mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
🔀 update: Merge 'upstream:release-branch.go1.22'
Merge upstream using a real merge commit. Signed-off-by: Gaukas Wang <i@gaukas.wang>
This commit is contained in:
Gaukas Wang
commit
bd8fe35ca1
19 changed files with 1075 additions and 120 deletions
|
|
@ -48,7 +48,7 @@ var (
|
|||
|
||||
// CipherSuites returns a list of cipher suites currently implemented by this
|
||||
// package, excluding those with security issues, which are returned by
|
||||
// InsecureCipherSuites.
|
||||
// [InsecureCipherSuites].
|
||||
//
|
||||
// The list is sorted by ID. Note that the default cipher suites selected by
|
||||
// this package might depend on logic that can't be captured by a static list,
|
||||
|
|
@ -81,14 +81,18 @@ func CipherSuites() []*CipherSuite {
|
|||
// this package and which have security issues.
|
||||
//
|
||||
// Most applications should not use the cipher suites in this list, and should
|
||||
// only use those returned by CipherSuites.
|
||||
// only use those returned by [CipherSuites].
|
||||
func InsecureCipherSuites() []*CipherSuite {
|
||||
// This list includes RC4, CBC_SHA256, and 3DES cipher suites. See
|
||||
// cipherSuitesPreferenceOrder for details.
|
||||
return []*CipherSuite{
|
||||
{TLS_RSA_WITH_RC4_128_SHA, "TLS_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
||||
{TLS_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, true},
|
||||
{TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_128_CBC_SHA", supportedUpToTLS12, true},
|
||||
{TLS_RSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA", supportedUpToTLS12, true},
|
||||
{TLS_RSA_WITH_AES_128_CBC_SHA256, "TLS_RSA_WITH_AES_128_CBC_SHA256", supportedOnlyTLS12, true},
|
||||
{TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_128_GCM_SHA256", supportedOnlyTLS12, true},
|
||||
{TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_256_GCM_SHA384", supportedOnlyTLS12, true},
|
||||
{TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
||||
{TLS_ECDHE_RSA_WITH_RC4_128_SHA, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", supportedUpToTLS12, true},
|
||||
{TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", supportedUpToTLS12, true},
|
||||
|
|
@ -325,22 +329,47 @@ var cipherSuitesPreferenceOrderNoAES = []uint16{
|
|||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
}
|
||||
|
||||
// disabledCipherSuites are not used unless explicitly listed in
|
||||
// Config.CipherSuites. They MUST be at the end of cipherSuitesPreferenceOrder.
|
||||
var disabledCipherSuites = []uint16{
|
||||
// disabledCipherSuites are not used unless explicitly listed in Config.CipherSuites.
|
||||
var disabledCipherSuites = map[uint16]bool{
|
||||
// CBC_SHA256
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: true,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: true,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256: true,
|
||||
|
||||
// RC4
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: true,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA: true,
|
||||
TLS_RSA_WITH_RC4_128_SHA: true,
|
||||
}
|
||||
|
||||
var (
|
||||
defaultCipherSuitesLen = len(cipherSuitesPreferenceOrder) - len(disabledCipherSuites)
|
||||
defaultCipherSuites = cipherSuitesPreferenceOrder[:defaultCipherSuitesLen]
|
||||
)
|
||||
// rsaKexCiphers contains the ciphers which use RSA based key exchange,
|
||||
// which we also disable by default unless a GODEBUG is set.
|
||||
var rsaKexCiphers = map[uint16]bool{
|
||||
TLS_RSA_WITH_RC4_128_SHA: true,
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA: true,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA: true,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA: true,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256: true,
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256: true,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384: true,
|
||||
}
|
||||
|
||||
var defaultCipherSuites []uint16
|
||||
var defaultCipherSuitesWithRSAKex []uint16
|
||||
|
||||
func init() {
|
||||
defaultCipherSuites = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
|
||||
defaultCipherSuitesWithRSAKex = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
|
||||
for _, c := range cipherSuitesPreferenceOrder {
|
||||
if disabledCipherSuites[c] {
|
||||
continue
|
||||
}
|
||||
if !rsaKexCiphers[c] {
|
||||
defaultCipherSuites = append(defaultCipherSuites, c)
|
||||
}
|
||||
defaultCipherSuitesWithRSAKex = append(defaultCipherSuitesWithRSAKex, c)
|
||||
}
|
||||
}
|
||||
|
||||
// defaultCipherSuitesTLS13 is also the preference order, since there are no
|
||||
// disabled by default TLS 1.3 cipher suites. The same AES vs ChaCha20 logic as
|
||||
|
|
@ -535,7 +564,13 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead {
|
|||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
aead, err := cipher.NewGCM(aes)
|
||||
var aead cipher.AEAD
|
||||
if boring.Enabled {
|
||||
aead, err = boring.NewGCMTLS13(aes)
|
||||
} else {
|
||||
boring.Unreachable()
|
||||
aead, err = cipher.NewGCM(aes)
|
||||
}
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue