From de4fd472f3dd690eb4640df9e36be8bac4329d53 Mon Sep 17 00:00:00 2001 From: Bas Westerbaan Date: Wed, 4 Jan 2023 14:52:00 +0100 Subject: [PATCH] RTG-2418 Update qtls --- go.mod | 4 +-- go.sum | 8 +++--- .../marten-seemann/qtls-go1-18/conn.go | 27 ++++++++++++------- .../qtls-go1-18/handshake_client.go | 1 + .../qtls-go1-18/handshake_client_tls13.go | 4 ++- .../qtls-go1-18/handshake_server.go | 1 + .../qtls-go1-18/handshake_server_tls13.go | 4 ++- .../marten-seemann/qtls-go1-19/README.md | 4 +-- .../marten-seemann/qtls-go1-19/common.go | 2 +- .../marten-seemann/qtls-go1-19/conn.go | 27 ++++++++++++------- .../qtls-go1-19/handshake_client.go | 1 + .../qtls-go1-19/handshake_client_tls13.go | 4 ++- .../qtls-go1-19/handshake_server.go | 1 + .../qtls-go1-19/handshake_server_tls13.go | 4 ++- vendor/modules.txt | 8 +++--- 15 files changed, 65 insertions(+), 35 deletions(-) diff --git a/go.mod b/go.mod index aa37a381..3609f872 100644 --- a/go.mod +++ b/go.mod @@ -111,8 +111,8 @@ replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 // Post-quantum tunnel RTG-1339 replace ( // branch go1.18 - github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 + github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e // branch go1.19 - github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 + github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e ) diff --git a/go.sum b/go.sum index 0b94c4a3..73758118 100644 --- a/go.sum +++ b/go.sum @@ -132,10 +132,10 @@ github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47 h1:YzpECHxZ9TzO github.com/cloudflare/circl v1.2.1-0.20220809205628-0a9554f37a47/go.mod h1:qhx8gBILsYlbam7h09SvHDSkjpe3TfLA7b/z4rxJvkE= github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc h1:Dvk3ySBsOm5EviLx6VCyILnafPcQinXGP5jbTdHUJgE= github.com/cloudflare/golibs v0.0.0-20170913112048-333127dbecfc/go.mod h1:HlgKKR8V5a1wroIDDIz3/A+T+9Janfq+7n1P5sEFdi0= -github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 h1:LEsjEHfKnIJEJU9QEIPVRuslxpBu+2kG2DXhxpkGT+o= -github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0/go.mod h1:aIsWqC0WXyUiUxBl/RfxAjDyWE9CCLqvSMnCMTd/+bc= -github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 h1:ErNoeVNqFXV+emlf4gY7Ms7/0DbQ8PT2UFxNyWBc51Q= -github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2/go.mod h1:mW0BgKFFDAiSmOdUwoORtjo0V2vqw5QzVYRtKQqw/Jg= +github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e h1:frfo+L0qloEb6Vj+qjS4pbAYSJQZAlUnKZu0uJoErac= +github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e/go.mod h1:mW0BgKFFDAiSmOdUwoORtjo0V2vqw5QzVYRtKQqw/Jg= +github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e h1:RtQDXvDi0PK3EonP0v7zkE5/rApK4MsgRATCdD+ughg= +github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e/go.mod h1:aIsWqC0WXyUiUxBl/RfxAjDyWE9CCLqvSMnCMTd/+bc= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= diff --git a/vendor/github.com/marten-seemann/qtls-go1-18/conn.go b/vendor/github.com/marten-seemann/qtls-go1-18/conn.go index 90a27b5d..2b8c7307 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-18/conn.go +++ b/vendor/github.com/marten-seemann/qtls-go1-18/conn.go @@ -125,6 +125,9 @@ type Conn struct { used0RTT bool tmp [16]byte + + connStateMutex sync.Mutex + connState ConnectionStateWith0RTT } // Access to net.Conn methods. @@ -1533,19 +1536,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) { // ConnectionState returns basic TLS details about the connection. func (c *Conn) ConnectionState() ConnectionState { - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - return c.connectionStateLocked() + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + return c.connState.ConnectionState } // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection. func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT { - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - return ConnectionStateWith0RTT{ - ConnectionState: c.connectionStateLocked(), - Used0RTT: c.used0RTT, - } + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + return c.connState } func (c *Conn) connectionStateLocked() ConnectionState { @@ -1576,6 +1576,15 @@ func (c *Conn) connectionStateLocked() ConnectionState { return toConnectionState(state) } +func (c *Conn) updateConnectionState() { + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + c.connState = ConnectionStateWith0RTT{ + Used0RTT: c.used0RTT, + ConnectionState: c.connectionStateLocked(), + } +} + // OCSPResponse returns the stapled OCSP response from the TLS server, if // any. (Only valid for client connections.) func (c *Conn) OCSPResponse() []byte { diff --git a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go index 4d026c66..35a1afed 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go +++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go @@ -306,6 +306,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) { c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session)) } + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go index 349d3f20..7ff7d4c4 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go +++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go @@ -83,6 +83,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { if err := hs.processServerHello(); err != nil { return err } + c.updateConnectionState() if err := hs.sendDummyChangeCipherSpec(); err != nil { return err } @@ -95,6 +96,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { if err := hs.readServerCertificate(); err != nil { return err } + c.updateConnectionState() if err := hs.readServerFinished(); err != nil { return err } @@ -115,7 +117,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { }) atomic.StoreUint32(&c.handshakeStatus, 1) - + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go index 8ee42837..a6519d7f 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go +++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go @@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error { c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) atomic.StoreUint32(&c.handshakeStatus, 1) + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go index 58fbb8d0..fa89c97f 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go +++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go @@ -56,6 +56,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { if err := hs.checkForResumption(); err != nil { return err } + c.updateConnectionState() if err := hs.pickCertificate(); err != nil { return err } @@ -78,6 +79,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { if err := hs.readClientCertificate(); err != nil { return err } + c.updateConnectionState() if err := hs.readClientFinished(); err != nil { return err } @@ -89,7 +91,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { }) atomic.StoreUint32(&c.handshakeStatus, 1) - + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/README.md b/vendor/github.com/marten-seemann/qtls-go1-19/README.md index 3e902212..db260ba2 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/README.md +++ b/vendor/github.com/marten-seemann/qtls-go1-19/README.md @@ -1,6 +1,6 @@ # qtls -[![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-17.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-17) -[![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml) +[![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-19.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-19) +[![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml) This repository contains a modified version of the standard library's TLS implementation, modified for the QUIC protocol. It is used by [quic-go](https://github.com/lucas-clemente/quic-go). diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/common.go b/vendor/github.com/marten-seemann/qtls-go1-19/common.go index 3b8de4c5..2484da05 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/common.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/common.go @@ -346,7 +346,7 @@ type clientSessionState struct { // SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which // are supported via this interface. // -//go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-17 ClientSessionCache" +//go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-19 ClientSessionCache" type ClientSessionCache = tls.ClientSessionCache // SignatureScheme is a tls.SignatureScheme diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/conn.go b/vendor/github.com/marten-seemann/qtls-go1-19/conn.go index 1b275a9f..5a17f7a1 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/conn.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/conn.go @@ -125,6 +125,9 @@ type Conn struct { used0RTT bool tmp [16]byte + + connStateMutex sync.Mutex + connState ConnectionStateWith0RTT } // Access to net.Conn methods. @@ -1535,19 +1538,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) { // ConnectionState returns basic TLS details about the connection. func (c *Conn) ConnectionState() ConnectionState { - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - return c.connectionStateLocked() + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + return c.connState.ConnectionState } // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection. func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT { - c.handshakeMutex.Lock() - defer c.handshakeMutex.Unlock() - return ConnectionStateWith0RTT{ - ConnectionState: c.connectionStateLocked(), - Used0RTT: c.used0RTT, - } + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + return c.connState } func (c *Conn) connectionStateLocked() ConnectionState { @@ -1578,6 +1578,15 @@ func (c *Conn) connectionStateLocked() ConnectionState { return toConnectionState(state) } +func (c *Conn) updateConnectionState() { + c.connStateMutex.Lock() + defer c.connStateMutex.Unlock() + c.connState = ConnectionStateWith0RTT{ + Used0RTT: c.used0RTT, + ConnectionState: c.connectionStateLocked(), + } +} + // OCSPResponse returns the stapled OCSP response from the TLS server, if // any. (Only valid for client connections.) func (c *Conn) OCSPResponse() []byte { diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go index 65aae636..c2ded225 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go @@ -311,6 +311,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) { c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session)) } + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go index 7d470c42..299f557d 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go @@ -87,6 +87,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { if err := hs.processServerHello(); err != nil { return err } + c.updateConnectionState() if err := hs.sendDummyChangeCipherSpec(); err != nil { return err } @@ -99,6 +100,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { if err := hs.readServerCertificate(); err != nil { return err } + c.updateConnectionState() if err := hs.readServerFinished(); err != nil { return err } @@ -119,7 +121,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error { }) atomic.StoreUint32(&c.handshakeStatus, 1) - + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go index 31981c6b..b363d53f 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go @@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error { c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random) atomic.StoreUint32(&c.handshakeStatus, 1) + c.updateConnectionState() return nil } diff --git a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go index 9fb32c35..9480fd68 100644 --- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go +++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go @@ -60,6 +60,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { if err := hs.checkForResumption(); err != nil { return err } + c.updateConnectionState() if err := hs.pickCertificate(); err != nil { return err } @@ -82,6 +83,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { if err := hs.readClientCertificate(); err != nil { return err } + c.updateConnectionState() if err := hs.readClientFinished(); err != nil { return err } @@ -93,7 +95,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error { }) atomic.StoreUint32(&c.handshakeStatus, 1) - + c.updateConnectionState() return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index bb9be37a..20807476 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -194,10 +194,10 @@ github.com/marten-seemann/qtls-go1-16 # github.com/marten-seemann/qtls-go1-17 v0.1.2 ## explicit; go 1.17 github.com/marten-seemann/qtls-go1-17 -# github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 +# github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e ## explicit; go 1.18 github.com/marten-seemann/qtls-go1-18 -# github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 +# github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e ## explicit; go 1.19 github.com/marten-seemann/qtls-go1-19 # github.com/mattn/go-colorable v0.1.8 @@ -578,5 +578,5 @@ zombiezen.com/go/capnproto2/std/capnp/rpc # github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.27.1-0.20220809135021-ca330f1dec9f # github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1 # gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 -# github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2 -# github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0 +# github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e +# github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e