Update On Sat Oct 19 20:34:39 CEST 2024

2025-09-26 20:21:35 +08:00 · 2024-10-19 20:34:39 +02:00
parent 007d3af361
commit b0b91ede47
133 changed files with 1664 additions and 1081 deletions
--- a/yass/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/yass/.github/ISSUE_TEMPLATE/bug_report.md
@@ -44,6 +44,12 @@ It is advised to enable
 ```
 or share the debug log in [gist](https://gist.github.com/).

+#### Re-run with assertions (optional)
+
+See [the guide](https://github.com/Chilledheart/yass/blob/develop/BUILDING.md) to build *Debug* or *RelWithDebInfo* version.
+
+If you face some crash and the log is somehow incomplete, this variant will run more checks and produce more useful logs.
+
 #### yass coredump (optional)

 See [the guide](https://github.com/Chilledheart/yass/wiki/Debug-Guide#check-coredump) to enable coredump in your system.
--- a/yass/README.md
+++ b/yass/README.md
@@ -96,8 +96,9 @@ Cipher http over TLS are compatible.

 If you need custom Certificate Authority support in GUI or add other TLS-related features, [report here][frs].

-### Post Quantum key-agreements Support (TLS)
-Post Quantum ML-KEM key-agreements in TLS 1.3 (not enabled by default) is added on all of supported Platforms.
+### Post Quantum key-agreements for TLS 1.3
+[ML-KEM Post Quantum key-agreements][mlkem] (not enabled by default) for TLS 1.3 is supported on all platforms
+in place of obsolete [Kyber768 hybrid key-agreements][kyber].

 See [Protecting Chrome Traffic with Hybrid Kyber KEM](https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html) for more.

@@ -170,6 +171,9 @@ Start from wiki's [Guide](https://github.com/Chilledheart/yass/wiki/Debug-Guide)
 [bugs]: https://github.com/Chilledheart/yass/issues/new?assignees=&labels=bug&projects=&template=bug_report.md&title=
 [frs]: https://github.com/Chilledheart/yass/issues/new?assignees=&labels=feature&projects=&template=feature_request.md&title=

+[mlkem]: https://datatracker.ietf.org/doc/draft-connolly-tls-mlkem-key-agreement/
+[kyber]: https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/
+
 [gtk3_rpm_url]: https://github.com/Chilledheart/yass/releases/download/1.15.0/yass-gtk3.el8.x86_64.1.15.0.rpm
 [gtk3_deb_url]: https://github.com/Chilledheart/yass/releases/download/1.15.0/yass-gtk3-ubuntu-16.04-xenial_amd64.1.15.0.deb
 [qt5_rpm_url]: https://github.com/Chilledheart/yass/releases/download/1.15.0/yass-qt5.el8.x86_64.1.15.0.rpm
--- a/yass/src/config/config.cpp
+++ b/yass/src/config/config.cpp
@@ -21,7 +21,6 @@ namespace config {
 bool ReadConfig() {
  auto config_impl = config::ConfigImpl::Create();
  bool required_fields_loaded = true;
-  bool client_required_fields_loaded = true;

  if (!config_impl->Open(false)) {
    if (config_impl->GetEnforceRead()) {
@@ -36,11 +35,10 @@ bool ReadConfig() {
  required_fields_loaded &= config_impl->Read("method", &FLAGS_method);
  required_fields_loaded &= config_impl->Read("username", &FLAGS_username);
  required_fields_loaded &= config_impl->Read("password", &FLAGS_password, true);
-  client_required_fields_loaded &= config_impl->Read("local", &FLAGS_local_host);
-  client_required_fields_loaded &= config_impl->Read("local_port", &FLAGS_local_port);

  if (pType_IsClient()) {
-    required_fields_loaded &= client_required_fields_loaded;
+    required_fields_loaded &= config_impl->Read("local", &FLAGS_local_host);
+    required_fields_loaded &= config_impl->Read("local_port", &FLAGS_local_port);
  }

  /* optional fields */
@@ -75,8 +73,8 @@ bool ReadConfig() {
  }
  if (pType_IsClient()) {
    config_impl->Read("insecure_mode", &FLAGS_insecure_mode);
-    config_impl->Read("enable_post_quantum_kyber", &FLAGS_enable_post_quantum_kyber);
  }
+  config_impl->Read("enable_post_quantum_kyber", &FLAGS_enable_post_quantum_kyber);
  config_impl->Read("tls13_early_data", &FLAGS_tls13_early_data);

 #if BUILDFLAG(IS_MAC)
--- a/yass/src/net/ssl_server_socket.cpp
+++ b/yass/src/net/ssl_server_socket.cpp
@@ -36,11 +36,17 @@ SSLServerSocket::SSLServerSocket(asio::io_context* io_context, asio::ip::tcp::so
    int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
    CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
  } else if (absl::GetFlag(FLAGS_enable_post_quantum_kyber)) {
-    const uint16_t postquantum_group =
-        absl::GetFlag(FLAGS_use_ml_kem) ? SSL_GROUP_X25519_MLKEM768 : SSL_GROUP_X25519_KYBER768_DRAFT00;
-    const uint16_t kGroups[] = {postquantum_group, SSL_GROUP_X25519, SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1};
-    int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
-    CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    if (absl::GetFlag(FLAGS_use_ml_kem)) {
+      const uint16_t kGroups[] = {SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519,
+                                  SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1};
+      int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
+      CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    } else {
+      const uint16_t kGroups[] = {SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519, SSL_GROUP_SECP256R1,
+                                  SSL_GROUP_SECP384R1};
+      int ret = SSL_set1_group_ids(ssl_.get(), kGroups, std::size(kGroups));
+      CHECK_EQ(ret, 1) << "SSL_set1_group_ids failure";
+    }
  }
 }