qtls: don't set the tls.Config.CipherSuites for cipher suite tests (#3726)

* qtls: don't set the tls.Config.CipherSuites for cipher suite tests * use qtls versions that don't allow setting of tls.Config.CipherSuites
2023-03-27 00:56:41 +11:00
parent 4612b3f19f
commit 23f4565108
8 changed files with 64 additions and 18 deletions
--- a/internal/qtls/go119.go
+++ b/internal/qtls/go119.go
@@ -6,6 +6,7 @@ import (
 	"crypto"
 	"crypto/cipher"
 	"crypto/tls"
+	"fmt"
 	"net"
 	"unsafe"

@@ -97,3 +98,25 @@ func CipherSuiteTLS13ByID(id uint16) *CipherSuiteTLS13 {
 		Hash:   cs.Hash,
 	}
 }
+
+//go:linkname cipherSuitesTLS13 github.com/quic-go/qtls-go1-19.cipherSuitesTLS13
+var cipherSuitesTLS13 []unsafe.Pointer
+
+// SetCipherSuite modifies the cipherSuiteTLS13 slice of cipher suites inside qtls
+// such that it only contains the cipher suite with the chosen id.
+// The reset function returned resets them back to the original value.
+func SetCipherSuite(id uint16) (reset func()) {
+	orig := append([]unsafe.Pointer{}, cipherSuitesTLS13...)
+	// The order is given by the order of the slice elements in cipherSuitesTLS13 in qtls.
+	switch id {
+	case tls.TLS_AES_128_GCM_SHA256:
+		cipherSuitesTLS13 = cipherSuitesTLS13[:1]
+	case tls.TLS_CHACHA20_POLY1305_SHA256:
+		cipherSuitesTLS13 = cipherSuitesTLS13[1:2]
+	case tls.TLS_AES_256_GCM_SHA384:
+		cipherSuitesTLS13 = cipherSuitesTLS13[2:]
+	default:
+		panic(fmt.Sprintf("unexpected cipher suite: %d", id))
+	}
+	return func() { cipherSuitesTLS13 = orig }
+}