mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 20:47:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: check and record godebugs more granularly

Browse source 
We should call Value as late as possible to allow programs to set
GODEBUG with os.Setenv, and IncNonDefault only when (and every time) the
GODEBUG has an effect on a connection (that we'd have regularly
rejected).

Change-Id: If7a1446de407db7ca2d904d41dda13558b684dda
Reviewed-on: https://go-review.googlesource.com/c/go/+/544335
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Filippo Valsorda 2023-11-21 23:16:56 +01:00 committed by Gopher Robot
parent f20bc39fcb
commit fef99935ac
6 changed files with 43 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

39
cipher_suites.go
View file

@ -17,7 +17,6 @@ import (
"fmt" "fmt"
"hash" "hash"
"internal/cpu" "internal/cpu"
"internal/godebug"
"runtime" "runtime"
"golang.org/x/crypto/chacha20poly1305" "golang.org/x/crypto/chacha20poly1305"
@ -323,25 +322,21 @@ var cipherSuitesPreferenceOrderNoAES = []uint16{
TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_SHA,
} }
// disabledCipherSuites are not used unless explicitly listed in // disabledCipherSuites are not used unless explicitly listed in Config.CipherSuites.
// Config.CipherSuites. They MUST be at the end of cipherSuitesPreferenceOrder. var disabledCipherSuites = map[uint16]bool{
var disabledCipherSuites = []uint16{
// CBC_SHA256 // CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: true,
TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: true,
TLS_RSA_WITH_AES_128_CBC_SHA256: true,
// RC4 // RC4
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: true,
TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA: true,
TLS_RSA_WITH_RC4_128_SHA: true,
} }
var (
defaultCipherSuitesLen int
defaultCipherSuites []uint16
)
// rsaKexCiphers contains the ciphers which use RSA based key exchange, // rsaKexCiphers contains the ciphers which use RSA based key exchange,
// which we disable by default. // which we also disable by default unless a GODEBUG is set.
var rsaKexCiphers = map[uint16]bool{ var rsaKexCiphers = map[uint16]bool{
TLS_RSA_WITH_RC4_128_SHA: true, TLS_RSA_WITH_RC4_128_SHA: true,
TLS_RSA_WITH_3DES_EDE_CBC_SHA: true, TLS_RSA_WITH_3DES_EDE_CBC_SHA: true,
@ -352,17 +347,21 @@ var rsaKexCiphers = map[uint16]bool{
TLS_RSA_WITH_AES_256_GCM_SHA384: true, TLS_RSA_WITH_AES_256_GCM_SHA384: true,
} }
var rsaKEXgodebug = godebug.New("tlsrsakex") var defaultCipherSuites []uint16
var defaultCipherSuitesWithRSAKex []uint16
func init() { func init() {
rsaKexEnabled := rsaKEXgodebug.Value() == "1" defaultCipherSuites = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
for _, c := range cipherSuitesPreferenceOrder[:len(cipherSuitesPreferenceOrder)-len(disabledCipherSuites)] { defaultCipherSuitesWithRSAKex = make([]uint16, 0, len(cipherSuitesPreferenceOrder))
if !rsaKexEnabled && rsaKexCiphers[c] { for _, c := range cipherSuitesPreferenceOrder {
if disabledCipherSuites[c] {
continue continue
} }
defaultCipherSuites = append(defaultCipherSuites, c) if !rsaKexCiphers[c] {
defaultCipherSuites = append(defaultCipherSuites, c)
}
defaultCipherSuitesWithRSAKex = append(defaultCipherSuitesWithRSAKex, c)
} }
defaultCipherSuitesLen = len(defaultCipherSuites)
} }
// defaultCipherSuitesTLS13 is also the preference order, since there are no // defaultCipherSuitesTLS13 is also the preference order, since there are no

11
common.go
View file

@ -1008,6 +1008,8 @@ func (c *Config) time() time.Time {
return t() return t()
} }
var tlsrsakex = godebug.New("tlsrsakex")
func (c *Config) cipherSuites() []uint16 { func (c *Config) cipherSuites() []uint16 {
if needFIPS() { if needFIPS() {
return fipsCipherSuites(c) return fipsCipherSuites(c)
@ -1015,6 +1017,9 @@ func (c *Config) cipherSuites() []uint16 {
if c.CipherSuites != nil { if c.CipherSuites != nil {
return c.CipherSuites return c.CipherSuites
} }
if tlsrsakex.Value() == "1" {
return defaultCipherSuitesWithRSAKex
}
return defaultCipherSuites return defaultCipherSuites
} }
@ -1030,7 +1035,7 @@ var supportedVersions = []uint16{
const roleClient = true const roleClient = true
const roleServer = false const roleServer = false
var tls10godebug = godebug.New("tls10server") var tls10server = godebug.New("tls10server")
func (c *Config) supportedVersions(isClient bool) []uint16 { func (c *Config) supportedVersions(isClient bool) []uint16 {
versions := make([]uint16, 0, len(supportedVersions)) versions := make([]uint16, 0, len(supportedVersions))
@ -1039,9 +1044,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 {
continue continue
} }
if (c == nil || c.MinVersion == 0) && v < VersionTLS12 { if (c == nil || c.MinVersion == 0) && v < VersionTLS12 {
if !isClient && tls10godebug.Value() == "1" { if isClient || tls10server.Value() != "1" {
tls10godebug.IncNonDefault()
} else {
continue continue
} }
} }

6
conn.go
View file

@ -1600,7 +1600,7 @@ func (c *Conn) ConnectionState() ConnectionState {
return c.connectionStateLocked() return c.connectionStateLocked()
} }
var ekmgodebug = godebug.New("tlsunsafeekm") var tlsunsafeekm = godebug.New("tlsunsafeekm")
func (c *Conn) connectionStateLocked() ConnectionState { func (c *Conn) connectionStateLocked() ConnectionState {
var state ConnectionState var state ConnectionState
@ -1626,8 +1626,8 @@ func (c *Conn) connectionStateLocked() ConnectionState {
state.ekm = noEKMBecauseRenegotiation state.ekm = noEKMBecauseRenegotiation
} else if c.vers != VersionTLS13 && !c.extMasterSecret { } else if c.vers != VersionTLS13 && !c.extMasterSecret {
state.ekm = func(label string, context []byte, length int) ([]byte, error) { state.ekm = func(label string, context []byte, length int) ([]byte, error) {
if ekmgodebug.Value() == "1" { if tlsunsafeekm.Value() == "1" {
ekmgodebug.IncNonDefault() tlsunsafeekm.IncNonDefault()
return c.ekm(label, context, length) return c.ekm(label, context, length)
} }
return noEKMBecauseNoEMS(label, context, length) return noEKMBecauseNoEMS(label, context, length)

4
handshake_client.go
View file

@ -526,6 +526,10 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
return errors.New("tls: server chose an unconfigured cipher suite") return errors.New("tls: server chose an unconfigured cipher suite")
} }
if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
tlsrsakex.IncNonDefault()
}
hs.c.cipherSuite = hs.suite.id hs.c.cipherSuite = hs.suite.id
return nil return nil
} }

8
handshake_server.go
View file

@ -168,6 +168,10 @@ func (c *Conn) readClientHello(ctx context.Context) (*clientHelloMsg, error) {
c.in.version = c.vers c.in.version = c.vers
c.out.version = c.vers c.out.version = c.vers
if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
tls10server.IncNonDefault()
}
return clientHello, nil return clientHello, nil
} }
@ -366,6 +370,10 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
} }
c.cipherSuite = hs.suite.id c.cipherSuite = hs.suite.id
if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] {
tlsrsakex.IncNonDefault()
}
for _, id := range hs.clientHello.cipherSuites { for _, id := range hs.clientHello.cipherSuites {
if id == TLS_FALLBACK_SCSV { if id == TLS_FALLBACK_SCSV {
// The client is doing a fallback connection. See RFC 7507. // The client is doing a fallback connection. See RFC 7507.

12
tls_test.go
View file

@ -1491,16 +1491,8 @@ func TestCipherSuites(t *testing.T) {
t.Errorf("cipherSuitesPreferenceOrderNoAES is not the same size as cipherSuitesPreferenceOrder") t.Errorf("cipherSuitesPreferenceOrderNoAES is not the same size as cipherSuitesPreferenceOrder")
} }
// Check that disabled suites are at the end of the preference lists, and // Check that disabled suites are marked insecure.
// that they are marked insecure. for id := range disabledCipherSuites {
for i, id := range disabledCipherSuites {
offset := len(cipherSuitesPreferenceOrder) - len(disabledCipherSuites)
if cipherSuitesPreferenceOrder[offset+i] != id {
t.Errorf("disabledCipherSuites[%d]: not at the end of cipherSuitesPreferenceOrder", i)
}
if cipherSuitesPreferenceOrderNoAES[offset+i] != id {
t.Errorf("disabledCipherSuites[%d]: not at the end of cipherSuitesPreferenceOrderNoAES", i)
}
c := CipherSuiteByID(id) c := CipherSuiteByID(id)
if c == nil { if c == nil {
t.Errorf("%#04x: no CipherSuite entry", id) t.Errorf("%#04x: no CipherSuite entry", id)