mirrors/XTLS_REALITY
0
0
Fork 0
mirror of https://github.com/XTLS/REALITY.git synced 2025-08-22 22:48:36 +00:00
Code

crypto/tls: send illegal_parameter on invalid ECHClientHello.type

Browse Source 
The spec indicates that if a client sends an invalid ECHClientHello.type
in ClientHelloOuter, the server will abort the handshake with a
decode_error alert.

Define errInvalidECHExt for invalid ECHClientHello.type. If parseECHExt
returns an errInvalidECHExt error, Conn now sends an illegal_parameter
alert.

Fixes #71061.

Change-Id: I240241fe8bbe3e77d6ad1af989794647bfa2ff87
GitHub-Last-Rev: 3d6c233
GitHub-Pull-Request: #71062
Reviewed-on: https://go-review.googlesource.com/c/go/+/639235
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit is contained in:
yuhan6665 2025-05-10 15:23:34 -04:00
parent 84d21a0006
commit c25bcef61f
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ech.go
View File

@ -379,7 +379,7 @@ func decodeInnerClientHello(outer *clientHelloMsg, encoded []byte) (*clientHello
}
if !bytes.Equal(inner.encryptedClientHello, []byte{uint8(innerECHExt)}) {
return nil, errors.New("tls: client sent invalid encrypted_client_hello extension")
return nil, errInvalidECHExt
}
if len(inner.supportedVersions) != 1 || (len(inner.supportedVersions) >= 1 && inner.supportedVersions[0] != VersionTLS13) {
@ -482,6 +482,7 @@ func (e *ECHRejectionError) Error() string {
}
var errMalformedECHExt = errors.New("tls: malformed encrypted_client_hello extension")
var errInvalidECHExt = errors.New("tls: client sent invalid encrypted_client_hello extension")
type echExtType uint8
@ -508,7 +509,7 @@ func parseECHExt(ext []byte) (echType echExtType, cs echCipher, configID uint8,
return echType, cs, 0, nil, nil, nil
}
if echType != outerECHExt {
err = errMalformedECHExt
err = errInvalidECHExt
return
}
if !s.ReadUint16(&cs.KDFID) {
@ -550,8 +551,13 @@ func marshalEncryptedClientHelloConfigList(configs []EncryptedClientHelloKey) ([
func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *echServerContext, error) {
echType, echCiphersuite, configID, encap, payload, err := parseECHExt(outer.encryptedClientHello)
if err != nil {
if errors.Is(err, errInvalidECHExt) {
c.sendAlert(alertIllegalParameter)
} else {
c.sendAlert(alertDecodeError)
return nil, nil, errors.New("tls: client sent invalid encrypted_client_hello extension")
}
return nil, nil, errInvalidECHExt
}
if echType == innerECHExt {
@ -598,7 +604,7 @@ func (c *Conn) processECHClientHello(outer *clientHelloMsg) (*clientHelloMsg, *e
echInner, err := decodeInnerClientHello(outer, encodedInner)
if err != nil {
c.sendAlert(alertIllegalParameter)
return nil, nil, errors.New("tls: client sent invalid encrypted_client_hello extension")
return nil, nil, errInvalidECHExt
}
c.echAccepted = true