From f763a80ab59bbaa0fcf5f3b0519a70336ee88744 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Mon, 25 Jan 2021 10:56:50 -0800 Subject: [PATCH] Revert "deps: various quic patches from akamai/openssl" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 06c5b5315a241f9db7f0c50c4a859c02d2c7d110. PR-URL: https://github.com/nodejs/node/pull/37067 Reviewed-By: Matteo Collina Reviewed-By: Rich Trott Reviewed-By: Tobias Nießen Reviewed-By: Michael Dawson Reviewed-By: Trivikram Kamat --- deps/openssl/openssl/CHANGES | 3 - deps/openssl/openssl/Configure | 3 - deps/openssl/openssl/INSTALL | 3 - deps/openssl/openssl/crypto/err/openssl.txt | 20 +- deps/openssl/openssl/crypto/kdf/hkdf.c | 7 +- .../openssl/doc/man3/SSL_CIPHER_get_name.pod | 13 - .../doc/man3/SSL_CTX_set_quic_method.pod | 237 -------------- deps/openssl/openssl/include/openssl/evp.h | 4 - .../openssl/include/openssl/ossl_typ.h | 2 - deps/openssl/openssl/include/openssl/ssl.h | 45 --- deps/openssl/openssl/include/openssl/sslerr.h | 14 - deps/openssl/openssl/include/openssl/tls1.h | 3 - deps/openssl/openssl/ssl/build.info | 4 - deps/openssl/openssl/ssl/s3_msg.c | 12 +- deps/openssl/openssl/ssl/ssl_ciph.c | 34 -- deps/openssl/openssl/ssl/ssl_err.c | 26 -- deps/openssl/openssl/ssl/ssl_lib.c | 40 --- deps/openssl/openssl/ssl/ssl_local.h | 49 +-- deps/openssl/openssl/ssl/ssl_quic.c | 295 ------------------ deps/openssl/openssl/ssl/statem/extensions.c | 29 -- .../openssl/ssl/statem/extensions_clnt.c | 53 ---- .../openssl/ssl/statem/extensions_srvr.c | 57 +--- deps/openssl/openssl/ssl/statem/statem.c | 21 +- deps/openssl/openssl/ssl/statem/statem_clnt.c | 8 - deps/openssl/openssl/ssl/statem/statem_lib.c | 40 +-- .../openssl/openssl/ssl/statem/statem_local.h | 21 -- deps/openssl/openssl/ssl/statem/statem_quic.c | 118 ------- deps/openssl/openssl/ssl/statem/statem_srvr.c | 3 +- deps/openssl/openssl/ssl/tls13_enc.c | 188 ++--------- deps/openssl/openssl/test/evp_extra_test.c | 42 --- deps/openssl/openssl/test/sslapitest.c | 146 --------- deps/openssl/openssl/test/ssltestlib.c | 5 - deps/openssl/openssl/test/tls13secretstest.c | 7 - deps/openssl/openssl/util/libssl.num | 11 - deps/openssl/openssl/util/private.num | 2 - 35 files changed, 33 insertions(+), 1532 deletions(-) delete mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod delete mode 100644 deps/openssl/openssl/ssl/ssl_quic.c delete mode 100644 deps/openssl/openssl/ssl/statem/statem_quic.c diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index ede9dfb0b22e7d..37dd60b726eeb1 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -178,9 +178,6 @@ Changes between 1.1.1c and 1.1.1d [10 Sep 2019] - *) Implement BoringSSL's QUIC API - [Todd Short] - *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure index 125963902fda48..1d73d06e1b3b3e 100755 --- a/deps/openssl/openssl/Configure +++ b/deps/openssl/openssl/Configure @@ -401,7 +401,6 @@ my @disablables = ( "poly1305", "posix-io", "psk", - "quic", "rc2", "rc4", "rc5", @@ -518,8 +517,6 @@ my @disable_cascades = ( sub { !$disabled{"unit-test"} } => [ "heartbeats" ], sub { !$disabled{"msan"} } => [ "asm" ], - - "tls1_3" => [ "quic" ], ); # Avoid protocol support holes. Also disable all versions below N, if version diff --git a/deps/openssl/openssl/INSTALL b/deps/openssl/openssl/INSTALL index 5938e185a14dd6..f5118428b3bca2 100644 --- a/deps/openssl/openssl/INSTALL +++ b/deps/openssl/openssl/INSTALL @@ -456,9 +456,6 @@ no-psk Don't build support for Pre-Shared Key based ciphersuites. - no-quic - Don't build with support for QUIC. - no-rdrand Don't use hardware RDRAND capabilities. diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt index 3d24711e4c3249..815460b24f674d 100644 --- a/deps/openssl/openssl/crypto/err/openssl.txt +++ b/deps/openssl/openssl/crypto/err/openssl.txt @@ -1183,7 +1183,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ ossl_statem_server_post_process_message SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work -SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:ossl_statem_server_pre_work +SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ @@ -1192,9 +1192,6 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names SSL_F_PITEM_NEW:624:pitem_new SSL_F_PQUEUE_NEW:625:pqueue_new SSL_F_PROCESS_KEY_SHARE_EXT:439:* -SSL_F_QUIC_CHANGE_CIPHER_STATE:639:quic_change_cipher_state -SSL_F_QUIC_GET_MESSAGE:641:quic_get_message -SSL_F_QUIC_SET_ENCRYPTION_SECRETS:642:quic_set_encryption_secrets SSL_F_READ_STATE_MACHINE:352:read_state_machine SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret @@ -1205,9 +1202,7 @@ SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm SSL_F_SSL3_CTRL:213:ssl3_ctrl SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records -SSL_F_SSL3_DISPATCH_ALERT:643:ssl3_dispatch_alert SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec -SSL_F_SSL3_DO_WRITE:644:ssl3_do_write SSL_F_SSL3_ENC:608:ssl3_enc SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac @@ -1315,8 +1310,6 @@ SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:* SSL_F_SSL_PEEK:270:SSL_peek SSL_F_SSL_PEEK_EX:432:SSL_peek_ex SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal -SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE:645:SSL_process_quic_post_handshake -SSL_F_SSL_PROVIDE_QUIC_DATA:646:SSL_provide_quic_data SSL_F_SSL_READ:223:SSL_read SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data SSL_F_SSL_READ_EX:434:SSL_read_ex @@ -1366,7 +1359,6 @@ SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data SSL_F_SSL_WRITE_EARLY_FINISH:527:* SSL_F_SSL_WRITE_EX:433:SSL_write_ex SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal -SSL_F_STATEM_FLUSH:647:statem_flush SSL_F_STATE_MACHINE:353:state_machine SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs @@ -1430,8 +1422,6 @@ SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\ tls_construct_ctos_post_handshake_auth SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes -SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS:648:\ - tls_construct_ctos_quic_transport_params SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name @@ -1473,8 +1463,6 @@ SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk -SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS:649:\ - tls_construct_stoc_quic_transport_params SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket @@ -1503,8 +1491,6 @@ SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes -SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS:650:\ - tls_parse_ctos_quic_transport_params SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket @@ -1523,8 +1509,6 @@ SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk -SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS:651:\ - tls_parse_stoc_quic_transport_params SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name @@ -2729,7 +2713,6 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms SSL_R_INSUFFICIENT_SECURITY:241:insufficient security -SSL_R_INTERNAL_ERROR:295:internal error SSL_R_INVALID_ALERT:205:invalid alert SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg @@ -2905,7 +2888,6 @@ SSL_R_VERSION_TOO_LOW:396:version too low SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned SSL_R_WRONG_CURVE:378:wrong curve -SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED:296:wrong encryption level received SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type diff --git a/deps/openssl/openssl/crypto/kdf/hkdf.c b/deps/openssl/openssl/crypto/kdf/hkdf.c index cab5e231fbe639..25bf4b729f64ce 100644 --- a/deps/openssl/openssl/crypto/kdf/hkdf.c +++ b/deps/openssl/openssl/crypto/kdf/hkdf.c @@ -15,7 +15,7 @@ #include "internal/cryptlib.h" #include "crypto/evp.h" -#define HKDF_MAXBUF 2048 +#define HKDF_MAXBUF 1024 static unsigned char *HKDF(const EVP_MD *evp_md, const unsigned char *salt, size_t salt_len, @@ -107,10 +107,7 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) if (kctx->key != NULL) OPENSSL_clear_free(kctx->key, kctx->key_len); - if (p1 == 0) - kctx->key = OPENSSL_zalloc(1); - else - kctx->key = OPENSSL_memdup(p2, p1); + kctx->key = OPENSSL_memdup(p2, p1); if (kctx->key == NULL) return 0; diff --git a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod index 20437b76e84791..26edae3d80be93 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod @@ -13,7 +13,6 @@ SSL_CIPHER_get_digest_nid, SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, -SSL_CIPHER_get_prf_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, @@ -35,7 +34,6 @@ SSL_CIPHER_get_protocol_id const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); - int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); @@ -93,15 +91,6 @@ TLS 1.3 cipher suites) B is returned. Examples (not comprehensive) NID_auth_ecdsa NID_auth_psk -SSL_CIPHER_get_prf_nid() retuns the pseudo-random function NID for B. If B is -a pre-TLS-1.2 cipher, it returns B but note these ciphers use -SHA-256 in TLS 1.2. Other return values may be treated uniformly in all -applicable versions. Examples (not comprehensive): - - NID_md5_sha1 - NID_sha256 - NID_sha384 - SSL_CIPHER_is_aead() returns 1 if the cipher B is AEAD (e.g. GCM or ChaCha20/Poly1305), and 0 if it is not AEAD. @@ -212,8 +201,6 @@ required to enable this function. The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. -The SSL_CIPHER_get_prf_nid() function was added in OpenSSL 3.0.0. - =head1 COPYRIGHT Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod deleted file mode 100644 index 3d7bf7e6821373..00000000000000 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod +++ /dev/null @@ -1,237 +0,0 @@ -=pod - -=head1 NAME - -SSL_QUIC_METHOD, -OSSL_ENCRYPTION_LEVEL, -SSL_CTX_set_quic_method, -SSL_set_quic_method, -SSL_set_quic_transport_params, -SSL_get_peer_quic_transport_params, -SSL_quic_max_handshake_flight_len, -SSL_quic_read_level, -SSL_quic_write_level, -SSL_provide_quic_data, -SSL_process_quic_post_handshake, -SSL_is_quic -- QUIC support - -=head1 SYNOPSIS - - #include - - typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - typedef enum ssl_encryption_level_t OSSL_ENCRYPTION_LEVEL; - - int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); - int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); - int SSL_set_quic_transport_params(SSL *ssl, - const uint8_t *params, - size_t params_len); - void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len); - size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); - OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); - OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); - int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int SSL_process_quic_post_handshake(SSL *ssl); - int SSL_is_quic(SSL *ssl); - -=head1 DESCRIPTION - -SSL_CTX_set_quic_method() and SSL_set_quic_method() configures the QUIC methods. -This should only be configured with a minimum version of TLS 1.3. B -must remain valid for the lifetime of B or B. Calling this disables -the SSL_OP_ENABLE_MIDDLEBOX_COMPAT option, which is not required for QUIC. - -SSL_set_quic_transport_params() configures B to send B (of length -B) in the quic_transport_parameters extension in either the -ClientHello or EncryptedExtensions handshake message. This extension will -only be sent if the TLS version is at least 1.3, and for a server, only if -the client sent the extension. The buffer pointed to by B only need be -valid for the duration of the call to this function. - -SSL_get_peer_quic_transport_params() provides the caller with the value of the -quic_transport_parameters extension sent by the peer. A pointer to the buffer -containing the TransportParameters will be put in B<*out_params>, and its -length in B<*out_params_len>. This buffer will be valid for the lifetime of the -B. If no params were received from the peer, B<*out_params_len> will be 0. - -SSL_quic_max_handshake_flight_len() returns the maximum number of bytes -that may be received at the given encryption level. This function should be -used to limit buffering in the QUIC implementation. - -See https://tools.ietf.org/html/draft-ietf-quic-transport-27#section-4. - -SSL_quic_read_level() returns the current read encryption level. - -SSL_quic_write_level() returns the current write encryption level. - -SSL_provide_quic_data() is used to provide data from QUIC CRYPTO frames to the -state machine, at a particular encryption level B. It is an error to -call this function outside of the handshake or with an encryption level other -than the current read level. The application must buffer and consolidate any -frames with less than four bytes of content. It returns one on success and -zero on error. - -SSL_process_quic_post_handshake() processes any data that QUIC has provided -after the handshake has completed. This includes NewSessionTicket messages -sent by the server. - -SSL_is_quic() indicates whether a connection uses QUIC. A given B -or B can only be used with QUIC or TLS, but not both. - -=head1 NOTES - -These APIs are implementations of BoringSSL's QUIC APIs. - -QUIC acts as an underlying transport for the TLS 1.3 handshake. The following -functions allow a QUIC implementation to serve as the underlying transport as -described in draft-ietf-quic-tls. - -When configured for QUIC, SSL_do_handshake() will drive the handshake as -before, but it will not use the configured B. It will call functions from -the configured B to configure secrets and send data. If data -is needed from the peer, it will return B. When received, -the caller should call SSL_provide_quic_data() and then SSL_do_handshake() to -continue the handshake. After the handshake is complete, the caller should call -SSL_provide_quic_data() for any post-handshake data, followed by -SSL_process_quic_post_handshake() to process it. It is an error to call -SSL_read()/SSL_read_ex() and SSL_write()/SSL_write_ex() in QUIC. - -Note that secrets for an encryption level may be available to QUIC before the -level is active in TLS. Callers should use SSL_quic_read_level() to determine -the active read level for SSL_provide_quic_data(). SSL_do_handshake() will -pass the active write level to add_handshake_data() when writing data. Callers -can use SSL_quic_write_level() to query the active write level when -generating their own errors. - -See https://tools.ietf.org/html/draft-ietf-quic-tls-27#section-4.1 for more -details. - -To avoid DoS attacks, the QUIC implementation must limit the amount of data -being queued up. The implementation can call -SSL_quic_max_handshake_flight_len() to get the maximum buffer length at each -encryption level. - -draft-ietf-quic-tls defines a new TLS extension "quic_transport_parameters" -used by QUIC for each endpoint to unilaterally declare its supported -transport parameters. The contents of the extension are specified in -https://tools.ietf.org/html/draft-ietf-quic-transport-27#section-18 (as -a sequence of tag/length/value parameters) along with the interpretation of the -various parameters and the rules for their processing. - -OpenSSL handles this extension as an opaque byte string. The caller is -responsible for serializing and parsing it. - -=head2 OSSL_ENCRYPTION_LEVEL - -B (B) represents the -encryption levels: - -=over 4 - -=item ssl_encryption_initial - -The initial encryption level that is used for client and server hellos. - -=item ssl_encryption_early_data - -The encryption level for early data. This is a write-level for the client -and a read-level for the server. - -=item ssl_encryption_handshake - -The encryption level for the remainder of the handshake. - -=item ssl_encryption_application - -The encryption level for the application data. - -=back - -=head2 SSL_QUIC_METHOD - -The B (B) describes the -QUIC methods. - - struct ssl_quic_method_st { - int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, size_t secret_len); - int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int (*flush_flight)(SSL *ssl); - int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); - }; - typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - -set_encryption_secrets() configures the read and write secrets for the given -encryption level. This function will always be called before an encryption -level other than B is used. Note, however, that -secrets for a level may be configured before TLS is ready to send or accept -data at that level. - -When reading packets at a given level, the QUIC implementation must send -ACKs at the same level, so this function provides read and write secrets -together. The exception is B, where secrets are -only available in the client to server direction. The other secret will be -NULL. The server acknowledges such data at B, -which will be configured in the same SSL_do_handshake() call. - -This function should use SSL_get_current_cipher() to determine the TLS -cipher suite. - -add_handshake_data() adds handshake data to the current flight at the given -encryption level. It returns one on success and zero on error. - -OpenSSL will pack data from a single encryption level together, but a -single handshake flight may include multiple encryption levels. Callers -should defer writing data to the network until flush_flight() to better -pack QUIC packets into transport datagrams. - -flush_flight() is called when the current flight is complete and should be -written to the transport. Note a flight may contain data at several -encryption levels. - -send_alert() sends a fatal alert at the specified encryption level. - -All QUIC methods return 1 on success and 0 on error. - -=head1 RETURN VALUES - -SSL_CTX_set_quic_method(), -SSL_set_quic_method(), -SSL_set_quic_transport_params(), and -SSL_process_quic_post_handshake() -return 1 on success, and 0 on error. - -SSL_quic_read_level() and SSL_quic_write_level() return the current -encryption level as an B -(B). - -SSL_quic_max_handshake_flight_len() returns the maximum length in bytes of a -flight for a given encryption level. - -SSL_is_quic() returns 1 if QUIC is being used, 0 if not. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -These functions were added in OpenSSL 3.0.0. - -=head1 COPYRIGHT - -Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h index 275b7a4acca550..a411f3f2f94918 100644 --- a/deps/openssl/openssl/include/openssl/evp.h +++ b/deps/openssl/openssl/include/openssl/evp.h @@ -1324,10 +1324,6 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, */ # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 -/* Used by Chromium/QUIC */ -# define X25519_PRIVATE_KEY_LEN 32 -# define X25519_PUBLIC_VALUE_LEN 32 - const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, diff --git a/deps/openssl/openssl/include/openssl/ossl_typ.h b/deps/openssl/openssl/include/openssl/ossl_typ.h index d2fdce8fdf6fdf..e0edfaaf476059 100644 --- a/deps/openssl/openssl/include/openssl/ossl_typ.h +++ b/deps/openssl/openssl/include/openssl/ossl_typ.h @@ -176,8 +176,6 @@ typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; typedef struct ossl_store_info_st OSSL_STORE_INFO; typedef struct ossl_store_search_st OSSL_STORE_SEARCH; -typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ defined(INTMAX_MAX) && defined(UINTMAX_MAX) typedef intmax_t ossl_intmax_t; diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h index 08d4c74b237cc1..fd0c5a99967ff6 100644 --- a/deps/openssl/openssl/include/openssl/ssl.h +++ b/deps/openssl/openssl/include/openssl/ssl.h @@ -2432,51 +2432,6 @@ void SSL_set_allow_early_data_cb(SSL *s, SSL_allow_early_data_cb_fn cb, void *arg); -# ifndef OPENSSL_NO_QUIC -/* - * QUIC integration - The QUIC interface matches BoringSSL - * - * ssl_encryption_level_t represents a specific QUIC encryption level used to - * transmit handshake messages. BoringSSL has this as an 'enum'. - */ -typedef enum ssl_encryption_level_t { - ssl_encryption_initial = 0, - ssl_encryption_early_data, - ssl_encryption_handshake, - ssl_encryption_application -} OSSL_ENCRYPTION_LEVEL; - -struct ssl_quic_method_st { - int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, size_t secret_len); - int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int (*flush_flight)(SSL *ssl); - int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); -}; - -__owur int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); -__owur int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); -__owur int SSL_set_quic_transport_params(SSL *ssl, - const uint8_t *params, - size_t params_len); -void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len); -__owur size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); -__owur OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); -__owur OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); -__owur int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); -__owur int SSL_process_quic_post_handshake(SSL *ssl); - -__owur int SSL_is_quic(SSL *ssl); - -int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); - -# endif - # ifdef __cplusplus } # endif diff --git a/deps/openssl/openssl/include/openssl/sslerr.h b/deps/openssl/openssl/include/openssl/sslerr.h index 80cc5f379a6618..82983d3c1e99fd 100644 --- a/deps/openssl/openssl/include/openssl/sslerr.h +++ b/deps/openssl/openssl/include/openssl/sslerr.h @@ -96,9 +96,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_PITEM_NEW 624 # define SSL_F_PQUEUE_NEW 625 # define SSL_F_PROCESS_KEY_SHARE_EXT 439 -# define SSL_F_QUIC_CHANGE_CIPHER_STATE 639 -# define SSL_F_QUIC_GET_MESSAGE 641 -# define SSL_F_QUIC_SET_ENCRYPTION_SECRETS 642 # define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SET_CLIENT_CIPHERSUITE 540 # define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 @@ -109,9 +106,7 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL3_CTRL 213 # define SSL_F_SSL3_CTX_CTRL 133 # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 -# define SSL_F_SSL3_DISPATCH_ALERT 643 # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 -# define SSL_F_SSL3_DO_WRITE 644 # define SSL_F_SSL3_ENC 608 # define SSL_F_SSL3_FINAL_FINISH_MAC 285 # define SSL_F_SSL3_FINISH_MAC 587 @@ -216,8 +211,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_PEEK 270 # define SSL_F_SSL_PEEK_EX 432 # define SSL_F_SSL_PEEK_INTERNAL 522 -# define SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE 645 -# define SSL_F_SSL_PROVIDE_QUIC_DATA 646 # define SSL_F_SSL_READ 223 # define SSL_F_SSL_READ_EARLY_DATA 529 # define SSL_F_SSL_READ_EX 434 @@ -267,7 +260,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_SSL_WRITE_EARLY_FINISH 527 # define SSL_F_SSL_WRITE_EX 433 # define SSL_F_SSL_WRITE_INTERNAL 524 -# define SSL_F_STATEM_FLUSH 647 # define SSL_F_STATE_MACHINE 353 # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 # define SSL_F_TLS12_COPY_SIGALGS 533 @@ -327,7 +319,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 # define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 # define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 -# define SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS 648 # define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 # define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 # define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 @@ -367,7 +358,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 # define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 # define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 -# define SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS 649 # define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 # define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 # define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 @@ -393,7 +383,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 # define SSL_F_TLS_PARSE_CTOS_PSK 505 # define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 -# define SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS 650 # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 # define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 # define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 @@ -412,7 +401,6 @@ int ERR_load_SSL_strings(void); # define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 # define SSL_F_TLS_PARSE_STOC_NPN 582 # define SSL_F_TLS_PARSE_STOC_PSK 502 -# define SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS 651 # define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 # define SSL_F_TLS_PARSE_STOC_SCT 564 # define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 @@ -577,7 +565,6 @@ int ERR_load_SSL_strings(void); # define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 # define SSL_R_INCONSISTENT_EXTMS 104 # define SSL_R_INSUFFICIENT_SECURITY 241 -# define SSL_R_INTERNAL_ERROR 295 # define SSL_R_INVALID_ALERT 205 # define SSL_R_INVALID_CCS_MESSAGE 260 # define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 @@ -775,7 +762,6 @@ int ERR_load_SSL_strings(void); # define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 # define SSL_R_WRONG_CURVE 378 -# define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 296 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 # define SSL_R_WRONG_SIGNATURE_TYPE 370 diff --git a/deps/openssl/openssl/include/openssl/tls1.h b/deps/openssl/openssl/include/openssl/tls1.h index c11ca1efa30c9c..76d9fda46e207e 100644 --- a/deps/openssl/openssl/include/openssl/tls1.h +++ b/deps/openssl/openssl/include/openssl/tls1.h @@ -148,9 +148,6 @@ extern "C" { /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 -/* ExtensionType value from draft-ietf-quic-tls-27 */ -# define TLSEXT_TYPE_quic_transport_parameters 0xffa5 - # ifndef OPENSSL_NO_NEXTPROTONEG /* This is not an IANA defined extension number */ # define TLSEXT_TYPE_next_proto_neg 13172 diff --git a/deps/openssl/openssl/ssl/build.info b/deps/openssl/openssl/ssl/build.info index 497d943900d642..bb2f1deb530066 100644 --- a/deps/openssl/openssl/ssl/build.info +++ b/deps/openssl/openssl/ssl/build.info @@ -13,7 +13,3 @@ SOURCE[../libssl]=\ bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ statem/statem.c record/ssl3_record_tls13.c - -IF[{- !$disabled{quic} -}] - SOURCE[../libssl]=ssl_quic.c statem/statem_quic.c -ENDIF diff --git a/deps/openssl/openssl/ssl/s3_msg.c b/deps/openssl/openssl/ssl/s3_msg.c index 8d3cd442aa0b75..339fb2774a6339 100644 --- a/deps/openssl/openssl/ssl/s3_msg.c +++ b/deps/openssl/openssl/ssl/s3_msg.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -75,16 +75,6 @@ int ssl3_dispatch_alert(SSL *s) s->s3->alert_dispatch = 0; alertlen = 2; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (!s->quic_method->send_alert(s, s->quic_write_level, - s->s3->send_alert[1])) { - SSLerr(SSL_F_SSL3_DISPATCH_ALERT, SSL_R_INTERNAL_ERROR); - return 0; - } - i = 1; - } else -#endif i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, &written); if (i <= 0) { diff --git a/deps/openssl/openssl/ssl/ssl_ciph.c b/deps/openssl/openssl/ssl/ssl_ciph.c index 67514f40b8dd38..735a483c64486a 100644 --- a/deps/openssl/openssl/ssl/ssl_ciph.c +++ b/deps/openssl/openssl/ssl/ssl_ciph.c @@ -2162,37 +2162,3 @@ int ssl_cert_is_disabled(size_t idx) return 1; return 0; } - -#ifndef OPENSSL_NO_QUIC -int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm2 & (0xFF << TLS1_PRF_DGST_SHIFT)) { - default: - break; - case TLS1_PRF_SHA1_MD5: /* TLS1_PRF */ - return NID_md5_sha1; - case TLS1_PRF_SHA256: - return NID_sha256; - case TLS1_PRF_SHA384: - return NID_sha384; - case TLS1_PRF_GOST94: - return NID_id_GostR3411_94_prf; - case TLS1_PRF_GOST12_256: - return NID_id_GostR3411_2012_256; - case TLS1_PRF_GOST12_512: - return NID_id_GostR3411_2012_512; - } - /* TLSv1.3 ciphers don't specify separate PRF */ - switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { - default: - break; - case SSL_HANDSHAKE_MAC_MD5_SHA1: /* SSL_HANDSHAKE_MAC_DEFAULT */ - return NID_md5_sha1; - case SSL_HANDSHAKE_MAC_SHA256: - return NID_sha256; - case SSL_HANDSHAKE_MAC_SHA384: - return NID_sha384; - } - return NID_undef; -} -#endif diff --git a/deps/openssl/openssl/ssl/ssl_err.c b/deps/openssl/openssl/ssl/ssl_err.c index 3cdbee2ffa940b..4b12ed1485d985 100644 --- a/deps/openssl/openssl/ssl/ssl_err.c +++ b/deps/openssl/openssl/ssl/ssl_err.c @@ -112,8 +112,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "ossl_statem_server_post_process_message"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0), "ossl_statem_server_post_work"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PRE_WORK, 0), - "ossl_statem_server_pre_work"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0), "ossl_statem_server_process_message"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0), @@ -124,11 +122,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_CHANGE_CIPHER_STATE, 0), - "quic_change_cipher_state"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_GET_MESSAGE, 0), "quic_get_message"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, 0), - "quic_set_encryption_secrets"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), "set_client_ciphersuite"}, @@ -146,11 +139,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0), "ssl3_digest_cached_records"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DISPATCH_ALERT, 0), - "ssl3_dispatch_alert"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0), "ssl3_do_change_cipher_spec"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_WRITE, 0), "ssl3_do_write"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0), "ssl3_final_finish_mac"}, @@ -312,10 +302,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE, 0), - "SSL_process_quic_post_handshake"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PROVIDE_QUIC_DATA, 0), - "SSL_provide_quic_data"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0), "SSL_read_early_data"}, @@ -392,7 +378,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_STATEM_FLUSH, 0), "statem_flush"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0), "tls12_check_peer_sigalg"}, @@ -494,8 +479,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_ctos_psk"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0), "tls_construct_ctos_psk_kex_modes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS, 0), - "tls_construct_ctos_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0), "tls_construct_ctos_renegotiate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0), @@ -567,8 +550,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_construct_stoc_next_proto_neg"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0), "tls_construct_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS, 0), - "tls_construct_stoc_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0), "tls_construct_stoc_renegotiate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0), @@ -615,8 +596,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0), "tls_parse_ctos_psk_kex_modes"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS, 0), - "tls_parse_ctos_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0), "tls_parse_ctos_renegotiate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0), @@ -649,8 +628,6 @@ static const ERR_STRING_DATA SSL_str_functs[] = { "tls_parse_stoc_maxfragmentlen"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, - {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS, 0), - "tls_parse_stoc_quic_transport_params"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0), "tls_parse_stoc_renegotiate"}, {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"}, @@ -928,7 +905,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), "insufficient security"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INTERNAL_ERROR), "internal error"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), "invalid ccs message"}, @@ -1272,8 +1248,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), - "wrong encryption level received"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c index a46b7563d9ca2f..98057921f84060 100644 --- a/deps/openssl/openssl/ssl/ssl_lib.c +++ b/deps/openssl/openssl/ssl/ssl_lib.c @@ -839,10 +839,6 @@ SSL *SSL_new(SSL_CTX *ctx) s->job = NULL; -#ifndef OPENSSL_NO_QUIC - s->quic_method = ctx->quic_method; -#endif - #ifndef OPENSSL_NO_CT if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, ctx->ct_validation_callback_arg)) @@ -1210,19 +1206,6 @@ void SSL_free(SSL *s) OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); -#ifndef OPENSSL_NO_QUIC - OPENSSL_free(s->ext.quic_transport_params); - OPENSSL_free(s->ext.peer_quic_transport_params); - BUF_MEM_free(s->quic_buf); - while (s->quic_input_data_head != NULL) { - QUIC_DATA *qd; - - qd = s->quic_input_data_head; - s->quic_input_data_head = qd->next; - OPENSSL_free(qd); - } -#endif - sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); @@ -1742,12 +1725,6 @@ static int ssl_io_intern(void *vargs) int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED); return -1; @@ -1880,12 +1857,6 @@ int SSL_get_early_data_status(const SSL *s) static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - SSLerr(SSL_F_SSL_PEEK_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED); return -1; @@ -1946,12 +1917,6 @@ int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED); return -1; @@ -3603,11 +3568,6 @@ int SSL_get_error(const SSL *s, int i) } if (SSL_want_read(s)) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - return SSL_ERROR_WANT_READ; - } -#endif bio = SSL_get_rbio(s); if (BIO_should_read(bio)) return SSL_ERROR_WANT_READ; diff --git a/deps/openssl/openssl/ssl/ssl_local.h b/deps/openssl/openssl/ssl/ssl_local.h index 5d6a0f1a727932..8ddbde77296514 100644 --- a/deps/openssl/openssl/ssl/ssl_local.h +++ b/deps/openssl/openssl/ssl/ssl_local.h @@ -315,13 +315,6 @@ /* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ # define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 -/* Check if an SSL structure is using QUIC (which uses TLSv1.3) */ -# ifndef OPENSSL_NO_QUIC -# define SSL_IS_QUIC(s) (s->quic_method != NULL) -# else -# define SSL_IS_QUIC(s) 0 -# endif - /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) @@ -722,7 +715,6 @@ typedef enum tlsext_index_en { TLSEXT_IDX_cryptopro_bug, TLSEXT_IDX_early_data, TLSEXT_IDX_certificate_authorities, - TLSEXT_IDX_quic_transport_params, TLSEXT_IDX_padding, TLSEXT_IDX_psk, /* Dummy index - must always be the last entry */ @@ -1072,24 +1064,7 @@ struct ssl_ctx_st { /* Do we advertise Post-handshake auth support? */ int pha_enabled; - -#ifndef OPENSSL_NO_QUIC - const SSL_QUIC_METHOD *quic_method; -#endif -}; - -typedef struct cert_pkey_st CERT_PKEY; - -#ifndef OPENSSL_NO_QUIC -struct quic_data_st { - struct quic_data_st *next; - OSSL_ENCRYPTION_LEVEL level; - size_t start; /* offset into quic_buf->data */ - size_t length; }; -typedef struct quic_data_st QUIC_DATA; -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level); -#endif struct ssl_st { /* @@ -1178,11 +1153,6 @@ struct ssl_st { unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; -# ifndef OPENSSL_NO_QUIC - unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; - unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; - unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; -# endif unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ @@ -1395,25 +1365,8 @@ struct ssl_st { * selected. */ int tick_identity; - -#ifndef OPENSSL_NO_QUIC - uint8_t *quic_transport_params; - size_t quic_transport_params_len; - uint8_t *peer_quic_transport_params; - size_t peer_quic_transport_params_len; -#endif } ext; -#ifndef OPENSSL_NO_QUIC - OSSL_ENCRYPTION_LEVEL quic_read_level; - OSSL_ENCRYPTION_LEVEL quic_write_level; - OSSL_ENCRYPTION_LEVEL quic_latest_level_received; - BUF_MEM *quic_buf; /* buffer incoming handshake messages */ - QUIC_DATA *quic_input_data_head; - QUIC_DATA *quic_input_data_tail; - size_t quic_next_record_start; - const SSL_QUIC_METHOD *quic_method; -#endif /* * Parsed form of the ClientHello, kept around across client_hello_cb * calls. @@ -1564,6 +1517,8 @@ typedef struct tls_group_info_st { # define TLS_CURVE_CHAR2 0x1 # define TLS_CURVE_CUSTOM 0x2 +typedef struct cert_pkey_st CERT_PKEY; + /* * Structure containing table entry of certificate info corresponding to * CERT_PKEY entries diff --git a/deps/openssl/openssl/ssl/ssl_quic.c b/deps/openssl/openssl/ssl/ssl_quic.c deleted file mode 100644 index 7e0495fd54a2a2..00000000000000 --- a/deps/openssl/openssl/ssl/ssl_quic.c +++ /dev/null @@ -1,295 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "ssl_local.h" -#include "internal/cryptlib.h" -#include "internal/refcount.h" - -int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, - size_t params_len) -{ - uint8_t *tmp; - - if (params == NULL || params_len == 0) { - tmp = NULL; - params_len = 0; - } else { - tmp = OPENSSL_memdup(params, params_len); - if (tmp == NULL) - return 0; - } - - OPENSSL_free(ssl->ext.quic_transport_params); - ssl->ext.quic_transport_params = tmp; - ssl->ext.quic_transport_params_len = params_len; - return 1; -} - -void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len) -{ - *out_params = ssl->ext.peer_quic_transport_params; - *out_params_len = ssl->ext.peer_quic_transport_params_len; -} - -size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - /* - * Limits flights to 16K by default when there are no large - * (certificate-carrying) messages. - */ - static const size_t DEFAULT_FLIGHT_LIMIT = 16384; - - switch (level) { - case ssl_encryption_initial: - return DEFAULT_FLIGHT_LIMIT; - case ssl_encryption_early_data: - /* QUIC does not send EndOfEarlyData. */ - return 0; - case ssl_encryption_handshake: - if (ssl->server) { - /* - * Servers may receive Certificate message if configured to request - * client certificates. - */ - if ((ssl->verify_mode & SSL_VERIFY_PEER) - && ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) - return ssl->max_cert_list; - } else { - /* - * Clients may receive both Certificate message and a CertificateRequest - * message. - */ - if (2*ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) - return 2 * ssl->max_cert_list; - } - return DEFAULT_FLIGHT_LIMIT; - case ssl_encryption_application: - return DEFAULT_FLIGHT_LIMIT; - } - - return 0; -} - -OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl) -{ - return ssl->quic_read_level; -} - -OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl) -{ - return ssl->quic_write_level; -} - -int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len) -{ - size_t l, offset; - - if (!SSL_IS_QUIC(ssl)) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - /* Level can be different than the current read, but not less */ - if (level < ssl->quic_read_level - || (ssl->quic_input_data_tail != NULL && level < ssl->quic_input_data_tail->level) - || level < ssl->quic_latest_level_received) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - return 0; - } - - if (ssl->quic_buf == NULL) { - BUF_MEM *buf; - if ((buf = BUF_MEM_new()) == NULL) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_INTERNAL_ERROR); - return 0; - } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_INTERNAL_ERROR); - BUF_MEM_free(buf); - return 0; - } - ssl->quic_buf = buf; - /* We preallocated storage, but there's still no *data*. */ - ssl->quic_buf->length = 0; - buf = NULL; - } - - /* A TLS message must not cross an encryption level boundary */ - if (ssl->quic_buf->length != ssl->quic_next_record_start - && level != ssl->quic_latest_level_received) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, - SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - return 0; - } - ssl->quic_latest_level_received = level; - - offset = ssl->quic_buf->length; - if (!BUF_MEM_grow(ssl->quic_buf, offset + len)) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_INTERNAL_ERROR); - return 0; - } - memcpy(ssl->quic_buf->data + offset, data, len); - - /* Split on handshake message boundaries */ - while (ssl->quic_buf->length > ssl->quic_next_record_start - + SSL3_HM_HEADER_LENGTH) { - QUIC_DATA *qd; - const uint8_t *p; - - /* TLS Handshake message header has 1-byte type and 3-byte length */ - p = (const uint8_t *)ssl->quic_buf->data - + ssl->quic_next_record_start + 1; - n2l3(p, l); - l += SSL3_HM_HEADER_LENGTH; - /* Don't allocate a QUIC_DATA if we don't have a full record */ - if (l > ssl->quic_buf->length - ssl->quic_next_record_start) - break; - - qd = OPENSSL_zalloc(sizeof(*qd)); - if (qd == NULL) { - SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_INTERNAL_ERROR); - return 0; - } - - qd->next = NULL; - qd->length = l; - qd->start = ssl->quic_next_record_start; - qd->level = level; - - if (ssl->quic_input_data_tail != NULL) - ssl->quic_input_data_tail->next = qd; - else - ssl->quic_input_data_head = qd; - ssl->quic_input_data_tail = qd; - ssl->quic_next_record_start += l; - } - - return 1; -} - -int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) -{ - if (ctx->method->version != TLS_ANY_VERSION) - return 0; - ctx->quic_method = quic_method; - ctx->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - return 1; -} - -int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) -{ - if (ssl->method->version != TLS_ANY_VERSION) - return 0; - ssl->quic_method = quic_method; - ssl->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - return 1; -} - -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - uint8_t *c2s_secret = NULL; - uint8_t *s2c_secret = NULL; - size_t len; - const EVP_MD *md; - - if (!SSL_IS_QUIC(ssl)) - return 1; - - /* secrets from the POV of the client */ - switch (level) { - case ssl_encryption_early_data: - c2s_secret = ssl->client_early_traffic_secret; - break; - case ssl_encryption_handshake: - c2s_secret = ssl->client_hand_traffic_secret; - s2c_secret = ssl->server_hand_traffic_secret; - break; - case ssl_encryption_application: - c2s_secret = ssl->client_app_traffic_secret; - s2c_secret = ssl->server_app_traffic_secret; - break; - default: - return 1; - } - - md = ssl_handshake_md(ssl); - if (md == NULL) { - /* May not have selected cipher, yet */ - const SSL_CIPHER *c = NULL; - - /* - * It probably doesn't make sense to use an (external) PSK session, - * but in theory some kinds of external session caches could be - * implemented using it, so allow psksession to be used as well as - * the regular session. - */ - if (ssl->session != NULL) - c = SSL_SESSION_get0_cipher(ssl->session); - else if (ssl->psksession != NULL) - c = SSL_SESSION_get0_cipher(ssl->psksession); - - if (c != NULL) - md = SSL_CIPHER_get_handshake_digest(c); - } - - if ((len = EVP_MD_size(md)) <= 0) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, - ERR_R_INTERNAL_ERROR); - return 0; - } - - if (ssl->server) { - if (!ssl->quic_method->set_encryption_secrets(ssl, level, c2s_secret, - s2c_secret, len)) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, - ERR_R_INTERNAL_ERROR); - return 0; - } - } else { - if (!ssl->quic_method->set_encryption_secrets(ssl, level, s2c_secret, - c2s_secret, len)) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, - ERR_R_INTERNAL_ERROR); - return 0; - } - } - - return 1; -} - -int SSL_process_quic_post_handshake(SSL *ssl) -{ - int ret; - - if (SSL_in_init(ssl) || !SSL_IS_QUIC(ssl)) { - SSLerr(SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - /* - * This is always safe (we are sure to be at a record boundary) because - * SSL_read()/SSL_write() are never used for QUIC connections -- the - * application data is handled at the QUIC layer instead. - */ - ossl_statem_set_in_init(ssl, 1); - ret = ssl->handshake_func(ssl); - ossl_statem_set_in_init(ssl, 0); - - if (ret <= 0) - return 0; - return 1; -} - -int SSL_is_quic(SSL* ssl) -{ - return SSL_IS_QUIC(ssl); -} diff --git a/deps/openssl/openssl/ssl/statem/extensions.c b/deps/openssl/openssl/ssl/statem/extensions.c index a79315f78dbb22..c785ab785d3802 100644 --- a/deps/openssl/openssl/ssl/statem/extensions.c +++ b/deps/openssl/openssl/ssl/statem/extensions.c @@ -56,10 +56,6 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent); static int final_early_data(SSL *s, unsigned int context, int sent); static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL *s, unsigned int context); -#ifndef OPENSSL_NO_QUIC -static int init_quic_transport_params(SSL *s, unsigned int context); -static int final_quic_transport_params(SSL *s, unsigned int context, int sent); -#endif /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -377,19 +373,6 @@ static const EXTENSION_DEFINITION ext_defs[] = { tls_construct_certificate_authorities, tls_construct_certificate_authorities, NULL, }, -#ifndef OPENSSL_NO_QUIC - { - TLSEXT_TYPE_quic_transport_parameters, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, - init_quic_transport_params, - tls_parse_ctos_quic_transport_params, tls_parse_stoc_quic_transport_params, - tls_construct_stoc_quic_transport_params, tls_construct_ctos_quic_transport_params, - final_quic_transport_params, - }, -#else - INVALID_EXTENSION, -#endif { /* Must be immediately before pre_shared_key */ TLSEXT_TYPE_padding, @@ -1730,15 +1713,3 @@ static int init_post_handshake_auth(SSL *s, unsigned int context) return 1; } - -#ifndef OPENSSL_NO_QUIC -static int init_quic_transport_params(SSL *s, unsigned int context) -{ - return 1; -} - -static int final_quic_transport_params(SSL *s, unsigned int context, int sent) -{ - return 1; -} -#endif diff --git a/deps/openssl/openssl/ssl/statem/extensions_clnt.c b/deps/openssl/openssl/ssl/statem/extensions_clnt.c index a2992b96022750..bcce0f1d9534b0 100644 --- a/deps/openssl/openssl/ssl/statem/extensions_clnt.c +++ b/deps/openssl/openssl/ssl/statem/extensions_clnt.c @@ -1214,28 +1214,7 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, #endif } -#ifndef OPENSSL_NO_QUIC -/* SAME AS tls_construct_stoc_quic_transport_params() */ -EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - if (s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - return EXT_RETURN_SENT; -} -#endif /* * Parse the server's renegotiation binding and abort if it's not right */ @@ -1933,18 +1912,6 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, return 0; } -#ifndef OPENSSL_NO_QUIC - /* - * QUIC server must send 0xFFFFFFFF or it's a PROTOCOL_VIOLATION - * per draft-ietf-quic-tls-27 S4.5 - */ - if (s->quic_method != NULL && max_early_data != 0xFFFFFFFF) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA, - SSL_R_INVALID_MAX_EARLY_DATA); - return 0; - } -#endif - s->session->ext.max_early_data = max_early_data; return 1; @@ -2032,23 +1999,3 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, return 1; } -#ifndef OPENSSL_NO_QUIC -/* SAME AS tls_parse_ctos_quic_transport_params() */ -int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params, - &s->ext.peer_quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS, - ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} -#endif diff --git a/deps/openssl/openssl/ssl/statem/extensions_srvr.c b/deps/openssl/openssl/ssl/statem/extensions_srvr.c index 6ff2232e467ba6..3c7395c0eb263c 100644 --- a/deps/openssl/openssl/ssl/statem/extensions_srvr.c +++ b/deps/openssl/openssl/ssl/statem/extensions_srvr.c @@ -1303,27 +1303,6 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context return 1; } -#ifndef OPENSSL_NO_QUIC -/* SAME AS tls_parse_stoc_quic_transport_params() */ -int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params, - &s->ext.peer_quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS, - ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} -#endif - /* * Add the server's renegotiation binding */ @@ -1947,20 +1926,12 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { - uint32_t max_early_data = s->max_early_data; - - if (max_early_data == 0) + if (s->max_early_data == 0) return EXT_RETURN_NOT_SENT; -#ifndef OPENSSL_NO_QUIC - /* QUIC server must always send 0xFFFFFFFF, per draft-ietf-quic-tls-27 S4.5 */ - if (s->quic_method != NULL) - max_early_data = 0xFFFFFFFF; -#endif - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, max_early_data) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR); @@ -2001,27 +1972,3 @@ EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, return EXT_RETURN_SENT; } - -#ifndef OPENSSL_NO_QUIC -/* SAME AS tls_construct_ctos_quic_transport_params() */ -EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - if (s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, - SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS, - ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} -#endif diff --git a/deps/openssl/openssl/ssl/statem/statem.c b/deps/openssl/openssl/ssl/statem/statem.c index d76924da85c481..20f5bd584e6c59 100644 --- a/deps/openssl/openssl/ssl/statem/statem.c +++ b/deps/openssl/openssl/ssl/statem/statem.c @@ -575,11 +575,6 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) * In DTLS we get the whole message in one go - header and body */ ret = dtls_get_message(s, &mt, &len); -#ifndef OPENSSL_NO_QUIC - } else if (SSL_IS_QUIC(s)) { - /* QUIC behaves like DTLS -- all in one go. */ - ret = quic_get_message(s, &mt, &len); -#endif } else { ret = tls_get_message_header(s, &mt); } @@ -609,8 +604,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) return SUB_STATE_ERROR; } - /* dtls_get_message/quic_get_message already did this */ - if (!SSL_IS_DTLS(s) && !SSL_IS_QUIC(s) + /* dtls_get_message already did this */ + if (!SSL_IS_DTLS(s) && s->s3->tmp.message_size > 0 && !grow_init_buf(s, s->s3->tmp.message_size + SSL3_HM_HEADER_LENGTH)) { @@ -623,8 +618,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) /* Fall through */ case READ_STATE_BODY: - if (!SSL_IS_DTLS(s) && !SSL_IS_QUIC(s)) { - /* We already got this above for DTLS & QUIC */ + if (!SSL_IS_DTLS(s)) { + /* We already got this above for DTLS */ ret = tls_get_message_body(s, &len); if (ret == 0) { /* Could be non-blocking IO */ @@ -905,14 +900,6 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) int statem_flush(SSL *s) { s->rwstate = SSL_WRITING; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (!s->quic_method->flush_flight(s)) { - SSLerr(SSL_F_STATEM_FLUSH, ERR_R_INTERNAL_ERROR); - return 0; - } - } else -#endif if (BIO_flush(s->wbio) <= 0) { return 0; } diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c index 101740e105c06e..3420ce65c7c7e7 100644 --- a/deps/openssl/openssl/ssl/statem/statem_clnt.c +++ b/deps/openssl/openssl/ssl/statem/statem_clnt.c @@ -909,14 +909,6 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, break; case TLS_ST_CW_END_OF_EARLY_DATA: -#ifndef OPENSSL_NO_QUIC - /* QUIC does not send EndOfEarlyData, draft-ietf-quic-tls-24 S8.3 */ - if (s->quic_method != NULL) { - *confunc = NULL; - *mt = SSL3_MT_DUMMY; - break; - } -#endif *confunc = tls_construct_end_of_early_data; *mt = SSL3_MT_END_OF_EARLY_DATA; break; diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c index b53d1e9634d3b3..364f77f08a4e41 100644 --- a/deps/openssl/openssl/ssl/statem/statem_lib.c +++ b/deps/openssl/openssl/ssl/statem/statem_lib.c @@ -43,28 +43,8 @@ int ssl3_do_write(SSL *s, int type) int ret; size_t written = 0; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (type == SSL3_RT_HANDSHAKE) { - ret = s->quic_method->add_handshake_data(s, s->quic_write_level, - (const uint8_t*)&s->init_buf->data[s->init_off], - s->init_num); - if (!ret) { - ret = -1; - /* QUIC can't sent anything out sice the above failed */ - SSLerr(SSL_F_SSL3_DO_WRITE, SSL_R_INTERNAL_ERROR); - } else { - written = s->init_num; - } - } else { - /* QUIC doesn't use ChangeCipherSpec */ - ret = -1; - SSLerr(SSL_F_SSL3_DO_WRITE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - } - } else -#endif - ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num, &written); + ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], + s->init_num, &written); if (ret < 0) return -1; if (type == SSL3_RT_HANDSHAKE) @@ -630,14 +610,6 @@ int tls_construct_finished(SSL *s, WPACKET *pkt) int tls_construct_key_update(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_QUIC - if (SSL_is_quic(s)) { - /* TLS KeyUpdate is not used for QUIC, so this is an error. */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, - ERR_R_INTERNAL_ERROR); - return 0; - } -#endif if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, ERR_R_INTERNAL_ERROR); @@ -662,14 +634,6 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt) return MSG_PROCESS_ERROR; } -#ifndef OPENSSL_NO_QUIC - if (SSL_is_quic(s)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE, - SSL_R_UNEXPECTED_MESSAGE); - return MSG_PROCESS_ERROR; - } -#endif - if (!PACKET_get_1(pkt, &updatetype) || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE, diff --git a/deps/openssl/openssl/ssl/statem/statem_local.h b/deps/openssl/openssl/ssl/statem/statem_local.h index 6a7a3e0c5d38ed..e27c0c13a2bbd5 100644 --- a/deps/openssl/openssl/ssl/statem/statem_local.h +++ b/deps/openssl/openssl/ssl/statem/statem_local.h @@ -93,9 +93,6 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); __owur int tls_get_message_header(SSL *s, int *mt); __owur int tls_get_message_body(SSL *s, size_t *len); __owur int dtls_get_message(SSL *s, int *mt, size_t *len); -#ifndef OPENSSL_NO_QUIC -__owur int quic_get_message(SSL *s, int *mt, size_t *len); -#endif /* Message construction and processing functions */ __owur int tls_process_initial_server_flight(SSL *s); @@ -239,10 +236,6 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -#endif EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, @@ -305,11 +298,6 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, size_t chainidx); EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); -#endif /* Client Extension processing */ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, @@ -380,11 +368,6 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); -#endif int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -430,10 +413,6 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -#endif int tls_handle_alpn(SSL *s); diff --git a/deps/openssl/openssl/ssl/statem/statem_quic.c b/deps/openssl/openssl/ssl/statem/statem_quic.c deleted file mode 100644 index 2843938ce2ef4b..00000000000000 --- a/deps/openssl/openssl/ssl/statem/statem_quic.c +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "../ssl_local.h" -#include "statem_local.h" -#include "internal/cryptlib.h" - -int quic_get_message(SSL *s, int *mt, size_t *len) -{ - size_t l; - QUIC_DATA *qd = s->quic_input_data_head; - uint8_t *p; - - if (qd == NULL) { - s->rwstate = SSL_READING; - *mt = *len = 0; - return 0; - } - - if (!ossl_assert(qd->length >= SSL3_HM_HEADER_LENGTH)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, - SSL_R_BAD_LENGTH); - *mt = *len = 0; - return 0; - } - - /* This is where we check for the proper level, not when data is given */ - if (qd->level != s->quic_read_level) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, - SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - *mt = *len = 0; - return 0; - } - - if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, - ERR_R_BUF_LIB); - *mt = *len = 0; - return 0; - } - - /* Copy buffered data */ - memcpy(s->init_buf->data, s->quic_buf->data + qd->start, qd->length); - s->init_buf->length = qd->length; - s->quic_input_data_head = qd->next; - if (s->quic_input_data_head == NULL) - s->quic_input_data_tail = NULL; - OPENSSL_free(qd); - - s->s3->tmp.message_type = *mt = *(s->init_buf->data); - p = (uint8_t*)s->init_buf->data + 1; - n2l3(p, l); - s->init_num = s->s3->tmp.message_size = *len = l; - s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; - - /* No CCS in QUIC/TLSv1.3? */ - if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, - SSL_F_QUIC_GET_MESSAGE, - SSL_R_CCS_RECEIVED_EARLY); - *len = 0; - return 0; - } - /* No KeyUpdate in QUIC */ - if (*mt == SSL3_MT_KEY_UPDATE) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_QUIC_GET_MESSAGE, - SSL_R_UNEXPECTED_MESSAGE); - *len = 0; - return 0; - } - - - /* - * If receiving Finished, record MAC of prior handshake messages for - * Finished verification. - */ - if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { - /* SSLfatal() already called */ - *len = 0; - return 0; - } - - /* - * We defer feeding in the HRR until later. We'll do it as part of - * processing the message - * The TLsv1.3 handshake transcript stops at the ClientFinished - * message. - */ -#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) - /* KeyUpdate and NewSessionTicket do not need to be added */ - if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE) { - if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO - || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE - || memcmp(hrrrandom, - s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, - SSL3_RANDOM_SIZE) != 0) { - if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { - /* SSLfatal() already called */ - *len = 0; - return 0; - } - } - } - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); - - return 1; -} diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c index 9f36acf24e3f29..cf45a40ce4e3ec 100644 --- a/deps/openssl/openssl/ssl/statem/statem_srvr.c +++ b/deps/openssl/openssl/ssl/statem/statem_srvr.c @@ -72,8 +72,7 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) return 1; } break; - } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - && !SSL_IS_QUIC(s)) { + } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { if (mt == SSL3_MT_END_OF_EARLY_DATA) { st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; return 1; diff --git a/deps/openssl/openssl/ssl/tls13_enc.c b/deps/openssl/openssl/ssl/tls13_enc.c index f73b97fbe496bb..b8fb07f210ef2c 100644 --- a/deps/openssl/openssl/ssl/tls13_enc.c +++ b/deps/openssl/openssl/ssl/tls13_enc.c @@ -434,174 +434,27 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, return 0; } +int tls13_change_cipher_state(SSL *s, int which) +{ #ifdef CHARSET_EBCDIC -static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; -static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; -static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; #else -static const unsigned char client_early_traffic[] = "c e traffic"; -static const unsigned char client_handshake_traffic[] = "c hs traffic"; -static const unsigned char client_application_traffic[] = "c ap traffic"; -static const unsigned char server_handshake_traffic[] = "s hs traffic"; -static const unsigned char server_application_traffic[] = "s ap traffic"; -static const unsigned char exporter_master_secret[] = "exp master"; -static const unsigned char resumption_master_secret[] = "res master"; -static const unsigned char early_exporter_master_secret[] = "e exp master"; + static const unsigned char client_early_traffic[] = "c e traffic"; + static const unsigned char client_handshake_traffic[] = "c hs traffic"; + static const unsigned char client_application_traffic[] = "c ap traffic"; + static const unsigned char server_handshake_traffic[] = "s hs traffic"; + static const unsigned char server_application_traffic[] = "s ap traffic"; + static const unsigned char exporter_master_secret[] = "exp master"; + static const unsigned char resumption_master_secret[] = "res master"; + static const unsigned char early_exporter_master_secret[] = "e exp master"; #endif - -#ifndef OPENSSL_NO_QUIC -static int quic_change_cipher_state(SSL *s, int which) -{ - unsigned char hash[EVP_MAX_MD_SIZE]; - size_t hashlen = 0; - int hashleni; - int ret = 0; - const EVP_MD *md = NULL; - OSSL_ENCRYPTION_LEVEL level; - int is_handshake = ((which & SSL3_CC_HANDSHAKE) == SSL3_CC_HANDSHAKE); - int is_client_read = ((which & SSL3_CHANGE_CIPHER_CLIENT_READ) == SSL3_CHANGE_CIPHER_CLIENT_READ); - int is_server_write = ((which & SSL3_CHANGE_CIPHER_SERVER_WRITE) == SSL3_CHANGE_CIPHER_SERVER_WRITE); - int is_early = (which & SSL3_CC_EARLY); - - md = ssl_handshake_md(s); - if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { - /* SSLfatal() already called */; - goto err; - } - - /* Ensure cast to size_t is safe */ - hashleni = EVP_MD_size(md); - if (!ossl_assert(hashleni >= 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_CHANGE_CIPHER_STATE, - ERR_R_EVP_LIB); - goto err; - } - hashlen = (size_t)hashleni; - - if (is_client_read || is_server_write) { - if (is_handshake) { - /* - * This looks a bit weird, since the condition is basically "the - * server is writing" but we set both the server *and* client - * handshake traffic keys here. That's because there's only a fixed - * number of change-cipher-state events in the TLS 1.3 handshake, - * and in particular there's not an event in between when the server - * writes encrypted handshake messages and when the client writes - * encrypted handshake messages, so we generate both here. - */ - level = ssl_encryption_handshake; - - if (!tls13_hkdf_expand(s, md, s->handshake_secret, - client_handshake_traffic, - sizeof(client_handshake_traffic)-1, hash, - hashlen, s->client_hand_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, - s->client_hand_traffic_secret, hashlen) - || !tls13_derive_finishedkey(s, md, - s->client_hand_traffic_secret, - s->client_finished_secret, hashlen) - || !tls13_hkdf_expand(s, md, s->handshake_secret, - server_handshake_traffic, - sizeof(server_handshake_traffic)-1, hash, - hashlen, s->server_hand_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, - s->server_hand_traffic_secret, hashlen) - || !tls13_derive_finishedkey(s, md, - s->server_hand_traffic_secret, - s->server_finished_secret, - hashlen)) { - /* SSLfatal() already called */ - goto err; - } - } else { - /* - * As above, we generate both sets of application traffic keys at - * the same time. - */ - level = ssl_encryption_application; - - if (!tls13_hkdf_expand(s, md, s->master_secret, - client_application_traffic, - sizeof(client_application_traffic)-1, hash, - hashlen, s->client_app_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_APPLICATION_LABEL, - s->client_app_traffic_secret, hashlen) - || !tls13_hkdf_expand(s, md, s->master_secret, - server_application_traffic, - sizeof(server_application_traffic)-1, - hash, hashlen, - s->server_app_traffic_secret, hashlen, 1) - || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, - s->server_app_traffic_secret, hashlen)) { - /* SSLfatal() already called */ - goto err; - } - } - if (!quic_set_encryption_secrets(s, level)) { - /* SSLfatal() already called */ - goto err; - } - if (s->server) - s->quic_write_level = level; - else - s->quic_read_level = level; - } else { - /* is_client_write || is_server_read */ - - if (is_early) { - level = ssl_encryption_early_data; - - if (!tls13_hkdf_expand(s, md, s->early_secret, client_early_traffic, - sizeof(client_early_traffic)-1, hash, - hashlen, s->client_early_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_EARLY_LABEL, - s->client_early_traffic_secret, hashlen) - || !quic_set_encryption_secrets(s, level)) { - /* SSLfatal() already called */ - goto err; - } - } else if (is_handshake) { - level = ssl_encryption_handshake; - } else { - level = ssl_encryption_application; - /* - * We also create the resumption master secret, but this time use the - * hash for the whole handshake including the Client Finished - */ - if (!tls13_hkdf_expand(s, md, s->master_secret, - resumption_master_secret, - sizeof(resumption_master_secret)-1, hash, - hashlen, s->resumption_master_secret, - hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - } - - if (s->server) - s->quic_read_level = level; - else - s->quic_write_level = level; - } - - ret = 1; - err: - return ret; -} -#endif /* OPENSSL_NO_QUIC */ - -int tls13_change_cipher_state(SSL *s, int which) -{ unsigned char *iv; unsigned char secret[EVP_MAX_MD_SIZE]; unsigned char hashval[EVP_MAX_MD_SIZE]; @@ -617,11 +470,6 @@ int tls13_change_cipher_state(SSL *s, int which) const EVP_MD *md = NULL; const EVP_CIPHER *cipher = NULL; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) - return quic_change_cipher_state(s, which); -#endif - if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { EVP_CIPHER_CTX_reset(s->enc_read_ctx); diff --git a/deps/openssl/openssl/test/evp_extra_test.c b/deps/openssl/openssl/test/evp_extra_test.c index 877b99197be314..a74f6332ac9cba 100644 --- a/deps/openssl/openssl/test/evp_extra_test.c +++ b/deps/openssl/openssl/test/evp_extra_test.c @@ -1039,47 +1039,6 @@ static int test_HKDF(void) return ret; } -static int test_emptyikm_HKDF(void) -{ - EVP_PKEY_CTX *pctx; - unsigned char out[20]; - size_t outlen; - int ret = 0; - unsigned char salt[] = "9876543210"; - unsigned char key[] = ""; - unsigned char info[] = "stringinfo"; - const unsigned char expected[] = { - 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, - 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 - }; - size_t expectedlen = sizeof(expected); - - if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) - goto done; - - outlen = sizeof(out); - memset(out, 0, outlen); - - if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, - sizeof(salt) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, - sizeof(key) - 1), 0) - || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, - sizeof(info) - 1), 0) - || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) - || !TEST_mem_eq(out, outlen, expected, expectedlen)) - goto done; - - ret = 1; - - done: - EVP_PKEY_CTX_free(pctx); - - return ret; -} - #ifndef OPENSSL_NO_EC static int test_X509_PUBKEY_inplace(void) { @@ -1238,7 +1197,6 @@ int setup_tests(void) return 0; ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); ADD_TEST(test_HKDF); - ADD_TEST(test_emptyikm_HKDF); #ifndef OPENSSL_NO_EC ADD_TEST(test_X509_PUBKEY_inplace); ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c index 82aab49f24f4eb..ad1824c68d5dc3 100644 --- a/deps/openssl/openssl/test/sslapitest.c +++ b/deps/openssl/openssl/test/sslapitest.c @@ -6658,149 +6658,6 @@ static int test_ssl_dup(void) } #endif -#ifndef OPENSSL_NO_QUIC - -static int test_quic_set_encryption_secrets(SSL *ssl, - OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, - size_t secret_len) -{ - test_printf_stderr("quic_set_encryption_secrets() %s, lvl=%d, len=%zd\n", - ssl->server ? "server" : "client", level, secret_len); - return 1; -} -static int test_quic_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len) -{ - SSL *peer = (SSL*)SSL_get_app_data(ssl); - - TEST_info("quic_add_handshake_data() %s, lvl=%d, *data=0x%02X, len=%zd\n", - ssl->server ? "server" : "client", level, (int)*data, len); - if (!TEST_ptr(peer)) - return 0; - - /* We're called with what is locally written; this gives it to the peer */ - if (!TEST_true(SSL_provide_quic_data(peer, level, data, len))) { - ERR_print_errors_fp(stderr); - return 0; - } - - return 1; -} -static int test_quic_flush_flight(SSL *ssl) -{ - test_printf_stderr("quic_flush_flight() %s\n", ssl->server ? "server" : "client"); - return 1; -} -static int test_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert) -{ - test_printf_stderr("quic_send_alert() %s, lvl=%d, alert=%d\n", - ssl->server ? "server" : "client", level, alert); - return 1; -} - -static SSL_QUIC_METHOD quic_method = { - test_quic_set_encryption_secrets, - test_quic_add_handshake_data, - test_quic_flush_flight, - test_quic_send_alert, -}; -static int test_quic_api(void) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - static const char *server_str = "SERVER"; - static const char *client_str = "CLIENT"; - const uint8_t *peer_str; - size_t peer_str_len; - - /* Clean up logging space */ - memset(client_log_buffer, 0, sizeof(client_log_buffer)); - memset(server_log_buffer, 0, sizeof(server_log_buffer)); - client_log_buffer_index = 0; - server_log_buffer_index = 0; - error_writing_log = 0; - - - if (!TEST_ptr(sctx = SSL_CTX_new(TLS_server_method())) - || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) - || !TEST_ptr(sctx->quic_method) - || !TEST_ptr(serverssl = SSL_new(sctx)) - || !TEST_true(SSL_IS_QUIC(serverssl)) - || !TEST_true(SSL_set_quic_method(serverssl, NULL)) - || !TEST_false(SSL_IS_QUIC(serverssl)) - || !TEST_true(SSL_set_quic_method(serverssl, &quic_method)) - || !TEST_true(SSL_IS_QUIC(serverssl))) - goto end; - - SSL_CTX_free(sctx); - sctx = NULL; - SSL_free(serverssl); - serverssl = NULL; - - if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) - || !TEST_true(SSL_CTX_set_quic_method(cctx, &quic_method)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_quic_transport_params(serverssl, - (unsigned char*)server_str, - sizeof(server_str))) - || !TEST_true(SSL_set_quic_transport_params(clientssl, - (unsigned char*)client_str, - sizeof(client_str))) - || !TEST_true(SSL_set_app_data(serverssl, clientssl)) - || !TEST_true(SSL_set_app_data(clientssl, serverssl)) - || !TEST_true(create_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE)) - || !TEST_true(SSL_version(serverssl) == TLS1_3_VERSION) - || !TEST_true(SSL_version(clientssl) == TLS1_3_VERSION) - || !(TEST_int_eq(SSL_quic_read_level(clientssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_read_level(serverssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_write_level(clientssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_write_level(serverssl), ssl_encryption_application))) - goto end; - - SSL_get_peer_quic_transport_params(serverssl, &peer_str, &peer_str_len); - if (!TEST_mem_eq(peer_str, peer_str_len, client_str, sizeof(client_str))) - goto end; - SSL_get_peer_quic_transport_params(clientssl, &peer_str, &peer_str_len); - if (!TEST_mem_eq(peer_str, peer_str_len, server_str, sizeof(server_str))) - goto end; - - /* Deal with two NewSessionTickets */ - if (!TEST_true(SSL_process_quic_post_handshake(clientssl)) - || !TEST_true(SSL_process_quic_post_handshake(clientssl))) - goto end; - - /* Dummy handshake call should succeed */ - if (!TEST_true(SSL_do_handshake(clientssl))) - goto end; - /* Test that we (correctly) fail to send KeyUpdate */ - if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)) - || !TEST_int_le(SSL_do_handshake(clientssl), 0)) - goto end; - if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED)) - || !TEST_int_le(SSL_do_handshake(serverssl), 0)) - goto end; - - testresult = 1; - -end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - return testresult; -} -#endif - int setup_tests(void) { if (!TEST_ptr(certsdir = test_get_argument(0)) @@ -6923,9 +6780,6 @@ int setup_tests(void) ADD_ALL_TESTS(test_servername, 10); #ifndef OPENSSL_NO_TLS1_2 ADD_TEST(test_ssl_dup); -#endif -#ifndef OPENSSL_NO_QUIC - ADD_TEST(test_quic_api); #endif return 1; } diff --git a/deps/openssl/openssl/test/ssltestlib.c b/deps/openssl/openssl/test/ssltestlib.c index 5f61e6339020bd..456afdf4716e07 100644 --- a/deps/openssl/openssl/test/ssltestlib.c +++ b/deps/openssl/openssl/test/ssltestlib.c @@ -917,11 +917,6 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) if (!create_bare_ssl_connection(serverssl, clientssl, want, 1)) return 0; -#ifndef OPENSSL_NO_QUIC - /* QUIC does not support SSL_read_ex */ - if (SSL_is_quic(clientssl)) - return 1; -#endif /* * We attempt to read some data on the client side which we expect to fail. * This will ensure we have received the NewSessionTicket in TLSv1.3 where diff --git a/deps/openssl/openssl/test/tls13secretstest.c b/deps/openssl/openssl/test/tls13secretstest.c index 970c2f4aae1bd9..52fc2b667361ee 100644 --- a/deps/openssl/openssl/test/tls13secretstest.c +++ b/deps/openssl/openssl/test/tls13secretstest.c @@ -216,13 +216,6 @@ int ossl_statem_export_early_allowed(SSL *s) return 1; } -#ifndef OPENSSL_NO_QUIC -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - return 1; -} -#endif - /* End of mocked out code */ static int test_secret(SSL *s, unsigned char *prk, diff --git a/deps/openssl/openssl/util/libssl.num b/deps/openssl/openssl/util/libssl.num index 0452d9cb785ad8..297522c36391f3 100644 --- a/deps/openssl/openssl/util/libssl.num +++ b/deps/openssl/openssl/util/libssl.num @@ -498,14 +498,3 @@ SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION: SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION: SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION: SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION: -SSL_quic_read_level 10094 1_1_1d EXIST::FUNCTION:QUIC -SSL_set_quic_transport_params 10095 1_1_1d EXIST::FUNCTION:QUIC -SSL_CIPHER_get_prf_nid 10096 1_1_1d EXIST::FUNCTION:QUIC -SSL_is_quic 10097 1_1_1d EXIST::FUNCTION:QUIC -SSL_get_peer_quic_transport_params 10098 1_1_1d EXIST::FUNCTION:QUIC -SSL_quic_write_level 10099 1_1_1d EXIST::FUNCTION:QUIC -SSL_CTX_set_quic_method 10100 1_1_1d EXIST::FUNCTION:QUIC -SSL_set_quic_method 10101 1_1_1d EXIST::FUNCTION:QUIC -SSL_quic_max_handshake_flight_len 10102 1_1_1d EXIST::FUNCTION:QUIC -SSL_process_quic_post_handshake 10103 1_1_1d EXIST::FUNCTION:QUIC -SSL_provide_quic_data 10104 1_1_1d EXIST::FUNCTION:QUIC diff --git a/deps/openssl/openssl/util/private.num b/deps/openssl/openssl/util/private.num index eb3d409f6e90fb..bc7d967b5d1442 100644 --- a/deps/openssl/openssl/util/private.num +++ b/deps/openssl/openssl/util/private.num @@ -91,8 +91,6 @@ custom_ext_free_cb datatype custom_ext_parse_cb datatype pem_password_cb datatype ssl_ct_validation_cb datatype -OSSL_ENCRYPTION_LEVEL datatype -SSL_QUIC_METHOD datatype # BIO_append_filename define BIO_destroy_bio_pair define