mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-05 21:17:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto: add available godoc link

Browse source 
Change-Id: Ifc669399dde7d6229c6ccdbe29611ed1f8698fb1
Reviewed-on: https://go-review.googlesource.com/c/go/+/534778
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: shuang cui <imcusg@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Ian Lance Taylor <iant@google.com>
This commit is contained in:
cui fliter 2023-10-12 18:08:04 +08:00 committed by Gopher Robot
parent 9fc13bee9f
commit 59d4a9c7c4
6 changed files with 37 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

4
cipher_suites.go
View file

@ -45,7 +45,7 @@ var (
// CipherSuites returns a list of cipher suites currently implemented by this // CipherSuites returns a list of cipher suites currently implemented by this
// package, excluding those with security issues, which are returned by // package, excluding those with security issues, which are returned by
// InsecureCipherSuites. // [InsecureCipherSuites].
// //
// The list is sorted by ID. Note that the default cipher suites selected by // The list is sorted by ID. Note that the default cipher suites selected by
// this package might depend on logic that can't be captured by a static list, // this package might depend on logic that can't be captured by a static list,
@ -78,7 +78,7 @@ func CipherSuites() []*CipherSuite {
// this package and which have security issues. // this package and which have security issues.
// //
// Most applications should not use the cipher suites in this list, and should // Most applications should not use the cipher suites in this list, and should
// only use those returned by CipherSuites. // only use those returned by [CipherSuites].
func InsecureCipherSuites() []*CipherSuite { func InsecureCipherSuites() []*CipherSuite {
// This list includes RC4, CBC_SHA256, and 3DES cipher suites. See // This list includes RC4, CBC_SHA256, and 3DES cipher suites. See
// cipherSuitesPreferenceOrder for details. // cipherSuitesPreferenceOrder for details.

12
common.go
View file

@ -822,7 +822,7 @@ func (c *Config) ticketKeyFromBytes(b [32]byte) (key ticketKey) {
// ticket, and the lifetime we set for all tickets we send. // ticket, and the lifetime we set for all tickets we send.
const maxSessionTicketLifetime = 7 * 24 * time.Hour const maxSessionTicketLifetime = 7 * 24 * time.Hour
// Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a Config that is // Clone returns a shallow clone of c or nil if c is nil. It is safe to clone a [Config] that is
// being used concurrently by a TLS client or server. // being used concurrently by a TLS client or server.
func (c *Config) Clone() *Config { func (c *Config) Clone() *Config {
if c == nil { if c == nil {
@ -1157,9 +1157,9 @@ func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, err
// the client that sent the ClientHello. Otherwise, it returns an error // the client that sent the ClientHello. Otherwise, it returns an error
// describing the reason for the incompatibility. // describing the reason for the incompatibility.
// //
// If this ClientHelloInfo was passed to a GetConfigForClient or GetCertificate // If this [ClientHelloInfo] was passed to a GetConfigForClient or GetCertificate
// callback, this method will take into account the associated Config. Note that // callback, this method will take into account the associated [Config]. Note that
// if GetConfigForClient returns a different Config, the change can't be // if GetConfigForClient returns a different [Config], the change can't be
// accounted for by this method. // accounted for by this method.
// //
// This function will call x509.ParseCertificate unless c.Leaf is set, which can // This function will call x509.ParseCertificate unless c.Leaf is set, which can
@ -1450,7 +1450,7 @@ type lruSessionCacheEntry struct {
state *ClientSessionState state *ClientSessionState
} }
// NewLRUClientSessionCache returns a ClientSessionCache with the given // NewLRUClientSessionCache returns a [ClientSessionCache] with the given
// capacity that uses an LRU strategy. If capacity is < 1, a default capacity // capacity that uses an LRU strategy. If capacity is < 1, a default capacity
// is used instead. // is used instead.
func NewLRUClientSessionCache(capacity int) ClientSessionCache { func NewLRUClientSessionCache(capacity int) ClientSessionCache {
@ -1499,7 +1499,7 @@ func (c *lruSessionCache) Put(sessionKey string, cs *ClientSessionState) {
c.m[sessionKey] = elem c.m[sessionKey] = elem
} }
// Get returns the ClientSessionState value associated with a given key. It // Get returns the [ClientSessionState] value associated with a given key. It
// returns (nil, false) if no value is found. // returns (nil, false) if no value is found.
func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) { func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) {
c.Lock() c.Lock()

32
conn.go
View file

@ -136,21 +136,21 @@ func (c *Conn) RemoteAddr() net.Addr {
} }
// SetDeadline sets the read and write deadlines associated with the connection. // SetDeadline sets the read and write deadlines associated with the connection.
// A zero value for t means Read and Write will not time out. // A zero value for t means [Conn.Read] and [Conn.Write] will not time out.
// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error. // After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (c *Conn) SetDeadline(t time.Time) error { func (c *Conn) SetDeadline(t time.Time) error {
return c.conn.SetDeadline(t) return c.conn.SetDeadline(t)
} }
// SetReadDeadline sets the read deadline on the underlying connection. // SetReadDeadline sets the read deadline on the underlying connection.
// A zero value for t means Read will not time out. // A zero value for t means [Conn.Read] will not time out.
func (c *Conn) SetReadDeadline(t time.Time) error { func (c *Conn) SetReadDeadline(t time.Time) error {
return c.conn.SetReadDeadline(t) return c.conn.SetReadDeadline(t)
} }
// SetWriteDeadline sets the write deadline on the underlying connection. // SetWriteDeadline sets the write deadline on the underlying connection.
// A zero value for t means Write will not time out. // A zero value for t means [Conn.Write] will not time out.
// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error. // After a [Conn.Write] has timed out, the TLS state is corrupt and all future writes will return the same error.
func (c *Conn) SetWriteDeadline(t time.Time) error { func (c *Conn) SetWriteDeadline(t time.Time) error {
return c.conn.SetWriteDeadline(t) return c.conn.SetWriteDeadline(t)
} }
@ -1173,10 +1173,10 @@ var (
// Write writes data to the connection. // Write writes data to the connection.
// //
// As Write calls Handshake, in order to prevent indefinite blocking a deadline // As Write calls [Conn.Handshake], in order to prevent indefinite blocking a deadline
// must be set for both Read and Write before Write is called when the handshake // must be set for both [Conn.Read] and Write before Write is called when the handshake
// has not yet completed. See SetDeadline, SetReadDeadline, and // has not yet completed. See [Conn.SetDeadline], [Conn.SetReadDeadline], and
// SetWriteDeadline. // [Conn.SetWriteDeadline].
func (c *Conn) Write(b []byte) (int, error) { func (c *Conn) Write(b []byte) (int, error) {
// interlock with Close below // interlock with Close below
for { for {
@ -1348,10 +1348,10 @@ func (c *Conn) handleKeyUpdate(keyUpdate *keyUpdateMsg) error {
// Read reads data from the connection. // Read reads data from the connection.
// //
// As Read calls Handshake, in order to prevent indefinite blocking a deadline // As Read calls [Conn.Handshake], in order to prevent indefinite blocking a deadline
// must be set for both Read and Write before Read is called when the handshake // must be set for both Read and [Conn.Write] before Read is called when the handshake
// has not yet completed. See SetDeadline, SetReadDeadline, and // has not yet completed. See [Conn.SetDeadline], [Conn.SetReadDeadline], and
// SetWriteDeadline. // [Conn.SetWriteDeadline].
func (c *Conn) Read(b []byte) (int, error) { func (c *Conn) Read(b []byte) (int, error) {
if err := c.Handshake(); err != nil { if err := c.Handshake(); err != nil {
return 0, err return 0, err
@ -1435,7 +1435,7 @@ var errEarlyCloseWrite = errors.New("tls: CloseWrite called before handshake com
// CloseWrite shuts down the writing side of the connection. It should only be // CloseWrite shuts down the writing side of the connection. It should only be
// called once the handshake has completed and does not call CloseWrite on the // called once the handshake has completed and does not call CloseWrite on the
// underlying connection. Most callers should just use Close. // underlying connection. Most callers should just use [Conn.Close].
func (c *Conn) CloseWrite() error { func (c *Conn) CloseWrite() error {
if !c.isHandshakeComplete.Load() { if !c.isHandshakeComplete.Load() {
return errEarlyCloseWrite return errEarlyCloseWrite
@ -1463,10 +1463,10 @@ func (c *Conn) closeNotify() error {
// protocol if it has not yet been run. // protocol if it has not yet been run.
// //
// Most uses of this package need not call Handshake explicitly: the // Most uses of this package need not call Handshake explicitly: the
// first Read or Write will call it automatically. // first [Conn.Read] or [Conn.Write] will call it automatically.
// //
// For control over canceling or setting a timeout on a handshake, use // For control over canceling or setting a timeout on a handshake, use
// HandshakeContext or the Dialer's DialContext method instead. // [Conn.HandshakeContext] or the [Dialer]'s DialContext method instead.
// //
// In order to avoid denial of service attacks, the maximum RSA key size allowed // In order to avoid denial of service attacks, the maximum RSA key size allowed
// in certificates sent by either the TLS server or client is limited to 8192 // in certificates sent by either the TLS server or client is limited to 8192
@ -1485,7 +1485,7 @@ func (c *Conn) Handshake() error {
// connection. // connection.
// //
// Most uses of this package need not call HandshakeContext explicitly: the // Most uses of this package need not call HandshakeContext explicitly: the
// first Read or Write will call it automatically. // first [Conn.Read] or [Conn.Write] will call it automatically.
func (c *Conn) HandshakeContext(ctx context.Context) error { func (c *Conn) HandshakeContext(ctx context.Context) error {
// Delegate to unexported method for named return // Delegate to unexported method for named return
// without confusing documented signature. // without confusing documented signature.

12
quic.go
View file

@ -46,7 +46,7 @@ type QUICConn struct {
sessionTicketSent bool sessionTicketSent bool
} }
// A QUICConfig configures a QUICConn. // A QUICConfig configures a [QUICConn].
type QUICConfig struct { type QUICConfig struct {
TLSConfig *Config TLSConfig *Config
} }
@ -163,7 +163,7 @@ func newQUICConn(conn *Conn) *QUICConn {
} }
// Start starts the client or server handshake protocol. // Start starts the client or server handshake protocol.
// It may produce connection events, which may be read with NextEvent. // It may produce connection events, which may be read with [QUICConn.NextEvent].
// //
// Start must be called at most once. // Start must be called at most once.
func (q *QUICConn) Start(ctx context.Context) error { func (q *QUICConn) Start(ctx context.Context) error {
@ -182,7 +182,7 @@ func (q *QUICConn) Start(ctx context.Context) error {
} }
// NextEvent returns the next event occurring on the connection. // NextEvent returns the next event occurring on the connection.
// It returns an event with a Kind of QUICNoEvent when no events are available. // It returns an event with a Kind of [QUICNoEvent] when no events are available.
func (q *QUICConn) NextEvent() QUICEvent { func (q *QUICConn) NextEvent() QUICEvent {
qs := q.conn.quic qs := q.conn.quic
if last := qs.nextEvent - 1; last >= 0 && len(qs.events[last].Data) > 0 { if last := qs.nextEvent - 1; last >= 0 && len(qs.events[last].Data) > 0 {
@ -214,7 +214,7 @@ func (q *QUICConn) Close() error {
} }
// HandleData handles handshake bytes received from the peer. // HandleData handles handshake bytes received from the peer.
// It may produce connection events, which may be read with NextEvent. // It may produce connection events, which may be read with [QUICConn.NextEvent].
func (q *QUICConn) HandleData(level QUICEncryptionLevel, data []byte) error { func (q *QUICConn) HandleData(level QUICEncryptionLevel, data []byte) error {
c := q.conn c := q.conn
if c.in.level != level { if c.in.level != level {
@ -258,7 +258,7 @@ type QUICSessionTicketOptions struct {
} }
// SendSessionTicket sends a session ticket to the client. // SendSessionTicket sends a session ticket to the client.
// It produces connection events, which may be read with NextEvent. // It produces connection events, which may be read with [QUICConn.NextEvent].
// Currently, it can only be called once. // Currently, it can only be called once.
func (q *QUICConn) SendSessionTicket(opts QUICSessionTicketOptions) error { func (q *QUICConn) SendSessionTicket(opts QUICSessionTicketOptions) error {
c := q.conn c := q.conn
@ -283,7 +283,7 @@ func (q *QUICConn) ConnectionState() ConnectionState {
// SetTransportParameters sets the transport parameters to send to the peer. // SetTransportParameters sets the transport parameters to send to the peer.
// //
// Server connections may delay setting the transport parameters until after // Server connections may delay setting the transport parameters until after
// receiving the client's transport parameters. See QUICTransportParametersRequired. // receiving the client's transport parameters. See [QUICTransportParametersRequired].
func (q *QUICConn) SetTransportParameters(params []byte) { func (q *QUICConn) SetTransportParameters(params []byte) {
if params == nil { if params == nil {
params = []byte{} params = []byte{}

2
ticket.go
View file

@ -305,7 +305,7 @@ func (c *Conn) sessionState() (*SessionState, error) {
}, nil }, nil
} }
// EncryptTicket encrypts a ticket with the Config's configured (or default) // EncryptTicket encrypts a ticket with the [Config]'s configured (or default)
// session ticket keys. It can be used as a [Config.WrapSession] implementation. // session ticket keys. It can be used as a [Config.WrapSession] implementation.
func (c *Config) EncryptTicket(cs ConnectionState, ss *SessionState) ([]byte, error) { func (c *Config) EncryptTicket(cs ConnectionState, ss *SessionState) ([]byte, error) {
ticketKeys := c.ticketKeys(nil) ticketKeys := c.ticketKeys(nil)

12
tls.go
View file

@ -71,7 +71,7 @@ func (l *listener) Accept() (net.Conn, error) {
} }
// NewListener creates a Listener which accepts connections from an inner // NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server. // Listener and wraps each connection with [Server].
// The configuration config must be non-nil and must include // The configuration config must be non-nil and must include
// at least one certificate or else set GetCertificate. // at least one certificate or else set GetCertificate.
func NewListener(inner net.Listener, config *Config) net.Listener { func NewListener(inner net.Listener, config *Config) net.Listener {
@ -109,10 +109,10 @@ func (timeoutError) Temporary() bool { return true }
// handshake as a whole. // handshake as a whole.
// //
// DialWithDialer interprets a nil configuration as equivalent to the zero // DialWithDialer interprets a nil configuration as equivalent to the zero
// configuration; see the documentation of Config for the defaults. // configuration; see the documentation of [Config] for the defaults.
// //
// DialWithDialer uses context.Background internally; to specify the context, // DialWithDialer uses context.Background internally; to specify the context,
// use Dialer.DialContext with NetDialer set to the desired dialer. // use [Dialer.DialContext] with NetDialer set to the desired dialer.
func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) { func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) {
return dial(context.Background(), dialer, network, addr, config) return dial(context.Background(), dialer, network, addr, config)
} }
@ -189,10 +189,10 @@ type Dialer struct {
// Dial connects to the given network address and initiates a TLS // Dial connects to the given network address and initiates a TLS
// handshake, returning the resulting TLS connection. // handshake, returning the resulting TLS connection.
// //
// The returned Conn, if any, will always be of type *Conn. // The returned [Conn], if any, will always be of type *[Conn].
// //
// Dial uses context.Background internally; to specify the context, // Dial uses context.Background internally; to specify the context,
// use DialContext. // use [Dialer.DialContext].
func (d *Dialer) Dial(network, addr string) (net.Conn, error) { func (d *Dialer) Dial(network, addr string) (net.Conn, error) {
return d.DialContext(context.Background(), network, addr) return d.DialContext(context.Background(), network, addr)
} }
@ -212,7 +212,7 @@ func (d *Dialer) netDialer() *net.Dialer {
// connected, any expiration of the context will not affect the // connected, any expiration of the context will not affect the
// connection. // connection.
// //
// The returned Conn, if any, will always be of type *Conn. // The returned [Conn], if any, will always be of type *[Conn].
func (d *Dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) { func (d *Dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) {
c, err := dial(ctx, d.netDialer(), network, addr, d.Config) c, err := dial(ctx, d.netDialer(), network, addr, d.Config)
if err != nil { if err != nil {