From e89d82cd6912f53e553d3e984d2ecf97c26355c0 Mon Sep 17 00:00:00 2001 From: Gaukas Wang Date: Mon, 9 Oct 2023 21:02:26 -0600 Subject: [PATCH] improvement: maintenance+cleanup+fix (#252) * ci: use latest Go 1.21 build Use `1.21.x` instead of `1.21.0` to automatically select the latest. * fix: remove unused fipsonly package Remove an unused package that was unintendedly introduced as a conditional dependency of upstream * update: use boring package not global var Align with the upstream to use `boring` as a name for a package. No functional changes. * new: name aliasing Create u_alias.go to hold any alias names created by version upgrades or other necessary changes (e.g., upstream breaking change) to prevent further breaking the API. --- .github/workflows/go.yml | 2 +- cipher_suites.go | 1 + fipsonly/fipsonly.go | 29 ----------------------------- fipsonly/fipsonly_test.go | 18 ------------------ internal/boring/notboring.go | 16 ++++++++++++++++ notboring.go | 22 ---------------------- u_alias.go | 12 ++++++++++++ 7 files changed, 30 insertions(+), 70 deletions(-) delete mode 100644 fipsonly/fipsonly.go delete mode 100644 fipsonly/fipsonly_test.go create mode 100644 internal/boring/notboring.go create mode 100644 u_alias.go diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 76c0282..8f62eb9 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -15,7 +15,7 @@ jobs: fail-fast: false matrix: os: [ "ubuntu-latest", "windows-latest", "macos-latest" ] - go: [ "1.20.x", "1.21.0" ] + go: [ "1.20.x", "1.21.x" ] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 diff --git a/cipher_suites.go b/cipher_suites.go index 31d3280..6a7e7fc 100644 --- a/cipher_suites.go +++ b/cipher_suites.go @@ -19,6 +19,7 @@ import ( "hash" "runtime" + "github.com/refraction-networking/utls/internal/boring" "golang.org/x/sys/cpu" "golang.org/x/crypto/chacha20poly1305" diff --git a/fipsonly/fipsonly.go b/fipsonly/fipsonly.go deleted file mode 100644 index e5e4783..0000000 --- a/fipsonly/fipsonly.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build boringcrypto - -// Package fipsonly restricts all TLS configuration to FIPS-approved settings. -// -// The effect is triggered by importing the package anywhere in a program, as in: -// -// import _ "crypto/tls/fipsonly" -// -// This package only exists when using Go compiled with GOEXPERIMENT=boringcrypto. -package fipsonly - -// This functionality is provided as a side effect of an import to make -// it trivial to add to an existing program. It requires only a single line -// added to an existing source file, or it can be done by adding a whole -// new source file and not modifying any existing source files. - -import ( - "crypto/internal/boring/fipstls" - "crypto/internal/boring/sig" -) - -func init() { - fipstls.Force() - sig.FIPSOnly() -} diff --git a/fipsonly/fipsonly_test.go b/fipsonly/fipsonly_test.go deleted file mode 100644 index f8485dc..0000000 --- a/fipsonly/fipsonly_test.go +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build boringcrypto - -package fipsonly - -import ( - "crypto/internal/boring/fipstls" - "testing" -) - -func Test(t *testing.T) { - if !fipstls.Required() { - t.Fatal("fipstls.Required() = false, must be true") - } -} diff --git a/internal/boring/notboring.go b/internal/boring/notboring.go new file mode 100644 index 0000000..ebc2fd5 --- /dev/null +++ b/internal/boring/notboring.go @@ -0,0 +1,16 @@ +package boring + +import ( + "crypto/cipher" + "errors" +) + +const Enabled bool = false + +func NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) { + return nil, errors.New("boring not implemented") +} + +func Unreachable() { + // do nothing +} diff --git a/notboring.go b/notboring.go index 4384069..bb8f61c 100644 --- a/notboring.go +++ b/notboring.go @@ -3,11 +3,6 @@ // license that can be found in the LICENSE file. package tls -import ( - "crypto/cipher" - "errors" -) - func needFIPS() bool { return false } func supportedSignatureAlgorithms() []SignatureScheme { @@ -20,20 +15,3 @@ func fipsCurvePreferences(c *Config) []CurveID { panic("fipsCurvePreferences") } func fipsCipherSuites(c *Config) []uint16 { panic("fipsCipherSuites") } var fipsSupportedSignatureAlgorithms []SignatureScheme - -// [uTLS] -// Boring struct is only to be used to record static env variables -// in boring package. We do not implement BoringSSL compatibliity here. -type Boring struct { - Enabled bool -} - -func (*Boring) NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) { - return nil, errors.New("boring not implemented") -} - -func (*Boring) Unreachable() { - // do nothing -} - -var boring Boring diff --git a/u_alias.go b/u_alias.go new file mode 100644 index 0000000..af579c2 --- /dev/null +++ b/u_alias.go @@ -0,0 +1,12 @@ +package tls + +// This file contains all the alias functions, symbols, names, etc. that +// was once used in the old version of the library. This is to ensure +// backwards compatibility with the old version of the library. + +// TLS Extensions + +// UtlsExtendedMasterSecretExtension is an alias for ExtendedMasterSecretExtension. +// +// Deprecated: Use ExtendedMasterSecretExtension instead. +type UtlsExtendedMasterSecretExtension = ExtendedMasterSecretExtension