mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

sync: merge changes from go 1.23.4

Browse source
This commit is contained in:
Mingye Chen 2025-01-07 15:55:09 -07:00
commit cefe226467
98 changed files with 8089 additions and 4530 deletions
Download patch file Download diff file Expand all files Collapse all files

25
handshake_server.go
View file

@ -18,6 +18,8 @@ import (
"io"
"time"
"github.com/refraction-networking/utls/internal/byteorder"
circlSign "github.com/cloudflare/circl/sign"
)
@ -174,6 +176,7 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
// [UTLS SECTION BEGIN]
// Disable unsupported godebug package
// if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
// tls10server.Value() // ensure godebug is initialized
// tls10server.IncNonDefault()
// }
// [UTLS SECTION END]
@ -252,7 +255,7 @@ func (hs *serverHandshakeState) processClientHello() error {
hs.hello.scts = hs.cert.SignedCertificateTimestamps
}
hs.ecdheOk = supportsECDHE(c.config, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
hs.ecdheOk = supportsECDHE(c.config, c.vers, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
if hs.ecdheOk && len(hs.clientHello.supportedPoints) > 0 {
// Although omitting the ec_point_formats extension is permitted, some
@ -323,10 +326,10 @@ func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, erro
// supportsECDHE returns whether ECDHE key exchanges can be used with this
// pre-TLS 1.3 client.
func supportsECDHE(c *Config, supportedCurves []CurveID, supportedPoints []uint8) bool {
func supportsECDHE(c *Config, version uint16, supportedCurves []CurveID, supportedPoints []uint8) bool {
supportsCurve := false
for _, curve := range supportedCurves {
if c.supportsCurve(curve) {
if c.supportsCurve(version, curve) {
supportsCurve = true
break
}
@ -378,9 +381,14 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
// [UTLS SECTION BEGIN]
// Disable unsupported godebug package
// if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
// if c.config.CipherSuites == nil && !needFIPS() && rsaKexCiphers[hs.suite.id] {
// tlsrsakex.Value() // ensure godebug is initialized
// tlsrsakex.IncNonDefault()
// }
// if c.config.CipherSuites == nil && !needFIPS() && tdesCiphers[hs.suite.id] {
// tls3des.Value() // ensure godebug is initialized
// tls3des.IncNonDefault()
// }
// [UTLS SECTION END]
for _, id := range hs.clientHello.cipherSuites {
@ -594,6 +602,9 @@ func (hs *serverHandshakeState) doFullHandshake() error {
return err
}
if skx != nil {
if len(skx.key) >= 3 && skx.key[0] == 3 /* named curve */ {
c.curveID = CurveID(byteorder.BeUint16(skx.key[1:]))
}
if _, err := hs.c.writeHandshakeRecord(skx, &hs.finishedHash); err != nil {
return err
}
@ -822,10 +833,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
c := hs.c
m := new(newSessionTicketMsg)
state, err := c.sessionState()
if err != nil {
return err
}
state := c.sessionState()
state.secret = hs.masterSecret
if hs.sessionState != nil {
// If this is re-wrapping an old key, then keep
@ -833,6 +841,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
state.createdAt = hs.sessionState.createdAt
}
if c.config.WrapSession != nil {
var err error
m.ticket, err = c.config.WrapSession(c.connectionStateLocked(), state)
if err != nil {
return err