mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
sync: merge changes from go 1.23.4
This commit is contained in:
Mingye Chen
commit
cefe226467
98 changed files with 8089 additions and 4530 deletions
|
|
@ -6,6 +6,7 @@ package tls
|
|||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"crypto/ed25519"
|
||||
"crypto/x509"
|
||||
"encoding/hex"
|
||||
|
|
@ -41,9 +42,11 @@ import (
|
|||
// reference connection will always change.
|
||||
|
||||
var (
|
||||
update = flag.Bool("update", false, "update golden files on failure")
|
||||
fast = flag.Bool("fast", false, "impose a quick, possibly flaky timeout on recorded tests")
|
||||
keyFile = flag.String("keylog", "", "destination file for KeyLogWriter")
|
||||
update = flag.Bool("update", false, "update golden files on failure")
|
||||
keyFile = flag.String("keylog", "", "destination file for KeyLogWriter")
|
||||
bogoMode = flag.Bool("bogo-mode", false, "Enabled bogo shim mode, ignore everything else")
|
||||
bogoFilter = flag.String("bogo-filter", "", "BoGo test filter")
|
||||
bogoLocalDir = flag.String("bogo-local-dir", "", "Local BoGo to use, instead of fetching from source")
|
||||
)
|
||||
|
||||
func runTestAndUpdateIfNeeded(t *testing.T, name string, run func(t *testing.T, update bool), wait bool) {
|
||||
|
|
@ -220,6 +223,76 @@ func parseTestData(r io.Reader) (flows [][]byte, err error) {
|
|||
return flows, nil
|
||||
}
|
||||
|
||||
// replayingConn is a net.Conn that replays flows recorded by recordingConn.
|
||||
type replayingConn struct {
|
||||
t testing.TB
|
||||
sync.Mutex
|
||||
flows [][]byte
|
||||
reading bool
|
||||
}
|
||||
|
||||
var _ net.Conn = (*replayingConn)(nil)
|
||||
|
||||
func (r *replayingConn) Read(b []byte) (n int, err error) {
|
||||
r.Lock()
|
||||
defer r.Unlock()
|
||||
|
||||
if !r.reading {
|
||||
r.t.Errorf("expected write, got read")
|
||||
return 0, fmt.Errorf("recording expected write, got read")
|
||||
}
|
||||
|
||||
n = copy(b, r.flows[0])
|
||||
r.flows[0] = r.flows[0][n:]
|
||||
if len(r.flows[0]) == 0 {
|
||||
r.flows = r.flows[1:]
|
||||
if len(r.flows) == 0 {
|
||||
return n, io.EOF
|
||||
} else {
|
||||
r.reading = false
|
||||
}
|
||||
}
|
||||
return n, nil
|
||||
}
|
||||
|
||||
func (r *replayingConn) Write(b []byte) (n int, err error) {
|
||||
r.Lock()
|
||||
defer r.Unlock()
|
||||
|
||||
if r.reading {
|
||||
r.t.Errorf("expected read, got write")
|
||||
return 0, fmt.Errorf("recording expected read, got write")
|
||||
}
|
||||
|
||||
if !bytes.HasPrefix(r.flows[0], b) {
|
||||
r.t.Errorf("write mismatch: expected %x, got %x", r.flows[0], b)
|
||||
return 0, fmt.Errorf("write mismatch")
|
||||
}
|
||||
r.flows[0] = r.flows[0][len(b):]
|
||||
if len(r.flows[0]) == 0 {
|
||||
r.flows = r.flows[1:]
|
||||
r.reading = true
|
||||
}
|
||||
return len(b), nil
|
||||
}
|
||||
|
||||
func (r *replayingConn) Close() error {
|
||||
r.Lock()
|
||||
defer r.Unlock()
|
||||
|
||||
if len(r.flows) > 0 {
|
||||
r.t.Errorf("closed with unfinished flows")
|
||||
return fmt.Errorf("unexpected close")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *replayingConn) LocalAddr() net.Addr { return nil }
|
||||
func (r *replayingConn) RemoteAddr() net.Addr { return nil }
|
||||
func (r *replayingConn) SetDeadline(t time.Time) error { return nil }
|
||||
func (r *replayingConn) SetReadDeadline(t time.Time) error { return nil }
|
||||
func (r *replayingConn) SetWriteDeadline(t time.Time) error { return nil }
|
||||
|
||||
// tempFile creates a temp file containing contents and returns its path.
|
||||
func tempFile(contents string) string {
|
||||
file, err := os.CreateTemp("", "go-tls-test")
|
||||
|
|
@ -294,6 +367,8 @@ Dialing:
|
|||
|
||||
case c2 := <-localListener.ch:
|
||||
if c2.RemoteAddr().String() == c1.LocalAddr().String() {
|
||||
t.Cleanup(func() { c1.Close() })
|
||||
t.Cleanup(func() { c2.Close() })
|
||||
return c1, c2
|
||||
}
|
||||
t.Logf("localPipe: unexpected connection: %v != %v", c2.RemoteAddr(), c1.LocalAddr())
|
||||
|
|
@ -310,10 +385,7 @@ Dialing:
|
|||
type zeroSource struct{}
|
||||
|
||||
func (zeroSource) Read(b []byte) (n int, err error) {
|
||||
for i := range b {
|
||||
b[i] = 0
|
||||
}
|
||||
|
||||
clear(b)
|
||||
return len(b), nil
|
||||
}
|
||||
|
||||
|
|
@ -329,7 +401,23 @@ func allCipherSuites() []uint16 {
|
|||
var testConfig *Config
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
flag.Usage = func() {
|
||||
fmt.Fprintf(flag.CommandLine.Output(), "Usage of %s:\n", os.Args)
|
||||
flag.PrintDefaults()
|
||||
if *bogoMode {
|
||||
os.Exit(89)
|
||||
}
|
||||
}
|
||||
|
||||
flag.Parse()
|
||||
|
||||
// [uTLS section begin]
|
||||
// if *bogoMode {
|
||||
// bogoShim()
|
||||
// os.Exit(0)
|
||||
// }
|
||||
// [uTLS section end]
|
||||
|
||||
os.Exit(runMain(m))
|
||||
}
|
||||
|
||||
|
|
@ -363,6 +451,7 @@ func runMain(m *testing.M) int {
|
|||
Certificates: make([]Certificate, 2),
|
||||
InsecureSkipVerify: true,
|
||||
CipherSuites: allCipherSuites(),
|
||||
CurvePreferences: []CurveID{X25519, CurveP256, CurveP384, CurveP521},
|
||||
MinVersion: VersionTLS10,
|
||||
MaxVersion: VersionTLS13,
|
||||
}
|
||||
|
|
@ -386,7 +475,7 @@ func runMain(m *testing.M) int {
|
|||
func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) {
|
||||
const sentinel = "SENTINEL\n"
|
||||
c, s := localPipe(t)
|
||||
errChan := make(chan error)
|
||||
errChan := make(chan error, 1)
|
||||
go func() {
|
||||
cli := Client(c, clientConfig)
|
||||
err := cli.Handshake()
|
||||
|
|
@ -395,7 +484,7 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
c.Close()
|
||||
return
|
||||
}
|
||||
defer cli.Close()
|
||||
defer func() { errChan <- nil }()
|
||||
clientState = cli.ConnectionState()
|
||||
buf, err := io.ReadAll(cli)
|
||||
if err != nil {
|
||||
|
|
@ -404,7 +493,10 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
if got := string(buf); got != sentinel {
|
||||
t.Errorf("read %q from TLS connection, but expected %q", got, sentinel)
|
||||
}
|
||||
errChan <- nil
|
||||
// We discard the error because after ReadAll returns the server must
|
||||
// have already closed the connection. Sending data (the closeNotify
|
||||
// alert) can cause a reset, that will make Close return an error.
|
||||
cli.Close()
|
||||
}()
|
||||
server := Server(s, serverConfig)
|
||||
err = server.Handshake()
|
||||
|
|
@ -416,11 +508,11 @@ func testHandshake(t *testing.T, clientConfig, serverConfig *Config) (serverStat
|
|||
if err := server.Close(); err != nil {
|
||||
t.Errorf("failed to call server.Close: %v", err)
|
||||
}
|
||||
err = <-errChan
|
||||
} else {
|
||||
err = fmt.Errorf("server: %v", err)
|
||||
s.Close()
|
||||
<-errChan
|
||||
}
|
||||
err = errors.Join(err, <-errChan)
|
||||
return
|
||||
}
|
||||
|
||||
|
|
@ -429,6 +521,15 @@ func fromHex(s string) []byte {
|
|||
return b
|
||||
}
|
||||
|
||||
// [uTLS] SECTION BEGIN
|
||||
// from go1.24
|
||||
// testTime is 2016-10-20T17:32:09.000Z, which is within the validity period of
|
||||
// [testRSACertificate], [testRSACertificateIssuer], [testRSA2048Certificate],
|
||||
// [testRSA2048CertificateIssuer], and [testECDSACertificate].
|
||||
var testTime = func() time.Time { return time.Unix(1476984729, 0) }
|
||||
|
||||
// [uTLS] SECTION END
|
||||
|
||||
var testRSACertificate = fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7")
|
||||
|
||||
var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue