improvement: maintenance+cleanup+fix (#252)

* ci: use latest Go 1.21 build

Use `1.21.x` instead of `1.21.0` to automatically select the latest.

* fix: remove unused fipsonly package

Remove an unused package that was unintendedly introduced as a conditional dependency of upstream

* update: use boring package not global var

Align with the upstream to use `boring` as a name for a package. No functional changes.

* new: name aliasing

Create u_alias.go to hold any alias names created by version upgrades or other necessary changes (e.g., upstream breaking change) to prevent further breaking the API.

.github/workflows/go.yml

@@ -15,7 +15,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [ "ubuntu-latest", "windows-latest", "macos-latest" ]
-        go: [ "1.20.x", "1.21.0" ]
+        go: [ "1.20.x", "1.21.x" ]
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@v3

cipher_suites.go

@@ -19,6 +19,7 @@ import (
 	"hash"
 	"runtime"
 
+	"github.com/refraction-networking/utls/internal/boring"
 	"golang.org/x/sys/cpu"
 
 	"golang.org/x/crypto/chacha20poly1305"

fipsonly/fipsonly.go

@@ -1,29 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build boringcrypto
-
-// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
-//
-// The effect is triggered by importing the package anywhere in a program, as in:
-//
-//	import _ "crypto/tls/fipsonly"
-//
-// This package only exists when using Go compiled with GOEXPERIMENT=boringcrypto.
-package fipsonly
-
-// This functionality is provided as a side effect of an import to make
-// it trivial to add to an existing program. It requires only a single line
-// added to an existing source file, or it can be done by adding a whole
-// new source file and not modifying any existing source files.
-
-import (
-	"crypto/internal/boring/fipstls"
-	"crypto/internal/boring/sig"
-)
-
-func init() {
-	fipstls.Force()
-	sig.FIPSOnly()
-}

fipsonly/fipsonly_test.go

@@ -1,18 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build boringcrypto
-
-package fipsonly
-
-import (
-	"crypto/internal/boring/fipstls"
-	"testing"
-)
-
-func Test(t *testing.T) {
-	if !fipstls.Required() {
-		t.Fatal("fipstls.Required() = false, must be true")
-	}
-}

internal/boring/notboring.go

@@ -0,0 +1,16 @@
+package boring
+
+import (
+	"crypto/cipher"
+	"errors"
+)
+
+const Enabled bool = false
+
+func NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) {
+	return nil, errors.New("boring not implemented")
+}
+
+func Unreachable() {
+	// do nothing
+}

notboring.go

@@ -3,11 +3,6 @@
 // license that can be found in the LICENSE file.
 package tls
 
-import (
-	"crypto/cipher"
-	"errors"
-)
-
 func needFIPS() bool { return false }
 
 func supportedSignatureAlgorithms() []SignatureScheme {
@@ -20,20 +15,3 @@ func fipsCurvePreferences(c *Config) []CurveID { panic("fipsCurvePreferences") }
 func fipsCipherSuites(c *Config) []uint16      { panic("fipsCipherSuites") }
 
 var fipsSupportedSignatureAlgorithms []SignatureScheme
-
-// [uTLS]
-// Boring struct is only to be used to record static env variables
-// in boring package. We do not implement BoringSSL compatibliity here.
-type Boring struct {
-	Enabled bool
-}
-
-func (*Boring) NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) {
-	return nil, errors.New("boring not implemented")
-}
-
-func (*Boring) Unreachable() {
-	// do nothing
-}
-
-var boring Boring

u_alias.go

@@ -0,0 +1,12 @@
+package tls
+
+// This file contains all the alias functions, symbols, names, etc. that
+// was once used in the old version of the library.  This is to ensure
+// backwards compatibility with the old version of the library.
+
+// TLS Extensions
+
+// UtlsExtendedMasterSecretExtension is an alias for ExtendedMasterSecretExtension.
+//
+// Deprecated: Use ExtendedMasterSecretExtension instead.
+type UtlsExtendedMasterSecretExtension = ExtendedMasterSecretExtension