RTG-2418 Update qtls

2025-07-27 17:29:58 +00:00 · 2023-01-04 14:52:00 +01:00
parent 887e486a63
commit de4fd472f3
15 changed files with 65 additions and 35 deletions
--- a/vendor/github.com/marten-seemann/qtls-go1-18/conn.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-18/conn.go
@@ -125,6 +125,9 @@ type Conn struct {
 	used0RTT bool

 	tmp [16]byte
+
+	connStateMutex sync.Mutex
+	connState      ConnectionStateWith0RTT
 }

 // Access to net.Conn methods.
@@ -1533,19 +1536,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {

 // ConnectionState returns basic TLS details about the connection.
 func (c *Conn) ConnectionState() ConnectionState {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	return c.connectionStateLocked()
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	return c.connState.ConnectionState
 }

 // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection.
 func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	return ConnectionStateWith0RTT{
-		ConnectionState: c.connectionStateLocked(),
-		Used0RTT:        c.used0RTT,
-	}
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	return c.connState
 }

 func (c *Conn) connectionStateLocked() ConnectionState {
@@ -1576,6 +1576,15 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	return toConnectionState(state)
 }

+func (c *Conn) updateConnectionState() {
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	c.connState = ConnectionStateWith0RTT{
+		Used0RTT:        c.used0RTT,
+		ConnectionState: c.connectionStateLocked(),
+	}
+}
+
 // OCSPResponse returns the stapled OCSP response from the TLS server, if
 // any. (Only valid for client connections.)
 func (c *Conn) OCSPResponse() []byte {
--- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client.go
@@ -306,6 +306,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 		c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session))
 	}

+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_client_tls13.go
@@ -83,6 +83,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	if err := hs.processServerHello(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.sendDummyChangeCipherSpec(); err != nil {
 		return err
 	}
@@ -95,6 +96,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	if err := hs.readServerCertificate(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.readServerFinished(); err != nil {
 		return err
 	}
@@ -115,7 +117,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	})

 	atomic.StoreUint32(&c.handshakeStatus, 1)
-
+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server.go
@@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error {
 	c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random)
 	atomic.StoreUint32(&c.handshakeStatus, 1)

+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-18/handshake_server_tls13.go
@@ -56,6 +56,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	if err := hs.checkForResumption(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.pickCertificate(); err != nil {
 		return err
 	}
@@ -78,6 +79,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	if err := hs.readClientCertificate(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.readClientFinished(); err != nil {
 		return err
 	}
@@ -89,7 +91,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	})

 	atomic.StoreUint32(&c.handshakeStatus, 1)
-
+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-19/README.md
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/README.md
@@ -1,6 +1,6 @@
 # qtls

-[![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-17.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-17)
-[![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-17/actions/workflows/go-test.yml)
+[![Go Reference](https://pkg.go.dev/badge/github.com/marten-seemann/qtls-go1-19.svg)](https://pkg.go.dev/github.com/marten-seemann/qtls-go1-19)
+[![.github/workflows/go-test.yml](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml/badge.svg)](https://github.com/marten-seemann/qtls-go1-19/actions/workflows/go-test.yml)

 This repository contains a modified version of the standard library's TLS implementation, modified for the QUIC protocol. It is used by [quic-go](https://github.com/lucas-clemente/quic-go).
--- a/vendor/github.com/marten-seemann/qtls-go1-19/common.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/common.go
@@ -346,7 +346,7 @@ type clientSessionState struct {
 // SessionID-based resumption. In TLS 1.3 they were merged into PSK modes, which
 // are supported via this interface.
 //
-//go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-17 ClientSessionCache"
+//go:generate sh -c "mockgen -package qtls -destination mock_client_session_cache_test.go github.com/marten-seemann/qtls-go1-19 ClientSessionCache"
 type ClientSessionCache = tls.ClientSessionCache

 // SignatureScheme is a tls.SignatureScheme
--- a/vendor/github.com/marten-seemann/qtls-go1-19/conn.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/conn.go
@@ -125,6 +125,9 @@ type Conn struct {
 	used0RTT bool

 	tmp [16]byte
+
+	connStateMutex sync.Mutex
+	connState      ConnectionStateWith0RTT
 }

 // Access to net.Conn methods.
@@ -1535,19 +1538,16 @@ func (c *Conn) handshakeContext(ctx context.Context) (ret error) {

 // ConnectionState returns basic TLS details about the connection.
 func (c *Conn) ConnectionState() ConnectionState {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	return c.connectionStateLocked()
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	return c.connState.ConnectionState
 }

 // ConnectionStateWith0RTT returns basic TLS details (incl. 0-RTT status) about the connection.
 func (c *Conn) ConnectionStateWith0RTT() ConnectionStateWith0RTT {
-	c.handshakeMutex.Lock()
-	defer c.handshakeMutex.Unlock()
-	return ConnectionStateWith0RTT{
-		ConnectionState: c.connectionStateLocked(),
-		Used0RTT:        c.used0RTT,
-	}
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	return c.connState
 }

 func (c *Conn) connectionStateLocked() ConnectionState {
@@ -1578,6 +1578,15 @@ func (c *Conn) connectionStateLocked() ConnectionState {
 	return toConnectionState(state)
 }

+func (c *Conn) updateConnectionState() {
+	c.connStateMutex.Lock()
+	defer c.connStateMutex.Unlock()
+	c.connState = ConnectionStateWith0RTT{
+		Used0RTT:        c.used0RTT,
+		ConnectionState: c.connectionStateLocked(),
+	}
+}
+
 // OCSPResponse returns the stapled OCSP response from the TLS server, if
 // any. (Only valid for client connections.)
 func (c *Conn) OCSPResponse() []byte {
--- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client.go
@@ -311,6 +311,7 @@ func (c *Conn) clientHandshake(ctx context.Context) (err error) {
 		c.config.ClientSessionCache.Put(cacheKey, toClientSessionState(hs.session))
 	}

+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_client_tls13.go
@@ -87,6 +87,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	if err := hs.processServerHello(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.sendDummyChangeCipherSpec(); err != nil {
 		return err
 	}
@@ -99,6 +100,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	if err := hs.readServerCertificate(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.readServerFinished(); err != nil {
 		return err
 	}
@@ -119,7 +121,7 @@ func (hs *clientHandshakeStateTLS13) handshake() error {
 	})

 	atomic.StoreUint32(&c.handshakeStatus, 1)
-
+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server.go
@@ -132,6 +132,7 @@ func (hs *serverHandshakeState) handshake() error {
 	c.ekm = ekmFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random)
 	atomic.StoreUint32(&c.handshakeStatus, 1)

+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go
+++ b/vendor/github.com/marten-seemann/qtls-go1-19/handshake_server_tls13.go
@@ -60,6 +60,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	if err := hs.checkForResumption(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.pickCertificate(); err != nil {
 		return err
 	}
@@ -82,6 +83,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	if err := hs.readClientCertificate(); err != nil {
 		return err
 	}
+	c.updateConnectionState()
 	if err := hs.readClientFinished(); err != nil {
 		return err
 	}
@@ -93,7 +95,7 @@ func (hs *serverHandshakeStateTLS13) handshake() error {
 	})

 	atomic.StoreUint32(&c.handshakeStatus, 1)
-
+	c.updateConnectionState()
 	return nil
 }

--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -194,10 +194,10 @@ github.com/marten-seemann/qtls-go1-16
 # github.com/marten-seemann/qtls-go1-17 v0.1.2
 ## explicit; go 1.17
 github.com/marten-seemann/qtls-go1-17
-# github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2
+# github.com/marten-seemann/qtls-go1-18 v0.1.2 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e
 ## explicit; go 1.18
 github.com/marten-seemann/qtls-go1-18
-# github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0
+# github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e
 ## explicit; go 1.19
 github.com/marten-seemann/qtls-go1-19
 # github.com/mattn/go-colorable v0.1.8
@@ -578,5 +578,5 @@ zombiezen.com/go/capnproto2/std/capnp/rpc
 # github.com/lucas-clemente/quic-go => github.com/chungthuang/quic-go v0.27.1-0.20220809135021-ca330f1dec9f
 # github.com/prometheus/golang_client => github.com/prometheus/golang_client v1.12.1
 # gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
-# github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20221010110824-0053225e48b2
-# github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20221010110800-4f3769902fe0
+# github.com/marten-seemann/qtls-go1-18 => github.com/cloudflare/qtls-pq v0.0.0-20230103171413-e7a2fb559a0e
+# github.com/marten-seemann/qtls-go1-19 => github.com/cloudflare/qtls-pq v0.0.0-20230103171656-05e84f90909e