mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 12:37:35 +03:00
[dev.boringcrypto] all: merge master into dev.boringcrypto
Change-Id: If0a6a3d0abf15d9584ce572510b5bb31872d432f
This commit is contained in:
Heschi Kreinick
commit
8cd6f83334
6 changed files with 59 additions and 17 deletions
38
common.go
38
common.go
|
|
@ -18,6 +18,7 @@ import (
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"internal/godebug"
|
||||||
"io"
|
"io"
|
||||||
"net"
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -682,11 +683,20 @@ type Config struct {
|
||||||
ClientSessionCache ClientSessionCache
|
ClientSessionCache ClientSessionCache
|
||||||
|
|
||||||
// MinVersion contains the minimum TLS version that is acceptable.
|
// MinVersion contains the minimum TLS version that is acceptable.
|
||||||
// If zero, TLS 1.0 is currently taken as the minimum.
|
//
|
||||||
|
// By default, TLS 1.2 is currently used as the minimum when acting as a
|
||||||
|
// client, and TLS 1.0 when acting as a server. TLS 1.0 is the minimum
|
||||||
|
// supported by this package, both as a client and as a server.
|
||||||
|
//
|
||||||
|
// The client-side default can temporarily be reverted to TLS 1.0 by
|
||||||
|
// including the value "x509sha1=1" in the GODEBUG environment variable.
|
||||||
|
// Note that this option will be removed in Go 1.19 (but it will still be
|
||||||
|
// possible to set this field to VersionTLS10 explicitly).
|
||||||
MinVersion uint16
|
MinVersion uint16
|
||||||
|
|
||||||
// MaxVersion contains the maximum TLS version that is acceptable.
|
// MaxVersion contains the maximum TLS version that is acceptable.
|
||||||
// If zero, the maximum version supported by this package is used,
|
//
|
||||||
|
// By default, the maximum version supported by this package is used,
|
||||||
// which is currently TLS 1.3.
|
// which is currently TLS 1.3.
|
||||||
MaxVersion uint16
|
MaxVersion uint16
|
||||||
|
|
||||||
|
|
@ -967,12 +977,24 @@ var supportedVersions = []uint16{
|
||||||
VersionTLS10,
|
VersionTLS10,
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Config) supportedVersions() []uint16 {
|
// debugEnableTLS10 enables TLS 1.0. See issue 45428.
|
||||||
|
var debugEnableTLS10 = godebug.Get("tls10default") == "1"
|
||||||
|
|
||||||
|
// roleClient and roleServer are meant to call supportedVersions and parents
|
||||||
|
// with more readability at the callsite.
|
||||||
|
const roleClient = true
|
||||||
|
const roleServer = false
|
||||||
|
|
||||||
|
func (c *Config) supportedVersions(isClient bool) []uint16 {
|
||||||
versions := make([]uint16, 0, len(supportedVersions))
|
versions := make([]uint16, 0, len(supportedVersions))
|
||||||
for _, v := range supportedVersions {
|
for _, v := range supportedVersions {
|
||||||
if needFIPS() && (v < fipsMinVersion(c) || v > fipsMaxVersion(c)) {
|
if needFIPS() && (v < fipsMinVersion(c) || v > fipsMaxVersion(c)) {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
if (c == nil || c.MinVersion == 0) && !debugEnableTLS10 &&
|
||||||
|
isClient && v < VersionTLS12 {
|
||||||
|
continue
|
||||||
|
}
|
||||||
if c != nil && c.MinVersion != 0 && v < c.MinVersion {
|
if c != nil && c.MinVersion != 0 && v < c.MinVersion {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
@ -984,8 +1006,8 @@ func (c *Config) supportedVersions() []uint16 {
|
||||||
return versions
|
return versions
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *Config) maxSupportedVersion() uint16 {
|
func (c *Config) maxSupportedVersion(isClient bool) uint16 {
|
||||||
supportedVersions := c.supportedVersions()
|
supportedVersions := c.supportedVersions(isClient)
|
||||||
if len(supportedVersions) == 0 {
|
if len(supportedVersions) == 0 {
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
@ -1029,8 +1051,8 @@ func (c *Config) supportsCurve(curve CurveID) bool {
|
||||||
|
|
||||||
// mutualVersion returns the protocol version to use given the advertised
|
// mutualVersion returns the protocol version to use given the advertised
|
||||||
// versions of the peer. Priority is given to the peer preference order.
|
// versions of the peer. Priority is given to the peer preference order.
|
||||||
func (c *Config) mutualVersion(peerVersions []uint16) (uint16, bool) {
|
func (c *Config) mutualVersion(isClient bool, peerVersions []uint16) (uint16, bool) {
|
||||||
supportedVersions := c.supportedVersions()
|
supportedVersions := c.supportedVersions(isClient)
|
||||||
for _, peerVersion := range peerVersions {
|
for _, peerVersion := range peerVersions {
|
||||||
for _, v := range supportedVersions {
|
for _, v := range supportedVersions {
|
||||||
if v == peerVersion {
|
if v == peerVersion {
|
||||||
|
|
@ -1109,7 +1131,7 @@ func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error {
|
||||||
if config == nil {
|
if config == nil {
|
||||||
config = &Config{}
|
config = &Config{}
|
||||||
}
|
}
|
||||||
vers, ok := config.mutualVersion(chi.SupportedVersions)
|
vers, ok := config.mutualVersion(roleServer, chi.SupportedVersions)
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("no mutually supported protocol versions")
|
return errors.New("no mutually supported protocol versions")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -52,12 +52,12 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
|
||||||
return nil, nil, errors.New("tls: NextProtos values too large")
|
return nil, nil, errors.New("tls: NextProtos values too large")
|
||||||
}
|
}
|
||||||
|
|
||||||
supportedVersions := config.supportedVersions()
|
supportedVersions := config.supportedVersions(roleClient)
|
||||||
if len(supportedVersions) == 0 {
|
if len(supportedVersions) == 0 {
|
||||||
return nil, nil, errors.New("tls: no supported versions satisfy MinVersion and MaxVersion")
|
return nil, nil, errors.New("tls: no supported versions satisfy MinVersion and MaxVersion")
|
||||||
}
|
}
|
||||||
|
|
||||||
clientHelloVersion := config.maxSupportedVersion()
|
clientHelloVersion := config.maxSupportedVersion(roleClient)
|
||||||
// The version at the beginning of the ClientHello was capped at TLS 1.2
|
// The version at the beginning of the ClientHello was capped at TLS 1.2
|
||||||
// for compatibility reasons. The supported_versions extension is used
|
// for compatibility reasons. The supported_versions extension is used
|
||||||
// to negotiate versions now. See RFC 8446, Section 4.2.1.
|
// to negotiate versions now. See RFC 8446, Section 4.2.1.
|
||||||
|
|
@ -197,7 +197,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
|
||||||
// If we are negotiating a protocol version that's lower than what we
|
// If we are negotiating a protocol version that's lower than what we
|
||||||
// support, check for the server downgrade canaries.
|
// support, check for the server downgrade canaries.
|
||||||
// See RFC 8446, Section 4.1.3.
|
// See RFC 8446, Section 4.1.3.
|
||||||
maxVers := c.config.maxSupportedVersion()
|
maxVers := c.config.maxSupportedVersion(roleClient)
|
||||||
tls12Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS12
|
tls12Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS12
|
||||||
tls11Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS11
|
tls11Downgrade := string(serverHello.random[24:]) == downgradeCanaryTLS11
|
||||||
if maxVers == VersionTLS13 && c.vers <= VersionTLS12 && (tls12Downgrade || tls11Downgrade) ||
|
if maxVers == VersionTLS13 && c.vers <= VersionTLS12 && (tls12Downgrade || tls11Downgrade) ||
|
||||||
|
|
@ -365,7 +365,7 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error {
|
||||||
peerVersion = serverHello.supportedVersion
|
peerVersion = serverHello.supportedVersion
|
||||||
}
|
}
|
||||||
|
|
||||||
vers, ok := c.config.mutualVersion([]uint16{peerVersion})
|
vers, ok := c.config.mutualVersion(roleClient, []uint16{peerVersion})
|
||||||
if !ok {
|
if !ok {
|
||||||
c.sendAlert(alertProtocolVersion)
|
c.sendAlert(alertProtocolVersion)
|
||||||
return fmt.Errorf("tls: server selected unsupported protocol version %x", peerVersion)
|
return fmt.Errorf("tls: server selected unsupported protocol version %x", peerVersion)
|
||||||
|
|
|
||||||
|
|
@ -156,7 +156,7 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
|
||||||
if len(clientHello.supportedVersions) == 0 {
|
if len(clientHello.supportedVersions) == 0 {
|
||||||
clientVersions = supportedVersionsFromMax(clientHello.vers)
|
clientVersions = supportedVersionsFromMax(clientHello.vers)
|
||||||
}
|
}
|
||||||
c.vers, ok = c.config.mutualVersion(clientVersions)
|
c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)
|
||||||
if !ok {
|
if !ok {
|
||||||
c.sendAlert(alertProtocolVersion)
|
c.sendAlert(alertProtocolVersion)
|
||||||
return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions)
|
return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions)
|
||||||
|
|
@ -191,7 +191,7 @@ func (hs *serverHandshakeState) processClientHello() error {
|
||||||
hs.hello.random = make([]byte, 32)
|
hs.hello.random = make([]byte, 32)
|
||||||
serverRandom := hs.hello.random
|
serverRandom := hs.hello.random
|
||||||
// Downgrade protection canaries. See RFC 8446, Section 4.1.3.
|
// Downgrade protection canaries. See RFC 8446, Section 4.1.3.
|
||||||
maxVers := c.config.maxSupportedVersion()
|
maxVers := c.config.maxSupportedVersion(roleServer)
|
||||||
if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary {
|
if maxVers >= VersionTLS12 && c.vers < maxVers || testingOnlyForceDowngradeCanary {
|
||||||
if c.vers == VersionTLS12 {
|
if c.vers == VersionTLS12 {
|
||||||
copy(serverRandom[24:], downgradeCanaryTLS12)
|
copy(serverRandom[24:], downgradeCanaryTLS12)
|
||||||
|
|
@ -354,7 +354,7 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
|
||||||
for _, id := range hs.clientHello.cipherSuites {
|
for _, id := range hs.clientHello.cipherSuites {
|
||||||
if id == TLS_FALLBACK_SCSV {
|
if id == TLS_FALLBACK_SCSV {
|
||||||
// The client is doing a fallback connection. See RFC 7507.
|
// The client is doing a fallback connection. See RFC 7507.
|
||||||
if hs.clientHello.vers < c.config.maxSupportedVersion() {
|
if hs.clientHello.vers < c.config.maxSupportedVersion(roleServer) {
|
||||||
c.sendAlert(alertInappropriateFallback)
|
c.sendAlert(alertInappropriateFallback)
|
||||||
return errors.New("tls: client using inappropriate protocol fallback")
|
return errors.New("tls: client using inappropriate protocol fallback")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -385,13 +385,30 @@ func TestVersion(t *testing.T) {
|
||||||
}
|
}
|
||||||
clientConfig := &Config{
|
clientConfig := &Config{
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
|
MinVersion: VersionTLS10,
|
||||||
}
|
}
|
||||||
state, _, err := testHandshake(t, clientConfig, serverConfig)
|
state, _, err := testHandshake(t, clientConfig, serverConfig)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("handshake failed: %s", err)
|
t.Fatalf("handshake failed: %s", err)
|
||||||
}
|
}
|
||||||
if state.Version != VersionTLS11 {
|
if state.Version != VersionTLS11 {
|
||||||
t.Fatalf("Incorrect version %x, should be %x", state.Version, VersionTLS11)
|
t.Fatalf("incorrect version %x, should be %x", state.Version, VersionTLS11)
|
||||||
|
}
|
||||||
|
|
||||||
|
clientConfig.MinVersion = 0
|
||||||
|
_, _, err = testHandshake(t, clientConfig, serverConfig)
|
||||||
|
if err == nil {
|
||||||
|
t.Fatalf("expected failure to connect with TLS 1.0/1.1")
|
||||||
|
}
|
||||||
|
|
||||||
|
defer func(old bool) { debugEnableTLS10 = old }(debugEnableTLS10)
|
||||||
|
debugEnableTLS10 = true
|
||||||
|
_, _, err = testHandshake(t, clientConfig, serverConfig)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("handshake failed: %s", err)
|
||||||
|
}
|
||||||
|
if state.Version != VersionTLS11 {
|
||||||
|
t.Fatalf("incorrect version %x, should be %x", state.Version, VersionTLS11)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -472,6 +489,7 @@ func testCrossVersionResume(t *testing.T, version uint16) {
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
ClientSessionCache: NewLRUClientSessionCache(1),
|
ClientSessionCache: NewLRUClientSessionCache(1),
|
||||||
ServerName: "servername",
|
ServerName: "servername",
|
||||||
|
MinVersion: VersionTLS10,
|
||||||
}
|
}
|
||||||
|
|
||||||
// Establish a session at TLS 1.1.
|
// Establish a session at TLS 1.1.
|
||||||
|
|
|
||||||
|
|
@ -114,7 +114,7 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
|
||||||
if id == TLS_FALLBACK_SCSV {
|
if id == TLS_FALLBACK_SCSV {
|
||||||
// Use c.vers instead of max(supported_versions) because an attacker
|
// Use c.vers instead of max(supported_versions) because an attacker
|
||||||
// could defeat this by adding an arbitrary high version otherwise.
|
// could defeat this by adding an arbitrary high version otherwise.
|
||||||
if c.vers < c.config.maxSupportedVersion() {
|
if c.vers < c.config.maxSupportedVersion(roleServer) {
|
||||||
c.sendAlert(alertInappropriateFallback)
|
c.sendAlert(alertInappropriateFallback)
|
||||||
return errors.New("tls: client using inappropriate protocol fallback")
|
return errors.New("tls: client using inappropriate protocol fallback")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -363,6 +363,8 @@ func runMain(m *testing.M) int {
|
||||||
Certificates: make([]Certificate, 2),
|
Certificates: make([]Certificate, 2),
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
CipherSuites: allCipherSuites(),
|
CipherSuites: allCipherSuites(),
|
||||||
|
MinVersion: VersionTLS10,
|
||||||
|
MaxVersion: VersionTLS13,
|
||||||
}
|
}
|
||||||
testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
|
testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate}
|
||||||
testConfig.Certificates[0].PrivateKey = testRSAPrivateKey
|
testConfig.Certificates[0].PrivateKey = testRSAPrivateKey
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue