diff --git a/go.mod b/go.mod index 2986a704..e3d0117a 100644 --- a/go.mod +++ b/go.mod @@ -48,7 +48,7 @@ require ( github.com/hashicorp/golang-lru v0.5.4 github.com/mitchellh/panicwrap v1.0.0 github.com/op/go-logging v0.0.0-20160315200505-970db520ece7 - github.com/refraction-networking/utls v1.3.3 + github.com/refraction-networking/utls v1.6.7 github.com/refraction-networking/water v0.7.0-alpha github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726 github.com/spaolacci/murmur3 v1.1.0 @@ -83,13 +83,13 @@ require ( github.com/blang/vfs v1.0.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dchest/siphash v1.2.3 // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect github.com/dvyukov/go-fuzz v0.0.0-20210429054444-fca39067bc72 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/gaukas/godicttls v0.0.3 // indirect github.com/gaukas/wazerofs v0.1.0 // indirect github.com/getlantern/algeneva v0.0.0-20240222191137-2b4e88234f59 // indirect github.com/getlantern/bufconn v0.0.0-20190625204133-a08544339f8d // indirect diff --git a/go.sum b/go.sum index a0a22edc..f4ac4bf2 100644 --- a/go.sum +++ b/go.sum @@ -48,6 +48,8 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -74,8 +76,6 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/gaukas/godicttls v0.0.3 h1:YNDIf0d9adcxOijiLrEzpfZGAkNwLRzPaG6OjU7EITk= -github.com/gaukas/godicttls v0.0.3/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI= github.com/gaukas/wazerofs v0.1.0 h1:wIkW1bAxSnpaaVkQ5LOb1tm1BXdVap3eKjJpVWIqt2E= github.com/gaukas/wazerofs v0.1.0/go.mod h1:+JECB9Fwt0taPqSgHckG9lmT3tcoVK+9VJozTsq9UlI= github.com/getlantern/algeneva v0.0.0-20240222191137-2b4e88234f59 h1:uWNy0b1Wtpsd4n64Kat+fRjvPCBwM2Nykwt71LupJAQ= @@ -425,8 +425,8 @@ github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5 github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= github.com/quic-go/quic-go v0.40.0 h1:GYd1iznlKm7dpHD7pOVpUvItgMPo/jrMgDWZhMCecqw= github.com/quic-go/quic-go v0.40.0/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= -github.com/refraction-networking/utls v1.3.3 h1:f/TBLX7KBciRyFH3bwupp+CE4fzoYKCirhdRcC490sw= -github.com/refraction-networking/utls v1.3.3/go.mod h1:DlecWW1LMlMJu+9qpzzQqdHDT/C2LAe03EdpLUz/RL8= +github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM= +github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= github.com/refraction-networking/water v0.7.0-alpha h1:yLMAvIi0lHHD2mvwx63GLnptpjvnmBCWFvTHTWLykLk= github.com/refraction-networking/water v0.7.0-alpha/go.mod h1:VPQENA6E5+2V5RlX/yaBlTCKeFQ25j49DUc/pmmwkXE= github.com/refraction-networking/wazero v1.7.1-w h1:z7Ty5PsMkJEDBCsn3ELUjceQGBT0FMVGldOSpDK3giQ= diff --git a/tlslistener/clienthelloconn.go b/tlslistener/clienthelloconn.go index 60869cd6..68edd306 100644 --- a/tlslistener/clienthelloconn.go +++ b/tlslistener/clienthelloconn.go @@ -212,8 +212,8 @@ func (rrc *clientHelloRecordingConn) processHello(info *tls.ClientHelloInfo) (*t return rrc.helloError("ClientHello has no session ticket", true) } - plainText, _ := utls.DecryptTicketWith(helloMsg.SessionTicket, rrc.ticketKeys) - if len(plainText) == 0 { + sessionState, _ := rrc.utlsCfg.DecryptTicket(helloMsg.SessionTicket, utls.ConnectionState{}) + if sessionState == nil { return rrc.helloError("ClientHello has invalid session ticket", true) } diff --git a/tlslistener/clienthelloconn_test.go b/tlslistener/clienthelloconn_test.go index 4f6d1dae..9181a434 100644 --- a/tlslistener/clienthelloconn_test.go +++ b/tlslistener/clienthelloconn_test.go @@ -174,6 +174,10 @@ func TestParseInvalidTicket(t *testing.T) { rand.Read(tk[:]) ticket := make([]byte, 120) rand.Read(ticket) - plainText, _ := utls.DecryptTicketWith(ticket, utls.TicketKeys{utls.TicketKeyFromBytes(tk)}) - require.Len(t, plainText, 0) + + utlsConfig := &utls.Config{} + utlsConfig.SetSessionTicketKeys([][32]byte{tk}) + uss, err := utlsConfig.DecryptTicket(ticket, utls.ConnectionState{}) + require.NoError(t, err) + require.Nil(t, uss) }