github.com/Carcraftz/utls@v0.0.0-20220413235215-6b7c52fd78b6/y_ctaes.go (about) 1 // Copyright (c) 2019 Yawning Angel <yawning at schwanenlied dot me> 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU General Public License as published by 5 // the Free Software Foundation, either version 3 of the License, or 6 // (at your option) any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU General Public License for more details. 12 // 13 // You should have received a copy of the GNU General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 16 package tls 17 18 import ( 19 "crypto/aes" 20 "crypto/cipher" 21 22 "gitlab.com/yawning/bsaes.git" 23 ) 24 25 var aesNewCipher func([]byte) (cipher.Block, error) 26 27 // EnableVartimeAES allows utls connections to the faster but insecure 28 // AES and GHASH implementation on certain hardware configurations. When 29 // running on devices where the runtime `crypto/aes` implementation is 30 // constant time, this option has no effect. 31 func EnableVartimeAES() { 32 aesNewCipher = aes.NewCipher 33 } 34 35 func init() { 36 // Platforms where the runtime has optimized GCM-AES are the only 37 // platforms where it is actually safe to use `crypto/aes` if you 38 // care about cache timing attacks. 39 // 40 // Note: `s390x` may also be safe from skimming the Go source, but 41 // upstream utls apparently had trouble getting it to work correctly. 42 if hasGCMAsm { 43 aesNewCipher = aes.NewCipher 44 } else { 45 aesNewCipher = bsaes.NewCipher 46 } 47 }