TUN-8006: Update quic-go to latest upstream

vendor/github.com/quic-go/qtls-go1-20/handshake_server.go

@@ -39,8 +39,6 @@ type serverHandshakeState struct {
 
 // serverHandshake performs a TLS handshake as a server.
 func (c *Conn) serverHandshake(ctx context.Context) error {
-	c.setAlternativeRecordLayer()
-
 	clientHello, err := c.readClientHello(ctx)
 	if err != nil {
 		return err
@@ -53,12 +51,6 @@ func (c *Conn) serverHandshake(ctx context.Context) error {
 			clientHello: clientHello,
 		}
 		return hs.handshake()
-	} else if c.extraConfig.usesAlternativeRecordLayer() {
-		// This should already have been caught by the check that the ClientHello doesn't
-		// offer any (supported) versions older than TLS 1.3.
-		// Check again to make sure we can't be tricked into using an older version.
-		c.sendAlert(alertProtocolVersion)
-		return errors.New("tls: negotiated TLS < 1.3 when using QUIC")
 	}
 
 	hs := serverHandshakeState{
@@ -131,7 +123,6 @@ func (hs *serverHandshakeState) handshake() error {
 	c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random)
 	c.isHandshakeComplete.Store(true)
 
-	c.updateConnectionState()
 	return nil
 }
 
@@ -167,27 +158,6 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
 	if len(clientHello.supportedVersions) == 0 {
 		clientVersions = supportedVersionsFromMax(clientHello.vers)
 	}
-	if c.extraConfig.usesAlternativeRecordLayer() {
-		// In QUIC, the client MUST NOT offer any old TLS versions.
-		// Here, we can only check that none of the other supported versions of this library
-		// (TLS 1.0 - TLS 1.2) is offered. We don't check for any SSL versions here.
-		for _, ver := range clientVersions {
-			if ver == VersionTLS13 {
-				continue
-			}
-			for _, v := range supportedVersions {
-				if ver == v {
-					c.sendAlert(alertProtocolVersion)
-					return nil, fmt.Errorf("tls: client offered old TLS version %#x", ver)
-				}
-			}
-		}
-		// Make the config we're using allows us to use TLS 1.3.
-		if c.config.maxSupportedVersion(roleServer) < VersionTLS13 {
-			c.sendAlert(alertInternalError)
-			return nil, errors.New("tls: MaxVersion prevents QUIC from using TLS 1.3")
-		}
-	}
 	c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)
@@ -249,7 +219,7 @@ func (hs *serverHandshakeState) processClientHello() error {
 		c.serverName = hs.clientHello.serverName
 	}
 
-	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols)
+	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, false)
 	if err != nil {
 		c.sendAlert(alertNoApplicationProtocol)
 		return err
@@ -310,8 +280,12 @@ func (hs *serverHandshakeState) processClientHello() error {
 // negotiateALPN picks a shared ALPN protocol that both sides support in server
 // preference order. If ALPN is not configured or the peer doesn't support it,
 // it returns "" and no error.
-func negotiateALPN(serverProtos, clientProtos []string) (string, error) {
+func negotiateALPN(serverProtos, clientProtos []string, quic bool) (string, error) {
 	if len(serverProtos) == 0 || len(clientProtos) == 0 {
+		if quic && len(serverProtos) != 0 {
+			// RFC 9001, Section 8.1
+			return "", fmt.Errorf("tls: client did not request an application protocol")
+		}
 		return "", nil
 	}
 	var http11fallback bool
@@ -849,6 +823,10 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 			c.sendAlert(alertBadCertificate)
 			return errors.New("tls: failed to parse client certificate: " + err.Error())
 		}
+		if certs[i].PublicKeyAlgorithm == x509.RSA && certs[i].PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize {
+			c.sendAlert(alertBadCertificate)
+			return fmt.Errorf("tls: client sent certificate containing RSA key larger than %d bits", maxRSAKeySize)
+		}
 	}
 
 	if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) {