56,31 +56,31 @@
000002b0 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ |
000002c0 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....|
000002d0 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h|
-000002e0 1a 41 03 56 6b dc 5a 89 04 01 00 80 99 23 69 d3 |.A.Vk.Z......#i.|
-000002f0 6e 82 5a a3 2b 87 1d ab c7 d8 5e c5 e0 5b 18 d7 |n.Z.+.....^..[..|
-00000300 26 3c 7b a3 19 e7 cb a3 a8 d8 26 f3 67 e3 32 00 |&<{.......&.g.2.|
-00000310 40 f5 11 83 92 7b 22 a0 0d 73 19 73 5c 15 bf 3e |@....{"..s.s\..>|
-00000320 03 04 48 bf c4 b1 82 cb d9 f7 bd 38 7d 1b e1 22 |..H........8}.."|
-00000330 0c 70 41 f5 49 a2 6d 26 73 73 eb 5b f9 61 0a 19 |.pA.I.m&ss.[.a..|
-00000340 7f 62 91 93 02 cc ad ad 9b 69 83 71 c2 44 f5 3f |.b.......i.q.D.?|
-00000350 43 9e 63 bb 76 e4 74 63 0e 97 44 38 86 66 db 8b |C.c.v.tc..D8.f..|
-00000360 dd 98 06 f0 13 87 6f 02 26 a6 5c 81 16 03 03 00 |......o.&.\.....|
+000002e0 1a 41 03 56 6b dc 5a 89 08 04 00 80 7b bd 89 a1 |.A.Vk.Z.....{...|
+000002f0 d8 9d cf e4 75 ac 15 60 a9 49 0c c7 68 61 4e e4 |....u..`.I..haN.|
+00000300 2b 51 37 5a 65 38 a4 52 6a d0 4f 8b 76 93 a4 7c |+Q7Ze8.Rj.O.v..||
+00000310 ac 30 6b 89 f1 c7 88 8f f3 5c c7 e9 d6 7c 33 94 |.0k......\...|3.|
+00000320 f7 fc f8 69 35 f3 f7 e0 ea fc 51 5c b2 e2 dc 9e |...i5.....Q\....|
+00000330 57 03 af e6 19 0d 0d e4 25 b6 52 19 12 ad 35 fc |W.......%.R...5.|
+00000340 7f c3 6a 1f ed 06 82 34 81 13 d7 c1 67 a9 18 88 |..j....4....g...|
+00000350 2f bb 00 54 5d d9 01 16 29 dd 03 3c 69 f7 46 52 |/..T]...)..<i.FR|
+00000360 6a 95 51 81 75 68 fa 15 09 11 38 94 16 03 03 00 |j.Q.uh....8.....|
00000370 04 0e 00 00 00 |.....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 46 10 00 00 42 41 04 73 e7 54 18 ae |....F...BA.s.T..|
-00000010 ed 0d b0 7f 1a 72 aa 0a 6f 68 91 66 55 89 7d 25 |.....r..oh.fU.}%|
-00000020 bf e6 0f 4d dd ec 56 09 34 6c f4 6b da a1 09 17 |...M..V.4l.k....|
-00000030 e1 c4 bf 7a 90 a1 72 b0 f1 a1 92 ec e7 20 b2 78 |...z..r...... .x|
-00000040 64 77 2a 0d 72 5e d2 00 c3 c6 3c 14 03 03 00 01 |dw*.r^....<.....|
-00000050 01 16 03 03 00 28 26 ba 79 86 8a 00 51 6a ba 3c |.....(&.y...Qj.<|
-00000060 9b 98 b7 6f 13 d3 36 9c a9 e8 c0 3c c9 70 c5 07 |...o..6....<.p..|
-00000070 1e 63 4b 8a e6 41 5b 92 eb d7 2f 0f d4 c4 |.cK..A[.../...|
+00000000 16 03 03 00 46 10 00 00 42 41 04 a6 c3 8d d1 32 |....F...BA.....2|
+00000010 8e b4 ac 27 75 4a 57 26 7f 6a 52 a7 82 ee c2 b1 |...'uJW&.jR.....|
+00000020 a3 68 0a 8d 09 ff 82 61 57 f3 32 5e ec 1a 2f 20 |.h.....aW.2^../ |
+00000030 8c c1 d4 cf 27 7b f0 1d f9 5d f6 24 80 6a 45 d2 |....'{...].$.jE.|
+00000040 97 cf f1 5d a2 e3 b0 15 7d e6 a4 14 03 03 00 01 |...]....}.......|
+00000050 01 16 03 03 00 28 21 36 fe 82 d2 4a b4 da f8 14 |.....(!6...J....|
+00000060 d6 d6 8c be 56 1f ca 82 7f 20 bb 01 be fb 2a 0d |....V.... ....*.|
+00000070 a8 31 ee 79 f7 8a 8b 4a 1b a7 66 3a 89 67 |.1.y...J..f:.g|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 ca 91 f3 d2 99 1d 84 42 0f e8 e3 c7 63 |..........B....c|
-00000020 6c 0e 43 83 19 17 1a 63 60 1b b5 1f 98 28 b5 44 |l.C....c`....(.D|
-00000030 b9 40 8e 17 03 03 00 25 00 00 00 00 00 00 00 01 |.@.....%........|
-00000040 0e e1 eb d4 a6 d2 54 fd d8 d7 05 71 c2 b6 8e cd |......T....q....|
-00000050 a4 04 9a 7c 1d 7a 42 a5 85 a0 b0 32 97 15 03 03 |...|.zB....2....|
-00000060 00 1a 00 00 00 00 00 00 00 02 56 eb 3c 5c 9b b9 |..........V.<\..|
-00000070 6e b5 55 2d 22 5a 0b 7a 02 eb 01 a8 |n.U-"Z.z....|
+00000010 00 00 00 00 0a 97 89 c3 74 09 63 25 2a fc e1 29 |........t.c%*..)|
+00000020 18 b1 bc d6 75 2e 3b 2a fb 90 17 b9 b8 ea e2 c4 |....u.;*........|
+00000030 29 94 16 17 03 03 00 25 00 00 00 00 00 00 00 01 |)......%........|
+00000040 8c 30 76 b7 fd b1 96 0b 2a 8f f3 e1 b3 38 16 15 |.0v.....*....8..|
+00000050 10 3d 32 ee 29 b5 12 cb cb cf 98 a3 c5 15 03 03 |.=2.)...........|
+00000060 00 1a 00 00 00 00 00 00 00 02 9e 4a 55 8e 91 ff |...........JU...|
+00000070 13 0b 56 be 3c 5d b8 26 42 f1 c8 28 |..V.<].&B..(|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
index e665611..fa4b47b 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES-GCM
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 4e ff 1b cc cf |...........N....|
-00000010 1e 26 9d 93 07 48 b0 a3 8f 25 94 71 8c fa a3 2c |.&...H...%.q...,|
-00000020 2d f3 69 ee 10 94 1a 42 9c 22 cd 00 00 04 c0 2f |-.i....B."...../|
+00000000 16 03 01 00 97 01 00 00 93 03 03 8a ca f1 8f ad |................|
+00000010 fe 0b a3 e1 b8 08 10 1a 40 57 b6 f7 f7 e3 72 c4 |........@W....r.|
+00000020 57 4a 71 f8 30 cd 62 62 c7 0f 2d 00 00 04 c0 2f |WJq.0.bb..-..../|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -54,29 +54,29 @@
00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........|
000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.|
000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
-000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 3d 36 a9 9e 4c |.._X.;t....=6..L|
-000002d0 0a 16 51 e5 f6 aa 5b 41 ff a0 94 19 11 58 ab fc |..Q...[A.....X..|
-000002e0 46 fa cc 8e 10 9d c5 4d b2 ee 14 46 bf 51 04 98 |F......M...F.Q..|
-000002f0 73 24 6e 36 4b 51 fc 06 d6 25 c7 f9 f6 dc a3 aa |s$n6KQ...%......|
-00000300 8e a5 8b ee ca 8d 0e 63 29 64 b7 71 87 cb a7 df |.......c)d.q....|
-00000310 ec bc 5b 1a b7 ae 7e e9 e8 50 f4 e9 b0 1f ef 4d |..[...~..P.....M|
-00000320 19 65 02 7d ee 10 9b aa e6 7c 19 27 9a 62 20 fb |.e.}.....|.'.b .|
-00000330 5f b2 40 8c 8c cc f2 70 61 d3 9a c2 0d ab 46 b8 |_.@....pa.....F.|
-00000340 14 eb 17 5d 8b df f2 2b a9 b9 8a 16 03 03 00 04 |...]...+........|
+000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 50 0b d9 1c 03 |.._X.;t....P....|
+000002d0 6f 08 05 a6 39 cc 9f 7e 3d f1 fb af 8e 0b 9a ef |o...9..~=.......|
+000002e0 39 d3 b6 e3 71 9c 5a 37 a1 86 f2 f0 59 01 fc b2 |9...q.Z7....Y...|
+000002f0 51 1c 0e 22 42 24 3e c6 db fb a1 39 9d 75 f4 79 |Q.."B$>....9.u.y|
+00000300 55 dd e5 99 0b 22 5b ed c7 19 ac db ed d3 ee 23 |U...."[........#|
+00000310 b9 37 2b 51 ea 7f 39 4d 8b 0a bc a2 2e f2 ef 9e |.7+Q..9M........|
+00000320 a5 8c 99 77 ff d2 fb 46 e4 10 4e a9 b2 a9 ce b6 |...w...F..N.....|
+00000330 50 d4 0a 28 a5 3f 0e 2c 60 cd 0f 07 9c 7e 60 c3 |P..(.?.,`....~`.|
+00000340 79 a5 cf f3 cd 77 5a 16 8d fc 14 16 03 03 00 04 |y....wZ.........|
00000350 0e 00 00 00 |....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 aa 60 5f d1 8e 1b |....%...! .`_...|
-00000010 48 c9 aa 40 6f d1 2d 7b 7f 27 2a e6 a5 9a a5 08 |H..@o.-{.'*.....|
-00000020 d7 23 71 41 ed 6d d1 26 df 20 14 03 03 00 01 01 |.#qA.m.&. ......|
-00000030 16 03 03 00 28 d0 ae c7 25 40 d1 24 fa f4 df 06 |....(...%@.$....|
-00000040 a6 44 f7 84 87 fe 88 52 b9 b6 89 13 1e c7 a2 f9 |.D.....R........|
-00000050 10 d2 7a 6b 20 a9 ba c1 fe de 2c c9 76 |..zk .....,.v|
+00000000 16 03 03 00 25 10 00 00 21 20 ef 3b b1 d2 a3 f6 |....%...! .;....|
+00000010 be f2 fc 2e b5 ed d3 ec 6a fb 2f 0d 5a 04 98 61 |........j./.Z..a|
+00000020 92 26 59 ba 17 26 1b 60 27 2b 14 03 03 00 01 01 |.&Y..&.`'+......|
+00000030 16 03 03 00 28 e2 94 22 bb 71 70 c8 a6 63 e5 6f |....(..".qp..c.o|
+00000040 2e 00 0f b9 bf 6b 54 34 dc ce b0 12 0b 16 e5 ac |.....kT4........|
+00000050 8f 6b 1e 96 a1 e3 86 b7 6f 8c 76 09 da |.k......o.v..|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 9f a6 e8 5b b5 49 e4 d6 8e ee 0c 19 43 |......[.I......C|
-00000020 95 e2 89 40 e4 8b 5d 52 bc 63 1c e4 59 b9 cf 56 |...@..]R.c..Y..V|
-00000030 0e db 9f 17 03 03 00 25 00 00 00 00 00 00 00 01 |.......%........|
-00000040 e9 c0 11 15 b8 65 cf 13 bf 86 ef fe a3 44 3c 37 |.....e.......D<7|
-00000050 9d 6e ea 22 a4 e1 e8 de 61 1f d8 b9 7d 15 03 03 |.n."....a...}...|
-00000060 00 1a 00 00 00 00 00 00 00 02 41 cf c1 0c 23 58 |..........A...#X|
-00000070 5e 8e 79 bb ab a3 c3 06 f6 95 39 f7 |^.y.......9.|
+00000010 00 00 00 f5 dc 00 28 06 03 50 9b b2 db 4d 89 25 |......(..P...M.%|
+00000020 3a 94 04 85 5b 7a 3f 16 fb 55 8f e0 c3 a3 33 21 |:...[z?..U....3!|
+00000030 65 84 c5 17 03 03 00 25 00 00 00 00 00 00 00 01 |e......%........|
+00000040 a9 35 62 24 4b 63 6e 62 1c 8f 99 e4 e0 3e f0 a2 |.5b$Kcnb.....>..|
+00000050 e3 02 34 6f 10 71 9c 6b b3 4a 2d 7f 71 15 03 03 |..4o.q.k.J-.q...|
+00000060 00 1a 00 00 00 00 00 00 00 02 91 43 07 98 b1 ba |...........C....|
+00000070 06 1b dd 21 46 82 63 67 8b bb 1f b5 |...!F.cg....|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
index f1d4705..2cc2c28 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 97 01 00 00 93 03 03 01 96 f1 d3 d0 |................|
-00000010 c2 f6 05 e0 e8 30 72 c6 4e 88 04 95 fa b1 92 19 |.....0r.N.......|
-00000020 65 61 47 0f 7d 5a 57 ce 7e dd e2 00 00 04 c0 30 |eaG.}ZW.~......0|
+00000000 16 03 01 00 97 01 00 00 93 03 03 0f 13 d8 49 94 |..............I.|
+00000010 b9 cc 41 1d d4 3d bb d2 c9 a3 2c 74 11 ca 01 e8 |..A..=....,t....|
+00000020 5b b0 2e 57 60 b5 30 37 2d b9 f0 00 00 04 c0 30 |[..W`.07-......0|
00000030 00 ff 01 00 00 66 00 00 00 0e 00 0c 00 00 09 31 |.....f.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................|
@@ -54,29 +54,29 @@
00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........|
000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.|
000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
-000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 a2 f1 3d 60 b9 |.._X.;t......=`.|
-000002d0 14 a3 bb 85 ae 0e a5 49 b8 ea 57 ea be 4a 36 68 |.......I..W..J6h|
-000002e0 c5 62 d1 65 08 9a 48 9f 6e 05 51 7e aa e7 4e 24 |.b.e..H.n.Q~..N$|
-000002f0 10 59 8e 87 4b 2b 23 48 14 ce 4f bc a7 bb d1 79 |.Y..K+#H..O....y|
-00000300 d0 86 f2 e6 40 59 52 42 5f e9 6b 18 aa 32 3e 8c |....@YRB_.k..2>.|
-00000310 42 31 e9 b6 0f a7 ee 0c 9c ab ca 0f d8 da c5 48 |B1.............H|
-00000320 e1 98 dd 00 08 f9 76 28 34 3b 53 2c 02 72 b4 e1 |......v(4;S,.r..|
-00000330 39 c0 05 76 39 a7 51 b2 23 41 b6 46 49 8d 7e da |9..v9.Q.#A.FI.~.|
-00000340 93 15 a6 47 c6 9f d9 0b 0f 3d c6 16 03 03 00 04 |...G.....=......|
+000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 40 f3 67 86 41 |.._X.;t....@.g.A|
+000002d0 93 17 f7 db b2 80 ca 73 f9 f8 45 24 cc 46 57 47 |.......s..E$.FWG|
+000002e0 28 83 19 df e8 63 e7 19 c4 a2 04 85 25 7d ec 55 |(....c......%}.U|
+000002f0 91 d4 df eb 77 53 c2 3b d5 71 1a f7 39 d2 ee b4 |....wS.;.q..9...|
+00000300 06 4b e4 07 b7 fa 8a 8e fa 64 22 83 dd 22 8b b8 |.K.......d".."..|
+00000310 4d a5 1a f5 e3 81 01 81 6a a1 6e 62 54 3a 3a 09 |M.......j.nbT::.|
+00000320 ed 76 f2 5a d3 4e 4b 74 be 46 50 0d 51 77 34 f6 |.v.Z.NKt.FP.Qw4.|
+00000330 02 ef 57 39 29 bf d9 64 ad 65 06 ae a6 8d 94 86 |..W9)..d.e......|
+00000340 84 76 cf 2c 36 98 04 5b a1 59 6c 16 03 03 00 04 |.v.,6..[.Yl.....|
00000350 0e 00 00 00 |....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 4a 79 14 54 02 dc |....%...! Jy.T..|
-00000010 3a c0 f0 85 6e 54 b5 62 6b de 34 11 4b bf f6 ec |:...nT.bk.4.K...|
-00000020 ba 6b 13 10 45 df c6 60 e9 3a 14 03 03 00 01 01 |.k..E..`.:......|
-00000030 16 03 03 00 28 c6 0f 77 ca e2 72 dd 4d 0e 12 bc |....(..w..r.M...|
-00000040 54 81 22 dd 9c c1 3d 86 54 07 b5 15 a3 1e 77 65 |T."...=.T.....we|
-00000050 be 86 44 9f 31 64 9b 94 72 6d 7c ad 52 |..D.1d..rm|.R|
+00000000 16 03 03 00 25 10 00 00 21 20 d5 2b 0e 3c e9 3e |....%...! .+.<.>|
+00000010 e9 b0 3d 86 a9 85 b5 68 af cf 27 cf 4b d4 49 2e |..=....h..'.K.I.|
+00000020 68 f2 9e 3c 32 7c cb fb dc 57 14 03 03 00 01 01 |h..<2|...W......|
+00000030 16 03 03 00 28 5a cc f4 77 38 94 46 7b 39 5d 81 |....(Z..w8.F{9].|
+00000040 be 77 a5 4a 76 c9 46 62 17 0b 2b ea 89 c2 29 bd |.w.Jv.Fb..+...).|
+00000050 4b b0 dd 51 1e b8 7b a9 55 f5 fb b3 6a |K..Q..{.U...j|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 6b 95 cf 9d cb f4 fa 82 23 67 73 2f f6 |...k.......#gs/.|
-00000020 3f 3c 20 a6 0d 46 14 03 8b e5 d0 33 52 ae f8 2c |?< ..F.....3R..,|
-00000030 c0 9d 78 17 03 03 00 25 00 00 00 00 00 00 00 01 |..x....%........|
-00000040 2f 71 b0 f4 5a 0e b9 53 86 4b 8b 47 a9 32 17 79 |/q..Z..S.K.G.2.y|
-00000050 58 39 b1 96 d0 e4 29 89 7a 90 02 3a 43 15 03 03 |X9....).z..:C...|
-00000060 00 1a 00 00 00 00 00 00 00 02 67 da 50 4b 3a bb |..........g.PK:.|
-00000070 3f 45 59 9b cb 63 58 2d 62 6d ef f4 |?EY..cX-bm..|
+00000010 00 00 00 b9 9b c0 b1 2b 71 af 0b 44 4e 4a cd e8 |.......+q..DNJ..|
+00000020 c6 68 b8 2a d9 67 6f 7f 18 12 22 5c 4b 5c ca 43 |.h.*.go..."\K\.C|
+00000030 ff c1 9d 17 03 03 00 25 00 00 00 00 00 00 00 01 |.......%........|
+00000040 3c ae 33 dd 69 6c 01 a0 d2 a7 91 52 43 f3 78 38 |<.3.il.....RC.x8|
+00000050 94 f4 24 0b 3d c9 bb 5f 02 27 89 bb 9b 15 03 03 |..$.=.._.'......|
+00000060 00 1a 00 00 00 00 00 00 00 02 68 8d d7 d8 2f 95 |..........h.../.|
+00000070 61 09 59 52 0d b8 12 fc 6a 07 28 37 |a.YR....j.(7|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
index 66b9de7..465d8db 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
+++ b/src/crypto/tls/testdata/Server-TLSv12-RSA-RSAPSS
@@ -1,14 +1,14 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 91 01 00 00 8d 03 03 01 e3 d4 6a 58 |..............jX|
-00000010 36 ca f5 a3 28 b8 b3 89 96 e2 14 77 94 e1 2e 77 |6...(......w...w|
-00000020 f4 4b 7e 3c e4 d4 b7 a2 18 14 1d 00 00 2a c0 30 |.K~<.........*.0|
+00000000 16 03 01 00 91 01 00 00 8d 03 03 6d d9 a6 ff 3e |...........m...>|
+00000010 4b 00 33 67 b4 8c c6 e8 07 ee f3 77 83 31 81 e9 |K.3g.......w.1..|
+00000020 8f 3e 9e 77 8b 5c 8b 84 47 b4 33 00 00 2a c0 30 |.>.w.\..G.3..*.0|
00000030 00 9f cc a8 cc aa c0 2f 00 9e c0 28 00 6b c0 27 |......./...(.k.'|
00000040 00 67 c0 14 00 39 c0 13 00 33 00 9d 00 9c 00 3d |.g...9...3.....=|
00000050 00 3c 00 35 00 2f 00 ff 01 00 00 3a 00 00 00 0e |.<.5./.....:....|
00000060 00 0c 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b |.....127.0.0.1..|
00000070 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 |................|
00000080 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d |................|
-00000090 00 04 00 02 08 04 |......|
+00000090 00 04 00 02 08 06 |......|
>>> Flow 2 (server to client)
00000000 16 03 03 00 37 02 00 00 33 03 03 00 00 00 00 00 |....7...3.......|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
diff --git a/src/crypto/tls/testdata/Server-TLSv12-X25519 b/src/crypto/tls/testdata/Server-TLSv12-X25519
index acf838e..c196336 100644
--- a/src/crypto/tls/testdata/Server-TLSv12-X25519
+++ b/src/crypto/tls/testdata/Server-TLSv12-X25519
@@ -1,7 +1,7 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 8f 01 00 00 8b 03 03 5a 2a 82 da c4 |...........Z*...|
-00000010 83 93 08 34 2c 78 0c 1a a2 e5 16 61 fc c6 db bd |...4,x.....a....|
-00000020 4d 02 1b 66 9d ad 1f aa a6 30 b0 00 00 04 c0 2f |M..f.....0...../|
+00000000 16 03 01 00 8f 01 00 00 8b 03 03 5d ff d6 27 db |...........]..'.|
+00000010 3b e5 2b 79 3a a6 cf 75 3d f7 c9 d9 0a d4 8c b2 |;.+y:..u=.......|
+00000020 af 3c 29 84 65 a2 d6 98 52 e2 eb 00 00 04 c0 2f |.<).e...R....../|
00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1|
00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........|
00000050 00 0a 00 04 00 02 00 1d 00 16 00 00 00 17 00 00 |................|
@@ -54,29 +54,29 @@
00000290 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c |.`.\!.;.........|
000002a0 00 00 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 |...... /.}.G.bC.|
000002b0 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed |(.._.).0........|
-000002c0 90 99 5f 58 cb 3b 74 04 01 00 80 c0 e0 de 35 00 |.._X.;t.......5.|
-000002d0 02 aa 94 59 31 e1 f7 8e 72 d9 1d f3 e3 86 50 0d |...Y1...r.....P.|
-000002e0 06 61 3d fa 3b 22 47 44 fb 1f 7d 33 39 7a 5e f5 |.a=.;"GD..}39z^.|
-000002f0 c4 7d d7 1c ad d9 fe cb f4 c8 af 61 79 7e 3f a1 |.}.........ay~?.|
-00000300 83 0b d6 c4 c1 7f 18 08 75 e1 43 bc e3 cb da 65 |........u.C....e|
-00000310 4d 09 b8 1d 7d 57 3e 19 92 26 d1 a7 4f 61 95 cb |M...}W>..&..Oa..|
-00000320 88 89 fe 7b e2 07 46 3a 31 53 bd 7b 33 e9 15 9e |...{..F:1S.{3...|
-00000330 a8 97 72 12 b8 0c fe 09 8c 41 c0 86 05 2a 1e e7 |..r......A...*..|
-00000340 52 a1 0c 87 43 16 c0 71 4b 5e 26 16 03 03 00 04 |R...C..qK^&.....|
+000002c0 90 99 5f 58 cb 3b 74 08 04 00 80 73 d6 a4 35 5f |.._X.;t....s..5_|
+000002d0 3f 46 ad de 81 13 a8 d9 21 17 25 37 61 cb 62 0d |?F......!.%7a.b.|
+000002e0 e2 bf 95 51 0e 9e e7 b1 ab bc be f6 ec 80 b1 f4 |...Q............|
+000002f0 3e 9c 69 3f c8 1e a4 02 82 fd 57 01 e7 0c 18 be |>.i?......W.....|
+00000300 c6 1b 01 68 cb ef dc d8 16 92 fb 1b 07 fd 98 f8 |...h............|
+00000310 00 77 a9 8e 71 2a e0 6c 68 d5 83 f9 36 c3 3b 99 |.w..q*.lh...6.;.|
+00000320 44 98 a0 96 00 1a 02 95 c5 7c ea ae 51 81 89 94 |D........|..Q...|
+00000330 57 b6 37 c5 88 56 9f 49 bf 36 26 48 08 36 a1 69 |W.7..V.I.6&H.6.i|
+00000340 48 a2 c4 b2 6f 0f 43 70 91 1e 8a 16 03 03 00 04 |H...o.Cp........|
00000350 0e 00 00 00 |....|
>>> Flow 3 (client to server)
-00000000 16 03 03 00 25 10 00 00 21 20 1b a0 89 f7 81 50 |....%...! .....P|
-00000010 fe e1 6b 59 79 bb a4 3b 24 16 c5 14 60 ba 91 6a |..kYy..;$...`..j|
-00000020 1f 74 2f 71 e0 db d4 b9 26 4b 14 03 03 00 01 01 |.t/q....&K......|
-00000030 16 03 03 00 28 79 bc 10 e1 74 c8 5a 62 a9 76 8d |....(y...t.Zb.v.|
-00000040 cb b9 9e 30 ff e8 c5 a8 0d ca 7d 21 c4 c3 1c b3 |...0......}!....|
-00000050 a1 50 4b 8f dd b4 8e 55 91 3d 4b 9b 64 |.PK....U.=K.d|
+00000000 16 03 03 00 25 10 00 00 21 20 0a 1b 78 c4 bb eb |....%...! ..x...|
+00000010 a4 01 33 3b 69 95 c2 06 5d c9 3e b3 13 51 4b 93 |..3;i...].>..QK.|
+00000020 5e 3c 3e a7 42 12 22 e8 7e 49 14 03 03 00 01 01 |^<>.B.".~I......|
+00000030 16 03 03 00 28 fc c7 a1 45 50 e0 fe 27 fd ac a4 |....(...EP..'...|
+00000040 d8 a2 c6 54 df e1 d3 6f e7 d8 45 a6 57 16 2f 1f |...T...o..E.W./.|
+00000050 cf 89 26 c6 0a c3 4f 63 df ac bc c9 79 |..&...Oc....y|
>>> Flow 4 (server to client)
00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....|
-00000010 00 00 00 54 71 0f 7e f4 42 ec 9c 41 d1 04 e9 20 |...Tq.~.B..A... |
-00000020 08 09 e4 1e 4e 96 14 46 5a 3f 35 16 99 9b f4 a1 |....N..FZ?5.....|
-00000030 87 26 01 17 03 03 00 25 00 00 00 00 00 00 00 01 |.&.....%........|
-00000040 d3 e6 57 91 a0 78 a9 dc 50 b0 2d af 63 4e 13 4e |..W..x..P.-.cN.N|
-00000050 28 64 e0 a0 34 bd 67 0c 9d b3 e7 c2 48 15 03 03 |(d..4.g.....H...|
-00000060 00 1a 00 00 00 00 00 00 00 02 50 f3 13 c2 91 0d |..........P.....|
-00000070 2c b5 48 22 2b 2d d9 f0 b6 f0 31 32 |,.H"+-....12|
+00000010 00 00 00 37 25 28 76 4e 31 dd 5e b0 5b 39 87 fc |...7%(vN1.^.[9..|
+00000020 0f 10 3c bc 6d 12 9a dd 59 89 0b 09 bc f2 2c d8 |..<.m...Y.....,.|
+00000030 05 a7 77 17 03 03 00 25 00 00 00 00 00 00 00 01 |..w....%........|
+00000040 fe 79 9d dd d9 e3 bc 48 47 65 30 64 c7 74 82 0a |.y.....HGe0d.t..|
+00000050 9f b7 45 a2 62 40 b5 dd 79 b9 ce 06 83 15 03 03 |..E.b@..y.......|
+00000060 00 1a 00 00 00 00 00 00 00 02 58 ed 37 40 33 e4 |..........X.7@3.|
+00000070 75 f0 a6 fa 14 f5 6b 93 9e 54 f2 a4 |u.....k..T..|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS
index 21f57b7..8151fd4 100644
--- a/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS
+++ b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS
@@ -1,101 +1,16 @@
>>> Flow 1 (client to server)
-00000000 16 03 01 00 c6 01 00 00 c2 03 03 39 95 ab cc 1c |...........9....|
-00000010 64 13 9d 19 2e 3e 73 33 48 b1 a9 f7 88 14 5a 83 |d....>s3H.....Z.|
-00000020 19 f7 b5 08 8d e4 80 09 72 21 99 20 23 ad 4c 2c |........r!. #.L,|
-00000030 66 84 1e e8 c3 0c 9f 66 19 76 df a3 e0 62 cd 7d |f......f.v...b.}|
-00000040 95 85 70 4f 37 fb 39 58 50 b1 d5 7b 00 08 13 02 |..pO7.9XP..{....|
+00000000 16 03 01 00 c6 01 00 00 c2 03 03 6b 64 fe be 82 |...........kd...|
+00000010 d3 c7 f8 26 35 c1 7c 50 d0 a9 19 a5 1d 6b d5 1b |...&5.|P.....k..|
+00000020 25 9b 47 fb 49 01 fc df 2e dc 8e 20 92 d0 73 81 |%.G.I...... ..s.|
+00000030 91 5a 8a f9 2a cf 29 c7 9d 43 b2 b0 7d b9 5a a3 |.Z..*.)..C..}.Z.|
+00000040 5f 74 53 a0 8e fe 4e 2e 83 0d 3b 0f 00 08 13 02 |_tS...N...;.....|
00000050 13 03 13 01 00 ff 01 00 00 71 00 00 00 0e 00 0c |.........q......|
00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 04 |................|
-00000090 00 02 08 04 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...|
-000000a0 01 00 33 00 26 00 24 00 1d 00 20 be 29 89 8d 44 |..3.&.$... .)..D|
-000000b0 4d e5 51 88 7a 1a 56 52 a8 86 74 13 0e e9 a5 a7 |M.Q.z.VR..t.....|
-000000c0 b6 7f 38 b3 ef 62 e6 b0 c5 2a 0a |..8..b...*.|
+00000090 00 02 08 06 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...|
+000000a0 01 00 33 00 26 00 24 00 1d 00 20 76 43 b3 ed 62 |..3.&.$... vC..b|
+000000b0 22 72 15 69 b5 5b fd 9c ac 4a bd 36 4a 8d 3a 08 |"r.i.[...J.6J.:.|
+000000c0 9d a0 5e 10 e6 13 87 2b 41 51 66 |..^....+AQf|
>>> Flow 2 (server to client)
-00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
-00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
-00000020 00 00 00 00 00 00 00 00 00 00 00 20 23 ad 4c 2c |........... #.L,|
-00000030 66 84 1e e8 c3 0c 9f 66 19 76 df a3 e0 62 cd 7d |f......f.v...b.}|
-00000040 95 85 70 4f 37 fb 39 58 50 b1 d5 7b 13 02 00 00 |..pO7.9XP..{....|
-00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
-00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
-00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
-00000080 03 03 00 01 01 17 03 03 00 17 49 c6 88 9c 3b 2f |..........I...;/|
-00000090 3a 0a e6 8e 75 d0 39 11 ad 08 87 17 2c 14 96 28 |:...u.9.....,..(|
-000000a0 85 17 03 03 02 6d 2a d6 89 4d 5d f3 6c 28 97 dd |.....m*..M].l(..|
-000000b0 4e 45 88 e8 90 a4 f3 45 86 cf 59 d6 61 6e 1a a7 |NE.....E..Y.an..|
-000000c0 b7 35 7e 9c 6e 11 19 c4 1b 89 b9 5a 7c aa 1f 96 |.5~.n......Z|...|
-000000d0 e2 36 6d 54 09 12 2f 28 12 20 a3 41 06 bd 44 3c |.6mT../(. .A..D<|
-000000e0 73 be d3 8c 78 18 a1 63 ad f9 9d 41 20 5e 32 55 |s...x..c...A ^2U|
-000000f0 8e 18 c1 d8 b0 93 13 7e 88 a0 af 8a 59 e2 af 43 |.......~....Y..C|
-00000100 d2 82 66 ba c5 a1 97 94 e8 63 40 1b 8f c4 eb 49 |..f......c@....I|
-00000110 19 91 65 e9 54 d3 90 76 d6 f8 ff 15 20 31 3c 86 |..e.T..v.... 1<.|
-00000120 88 8a 43 be 77 a0 28 de fa 9f d5 30 14 a8 35 2f |..C.w.(....0..5/|
-00000130 5e ee 9d cf b5 69 d1 f5 f6 55 d1 1a 61 3f 4c a1 |^....i...U..a?L.|
-00000140 97 38 5b 87 7e ce 88 23 8a d0 bd fc 4b c5 da f7 |.8[.~..#....K...|
-00000150 25 6c 6c 0b ec 61 50 72 97 6b f7 fe 9b 5b 5a f9 |%ll..aPr.k...[Z.|
-00000160 59 19 71 10 74 2d 14 8c 1b 52 8b 39 1c 56 ea 7e |Y.q.t-...R.9.V.~|
-00000170 7a c9 8f 7c bd db 1e c5 02 9f 42 8b 63 ee 13 52 |z..|......B.c..R|
-00000180 fe 46 40 de 7b 97 27 b0 16 87 75 96 c7 1c 88 5d |.F@.{.'...u....]|
-00000190 2e 64 7f a8 df e0 16 b9 ee 27 7e b3 98 99 f7 4a |.d.......'~....J|
-000001a0 83 05 78 bb 59 07 8e 1a 46 1d 0f 45 87 ae d9 ae |..x.Y...F..E....|
-000001b0 6f 42 ed b1 72 14 8c 9d 33 72 95 ac 12 bb a0 20 |oB..r...3r..... |
-000001c0 56 a8 8a 23 e4 51 6a 89 f5 8e bc 55 5a e2 8d 78 |V..#.Qj....UZ..x|
-000001d0 84 24 55 99 cf 37 61 8c 7e 46 17 f3 26 ca 27 ec |.$U..7a.~F..&.'.|
-000001e0 f4 04 f6 76 1d cf 82 0c bd 85 82 81 06 f1 96 ce |...v............|
-000001f0 78 54 6c eb a0 f8 cf 30 6a 10 17 08 e6 94 83 4f |xTl....0j......O|
-00000200 56 34 80 ef ac fa ab e7 59 9e 6b f9 f8 38 76 cc |V4......Y.k..8v.|
-00000210 3b 09 b0 16 3f 3f 5c d3 6a ad d9 2c 65 d8 ce b4 |;...??\.j..,e...|
-00000220 19 53 c4 c9 d1 82 e8 19 72 ec bc 85 ef 3a 6e e5 |.S......r....:n.|
-00000230 ba 3c f8 37 98 98 80 47 5f 47 4f cd ed f5 0e bc |.<.7...G_GO.....|
-00000240 4e 14 a2 7d 8d 43 0b 18 ba 3b 10 50 e4 18 fc ac |N..}.C...;.P....|
-00000250 0e 01 21 73 68 da 50 51 8a 64 b6 18 28 ca e3 a4 |..!sh.PQ.d..(...|
-00000260 aa d2 5c 28 ff 64 fd cb 28 00 db b1 5c bf 75 81 |..\(.d..(...\.u.|
-00000270 bb d2 8c df 5c 26 70 1d d6 fe 7a 94 65 27 93 72 |....\&p...z.e'.r|
-00000280 bc ba 17 92 8f be 61 ec f5 88 04 ed fb cc f3 5c |......a........\|
-00000290 71 d0 a4 5d 13 a6 a3 82 89 e8 9e 1a 8e 31 fd 2f |q..].........1./|
-000002a0 57 53 98 d5 1f c4 3f 8e 92 7f 1b 90 a3 ad 6c 96 |WS....?.......l.|
-000002b0 42 cc f2 f0 1c 8d 3f 31 fd b2 53 29 79 16 9a 96 |B.....?1..S)y...|
-000002c0 fd d6 fe d4 3f 13 aa 39 73 d4 73 6d 9a ff f6 db |....?..9s.sm....|
-000002d0 52 0a 1e 76 71 0f d3 ee de a8 b3 05 3b 24 c4 72 |R..vq.......;$.r|
-000002e0 67 78 f1 be df c5 c0 87 32 60 28 96 8e b2 2e 3f |gx......2`(....?|
-000002f0 7d e9 aa b7 66 57 ee 67 e6 ac 70 da 60 ce c2 00 |}...fW.g..p.`...|
-00000300 55 2f 20 25 39 a5 5e b9 65 c3 00 63 c7 5a a9 31 |U/ %9.^.e..c.Z.1|
-00000310 de fe 65 17 03 03 00 99 95 83 6d be 56 ef 4f a3 |..e.......m.V.O.|
-00000320 96 5f a8 3d d5 a1 f3 8e 9a 8c 40 35 f4 12 2c 0a |._.=......@5..,.|
-00000330 b3 02 3b d2 14 d8 a4 f1 12 01 be e1 8a 6b 5f 01 |..;..........k_.|
-00000340 71 de ac 70 e9 7a 90 78 2e 2a a8 29 64 20 85 dd |q..p.z.x.*.)d ..|
-00000350 57 09 cf 48 29 d0 63 42 bc 9b ec 0c e2 2d 41 d0 |W..H).cB.....-A.|
-00000360 cb d8 68 46 b7 17 fc 1d 95 12 5a 4c c3 10 67 32 |..hF......ZL..g2|
-00000370 f7 7a 14 55 63 fb 57 6e 59 ee b6 66 b8 65 e1 37 |.z.Uc.WnY..f.e.7|
-00000380 e6 7c 6c 07 8b d1 84 80 01 11 ce 7f 20 f0 4d 42 |.|l......... .MB|
-00000390 a7 67 01 12 e6 b5 9b d4 6a fe 38 37 71 ca 60 d6 |.g......j.87q.`.|
-000003a0 12 d7 00 b5 26 c3 97 1d 9f 37 6a 82 31 ef c3 12 |....&....7j.1...|
-000003b0 bc 17 03 03 00 45 65 1e cf 1f 1e 73 93 8d 66 54 |.....Ee....s..fT|
-000003c0 47 b0 73 9f d1 a4 9d 3b b0 72 b4 f2 5f 06 e1 d2 |G.s....;.r.._...|
-000003d0 1f bb 3d 13 48 7c 7a e0 19 15 9f aa a5 ed 09 18 |..=.H|z.........|
-000003e0 2e 4e 8a cd 66 2b 9c b3 fe 99 b0 57 06 2e b3 a0 |.N..f+.....W....|
-000003f0 79 92 c1 bb 0e 29 44 02 f1 b0 43 17 03 03 00 a3 |y....)D...C.....|
-00000400 52 cd d9 d7 60 1c f5 06 83 aa 2f e0 0c 0f 5e 6d |R...`...../...^m|
-00000410 0f 29 93 b9 ae 50 04 c6 f7 d3 ff c7 d1 ac 9d 43 |.)...P.........C|
-00000420 d7 b5 76 7a 16 b7 2c b7 79 48 a4 c3 28 2a 86 10 |..vz..,.yH..(*..|
-00000430 d1 24 7c 04 ed af 1f 8a 0b 18 29 97 7a 7a 47 3f |.$|.......).zzG?|
-00000440 1f fe ba 9c 72 d9 9b ae 9b 83 5f f4 5a 4f 10 b8 |....r....._.ZO..|
-00000450 e5 45 35 76 77 a2 ac 99 1c bc 78 cf 6f 62 ef ef |.E5vw.....x.ob..|
-00000460 9b 1b 90 eb 95 6b a1 25 82 b7 c1 1b 6f da 10 4c |.....k.%....o..L|
-00000470 aa 3e a8 ba dd 77 b1 39 a0 b2 6a 11 18 44 2a 8d |.>...w.9..j..D*.|
-00000480 58 9a 53 31 e1 d1 ec 8b 47 95 63 67 44 67 8d 09 |X.S1....G.cgDg..|
-00000490 2f 16 f5 19 cd 65 1d 52 d7 bd 19 f0 bb ec 7b 55 |/....e.R......{U|
-000004a0 33 4f 84 |3O.|
->>> Flow 3 (client to server)
-00000000 14 03 03 00 01 01 17 03 03 00 45 07 3f db d9 c7 |..........E.?...|
-00000010 05 fd c4 0c 2d ae ee d8 d7 e7 ac 46 19 a2 17 e5 |....-......F....|
-00000020 5e 10 30 65 05 be e0 c7 1e b3 e2 16 a4 d6 69 e1 |^.0e..........i.|
-00000030 2c ff 18 ba e4 8f d0 3d 12 45 df c3 d4 08 0d e6 |,......=.E......|
-00000040 94 6e 83 6d 99 9d f3 f1 02 48 6b 6f d1 2d f0 c6 |.n.m.....Hko.-..|
->>> Flow 4 (server to client)
-00000000 17 03 03 00 1e 2a 3d 96 b4 6a 9e 7f 7f ca e0 8e |.....*=..j......|
-00000010 41 4e bd 82 86 61 b8 59 19 e4 97 02 c2 00 7e 69 |AN...a.Y......~i|
-00000020 81 b0 64 17 03 03 00 13 63 91 94 1a a3 51 bf 95 |..d.....c....Q..|
-00000030 9e 09 a2 a1 f0 01 57 93 00 71 49 |......W..qI|
+00000000 15 03 03 00 02 02 28 |......(|
diff --git a/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall
new file mode 100644
index 0000000..94f5818
--- /dev/null
+++ b/src/crypto/tls/testdata/Server-TLSv13-RSA-RSAPSS-TooSmall
@@ -0,0 +1,16 @@
+>>> Flow 1 (client to server)
+00000000 16 03 01 00 c6 01 00 00 c2 03 03 7c a4 3e 3b dd |...........|.>;.|
+00000010 d4 90 de 04 87 40 12 a6 f8 63 d9 9d b3 44 7b 52 |.....@...c...D{R|
+00000020 9b b2 2d e2 da 0a 6b 87 30 2e 1f 20 38 be 06 6e |..-...k.0.. 8..n|
+00000030 b8 2d 46 93 8d ed 31 ea 5c 44 5a 3a 6e 3a bd 3c |.-F...1.\DZ:n:.<|
+00000040 0d 69 99 2c 5d 59 30 85 1a bc ce 59 00 08 13 02 |.i.,]Y0....Y....|
+00000050 13 03 13 01 00 ff 01 00 00 71 00 00 00 0e 00 0c |.........q......|
+00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....|
+00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................|
+00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 04 |................|
+00000090 00 02 08 06 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...|
+000000a0 01 00 33 00 26 00 24 00 1d 00 20 d9 cb e9 03 27 |..3.&.$... ....'|
+000000b0 59 f0 bd 7a 1f 17 88 c7 35 2b 92 0c d9 0c 0f 9a |Y..z....5+......|
+000000c0 b5 47 c7 e2 97 aa 92 04 c6 63 2d |.G.......c-|
+>>> Flow 2 (server to client)
+00000000 15 03 03 00 02 02 28 |......(|
diff --git a/src/crypto/tls/tls.go b/src/crypto/tls/tls.go
index 58c3a6b..228f4a7 100644
--- a/src/crypto/tls/tls.go
+++ b/src/crypto/tls/tls.go
@@ -75,8 +75,9 @@
// The configuration config must be non-nil and must include
// at least one certificate or else set GetCertificate.
func Listen(network, laddr string, config *Config) (net.Listener, error) {
- if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) {
- return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config")
+ if config == nil || len(config.Certificates) == 0 &&
+ config.GetCertificate == nil && config.GetConfigForClient == nil {
+ return nil, errors.New("tls: neither Certificates, GetCertificate, nor GetConfigForClient set in Config")
}
l, err := net.Listen(network, laddr)
if err != nil {
diff --git a/src/crypto/tls/tls_test.go b/src/crypto/tls/tls_test.go
index 6770d61..178b519 100644
--- a/src/crypto/tls/tls_test.go
+++ b/src/crypto/tls/tls_test.go
@@ -6,6 +6,7 @@
import (
"bytes"
+ "crypto"
"crypto/x509"
"encoding/json"
"errors"
@@ -1046,19 +1047,288 @@
func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") }
-// TestSupportedSignatureAlgorithms checks that all supportedSignatureAlgorithms
-// have valid type and hash information.
-func TestSupportedSignatureAlgorithms(t *testing.T) {
- for _, sigAlg := range supportedSignatureAlgorithms {
- sigType, hash, err := typeAndHashFromSignatureScheme(sigAlg)
- if err != nil {
- t.Errorf("%#04x: unexpected error: %v", sigAlg, err)
+func TestClientHelloInfo_SupportsCertificate(t *testing.T) {
+ rsaCert := &Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ }
+ pkcs1Cert := &Certificate{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: testRSAPrivateKey,
+ SupportedSignatureAlgorithms: []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256},
+ }
+ ecdsaCert := &Certificate{
+ // ECDSA P-256 certificate
+ Certificate: [][]byte{testP256Certificate},
+ PrivateKey: testP256PrivateKey,
+ }
+ ed25519Cert := &Certificate{
+ Certificate: [][]byte{testEd25519Certificate},
+ PrivateKey: testEd25519PrivateKey,
+ }
+
+ tests := []struct {
+ c *Certificate
+ chi *ClientHelloInfo
+ wantErr string
+ }{
+ {rsaCert, &ClientHelloInfo{
+ ServerName: "example.golang",
+ SignatureSchemes: []SignatureScheme{PSSWithSHA256},
+ SupportedVersions: []uint16{VersionTLS13},
+ }, ""},
+ {ecdsaCert, &ClientHelloInfo{
+ SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS13, VersionTLS12},
+ }, ""},
+ {rsaCert, &ClientHelloInfo{
+ ServerName: "example.com",
+ SignatureSchemes: []SignatureScheme{PSSWithSHA256},
+ SupportedVersions: []uint16{VersionTLS13},
+ }, "not valid for requested server name"},
+ {ecdsaCert, &ClientHelloInfo{
+ SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384},
+ SupportedVersions: []uint16{VersionTLS13},
+ }, "signature algorithms"},
+ {pkcs1Cert, &ClientHelloInfo{
+ SignatureSchemes: []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS13},
+ }, "signature algorithms"},
+
+ {rsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ SignatureSchemes: []SignatureScheme{PKCS1WithSHA1},
+ SupportedVersions: []uint16{VersionTLS13, VersionTLS12},
+ }, "signature algorithms"},
+ {rsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ SignatureSchemes: []SignatureScheme{PKCS1WithSHA1},
+ SupportedVersions: []uint16{VersionTLS13, VersionTLS12},
+ config: &Config{
+ MaxVersion: VersionTLS12,
+ },
+ }, ""}, // Check that mutual version selection works.
+
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, ""},
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP384AndSHA384},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, ""}, // TLS 1.2 does not restrict curves based on the SignatureScheme.
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: nil,
+ SupportedVersions: []uint16{VersionTLS12},
+ }, ""}, // TLS 1.2 comes with default signature schemes.
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, "cipher suite"},
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ config: &Config{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ },
+ }, "cipher suite"},
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP384},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, "certificate curve"},
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{1},
+ SignatureSchemes: []SignatureScheme{ECDSAWithP256AndSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, "doesn't support ECDHE"},
+ {ecdsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{PSSWithSHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, "signature algorithms"},
+
+ {ed25519Cert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{Ed25519},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, ""},
+ {ed25519Cert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{Ed25519},
+ SupportedVersions: []uint16{VersionTLS10},
+ }, "doesn't support Ed25519"},
+ {ed25519Cert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
+ SupportedCurves: []CurveID{},
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SignatureSchemes: []SignatureScheme{Ed25519},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, "doesn't support ECDHE"},
+
+ {rsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA},
+ SupportedCurves: []CurveID{CurveP256}, // only relevant for ECDHE support
+ SupportedPoints: []uint8{pointFormatUncompressed},
+ SupportedVersions: []uint16{VersionTLS10},
+ }, ""},
+ {rsaCert, &ClientHelloInfo{
+ CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256},
+ SupportedVersions: []uint16{VersionTLS12},
+ }, ""}, // static RSA fallback
+ }
+ for i, tt := range tests {
+ err := tt.chi.SupportsCertificate(tt.c)
+ switch {
+ case tt.wantErr == "" && err != nil:
+ t.Errorf("%d: unexpected error: %v", i, err)
+ case tt.wantErr != "" && err == nil:
+ t.Errorf("%d: unexpected success", i)
+ case tt.wantErr != "" && !strings.Contains(err.Error(), tt.wantErr):
+ t.Errorf("%d: got error %q, expected %q", i, err, tt.wantErr)
}
- if sigType == 0 {
- t.Errorf("%#04x: missing signature type", sigAlg)
+ }
+}
+
+func TestCipherSuites(t *testing.T) {
+ var lastID uint16
+ for _, c := range CipherSuites() {
+ if lastID > c.ID {
+ t.Errorf("CipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID)
+ } else {
+ lastID = c.ID
}
- if hash == 0 && sigAlg != Ed25519 {
- t.Errorf("%#04x: missing hash", sigAlg)
+
+ if c.Insecure {
+ t.Errorf("%#04x: Insecure CipherSuite returned by CipherSuites()", c.ID)
}
}
+ lastID = 0
+ for _, c := range InsecureCipherSuites() {
+ if lastID > c.ID {
+ t.Errorf("InsecureCipherSuites are not ordered by ID: got %#04x after %#04x", c.ID, lastID)
+ } else {
+ lastID = c.ID
+ }
+
+ if !c.Insecure {
+ t.Errorf("%#04x: not Insecure CipherSuite returned by InsecureCipherSuites()", c.ID)
+ }
+ }
+
+ cipherSuiteByID := func(id uint16) *CipherSuite {
+ for _, c := range CipherSuites() {
+ if c.ID == id {
+ return c
+ }
+ }
+ for _, c := range InsecureCipherSuites() {
+ if c.ID == id {
+ return c
+ }
+ }
+ return nil
+ }
+
+ for _, c := range cipherSuites {
+ cc := cipherSuiteByID(c.id)
+ if cc == nil {
+ t.Errorf("%#04x: no CipherSuite entry", c.id)
+ continue
+ }
+
+ if defaultOff := c.flags&suiteDefaultOff != 0; defaultOff != cc.Insecure {
+ t.Errorf("%#04x: Insecure %v, expected %v", c.id, cc.Insecure, defaultOff)
+ }
+ if tls12Only := c.flags&suiteTLS12 != 0; tls12Only && len(cc.SupportedVersions) != 1 {
+ t.Errorf("%#04x: suite is TLS 1.2 only, but SupportedVersions is %v", c.id, cc.SupportedVersions)
+ } else if !tls12Only && len(cc.SupportedVersions) != 3 {
+ t.Errorf("%#04x: suite TLS 1.0-1.2, but SupportedVersions is %v", c.id, cc.SupportedVersions)
+ }
+
+ if got := CipherSuiteName(c.id); got != cc.Name {
+ t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name)
+ }
+ }
+ for _, c := range cipherSuitesTLS13 {
+ cc := cipherSuiteByID(c.id)
+ if cc == nil {
+ t.Errorf("%#04x: no CipherSuite entry", c.id)
+ continue
+ }
+
+ if cc.Insecure {
+ t.Errorf("%#04x: Insecure %v, expected false", c.id, cc.Insecure)
+ }
+ if len(cc.SupportedVersions) != 1 || cc.SupportedVersions[0] != VersionTLS13 {
+ t.Errorf("%#04x: suite is TLS 1.3 only, but SupportedVersions is %v", c.id, cc.SupportedVersions)
+ }
+
+ if got := CipherSuiteName(c.id); got != cc.Name {
+ t.Errorf("%#04x: unexpected CipherSuiteName: got %q, expected %q", c.id, got, cc.Name)
+ }
+ }
+
+ if got := CipherSuiteName(0xabc); got != "0x0ABC" {
+ t.Errorf("unexpected fallback CipherSuiteName: got %q, expected 0x0ABC", got)
+ }
+}
+
+type brokenSigner struct{ crypto.Signer }
+
+func (s brokenSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+ // Replace opts with opts.HashFunc(), so rsa.PSSOptions are discarded.
+ return s.Signer.Sign(rand, digest, opts.HashFunc())
+}
+
+// TestPKCS1OnlyCert uses a client certificate with a broken crypto.Signer that
+// always makes PKCS#1 v1.5 signatures, so can't be used with RSA-PSS.
+func TestPKCS1OnlyCert(t *testing.T) {
+ clientConfig := testConfig.Clone()
+ clientConfig.Certificates = []Certificate{{
+ Certificate: [][]byte{testRSACertificate},
+ PrivateKey: brokenSigner{testRSAPrivateKey},
+ }}
+ serverConfig := testConfig.Clone()
+ serverConfig.MaxVersion = VersionTLS12 // TLS 1.3 doesn't support PKCS#1 v1.5
+ serverConfig.ClientAuth = RequireAnyClientCert
+
+ // If RSA-PSS is selected, the handshake should fail.
+ if _, _, err := testHandshake(t, clientConfig, serverConfig); err == nil {
+ t.Fatal("expected broken certificate to cause connection to fail")
+ }
+
+ clientConfig.Certificates[0].SupportedSignatureAlgorithms =
+ []SignatureScheme{PKCS1WithSHA1, PKCS1WithSHA256}
+
+ // But if the certificate restricts supported algorithms, RSA-PSS should not
+ // be selected, and the handshake should succeed.
+ if _, _, err := testHandshake(t, clientConfig, serverConfig); err != nil {
+ t.Error(err)
+ }
}
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index cc382e5..013f1c9 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -2256,12 +2256,15 @@
return
}
- h := hashFunc.New()
- h.Write(tbsCertListContents)
- digest := h.Sum(nil)
+ signed := tbsCertListContents
+ if hashFunc != 0 {
+ h := hashFunc.New()
+ h.Write(signed)
+ signed = h.Sum(nil)
+ }
var signature []byte
- signature, err = key.Sign(rand, digest, hashFunc)
+ signature, err = key.Sign(rand, signed, hashFunc)
if err != nil {
return
}
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index d5b168e..9e15b8a 100644
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -1193,11 +1193,77 @@
EhLrEqU=
-----END CERTIFICATE-----`
+const ed25519CRLCertificate = `
+Certificate:
+Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 7a:07:a0:9d:14:04:16:fc:1f:d8:e5:fe:d1:1d:1f:8d
+ Signature Algorithm: ED25519
+ Issuer: CN = Ed25519 CRL Test CA
+ Validity
+ Not Before: Oct 30 01:20:20 2019 GMT
+ Not After : Dec 31 23:59:59 9999 GMT
+ Subject: CN = Ed25519 CRL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: ED25519
+ ED25519 Public-Key:
+ pub:
+ 95:73:3b:b0:06:2a:31:5a:b6:a7:a6:6e:ef:71:df:
+ ac:6f:6b:39:03:85:5e:63:4b:f8:a6:0f:68:c6:6f:
+ 75:21
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication, OCSP Signing
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B7:17:DA:16:EA:C5:ED:1F:18:49:44:D3:D2:E3:A0:35:0A:81:93:60
+ X509v3 Authority Key Identifier:
+ keyid:B7:17:DA:16:EA:C5:ED:1F:18:49:44:D3:D2:E3:A0:35:0A:81:93:60
+
+Signature Algorithm: ED25519
+ fc:3e:14:ea:bb:70:c2:6f:38:34:70:bc:c8:a7:f4:7c:0d:1e:
+ 28:d7:2a:9f:22:8a:45:e8:02:76:84:1e:2d:64:2d:1e:09:b5:
+ 29:71:1f:95:8a:4e:79:87:51:60:9a:e7:86:40:f6:60:c7:d1:
+ ee:68:76:17:1d:90:cc:92:93:07
+-----BEGIN CERTIFICATE-----
+MIIBijCCATygAwIBAgIQegegnRQEFvwf2OX+0R0fjTAFBgMrZXAwHjEcMBoGA1UE
+AxMTRWQyNTUxOSBDUkwgVGVzdCBDQTAgFw0xOTEwMzAwMTIwMjBaGA85OTk5MTIz
+MTIzNTk1OVowHjEcMBoGA1UEAxMTRWQyNTUxOSBDUkwgVGVzdCBDQTAqMAUGAytl
+cAMhAJVzO7AGKjFatqembu9x36xvazkDhV5jS/imD2jGb3Uho4GNMIGKMA4GA1Ud
+DwEB/wQEAwIBhjAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwEGCCsGAQUF
+BwMJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLcX2hbqxe0fGElE09LjoDUK
+gZNgMB8GA1UdIwQYMBaAFLcX2hbqxe0fGElE09LjoDUKgZNgMAUGAytlcANBAPw+
+FOq7cMJvODRwvMin9HwNHijXKp8iikXoAnaEHi1kLR4JtSlxH5WKTnmHUWCa54ZA
+9mDH0e5odhcdkMySkwc=
+-----END CERTIFICATE-----`
+
+const ed25519CRLKey = `-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEINdKh2096vUBYu4EIFpjShsUSh3vimKya1sQ1YTT4RZG
+-----END PRIVATE KEY-----`
+
func TestCRLCreation(t *testing.T) {
block, _ := pem.Decode([]byte(pemPrivateKey))
- priv, _ := ParsePKCS1PrivateKey(block.Bytes)
+ privRSA, _ := ParsePKCS1PrivateKey(block.Bytes)
block, _ = pem.Decode([]byte(pemCertificate))
- cert, _ := ParseCertificate(block.Bytes)
+ certRSA, _ := ParseCertificate(block.Bytes)
+
+ block, _ = pem.Decode([]byte(ed25519CRLKey))
+ privEd25519, _ := ParsePKCS8PrivateKey(block.Bytes)
+ block, _ = pem.Decode([]byte(ed25519CRLCertificate))
+ certEd25519, _ := ParseCertificate(block.Bytes)
+
+ tests := []struct {
+ name string
+ priv interface{}
+ cert *Certificate
+ }{
+ {"RSA CA", privRSA, certRSA},
+ {"Ed25519 CA", privEd25519, certEd25519},
+ }
loc := time.FixedZone("Oz/Atlantis", int((2 * time.Hour).Seconds()))
@@ -1227,18 +1293,20 @@
},
}
- crlBytes, err := cert.CreateCRL(rand.Reader, priv, revokedCerts, now, expiry)
- if err != nil {
- t.Errorf("error creating CRL: %s", err)
- }
+ for _, test := range tests {
+ crlBytes, err := test.cert.CreateCRL(rand.Reader, test.priv, revokedCerts, now, expiry)
+ if err != nil {
+ t.Errorf("%s: error creating CRL: %s", test.name, err)
+ }
- parsedCRL, err := ParseDERCRL(crlBytes)
- if err != nil {
- t.Errorf("error reparsing CRL: %s", err)
- }
- if !reflect.DeepEqual(parsedCRL.TBSCertList.RevokedCertificates, expectedCerts) {
- t.Errorf("RevokedCertificates mismatch: got %v; want %v.",
- parsedCRL.TBSCertList.RevokedCertificates, expectedCerts)
+ parsedCRL, err := ParseDERCRL(crlBytes)
+ if err != nil {
+ t.Errorf("%s: error reparsing CRL: %s", test.name, err)
+ }
+ if !reflect.DeepEqual(parsedCRL.TBSCertList.RevokedCertificates, expectedCerts) {
+ t.Errorf("%s: RevokedCertificates mismatch: got %v; want %v.", test.name,
+ parsedCRL.TBSCertList.RevokedCertificates, expectedCerts)
+ }
}
}
diff --git a/src/debug/elf/file_test.go b/src/debug/elf/file_test.go
index 42e575e..b13d13e 100644
--- a/src/debug/elf/file_test.go
+++ b/src/debug/elf/file_test.go
@@ -818,6 +818,6 @@
"0000")
_, err := NewFile(bytes.NewReader(data))
if err == nil {
- t.Fatalf("opening invalid ELF file unexpectedly suceeded")
+ t.Fatalf("opening invalid ELF file unexpectedly succeeded")
}
}
diff --git a/src/debug/pe/file.go b/src/debug/pe/file.go
index 14ad245..7d763ff 100644
--- a/src/debug/pe/file.go
+++ b/src/debug/pe/file.go
@@ -475,7 +475,7 @@
var (
oh32 OptionalHeader32
// There can be 0 or more data directories. So the minimum size of optional
- // header is calculated by substracting oh32.DataDirectory size from oh32 size.
+ // header is calculated by subtracting oh32.DataDirectory size from oh32 size.
oh32MinSz = binary.Size(oh32) - binary.Size(oh32.DataDirectory)
)
@@ -529,7 +529,7 @@
var (
oh64 OptionalHeader64
// There can be 0 or more data directories. So the minimum size of optional
- // header is calculated by substracting oh64.DataDirectory size from oh64 size.
+ // header is calculated by subtracting oh64.DataDirectory size from oh64 size.
oh64MinSz = binary.Size(oh64) - binary.Size(oh64.DataDirectory)
)
diff --git a/src/encoding/json/encode.go b/src/encoding/json/encode.go
index b81e505..39cdaeb 100644
--- a/src/encoding/json/encode.go
+++ b/src/encoding/json/encode.go
@@ -153,7 +153,7 @@
//
// JSON cannot represent cyclic data structures and Marshal does not
// handle them. Passing cyclic structures to Marshal will result in
-// an infinite recursion.
+// an error.
//
func Marshal(v interface{}) ([]byte, error) {
e := newEncodeState()
@@ -285,17 +285,31 @@
type encodeState struct {
bytes.Buffer // accumulated output
scratch [64]byte
+
+ // Keep track of what pointers we've seen in the current recursive call
+ // path, to avoid cycles that could lead to a stack overflow. Only do
+ // the relatively expensive map operations if ptrLevel is larger than
+ // startDetectingCyclesAfter, so that we skip the work if we're within a
+ // reasonable amount of nested pointers deep.
+ ptrLevel uint
+ ptrSeen map[interface{}]struct{}
}
+const startDetectingCyclesAfter = 1000
+
var encodeStatePool sync.Pool
func newEncodeState() *encodeState {
if v := encodeStatePool.Get(); v != nil {
e := v.(*encodeState)
e.Reset()
+ if len(e.ptrSeen) > 0 {
+ panic("ptrEncoder.encode should have emptied ptrSeen via defers")
+ }
+ e.ptrLevel = 0
return e
}
- return new(encodeState)
+ return &encodeState{ptrSeen: make(map[interface{}]struct{})}
}
// jsonError is an error wrapper type for internal use only.
@@ -887,7 +901,18 @@
e.WriteString("null")
return
}
+ if e.ptrLevel++; e.ptrLevel > startDetectingCyclesAfter {
+ // We're a large number of nested ptrEncoder.encode calls deep;
+ // start checking if we've run into a pointer cycle.
+ ptr := v.Interface()
+ if _, ok := e.ptrSeen[ptr]; ok {
+ e.error(&UnsupportedValueError{v, fmt.Sprintf("encountered a cycle via %s", v.Type())})
+ }
+ e.ptrSeen[ptr] = struct{}{}
+ defer delete(e.ptrSeen, ptr)
+ }
pe.elemEnc(e, v.Elem(), opts)
+ e.ptrLevel--
}
func newPtrEncoder(t reflect.Type) encoderFunc {
diff --git a/src/encoding/json/encode_test.go b/src/encoding/json/encode_test.go
index 40f16d8..5110c7d 100644
--- a/src/encoding/json/encode_test.go
+++ b/src/encoding/json/encode_test.go
@@ -138,10 +138,45 @@
}
}
+type SamePointerNoCycle struct {
+ Ptr1, Ptr2 *SamePointerNoCycle
+}
+
+var samePointerNoCycle = &SamePointerNoCycle{}
+
+type PointerCycle struct {
+ Ptr *PointerCycle
+}
+
+var pointerCycle = &PointerCycle{}
+
+type PointerCycleIndirect struct {
+ Ptrs []interface{}
+}
+
+var pointerCycleIndirect = &PointerCycleIndirect{}
+
+func init() {
+ ptr := &SamePointerNoCycle{}
+ samePointerNoCycle.Ptr1 = ptr
+ samePointerNoCycle.Ptr2 = ptr
+
+ pointerCycle.Ptr = pointerCycle
+ pointerCycleIndirect.Ptrs = []interface{}{pointerCycleIndirect}
+}
+
+func TestSamePointerNoCycle(t *testing.T) {
+ if _, err := Marshal(samePointerNoCycle); err != nil {
+ t.Fatalf("unexpected error: %v", err)
+ }
+}
+
var unsupportedValues = []interface{}{
math.NaN(),
math.Inf(-1),
math.Inf(1),
+ pointerCycle,
+ pointerCycleIndirect,
}
func TestUnsupportedValues(t *testing.T) {
diff --git a/src/flag/flag.go b/src/flag/flag.go
index 9fed4d8..6a51617 100644
--- a/src/flag/flag.go
+++ b/src/flag/flag.go
@@ -314,6 +314,9 @@
// A FlagSet represents a set of defined flags. The zero value of a FlagSet
// has no name and has ContinueOnError error handling.
+//
+// Flag names must be unique within a FlagSet. An attempt to define a flag whose
+// name is already in use will cause a panic.
type FlagSet struct {
// Usage is the function called when an error occurs while parsing flags.
// The field is a function (not a method) that may be changed to point to
diff --git a/src/go.mod b/src/go.mod
index de1cca8..bfc7ae2 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -3,7 +3,7 @@
go 1.14
require (
- golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
+ golang.org/x/crypto v0.0.0-20191111213947-16651526fdb4
golang.org/x/net v0.0.0-20191105084925-a882066a44e0
golang.org/x/sys v0.0.0-20190529130038-5219a1e1c5f8 // indirect
golang.org/x/text v0.3.3-0.20191031172631-4b67af870c6f // indirect
diff --git a/src/go.sum b/src/go.sum
index 449aca2..a71e1d2 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,6 +1,6 @@
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU=
-golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191111213947-16651526fdb4 h1:AGVXd+IAyeAb3FuQvYDYQ9+WR2JHm0+C0oYJaU1C4rs=
+golang.org/x/crypto v0.0.0-20191111213947-16651526fdb4/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20191105084925-a882066a44e0 h1:QPlSTtPE2k6PZPasQUbzuK3p9JbS+vMXYVto8g/yrsg=
golang.org/x/net v0.0.0-20191105084925-a882066a44e0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
diff --git a/src/go/doc/comment.go b/src/go/doc/comment.go
index 88be45b..da33f21 100644
--- a/src/go/doc/comment.go
+++ b/src/go/doc/comment.go
@@ -300,6 +300,9 @@
// in the words map, the link is taken from the map (if the corresponding map
// value is the empty string, the URL is not converted into a link).
//
+// A pair of (consecutive) backticks (`) is converted to a unicode left quote (“), and a pair of (consecutive)
+// single quotes (') is converted to a unicode right quote (”).
+//
// Go identifiers that appear in the words map are italicized; if the corresponding
// map value is not the empty string, it is considered a URL and the word is converted
// into a link.
@@ -417,6 +420,9 @@
// It wraps paragraphs of text to width or fewer Unicode code points
// and then prefixes each line with the indent. In preformatted sections
// (such as program text), it prefixes each non-blank line with preIndent.
+//
+// A pair of (consecutive) backticks (`) is converted to a unicode left quote (“), and a pair of (consecutive)
+// single quotes (') is converted to a unicode right quote (”).
func ToText(w io.Writer, text string, indent, preIndent string, width int) {
l := lineWrapper{
out: w,
diff --git a/src/go/doc/doc.go b/src/go/doc/doc.go
index d0d4d32..0e50af0 100644
--- a/src/go/doc/doc.go
+++ b/src/go/doc/doc.go
@@ -6,8 +6,10 @@
package doc
import (
+ "fmt"
"go/ast"
"go/token"
+ "strings"
)
// Package is the documentation for an entire package.
@@ -28,6 +30,11 @@
Types []*Type
Vars []*Value
Funcs []*Func
+
+ // Examples is a sorted list of examples associated with
+ // the package. Examples are extracted from _test.go files
+ // provided to NewFromFiles.
+ Examples []*Example
}
// Value is the documentation for a (possibly grouped) var or const declaration.
@@ -50,6 +57,11 @@
Vars []*Value // sorted list of variables of (mostly) this type
Funcs []*Func // sorted list of functions returning this type
Methods []*Func // sorted list of methods (including embedded ones) of this type
+
+ // Examples is a sorted list of examples associated with
+ // this type. Examples are extracted from _test.go files
+ // provided to NewFromFiles.
+ Examples []*Example
}
// Func is the documentation for a func declaration.
@@ -63,6 +75,11 @@
Recv string // actual receiver "T" or "*T"
Orig string // original receiver "T" or "*T"
Level int // embedding level; 0 means not embedded
+
+ // Examples is a sorted list of examples associated with this
+ // function or method. Examples are extracted from _test.go files
+ // provided to NewFromFiles.
+ Examples []*Example
}
// A Note represents a marked comment starting with "MARKER(uid): note body".
@@ -75,7 +92,7 @@
Body string // note body text
}
-// Mode values control the operation of New.
+// Mode values control the operation of New and NewFromFiles.
type Mode int
const (
@@ -95,6 +112,8 @@
// New computes the package documentation for the given package AST.
// New takes ownership of the AST pkg and may edit or overwrite it.
+// To have the Examples fields populated, use NewFromFiles and include
+// the package's _test.go files.
//
func New(pkg *ast.Package, importPath string, mode Mode) *Package {
var r reader
@@ -115,3 +134,86 @@
Funcs: sortedFuncs(r.funcs, true),
}
}
+
+// NewFromFiles computes documentation for a package.
+//
+// The package is specified by a list of *ast.Files and corresponding
+// file set, which must not be nil. NewFromFiles does not skip files
+// based on build constraints, so it is the caller's responsibility to
+// provide only the files that are matched by the build context.
+// The import path of the package is specified by importPath.
+//
+// Examples found in _test.go files are associated with the corresponding
+// type, function, method, or the package, based on their name.
+// If the example has a suffix in its name, it is set in the
+// Example.Suffix field. Examples with malformed names are skipped.
+//
+// Optionally, a single extra argument of type Mode can be provided to
+// control low-level aspects of the documentation extraction behavior.
+//
+// NewFromFiles takes ownership of the AST files and may edit them,
+// unless the PreserveAST Mode bit is on.
+//
+func NewFromFiles(fset *token.FileSet, files []*ast.File, importPath string, opts ...interface{}) (*Package, error) {
+ // Check for invalid API usage.
+ if fset == nil {
+ panic(fmt.Errorf("doc.NewFromFiles: no token.FileSet provided (fset == nil)"))
+ }
+ var mode Mode
+ switch len(opts) { // There can only be 0 or 1 options, so a simple switch works for now.
+ case 0:
+ // Nothing to do.
+ case 1:
+ m, ok := opts[0].(Mode)
+ if !ok {
+ panic(fmt.Errorf("doc.NewFromFiles: option argument type must be doc.Mode"))
+ }
+ mode = m
+ default:
+ panic(fmt.Errorf("doc.NewFromFiles: there must not be more than 1 option argument"))
+ }
+
+ // Collect .go and _test.go files.
+ var (
+ goFiles = make(map[string]*ast.File)
+ testGoFiles []*ast.File
+ )
+ for i := range files {
+ f := fset.File(files[i].Pos())
+ if f == nil {
+ return nil, fmt.Errorf("file files[%d] is not found in the provided file set", i)
+ }
+ switch name := f.Name(); {
+ case strings.HasSuffix(name, ".go") && !strings.HasSuffix(name, "_test.go"):
+ goFiles[name] = files[i]
+ case strings.HasSuffix(name, "_test.go"):
+ testGoFiles = append(testGoFiles, files[i])
+ default:
+ return nil, fmt.Errorf("file files[%d] filename %q does not have a .go extension", i, name)
+ }
+ }
+
+ // TODO(dmitshur,gri): A relatively high level call to ast.NewPackage with a simpleImporter
+ // ast.Importer implementation is made below. It might be possible to short-circuit and simplify.
+
+ // Compute package documentation.
+ pkg, _ := ast.NewPackage(fset, goFiles, simpleImporter, nil) // Ignore errors that can happen due to unresolved identifiers.
+ p := New(pkg, importPath, mode)
+ classifyExamples(p, Examples(testGoFiles...))
+ return p, nil
+}
+
+// simpleImporter returns a (dummy) package object named by the last path
+// component of the provided package path (as is the convention for packages).
+// This is sufficient to resolve package identifiers without doing an actual
+// import. It never returns an error.
+func simpleImporter(imports map[string]*ast.Object, path string) (*ast.Object, error) {
+ pkg := imports[path]
+ if pkg == nil {
+ // note that strings.LastIndex returns -1 if there is no "/"
+ pkg = ast.NewObj(ast.Pkg, path[strings.LastIndex(path, "/")+1:])
+ pkg.Data = ast.NewScope(nil) // required by ast.NewPackage for dot-import
+ imports[path] = pkg
+ }
+ return pkg, nil
+}
diff --git a/src/go/doc/doc_test.go b/src/go/doc/doc_test.go
index 0b2d2b6..f1e612c 100644
--- a/src/go/doc/doc_test.go
+++ b/src/go/doc/doc_test.go
@@ -8,6 +8,7 @@
"bytes"
"flag"
"fmt"
+ "go/ast"
"go/parser"
"go/printer"
"go/token"
@@ -99,8 +100,16 @@
// test packages
for _, pkg := range pkgs {
- importpath := dataDir + "/" + pkg.Name
- doc := New(pkg, importpath, mode)
+ importPath := dataDir + "/" + pkg.Name
+ var files []*ast.File
+ for _, f := range pkg.Files {
+ files = append(files, f)
+ }
+ doc, err := NewFromFiles(fset, files, importPath, mode)
+ if err != nil {
+ t.Error(err)
+ continue
+ }
// golden files always use / in filenames - canonicalize them
for i, filename := range doc.Filenames {
diff --git a/src/go/doc/example.go b/src/go/doc/example.go
index 7d1a570..f337f2c 100644
--- a/src/go/doc/example.go
+++ b/src/go/doc/example.go
@@ -18,9 +18,10 @@
"unicode/utf8"
)
-// An Example represents an example function found in a source files.
+// An Example represents an example function found in a test source file.
type Example struct {
- Name string // name of the item being exemplified
+ Name string // name of the item being exemplified (including optional suffix)
+ Suffix string // example suffix, without leading '_' (only populated by NewFromFiles)
Doc string // example function doc string
Code ast.Node
Play *ast.File // a whole program version of the example
@@ -31,8 +32,10 @@
Order int // original source code order
}
-// Examples returns the examples found in the files, sorted by Name field.
+// Examples returns the examples found in testFiles, sorted by Name field.
// The Order fields record the order in which the examples were encountered.
+// The Suffix field is not populated when Examples is called directly, it is
+// only populated by NewFromFiles for examples it finds in _test.go files.
//
// Playable Examples must be in a package whose name ends in "_test".
// An Example is "playable" (the Play field is non-nil) in either of these
@@ -44,9 +47,9 @@
// example function, zero test or benchmark functions, and at least one
// top-level function, type, variable, or constant declaration other
// than the example function.
-func Examples(files ...*ast.File) []*Example {
+func Examples(testFiles ...*ast.File) []*Example {
var list []*Example
- for _, file := range files {
+ for _, file := range testFiles {
hasTests := false // file contains tests or benchmarks
numDecl := 0 // number of non-import declarations in the file
var flist []*Example
@@ -441,3 +444,101 @@
}
return
}
+
+// classifyExamples classifies examples and assigns them to the Examples field
+// of the relevant Func, Type, or Package that the example is associated with.
+//
+// The classification process is ambiguous in some cases:
+//
+// - ExampleFoo_Bar matches a type named Foo_Bar
+// or a method named Foo.Bar.
+// - ExampleFoo_bar matches a type named Foo_bar
+// or Foo (with a "bar" suffix).
+//
+// Examples with malformed names are not associated with anything.
+//
+func classifyExamples(p *Package, examples []*Example) {
+ if len(examples) == 0 {
+ return
+ }
+
+ // Mapping of names for funcs, types, and methods to the example listing.
+ ids := make(map[string]*[]*Example)
+ ids[""] = &p.Examples // package-level examples have an empty name
+ for _, f := range p.Funcs {
+ if !token.IsExported(f.Name) {
+ continue
+ }
+ ids[f.Name] = &f.Examples
+ }
+ for _, t := range p.Types {
+ if !token.IsExported(t.Name) {
+ continue
+ }
+ ids[t.Name] = &t.Examples
+ for _, f := range t.Funcs {
+ if !token.IsExported(f.Name) {
+ continue
+ }
+ ids[f.Name] = &f.Examples
+ }
+ for _, m := range t.Methods {
+ if !token.IsExported(m.Name) || m.Level != 0 { // avoid forwarded methods from embedding
+ continue
+ }
+ ids[strings.TrimPrefix(m.Recv, "*")+"_"+m.Name] = &m.Examples
+ }
+ }
+
+ // Group each example with the associated func, type, or method.
+ for _, ex := range examples {
+ // Consider all possible split points for the suffix
+ // by starting at the end of string (no suffix case),
+ // then trying all positions that contain a '_' character.
+ //
+ // An association is made on the first successful match.
+ // Examples with malformed names that match nothing are skipped.
+ for i := len(ex.Name); i >= 0; i = strings.LastIndexByte(ex.Name[:i], '_') {
+ prefix, suffix, ok := splitExampleName(ex.Name, i)
+ if !ok {
+ continue
+ }
+ exs, ok := ids[prefix]
+ if !ok {
+ continue
+ }
+ ex.Suffix = suffix
+ *exs = append(*exs, ex)
+ break
+ }
+ }
+
+ // Sort list of example according to the user-specified suffix name.
+ for _, exs := range ids {
+ sort.Slice((*exs), func(i, j int) bool {
+ return (*exs)[i].Suffix < (*exs)[j].Suffix
+ })
+ }
+}
+
+// splitExampleName attempts to split example name s at index i,
+// and reports if that produces a valid split. The suffix may be
+// absent. Otherwise, it must start with a lower-case letter and
+// be preceded by '_'.
+//
+// One of i == len(s) or s[i] == '_' must be true.
+func splitExampleName(s string, i int) (prefix, suffix string, ok bool) {
+ if i == len(s) {
+ return s, "", true
+ }
+ if i == len(s)-1 {
+ return "", "", false
+ }
+ prefix, suffix = s[:i], s[i+1:]
+ return prefix, suffix, isExampleSuffix(suffix)
+}
+
+func isExampleSuffix(s string) bool {
+ r, size := utf8.DecodeRuneInString(s)
+ return size > 0 && unicode.IsLower(r)
+}
diff --git a/src/go/doc/example_test.go b/src/go/doc/example_test.go
index 74fd106..cd2f469 100644
--- a/src/go/doc/example_test.go
+++ b/src/go/doc/example_test.go
@@ -6,11 +6,13 @@
import (
"bytes"
+ "fmt"
"go/ast"
"go/doc"
"go/format"
"go/parser"
"go/token"
+ "reflect"
"strings"
"testing"
)
@@ -458,3 +460,212 @@
}
return buf.String()
}
+
+// This example illustrates how to use NewFromFiles
+// to compute package documentation with examples.
+func ExampleNewFromFiles() {
+ // src and test are two source files that make up
+ // a package whose documentation will be computed.
+ const src = `
+// This is the package comment.
+package p
+
+import "fmt"
+
+// This comment is associated with the Greet function.
+func Greet(who string) {
+ fmt.Printf("Hello, %s!\n", who)
+}
+`
+ const test = `
+package p_test
+
+// This comment is associated with the ExampleGreet_world example.
+func ExampleGreet_world() {
+ Greet("world")
+}
+`
+
+ // Create the AST by parsing src and test.
+ fset := token.NewFileSet()
+ files := []*ast.File{
+ mustParse(fset, "src.go", src),
+ mustParse(fset, "src_test.go", test),
+ }
+
+ // Compute package documentation with examples.
+ p, err := doc.NewFromFiles(fset, files, "example.com/p")
+ if err != nil {
+ panic(err)
+ }
+
+ fmt.Printf("package %s - %s", p.Name, p.Doc)
+ fmt.Printf("func %s - %s", p.Funcs[0].Name, p.Funcs[0].Doc)
+ fmt.Printf(" ⤷ example with suffix %q - %s", p.Funcs[0].Examples[0].Suffix, p.Funcs[0].Examples[0].Doc)
+
+ // Output:
+ // package p - This is the package comment.
+ // func Greet - This comment is associated with the Greet function.
+ // ⤷ example with suffix "world" - This comment is associated with the ExampleGreet_world example.
+}
+
+func TestClassifyExamples(t *testing.T) {
+ const src = `
+package p
+
+const Const1 = 0
+var Var1 = 0
+
+type (
+ Type1 int
+ Type1_Foo int
+ Type1_foo int
+ type2 int
+
+ Embed struct { Type1 }
+)
+
+func Func1() {}
+func Func1_Foo() {}
+func Func1_foo() {}
+func func2() {}
+
+func (Type1) Func1() {}
+func (Type1) Func1_Foo() {}
+func (Type1) Func1_foo() {}
+func (Type1) func2() {}
+
+type (
+ Conflict int
+ Conflict_Conflict int
+ Conflict_conflict int
+)
+
+func (Conflict) Conflict() {}
+`
+ const test = `
+package p_test
+
+func ExampleConst1() {} // invalid - no support for consts and vars
+func ExampleVar1() {} // invalid - no support for consts and vars
+
+func Example() {}
+func Example_() {} // invalid - suffix must start with a lower-case letter
+func Example_suffix() {}
+func Example_suffix_xX_X_x() {}
+func Example_世界() {} // invalid - suffix must start with a lower-case letter
+func Example_123() {} // invalid - suffix must start with a lower-case letter
+func Example_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+
+func ExampleType1() {}
+func ExampleType1_() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_suffix() {}
+func ExampleType1_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_Foo() {}
+func ExampleType1_Foo_suffix() {}
+func ExampleType1_Foo_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_foo() {}
+func ExampleType1_foo_suffix() {}
+func ExampleType1_foo_Suffix() {} // matches Type1, instead of Type1_foo
+func Exampletype2() {} // invalid - cannot match unexported
+
+func ExampleFunc1() {}
+func ExampleFunc1_() {} // invalid - suffix must start with a lower-case letter
+func ExampleFunc1_suffix() {}
+func ExampleFunc1_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleFunc1_Foo() {}
+func ExampleFunc1_Foo_suffix() {}
+func ExampleFunc1_Foo_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleFunc1_foo() {}
+func ExampleFunc1_foo_suffix() {}
+func ExampleFunc1_foo_Suffix() {} // matches Func1, instead of Func1_foo
+func Examplefunc1() {} // invalid - cannot match unexported
+
+func ExampleType1_Func1() {}
+func ExampleType1_Func1_() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_Func1_suffix() {}
+func ExampleType1_Func1_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_Func1_Foo() {}
+func ExampleType1_Func1_Foo_suffix() {}
+func ExampleType1_Func1_Foo_BadSuffix() {} // invalid - suffix must start with a lower-case letter
+func ExampleType1_Func1_foo() {}
+func ExampleType1_Func1_foo_suffix() {}
+func ExampleType1_Func1_foo_Suffix() {} // matches Type1.Func1, instead of Type1.Func1_foo
+func ExampleType1_func2() {} // matches Type1, instead of Type1.func2
+
+func ExampleEmbed_Func1() {} // invalid - no support for forwarded methods from embedding
+
+func ExampleConflict_Conflict() {} // ambiguous with either Conflict or Conflict_Conflict type
+func ExampleConflict_conflict() {} // ambiguous with either Conflict or Conflict_conflict type
+func ExampleConflict_Conflict_suffix() {} // ambiguous with either Conflict or Conflict_Conflict type
+func ExampleConflict_conflict_suffix() {} // ambiguous with either Conflict or Conflict_conflict type
+`
+
+ // Parse literal source code as a *doc.Package.
+ fset := token.NewFileSet()
+ files := []*ast.File{
+ mustParse(fset, "src.go", src),
+ mustParse(fset, "src_test.go", test),
+ }
+ p, err := doc.NewFromFiles(fset, files, "example.com/p")
+ if err != nil {
+ t.Fatalf("doc.NewFromFiles: %v", err)
+ }
+
+ // Collect the association of examples to top-level identifiers.
+ got := map[string][]string{}
+ got[""] = exampleNames(p.Examples)
+ for _, f := range p.Funcs {
+ got[f.Name] = exampleNames(f.Examples)
+ }
+ for _, t := range p.Types {
+ got[t.Name] = exampleNames(t.Examples)
+ for _, f := range t.Funcs {
+ got[f.Name] = exampleNames(f.Examples)
+ }
+ for _, m := range t.Methods {
+ got[t.Name+"."+m.Name] = exampleNames(m.Examples)
+ }
+ }
+
+ want := map[string][]string{
+ "": {"", "suffix", "suffix_xX_X_x"}, // Package-level examples.
+
+ "Type1": {"", "foo_Suffix", "func2", "suffix"},
+ "Type1_Foo": {"", "suffix"},
+ "Type1_foo": {"", "suffix"},
+
+ "Func1": {"", "foo_Suffix", "suffix"},
+ "Func1_Foo": {"", "suffix"},
+ "Func1_foo": {"", "suffix"},
+
+ "Type1.Func1": {"", "foo_Suffix", "suffix"},
+ "Type1.Func1_Foo": {"", "suffix"},
+ "Type1.Func1_foo": {"", "suffix"},
+
+ // These are implementation dependent due to the ambiguous parsing.
+ "Conflict_Conflict": {"", "suffix"},
+ "Conflict_conflict": {"", "suffix"},
+ }
+
+ for id := range got {
+ if !reflect.DeepEqual(got[id], want[id]) {
+ t.Errorf("classification mismatch for %q:\ngot %q\nwant %q", id, got[id], want[id])
+ }
+ }
+}
+
+func exampleNames(exs []*doc.Example) (out []string) {
+ for _, ex := range exs {
+ out = append(out, ex.Suffix)
+ }
+ return out
+}
+
+func mustParse(fset *token.FileSet, filename, src string) *ast.File {
+ f, err := parser.ParseFile(fset, filename, src, parser.ParseComments)
+ if err != nil {
+ panic(err)
+ }
+ return f
+}
diff --git a/src/go/doc/testdata/bugpara.go b/src/go/doc/testdata/bugpara.go
index f5345a7..0360a6f 100644
--- a/src/go/doc/testdata/bugpara.go
+++ b/src/go/doc/testdata/bugpara.go
@@ -1,3 +1,7 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
package bugpara
// BUG(rsc): Sometimes bugs have multiple paragraphs.
diff --git a/src/internal/bytealg/count_s390x.s b/src/internal/bytealg/count_s390x.s
index e2d90e7..2a3b5c0 100644
--- a/src/internal/bytealg/count_s390x.s
+++ b/src/internal/bytealg/count_s390x.s
@@ -95,7 +95,7 @@
vxchunks:
// Load 0x01 into every byte element in the 16-byte mask vector.
VREPIB $1, V_MASK // V_MASK = [16]byte{1, 1, ..., 1, 1}
- VZERO V_CNT // intial uint128 count of 0
+ VZERO V_CNT // initial uint128 count of 0
vxloop:
// Load input bytes in 16-byte chunks.
diff --git a/src/internal/bytealg/equal_riscv64.s b/src/internal/bytealg/equal_riscv64.s
new file mode 100644
index 0000000..22cb4fa
--- /dev/null
+++ b/src/internal/bytealg/equal_riscv64.s
@@ -0,0 +1,49 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "go_asm.h"
+#include "textflag.h"
+
+#define CTXT S4
+
+// func memequal(a, b unsafe.Pointer, size uintptr) bool
+TEXT runtime·memequal(SB),NOSPLIT|NOFRAME,$0-25
+ MOV a+0(FP), A1
+ MOV b+8(FP), A2
+ BEQ A1, A2, eq
+ MOV size+16(FP), A3
+ ADD A1, A3, A4
+loop:
+ BEQ A1, A4, eq
+
+ MOVBU (A1), A6
+ ADD $1, A1
+ MOVBU (A2), A7
+ ADD $1, A2
+ BEQ A6, A7, loop
+
+ MOVB ZERO, ret+24(FP)
+ RET
+eq:
+ MOV $1, A1
+ MOVB A1, ret+24(FP)
+ RET
+
+// func memequal_varlen(a, b unsafe.Pointer) bool
+TEXT runtime·memequal_varlen(SB),NOSPLIT,$40-17
+ MOV a+0(FP), A1
+ MOV b+8(FP), A2
+ BEQ A1, A2, eq
+ MOV 8(CTXT), A3 // compiler stores size at offset 8 in the closure
+ MOV A1, 8(X2)
+ MOV A2, 16(X2)
+ MOV A3, 24(X2)
+ CALL runtime·memequal(SB)
+ MOVBU 32(X2), A1
+ MOVB A1, ret+16(FP)
+ RET
+eq:
+ MOV $1, A1
+ MOVB A1, ret+16(FP)
+ RET
diff --git a/src/internal/bytealg/indexbyte_generic.go b/src/internal/bytealg/indexbyte_generic.go
index fce1b0f..0b012a8 100644
--- a/src/internal/bytealg/indexbyte_generic.go
+++ b/src/internal/bytealg/indexbyte_generic.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build !386,!amd64,!s390x,!arm,!arm64,!ppc64,!ppc64le,!mips,!mipsle,!mips64,!mips64le,!wasm
+// +build !386,!amd64,!s390x,!arm,!arm64,!ppc64,!ppc64le,!mips,!mipsle,!mips64,!mips64le,!riscv64,!wasm
package bytealg
diff --git a/src/internal/bytealg/indexbyte_native.go b/src/internal/bytealg/indexbyte_native.go
index 157caa3..f96c5be 100644
--- a/src/internal/bytealg/indexbyte_native.go
+++ b/src/internal/bytealg/indexbyte_native.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build 386 amd64 s390x arm arm64 ppc64 ppc64le mips mipsle mips64 mips64le wasm
+// +build 386 amd64 s390x arm arm64 ppc64 ppc64le mips mipsle mips64 mips64le riscv64 wasm
package bytealg
diff --git a/src/internal/bytealg/indexbyte_riscv64.s b/src/internal/bytealg/indexbyte_riscv64.s
new file mode 100644
index 0000000..087be86
--- /dev/null
+++ b/src/internal/bytealg/indexbyte_riscv64.s
@@ -0,0 +1,52 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "go_asm.h"
+#include "textflag.h"
+
+TEXT ·IndexByte(SB),NOSPLIT,$0-40
+ MOV s+0(FP), A1
+ MOV s_len+8(FP), A2
+ MOVBU c+24(FP), A3 // byte to find
+ MOV A1, A4 // store base for later
+ ADD A1, A2 // end
+ ADD $-1, A1
+
+loop:
+ ADD $1, A1
+ BEQ A1, A2, notfound
+ MOVBU (A1), A5
+ BNE A3, A5, loop
+
+ SUB A4, A1 // remove base
+ MOV A1, ret+32(FP)
+ RET
+
+notfound:
+ MOV $-1, A1
+ MOV A1, ret+32(FP)
+ RET
+
+TEXT ·IndexByteString(SB),NOSPLIT,$0-32
+ MOV p+0(FP), A1
+ MOV b_len+8(FP), A2
+ MOVBU c+16(FP), A3 // byte to find
+ MOV A1, A4 // store base for later
+ ADD A1, A2 // end
+ ADD $-1, A1
+
+loop:
+ ADD $1, A1
+ BEQ A1, A2, notfound
+ MOVBU (A1), A5
+ BNE A3, A5, loop
+
+ SUB A4, A1 // remove base
+ MOV A1, ret+24(FP)
+ RET
+
+notfound:
+ MOV $-1, A1
+ MOV A1, ret+24(FP)
+ RET
diff --git a/src/internal/cpu/cpu_riscv64.go b/src/internal/cpu/cpu_riscv64.go
new file mode 100644
index 0000000..c49cab7
--- /dev/null
+++ b/src/internal/cpu/cpu_riscv64.go
@@ -0,0 +1,7 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const CacheLinePadSize = 32
diff --git a/src/math/big/int_test.go b/src/math/big/int_test.go
index a4285f3..e3a1587 100644
--- a/src/math/big/int_test.go
+++ b/src/math/big/int_test.go
@@ -1829,8 +1829,11 @@
}
func BenchmarkDiv(b *testing.B) {
- min, max, step := 10, 100000, 10
- for i := min; i <= max; i *= step {
+ sizes := []int{
+ 10, 20, 50, 100, 200, 500, 1000,
+ 1e4, 1e5, 1e6, 1e7,
+ }
+ for _, i := range sizes {
j := 2 * i
b.Run(fmt.Sprintf("%d/%d", j, i), func(b *testing.B) {
benchmarkDiv(b, j, i)
diff --git a/src/math/big/nat.go b/src/math/big/nat.go
index 3b60232..1b771ca 100644
--- a/src/math/big/nat.go
+++ b/src/math/big/nat.go
@@ -693,7 +693,7 @@
var natPool sync.Pool
-// q = (uIn-r)/vIn, with 0 <= r < y
+// q = (uIn-r)/vIn, with 0 <= r < vIn
// Uses z as storage for q, and u as storage for r if possible.
// See Knuth, Volume 2, section 4.3.1, Algorithm D.
// Preconditions:
@@ -721,6 +721,30 @@
}
q = z.make(m + 1)
+ if n < divRecursiveThreshold {
+ q.divBasic(u, v)
+ } else {
+ q.divRecursive(u, v)
+ }
+ putNat(vp)
+
+ q = q.norm()
+ shrVU(u, u, shift)
+ r = u.norm()
+
+ return q, r
+}
+
+// divBasic performs word-by-word division of u by v.
+// The quotient is written in pre-allocated q.
+// The remainder overwrites input u.
+//
+// Precondition:
+// - len(q) >= len(u)-len(v)
+func (q nat) divBasic(u, v nat) {
+ n := len(v)
+ m := len(u) - n
+
qhatvp := getNat(n + 1)
qhatv := *qhatvp
@@ -729,7 +753,11 @@
for j := m; j >= 0; j-- {
// D3.
qhat := Word(_M)
- if ujn := u[j+n]; ujn != vn1 {
+ var ujn Word
+ if j+n < len(u) {
+ ujn = u[j+n]
+ }
+ if ujn != vn1 {
var rhat Word
qhat, rhat = divWW(ujn, u[j+n-1], vn1)
@@ -752,25 +780,175 @@
// D4.
qhatv[n] = mulAddVWW(qhatv[0:n], v, qhat, 0)
-
- c := subVV(u[j:j+len(qhatv)], u[j:], qhatv)
+ qhl := len(qhatv)
+ if j+qhl > len(u) && qhatv[n] == 0 {
+ qhl--
+ }
+ c := subVV(u[j:j+qhl], u[j:], qhatv)
if c != 0 {
c := addVV(u[j:j+n], u[j:], v)
u[j+n] += c
qhat--
}
+ if j == m && m == len(q) && qhat == 0 {
+ continue
+ }
q[j] = qhat
}
- putNat(vp)
putNat(qhatvp)
+}
- q = q.norm()
- shrVU(u, u, shift)
- r = u.norm()
+const divRecursiveThreshold = 100
- return q, r
+// divRecursive performs word-by-word division of u by v.
+// The quotient is written in pre-allocated z.
+// The remainder overwrites input u.
+//
+// Precondition:
+// - len(z) >= len(u)-len(v)
+//
+// See Burnikel, Ziegler, "Fast Recursive Division", Algorithm 1 and 2.
+func (z nat) divRecursive(u, v nat) {
+ // Recursion depth is less than 2 log2(len(v))
+ // Allocate a slice of temporaries to be reused across recursion.
+ recDepth := 2 * bits.Len(uint(len(v)))
+ // large enough to perform Karatsuba on operands as large as v
+ tmp := getNat(3 * len(v))
+ temps := make([]*nat, recDepth)
+ z.clear()
+ z.divRecursiveStep(u, v, 0, tmp, temps)
+ for _, n := range temps {
+ if n != nil {
+ putNat(n)
+ }
+ }
+ putNat(tmp)
+}
+
+func (z nat) divRecursiveStep(u, v nat, depth int, tmp *nat, temps []*nat) {
+ u = u.norm()
+ v = v.norm()
+
+ if len(u) == 0 {
+ z.clear()
+ return
+ }
+ n := len(v)
+ if n < divRecursiveThreshold {
+ z.divBasic(u, v)
+ return
+ }
+ m := len(u) - n
+ if m < 0 {
+ return
+ }
+
+ // Produce the quotient by blocks of B words.
+ // Division by v (length n) is done using a length n/2 division
+ // and a length n/2 multiplication for each block. The final
+ // complexity is driven by multiplication complexity.
+ B := n / 2
+
+ // Allocate a nat for qhat below.
+ if temps[depth] == nil {
+ temps[depth] = getNat(n)
+ } else {
+ *temps[depth] = temps[depth].make(B + 1)
+ }
+
+ j := m
+ for j > B {
+ // Divide u[j-B:j+n] by vIn. Keep remainder in u
+ // for next block.
+ //
+ // The following property will be used (Lemma 2):
+ // if u = u1 << s + u0
+ // v = v1 << s + v0
+ // then floor(u1/v1) >= floor(u/v)
+ //
+ // Moreover, the difference is at most 2 if len(v1) >= len(u/v)
+ // We choose s = B-1 since len(v)-B >= B+1 >= len(u/v)
+ s := (B - 1)
+ // Except for the first step, the top bits are always
+ // a division remainder, so the quotient length is <= n.
+ uu := u[j-B:]
+
+ qhat := *temps[depth]
+ qhat.clear()
+ qhat.divRecursiveStep(uu[s:B+n], v[s:], depth+1, tmp, temps)
+ qhat = qhat.norm()
+ // Adjust the quotient:
+ // u = u_h << s + u_l
+ // v = v_h << s + v_l
+ // u_h = q̂ v_h + rh
+ // u = q̂ (v - v_l) + rh << s + u_l
+ // After the above step, u contains a remainder:
+ // u = rh << s + u_l
+ // and we need to subtract q̂ v_l
+ //
+ // But it may be a bit too large, in which case q̂ needs to be smaller.
+ qhatv := tmp.make(3 * n)
+ qhatv.clear()
+ qhatv = qhatv.mul(qhat, v[:s])
+ for i := 0; i < 2; i++ {
+ e := qhatv.cmp(uu.norm())
+ if e <= 0 {
+ break
+ }
+ subVW(qhat, qhat, 1)
+ c := subVV(qhatv[:s], qhatv[:s], v[:s])
+ if len(qhatv) > s {
+ subVW(qhatv[s:], qhatv[s:], c)
+ }
+ addAt(uu[s:], v[s:], 0)
+ }
+ if qhatv.cmp(uu.norm()) > 0 {
+ panic("impossible")
+ }
+ c := subVV(uu[:len(qhatv)], uu[:len(qhatv)], qhatv)
+ if c > 0 {
+ subVW(uu[len(qhatv):], uu[len(qhatv):], c)
+ }
+ addAt(z, qhat, j-B)
+ j -= B
+ }
+
+ // Now u < (v<<B), compute lower bits in the same way.
+ // Choose shift = B-1 again.
+ s := B
+ qhat := *temps[depth]
+ qhat.clear()
+ qhat.divRecursiveStep(u[s:].norm(), v[s:], depth+1, tmp, temps)
+ qhat = qhat.norm()
+ qhatv := tmp.make(3 * n)
+ qhatv.clear()
+ qhatv = qhatv.mul(qhat, v[:s])
+ // Set the correct remainder as before.
+ for i := 0; i < 2; i++ {
+ if e := qhatv.cmp(u.norm()); e > 0 {
+ subVW(qhat, qhat, 1)
+ c := subVV(qhatv[:s], qhatv[:s], v[:s])
+ if len(qhatv) > s {
+ subVW(qhatv[s:], qhatv[s:], c)
+ }
+ addAt(u[s:], v[s:], 0)
+ }
+ }
+ if qhatv.cmp(u.norm()) > 0 {
+ panic("impossible")
+ }
+ c := subVV(u[0:len(qhatv)], u[0:len(qhatv)], qhatv)
+ if c > 0 {
+ c = subVW(u[len(qhatv):], u[len(qhatv):], c)
+ }
+ if c > 0 {
+ panic("impossible")
+ }
+
+ // Done!
+ addAt(z, qhat.norm(), 0)
}
// Length of x in bits. x must be normalized.
diff --git a/src/math/big/nat_test.go b/src/math/big/nat_test.go
index bb5e14b..32f29e3 100644
--- a/src/math/big/nat_test.go
+++ b/src/math/big/nat_test.go
@@ -192,10 +192,22 @@
}
}
+// rndNat returns a random nat value >= 0 of (usually) n words in length.
+// In extremely unlikely cases it may be smaller than n words if the top-
+// most words are 0.
func rndNat(n int) nat {
return nat(rndV(n)).norm()
}
+// rndNat1 is like rndNat but the result is guaranteed to be > 0.
+func rndNat1(n int) nat {
+ x := nat(rndV(n)).norm()
+ if len(x) == 0 {
+ x.setWord(1)
+ }
+ return x
+}
+
func BenchmarkMul(b *testing.B) {
mulx := rndNat(1e4)
muly := rndNat(1e4)
@@ -739,3 +751,38 @@
})
}
}
+
+func TestNatDiv(t *testing.T) {
+ sizes := []int{
+ 1, 2, 5, 8, 15, 25, 40, 65, 100,
+ 200, 500, 800, 1500, 2500, 4000, 6500, 10000,
+ }
+ for _, i := range sizes {
+ for _, j := range sizes {
+ a := rndNat1(i)
+ b := rndNat1(j)
+ // the test requires b >= 2
+ if len(b) == 1 && b[0] == 1 {
+ b[0] = 2
+ }
+ // choose a remainder c < b
+ c := rndNat1(len(b))
+ if len(c) == len(b) && c[len(c)-1] >= b[len(b)-1] {
+ c[len(c)-1] = 0
+ c = c.norm()
+ }
+ // compute x = a*b+c
+ x := nat(nil).mul(a, b)
+ x = x.add(x, c)
+
+ var q, r nat
+ q, r = q.div(r, x, b)
+ if q.cmp(a) != 0 {
+ t.Fatalf("wrong quotient: got %s; want %s for %s/%s", q.utoa(10), a.utoa(10), x.utoa(10), b.utoa(10))
+ }
+ if r.cmp(c) != 0 {
+ t.Fatalf("wrong remainder: got %s; want %s for %s/%s", r.utoa(10), c.utoa(10), x.utoa(10), b.utoa(10))
+ }
+ }
+ }
+}
diff --git a/src/net/dial.go b/src/net/dial.go
index 60ab0f2..d8be1c2 100644
--- a/src/net/dial.go
+++ b/src/net/dial.go
@@ -529,20 +529,21 @@
default:
}
- deadline, _ := ctx.Deadline()
- partialDeadline, err := partialDeadline(time.Now(), deadline, len(ras)-i)
- if err != nil {
- // Ran out of time.
- if firstErr == nil {
- firstErr = &OpError{Op: "dial", Net: sd.network, Source: sd.LocalAddr, Addr: ra, Err: err}
- }
- break
- }
dialCtx := ctx
- if partialDeadline.Before(deadline) {
- var cancel context.CancelFunc
- dialCtx, cancel = context.WithDeadline(ctx, partialDeadline)
- defer cancel()
+ if deadline, hasDeadline := ctx.Deadline(); hasDeadline {
+ partialDeadline, err := partialDeadline(time.Now(), deadline, len(ras)-i)
+ if err != nil {
+ // Ran out of time.
+ if firstErr == nil {
+ firstErr = &OpError{Op: "dial", Net: sd.network, Source: sd.LocalAddr, Addr: ra, Err: err}
+ }
+ break
+ }
+ if partialDeadline.Before(deadline) {
+ var cancel context.CancelFunc
+ dialCtx, cancel = context.WithDeadline(ctx, partialDeadline)
+ defer cancel()
+ }
}
c, err := sd.dialSingle(dialCtx, ra)
diff --git a/src/net/dial_test.go b/src/net/dial_test.go
index 2eddac8..4312a6d 100644
--- a/src/net/dial_test.go
+++ b/src/net/dial_test.go
@@ -980,3 +980,32 @@
testenv.MustHaveExternalNetwork(t)
}
}
+
+type contextWithNonZeroDeadline struct {
+ context.Context
+}
+
+func (contextWithNonZeroDeadline) Deadline() (time.Time, bool) {
+ // Return non-zero time.Time value with false indicating that no deadline is set.
+ return time.Unix(0, 0), false
+}
+
+func TestDialWithNonZeroDeadline(t *testing.T) {
+ ln, err := newLocalListener("tcp")
+ if err != nil {
+ t.Fatal(err)
+ }
+ defer ln.Close()
+ _, port, err := SplitHostPort(ln.Addr().String())
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ ctx := contextWithNonZeroDeadline{Context: context.Background()}
+ var dialer Dialer
+ c, err := dialer.DialContext(ctx, "tcp", JoinHostPort("", port))
+ if err != nil {
+ t.Fatal(err)
+ }
+ c.Close()
+}
diff --git a/src/net/fd_unix.go b/src/net/fd_unix.go
index a6d6453..da88c74 100644
--- a/src/net/fd_unix.go
+++ b/src/net/fd_unix.go
@@ -96,7 +96,7 @@
if err := fd.pfd.Init(fd.net, true); err != nil {
return nil, err
}
- if deadline, _ := ctx.Deadline(); !deadline.IsZero() {
+ if deadline, hasDeadline := ctx.Deadline(); hasDeadline {
fd.pfd.SetWriteDeadline(deadline)
defer fd.pfd.SetWriteDeadline(noDeadline)
}
diff --git a/src/net/http/serve_test.go b/src/net/http/serve_test.go
index af43421..9077c0c 100644
--- a/src/net/http/serve_test.go
+++ b/src/net/http/serve_test.go
@@ -4352,7 +4352,7 @@
// This verifies that a handler can Flush and then Hijack.
//
-// An similar test crashed once during development, but it was only
+// A similar test crashed once during development, but it was only
// testing this tangentially and temporarily until another TODO was
// fixed.
//
diff --git a/src/net/http/transfer.go b/src/net/http/transfer.go
index e28d0be..1d6a987 100644
--- a/src/net/http/transfer.go
+++ b/src/net/http/transfer.go
@@ -633,11 +633,11 @@
// implicitlyChunked is a helper to check for implicity of chunked, because
// RFC 7230 Section 3.3.1 says that the sender MUST apply chunked as the final
// payload body to ensure that the message is framed for both the request
-// and the body. Since "identity" is incompatabile with any other transformational
+// and the body. Since "identity" is incompatible with any other transformational
// encoding cannot co-exist, the presence of "identity" will cause implicitlyChunked
// to return false.
func implicitlyChunked(te []string) bool {
- if len(te) == 0 { // No transfer-encodings passed in, so not implicity chunked.
+ if len(te) == 0 { // No transfer-encodings passed in, so not implicitly chunked.
return false
}
for _, tei := range te {
diff --git a/src/net/http/transport.go b/src/net/http/transport.go
index 6fade79..f3cf31c 100644
--- a/src/net/http/transport.go
+++ b/src/net/http/transport.go
@@ -89,7 +89,7 @@
// Request.GetBody defined. HTTP requests are considered idempotent if
// they have HTTP methods GET, HEAD, OPTIONS, or TRACE; or if their
// Header map contains an "Idempotency-Key" or "X-Idempotency-Key"
-// entry. If the idempotency key value is an zero-length slice, the
+// entry. If the idempotency key value is a zero-length slice, the
// request is treated as idempotent but the header is not sent on the
// wire.
type Transport struct {
@@ -142,15 +142,24 @@
// If both are set, DialContext takes priority.
Dial func(network, addr string) (net.Conn, error)
- // DialTLS specifies an optional dial function for creating
+ // DialTLSContext specifies an optional dial function for creating
// TLS connections for non-proxied HTTPS requests.
//
- // If DialTLS is nil, Dial and TLSClientConfig are used.
+ // If DialTLSContext is nil (and the deprecated DialTLS below is also nil),
+ // DialContext and TLSClientConfig are used.
//
- // If DialTLS is set, the Dial hook is not used for HTTPS
+ // If DialTLSContext is set, the Dial and DialContext hooks are not used for HTTPS
// requests and the TLSClientConfig and TLSHandshakeTimeout
// are ignored. The returned net.Conn is assumed to already be
// past the TLS handshake.
+ DialTLSContext func(ctx context.Context, network, addr string) (net.Conn, error)
+
+ // DialTLS specifies an optional dial function for creating
+ // TLS connections for non-proxied HTTPS requests.
+ //
+ // Deprecated: Use DialTLSContext instead, which allows the transport
+ // to cancel dials as soon as they are no longer needed.
+ // If both are set, DialTLSContext takes priority.
DialTLS func(network, addr string) (net.Conn, error)
// TLSClientConfig specifies the TLS configuration to use with
@@ -286,6 +295,7 @@
DialContext: t.DialContext,
Dial: t.Dial,
DialTLS: t.DialTLS,
+ DialTLSContext: t.DialTLSContext,
TLSHandshakeTimeout: t.TLSHandshakeTimeout,
DisableKeepAlives: t.DisableKeepAlives,
DisableCompression: t.DisableCompression,
@@ -324,6 +334,10 @@
CloseIdleConnections()
}
+func (t *Transport) hasCustomTLSDialer() bool {
+ return t.DialTLS != nil || t.DialTLSContext != nil
+}
+
// onceSetNextProtoDefaults initializes TLSNextProto.
// It must be called via t.nextProtoOnce.Do.
func (t *Transport) onceSetNextProtoDefaults() {
@@ -352,7 +366,7 @@
// Transport.
return
}
- if !t.ForceAttemptHTTP2 && (t.TLSClientConfig != nil || t.Dial != nil || t.DialTLS != nil || t.DialContext != nil) {
+ if !t.ForceAttemptHTTP2 && (t.TLSClientConfig != nil || t.Dial != nil || t.DialContext != nil || t.hasCustomTLSDialer()) {
// Be conservative and don't automatically enable
// http2 if they've specified a custom TLS config or
// custom dialers. Let them opt-in themselves via
@@ -1185,6 +1199,18 @@
}
}
+func (t *Transport) customDialTLS(ctx context.Context, network, addr string) (conn net.Conn, err error) {
+ if t.DialTLSContext != nil {
+ conn, err = t.DialTLSContext(ctx, network, addr)
+ } else {
+ conn, err = t.DialTLS(network, addr)
+ }
+ if conn == nil && err == nil {
+ err = errors.New("net/http: Transport.DialTLS or DialTLSContext returned (nil, nil)")
+ }
+ return
+}
+
// getConn dials and creates a new persistConn to the target as
// specified in the connectMethod. This includes doing a proxy CONNECT
// and/or setting up TLS. If this doesn't return an error, the persistConn
@@ -1435,15 +1461,12 @@
}
return err
}
- if cm.scheme() == "https" && t.DialTLS != nil {
+ if cm.scheme() == "https" && t.hasCustomTLSDialer() {
var err error
- pconn.conn, err = t.DialTLS("tcp", cm.addr())
+ pconn.conn, err = t.customDialTLS(ctx, "tcp", cm.addr())
if err != nil {
return nil, wrapErr(err)
}
- if pconn.conn == nil {
- return nil, wrapErr(errors.New("net/http: Transport.DialTLS returned (nil, nil)"))
- }
if tc, ok := pconn.conn.(*tls.Conn); ok {
// Handshake here, in case DialTLS didn't. TLSNextProto below
// depends on it for knowing the connection state.
diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go
index 6928680..517b03b 100644
--- a/src/net/http/transport_test.go
+++ b/src/net/http/transport_test.go
@@ -3506,6 +3506,90 @@
}
}
+func TestTransportDialContext(t *testing.T) {
+ setParallel(t)
+ defer afterTest(t)
+ var mu sync.Mutex // guards following
+ var gotReq bool
+ var receivedContext context.Context
+
+ ts := httptest.NewServer(HandlerFunc(func(w ResponseWriter, r *Request) {
+ mu.Lock()
+ gotReq = true
+ mu.Unlock()
+ }))
+ defer ts.Close()
+ c := ts.Client()
+ c.Transport.(*Transport).DialContext = func(ctx context.Context, netw, addr string) (net.Conn, error) {
+ mu.Lock()
+ receivedContext = ctx
+ mu.Unlock()
+ return net.Dial(netw, addr)
+ }
+
+ req, err := NewRequest("GET", ts.URL, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ ctx := context.WithValue(context.Background(), "some-key", "some-value")
+ res, err := c.Do(req.WithContext(ctx))
+ if err != nil {
+ t.Fatal(err)
+ }
+ res.Body.Close()
+ mu.Lock()
+ if !gotReq {
+ t.Error("didn't get request")
+ }
+ if receivedContext != ctx {
+ t.Error("didn't receive correct context")
+ }
+}
+
+func TestTransportDialTLSContext(t *testing.T) {
+ setParallel(t)
+ defer afterTest(t)
+ var mu sync.Mutex // guards following
+ var gotReq bool
+ var receivedContext context.Context
+
+ ts := httptest.NewTLSServer(HandlerFunc(func(w ResponseWriter, r *Request) {
+ mu.Lock()
+ gotReq = true
+ mu.Unlock()
+ }))
+ defer ts.Close()
+ c := ts.Client()
+ c.Transport.(*Transport).DialTLSContext = func(ctx context.Context, netw, addr string) (net.Conn, error) {
+ mu.Lock()
+ receivedContext = ctx
+ mu.Unlock()
+ c, err := tls.Dial(netw, addr, c.Transport.(*Transport).TLSClientConfig)
+ if err != nil {
+ return nil, err
+ }
+ return c, c.Handshake()
+ }
+
+ req, err := NewRequest("GET", ts.URL, nil)
+ if err != nil {
+ t.Fatal(err)
+ }
+ ctx := context.WithValue(context.Background(), "some-key", "some-value")
+ res, err := c.Do(req.WithContext(ctx))
+ if err != nil {
+ t.Fatal(err)
+ }
+ res.Body.Close()
+ mu.Lock()
+ if !gotReq {
+ t.Error("didn't get request")
+ }
+ if receivedContext != ctx {
+ t.Error("didn't receive correct context")
+ }
+}
+
// Test for issue 8755
// Ensure that if a proxy returns an error, it is exposed by RoundTrip
func TestRoundTripReturnsProxyError(t *testing.T) {
@@ -3633,7 +3717,7 @@
}
}
-// This tests that an client requesting a content range won't also
+// This tests that a client requesting a content range won't also
// implicitly ask for gzip support. If they want that, they need to do it
// on their own.
// golang.org/issue/8923
@@ -5577,6 +5661,7 @@
DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { panic("") },
Dial: func(network, addr string) (net.Conn, error) { panic("") },
DialTLS: func(network, addr string) (net.Conn, error) { panic("") },
+ DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) { panic("") },
TLSClientConfig: new(tls.Config),
TLSHandshakeTimeout: time.Second,
DisableKeepAlives: true,
@@ -5845,7 +5930,11 @@
var brokenState brokenState
+ const numReqs = 5
+ var numDials, gotConns uint32 // atomic
+
cst.tr.Dial = func(netw, addr string) (net.Conn, error) {
+ atomic.AddUint32(&numDials, 1)
c, err := net.Dial(netw, addr)
if err != nil {
t.Errorf("unexpected Dial error: %v", err)
@@ -5854,8 +5943,6 @@
return &breakableConn{c, &brokenState}, err
}
- const numReqs = 5
- var gotConns uint32 // atomic
for i := 1; i <= numReqs; i++ {
brokenState.Lock()
brokenState.broken = false
@@ -5868,6 +5955,7 @@
ctx := httptrace.WithClientTrace(context.Background(), &httptrace.ClientTrace{
GotConn: func(info httptrace.GotConnInfo) {
+ t.Logf("got conn: %v, reused=%v, wasIdle=%v, idleTime=%v", info.Conn.LocalAddr(), info.Reused, info.WasIdle, info.IdleTime)
atomic.AddUint32(&gotConns, 1)
},
TLSHandshakeDone: func(cfg tls.ConnectionState, err error) {
@@ -5890,6 +5978,9 @@
if got, want := atomic.LoadUint32(&gotConns), 1; int(got) != want {
t.Errorf("GotConn calls = %v; want %v", got, want)
}
+ if got, want := atomic.LoadUint32(&numDials), numReqs; int(got) != want {
+ t.Errorf("Dials = %v; want %v", got, want)
+ }
}
// Issue 34941
diff --git a/src/net/ipsock_posix.go b/src/net/ipsock_posix.go
index 5570ed1..8763d57 100644
--- a/src/net/ipsock_posix.go
+++ b/src/net/ipsock_posix.go
@@ -162,7 +162,7 @@
// of IP node.
//
// When the IP node supports IPv4-mapped IPv6 address,
- // we allow an listener to listen to the wildcard
+ // we allow a listener to listen to the wildcard
// address of both IP addressing spaces by specifying
// IPv6 wildcard address.
if len(ip) == 0 || ip.Equal(IPv4zero) {
diff --git a/src/net/lookup_windows.go b/src/net/lookup_windows.go
index adf1e36..cb840ae 100644
--- a/src/net/lookup_windows.go
+++ b/src/net/lookup_windows.go
@@ -375,7 +375,7 @@
// returns the last CNAME in chain
func resolveCNAME(name *uint16, r *syscall.DNSRecord) *uint16 {
- // limit cname resolving to 10 in case of a infinite CNAME loop
+ // limit cname resolving to 10 in case of an infinite CNAME loop
Cname:
for cnameloop := 0; cnameloop < 10; cnameloop++ {
for p := r; p != nil; p = p.Next {
diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go
index 2ad7dd0..cfda079 100644
--- a/src/net/smtp/smtp_test.go
+++ b/src/net/smtp/smtp_test.go
@@ -656,9 +656,16 @@
tc := textproto.NewConn(conn)
tc.PrintfLine("220 hello world")
msg, err := tc.ReadLine()
- if msg == "EHLO localhost" {
- tc.PrintfLine("250 mx.google.com at your service")
+ if err != nil {
+ errCh <- fmt.Errorf("ReadLine error: %v", err)
+ return
}
+ const wantMsg = "EHLO localhost"
+ if msg != wantMsg {
+ errCh <- fmt.Errorf("unexpected response %q; want %q", msg, wantMsg)
+ return
+ }
+ err = tc.PrintfLine("250 mx.google.com at your service")
if err != nil {
errCh <- fmt.Errorf("PrintfLine: %v", err)
return
diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go
index 19d2111..19bda69 100644
--- a/src/os/exec/exec_test.go
+++ b/src/os/exec/exec_test.go
@@ -30,6 +30,45 @@
"time"
)
+// haveUnexpectedFDs is set at init time to report whether any
+// file descriptors were open at program start.
+var haveUnexpectedFDs bool
+
+// unfinalizedFiles holds files that should not be finalized,
+// because that would close the associated file descriptor,
+// which we don't want to do.
+var unfinalizedFiles []*os.File
+
+func init() {
+ if os.Getenv("GO_WANT_HELPER_PROCESS") == "1" {
+ return
+ }
+ if runtime.GOOS == "windows" {
+ return
+ }
+ for fd := uintptr(3); fd <= 100; fd++ {
+ if poll.IsPollDescriptor(fd) {
+ continue
+ }
+ // We have no good portable way to check whether an FD is open.
+ // We use NewFile to create a *os.File, which lets us
+ // know whether it is open, but then we have to cope with
+ // the finalizer on the *os.File.
+ f := os.NewFile(fd, "")
+ if _, err := f.Stat(); err != nil {
+ // Close the file to clear the finalizer.
+ // We expect the Close to fail.
+ f.Close()
+ } else {
+ fmt.Printf("fd %d open at test start\n", fd)
+ haveUnexpectedFDs = true
+ // Use a global variable to avoid running
+ // the finalizer, which would close the FD.
+ unfinalizedFiles = append(unfinalizedFiles, f)
+ }
+ }
+}
+
func helperCommandContext(t *testing.T, ctx context.Context, s ...string) (cmd *exec.Cmd) {
testenv.MustHaveExec(t)
@@ -449,8 +488,6 @@
return bytes.Count(lsof, []byte("\n")), lsof
}
-var testedAlreadyLeaked = false
-
// basefds returns the number of expected file descriptors
// to be present in a process at start.
// stdin, stdout, stderr, epoll/kqueue, epoll/kqueue pipe, maybe testlog
@@ -470,29 +507,9 @@
return n
}
-func closeUnexpectedFds(t *testing.T, m string) {
- for fd := basefds(); fd <= 101; fd++ {
- if poll.IsPollDescriptor(fd) {
- continue
- }
- err := os.NewFile(fd, "").Close()
- if err == nil {
- t.Logf("%s: Something already leaked - closed fd %d", m, fd)
- }
- }
-}
-
func TestExtraFilesFDShuffle(t *testing.T) {
t.Skip("flaky test; see https://golang.org/issue/5780")
switch runtime.GOOS {
- case "darwin":
- // TODO(cnicolaou): https://golang.org/issue/2603
- // leads to leaked file descriptors in this test when it's
- // run from a builder.
- closeUnexpectedFds(t, "TestExtraFilesFDShuffle")
- case "netbsd":
- // https://golang.org/issue/3955
- closeUnexpectedFds(t, "TestExtraFilesFDShuffle")
case "windows":
t.Skip("no operating system support; skipping")
}
@@ -587,19 +604,29 @@
}
func TestExtraFiles(t *testing.T) {
+ if haveUnexpectedFDs {
+ // The point of this test is to make sure that any
+ // descriptors we open are marked close-on-exec.
+ // If haveUnexpectedFDs is true then there were other
+ // descriptors open when we started the test,
+ // so those descriptors are clearly not close-on-exec,
+ // and they will confuse the test. We could modify
+ // the test to expect those descriptors to remain open,
+ // but since we don't know where they came from or what
+ // they are doing, that seems fragile. For example,
+ // perhaps they are from the startup code on this
+ // system for some reason. Also, this test is not
+ // system-specific; as long as most systems do not skip
+ // the test, we will still be testing what we care about.
+ t.Skip("skipping test because test was run with FDs open")
+ }
+
testenv.MustHaveExec(t)
if runtime.GOOS == "windows" {
t.Skipf("skipping test on %q", runtime.GOOS)
}
- // Ensure that file descriptors have not already been leaked into
- // our environment.
- if !testedAlreadyLeaked {
- testedAlreadyLeaked = true
- closeUnexpectedFds(t, "TestExtraFiles")
- }
-
// Force network usage, to verify the epoll (or whatever) fd
// doesn't leak to the child,
ln, err := net.Listen("tcp", "127.0.0.1:0")
diff --git a/src/os/file_windows.go b/src/os/file_windows.go
index 1e78f4e..96f934d 100644
--- a/src/os/file_windows.go
+++ b/src/os/file_windows.go
@@ -111,10 +111,17 @@
path := fixLongPath(name)
- if len(path) == 2 && path[1] == ':' || (len(path) > 0 && path[len(path)-1] == '\\') { // it is a drive letter, like C:
+ if len(path) == 2 && path[1] == ':' { // it is a drive letter, like C:
mask = path + `*`
+ } else if len(path) > 0 {
+ lc := path[len(path)-1]
+ if lc == '/' || lc == '\\' {
+ mask = path + `*`
+ } else {
+ mask = path + `\*`
+ }
} else {
- mask = path + `\*`
+ mask = `\*`
}
maskp, e := syscall.UTF16PtrFromString(mask)
if e != nil {
diff --git a/src/os/path_windows_test.go b/src/os/path_windows_test.go
index f1745ad..862b404 100644
--- a/src/os/path_windows_test.go
+++ b/src/os/path_windows_test.go
@@ -74,3 +74,18 @@
t.Fatalf("MkdirAll(%q) should have failed, but did not", path)
}
}
+
+func TestOpenRootSlash(t *testing.T) {
+ tests := []string{
+ `/`,
+ `\`,
+ }
+
+ for _, test := range tests {
+ dir, err := os.Open(test)
+ if err != nil {
+ t.Fatalf("Open(%q) failed: %v", test, err)
+ }
+ dir.Close()
+ }
+}
diff --git a/src/os/signal/signal_test.go b/src/os/signal/signal_test.go
index d9305a4..a4489ff 100644
--- a/src/os/signal/signal_test.go
+++ b/src/os/signal/signal_test.go
@@ -422,6 +422,19 @@
testenv.MustHaveExec(t)
+ // Call Notify for SIGINT before starting the child process.
+ // That ensures that SIGINT is not ignored for the child.
+ // This is necessary because if SIGINT is ignored when a
+ // Go program starts, then it remains ignored, and closing
+ // the last notification channel for SIGINT will switch it
+ // back to being ignored. In that case the assumption of
+ // atomicStopTestProgram, that it will either die from SIGINT
+ // or have it be reported, breaks down, as there is a third
+ // option: SIGINT might be ignored.
+ cs := make(chan os.Signal, 1)
+ Notify(cs, syscall.SIGINT)
+ defer Stop(cs)
+
const execs = 10
for i := 0; i < execs; i++ {
timeout := "0"
@@ -466,6 +479,12 @@
// It tries to trigger a signal delivery race. This function should
// either catch a signal or die from it.
func atomicStopTestProgram() {
+ // This test won't work if SIGINT is ignored here.
+ if Ignored(syscall.SIGINT) {
+ fmt.Println("SIGINT is ignored")
+ os.Exit(1)
+ }
+
const tries = 10
timeout := 2 * time.Second
diff --git a/src/reflect/all_test.go b/src/reflect/all_test.go
index b6010f9..7443666 100644
--- a/src/reflect/all_test.go
+++ b/src/reflect/all_test.go
@@ -3634,6 +3634,13 @@
type MyFunc func()
type MyByte byte
+type IntChan chan int
+type IntChanRecv <-chan int
+type IntChanSend chan<- int
+type BytesChan chan []byte
+type BytesChanRecv <-chan []byte
+type BytesChanSend chan<- []byte
+
var convertTests = []struct {
in Value
out Value
@@ -3995,10 +4002,6 @@
{V((***byte)(nil)), V((***byte)(nil))},
{V((***int32)(nil)), V((***int32)(nil))},
{V((***int64)(nil)), V((***int64)(nil))},
- {V((chan int)(nil)), V((<-chan int)(nil))},
- {V((chan int)(nil)), V((chan<- int)(nil))},
- {V((chan string)(nil)), V((<-chan string)(nil))},
- {V((chan string)(nil)), V((chan<- string)(nil))},
{V((chan byte)(nil)), V((chan byte)(nil))},
{V((chan MyByte)(nil)), V((chan MyByte)(nil))},
{V((map[int]bool)(nil)), V((map[int]bool)(nil))},
@@ -4010,6 +4013,40 @@
{V(new(io.Reader)), V(new(io.Reader))},
{V(new(io.Writer)), V(new(io.Writer))},
+ // channels
+ {V(IntChan(nil)), V((chan<- int)(nil))},
+ {V(IntChan(nil)), V((<-chan int)(nil))},
+ {V((chan int)(nil)), V(IntChanRecv(nil))},
+ {V((chan int)(nil)), V(IntChanSend(nil))},
+ {V(IntChanRecv(nil)), V((<-chan int)(nil))},
+ {V((<-chan int)(nil)), V(IntChanRecv(nil))},
+ {V(IntChanSend(nil)), V((chan<- int)(nil))},
+ {V((chan<- int)(nil)), V(IntChanSend(nil))},
+ {V(IntChan(nil)), V((chan int)(nil))},
+ {V((chan int)(nil)), V(IntChan(nil))},
+ {V((chan int)(nil)), V((<-chan int)(nil))},
+ {V((chan int)(nil)), V((chan<- int)(nil))},
+ {V(BytesChan(nil)), V((chan<- []byte)(nil))},
+ {V(BytesChan(nil)), V((<-chan []byte)(nil))},
+ {V((chan []byte)(nil)), V(BytesChanRecv(nil))},
+ {V((chan []byte)(nil)), V(BytesChanSend(nil))},
+ {V(BytesChanRecv(nil)), V((<-chan []byte)(nil))},
+ {V((<-chan []byte)(nil)), V(BytesChanRecv(nil))},
+ {V(BytesChanSend(nil)), V((chan<- []byte)(nil))},
+ {V((chan<- []byte)(nil)), V(BytesChanSend(nil))},
+ {V(BytesChan(nil)), V((chan []byte)(nil))},
+ {V((chan []byte)(nil)), V(BytesChan(nil))},
+ {V((chan []byte)(nil)), V((<-chan []byte)(nil))},
+ {V((chan []byte)(nil)), V((chan<- []byte)(nil))},
+
+ // cannot convert other instances (channels)
+ {V(IntChan(nil)), V(IntChan(nil))},
+ {V(IntChanRecv(nil)), V(IntChanRecv(nil))},
+ {V(IntChanSend(nil)), V(IntChanSend(nil))},
+ {V(BytesChan(nil)), V(BytesChan(nil))},
+ {V(BytesChanRecv(nil)), V(BytesChanRecv(nil))},
+ {V(BytesChanSend(nil)), V(BytesChanSend(nil))},
+
// interfaces
{V(int(1)), EmptyInterfaceV(int(1))},
{V(string("hello")), EmptyInterfaceV(string("hello"))},
diff --git a/src/reflect/type.go b/src/reflect/type.go
index 06ca095..9040862 100644
--- a/src/reflect/type.go
+++ b/src/reflect/type.go
@@ -1542,6 +1542,18 @@
return false
}
+// specialChannelAssignability reports whether a value x of channel type V
+// can be directly assigned (using memmove) to another channel type T.
+// https://golang.org/doc/go_spec.html#Assignability
+// T and V must be both of Chan kind.
+func specialChannelAssignability(T, V *rtype) bool {
+ // Special case:
+ // x is a bidirectional channel value, T is a channel type,
+ // x's type V and T have identical element types,
+ // and at least one of V or T is not a defined type.
+ return V.ChanDir() == BothDir && (T.Name() == "" || V.Name() == "") && haveIdenticalType(T.Elem(), V.Elem(), true)
+}
+
// directlyAssignable reports whether a value x of type V can be directly
// assigned (using memmove) to a value of type T.
// https://golang.org/doc/go_spec.html#Assignability
@@ -1559,7 +1571,11 @@
return false
}
- // x's type T and V must have identical underlying types.
+ if T.Kind() == Chan && specialChannelAssignability(T, V) {
+ return true
+ }
+
+ // x's type T and V must have identical underlying types.
return haveIdenticalUnderlyingType(T, V, true)
}
@@ -1597,14 +1613,6 @@
return T.Len() == V.Len() && haveIdenticalType(T.Elem(), V.Elem(), cmpTags)
case Chan:
- // Special case:
- // x is a bidirectional channel value, T is a channel type,
- // and x's type V and T have identical element types.
- if V.ChanDir() == BothDir && haveIdenticalType(T.Elem(), V.Elem(), cmpTags) {
- return true
- }
-
- // Otherwise continue test for identical underlying type.
return V.ChanDir() == T.ChanDir() && haveIdenticalType(T.Elem(), V.Elem(), cmpTags)
case Func:
diff --git a/src/reflect/value.go b/src/reflect/value.go
index ab3b964..2b7dd66 100644
--- a/src/reflect/value.go
+++ b/src/reflect/value.go
@@ -2476,6 +2476,11 @@
return cvtRunesString
}
}
+
+ case Chan:
+ if dst.Kind() == Chan && specialChannelAssignability(dst, src) {
+ return cvtDirect
+ }
}
// dst and src have same underlying type.
diff --git a/src/runtime/crash_unix_test.go b/src/runtime/crash_unix_test.go
index 234da6d..e494dcb 100644
--- a/src/runtime/crash_unix_test.go
+++ b/src/runtime/crash_unix_test.go
@@ -18,6 +18,7 @@
"sync"
"syscall"
"testing"
+ "time"
"unsafe"
)
@@ -308,20 +309,45 @@
}
func TestSignalM(t *testing.T) {
+ r, w, errno := runtime.Pipe()
+ if errno != 0 {
+ t.Fatal(syscall.Errno(errno))
+ }
+ defer func() {
+ runtime.Close(r)
+ runtime.Close(w)
+ }()
+ runtime.Closeonexec(r)
+ runtime.Closeonexec(w)
+
var want, got int64
var wg sync.WaitGroup
ready := make(chan *runtime.M)
wg.Add(1)
go func() {
runtime.LockOSThread()
- want, got = runtime.WaitForSigusr1(func(mp *runtime.M) {
+ var errno int32
+ want, got = runtime.WaitForSigusr1(r, w, func(mp *runtime.M) {
ready <- mp
- }, 1e9)
+ })
+ if errno != 0 {
+ t.Error(syscall.Errno(errno))
+ }
runtime.UnlockOSThread()
wg.Done()
}()
waitingM := <-ready
runtime.SendSigusr1(waitingM)
+
+ timer := time.AfterFunc(time.Second, func() {
+ // Write 1 to tell WaitForSigusr1 that we timed out.
+ bw := byte(1)
+ if n := runtime.Write(uintptr(w), unsafe.Pointer(&bw), 1); n != 1 {
+ t.Errorf("pipe write failed: %d", n)
+ }
+ })
+ defer timer.Stop()
+
wg.Wait()
if got == -1 {
t.Fatal("signalM signal not received")
diff --git a/src/runtime/defs_aix.go b/src/runtime/defs_aix.go
index a892413..23a6cac 100644
--- a/src/runtime/defs_aix.go
+++ b/src/runtime/defs_aix.go
@@ -8,7 +8,7 @@
Input to cgo -godefs
GOARCH=ppc64 go tool cgo -godefs defs_aix.go > defs_aix_ppc64_tmp.go
-This is only an helper to create defs_aix_ppc64.go
+This is only a helper to create defs_aix_ppc64.go
Go runtime functions require the "linux" name of fields (ss_sp, si_addr, etc)
However, AIX structures don't provide such names and must be modified.
diff --git a/src/runtime/error.go b/src/runtime/error.go
index 0085dfc..555befa 100644
--- a/src/runtime/error.go
+++ b/src/runtime/error.go
@@ -88,7 +88,7 @@
return string(e)
}
-// An boundsError represents a an indexing or slicing operation gone wrong.
+// A boundsError represents an indexing or slicing operation gone wrong.
type boundsError struct {
x int64
y int
diff --git a/src/runtime/export_unix_test.go b/src/runtime/export_unix_test.go
index 3755133..621488e 100644
--- a/src/runtime/export_unix_test.go
+++ b/src/runtime/export_unix_test.go
@@ -6,6 +6,8 @@
package runtime
+import "unsafe"
+
var NonblockingPipe = nonblockingPipe
var Pipe = pipe
var SetNonblock = setNonblock
@@ -26,33 +28,45 @@
type M = m
var waitForSigusr1 struct {
- park note
- mID int64
+ rdpipe int32
+ wrpipe int32
+ mID int64
}
// WaitForSigusr1 blocks until a SIGUSR1 is received. It calls ready
// when it is set up to receive SIGUSR1. The ready function should
-// cause a SIGUSR1 to be sent.
+// cause a SIGUSR1 to be sent. The r and w arguments are a pipe that
+// the signal handler can use to report when the signal is received.
//
// Once SIGUSR1 is received, it returns the ID of the current M and
-// the ID of the M the SIGUSR1 was received on. If no SIGUSR1 is
-// received for timeoutNS nanoseconds, it returns -1.
-func WaitForSigusr1(ready func(mp *M), timeoutNS int64) (int64, int64) {
+// the ID of the M the SIGUSR1 was received on. If the caller writes
+// a non-zero byte to w, WaitForSigusr1 returns immediately with -1, -1.
+func WaitForSigusr1(r, w int32, ready func(mp *M)) (int64, int64) {
lockOSThread()
// Make sure we can receive SIGUSR1.
unblocksig(_SIGUSR1)
+ waitForSigusr1.rdpipe = r
+ waitForSigusr1.wrpipe = w
+
mp := getg().m
testSigusr1 = waitForSigusr1Callback
ready(mp)
- ok := notetsleepg(&waitForSigusr1.park, timeoutNS)
- noteclear(&waitForSigusr1.park)
+
+ // Wait for the signal. We use a pipe rather than a note
+ // because write is always async-signal-safe.
+ entersyscallblock()
+ var b byte
+ read(waitForSigusr1.rdpipe, noescape(unsafe.Pointer(&b)), 1)
+ exitsyscall()
+
gotM := waitForSigusr1.mID
testSigusr1 = nil
unlockOSThread()
- if !ok {
+ if b != 0 {
+ // timeout signal from caller
return -1, -1
}
return mp.id, gotM
@@ -69,7 +83,8 @@
} else {
waitForSigusr1.mID = gp.m.id
}
- notewakeup(&waitForSigusr1.park)
+ b := byte(0)
+ write(uintptr(waitForSigusr1.wrpipe), noescape(unsafe.Pointer(&b)), 1)
return true
}
diff --git a/src/runtime/mgcscavenge.go b/src/runtime/mgcscavenge.go
index 4c2fb44..9c45ce8 100644
--- a/src/runtime/mgcscavenge.go
+++ b/src/runtime/mgcscavenge.go
@@ -408,13 +408,20 @@
// Check the chunk containing the scav addr, starting at the addr
// and see if there are any free and unscavenged pages.
ci := chunkIndex(s.scavAddr)
- base, npages := s.chunks[ci].findScavengeCandidate(chunkPageIndex(s.scavAddr), minPages, maxPages)
+ if s.summary[len(s.summary)-1][ci].max() >= uint(minPages) {
+ // We only bother looking for a candidate if there at least
+ // minPages free pages at all. It's important that we only
+ // continue if the summary says we can because that's how
+ // we can tell if parts of the address space are unused.
+ // See the comment on s.chunks in mpagealloc.go.
+ base, npages := s.chunks[ci].findScavengeCandidate(chunkPageIndex(s.scavAddr), minPages, maxPages)
- // If we found something, scavenge it and return!
- if npages != 0 {
- s.scavengeRangeLocked(ci, base, npages)
- unlockHeap()
- return uintptr(npages) * pageSize
+ // If we found something, scavenge it and return!
+ if npages != 0 {
+ s.scavengeRangeLocked(ci, base, npages)
+ unlockHeap()
+ return uintptr(npages) * pageSize
+ }
}
unlockHeap()
@@ -514,7 +521,7 @@
// "[It] works by first zeroing the high bits of the [8]
// bytes in the word. Subsequently, it adds a number that
// will result in an overflow to the high bit of a byte if
- // any of the low bits were initialy set. Next the high
+ // any of the low bits were initially set. Next the high
// bits of the original word are ORed with these values;
// thus, the high bit of a byte is set iff any bit in the
// byte was set. Finally, we determine if any of these high
@@ -602,9 +609,10 @@
// findScavengeCandidate effectively returns entire free and unscavenged regions.
// If max < pallocChunkPages, it may truncate the returned region such that size is
// max. However, findScavengeCandidate may still return a larger region if, for
-// example, it chooses to preserve huge pages. That is, even if max is small,
-// size is not guaranteed to be equal to max. max is allowed to be less than min,
-// in which case it is as if max == min.
+// example, it chooses to preserve huge pages, or if max is not aligned to min (it
+// will round up). That is, even if max is small, the returned size is not guaranteed
+// to be equal to max. max is allowed to be less than min, in which case it is as if
+// max == min.
func (m *pallocData) findScavengeCandidate(searchIdx uint, min, max uintptr) (uint, uint) {
if min&(min-1) != 0 || min == 0 {
print("runtime: min = ", min, "\n")
@@ -613,10 +621,15 @@
print("runtime: min = ", min, "\n")
throw("min too large")
}
- // max is allowed to be less than min, but we need to ensure
- // we never truncate further than min.
- if max < min {
+ // max may not be min-aligned, so we might accidentally truncate to
+ // a max value which causes us to return a non-min-aligned value.
+ // To prevent this, align max up to a multiple of min (which is always
+ // a power of 2). This also prevents max from ever being less than
+ // min, unless it's zero, so handle that explicitly.
+ if max == 0 {
max = min
+ } else {
+ max = alignUp(max, min)
}
i := int(searchIdx / 64)
diff --git a/src/runtime/mgcscavenge_test.go b/src/runtime/mgcscavenge_test.go
index ca50745..518d5ab 100644
--- a/src/runtime/mgcscavenge_test.go
+++ b/src/runtime/mgcscavenge_test.go
@@ -184,6 +184,12 @@
max: 3 * m,
want: BitRange{128, 3 * uint(m)},
}
+ tests["Max0"+suffix] = test{
+ scavenged: []BitRange{{0, PallocChunkPages - uint(m)}},
+ min: m,
+ max: 0,
+ want: BitRange{PallocChunkPages - uint(m), uint(m)},
+ }
if m <= 8 {
tests["OneFree"] = test{
alloc: []BitRange{{0, 40}, {40 + uint(m), PallocChunkPages - (40 + uint(m))}},
@@ -200,6 +206,12 @@
}
}
if m > 1 {
+ tests["MaxUnaligned"+suffix] = test{
+ scavenged: []BitRange{{0, PallocChunkPages - uint(m*2-1)}},
+ min: m,
+ max: m - 2,
+ want: BitRange{PallocChunkPages - uint(m), uint(m)},
+ }
tests["SkipSmall"+suffix] = test{
alloc: []BitRange{{0, 64 - uint(m)}, {64, 5}, {70, 11}, {82, PallocChunkPages - 82}},
min: m,
@@ -361,6 +373,25 @@
BaseChunkIdx + 1: {{0, PallocChunkPages}},
},
},
+ "ScavDiscontiguous": {
+ beforeAlloc: map[ChunkIdx][]BitRange{
+ BaseChunkIdx: {},
+ BaseChunkIdx + 0xe: {},
+ },
+ beforeScav: map[ChunkIdx][]BitRange{
+ BaseChunkIdx: {{uint(minPages), PallocChunkPages - uint(2*minPages)}},
+ BaseChunkIdx + 0xe: {{uint(2 * minPages), PallocChunkPages - uint(2*minPages)}},
+ },
+ expect: []test{
+ {2 * minPages * PageSize, 2 * minPages * PageSize},
+ {^uintptr(0), 2 * minPages * PageSize},
+ {^uintptr(0), 0},
+ },
+ afterScav: map[ChunkIdx][]BitRange{
+ BaseChunkIdx: {{0, PallocChunkPages}},
+ BaseChunkIdx + 0xe: {{0, PallocChunkPages}},
+ },
+ },
}
for name, v := range tests {
v := v
diff --git a/src/runtime/mheap.go b/src/runtime/mheap.go
index e87da93..3f3e367 100644
--- a/src/runtime/mheap.go
+++ b/src/runtime/mheap.go
@@ -1419,7 +1419,7 @@
// unscav and adds it into scav before continuing.
func (h *mheap) scavengeAll() {
// Disallow malloc or panic while holding the heap lock. We do
- // this here because this is an non-mallocgc entry-point to
+ // this here because this is a non-mallocgc entry-point to
// the mheap API.
gp := getg()
gp.m.mallocing++
diff --git a/src/runtime/mkpreempt.go b/src/runtime/mkpreempt.go
index 987740c..615ec18 100644
--- a/src/runtime/mkpreempt.go
+++ b/src/runtime/mkpreempt.go
@@ -342,6 +342,12 @@
p("MOVD R29, -8(RSP)") // save frame pointer (only used on Linux)
p("SUB $8, RSP, R29") // set up new frame pointer
p("#endif")
+ // On darwin, save the LR again after decrementing SP. We run the
+ // signal handler on the G stack (as it doesn't support SA_ONSTACK),
+ // so any writes below SP may be clobbered.
+ p("#ifdef GOOS_darwin")
+ p("MOVD R30, (RSP)")
+ p("#endif")
l.save()
p("CALL ·asyncPreempt2(SB)")
diff --git a/src/runtime/os_darwin_arm.go b/src/runtime/os_darwin_arm.go
index ee1bd17..2703e3c 100644
--- a/src/runtime/os_darwin_arm.go
+++ b/src/runtime/os_darwin_arm.go
@@ -19,6 +19,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_darwin_arm64.go b/src/runtime/os_darwin_arm64.go
index 8de132d..b808150 100644
--- a/src/runtime/os_darwin_arm64.go
+++ b/src/runtime/os_darwin_arm64.go
@@ -8,6 +8,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_freebsd_arm.go b/src/runtime/os_freebsd_arm.go
index 3edd381..3feaa5e 100644
--- a/src/runtime/os_freebsd_arm.go
+++ b/src/runtime/os_freebsd_arm.go
@@ -44,6 +44,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_freebsd_arm64.go b/src/runtime/os_freebsd_arm64.go
index 800bd2f..51ebf9d 100644
--- a/src/runtime/os_freebsd_arm64.go
+++ b/src/runtime/os_freebsd_arm64.go
@@ -151,6 +151,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed fastrand().
// nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_js.go b/src/runtime/os_js.go
index 3738c9b..ff0ee3a 100644
--- a/src/runtime/os_js.go
+++ b/src/runtime/os_js.go
@@ -131,7 +131,6 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_linux_arm.go b/src/runtime/os_linux_arm.go
index 207b0e4..5f89c30 100644
--- a/src/runtime/os_linux_arm.go
+++ b/src/runtime/os_linux_arm.go
@@ -11,8 +11,6 @@
_HWCAP_VFPv3 = 1 << 13 // introduced in 2.6.30
)
-var randomNumber uint32
-
func checkgoarm() {
// On Android, /proc/self/auxv might be unreadable and hwcap won't
// reflect the CPU capabilities. Assume that every Android arm device
@@ -34,13 +32,6 @@
func archauxv(tag, val uintptr) {
switch tag {
- case _AT_RANDOM:
- // sysargs filled in startupRandomData, but that
- // pointer may not be word aligned, so we must treat
- // it as a byte array.
- randomNumber = uint32(startupRandomData[4]) | uint32(startupRandomData[5])<<8 |
- uint32(startupRandomData[6])<<16 | uint32(startupRandomData[7])<<24
-
case _AT_HWCAP:
cpu.HWCap = uint(val)
case _AT_HWCAP2:
@@ -52,6 +43,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed fastrand().
// nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // randomNumber provides better seeding of fastrand.
- return nanotime() + int64(randomNumber)
+ return nanotime()
}
diff --git a/src/runtime/os_linux_arm64.go b/src/runtime/os_linux_arm64.go
index 2d6f68b..b51bc88 100644
--- a/src/runtime/os_linux_arm64.go
+++ b/src/runtime/os_linux_arm64.go
@@ -8,17 +8,8 @@
import "internal/cpu"
-var randomNumber uint32
-
func archauxv(tag, val uintptr) {
switch tag {
- case _AT_RANDOM:
- // sysargs filled in startupRandomData, but that
- // pointer may not be word aligned, so we must treat
- // it as a byte array.
- randomNumber = uint32(startupRandomData[4]) | uint32(startupRandomData[5])<<8 |
- uint32(startupRandomData[6])<<16 | uint32(startupRandomData[7])<<24
-
case _AT_HWCAP:
// arm64 doesn't have a 'cpuid' instruction equivalent and relies on
// HWCAP/HWCAP2 bits for hardware capabilities.
@@ -40,6 +31,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed fastrand().
// nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // randomNumber provides better seeding of fastrand.
- return nanotime() + int64(randomNumber)
+ return nanotime()
}
diff --git a/src/runtime/os_linux_mips64x.go b/src/runtime/os_linux_mips64x.go
index 0d7b84d..59d2a8f 100644
--- a/src/runtime/os_linux_mips64x.go
+++ b/src/runtime/os_linux_mips64x.go
@@ -7,25 +7,14 @@
package runtime
-var randomNumber uint32
-
func archauxv(tag, val uintptr) {
- switch tag {
- case _AT_RANDOM:
- // sysargs filled in startupRandomData, but that
- // pointer may not be word aligned, so we must treat
- // it as a byte array.
- randomNumber = uint32(startupRandomData[4]) | uint32(startupRandomData[5])<<8 |
- uint32(startupRandomData[6])<<16 | uint32(startupRandomData[7])<<24
- }
}
//go:nosplit
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed fastrand().
// nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // randomNumber provides better seeding of fastrand.
- return nanotime() + int64(randomNumber)
+ return nanotime()
}
const (
diff --git a/src/runtime/os_linux_mipsx.go b/src/runtime/os_linux_mipsx.go
index e0548ec..ccdc3a7 100644
--- a/src/runtime/os_linux_mipsx.go
+++ b/src/runtime/os_linux_mipsx.go
@@ -7,25 +7,14 @@
package runtime
-var randomNumber uint32
-
func archauxv(tag, val uintptr) {
- switch tag {
- case _AT_RANDOM:
- // sysargs filled in startupRandomData, but that
- // pointer may not be word aligned, so we must treat
- // it as a byte array.
- randomNumber = uint32(startupRandomData[4]) | uint32(startupRandomData[5])<<8 |
- uint32(startupRandomData[6])<<16 | uint32(startupRandomData[7])<<24
- }
}
//go:nosplit
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed fastrand().
// nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // randomNumber provides better seeding of fastrand1.
- return nanotime() + int64(randomNumber)
+ return nanotime()
}
const (
diff --git a/src/runtime/os_netbsd_arm.go b/src/runtime/os_netbsd_arm.go
index 95603da..b5ec23e 100644
--- a/src/runtime/os_netbsd_arm.go
+++ b/src/runtime/os_netbsd_arm.go
@@ -30,6 +30,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_netbsd_arm64.go b/src/runtime/os_netbsd_arm64.go
index fd81eb7..8d21b0a 100644
--- a/src/runtime/os_netbsd_arm64.go
+++ b/src/runtime/os_netbsd_arm64.go
@@ -19,6 +19,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_openbsd_arm.go b/src/runtime/os_openbsd_arm.go
index be2e1e9..0a24096 100644
--- a/src/runtime/os_openbsd_arm.go
+++ b/src/runtime/os_openbsd_arm.go
@@ -19,6 +19,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_openbsd_arm64.go b/src/runtime/os_openbsd_arm64.go
index f15a95b..d559a2a 100644
--- a/src/runtime/os_openbsd_arm64.go
+++ b/src/runtime/os_openbsd_arm64.go
@@ -12,7 +12,6 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/os_plan9_arm.go b/src/runtime/os_plan9_arm.go
index fdce1e7..f165a34 100644
--- a/src/runtime/os_plan9_arm.go
+++ b/src/runtime/os_plan9_arm.go
@@ -12,6 +12,5 @@
func cputicks() int64 {
// Currently cputicks() is used in blocking profiler and to seed runtime·fastrand().
// runtime·nanotime() is a poor approximation of CPU ticks that is enough for the profiler.
- // TODO: need more entropy to better seed fastrand.
return nanotime()
}
diff --git a/src/runtime/panic.go b/src/runtime/panic.go
index 31bf311..0823f11 100644
--- a/src/runtime/panic.go
+++ b/src/runtime/panic.go
@@ -283,7 +283,7 @@
d.varp = 0
// The lines below implement:
// d.panic = nil
- // d.fp = nil
+ // d.fd = nil
// d.link = gp._defer
// gp._defer = d
// But without write barriers. The first three are writes to
diff --git a/src/runtime/pprof/pprof_test.go b/src/runtime/pprof/pprof_test.go
index 5cbe9ab..64e03ae 100644
--- a/src/runtime/pprof/pprof_test.go
+++ b/src/runtime/pprof/pprof_test.go
@@ -16,7 +16,6 @@
"math/big"
"os"
"os/exec"
- "reflect"
"regexp"
"runtime"
"runtime/pprof/internal/profile"
@@ -108,17 +107,21 @@
// containsInlinedCall reports whether the function body for the function f is
// known to contain an inlined function call within the first maxBytes bytes.
func containsInlinedCall(f interface{}, maxBytes int) bool {
- rf := reflect.ValueOf(f)
- if rf.Kind() != reflect.Func {
- panic(fmt.Sprintf("%T is not a function", f))
- }
- fFunc := runtime.FuncForPC(rf.Pointer())
+ _, found := findInlinedCall(f, maxBytes)
+ return found
+}
+
+// findInlinedCall returns the PC of an inlined function call within
+// the function body for the function f if any.
+func findInlinedCall(f interface{}, maxBytes int) (pc uint64, found bool) {
+ fFunc := runtime.FuncForPC(uintptr(funcPC(f)))
if fFunc == nil || fFunc.Entry() == 0 {
panic("failed to locate function entry")
}
for offset := 0; offset < maxBytes; offset++ {
- inner := runtime.FuncForPC(fFunc.Entry() + uintptr(offset))
+ innerPC := fFunc.Entry() + uintptr(offset)
+ inner := runtime.FuncForPC(innerPC)
if inner == nil {
// No function known for this PC value.
// It might simply be misaligned, so keep searching.
@@ -131,16 +134,16 @@
if inner.Name() != fFunc.Name() {
// This PC has f as its entry-point, but is not f. Therefore, it must be a
// function inlined into f.
- return true
+ return uint64(innerPC), true
}
}
- return false
+ return 0, false
}
func TestCPUProfileInlining(t *testing.T) {
if !containsInlinedCall(inlinedCaller, 4<<10) {
- t.Skipf("Can't determine whether inlinedCallee was inlined into inlinedCaller.")
+ t.Skip("Can't determine whether inlinedCallee was inlined into inlinedCaller.")
}
p := testCPUProfile(t, stackContains, []string{"runtime/pprof.inlinedCallee", "runtime/pprof.inlinedCaller"}, avoidFunctions(), func(dur time.Duration) {
@@ -1135,3 +1138,85 @@
runtime.Stack(buf, true)
}
}
+
+// TestTryAdd tests the cases that's hard to test with real program execution.
+// For example, the current go compilers may not inline functions involved in recursion
+// but that may not be true in the future compilers. This tests such cases by
+// using fake call sequences and forcing the profile build utilizing
+// translateCPUProfile defined in proto_test.go
+func TestTryAdd(t *testing.T) {
+ inlinedCallerPtr := uint64(funcPC(inlinedCaller)) + 1
+ inlinedCalleePtr, found := findInlinedCall(inlinedCaller, 4<<10)
+ if !found {
+ t.Skip("Can't determine whether inlinedCallee was inlined into inlinedCaller.")
+ }
+ inlinedCalleePtr += 1 // +1 to be safely inside of the function body.
+
+ period := int64(2000 * 1000) // 1/500*1e9 nanosec.
+
+ testCases := []struct {
+ name string
+ input []uint64 // following the input format assumed by profileBuilder.addCPUData.
+ wantLocs [][]string // ordered location entries with function names.
+ wantSamples []*profile.Sample // ordered samples, we care only about Value and the profile location IDs.
+ }{{
+ name: "bug35538",
+ input: []uint64{
+ 3, 0, 500, // hz = 500. Must match the period.
+ 7, 0, 10, inlinedCalleePtr, inlinedCallerPtr, inlinedCalleePtr, inlinedCallerPtr,
+ 5, 0, 20, inlinedCalleePtr, inlinedCallerPtr,
+ },
+ wantLocs: [][]string{{"runtime/pprof.inlinedCallee", "runtime/pprof.inlinedCaller"}},
+ wantSamples: []*profile.Sample{
+ {Value: []int64{10, 10 * period}, Location: []*profile.Location{{ID: 1}, {ID: 1}}},
+ {Value: []int64{20, 20 * period}, Location: []*profile.Location{{ID: 1}}},
+ },
+ }, {
+ name: "recursive_inlined_funcs",
+ input: []uint64{
+ 3, 0, 500, // hz = 500. Must match the period.
+ 5, 0, 30, inlinedCalleePtr, inlinedCalleePtr,
+ 4, 0, 40, inlinedCalleePtr,
+ },
+ wantLocs: [][]string{{"runtime/pprof.inlinedCallee"}},
+ wantSamples: []*profile.Sample{
+ {Value: []int64{30, 30 * period}, Location: []*profile.Location{{ID: 1}, {ID: 1}}},
+ {Value: []int64{40, 40 * period}, Location: []*profile.Location{{ID: 1}}},
+ },
+ }}
+
+ for _, tc := range testCases {
+ t.Run(tc.name, func(t *testing.T) {
+ p, err := translateCPUProfile(tc.input)
+ if err != nil {
+ t.Fatalf("translating profile: %v", err)
+ }
+ t.Logf("Profile: %v\n", p)
+
+ // One location entry with all inlined functions.
+ var gotLoc [][]string
+ for _, loc := range p.Location {
+ var names []string
+ for _, line := range loc.Line {
+ names = append(names, line.Function.Name)
+ }
+ gotLoc = append(gotLoc, names)
+ }
+ if got, want := fmtJSON(gotLoc), fmtJSON(tc.wantLocs); got != want {
+ t.Errorf("Got Location = %+v\n\twant %+v", got, want)
+ }
+ // All samples should point to one location.
+ var gotSamples []*profile.Sample
+ for _, sample := range p.Sample {
+ var locs []*profile.Location
+ for _, loc := range sample.Location {
+ locs = append(locs, &profile.Location{ID: loc.ID})
+ }
+ gotSamples = append(gotSamples, &profile.Sample{Value: sample.Value, Location: locs})
+ }
+ if got, want := fmtJSON(gotSamples), fmtJSON(tc.wantSamples); got != want {
+ t.Errorf("Got Samples = %+v\n\twant %+v", got, want)
+ }
+ })
+ }
+}
diff --git a/src/runtime/pprof/proto.go b/src/runtime/pprof/proto.go
index 3e6012d..a42cd80 100644
--- a/src/runtime/pprof/proto.go
+++ b/src/runtime/pprof/proto.go
@@ -471,13 +471,12 @@
func (d *pcDeck) tryAdd(pc uintptr, frames []runtime.Frame, symbolizeResult symbolizeFlag) (success bool) {
if existing := len(d.pcs); existing > 0 {
// 'frames' are all expanded from one 'pc' and represent all inlined functions
- // so we check only the first one.
+ // so we check only the last one.
newFrame := frames[0]
last := d.frames[existing-1]
- if last.Func != nil && newFrame.Func != nil { // Can't be an inlined frame.
+ if last.Func != nil { // the last frame can't be inlined. Flush.
return false
}
-
if last.Entry == 0 || newFrame.Entry == 0 { // Possibly not a Go function. Don't try to merge.
return false
}
diff --git a/src/runtime/preempt_arm64.s b/src/runtime/preempt_arm64.s
index 3a7cdf4..3c27b52 100644
--- a/src/runtime/preempt_arm64.s
+++ b/src/runtime/preempt_arm64.s
@@ -10,6 +10,9 @@
MOVD R29, -8(RSP)
SUB $8, RSP, R29
#endif
+ #ifdef GOOS_darwin
+ MOVD R30, (RSP)
+ #endif
MOVD R0, 8(RSP)
MOVD R1, 16(RSP)
MOVD R2, 24(RSP)
diff --git a/src/runtime/proc.go b/src/runtime/proc.go
index 56e9530..34d5928 100644
--- a/src/runtime/proc.go
+++ b/src/runtime/proc.go
@@ -543,6 +543,7 @@
moduledataverify()
stackinit()
mallocinit()
+ fastrandinit() // must run before mcommoninit
mcommoninit(_g_.m)
cpuinit() // must run before alginit
alginit() // maps must not be used before this call
@@ -620,8 +621,8 @@
sched.mnext++
checkmcount()
- mp.fastrand[0] = 1597334677 * uint32(mp.id)
- mp.fastrand[1] = uint32(cputicks())
+ mp.fastrand[0] = uint32(int64Hash(uint64(mp.id), fastrandseed))
+ mp.fastrand[1] = uint32(int64Hash(uint64(cputicks()), ^fastrandseed))
if mp.fastrand[0]|mp.fastrand[1] == 0 {
mp.fastrand[1] = 1
}
@@ -646,6 +647,13 @@
}
}
+var fastrandseed uintptr
+
+func fastrandinit() {
+ s := (*[unsafe.Sizeof(fastrandseed)]byte)(unsafe.Pointer(&fastrandseed))[:]
+ getRandomData(s)
+}
+
// Mark gp ready to run.
func ready(gp *g, traceskip int, next bool) {
if trace.enabled {
@@ -4065,10 +4073,17 @@
}
if len(pp.timers) > 0 {
plocal := getg().m.p.ptr()
- // The world is stopped so we don't need to hold timersLock.
+ // The world is stopped, but we acquire timersLock to
+ // protect against sysmon calling timeSleepUntil.
+ // This is the only case where we hold the timersLock of
+ // more than one P, so there are no deadlock concerns.
+ lock(&plocal.timersLock)
+ lock(&pp.timersLock)
moveTimers(plocal, pp.timers)
pp.timers = nil
pp.adjustTimers = 0
+ unlock(&pp.timersLock)
+ unlock(&plocal.timersLock)
}
// If there's a background worker, make it runnable and put
// it on the global queue so it can clean itself up.
diff --git a/src/runtime/signal_arm64.go b/src/runtime/signal_arm64.go
index fb09aff..db2ab27 100644
--- a/src/runtime/signal_arm64.go
+++ b/src/runtime/signal_arm64.go
@@ -79,9 +79,7 @@
c.set_pc(uint64(funcPC(sigpanic)))
}
-// TODO(issue 35439): enabling async preemption causes failures on darwin/arm64.
-// Disable for now.
-const pushCallSupported = GOOS != "darwin"
+const pushCallSupported = true
func (c *sigctxt) pushCall(targetPC uintptr) {
// Push the LR to stack, as we'll clobber it in order to
diff --git a/src/runtime/signal_unix.go b/src/runtime/signal_unix.go
index 35e6412..f42de36 100644
--- a/src/runtime/signal_unix.go
+++ b/src/runtime/signal_unix.go
@@ -861,11 +861,22 @@
throw("signal received during fork")
}
+var badginsignalMsg = "fatal: bad g in signal handler\n"
+
// This runs on a foreign stack, without an m or a g. No stack split.
//go:nosplit
//go:norace
//go:nowritebarrierrec
func badsignal(sig uintptr, c *sigctxt) {
+ if !iscgo && !cgoHasExtraM {
+ // There is no extra M. needm will not be able to grab
+ // an M. Instead of hanging, just crash.
+ // Cannot call split-stack function as there is no G.
+ s := stringStructOf(&badginsignalMsg)
+ write(2, s.str, int32(s.len))
+ exit(2)
+ *(*uintptr)(unsafe.Pointer(uintptr(123))) = 2
+ }
needm(0)
if !sigsend(uint32(sig)) {
// A foreign thread received the signal sig, and the
diff --git a/src/runtime/slice.go b/src/runtime/slice.go
index 79cfc69..16937a2 100644
--- a/src/runtime/slice.go
+++ b/src/runtime/slice.go
@@ -16,7 +16,7 @@
cap int
}
-// An notInHeapSlice is a slice backed by go:notinheap memory.
+// A notInHeapSlice is a slice backed by go:notinheap memory.
type notInHeapSlice struct {
array *notInHeap
len int
diff --git a/src/runtime/stack.go b/src/runtime/stack.go
index 68b2443..84fbd33 100644
--- a/src/runtime/stack.go
+++ b/src/runtime/stack.go
@@ -627,7 +627,7 @@
print(" adjusting ", funcname(f), " frame=[", hex(frame.sp), ",", hex(frame.fp), "] pc=", hex(frame.pc), " continpc=", hex(frame.continpc), "\n")
}
if f.funcID == funcID_systemstack_switch {
- // A special routine at the bottom of stack of a goroutine that does an systemstack call.
+ // A special routine at the bottom of stack of a goroutine that does a systemstack call.
// We will allow it to be copied even though we don't
// have full GC info for it (because it is written in asm).
return true
diff --git a/src/runtime/time.go b/src/runtime/time.go
index 39df413..47b3262 100644
--- a/src/runtime/time.go
+++ b/src/runtime/time.go
@@ -855,8 +855,8 @@
// moveTimers moves a slice of timers to pp. The slice has been taken
// from a different P.
-// This is currently called when the world is stopped, but it could
-// work as long as the timers for pp are locked.
+// This is currently called when the world is stopped, but the caller
+// is expected to have locked the timers for pp.
func moveTimers(pp *p, timers []*timer) {
for _, t := range timers {
loop:
diff --git a/src/strconv/example_test.go b/src/strconv/example_test.go
index 50f6b20..3b4cedb 100644
--- a/src/strconv/example_test.go
+++ b/src/strconv/example_test.go
@@ -294,7 +294,8 @@
}
func ExampleQuote() {
- s := strconv.Quote(`"Fran & Freddie's Diner ☺"`) // there is a tab character inside the string literal
+ // This string literal contains a tab character.
+ s := strconv.Quote(`"Fran & Freddie's Diner ☺"`)
fmt.Println(s)
// Output:
@@ -338,7 +339,8 @@
}
func ExampleQuoteToASCII() {
- s := strconv.QuoteToASCII(`"Fran & Freddie's Diner ☺"`) // there is a tab character inside the string literal
+ // This string literal contains a tab character.
+ s := strconv.QuoteToASCII(`"Fran & Freddie's Diner ☺"`)
fmt.Println(s)
// Output:
@@ -349,7 +351,8 @@
s := strconv.QuoteToGraphic("☺")
fmt.Println(s)
- s = strconv.QuoteToGraphic("This is a \u263a \u000a") // there is a tab character inside the string literal
+ // This string literal contains a tab character.
+ s = strconv.QuoteToGraphic("This is a \u263a \u000a")
fmt.Println(s)
s = strconv.QuoteToGraphic(`" This is a ☺ \n "`)
diff --git a/src/syscall/types_linux.go b/src/syscall/types_linux.go
index 9c9c521..b47c323 100644
--- a/src/syscall/types_linux.go
+++ b/src/syscall/types_linux.go
@@ -111,12 +111,13 @@
// The real epoll_event is a union, and godefs doesn't handle it well.
struct my_epoll_event {
uint32_t events;
-#if defined(__ARM_EABI__) || (defined(__mips__) && _MIPS_SIM == _ABIO32)
+#if defined(__ARM_EABI__) || defined(__aarch64__) || (defined(__mips__) && _MIPS_SIM == _ABIO32)
// padding is not specified in linux/eventpoll.h but added to conform to the
// alignment requirements of EABI
int32_t padFd;
#endif
-#if defined(__powerpc64__) || defined(__s390x__) || (defined(__riscv_xlen) && __riscv_xlen == 64)
+#if defined(__powerpc64__) || defined(__s390x__) || (defined(__riscv_xlen) && __riscv_xlen == 64) \
+ || (defined(__mips__) && _MIPS_SIM == _MIPS_SIM_ABI64)
int32_t _padFd;
#endif
int32_t fd;
diff --git a/src/syscall/ztypes_linux_arm64.go b/src/syscall/ztypes_linux_arm64.go
index d7e3526..f63391c 100644
--- a/src/syscall/ztypes_linux_arm64.go
+++ b/src/syscall/ztypes_linux_arm64.go
@@ -564,6 +564,7 @@
type EpollEvent struct {
Events uint32
+ _ int32
Fd int32
Pad int32
}
diff --git a/src/syscall/ztypes_linux_mips64.go b/src/syscall/ztypes_linux_mips64.go
index cfcfd85..75a5bc4 100644
--- a/src/syscall/ztypes_linux_mips64.go
+++ b/src/syscall/ztypes_linux_mips64.go
@@ -569,6 +569,7 @@
type EpollEvent struct {
Events uint32
+ _ int32
Fd int32
Pad int32
}
diff --git a/src/syscall/ztypes_linux_mips64le.go b/src/syscall/ztypes_linux_mips64le.go
index cfcfd85..75a5bc4 100644
--- a/src/syscall/ztypes_linux_mips64le.go
+++ b/src/syscall/ztypes_linux_mips64le.go
@@ -569,6 +569,7 @@
type EpollEvent struct {
Events uint32
+ _ int32
Fd int32
Pad int32
}
diff --git a/src/text/template/exec.go b/src/text/template/exec.go
index f9bc5d9..ac3e741 100644
--- a/src/text/template/exec.go
+++ b/src/text/template/exec.go
@@ -461,7 +461,8 @@
// Must be a function.
return s.evalFunction(dot, n, cmd, cmd.Args, final)
case *parse.PipeNode:
- // Parenthesized pipeline. The arguments are all inside the pipeline; final is ignored.
+ // Parenthesized pipeline. The arguments are all inside the pipeline; final must be absent.
+ s.notAFunction(cmd.Args, final)
return s.evalPipeline(dot, n)
case *parse.VariableNode:
return s.evalVariableNode(dot, n, cmd.Args, final)
diff --git a/src/text/template/exec_test.go b/src/text/template/exec_test.go
index f24a59e..2b299b0 100644
--- a/src/text/template/exec_test.go
+++ b/src/text/template/exec_test.go
@@ -352,6 +352,12 @@
{"field on interface", "{{.foo}}", "<no value>", nil, true},
{"field on parenthesized interface", "{{(.).foo}}", "<no value>", nil, true},
+ // Issue 31810: Parenthesized first element of pipeline with arguments.
+ // See also TestIssue31810.
+ {"unparenthesized non-function", "{{1 2}}", "", nil, false},
+ {"parenthesized non-function", "{{(1) 2}}", "", nil, false},
+ {"parenthesized non-function with no args", "{{(1)}}", "1", nil, true}, // This is fine.
+
// Method calls.
{".Method0", "-{{.Method0}}-", "-M0-", tVal, true},
{".Method1(1234)", "-{{.Method1 1234}}-", "-1234-", tVal, true},
@@ -1648,3 +1654,41 @@
}
}
}
+
+// Issue 31810. Check that a parenthesized first argument behaves properly.
+func TestIssue31810(t *testing.T) {
+ // A simple value with no arguments is fine.
+ var b bytes.Buffer
+ const text = "{{ (.) }}"
+ tmpl, err := New("").Parse(text)
+ if err != nil {
+ t.Error(err)
+ }
+ err = tmpl.Execute(&b, "result")
+ if err != nil {
+ t.Error(err)
+ }
+ if b.String() != "result" {
+ t.Errorf("%s got %q, expected %q", text, b.String(), "result")
+ }
+
+ // Even a plain function fails - need to use call.
+ f := func() string { return "result" }
+ b.Reset()
+ err = tmpl.Execute(&b, f)
+ if err == nil {
+ t.Error("expected error with no call, got none")
+ }
+
+ // Works if the function is explicitly called.
+ const textCall = "{{ (call .) }}"
+ tmpl, err = New("").Parse(textCall)
+ b.Reset()
+ err = tmpl.Execute(&b, f)
+ if err != nil {
+ t.Error(err)
+ }
+ if b.String() != "result" {
+ t.Errorf("%s got %q, expected %q", textCall, b.String(), "result")
+ }
+}
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go b/src/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
new file mode 100644
index 0000000..87f1e36
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_arm64.go
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.11
+// +build !gccgo,!appengine
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+ xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/asm_arm64.s b/src/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
similarity index 100%
rename from src/vendor/golang.org/x/crypto/internal/chacha20/asm_arm64.s
rename to src/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_generic.go b/src/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
new file mode 100644
index 0000000..098ec9f
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_generic.go
@@ -0,0 +1,364 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package chacha20 implements the ChaCha20 and XChaCha20 encryption algorithms
+// as specified in RFC 8439 and draft-irtf-cfrg-xchacha-01.
+package chacha20
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "errors"
+ "math/bits"
+
+ "golang.org/x/crypto/internal/subtle"
+)
+
+const (
+ // KeySize is the size of the key used by this cipher, in bytes.
+ KeySize = 32
+
+ // NonceSize is the size of the nonce used with the standard variant of this
+ // cipher, in bytes.
+ //
+ // Note that this is too short to be safely generated at random if the same
+ // key is reused more than 2³² times.
+ NonceSize = 12
+
+ // NonceSizeX is the size of the nonce used with the XChaCha20 variant of
+ // this cipher, in bytes.
+ NonceSizeX = 24
+)
+
+// Cipher is a stateful instance of ChaCha20 or XChaCha20 using a particular key
+// and nonce. A *Cipher implements the cipher.Stream interface.
+type Cipher struct {
+ // The ChaCha20 state is 16 words: 4 constant, 8 of key, 1 of counter
+ // (incremented after each block), and 3 of nonce.
+ key [8]uint32
+ counter uint32
+ nonce [3]uint32
+
+ // The last len bytes of buf are leftover key stream bytes from the previous
+ // XORKeyStream invocation. The size of buf depends on how many blocks are
+ // computed at a time.
+ buf [bufSize]byte
+ len int
+
+ // The counter-independent results of the first round are cached after they
+ // are computed the first time.
+ precompDone bool
+ p1, p5, p9, p13 uint32
+ p2, p6, p10, p14 uint32
+ p3, p7, p11, p15 uint32
+}
+
+var _ cipher.Stream = (*Cipher)(nil)
+
+// NewUnauthenticatedCipher creates a new ChaCha20 stream cipher with the given
+// 32 bytes key and a 12 or 24 bytes nonce. If a nonce of 24 bytes is provided,
+// the XChaCha20 construction will be used. It returns an error if key or nonce
+// have any other length.
+//
+// Note that ChaCha20, like all stream ciphers, is not authenticated and allows
+// attackers to silently tamper with the plaintext. For this reason, it is more
+// appropriate as a building block than as a standalone encryption mechanism.
+// Instead, consider using package golang.org/x/crypto/chacha20poly1305.
+func NewUnauthenticatedCipher(key, nonce []byte) (*Cipher, error) {
+ // This function is split into a wrapper so that the Cipher allocation will
+ // be inlined, and depending on how the caller uses the return value, won't
+ // escape to the heap.
+ c := &Cipher{}
+ return newUnauthenticatedCipher(c, key, nonce)
+}
+
+func newUnauthenticatedCipher(c *Cipher, key, nonce []byte) (*Cipher, error) {
+ if len(key) != KeySize {
+ return nil, errors.New("chacha20: wrong key size")
+ }
+ if len(nonce) == NonceSizeX {
+ // XChaCha20 uses the ChaCha20 core to mix 16 bytes of the nonce into a
+ // derived key, allowing it to operate on a nonce of 24 bytes. See
+ // draft-irtf-cfrg-xchacha-01, Section 2.3.
+ key, _ = HChaCha20(key, nonce[0:16])
+ cNonce := make([]byte, NonceSize)
+ copy(cNonce[4:12], nonce[16:24])
+ nonce = cNonce
+ } else if len(nonce) != NonceSize {
+ return nil, errors.New("chacha20: wrong nonce size")
+ }
+
+ c.key = [8]uint32{
+ binary.LittleEndian.Uint32(key[0:4]),
+ binary.LittleEndian.Uint32(key[4:8]),
+ binary.LittleEndian.Uint32(key[8:12]),
+ binary.LittleEndian.Uint32(key[12:16]),
+ binary.LittleEndian.Uint32(key[16:20]),
+ binary.LittleEndian.Uint32(key[20:24]),
+ binary.LittleEndian.Uint32(key[24:28]),
+ binary.LittleEndian.Uint32(key[28:32]),
+ }
+ c.nonce = [3]uint32{
+ binary.LittleEndian.Uint32(nonce[0:4]),
+ binary.LittleEndian.Uint32(nonce[4:8]),
+ binary.LittleEndian.Uint32(nonce[8:12]),
+ }
+ return c, nil
+}
+
+// The constant first 4 words of the ChaCha20 state.
+const (
+ j0 uint32 = 0x61707865 // expa
+ j1 uint32 = 0x3320646e // nd 3
+ j2 uint32 = 0x79622d32 // 2-by
+ j3 uint32 = 0x6b206574 // te k
+)
+
+const blockSize = 64
+
+// quarterRound is the core of ChaCha20. It shuffles the bits of 4 state words.
+// It's executed 4 times for each of the 20 ChaCha20 rounds, operating on all 16
+// words each round, in columnar or diagonal groups of 4 at a time.
+func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
+ a += b
+ d ^= a
+ d = bits.RotateLeft32(d, 16)
+ c += d
+ b ^= c
+ b = bits.RotateLeft32(b, 12)
+ a += b
+ d ^= a
+ d = bits.RotateLeft32(d, 8)
+ c += d
+ b ^= c
+ b = bits.RotateLeft32(b, 7)
+ return a, b, c, d
+}
+
+// XORKeyStream XORs each byte in the given slice with a byte from the
+// cipher's key stream. Dst and src must overlap entirely or not at all.
+//
+// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
+// to pass a dst bigger than src, and in that case, XORKeyStream will
+// only update dst[:len(src)] and will not touch the rest of dst.
+//
+// Multiple calls to XORKeyStream behave as if the concatenation of
+// the src buffers was passed in a single run. That is, Cipher
+// maintains state and does not reset at each XORKeyStream call.
+func (s *Cipher) XORKeyStream(dst, src []byte) {
+ if len(src) == 0 {
+ return
+ }
+ if len(dst) < len(src) {
+ panic("chacha20: output smaller than input")
+ }
+ dst = dst[:len(src)]
+ if subtle.InexactOverlap(dst, src) {
+ panic("chacha20: invalid buffer overlap")
+ }
+
+ // First, drain any remaining key stream from a previous XORKeyStream.
+ if s.len != 0 {
+ keyStream := s.buf[bufSize-s.len:]
+ if len(src) < len(keyStream) {
+ keyStream = keyStream[:len(src)]
+ }
+ _ = src[len(keyStream)-1] // bounds check elimination hint
+ for i, b := range keyStream {
+ dst[i] = src[i] ^ b
+ }
+ s.len -= len(keyStream)
+ src = src[len(keyStream):]
+ dst = dst[len(keyStream):]
+ }
+
+ const blocksPerBuf = bufSize / blockSize
+ numBufs := (uint64(len(src)) + bufSize - 1) / bufSize
+ if uint64(s.counter)+numBufs*blocksPerBuf >= 1<<32 {
+ panic("chacha20: counter overflow")
+ }
+
+ // xorKeyStreamBlocks implementations expect input lengths that are a
+ // multiple of bufSize. Platform-specific ones process multiple blocks at a
+ // time, so have bufSizes that are a multiple of blockSize.
+
+ rem := len(src) % bufSize
+ full := len(src) - rem
+
+ if full > 0 {
+ s.xorKeyStreamBlocks(dst[:full], src[:full])
+ }
+
+ // If we have a partial (multi-)block, pad it for xorKeyStreamBlocks, and
+ // keep the leftover keystream for the next XORKeyStream invocation.
+ if rem > 0 {
+ s.buf = [bufSize]byte{}
+ copy(s.buf[:], src[full:])
+ s.xorKeyStreamBlocks(s.buf[:], s.buf[:])
+ s.len = bufSize - copy(dst[full:], s.buf[:])
+ }
+}
+
+func (s *Cipher) xorKeyStreamBlocksGeneric(dst, src []byte) {
+ if len(dst) != len(src) || len(dst)%blockSize != 0 {
+ panic("chacha20: internal error: wrong dst and/or src length")
+ }
+
+ // To generate each block of key stream, the initial cipher state
+ // (represented below) is passed through 20 rounds of shuffling,
+ // alternatively applying quarterRounds by columns (like 1, 5, 9, 13)
+ // or by diagonals (like 1, 6, 11, 12).
+ //
+ // 0:cccccccc 1:cccccccc 2:cccccccc 3:cccccccc
+ // 4:kkkkkkkk 5:kkkkkkkk 6:kkkkkkkk 7:kkkkkkkk
+ // 8:kkkkkkkk 9:kkkkkkkk 10:kkkkkkkk 11:kkkkkkkk
+ // 12:bbbbbbbb 13:nnnnnnnn 14:nnnnnnnn 15:nnnnnnnn
+ //
+ // c=constant k=key b=blockcount n=nonce
+ var (
+ c0, c1, c2, c3 = j0, j1, j2, j3
+ c4, c5, c6, c7 = s.key[0], s.key[1], s.key[2], s.key[3]
+ c8, c9, c10, c11 = s.key[4], s.key[5], s.key[6], s.key[7]
+ _, c13, c14, c15 = s.counter, s.nonce[0], s.nonce[1], s.nonce[2]
+ )
+
+ // Three quarters of the first round don't depend on the counter, so we can
+ // calculate them here, and reuse them for multiple blocks in the loop, and
+ // for future XORKeyStream invocations.
+ if !s.precompDone {
+ s.p1, s.p5, s.p9, s.p13 = quarterRound(c1, c5, c9, c13)
+ s.p2, s.p6, s.p10, s.p14 = quarterRound(c2, c6, c10, c14)
+ s.p3, s.p7, s.p11, s.p15 = quarterRound(c3, c7, c11, c15)
+ s.precompDone = true
+ }
+
+ for i := 0; i < len(src); i += blockSize {
+ // The remainder of the first column round.
+ fcr0, fcr4, fcr8, fcr12 := quarterRound(c0, c4, c8, s.counter)
+
+ // The second diagonal round.
+ x0, x5, x10, x15 := quarterRound(fcr0, s.p5, s.p10, s.p15)
+ x1, x6, x11, x12 := quarterRound(s.p1, s.p6, s.p11, fcr12)
+ x2, x7, x8, x13 := quarterRound(s.p2, s.p7, fcr8, s.p13)
+ x3, x4, x9, x14 := quarterRound(s.p3, fcr4, s.p9, s.p14)
+
+ // The remaining 18 rounds.
+ for i := 0; i < 9; i++ {
+ // Column round.
+ x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+ x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+ x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+ x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+ // Diagonal round.
+ x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+ x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+ x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+ x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+ }
+
+ // Finally, add back the initial state to generate the key stream.
+ x0 += c0
+ x1 += c1
+ x2 += c2
+ x3 += c3
+ x4 += c4
+ x5 += c5
+ x6 += c6
+ x7 += c7
+ x8 += c8
+ x9 += c9
+ x10 += c10
+ x11 += c11
+ x12 += s.counter
+ x13 += c13
+ x14 += c14
+ x15 += c15
+
+ s.counter += 1
+ if s.counter == 0 {
+ panic("chacha20: internal error: counter overflow")
+ }
+
+ in, out := src[i:], dst[i:]
+ in, out = in[:blockSize], out[:blockSize] // bounds check elimination hint
+
+ // XOR the key stream with the source and write out the result.
+ xor(out[0:], in[0:], x0)
+ xor(out[4:], in[4:], x1)
+ xor(out[8:], in[8:], x2)
+ xor(out[12:], in[12:], x3)
+ xor(out[16:], in[16:], x4)
+ xor(out[20:], in[20:], x5)
+ xor(out[24:], in[24:], x6)
+ xor(out[28:], in[28:], x7)
+ xor(out[32:], in[32:], x8)
+ xor(out[36:], in[36:], x9)
+ xor(out[40:], in[40:], x10)
+ xor(out[44:], in[44:], x11)
+ xor(out[48:], in[48:], x12)
+ xor(out[52:], in[52:], x13)
+ xor(out[56:], in[56:], x14)
+ xor(out[60:], in[60:], x15)
+ }
+}
+
+// HChaCha20 uses the ChaCha20 core to generate a derived key from a 32 bytes
+// key and a 16 bytes nonce. It returns an error if key or nonce have any other
+// length. It is used as part of the XChaCha20 construction.
+func HChaCha20(key, nonce []byte) ([]byte, error) {
+ // This function is split into a wrapper so that the slice allocation will
+ // be inlined, and depending on how the caller uses the return value, won't
+ // escape to the heap.
+ out := make([]byte, 32)
+ return hChaCha20(out, key, nonce)
+}
+
+func hChaCha20(out, key, nonce []byte) ([]byte, error) {
+ if len(key) != KeySize {
+ return nil, errors.New("chacha20: wrong HChaCha20 key size")
+ }
+ if len(nonce) != 16 {
+ return nil, errors.New("chacha20: wrong HChaCha20 nonce size")
+ }
+
+ x0, x1, x2, x3 := j0, j1, j2, j3
+ x4 := binary.LittleEndian.Uint32(key[0:4])
+ x5 := binary.LittleEndian.Uint32(key[4:8])
+ x6 := binary.LittleEndian.Uint32(key[8:12])
+ x7 := binary.LittleEndian.Uint32(key[12:16])
+ x8 := binary.LittleEndian.Uint32(key[16:20])
+ x9 := binary.LittleEndian.Uint32(key[20:24])
+ x10 := binary.LittleEndian.Uint32(key[24:28])
+ x11 := binary.LittleEndian.Uint32(key[28:32])
+ x12 := binary.LittleEndian.Uint32(nonce[0:4])
+ x13 := binary.LittleEndian.Uint32(nonce[4:8])
+ x14 := binary.LittleEndian.Uint32(nonce[8:12])
+ x15 := binary.LittleEndian.Uint32(nonce[12:16])
+
+ for i := 0; i < 10; i++ {
+ // Diagonal round.
+ x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
+ x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
+ x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
+ x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
+
+ // Column round.
+ x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
+ x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
+ x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
+ x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
+ }
+
+ _ = out[31] // bounds check elimination hint
+ binary.LittleEndian.PutUint32(out[0:4], x0)
+ binary.LittleEndian.PutUint32(out[4:8], x1)
+ binary.LittleEndian.PutUint32(out[8:12], x2)
+ binary.LittleEndian.PutUint32(out[12:16], x3)
+ binary.LittleEndian.PutUint32(out[16:20], x12)
+ binary.LittleEndian.PutUint32(out[20:24], x13)
+ binary.LittleEndian.PutUint32(out[24:28], x14)
+ binary.LittleEndian.PutUint32(out[28:32], x15)
+ return out, nil
+}
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go b/src/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
new file mode 100644
index 0000000..ec609ed
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_noasm.go
@@ -0,0 +1,13 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !arm64,!s390x,!ppc64le arm64,!go1.11 gccgo appengine
+
+package chacha20
+
+const bufSize = blockSize
+
+func (s *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+ s.xorKeyStreamBlocksGeneric(dst, src)
+}
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go b/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
new file mode 100644
index 0000000..d0ec61f
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo,!appengine
+
+package chacha20
+
+const bufSize = 256
+
+//go:noescape
+func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+ chaCha20_ctr32_vsx(&dst[0], &src[0], len(src), &c.key, &c.counter)
+}
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s b/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
new file mode 100644
index 0000000..533014e
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_ppc64le.s
@@ -0,0 +1,449 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Based on CRYPTOGAMS code with the following comment:
+// # ====================================================================
+// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// # project. The module is, however, dual licensed under OpenSSL and
+// # CRYPTOGAMS licenses depending on where you obtain it. For further
+// # details see http://www.openssl.org/~appro/cryptogams/.
+// # ====================================================================
+
+// Code for the perl script that generates the ppc64 assembler
+// can be found in the cryptogams repository at the link below. It is based on
+// the original from openssl.
+
+// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91
+
+// The differences in this and the original implementation are
+// due to the calling conventions and initialization of constants.
+
+// +build !gccgo,!appengine
+
+#include "textflag.h"
+
+#define OUT R3
+#define INP R4
+#define LEN R5
+#define KEY R6
+#define CNT R7
+#define TMP R15
+
+#define CONSTBASE R16
+#define BLOCKS R17
+
+DATA consts<>+0x00(SB)/8, $0x3320646e61707865
+DATA consts<>+0x08(SB)/8, $0x6b20657479622d32
+DATA consts<>+0x10(SB)/8, $0x0000000000000001
+DATA consts<>+0x18(SB)/8, $0x0000000000000000
+DATA consts<>+0x20(SB)/8, $0x0000000000000004
+DATA consts<>+0x28(SB)/8, $0x0000000000000000
+DATA consts<>+0x30(SB)/8, $0x0a0b08090e0f0c0d
+DATA consts<>+0x38(SB)/8, $0x0203000106070405
+DATA consts<>+0x40(SB)/8, $0x090a0b080d0e0f0c
+DATA consts<>+0x48(SB)/8, $0x0102030005060704
+DATA consts<>+0x50(SB)/8, $0x6170786561707865
+DATA consts<>+0x58(SB)/8, $0x6170786561707865
+DATA consts<>+0x60(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x68(SB)/8, $0x3320646e3320646e
+DATA consts<>+0x70(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x78(SB)/8, $0x79622d3279622d32
+DATA consts<>+0x80(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x88(SB)/8, $0x6b2065746b206574
+DATA consts<>+0x90(SB)/8, $0x0000000100000000
+DATA consts<>+0x98(SB)/8, $0x0000000300000002
+GLOBL consts<>(SB), RODATA, $0xa0
+
+//func chaCha20_ctr32_vsx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
+TEXT ·chaCha20_ctr32_vsx(SB),NOSPLIT,$64-40
+ MOVD out+0(FP), OUT
+ MOVD inp+8(FP), INP
+ MOVD len+16(FP), LEN
+ MOVD key+24(FP), KEY
+ MOVD counter+32(FP), CNT
+
+ // Addressing for constants
+ MOVD $consts<>+0x00(SB), CONSTBASE
+ MOVD $16, R8
+ MOVD $32, R9
+ MOVD $48, R10
+ MOVD $64, R11
+ SRD $6, LEN, BLOCKS
+ // V16
+ LXVW4X (CONSTBASE)(R0), VS48
+ ADD $80,CONSTBASE
+
+ // Load key into V17,V18
+ LXVW4X (KEY)(R0), VS49
+ LXVW4X (KEY)(R8), VS50
+
+ // Load CNT, NONCE into V19
+ LXVW4X (CNT)(R0), VS51
+
+ // Clear V27
+ VXOR V27, V27, V27
+
+ // V28
+ LXVW4X (CONSTBASE)(R11), VS60
+
+ // splat slot from V19 -> V26
+ VSPLTW $0, V19, V26
+
+ VSLDOI $4, V19, V27, V19
+ VSLDOI $12, V27, V19, V19
+
+ VADDUWM V26, V28, V26
+
+ MOVD $10, R14
+ MOVD R14, CTR
+
+loop_outer_vsx:
+ // V0, V1, V2, V3
+ LXVW4X (R0)(CONSTBASE), VS32
+ LXVW4X (R8)(CONSTBASE), VS33
+ LXVW4X (R9)(CONSTBASE), VS34
+ LXVW4X (R10)(CONSTBASE), VS35
+
+ // splat values from V17, V18 into V4-V11
+ VSPLTW $0, V17, V4
+ VSPLTW $1, V17, V5
+ VSPLTW $2, V17, V6
+ VSPLTW $3, V17, V7
+ VSPLTW $0, V18, V8
+ VSPLTW $1, V18, V9
+ VSPLTW $2, V18, V10
+ VSPLTW $3, V18, V11
+
+ // VOR
+ VOR V26, V26, V12
+
+ // splat values from V19 -> V13, V14, V15
+ VSPLTW $1, V19, V13
+ VSPLTW $2, V19, V14
+ VSPLTW $3, V19, V15
+
+ // splat const values
+ VSPLTISW $-16, V27
+ VSPLTISW $12, V28
+ VSPLTISW $8, V29
+ VSPLTISW $7, V30
+
+loop_vsx:
+ VADDUWM V0, V4, V0
+ VADDUWM V1, V5, V1
+ VADDUWM V2, V6, V2
+ VADDUWM V3, V7, V3
+
+ VXOR V12, V0, V12
+ VXOR V13, V1, V13
+ VXOR V14, V2, V14
+ VXOR V15, V3, V15
+
+ VRLW V12, V27, V12
+ VRLW V13, V27, V13
+ VRLW V14, V27, V14
+ VRLW V15, V27, V15
+
+ VADDUWM V8, V12, V8
+ VADDUWM V9, V13, V9
+ VADDUWM V10, V14, V10
+ VADDUWM V11, V15, V11
+
+ VXOR V4, V8, V4
+ VXOR V5, V9, V5
+ VXOR V6, V10, V6
+ VXOR V7, V11, V7
+
+ VRLW V4, V28, V4
+ VRLW V5, V28, V5
+ VRLW V6, V28, V6
+ VRLW V7, V28, V7
+
+ VADDUWM V0, V4, V0
+ VADDUWM V1, V5, V1
+ VADDUWM V2, V6, V2
+ VADDUWM V3, V7, V3
+
+ VXOR V12, V0, V12
+ VXOR V13, V1, V13
+ VXOR V14, V2, V14
+ VXOR V15, V3, V15
+
+ VRLW V12, V29, V12
+ VRLW V13, V29, V13
+ VRLW V14, V29, V14
+ VRLW V15, V29, V15
+
+ VADDUWM V8, V12, V8
+ VADDUWM V9, V13, V9
+ VADDUWM V10, V14, V10
+ VADDUWM V11, V15, V11
+
+ VXOR V4, V8, V4
+ VXOR V5, V9, V5
+ VXOR V6, V10, V6
+ VXOR V7, V11, V7
+
+ VRLW V4, V30, V4
+ VRLW V5, V30, V5
+ VRLW V6, V30, V6
+ VRLW V7, V30, V7
+
+ VADDUWM V0, V5, V0
+ VADDUWM V1, V6, V1
+ VADDUWM V2, V7, V2
+ VADDUWM V3, V4, V3
+
+ VXOR V15, V0, V15
+ VXOR V12, V1, V12
+ VXOR V13, V2, V13
+ VXOR V14, V3, V14
+
+ VRLW V15, V27, V15
+ VRLW V12, V27, V12
+ VRLW V13, V27, V13
+ VRLW V14, V27, V14
+
+ VADDUWM V10, V15, V10
+ VADDUWM V11, V12, V11
+ VADDUWM V8, V13, V8
+ VADDUWM V9, V14, V9
+
+ VXOR V5, V10, V5
+ VXOR V6, V11, V6
+ VXOR V7, V8, V7
+ VXOR V4, V9, V4
+
+ VRLW V5, V28, V5
+ VRLW V6, V28, V6
+ VRLW V7, V28, V7
+ VRLW V4, V28, V4
+
+ VADDUWM V0, V5, V0
+ VADDUWM V1, V6, V1
+ VADDUWM V2, V7, V2
+ VADDUWM V3, V4, V3
+
+ VXOR V15, V0, V15
+ VXOR V12, V1, V12
+ VXOR V13, V2, V13
+ VXOR V14, V3, V14
+
+ VRLW V15, V29, V15
+ VRLW V12, V29, V12
+ VRLW V13, V29, V13
+ VRLW V14, V29, V14
+
+ VADDUWM V10, V15, V10
+ VADDUWM V11, V12, V11
+ VADDUWM V8, V13, V8
+ VADDUWM V9, V14, V9
+
+ VXOR V5, V10, V5
+ VXOR V6, V11, V6
+ VXOR V7, V8, V7
+ VXOR V4, V9, V4
+
+ VRLW V5, V30, V5
+ VRLW V6, V30, V6
+ VRLW V7, V30, V7
+ VRLW V4, V30, V4
+ BC 16, LT, loop_vsx
+
+ VADDUWM V12, V26, V12
+
+ WORD $0x13600F8C // VMRGEW V0, V1, V27
+ WORD $0x13821F8C // VMRGEW V2, V3, V28
+
+ WORD $0x10000E8C // VMRGOW V0, V1, V0
+ WORD $0x10421E8C // VMRGOW V2, V3, V2
+
+ WORD $0x13A42F8C // VMRGEW V4, V5, V29
+ WORD $0x13C63F8C // VMRGEW V6, V7, V30
+
+ XXPERMDI VS32, VS34, $0, VS33
+ XXPERMDI VS32, VS34, $3, VS35
+ XXPERMDI VS59, VS60, $0, VS32
+ XXPERMDI VS59, VS60, $3, VS34
+
+ WORD $0x10842E8C // VMRGOW V4, V5, V4
+ WORD $0x10C63E8C // VMRGOW V6, V7, V6
+
+ WORD $0x13684F8C // VMRGEW V8, V9, V27
+ WORD $0x138A5F8C // VMRGEW V10, V11, V28
+
+ XXPERMDI VS36, VS38, $0, VS37
+ XXPERMDI VS36, VS38, $3, VS39
+ XXPERMDI VS61, VS62, $0, VS36
+ XXPERMDI VS61, VS62, $3, VS38
+
+ WORD $0x11084E8C // VMRGOW V8, V9, V8
+ WORD $0x114A5E8C // VMRGOW V10, V11, V10
+
+ WORD $0x13AC6F8C // VMRGEW V12, V13, V29
+ WORD $0x13CE7F8C // VMRGEW V14, V15, V30
+
+ XXPERMDI VS40, VS42, $0, VS41
+ XXPERMDI VS40, VS42, $3, VS43
+ XXPERMDI VS59, VS60, $0, VS40
+ XXPERMDI VS59, VS60, $3, VS42
+
+ WORD $0x118C6E8C // VMRGOW V12, V13, V12
+ WORD $0x11CE7E8C // VMRGOW V14, V15, V14
+
+ VSPLTISW $4, V27
+ VADDUWM V26, V27, V26
+
+ XXPERMDI VS44, VS46, $0, VS45
+ XXPERMDI VS44, VS46, $3, VS47
+ XXPERMDI VS61, VS62, $0, VS44
+ XXPERMDI VS61, VS62, $3, VS46
+
+ VADDUWM V0, V16, V0
+ VADDUWM V4, V17, V4
+ VADDUWM V8, V18, V8
+ VADDUWM V12, V19, V12
+
+ CMPU LEN, $64
+ BLT tail_vsx
+
+ // Bottom of loop
+ LXVW4X (INP)(R0), VS59
+ LXVW4X (INP)(R8), VS60
+ LXVW4X (INP)(R9), VS61
+ LXVW4X (INP)(R10), VS62
+
+ VXOR V27, V0, V27
+ VXOR V28, V4, V28
+ VXOR V29, V8, V29
+ VXOR V30, V12, V30
+
+ STXVW4X VS59, (OUT)(R0)
+ STXVW4X VS60, (OUT)(R8)
+ ADD $64, INP
+ STXVW4X VS61, (OUT)(R9)
+ ADD $-64, LEN
+ STXVW4X VS62, (OUT)(R10)
+ ADD $64, OUT
+ BEQ done_vsx
+
+ VADDUWM V1, V16, V0
+ VADDUWM V5, V17, V4
+ VADDUWM V9, V18, V8
+ VADDUWM V13, V19, V12
+
+ CMPU LEN, $64
+ BLT tail_vsx
+
+ LXVW4X (INP)(R0), VS59
+ LXVW4X (INP)(R8), VS60
+ LXVW4X (INP)(R9), VS61
+ LXVW4X (INP)(R10), VS62
+ VXOR V27, V0, V27
+
+ VXOR V28, V4, V28
+ VXOR V29, V8, V29
+ VXOR V30, V12, V30
+
+ STXVW4X VS59, (OUT)(R0)
+ STXVW4X VS60, (OUT)(R8)
+ ADD $64, INP
+ STXVW4X VS61, (OUT)(R9)
+ ADD $-64, LEN
+ STXVW4X VS62, (OUT)(V10)
+ ADD $64, OUT
+ BEQ done_vsx
+
+ VADDUWM V2, V16, V0
+ VADDUWM V6, V17, V4
+ VADDUWM V10, V18, V8
+ VADDUWM V14, V19, V12
+
+ CMPU LEN, $64
+ BLT tail_vsx
+
+ LXVW4X (INP)(R0), VS59
+ LXVW4X (INP)(R8), VS60
+ LXVW4X (INP)(R9), VS61
+ LXVW4X (INP)(R10), VS62
+
+ VXOR V27, V0, V27
+ VXOR V28, V4, V28
+ VXOR V29, V8, V29
+ VXOR V30, V12, V30
+
+ STXVW4X VS59, (OUT)(R0)
+ STXVW4X VS60, (OUT)(R8)
+ ADD $64, INP
+ STXVW4X VS61, (OUT)(R9)
+ ADD $-64, LEN
+ STXVW4X VS62, (OUT)(R10)
+ ADD $64, OUT
+ BEQ done_vsx
+
+ VADDUWM V3, V16, V0
+ VADDUWM V7, V17, V4
+ VADDUWM V11, V18, V8
+ VADDUWM V15, V19, V12
+
+ CMPU LEN, $64
+ BLT tail_vsx
+
+ LXVW4X (INP)(R0), VS59
+ LXVW4X (INP)(R8), VS60
+ LXVW4X (INP)(R9), VS61
+ LXVW4X (INP)(R10), VS62
+
+ VXOR V27, V0, V27
+ VXOR V28, V4, V28
+ VXOR V29, V8, V29
+ VXOR V30, V12, V30
+
+ STXVW4X VS59, (OUT)(R0)
+ STXVW4X VS60, (OUT)(R8)
+ ADD $64, INP
+ STXVW4X VS61, (OUT)(R9)
+ ADD $-64, LEN
+ STXVW4X VS62, (OUT)(R10)
+ ADD $64, OUT
+
+ MOVD $10, R14
+ MOVD R14, CTR
+ BNE loop_outer_vsx
+
+done_vsx:
+ // Increment counter by number of 64 byte blocks
+ MOVD (CNT), R14
+ ADD BLOCKS, R14
+ MOVD R14, (CNT)
+ RET
+
+tail_vsx:
+ ADD $32, R1, R11
+ MOVD LEN, CTR
+
+ // Save values on stack to copy from
+ STXVW4X VS32, (R11)(R0)
+ STXVW4X VS36, (R11)(R8)
+ STXVW4X VS40, (R11)(R9)
+ STXVW4X VS44, (R11)(R10)
+ ADD $-1, R11, R12
+ ADD $-1, INP
+ ADD $-1, OUT
+
+looptail_vsx:
+ // Copying the result to OUT
+ // in bytes.
+ MOVBZU 1(R12), KEY
+ MOVBZU 1(INP), TMP
+ XOR KEY, TMP, KEY
+ MOVBU KEY, 1(OUT)
+ BC 16, LT, looptail_vsx
+
+ // Clear the stack values
+ STXVW4X VS48, (R11)(R0)
+ STXVW4X VS48, (R11)(R8)
+ STXVW4X VS48, (R11)(R9)
+ STXVW4X VS48, (R11)(R10)
+ BR done_vsx
diff --git a/src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go b/src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
new file mode 100644
index 0000000..cd55f45
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo,!appengine
+
+package chacha20
+
+import "golang.org/x/sys/cpu"
+
+var haveAsm = cpu.S390X.HasVX
+
+const bufSize = 256
+
+// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
+// be called when the vector facility is available. Implementation in asm_s390x.s.
+//go:noescape
+func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
+
+func (c *Cipher) xorKeyStreamBlocks(dst, src []byte) {
+ if cpu.S390X.HasVX {
+ xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
+ } else {
+ c.xorKeyStreamBlocksGeneric(dst, src)
+ }
+}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s b/src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
similarity index 87%
rename from src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
rename to src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
index 57df404..de52a2e 100644
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.s
+++ b/src/vendor/golang.org/x/crypto/chacha20/chacha_s390x.s
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build s390x,!gccgo,!appengine
+// +build !gccgo,!appengine
#include "go_asm.h"
#include "textflag.h"
@@ -24,15 +24,6 @@
DATA ·constants<>+0x18(SB)/4, $0x79622d32
DATA ·constants<>+0x1c(SB)/4, $0x6b206574
-// EXRL targets:
-TEXT ·mvcSrcToBuf(SB), NOFRAME|NOSPLIT, $0
- MVC $1, (R1), (R8)
- RET
-
-TEXT ·mvcBufToDst(SB), NOFRAME|NOSPLIT, $0
- MVC $1, (R8), (R9)
- RET
-
#define BSWAP V5
#define J0 V6
#define KEY0 V7
@@ -144,7 +135,7 @@
VMRHF v, w, c \ // c = {a[2], b[2], c[2], d[2]}
VMRLF v, w, d // d = {a[3], b[3], c[3], d[3]}
-// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
+// func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
TEXT ·xorKeyStreamVX(SB), NOSPLIT, $0
MOVD $·constants<>(SB), R1
MOVD dst+0(FP), R2 // R2=&dst[0]
@@ -152,25 +143,10 @@
MOVD key+48(FP), R5 // R5=key
MOVD nonce+56(FP), R6 // R6=nonce
MOVD counter+64(FP), R7 // R7=counter
- MOVD buf+72(FP), R8 // R8=buf
- MOVD len+80(FP), R9 // R9=len
// load BSWAP and J0
VLM (R1), BSWAP, J0
- // set up tail buffer
- ADD $-1, R4, R12
- MOVBZ R12, R12
- CMPUBEQ R12, $255, aligned
- MOVD R4, R1
- AND $~255, R1
- MOVD $(R3)(R1*1), R1
- EXRL $·mvcSrcToBuf(SB), R12
- MOVD $255, R0
- SUB R12, R0
- MOVD R0, (R9) // update len
-
-aligned:
// setup
MOVD $95, R0
VLM (R5), KEY0, KEY1
@@ -217,9 +193,7 @@
// decrement length
ADD $-256, R4
- BLT tail
-continue:
// rearrange vectors
SHUFFLE(X0, X1, X2, X3, M0, M1, M2, M3)
ADDV(J0, X0, X1, X2, X3)
@@ -245,16 +219,6 @@
MOVD $256(R3), R3
CMPBNE R4, $0, chacha
- CMPUBEQ R12, $255, return
- EXRL $·mvcBufToDst(SB), R12 // len was updated during setup
-return:
VSTEF $0, CTR, (R7)
RET
-
-tail:
- MOVD R2, R9
- MOVD R8, R2
- MOVD R8, R3
- MOVD $0, R4
- JMP continue
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/xor.go b/src/vendor/golang.org/x/crypto/chacha20/xor.go
similarity index 97%
rename from src/vendor/golang.org/x/crypto/internal/chacha20/xor.go
rename to src/vendor/golang.org/x/crypto/chacha20/xor.go
index 9c5ba0b..0110c98 100644
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/xor.go
+++ b/src/vendor/golang.org/x/crypto/chacha20/xor.go
@@ -4,9 +4,7 @@
package chacha20
-import (
- "runtime"
-)
+import "runtime"
// Platforms that have fast unaligned 32-bit little endian accesses.
const unaligned = runtime.GOARCH == "386" ||
diff --git a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
index bbb86ef..0d7bac3f 100644
--- a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
+++ b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305.go
@@ -2,13 +2,13 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD as specified in RFC 7539,
-// and its extended nonce variant XChaCha20-Poly1305.
+// Package chacha20poly1305 implements the ChaCha20-Poly1305 AEAD and its
+// extended nonce variant XChaCha20-Poly1305, as specified in RFC 8439 and
+// draft-irtf-cfrg-xchacha-01.
package chacha20poly1305 // import "golang.org/x/crypto/chacha20poly1305"
import (
"crypto/cipher"
- "encoding/binary"
"errors"
)
@@ -29,7 +29,7 @@
)
type chacha20poly1305 struct {
- key [8]uint32
+ key [KeySize]byte
}
// New returns a ChaCha20-Poly1305 AEAD that uses the given 256-bit key.
@@ -38,14 +38,7 @@
return nil, errors.New("chacha20poly1305: bad key length")
}
ret := new(chacha20poly1305)
- ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
- ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
- ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
- ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
- ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
- ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
- ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
- ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
+ copy(ret.key[:], key)
return ret, nil
}
diff --git a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
index 2aa4fd8..737e46a 100644
--- a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
+++ b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_amd64.go
@@ -25,23 +25,23 @@
// setupState writes a ChaCha20 input matrix to state. See
// https://tools.ietf.org/html/rfc7539#section-2.3.
-func setupState(state *[16]uint32, key *[8]uint32, nonce []byte) {
+func setupState(state *[16]uint32, key *[32]byte, nonce []byte) {
state[0] = 0x61707865
state[1] = 0x3320646e
state[2] = 0x79622d32
state[3] = 0x6b206574
- state[4] = key[0]
- state[5] = key[1]
- state[6] = key[2]
- state[7] = key[3]
- state[8] = key[4]
- state[9] = key[5]
- state[10] = key[6]
- state[11] = key[7]
+ state[4] = binary.LittleEndian.Uint32(key[0:4])
+ state[5] = binary.LittleEndian.Uint32(key[4:8])
+ state[6] = binary.LittleEndian.Uint32(key[8:12])
+ state[7] = binary.LittleEndian.Uint32(key[12:16])
+ state[8] = binary.LittleEndian.Uint32(key[16:20])
+ state[9] = binary.LittleEndian.Uint32(key[20:24])
+ state[10] = binary.LittleEndian.Uint32(key[24:28])
+ state[11] = binary.LittleEndian.Uint32(key[28:32])
state[12] = 0
- state[13] = binary.LittleEndian.Uint32(nonce[:4])
+ state[13] = binary.LittleEndian.Uint32(nonce[0:4])
state[14] = binary.LittleEndian.Uint32(nonce[4:8])
state[15] = binary.LittleEndian.Uint32(nonce[8:12])
}
diff --git a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
index c279712..91b3856 100644
--- a/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
+++ b/src/vendor/golang.org/x/crypto/chacha20poly1305/chacha20poly1305_generic.go
@@ -7,7 +7,7 @@
import (
"encoding/binary"
- "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/chacha20"
"golang.org/x/crypto/internal/subtle"
"golang.org/x/crypto/poly1305"
)
@@ -22,14 +22,10 @@
panic("chacha20poly1305: invalid buffer overlap")
}
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
+ var polyKey, discardBuf [32]byte
+ s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
s.XORKeyStream(out, plaintext)
polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(plaintext))+8+8)
@@ -50,14 +46,10 @@
copy(tag[:], ciphertext[len(ciphertext)-16:])
ciphertext = ciphertext[:len(ciphertext)-16]
- var polyKey [32]byte
- s := chacha20.New(c.key, [3]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- })
+ var polyKey, discardBuf [32]byte
+ s, _ := chacha20.NewUnauthenticatedCipher(c.key[:], nonce)
s.XORKeyStream(polyKey[:], polyKey[:])
- s.Advance() // skip the next 32 bytes
+ s.XORKeyStream(discardBuf[:], discardBuf[:]) // skip the next 32 bytes
polyInput := make([]byte, roundTo16(len(additionalData))+roundTo16(len(ciphertext))+8+8)
copy(polyInput, additionalData)
diff --git a/src/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go b/src/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
index a02fa57..d9d46b9 100644
--- a/src/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
+++ b/src/vendor/golang.org/x/crypto/chacha20poly1305/xchacha20poly1305.go
@@ -6,14 +6,13 @@
import (
"crypto/cipher"
- "encoding/binary"
"errors"
- "golang.org/x/crypto/internal/chacha20"
+ "golang.org/x/crypto/chacha20"
)
type xchacha20poly1305 struct {
- key [8]uint32
+ key [KeySize]byte
}
// NewX returns a XChaCha20-Poly1305 AEAD that uses the given 256-bit key.
@@ -27,14 +26,7 @@
return nil, errors.New("chacha20poly1305: bad key length")
}
ret := new(xchacha20poly1305)
- ret.key[0] = binary.LittleEndian.Uint32(key[0:4])
- ret.key[1] = binary.LittleEndian.Uint32(key[4:8])
- ret.key[2] = binary.LittleEndian.Uint32(key[8:12])
- ret.key[3] = binary.LittleEndian.Uint32(key[12:16])
- ret.key[4] = binary.LittleEndian.Uint32(key[16:20])
- ret.key[5] = binary.LittleEndian.Uint32(key[20:24])
- ret.key[6] = binary.LittleEndian.Uint32(key[24:28])
- ret.key[7] = binary.LittleEndian.Uint32(key[28:32])
+ copy(ret.key[:], key)
return ret, nil
}
@@ -60,15 +52,10 @@
panic("chacha20poly1305: plaintext too large")
}
- hNonce := [4]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- binary.LittleEndian.Uint32(nonce[12:16]),
- }
- c := &chacha20poly1305{
- key: chacha20.HChaCha20(&x.key, &hNonce),
- }
+ c := new(chacha20poly1305)
+ hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+ copy(c.key[:], hKey)
+
// The first 4 bytes of the final nonce are unused counter space.
cNonce := make([]byte, NonceSize)
copy(cNonce[4:12], nonce[16:24])
@@ -87,15 +74,10 @@
panic("chacha20poly1305: ciphertext too large")
}
- hNonce := [4]uint32{
- binary.LittleEndian.Uint32(nonce[0:4]),
- binary.LittleEndian.Uint32(nonce[4:8]),
- binary.LittleEndian.Uint32(nonce[8:12]),
- binary.LittleEndian.Uint32(nonce[12:16]),
- }
- c := &chacha20poly1305{
- key: chacha20.HChaCha20(&x.key, &hNonce),
- }
+ c := new(chacha20poly1305)
+ hKey, _ := chacha20.HChaCha20(x.key[:], nonce[0:16])
+ copy(c.key[:], hKey)
+
// The first 4 bytes of the final nonce are unused counter space.
cNonce := make([]byte, NonceSize)
copy(cNonce[4:12], nonce[16:24])
diff --git a/src/vendor/golang.org/x/crypto/curve25519/const_amd64.h b/src/vendor/golang.org/x/crypto/curve25519/const_amd64.h
deleted file mode 100644
index b3f7416..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/const_amd64.h
+++ /dev/null
@@ -1,8 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-#define REDMASK51 0x0007FFFFFFFFFFFF
diff --git a/src/vendor/golang.org/x/crypto/curve25519/const_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/const_amd64.s
deleted file mode 100644
index ee7b4bd..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/const_amd64.s
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-// These constants cannot be encoded in non-MOVQ immediates.
-// We access them directly from memory instead.
-
-DATA ·_121666_213(SB)/8, $996687872
-GLOBL ·_121666_213(SB), 8, $8
-
-DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
-GLOBL ·_2P0(SB), 8, $8
-
-DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
-GLOBL ·_2P1234(SB), 8, $8
diff --git a/src/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
deleted file mode 100644
index cd793a5..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/cswap_amd64.s
+++ /dev/null
@@ -1,65 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build amd64,!gccgo,!appengine
-
-// func cswap(inout *[4][5]uint64, v uint64)
-TEXT ·cswap(SB),7,$0
- MOVQ inout+0(FP),DI
- MOVQ v+8(FP),SI
-
- SUBQ $1, SI
- NOTQ SI
- MOVQ SI, X15
- PSHUFD $0x44, X15, X15
-
- MOVOU 0(DI), X0
- MOVOU 16(DI), X2
- MOVOU 32(DI), X4
- MOVOU 48(DI), X6
- MOVOU 64(DI), X8
- MOVOU 80(DI), X1
- MOVOU 96(DI), X3
- MOVOU 112(DI), X5
- MOVOU 128(DI), X7
- MOVOU 144(DI), X9
-
- MOVO X1, X10
- MOVO X3, X11
- MOVO X5, X12
- MOVO X7, X13
- MOVO X9, X14
-
- PXOR X0, X10
- PXOR X2, X11
- PXOR X4, X12
- PXOR X6, X13
- PXOR X8, X14
- PAND X15, X10
- PAND X15, X11
- PAND X15, X12
- PAND X15, X13
- PAND X15, X14
- PXOR X10, X0
- PXOR X10, X1
- PXOR X11, X2
- PXOR X11, X3
- PXOR X12, X4
- PXOR X12, X5
- PXOR X13, X6
- PXOR X13, X7
- PXOR X14, X8
- PXOR X14, X9
-
- MOVOU X0, 0(DI)
- MOVOU X2, 16(DI)
- MOVOU X4, 32(DI)
- MOVOU X6, 48(DI)
- MOVOU X8, 64(DI)
- MOVOU X1, 80(DI)
- MOVOU X3, 96(DI)
- MOVOU X5, 112(DI)
- MOVOU X7, 128(DI)
- MOVOU X9, 144(DI)
- RET
diff --git a/src/vendor/golang.org/x/crypto/curve25519/curve25519.go b/src/vendor/golang.org/x/crypto/curve25519/curve25519.go
index 75f24ba..4b9a655 100644
--- a/src/vendor/golang.org/x/crypto/curve25519/curve25519.go
+++ b/src/vendor/golang.org/x/crypto/curve25519/curve25519.go
@@ -1,834 +1,95 @@
-// Copyright 2013 The Go Authors. All rights reserved.
+// Copyright 2019 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// We have an implementation in amd64 assembly so this code is only run on
-// non-amd64 platforms. The amd64 assembly does not support gccgo.
-// +build !amd64 gccgo appengine
-
-package curve25519
+// Package curve25519 provides an implementation of the X25519 function, which
+// performs scalar multiplication on the elliptic curve known as Curve25519.
+// See RFC 7748.
+package curve25519 // import "golang.org/x/crypto/curve25519"
import (
- "encoding/binary"
+ "crypto/subtle"
+ "fmt"
)
-// This code is a port of the public domain, "ref10" implementation of
-// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+// ScalarMult sets dst to the product scalar * point.
+//
+// Deprecated: when provided a low-order point, ScalarMult will set dst to all
+// zeroes, irrespective of the scalar. Instead, use the X25519 function, which
+// will return an error.
+func ScalarMult(dst, scalar, point *[32]byte) {
+ scalarMult(dst, scalar, point)
+}
-// fieldElement represents an element of the field GF(2^255 - 19). An element
-// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
-// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
-// context.
-type fieldElement [10]int32
+// ScalarBaseMult sets dst to the product scalar * base where base is the
+// standard generator.
+//
+// It is recommended to use the X25519 function with Basepoint instead, as
+// copying into fixed size arrays can lead to unexpected bugs.
+func ScalarBaseMult(dst, scalar *[32]byte) {
+ ScalarMult(dst, scalar, &basePoint)
+}
-func feZero(fe *fieldElement) {
- for i := range fe {
- fe[i] = 0
+const (
+ // ScalarSize is the size of the scalar input to X25519.
+ ScalarSize = 32
+ // PointSize is the size of the point input to X25519.
+ PointSize = 32
+)
+
+// Basepoint is the canonical Curve25519 generator.
+var Basepoint []byte
+
+var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+func init() { Basepoint = basePoint[:] }
+
+func checkBasepoint() {
+ if subtle.ConstantTimeCompare(Basepoint, []byte{
+ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ }) != 1 {
+ panic("curve25519: global Basepoint value was modified")
}
}
-func feOne(fe *fieldElement) {
- feZero(fe)
- fe[0] = 1
+// X25519 returns the result of the scalar multiplication (scalar * point),
+// according to RFC 7748, Section 5. scalar, point and the return value are
+// slices of 32 bytes.
+//
+// scalar can be generated at random, for example with crypto/rand. point should
+// be either Basepoint or the output of another X25519 call.
+//
+// If point is Basepoint (but not if it's a different slice with the same
+// contents) a precomputed implementation might be used for performance.
+func X25519(scalar, point []byte) ([]byte, error) {
+ // Outline the body of function, to let the allocation be inlined in the
+ // caller, and possibly avoid escaping to the heap.
+ var dst [32]byte
+ return x25519(&dst, scalar, point)
}
-func feAdd(dst, a, b *fieldElement) {
- for i := range dst {
- dst[i] = a[i] + b[i]
+func x25519(dst *[32]byte, scalar, point []byte) ([]byte, error) {
+ var in [32]byte
+ if l := len(scalar); l != 32 {
+ return nil, fmt.Errorf("bad scalar length: %d, expected %d", l, 32)
}
-}
-
-func feSub(dst, a, b *fieldElement) {
- for i := range dst {
- dst[i] = a[i] - b[i]
+ if l := len(point); l != 32 {
+ return nil, fmt.Errorf("bad point length: %d, expected %d", l, 32)
}
-}
-
-func feCopy(dst, src *fieldElement) {
- for i := range dst {
- dst[i] = src[i]
+ copy(in[:], scalar)
+ if &point[0] == &Basepoint[0] {
+ checkBasepoint()
+ ScalarBaseMult(dst, &in)
+ } else {
+ var base, zero [32]byte
+ copy(base[:], point)
+ ScalarMult(dst, &in, &base)
+ if subtle.ConstantTimeCompare(dst[:], zero[:]) == 1 {
+ return nil, fmt.Errorf("bad input point: low order point")
+ }
}
-}
-
-// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
-//
-// Preconditions: b in {0,1}.
-func feCSwap(f, g *fieldElement, b int32) {
- b = -b
- for i := range f {
- t := b & (f[i] ^ g[i])
- f[i] ^= t
- g[i] ^= t
- }
-}
-
-// load3 reads a 24-bit, little-endian value from in.
-func load3(in []byte) int64 {
- var r int64
- r = int64(in[0])
- r |= int64(in[1]) << 8
- r |= int64(in[2]) << 16
- return r
-}
-
-// load4 reads a 32-bit, little-endian value from in.
-func load4(in []byte) int64 {
- return int64(binary.LittleEndian.Uint32(in))
-}
-
-func feFromBytes(dst *fieldElement, src *[32]byte) {
- h0 := load4(src[:])
- h1 := load3(src[4:]) << 6
- h2 := load3(src[7:]) << 5
- h3 := load3(src[10:]) << 3
- h4 := load3(src[13:]) << 2
- h5 := load4(src[16:])
- h6 := load3(src[20:]) << 7
- h7 := load3(src[23:]) << 5
- h8 := load3(src[26:]) << 4
- h9 := (load3(src[29:]) & 0x7fffff) << 2
-
- var carry [10]int64
- carry[9] = (h9 + 1<<24) >> 25
- h0 += carry[9] * 19
- h9 -= carry[9] << 25
- carry[1] = (h1 + 1<<24) >> 25
- h2 += carry[1]
- h1 -= carry[1] << 25
- carry[3] = (h3 + 1<<24) >> 25
- h4 += carry[3]
- h3 -= carry[3] << 25
- carry[5] = (h5 + 1<<24) >> 25
- h6 += carry[5]
- h5 -= carry[5] << 25
- carry[7] = (h7 + 1<<24) >> 25
- h8 += carry[7]
- h7 -= carry[7] << 25
-
- carry[0] = (h0 + 1<<25) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
- carry[2] = (h2 + 1<<25) >> 26
- h3 += carry[2]
- h2 -= carry[2] << 26
- carry[4] = (h4 + 1<<25) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
- carry[6] = (h6 + 1<<25) >> 26
- h7 += carry[6]
- h6 -= carry[6] << 26
- carry[8] = (h8 + 1<<25) >> 26
- h9 += carry[8]
- h8 -= carry[8] << 26
-
- dst[0] = int32(h0)
- dst[1] = int32(h1)
- dst[2] = int32(h2)
- dst[3] = int32(h3)
- dst[4] = int32(h4)
- dst[5] = int32(h5)
- dst[6] = int32(h6)
- dst[7] = int32(h7)
- dst[8] = int32(h8)
- dst[9] = int32(h9)
-}
-
-// feToBytes marshals h to s.
-// Preconditions:
-// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Write p=2^255-19; q=floor(h/p).
-// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
-//
-// Proof:
-// Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
-// Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
-//
-// Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
-// Then 0<y<1.
-//
-// Write r=h-pq.
-// Have 0<=r<=p-1=2^255-20.
-// Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
-//
-// Write x=r+19(2^-255)r+y.
-// Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
-//
-// Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
-// so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
-func feToBytes(s *[32]byte, h *fieldElement) {
- var carry [10]int32
-
- q := (19*h[9] + (1 << 24)) >> 25
- q = (h[0] + q) >> 26
- q = (h[1] + q) >> 25
- q = (h[2] + q) >> 26
- q = (h[3] + q) >> 25
- q = (h[4] + q) >> 26
- q = (h[5] + q) >> 25
- q = (h[6] + q) >> 26
- q = (h[7] + q) >> 25
- q = (h[8] + q) >> 26
- q = (h[9] + q) >> 25
-
- // Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
- h[0] += 19 * q
- // Goal: Output h-2^255 q, which is between 0 and 2^255-20.
-
- carry[0] = h[0] >> 26
- h[1] += carry[0]
- h[0] -= carry[0] << 26
- carry[1] = h[1] >> 25
- h[2] += carry[1]
- h[1] -= carry[1] << 25
- carry[2] = h[2] >> 26
- h[3] += carry[2]
- h[2] -= carry[2] << 26
- carry[3] = h[3] >> 25
- h[4] += carry[3]
- h[3] -= carry[3] << 25
- carry[4] = h[4] >> 26
- h[5] += carry[4]
- h[4] -= carry[4] << 26
- carry[5] = h[5] >> 25
- h[6] += carry[5]
- h[5] -= carry[5] << 25
- carry[6] = h[6] >> 26
- h[7] += carry[6]
- h[6] -= carry[6] << 26
- carry[7] = h[7] >> 25
- h[8] += carry[7]
- h[7] -= carry[7] << 25
- carry[8] = h[8] >> 26
- h[9] += carry[8]
- h[8] -= carry[8] << 26
- carry[9] = h[9] >> 25
- h[9] -= carry[9] << 25
- // h10 = carry9
-
- // Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
- // Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
- // evidently 2^255 h10-2^255 q = 0.
- // Goal: Output h[0]+...+2^230 h[9].
-
- s[0] = byte(h[0] >> 0)
- s[1] = byte(h[0] >> 8)
- s[2] = byte(h[0] >> 16)
- s[3] = byte((h[0] >> 24) | (h[1] << 2))
- s[4] = byte(h[1] >> 6)
- s[5] = byte(h[1] >> 14)
- s[6] = byte((h[1] >> 22) | (h[2] << 3))
- s[7] = byte(h[2] >> 5)
- s[8] = byte(h[2] >> 13)
- s[9] = byte((h[2] >> 21) | (h[3] << 5))
- s[10] = byte(h[3] >> 3)
- s[11] = byte(h[3] >> 11)
- s[12] = byte((h[3] >> 19) | (h[4] << 6))
- s[13] = byte(h[4] >> 2)
- s[14] = byte(h[4] >> 10)
- s[15] = byte(h[4] >> 18)
- s[16] = byte(h[5] >> 0)
- s[17] = byte(h[5] >> 8)
- s[18] = byte(h[5] >> 16)
- s[19] = byte((h[5] >> 24) | (h[6] << 1))
- s[20] = byte(h[6] >> 7)
- s[21] = byte(h[6] >> 15)
- s[22] = byte((h[6] >> 23) | (h[7] << 3))
- s[23] = byte(h[7] >> 5)
- s[24] = byte(h[7] >> 13)
- s[25] = byte((h[7] >> 21) | (h[8] << 4))
- s[26] = byte(h[8] >> 4)
- s[27] = byte(h[8] >> 12)
- s[28] = byte((h[8] >> 20) | (h[9] << 6))
- s[29] = byte(h[9] >> 2)
- s[30] = byte(h[9] >> 10)
- s[31] = byte(h[9] >> 18)
-}
-
-// feMul calculates h = f * g
-// Can overlap h with f or g.
-//
-// Preconditions:
-// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-// |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-//
-// Notes on implementation strategy:
-//
-// Using schoolbook multiplication.
-// Karatsuba would save a little in some cost models.
-//
-// Most multiplications by 2 and 19 are 32-bit precomputations;
-// cheaper than 64-bit postcomputations.
-//
-// There is one remaining multiplication by 19 in the carry chain;
-// one *19 precomputation can be merged into this,
-// but the resulting data flow is considerably less clean.
-//
-// There are 12 carries below.
-// 10 of them are 2-way parallelizable and vectorizable.
-// Can get away with 11 carries, but then data flow is much deeper.
-//
-// With tighter constraints on inputs can squeeze carries into int32.
-func feMul(h, f, g *fieldElement) {
- f0 := f[0]
- f1 := f[1]
- f2 := f[2]
- f3 := f[3]
- f4 := f[4]
- f5 := f[5]
- f6 := f[6]
- f7 := f[7]
- f8 := f[8]
- f9 := f[9]
- g0 := g[0]
- g1 := g[1]
- g2 := g[2]
- g3 := g[3]
- g4 := g[4]
- g5 := g[5]
- g6 := g[6]
- g7 := g[7]
- g8 := g[8]
- g9 := g[9]
- g1_19 := 19 * g1 // 1.4*2^29
- g2_19 := 19 * g2 // 1.4*2^30; still ok
- g3_19 := 19 * g3
- g4_19 := 19 * g4
- g5_19 := 19 * g5
- g6_19 := 19 * g6
- g7_19 := 19 * g7
- g8_19 := 19 * g8
- g9_19 := 19 * g9
- f1_2 := 2 * f1
- f3_2 := 2 * f3
- f5_2 := 2 * f5
- f7_2 := 2 * f7
- f9_2 := 2 * f9
- f0g0 := int64(f0) * int64(g0)
- f0g1 := int64(f0) * int64(g1)
- f0g2 := int64(f0) * int64(g2)
- f0g3 := int64(f0) * int64(g3)
- f0g4 := int64(f0) * int64(g4)
- f0g5 := int64(f0) * int64(g5)
- f0g6 := int64(f0) * int64(g6)
- f0g7 := int64(f0) * int64(g7)
- f0g8 := int64(f0) * int64(g8)
- f0g9 := int64(f0) * int64(g9)
- f1g0 := int64(f1) * int64(g0)
- f1g1_2 := int64(f1_2) * int64(g1)
- f1g2 := int64(f1) * int64(g2)
- f1g3_2 := int64(f1_2) * int64(g3)
- f1g4 := int64(f1) * int64(g4)
- f1g5_2 := int64(f1_2) * int64(g5)
- f1g6 := int64(f1) * int64(g6)
- f1g7_2 := int64(f1_2) * int64(g7)
- f1g8 := int64(f1) * int64(g8)
- f1g9_38 := int64(f1_2) * int64(g9_19)
- f2g0 := int64(f2) * int64(g0)
- f2g1 := int64(f2) * int64(g1)
- f2g2 := int64(f2) * int64(g2)
- f2g3 := int64(f2) * int64(g3)
- f2g4 := int64(f2) * int64(g4)
- f2g5 := int64(f2) * int64(g5)
- f2g6 := int64(f2) * int64(g6)
- f2g7 := int64(f2) * int64(g7)
- f2g8_19 := int64(f2) * int64(g8_19)
- f2g9_19 := int64(f2) * int64(g9_19)
- f3g0 := int64(f3) * int64(g0)
- f3g1_2 := int64(f3_2) * int64(g1)
- f3g2 := int64(f3) * int64(g2)
- f3g3_2 := int64(f3_2) * int64(g3)
- f3g4 := int64(f3) * int64(g4)
- f3g5_2 := int64(f3_2) * int64(g5)
- f3g6 := int64(f3) * int64(g6)
- f3g7_38 := int64(f3_2) * int64(g7_19)
- f3g8_19 := int64(f3) * int64(g8_19)
- f3g9_38 := int64(f3_2) * int64(g9_19)
- f4g0 := int64(f4) * int64(g0)
- f4g1 := int64(f4) * int64(g1)
- f4g2 := int64(f4) * int64(g2)
- f4g3 := int64(f4) * int64(g3)
- f4g4 := int64(f4) * int64(g4)
- f4g5 := int64(f4) * int64(g5)
- f4g6_19 := int64(f4) * int64(g6_19)
- f4g7_19 := int64(f4) * int64(g7_19)
- f4g8_19 := int64(f4) * int64(g8_19)
- f4g9_19 := int64(f4) * int64(g9_19)
- f5g0 := int64(f5) * int64(g0)
- f5g1_2 := int64(f5_2) * int64(g1)
- f5g2 := int64(f5) * int64(g2)
- f5g3_2 := int64(f5_2) * int64(g3)
- f5g4 := int64(f5) * int64(g4)
- f5g5_38 := int64(f5_2) * int64(g5_19)
- f5g6_19 := int64(f5) * int64(g6_19)
- f5g7_38 := int64(f5_2) * int64(g7_19)
- f5g8_19 := int64(f5) * int64(g8_19)
- f5g9_38 := int64(f5_2) * int64(g9_19)
- f6g0 := int64(f6) * int64(g0)
- f6g1 := int64(f6) * int64(g1)
- f6g2 := int64(f6) * int64(g2)
- f6g3 := int64(f6) * int64(g3)
- f6g4_19 := int64(f6) * int64(g4_19)
- f6g5_19 := int64(f6) * int64(g5_19)
- f6g6_19 := int64(f6) * int64(g6_19)
- f6g7_19 := int64(f6) * int64(g7_19)
- f6g8_19 := int64(f6) * int64(g8_19)
- f6g9_19 := int64(f6) * int64(g9_19)
- f7g0 := int64(f7) * int64(g0)
- f7g1_2 := int64(f7_2) * int64(g1)
- f7g2 := int64(f7) * int64(g2)
- f7g3_38 := int64(f7_2) * int64(g3_19)
- f7g4_19 := int64(f7) * int64(g4_19)
- f7g5_38 := int64(f7_2) * int64(g5_19)
- f7g6_19 := int64(f7) * int64(g6_19)
- f7g7_38 := int64(f7_2) * int64(g7_19)
- f7g8_19 := int64(f7) * int64(g8_19)
- f7g9_38 := int64(f7_2) * int64(g9_19)
- f8g0 := int64(f8) * int64(g0)
- f8g1 := int64(f8) * int64(g1)
- f8g2_19 := int64(f8) * int64(g2_19)
- f8g3_19 := int64(f8) * int64(g3_19)
- f8g4_19 := int64(f8) * int64(g4_19)
- f8g5_19 := int64(f8) * int64(g5_19)
- f8g6_19 := int64(f8) * int64(g6_19)
- f8g7_19 := int64(f8) * int64(g7_19)
- f8g8_19 := int64(f8) * int64(g8_19)
- f8g9_19 := int64(f8) * int64(g9_19)
- f9g0 := int64(f9) * int64(g0)
- f9g1_38 := int64(f9_2) * int64(g1_19)
- f9g2_19 := int64(f9) * int64(g2_19)
- f9g3_38 := int64(f9_2) * int64(g3_19)
- f9g4_19 := int64(f9) * int64(g4_19)
- f9g5_38 := int64(f9_2) * int64(g5_19)
- f9g6_19 := int64(f9) * int64(g6_19)
- f9g7_38 := int64(f9_2) * int64(g7_19)
- f9g8_19 := int64(f9) * int64(g8_19)
- f9g9_38 := int64(f9_2) * int64(g9_19)
- h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
- h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
- h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
- h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
- h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
- h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
- h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
- h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
- h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
- h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
- var carry [10]int64
-
- // |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
- // i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
- // |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
- // i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
-
- carry[0] = (h0 + (1 << 25)) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
- carry[4] = (h4 + (1 << 25)) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
- // |h0| <= 2^25
- // |h4| <= 2^25
- // |h1| <= 1.51*2^58
- // |h5| <= 1.51*2^58
-
- carry[1] = (h1 + (1 << 24)) >> 25
- h2 += carry[1]
- h1 -= carry[1] << 25
- carry[5] = (h5 + (1 << 24)) >> 25
- h6 += carry[5]
- h5 -= carry[5] << 25
- // |h1| <= 2^24; from now on fits into int32
- // |h5| <= 2^24; from now on fits into int32
- // |h2| <= 1.21*2^59
- // |h6| <= 1.21*2^59
-
- carry[2] = (h2 + (1 << 25)) >> 26
- h3 += carry[2]
- h2 -= carry[2] << 26
- carry[6] = (h6 + (1 << 25)) >> 26
- h7 += carry[6]
- h6 -= carry[6] << 26
- // |h2| <= 2^25; from now on fits into int32 unchanged
- // |h6| <= 2^25; from now on fits into int32 unchanged
- // |h3| <= 1.51*2^58
- // |h7| <= 1.51*2^58
-
- carry[3] = (h3 + (1 << 24)) >> 25
- h4 += carry[3]
- h3 -= carry[3] << 25
- carry[7] = (h7 + (1 << 24)) >> 25
- h8 += carry[7]
- h7 -= carry[7] << 25
- // |h3| <= 2^24; from now on fits into int32 unchanged
- // |h7| <= 2^24; from now on fits into int32 unchanged
- // |h4| <= 1.52*2^33
- // |h8| <= 1.52*2^33
-
- carry[4] = (h4 + (1 << 25)) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
- carry[8] = (h8 + (1 << 25)) >> 26
- h9 += carry[8]
- h8 -= carry[8] << 26
- // |h4| <= 2^25; from now on fits into int32 unchanged
- // |h8| <= 2^25; from now on fits into int32 unchanged
- // |h5| <= 1.01*2^24
- // |h9| <= 1.51*2^58
-
- carry[9] = (h9 + (1 << 24)) >> 25
- h0 += carry[9] * 19
- h9 -= carry[9] << 25
- // |h9| <= 2^24; from now on fits into int32 unchanged
- // |h0| <= 1.8*2^37
-
- carry[0] = (h0 + (1 << 25)) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
- // |h0| <= 2^25; from now on fits into int32 unchanged
- // |h1| <= 1.01*2^24
-
- h[0] = int32(h0)
- h[1] = int32(h1)
- h[2] = int32(h2)
- h[3] = int32(h3)
- h[4] = int32(h4)
- h[5] = int32(h5)
- h[6] = int32(h6)
- h[7] = int32(h7)
- h[8] = int32(h8)
- h[9] = int32(h9)
-}
-
-// feSquare calculates h = f*f. Can overlap h with f.
-//
-// Preconditions:
-// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feSquare(h, f *fieldElement) {
- f0 := f[0]
- f1 := f[1]
- f2 := f[2]
- f3 := f[3]
- f4 := f[4]
- f5 := f[5]
- f6 := f[6]
- f7 := f[7]
- f8 := f[8]
- f9 := f[9]
- f0_2 := 2 * f0
- f1_2 := 2 * f1
- f2_2 := 2 * f2
- f3_2 := 2 * f3
- f4_2 := 2 * f4
- f5_2 := 2 * f5
- f6_2 := 2 * f6
- f7_2 := 2 * f7
- f5_38 := 38 * f5 // 1.31*2^30
- f6_19 := 19 * f6 // 1.31*2^30
- f7_38 := 38 * f7 // 1.31*2^30
- f8_19 := 19 * f8 // 1.31*2^30
- f9_38 := 38 * f9 // 1.31*2^30
- f0f0 := int64(f0) * int64(f0)
- f0f1_2 := int64(f0_2) * int64(f1)
- f0f2_2 := int64(f0_2) * int64(f2)
- f0f3_2 := int64(f0_2) * int64(f3)
- f0f4_2 := int64(f0_2) * int64(f4)
- f0f5_2 := int64(f0_2) * int64(f5)
- f0f6_2 := int64(f0_2) * int64(f6)
- f0f7_2 := int64(f0_2) * int64(f7)
- f0f8_2 := int64(f0_2) * int64(f8)
- f0f9_2 := int64(f0_2) * int64(f9)
- f1f1_2 := int64(f1_2) * int64(f1)
- f1f2_2 := int64(f1_2) * int64(f2)
- f1f3_4 := int64(f1_2) * int64(f3_2)
- f1f4_2 := int64(f1_2) * int64(f4)
- f1f5_4 := int64(f1_2) * int64(f5_2)
- f1f6_2 := int64(f1_2) * int64(f6)
- f1f7_4 := int64(f1_2) * int64(f7_2)
- f1f8_2 := int64(f1_2) * int64(f8)
- f1f9_76 := int64(f1_2) * int64(f9_38)
- f2f2 := int64(f2) * int64(f2)
- f2f3_2 := int64(f2_2) * int64(f3)
- f2f4_2 := int64(f2_2) * int64(f4)
- f2f5_2 := int64(f2_2) * int64(f5)
- f2f6_2 := int64(f2_2) * int64(f6)
- f2f7_2 := int64(f2_2) * int64(f7)
- f2f8_38 := int64(f2_2) * int64(f8_19)
- f2f9_38 := int64(f2) * int64(f9_38)
- f3f3_2 := int64(f3_2) * int64(f3)
- f3f4_2 := int64(f3_2) * int64(f4)
- f3f5_4 := int64(f3_2) * int64(f5_2)
- f3f6_2 := int64(f3_2) * int64(f6)
- f3f7_76 := int64(f3_2) * int64(f7_38)
- f3f8_38 := int64(f3_2) * int64(f8_19)
- f3f9_76 := int64(f3_2) * int64(f9_38)
- f4f4 := int64(f4) * int64(f4)
- f4f5_2 := int64(f4_2) * int64(f5)
- f4f6_38 := int64(f4_2) * int64(f6_19)
- f4f7_38 := int64(f4) * int64(f7_38)
- f4f8_38 := int64(f4_2) * int64(f8_19)
- f4f9_38 := int64(f4) * int64(f9_38)
- f5f5_38 := int64(f5) * int64(f5_38)
- f5f6_38 := int64(f5_2) * int64(f6_19)
- f5f7_76 := int64(f5_2) * int64(f7_38)
- f5f8_38 := int64(f5_2) * int64(f8_19)
- f5f9_76 := int64(f5_2) * int64(f9_38)
- f6f6_19 := int64(f6) * int64(f6_19)
- f6f7_38 := int64(f6) * int64(f7_38)
- f6f8_38 := int64(f6_2) * int64(f8_19)
- f6f9_38 := int64(f6) * int64(f9_38)
- f7f7_38 := int64(f7) * int64(f7_38)
- f7f8_38 := int64(f7_2) * int64(f8_19)
- f7f9_76 := int64(f7_2) * int64(f9_38)
- f8f8_19 := int64(f8) * int64(f8_19)
- f8f9_38 := int64(f8) * int64(f9_38)
- f9f9_38 := int64(f9) * int64(f9_38)
- h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
- h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
- h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
- h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
- h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
- h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
- h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
- h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
- h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
- h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
- var carry [10]int64
-
- carry[0] = (h0 + (1 << 25)) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
- carry[4] = (h4 + (1 << 25)) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
-
- carry[1] = (h1 + (1 << 24)) >> 25
- h2 += carry[1]
- h1 -= carry[1] << 25
- carry[5] = (h5 + (1 << 24)) >> 25
- h6 += carry[5]
- h5 -= carry[5] << 25
-
- carry[2] = (h2 + (1 << 25)) >> 26
- h3 += carry[2]
- h2 -= carry[2] << 26
- carry[6] = (h6 + (1 << 25)) >> 26
- h7 += carry[6]
- h6 -= carry[6] << 26
-
- carry[3] = (h3 + (1 << 24)) >> 25
- h4 += carry[3]
- h3 -= carry[3] << 25
- carry[7] = (h7 + (1 << 24)) >> 25
- h8 += carry[7]
- h7 -= carry[7] << 25
-
- carry[4] = (h4 + (1 << 25)) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
- carry[8] = (h8 + (1 << 25)) >> 26
- h9 += carry[8]
- h8 -= carry[8] << 26
-
- carry[9] = (h9 + (1 << 24)) >> 25
- h0 += carry[9] * 19
- h9 -= carry[9] << 25
-
- carry[0] = (h0 + (1 << 25)) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
-
- h[0] = int32(h0)
- h[1] = int32(h1)
- h[2] = int32(h2)
- h[3] = int32(h3)
- h[4] = int32(h4)
- h[5] = int32(h5)
- h[6] = int32(h6)
- h[7] = int32(h7)
- h[8] = int32(h8)
- h[9] = int32(h9)
-}
-
-// feMul121666 calculates h = f * 121666. Can overlap h with f.
-//
-// Preconditions:
-// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
-//
-// Postconditions:
-// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
-func feMul121666(h, f *fieldElement) {
- h0 := int64(f[0]) * 121666
- h1 := int64(f[1]) * 121666
- h2 := int64(f[2]) * 121666
- h3 := int64(f[3]) * 121666
- h4 := int64(f[4]) * 121666
- h5 := int64(f[5]) * 121666
- h6 := int64(f[6]) * 121666
- h7 := int64(f[7]) * 121666
- h8 := int64(f[8]) * 121666
- h9 := int64(f[9]) * 121666
- var carry [10]int64
-
- carry[9] = (h9 + (1 << 24)) >> 25
- h0 += carry[9] * 19
- h9 -= carry[9] << 25
- carry[1] = (h1 + (1 << 24)) >> 25
- h2 += carry[1]
- h1 -= carry[1] << 25
- carry[3] = (h3 + (1 << 24)) >> 25
- h4 += carry[3]
- h3 -= carry[3] << 25
- carry[5] = (h5 + (1 << 24)) >> 25
- h6 += carry[5]
- h5 -= carry[5] << 25
- carry[7] = (h7 + (1 << 24)) >> 25
- h8 += carry[7]
- h7 -= carry[7] << 25
-
- carry[0] = (h0 + (1 << 25)) >> 26
- h1 += carry[0]
- h0 -= carry[0] << 26
- carry[2] = (h2 + (1 << 25)) >> 26
- h3 += carry[2]
- h2 -= carry[2] << 26
- carry[4] = (h4 + (1 << 25)) >> 26
- h5 += carry[4]
- h4 -= carry[4] << 26
- carry[6] = (h6 + (1 << 25)) >> 26
- h7 += carry[6]
- h6 -= carry[6] << 26
- carry[8] = (h8 + (1 << 25)) >> 26
- h9 += carry[8]
- h8 -= carry[8] << 26
-
- h[0] = int32(h0)
- h[1] = int32(h1)
- h[2] = int32(h2)
- h[3] = int32(h3)
- h[4] = int32(h4)
- h[5] = int32(h5)
- h[6] = int32(h6)
- h[7] = int32(h7)
- h[8] = int32(h8)
- h[9] = int32(h9)
-}
-
-// feInvert sets out = z^-1.
-func feInvert(out, z *fieldElement) {
- var t0, t1, t2, t3 fieldElement
- var i int
-
- feSquare(&t0, z)
- for i = 1; i < 1; i++ {
- feSquare(&t0, &t0)
- }
- feSquare(&t1, &t0)
- for i = 1; i < 2; i++ {
- feSquare(&t1, &t1)
- }
- feMul(&t1, z, &t1)
- feMul(&t0, &t0, &t1)
- feSquare(&t2, &t0)
- for i = 1; i < 1; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t1, &t1, &t2)
- feSquare(&t2, &t1)
- for i = 1; i < 5; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t1, &t2, &t1)
- feSquare(&t2, &t1)
- for i = 1; i < 10; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t2, &t2, &t1)
- feSquare(&t3, &t2)
- for i = 1; i < 20; i++ {
- feSquare(&t3, &t3)
- }
- feMul(&t2, &t3, &t2)
- feSquare(&t2, &t2)
- for i = 1; i < 10; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t1, &t2, &t1)
- feSquare(&t2, &t1)
- for i = 1; i < 50; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t2, &t2, &t1)
- feSquare(&t3, &t2)
- for i = 1; i < 100; i++ {
- feSquare(&t3, &t3)
- }
- feMul(&t2, &t3, &t2)
- feSquare(&t2, &t2)
- for i = 1; i < 50; i++ {
- feSquare(&t2, &t2)
- }
- feMul(&t1, &t2, &t1)
- feSquare(&t1, &t1)
- for i = 1; i < 5; i++ {
- feSquare(&t1, &t1)
- }
- feMul(out, &t1, &t0)
-}
-
-func scalarMult(out, in, base *[32]byte) {
- var e [32]byte
-
- copy(e[:], in[:])
- e[0] &= 248
- e[31] &= 127
- e[31] |= 64
-
- var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
- feFromBytes(&x1, base)
- feOne(&x2)
- feCopy(&x3, &x1)
- feOne(&z3)
-
- swap := int32(0)
- for pos := 254; pos >= 0; pos-- {
- b := e[pos/8] >> uint(pos&7)
- b &= 1
- swap ^= int32(b)
- feCSwap(&x2, &x3, swap)
- feCSwap(&z2, &z3, swap)
- swap = int32(b)
-
- feSub(&tmp0, &x3, &z3)
- feSub(&tmp1, &x2, &z2)
- feAdd(&x2, &x2, &z2)
- feAdd(&z2, &x3, &z3)
- feMul(&z3, &tmp0, &x2)
- feMul(&z2, &z2, &tmp1)
- feSquare(&tmp0, &tmp1)
- feSquare(&tmp1, &x2)
- feAdd(&x3, &z3, &z2)
- feSub(&z2, &z3, &z2)
- feMul(&x2, &tmp1, &tmp0)
- feSub(&tmp1, &tmp1, &tmp0)
- feSquare(&z2, &z2)
- feMul121666(&z3, &tmp1)
- feSquare(&x3, &x3)
- feAdd(&tmp0, &tmp0, &z3)
- feMul(&z3, &x1, &z2)
- feMul(&z2, &tmp1, &tmp0)
- }
-
- feCSwap(&x2, &x3, swap)
- feCSwap(&z2, &z3, swap)
-
- feInvert(&z2, &z2)
- feMul(&x2, &x2, &z2)
- feToBytes(out, &x2)
+ return dst[:], nil
}
diff --git a/src/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go b/src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
similarity index 99%
rename from src/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
rename to src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
index 5822bd5..5120b77 100644
--- a/src/vendor/golang.org/x/crypto/curve25519/mont25519_amd64.go
+++ b/src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-// +build amd64,!gccgo,!appengine
+// +build amd64,!gccgo,!appengine,!purego
package curve25519
diff --git a/src/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
similarity index 76%
rename from src/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
rename to src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
index e0ac30c..0250c88 100644
--- a/src/vendor/golang.org/x/crypto/curve25519/ladderstep_amd64.s
+++ b/src/vendor/golang.org/x/crypto/curve25519/curve25519_amd64.s
@@ -5,9 +5,84 @@
// This code was translated into a form compatible with 6a from the public
// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-// +build amd64,!gccgo,!appengine
+// +build amd64,!gccgo,!appengine,!purego
-#include "const_amd64.h"
+#define REDMASK51 0x0007FFFFFFFFFFFF
+
+// These constants cannot be encoded in non-MOVQ immediates.
+// We access them directly from memory instead.
+
+DATA ·_121666_213(SB)/8, $996687872
+GLOBL ·_121666_213(SB), 8, $8
+
+DATA ·_2P0(SB)/8, $0xFFFFFFFFFFFDA
+GLOBL ·_2P0(SB), 8, $8
+
+DATA ·_2P1234(SB)/8, $0xFFFFFFFFFFFFE
+GLOBL ·_2P1234(SB), 8, $8
+
+// func freeze(inout *[5]uint64)
+TEXT ·freeze(SB),7,$0-8
+ MOVQ inout+0(FP), DI
+
+ MOVQ 0(DI),SI
+ MOVQ 8(DI),DX
+ MOVQ 16(DI),CX
+ MOVQ 24(DI),R8
+ MOVQ 32(DI),R9
+ MOVQ $REDMASK51,AX
+ MOVQ AX,R10
+ SUBQ $18,R10
+ MOVQ $3,R11
+REDUCELOOP:
+ MOVQ SI,R12
+ SHRQ $51,R12
+ ANDQ AX,SI
+ ADDQ R12,DX
+ MOVQ DX,R12
+ SHRQ $51,R12
+ ANDQ AX,DX
+ ADDQ R12,CX
+ MOVQ CX,R12
+ SHRQ $51,R12
+ ANDQ AX,CX
+ ADDQ R12,R8
+ MOVQ R8,R12
+ SHRQ $51,R12
+ ANDQ AX,R8
+ ADDQ R12,R9
+ MOVQ R9,R12
+ SHRQ $51,R12
+ ANDQ AX,R9
+ IMUL3Q $19,R12,R12
+ ADDQ R12,SI
+ SUBQ $1,R11
+ JA REDUCELOOP
+ MOVQ $1,R12
+ CMPQ R10,SI
+ CMOVQLT R11,R12
+ CMPQ AX,DX
+ CMOVQNE R11,R12
+ CMPQ AX,CX
+ CMOVQNE R11,R12
+ CMPQ AX,R8
+ CMOVQNE R11,R12
+ CMPQ AX,R9
+ CMOVQNE R11,R12
+ NEGQ R12
+ ANDQ R12,AX
+ ANDQ R12,R10
+ SUBQ R10,SI
+ SUBQ AX,DX
+ SUBQ AX,CX
+ SUBQ AX,R8
+ SUBQ AX,R9
+ MOVQ SI,0(DI)
+ MOVQ DX,8(DI)
+ MOVQ CX,16(DI)
+ MOVQ R8,24(DI)
+ MOVQ R9,32(DI)
+ RET
// func ladderstep(inout *[5][5]uint64)
TEXT ·ladderstep(SB),0,$296-8
@@ -1375,3 +1450,344 @@
MOVQ AX,104(DI)
MOVQ R10,112(DI)
RET
+
+// func cswap(inout *[4][5]uint64, v uint64)
+TEXT ·cswap(SB),7,$0
+ MOVQ inout+0(FP),DI
+ MOVQ v+8(FP),SI
+
+ SUBQ $1, SI
+ NOTQ SI
+ MOVQ SI, X15
+ PSHUFD $0x44, X15, X15
+
+ MOVOU 0(DI), X0
+ MOVOU 16(DI), X2
+ MOVOU 32(DI), X4
+ MOVOU 48(DI), X6
+ MOVOU 64(DI), X8
+ MOVOU 80(DI), X1
+ MOVOU 96(DI), X3
+ MOVOU 112(DI), X5
+ MOVOU 128(DI), X7
+ MOVOU 144(DI), X9
+
+ MOVO X1, X10
+ MOVO X3, X11
+ MOVO X5, X12
+ MOVO X7, X13
+ MOVO X9, X14
+
+ PXOR X0, X10
+ PXOR X2, X11
+ PXOR X4, X12
+ PXOR X6, X13
+ PXOR X8, X14
+ PAND X15, X10
+ PAND X15, X11
+ PAND X15, X12
+ PAND X15, X13
+ PAND X15, X14
+ PXOR X10, X0
+ PXOR X10, X1
+ PXOR X11, X2
+ PXOR X11, X3
+ PXOR X12, X4
+ PXOR X12, X5
+ PXOR X13, X6
+ PXOR X13, X7
+ PXOR X14, X8
+ PXOR X14, X9
+
+ MOVOU X0, 0(DI)
+ MOVOU X2, 16(DI)
+ MOVOU X4, 32(DI)
+ MOVOU X6, 48(DI)
+ MOVOU X8, 64(DI)
+ MOVOU X1, 80(DI)
+ MOVOU X3, 96(DI)
+ MOVOU X5, 112(DI)
+ MOVOU X7, 128(DI)
+ MOVOU X9, 144(DI)
+ RET
+
+// func mul(dest, a, b *[5]uint64)
+TEXT ·mul(SB),0,$16-24
+ MOVQ dest+0(FP), DI
+ MOVQ a+8(FP), SI
+ MOVQ b+16(FP), DX
+
+ MOVQ DX,CX
+ MOVQ 24(SI),DX
+ IMUL3Q $19,DX,AX
+ MOVQ AX,0(SP)
+ MULQ 16(CX)
+ MOVQ AX,R8
+ MOVQ DX,R9
+ MOVQ 32(SI),DX
+ IMUL3Q $19,DX,AX
+ MOVQ AX,8(SP)
+ MULQ 8(CX)
+ ADDQ AX,R8
+ ADCQ DX,R9
+ MOVQ 0(SI),AX
+ MULQ 0(CX)
+ ADDQ AX,R8
+ ADCQ DX,R9
+ MOVQ 0(SI),AX
+ MULQ 8(CX)
+ MOVQ AX,R10
+ MOVQ DX,R11
+ MOVQ 0(SI),AX
+ MULQ 16(CX)
+ MOVQ AX,R12
+ MOVQ DX,R13
+ MOVQ 0(SI),AX
+ MULQ 24(CX)
+ MOVQ AX,R14
+ MOVQ DX,R15
+ MOVQ 0(SI),AX
+ MULQ 32(CX)
+ MOVQ AX,BX
+ MOVQ DX,BP
+ MOVQ 8(SI),AX
+ MULQ 0(CX)
+ ADDQ AX,R10
+ ADCQ DX,R11
+ MOVQ 8(SI),AX
+ MULQ 8(CX)
+ ADDQ AX,R12
+ ADCQ DX,R13
+ MOVQ 8(SI),AX
+ MULQ 16(CX)
+ ADDQ AX,R14
+ ADCQ DX,R15
+ MOVQ 8(SI),AX
+ MULQ 24(CX)
+ ADDQ AX,BX
+ ADCQ DX,BP
+ MOVQ 8(SI),DX
+ IMUL3Q $19,DX,AX
+ MULQ 32(CX)
+ ADDQ AX,R8
+ ADCQ DX,R9
+ MOVQ 16(SI),AX
+ MULQ 0(CX)
+ ADDQ AX,R12
+ ADCQ DX,R13
+ MOVQ 16(SI),AX
+ MULQ 8(CX)
+ ADDQ AX,R14
+ ADCQ DX,R15
+ MOVQ 16(SI),AX
+ MULQ 16(CX)
+ ADDQ AX,BX
+ ADCQ DX,BP
+ MOVQ 16(SI),DX
+ IMUL3Q $19,DX,AX
+ MULQ 24(CX)
+ ADDQ AX,R8
+ ADCQ DX,R9
+ MOVQ 16(SI),DX
+ IMUL3Q $19,DX,AX
+ MULQ 32(CX)
+ ADDQ AX,R10
+ ADCQ DX,R11
+ MOVQ 24(SI),AX
+ MULQ 0(CX)
+ ADDQ AX,R14
+ ADCQ DX,R15
+ MOVQ 24(SI),AX
+ MULQ 8(CX)
+ ADDQ AX,BX
+ ADCQ DX,BP
+ MOVQ 0(SP),AX
+ MULQ 24(CX)
+ ADDQ AX,R10
+ ADCQ DX,R11
+ MOVQ 0(SP),AX
+ MULQ 32(CX)
+ ADDQ AX,R12
+ ADCQ DX,R13
+ MOVQ 32(SI),AX
+ MULQ 0(CX)
+ ADDQ AX,BX
+ ADCQ DX,BP
+ MOVQ 8(SP),AX
+ MULQ 16(CX)
+ ADDQ AX,R10
+ ADCQ DX,R11
+ MOVQ 8(SP),AX
+ MULQ 24(CX)
+ ADDQ AX,R12
+ ADCQ DX,R13
+ MOVQ 8(SP),AX
+ MULQ 32(CX)
+ ADDQ AX,R14
+ ADCQ DX,R15
+ MOVQ $REDMASK51,SI
+ SHLQ $13,R8,R9
+ ANDQ SI,R8
+ SHLQ $13,R10,R11
+ ANDQ SI,R10
+ ADDQ R9,R10
+ SHLQ $13,R12,R13
+ ANDQ SI,R12
+ ADDQ R11,R12
+ SHLQ $13,R14,R15
+ ANDQ SI,R14
+ ADDQ R13,R14
+ SHLQ $13,BX,BP
+ ANDQ SI,BX
+ ADDQ R15,BX
+ IMUL3Q $19,BP,DX
+ ADDQ DX,R8
+ MOVQ R8,DX
+ SHRQ $51,DX
+ ADDQ R10,DX
+ MOVQ DX,CX
+ SHRQ $51,DX
+ ANDQ SI,R8
+ ADDQ R12,DX
+ MOVQ DX,R9
+ SHRQ $51,DX
+ ANDQ SI,CX
+ ADDQ R14,DX
+ MOVQ DX,AX
+ SHRQ $51,DX
+ ANDQ SI,R9
+ ADDQ BX,DX
+ MOVQ DX,R10
+ SHRQ $51,DX
+ ANDQ SI,AX
+ IMUL3Q $19,DX,DX
+ ADDQ DX,R8
+ ANDQ SI,R10
+ MOVQ R8,0(DI)
+ MOVQ CX,8(DI)
+ MOVQ R9,16(DI)
+ MOVQ AX,24(DI)
+ MOVQ R10,32(DI)
+ RET
+
+// func square(out, in *[5]uint64)
+TEXT ·square(SB),7,$0-16
+ MOVQ out+0(FP), DI
+ MOVQ in+8(FP), SI
+
+ MOVQ 0(SI),AX
+ MULQ 0(SI)
+ MOVQ AX,CX
+ MOVQ DX,R8
+ MOVQ 0(SI),AX
+ SHLQ $1,AX
+ MULQ 8(SI)
+ MOVQ AX,R9
+ MOVQ DX,R10
+ MOVQ 0(SI),AX
+ SHLQ $1,AX
+ MULQ 16(SI)
+ MOVQ AX,R11
+ MOVQ DX,R12
+ MOVQ 0(SI),AX
+ SHLQ $1,AX
+ MULQ 24(SI)
+ MOVQ AX,R13
+ MOVQ DX,R14
+ MOVQ 0(SI),AX
+ SHLQ $1,AX
+ MULQ 32(SI)
+ MOVQ AX,R15
+ MOVQ DX,BX
+ MOVQ 8(SI),AX
+ MULQ 8(SI)
+ ADDQ AX,R11
+ ADCQ DX,R12
+ MOVQ 8(SI),AX
+ SHLQ $1,AX
+ MULQ 16(SI)
+ ADDQ AX,R13
+ ADCQ DX,R14
+ MOVQ 8(SI),AX
+ SHLQ $1,AX
+ MULQ 24(SI)
+ ADDQ AX,R15
+ ADCQ DX,BX
+ MOVQ 8(SI),DX
+ IMUL3Q $38,DX,AX
+ MULQ 32(SI)
+ ADDQ AX,CX
+ ADCQ DX,R8
+ MOVQ 16(SI),AX
+ MULQ 16(SI)
+ ADDQ AX,R15
+ ADCQ DX,BX
+ MOVQ 16(SI),DX
+ IMUL3Q $38,DX,AX
+ MULQ 24(SI)
+ ADDQ AX,CX
+ ADCQ DX,R8
+ MOVQ 16(SI),DX
+ IMUL3Q $38,DX,AX
+ MULQ 32(SI)
+ ADDQ AX,R9
+ ADCQ DX,R10
+ MOVQ 24(SI),DX
+ IMUL3Q $19,DX,AX
+ MULQ 24(SI)
+ ADDQ AX,R9
+ ADCQ DX,R10
+ MOVQ 24(SI),DX
+ IMUL3Q $38,DX,AX
+ MULQ 32(SI)
+ ADDQ AX,R11
+ ADCQ DX,R12
+ MOVQ 32(SI),DX
+ IMUL3Q $19,DX,AX
+ MULQ 32(SI)
+ ADDQ AX,R13
+ ADCQ DX,R14
+ MOVQ $REDMASK51,SI
+ SHLQ $13,CX,R8
+ ANDQ SI,CX
+ SHLQ $13,R9,R10
+ ANDQ SI,R9
+ ADDQ R8,R9
+ SHLQ $13,R11,R12
+ ANDQ SI,R11
+ ADDQ R10,R11
+ SHLQ $13,R13,R14
+ ANDQ SI,R13
+ ADDQ R12,R13
+ SHLQ $13,R15,BX
+ ANDQ SI,R15
+ ADDQ R14,R15
+ IMUL3Q $19,BX,DX
+ ADDQ DX,CX
+ MOVQ CX,DX
+ SHRQ $51,DX
+ ADDQ R9,DX
+ ANDQ SI,CX
+ MOVQ DX,R8
+ SHRQ $51,DX
+ ADDQ R11,DX
+ ANDQ SI,R8
+ MOVQ DX,R9
+ SHRQ $51,DX
+ ADDQ R13,DX
+ ANDQ SI,R9
+ MOVQ DX,AX
+ SHRQ $51,DX
+ ADDQ R15,DX
+ ANDQ SI,AX
+ MOVQ DX,R10
+ SHRQ $51,DX
+ IMUL3Q $19,DX,DX
+ ADDQ DX,CX
+ ANDQ SI,R10
+ MOVQ CX,0(DI)
+ MOVQ R8,8(DI)
+ MOVQ R9,16(DI)
+ MOVQ AX,24(DI)
+ MOVQ R10,32(DI)
+ RET
diff --git a/src/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go b/src/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
new file mode 100644
index 0000000..c43b13f
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/curve25519/curve25519_generic.go
@@ -0,0 +1,828 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package curve25519
+
+import "encoding/binary"
+
+// This code is a port of the public domain, "ref10" implementation of
+// curve25519 from SUPERCOP 20130419 by D. J. Bernstein.
+
+// fieldElement represents an element of the field GF(2^255 - 19). An element
+// t, entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+// t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+// context.
+type fieldElement [10]int32
+
+func feZero(fe *fieldElement) {
+ for i := range fe {
+ fe[i] = 0
+ }
+}
+
+func feOne(fe *fieldElement) {
+ feZero(fe)
+ fe[0] = 1
+}
+
+func feAdd(dst, a, b *fieldElement) {
+ for i := range dst {
+ dst[i] = a[i] + b[i]
+ }
+}
+
+func feSub(dst, a, b *fieldElement) {
+ for i := range dst {
+ dst[i] = a[i] - b[i]
+ }
+}
+
+func feCopy(dst, src *fieldElement) {
+ for i := range dst {
+ dst[i] = src[i]
+ }
+}
+
+// feCSwap replaces (f,g) with (g,f) if b == 1; replaces (f,g) with (f,g) if b == 0.
+//
+// Preconditions: b in {0,1}.
+func feCSwap(f, g *fieldElement, b int32) {
+ b = -b
+ for i := range f {
+ t := b & (f[i] ^ g[i])
+ f[i] ^= t
+ g[i] ^= t
+ }
+}
+
+// load3 reads a 24-bit, little-endian value from in.
+func load3(in []byte) int64 {
+ var r int64
+ r = int64(in[0])
+ r |= int64(in[1]) << 8
+ r |= int64(in[2]) << 16
+ return r
+}
+
+// load4 reads a 32-bit, little-endian value from in.
+func load4(in []byte) int64 {
+ return int64(binary.LittleEndian.Uint32(in))
+}
+
+func feFromBytes(dst *fieldElement, src *[32]byte) {
+ h0 := load4(src[:])
+ h1 := load3(src[4:]) << 6
+ h2 := load3(src[7:]) << 5
+ h3 := load3(src[10:]) << 3
+ h4 := load3(src[13:]) << 2
+ h5 := load4(src[16:])
+ h6 := load3(src[20:]) << 7
+ h7 := load3(src[23:]) << 5
+ h8 := load3(src[26:]) << 4
+ h9 := (load3(src[29:]) & 0x7fffff) << 2
+
+ var carry [10]int64
+ carry[9] = (h9 + 1<<24) >> 25
+ h0 += carry[9] * 19
+ h9 -= carry[9] << 25
+ carry[1] = (h1 + 1<<24) >> 25
+ h2 += carry[1]
+ h1 -= carry[1] << 25
+ carry[3] = (h3 + 1<<24) >> 25
+ h4 += carry[3]
+ h3 -= carry[3] << 25
+ carry[5] = (h5 + 1<<24) >> 25
+ h6 += carry[5]
+ h5 -= carry[5] << 25
+ carry[7] = (h7 + 1<<24) >> 25
+ h8 += carry[7]
+ h7 -= carry[7] << 25
+
+ carry[0] = (h0 + 1<<25) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+ carry[2] = (h2 + 1<<25) >> 26
+ h3 += carry[2]
+ h2 -= carry[2] << 26
+ carry[4] = (h4 + 1<<25) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+ carry[6] = (h6 + 1<<25) >> 26
+ h7 += carry[6]
+ h6 -= carry[6] << 26
+ carry[8] = (h8 + 1<<25) >> 26
+ h9 += carry[8]
+ h8 -= carry[8] << 26
+
+ dst[0] = int32(h0)
+ dst[1] = int32(h1)
+ dst[2] = int32(h2)
+ dst[3] = int32(h3)
+ dst[4] = int32(h4)
+ dst[5] = int32(h5)
+ dst[6] = int32(h6)
+ dst[7] = int32(h7)
+ dst[8] = int32(h8)
+ dst[9] = int32(h9)
+}
+
+// feToBytes marshals h to s.
+// Preconditions:
+// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Write p=2^255-19; q=floor(h/p).
+// Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+//
+// Proof:
+// Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+// Also have |h-2^230 h9|<2^230 so |19 2^(-255)(h-2^230 h9)|<1/4.
+//
+// Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+// Then 0<y<1.
+//
+// Write r=h-pq.
+// Have 0<=r<=p-1=2^255-20.
+// Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+//
+// Write x=r+19(2^-255)r+y.
+// Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+//
+// Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+// so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+func feToBytes(s *[32]byte, h *fieldElement) {
+ var carry [10]int32
+
+ q := (19*h[9] + (1 << 24)) >> 25
+ q = (h[0] + q) >> 26
+ q = (h[1] + q) >> 25
+ q = (h[2] + q) >> 26
+ q = (h[3] + q) >> 25
+ q = (h[4] + q) >> 26
+ q = (h[5] + q) >> 25
+ q = (h[6] + q) >> 26
+ q = (h[7] + q) >> 25
+ q = (h[8] + q) >> 26
+ q = (h[9] + q) >> 25
+
+ // Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20.
+ h[0] += 19 * q
+ // Goal: Output h-2^255 q, which is between 0 and 2^255-20.
+
+ carry[0] = h[0] >> 26
+ h[1] += carry[0]
+ h[0] -= carry[0] << 26
+ carry[1] = h[1] >> 25
+ h[2] += carry[1]
+ h[1] -= carry[1] << 25
+ carry[2] = h[2] >> 26
+ h[3] += carry[2]
+ h[2] -= carry[2] << 26
+ carry[3] = h[3] >> 25
+ h[4] += carry[3]
+ h[3] -= carry[3] << 25
+ carry[4] = h[4] >> 26
+ h[5] += carry[4]
+ h[4] -= carry[4] << 26
+ carry[5] = h[5] >> 25
+ h[6] += carry[5]
+ h[5] -= carry[5] << 25
+ carry[6] = h[6] >> 26
+ h[7] += carry[6]
+ h[6] -= carry[6] << 26
+ carry[7] = h[7] >> 25
+ h[8] += carry[7]
+ h[7] -= carry[7] << 25
+ carry[8] = h[8] >> 26
+ h[9] += carry[8]
+ h[8] -= carry[8] << 26
+ carry[9] = h[9] >> 25
+ h[9] -= carry[9] << 25
+ // h10 = carry9
+
+ // Goal: Output h[0]+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+ // Have h[0]+...+2^230 h[9] between 0 and 2^255-1;
+ // evidently 2^255 h10-2^255 q = 0.
+ // Goal: Output h[0]+...+2^230 h[9].
+
+ s[0] = byte(h[0] >> 0)
+ s[1] = byte(h[0] >> 8)
+ s[2] = byte(h[0] >> 16)
+ s[3] = byte((h[0] >> 24) | (h[1] << 2))
+ s[4] = byte(h[1] >> 6)
+ s[5] = byte(h[1] >> 14)
+ s[6] = byte((h[1] >> 22) | (h[2] << 3))
+ s[7] = byte(h[2] >> 5)
+ s[8] = byte(h[2] >> 13)
+ s[9] = byte((h[2] >> 21) | (h[3] << 5))
+ s[10] = byte(h[3] >> 3)
+ s[11] = byte(h[3] >> 11)
+ s[12] = byte((h[3] >> 19) | (h[4] << 6))
+ s[13] = byte(h[4] >> 2)
+ s[14] = byte(h[4] >> 10)
+ s[15] = byte(h[4] >> 18)
+ s[16] = byte(h[5] >> 0)
+ s[17] = byte(h[5] >> 8)
+ s[18] = byte(h[5] >> 16)
+ s[19] = byte((h[5] >> 24) | (h[6] << 1))
+ s[20] = byte(h[6] >> 7)
+ s[21] = byte(h[6] >> 15)
+ s[22] = byte((h[6] >> 23) | (h[7] << 3))
+ s[23] = byte(h[7] >> 5)
+ s[24] = byte(h[7] >> 13)
+ s[25] = byte((h[7] >> 21) | (h[8] << 4))
+ s[26] = byte(h[8] >> 4)
+ s[27] = byte(h[8] >> 12)
+ s[28] = byte((h[8] >> 20) | (h[9] << 6))
+ s[29] = byte(h[9] >> 2)
+ s[30] = byte(h[9] >> 10)
+ s[31] = byte(h[9] >> 18)
+}
+
+// feMul calculates h = f * g
+// Can overlap h with f or g.
+//
+// Preconditions:
+// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+// |g| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+//
+// Notes on implementation strategy:
+//
+// Using schoolbook multiplication.
+// Karatsuba would save a little in some cost models.
+//
+// Most multiplications by 2 and 19 are 32-bit precomputations;
+// cheaper than 64-bit postcomputations.
+//
+// There is one remaining multiplication by 19 in the carry chain;
+// one *19 precomputation can be merged into this,
+// but the resulting data flow is considerably less clean.
+//
+// There are 12 carries below.
+// 10 of them are 2-way parallelizable and vectorizable.
+// Can get away with 11 carries, but then data flow is much deeper.
+//
+// With tighter constraints on inputs can squeeze carries into int32.
+func feMul(h, f, g *fieldElement) {
+ f0 := f[0]
+ f1 := f[1]
+ f2 := f[2]
+ f3 := f[3]
+ f4 := f[4]
+ f5 := f[5]
+ f6 := f[6]
+ f7 := f[7]
+ f8 := f[8]
+ f9 := f[9]
+ g0 := g[0]
+ g1 := g[1]
+ g2 := g[2]
+ g3 := g[3]
+ g4 := g[4]
+ g5 := g[5]
+ g6 := g[6]
+ g7 := g[7]
+ g8 := g[8]
+ g9 := g[9]
+ g1_19 := 19 * g1 // 1.4*2^29
+ g2_19 := 19 * g2 // 1.4*2^30; still ok
+ g3_19 := 19 * g3
+ g4_19 := 19 * g4
+ g5_19 := 19 * g5
+ g6_19 := 19 * g6
+ g7_19 := 19 * g7
+ g8_19 := 19 * g8
+ g9_19 := 19 * g9
+ f1_2 := 2 * f1
+ f3_2 := 2 * f3
+ f5_2 := 2 * f5
+ f7_2 := 2 * f7
+ f9_2 := 2 * f9
+ f0g0 := int64(f0) * int64(g0)
+ f0g1 := int64(f0) * int64(g1)
+ f0g2 := int64(f0) * int64(g2)
+ f0g3 := int64(f0) * int64(g3)
+ f0g4 := int64(f0) * int64(g4)
+ f0g5 := int64(f0) * int64(g5)
+ f0g6 := int64(f0) * int64(g6)
+ f0g7 := int64(f0) * int64(g7)
+ f0g8 := int64(f0) * int64(g8)
+ f0g9 := int64(f0) * int64(g9)
+ f1g0 := int64(f1) * int64(g0)
+ f1g1_2 := int64(f1_2) * int64(g1)
+ f1g2 := int64(f1) * int64(g2)
+ f1g3_2 := int64(f1_2) * int64(g3)
+ f1g4 := int64(f1) * int64(g4)
+ f1g5_2 := int64(f1_2) * int64(g5)
+ f1g6 := int64(f1) * int64(g6)
+ f1g7_2 := int64(f1_2) * int64(g7)
+ f1g8 := int64(f1) * int64(g8)
+ f1g9_38 := int64(f1_2) * int64(g9_19)
+ f2g0 := int64(f2) * int64(g0)
+ f2g1 := int64(f2) * int64(g1)
+ f2g2 := int64(f2) * int64(g2)
+ f2g3 := int64(f2) * int64(g3)
+ f2g4 := int64(f2) * int64(g4)
+ f2g5 := int64(f2) * int64(g5)
+ f2g6 := int64(f2) * int64(g6)
+ f2g7 := int64(f2) * int64(g7)
+ f2g8_19 := int64(f2) * int64(g8_19)
+ f2g9_19 := int64(f2) * int64(g9_19)
+ f3g0 := int64(f3) * int64(g0)
+ f3g1_2 := int64(f3_2) * int64(g1)
+ f3g2 := int64(f3) * int64(g2)
+ f3g3_2 := int64(f3_2) * int64(g3)
+ f3g4 := int64(f3) * int64(g4)
+ f3g5_2 := int64(f3_2) * int64(g5)
+ f3g6 := int64(f3) * int64(g6)
+ f3g7_38 := int64(f3_2) * int64(g7_19)
+ f3g8_19 := int64(f3) * int64(g8_19)
+ f3g9_38 := int64(f3_2) * int64(g9_19)
+ f4g0 := int64(f4) * int64(g0)
+ f4g1 := int64(f4) * int64(g1)
+ f4g2 := int64(f4) * int64(g2)
+ f4g3 := int64(f4) * int64(g3)
+ f4g4 := int64(f4) * int64(g4)
+ f4g5 := int64(f4) * int64(g5)
+ f4g6_19 := int64(f4) * int64(g6_19)
+ f4g7_19 := int64(f4) * int64(g7_19)
+ f4g8_19 := int64(f4) * int64(g8_19)
+ f4g9_19 := int64(f4) * int64(g9_19)
+ f5g0 := int64(f5) * int64(g0)
+ f5g1_2 := int64(f5_2) * int64(g1)
+ f5g2 := int64(f5) * int64(g2)
+ f5g3_2 := int64(f5_2) * int64(g3)
+ f5g4 := int64(f5) * int64(g4)
+ f5g5_38 := int64(f5_2) * int64(g5_19)
+ f5g6_19 := int64(f5) * int64(g6_19)
+ f5g7_38 := int64(f5_2) * int64(g7_19)
+ f5g8_19 := int64(f5) * int64(g8_19)
+ f5g9_38 := int64(f5_2) * int64(g9_19)
+ f6g0 := int64(f6) * int64(g0)
+ f6g1 := int64(f6) * int64(g1)
+ f6g2 := int64(f6) * int64(g2)
+ f6g3 := int64(f6) * int64(g3)
+ f6g4_19 := int64(f6) * int64(g4_19)
+ f6g5_19 := int64(f6) * int64(g5_19)
+ f6g6_19 := int64(f6) * int64(g6_19)
+ f6g7_19 := int64(f6) * int64(g7_19)
+ f6g8_19 := int64(f6) * int64(g8_19)
+ f6g9_19 := int64(f6) * int64(g9_19)
+ f7g0 := int64(f7) * int64(g0)
+ f7g1_2 := int64(f7_2) * int64(g1)
+ f7g2 := int64(f7) * int64(g2)
+ f7g3_38 := int64(f7_2) * int64(g3_19)
+ f7g4_19 := int64(f7) * int64(g4_19)
+ f7g5_38 := int64(f7_2) * int64(g5_19)
+ f7g6_19 := int64(f7) * int64(g6_19)
+ f7g7_38 := int64(f7_2) * int64(g7_19)
+ f7g8_19 := int64(f7) * int64(g8_19)
+ f7g9_38 := int64(f7_2) * int64(g9_19)
+ f8g0 := int64(f8) * int64(g0)
+ f8g1 := int64(f8) * int64(g1)
+ f8g2_19 := int64(f8) * int64(g2_19)
+ f8g3_19 := int64(f8) * int64(g3_19)
+ f8g4_19 := int64(f8) * int64(g4_19)
+ f8g5_19 := int64(f8) * int64(g5_19)
+ f8g6_19 := int64(f8) * int64(g6_19)
+ f8g7_19 := int64(f8) * int64(g7_19)
+ f8g8_19 := int64(f8) * int64(g8_19)
+ f8g9_19 := int64(f8) * int64(g9_19)
+ f9g0 := int64(f9) * int64(g0)
+ f9g1_38 := int64(f9_2) * int64(g1_19)
+ f9g2_19 := int64(f9) * int64(g2_19)
+ f9g3_38 := int64(f9_2) * int64(g3_19)
+ f9g4_19 := int64(f9) * int64(g4_19)
+ f9g5_38 := int64(f9_2) * int64(g5_19)
+ f9g6_19 := int64(f9) * int64(g6_19)
+ f9g7_38 := int64(f9_2) * int64(g7_19)
+ f9g8_19 := int64(f9) * int64(g8_19)
+ f9g9_38 := int64(f9_2) * int64(g9_19)
+ h0 := f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38
+ h1 := f0g1 + f1g0 + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19
+ h2 := f0g2 + f1g1_2 + f2g0 + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38
+ h3 := f0g3 + f1g2 + f2g1 + f3g0 + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19
+ h4 := f0g4 + f1g3_2 + f2g2 + f3g1_2 + f4g0 + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38
+ h5 := f0g5 + f1g4 + f2g3 + f3g2 + f4g1 + f5g0 + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19
+ h6 := f0g6 + f1g5_2 + f2g4 + f3g3_2 + f4g2 + f5g1_2 + f6g0 + f7g9_38 + f8g8_19 + f9g7_38
+ h7 := f0g7 + f1g6 + f2g5 + f3g4 + f4g3 + f5g2 + f6g1 + f7g0 + f8g9_19 + f9g8_19
+ h8 := f0g8 + f1g7_2 + f2g6 + f3g5_2 + f4g4 + f5g3_2 + f6g2 + f7g1_2 + f8g0 + f9g9_38
+ h9 := f0g9 + f1g8 + f2g7 + f3g6 + f4g5 + f5g4 + f6g3 + f7g2 + f8g1 + f9g0
+ var carry [10]int64
+
+ // |h0| <= (1.1*1.1*2^52*(1+19+19+19+19)+1.1*1.1*2^50*(38+38+38+38+38))
+ // i.e. |h0| <= 1.2*2^59; narrower ranges for h2, h4, h6, h8
+ // |h1| <= (1.1*1.1*2^51*(1+1+19+19+19+19+19+19+19+19))
+ // i.e. |h1| <= 1.5*2^58; narrower ranges for h3, h5, h7, h9
+
+ carry[0] = (h0 + (1 << 25)) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+ carry[4] = (h4 + (1 << 25)) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+ // |h0| <= 2^25
+ // |h4| <= 2^25
+ // |h1| <= 1.51*2^58
+ // |h5| <= 1.51*2^58
+
+ carry[1] = (h1 + (1 << 24)) >> 25
+ h2 += carry[1]
+ h1 -= carry[1] << 25
+ carry[5] = (h5 + (1 << 24)) >> 25
+ h6 += carry[5]
+ h5 -= carry[5] << 25
+ // |h1| <= 2^24; from now on fits into int32
+ // |h5| <= 2^24; from now on fits into int32
+ // |h2| <= 1.21*2^59
+ // |h6| <= 1.21*2^59
+
+ carry[2] = (h2 + (1 << 25)) >> 26
+ h3 += carry[2]
+ h2 -= carry[2] << 26
+ carry[6] = (h6 + (1 << 25)) >> 26
+ h7 += carry[6]
+ h6 -= carry[6] << 26
+ // |h2| <= 2^25; from now on fits into int32 unchanged
+ // |h6| <= 2^25; from now on fits into int32 unchanged
+ // |h3| <= 1.51*2^58
+ // |h7| <= 1.51*2^58
+
+ carry[3] = (h3 + (1 << 24)) >> 25
+ h4 += carry[3]
+ h3 -= carry[3] << 25
+ carry[7] = (h7 + (1 << 24)) >> 25
+ h8 += carry[7]
+ h7 -= carry[7] << 25
+ // |h3| <= 2^24; from now on fits into int32 unchanged
+ // |h7| <= 2^24; from now on fits into int32 unchanged
+ // |h4| <= 1.52*2^33
+ // |h8| <= 1.52*2^33
+
+ carry[4] = (h4 + (1 << 25)) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+ carry[8] = (h8 + (1 << 25)) >> 26
+ h9 += carry[8]
+ h8 -= carry[8] << 26
+ // |h4| <= 2^25; from now on fits into int32 unchanged
+ // |h8| <= 2^25; from now on fits into int32 unchanged
+ // |h5| <= 1.01*2^24
+ // |h9| <= 1.51*2^58
+
+ carry[9] = (h9 + (1 << 24)) >> 25
+ h0 += carry[9] * 19
+ h9 -= carry[9] << 25
+ // |h9| <= 2^24; from now on fits into int32 unchanged
+ // |h0| <= 1.8*2^37
+
+ carry[0] = (h0 + (1 << 25)) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+ // |h0| <= 2^25; from now on fits into int32 unchanged
+ // |h1| <= 1.01*2^24
+
+ h[0] = int32(h0)
+ h[1] = int32(h1)
+ h[2] = int32(h2)
+ h[3] = int32(h3)
+ h[4] = int32(h4)
+ h[5] = int32(h5)
+ h[6] = int32(h6)
+ h[7] = int32(h7)
+ h[8] = int32(h8)
+ h[9] = int32(h9)
+}
+
+// feSquare calculates h = f*f. Can overlap h with f.
+//
+// Preconditions:
+// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feSquare(h, f *fieldElement) {
+ f0 := f[0]
+ f1 := f[1]
+ f2 := f[2]
+ f3 := f[3]
+ f4 := f[4]
+ f5 := f[5]
+ f6 := f[6]
+ f7 := f[7]
+ f8 := f[8]
+ f9 := f[9]
+ f0_2 := 2 * f0
+ f1_2 := 2 * f1
+ f2_2 := 2 * f2
+ f3_2 := 2 * f3
+ f4_2 := 2 * f4
+ f5_2 := 2 * f5
+ f6_2 := 2 * f6
+ f7_2 := 2 * f7
+ f5_38 := 38 * f5 // 1.31*2^30
+ f6_19 := 19 * f6 // 1.31*2^30
+ f7_38 := 38 * f7 // 1.31*2^30
+ f8_19 := 19 * f8 // 1.31*2^30
+ f9_38 := 38 * f9 // 1.31*2^30
+ f0f0 := int64(f0) * int64(f0)
+ f0f1_2 := int64(f0_2) * int64(f1)
+ f0f2_2 := int64(f0_2) * int64(f2)
+ f0f3_2 := int64(f0_2) * int64(f3)
+ f0f4_2 := int64(f0_2) * int64(f4)
+ f0f5_2 := int64(f0_2) * int64(f5)
+ f0f6_2 := int64(f0_2) * int64(f6)
+ f0f7_2 := int64(f0_2) * int64(f7)
+ f0f8_2 := int64(f0_2) * int64(f8)
+ f0f9_2 := int64(f0_2) * int64(f9)
+ f1f1_2 := int64(f1_2) * int64(f1)
+ f1f2_2 := int64(f1_2) * int64(f2)
+ f1f3_4 := int64(f1_2) * int64(f3_2)
+ f1f4_2 := int64(f1_2) * int64(f4)
+ f1f5_4 := int64(f1_2) * int64(f5_2)
+ f1f6_2 := int64(f1_2) * int64(f6)
+ f1f7_4 := int64(f1_2) * int64(f7_2)
+ f1f8_2 := int64(f1_2) * int64(f8)
+ f1f9_76 := int64(f1_2) * int64(f9_38)
+ f2f2 := int64(f2) * int64(f2)
+ f2f3_2 := int64(f2_2) * int64(f3)
+ f2f4_2 := int64(f2_2) * int64(f4)
+ f2f5_2 := int64(f2_2) * int64(f5)
+ f2f6_2 := int64(f2_2) * int64(f6)
+ f2f7_2 := int64(f2_2) * int64(f7)
+ f2f8_38 := int64(f2_2) * int64(f8_19)
+ f2f9_38 := int64(f2) * int64(f9_38)
+ f3f3_2 := int64(f3_2) * int64(f3)
+ f3f4_2 := int64(f3_2) * int64(f4)
+ f3f5_4 := int64(f3_2) * int64(f5_2)
+ f3f6_2 := int64(f3_2) * int64(f6)
+ f3f7_76 := int64(f3_2) * int64(f7_38)
+ f3f8_38 := int64(f3_2) * int64(f8_19)
+ f3f9_76 := int64(f3_2) * int64(f9_38)
+ f4f4 := int64(f4) * int64(f4)
+ f4f5_2 := int64(f4_2) * int64(f5)
+ f4f6_38 := int64(f4_2) * int64(f6_19)
+ f4f7_38 := int64(f4) * int64(f7_38)
+ f4f8_38 := int64(f4_2) * int64(f8_19)
+ f4f9_38 := int64(f4) * int64(f9_38)
+ f5f5_38 := int64(f5) * int64(f5_38)
+ f5f6_38 := int64(f5_2) * int64(f6_19)
+ f5f7_76 := int64(f5_2) * int64(f7_38)
+ f5f8_38 := int64(f5_2) * int64(f8_19)
+ f5f9_76 := int64(f5_2) * int64(f9_38)
+ f6f6_19 := int64(f6) * int64(f6_19)
+ f6f7_38 := int64(f6) * int64(f7_38)
+ f6f8_38 := int64(f6_2) * int64(f8_19)
+ f6f9_38 := int64(f6) * int64(f9_38)
+ f7f7_38 := int64(f7) * int64(f7_38)
+ f7f8_38 := int64(f7_2) * int64(f8_19)
+ f7f9_76 := int64(f7_2) * int64(f9_38)
+ f8f8_19 := int64(f8) * int64(f8_19)
+ f8f9_38 := int64(f8) * int64(f9_38)
+ f9f9_38 := int64(f9) * int64(f9_38)
+ h0 := f0f0 + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38
+ h1 := f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38
+ h2 := f0f2_2 + f1f1_2 + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19
+ h3 := f0f3_2 + f1f2_2 + f4f9_38 + f5f8_38 + f6f7_38
+ h4 := f0f4_2 + f1f3_4 + f2f2 + f5f9_76 + f6f8_38 + f7f7_38
+ h5 := f0f5_2 + f1f4_2 + f2f3_2 + f6f9_38 + f7f8_38
+ h6 := f0f6_2 + f1f5_4 + f2f4_2 + f3f3_2 + f7f9_76 + f8f8_19
+ h7 := f0f7_2 + f1f6_2 + f2f5_2 + f3f4_2 + f8f9_38
+ h8 := f0f8_2 + f1f7_4 + f2f6_2 + f3f5_4 + f4f4 + f9f9_38
+ h9 := f0f9_2 + f1f8_2 + f2f7_2 + f3f6_2 + f4f5_2
+ var carry [10]int64
+
+ carry[0] = (h0 + (1 << 25)) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+ carry[4] = (h4 + (1 << 25)) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+
+ carry[1] = (h1 + (1 << 24)) >> 25
+ h2 += carry[1]
+ h1 -= carry[1] << 25
+ carry[5] = (h5 + (1 << 24)) >> 25
+ h6 += carry[5]
+ h5 -= carry[5] << 25
+
+ carry[2] = (h2 + (1 << 25)) >> 26
+ h3 += carry[2]
+ h2 -= carry[2] << 26
+ carry[6] = (h6 + (1 << 25)) >> 26
+ h7 += carry[6]
+ h6 -= carry[6] << 26
+
+ carry[3] = (h3 + (1 << 24)) >> 25
+ h4 += carry[3]
+ h3 -= carry[3] << 25
+ carry[7] = (h7 + (1 << 24)) >> 25
+ h8 += carry[7]
+ h7 -= carry[7] << 25
+
+ carry[4] = (h4 + (1 << 25)) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+ carry[8] = (h8 + (1 << 25)) >> 26
+ h9 += carry[8]
+ h8 -= carry[8] << 26
+
+ carry[9] = (h9 + (1 << 24)) >> 25
+ h0 += carry[9] * 19
+ h9 -= carry[9] << 25
+
+ carry[0] = (h0 + (1 << 25)) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+
+ h[0] = int32(h0)
+ h[1] = int32(h1)
+ h[2] = int32(h2)
+ h[3] = int32(h3)
+ h[4] = int32(h4)
+ h[5] = int32(h5)
+ h[6] = int32(h6)
+ h[7] = int32(h7)
+ h[8] = int32(h8)
+ h[9] = int32(h9)
+}
+
+// feMul121666 calculates h = f * 121666. Can overlap h with f.
+//
+// Preconditions:
+// |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+//
+// Postconditions:
+// |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+func feMul121666(h, f *fieldElement) {
+ h0 := int64(f[0]) * 121666
+ h1 := int64(f[1]) * 121666
+ h2 := int64(f[2]) * 121666
+ h3 := int64(f[3]) * 121666
+ h4 := int64(f[4]) * 121666
+ h5 := int64(f[5]) * 121666
+ h6 := int64(f[6]) * 121666
+ h7 := int64(f[7]) * 121666
+ h8 := int64(f[8]) * 121666
+ h9 := int64(f[9]) * 121666
+ var carry [10]int64
+
+ carry[9] = (h9 + (1 << 24)) >> 25
+ h0 += carry[9] * 19
+ h9 -= carry[9] << 25
+ carry[1] = (h1 + (1 << 24)) >> 25
+ h2 += carry[1]
+ h1 -= carry[1] << 25
+ carry[3] = (h3 + (1 << 24)) >> 25
+ h4 += carry[3]
+ h3 -= carry[3] << 25
+ carry[5] = (h5 + (1 << 24)) >> 25
+ h6 += carry[5]
+ h5 -= carry[5] << 25
+ carry[7] = (h7 + (1 << 24)) >> 25
+ h8 += carry[7]
+ h7 -= carry[7] << 25
+
+ carry[0] = (h0 + (1 << 25)) >> 26
+ h1 += carry[0]
+ h0 -= carry[0] << 26
+ carry[2] = (h2 + (1 << 25)) >> 26
+ h3 += carry[2]
+ h2 -= carry[2] << 26
+ carry[4] = (h4 + (1 << 25)) >> 26
+ h5 += carry[4]
+ h4 -= carry[4] << 26
+ carry[6] = (h6 + (1 << 25)) >> 26
+ h7 += carry[6]
+ h6 -= carry[6] << 26
+ carry[8] = (h8 + (1 << 25)) >> 26
+ h9 += carry[8]
+ h8 -= carry[8] << 26
+
+ h[0] = int32(h0)
+ h[1] = int32(h1)
+ h[2] = int32(h2)
+ h[3] = int32(h3)
+ h[4] = int32(h4)
+ h[5] = int32(h5)
+ h[6] = int32(h6)
+ h[7] = int32(h7)
+ h[8] = int32(h8)
+ h[9] = int32(h9)
+}
+
+// feInvert sets out = z^-1.
+func feInvert(out, z *fieldElement) {
+ var t0, t1, t2, t3 fieldElement
+ var i int
+
+ feSquare(&t0, z)
+ for i = 1; i < 1; i++ {
+ feSquare(&t0, &t0)
+ }
+ feSquare(&t1, &t0)
+ for i = 1; i < 2; i++ {
+ feSquare(&t1, &t1)
+ }
+ feMul(&t1, z, &t1)
+ feMul(&t0, &t0, &t1)
+ feSquare(&t2, &t0)
+ for i = 1; i < 1; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t1, &t1, &t2)
+ feSquare(&t2, &t1)
+ for i = 1; i < 5; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t1, &t2, &t1)
+ feSquare(&t2, &t1)
+ for i = 1; i < 10; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t2, &t2, &t1)
+ feSquare(&t3, &t2)
+ for i = 1; i < 20; i++ {
+ feSquare(&t3, &t3)
+ }
+ feMul(&t2, &t3, &t2)
+ feSquare(&t2, &t2)
+ for i = 1; i < 10; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t1, &t2, &t1)
+ feSquare(&t2, &t1)
+ for i = 1; i < 50; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t2, &t2, &t1)
+ feSquare(&t3, &t2)
+ for i = 1; i < 100; i++ {
+ feSquare(&t3, &t3)
+ }
+ feMul(&t2, &t3, &t2)
+ feSquare(&t2, &t2)
+ for i = 1; i < 50; i++ {
+ feSquare(&t2, &t2)
+ }
+ feMul(&t1, &t2, &t1)
+ feSquare(&t1, &t1)
+ for i = 1; i < 5; i++ {
+ feSquare(&t1, &t1)
+ }
+ feMul(out, &t1, &t0)
+}
+
+func scalarMultGeneric(out, in, base *[32]byte) {
+ var e [32]byte
+
+ copy(e[:], in[:])
+ e[0] &= 248
+ e[31] &= 127
+ e[31] |= 64
+
+ var x1, x2, z2, x3, z3, tmp0, tmp1 fieldElement
+ feFromBytes(&x1, base)
+ feOne(&x2)
+ feCopy(&x3, &x1)
+ feOne(&z3)
+
+ swap := int32(0)
+ for pos := 254; pos >= 0; pos-- {
+ b := e[pos/8] >> uint(pos&7)
+ b &= 1
+ swap ^= int32(b)
+ feCSwap(&x2, &x3, swap)
+ feCSwap(&z2, &z3, swap)
+ swap = int32(b)
+
+ feSub(&tmp0, &x3, &z3)
+ feSub(&tmp1, &x2, &z2)
+ feAdd(&x2, &x2, &z2)
+ feAdd(&z2, &x3, &z3)
+ feMul(&z3, &tmp0, &x2)
+ feMul(&z2, &z2, &tmp1)
+ feSquare(&tmp0, &tmp1)
+ feSquare(&tmp1, &x2)
+ feAdd(&x3, &z3, &z2)
+ feSub(&z2, &z3, &z2)
+ feMul(&x2, &tmp1, &tmp0)
+ feSub(&tmp1, &tmp1, &tmp0)
+ feSquare(&z2, &z2)
+ feMul121666(&z3, &tmp1)
+ feSquare(&x3, &x3)
+ feAdd(&tmp0, &tmp0, &z3)
+ feMul(&z3, &x1, &z2)
+ feMul(&z2, &tmp1, &tmp0)
+ }
+
+ feCSwap(&x2, &x3, swap)
+ feCSwap(&z2, &z3, swap)
+
+ feInvert(&z2, &z2)
+ feMul(&x2, &x2, &z2)
+ feToBytes(out, &x2)
+}
diff --git a/src/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go b/src/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
new file mode 100644
index 0000000..047d49a
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/curve25519/curve25519_noasm.go
@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !amd64 gccgo appengine purego
+
+package curve25519
+
+func scalarMult(out, in, base *[32]byte) {
+ scalarMultGeneric(out, in, base)
+}
diff --git a/src/vendor/golang.org/x/crypto/curve25519/doc.go b/src/vendor/golang.org/x/crypto/curve25519/doc.go
deleted file mode 100644
index da9b10d..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/doc.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package curve25519 provides an implementation of scalar multiplication on
-// the elliptic curve known as curve25519. See https://cr.yp.to/ecdh.html
-package curve25519 // import "golang.org/x/crypto/curve25519"
-
-// basePoint is the x coordinate of the generator of the curve.
-var basePoint = [32]byte{9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
-
-// ScalarMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points and all values are in little-endian form.
-func ScalarMult(dst, in, base *[32]byte) {
- scalarMult(dst, in, base)
-}
-
-// ScalarBaseMult sets dst to the product in*base where dst and base are the x
-// coordinates of group points, base is the standard generator and all values
-// are in little-endian form.
-func ScalarBaseMult(dst, in *[32]byte) {
- ScalarMult(dst, in, &basePoint)
-}
diff --git a/src/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
deleted file mode 100644
index 3908161..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/freeze_amd64.s
+++ /dev/null
@@ -1,73 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func freeze(inout *[5]uint64)
-TEXT ·freeze(SB),7,$0-8
- MOVQ inout+0(FP), DI
-
- MOVQ 0(DI),SI
- MOVQ 8(DI),DX
- MOVQ 16(DI),CX
- MOVQ 24(DI),R8
- MOVQ 32(DI),R9
- MOVQ $REDMASK51,AX
- MOVQ AX,R10
- SUBQ $18,R10
- MOVQ $3,R11
-REDUCELOOP:
- MOVQ SI,R12
- SHRQ $51,R12
- ANDQ AX,SI
- ADDQ R12,DX
- MOVQ DX,R12
- SHRQ $51,R12
- ANDQ AX,DX
- ADDQ R12,CX
- MOVQ CX,R12
- SHRQ $51,R12
- ANDQ AX,CX
- ADDQ R12,R8
- MOVQ R8,R12
- SHRQ $51,R12
- ANDQ AX,R8
- ADDQ R12,R9
- MOVQ R9,R12
- SHRQ $51,R12
- ANDQ AX,R9
- IMUL3Q $19,R12,R12
- ADDQ R12,SI
- SUBQ $1,R11
- JA REDUCELOOP
- MOVQ $1,R12
- CMPQ R10,SI
- CMOVQLT R11,R12
- CMPQ AX,DX
- CMOVQNE R11,R12
- CMPQ AX,CX
- CMOVQNE R11,R12
- CMPQ AX,R8
- CMOVQNE R11,R12
- CMPQ AX,R9
- CMOVQNE R11,R12
- NEGQ R12
- ANDQ R12,AX
- ANDQ R12,R10
- SUBQ R10,SI
- SUBQ AX,DX
- SUBQ AX,CX
- SUBQ AX,R8
- SUBQ AX,R9
- MOVQ SI,0(DI)
- MOVQ DX,8(DI)
- MOVQ CX,16(DI)
- MOVQ R8,24(DI)
- MOVQ R9,32(DI)
- RET
diff --git a/src/vendor/golang.org/x/crypto/curve25519/mul_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
deleted file mode 100644
index 1f76d1a..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/mul_amd64.s
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func mul(dest, a, b *[5]uint64)
-TEXT ·mul(SB),0,$16-24
- MOVQ dest+0(FP), DI
- MOVQ a+8(FP), SI
- MOVQ b+16(FP), DX
-
- MOVQ DX,CX
- MOVQ 24(SI),DX
- IMUL3Q $19,DX,AX
- MOVQ AX,0(SP)
- MULQ 16(CX)
- MOVQ AX,R8
- MOVQ DX,R9
- MOVQ 32(SI),DX
- IMUL3Q $19,DX,AX
- MOVQ AX,8(SP)
- MULQ 8(CX)
- ADDQ AX,R8
- ADCQ DX,R9
- MOVQ 0(SI),AX
- MULQ 0(CX)
- ADDQ AX,R8
- ADCQ DX,R9
- MOVQ 0(SI),AX
- MULQ 8(CX)
- MOVQ AX,R10
- MOVQ DX,R11
- MOVQ 0(SI),AX
- MULQ 16(CX)
- MOVQ AX,R12
- MOVQ DX,R13
- MOVQ 0(SI),AX
- MULQ 24(CX)
- MOVQ AX,R14
- MOVQ DX,R15
- MOVQ 0(SI),AX
- MULQ 32(CX)
- MOVQ AX,BX
- MOVQ DX,BP
- MOVQ 8(SI),AX
- MULQ 0(CX)
- ADDQ AX,R10
- ADCQ DX,R11
- MOVQ 8(SI),AX
- MULQ 8(CX)
- ADDQ AX,R12
- ADCQ DX,R13
- MOVQ 8(SI),AX
- MULQ 16(CX)
- ADDQ AX,R14
- ADCQ DX,R15
- MOVQ 8(SI),AX
- MULQ 24(CX)
- ADDQ AX,BX
- ADCQ DX,BP
- MOVQ 8(SI),DX
- IMUL3Q $19,DX,AX
- MULQ 32(CX)
- ADDQ AX,R8
- ADCQ DX,R9
- MOVQ 16(SI),AX
- MULQ 0(CX)
- ADDQ AX,R12
- ADCQ DX,R13
- MOVQ 16(SI),AX
- MULQ 8(CX)
- ADDQ AX,R14
- ADCQ DX,R15
- MOVQ 16(SI),AX
- MULQ 16(CX)
- ADDQ AX,BX
- ADCQ DX,BP
- MOVQ 16(SI),DX
- IMUL3Q $19,DX,AX
- MULQ 24(CX)
- ADDQ AX,R8
- ADCQ DX,R9
- MOVQ 16(SI),DX
- IMUL3Q $19,DX,AX
- MULQ 32(CX)
- ADDQ AX,R10
- ADCQ DX,R11
- MOVQ 24(SI),AX
- MULQ 0(CX)
- ADDQ AX,R14
- ADCQ DX,R15
- MOVQ 24(SI),AX
- MULQ 8(CX)
- ADDQ AX,BX
- ADCQ DX,BP
- MOVQ 0(SP),AX
- MULQ 24(CX)
- ADDQ AX,R10
- ADCQ DX,R11
- MOVQ 0(SP),AX
- MULQ 32(CX)
- ADDQ AX,R12
- ADCQ DX,R13
- MOVQ 32(SI),AX
- MULQ 0(CX)
- ADDQ AX,BX
- ADCQ DX,BP
- MOVQ 8(SP),AX
- MULQ 16(CX)
- ADDQ AX,R10
- ADCQ DX,R11
- MOVQ 8(SP),AX
- MULQ 24(CX)
- ADDQ AX,R12
- ADCQ DX,R13
- MOVQ 8(SP),AX
- MULQ 32(CX)
- ADDQ AX,R14
- ADCQ DX,R15
- MOVQ $REDMASK51,SI
- SHLQ $13,R8,R9
- ANDQ SI,R8
- SHLQ $13,R10,R11
- ANDQ SI,R10
- ADDQ R9,R10
- SHLQ $13,R12,R13
- ANDQ SI,R12
- ADDQ R11,R12
- SHLQ $13,R14,R15
- ANDQ SI,R14
- ADDQ R13,R14
- SHLQ $13,BX,BP
- ANDQ SI,BX
- ADDQ R15,BX
- IMUL3Q $19,BP,DX
- ADDQ DX,R8
- MOVQ R8,DX
- SHRQ $51,DX
- ADDQ R10,DX
- MOVQ DX,CX
- SHRQ $51,DX
- ANDQ SI,R8
- ADDQ R12,DX
- MOVQ DX,R9
- SHRQ $51,DX
- ANDQ SI,CX
- ADDQ R14,DX
- MOVQ DX,AX
- SHRQ $51,DX
- ANDQ SI,R9
- ADDQ BX,DX
- MOVQ DX,R10
- SHRQ $51,DX
- ANDQ SI,AX
- IMUL3Q $19,DX,DX
- ADDQ DX,R8
- ANDQ SI,R10
- MOVQ R8,0(DI)
- MOVQ CX,8(DI)
- MOVQ R9,16(DI)
- MOVQ AX,24(DI)
- MOVQ R10,32(DI)
- RET
diff --git a/src/vendor/golang.org/x/crypto/curve25519/square_amd64.s b/src/vendor/golang.org/x/crypto/curve25519/square_amd64.s
deleted file mode 100644
index 07511a4..0000000
--- a/src/vendor/golang.org/x/crypto/curve25519/square_amd64.s
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code was translated into a form compatible with 6a from the public
-// domain sources in SUPERCOP: https://bench.cr.yp.to/supercop.html
-
-// +build amd64,!gccgo,!appengine
-
-#include "const_amd64.h"
-
-// func square(out, in *[5]uint64)
-TEXT ·square(SB),7,$0-16
- MOVQ out+0(FP), DI
- MOVQ in+8(FP), SI
-
- MOVQ 0(SI),AX
- MULQ 0(SI)
- MOVQ AX,CX
- MOVQ DX,R8
- MOVQ 0(SI),AX
- SHLQ $1,AX
- MULQ 8(SI)
- MOVQ AX,R9
- MOVQ DX,R10
- MOVQ 0(SI),AX
- SHLQ $1,AX
- MULQ 16(SI)
- MOVQ AX,R11
- MOVQ DX,R12
- MOVQ 0(SI),AX
- SHLQ $1,AX
- MULQ 24(SI)
- MOVQ AX,R13
- MOVQ DX,R14
- MOVQ 0(SI),AX
- SHLQ $1,AX
- MULQ 32(SI)
- MOVQ AX,R15
- MOVQ DX,BX
- MOVQ 8(SI),AX
- MULQ 8(SI)
- ADDQ AX,R11
- ADCQ DX,R12
- MOVQ 8(SI),AX
- SHLQ $1,AX
- MULQ 16(SI)
- ADDQ AX,R13
- ADCQ DX,R14
- MOVQ 8(SI),AX
- SHLQ $1,AX
- MULQ 24(SI)
- ADDQ AX,R15
- ADCQ DX,BX
- MOVQ 8(SI),DX
- IMUL3Q $38,DX,AX
- MULQ 32(SI)
- ADDQ AX,CX
- ADCQ DX,R8
- MOVQ 16(SI),AX
- MULQ 16(SI)
- ADDQ AX,R15
- ADCQ DX,BX
- MOVQ 16(SI),DX
- IMUL3Q $38,DX,AX
- MULQ 24(SI)
- ADDQ AX,CX
- ADCQ DX,R8
- MOVQ 16(SI),DX
- IMUL3Q $38,DX,AX
- MULQ 32(SI)
- ADDQ AX,R9
- ADCQ DX,R10
- MOVQ 24(SI),DX
- IMUL3Q $19,DX,AX
- MULQ 24(SI)
- ADDQ AX,R9
- ADCQ DX,R10
- MOVQ 24(SI),DX
- IMUL3Q $38,DX,AX
- MULQ 32(SI)
- ADDQ AX,R11
- ADCQ DX,R12
- MOVQ 32(SI),DX
- IMUL3Q $19,DX,AX
- MULQ 32(SI)
- ADDQ AX,R13
- ADCQ DX,R14
- MOVQ $REDMASK51,SI
- SHLQ $13,CX,R8
- ANDQ SI,CX
- SHLQ $13,R9,R10
- ANDQ SI,R9
- ADDQ R8,R9
- SHLQ $13,R11,R12
- ANDQ SI,R11
- ADDQ R10,R11
- SHLQ $13,R13,R14
- ANDQ SI,R13
- ADDQ R12,R13
- SHLQ $13,R15,BX
- ANDQ SI,R15
- ADDQ R14,R15
- IMUL3Q $19,BX,DX
- ADDQ DX,CX
- MOVQ CX,DX
- SHRQ $51,DX
- ADDQ R9,DX
- ANDQ SI,CX
- MOVQ DX,R8
- SHRQ $51,DX
- ADDQ R11,DX
- ANDQ SI,R8
- MOVQ DX,R9
- SHRQ $51,DX
- ADDQ R13,DX
- ANDQ SI,R9
- MOVQ DX,AX
- SHRQ $51,DX
- ADDQ R15,DX
- ANDQ SI,AX
- MOVQ DX,R10
- SHRQ $51,DX
- IMUL3Q $19,DX,DX
- ADDQ DX,CX
- ANDQ SI,R10
- MOVQ CX,0(DI)
- MOVQ R8,8(DI)
- MOVQ R9,16(DI)
- MOVQ AX,24(DI)
- MOVQ R10,32(DI)
- RET
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s b/src/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
deleted file mode 100644
index cde3fc9..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/asm_ppc64le.s
+++ /dev/null
@@ -1,668 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Based on CRYPTOGAMS code with the following comment:
-// # ====================================================================
-// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
-// # project. The module is, however, dual licensed under OpenSSL and
-// # CRYPTOGAMS licenses depending on where you obtain it. For further
-// # details see http://www.openssl.org/~appro/cryptogams/.
-// # ====================================================================
-
-// Original code can be found at the link below:
-// https://github.com/dot-asm/cryptogams/commit/a60f5b50ed908e91e5c39ca79126a4a876d5d8ff
-
-// There are some differences between CRYPTOGAMS code and this one. The round
-// loop for "_int" isn't the same as the original. Some adjustments were
-// necessary because there are less vector registers available. For example, some
-// X variables (r12, r13, r14, and r15) share the same register used by the
-// counter. The original code uses ctr to name the counter. Here we use CNT
-// because golang uses CTR as the counter register name.
-
-// +build ppc64le,!gccgo,!appengine
-
-#include "textflag.h"
-
-#define OUT R3
-#define INP R4
-#define LEN R5
-#define KEY R6
-#define CNT R7
-
-#define TEMP R8
-
-#define X0 R11
-#define X1 R12
-#define X2 R14
-#define X3 R15
-#define X4 R16
-#define X5 R17
-#define X6 R18
-#define X7 R19
-#define X8 R20
-#define X9 R21
-#define X10 R22
-#define X11 R23
-#define X12 R24
-#define X13 R25
-#define X14 R26
-#define X15 R27
-
-#define CON0 X0
-#define CON1 X1
-#define CON2 X2
-#define CON3 X3
-
-#define KEY0 X4
-#define KEY1 X5
-#define KEY2 X6
-#define KEY3 X7
-#define KEY4 X8
-#define KEY5 X9
-#define KEY6 X10
-#define KEY7 X11
-
-#define CNT0 X12
-#define CNT1 X13
-#define CNT2 X14
-#define CNT3 X15
-
-#define TMP0 R9
-#define TMP1 R10
-#define TMP2 R28
-#define TMP3 R29
-
-#define CONSTS R8
-
-#define A0 V0
-#define B0 V1
-#define C0 V2
-#define D0 V3
-#define A1 V4
-#define B1 V5
-#define C1 V6
-#define D1 V7
-#define A2 V8
-#define B2 V9
-#define C2 V10
-#define D2 V11
-#define T0 V12
-#define T1 V13
-#define T2 V14
-
-#define K0 V15
-#define K1 V16
-#define K2 V17
-#define K3 V18
-#define K4 V19
-#define K5 V20
-
-#define FOUR V21
-#define SIXTEEN V22
-#define TWENTY4 V23
-#define TWENTY V24
-#define TWELVE V25
-#define TWENTY5 V26
-#define SEVEN V27
-
-#define INPPERM V28
-#define OUTPERM V29
-#define OUTMASK V30
-
-#define DD0 V31
-#define DD1 SEVEN
-#define DD2 T0
-#define DD3 T1
-#define DD4 T2
-
-DATA ·consts+0x00(SB)/8, $0x3320646e61707865
-DATA ·consts+0x08(SB)/8, $0x6b20657479622d32
-DATA ·consts+0x10(SB)/8, $0x0000000000000001
-DATA ·consts+0x18(SB)/8, $0x0000000000000000
-DATA ·consts+0x20(SB)/8, $0x0000000000000004
-DATA ·consts+0x28(SB)/8, $0x0000000000000000
-DATA ·consts+0x30(SB)/8, $0x0a0b08090e0f0c0d
-DATA ·consts+0x38(SB)/8, $0x0203000106070405
-DATA ·consts+0x40(SB)/8, $0x090a0b080d0e0f0c
-DATA ·consts+0x48(SB)/8, $0x0102030005060704
-GLOBL ·consts(SB), RODATA, $80
-
-//func chaCha20_ctr32_vmx(out, inp *byte, len int, key *[32]byte, counter *[16]byte)
-TEXT ·chaCha20_ctr32_vmx(SB),NOSPLIT|NOFRAME,$0
- // Load the arguments inside the registers
- MOVD out+0(FP), OUT
- MOVD inp+8(FP), INP
- MOVD len+16(FP), LEN
- MOVD key+24(FP), KEY
- MOVD counter+32(FP), CNT
-
- MOVD $·consts(SB), CONSTS // point to consts addr
-
- MOVD $16, X0
- MOVD $32, X1
- MOVD $48, X2
- MOVD $64, X3
- MOVD $31, X4
- MOVD $15, X5
-
- // Load key
- LVX (KEY)(R0), K1
- LVSR (KEY)(R0), T0
- LVX (KEY)(X0), K2
- LVX (KEY)(X4), DD0
-
- // Load counter
- LVX (CNT)(R0), K3
- LVSR (CNT)(R0), T1
- LVX (CNT)(X5), DD1
-
- // Load constants
- LVX (CONSTS)(R0), K0
- LVX (CONSTS)(X0), K5
- LVX (CONSTS)(X1), FOUR
- LVX (CONSTS)(X2), SIXTEEN
- LVX (CONSTS)(X3), TWENTY4
-
- // Align key and counter
- VPERM K2, K1, T0, K1
- VPERM DD0, K2, T0, K2
- VPERM DD1, K3, T1, K3
-
- // Load counter to GPR
- MOVWZ 0(CNT), CNT0
- MOVWZ 4(CNT), CNT1
- MOVWZ 8(CNT), CNT2
- MOVWZ 12(CNT), CNT3
-
- // Adjust vectors for the initial state
- VADDUWM K3, K5, K3
- VADDUWM K3, K5, K4
- VADDUWM K4, K5, K5
-
- // Synthesized constants
- VSPLTISW $-12, TWENTY
- VSPLTISW $12, TWELVE
- VSPLTISW $-7, TWENTY5
-
- VXOR T0, T0, T0
- VSPLTISW $-1, OUTMASK
- LVSR (INP)(R0), INPPERM
- LVSL (OUT)(R0), OUTPERM
- VPERM OUTMASK, T0, OUTPERM, OUTMASK
-
-loop_outer_vmx:
- // Load constant
- MOVD $0x61707865, CON0
- MOVD $0x3320646e, CON1
- MOVD $0x79622d32, CON2
- MOVD $0x6b206574, CON3
-
- VOR K0, K0, A0
- VOR K0, K0, A1
- VOR K0, K0, A2
- VOR K1, K1, B0
-
- MOVD $10, TEMP
-
- // Load key to GPR
- MOVWZ 0(KEY), X4
- MOVWZ 4(KEY), X5
- MOVWZ 8(KEY), X6
- MOVWZ 12(KEY), X7
- VOR K1, K1, B1
- VOR K1, K1, B2
- MOVWZ 16(KEY), X8
- MOVWZ 0(CNT), X12
- MOVWZ 20(KEY), X9
- MOVWZ 4(CNT), X13
- VOR K2, K2, C0
- VOR K2, K2, C1
- MOVWZ 24(KEY), X10
- MOVWZ 8(CNT), X14
- VOR K2, K2, C2
- VOR K3, K3, D0
- MOVWZ 28(KEY), X11
- MOVWZ 12(CNT), X15
- VOR K4, K4, D1
- VOR K5, K5, D2
-
- MOVD X4, TMP0
- MOVD X5, TMP1
- MOVD X6, TMP2
- MOVD X7, TMP3
- VSPLTISW $7, SEVEN
-
- MOVD TEMP, CTR
-
-loop_vmx:
- // CRYPTOGAMS uses a macro to create a loop using perl. This isn't possible
- // using assembly macros. Therefore, the macro expansion result was used
- // in order to maintain the algorithm efficiency.
- // This loop generates three keystream blocks using VMX instructions and,
- // in parallel, one keystream block using scalar instructions.
- ADD X4, X0, X0
- ADD X5, X1, X1
- VADDUWM A0, B0, A0
- VADDUWM A1, B1, A1
- ADD X6, X2, X2
- ADD X7, X3, X3
- VADDUWM A2, B2, A2
- VXOR D0, A0, D0
- XOR X0, X12, X12
- XOR X1, X13, X13
- VXOR D1, A1, D1
- VXOR D2, A2, D2
- XOR X2, X14, X14
- XOR X3, X15, X15
- VPERM D0, D0, SIXTEEN, D0
- VPERM D1, D1, SIXTEEN, D1
- ROTLW $16, X12, X12
- ROTLW $16, X13, X13
- VPERM D2, D2, SIXTEEN, D2
- VADDUWM C0, D0, C0
- ROTLW $16, X14, X14
- ROTLW $16, X15, X15
- VADDUWM C1, D1, C1
- VADDUWM C2, D2, C2
- ADD X12, X8, X8
- ADD X13, X9, X9
- VXOR B0, C0, T0
- VXOR B1, C1, T1
- ADD X14, X10, X10
- ADD X15, X11, X11
- VXOR B2, C2, T2
- VRLW T0, TWELVE, B0
- XOR X8, X4, X4
- XOR X9, X5, X5
- VRLW T1, TWELVE, B1
- VRLW T2, TWELVE, B2
- XOR X10, X6, X6
- XOR X11, X7, X7
- VADDUWM A0, B0, A0
- VADDUWM A1, B1, A1
- ROTLW $12, X4, X4
- ROTLW $12, X5, X5
- VADDUWM A2, B2, A2
- VXOR D0, A0, D0
- ROTLW $12, X6, X6
- ROTLW $12, X7, X7
- VXOR D1, A1, D1
- VXOR D2, A2, D2
- ADD X4, X0, X0
- ADD X5, X1, X1
- VPERM D0, D0, TWENTY4, D0
- VPERM D1, D1, TWENTY4, D1
- ADD X6, X2, X2
- ADD X7, X3, X3
- VPERM D2, D2, TWENTY4, D2
- VADDUWM C0, D0, C0
- XOR X0, X12, X12
- XOR X1, X13, X13
- VADDUWM C1, D1, C1
- VADDUWM C2, D2, C2
- XOR X2, X14, X14
- XOR X3, X15, X15
- VXOR B0, C0, T0
- VXOR B1, C1, T1
- ROTLW $8, X12, X12
- ROTLW $8, X13, X13
- VXOR B2, C2, T2
- VRLW T0, SEVEN, B0
- ROTLW $8, X14, X14
- ROTLW $8, X15, X15
- VRLW T1, SEVEN, B1
- VRLW T2, SEVEN, B2
- ADD X12, X8, X8
- ADD X13, X9, X9
- VSLDOI $8, C0, C0, C0
- VSLDOI $8, C1, C1, C1
- ADD X14, X10, X10
- ADD X15, X11, X11
- VSLDOI $8, C2, C2, C2
- VSLDOI $12, B0, B0, B0
- XOR X8, X4, X4
- XOR X9, X5, X5
- VSLDOI $12, B1, B1, B1
- VSLDOI $12, B2, B2, B2
- XOR X10, X6, X6
- XOR X11, X7, X7
- VSLDOI $4, D0, D0, D0
- VSLDOI $4, D1, D1, D1
- ROTLW $7, X4, X4
- ROTLW $7, X5, X5
- VSLDOI $4, D2, D2, D2
- VADDUWM A0, B0, A0
- ROTLW $7, X6, X6
- ROTLW $7, X7, X7
- VADDUWM A1, B1, A1
- VADDUWM A2, B2, A2
- ADD X5, X0, X0
- ADD X6, X1, X1
- VXOR D0, A0, D0
- VXOR D1, A1, D1
- ADD X7, X2, X2
- ADD X4, X3, X3
- VXOR D2, A2, D2
- VPERM D0, D0, SIXTEEN, D0
- XOR X0, X15, X15
- XOR X1, X12, X12
- VPERM D1, D1, SIXTEEN, D1
- VPERM D2, D2, SIXTEEN, D2
- XOR X2, X13, X13
- XOR X3, X14, X14
- VADDUWM C0, D0, C0
- VADDUWM C1, D1, C1
- ROTLW $16, X15, X15
- ROTLW $16, X12, X12
- VADDUWM C2, D2, C2
- VXOR B0, C0, T0
- ROTLW $16, X13, X13
- ROTLW $16, X14, X14
- VXOR B1, C1, T1
- VXOR B2, C2, T2
- ADD X15, X10, X10
- ADD X12, X11, X11
- VRLW T0, TWELVE, B0
- VRLW T1, TWELVE, B1
- ADD X13, X8, X8
- ADD X14, X9, X9
- VRLW T2, TWELVE, B2
- VADDUWM A0, B0, A0
- XOR X10, X5, X5
- XOR X11, X6, X6
- VADDUWM A1, B1, A1
- VADDUWM A2, B2, A2
- XOR X8, X7, X7
- XOR X9, X4, X4
- VXOR D0, A0, D0
- VXOR D1, A1, D1
- ROTLW $12, X5, X5
- ROTLW $12, X6, X6
- VXOR D2, A2, D2
- VPERM D0, D0, TWENTY4, D0
- ROTLW $12, X7, X7
- ROTLW $12, X4, X4
- VPERM D1, D1, TWENTY4, D1
- VPERM D2, D2, TWENTY4, D2
- ADD X5, X0, X0
- ADD X6, X1, X1
- VADDUWM C0, D0, C0
- VADDUWM C1, D1, C1
- ADD X7, X2, X2
- ADD X4, X3, X3
- VADDUWM C2, D2, C2
- VXOR B0, C0, T0
- XOR X0, X15, X15
- XOR X1, X12, X12
- VXOR B1, C1, T1
- VXOR B2, C2, T2
- XOR X2, X13, X13
- XOR X3, X14, X14
- VRLW T0, SEVEN, B0
- VRLW T1, SEVEN, B1
- ROTLW $8, X15, X15
- ROTLW $8, X12, X12
- VRLW T2, SEVEN, B2
- VSLDOI $8, C0, C0, C0
- ROTLW $8, X13, X13
- ROTLW $8, X14, X14
- VSLDOI $8, C1, C1, C1
- VSLDOI $8, C2, C2, C2
- ADD X15, X10, X10
- ADD X12, X11, X11
- VSLDOI $4, B0, B0, B0
- VSLDOI $4, B1, B1, B1
- ADD X13, X8, X8
- ADD X14, X9, X9
- VSLDOI $4, B2, B2, B2
- VSLDOI $12, D0, D0, D0
- XOR X10, X5, X5
- XOR X11, X6, X6
- VSLDOI $12, D1, D1, D1
- VSLDOI $12, D2, D2, D2
- XOR X8, X7, X7
- XOR X9, X4, X4
- ROTLW $7, X5, X5
- ROTLW $7, X6, X6
- ROTLW $7, X7, X7
- ROTLW $7, X4, X4
- BC 0x10, 0, loop_vmx
-
- SUB $256, LEN, LEN
-
- // Accumulate key block
- ADD $0x61707865, X0, X0
- ADD $0x3320646e, X1, X1
- ADD $0x79622d32, X2, X2
- ADD $0x6b206574, X3, X3
- ADD TMP0, X4, X4
- ADD TMP1, X5, X5
- ADD TMP2, X6, X6
- ADD TMP3, X7, X7
- MOVWZ 16(KEY), TMP0
- MOVWZ 20(KEY), TMP1
- MOVWZ 24(KEY), TMP2
- MOVWZ 28(KEY), TMP3
- ADD TMP0, X8, X8
- ADD TMP1, X9, X9
- ADD TMP2, X10, X10
- ADD TMP3, X11, X11
-
- MOVWZ 12(CNT), TMP0
- MOVWZ 8(CNT), TMP1
- MOVWZ 4(CNT), TMP2
- MOVWZ 0(CNT), TEMP
- ADD TMP0, X15, X15
- ADD TMP1, X14, X14
- ADD TMP2, X13, X13
- ADD TEMP, X12, X12
-
- // Accumulate key block
- VADDUWM A0, K0, A0
- VADDUWM A1, K0, A1
- VADDUWM A2, K0, A2
- VADDUWM B0, K1, B0
- VADDUWM B1, K1, B1
- VADDUWM B2, K1, B2
- VADDUWM C0, K2, C0
- VADDUWM C1, K2, C1
- VADDUWM C2, K2, C2
- VADDUWM D0, K3, D0
- VADDUWM D1, K4, D1
- VADDUWM D2, K5, D2
-
- // Increment counter
- ADD $4, TEMP, TEMP
- MOVW TEMP, 0(CNT)
-
- VADDUWM K3, FOUR, K3
- VADDUWM K4, FOUR, K4
- VADDUWM K5, FOUR, K5
-
- // XOR the input slice (INP) with the keystream, which is stored in GPRs (X0-X3).
-
- // Load input (aligned or not)
- MOVWZ 0(INP), TMP0
- MOVWZ 4(INP), TMP1
- MOVWZ 8(INP), TMP2
- MOVWZ 12(INP), TMP3
-
- // XOR with input
- XOR TMP0, X0, X0
- XOR TMP1, X1, X1
- XOR TMP2, X2, X2
- XOR TMP3, X3, X3
- MOVWZ 16(INP), TMP0
- MOVWZ 20(INP), TMP1
- MOVWZ 24(INP), TMP2
- MOVWZ 28(INP), TMP3
- XOR TMP0, X4, X4
- XOR TMP1, X5, X5
- XOR TMP2, X6, X6
- XOR TMP3, X7, X7
- MOVWZ 32(INP), TMP0
- MOVWZ 36(INP), TMP1
- MOVWZ 40(INP), TMP2
- MOVWZ 44(INP), TMP3
- XOR TMP0, X8, X8
- XOR TMP1, X9, X9
- XOR TMP2, X10, X10
- XOR TMP3, X11, X11
- MOVWZ 48(INP), TMP0
- MOVWZ 52(INP), TMP1
- MOVWZ 56(INP), TMP2
- MOVWZ 60(INP), TMP3
- XOR TMP0, X12, X12
- XOR TMP1, X13, X13
- XOR TMP2, X14, X14
- XOR TMP3, X15, X15
-
- // Store output (aligned or not)
- MOVW X0, 0(OUT)
- MOVW X1, 4(OUT)
- MOVW X2, 8(OUT)
- MOVW X3, 12(OUT)
-
- ADD $64, INP, INP // INP points to the end of the slice for the alignment code below
-
- MOVW X4, 16(OUT)
- MOVD $16, TMP0
- MOVW X5, 20(OUT)
- MOVD $32, TMP1
- MOVW X6, 24(OUT)
- MOVD $48, TMP2
- MOVW X7, 28(OUT)
- MOVD $64, TMP3
- MOVW X8, 32(OUT)
- MOVW X9, 36(OUT)
- MOVW X10, 40(OUT)
- MOVW X11, 44(OUT)
- MOVW X12, 48(OUT)
- MOVW X13, 52(OUT)
- MOVW X14, 56(OUT)
- MOVW X15, 60(OUT)
- ADD $64, OUT, OUT
-
- // Load input
- LVX (INP)(R0), DD0
- LVX (INP)(TMP0), DD1
- LVX (INP)(TMP1), DD2
- LVX (INP)(TMP2), DD3
- LVX (INP)(TMP3), DD4
- ADD $64, INP, INP
-
- VPERM DD1, DD0, INPPERM, DD0 // Align input
- VPERM DD2, DD1, INPPERM, DD1
- VPERM DD3, DD2, INPPERM, DD2
- VPERM DD4, DD3, INPPERM, DD3
- VXOR A0, DD0, A0 // XOR with input
- VXOR B0, DD1, B0
- LVX (INP)(TMP0), DD1 // Keep loading input
- VXOR C0, DD2, C0
- LVX (INP)(TMP1), DD2
- VXOR D0, DD3, D0
- LVX (INP)(TMP2), DD3
- LVX (INP)(TMP3), DD0
- ADD $64, INP, INP
- MOVD $63, TMP3 // 63 is not a typo
- VPERM A0, A0, OUTPERM, A0
- VPERM B0, B0, OUTPERM, B0
- VPERM C0, C0, OUTPERM, C0
- VPERM D0, D0, OUTPERM, D0
-
- VPERM DD1, DD4, INPPERM, DD4 // Align input
- VPERM DD2, DD1, INPPERM, DD1
- VPERM DD3, DD2, INPPERM, DD2
- VPERM DD0, DD3, INPPERM, DD3
- VXOR A1, DD4, A1
- VXOR B1, DD1, B1
- LVX (INP)(TMP0), DD1 // Keep loading
- VXOR C1, DD2, C1
- LVX (INP)(TMP1), DD2
- VXOR D1, DD3, D1
- LVX (INP)(TMP2), DD3
-
- // Note that the LVX address is always rounded down to the nearest 16-byte
- // boundary, and that it always points to at most 15 bytes beyond the end of
- // the slice, so we cannot cross a page boundary.
- LVX (INP)(TMP3), DD4 // Redundant in aligned case.
- ADD $64, INP, INP
- VPERM A1, A1, OUTPERM, A1 // Pre-misalign output
- VPERM B1, B1, OUTPERM, B1
- VPERM C1, C1, OUTPERM, C1
- VPERM D1, D1, OUTPERM, D1
-
- VPERM DD1, DD0, INPPERM, DD0 // Align Input
- VPERM DD2, DD1, INPPERM, DD1
- VPERM DD3, DD2, INPPERM, DD2
- VPERM DD4, DD3, INPPERM, DD3
- VXOR A2, DD0, A2
- VXOR B2, DD1, B2
- VXOR C2, DD2, C2
- VXOR D2, DD3, D2
- VPERM A2, A2, OUTPERM, A2
- VPERM B2, B2, OUTPERM, B2
- VPERM C2, C2, OUTPERM, C2
- VPERM D2, D2, OUTPERM, D2
-
- ANDCC $15, OUT, X1 // Is out aligned?
- MOVD OUT, X0
-
- VSEL A0, B0, OUTMASK, DD0 // Collect pre-misaligned output
- VSEL B0, C0, OUTMASK, DD1
- VSEL C0, D0, OUTMASK, DD2
- VSEL D0, A1, OUTMASK, DD3
- VSEL A1, B1, OUTMASK, B0
- VSEL B1, C1, OUTMASK, C0
- VSEL C1, D1, OUTMASK, D0
- VSEL D1, A2, OUTMASK, A1
- VSEL A2, B2, OUTMASK, B1
- VSEL B2, C2, OUTMASK, C1
- VSEL C2, D2, OUTMASK, D1
-
- STVX DD0, (OUT+TMP0)
- STVX DD1, (OUT+TMP1)
- STVX DD2, (OUT+TMP2)
- ADD $64, OUT, OUT
- STVX DD3, (OUT+R0)
- STVX B0, (OUT+TMP0)
- STVX C0, (OUT+TMP1)
- STVX D0, (OUT+TMP2)
- ADD $64, OUT, OUT
- STVX A1, (OUT+R0)
- STVX B1, (OUT+TMP0)
- STVX C1, (OUT+TMP1)
- STVX D1, (OUT+TMP2)
- ADD $64, OUT, OUT
-
- BEQ aligned_vmx
-
- SUB X1, OUT, X2 // in misaligned case edges
- MOVD $0, X3 // are written byte-by-byte
-
-unaligned_tail_vmx:
- STVEBX D2, (X2+X3)
- ADD $1, X3, X3
- CMPW X3, X1
- BNE unaligned_tail_vmx
- SUB X1, X0, X2
-
-unaligned_head_vmx:
- STVEBX A0, (X2+X1)
- CMPW X1, $15
- ADD $1, X1, X1
- BNE unaligned_head_vmx
-
- CMPU LEN, $255 // done with 256-byte block yet?
- BGT loop_outer_vmx
-
- JMP done_vmx
-
-aligned_vmx:
- STVX A0, (X0+R0)
- CMPU LEN, $255 // done with 256-byte block yet?
- BGT loop_outer_vmx
-
-done_vmx:
- RET
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go b/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go
deleted file mode 100644
index ad74e23..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_arm64.go
+++ /dev/null
@@ -1,31 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build go1.11
-// +build !gccgo
-
-package chacha20
-
-const (
- haveAsm = true
- bufSize = 256
-)
-
-//go:noescape
-func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
-
- if len(src) >= bufSize {
- xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter)
- }
-
- if len(src)%bufSize != 0 {
- i := len(src) - len(src)%bufSize
- c.buf = [bufSize]byte{}
- copy(c.buf[:], src[i:])
- xorKeyStreamVX(c.buf[:], c.buf[:], &c.key, &c.nonce, &c.counter)
- c.len = bufSize - copy(dst[i:], c.buf[:len(src)%bufSize])
- }
-}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go b/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
deleted file mode 100644
index 6570847..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_generic.go
+++ /dev/null
@@ -1,264 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package ChaCha20 implements the core ChaCha20 function as specified
-// in https://tools.ietf.org/html/rfc7539#section-2.3.
-package chacha20
-
-import (
- "crypto/cipher"
- "encoding/binary"
-
- "golang.org/x/crypto/internal/subtle"
-)
-
-// assert that *Cipher implements cipher.Stream
-var _ cipher.Stream = (*Cipher)(nil)
-
-// Cipher is a stateful instance of ChaCha20 using a particular key
-// and nonce. A *Cipher implements the cipher.Stream interface.
-type Cipher struct {
- key [8]uint32
- counter uint32 // incremented after each block
- nonce [3]uint32
- buf [bufSize]byte // buffer for unused keystream bytes
- len int // number of unused keystream bytes at end of buf
-}
-
-// New creates a new ChaCha20 stream cipher with the given key and nonce.
-// The initial counter value is set to 0.
-func New(key [8]uint32, nonce [3]uint32) *Cipher {
- return &Cipher{key: key, nonce: nonce}
-}
-
-// ChaCha20 constants spelling "expand 32-byte k"
-const (
- j0 uint32 = 0x61707865
- j1 uint32 = 0x3320646e
- j2 uint32 = 0x79622d32
- j3 uint32 = 0x6b206574
-)
-
-func quarterRound(a, b, c, d uint32) (uint32, uint32, uint32, uint32) {
- a += b
- d ^= a
- d = (d << 16) | (d >> 16)
- c += d
- b ^= c
- b = (b << 12) | (b >> 20)
- a += b
- d ^= a
- d = (d << 8) | (d >> 24)
- c += d
- b ^= c
- b = (b << 7) | (b >> 25)
- return a, b, c, d
-}
-
-// XORKeyStream XORs each byte in the given slice with a byte from the
-// cipher's key stream. Dst and src must overlap entirely or not at all.
-//
-// If len(dst) < len(src), XORKeyStream will panic. It is acceptable
-// to pass a dst bigger than src, and in that case, XORKeyStream will
-// only update dst[:len(src)] and will not touch the rest of dst.
-//
-// Multiple calls to XORKeyStream behave as if the concatenation of
-// the src buffers was passed in a single run. That is, Cipher
-// maintains state and does not reset at each XORKeyStream call.
-func (s *Cipher) XORKeyStream(dst, src []byte) {
- if len(dst) < len(src) {
- panic("chacha20: output smaller than input")
- }
- if subtle.InexactOverlap(dst[:len(src)], src) {
- panic("chacha20: invalid buffer overlap")
- }
-
- // xor src with buffered keystream first
- if s.len != 0 {
- buf := s.buf[len(s.buf)-s.len:]
- if len(src) < len(buf) {
- buf = buf[:len(src)]
- }
- td, ts := dst[:len(buf)], src[:len(buf)] // BCE hint
- for i, b := range buf {
- td[i] = ts[i] ^ b
- }
- s.len -= len(buf)
- if s.len != 0 {
- return
- }
- s.buf = [len(s.buf)]byte{} // zero the empty buffer
- src = src[len(buf):]
- dst = dst[len(buf):]
- }
-
- if len(src) == 0 {
- return
- }
- if haveAsm {
- if uint64(len(src))+uint64(s.counter)*64 > (1<<38)-64 {
- panic("chacha20: counter overflow")
- }
- s.xorKeyStreamAsm(dst, src)
- return
- }
-
- // set up a 64-byte buffer to pad out the final block if needed
- // (hoisted out of the main loop to avoid spills)
- rem := len(src) % 64 // length of final block
- fin := len(src) - rem // index of final block
- if rem > 0 {
- copy(s.buf[len(s.buf)-64:], src[fin:])
- }
-
- // pre-calculate most of the first round
- s1, s5, s9, s13 := quarterRound(j1, s.key[1], s.key[5], s.nonce[0])
- s2, s6, s10, s14 := quarterRound(j2, s.key[2], s.key[6], s.nonce[1])
- s3, s7, s11, s15 := quarterRound(j3, s.key[3], s.key[7], s.nonce[2])
-
- n := len(src)
- src, dst = src[:n:n], dst[:n:n] // BCE hint
- for i := 0; i < n; i += 64 {
- // calculate the remainder of the first round
- s0, s4, s8, s12 := quarterRound(j0, s.key[0], s.key[4], s.counter)
-
- // execute the second round
- x0, x5, x10, x15 := quarterRound(s0, s5, s10, s15)
- x1, x6, x11, x12 := quarterRound(s1, s6, s11, s12)
- x2, x7, x8, x13 := quarterRound(s2, s7, s8, s13)
- x3, x4, x9, x14 := quarterRound(s3, s4, s9, s14)
-
- // execute the remaining 18 rounds
- for i := 0; i < 9; i++ {
- x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
- x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
- x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
- x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
-
- x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
- x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
- x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
- x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
- }
-
- x0 += j0
- x1 += j1
- x2 += j2
- x3 += j3
-
- x4 += s.key[0]
- x5 += s.key[1]
- x6 += s.key[2]
- x7 += s.key[3]
- x8 += s.key[4]
- x9 += s.key[5]
- x10 += s.key[6]
- x11 += s.key[7]
-
- x12 += s.counter
- x13 += s.nonce[0]
- x14 += s.nonce[1]
- x15 += s.nonce[2]
-
- // increment the counter
- s.counter += 1
- if s.counter == 0 {
- panic("chacha20: counter overflow")
- }
-
- // pad to 64 bytes if needed
- in, out := src[i:], dst[i:]
- if i == fin {
- // src[fin:] has already been copied into s.buf before
- // the main loop
- in, out = s.buf[len(s.buf)-64:], s.buf[len(s.buf)-64:]
- }
- in, out = in[:64], out[:64] // BCE hint
-
- // XOR the key stream with the source and write out the result
- xor(out[0:], in[0:], x0)
- xor(out[4:], in[4:], x1)
- xor(out[8:], in[8:], x2)
- xor(out[12:], in[12:], x3)
- xor(out[16:], in[16:], x4)
- xor(out[20:], in[20:], x5)
- xor(out[24:], in[24:], x6)
- xor(out[28:], in[28:], x7)
- xor(out[32:], in[32:], x8)
- xor(out[36:], in[36:], x9)
- xor(out[40:], in[40:], x10)
- xor(out[44:], in[44:], x11)
- xor(out[48:], in[48:], x12)
- xor(out[52:], in[52:], x13)
- xor(out[56:], in[56:], x14)
- xor(out[60:], in[60:], x15)
- }
- // copy any trailing bytes out of the buffer and into dst
- if rem != 0 {
- s.len = 64 - rem
- copy(dst[fin:], s.buf[len(s.buf)-64:])
- }
-}
-
-// Advance discards bytes in the key stream until the next 64 byte block
-// boundary is reached and updates the counter accordingly. If the key
-// stream is already at a block boundary no bytes will be discarded and
-// the counter will be unchanged.
-func (s *Cipher) Advance() {
- s.len -= s.len % 64
- if s.len == 0 {
- s.buf = [len(s.buf)]byte{}
- }
-}
-
-// XORKeyStream crypts bytes from in to out using the given key and counters.
-// In and out must overlap entirely or not at all. Counter contains the raw
-// ChaCha20 counter bytes (i.e. block counter followed by nonce).
-func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte) {
- s := Cipher{
- key: [8]uint32{
- binary.LittleEndian.Uint32(key[0:4]),
- binary.LittleEndian.Uint32(key[4:8]),
- binary.LittleEndian.Uint32(key[8:12]),
- binary.LittleEndian.Uint32(key[12:16]),
- binary.LittleEndian.Uint32(key[16:20]),
- binary.LittleEndian.Uint32(key[20:24]),
- binary.LittleEndian.Uint32(key[24:28]),
- binary.LittleEndian.Uint32(key[28:32]),
- },
- nonce: [3]uint32{
- binary.LittleEndian.Uint32(counter[4:8]),
- binary.LittleEndian.Uint32(counter[8:12]),
- binary.LittleEndian.Uint32(counter[12:16]),
- },
- counter: binary.LittleEndian.Uint32(counter[0:4]),
- }
- s.XORKeyStream(out, in)
-}
-
-// HChaCha20 uses the ChaCha20 core to generate a derived key from a key and a
-// nonce. It should only be used as part of the XChaCha20 construction.
-func HChaCha20(key *[8]uint32, nonce *[4]uint32) [8]uint32 {
- x0, x1, x2, x3 := j0, j1, j2, j3
- x4, x5, x6, x7 := key[0], key[1], key[2], key[3]
- x8, x9, x10, x11 := key[4], key[5], key[6], key[7]
- x12, x13, x14, x15 := nonce[0], nonce[1], nonce[2], nonce[3]
-
- for i := 0; i < 10; i++ {
- x0, x4, x8, x12 = quarterRound(x0, x4, x8, x12)
- x1, x5, x9, x13 = quarterRound(x1, x5, x9, x13)
- x2, x6, x10, x14 = quarterRound(x2, x6, x10, x14)
- x3, x7, x11, x15 = quarterRound(x3, x7, x11, x15)
-
- x0, x5, x10, x15 = quarterRound(x0, x5, x10, x15)
- x1, x6, x11, x12 = quarterRound(x1, x6, x11, x12)
- x2, x7, x8, x13 = quarterRound(x2, x7, x8, x13)
- x3, x4, x9, x14 = quarterRound(x3, x4, x9, x14)
- }
-
- var out [8]uint32
- out[0], out[1], out[2], out[3] = x0, x1, x2, x3
- out[4], out[5], out[6], out[7] = x12, x13, x14, x15
- return out
-}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go b/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
deleted file mode 100644
index bf8beba..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_noasm.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !ppc64le,!arm64,!s390x arm64,!go1.11 gccgo appengine
-
-package chacha20
-
-const (
- bufSize = 64
- haveAsm = false
-)
-
-func (*Cipher) xorKeyStreamAsm(dst, src []byte) {
- panic("not implemented")
-}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go b/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
deleted file mode 100644
index 638cb5e..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_ppc64le.go
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright 2019 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build ppc64le,!gccgo,!appengine
-
-package chacha20
-
-import "encoding/binary"
-
-const (
- bufSize = 256
- haveAsm = true
-)
-
-//go:noescape
-func chaCha20_ctr32_vmx(out, inp *byte, len int, key *[8]uint32, counter *uint32)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
- if len(src) >= bufSize {
- chaCha20_ctr32_vmx(&dst[0], &src[0], len(src)-len(src)%bufSize, &c.key, &c.counter)
- }
- if len(src)%bufSize != 0 {
- chaCha20_ctr32_vmx(&c.buf[0], &c.buf[0], bufSize, &c.key, &c.counter)
- start := len(src) - len(src)%bufSize
- ts, td, tb := src[start:], dst[start:], c.buf[:]
- // Unroll loop to XOR 32 bytes per iteration.
- for i := 0; i < len(ts)-32; i += 32 {
- td, tb = td[:len(ts)], tb[:len(ts)] // bounds check elimination
- s0 := binary.LittleEndian.Uint64(ts[0:8])
- s1 := binary.LittleEndian.Uint64(ts[8:16])
- s2 := binary.LittleEndian.Uint64(ts[16:24])
- s3 := binary.LittleEndian.Uint64(ts[24:32])
- b0 := binary.LittleEndian.Uint64(tb[0:8])
- b1 := binary.LittleEndian.Uint64(tb[8:16])
- b2 := binary.LittleEndian.Uint64(tb[16:24])
- b3 := binary.LittleEndian.Uint64(tb[24:32])
- binary.LittleEndian.PutUint64(td[0:8], s0^b0)
- binary.LittleEndian.PutUint64(td[8:16], s1^b1)
- binary.LittleEndian.PutUint64(td[16:24], s2^b2)
- binary.LittleEndian.PutUint64(td[24:32], s3^b3)
- ts, td, tb = ts[32:], td[32:], tb[32:]
- }
- td, tb = td[:len(ts)], tb[:len(ts)] // bounds check elimination
- for i, v := range ts {
- td[i] = tb[i] ^ v
- }
- c.len = bufSize - (len(src) % bufSize)
-
- }
-
-}
diff --git a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go b/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
deleted file mode 100644
index aad645b..0000000
--- a/src/vendor/golang.org/x/crypto/internal/chacha20/chacha_s390x.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build s390x,!gccgo,!appengine
-
-package chacha20
-
-import (
- "golang.org/x/sys/cpu"
-)
-
-var haveAsm = cpu.S390X.HasVX
-
-const bufSize = 256
-
-// xorKeyStreamVX is an assembly implementation of XORKeyStream. It must only
-// be called when the vector facility is available.
-// Implementation in asm_s390x.s.
-//go:noescape
-func xorKeyStreamVX(dst, src []byte, key *[8]uint32, nonce *[3]uint32, counter *uint32, buf *[256]byte, len *int)
-
-func (c *Cipher) xorKeyStreamAsm(dst, src []byte) {
- xorKeyStreamVX(dst, src, &c.key, &c.nonce, &c.counter, &c.buf, &c.len)
-}
-
-// EXRL targets, DO NOT CALL!
-func mvcSrcToBuf()
-func mvcBufToDst()
diff --git a/src/vendor/golang.org/x/crypto/poly1305/bits_compat.go b/src/vendor/golang.org/x/crypto/poly1305/bits_compat.go
new file mode 100644
index 0000000..157a69f
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/poly1305/bits_compat.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !go1.13
+
+package poly1305
+
+// Generic fallbacks for the math/bits intrinsics, copied from
+// src/math/bits/bits.go. They were added in Go 1.12, but Add64 and Sum64 had
+// variable time fallbacks until Go 1.13.
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+ sum = x + y + carry
+ carryOut = ((x & y) | ((x | y) &^ sum)) >> 63
+ return
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+ diff = x - y - borrow
+ borrowOut = ((^x & y) | (^(x ^ y) & diff)) >> 63
+ return
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+ const mask32 = 1<<32 - 1
+ x0 := x & mask32
+ x1 := x >> 32
+ y0 := y & mask32
+ y1 := y >> 32
+ w0 := x0 * y0
+ t := x1*y0 + w0>>32
+ w1 := t & mask32
+ w2 := t >> 32
+ w1 += x0 * y1
+ hi = x1*y1 + w2 + w1>>32
+ lo = x * y
+ return
+}
diff --git a/src/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go b/src/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
new file mode 100644
index 0000000..a0a185f
--- /dev/null
+++ b/src/vendor/golang.org/x/crypto/poly1305/bits_go1.13.go
@@ -0,0 +1,21 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.13
+
+package poly1305
+
+import "math/bits"
+
+func bitsAdd64(x, y, carry uint64) (sum, carryOut uint64) {
+ return bits.Add64(x, y, carry)
+}
+
+func bitsSub64(x, y, borrow uint64) (diff, borrowOut uint64) {
+ return bits.Sub64(x, y, borrow)
+}
+
+func bitsMul64(x, y uint64) (hi, lo uint64) {
+ return bits.Mul64(x, y)
+}
diff --git a/src/vendor/golang.org/x/crypto/poly1305/poly1305.go b/src/vendor/golang.org/x/crypto/poly1305/poly1305.go
index d076a56..066159b 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/poly1305.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/poly1305.go
@@ -22,8 +22,14 @@
// TagSize is the size, in bytes, of a poly1305 authenticator.
const TagSize = 16
-// Verify returns true if mac is a valid authenticator for m with the given
-// key.
+// Sum generates an authenticator for msg using a one-time key and puts the
+// 16-byte result into out. Authenticating two different messages with the same
+// key allows an attacker to forge messages at will.
+func Sum(out *[16]byte, m []byte, key *[32]byte) {
+ sum(out, m, key)
+}
+
+// Verify returns true if mac is a valid authenticator for m with the given key.
func Verify(mac *[16]byte, m []byte, key *[32]byte) bool {
var tmp [16]byte
Sum(&tmp, m, key)
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
index 2dbf42a..df56a65 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.go
@@ -7,62 +7,52 @@
package poly1305
//go:noescape
-func initialize(state *[7]uint64, key *[32]byte)
+func update(state *macState, msg []byte)
-//go:noescape
-func update(state *[7]uint64, msg []byte)
-
-//go:noescape
-func finalize(tag *[TagSize]byte, state *[7]uint64)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
+func sum(out *[16]byte, m []byte, key *[32]byte) {
h := newMAC(key)
h.Write(m)
h.Sum(out)
}
func newMAC(key *[32]byte) (h mac) {
- initialize(&h.state, key)
+ initialize(key, &h.r, &h.s)
return
}
-type mac struct {
- state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
- buffer [TagSize]byte
- offset int
-}
-
-func (h *mac) Write(p []byte) (n int, err error) {
- n = len(p)
+func (h *mac) Write(p []byte) (int, error) {
+ nn := len(p)
if h.offset > 0 {
- remaining := TagSize - h.offset
- if n < remaining {
- h.offset += copy(h.buffer[h.offset:], p)
- return n, nil
+ n := copy(h.buffer[h.offset:], p)
+ if h.offset+n < TagSize {
+ h.offset += n
+ return nn, nil
}
- copy(h.buffer[h.offset:], p[:remaining])
- p = p[remaining:]
+ p = p[n:]
h.offset = 0
- update(&h.state, h.buffer[:])
+ update(&h.macState, h.buffer[:])
}
- if nn := len(p) - (len(p) % TagSize); nn > 0 {
- update(&h.state, p[:nn])
- p = p[nn:]
+ if n := len(p) - (len(p) % TagSize); n > 0 {
+ update(&h.macState, p[:n])
+ p = p[n:]
}
if len(p) > 0 {
h.offset += copy(h.buffer[h.offset:], p)
}
- return n, nil
+ return nn, nil
}
func (h *mac) Sum(out *[16]byte) {
- state := h.state
+ state := h.macState
if h.offset > 0 {
update(&state, h.buffer[:h.offset])
}
- finalize(out, &state)
+ finalize(out, &state.h, &state.s)
}
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
index 7d600f1..8c0cefb 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_amd64.s
@@ -54,10 +54,6 @@
ADCQ t3, h1; \
ADCQ $0, h2
-DATA ·poly1305Mask<>+0x00(SB)/8, $0x0FFFFFFC0FFFFFFF
-DATA ·poly1305Mask<>+0x08(SB)/8, $0x0FFFFFFC0FFFFFFC
-GLOBL ·poly1305Mask<>(SB), RODATA, $16
-
// func update(state *[7]uint64, msg []byte)
TEXT ·update(SB), $0-32
MOVQ state+0(FP), DI
@@ -110,39 +106,3 @@
MOVQ R9, 8(DI)
MOVQ R10, 16(DI)
RET
-
-// func initialize(state *[7]uint64, key *[32]byte)
-TEXT ·initialize(SB), $0-16
- MOVQ state+0(FP), DI
- MOVQ key+8(FP), SI
-
- // state[0...7] is initialized with zero
- MOVOU 0(SI), X0
- MOVOU 16(SI), X1
- MOVOU ·poly1305Mask<>(SB), X2
- PAND X2, X0
- MOVOU X0, 24(DI)
- MOVOU X1, 40(DI)
- RET
-
-// func finalize(tag *[TagSize]byte, state *[7]uint64)
-TEXT ·finalize(SB), $0-16
- MOVQ tag+0(FP), DI
- MOVQ state+8(FP), SI
-
- MOVQ 0(SI), AX
- MOVQ 8(SI), BX
- MOVQ 16(SI), CX
- MOVQ AX, R8
- MOVQ BX, R9
- SUBQ $0xFFFFFFFFFFFFFFFB, AX
- SBBQ $0xFFFFFFFFFFFFFFFF, BX
- SBBQ $3, CX
- CMOVQCS R8, AX
- CMOVQCS R9, BX
- ADDQ 40(SI), AX
- ADCQ 48(SI), BX
-
- MOVQ AX, 0(DI)
- MOVQ BX, 8(DI)
- RET
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_arm.go b/src/vendor/golang.org/x/crypto/poly1305/sum_arm.go
index 5dc321c..6e695e4 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_arm.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_arm.go
@@ -6,14 +6,11 @@
package poly1305
-// This function is implemented in sum_arm.s
+// poly1305_auth_armv6 is implemented in sum_arm.s
//go:noescape
func poly1305_auth_armv6(out *[16]byte, m *byte, mlen uint32, key *[32]byte)
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
+func sum(out *[16]byte, m []byte, key *[32]byte) {
var mPtr *byte
if len(m) > 0 {
mPtr = &m[0]
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/src/vendor/golang.org/x/crypto/poly1305/sum_generic.go
index bab76ef..1187eab 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_generic.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_generic.go
@@ -2,18 +2,29 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+// This file provides the generic implementation of Sum and MAC. Other files
+// might provide optimized assembly implementations of some of this code.
+
package poly1305
import "encoding/binary"
-const (
- msgBlock = uint32(1 << 24)
- finalBlock = uint32(0)
-)
+// Poly1305 [RFC 7539] is a relatively simple algorithm: the authentication tag
+// for a 64 bytes message is approximately
+//
+// s + m[0:16] * r⁴ + m[16:32] * r³ + m[32:48] * r² + m[48:64] * r mod 2¹³⁰ - 5
+//
+// for some secret r and s. It can be computed sequentially like
+//
+// for len(msg) > 0:
+// h += read(msg, 16)
+// h *= r
+// h %= 2¹³⁰ - 5
+// return h + s
+//
+// All the complexity is about doing performant constant-time math on numbers
+// larger than any available numeric type.
-// sumGeneric generates an authenticator for msg using a one-time key and
-// puts the 16-byte result into out. This is the generic implementation of
-// Sum and should be called if no assembly implementation is available.
func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) {
h := newMACGeneric(key)
h.Write(msg)
@@ -21,152 +32,276 @@
}
func newMACGeneric(key *[32]byte) (h macGeneric) {
- h.r[0] = binary.LittleEndian.Uint32(key[0:]) & 0x3ffffff
- h.r[1] = (binary.LittleEndian.Uint32(key[3:]) >> 2) & 0x3ffff03
- h.r[2] = (binary.LittleEndian.Uint32(key[6:]) >> 4) & 0x3ffc0ff
- h.r[3] = (binary.LittleEndian.Uint32(key[9:]) >> 6) & 0x3f03fff
- h.r[4] = (binary.LittleEndian.Uint32(key[12:]) >> 8) & 0x00fffff
-
- h.s[0] = binary.LittleEndian.Uint32(key[16:])
- h.s[1] = binary.LittleEndian.Uint32(key[20:])
- h.s[2] = binary.LittleEndian.Uint32(key[24:])
- h.s[3] = binary.LittleEndian.Uint32(key[28:])
+ initialize(key, &h.r, &h.s)
return
}
+// macState holds numbers in saturated 64-bit little-endian limbs. That is,
+// the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸.
+type macState struct {
+ // h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but
+ // can grow larger during and after rounds.
+ h [3]uint64
+ // r and s are the private key components.
+ r [2]uint64
+ s [2]uint64
+}
+
type macGeneric struct {
- h, r [5]uint32
- s [4]uint32
+ macState
buffer [TagSize]byte
offset int
}
-func (h *macGeneric) Write(p []byte) (n int, err error) {
- n = len(p)
+// Write splits the incoming message into TagSize chunks, and passes them to
+// update. It buffers incomplete chunks.
+func (h *macGeneric) Write(p []byte) (int, error) {
+ nn := len(p)
if h.offset > 0 {
- remaining := TagSize - h.offset
- if n < remaining {
- h.offset += copy(h.buffer[h.offset:], p)
- return n, nil
+ n := copy(h.buffer[h.offset:], p)
+ if h.offset+n < TagSize {
+ h.offset += n
+ return nn, nil
}
- copy(h.buffer[h.offset:], p[:remaining])
- p = p[remaining:]
+ p = p[n:]
h.offset = 0
- updateGeneric(h.buffer[:], msgBlock, &(h.h), &(h.r))
+ updateGeneric(&h.macState, h.buffer[:])
}
- if nn := len(p) - (len(p) % TagSize); nn > 0 {
- updateGeneric(p, msgBlock, &(h.h), &(h.r))
- p = p[nn:]
+ if n := len(p) - (len(p) % TagSize); n > 0 {
+ updateGeneric(&h.macState, p[:n])
+ p = p[n:]
}
if len(p) > 0 {
h.offset += copy(h.buffer[h.offset:], p)
}
- return n, nil
+ return nn, nil
}
-func (h *macGeneric) Sum(out *[16]byte) {
- H, R := h.h, h.r
+// Sum flushes the last incomplete chunk from the buffer, if any, and generates
+// the MAC output. It does not modify its state, in order to allow for multiple
+// calls to Sum, even if no Write is allowed after Sum.
+func (h *macGeneric) Sum(out *[TagSize]byte) {
+ state := h.macState
if h.offset > 0 {
- var buffer [TagSize]byte
- copy(buffer[:], h.buffer[:h.offset])
- buffer[h.offset] = 1 // invariant: h.offset < TagSize
- updateGeneric(buffer[:], finalBlock, &H, &R)
+ updateGeneric(&state, h.buffer[:h.offset])
}
- finalizeGeneric(out, &H, &(h.s))
+ finalize(out, &state.h, &state.s)
}
-func updateGeneric(msg []byte, flag uint32, h, r *[5]uint32) {
- h0, h1, h2, h3, h4 := h[0], h[1], h[2], h[3], h[4]
- r0, r1, r2, r3, r4 := uint64(r[0]), uint64(r[1]), uint64(r[2]), uint64(r[3]), uint64(r[4])
- R1, R2, R3, R4 := r1*5, r2*5, r3*5, r4*5
+// [rMask0, rMask1] is the specified Poly1305 clamping mask in little-endian. It
+// clears some bits of the secret coefficient to make it possible to implement
+// multiplication more efficiently.
+const (
+ rMask0 = 0x0FFFFFFC0FFFFFFF
+ rMask1 = 0x0FFFFFFC0FFFFFFC
+)
- for len(msg) >= TagSize {
- // h += msg
- h0 += binary.LittleEndian.Uint32(msg[0:]) & 0x3ffffff
- h1 += (binary.LittleEndian.Uint32(msg[3:]) >> 2) & 0x3ffffff
- h2 += (binary.LittleEndian.Uint32(msg[6:]) >> 4) & 0x3ffffff
- h3 += (binary.LittleEndian.Uint32(msg[9:]) >> 6) & 0x3ffffff
- h4 += (binary.LittleEndian.Uint32(msg[12:]) >> 8) | flag
-
- // h *= r
- d0 := (uint64(h0) * r0) + (uint64(h1) * R4) + (uint64(h2) * R3) + (uint64(h3) * R2) + (uint64(h4) * R1)
- d1 := (d0 >> 26) + (uint64(h0) * r1) + (uint64(h1) * r0) + (uint64(h2) * R4) + (uint64(h3) * R3) + (uint64(h4) * R2)
- d2 := (d1 >> 26) + (uint64(h0) * r2) + (uint64(h1) * r1) + (uint64(h2) * r0) + (uint64(h3) * R4) + (uint64(h4) * R3)
- d3 := (d2 >> 26) + (uint64(h0) * r3) + (uint64(h1) * r2) + (uint64(h2) * r1) + (uint64(h3) * r0) + (uint64(h4) * R4)
- d4 := (d3 >> 26) + (uint64(h0) * r4) + (uint64(h1) * r3) + (uint64(h2) * r2) + (uint64(h3) * r1) + (uint64(h4) * r0)
-
- // h %= p
- h0 = uint32(d0) & 0x3ffffff
- h1 = uint32(d1) & 0x3ffffff
- h2 = uint32(d2) & 0x3ffffff
- h3 = uint32(d3) & 0x3ffffff
- h4 = uint32(d4) & 0x3ffffff
-
- h0 += uint32(d4>>26) * 5
- h1 += h0 >> 26
- h0 = h0 & 0x3ffffff
-
- msg = msg[TagSize:]
- }
-
- h[0], h[1], h[2], h[3], h[4] = h0, h1, h2, h3, h4
+func initialize(key *[32]byte, r, s *[2]uint64) {
+ r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0
+ r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1
+ s[0] = binary.LittleEndian.Uint64(key[16:24])
+ s[1] = binary.LittleEndian.Uint64(key[24:32])
}
-func finalizeGeneric(out *[TagSize]byte, h *[5]uint32, s *[4]uint32) {
- h0, h1, h2, h3, h4 := h[0], h[1], h[2], h[3], h[4]
+// uint128 holds a 128-bit number as two 64-bit limbs, for use with the
+// bits.Mul64 and bits.Add64 intrinsics.
+type uint128 struct {
+ lo, hi uint64
+}
- // h %= p reduction
- h2 += h1 >> 26
- h1 &= 0x3ffffff
- h3 += h2 >> 26
- h2 &= 0x3ffffff
- h4 += h3 >> 26
- h3 &= 0x3ffffff
- h0 += 5 * (h4 >> 26)
- h4 &= 0x3ffffff
- h1 += h0 >> 26
- h0 &= 0x3ffffff
+func mul64(a, b uint64) uint128 {
+ hi, lo := bitsMul64(a, b)
+ return uint128{lo, hi}
+}
- // h - p
- t0 := h0 + 5
- t1 := h1 + (t0 >> 26)
- t2 := h2 + (t1 >> 26)
- t3 := h3 + (t2 >> 26)
- t4 := h4 + (t3 >> 26) - (1 << 26)
- t0 &= 0x3ffffff
- t1 &= 0x3ffffff
- t2 &= 0x3ffffff
- t3 &= 0x3ffffff
+func add128(a, b uint128) uint128 {
+ lo, c := bitsAdd64(a.lo, b.lo, 0)
+ hi, c := bitsAdd64(a.hi, b.hi, c)
+ if c != 0 {
+ panic("poly1305: unexpected overflow")
+ }
+ return uint128{lo, hi}
+}
- // select h if h < p else h - p
- t_mask := (t4 >> 31) - 1
- h_mask := ^t_mask
- h0 = (h0 & h_mask) | (t0 & t_mask)
- h1 = (h1 & h_mask) | (t1 & t_mask)
- h2 = (h2 & h_mask) | (t2 & t_mask)
- h3 = (h3 & h_mask) | (t3 & t_mask)
- h4 = (h4 & h_mask) | (t4 & t_mask)
+func shiftRightBy2(a uint128) uint128 {
+ a.lo = a.lo>>2 | (a.hi&3)<<62
+ a.hi = a.hi >> 2
+ return a
+}
- // h %= 2^128
- h0 |= h1 << 26
- h1 = ((h1 >> 6) | (h2 << 20))
- h2 = ((h2 >> 12) | (h3 << 14))
- h3 = ((h3 >> 18) | (h4 << 8))
+// updateGeneric absorbs msg into the state.h accumulator. For each chunk m of
+// 128 bits of message, it computes
+//
+// h₊ = (h + m) * r mod 2¹³⁰ - 5
+//
+// If the msg length is not a multiple of TagSize, it assumes the last
+// incomplete chunk is the final one.
+func updateGeneric(state *macState, msg []byte) {
+ h0, h1, h2 := state.h[0], state.h[1], state.h[2]
+ r0, r1 := state.r[0], state.r[1]
- // s: the s part of the key
- // tag = (h + s) % (2^128)
- t := uint64(h0) + uint64(s[0])
- h0 = uint32(t)
- t = uint64(h1) + uint64(s[1]) + (t >> 32)
- h1 = uint32(t)
- t = uint64(h2) + uint64(s[2]) + (t >> 32)
- h2 = uint32(t)
- t = uint64(h3) + uint64(s[3]) + (t >> 32)
- h3 = uint32(t)
+ for len(msg) > 0 {
+ var c uint64
- binary.LittleEndian.PutUint32(out[0:], h0)
- binary.LittleEndian.PutUint32(out[4:], h1)
- binary.LittleEndian.PutUint32(out[8:], h2)
- binary.LittleEndian.PutUint32(out[12:], h3)
+ // For the first step, h + m, we use a chain of bits.Add64 intrinsics.
+ // The resulting value of h might exceed 2¹³⁰ - 5, but will be partially
+ // reduced at the end of the multiplication below.
+ //
+ // The spec requires us to set a bit just above the message size, not to
+ // hide leading zeroes. For full chunks, that's 1 << 128, so we can just
+ // add 1 to the most significant (2¹²⁸) limb, h2.
+ if len(msg) >= TagSize {
+ h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(msg[0:8]), 0)
+ h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(msg[8:16]), c)
+ h2 += c + 1
+
+ msg = msg[TagSize:]
+ } else {
+ var buf [TagSize]byte
+ copy(buf[:], msg)
+ buf[len(msg)] = 1
+
+ h0, c = bitsAdd64(h0, binary.LittleEndian.Uint64(buf[0:8]), 0)
+ h1, c = bitsAdd64(h1, binary.LittleEndian.Uint64(buf[8:16]), c)
+ h2 += c
+
+ msg = nil
+ }
+
+ // Multiplication of big number limbs is similar to elementary school
+ // columnar multiplication. Instead of digits, there are 64-bit limbs.
+ //
+ // We are multiplying a 3 limbs number, h, by a 2 limbs number, r.
+ //
+ // h2 h1 h0 x
+ // r1 r0 =
+ // ----------------
+ // h2r0 h1r0 h0r0 <-- individual 128-bit products
+ // + h2r1 h1r1 h0r1
+ // ------------------------
+ // m3 m2 m1 m0 <-- result in 128-bit overlapping limbs
+ // ------------------------
+ // m3.hi m2.hi m1.hi m0.hi <-- carry propagation
+ // + m3.lo m2.lo m1.lo m0.lo
+ // -------------------------------
+ // t4 t3 t2 t1 t0 <-- final result in 64-bit limbs
+ //
+ // The main difference from pen-and-paper multiplication is that we do
+ // carry propagation in a separate step, as if we wrote two digit sums
+ // at first (the 128-bit limbs), and then carried the tens all at once.
+
+ h0r0 := mul64(h0, r0)
+ h1r0 := mul64(h1, r0)
+ h2r0 := mul64(h2, r0)
+ h0r1 := mul64(h0, r1)
+ h1r1 := mul64(h1, r1)
+ h2r1 := mul64(h2, r1)
+
+ // Since h2 is known to be at most 7 (5 + 1 + 1), and r0 and r1 have their
+ // top 4 bits cleared by rMask{0,1}, we know that their product is not going
+ // to overflow 64 bits, so we can ignore the high part of the products.
+ //
+ // This also means that the product doesn't have a fifth limb (t4).
+ if h2r0.hi != 0 {
+ panic("poly1305: unexpected overflow")
+ }
+ if h2r1.hi != 0 {
+ panic("poly1305: unexpected overflow")
+ }
+
+ m0 := h0r0
+ m1 := add128(h1r0, h0r1) // These two additions don't overflow thanks again
+ m2 := add128(h2r0, h1r1) // to the 4 masked bits at the top of r0 and r1.
+ m3 := h2r1
+
+ t0 := m0.lo
+ t1, c := bitsAdd64(m1.lo, m0.hi, 0)
+ t2, c := bitsAdd64(m2.lo, m1.hi, c)
+ t3, _ := bitsAdd64(m3.lo, m2.hi, c)
+
+ // Now we have the result as 4 64-bit limbs, and we need to reduce it
+ // modulo 2¹³⁰ - 5. The special shape of this Crandall prime lets us do
+ // a cheap partial reduction according to the reduction identity
+ //
+ // c * 2¹³⁰ + n = c * 5 + n mod 2¹³⁰ - 5
+ //
+ // because 2¹³⁰ = 5 mod 2¹³⁰ - 5. Partial reduction since the result is
+ // likely to be larger than 2¹³⁰ - 5, but still small enough to fit the
+ // assumptions we make about h in the rest of the code.
+ //
+ // See also https://speakerdeck.com/gtank/engineering-prime-numbers?slide=23
+
+ // We split the final result at the 2¹³⁰ mark into h and cc, the carry.
+ // Note that the carry bits are effectively shifted left by 2, in other
+ // words, cc = c * 4 for the c in the reduction identity.
+ h0, h1, h2 = t0, t1, t2&maskLow2Bits
+ cc := uint128{t2 & maskNotLow2Bits, t3}
+
+ // To add c * 5 to h, we first add cc = c * 4, and then add (cc >> 2) = c.
+
+ h0, c = bitsAdd64(h0, cc.lo, 0)
+ h1, c = bitsAdd64(h1, cc.hi, c)
+ h2 += c
+
+ cc = shiftRightBy2(cc)
+
+ h0, c = bitsAdd64(h0, cc.lo, 0)
+ h1, c = bitsAdd64(h1, cc.hi, c)
+ h2 += c
+
+ // h2 is at most 3 + 1 + 1 = 5, making the whole of h at most
+ //
+ // 5 * 2¹²⁸ + (2¹²⁸ - 1) = 6 * 2¹²⁸ - 1
+ }
+
+ state.h[0], state.h[1], state.h[2] = h0, h1, h2
+}
+
+const (
+ maskLow2Bits uint64 = 0x0000000000000003
+ maskNotLow2Bits uint64 = ^maskLow2Bits
+)
+
+// select64 returns x if v == 1 and y if v == 0, in constant time.
+func select64(v, x, y uint64) uint64 { return ^(v-1)&x | (v-1)&y }
+
+// [p0, p1, p2] is 2¹³⁰ - 5 in little endian order.
+const (
+ p0 = 0xFFFFFFFFFFFFFFFB
+ p1 = 0xFFFFFFFFFFFFFFFF
+ p2 = 0x0000000000000003
+)
+
+// finalize completes the modular reduction of h and computes
+//
+// out = h + s mod 2¹²⁸
+//
+func finalize(out *[TagSize]byte, h *[3]uint64, s *[2]uint64) {
+ h0, h1, h2 := h[0], h[1], h[2]
+
+ // After the partial reduction in updateGeneric, h might be more than
+ // 2¹³⁰ - 5, but will be less than 2 * (2¹³⁰ - 5). To complete the reduction
+ // in constant time, we compute t = h - (2¹³⁰ - 5), and select h as the
+ // result if the subtraction underflows, and t otherwise.
+
+ hMinusP0, b := bitsSub64(h0, p0, 0)
+ hMinusP1, b := bitsSub64(h1, p1, b)
+ _, b = bitsSub64(h2, p2, b)
+
+ // h = h if h < p else h - p
+ h0 = select64(b, h0, hMinusP0)
+ h1 = select64(b, h1, hMinusP1)
+
+ // Finally, we compute the last Poly1305 step
+ //
+ // tag = h + s mod 2¹²⁸
+ //
+ // by just doing a wide addition with the 128 low bits of h and discarding
+ // the overflow.
+ h0, c := bitsAdd64(h0, s[0], 0)
+ h1, _ = bitsAdd64(h1, s[1], c)
+
+ binary.LittleEndian.PutUint64(out[0:8], h0)
+ binary.LittleEndian.PutUint64(out[8:16], h1)
}
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/src/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
index 8a9c207..1682eda 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_noasm.go
@@ -6,10 +6,7 @@
package poly1305
-// Sum generates an authenticator for msg using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
+func sum(out *[TagSize]byte, msg []byte, key *[32]byte) {
h := newMAC(key)
h.Write(msg)
h.Sum(out)
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
index 2402b63..3233616 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go
@@ -7,62 +7,52 @@
package poly1305
//go:noescape
-func initialize(state *[7]uint64, key *[32]byte)
+func update(state *macState, msg []byte)
-//go:noescape
-func update(state *[7]uint64, msg []byte)
-
-//go:noescape
-func finalize(tag *[TagSize]byte, state *[7]uint64)
-
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
+func sum(out *[16]byte, m []byte, key *[32]byte) {
h := newMAC(key)
h.Write(m)
h.Sum(out)
}
func newMAC(key *[32]byte) (h mac) {
- initialize(&h.state, key)
+ initialize(key, &h.r, &h.s)
return
}
-type mac struct {
- state [7]uint64 // := uint64{ h0, h1, h2, r0, r1, pad0, pad1 }
+// mac is a wrapper for macGeneric that redirects calls that would have gone to
+// updateGeneric to update.
+//
+// Its Write and Sum methods are otherwise identical to the macGeneric ones, but
+// using function pointers would carry a major performance cost.
+type mac struct{ macGeneric }
- buffer [TagSize]byte
- offset int
-}
-
-func (h *mac) Write(p []byte) (n int, err error) {
- n = len(p)
+func (h *mac) Write(p []byte) (int, error) {
+ nn := len(p)
if h.offset > 0 {
- remaining := TagSize - h.offset
- if n < remaining {
- h.offset += copy(h.buffer[h.offset:], p)
- return n, nil
+ n := copy(h.buffer[h.offset:], p)
+ if h.offset+n < TagSize {
+ h.offset += n
+ return nn, nil
}
- copy(h.buffer[h.offset:], p[:remaining])
- p = p[remaining:]
+ p = p[n:]
h.offset = 0
- update(&h.state, h.buffer[:])
+ update(&h.macState, h.buffer[:])
}
- if nn := len(p) - (len(p) % TagSize); nn > 0 {
- update(&h.state, p[:nn])
- p = p[nn:]
+ if n := len(p) - (len(p) % TagSize); n > 0 {
+ update(&h.macState, p[:n])
+ p = p[n:]
}
if len(p) > 0 {
h.offset += copy(h.buffer[h.offset:], p)
}
- return n, nil
+ return nn, nil
}
func (h *mac) Sum(out *[16]byte) {
- state := h.state
+ state := h.macState
if h.offset > 0 {
update(&state, h.buffer[:h.offset])
}
- finalize(out, &state)
+ finalize(out, &state.h, &state.s)
}
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
index 55c7167..4e20bf2 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s
@@ -58,7 +58,6 @@
GLOBL ·poly1305Mask<>(SB), RODATA, $16
// func update(state *[7]uint64, msg []byte)
-
TEXT ·update(SB), $0-32
MOVD state+0(FP), R3
MOVD msg_base+8(FP), R4
@@ -180,68 +179,3 @@
MOVD R9, 8(R3)
MOVD R10, 16(R3)
RET
-
-// func initialize(state *[7]uint64, key *[32]byte)
-TEXT ·initialize(SB), $0-16
- MOVD state+0(FP), R3
- MOVD key+8(FP), R4
-
- // state[0...7] is initialized with zero
- // Load key
- MOVD 0(R4), R5
- MOVD 8(R4), R6
- MOVD 16(R4), R7
- MOVD 24(R4), R8
-
- // Address of key mask
- MOVD $·poly1305Mask<>(SB), R9
-
- // Save original key in state
- MOVD R7, 40(R3)
- MOVD R8, 48(R3)
-
- // Get mask
- MOVD (R9), R7
- MOVD 8(R9), R8
-
- // And with key
- AND R5, R7, R5
- AND R6, R8, R6
-
- // Save masked key in state
- MOVD R5, 24(R3)
- MOVD R6, 32(R3)
- RET
-
-// func finalize(tag *[TagSize]byte, state *[7]uint64)
-TEXT ·finalize(SB), $0-16
- MOVD tag+0(FP), R3
- MOVD state+8(FP), R4
-
- // Get h0, h1, h2 from state
- MOVD 0(R4), R5
- MOVD 8(R4), R6
- MOVD 16(R4), R7
-
- // Save h0, h1
- MOVD R5, R8
- MOVD R6, R9
- MOVD $3, R20
- MOVD $-1, R21
- SUBC $-5, R5
- SUBE R21, R6
- SUBE R20, R7
- MOVD $0, R21
- SUBZE R21
-
- // Check for carry
- CMP $0, R21
- ISEL $2, R5, R8, R5
- ISEL $2, R6, R9, R6
- MOVD 40(R4), R8
- MOVD 48(R4), R9
- ADDC R8, R5
- ADDE R9, R6
- MOVD R5, 0(R3)
- MOVD R6, 8(R3)
- RET
diff --git a/src/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/src/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
index ec99e07..a8920ee 100644
--- a/src/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
+++ b/src/vendor/golang.org/x/crypto/poly1305/sum_s390x.go
@@ -22,10 +22,7 @@
//go:noescape
func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte)
-// Sum generates an authenticator for m using a one-time key and puts the
-// 16-byte result into out. Authenticating two different messages with the same
-// key allows an attacker to forge messages at will.
-func Sum(out *[16]byte, m []byte, key *[32]byte) {
+func sum(out *[16]byte, m []byte, key *[32]byte) {
if cpu.S390X.HasVX {
var mPtr *byte
if len(m) > 0 {
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index d69a991..88ea5f1 100644
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -1,11 +1,11 @@
-# golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8
+# golang.org/x/crypto v0.0.0-20191111213947-16651526fdb4
## explicit
+golang.org/x/crypto/chacha20
golang.org/x/crypto/chacha20poly1305
golang.org/x/crypto/cryptobyte
golang.org/x/crypto/cryptobyte/asn1
golang.org/x/crypto/curve25519
golang.org/x/crypto/hkdf
-golang.org/x/crypto/internal/chacha20
golang.org/x/crypto/internal/subtle
golang.org/x/crypto/poly1305
# golang.org/x/net v0.0.0-20191105084925-a882066a44e0
diff --git a/test/fixedbugs/bug302.go b/test/fixedbugs/bug302.go
index c763b87..87f9d4e 100644
--- a/test/fixedbugs/bug302.go
+++ b/test/fixedbugs/bug302.go
@@ -9,22 +9,34 @@
import (
"fmt"
+ "io/ioutil"
"os"
"os/exec"
"path/filepath"
)
+var tmpDir string
+
func main() {
- run("go", "tool", "compile", filepath.Join("fixedbugs", "bug302.dir", "p.go"))
+ fb, err := filepath.Abs("fixedbugs")
+ if err == nil {
+ tmpDir, err = ioutil.TempDir("", "bug302")
+ }
+ if err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+ defer os.RemoveAll(tmpDir)
+
+ run("go", "tool", "compile", filepath.Join(fb, "bug302.dir", "p.go"))
run("go", "tool", "pack", "grc", "pp.a", "p.o")
- run("go", "tool", "compile", "-I", ".", filepath.Join("fixedbugs", "bug302.dir", "main.go"))
- os.Remove("p.o")
- os.Remove("pp.a")
- os.Remove("main.o")
+ run("go", "tool", "compile", "-I", ".", filepath.Join(fb, "bug302.dir", "main.go"))
}
func run(cmd string, args ...string) {
- out, err := exec.Command(cmd, args...).CombinedOutput()
+ c := exec.Command(cmd, args...)
+ c.Dir = tmpDir
+ out, err := c.CombinedOutput()
if err != nil {
fmt.Println(string(out))
fmt.Println(err)
diff --git a/test/fixedbugs/bug369.go b/test/fixedbugs/bug369.go
index e2a1147..9316f7a 100644
--- a/test/fixedbugs/bug369.go
+++ b/test/fixedbugs/bug369.go
@@ -11,6 +11,7 @@
import (
"fmt"
+ "io/ioutil"
"os"
"os/exec"
"path/filepath"
@@ -20,16 +21,19 @@
err := os.Chdir(filepath.Join(".", "fixedbugs", "bug369.dir"))
check(err)
- run("go", "tool", "compile", "-N", "-o", "slow.o", "pkg.go")
- run("go", "tool", "compile", "-o", "fast.o", "pkg.go")
- run("go", "tool", "compile", "-o", "main.o", "main.go")
- run("go", "tool", "link", "-o", "a.exe", "main.o")
- run("." + string(filepath.Separator) + "a.exe")
+ tmpDir, err := ioutil.TempDir("", "bug369")
+ check(err)
+ defer os.RemoveAll(tmpDir)
- os.Remove("slow.o")
- os.Remove("fast.o")
- os.Remove("main.o")
- os.Remove("a.exe")
+ tmp := func(name string) string {
+ return filepath.Join(tmpDir, name)
+ }
+
+ run("go", "tool", "compile", "-N", "-o", tmp("slow.o"), "pkg.go")
+ run("go", "tool", "compile", "-o", tmp("fast.o"), "pkg.go")
+ run("go", "tool", "compile", "-D", tmpDir, "-o", tmp("main.o"), "main.go")
+ run("go", "tool", "link", "-o", tmp("a.exe"), tmp("main.o"))
+ run(tmp("a.exe"))
}
func run(name string, args ...string) {
diff --git a/test/fixedbugs/issue35518.go b/test/fixedbugs/issue35518.go
new file mode 100644
index 0000000..52a0ae7
--- /dev/null
+++ b/test/fixedbugs/issue35518.go
@@ -0,0 +1,44 @@
+// errorcheck -0 -l -m=2
+
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This test makes sure that -m=2's escape analysis diagnostics don't
+// go into an infinite loop when handling negative dereference
+// cycles. The critical thing being tested here is that compilation
+// succeeds ("errorcheck -0"), not any particular diagnostic output,
+// hence the very lax ERROR patterns below.
+
+package p
+
+type Node struct {
+ Orig *Node
+}
+
+var sink *Node
+
+func f1() {
+ var n Node // ERROR "."
+ n.Orig = &n
+
+ m := n // ERROR "."
+ sink = &m
+}
+
+func f2() {
+ var n1, n2 Node // ERROR "."
+ n1.Orig = &n2
+ n2 = n1
+
+ m := n2 // ERROR "."
+ sink = &m
+}
+
+func f3() {
+ var n1, n2 Node // ERROR "."
+ n1.Orig = &n1
+ n1.Orig = &n2
+
+ sink = n1.Orig.Orig
+}
diff --git a/test/fixedbugs/issue9355.go b/test/fixedbugs/issue9355.go
index 9657e64..be0659c 100644
--- a/test/fixedbugs/issue9355.go
+++ b/test/fixedbugs/issue9355.go
@@ -23,8 +23,7 @@
err := os.Chdir(filepath.Join("fixedbugs", "issue9355.dir"))
check(err)
- out := run("go", "tool", "compile", "-S", "a.go")
- os.Remove("a.o")
+ out := run("go", "tool", "compile", "-o", os.DevNull, "-S", "a.go")
// 6g/8g print the offset as dec, but 5g/9g print the offset as hex.
patterns := []string{
diff --git a/test/linkmain_run.go b/test/linkmain_run.go
index 68d53e8..077f7ee 100644
--- a/test/linkmain_run.go
+++ b/test/linkmain_run.go
@@ -11,21 +11,21 @@
import (
"fmt"
+ "io/ioutil"
"os"
"os/exec"
+ "path/filepath"
"strings"
)
+var tmpDir string
+
func cleanup() {
- os.Remove("linkmain.o")
- os.Remove("linkmain.a")
- os.Remove("linkmain1.o")
- os.Remove("linkmain1.a")
- os.Remove("linkmain.exe")
+ os.RemoveAll(tmpDir)
}
-func run(cmdline string) {
- args := strings.Fields(cmdline)
+func run(cmdline ...string) {
+ args := strings.Fields(strings.Join(cmdline, " "))
cmd := exec.Command(args[0], args[1:]...)
out, err := cmd.CombinedOutput()
if err != nil {
@@ -37,8 +37,8 @@
}
}
-func runFail(cmdline string) {
- args := strings.Fields(cmdline)
+func runFail(cmdline ...string) {
+ args := strings.Fields(strings.Join(cmdline, " "))
cmd := exec.Command(args[0], args[1:]...)
out, err := cmd.CombinedOutput()
if err == nil {
@@ -51,16 +51,26 @@
}
func main() {
+ var err error
+ tmpDir, err = ioutil.TempDir("", "")
+ if err != nil {
+ fmt.Println(err)
+ os.Exit(1)
+ }
+ tmp := func(name string) string {
+ return filepath.Join(tmpDir, name)
+ }
+
// helloworld.go is package main
- run("go tool compile -o linkmain.o helloworld.go")
- run("go tool compile -pack -o linkmain.a helloworld.go")
- run("go tool link -o linkmain.exe linkmain.o")
- run("go tool link -o linkmain.exe linkmain.a")
+ run("go tool compile -o", tmp("linkmain.o"), "helloworld.go")
+ run("go tool compile -pack -o", tmp("linkmain.a"), "helloworld.go")
+ run("go tool link -o", tmp("linkmain.exe"), tmp("linkmain.o"))
+ run("go tool link -o", tmp("linkmain.exe"), tmp("linkmain.a"))
// linkmain.go is not
- run("go tool compile -o linkmain1.o linkmain.go")
- run("go tool compile -pack -o linkmain1.a linkmain.go")
- runFail("go tool link -o linkmain.exe linkmain1.o")
- runFail("go tool link -o linkmain.exe linkmain1.a")
+ run("go tool compile -o", tmp("linkmain1.o"), "linkmain.go")
+ run("go tool compile -pack -o", tmp("linkmain1.a"), "linkmain.go")
+ runFail("go tool link -o", tmp("linkmain.exe"), tmp("linkmain1.o"))
+ runFail("go tool link -o", tmp("linkmain.exe"), tmp("linkmain1.a"))
cleanup()
}
diff --git a/test/sinit_run.go b/test/sinit_run.go
index fdd19c4..afd15ff 100644
--- a/test/sinit_run.go
+++ b/test/sinit_run.go
@@ -17,15 +17,18 @@
)
func main() {
- cmd := exec.Command("go", "tool", "compile", "-S", "sinit.go")
+ cmd := exec.Command("go", "tool", "compile", "-o", os.DevNull, "-S", "sinit.go")
out, err := cmd.CombinedOutput()
if err != nil {
fmt.Println(string(out))
fmt.Println(err)
os.Exit(1)
}
- os.Remove("sinit.o")
+ if len(bytes.TrimSpace(out)) == 0 {
+ fmt.Println("'go tool compile -S sinit.go' printed no output")
+ os.Exit(1)
+ }
if bytes.Contains(out, []byte("initdone")) {
fmt.Println("sinit generated an init function")
os.Exit(1)
