🚑 fix: code broken after merging (5796f973) · Commits · shelikhoo / Utls Temporary

common.go

+16 −6

Original line number	Diff line number	Diff line
		@@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time {
		return t()
		}

		var tlsrsakex = godebug.New("tlsrsakex")
		// var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported

		func (c *Config) cipherSuites() []uint16 {
		if needFIPS() {
		@@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 {
		if c.CipherSuites != nil {
		return c.CipherSuites
		}
		if tlsrsakex.Value() == "1" {
		return defaultCipherSuitesWithRSAKex
		}

		// [uTLS SECTION BEGIN]
		// Disable unsupported godebug package
		// if tlsrsakex.Value() == "1" {
		// return defaultCipherSuitesWithRSAKex
		// }
		// [uTLS SECTION END]
		return defaultCipherSuites
		}

		@@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{
		const roleClient = true
		const roleServer = false

		var tls10server = godebug.New("tls10server")
		// var tls10server = godebug.New("tls10server") // [UTLS] unsupported

		func (c *Config) supportedVersions(isClient bool) []uint16 {
		versions := make([]uint16, 0, len(supportedVersions))
		@@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
		continue
		}
		if (c == nil \|\| c.MinVersion == 0) && v < VersionTLS12 {
		if isClient \|\| tls10server.Value() != "1" {
		// [uTLS SECTION BEGIN]
		// Disable unsupported godebug package
		// if isClient \|\| tls10server.Value() != "1" {
		// continue
		// }
		if isClient {
		continue
		}
		// [uTLS SECTION END]
		}
		if c != nil && c.MinVersion != 0 && v < c.MinVersion {
		continue

+8 −5

Original line number	Diff line number	Diff line
		@@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState {
		return c.connectionStateLocked()
		}

		var tlsunsafeekm = godebug.New("tlsunsafeekm")
		// var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted

		func (c *Conn) connectionStateLocked() ConnectionState {
		var state ConnectionState
		@@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState {
		state.ekm = noEKMBecauseRenegotiation
		} else if c.vers != VersionTLS13 && !c.extMasterSecret {
		state.ekm = func(label string, context []byte, length int) ([]byte, error) {
		if tlsunsafeekm.Value() == "1" {
		tlsunsafeekm.IncNonDefault()
		return c.ekm(label, context, length)
		}
		// [uTLS SECTION START]
		// Disabling unsupported godebug package
		// if tlsunsafeekm.Value() == "1" {
		// tlsunsafeekm.IncNonDefault()
		// return c.ekm(label, context, length)
		// }
		// [uTLS SECTION END]
		return noEKMBecauseNoEMS(label, context, length)
		}
		} else {

+18 −13

Original line number	Diff line number	Diff line
		@@ -19,7 +19,6 @@ import (
		"hash"
		"io"
		"net"
		"strconv"
		"strings"
		"time"

		@@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
		return errors.New("tls: server chose an unconfigured cipher suite")
		}

		if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
		tlsrsakex.IncNonDefault()
		}
		// [UTLS SECTION START]
		// Disable unsupported godebug packages
		// if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
		// tlsrsakex.IncNonDefault()
		// }
		// [UTLS SECTION END]

		hs.c.cipherSuite = hs.suite.id
		return nil
		@@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error {
		// to verify the signatures of during a TLS handshake.
		const defaultMaxRSAKeySize = 8192

		var tlsmaxrsasize = godebug.New("tlsmaxrsasize")
		// var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused

		func checkKeySize(n int) (max int, ok bool) {
		if v := tlsmaxrsasize.Value(); v != "" {
		if max, err := strconv.Atoi(v); err == nil {
		if (n <= max) != (n <= defaultMaxRSAKeySize) {
		tlsmaxrsasize.IncNonDefault()
		}
		return max, n <= max
		}
		}
		// [uTLS SECTION START]
		// Disable the unsupported godebug package
		// if v := tlsmaxrsasize.Value(); v != "" {
		// if max, err := strconv.Atoi(v); err == nil {
		// if (n <= max) != (n <= defaultMaxRSAKeySize) {
		// tlsmaxrsasize.IncNonDefault()
		// }
		// return max, n <= max
		// }
		// }
		// [uTLS SECTION END]
		return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize
		}

+12 −6

Original line number	Diff line number	Diff line
		@@ -171,9 +171,12 @@ func (c Conn) readClientHello(ctx context.Context) (clientHelloMsg, error) {
		c.in.version = c.vers
		c.out.version = c.vers

		if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
		tls10server.IncNonDefault()
		}
		// [UTLS SECTION BEGIN]
		// Disable unsupported godebug package
		// if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
		// tls10server.IncNonDefault()
		// }
		// [UTLS SECTION END]

		return clientHello, nil
		}
		@@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
		}
		c.cipherSuite = hs.suite.id

		if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
		tlsrsakex.IncNonDefault()
		}
		// [UTLS SECTION BEGIN]
		// Disable unsupported godebug package
		// if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
		// tlsrsakex.IncNonDefault()
		// }
		// [UTLS SECTION END]

		for _, id := range hs.clientHello.cipherSuites {
		if id == TLS_FALLBACK_SCSV {

+0 −21

Original line number	Diff line number	Diff line
		@@ -276,27 +276,6 @@ GroupSelection:
		}
		}

		selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
		if err != nil {
		c.sendAlert(alertNoApplicationProtocol)
		return err
		}
		c.clientProtocol = selectedProto

		if c.quic != nil {
		if hs.clientHello.quicTransportParameters == nil {
		// RFC 9001 Section 8.2.
		c.sendAlert(alertMissingExtension)
		return errors.New("tls: client did not send a quic_transport_parameters extension")
		}
		c.quicSetTransportParameters(hs.clientHello.quicTransportParameters)
		} else {
		if hs.clientHello.quicTransportParameters != nil {
		c.sendAlert(alertUnsupportedExtension)
		return errors.New("tls: client sent an unexpected quic_transport_parameters extension")
		}
		}

		c.serverName = hs.clientHello.serverName
		return nil
		}