mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 20:47:36 +03:00
[dev.boringcrypto] all: merge master into dev.boringcrypto
Conflicts due to randutil.MaybeReadByte (kept at the top for patch maintainability and consistency): src/crypto/ecdsa/ecdsa.go src/crypto/rsa/pkcs1v15.go src/crypto/rsa/rsa.go Change-Id: I03a2de541e68a1bbdc48590ad7c01fbffbbf4a2b
This commit is contained in:
Filippo Valsorda
commit
81bc85fa9a
5 changed files with 20 additions and 19 deletions
11
common.go
11
common.go
|
|
@ -247,19 +247,19 @@ type ClientHelloInfo struct {
|
|||
// ServerName indicates the name of the server requested by the client
|
||||
// in order to support virtual hosting. ServerName is only set if the
|
||||
// client is using SNI (see
|
||||
// http://tools.ietf.org/html/rfc4366#section-3.1).
|
||||
// https://tools.ietf.org/html/rfc4366#section-3.1).
|
||||
ServerName string
|
||||
|
||||
// SupportedCurves lists the elliptic curves supported by the client.
|
||||
// SupportedCurves is set only if the Supported Elliptic Curves
|
||||
// Extension is being used (see
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.1.1).
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.1.1).
|
||||
SupportedCurves []CurveID
|
||||
|
||||
// SupportedPoints lists the point formats supported by the client.
|
||||
// SupportedPoints is set only if the Supported Point Formats Extension
|
||||
// is being used (see
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.1.2).
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.1.2).
|
||||
SupportedPoints []uint8
|
||||
|
||||
// SignatureSchemes lists the signature and hash schemes that the client
|
||||
|
|
@ -460,7 +460,8 @@ type Config struct {
|
|||
PreferServerCipherSuites bool
|
||||
|
||||
// SessionTicketsDisabled may be set to true to disable session ticket
|
||||
// (resumption) support.
|
||||
// (resumption) support. Note that on clients, session ticket support is
|
||||
// also disabled if ClientSessionCache is nil.
|
||||
SessionTicketsDisabled bool
|
||||
|
||||
// SessionTicketKey is used by TLS servers to provide session
|
||||
|
|
@ -474,7 +475,7 @@ type Config struct {
|
|||
SessionTicketKey [32]byte
|
||||
|
||||
// ClientSessionCache is a cache of ClientSessionState entries for TLS
|
||||
// session resumption.
|
||||
// session resumption. It is only used by clients.
|
||||
ClientSessionCache ClientSessionCache
|
||||
|
||||
// MinVersion contains the minimum SSL/TLS version that is acceptable.
|
||||
|
|
|
|||
4
conn.go
4
conn.go
|
|
@ -1061,9 +1061,9 @@ func (c *Conn) Write(b []byte) (int, error) {
|
|||
// This can be prevented by splitting each Application Data
|
||||
// record into two records, effectively randomizing the IV.
|
||||
//
|
||||
// http://www.openssl.org/~bodo/tls-cbc.txt
|
||||
// https://www.openssl.org/~bodo/tls-cbc.txt
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=665814
|
||||
// http://www.imperialviolet.org/2012/01/15/beastfollowup.html
|
||||
// https://www.imperialviolet.org/2012/01/15/beastfollowup.html
|
||||
|
||||
var m int
|
||||
if len(b) > 1 && c.vers <= VersionTLS10 {
|
||||
|
|
|
|||
|
|
@ -192,7 +192,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
z = z[9:]
|
||||
}
|
||||
if len(m.supportedCurves) > 0 {
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
z[0] = byte(extensionSupportedCurves >> 8)
|
||||
z[1] = byte(extensionSupportedCurves)
|
||||
l := 2 + 2*len(m.supportedCurves)
|
||||
|
|
@ -209,7 +209,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
}
|
||||
}
|
||||
if len(m.supportedPoints) > 0 {
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
z[0] = byte(extensionSupportedPoints >> 8)
|
||||
z[1] = byte(extensionSupportedPoints)
|
||||
l := 1 + len(m.supportedPoints)
|
||||
|
|
@ -224,7 +224,7 @@ func (m *clientHelloMsg) marshal() []byte {
|
|||
}
|
||||
}
|
||||
if m.ticketSupported {
|
||||
// http://tools.ietf.org/html/rfc5077#section-3.2
|
||||
// https://tools.ietf.org/html/rfc5077#section-3.2
|
||||
z[0] = byte(extensionSessionTicket >> 8)
|
||||
z[1] = byte(extensionSessionTicket)
|
||||
l := len(m.sessionTicket)
|
||||
|
|
@ -414,7 +414,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
case extensionStatusRequest:
|
||||
m.ocspStapling = length > 0 && data[0] == statusTypeOCSP
|
||||
case extensionSupportedCurves:
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.1
|
||||
if length < 2 {
|
||||
return false
|
||||
}
|
||||
|
|
@ -430,7 +430,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
d = d[2:]
|
||||
}
|
||||
case extensionSupportedPoints:
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.5.2
|
||||
if length < 1 {
|
||||
return false
|
||||
}
|
||||
|
|
@ -441,7 +441,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool {
|
|||
m.supportedPoints = make([]uint8, l)
|
||||
copy(m.supportedPoints, data[1:])
|
||||
case extensionSessionTicket:
|
||||
// http://tools.ietf.org/html/rfc5077#section-3.2
|
||||
// https://tools.ietf.org/html/rfc5077#section-3.2
|
||||
m.ticketSupported = true
|
||||
m.sessionTicket = data[:length]
|
||||
case extensionSignatureAlgorithms:
|
||||
|
|
@ -1224,7 +1224,7 @@ func (m *certificateRequestMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc4346#section-7.4.4
|
||||
// See https://tools.ietf.org/html/rfc4346#section-7.4.4
|
||||
length := 1 + len(m.certificateTypes) + 2
|
||||
casLength := 0
|
||||
for _, ca := range m.certificateAuthorities {
|
||||
|
|
@ -1374,7 +1374,7 @@ func (m *certificateVerifyMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc4346#section-7.4.8
|
||||
// See https://tools.ietf.org/html/rfc4346#section-7.4.8
|
||||
siglength := len(m.signature)
|
||||
length := 2 + siglength
|
||||
if m.hasSignatureAndHash {
|
||||
|
|
@ -1452,7 +1452,7 @@ func (m *newSessionTicketMsg) marshal() (x []byte) {
|
|||
return m.raw
|
||||
}
|
||||
|
||||
// See http://tools.ietf.org/html/rfc5077#section-3.3
|
||||
// See https://tools.ietf.org/html/rfc5077#section-3.3
|
||||
ticketLen := len(m.ticket)
|
||||
length := 2 + 4 + ticketLen
|
||||
x = make([]byte, 4+length)
|
||||
|
|
|
|||
|
|
@ -141,7 +141,7 @@ func pickTLS12HashForSignature(sigType uint8, clientList []SignatureScheme) (Sig
|
|||
if len(clientList) == 0 {
|
||||
// If the client didn't specify any signature_algorithms
|
||||
// extension then we can assume that it supports SHA1. See
|
||||
// http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
||||
// https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1
|
||||
switch sigType {
|
||||
case signatureRSA:
|
||||
return PKCS1WithSHA1, nil
|
||||
|
|
@ -239,7 +239,7 @@ NextCandidate:
|
|||
ecdhePublic = elliptic.Marshal(curve, x, y)
|
||||
}
|
||||
|
||||
// http://tools.ietf.org/html/rfc4492#section-5.4
|
||||
// https://tools.ietf.org/html/rfc4492#section-5.4
|
||||
serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic))
|
||||
serverECDHParams[0] = 3 // named curve
|
||||
serverECDHParams[1] = byte(ka.curveid >> 8)
|
||||
|
|
|
|||
2
prf.go
2
prf.go
|
|
@ -140,7 +140,7 @@ func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, labe
|
|||
}
|
||||
|
||||
// masterFromPreMasterSecret generates the master secret from the pre-master
|
||||
// secret. See http://tools.ietf.org/html/rfc5246#section-8.1
|
||||
// secret. See https://tools.ietf.org/html/rfc5246#section-8.1
|
||||
func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte {
|
||||
seed := make([]byte, 0, len(clientRandom)+len(serverRandom))
|
||||
seed = append(seed, clientRandom...)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue