From 3e469db631462657594588755057837996168b94 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Fri, 17 Jan 2020 14:01:12 +0700
Subject: [PATCH] protect the AEAD calculating the integrity tag by a mutex

---
 internal/handshake/retry.go | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/internal/handshake/retry.go b/internal/handshake/retry.go
index 456675ba..460596cd 100644
--- a/internal/handshake/retry.go
+++ b/internal/handshake/retry.go
@@ -5,6 +5,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"fmt"
+	"sync"
 
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 )
@@ -25,18 +26,23 @@ func init() {
 	retryAEAD = aead
 }
 
+var retryBuf bytes.Buffer
+var retryMutex sync.Mutex
+var retryNonce [12]byte
+
 // GetRetryIntegrityTag calculates the integrity tag on a Retry packet
 func GetRetryIntegrityTag(retry []byte, origDestConnID protocol.ConnectionID) *[16]byte {
-	buf := bytes.NewBuffer(make([]byte, 0, 1+origDestConnID.Len()+len(retry)))
-	buf.WriteByte(uint8(origDestConnID.Len()))
-	buf.Write(origDestConnID.Bytes())
-	buf.Write(retry)
+	retryMutex.Lock()
+	retryBuf.WriteByte(uint8(origDestConnID.Len()))
+	retryBuf.Write(origDestConnID.Bytes())
+	retryBuf.Write(retry)
 
-	sealed := retryAEAD.Seal(nil, make([]byte, 12), []byte{}, buf.Bytes())
+	var tag [16]byte
+	sealed := retryAEAD.Seal(tag[:0], retryNonce[:], nil, retryBuf.Bytes())
 	if len(sealed) != 16 {
 		panic(fmt.Sprintf("unexpected Retry integrity tag length: %d", len(sealed)))
 	}
-	var tag [16]byte
-	copy(tag[:], sealed)
+	retryBuf.Reset()
+	retryMutex.Unlock()
 	return &tag
 }