mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-01 19:17:36 +03:00
🚑 fix: code broken after merging
Signed-off-by: Gaukas Wang <i@gaukas.wang>
This commit is contained in:
Gaukas Wang
parent
8680818a98
commit
5796f9738a
6 changed files with 58 additions and 51 deletions
22
common.go
22
common.go
|
|
@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time {
|
|||
return t()
|
||||
}
|
||||
|
||||
var tlsrsakex = godebug.New("tlsrsakex")
|
||||
// var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported
|
||||
|
||||
func (c *Config) cipherSuites() []uint16 {
|
||||
if needFIPS() {
|
||||
|
|
@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 {
|
|||
if c.CipherSuites != nil {
|
||||
return c.CipherSuites
|
||||
}
|
||||
if tlsrsakex.Value() == "1" {
|
||||
return defaultCipherSuitesWithRSAKex
|
||||
}
|
||||
|
||||
// [uTLS SECTION BEGIN]
|
||||
// Disable unsupported godebug package
|
||||
// if tlsrsakex.Value() == "1" {
|
||||
// return defaultCipherSuitesWithRSAKex
|
||||
// }
|
||||
// [uTLS SECTION END]
|
||||
return defaultCipherSuites
|
||||
}
|
||||
|
||||
|
|
@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{
|
|||
const roleClient = true
|
||||
const roleServer = false
|
||||
|
||||
var tls10server = godebug.New("tls10server")
|
||||
// var tls10server = godebug.New("tls10server") // [UTLS] unsupported
|
||||
|
||||
func (c *Config) supportedVersions(isClient bool) []uint16 {
|
||||
versions := make([]uint16, 0, len(supportedVersions))
|
||||
|
|
@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
|
|||
continue
|
||||
}
|
||||
if (c == nil || c.MinVersion == 0) && v < VersionTLS12 {
|
||||
if isClient || tls10server.Value() != "1" {
|
||||
// [uTLS SECTION BEGIN]
|
||||
// Disable unsupported godebug package
|
||||
// if isClient || tls10server.Value() != "1" {
|
||||
// continue
|
||||
// }
|
||||
if isClient {
|
||||
continue
|
||||
}
|
||||
// [uTLS SECTION END]
|
||||
}
|
||||
if c != nil && c.MinVersion != 0 && v < c.MinVersion {
|
||||
continue
|
||||
|
|
|
|||
13
conn.go
13
conn.go
|
|
@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState {
|
|||
return c.connectionStateLocked()
|
||||
}
|
||||
|
||||
var tlsunsafeekm = godebug.New("tlsunsafeekm")
|
||||
// var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted
|
||||
|
||||
func (c *Conn) connectionStateLocked() ConnectionState {
|
||||
var state ConnectionState
|
||||
|
|
@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState {
|
|||
state.ekm = noEKMBecauseRenegotiation
|
||||
} else if c.vers != VersionTLS13 && !c.extMasterSecret {
|
||||
state.ekm = func(label string, context []byte, length int) ([]byte, error) {
|
||||
if tlsunsafeekm.Value() == "1" {
|
||||
tlsunsafeekm.IncNonDefault()
|
||||
return c.ekm(label, context, length)
|
||||
}
|
||||
// [uTLS SECTION START]
|
||||
// Disabling unsupported godebug package
|
||||
// if tlsunsafeekm.Value() == "1" {
|
||||
// tlsunsafeekm.IncNonDefault()
|
||||
// return c.ekm(label, context, length)
|
||||
// }
|
||||
// [uTLS SECTION END]
|
||||
return noEKMBecauseNoEMS(label, context, length)
|
||||
}
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -19,7 +19,6 @@ import (
|
|||
"hash"
|
||||
"io"
|
||||
"net"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
|
|
@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
|
|||
return errors.New("tls: server chose an unconfigured cipher suite")
|
||||
}
|
||||
|
||||
if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
|
||||
tlsrsakex.IncNonDefault()
|
||||
}
|
||||
// [UTLS SECTION START]
|
||||
// Disable unsupported godebug packages
|
||||
// if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
|
||||
// tlsrsakex.IncNonDefault()
|
||||
// }
|
||||
// [UTLS SECTION END]
|
||||
|
||||
hs.c.cipherSuite = hs.suite.id
|
||||
return nil
|
||||
|
|
@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error {
|
|||
// to verify the signatures of during a TLS handshake.
|
||||
const defaultMaxRSAKeySize = 8192
|
||||
|
||||
var tlsmaxrsasize = godebug.New("tlsmaxrsasize")
|
||||
// var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused
|
||||
|
||||
func checkKeySize(n int) (max int, ok bool) {
|
||||
if v := tlsmaxrsasize.Value(); v != "" {
|
||||
if max, err := strconv.Atoi(v); err == nil {
|
||||
if (n <= max) != (n <= defaultMaxRSAKeySize) {
|
||||
tlsmaxrsasize.IncNonDefault()
|
||||
}
|
||||
return max, n <= max
|
||||
}
|
||||
}
|
||||
// [uTLS SECTION START]
|
||||
// Disable the unsupported godebug package
|
||||
// if v := tlsmaxrsasize.Value(); v != "" {
|
||||
// if max, err := strconv.Atoi(v); err == nil {
|
||||
// if (n <= max) != (n <= defaultMaxRSAKeySize) {
|
||||
// tlsmaxrsasize.IncNonDefault()
|
||||
// }
|
||||
// return max, n <= max
|
||||
// }
|
||||
// }
|
||||
// [uTLS SECTION END]
|
||||
return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -171,9 +171,12 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
|
|||
c.in.version = c.vers
|
||||
c.out.version = c.vers
|
||||
|
||||
if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
|
||||
tls10server.IncNonDefault()
|
||||
}
|
||||
// [UTLS SECTION BEGIN]
|
||||
// Disable unsupported godebug package
|
||||
// if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
|
||||
// tls10server.IncNonDefault()
|
||||
// }
|
||||
// [UTLS SECTION END]
|
||||
|
||||
return clientHello, nil
|
||||
}
|
||||
|
|
@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
|
|||
}
|
||||
c.cipherSuite = hs.suite.id
|
||||
|
||||
if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
|
||||
tlsrsakex.IncNonDefault()
|
||||
}
|
||||
// [UTLS SECTION BEGIN]
|
||||
// Disable unsupported godebug package
|
||||
// if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
|
||||
// tlsrsakex.IncNonDefault()
|
||||
// }
|
||||
// [UTLS SECTION END]
|
||||
|
||||
for _, id := range hs.clientHello.cipherSuites {
|
||||
if id == TLS_FALLBACK_SCSV {
|
||||
|
|
|
|||
|
|
@ -276,27 +276,6 @@ GroupSelection:
|
|||
}
|
||||
}
|
||||
|
||||
selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
|
||||
if err != nil {
|
||||
c.sendAlert(alertNoApplicationProtocol)
|
||||
return err
|
||||
}
|
||||
c.clientProtocol = selectedProto
|
||||
|
||||
if c.quic != nil {
|
||||
if hs.clientHello.quicTransportParameters == nil {
|
||||
// RFC 9001 Section 8.2.
|
||||
c.sendAlert(alertMissingExtension)
|
||||
return errors.New("tls: client did not send a quic_transport_parameters extension")
|
||||
}
|
||||
c.quicSetTransportParameters(hs.clientHello.quicTransportParameters)
|
||||
} else {
|
||||
if hs.clientHello.quicTransportParameters != nil {
|
||||
c.sendAlert(alertUnsupportedExtension)
|
||||
return errors.New("tls: client sent an unexpected quic_transport_parameters extension")
|
||||
}
|
||||
}
|
||||
|
||||
c.serverName = hs.clientHello.serverName
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,10 @@ func NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) {
|
|||
return nil, errors.New("boring not implemented")
|
||||
}
|
||||
|
||||
func NewGCMTLS13(_ cipher.Block) (cipher.AEAD, error) {
|
||||
return nil, errors.New("boring not implemented")
|
||||
}
|
||||
|
||||
func Unreachable() {
|
||||
// do nothing
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue