mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-04 20:57:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

qtls: fix cipher suite selection for ClientHellos (#3751)

Browse source
This commit is contained in:
Marten Seemann 2023-04-19 16:26:47 +02:00 committed by GitHub
parent 1f57d4e789
commit e7751de92e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 50 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

27
internal/qtls/go119.go
View file

@ -102,11 +102,26 @@ func CipherSuiteTLS13ByID(id uint16) *CipherSuiteTLS13 {
//go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-19.cipherSuitesTLS13 //go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-19.cipherSuitesTLS13
var cipherSuitesTLS13 []unsafe.Pointer var cipherSuitesTLS13 []unsafe.Pointer
//go:linkname defaultCipherSuitesTLS13 github.com/quic-go/qtls-go1-19.defaultCipherSuitesTLS13
var defaultCipherSuitesTLS13 []uint16
//go:linkname defaultCipherSuitesTLS13NoAES github.com/quic-go/qtls-go1-19.defaultCipherSuitesTLS13NoAES
var defaultCipherSuitesTLS13NoAES []uint16
var cipherSuitesModified bool
// SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls // SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls
// such that it only contains the cipher suite with the chosen id. // such that it only contains the cipher suite with the chosen id.
// The reset function returned resets them back to the original value. // The reset function returned resets them back to the original value.
func SetCipherSuite(id uint16) (reset func()) { func SetCipherSuite(id uint16) (reset func()) {
orig := append([]unsafe.Pointer{}, cipherSuitesTLS13...) if cipherSuitesModified {
panic("cipher suites modified multiple times without resetting")
}
cipherSuitesModified = true
origCipherSuitesTLS13 := append([]unsafe.Pointer{}, cipherSuitesTLS13...)
origDefaultCipherSuitesTLS13 := append([]uint16{}, defaultCipherSuitesTLS13...)
origDefaultCipherSuitesTLS13NoAES := append([]uint16{}, defaultCipherSuitesTLS13NoAES...)
// The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls. // The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls.
switch id { switch id {
case tls.TLS_AES_128_GCM_SHA256: case tls.TLS_AES_128_GCM_SHA256:
@ -118,5 +133,13 @@ func SetCipherSuite(id uint16) (reset func()) {
default: default:
panic(fmt.Sprintf("unexpected cipher suite: %d", id)) panic(fmt.Sprintf("unexpected cipher suite: %d", id))
} }
return func() { cipherSuitesTLS13 = orig } defaultCipherSuitesTLS13 = []uint16{id}
defaultCipherSuitesTLS13NoAES = []uint16{id}
return func() {
cipherSuitesTLS13 = origCipherSuitesTLS13
defaultCipherSuitesTLS13 = origDefaultCipherSuitesTLS13
defaultCipherSuitesTLS13NoAES = origDefaultCipherSuitesTLS13NoAES
cipherSuitesModified = false
}
} }

27
internal/qtls/go120.go
View file

@ -102,11 +102,26 @@ func CipherSuiteTLS13ByID(id uint16) *CipherSuiteTLS13 {
//go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-20.cipherSuitesTLS13 //go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-20.cipherSuitesTLS13
var cipherSuitesTLS13 []unsafe.Pointer var cipherSuitesTLS13 []unsafe.Pointer
//go:linkname defaultCipherSuitesTLS13 github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13
var defaultCipherSuitesTLS13 []uint16
//go:linkname defaultCipherSuitesTLS13NoAES github.com/quic-go/qtls-go1-20.defaultCipherSuitesTLS13NoAES
var defaultCipherSuitesTLS13NoAES []uint16
var cipherSuitesModified bool
// SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls // SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls
// such that it only contains the cipher suite with the chosen id. // such that it only contains the cipher suite with the chosen id.
// The reset function returned resets them back to the original value. // The reset function returned resets them back to the original value.
func SetCipherSuite(id uint16) (reset func()) { func SetCipherSuite(id uint16) (reset func()) {
orig := append([]unsafe.Pointer{}, cipherSuitesTLS13...) if cipherSuitesModified {
panic("cipher suites modified multiple times without resetting")
}
cipherSuitesModified = true
origCipherSuitesTLS13 := append([]unsafe.Pointer{}, cipherSuitesTLS13...)
origDefaultCipherSuitesTLS13 := append([]uint16{}, defaultCipherSuitesTLS13...)
origDefaultCipherSuitesTLS13NoAES := append([]uint16{}, defaultCipherSuitesTLS13NoAES...)
// The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls. // The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls.
switch id { switch id {
case tls.TLS_AES_128_GCM_SHA256: case tls.TLS_AES_128_GCM_SHA256:
@ -118,5 +133,13 @@ func SetCipherSuite(id uint16) (reset func()) {
default: default:
panic(fmt.Sprintf("unexpected cipher suite: %d", id)) panic(fmt.Sprintf("unexpected cipher suite: %d", id))
} }
return func() { cipherSuitesTLS13 = orig } defaultCipherSuitesTLS13 = []uint16{id}
defaultCipherSuitesTLS13NoAES = []uint16{id}
return func() {
cipherSuitesTLS13 = origCipherSuitesTLS13
defaultCipherSuitesTLS13 = origDefaultCipherSuitesTLS13
defaultCipherSuitesTLS13NoAES = origDefaultCipherSuitesTLS13NoAES
cipherSuitesModified = false
}
} }