hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-29 12:30:04 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

TUN-4961: Update quic-go to latest

Browse Source 
- Updates fips-go to be the latest on cfsetup.yaml
- Updates sumtype's x/tools to be latest to avoid Internal: nil pkg
  errors with fips.
This commit is contained in:
Sudarsan Reddy
2021-08-27 12:26:00 +01:00
parent d0a1daac3b
commit 414cb12f02
585 changed files with 61873 additions and 6255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
vendor/github.com/marten-seemann/qtls-go1-16/key_agreement.go generated vendored
View File

@@ -67,7 +67,11 @@ func (ka rsaKeyAgreement) generateClientKeyExchange(config *config, clientHello
return nil, nil, err
}
encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret)
rsaKey, ok := cert.PublicKey.(*rsa.PublicKey)
if !ok {
return nil, nil, errors.New("tls: server certificate contains incorrect key type for selected ciphersuite")
}
encrypted, err := rsa.EncryptPKCS1v15(config.rand(), rsaKey, preMasterSecret)
if err != nil {
return nil, nil, err
}

29
vendor/github.com/marten-seemann/qtls-go1-16/key_schedule.go generated vendored
View File

@@ -5,7 +5,6 @@
package qtls
import (
"crypto"
"crypto/elliptic"
"crypto/hmac"
"errors"
@@ -32,20 +31,8 @@ const (
trafficUpdateLabel = "traffic upd"
)
// HkdfExtract generates a pseudorandom key for use with Expand from an input secret and an optional independent salt.
func HkdfExtract(hash crypto.Hash, newSecret, currentSecret []byte) []byte {
if newSecret == nil {
newSecret = make([]byte, hash.Size())
}
return hkdf.Extract(hash.New, newSecret, currentSecret)
}
// HkdfExpandLabel HKDF expands a label
func HkdfExpandLabel(hash crypto.Hash, secret, hashValue []byte, label string, L int) []byte {
return hkdfExpandLabel(hash, secret, hashValue, label, L)
}
func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, length int) []byte {
// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []byte, length int) []byte {
var hkdfLabel cryptobyte.Builder
hkdfLabel.AddUint16(uint16(length))
hkdfLabel.AddUint8LengthPrefixed(func(b *cryptobyte.Builder) {
@@ -56,18 +43,13 @@ func hkdfExpandLabel(hash crypto.Hash, secret, context []byte, label string, len
b.AddBytes(context)
})
out := make([]byte, length)
n, err := hkdf.Expand(hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out)
n, err := hkdf.Expand(c.hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out)
if err != nil || n != length {
panic("tls: HKDF-Expand-Label invocation failed unexpectedly")
}
return out
}
// expandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1.
func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []byte, length int) []byte {
return hkdfExpandLabel(c.hash, secret, context, label, length)
}
// deriveSecret implements Derive-Secret from RFC 8446, Section 7.1.
func (c *cipherSuiteTLS13) deriveSecret(secret []byte, label string, transcript hash.Hash) []byte {
if transcript == nil {
@@ -78,7 +60,10 @@ func (c *cipherSuiteTLS13) deriveSecret(secret []byte, label string, transcript
// extract implements HKDF-Extract with the cipher suite hash.
func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte {
return HkdfExtract(c.hash, newSecret, currentSecret)
if newSecret == nil {
newSecret = make([]byte, c.hash.Size())
}
return hkdf.Extract(c.hash.New, newSecret, currentSecret)
}
// nextTrafficSecret generates the next traffic secret, given the current one,