Update deps

2025-04-04 21:57:44 +03:00 · 2023-08-07 17:32:25 +02:00 · 2023-08-07 17:32:25 +02:00 · 894d20191f
commit 894d20191f
parent 0a98be94a7
49 changed files with 482 additions and 159 deletions
--- a/vendor/github.com/quic-go/qtls-go1-20/handshake_client.go
+++ b/vendor/github.com/quic-go/qtls-go1-20/handshake_client.go
@ -945,6 +945,10 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error {
 	return nil
 }

+// maxRSAKeySize is the maximum RSA key size in bits that we are willing
+// to verify the signatures of during a TLS handshake.
+const maxRSAKeySize = 8192
+
 // verifyServerCertificate parses and verifies the provided chain, setting
 // c.verifiedChains and c.peerCertificates or sending the appropriate alert.
 func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
@ -956,6 +960,10 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 			c.sendAlert(alertBadCertificate)
 			return errors.New("tls: failed to parse certificate from server: " + err.Error())
 		}
+		if cert.cert.PublicKeyAlgorithm == x509.RSA && cert.cert.PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize {
+			c.sendAlert(alertBadCertificate)
+			return fmt.Errorf("tls: server sent certificate containing RSA key larger than %d bits", maxRSAKeySize)
+		}
 		activeHandles[i] = cert
 		certs[i] = cert.cert
 	}
--- a/vendor/github.com/quic-go/qtls-go1-20/handshake_server.go
+++ b/vendor/github.com/quic-go/qtls-go1-20/handshake_server.go
@ -823,6 +823,10 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 			c.sendAlert(alertBadCertificate)
 			return errors.New("tls: failed to parse client certificate: " + err.Error())
 		}
+		if certs[i].PublicKeyAlgorithm == x509.RSA && certs[i].PublicKey.(*rsa.PublicKey).N.BitLen() > maxRSAKeySize {
+			c.sendAlert(alertBadCertificate)
+			return fmt.Errorf("tls: client sent certificate containing RSA key larger than %d bits", maxRSAKeySize)
+		}
 	}

 	if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) {
--- a/vendor/github.com/quic-go/quic-go/connection.go
+++ b/vendor/github.com/quic-go/quic-go/connection.go
@ -718,20 +718,22 @@ func (s *connection) idleTimeoutStartTime() time.Time {
 }

 func (s *connection) handleHandshakeComplete() error {
-	s.handshakeComplete = true
 	defer s.handshakeCtxCancel()
 	// Once the handshake completes, we have derived 1-RTT keys.
-	// There's no point in queueing undecryptable packets for later decryption any more.
+	// There's no point in queueing undecryptable packets for later decryption anymore.
 	s.undecryptablePackets = nil

 	s.connIDManager.SetHandshakeComplete()
 	s.connIDGenerator.SetHandshakeComplete()

+	// The server applies transport parameters right away, but the client side has to wait for handshake completion.
+	// During a 0-RTT connection, the client is only allowed to use the new transport parameters for 1-RTT packets.
 	if s.perspective == protocol.PerspectiveClient {
 		s.applyTransportParameters()
 		return nil
 	}

+	// All these only apply to the server side.
 	if err := s.handleHandshakeConfirmed(); err != nil {
 		return err
 	}
@ -1229,6 +1231,7 @@ func (s *connection) handleFrames(
 	if log != nil {
 		frames = make([]logging.Frame, 0, 4)
 	}
+	handshakeWasComplete := s.handshakeComplete
 	var handleErr error
 	for len(data) > 0 {
 		l, frame, err := s.frameParser.ParseNext(data, encLevel, s.version)
@ -1265,6 +1268,17 @@ func (s *connection) handleFrames(
 			return false, handleErr
 		}
 	}
+
+	// Handle completion of the handshake after processing all the frames.
+	// This ensures that we correctly handle the following case on the server side:
+	// We receive a Handshake packet that contains the CRYPTO frame that allows us to complete the handshake,
+	// and an ACK serialized after that CRYPTO frame. In this case, we still want to process the ACK frame.
+	if !handshakeWasComplete && s.handshakeComplete {
+		if err := s.handleHandshakeComplete(); err != nil {
+			return false, err
+		}
+	}
+
 	return
 }

@ -1360,7 +1374,9 @@ func (s *connection) handleHandshakeEvents() error {
 		case handshake.EventNoEvent:
 			return nil
 		case handshake.EventHandshakeComplete:
-			err = s.handleHandshakeComplete()
+			// Don't call handleHandshakeComplete yet.
+			// It's advantageous to process ACK frames that might be serialized after the CRYPTO frame first.
+			s.handshakeComplete = true
 		case handshake.EventReceivedTransportParameters:
 			err = s.handleTransportParameters(ev.TransportParameters)
 		case handshake.EventRestoredTransportParameters:
@ -1475,7 +1491,7 @@ func (s *connection) handleHandshakeDoneFrame() error {
 		}
 	}
 	if !s.handshakeConfirmed {
-		s.handleHandshakeConfirmed()
+		return s.handleHandshakeConfirmed()
 	}
 	return nil
 }
@ -1488,6 +1504,9 @@ func (s *connection) handleAckFrame(frame *wire.AckFrame, encLevel protocol.Encr
 	if !acked1RTTPacket {
 		return nil
 	}
+	// On the client side: If the packet acknowledged a 1-RTT packet, this confirms the handshake.
+	// This is only possible if the ACK was sent in a 1-RTT packet.
+	// This is an optimization over simply waiting for a HANDSHAKE_DONE frame, see section 4.1.2 of RFC 9001.
 	if s.perspective == protocol.PerspectiveClient && !s.handshakeConfirmed {
 		if err := s.handleHandshakeConfirmed(); err != nil {
 			return err
@ -1659,6 +1678,9 @@ func (s *connection) restoreTransportParameters(params *wire.TransportParameters
 }

 func (s *connection) handleTransportParameters(params *wire.TransportParameters) error {
+	if s.tracer != nil {
+		s.tracer.ReceivedTransportParameters(params)
+	}
 	if err := s.checkTransportParameters(params); err != nil {
 		return &qerr.TransportError{
 			ErrorCode:    qerr.TransportParameterError,
@ -1685,9 +1707,6 @@ func (s *connection) checkTransportParameters(params *wire.TransportParameters)
 	if s.logger.Debug() {
 		s.logger.Debugf("Processed Transport Parameters: %s", params)
 	}
-	if s.tracer != nil {
-		s.tracer.ReceivedTransportParameters(params)
-	}

 	// check the initial_source_connection_id
 	if params.InitialSourceConnectionID != s.handshakeDestConnID {
--- a/vendor/github.com/quic-go/quic-go/internal/handshake/crypto_setup.go
+++ b/vendor/github.com/quic-go/quic-go/internal/handshake/crypto_setup.go
@ -127,13 +127,7 @@ func NewCryptoSetupServer(

 	quicConf := &qtls.QUICConfig{TLSConfig: tlsConf}
 	qtls.SetupConfigForServer(quicConf, cs.allow0RTT, cs.getDataForSessionTicket, cs.accept0RTT)
-	if quicConf.TLSConfig.GetConfigForClient != nil {
-		gcfc := quicConf.TLSConfig.GetConfigForClient
-		quicConf.TLSConfig.GetConfigForClient = func(info *tls.ClientHelloInfo) (*tls.Config, error) {
-			info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
-			return gcfc(info)
-		}
-	}
+	addConnToClientHelloInfo(quicConf.TLSConfig, localAddr, remoteAddr)

 	cs.tlsConf = quicConf.TLSConfig
 	cs.conn = qtls.QUICServer(quicConf)
@ -141,6 +135,31 @@ func NewCryptoSetupServer(
 	return cs
 }

+// The tls.Config contains two callbacks that pass in a tls.ClientHelloInfo.
+// Since crypto/tls doesn't do it, we need to make sure to set the Conn field with a fake net.Conn
+// that allows the caller to get the local and the remote address.
+func addConnToClientHelloInfo(conf *tls.Config, localAddr, remoteAddr net.Addr) {
+	if conf.GetConfigForClient != nil {
+		gcfc := conf.GetConfigForClient
+		conf.GetConfigForClient = func(info *tls.ClientHelloInfo) (*tls.Config, error) {
+			info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
+			c, err := gcfc(info)
+			if c != nil {
+				// We're returning a tls.Config here, so we need to apply this recursively.
+				addConnToClientHelloInfo(c, localAddr, remoteAddr)
+			}
+			return c, err
+		}
+	}
+	if conf.GetCertificate != nil {
+		gc := conf.GetCertificate
+		conf.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
+			info.Conn = &conn{localAddr: localAddr, remoteAddr: remoteAddr}
+			return gc(info)
+		}
+	}
+}
+
 func newCryptoSetup(
 	connID protocol.ConnectionID,
 	tp *wire.TransportParameters,