Update prebuilts to go 1.12.1
From https://ci.android.com/builds/submitted/5389456/linux/latest/go.zip
Also includes a cherry-pick of
https://github.com/golang/go/commit/ff048033e4304898245d843e79ed1a0897006c6d
Fixes: 126298064
Test: m blueprint_tools
Change-Id: I581e084f909acc0b1e3f95be6452c86c86da1bac
diff --git a/src/crypto/tls/handshake_messages_test.go b/src/crypto/tls/handshake_messages_test.go
index 37eb748..21beb8e 100644
--- a/src/crypto/tls/handshake_messages_test.go
+++ b/src/crypto/tls/handshake_messages_test.go
@@ -11,6 +11,7 @@
"strings"
"testing"
"testing/quick"
+ "time"
)
var tests = []interface{}{
@@ -20,22 +21,25 @@
&certificateMsg{},
&certificateRequestMsg{},
- &certificateVerifyMsg{},
+ &certificateVerifyMsg{
+ hasSignatureAlgorithm: true,
+ },
&certificateStatusMsg{},
&clientKeyExchangeMsg{},
&nextProtoMsg{},
&newSessionTicketMsg{},
&sessionState{},
-}
-
-type testMessage interface {
- marshal() []byte
- unmarshal([]byte) bool
- equal(interface{}) bool
+ &sessionStateTLS13{},
+ &encryptedExtensionsMsg{},
+ &endOfEarlyDataMsg{},
+ &keyUpdateMsg{},
+ &newSessionTicketMsgTLS13{},
+ &certificateRequestMsgTLS13{},
+ &certificateMsgTLS13{},
}
func TestMarshalUnmarshal(t *testing.T) {
- rand := rand.New(rand.NewSource(0))
+ rand := rand.New(rand.NewSource(time.Now().UnixNano()))
for i, iface := range tests {
ty := reflect.ValueOf(iface).Type()
@@ -51,16 +55,16 @@
break
}
- m1 := v.Interface().(testMessage)
+ m1 := v.Interface().(handshakeMessage)
marshaled := m1.marshal()
- m2 := iface.(testMessage)
+ m2 := iface.(handshakeMessage)
if !m2.unmarshal(marshaled) {
t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled)
break
}
m2.marshal() // to fill any marshal cache in the message
- if !m1.equal(m2) {
+ if !reflect.DeepEqual(m1, m2) {
t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled)
break
}
@@ -85,7 +89,7 @@
func TestFuzz(t *testing.T) {
rand := rand.New(rand.NewSource(0))
for _, iface := range tests {
- m := iface.(testMessage)
+ m := iface.(handshakeMessage)
for j := 0; j < 1000; j++ {
len := rand.Intn(100)
@@ -136,24 +140,60 @@
m.supportedPoints = randomBytes(rand.Intn(5)+1, rand)
m.supportedCurves = make([]CurveID, rand.Intn(5)+1)
for i := range m.supportedCurves {
- m.supportedCurves[i] = CurveID(rand.Intn(30000))
+ m.supportedCurves[i] = CurveID(rand.Intn(30000) + 1)
}
if rand.Intn(10) > 5 {
m.ticketSupported = true
if rand.Intn(10) > 5 {
m.sessionTicket = randomBytes(rand.Intn(300), rand)
+ } else {
+ m.sessionTicket = make([]byte, 0)
}
}
if rand.Intn(10) > 5 {
m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
}
- m.alpnProtocols = make([]string, rand.Intn(5))
- for i := range m.alpnProtocols {
- m.alpnProtocols[i] = randomString(rand.Intn(20)+1, rand)
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ m.alpnProtocols = append(m.alpnProtocols, randomString(rand.Intn(20)+1, rand))
}
if rand.Intn(10) > 5 {
m.scts = true
}
+ if rand.Intn(10) > 5 {
+ m.secureRenegotiationSupported = true
+ m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ m.supportedVersions = append(m.supportedVersions, uint16(rand.Intn(0xffff)+1))
+ }
+ if rand.Intn(10) > 5 {
+ m.cookie = randomBytes(rand.Intn(500)+1, rand)
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ var ks keyShare
+ ks.group = CurveID(rand.Intn(30000) + 1)
+ ks.data = randomBytes(rand.Intn(200)+1, rand)
+ m.keyShares = append(m.keyShares, ks)
+ }
+ switch rand.Intn(3) {
+ case 1:
+ m.pskModes = []uint8{pskModeDHE}
+ case 2:
+ m.pskModes = []uint8{pskModeDHE, pskModePlain}
+ }
+ for i := 0; i < rand.Intn(5); i++ {
+ var psk pskIdentity
+ psk.obfuscatedTicketAge = uint32(rand.Intn(500000))
+ psk.label = randomBytes(rand.Intn(500)+1, rand)
+ m.pskIdentities = append(m.pskIdentities, psk)
+ m.pskBinders = append(m.pskBinders, randomBytes(rand.Intn(50)+32, rand))
+ }
+ if rand.Intn(10) > 5 {
+ m.earlyData = true
+ }
return reflect.ValueOf(m)
}
@@ -168,11 +208,8 @@
if rand.Intn(10) > 5 {
m.nextProtoNeg = true
-
- n := rand.Intn(10)
- m.nextProtos = make([]string, n)
- for i := 0; i < n; i++ {
- m.nextProtos[i] = randomString(20, rand)
+ for i := 0; i < rand.Intn(10); i++ {
+ m.nextProtos = append(m.nextProtos, randomString(20, rand))
}
}
@@ -182,14 +219,45 @@
if rand.Intn(10) > 5 {
m.ticketSupported = true
}
- m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
+ if rand.Intn(10) > 5 {
+ m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
+ }
+
+ for i := 0; i < rand.Intn(4); i++ {
+ m.scts = append(m.scts, randomBytes(rand.Intn(500)+1, rand))
+ }
if rand.Intn(10) > 5 {
- numSCTs := rand.Intn(4)
- m.scts = make([][]byte, numSCTs)
- for i := range m.scts {
- m.scts[i] = randomBytes(rand.Intn(500), rand)
+ m.secureRenegotiationSupported = true
+ m.secureRenegotiation = randomBytes(rand.Intn(50)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedVersion = uint16(rand.Intn(0xffff) + 1)
+ }
+ if rand.Intn(10) > 5 {
+ m.cookie = randomBytes(rand.Intn(500)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ for i := 0; i < rand.Intn(5); i++ {
+ m.serverShare.group = CurveID(rand.Intn(30000) + 1)
+ m.serverShare.data = randomBytes(rand.Intn(200)+1, rand)
}
+ } else if rand.Intn(10) > 5 {
+ m.selectedGroup = CurveID(rand.Intn(30000) + 1)
+ }
+ if rand.Intn(10) > 5 {
+ m.selectedIdentityPresent = true
+ m.selectedIdentity = uint16(rand.Intn(0xffff))
+ }
+
+ return reflect.ValueOf(m)
+}
+
+func (*encryptedExtensionsMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &encryptedExtensionsMsg{}
+
+ if rand.Intn(10) > 5 {
+ m.alpnProtocol = randomString(rand.Intn(32)+1, rand)
}
return reflect.ValueOf(m)
@@ -208,28 +276,23 @@
func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateRequestMsg{}
m.certificateTypes = randomBytes(rand.Intn(5)+1, rand)
- numCAs := rand.Intn(100)
- m.certificateAuthorities = make([][]byte, numCAs)
- for i := 0; i < numCAs; i++ {
- m.certificateAuthorities[i] = randomBytes(rand.Intn(15)+1, rand)
+ for i := 0; i < rand.Intn(100); i++ {
+ m.certificateAuthorities = append(m.certificateAuthorities, randomBytes(rand.Intn(15)+1, rand))
}
return reflect.ValueOf(m)
}
func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateVerifyMsg{}
+ m.hasSignatureAlgorithm = true
+ m.signatureAlgorithm = SignatureScheme(rand.Intn(30000))
m.signature = randomBytes(rand.Intn(15)+1, rand)
return reflect.ValueOf(m)
}
func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value {
m := &certificateStatusMsg{}
- if rand.Intn(10) > 5 {
- m.statusType = statusTypeOCSP
- m.response = randomBytes(rand.Intn(10)+1, rand)
- } else {
- m.statusType = 42
- }
+ m.response = randomBytes(rand.Intn(10)+1, rand)
return reflect.ValueOf(m)
}
@@ -270,9 +333,95 @@
return reflect.ValueOf(s)
}
+func (*sessionStateTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ s := &sessionStateTLS13{}
+ s.cipherSuite = uint16(rand.Intn(10000))
+ s.resumptionSecret = randomBytes(rand.Intn(100)+1, rand)
+ s.createdAt = uint64(rand.Int63())
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ s.certificate.Certificate = append(
+ s.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
+ }
+ if rand.Intn(10) > 5 {
+ s.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ s.certificate.SignedCertificateTimestamps = append(
+ s.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
+ }
+ }
+ return reflect.ValueOf(s)
+}
+
+func (*endOfEarlyDataMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &endOfEarlyDataMsg{}
+ return reflect.ValueOf(m)
+}
+
+func (*keyUpdateMsg) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &keyUpdateMsg{}
+ m.updateRequested = rand.Intn(10) > 5
+ return reflect.ValueOf(m)
+}
+
+func (*newSessionTicketMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &newSessionTicketMsgTLS13{}
+ m.lifetime = uint32(rand.Intn(500000))
+ m.ageAdd = uint32(rand.Intn(500000))
+ m.nonce = randomBytes(rand.Intn(100), rand)
+ m.label = randomBytes(rand.Intn(1000), rand)
+ if rand.Intn(10) > 5 {
+ m.maxEarlyData = uint32(rand.Intn(500000))
+ }
+ return reflect.ValueOf(m)
+}
+
+func (*certificateRequestMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &certificateRequestMsgTLS13{}
+ if rand.Intn(10) > 5 {
+ m.ocspStapling = true
+ }
+ if rand.Intn(10) > 5 {
+ m.scts = true
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+ }
+ if rand.Intn(10) > 5 {
+ m.supportedSignatureAlgorithmsCert = supportedSignatureAlgorithms
+ }
+ if rand.Intn(10) > 5 {
+ m.certificateAuthorities = make([][]byte, 3)
+ for i := 0; i < 3; i++ {
+ m.certificateAuthorities[i] = randomBytes(rand.Intn(10)+1, rand)
+ }
+ }
+ return reflect.ValueOf(m)
+}
+
+func (*certificateMsgTLS13) Generate(rand *rand.Rand, size int) reflect.Value {
+ m := &certificateMsgTLS13{}
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ m.certificate.Certificate = append(
+ m.certificate.Certificate, randomBytes(rand.Intn(500)+1, rand))
+ }
+ if rand.Intn(10) > 5 {
+ m.ocspStapling = true
+ m.certificate.OCSPStaple = randomBytes(rand.Intn(100)+1, rand)
+ }
+ if rand.Intn(10) > 5 {
+ m.scts = true
+ for i := 0; i < rand.Intn(2)+1; i++ {
+ m.certificate.SignedCertificateTimestamps = append(
+ m.certificate.SignedCertificateTimestamps, randomBytes(rand.Intn(500)+1, rand))
+ }
+ }
+ return reflect.ValueOf(m)
+}
+
func TestRejectEmptySCTList(t *testing.T) {
- // https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that
- // empty SCT lists are invalid.
+ // RFC 6962, Section 3.3.1 specifies that empty SCT lists are invalid.
var random [32]byte
sct := []byte{0x42, 0x42, 0x42, 0x42}
