From 710e9e96311127f4b73760f31ba678684102bfc8 Mon Sep 17 00:00:00 2001 From: Tom Thorogood Date: Mon, 2 Oct 2017 18:34:42 +1030 Subject: [PATCH] crypto/tls: Use a backing array for getSupportedVersions Avoid runtime heap memory allocation. Fixes: ("crypto/tls: allow client to pick TLS 1.3, do not enable it by default.") --- common.go | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/common.go b/common.go index 54f738b..8d149a2 100644 --- a/common.go +++ b/common.go @@ -836,6 +836,15 @@ func (c *Config) pickVersion(peerSupportedVersions []uint16) (uint16, bool) { return 0, false } +// configSuppVersArray is the backing array of Config.getSupportedVersions +var configSuppVersArray = [...]uint16{VersionTLS13, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30} + +// tls13DraftSuppVersArray is the backing array of Config.getSupportedVersions +// with TLS 1.3 draft versions included. +// +// TODO: remove once TLS 1.3 is finalised. +var tls13DraftSuppVersArray = [...]uint16{VersionTLS13Draft18, VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30} + // getSupportedVersions returns the protocol versions that are supported by the // current configuration. func (c *Config) getSupportedVersions() []uint16 { @@ -848,18 +857,14 @@ func (c *Config) getSupportedVersions() []uint16 { if maxVersion > VersionTLS13 { maxVersion = VersionTLS13 } - - supportedVersions := []uint16{} - // Prefer newer versions over older versions. - for v := maxVersion; v >= minVersion; v-- { - if v == VersionTLS13 { - // Advertise all supported draft versions. - supportedVersions = append(supportedVersions, VersionTLS13Draft18) - continue // final TLS 1.3 version is not supported yet. - } - supportedVersions = append(supportedVersions, v) + if maxVersion < minVersion { + return nil } - return supportedVersions + // TODO: remove once TLS 1.3 is finalised. + if maxVersion == VersionTLS13 { + return tls13DraftSuppVersArray[:len(tls13DraftSuppVersArray)-int(minVersion-VersionSSL30)] + } + return configSuppVersArray[VersionTLS13-maxVersion : VersionTLS13-minVersion+1] } // getCertificate returns the best certificate for the given ClientHelloInfo,