kris
/
th5
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Alternative TLS implementation in Go
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
561 Commits
3 Branches
2.6 MiB
Tree: 12f7b294ba
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '12f7b294ba'
${ noResults }
th5/conn_test.go

conn_test.go 10 KiB
Raw Normal View History

crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: fix first byte test for 255 CBC padding bytes The BadCBCPadding255 test from bogo failed because at most 255 trailing bytes were checked, but for a padding of 255 there are 255 padding bytes plus 1 length byte with value 255. Change-Id: I7dd237c013d2c7c8599067246e31b7ba93106cf7 Reviewed-on: https://go-review.googlesource.com/68070 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: fix first byte test for 255 CBC padding bytes The BadCBCPadding255 test from bogo failed because at most 255 trailing bytes were checked, but for a padding of 255 there are 255 padding bytes plus 1 length byte with value 255. Change-Id: I7dd237c013d2c7c8599067246e31b7ba93106cf7 Reviewed-on: https://go-review.googlesource.com/68070 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: fix first byte test for 255 CBC padding bytes The BadCBCPadding255 test from bogo failed because at most 255 trailing bytes were checked, but for a padding of 255 there are 255 padding bytes plus 1 length byte with value 255. Change-Id: I7dd237c013d2c7c8599067246e31b7ba93106cf7 Reviewed-on: https://go-review.googlesource.com/68070 Reviewed-by: Adam Langley <agl@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: implement countermeasures against CBC padding oracles The aim is to make the decrypt() timing profile constant, irrespective of the CBC padding length or correctness. The old algorithm, on valid padding, would only MAC bytes up to the padding length threshold, making CBC ciphersuites vulnerable to plaintext recovery attacks as presented in the "Lucky Thirteen" paper. The new algorithm Write()s to the MAC all supposed payload, performs a constant time Sum()---which required implementing a constant time Sum() in crypto/sha1, see the "Lucky Microseconds" paper---and then Write()s the rest of the data. This is performed whether the padding is good or not. This should have no explicit secret-dependent timings, but it does NOT attempt to normalize memory accesses to prevent cache timing leaks. Updates #13385 Change-Id: I15d91dc3cc6eefc1d44f317f72ff8feb0a9888f7 Reviewed-on: https://go-review.googlesource.com/18130 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
8 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
tls: fix argument mistake in Error call. R=agl, agl1, rsc CC=golang-dev https://golang.org/cl/3753041
14 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: implement countermeasures against CBC padding oracles The aim is to make the decrypt() timing profile constant, irrespective of the CBC padding length or correctness. The old algorithm, on valid padding, would only MAC bytes up to the padding length threshold, making CBC ciphersuites vulnerable to plaintext recovery attacks as presented in the "Lucky Thirteen" paper. The new algorithm Write()s to the MAC all supposed payload, performs a constant time Sum()---which required implementing a constant time Sum() in crypto/sha1, see the "Lucky Microseconds" paper---and then Write()s the rest of the data. This is performed whether the padding is good or not. This should have no explicit secret-dependent timings, but it does NOT attempt to normalize memory accesses to prevent cache timing leaks. Updates #13385 Change-Id: I15d91dc3cc6eefc1d44f317f72ff8feb0a9888f7 Reviewed-on: https://go-review.googlesource.com/18130 Run-TryBot: Russ Cox <rsc@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
8 years ago
crypto/tls: support CBC ciphers This is largely based on ality's CL 2747042. crypto/rc4: API break in order to conform to crypto/cipher's Stream interface cipher/cipher: promote to the default build Since CBC differs between TLS 1.0 and 1.1, we downgrade and support only 1.0 at the current time. 1.0 is what most of the world uses. Given this CL, it would be trival to add support for AES 256, SHA 256 etc, but I haven't in order to keep the change smaller. R=rsc CC=ality, golang-dev https://golang.org/cl/3659041
14 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/x509: require a NULL parameters for RSA public keys. The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
8 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/x509: require a NULL parameters for RSA public keys. The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
8 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/x509: require a NULL parameters for RSA public keys. The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
8 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/x509: require a NULL parameters for RSA public keys. The RFC is clear that the Parameters in an AlgorithmIdentifer for an RSA public key must be NULL. BoringSSL enforces this so we have strong evidence that this is a widely compatible change. Embarrassingly enough, the major source of violations of this is us. Go used to get this correct in only one of two places. This was only fixed in 2013 (with 4874bc9b). That's why lots of test certificates are updated in this change. Fixes #16166. Change-Id: Ib9a4551349354c66e730d44eb8cee4ec402ea8ab Reviewed-on: https://go-review.googlesource.com/27312 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
8 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: Added dynamic alternative to NameToCertificate map for SNI Revised version of https://golang.org/cl/81260045/ LGTM=agl R=golang-codereviews, gobot, agl, ox CC=golang-codereviews https://golang.org/cl/107400043
10 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: Added dynamic alternative to NameToCertificate map for SNI Revised version of https://golang.org/cl/81260045/ LGTM=agl R=golang-codereviews, gobot, agl, ox CC=golang-codereviews https://golang.org/cl/107400043
10 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: Added dynamic alternative to NameToCertificate map for SNI Revised version of https://golang.org/cl/81260045/ LGTM=agl R=golang-codereviews, gobot, agl, ox CC=golang-codereviews https://golang.org/cl/107400043
10 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: Added dynamic alternative to NameToCertificate map for SNI Revised version of https://golang.org/cl/81260045/ LGTM=agl R=golang-codereviews, gobot, agl, ox CC=golang-codereviews https://golang.org/cl/107400043
10 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: Added dynamic alternative to NameToCertificate map for SNI Revised version of https://golang.org/cl/81260045/ LGTM=agl R=golang-codereviews, gobot, agl, ox CC=golang-codereviews https://golang.org/cl/107400043
10 years ago
crypto/tls: add server side SNI support. With this in place, a TLS server is capable of selecting the correct certificate based on the client's ServerNameIndication extension. The need to call Config.BuildNameToCertificate is unfortunate, but adding a sync.Once to the Config structure made it uncopyable and I felt that was too high a price to pay. Parsing the leaf certificates in each handshake was too inefficient to consider. R=bradfitz, rsc CC=golang-dev https://golang.org/cl/5151048
13 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: add Config.Clone In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes #15771 Updates #16228 (needs update in x/net/http2 before fixed) Updates #16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: don't copy Mutex or Once values This fixes some 40 warnings from go vet. Fixes #16134. Change-Id: Ib9fcba275fe692f027a2a07b581c8cf503b11087 Reviewed-on: https://go-review.googlesource.com/24287 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: use io.ReadFull in conn_test.go An io.Reader does not guarantee that it will read in the entire buffer. To ensure that property, io.ReadFull should be used instead. Change-Id: I0b863135ab9abc40e813f9dac07bfb2a76199950 Reviewed-on: https://go-review.googlesource.com/37403 Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com> Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: use io.ReadFull in conn_test.go An io.Reader does not guarantee that it will read in the entire buffer. To ensure that property, io.ReadFull should be used instead. Change-Id: I0b863135ab9abc40e813f9dac07bfb2a76199950 Reviewed-on: https://go-review.googlesource.com/37403 Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com> Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: use io.ReadFull in conn_test.go An io.Reader does not guarantee that it will read in the entire buffer. To ensure that property, io.ReadFull should be used instead. Change-Id: I0b863135ab9abc40e813f9dac07bfb2a76199950 Reviewed-on: https://go-review.googlesource.com/37403 Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com> Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: use io.ReadFull in conn_test.go An io.Reader does not guarantee that it will read in the entire buffer. To ensure that property, io.ReadFull should be used instead. Change-Id: I0b863135ab9abc40e813f9dac07bfb2a76199950 Reviewed-on: https://go-review.googlesource.com/37403 Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com> Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: use io.ReadFull in conn_test.go An io.Reader does not guarantee that it will read in the entire buffer. To ensure that property, io.ReadFull should be used instead. Change-Id: I0b863135ab9abc40e813f9dac07bfb2a76199950 Reviewed-on: https://go-review.googlesource.com/37403 Reviewed-by: Mikio Hara <mikioh.mikioh@gmail.com> Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
7 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: adjust dynamic record sizes to grow arithmetically The current code, introduced after Go 1.6 to improve latency on low-bandwidth connections, sends 1 kB packets until 1 MB has been sent, and then sends 16 kB packets (the maximum record size). Unfortunately this decreases throughput for 1-16 MB responses by 20% or so. Following discussion on #15713, change cutoff to 128 kB sent and also grow the size allowed for successive packets: 1 kB, 2 kB, 3 kB, ..., 15 kB, 16 kB. This fixes the throughput problems: the overhead is now closer to 2%. I hope this still helps with latency but I don't have a great way to test it. At the least, it's not worse than Go 1.6. Comparing MaxPacket vs DynamicPacket benchmarks: name maxpkt time/op dyn. time/op delta Throughput/1MB-8 5.07ms ± 7% 5.21ms ± 7% +2.73% (p=0.023 n=16+16) Throughput/2MB-8 15.7ms ±201% 8.4ms ± 5% ~ (p=0.604 n=20+16) Throughput/4MB-8 14.3ms ± 1% 14.5ms ± 1% +1.53% (p=0.000 n=16+16) Throughput/8MB-8 26.6ms ± 1% 26.8ms ± 1% +0.47% (p=0.003 n=19+18) Throughput/16MB-8 51.0ms ± 1% 51.3ms ± 1% +0.47% (p=0.000 n=20+20) Throughput/32MB-8 100ms ± 1% 100ms ± 1% +0.24% (p=0.033 n=20+20) Throughput/64MB-8 197ms ± 0% 198ms ± 0% +0.56% (p=0.000 n=18+7) The small MB runs are bimodal in both cases, probably GC pauses. But there's clearly no general slowdown anymore. Fixes #15713. Change-Id: I5fc44680ba71812d24baac142bceee0e23f2e382 Reviewed-on: https://go-review.googlesource.com/23487 Reviewed-by: Ian Lance Taylor <iant@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: add Config.Clone In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes #15771 Updates #16228 (needs update in x/net/http2 before fixed) Updates #16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: don't copy Mutex or Once values This fixes some 40 warnings from go vet. Fixes #16134. Change-Id: Ib9fcba275fe692f027a2a07b581c8cf503b11087 Reviewed-on: https://go-review.googlesource.com/24287 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: add Config.Clone In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes #15771 Updates #16228 (needs update in x/net/http2 before fixed) Updates #16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: don't copy Mutex or Once values This fixes some 40 warnings from go vet. Fixes #16134. Change-Id: Ib9fcba275fe692f027a2a07b581c8cf503b11087 Reviewed-on: https://go-review.googlesource.com/24287 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: add Config.Clone In Go 1.0, the Config struct consisted only of exported fields. In Go 1.1, it started to grow private, uncopyable fields (sync.Once, sync.Mutex, etc). Ever since, people have been writing their own private Config.Clone methods, or risking it and doing a language-level shallow copy and copying the unexported sync variables. Clean this up and export the Config.clone method as Config.Clone. This matches the convention of Template.Clone from text/template and html/template at least. Fixes #15771 Updates #16228 (needs update in x/net/http2 before fixed) Updates #16492 (not sure whether @agl wants to do more) Change-Id: I48c2825d4fef55a75d2f99640a7079c56fce39ca Reviewed-on: https://go-review.googlesource.com/28075 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Andrew Gerrand <adg@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: don't copy Mutex or Once values This fixes some 40 warnings from go vet. Fixes #16134. Change-Id: Ib9fcba275fe692f027a2a07b581c8cf503b11087 Reviewed-on: https://go-review.googlesource.com/24287 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org>
8 years ago
crypto/tls: implement dynamic record sizing Currently, if a client of crypto/tls (e.g., net/http, http2) calls tls.Conn.Write with a 33KB buffer, that ends up writing three TLS records: 16KB, 16KB, and 1KB. Slow clients (such as 2G phones) must download the first 16KB record before they can decrypt the first byte. To improve latency, it's better to send smaller TLS records. However, sending smaller records adds overhead (more overhead bytes and more crypto calls), which slightly hurts throughput. A simple heuristic, implemented in this change, is to send small records for new connections, then boost to large records after the first 1MB has been written on the connection. Fixes #14376 Change-Id: Ice0f6279325be6775aa55351809f88e07dd700cd Reviewed-on: https://go-review.googlesource.com/19591 TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Adam Langley <agl@golang.org>
8 years ago
crypto/tls: don't hold lock when closing underlying net.Conn. There's no need to hold the handshake lock across this call and it can lead to deadlocks if the net.Conn calls back into the tls.Conn. Fixes #18426. Change-Id: Ib1b2813cce385949d970f8ad2e52cfbd1390e624 Reviewed-on: https://go-review.googlesource.com/36561 Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
7 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286 
  1. // Copyright 2010 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. package tls

  6. 

  7. import (

  8. 	"bytes"

  9. 	"io"

  10. 	"net"

  11. 	"testing"

  12. )

  13. 

  14. func TestRoundUp(t *testing.T) {

  15. 	if roundUp(0, 16) != 0 ||

  16. 		roundUp(1, 16) != 16 ||

  17. 		roundUp(15, 16) != 16 ||

  18. 		roundUp(16, 16) != 16 ||

  19. 		roundUp(17, 16) != 32 {

  20. 		t.Error("roundUp broken")

  21. 	}

  22. }

  23. 

  24. // will be initialized with {0, 255, 255, ..., 255}

  25. var padding255Bad = [256]byte{}

  26. 

  27. // will be initialized with {255, 255, 255, ..., 255}

  28. var padding255Good = [256]byte{255}

  29. 

  30. var paddingTests = []struct {

  31. 	in          []byte

  32. 	good        bool

  33. 	expectedLen int

  34. }{

  35. 	{[]byte{1, 2, 3, 4, 0}, true, 4},

  36. 	{[]byte{1, 2, 3, 4, 0, 1}, false, 0},

  37. 	{[]byte{1, 2, 3, 4, 99, 99}, false, 0},

  38. 	{[]byte{1, 2, 3, 4, 1, 1}, true, 4},

  39. 	{[]byte{1, 2, 3, 2, 2, 2}, true, 3},

  40. 	{[]byte{1, 2, 3, 3, 3, 3}, true, 2},

  41. 	{[]byte{1, 2, 3, 4, 3, 3}, false, 0},

  42. 	{[]byte{1, 4, 4, 4, 4, 4}, true, 1},

  43. 	{[]byte{5, 5, 5, 5, 5, 5}, true, 0},

  44. 	{[]byte{6, 6, 6, 6, 6, 6}, false, 0},

  45. 	{padding255Bad[:], false, 0},

  46. 	{padding255Good[:], true, 0},

  47. }

  48. 

  49. func TestRemovePadding(t *testing.T) {

  50. 	for i := 1; i < len(padding255Bad); i++ {

  51. 		padding255Bad[i] = 255

  52. 		padding255Good[i] = 255

  53. 	}

  54. 	for i, test := range paddingTests {

  55. 		paddingLen, good := extractPadding(test.in)

  56. 		expectedGood := byte(255)

  57. 		if !test.good {

  58. 			expectedGood = 0

  59. 		}

  60. 		if good != expectedGood {

  61. 			t.Errorf("#%d: wrong validity, want:%d got:%d", i, expectedGood, good)

  62. 		}

  63. 		if good == 255 && len(test.in)-paddingLen != test.expectedLen {

  64. 			t.Errorf("#%d: got %d, want %d", i, len(test.in)-paddingLen, test.expectedLen)

  65. 		}

  66. 	}

  67. }

  68. 

  69. var certExampleCom = `308201713082011ba003020102021005a75ddf21014d5f417083b7a010ba2e300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343135335a170d3137303831373231343135335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b37f0fdd67e715bf532046ac34acbd8fdc4dabe2b598588f3f58b1f12e6219a16cbfe54d2b4b665396013589262360b6721efa27d546854f17cc9aeec6751db10203010001a34d304b300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030160603551d11040f300d820b6578616d706c652e636f6d300d06092a864886f70d01010b050003410059fc487866d3d855503c8e064ca32aac5e9babcece89ec597f8b2b24c17867f4a5d3b4ece06e795bfc5448ccbd2ffca1b3433171ebf3557a4737b020565350a0`

  70. 

  71. var certWildcardExampleCom = `308201743082011ea003020102021100a7aa6297c9416a4633af8bec2958c607300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343231395a170d3137303831373231343231395a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b105afc859a711ee864114e7d2d46c2dcbe392d3506249f6c2285b0eb342cc4bf2d803677c61c0abde443f084745c1a6d62080e5664ef2cc8f50ad8a0ab8870b0203010001a34f304d300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030180603551d110411300f820d2a2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100af26088584d266e3f6566360cf862c7fecc441484b098b107439543144a2b93f20781988281e108c6d7656934e56950e1e5f2bcf38796b814ccb729445856c34`

  72. 

  73. var certFooExampleCom = `308201753082011fa00302010202101bbdb6070b0aeffc49008cde74deef29300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343234345a170d3137303831373231343234345a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100f00ac69d8ca2829f26216c7b50f1d4bbabad58d447706476cd89a2f3e1859943748aa42c15eedc93ac7c49e40d3b05ed645cb6b81c4efba60d961f44211a54eb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100a0957fca6d1e0f1ef4b247348c7a8ca092c29c9c0ecc1898ea6b8065d23af6d922a410dd2335a0ea15edd1394cef9f62c9e876a21e35250a0b4fe1ddceba0f36`

  74. 

  75. var certDoubleWildcardExampleCom = `308201753082011fa003020102021039d262d8538db8ffba30d204e02ddeb5300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343331335a170d3137303831373231343331335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100abb6bd84b8b9be3fb9415d00f22b4ddcaec7c99855b9d818c09003e084578430e5cfd2e35faa3561f036d496aa43a9ca6e6cf23c72a763c04ae324004f6cbdbb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300d06092a864886f70d01010b05000341004837521004a5b6bc7ad5d6c0dae60bb7ee0fa5e4825be35e2bb6ef07ee29396ca30ceb289431bcfd363888ba2207139933ac7c6369fa8810c819b2e2966abb4b`

  76. 

  77. func TestCertificateSelection(t *testing.T) {

  78. 	config := Config{

  79. 		Certificates: []Certificate{

  80. 			{

  81. 				Certificate: [][]byte{fromHex(certExampleCom)},

  82. 			},

  83. 			{

  84. 				Certificate: [][]byte{fromHex(certWildcardExampleCom)},

  85. 			},

  86. 			{

  87. 				Certificate: [][]byte{fromHex(certFooExampleCom)},

  88. 			},

  89. 			{

  90. 				Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)},

  91. 			},

  92. 		},

  93. 	}

  94. 

  95. 	config.BuildNameToCertificate()

  96. 

  97. 	pointerToIndex := func(c *Certificate) int {

  98. 		for i := range config.Certificates {

  99. 			if c == &config.Certificates[i] {

  100. 				return i

  101. 			}

  102. 		}

  103. 		return -1

  104. 	}

  105. 

  106. 	certificateForName := func(name string) *Certificate {

  107. 		clientHello := &ClientHelloInfo{

  108. 			ServerName: name,

  109. 		}

  110. 		if cert, err := config.getCertificate(clientHello); err != nil {

  111. 			t.Errorf("unable to get certificate for name '%s': %s", name, err)

  112. 			return nil

  113. 		} else {

  114. 			return cert

  115. 		}

  116. 	}

  117. 

  118. 	if n := pointerToIndex(certificateForName("example.com")); n != 0 {

  119. 		t.Errorf("example.com returned certificate %d, not 0", n)

  120. 	}

  121. 	if n := pointerToIndex(certificateForName("bar.example.com")); n != 1 {

  122. 		t.Errorf("bar.example.com returned certificate %d, not 1", n)

  123. 	}

  124. 	if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 {

  125. 		t.Errorf("foo.example.com returned certificate %d, not 2", n)

  126. 	}

  127. 	if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 3 {

  128. 		t.Errorf("foo.bar.example.com returned certificate %d, not 3", n)

  129. 	}

  130. 	if n := pointerToIndex(certificateForName("foo.bar.baz.example.com")); n != 0 {

  131. 		t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n)

  132. 	}

  133. }

  134. 

  135. // Run with multiple crypto configs to test the logic for computing TLS record overheads.

  136. func runDynamicRecordSizingTest(t *testing.T, config *Config) {

  137. 	clientConn, serverConn := net.Pipe()

  138. 

  139. 	serverConfig := config.Clone()

  140. 	serverConfig.DynamicRecordSizingDisabled = false

  141. 	tlsConn := Server(serverConn, serverConfig)

  142. 

  143. 	recordSizesChan := make(chan []int, 1)

  144. 	go func() {

  145. 		// This goroutine performs a TLS handshake over clientConn and

  146. 		// then reads TLS records until EOF. It writes a slice that

  147. 		// contains all the record sizes to recordSizesChan.

  148. 		defer close(recordSizesChan)

  149. 		defer clientConn.Close()

  150. 

  151. 		tlsConn := Client(clientConn, config)

  152. 		if err := tlsConn.Handshake(); err != nil {

  153. 			t.Errorf("Error from client handshake: %v", err)

  154. 			return

  155. 		}

  156. 

  157. 		var recordHeader [recordHeaderLen]byte

  158. 		var record []byte

  159. 		var recordSizes []int

  160. 

  161. 		for {

  162. 			n, err := io.ReadFull(clientConn, recordHeader[:])

  163. 			if err == io.EOF {

  164. 				break

  165. 			}

  166. 			if err != nil || n != len(recordHeader) {

  167. 				t.Errorf("io.ReadFull = %d, %v", n, err)

  168. 				return

  169. 			}

  170. 

  171. 			length := int(recordHeader[3])<<8 | int(recordHeader[4])

  172. 			if len(record) < length {

  173. 				record = make([]byte, length)

  174. 			}

  175. 

  176. 			n, err = io.ReadFull(clientConn, record[:length])

  177. 			if err != nil || n != length {

  178. 				t.Errorf("io.ReadFull = %d, %v", n, err)

  179. 				return

  180. 			}

  181. 

  182. 			// The last record will be a close_notify alert, which

  183. 			// we don't wish to record.

  184. 			if recordType(recordHeader[0]) == recordTypeApplicationData {

  185. 				recordSizes = append(recordSizes, recordHeaderLen+length)

  186. 			}

  187. 		}

  188. 

  189. 		recordSizesChan <- recordSizes

  190. 	}()

  191. 

  192. 	if err := tlsConn.Handshake(); err != nil {

  193. 		t.Fatalf("Error from server handshake: %s", err)

  194. 	}

  195. 

  196. 	// The server writes these plaintexts in order.

  197. 	plaintext := bytes.Join([][]byte{

  198. 		bytes.Repeat([]byte("x"), recordSizeBoostThreshold),

  199. 		bytes.Repeat([]byte("y"), maxPlaintext*2),

  200. 		bytes.Repeat([]byte("z"), maxPlaintext),

  201. 	}, nil)

  202. 

  203. 	if _, err := tlsConn.Write(plaintext); err != nil {

  204. 		t.Fatalf("Error from server write: %s", err)

  205. 	}

  206. 	if err := tlsConn.Close(); err != nil {

  207. 		t.Fatalf("Error from server close: %s", err)

  208. 	}

  209. 

  210. 	recordSizes := <-recordSizesChan

  211. 	if recordSizes == nil {

  212. 		t.Fatalf("Client encountered an error")

  213. 	}

  214. 

  215. 	// Drop the size of last record, which is likely to be truncated.

  216. 	recordSizes = recordSizes[:len(recordSizes)-1]

  217. 

  218. 	// recordSizes should contain a series of records smaller than

  219. 	// tcpMSSEstimate followed by some larger than maxPlaintext.

  220. 	seenLargeRecord := false

  221. 	for i, size := range recordSizes {

  222. 		if !seenLargeRecord {

  223. 			if size > (i+1)*tcpMSSEstimate {

  224. 				t.Fatalf("Record #%d has size %d, which is too large too soon", i, size)

  225. 			}

  226. 			if size >= maxPlaintext {

  227. 				seenLargeRecord = true

  228. 			}

  229. 		} else if size <= maxPlaintext {

  230. 			t.Fatalf("Record #%d has size %d but should be full sized", i, size)

  231. 		}

  232. 	}

  233. 

  234. 	if !seenLargeRecord {

  235. 		t.Fatalf("No large records observed")

  236. 	}

  237. }

  238. 

  239. func TestDynamicRecordSizingWithStreamCipher(t *testing.T) {

  240. 	config := testConfig.Clone()

  241. 	config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA}

  242. 	runDynamicRecordSizingTest(t, config)

  243. }

  244. 

  245. func TestDynamicRecordSizingWithCBC(t *testing.T) {

  246. 	config := testConfig.Clone()

  247. 	config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA}

  248. 	runDynamicRecordSizingTest(t, config)

  249. }

  250. 

  251. func TestDynamicRecordSizingWithAEAD(t *testing.T) {

  252. 	config := testConfig.Clone()

  253. 	config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}

  254. 	runDynamicRecordSizingTest(t, config)

  255. }

  256. 

  257. // hairpinConn is a net.Conn that makes a “hairpin” call when closed, back into

  258. // the tls.Conn which is calling it.

  259. type hairpinConn struct {

  260. 	net.Conn

  261. 	tlsConn *Conn

  262. }

  263. 

  264. func (conn *hairpinConn) Close() error {

  265. 	conn.tlsConn.ConnectionState()

  266. 	return nil

  267. }

  268. 

  269. func TestHairpinInClose(t *testing.T) {

  270. 	// This tests that the underlying net.Conn can call back into the

  271. 	// tls.Conn when being closed without deadlocking.

  272. 	client, server := net.Pipe()

  273. 	defer server.Close()

  274. 	defer client.Close()

  275. 

  276. 	conn := &hairpinConn{client, nil}

  277. 	tlsConn := Server(conn, &Config{

  278. 		GetCertificate: func(*ClientHelloInfo) (*Certificate, error) {

  279. 			panic("unreachable")

  280. 		},

  281. 	})

  282. 	conn.tlsConn = tlsConn

  283. 

  284. 	// This call should not deadlock.

  285. 	tlsConn.Close()

  286. }