mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-03 20:17:36 +03:00
Code Issues Projects Releases Packages Wiki Activity
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
457 commits 7 branches 42 tags 12 MiB
Find a file
Filippo Valsorda 245de0a13b crypto/tls: clarify group selection logic 
I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").

Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).

We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.

Fixes #65686

Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
2024-05-22 14:19:11 +00:00
fipsonly [dev.boringcrypto] all: add boringcrypto build tags 2022-04-29 14:23:22 +00:00
testdata crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
alert.go crypto/tls: support QUIC as a transport 2023-05-24 22:40:18 +00:00
auth.go [dev.boringcrypto] all: merge commit 9d0819b27c (CL 314609) into dev.boringcrypto 2021-05-13 12:59:22 -04:00
auth_test.go [dev.boringcrypto] all: merge master into dev.boringcrypto 2020-04-08 17:48:41 -04:00
badlinkname.go all: add push linknames to allow legacy pull linknames 2024-05-17 16:48:00 +00:00
bogo_config.json crypto/tls: add a bogo shim 2024-04-17 19:54:59 +00:00
bogo_shim_test.go crypto: replace encoding/binary in favour of internal/byteorder 2024-05-13 18:57:38 +00:00
boring.go Revert "crypto/internal/boring: upgrade module to fips-20220613" +1 2024-01-26 22:52:27 +00:00
boring_test.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
cache.go crypto/tls: use SessionState on the client side 2023-05-24 23:56:41 +00:00
cache_test.go crypto/tls: add a certificate cache implementation 2022-11-07 19:46:27 +00:00
cipher_suites.go Revert "crypto/internal/boring: upgrade module to fips-20220613" +1 2024-01-26 22:52:27 +00:00
common.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
common_string.go crypto/tls: add {SignatureScheme,CurveID,ClientAuthType}.String() 2020-03-11 20:02:18 +00:00
conn.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
conn_test.go crypto/tls: enforce 1.3 record version semantics 2023-05-24 21:35:01 +00:00
example_test.go all: make use of builtin clear 2024-03-27 18:23:49 +00:00
generate_cert.go crypto/tls: delete unnecessary line of return 2022-08-08 15:22:02 +00:00
handshake_client.go crypto/tls: don't call tlsrsakex.IncNonDefault with FIPS 2024-05-16 17:33:18 +00:00
handshake_client_test.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
handshake_client_tls13.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
handshake_messages.go crypto/tls: don't cache marshal'd bytes 2024-04-19 16:55:49 +00:00
handshake_messages_test.go crypto/tls: don't cache marshal'd bytes 2024-04-19 16:55:49 +00:00
handshake_server.go crypto/tls: don't call tlsrsakex.IncNonDefault with FIPS 2024-05-16 17:33:18 +00:00
handshake_server_test.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
handshake_server_tls13.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
handshake_test.go crypto/tls: clarify group selection logic 2024-05-22 14:19:11 +00:00
handshake_unix_test.go all: use new "unix" build tag where appropriate 2022-03-29 16:24:51 +00:00
key_agreement.go crypto/ecdh: move ECDH method to PrivateKey 2022-11-16 14:37:29 +00:00
key_schedule.go crypto/tls: add QUIC 0-RTT APIs 2023-05-25 00:13:28 +00:00
key_schedule_test.go crypto/tls: implement TLS 1.3 cryptographic computations 2018-11-02 21:54:52 +00:00
link_test.go all: use ":" for compiler generated symbols 2022-08-09 11:28:56 +00:00
notboring.go Revert "crypto/internal/boring: upgrade module to fips-20220613" +1 2024-01-26 22:52:27 +00:00
prf.go crypto/tls: disable ExportKeyingMaterial without EMS 2023-11-21 16:29:49 +00:00
prf_test.go crypto/tls: remove SSLv3 support 2019-08-27 22:24:05 +00:00
quic.go crypto: add available godoc link 2023-10-13 17:09:47 +00:00
quic_test.go crypto/tls: QUIC: fix panics when processing post-handshake messages 2023-08-25 17:57:53 +00:00
ticket.go crypto/tls,regexp: remove always-nil error results 2024-03-29 22:22:45 +00:00
ticket_test.go crypto/tls: avoid referencing potentially unused symbols in init 2023-05-26 15:24:38 +00:00
tls.go crypto: add available godoc link 2023-10-13 17:09:47 +00:00
tls_test.go crypto/tls: fix typo in comment 2024-02-26 21:34:41 +00:00