🚑 fix: code broken after merging

Signed-off-by: Gaukas Wang <i@gaukas.wang>

common.go

@@ -1084,7 +1084,7 @@ func (c *Config) time() time.Time {
 	return t()
 }
 
-var tlsrsakex = godebug.New("tlsrsakex")
+// var tlsrsakex = godebug.New("tlsrsakex") // [UTLS] unsupported
 
 func (c *Config) cipherSuites() []uint16 {
 	if needFIPS() {
@@ -1093,9 +1093,13 @@ func (c *Config) cipherSuites() []uint16 {
 	if c.CipherSuites != nil {
 		return c.CipherSuites
 	}
-	if tlsrsakex.Value() == "1" {
-		return defaultCipherSuitesWithRSAKex
-	}
+
+	// [uTLS SECTION BEGIN]
+	// Disable unsupported godebug package
+	// if tlsrsakex.Value() == "1" {
+	// 	return defaultCipherSuitesWithRSAKex
+	// }
+	// [uTLS SECTION END]
 	return defaultCipherSuites
 }
 
@@ -1111,7 +1115,7 @@ var supportedVersions = []uint16{
 const roleClient = true
 const roleServer = false
 
-var tls10server = godebug.New("tls10server")
+// var tls10server = godebug.New("tls10server") // [UTLS] unsupported
 
 func (c *Config) supportedVersions(isClient bool) []uint16 {
 	versions := make([]uint16, 0, len(supportedVersions))
@@ -1120,9 +1124,15 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
 			continue
 		}
 		if (c == nil || c.MinVersion == 0) && v < VersionTLS12 {
-			if isClient || tls10server.Value() != "1" {
+			// [uTLS SECTION BEGIN]
+			// Disable unsupported godebug package
+			// if isClient || tls10server.Value() != "1" {
+			// 	continue
+			// }
+			if isClient {
 				continue
 			}
+			// [uTLS SECTION END]
 		}
 		if c != nil && c.MinVersion != 0 && v < c.MinVersion {
 			continue

conn.go

@@ -1610,7 +1610,7 @@ func (c *Conn) ConnectionState() ConnectionState {
 	return c.connectionStateLocked()
 }
 
-var tlsunsafeekm = godebug.New("tlsunsafeekm")
+// var tlsunsafeekm = godebug.New("tlsunsafeekm") // [uTLS] unsupportted
 
 func (c *Conn) connectionStateLocked() ConnectionState {
 	var state ConnectionState
@@ -1636,10 +1636,13 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 		state.ekm = noEKMBecauseRenegotiation
 	} else if c.vers != VersionTLS13 && !c.extMasterSecret {
 		state.ekm = func(label string, context []byte, length int) ([]byte, error) {
-			if tlsunsafeekm.Value() == "1" {
-				tlsunsafeekm.IncNonDefault()
-				return c.ekm(label, context, length)
-			}
+			// [uTLS SECTION START]
+			// Disabling unsupported godebug package
+			// if tlsunsafeekm.Value() == "1" {
+			// 	tlsunsafeekm.IncNonDefault()
+			// 	return c.ekm(label, context, length)
+			// }
+			// [uTLS SECTION END]
 			return noEKMBecauseNoEMS(label, context, length)
 		}
 	} else {

handshake_client.go

@@ -19,7 +19,6 @@ import (
 	"hash"
 	"io"
 	"net"
-	"strconv"
 	"strings"
 	"time"
 
@@ -593,9 +592,12 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
 		return errors.New("tls: server chose an unconfigured cipher suite")
 	}
 
-	if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
-		tlsrsakex.IncNonDefault()
-	}
+	// [UTLS SECTION START]
+	// Disable unsupported godebug packages
+	// if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
+	// 	tlsrsakex.IncNonDefault()
+	// }
+	// [UTLS SECTION END]
 
 	hs.c.cipherSuite = hs.suite.id
 	return nil
@@ -1017,17 +1019,20 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error {
 // to verify the signatures of during a TLS handshake.
 const defaultMaxRSAKeySize = 8192
 
-var tlsmaxrsasize = godebug.New("tlsmaxrsasize")
+// var tlsmaxrsasize = godebug.New("tlsmaxrsasize") // [uTLS] unused
 
 func checkKeySize(n int) (max int, ok bool) {
-	if v := tlsmaxrsasize.Value(); v != "" {
-		if max, err := strconv.Atoi(v); err == nil {
-			if (n <= max) != (n <= defaultMaxRSAKeySize) {
-				tlsmaxrsasize.IncNonDefault()
-			}
-			return max, n <= max
-		}
-	}
+	// [uTLS SECTION START]
+	// Disable the unsupported godebug package
+	// if v := tlsmaxrsasize.Value(); v != "" {
+	// 	if max, err := strconv.Atoi(v); err == nil {
+	// 		if (n <= max) != (n <= defaultMaxRSAKeySize) {
+	// 			tlsmaxrsasize.IncNonDefault()
+	// 		}
+	// 		return max, n <= max
+	// 	}
+	// }
+	// [uTLS SECTION END]
 	return defaultMaxRSAKeySize, n <= defaultMaxRSAKeySize
 }
 

handshake_server.go

@@ -171,9 +171,12 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
 	c.in.version = c.vers
 	c.out.version = c.vers
 
-	if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
-		tls10server.IncNonDefault()
-	}
+	// [UTLS SECTION BEGIN]
+	// Disable unsupported godebug package
+	// if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
+	// 	tls10server.IncNonDefault()
+	// }
+	// [UTLS SECTION END]
 
 	return clientHello, nil
 }
@@ -373,9 +376,12 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
 	}
 	c.cipherSuite = hs.suite.id
 
-	if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
-		tlsrsakex.IncNonDefault()
-	}
+	// [UTLS SECTION BEGIN]
+	// Disable unsupported godebug package
+	// if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
+	// 	tlsrsakex.IncNonDefault()
+	// }
+	// [UTLS SECTION END]
 
 	for _, id := range hs.clientHello.cipherSuites {
 		if id == TLS_FALLBACK_SCSV {

handshake_server_tls13.go

@@ -276,27 +276,6 @@ GroupSelection:
 		}
 	}
 
-	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
-	if err != nil {
-		c.sendAlert(alertNoApplicationProtocol)
-		return err
-	}
-	c.clientProtocol = selectedProto
-
-	if c.quic != nil {
-		if hs.clientHello.quicTransportParameters == nil {
-			// RFC 9001 Section 8.2.
-			c.sendAlert(alertMissingExtension)
-			return errors.New("tls: client did not send a quic_transport_parameters extension")
-		}
-		c.quicSetTransportParameters(hs.clientHello.quicTransportParameters)
-	} else {
-		if hs.clientHello.quicTransportParameters != nil {
-			c.sendAlert(alertUnsupportedExtension)
-			return errors.New("tls: client sent an unexpected quic_transport_parameters extension")
-		}
-	}
-
 	c.serverName = hs.clientHello.serverName
 	return nil
 }

internal/boring/notboring.go

@@ -11,6 +11,10 @@ func NewGCMTLS(_ cipher.Block) (cipher.AEAD, error) {
 	return nil, errors.New("boring not implemented")
 }
 
+func NewGCMTLS13(_ cipher.Block) (cipher.AEAD, error) {
+	return nil, errors.New("boring not implemented")
+}
+
 func Unreachable() {
 	// do nothing
 }