mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

🚑 fix: code broken after merging

Browse source 
Signed-off-by: Gaukas Wang <i@gaukas.wang>
This commit is contained in:
Gaukas Wang 2024-01-10 22:09:25 -07:00
parent 8680818a98
commit 5796f9738a
No known key found for this signature in database
GPG key ID: 6F0DF52D710D8189
6 changed files with 58 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

22
common.go
View file

@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time {
return t() return t()
} }
var tlsrsakex = godebug.New("tlsrsakex") // var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported
func (c *Config) cipherSuites() []uint16 { func (c *Config) cipherSuites() []uint16 {
if needFIPS() { if needFIPS() {
@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 {
if c.CipherSuites != nil { if c.CipherSuites != nil {
return c.CipherSuites return c.CipherSuites
} }
if tlsrsakex.Value() == "1" {
return defaultCipherSuitesWithRSAKex // [uTLS SECTION BEGIN]
} // Disable unsupported godebug package
// if tlsrsakex.Value() == "1" {
// return defaultCipherSuitesWithRSAKex
// }
// [uTLS SECTION END]
return defaultCipherSuites return defaultCipherSuites
} }
@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{
const roleClient = true const roleClient = true
const roleServer = false const roleServer = false
var tls10server = godebug.New("tls10server") // var tls10server = godebug.New("tls10server") // [UTLS] unsupported
func (c *Config) supportedVersions(isClient bool) []uint16 { func (c *Config) supportedVersions(isClient bool) []uint16 {
versions := make([]uint16, 0, len(supportedVersions)) versions := make([]uint16, 0, len(supportedVersions))
@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
continue continue
} }
if (c == nil || c.MinVersion == 0) && v < VersionTLS12 { if (c == nil || c.MinVersion == 0) && v < VersionTLS12 {
if isClient || tls10server.Value() != "1" { // [uTLS SECTION BEGIN]
// Disable unsupported godebug package
// if isClient || tls10server.Value() != "1" {
// continue
// }
if isClient {
continue continue
} }
// [uTLS SECTION END]
} }
if c != nil && c.MinVersion != 0 && v < c.MinVersion { if c != nil && c.MinVersion != 0 && v < c.MinVersion {
continue continue

13
conn.go
View file

@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState {
return c.connectionStateLocked() return c.connectionStateLocked()
} }
var tlsunsafeekm = godebug.New("tlsunsafeekm") // var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted
func (c *Conn) connectionStateLocked() ConnectionState { func (c *Conn) connectionStateLocked() ConnectionState {
var state ConnectionState var state ConnectionState
@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState {
state.ekm = noEKMBecauseRenegotiation state.ekm = noEKMBecauseRenegotiation
} else if c.vers != VersionTLS13 && !c.extMasterSecret { } else if c.vers != VersionTLS13 && !c.extMasterSecret {
state.ekm = func(label string, context []byte, length int) ([]byte, error) { state.ekm = func(label string, context []byte, length int) ([]byte, error) {
if tlsunsafeekm.Value() == "1" { // [uTLS SECTION START]
tlsunsafeekm.IncNonDefault() // Disabling unsupported godebug package
return c.ekm(label, context, length) // if tlsunsafeekm.Value() == "1" {
} // tlsunsafeekm.IncNonDefault()
// return c.ekm(label, context, length)
// }
// [uTLS SECTION END]
return noEKMBecauseNoEMS(label, context, length) return noEKMBecauseNoEMS(label, context, length)
} }
} else { } else {

31
handshake_client.go
View file

@ -19,7 +19,6 @@ import (
"hash" "hash"
"io" "io"
"net" "net"
"strconv"
"strings" "strings"
"time" "time"
@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
return errors.New("tls: server chose an unconfigured cipher suite") return errors.New("tls: server chose an unconfigured cipher suite")
} }
if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // [UTLS SECTION START]
tlsrsakex.IncNonDefault() // Disable unsupported godebug packages
} // if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
// tlsrsakex.IncNonDefault()
// }
// [UTLS SECTION END]
hs.c.cipherSuite = hs.suite.id hs.c.cipherSuite = hs.suite.id
return nil return nil
@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error {
// to verify the signatures of during a TLS handshake. // to verify the signatures of during a TLS handshake.
const defaultMaxRSAKeySize = 8192 const defaultMaxRSAKeySize = 8192
var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused
func checkKeySize(n int) (max int, ok bool) { func checkKeySize(n int) (max int, ok bool) {
if v := tlsmaxrsasize.Value(); v != "" { // [uTLS SECTION START]
if max, err := strconv.Atoi(v); err == nil { // Disable the unsupported godebug package
if (n <= max) != (n <= defaultMaxRSAKeySize) { // if v := tlsmaxrsasize.Value(); v != "" {
tlsmaxrsasize.IncNonDefault() // if max, err := strconv.Atoi(v); err == nil {
} // if (n <= max) != (n <= defaultMaxRSAKeySize) {
return max, n <= max // tlsmaxrsasize.IncNonDefault()
} // }
} // return max, n <= max
// }
// }
// [uTLS SECTION END]
return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize
} }

18
handshake_server.go
View file

@ -171,9 +171,12 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
c.in.version = c.vers c.in.version = c.vers
c.out.version = c.vers c.out.version = c.vers
if c.config.MinVersion == 0 && c.vers < VersionTLS12 { // [UTLS SECTION BEGIN]
tls10server.IncNonDefault() // Disable unsupported godebug package
} // if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
// tls10server.IncNonDefault()
// }
// [UTLS SECTION END]
return clientHello, nil return clientHello, nil
} }
@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
} }
c.cipherSuite = hs.suite.id c.cipherSuite = hs.suite.id
if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { // [UTLS SECTION BEGIN]
tlsrsakex.IncNonDefault() // Disable unsupported godebug package
} // if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
// tlsrsakex.IncNonDefault()
// }
// [UTLS SECTION END]
for _, id := range hs.clientHello.cipherSuites { for _, id := range hs.clientHello.cipherSuites {
if id == TLS_FALLBACK_SCSV { if id == TLS_FALLBACK_SCSV {

21
handshake_server_tls13.go
View file

@ -276,27 +276,6 @@ GroupSelection:
} }
} }
selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
if err != nil {
c.sendAlert(alertNoApplicationProtocol)
return err
}
c.clientProtocol = selectedProto
if c.quic != nil {
if hs.clientHello.quicTransportParameters == nil {
// RFC 9001 Section 8.2.
c.sendAlert(alertMissingExtension)
return errors.New("tls: client did not send a quic_transport_parameters extension")
}
c.quicSetTransportParameters(hs.clientHello.quicTransportParameters)
} else {
if hs.clientHello.quicTransportParameters != nil {
c.sendAlert(alertUnsupportedExtension)
return errors.New("tls: client sent an unexpected quic_transport_parameters extension")
}
}
c.serverName = hs.clientHello.serverName c.serverName = hs.clientHello.serverName
return nil return nil
} }

4
internal/boring/notboring.go
View file

@ -11,6 +11,10 @@ func NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) {
return nil, errors.New("boring not implemented") return nil, errors.New("boring not implemented")
} }
func NewGCMTLS13(_ cipher.Block) (cipher.AEAD, error) {
return nil, errors.New("boring not implemented")
}
func Unreachable() { func Unreachable() {
// do nothing // do nothing
} }