mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 12:37:35 +03:00
Fix all conflicts and more (see description)
- Fixed all merge conflicts introduced by the previous commit. - Updated many `marshal()` functions to return `[]byte. error` in alignment with the updated upstream. - Updated `readServerCertificate()` function as necessary to continue support compressed certificates.
This commit is contained in:
Gaukas Wang
parent
2be3f2376d
commit
a16cd34be9
22 changed files with 46 additions and 453 deletions
|
|
@ -10,22 +10,17 @@ import (
|
|||
"crypto/cipher"
|
||||
"crypto/des"
|
||||
"crypto/hmac"
|
||||
"crypto/internal/boring"
|
||||
|
||||
// "crypto/internal/boring"
|
||||
"crypto/rc4"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
"hash"
|
||||
<<<<<<< HEAD
|
||||
"runtime"
|
||||
|
||||
"github.com/refraction-networking/utls/cpu"
|
||||
|
||||
=======
|
||||
"internal/cpu"
|
||||
"runtime"
|
||||
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
"golang.org/x/crypto/chacha20poly1305"
|
||||
)
|
||||
|
||||
|
|
|
|||
10
common.go
10
common.go
|
|
@ -101,10 +101,6 @@ const (
|
|||
extensionCertificateAuthorities uint16 = 47
|
||||
extensionSignatureAlgorithmsCert uint16 = 50
|
||||
extensionKeyShare uint16 = 51
|
||||
<<<<<<< HEAD
|
||||
extensionNextProtoNeg uint16 = 13172 // not IANA assigned // Pending discussion on whether or not remove this. crypto/tls removed it on Nov 21, 2019.
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
extensionRenegotiationInfo uint16 = 0xff01
|
||||
)
|
||||
|
||||
|
|
@ -241,13 +237,10 @@ type ConnectionState struct {
|
|||
// Deprecated: this value is always true.
|
||||
NegotiatedProtocolIsMutual bool
|
||||
|
||||
<<<<<<< HEAD
|
||||
// PeerApplicationSettings is the Application-Layer Protocol Settings (ALPS)
|
||||
// provided by peer.
|
||||
PeerApplicationSettings []byte // [uTLS]
|
||||
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
// ServerName is the value of the Server Name Indication extension sent by
|
||||
// the client. It's available both on the server and on the client side.
|
||||
ServerName string
|
||||
|
|
@ -662,7 +655,6 @@ type Config struct {
|
|||
// testing or in combination with VerifyConnection or VerifyPeerCertificate.
|
||||
InsecureSkipVerify bool
|
||||
|
||||
<<<<<<< HEAD
|
||||
// InsecureServerNameToVerify is used to verify the hostname on the returned
|
||||
// certificates. It is intended to use with spoofed ServerName.
|
||||
// If InsecureServerNameToVerify is "*", crypto/tls will do normal
|
||||
|
|
@ -671,8 +663,6 @@ type Config struct {
|
|||
// This field is ignored when InsecureSkipVerify is true.
|
||||
InsecureServerNameToVerify string // [uTLS]
|
||||
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
// CipherSuites is a list of enabled TLS 1.0–1.2 cipher suites. The order of
|
||||
// the list is ignored. Note that TLS 1.3 ciphersuites are not configurable.
|
||||
//
|
||||
|
|
|
|||
12
conn.go
12
conn.go
|
|
@ -91,13 +91,10 @@ type Conn struct {
|
|||
|
||||
// clientProtocol is the negotiated ALPN protocol.
|
||||
clientProtocol string
|
||||
<<<<<<< HEAD
|
||||
|
||||
// [UTLS SECTION START]
|
||||
utls utlsConnExtraFields // used for extensive things such as ALPS
|
||||
// [UTLS SECTION END]
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
|
||||
// input/output
|
||||
in, out halfConn
|
||||
|
|
@ -1038,14 +1035,9 @@ func (c *Conn) writeChangeCipherRecord() error {
|
|||
}
|
||||
|
||||
// readHandshake reads the next handshake message from
|
||||
<<<<<<< HEAD
|
||||
// the record layer.
|
||||
func (c *Conn) readHandshake() (any, error) {
|
||||
=======
|
||||
// the record layer. If transcript is non-nil, the message
|
||||
// is written to the passed transcriptHash.
|
||||
func (c *Conn) readHandshake(transcript transcriptHash) (any, error) {
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
for c.hand.Len() < 4 {
|
||||
if err := c.readRecord(); err != nil {
|
||||
return nil, err
|
||||
|
|
@ -1559,10 +1551,6 @@ func (c *Conn) connectionStateLocked() ConnectionState {
|
|||
} else {
|
||||
state.ekm = c.ekm
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
return state
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
|
|||
}
|
||||
|
||||
// In TLS 1.3, session tickets are delivered after the handshake.
|
||||
return hs.handshake()
|
||||
return hs.handshake() // UTLSTODO: returned error
|
||||
}
|
||||
|
||||
hs := &clientHandshakeState{
|
||||
|
|
@ -523,43 +523,12 @@ func (hs *clientHandshakeState) doFullHandshake() error {
|
|||
|
||||
c.ocspResponse = cs.response
|
||||
|
||||
msg, err = c.readHandshake(&hs.finishedHash)
|
||||
msg, err = c.readHandshake(&hs.finishedHash) // UTLSTODO: note this added transcriptHash.
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
msg, err = c.readHandshake()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
cs, ok := msg.(*certificateStatusMsg)
|
||||
if ok {
|
||||
// RFC4366 on Certificate Status Request:
|
||||
// The server MAY return a "certificate_status" message.
|
||||
|
||||
if !hs.serverHello.ocspStapling {
|
||||
// If a server returns a "CertificateStatus" message, then the
|
||||
// server MUST have included an extension of type "status_request"
|
||||
// with empty "extension_data" in the extended server hello.
|
||||
|
||||
c.sendAlert(alertUnexpectedMessage)
|
||||
return errors.New("tls: received unexpected CertificateStatus message")
|
||||
}
|
||||
hs.finishedHash.Write(cs.marshal())
|
||||
|
||||
c.ocspResponse = cs.response
|
||||
|
||||
msg, err = c.readHandshake()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
if c.handshakes == 0 {
|
||||
// If this is the first handshake on a connection, process and
|
||||
// (optionally) verify the server's certificates.
|
||||
|
|
@ -926,7 +895,6 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
|
|||
Intermediates: x509.NewCertPool(),
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
if len(c.config.InsecureServerNameToVerify) == 0 {
|
||||
opts.DNSName = c.config.ServerName
|
||||
} else if c.config.InsecureServerNameToVerify != "*" {
|
||||
|
|
@ -934,8 +902,6 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
|
|||
}
|
||||
// [UTLS SECTION END]
|
||||
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
for _, cert := range certs[1:] {
|
||||
opts.Intermediates.AddCert(cert)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1257,11 +1257,7 @@ func TestServerSelectingUnconfiguredApplicationProtocol(t *testing.T) {
|
|||
cipherSuite: TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
alpnProtocol: "how-about-this",
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
serverHelloBytes := serverHello.marshal()
|
||||
=======
|
||||
serverHelloBytes := mustMarshal(t, serverHello)
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
|
||||
s.Write([]byte{
|
||||
byte(recordTypeHandshake),
|
||||
|
|
|
|||
|
|
@ -299,7 +299,6 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
|
|||
}
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
// [uTLS SECTION BEGINS]
|
||||
// crypto/tls code above this point had changed crypto/tls structures in accordance with HRR, and is about
|
||||
// to call default marshaller.
|
||||
|
|
@ -362,11 +361,10 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error {
|
|||
}
|
||||
// [uTLS SECTION ENDS]
|
||||
|
||||
hs.transcript.Write(hs.hello.marshal())
|
||||
if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
|
||||
=======
|
||||
// UTLSTODO: delete comment
|
||||
// hs.transcript.Write(hs.hello.marshal())
|
||||
// if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil {
|
||||
if _, err := hs.c.writeHandshakeRecord(hs.hello, hs.transcript); err != nil {
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -538,7 +536,8 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
msg, err := c.readHandshake(hs.transcript)
|
||||
// msg, err := c.readHandshake(hs.transcript)
|
||||
msg, err := c.readHandshake(nil) // [UTLS] we don't write to transcript until make sure it is not compressed cert
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -546,8 +545,10 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
|
|||
certReq, ok := msg.(*certificateRequestMsgTLS13)
|
||||
if ok {
|
||||
hs.certReq = certReq
|
||||
transcriptMsg(certReq, hs.transcript) // [UTLS] if it is certReq (not compressedCert), write to transcript
|
||||
|
||||
msg, err = c.readHandshake(hs.transcript)
|
||||
// msg, err = c.readHandshake(hs.transcript)
|
||||
msg, err = c.readHandshake(nil) // [UTLS] we don't write to transcript until make sure it is not compressed cert
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -576,15 +577,15 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
|
|||
c.sendAlert(alertDecodeError)
|
||||
return errors.New("tls: received empty certificates message")
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
// [UTLS SECTION BEGINS]
|
||||
// Previously, this was simply 'hs.transcript.Write(certMsg.marshal())' (without the if).
|
||||
if !skipWritingCertToTranscript {
|
||||
hs.transcript.Write(certMsg.marshal())
|
||||
if !skipWritingCertToTranscript { // utlsReadServerCertificate didn't call transcriptMsg()
|
||||
// hs.transcript.Write(certMsg.marshal()) // deprecated since Go 1.19.6
|
||||
if err = transcriptMsg(certMsg, hs.transcript); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
// [UTLS SECTION ENDS]
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
|
||||
c.scts = certMsg.certificate.SignedCertificateTimestamps
|
||||
c.ocspResponse = certMsg.certificate.OCSPStaple
|
||||
|
|
@ -610,11 +611,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
|
|||
// See RFC 8446, Section 4.4.3.
|
||||
if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
|
||||
c.sendAlert(alertIllegalParameter)
|
||||
<<<<<<< HEAD
|
||||
return errors.New("tls: certificate used with invalid signature algorithm -- not implemented")
|
||||
=======
|
||||
return errors.New("tls: certificate used with invalid signature algorithm")
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
sigType, sigHash, err := typeAndHashFromSignatureScheme(certVerify.signatureAlgorithm)
|
||||
if err != nil {
|
||||
|
|
@ -622,11 +619,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
|
|||
}
|
||||
if sigType == signaturePKCS1v15 || sigHash == crypto.SHA1 {
|
||||
c.sendAlert(alertIllegalParameter)
|
||||
<<<<<<< HEAD
|
||||
return errors.New("tls: certificate used with invalid signature algorithm -- obsolete")
|
||||
=======
|
||||
return errors.New("tls: certificate used with invalid signature algorithm")
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
signed := signedMessage(sigHash, serverSignatureContext, hs.transcript)
|
||||
if err := verifyHandshakeSignature(sigType, c.peerCertificates[0].PublicKey,
|
||||
|
|
|
|||
|
|
@ -293,190 +293,10 @@ func (m *clientHelloMsg) marshal() ([]byte, error) {
|
|||
b.AddBytes(m.compressionMethods)
|
||||
})
|
||||
|
||||
<<<<<<< HEAD
|
||||
// If extensions aren't present, omit them.
|
||||
var extensionsPresent bool
|
||||
bWithoutExtensions := *b
|
||||
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
if len(m.serverName) > 0 {
|
||||
// RFC 6066, Section 3
|
||||
b.AddUint16(extensionServerName)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8(0) // name_type = host_name
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte(m.serverName))
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.ocspStapling {
|
||||
// RFC 4366, Section 3.6
|
||||
b.AddUint16(extensionStatusRequest)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8(1) // status_type = ocsp
|
||||
b.AddUint16(0) // empty responder_id_list
|
||||
b.AddUint16(0) // empty request_extensions
|
||||
})
|
||||
}
|
||||
if len(m.supportedCurves) > 0 {
|
||||
// RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7
|
||||
b.AddUint16(extensionSupportedCurves)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, curve := range m.supportedCurves {
|
||||
b.AddUint16(uint16(curve))
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.supportedPoints) > 0 {
|
||||
// RFC 4492, Section 5.1.2
|
||||
b.AddUint16(extensionSupportedPoints)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.supportedPoints)
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.ticketSupported {
|
||||
// RFC 5077, Section 3.2
|
||||
b.AddUint16(extensionSessionTicket)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.sessionTicket)
|
||||
})
|
||||
}
|
||||
if len(m.supportedSignatureAlgorithms) > 0 {
|
||||
// RFC 5246, Section 7.4.1.4.1
|
||||
b.AddUint16(extensionSignatureAlgorithms)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, sigAlgo := range m.supportedSignatureAlgorithms {
|
||||
b.AddUint16(uint16(sigAlgo))
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.supportedSignatureAlgorithmsCert) > 0 {
|
||||
// RFC 8446, Section 4.2.3
|
||||
b.AddUint16(extensionSignatureAlgorithmsCert)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, sigAlgo := range m.supportedSignatureAlgorithmsCert {
|
||||
b.AddUint16(uint16(sigAlgo))
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.secureRenegotiationSupported {
|
||||
// RFC 5746, Section 3.2
|
||||
b.AddUint16(extensionRenegotiationInfo)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.secureRenegotiation)
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.alpnProtocols) > 0 {
|
||||
// RFC 7301, Section 3.1
|
||||
b.AddUint16(extensionALPN)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, proto := range m.alpnProtocols {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte(proto))
|
||||
})
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.scts {
|
||||
// RFC 6962, Section 3.3.1
|
||||
b.AddUint16(extensionSCT)
|
||||
b.AddUint16(0) // empty extension_data
|
||||
}
|
||||
if len(m.supportedVersions) > 0 {
|
||||
// RFC 8446, Section 4.2.1
|
||||
b.AddUint16(extensionSupportedVersions)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, vers := range m.supportedVersions {
|
||||
b.AddUint16(vers)
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.cookie) > 0 {
|
||||
// RFC 8446, Section 4.2.2
|
||||
b.AddUint16(extensionCookie)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.cookie)
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.keyShares) > 0 {
|
||||
// RFC 8446, Section 4.2.8
|
||||
b.AddUint16(extensionKeyShare)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, ks := range m.keyShares {
|
||||
b.AddUint16(uint16(ks.group))
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(ks.data)
|
||||
})
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.earlyData {
|
||||
// RFC 8446, Section 4.2.10
|
||||
b.AddUint16(extensionEarlyData)
|
||||
b.AddUint16(0) // empty extension_data
|
||||
}
|
||||
if len(m.pskModes) > 0 {
|
||||
// RFC 8446, Section 4.2.9
|
||||
b.AddUint16(extensionPSKModes)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.pskModes)
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.pskIdentities) > 0 { // pre_shared_key must be the last extension
|
||||
// RFC 8446, Section 4.2.11
|
||||
b.AddUint16(extensionPreSharedKey)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, psk := range m.pskIdentities {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(psk.label)
|
||||
})
|
||||
b.AddUint32(psk.obfuscatedTicketAge)
|
||||
}
|
||||
})
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, binder := range m.pskBinders {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(binder)
|
||||
})
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
extensionsPresent = len(b.BytesOrPanic()) > 2
|
||||
})
|
||||
|
||||
if !extensionsPresent {
|
||||
*b = bWithoutExtensions
|
||||
=======
|
||||
if len(extBytes) > 0 {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(extBytes)
|
||||
})
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
})
|
||||
|
||||
|
|
@ -515,15 +335,11 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) error {
|
|||
}
|
||||
m.pskBinders = pskBinders
|
||||
if m.raw != nil {
|
||||
<<<<<<< HEAD
|
||||
lenWithoutBinders := len(m.marshalWithoutBinders())
|
||||
=======
|
||||
helloBytes, err := m.marshalWithoutBinders()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
lenWithoutBinders := len(helloBytes)
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
b := cryptobyte.NewFixedBuilder(m.raw[:lenWithoutBinders])
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, binder := range m.pskBinders {
|
||||
|
|
@ -533,11 +349,7 @@ func (m *clientHelloMsg) updateBinders(pskBinders [][]byte) error {
|
|||
}
|
||||
})
|
||||
if out, err := b.Bytes(); err != nil || len(out) != len(m.raw) {
|
||||
<<<<<<< HEAD
|
||||
panic("tls: internal error: failed to update binders")
|
||||
=======
|
||||
return errors.New("tls: internal error: failed to update binders")
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -929,106 +741,10 @@ func (m *serverHelloMsg) marshal() ([]byte, error) {
|
|||
b.AddUint16(m.cipherSuite)
|
||||
b.AddUint8(m.compressionMethod)
|
||||
|
||||
<<<<<<< HEAD
|
||||
// If extensions aren't present, omit them.
|
||||
var extensionsPresent bool
|
||||
bWithoutExtensions := *b
|
||||
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
if m.ocspStapling {
|
||||
b.AddUint16(extensionStatusRequest)
|
||||
b.AddUint16(0) // empty extension_data
|
||||
}
|
||||
if m.ticketSupported {
|
||||
b.AddUint16(extensionSessionTicket)
|
||||
b.AddUint16(0) // empty extension_data
|
||||
}
|
||||
if m.secureRenegotiationSupported {
|
||||
b.AddUint16(extensionRenegotiationInfo)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.secureRenegotiation)
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.alpnProtocol) > 0 {
|
||||
b.AddUint16(extensionALPN)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes([]byte(m.alpnProtocol))
|
||||
})
|
||||
})
|
||||
})
|
||||
}
|
||||
if len(m.scts) > 0 {
|
||||
b.AddUint16(extensionSCT)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
for _, sct := range m.scts {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(sct)
|
||||
})
|
||||
}
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.supportedVersion != 0 {
|
||||
b.AddUint16(extensionSupportedVersions)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16(m.supportedVersion)
|
||||
})
|
||||
}
|
||||
if m.serverShare.group != 0 {
|
||||
b.AddUint16(extensionKeyShare)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16(uint16(m.serverShare.group))
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.serverShare.data)
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.selectedIdentityPresent {
|
||||
b.AddUint16(extensionPreSharedKey)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16(m.selectedIdentity)
|
||||
})
|
||||
}
|
||||
|
||||
if len(m.cookie) > 0 {
|
||||
b.AddUint16(extensionCookie)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.cookie)
|
||||
})
|
||||
})
|
||||
}
|
||||
if m.selectedGroup != 0 {
|
||||
b.AddUint16(extensionKeyShare)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint16(uint16(m.selectedGroup))
|
||||
})
|
||||
}
|
||||
if len(m.supportedPoints) > 0 {
|
||||
b.AddUint16(extensionSupportedPoints)
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(m.supportedPoints)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
extensionsPresent = len(b.BytesOrPanic()) > 2
|
||||
})
|
||||
|
||||
if !extensionsPresent {
|
||||
*b = bWithoutExtensions
|
||||
=======
|
||||
if len(extBytes) > 0 {
|
||||
b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
|
||||
b.AddBytes(extBytes)
|
||||
})
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
})
|
||||
|
||||
|
|
|
|||
|
|
@ -129,13 +129,9 @@ func (hs *serverHandshakeState) handshake() error {
|
|||
|
||||
// readClientHello reads a ClientHello message and selects the protocol version.
|
||||
func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
|
||||
<<<<<<< HEAD
|
||||
msg, err := c.readHandshake()
|
||||
=======
|
||||
// clientHelloMsg is included in the transcript, but we haven't initialized
|
||||
// it yet. The respective handshake functions will record it themselves.
|
||||
msg, err := c.readHandshake(nil)
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -670,17 +666,6 @@ func (hs *serverHandshakeState) doFullHandshake() error {
|
|||
c.sendAlert(alertIllegalParameter)
|
||||
return err
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
}
|
||||
|
||||
signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
|
||||
if err := verifyHandshakeSignature(sigType, pub, sigHash, signed, certVerify.signature); err != nil {
|
||||
c.sendAlert(alertDecryptError)
|
||||
return errors.New("tls: invalid signature by the client certificate: " + err.Error())
|
||||
}
|
||||
|
||||
hs.finishedHash.Write(certVerify.marshal())
|
||||
=======
|
||||
}
|
||||
|
||||
signed := hs.finishedHash.hashForClientCertificate(sigType, sigHash, hs.masterSecret)
|
||||
|
|
@ -692,7 +677,6 @@ func (hs *serverHandshakeState) doFullHandshake() error {
|
|||
if err := transcriptMsg(certVerify, &hs.finishedHash); err != nil {
|
||||
return err
|
||||
}
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
|
||||
hs.finishedHash.discardHandshakeBuffer()
|
||||
|
|
@ -732,14 +716,10 @@ func (hs *serverHandshakeState) readFinished(out []byte) error {
|
|||
return err
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
msg, err := c.readHandshake()
|
||||
=======
|
||||
// finishedMsg is included in the transcript, but not until after we
|
||||
// check the client version, since the state before this message was
|
||||
// sent is used during verification.
|
||||
msg, err := c.readHandshake(nil)
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -324,15 +324,10 @@ func TestTLSPointFormats(t *testing.T) {
|
|||
go func() {
|
||||
cli := Client(c, testConfig)
|
||||
cli.vers = clientHello.vers
|
||||
<<<<<<< HEAD
|
||||
cli.writeRecord(recordTypeHandshake, clientHello.marshal())
|
||||
reply, err := cli.readHandshake()
|
||||
=======
|
||||
if _, err := cli.writeHandshakeRecord(clientHello, nil); err != nil {
|
||||
testFatal(t, err)
|
||||
}
|
||||
reply, err := cli.readHandshake(nil)
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
c.Close()
|
||||
if err != nil {
|
||||
replyChan <- err
|
||||
|
|
|
|||
|
|
@ -767,11 +767,7 @@ func (hs *serverHandshakeStateTLS13) sendSessionTickets() error {
|
|||
// ticket_nonce, which must be unique per connection, is always left at
|
||||
// zero because we only ever send one ticket per connection.
|
||||
|
||||
<<<<<<< HEAD
|
||||
if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil {
|
||||
=======
|
||||
if _, err := c.writeHandshakeRecord(m, nil); err != nil {
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -319,11 +319,7 @@ func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHell
|
|||
}
|
||||
|
||||
if !isSupportedSignatureAlgorithm(signatureAlgorithm, clientHello.supportedSignatureAlgorithms) {
|
||||
<<<<<<< HEAD
|
||||
return fmt.Errorf("tls: certificate used with invalid signature algorithm -- ClientHello not advertising %04x", uint16(signatureAlgorithm))
|
||||
=======
|
||||
return errors.New("tls: certificate used with invalid signature algorithm")
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
sigType, sigHash, err = typeAndHashFromSignatureScheme(signatureAlgorithm)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -8,10 +8,7 @@ import (
|
|||
"crypto/elliptic"
|
||||
"crypto/hmac"
|
||||
"errors"
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
"fmt"
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
"hash"
|
||||
"io"
|
||||
"math/big"
|
||||
|
|
|
|||
|
|
@ -6,19 +6,12 @@ package tls
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
"internal/testenv"
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
<<<<<<< HEAD
|
||||
|
||||
"github.com/refraction-networking/utls/testenv"
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
)
|
||||
|
||||
// Tests that the linker is able to remove references to the Client or Server if unused.
|
||||
|
|
|
|||
10
notboring.go
10
notboring.go
|
|
@ -1,19 +1,12 @@
|
|||
// Copyright 2022 The Go Authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
<<<<<<< HEAD
|
||||
package tls
|
||||
|
||||
import (
|
||||
"crypto/cipher"
|
||||
"errors"
|
||||
)
|
||||
=======
|
||||
|
||||
//go:build !boringcrypto
|
||||
|
||||
package tls
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
|
||||
func needFIPS() bool { return false }
|
||||
|
||||
|
|
@ -27,7 +20,6 @@ func fipsCurvePreferences(c *Config) []CurveID { panic("fipsCurvePreferences") }
|
|||
func fipsCipherSuites(c *Config) []uint16 { panic("fipsCipherSuites") }
|
||||
|
||||
var fipsSupportedSignatureAlgorithms []SignatureScheme
|
||||
<<<<<<< HEAD
|
||||
|
||||
// [uTLS]
|
||||
// Boring struct is only to be used to record static env variables
|
||||
|
|
@ -45,5 +37,3 @@ func (*Boring) Unreachable() {
|
|||
}
|
||||
|
||||
var boring Boring
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
|
|
|
|||
|
|
@ -32,11 +32,7 @@ type sessionState struct {
|
|||
usedOldKey bool
|
||||
}
|
||||
|
||||
<<<<<<< HEAD
|
||||
func (m *sessionState) marshal() []byte {
|
||||
=======
|
||||
func (m *sessionState) marshal() ([]byte, error) {
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
var b cryptobyte.Builder
|
||||
b.AddUint16(m.vers)
|
||||
b.AddUint16(m.cipherSuite)
|
||||
|
|
@ -51,11 +47,7 @@ func (m *sessionState) marshal() ([]byte, error) {
|
|||
})
|
||||
}
|
||||
})
|
||||
<<<<<<< HEAD
|
||||
return b.BytesOrPanic()
|
||||
=======
|
||||
return b.Bytes()
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
}
|
||||
|
||||
func (m *sessionState) unmarshal(data []byte) bool {
|
||||
|
|
|
|||
|
|
@ -830,11 +830,8 @@ func TestCloneNonFuncFields(t *testing.T) {
|
|||
f.Set(reflect.ValueOf(RenegotiateOnceAsClient))
|
||||
case "mutex", "autoSessionTicketKeys", "sessionTicketKeys":
|
||||
continue // these are unexported fields that are handled separately
|
||||
<<<<<<< HEAD
|
||||
case "ApplicationSettings":
|
||||
f.Set(reflect.ValueOf(map[string][]byte{"a": {1}}))
|
||||
=======
|
||||
>>>>>>> crypto-tls-1-19-6
|
||||
default:
|
||||
t.Errorf("all fields must be accounted for, but saw unknown field %q", fn)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ const (
|
|||
|
||||
// TLS
|
||||
const (
|
||||
extensionNextProtoNeg uint16 = 13172 // not IANA assigned. Removed by crypto/tls since Nov 2019
|
||||
|
||||
utlsExtensionPadding uint16 = 21
|
||||
utlsExtensionExtendedMasterSecret uint16 = 23 // https://tools.ietf.org/html/rfc7627
|
||||
utlsExtensionCompressCertificate uint16 = 27 // https://datatracker.ietf.org/doc/html/rfc8879#section-7.1
|
||||
|
|
|
|||
|
|
@ -399,7 +399,10 @@ func (c *UConn) clientHandshake(ctx context.Context) (err error) {
|
|||
}
|
||||
// [uTLS section ends]
|
||||
|
||||
cacheKey, session, earlySecret, binderKey := c.loadSession(hello)
|
||||
cacheKey, session, earlySecret, binderKey, err := c.loadSession(hello)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if cacheKey != "" && session != nil {
|
||||
defer func() {
|
||||
// If we got a handshake failure when resuming a session, throw away
|
||||
|
|
@ -421,11 +424,11 @@ func (c *UConn) clientHandshake(ctx context.Context) (err error) {
|
|||
}
|
||||
}
|
||||
|
||||
if _, err := c.writeRecord(recordTypeHandshake, hello.marshal()); err != nil {
|
||||
if _, err := c.writeHandshakeRecord(hello, nil); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
msg, err := c.readHandshake()
|
||||
msg, err := c.readHandshake(nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,10 @@ func TestUTLSMarshalNoOp(t *testing.T) {
|
|||
t.Errorf("Got error: %s; expected to succeed", err)
|
||||
}
|
||||
msg.raw = []byte(str)
|
||||
marshalledHello := msg.marshal()
|
||||
marshalledHello, err := msg.marshal()
|
||||
if err != nil {
|
||||
t.Errorf("clientHelloMsg.marshal() returned error: %s", err.Error())
|
||||
}
|
||||
if strings.Compare(string(marshalledHello), str) != 0 {
|
||||
t.Errorf("clientHelloMsg.marshal() is not NOOP! Expected to get: %s, got: %s", str, string(marshalledHello))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,10 @@ func (hs *clientHandshakeStateTLS13) utlsReadServerCertificate(msg any) (process
|
|||
if len(hs.uconn.certCompressionAlgs) > 0 {
|
||||
compressedCertMsg, ok := msg.(*utlsCompressedCertificateMsg)
|
||||
if ok {
|
||||
hs.transcript.Write(compressedCertMsg.marshal())
|
||||
// hs.transcript.Write(compressedCertMsg.marshal()) // deprecated since Go 1.19.6
|
||||
if err = transcriptMsg(compressedCertMsg, hs.transcript); err != nil { // UTLSTODO: debug
|
||||
return nil, err
|
||||
}
|
||||
msg, err = hs.decompressCert(*compressedCertMsg)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("tls: failed to decompress certificate message: %w", err)
|
||||
|
|
@ -128,8 +131,9 @@ func (hs *clientHandshakeStateTLS13) sendClientEncryptedExtensions() error {
|
|||
if c.utls.hasApplicationSettings {
|
||||
clientEncryptedExtensions.hasApplicationSettings = true
|
||||
clientEncryptedExtensions.applicationSettings = c.utls.localApplicationSettings
|
||||
hs.transcript.Write(clientEncryptedExtensions.marshal())
|
||||
if _, err := c.writeRecord(recordTypeHandshake, clientEncryptedExtensions.marshal()); err != nil {
|
||||
// hs.transcript.Write(clientEncryptedExtensions.marshal()) // deprecated since Go 1.19.6
|
||||
// transcriptMsg(clientEncryptedExtensions, hs.transcript) // included in writeHandshakeRecord
|
||||
if _, err := c.writeHandshakeRecord(clientEncryptedExtensions, hs.transcript); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,9 +20,9 @@ type utlsCompressedCertificateMsg struct {
|
|||
compressedCertificateMessage []byte
|
||||
}
|
||||
|
||||
func (m *utlsCompressedCertificateMsg) marshal() []byte {
|
||||
func (m *utlsCompressedCertificateMsg) marshal() ([]byte, error) {
|
||||
if m.raw != nil {
|
||||
return m.raw
|
||||
return m.raw, nil
|
||||
}
|
||||
|
||||
var b cryptobyte.Builder
|
||||
|
|
@ -35,8 +35,9 @@ func (m *utlsCompressedCertificateMsg) marshal() []byte {
|
|||
})
|
||||
})
|
||||
|
||||
m.raw = b.BytesOrPanic()
|
||||
return m.raw
|
||||
var err error
|
||||
m.raw, err = b.Bytes()
|
||||
return m.raw, err
|
||||
}
|
||||
|
||||
func (m *utlsCompressedCertificateMsg) unmarshal(data []byte) bool {
|
||||
|
|
@ -74,9 +75,9 @@ type utlsClientEncryptedExtensionsMsg struct {
|
|||
customExtension []byte
|
||||
}
|
||||
|
||||
func (m *utlsClientEncryptedExtensionsMsg) marshal() (x []byte) {
|
||||
func (m *utlsClientEncryptedExtensionsMsg) marshal() (x []byte, err error) {
|
||||
if m.raw != nil {
|
||||
return m.raw
|
||||
return m.raw, nil
|
||||
}
|
||||
|
||||
var builder cryptobyte.Builder
|
||||
|
|
@ -98,8 +99,8 @@ func (m *utlsClientEncryptedExtensionsMsg) marshal() (x []byte) {
|
|||
})
|
||||
})
|
||||
|
||||
m.raw = builder.BytesOrPanic()
|
||||
return m.raw
|
||||
m.raw, err = builder.Bytes()
|
||||
return m.raw, err
|
||||
}
|
||||
|
||||
func (m *utlsClientEncryptedExtensionsMsg) unmarshal(data []byte) bool {
|
||||
|
|
|
|||
|
|
@ -434,7 +434,7 @@ func UnmarshalClientHello(data []byte) *PubClientHelloMsg {
|
|||
|
||||
// Marshal allows external code to convert a ClientHello object back into
|
||||
// raw bytes.
|
||||
func (chm *PubClientHelloMsg) Marshal() []byte {
|
||||
func (chm *PubClientHelloMsg) Marshal() ([]byte, error) {
|
||||
return chm.getPrivatePtr().marshal()
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue