From e10e39db4d2901d236d5e16f8daf4dca966f2d20 Mon Sep 17 00:00:00 2001 From: SparrowLii Date: Tue, 28 Jul 2020 11:27:46 +0800 Subject: [PATCH 1/5] crypto/tls: make checkForResumption side-effect free Fixes #39406 When use checkForResumption() function it could be side-effect sometime. 1. hs.sessionState will be changed and retained although the function return false. 2. hs.suite will be changed and retained when the statements below return false. So we should use a local variable, cilentSessionState, to replace hs.sessionState in the function. And move the set-suite statements down to avoid being changed too early. --- src/crypto/tls/handshake_server.go | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index 16d3e643f0b28e..a86dc6d4a55a5e 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -357,26 +357,26 @@ func (hs *serverHandshakeState) checkForResumption() bool { if plaintext == nil { return false } - hs.sessionState = &sessionState{usedOldKey: usedOldKey} - ok := hs.sessionState.unmarshal(plaintext) + clientSessionState := &sessionState{usedOldKey: usedOldKey} + ok := clientSessionState.unmarshal(plaintext) if !ok { return false } - createdAt := time.Unix(int64(hs.sessionState.createdAt), 0) + createdAt := time.Unix(int64(clientSessionState.createdAt), 0) if c.config.time().Sub(createdAt) > maxSessionTicketLifetime { return false } // Never resume a session for a different TLS version. - if c.vers != hs.sessionState.vers { + if c.vers != clientSessionState.vers { return false } cipherSuiteOk := false // Check that the client is still offering the ciphersuite in the session. for _, id := range hs.clientHello.cipherSuites { - if id == hs.sessionState.cipherSuite { + if id == clientSessionState.cipherSuite { cipherSuiteOk = true break } @@ -385,14 +385,7 @@ func (hs *serverHandshakeState) checkForResumption() bool { return false } - // Check that we also support the ciphersuite from the session. - hs.suite = selectCipherSuite([]uint16{hs.sessionState.cipherSuite}, - c.config.cipherSuites(), hs.cipherSuiteOk) - if hs.suite == nil { - return false - } - - sessionHasClientCerts := len(hs.sessionState.certificates) != 0 + sessionHasClientCerts := len(clientSessionState.certificates) != 0 needClientCerts := requiresClientCert(c.config.ClientAuth) if needClientCerts && !sessionHasClientCerts { return false @@ -401,6 +394,15 @@ func (hs *serverHandshakeState) checkForResumption() bool { return false } + // Check that we also support the ciphersuite from the session. + hs.suite = selectCipherSuite([]uint16{clientSessionState.cipherSuite}, + c.config.cipherSuites(), hs.cipherSuiteOk) + if hs.suite == nil { + return false + } + + hs.sessionState = clientSessionState + return true } From b99029685d9e99c8336f175a79f6c3b8e48f8b0d Mon Sep 17 00:00:00 2001 From: SparrowLii Date: Wed, 29 Jul 2020 14:44:32 +0800 Subject: [PATCH 2/5] just a tortolseGit test --- .idea/.gitignore | 8 ++++++++ .idea/go.iml | 8 ++++++++ .idea/misc.xml | 6 ++++++ .idea/modules.xml | 8 ++++++++ .idea/vcs.xml | 6 ++++++ 5 files changed, 36 insertions(+) create mode 100644 .idea/.gitignore create mode 100644 .idea/go.iml create mode 100644 .idea/misc.xml create mode 100644 .idea/modules.xml create mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 00000000000000..4aa91ea5ab95b0 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml +# Editor-based HTTP Client requests +/httpRequests/ diff --git a/.idea/go.iml b/.idea/go.iml new file mode 100644 index 00000000000000..bf4c9d396a05d7 --- /dev/null +++ b/.idea/go.iml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml new file mode 100644 index 00000000000000..ef004d16cf58ee --- /dev/null +++ b/.idea/misc.xml @@ -0,0 +1,6 @@ + + + + + \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml new file mode 100644 index 00000000000000..f3071541f3cff7 --- /dev/null +++ b/.idea/modules.xml @@ -0,0 +1,8 @@ + + + + + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 00000000000000..9661ac713428ef --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file From 50e68f6dc800755400f2e9cc036d0895dab41134 Mon Sep 17 00:00:00 2001 From: SparrowLii Date: Wed, 29 Jul 2020 14:49:59 +0800 Subject: [PATCH 3/5] delete the useless files --- .idea/.gitignore | 8 -------- .idea/go.iml | 8 -------- .idea/misc.xml | 6 ------ .idea/modules.xml | 8 -------- .idea/vcs.xml | 6 ------ 5 files changed, 36 deletions(-) delete mode 100644 .idea/.gitignore delete mode 100644 .idea/go.iml delete mode 100644 .idea/misc.xml delete mode 100644 .idea/modules.xml delete mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore deleted file mode 100644 index 4aa91ea5ab95b0..00000000000000 --- a/.idea/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Datasource local storage ignored files -/dataSources/ -/dataSources.local.xml -# Editor-based HTTP Client requests -/httpRequests/ diff --git a/.idea/go.iml b/.idea/go.iml deleted file mode 100644 index bf4c9d396a05d7..00000000000000 --- a/.idea/go.iml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml deleted file mode 100644 index ef004d16cf58ee..00000000000000 --- a/.idea/misc.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - \ No newline at end of file diff --git a/.idea/modules.xml b/.idea/modules.xml deleted file mode 100644 index f3071541f3cff7..00000000000000 --- a/.idea/modules.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 9661ac713428ef..00000000000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file From fb6c7760c709b297238bc7917411392dbe4e059d Mon Sep 17 00:00:00 2001 From: SparrowLii Date: Thu, 6 Aug 2020 15:32:07 +0800 Subject: [PATCH 4/5] reset hs_server --- src/crypto/tls/handshake_server.go | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index a86dc6d4a55a5e..16d3e643f0b28e 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -357,26 +357,26 @@ func (hs *serverHandshakeState) checkForResumption() bool { if plaintext == nil { return false } - clientSessionState := &sessionState{usedOldKey: usedOldKey} - ok := clientSessionState.unmarshal(plaintext) + hs.sessionState = &sessionState{usedOldKey: usedOldKey} + ok := hs.sessionState.unmarshal(plaintext) if !ok { return false } - createdAt := time.Unix(int64(clientSessionState.createdAt), 0) + createdAt := time.Unix(int64(hs.sessionState.createdAt), 0) if c.config.time().Sub(createdAt) > maxSessionTicketLifetime { return false } // Never resume a session for a different TLS version. - if c.vers != clientSessionState.vers { + if c.vers != hs.sessionState.vers { return false } cipherSuiteOk := false // Check that the client is still offering the ciphersuite in the session. for _, id := range hs.clientHello.cipherSuites { - if id == clientSessionState.cipherSuite { + if id == hs.sessionState.cipherSuite { cipherSuiteOk = true break } @@ -385,7 +385,14 @@ func (hs *serverHandshakeState) checkForResumption() bool { return false } - sessionHasClientCerts := len(clientSessionState.certificates) != 0 + // Check that we also support the ciphersuite from the session. + hs.suite = selectCipherSuite([]uint16{hs.sessionState.cipherSuite}, + c.config.cipherSuites(), hs.cipherSuiteOk) + if hs.suite == nil { + return false + } + + sessionHasClientCerts := len(hs.sessionState.certificates) != 0 needClientCerts := requiresClientCert(c.config.ClientAuth) if needClientCerts && !sessionHasClientCerts { return false @@ -394,15 +401,6 @@ func (hs *serverHandshakeState) checkForResumption() bool { return false } - // Check that we also support the ciphersuite from the session. - hs.suite = selectCipherSuite([]uint16{clientSessionState.cipherSuite}, - c.config.cipherSuites(), hs.cipherSuiteOk) - if hs.suite == nil { - return false - } - - hs.sessionState = clientSessionState - return true } From 45116eb129628592db33c458bc66b37b6db85aa7 Mon Sep 17 00:00:00 2001 From: SparrowLii Date: Thu, 20 Aug 2020 09:47:18 +0800 Subject: [PATCH 5/5] math/big: reduce memory allocation in nat.go/modW() The modW creates an variable, nat q, with which it calls divWVW next. And as TODO says that the q is needless. --- src/math/big/nat.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/math/big/nat.go b/src/math/big/nat.go index 6a3989bf9d82bf..ee0441b68930ae 100644 --- a/src/math/big/nat.go +++ b/src/math/big/nat.go @@ -1176,10 +1176,10 @@ func greaterThan(x1, x2, y1, y2 Word) bool { // modW returns x % d. func (x nat) modW(d Word) (r Word) { - // TODO(agl): we don't actually need to store the q value. - var q nat - q = q.make(len(x)) - return divWVW(q, 0, x, d) + for i := len(x) - 1; i >= 0; i-- { + _, r = divWW(r, x[i], d) + } + return r } // random creates a random integer in [0..limit), using the space in z if