diff options
| author | James M Snell <jasnell@gmail.com> | 2020-03-23 13:30:15 -0700 |
|---|---|---|
| committer | James M Snell <jasnell@gmail.com> | 2020-06-16 09:14:39 -0700 |
| commit | e96bea6b100840ec1cb7344ea8b80b64b107ed4d (patch) | |
| tree | 5cc05a870806ef0f106dc6695389727fa0e19fa7 | |
| parent | d232a80edd59866c6da32dd955d7015df6e67d58 (diff) | |
| download | node-new-initial-quic-part-1.tar.gz | |
deps: details for updating openssl quic supportinitial-quic-part-1
Signed-off-by: James M Snell <jasnell@gmail.com>
| -rw-r--r-- | deps/openssl/patches/0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch | 2363 | ||||
| -rw-r--r-- | doc/guides/maintaining-openssl.md | 22 |
2 files changed, 2385 insertions, 0 deletions
diff --git a/deps/openssl/patches/0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch b/deps/openssl/patches/0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch new file mode 100644 index 0000000000..e526302fa1 --- /dev/null +++ b/deps/openssl/patches/0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch @@ -0,0 +1,2363 @@ +From d82945ead1320ea893c237e1c0f37c4afd933eed Mon Sep 17 00:00:00 2001 +From: Todd Short <tshort@akamai.com> +Date: Fri, 12 Apr 2019 11:13:25 -0400 +Subject: [PATCH 1/3] deps: add support for BoringSSL QUIC APIs + +Acquired from: https://github.com/akamai/openssl/tree/OpenSSL_1_1_1f-quic + +Squashed: + +* +https://github.com/akamai/openssl/commit/2ef7c58b2cb432abd4e371322667228d7ce2637b +* +https://github.com/akamai/openssl/commit/3f8eda3128f52f4d14399a1a912d1fdfacd86a86 +* +https://github.com/akamai/openssl/commit/b37f665884be2e17e8ff4ad919138626fb13f6c9 +* +https://github.com/akamai/openssl/commit/6b235895a16da3c0dd36a24cf8dfbe249c6cda3c +* +https://github.com/akamai/openssl/commit/3a793e06a5031311ce7ce094455be87fa92b8240 + +--- + +This is a cherry-pick of 2a4b03a306439307e0b822b17eda3bdabddfbb68 +on the master-quic-support2 branch (2019-10-07) +Which was a rebase/squash of master-quic-support: + +* 5aa62ce Add support for more secrets - Todd Short/Todd Short (master-quic-support) +* 58e0643 Tweeks to quic_change_cipher_state() - Todd Short/Todd Short +* 8169702 Move QUIC code out of tls13_change_cipher_state() - Todd Short/Todd Short +* a08cfe6 Correctly disable middlebox compat - Todd Short/Todd Short +* 3a9eabf Add OPENSSL_NO_QUIC wrapper - Todd Short/Todd Short +* f550eca Add client early traffic secret storage - Todd Short/Todd Short +* 1b787ae Quick fix: s2c to c2s for early secret - Todd Short/Todd Short +* f97e6a9 Don't process an incomplete message - Todd Short/Todd Short +* 81f0ce2 Reset init state in SSL_process_quic_post_handshake() - Todd Short/Todd Short +* 5d59cf9 Fix quic_transport constructors/parsers - Todd Short/Todd Short +* 5e5f91c Fix INSTALL nit. - Todd Short/Todd Short +* bd290ab Fix duplicate word in docs - Todd Short/Todd Short +* 699590b fixup! Handle partial handshake messages - Todd Short/Todd Short +* a472a8d Handle partial handshake messages - Todd Short/Todd Short +* 363cf3d fixup! Use proper secrets for handshake - Todd Short/Todd Short +* b03fee6 Use proper secrets for handshake - Todd Short/Todd Short +* 2ab1aa0 Move QUIC transport params to encrypted extensions - Todd Short/Todd Short +* 0d16af9 Make temp secret names less confusing - Todd Short/Todd Short +* abb6f39 New method to get QUIC secret length - Todd Short/Todd Short +* 05fdae9 Add support for BoringSSL QUIC APIs - Todd Short/Todd Short + +This adds a compatible API for BoringSSL's QUIC support, based +on the current |draft-ietf-quic-tls|. + +Based on BoringSSL commit 3c034b2cf386b3131f75520705491871a2e0cafe +Based on BoringSSL commit c8e0f90f83b9ec38ea833deb86b5a41360b62b6a +Based on BoringSSL commit 3cbb0299a28a8bd0136257251a78b91a96c5eec8 +Based on BoringSSL commit cc9d935256539af2d3b7f831abf57c0d685ffd81 +Based on BoringSSL commit e6eef1ca16a022e476bbaedffef044597cfc8f4b +Based on BoringSSL commit 6f733791148cf8a076bf0e95498235aadbe5926d +Based on BoringSSL commit 384d0eaf1930af1ebc47eda751f0c78dfcba1c03 +Based on BoringSSL commit a0373182eb5cc7b81d49f434596b473c7801c942 +Based on BoringSSL commit b1b76aee3cb43ce11889403c5334283d951ebd37 + +New method to get QUIC secret length + +Make temp secret names less confusing + +Move QUIC transport params to encrypted extensions + +Use proper secrets for handshake + +fixup! Use proper secrets for handshake + +Handle partial handshake messages + +fixup! Handle partial handshake messages + +Fix duplicate word in docs + +Fix INSTALL nit. + +Fix quic_transport constructors/parsers + +Reset init state in SSL_process_quic_post_handshake() + +Don't process an incomplete message + +Quick fix: s2c to c2s for early secret + +Add client early traffic secret storage + +Add OPENSSL_NO_QUIC wrapper + +Correctly disable middlebox compat + +Move QUIC code out of tls13_change_cipher_state() + +Create quic_change_cipher_state() that does the minimal required +to generate the QUIC secrets. (e.g. encryption contexts are not +initialized). + +Tweeks to quic_change_cipher_state() + +Add support for more secrets + +Fix resumption secret + +(cherry picked from commit 16fafdf4e0ec6cddd5705f407e5dca26cb30914d) + +QUIC: Handle EndOfEarlyData and MaxEarlyData + +QUIC: Increase HKDF_MAXBUF to 2048 + +Fall-through for 0RTT + +Signed-off-by: James M Snell <jasnell@gmail.com> +--- + deps/openssl/openssl/CHANGES | 3 + + deps/openssl/openssl/Configure | 3 + + deps/openssl/openssl/INSTALL | 3 + + deps/openssl/openssl/crypto/err/openssl.txt | 20 +- + deps/openssl/openssl/crypto/kdf/hkdf.c | 2 +- + .../openssl/doc/man3/SSL_CIPHER_get_name.pod | 13 + + .../doc/man3/SSL_CTX_set_quic_method.pod | 232 ++++++++++++++ + deps/openssl/openssl/include/openssl/evp.h | 4 + + .../openssl/include/openssl/ossl_typ.h | 2 + + deps/openssl/openssl/include/openssl/ssl.h | 45 +++ + deps/openssl/openssl/include/openssl/sslerr.h | 18 +- + deps/openssl/openssl/include/openssl/tls1.h | 3 + + deps/openssl/openssl/ssl/build.info | 3 +- + deps/openssl/openssl/ssl/s3_msg.c | 12 +- + deps/openssl/openssl/ssl/ssl_ciph.c | 32 ++ + deps/openssl/openssl/ssl/ssl_err.c | 26 ++ + deps/openssl/openssl/ssl/ssl_lib.c | 41 ++- + deps/openssl/openssl/ssl/ssl_local.h | 44 +++ + deps/openssl/openssl/ssl/ssl_quic.c | 285 ++++++++++++++++++ + deps/openssl/openssl/ssl/statem/extensions.c | 29 ++ + .../openssl/ssl/statem/extensions_clnt.c | 52 ++++ + .../openssl/ssl/statem/extensions_srvr.c | 55 +++- + deps/openssl/openssl/ssl/statem/statem.c | 21 +- + deps/openssl/openssl/ssl/statem/statem_clnt.c | 8 + + deps/openssl/openssl/ssl/statem/statem_lib.c | 19 +- + .../openssl/openssl/ssl/statem/statem_local.h | 19 ++ + deps/openssl/openssl/ssl/statem/statem_quic.c | 109 +++++++ + deps/openssl/openssl/ssl/statem/statem_srvr.c | 3 +- + deps/openssl/openssl/ssl/tls13_enc.c | 155 ++++++++-- + deps/openssl/openssl/test/sslapitest.c | 132 ++++++++ + deps/openssl/openssl/test/ssltestlib.c | 5 + + deps/openssl/openssl/test/tls13secretstest.c | 7 + + deps/openssl/openssl/util/libssl.num | 11 + + deps/openssl/openssl/util/private.num | 2 + + 34 files changed, 1383 insertions(+), 35 deletions(-) + create mode 100644 deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod + create mode 100644 deps/openssl/openssl/ssl/ssl_quic.c + create mode 100644 deps/openssl/openssl/ssl/statem/statem_quic.c + +diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES +index 057405b0bf..f660c799f0 100644 +--- a/deps/openssl/openssl/CHANGES ++++ b/deps/openssl/openssl/CHANGES +@@ -115,6 +115,9 @@ + + Changes between 1.1.1c and 1.1.1d [10 Sep 2019] + ++ *) Implement BoringSSL's QUIC API ++ [Todd Short] ++ + *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random + number generator (RNG). This was intended to include protection in the + event of a fork() system call in order to ensure that the parent and child +diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure +index 2e9efaa5f3..79a60d0cb5 100755 +--- a/deps/openssl/openssl/Configure ++++ b/deps/openssl/openssl/Configure +@@ -391,6 +391,7 @@ my @disablables = ( + "poly1305", + "posix-io", + "psk", ++ "quic", + "rc2", + "rc4", + "rc5", +@@ -507,6 +508,8 @@ my @disable_cascades = ( + sub { !$disabled{"unit-test"} } => [ "heartbeats" ], + + sub { !$disabled{"msan"} } => [ "asm" ], ++ ++ "tls1_3" => [ "quic" ], + ); + + # Avoid protocol support holes. Also disable all versions below N, if version +diff --git a/deps/openssl/openssl/INSTALL b/deps/openssl/openssl/INSTALL +index f5118428b3..5938e185a1 100644 +--- a/deps/openssl/openssl/INSTALL ++++ b/deps/openssl/openssl/INSTALL +@@ -456,6 +456,9 @@ + no-psk + Don't build support for Pre-Shared Key based ciphersuites. + ++ no-quic ++ Don't build with support for QUIC. ++ + no-rdrand + Don't use hardware RDRAND capabilities. + +diff --git a/deps/openssl/openssl/crypto/err/openssl.txt b/deps/openssl/openssl/crypto/err/openssl.txt +index 35512f9caf..e7b8799070 100644 +--- a/deps/openssl/openssl/crypto/err/openssl.txt ++++ b/deps/openssl/openssl/crypto/err/openssl.txt +@@ -1180,7 +1180,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:* + SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\ + ossl_statem_server_post_process_message + SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work +-SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640: ++SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:ossl_statem_server_pre_work + SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message + SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition + SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\ +@@ -1189,6 +1189,9 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names + SSL_F_PITEM_NEW:624:pitem_new + SSL_F_PQUEUE_NEW:625:pqueue_new + SSL_F_PROCESS_KEY_SHARE_EXT:439:* ++SSL_F_QUIC_CHANGE_CIPHER_STATE:639:quic_change_cipher_state ++SSL_F_QUIC_GET_MESSAGE:641:quic_get_message ++SSL_F_QUIC_SET_ENCRYPTION_SECRETS:642:quic_set_encryption_secrets + SSL_F_READ_STATE_MACHINE:352:read_state_machine + SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite + SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret +@@ -1199,7 +1202,9 @@ SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm + SSL_F_SSL3_CTRL:213:ssl3_ctrl + SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl + SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records ++SSL_F_SSL3_DISPATCH_ALERT:643:ssl3_dispatch_alert + SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec ++SSL_F_SSL3_DO_WRITE:644:ssl3_do_write + SSL_F_SSL3_ENC:608:ssl3_enc + SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac + SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac +@@ -1307,6 +1312,8 @@ SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:* + SSL_F_SSL_PEEK:270:SSL_peek + SSL_F_SSL_PEEK_EX:432:SSL_peek_ex + SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal ++SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE:645:SSL_process_quic_post_handshake ++SSL_F_SSL_PROVIDE_QUIC_DATA:646:SSL_provide_quic_data + SSL_F_SSL_READ:223:SSL_read + SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data + SSL_F_SSL_READ_EX:434:SSL_read_ex +@@ -1356,6 +1363,7 @@ SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data + SSL_F_SSL_WRITE_EARLY_FINISH:527:* + SSL_F_SSL_WRITE_EX:433:SSL_write_ex + SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal ++SSL_F_STATEM_FLUSH:647:statem_flush + SSL_F_STATE_MACHINE:353:state_machine + SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg + SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs +@@ -1419,6 +1427,8 @@ SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\ + tls_construct_ctos_post_handshake_auth + SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk + SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes ++SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS:648:\ ++ tls_construct_ctos_quic_transport_params + SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate + SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct + SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name +@@ -1460,6 +1470,8 @@ SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share + SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen + SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg + SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk ++SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS:649:\ ++ tls_construct_stoc_quic_transport_params + SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate + SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name + SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket +@@ -1488,6 +1500,8 @@ SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen + SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth + SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk + SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes ++SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS:650:\ ++ tls_parse_ctos_quic_transport_params + SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate + SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name + SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket +@@ -1506,6 +1520,8 @@ SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share + SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen + SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn + SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk ++SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS:651:\ ++ tls_parse_stoc_quic_transport_params + SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate + SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct + SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name +@@ -2706,6 +2722,7 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn + SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni + SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms + SSL_R_INSUFFICIENT_SECURITY:241:insufficient security ++SSL_R_INTERNAL_ERROR:295:internal error + SSL_R_INVALID_ALERT:205:invalid alert + SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message + SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg +@@ -2881,6 +2898,7 @@ SSL_R_VERSION_TOO_LOW:396:version too low + SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type + SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned + SSL_R_WRONG_CURVE:378:wrong curve ++SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED:296:wrong encryption level received + SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length + SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size + SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type +diff --git a/deps/openssl/openssl/crypto/kdf/hkdf.c b/deps/openssl/openssl/crypto/kdf/hkdf.c +index 25bf4b729f..6d1a32c885 100644 +--- a/deps/openssl/openssl/crypto/kdf/hkdf.c ++++ b/deps/openssl/openssl/crypto/kdf/hkdf.c +@@ -15,7 +15,7 @@ + #include "internal/cryptlib.h" + #include "crypto/evp.h" + +-#define HKDF_MAXBUF 1024 ++#define HKDF_MAXBUF 2048 + + static unsigned char *HKDF(const EVP_MD *evp_md, + const unsigned char *salt, size_t salt_len, +diff --git a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod +index 26edae3d80..20437b76e8 100644 +--- a/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod ++++ b/deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod +@@ -13,6 +13,7 @@ SSL_CIPHER_get_digest_nid, + SSL_CIPHER_get_handshake_digest, + SSL_CIPHER_get_kx_nid, + SSL_CIPHER_get_auth_nid, ++SSL_CIPHER_get_prf_nid, + SSL_CIPHER_is_aead, + SSL_CIPHER_find, + SSL_CIPHER_get_id, +@@ -34,6 +35,7 @@ SSL_CIPHER_get_protocol_id + const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); + int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); + int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); ++ int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); + int SSL_CIPHER_is_aead(const SSL_CIPHER *c); + const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); + uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); +@@ -91,6 +93,15 @@ TLS 1.3 cipher suites) B<NID_auth_any> is returned. Examples (not comprehensive) + NID_auth_ecdsa + NID_auth_psk + ++SSL_CIPHER_get_prf_nid() retuns the pseudo-random function NID for B<c>. If B<c> is ++a pre-TLS-1.2 cipher, it returns B<NID_md5_sha1> but note these ciphers use ++SHA-256 in TLS 1.2. Other return values may be treated uniformly in all ++applicable versions. Examples (not comprehensive): ++ ++ NID_md5_sha1 ++ NID_sha256 ++ NID_sha384 ++ + SSL_CIPHER_is_aead() returns 1 if the cipher B<c> is AEAD (e.g. GCM or + ChaCha20/Poly1305), and 0 if it is not AEAD. + +@@ -201,6 +212,8 @@ required to enable this function. + + The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. + ++The SSL_CIPHER_get_prf_nid() function was added in OpenSSL 3.0.0. ++ + =head1 COPYRIGHT + + Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. +diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod +new file mode 100644 +index 0000000000..60bf704944 +--- /dev/null ++++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_quic_method.pod +@@ -0,0 +1,232 @@ ++=pod ++ ++=head1 NAME ++ ++SSL_QUIC_METHOD, ++OSSL_ENCRYPTION_LEVEL, ++SSL_CTX_set_quic_method, ++SSL_set_quic_method, ++SSL_set_quic_transport_params, ++SSL_get_peer_quic_transport_params, ++SSL_quic_max_handshake_flight_len, ++SSL_quic_read_level, ++SSL_quic_write_level, ++SSL_provide_quic_data, ++SSL_process_quic_post_handshake, ++SSL_is_quic ++- QUIC support ++ ++=head1 SYNOPSIS ++ ++ #include <openssl/ssl.h> ++ ++ typedef struct ssl_quic_method_st SSL_QUIC_METHOD; ++ typedef enum ssl_encryption_level_t OSSL_ENCRYPTION_LEVEL; ++ ++ int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); ++ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); ++ int SSL_set_quic_transport_params(SSL *ssl, ++ const uint8_t *params, ++ size_t params_len); ++ void SSL_get_peer_quic_transport_params(const SSL *ssl, ++ const uint8_t **out_params, ++ size_t *out_params_len); ++ size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); ++ OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); ++ OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); ++ int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len); ++ int SSL_process_quic_post_handshake(SSL *ssl); ++ int SSL_is_quic(SSL *ssl); ++ ++=head1 DESCRIPTION ++ ++SSL_CTX_set_quic_method() and SSL_set_quic_method() configures the QUIC methods. ++This should only be configured with a minimum version of TLS 1.3. B<quic_method> ++must remain valid for the lifetime of B<ctx> or B<ssl>. Calling this disables ++the SSL_OP_ENABLE_MIDDLEBOX_COMPAT option, which is not required for QUIC. ++ ++SSL_set_quic_transport_params() configures B<ssl> to send B<params> (of length ++B<params_len>) in the quic_transport_parameters extension in either the ++ClientHello or EncryptedExtensions handshake message. This extension will ++only be sent if the TLS version is at least 1.3, and for a server, only if ++the client sent the extension. The buffer pointed to by B<params> only need be ++valid for the duration of the call to this function. ++ ++SSL_get_peer_quic_transport_params() provides the caller with the value of the ++quic_transport_parameters extension sent by the peer. A pointer to the buffer ++containing the TransportParameters will be put in B<*out_params>, and its ++length in B<*out_params_len>. This buffer will be valid for the lifetime of the ++B<ssl>. If no params were received from the peer, B<*out_params_len> will be 0. ++ ++SSL_quic_max_handshake_flight_len() returns the maximum number of bytes ++that may be received at the given encryption level. This function should be ++used to limit buffering in the QUIC implementation. ++ ++See https://tools.ietf.org/html/draft-ietf-quic-transport-16#section-4.4. ++ ++SSL_quic_read_level() returns the current read encryption level. ++ ++SSL_quic_write_level() returns the current write encryption level. ++ ++SSL_provide_quic_data() provides data from QUIC at a particular encryption ++level B<level>. It is an error to call this function outside of the handshake ++or with an encryption level other than the current read level. It returns one ++on success and zero on error. ++ ++SSL_process_quic_post_handshake() processes any data that QUIC has provided ++after the handshake has completed. This includes NewSessionTicket messages ++sent by the server. ++ ++SSL_is_quic() indicates whether a connection uses QUIC. ++ ++=head1 NOTES ++ ++These APIs are implementations of BoringSSL's QUIC APIs. ++ ++QUIC acts as an underlying transport for the TLS 1.3 handshake. The following ++functions allow a QUIC implementation to serve as the underlying transport as ++described in draft-ietf-quic-tls. ++ ++When configured for QUIC, SSL_do_handshake() will drive the handshake as ++before, but it will not use the configured B<BIO>. It will call functions on ++B<SSL_QUIC_METHOD> to configure secrets and send data. If data is needed from ++the peer, it will return B<SSL_ERROR_WANT_READ>. When received, the caller ++should call SSL_provide_quic_data() and then SSL_do_handshake() to continue ++the handshake. After the handshake is complete, the caller should call ++SSL_provide_quic_data() for any post-handshake data, followed by ++SSL_process_quic_post_handshake() to process it. It is an error to call ++SSL_read()/SSL_read_ex() and SSL_write()/SSL_write_ex() in QUIC. ++ ++Note that secrets for an encryption level may be available to QUIC before the ++level is active in TLS. Callers should use SSL_quic_read_level() to determine ++the active read level for SSL_provide_quic_data(). SSL_do_handshake() will ++pass the active write level to add_handshake_data() when writing data. Callers ++can use SSL_quic_write_level() to query the active write level when ++generating their own errors. ++ ++See https://tools.ietf.org/html/draft-ietf-quic-tls-15#section-4.1 for more ++details. ++ ++To avoid DoS attacks, the QUIC implementation must limit the amount of data ++being queued up. The implementation can call ++SSL_quic_max_handshake_flight_len() to get the maximum buffer length at each ++encryption level. ++ ++draft-ietf-quic-tls defines a new TLS extension quic_transport_parameters ++used by QUIC for each endpoint to unilaterally declare its supported ++transport parameters. draft-ietf-quic-transport (section 7.4) defines the ++contents of that extension (a TransportParameters struct) and describes how ++to handle it and its semantic meaning. ++ ++OpenSSL handles this extension as an opaque byte string. The caller is ++responsible for serializing and parsing it. ++ ++=head2 OSSL_ENCRYPTION_LEVEL ++ ++B<OSSL_ENCRYPTION_LEVEL> (B<enum ssl_encryption_level_t>) represents the ++encryption levels: ++ ++=over 4 ++ ++=item ssl_encryption_initial ++ ++The initial encryption level that is used for client and server hellos. ++ ++=item ssl_encryption_early_data ++ ++The encryption level for early data. This is a write-level for the client ++and a read-level for the server. ++ ++=item ssl_encryption_handshake ++ ++The encryption level for the remainder of the handshake. ++ ++=item ssl_encryption_application ++ ++The encryption level for the application data. ++ ++=back ++ ++=head2 SSL_QUIC_METHOD ++ ++The B<SSL_QUIC_METHOD> (B<struct ssl_quic_method_st>) describes the ++QUIC methods. ++ ++ struct ssl_quic_method_st { ++ int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *read_secret, ++ const uint8_t *write_secret, size_t secret_len); ++ int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len); ++ int (*flush_flight)(SSL *ssl); ++ int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); ++ }; ++ typedef struct ssl_quic_method_st SSL_QUIC_METHOD; ++ ++set_encryption_secrets() configures the read and write secrets for the given ++encryption level. This function will always be called before an encryption ++level other than B<ssl_encryption_initial> is used. Note, however, that ++secrets for a level may be configured before TLS is ready to send or accept ++data at that level. ++ ++When reading packets at a given level, the QUIC implementation must send ++ACKs at the same level, so this function provides read and write secrets ++together. The exception is B<ssl_encryption_early_data>, where secrets are ++only available in the client to server direction. The other secret will be ++NULL. The server acknowledges such data at B<ssl_encryption_application>, ++which will be configured in the same SSL_do_handshake() call. ++ ++This function should use SSL_get_current_cipher() to determine the TLS ++cipher suite. ++ ++add_handshake_data() adds handshake data to the current flight at the given ++encryption level. It returns one on success and zero on error. ++ ++OpenSSL will pack data from a single encryption level together, but a ++single handshake flight may include multiple encryption levels. Callers ++should defer writing data to the network until flush_flight() to better ++pack QUIC packets into transport datagrams. ++ ++flush_flight() is called when the current flight is complete and should be ++written to the transport. Note a flight may contain data at several ++encryption levels. ++ ++send_alert() sends a fatal alert at the specified encryption level. ++ ++All QUIC methods return 1 on success and 0 on error. ++ ++=head1 RETURN VALUES ++ ++SSL_CTX_set_quic_method(), ++SSL_set_quic_method(), ++SSL_set_quic_transport_params(), and ++SSL_process_quic_post_handshake() ++return 1 on success, and 0 on error. ++ ++SSL_quic_read_level() and SSL_quic_write_level() return the current ++encryption level as B<OSSL_ENCRYPTION_LEVEL> (B<enum ssl_encryption_level_t>). ++ ++SSL_quic_max_handshake_flight_len() returns the maximum length of a flight ++for a given encryption level. ++ ++SSL_is_quic() returns 1 if QUIC is being used, 0 if not. ++ ++=head1 SEE ALSO ++ ++L<ssl(7)>, L<SSL_CIPHER_get_prf_nid(3)>, L<SSL_do_handshake(3)> ++ ++=head1 HISTORY ++ ++These functions were added in OpenSSL 3.0.0. ++ ++=head1 COPYRIGHT ++ ++Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++ ++Licensed under the Apache License 2.0 (the "License"). You may not use ++this file except in compliance with the License. You can obtain a copy ++in the file LICENSE in the source distribution or at ++L<https://www.openssl.org/source/license.html>. ++ ++=cut +diff --git a/deps/openssl/openssl/include/openssl/evp.h b/deps/openssl/openssl/include/openssl/evp.h +index a411f3f2f9..275b7a4acc 100644 +--- a/deps/openssl/openssl/include/openssl/evp.h ++++ b/deps/openssl/openssl/include/openssl/evp.h +@@ -1324,6 +1324,10 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, + */ + # define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + ++/* Used by Chromium/QUIC */ ++# define X25519_PRIVATE_KEY_LEN 32 ++# define X25519_PUBLIC_VALUE_LEN 32 ++ + const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); + EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags); + void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, +diff --git a/deps/openssl/openssl/include/openssl/ossl_typ.h b/deps/openssl/openssl/include/openssl/ossl_typ.h +index e0edfaaf47..d2fdce8fdf 100644 +--- a/deps/openssl/openssl/include/openssl/ossl_typ.h ++++ b/deps/openssl/openssl/include/openssl/ossl_typ.h +@@ -176,6 +176,8 @@ typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX; + typedef struct ossl_store_info_st OSSL_STORE_INFO; + typedef struct ossl_store_search_st OSSL_STORE_SEARCH; + ++typedef struct ssl_quic_method_st SSL_QUIC_METHOD; ++ + #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \ + defined(INTMAX_MAX) && defined(UINTMAX_MAX) + typedef intmax_t ossl_intmax_t; +diff --git a/deps/openssl/openssl/include/openssl/ssl.h b/deps/openssl/openssl/include/openssl/ssl.h +index 6724ccf2d2..f21458cd5e 100644 +--- a/deps/openssl/openssl/include/openssl/ssl.h ++++ b/deps/openssl/openssl/include/openssl/ssl.h +@@ -2432,6 +2432,51 @@ void SSL_set_allow_early_data_cb(SSL *s, + SSL_allow_early_data_cb_fn cb, + void *arg); + ++# ifndef OPENSSL_NO_QUIC ++/* ++ * QUIC integration - The QUIC interface matches BoringSSL ++ * ++ * ssl_encryption_level_t represents a specific QUIC encryption level used to ++ * transmit handshake messages. BoringSSL has this as an 'enum'. ++ */ ++typedef enum ssl_encryption_level_t { ++ ssl_encryption_initial = 0, ++ ssl_encryption_early_data, ++ ssl_encryption_handshake, ++ ssl_encryption_application ++} OSSL_ENCRYPTION_LEVEL; ++ ++struct ssl_quic_method_st { ++ int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *read_secret, ++ const uint8_t *write_secret, size_t secret_len); ++ int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len); ++ int (*flush_flight)(SSL *ssl); ++ int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); ++}; ++ ++__owur int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); ++__owur int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); ++__owur int SSL_set_quic_transport_params(SSL *ssl, ++ const uint8_t *params, ++ size_t params_len); ++void SSL_get_peer_quic_transport_params(const SSL *ssl, ++ const uint8_t **out_params, ++ size_t *out_params_len); ++__owur size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); ++__owur OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); ++__owur OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); ++__owur int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len); ++__owur int SSL_process_quic_post_handshake(SSL *ssl); ++ ++__owur int SSL_is_quic(SSL *ssl); ++ ++# endif ++ ++int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); ++ + # ifdef __cplusplus + } + # endif +diff --git a/deps/openssl/openssl/include/openssl/sslerr.h b/deps/openssl/openssl/include/openssl/sslerr.h +index 82983d3c1e..e3915c0a55 100644 +--- a/deps/openssl/openssl/include/openssl/sslerr.h ++++ b/deps/openssl/openssl/include/openssl/sslerr.h +@@ -11,9 +11,7 @@ + #ifndef HEADER_SSLERR_H + # define HEADER_SSLERR_H + +-# ifndef HEADER_SYMHACKS_H +-# include <openssl/symhacks.h> +-# endif ++# include <openssl/symhacks.h> + + # ifdef __cplusplus + extern "C" +@@ -96,6 +94,9 @@ int ERR_load_SSL_strings(void); + # define SSL_F_PITEM_NEW 624 + # define SSL_F_PQUEUE_NEW 625 + # define SSL_F_PROCESS_KEY_SHARE_EXT 439 ++# define SSL_F_QUIC_CHANGE_CIPHER_STATE 639 ++# define SSL_F_QUIC_GET_MESSAGE 641 ++# define SSL_F_QUIC_SET_ENCRYPTION_SECRETS 642 + # define SSL_F_READ_STATE_MACHINE 352 + # define SSL_F_SET_CLIENT_CIPHERSUITE 540 + # define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595 +@@ -106,7 +107,9 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL3_CTRL 213 + # define SSL_F_SSL3_CTX_CTRL 133 + # define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293 ++# define SSL_F_SSL3_DISPATCH_ALERT 643 + # define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292 ++# define SSL_F_SSL3_DO_WRITE 644 + # define SSL_F_SSL3_ENC 608 + # define SSL_F_SSL3_FINAL_FINISH_MAC 285 + # define SSL_F_SSL3_FINISH_MAC 587 +@@ -211,6 +214,8 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_PEEK 270 + # define SSL_F_SSL_PEEK_EX 432 + # define SSL_F_SSL_PEEK_INTERNAL 522 ++# define SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE 645 ++# define SSL_F_SSL_PROVIDE_QUIC_DATA 646 + # define SSL_F_SSL_READ 223 + # define SSL_F_SSL_READ_EARLY_DATA 529 + # define SSL_F_SSL_READ_EX 434 +@@ -260,6 +265,7 @@ int ERR_load_SSL_strings(void); + # define SSL_F_SSL_WRITE_EARLY_FINISH 527 + # define SSL_F_SSL_WRITE_EX 433 + # define SSL_F_SSL_WRITE_INTERNAL 524 ++# define SSL_F_STATEM_FLUSH 647 + # define SSL_F_STATE_MACHINE 353 + # define SSL_F_TLS12_CHECK_PEER_SIGALG 333 + # define SSL_F_TLS12_COPY_SIGALGS 533 +@@ -319,6 +325,7 @@ int ERR_load_SSL_strings(void); + # define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619 + # define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501 + # define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509 ++# define SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS 648 + # define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473 + # define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474 + # define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475 +@@ -358,6 +365,7 @@ int ERR_load_SSL_strings(void); + # define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548 + # define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457 + # define SSL_F_TLS_CONSTRUCT_STOC_PSK 504 ++# define SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS 649 + # define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458 + # define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459 + # define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460 +@@ -383,6 +391,7 @@ int ERR_load_SSL_strings(void); + # define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620 + # define SSL_F_TLS_PARSE_CTOS_PSK 505 + # define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572 ++# define SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS 650 + # define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464 + # define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573 + # define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574 +@@ -401,6 +410,7 @@ int ERR_load_SSL_strings(void); + # define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581 + # define SSL_F_TLS_PARSE_STOC_NPN 582 + # define SSL_F_TLS_PARSE_STOC_PSK 502 ++# define SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS 651 + # define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448 + # define SSL_F_TLS_PARSE_STOC_SCT 564 + # define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583 +@@ -565,6 +575,7 @@ int ERR_load_SSL_strings(void); + # define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231 + # define SSL_R_INCONSISTENT_EXTMS 104 + # define SSL_R_INSUFFICIENT_SECURITY 241 ++# define SSL_R_INTERNAL_ERROR 295 + # define SSL_R_INVALID_ALERT 205 + # define SSL_R_INVALID_CCS_MESSAGE 260 + # define SSL_R_INVALID_CERTIFICATE_OR_ALG 238 +@@ -762,6 +773,7 @@ int ERR_load_SSL_strings(void); + # define SSL_R_WRONG_CERTIFICATE_TYPE 383 + # define SSL_R_WRONG_CIPHER_RETURNED 261 + # define SSL_R_WRONG_CURVE 378 ++# define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 296 + # define SSL_R_WRONG_SIGNATURE_LENGTH 264 + # define SSL_R_WRONG_SIGNATURE_SIZE 265 + # define SSL_R_WRONG_SIGNATURE_TYPE 370 +diff --git a/deps/openssl/openssl/include/openssl/tls1.h b/deps/openssl/openssl/include/openssl/tls1.h +index 76d9fda46e..6e16c97316 100644 +--- a/deps/openssl/openssl/include/openssl/tls1.h ++++ b/deps/openssl/openssl/include/openssl/tls1.h +@@ -148,6 +148,9 @@ extern "C" { + /* Temporary extension type */ + # define TLSEXT_TYPE_renegotiate 0xff01 + ++/* ExtensionType value from draft-ietf-quic-tls-13 */ ++# define TLSEXT_TYPE_quic_transport_parameters 0xffa5 ++ + # ifndef OPENSSL_NO_NEXTPROTONEG + /* This is not an IANA defined extension number */ + # define TLSEXT_TYPE_next_proto_neg 13172 +diff --git a/deps/openssl/openssl/ssl/build.info b/deps/openssl/openssl/ssl/build.info +index bb2f1deb53..eec0d14f2c 100644 +--- a/deps/openssl/openssl/ssl/build.info ++++ b/deps/openssl/openssl/ssl/build.info +@@ -12,4 +12,5 @@ SOURCE[../libssl]=\ + ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \ + bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \ + record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \ +- statem/statem.c record/ssl3_record_tls13.c ++ statem/statem.c record/ssl3_record_tls13.c \ ++ ssl_quic.c statem/statem_quic.c +diff --git a/deps/openssl/openssl/ssl/s3_msg.c b/deps/openssl/openssl/ssl/s3_msg.c +index 339fb2774a..8d3cd442aa 100644 +--- a/deps/openssl/openssl/ssl/s3_msg.c ++++ b/deps/openssl/openssl/ssl/s3_msg.c +@@ -1,5 +1,5 @@ + /* +- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -75,6 +75,16 @@ int ssl3_dispatch_alert(SSL *s) + + s->s3->alert_dispatch = 0; + alertlen = 2; ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ if (!s->quic_method->send_alert(s, s->quic_write_level, ++ s->s3->send_alert[1])) { ++ SSLerr(SSL_F_SSL3_DISPATCH_ALERT, SSL_R_INTERNAL_ERROR); ++ return 0; ++ } ++ i = 1; ++ } else ++#endif + i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, + &written); + if (i <= 0) { +diff --git a/deps/openssl/openssl/ssl/ssl_ciph.c b/deps/openssl/openssl/ssl/ssl_ciph.c +index 735a483c64..a3fe97597b 100644 +--- a/deps/openssl/openssl/ssl/ssl_ciph.c ++++ b/deps/openssl/openssl/ssl/ssl_ciph.c +@@ -2162,3 +2162,35 @@ int ssl_cert_is_disabled(size_t idx) + return 1; + return 0; + } ++ ++int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c) ++{ ++ switch (c->algorithm2 & (0xFF << TLS1_PRF_DGST_SHIFT)) { ++ default: ++ break; ++ case TLS1_PRF_SHA1_MD5: /* TLS1_PRF */ ++ return NID_md5_sha1; ++ case TLS1_PRF_SHA256: ++ return NID_sha256; ++ case TLS1_PRF_SHA384: ++ return NID_sha384; ++ case TLS1_PRF_GOST94: ++ return NID_id_GostR3411_94_prf; ++ case TLS1_PRF_GOST12_256: ++ return NID_id_GostR3411_2012_256; ++ case TLS1_PRF_GOST12_512: ++ return NID_id_GostR3411_2012_512; ++ } ++ /* TLSv1.3 ciphers don't specify separate PRF */ ++ switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { ++ default: ++ break; ++ case SSL_HANDSHAKE_MAC_MD5_SHA1: /* SSL_HANDSHAKE_MAC_DEFAULT */ ++ return NID_md5_sha1; ++ case SSL_HANDSHAKE_MAC_SHA256: ++ return NID_sha256; ++ case SSL_HANDSHAKE_MAC_SHA384: ++ return NID_sha384; ++ } ++ return NID_undef; ++} +diff --git a/deps/openssl/openssl/ssl/ssl_err.c b/deps/openssl/openssl/ssl/ssl_err.c +index 4b12ed1485..3cdbee2ffa 100644 +--- a/deps/openssl/openssl/ssl/ssl_err.c ++++ b/deps/openssl/openssl/ssl/ssl_err.c +@@ -112,6 +112,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + "ossl_statem_server_post_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0), + "ossl_statem_server_post_work"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PRE_WORK, 0), ++ "ossl_statem_server_pre_work"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0), + "ossl_statem_server_process_message"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0), +@@ -122,6 +124,11 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_CHANGE_CIPHER_STATE, 0), ++ "quic_change_cipher_state"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_GET_MESSAGE, 0), "quic_get_message"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, 0), ++ "quic_set_encryption_secrets"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0), + "set_client_ciphersuite"}, +@@ -139,8 +146,11 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0), + "ssl3_digest_cached_records"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DISPATCH_ALERT, 0), ++ "ssl3_dispatch_alert"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0), + "ssl3_do_change_cipher_spec"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_WRITE, 0), "ssl3_do_write"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0), + "ssl3_final_finish_mac"}, +@@ -302,6 +312,10 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE, 0), ++ "SSL_process_quic_post_handshake"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PROVIDE_QUIC_DATA, 0), ++ "SSL_provide_quic_data"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0), + "SSL_read_early_data"}, +@@ -378,6 +392,7 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_STATEM_FLUSH, 0), "statem_flush"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0), + "tls12_check_peer_sigalg"}, +@@ -479,6 +494,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + "tls_construct_ctos_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0), + "tls_construct_ctos_psk_kex_modes"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS, 0), ++ "tls_construct_ctos_quic_transport_params"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0), + "tls_construct_ctos_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0), +@@ -550,6 +567,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + "tls_construct_stoc_next_proto_neg"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0), + "tls_construct_stoc_psk"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS, 0), ++ "tls_construct_stoc_quic_transport_params"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0), + "tls_construct_stoc_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0), +@@ -596,6 +615,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0), + "tls_parse_ctos_psk_kex_modes"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS, 0), ++ "tls_parse_ctos_quic_transport_params"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0), + "tls_parse_ctos_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0), +@@ -628,6 +649,8 @@ static const ERR_STRING_DATA SSL_str_functs[] = { + "tls_parse_stoc_maxfragmentlen"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"}, ++ {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS, 0), ++ "tls_parse_stoc_quic_transport_params"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0), + "tls_parse_stoc_renegotiate"}, + {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"}, +@@ -905,6 +928,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY), + "insufficient security"}, ++ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INTERNAL_ERROR), "internal error"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE), + "invalid ccs message"}, +@@ -1248,6 +1272,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), + "wrong cipher returned"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, ++ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), ++ "wrong encryption level received"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), + "wrong signature length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), +diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c +index b9adc45a8e..9b318de506 100644 +--- a/deps/openssl/openssl/ssl/ssl_lib.c ++++ b/deps/openssl/openssl/ssl/ssl_lib.c +@@ -839,6 +839,10 @@ SSL *SSL_new(SSL_CTX *ctx) + + s->job = NULL; + ++#ifndef OPENSSL_NO_QUIC ++ s->quic_method = ctx->quic_method; ++#endif ++ + #ifndef OPENSSL_NO_CT + if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, + ctx->ct_validation_callback_arg)) +@@ -1204,6 +1208,18 @@ void SSL_free(SSL *s) + OPENSSL_free(s->pha_context); + EVP_MD_CTX_free(s->pha_dgst); + ++#ifndef OPENSSL_NO_QUIC ++ OPENSSL_free(s->ext.quic_transport_params); ++ OPENSSL_free(s->ext.peer_quic_transport_params); ++ while (s->quic_input_data_head != NULL) { ++ QUIC_DATA *qd; ++ ++ qd = s->quic_input_data_head; ++ s->quic_input_data_head = qd->next; ++ OPENSSL_free(qd); ++ } ++#endif ++ + sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); + sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); + +@@ -1723,6 +1739,12 @@ static int ssl_io_intern(void *vargs) + + int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) + { ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++#endif + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED); + return -1; +@@ -1855,6 +1877,12 @@ int SSL_get_early_data_status(const SSL *s) + + static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) + { ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ SSLerr(SSL_F_SSL_PEEK_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++#endif + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED); + return -1; +@@ -1915,6 +1943,12 @@ int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes) + + int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) + { ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return -1; ++ } ++#endif + if (s->handshake_func == NULL) { + SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED); + return -1; +@@ -3565,6 +3599,11 @@ int SSL_get_error(const SSL *s, int i) + } + + if (SSL_want_read(s)) { ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ return SSL_ERROR_WANT_READ; ++ } ++#endif + bio = SSL_get_rbio(s); + if (BIO_should_read(bio)) + return SSL_ERROR_WANT_READ; +@@ -3943,7 +3982,7 @@ EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx) + + const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) + { +- if ((s->session != NULL) && (s->session->cipher != NULL)) ++ if (s->session != NULL) + return s->session->cipher; + return NULL; + } +diff --git a/deps/openssl/openssl/ssl/ssl_local.h b/deps/openssl/openssl/ssl/ssl_local.h +index 8ddbde7729..016b253858 100644 +--- a/deps/openssl/openssl/ssl/ssl_local.h ++++ b/deps/openssl/openssl/ssl/ssl_local.h +@@ -315,6 +315,13 @@ + /* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ + # define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 + ++/* Check if an SSL structure is using QUIC (which uses TLSv1.3) */ ++# ifndef OPENSSL_NO_QUIC ++# define SSL_IS_QUIC(s) (s->quic_method != NULL) ++# else ++# define SSL_IS_QUIC(s) 0 ++# endif ++ + /* Check if an SSL structure is using DTLS */ + # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) + +@@ -715,6 +722,7 @@ typedef enum tlsext_index_en { + TLSEXT_IDX_cryptopro_bug, + TLSEXT_IDX_early_data, + TLSEXT_IDX_certificate_authorities, ++ TLSEXT_IDX_quic_transport_params, + TLSEXT_IDX_padding, + TLSEXT_IDX_psk, + /* Dummy index - must always be the last entry */ +@@ -1064,7 +1072,24 @@ struct ssl_ctx_st { + + /* Do we advertise Post-handshake auth support? */ + int pha_enabled; ++ ++#ifndef OPENSSL_NO_QUIC ++ const SSL_QUIC_METHOD *quic_method; ++#endif ++}; ++ ++typedef struct cert_pkey_st CERT_PKEY; ++ ++#ifndef OPENSSL_NO_QUIC ++struct quic_data_st { ++ struct quic_data_st *next; ++ OSSL_ENCRYPTION_LEVEL level; ++ size_t offset; ++ size_t length; + }; ++typedef struct quic_data_st QUIC_DATA; ++int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level); ++#endif + + struct ssl_st { + /* +@@ -1153,6 +1178,11 @@ struct ssl_st { + unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; + unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; + unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; ++# ifndef OPENSSL_NO_QUIC ++ unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; ++ unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; ++ unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; ++# endif + unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; + unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ +@@ -1365,8 +1395,22 @@ struct ssl_st { + * selected. + */ + int tick_identity; ++ ++#ifndef OPENSSL_NO_QUIC ++ uint8_t *quic_transport_params; ++ size_t quic_transport_params_len; ++ uint8_t *peer_quic_transport_params; ++ size_t peer_quic_transport_params_len; ++#endif + } ext; + ++#ifndef OPENSSL_NO_QUIC ++ OSSL_ENCRYPTION_LEVEL quic_read_level; ++ OSSL_ENCRYPTION_LEVEL quic_write_level; ++ QUIC_DATA *quic_input_data_head; ++ QUIC_DATA *quic_input_data_tail; ++ const SSL_QUIC_METHOD *quic_method; ++#endif + /* + * Parsed form of the ClientHello, kept around across client_hello_cb + * calls. +diff --git a/deps/openssl/openssl/ssl/ssl_quic.c b/deps/openssl/openssl/ssl/ssl_quic.c +new file mode 100644 +index 0000000000..2d8accbdd1 +--- /dev/null ++++ b/deps/openssl/openssl/ssl/ssl_quic.c +@@ -0,0 +1,285 @@ ++/* ++ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include "ssl_local.h" ++#include "internal/cryptlib.h" ++#include "internal/refcount.h" ++ ++#ifdef OPENSSL_NO_QUIC ++NON_EMPTY_TRANSLATION_UNIT ++#else ++ ++int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, ++ size_t params_len) ++{ ++ uint8_t *tmp; ++ ++ if (params == NULL || params_len == 0) { ++ tmp = NULL; ++ params_len = 0; ++ } else { ++ tmp = OPENSSL_memdup(params, params_len); ++ if (tmp == NULL) ++ return 0; ++ } ++ ++ OPENSSL_free(ssl->ext.quic_transport_params); ++ ssl->ext.quic_transport_params = tmp; ++ ssl->ext.quic_transport_params_len = params_len; ++ return 1; ++} ++ ++void SSL_get_peer_quic_transport_params(const SSL *ssl, ++ const uint8_t **out_params, ++ size_t *out_params_len) ++{ ++ *out_params = ssl->ext.peer_quic_transport_params; ++ *out_params_len = ssl->ext.peer_quic_transport_params_len; ++} ++ ++size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level) ++{ ++ /* ++ * Limits flights to 16K by default when there are no large ++ * (certificate-carrying) messages. ++ */ ++ static const size_t DEFAULT_FLIGHT_LIMIT = 16384; ++ ++ switch (level) { ++ case ssl_encryption_initial: ++ return DEFAULT_FLIGHT_LIMIT; ++ case ssl_encryption_early_data: ++ /* QUIC does not send EndOfEarlyData. */ ++ return 0; ++ case ssl_encryption_handshake: ++ if (ssl->server) { ++ /* ++ * Servers may receive Certificate message if configured to request ++ * client certificates. ++ */ ++ if ((ssl->verify_mode & SSL_VERIFY_PEER) ++ && ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) ++ return ssl->max_cert_list; ++ } else { ++ /* ++ * Clients may receive both Certificate message and a CertificateRequest ++ * message. ++ */ ++ if (2*ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) ++ return 2 * ssl->max_cert_list; ++ } ++ return DEFAULT_FLIGHT_LIMIT; ++ case ssl_encryption_application: ++ return DEFAULT_FLIGHT_LIMIT; ++ } ++ ++ return 0; ++} ++ ++OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl) ++{ ++ return ssl->quic_read_level; ++} ++ ++OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl) ++{ ++ return ssl->quic_write_level; ++} ++ ++int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len) ++{ ++ size_t l; ++ ++ if (!SSL_IS_QUIC(ssl)) { ++ SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ ++ /* Level can be different than the current read, but not less */ ++ if (level < ssl->quic_read_level ++ || (ssl->quic_input_data_tail != NULL && level < ssl->quic_input_data_tail->level)) { ++ SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); ++ return 0; ++ } ++ ++ /* Split the QUIC messages up, if necessary */ ++ while (len > 0) { ++ QUIC_DATA *qd; ++ const uint8_t *p = data + 1; ++ ++ /* Check for an incomplete block */ ++ qd = ssl->quic_input_data_tail; ++ if (qd != NULL) { ++ l = qd->length - qd->offset; ++ if (l != 0) { ++ /* we still need to copy `l` bytes into the last data block */ ++ if (l > len) ++ l = len; ++ memcpy((char*)(qd+1) + qd->offset, data, l); ++ qd->offset += l; ++ len -= l; ++ data += l; ++ continue; ++ } ++ } ++ ++ n2l3(p, l); ++ l += SSL3_HM_HEADER_LENGTH; ++ ++ qd = OPENSSL_zalloc(sizeof(QUIC_DATA) + l); ++ if (qd == NULL) { ++ SSLerr(SSL_F_SSL_PROVIDE_QUIC_DATA, SSL_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ qd->next = NULL; ++ qd->length = l; ++ qd->level = level; ++ /* partial data received? */ ++ if (l > len) ++ l = len; ++ qd->offset = l; ++ ++ memcpy((void*)(qd + 1), data, l); ++ if (ssl->quic_input_data_tail != NULL) ++ ssl->quic_input_data_tail->next = qd; ++ else ++ ssl->quic_input_data_head = qd; ++ ssl->quic_input_data_tail = qd; ++ ++ data += l; ++ len -= l; ++ } ++ ++ return 1; ++} ++ ++int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) ++{ ++ switch (ctx->method->version) { ++ case DTLS1_VERSION: ++ case DTLS1_2_VERSION: ++ case DTLS_ANY_VERSION: ++ case DTLS1_BAD_VER: ++ return 0; ++ default: ++ break; ++ } ++ ctx->quic_method = quic_method; ++ ctx->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; ++ return 1; ++} ++ ++int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) ++{ ++ switch (ssl->method->version) { ++ case DTLS1_VERSION: ++ case DTLS1_2_VERSION: ++ case DTLS_ANY_VERSION: ++ case DTLS1_BAD_VER: ++ return 0; ++ default: ++ break; ++ } ++ ssl->quic_method = quic_method; ++ ssl->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; ++ return 1; ++} ++ ++int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) ++{ ++ uint8_t *c2s_secret = NULL; ++ uint8_t *s2c_secret = NULL; ++ size_t len; ++ const EVP_MD *md; ++ ++ if (!SSL_IS_QUIC(ssl)) ++ return 1; ++ ++ /* secrets from the POV of the client */ ++ switch (level) { ++ case ssl_encryption_early_data: ++ c2s_secret = ssl->client_early_traffic_secret; ++ break; ++ case ssl_encryption_handshake: ++ c2s_secret = ssl->client_hand_traffic_secret; ++ s2c_secret = ssl->server_hand_traffic_secret; ++ break; ++ case ssl_encryption_application: ++ c2s_secret = ssl->client_app_traffic_secret; ++ s2c_secret = ssl->server_app_traffic_secret; ++ break; ++ default: ++ return 1; ++ } ++ ++ md = ssl_handshake_md(ssl); ++ if (md == NULL) { ++ /* May not have selected cipher, yet */ ++ const SSL_CIPHER *c = NULL; ++ ++ if (ssl->session != NULL) ++ c = SSL_SESSION_get0_cipher(ssl->session); ++ else if (ssl->psksession != NULL) ++ c = SSL_SESSION_get0_cipher(ssl->psksession); ++ ++ if (c != NULL) ++ md = SSL_CIPHER_get_handshake_digest(c); ++ } ++ ++ if ((len = EVP_MD_size(md)) <= 0) { ++ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ ++ if (ssl->server) { ++ if (!ssl->quic_method->set_encryption_secrets(ssl, level, c2s_secret, ++ s2c_secret, len)) { ++ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ } else { ++ if (!ssl->quic_method->set_encryption_secrets(ssl, level, s2c_secret, ++ c2s_secret, len)) { ++ SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_SET_ENCRYPTION_SECRETS, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ } ++ ++ return 1; ++} ++ ++int SSL_process_quic_post_handshake(SSL *ssl) ++{ ++ int ret; ++ ++ if (SSL_in_init(ssl) || !SSL_IS_QUIC(ssl)) { ++ SSLerr(SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); ++ return 0; ++ } ++ ++ ossl_statem_set_in_init(ssl, 1); ++ ret = ssl->handshake_func(ssl); ++ ossl_statem_set_in_init(ssl, 0); ++ ++ if (ret <= 0) ++ return 0; ++ return 1; ++} ++ ++int SSL_is_quic(SSL* ssl) ++{ ++ return SSL_IS_QUIC(ssl); ++} ++ ++#endif +diff --git a/deps/openssl/openssl/ssl/statem/extensions.c b/deps/openssl/openssl/ssl/statem/extensions.c +index 4ef8b417b8..be09afbe71 100644 +--- a/deps/openssl/openssl/ssl/statem/extensions.c ++++ b/deps/openssl/openssl/ssl/statem/extensions.c +@@ -56,6 +56,10 @@ static int final_sig_algs(SSL *s, unsigned int context, int sent); + static int final_early_data(SSL *s, unsigned int context, int sent); + static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); + static int init_post_handshake_auth(SSL *s, unsigned int context); ++#ifndef OPENSSL_NO_QUIC ++static int init_quic_transport_params(SSL *s, unsigned int context); ++static int final_quic_transport_params(SSL *s, unsigned int context, int sent); ++#endif + + /* Structure to define a built-in extension */ + typedef struct extensions_definition_st { +@@ -373,6 +377,19 @@ static const EXTENSION_DEFINITION ext_defs[] = { + tls_construct_certificate_authorities, + tls_construct_certificate_authorities, NULL, + }, ++#ifndef OPENSSL_NO_QUIC ++ { ++ TLSEXT_TYPE_quic_transport_parameters, ++ SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS ++ | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, ++ init_quic_transport_params, ++ tls_parse_ctos_quic_transport_params, tls_parse_stoc_quic_transport_params, ++ tls_construct_stoc_quic_transport_params, tls_construct_ctos_quic_transport_params, ++ final_quic_transport_params, ++ }, ++#else ++ INVALID_EXTENSION, ++#endif + { + /* Must be immediately before pre_shared_key */ + TLSEXT_TYPE_padding, +@@ -1701,3 +1718,15 @@ static int init_post_handshake_auth(SSL *s, unsigned int context) + + return 1; + } ++ ++#ifndef OPENSSL_NO_QUIC ++static int init_quic_transport_params(SSL *s, unsigned int context) ++{ ++ return 1; ++} ++ ++static int final_quic_transport_params(SSL *s, unsigned int context, int sent) ++{ ++ return 1; ++} ++#endif +diff --git a/deps/openssl/openssl/ssl/statem/extensions_clnt.c b/deps/openssl/openssl/ssl/statem/extensions_clnt.c +index bcce0f1d95..a9f73f07dc 100644 +--- a/deps/openssl/openssl/ssl/statem/extensions_clnt.c ++++ b/deps/openssl/openssl/ssl/statem/extensions_clnt.c +@@ -1214,7 +1214,28 @@ EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, + #endif + } + ++#ifndef OPENSSL_NO_QUIC ++/* SAME AS tls_construct_stoc_quic_transport_params() */ ++EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, ++ unsigned int context, X509 *x, ++ size_t chainidx) ++{ ++ if (s->ext.quic_transport_params == NULL ++ || s->ext.quic_transport_params_len == 0) { ++ return EXT_RETURN_NOT_SENT; ++ } ++ ++ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) ++ || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, ++ s->ext.quic_transport_params_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS, ERR_R_INTERNAL_ERROR); ++ return EXT_RETURN_FAIL; ++ } + ++ return EXT_RETURN_SENT; ++} ++#endif + /* + * Parse the server's renegotiation binding and abort if it's not right + */ +@@ -1912,6 +1933,18 @@ int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context, + return 0; + } + ++#ifndef OPENSSL_NO_QUIC ++ /* ++ * QUIC server must send 0xFFFFFFFF or it's a PROTOCOL_VIOLATION ++ * per draft-ietf-quic-tls-24 S4.5 ++ */ ++ if (s->quic_method != NULL && max_early_data != 0xFFFFFFFF) { ++ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA, ++ SSL_R_INVALID_MAX_EARLY_DATA); ++ return 0; ++ } ++#endif ++ + s->session->ext.max_early_data = max_early_data; + + return 1; +@@ -1999,3 +2032,22 @@ int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + + return 1; + } ++#ifndef OPENSSL_NO_QUIC ++/* SAME AS tls_parse_ctos_quic_transport_params() */ ++int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, ++ X509 *x, size_t chainidx) ++{ ++ OPENSSL_free(s->ext.peer_quic_transport_params); ++ s->ext.peer_quic_transport_params = NULL; ++ s->ext.peer_quic_transport_params_len = 0; ++ ++ if (!PACKET_memdup(pkt, ++ &s->ext.peer_quic_transport_params, ++ &s->ext.peer_quic_transport_params_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ return 1; ++} ++#endif +diff --git a/deps/openssl/openssl/ssl/statem/extensions_srvr.c b/deps/openssl/openssl/ssl/statem/extensions_srvr.c +index 3b07c6b940..602c9da314 100644 +--- a/deps/openssl/openssl/ssl/statem/extensions_srvr.c ++++ b/deps/openssl/openssl/ssl/statem/extensions_srvr.c +@@ -1303,6 +1303,26 @@ int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context + return 1; + } + ++#ifndef OPENSSL_NO_QUIC ++/* SAME AS tls_parse_stoc_quic_transport_params() */ ++int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, ++ X509 *x, size_t chainidx) ++{ ++ OPENSSL_free(s->ext.peer_quic_transport_params); ++ s->ext.peer_quic_transport_params = NULL; ++ s->ext.peer_quic_transport_params_len = 0; ++ ++ if (!PACKET_memdup(pkt, ++ &s->ext.peer_quic_transport_params, ++ &s->ext.peer_quic_transport_params_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ return 1; ++} ++#endif ++ + /* + * Add the server's renegotiation binding + */ +@@ -1926,12 +1946,20 @@ EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt, + size_t chainidx) + { + if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { +- if (s->max_early_data == 0) ++ uint32_t max_early_data = s->max_early_data; ++ ++ if (max_early_data == 0) + return EXT_RETURN_NOT_SENT; + ++#ifndef OPENSSL_NO_QUIC ++ /* QUIC server must always send 0xFFFFFFFF, per draft-ietf-quic-tls-24 S4.5 */ ++ if (s->quic_method != NULL) ++ max_early_data = 0xFFFFFFFF; ++#endif ++ + if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) + || !WPACKET_start_sub_packet_u16(pkt) +- || !WPACKET_put_bytes_u32(pkt, s->max_early_data) ++ || !WPACKET_put_bytes_u32(pkt, max_early_data) + || !WPACKET_close(pkt)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR); +@@ -1972,3 +2000,26 @@ EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, + + return EXT_RETURN_SENT; + } ++ ++#ifndef OPENSSL_NO_QUIC ++/* SAME AS tls_construct_ctos_quic_transport_params() */ ++EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, ++ unsigned int context, X509 *x, ++ size_t chainidx) ++{ ++ if (s->ext.quic_transport_params == NULL ++ || s->ext.quic_transport_params_len == 0) { ++ return EXT_RETURN_NOT_SENT; ++ } ++ ++ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) ++ || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, ++ s->ext.quic_transport_params_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ++ SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS, ERR_R_INTERNAL_ERROR); ++ return EXT_RETURN_FAIL; ++ } ++ ++ return EXT_RETURN_SENT; ++} ++#endif +diff --git a/deps/openssl/openssl/ssl/statem/statem.c b/deps/openssl/openssl/ssl/statem/statem.c +index 20f5bd584e..0a8acedebf 100644 +--- a/deps/openssl/openssl/ssl/statem/statem.c ++++ b/deps/openssl/openssl/ssl/statem/statem.c +@@ -575,6 +575,10 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) + * In DTLS we get the whole message in one go - header and body + */ + ret = dtls_get_message(s, &mt, &len); ++#ifndef OPENSSL_NO_QUIC ++ } else if (SSL_IS_QUIC(s)) { ++ ret = quic_get_message(s, &mt, &len); ++#endif + } else { + ret = tls_get_message_header(s, &mt); + } +@@ -604,8 +608,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) + return SUB_STATE_ERROR; + } + +- /* dtls_get_message already did this */ +- if (!SSL_IS_DTLS(s) ++ /* dtls_get_message/quic_get_message already did this */ ++ if (!SSL_IS_DTLS(s) && !SSL_IS_QUIC(s) + && s->s3->tmp.message_size > 0 + && !grow_init_buf(s, s->s3->tmp.message_size + + SSL3_HM_HEADER_LENGTH)) { +@@ -618,8 +622,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s) + /* Fall through */ + + case READ_STATE_BODY: +- if (!SSL_IS_DTLS(s)) { +- /* We already got this above for DTLS */ ++ if (!SSL_IS_DTLS(s) && !SSL_IS_QUIC(s)) { ++ /* We already got this above for DTLS & QUIC */ + ret = tls_get_message_body(s, &len); + if (ret == 0) { + /* Could be non-blocking IO */ +@@ -900,6 +904,15 @@ static SUB_STATE_RETURN write_state_machine(SSL *s) + int statem_flush(SSL *s) + { + s->rwstate = SSL_WRITING; ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) { ++ if (!s->quic_method->flush_flight(s)) { ++ /* NOTE: BIO_flush() does not generate an error */ ++ SSLerr(SSL_F_STATEM_FLUSH, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ } else ++#endif + if (BIO_flush(s->wbio) <= 0) { + return 0; + } +diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c +index 64e392cfbf..aa2f5ad3f4 100644 +--- a/deps/openssl/openssl/ssl/statem/statem_clnt.c ++++ b/deps/openssl/openssl/ssl/statem/statem_clnt.c +@@ -909,6 +909,14 @@ int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt, + break; + + case TLS_ST_CW_END_OF_EARLY_DATA: ++#ifndef OPENSSL_NO_QUIC ++ /* QUIC does not send EndOfEarlyData, draft-ietf-quic-tls-24 S8.3 */ ++ if (s->quic_method != NULL) { ++ *confunc = NULL; ++ *mt = SSL3_MT_DUMMY; ++ break; ++ } ++#endif + *confunc = tls_construct_end_of_early_data; + *mt = SSL3_MT_END_OF_EARLY_DATA; + break; +diff --git a/deps/openssl/openssl/ssl/statem/statem_lib.c b/deps/openssl/openssl/ssl/statem/statem_lib.c +index 43d6fd5de9..09e7575832 100644 +--- a/deps/openssl/openssl/ssl/statem/statem_lib.c ++++ b/deps/openssl/openssl/ssl/statem/statem_lib.c +@@ -42,9 +42,23 @@ int ssl3_do_write(SSL *s, int type) + { + int ret; + size_t written = 0; ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s) && type == SSL3_RT_HANDSHAKE) { ++ ret = s->quic_method->add_handshake_data(s, s->quic_write_level, ++ (const uint8_t*)&s->init_buf->data[s->init_off], ++ s->init_num); ++ if (!ret) { ++ ret = -1; ++ /* QUIC can't sent anything out sice the above failed */ ++ SSLerr(SSL_F_SSL3_DO_WRITE, SSL_R_INTERNAL_ERROR); ++ } else { ++ written = s->init_num; ++ } ++ } else ++#endif ++ ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], ++ s->init_num, &written); + +- ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], +- s->init_num, &written); + if (ret < 0) + return -1; + if (type == SSL3_RT_HANDSHAKE) +@@ -1157,6 +1171,7 @@ int tls_get_message_header(SSL *s, int *mt) + + do { + while (s->init_num < SSL3_HM_HEADER_LENGTH) { ++ /* QUIC: either create a special ssl_read_bytes... or if/else this */ + i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, + &p[s->init_num], + SSL3_HM_HEADER_LENGTH - s->init_num, +diff --git a/deps/openssl/openssl/ssl/statem/statem_local.h b/deps/openssl/openssl/ssl/statem/statem_local.h +index e27c0c13a2..1551dac952 100644 +--- a/deps/openssl/openssl/ssl/statem/statem_local.h ++++ b/deps/openssl/openssl/ssl/statem/statem_local.h +@@ -93,6 +93,7 @@ WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst); + __owur int tls_get_message_header(SSL *s, int *mt); + __owur int tls_get_message_body(SSL *s, size_t *len); + __owur int dtls_get_message(SSL *s, int *mt, size_t *len); ++__owur int quic_get_message(SSL *s, int *mt, size_t *len); + + /* Message construction and processing functions */ + __owur int tls_process_initial_server_flight(SSL *s); +@@ -236,6 +237,10 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); + int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); ++#ifndef OPENSSL_NO_QUIC ++int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, ++ X509 *x, size_t chainidx); ++#endif + + EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, + unsigned int context, X509 *x, +@@ -298,6 +303,11 @@ EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt, + size_t chainidx); + EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); ++#ifndef OPENSSL_NO_QUIC ++EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, ++ unsigned int context, X509 *x, ++ size_t chainidx); ++#endif + + /* Client Extension processing */ + EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, +@@ -368,6 +378,11 @@ EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); + EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); ++#ifndef OPENSSL_NO_QUIC ++EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, ++ unsigned int context, X509 *x, ++ size_t chainidx); ++#endif + + int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, + X509 *x, size_t chainidx); +@@ -413,6 +428,10 @@ int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); + int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, + size_t chainidx); ++#ifndef OPENSSL_NO_QUIC ++int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, ++ X509 *x, size_t chainidx); ++#endif + + int tls_handle_alpn(SSL *s); + +diff --git a/deps/openssl/openssl/ssl/statem/statem_quic.c b/deps/openssl/openssl/ssl/statem/statem_quic.c +new file mode 100644 +index 0000000000..eb1a76ec9d +--- /dev/null ++++ b/deps/openssl/openssl/ssl/statem/statem_quic.c +@@ -0,0 +1,109 @@ ++/* ++ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the Apache License 2.0 (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include "../ssl_local.h" ++#include "statem_local.h" ++#include "internal/cryptlib.h" ++ ++#ifdef OPENSSL_NO_QUIC ++NON_EMPTY_TRANSLATION_UNIT ++#else ++ ++int quic_get_message(SSL *s, int *mt, size_t *len) ++{ ++ size_t l; ++ QUIC_DATA *qd = s->quic_input_data_head; ++ uint8_t *p; ++ ++ if (qd == NULL || (qd->length - qd->offset) != 0) { ++ s->rwstate = SSL_READING; ++ *len = 0; ++ return 0; ++ } ++ ++ /* This is where we check for the proper level, not when data is given */ ++ if (qd->level != s->quic_read_level) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, ++ SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); ++ *len = 0; ++ return 0; ++ } ++ ++ if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_GET_MESSAGE, ++ ERR_R_BUF_LIB); ++ *len = 0; ++ return 0; ++ } ++ ++ /* Copy buffered data */ ++ memcpy(s->init_buf->data, (void*)(qd + 1), qd->length); ++ s->init_buf->length = qd->length; ++ s->quic_input_data_head = qd->next; ++ if (s->quic_input_data_head == NULL) ++ s->quic_input_data_tail = NULL; ++ OPENSSL_free(qd); ++ ++ s->s3->tmp.message_type = *mt = *(s->init_buf->data); ++ p = (uint8_t*)s->init_buf->data + 1; ++ n2l3(p, l); ++ s->init_num = s->s3->tmp.message_size = *len = l; ++ s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; ++ ++ /* No CCS in QUIC/TLSv1.3? */ ++ if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) { ++ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, ++ SSL_F_QUIC_GET_MESSAGE, ++ SSL_R_CCS_RECEIVED_EARLY); ++ *len = 0; ++ return 0; ++ } ++ ++ /* ++ * If receiving Finished, record MAC of prior handshake messages for ++ * Finished verification. ++ */ ++ if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { ++ /* SSLfatal() already called */ ++ *len = 0; ++ return 0; ++ } ++ ++ /* ++ * We defer feeding in the HRR until later. We'll do it as part of ++ * processing the message ++ * The TLsv1.3 handshake transcript stops at the ClientFinished ++ * message. ++ */ ++#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) ++ /* KeyUpdate and NewSessionTicket do not need to be added */ ++ if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET ++ && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) { ++ if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO ++ || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE ++ || memcmp(hrrrandom, ++ s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, ++ SSL3_RANDOM_SIZE) != 0) { ++ if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, ++ s->init_num + SSL3_HM_HEADER_LENGTH)) { ++ /* SSLfatal() already called */ ++ *len = 0; ++ return 0; ++ } ++ } ++ } ++ if (s->msg_callback) ++ s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, ++ (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, ++ s->msg_callback_arg); ++ ++ return 1; ++} ++ ++#endif +diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c +index 14cb27e6db..ffa89d3b54 100644 +--- a/deps/openssl/openssl/ssl/statem/statem_srvr.c ++++ b/deps/openssl/openssl/ssl/statem/statem_srvr.c +@@ -72,7 +72,8 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) + return 1; + } + break; +- } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { ++ } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED ++ && !SSL_IS_QUIC(s)) { + if (mt == SSL3_MT_END_OF_EARLY_DATA) { + st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; + return 1; +diff --git a/deps/openssl/openssl/ssl/tls13_enc.c b/deps/openssl/openssl/ssl/tls13_enc.c +index 86754dc967..a05401bfdc 100644 +--- a/deps/openssl/openssl/ssl/tls13_enc.c ++++ b/deps/openssl/openssl/ssl/tls13_enc.c +@@ -427,27 +427,140 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md, + return 0; + } + +-int tls13_change_cipher_state(SSL *s, int which) +-{ + #ifdef CHARSET_EBCDIC +- static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; +- static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; +- static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; +- static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; +- static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; +- static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; +- static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; +- static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; ++static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; ++static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; ++static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; ++static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; ++static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; ++static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; ++static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; ++static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + #else +- static const unsigned char client_early_traffic[] = "c e traffic"; +- static const unsigned char client_handshake_traffic[] = "c hs traffic"; +- static const unsigned char client_application_traffic[] = "c ap traffic"; +- static const unsigned char server_handshake_traffic[] = "s hs traffic"; +- static const unsigned char server_application_traffic[] = "s ap traffic"; +- static const unsigned char exporter_master_secret[] = "exp master"; +- static const unsigned char resumption_master_secret[] = "res master"; +- static const unsigned char early_exporter_master_secret[] = "e exp master"; ++static const unsigned char client_early_traffic[] = "c e traffic"; ++static const unsigned char client_handshake_traffic[] = "c hs traffic"; ++static const unsigned char client_application_traffic[] = "c ap traffic"; ++static const unsigned char server_handshake_traffic[] = "s hs traffic"; ++static const unsigned char server_application_traffic[] = "s ap traffic"; ++static const unsigned char exporter_master_secret[] = "exp master"; ++static const unsigned char resumption_master_secret[] = "res master"; ++static const unsigned char early_exporter_master_secret[] = "e exp master"; + #endif ++#ifndef OPENSSL_NO_QUIC ++static int quic_change_cipher_state(SSL *s, int which) ++{ ++ unsigned char hash[EVP_MAX_MD_SIZE]; ++ size_t hashlen = 0; ++ int hashleni; ++ int ret = 0; ++ const EVP_MD *md = NULL; ++ OSSL_ENCRYPTION_LEVEL level = ssl_encryption_initial; ++ int is_handshake = ((which & SSL3_CC_HANDSHAKE) == SSL3_CC_HANDSHAKE); ++ int is_client_read = ((which & SSL3_CHANGE_CIPHER_CLIENT_READ) == SSL3_CHANGE_CIPHER_CLIENT_READ); ++ int is_server_write = ((which & SSL3_CHANGE_CIPHER_SERVER_WRITE) == SSL3_CHANGE_CIPHER_SERVER_WRITE); ++ int is_early = (which & SSL3_CC_EARLY); ++ ++ md = ssl_handshake_md(s); ++ if (!ssl3_digest_cached_records(s, 1) ++ || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { ++ /* SSLfatal() already called */; ++ goto err; ++ } ++ ++ /* Ensure cast to size_t is safe */ ++ hashleni = EVP_MD_size(md); ++ if (!ossl_assert(hashleni >= 0)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_QUIC_CHANGE_CIPHER_STATE, ++ ERR_R_EVP_LIB); ++ goto err; ++ } ++ hashlen = (size_t)hashleni; ++ ++ if (is_client_read || is_server_write) { ++ if (is_handshake) { ++ level = ssl_encryption_handshake; ++ ++ if (!tls13_hkdf_expand(s, md, s->handshake_secret, client_handshake_traffic, ++ sizeof(client_handshake_traffic)-1, hash, hashlen, ++ s->client_hand_traffic_secret, hashlen, 1) ++ || !ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, s->client_hand_traffic_secret, hashlen) ++ || !tls13_derive_finishedkey(s, md, s->client_hand_traffic_secret, ++ s->client_finished_secret, hashlen) ++ || !tls13_hkdf_expand(s, md, s->handshake_secret, server_handshake_traffic, ++ sizeof(server_handshake_traffic)-1, hash, hashlen, ++ s->server_hand_traffic_secret, hashlen, 1) ++ || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, s->server_hand_traffic_secret, hashlen) ++ || !tls13_derive_finishedkey(s, md, s->server_hand_traffic_secret, ++ s->server_finished_secret, hashlen)) { ++ /* SSLfatal() already called */ ++ goto err; ++ } ++ } else { ++ level = ssl_encryption_application; ++ ++ if (!tls13_hkdf_expand(s, md, s->master_secret, client_application_traffic, ++ sizeof(client_application_traffic)-1, hash, hashlen, ++ s->client_app_traffic_secret, hashlen, 1) ++ || !ssl_log_secret(s, CLIENT_APPLICATION_LABEL, s->client_app_traffic_secret, hashlen) ++ || !tls13_hkdf_expand(s, md, s->master_secret, server_application_traffic, ++ sizeof(server_application_traffic)-1, hash, hashlen, ++ s->server_app_traffic_secret, hashlen, 1) ++ || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, s->server_app_traffic_secret, hashlen)) { ++ /* SSLfatal() already called */ ++ goto err; ++ } ++ } ++ if (!quic_set_encryption_secrets(s, level)) { ++ /* SSLfatal() already called */ ++ goto err; ++ } ++ if (s->server) ++ s->quic_write_level = level; ++ else ++ s->quic_read_level = level; ++ } else { ++ /* is_client_write || is_server_read */ ++ ++ if (is_early) { ++ level = ssl_encryption_early_data; ++ ++ if (!tls13_hkdf_expand(s, md, s->early_secret, client_early_traffic, ++ sizeof(client_early_traffic)-1, hash, hashlen, ++ s->client_early_traffic_secret, hashlen, 1) ++ || !ssl_log_secret(s, CLIENT_EARLY_LABEL, s->client_early_traffic_secret, hashlen) ++ || !quic_set_encryption_secrets(s, level)) { ++ /* SSLfatal() already called */ ++ goto err; ++ } ++ } else if (is_handshake) { ++ level = ssl_encryption_handshake; ++ } else { ++ level = ssl_encryption_application; ++ /* ++ * We also create the resumption master secret, but this time use the ++ * hash for the whole handshake including the Client Finished ++ */ ++ if (!tls13_hkdf_expand(s, md, s->master_secret, resumption_master_secret, ++ sizeof(resumption_master_secret)-1, hash, hashlen, ++ s->resumption_master_secret, hashlen, 1)) { ++ /* SSLfatal() already called */ ++ goto err; ++ } ++ } ++ ++ if (s->server) ++ s->quic_read_level = level; ++ else ++ s->quic_write_level = level; ++ } ++ ++ ret = 1; ++ err: ++ return ret; ++} ++#endif /* OPENSSL_NO_QUIC */ ++int tls13_change_cipher_state(SSL *s, int which) ++{ + unsigned char *iv; + unsigned char secret[EVP_MAX_MD_SIZE]; + unsigned char hashval[EVP_MAX_MD_SIZE]; +@@ -463,6 +576,11 @@ int tls13_change_cipher_state(SSL *s, int which) + const EVP_MD *md = NULL; + const EVP_CIPHER *cipher = NULL; + ++#ifndef OPENSSL_NO_QUIC ++ if (SSL_IS_QUIC(s)) ++ return quic_change_cipher_state(s, which); ++#endif ++ + if (which & SSL3_CC_READ) { + if (s->enc_read_ctx != NULL) { + EVP_CIPHER_CTX_reset(s->enc_read_ctx); +@@ -707,6 +825,7 @@ int tls13_change_cipher_state(SSL *s, int which) + s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS; + else + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ++ + ret = 1; + err: + OPENSSL_cleanse(secret, sizeof(secret)); +diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c +index 5c118108ef..fc06e4faa0 100644 +--- a/deps/openssl/openssl/test/sslapitest.c ++++ b/deps/openssl/openssl/test/sslapitest.c +@@ -6471,6 +6471,135 @@ static int test_servername(int tst) + return testresult; + } + ++#ifndef OPENSSL_NO_QUIC ++ ++static int test_quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *read_secret, ++ const uint8_t *write_secret, size_t secret_len) ++{ ++ test_printf_stderr("quic_set_encryption_secrets() %s, lvl=%d, len=%zd\n", ++ ssl->server ? "server" : "client", level, secret_len); ++ return 1; ++} ++static int test_quic_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, ++ const uint8_t *data, size_t len) ++{ ++ SSL *peer = (SSL*)SSL_get_app_data(ssl); ++ ++ test_printf_stderr("quic_add_handshake_data() %s, lvl=%d, *data=0x%02X, len=%zd\n", ++ ssl->server ? "server" : "client", level, (int)*data, len); ++ if (!TEST_ptr(peer)) ++ return 0; ++ ++ if (!TEST_true(SSL_provide_quic_data(peer, level, data, len))) { ++ ERR_print_errors_fp(stderr); ++ return 0; ++ } ++ ++ return 1; ++} ++static int test_quic_flush_flight(SSL *ssl) ++{ ++ test_printf_stderr("quic_flush_flight() %s\n", ssl->server ? "server" : "client"); ++ return 1; ++} ++static int test_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert) ++{ ++ test_printf_stderr("quic_send_alert() %s, lvl=%d, alert=%d\n", ++ ssl->server ? "server" : "client", level, alert); ++ return 1; ++} ++ ++static SSL_QUIC_METHOD quic_method = { ++ test_quic_set_encryption_secrets, ++ test_quic_add_handshake_data, ++ test_quic_flush_flight, ++ test_quic_send_alert, ++}; ++static int test_quic_api(void) ++{ ++ SSL_CTX *cctx = NULL, *sctx = NULL; ++ SSL *clientssl = NULL, *serverssl = NULL; ++ int testresult = 0; ++ static const char *server_str = "SERVER"; ++ static const char *client_str = "CLIENT"; ++ const uint8_t *peer_str; ++ size_t peer_str_len; ++ ++ /* Clean up logging space */ ++ memset(client_log_buffer, 0, sizeof(client_log_buffer)); ++ memset(server_log_buffer, 0, sizeof(server_log_buffer)); ++ client_log_buffer_index = 0; ++ server_log_buffer_index = 0; ++ error_writing_log = 0; ++ ++ ++ if (!TEST_ptr(sctx = SSL_CTX_new(TLS_server_method())) ++ || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) ++ || !TEST_ptr(sctx->quic_method) ++ || !TEST_ptr(serverssl = SSL_new(sctx)) ++ || !TEST_true(SSL_IS_QUIC(serverssl)) ++ || !TEST_true(SSL_set_quic_method(serverssl, NULL)) ++ || !TEST_false(SSL_IS_QUIC(serverssl)) ++ || !TEST_true(SSL_set_quic_method(serverssl, &quic_method)) ++ || !TEST_true(SSL_IS_QUIC(serverssl))) ++ goto end; ++ ++ SSL_CTX_free(sctx); ++ sctx = NULL; ++ SSL_free(serverssl); ++ serverssl = NULL; ++ ++ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), ++ TLS_client_method(), ++ TLS1_3_VERSION, 0, ++ &sctx, &cctx, cert, privkey)) ++ || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) ++ || !TEST_true(SSL_CTX_set_quic_method(cctx, &quic_method)) ++ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, ++ &clientssl, NULL, NULL)) ++ || !TEST_true(SSL_set_quic_transport_params(serverssl, ++ (unsigned char*)server_str, ++ sizeof(server_str))) ++ || !TEST_true(SSL_set_quic_transport_params(clientssl, ++ (unsigned char*)client_str, ++ sizeof(client_str))) ++ || !TEST_true(SSL_set_app_data(serverssl, clientssl)) ++ || !TEST_true(SSL_set_app_data(clientssl, serverssl)) ++ || !TEST_true(create_ssl_connection(serverssl, clientssl, ++ SSL_ERROR_NONE)) ++ || !TEST_true(SSL_version(serverssl) == TLS1_3_VERSION) ++ || !TEST_true(SSL_version(clientssl) == TLS1_3_VERSION) ++ || !(TEST_int_eq(SSL_quic_read_level(clientssl), ssl_encryption_application)) ++ || !(TEST_int_eq(SSL_quic_read_level(serverssl), ssl_encryption_application)) ++ || !(TEST_int_eq(SSL_quic_write_level(clientssl), ssl_encryption_application)) ++ || !(TEST_int_eq(SSL_quic_write_level(serverssl), ssl_encryption_application))) ++ goto end; ++ ++ SSL_get_peer_quic_transport_params(serverssl, &peer_str, &peer_str_len); ++ if (!TEST_mem_eq(peer_str, peer_str_len, client_str, sizeof(client_str))) ++ goto end; ++ SSL_get_peer_quic_transport_params(clientssl, &peer_str, &peer_str_len); ++ if (!TEST_mem_eq(peer_str, peer_str_len, server_str, sizeof(server_str))) ++ goto end; ++ ++ /* Deal with two NewSessionTickets */ ++ if (!TEST_true(SSL_process_quic_post_handshake(clientssl)) ++ || !TEST_true(SSL_process_quic_post_handshake(clientssl))) ++ goto end; ++ ++ testresult = 1; ++ ++end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++} ++#endif ++ + int setup_tests(void) + { + if (!TEST_ptr(certsdir = test_get_argument(0)) +@@ -6590,6 +6719,9 @@ int setup_tests(void) + ADD_ALL_TESTS(test_client_cert_cb, 2); + ADD_ALL_TESTS(test_ca_names, 3); + ADD_ALL_TESTS(test_servername, 10); ++#ifndef OPENSSL_NO_QUIC ++ ADD_TEST(test_quic_api); ++#endif + return 1; + } + +diff --git a/deps/openssl/openssl/test/ssltestlib.c b/deps/openssl/openssl/test/ssltestlib.c +index 456afdf471..5f61e63390 100644 +--- a/deps/openssl/openssl/test/ssltestlib.c ++++ b/deps/openssl/openssl/test/ssltestlib.c +@@ -917,6 +917,11 @@ int create_ssl_connection(SSL *serverssl, SSL *clientssl, int want) + if (!create_bare_ssl_connection(serverssl, clientssl, want, 1)) + return 0; + ++#ifndef OPENSSL_NO_QUIC ++ /* QUIC does not support SSL_read_ex */ ++ if (SSL_is_quic(clientssl)) ++ return 1; ++#endif + /* + * We attempt to read some data on the client side which we expect to fail. + * This will ensure we have received the NewSessionTicket in TLSv1.3 where +diff --git a/deps/openssl/openssl/test/tls13secretstest.c b/deps/openssl/openssl/test/tls13secretstest.c +index 52fc2b6673..970c2f4aae 100644 +--- a/deps/openssl/openssl/test/tls13secretstest.c ++++ b/deps/openssl/openssl/test/tls13secretstest.c +@@ -216,6 +216,13 @@ int ossl_statem_export_early_allowed(SSL *s) + return 1; + } + ++#ifndef OPENSSL_NO_QUIC ++int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) ++{ ++ return 1; ++} ++#endif ++ + /* End of mocked out code */ + + static int test_secret(SSL *s, unsigned char *prk, +diff --git a/deps/openssl/openssl/util/libssl.num b/deps/openssl/openssl/util/libssl.num +index 297522c363..15785fe10d 100644 +--- a/deps/openssl/openssl/util/libssl.num ++++ b/deps/openssl/openssl/util/libssl.num +@@ -498,3 +498,14 @@ SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION: + SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION: + SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION: + SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION: ++SSL_quic_read_level 10094 1_1_1d EXIST::FUNCTION:QUIC ++SSL_set_quic_transport_params 10095 1_1_1d EXIST::FUNCTION:QUIC ++SSL_CIPHER_get_prf_nid 10096 1_1_1d EXIST::FUNCTION: ++SSL_is_quic 10097 1_1_1d EXIST::FUNCTION:QUIC ++SSL_get_peer_quic_transport_params 10098 1_1_1d EXIST::FUNCTION:QUIC ++SSL_quic_write_level 10099 1_1_1d EXIST::FUNCTION:QUIC ++SSL_CTX_set_quic_method 10100 1_1_1d EXIST::FUNCTION:QUIC ++SSL_set_quic_method 10101 1_1_1d EXIST::FUNCTION:QUIC ++SSL_quic_max_handshake_flight_len 10102 1_1_1d EXIST::FUNCTION:QUIC ++SSL_process_quic_post_handshake 10103 1_1_1d EXIST::FUNCTION:QUIC ++SSL_provide_quic_data 10104 1_1_1d EXIST::FUNCTION:QUIC +diff --git a/deps/openssl/openssl/util/private.num b/deps/openssl/openssl/util/private.num +index bc7d967b5d..eb3d409f6e 100644 +--- a/deps/openssl/openssl/util/private.num ++++ b/deps/openssl/openssl/util/private.num +@@ -91,6 +91,8 @@ custom_ext_free_cb datatype + custom_ext_parse_cb datatype + pem_password_cb datatype + ssl_ct_validation_cb datatype ++OSSL_ENCRYPTION_LEVEL datatype ++SSL_QUIC_METHOD datatype + # + BIO_append_filename define + BIO_destroy_bio_pair define +-- +2.26.0.windows.1 + diff --git a/doc/guides/maintaining-openssl.md b/doc/guides/maintaining-openssl.md index 34deb05523..4c391d584c 100644 --- a/doc/guides/maintaining-openssl.md +++ b/doc/guides/maintaining-openssl.md @@ -53,6 +53,28 @@ This updates all sources in deps/openssl/openssl by: $ git commit openssl ``` +#### Updating the QUIC APIs + +The APIs to support the QUIC implementation are a port of the BoringSSL +implementation that has not yet landed in OpenSSL. They must be re-applied +separately after updating the openssl source as described above. The +current patch implementation can be found in the `deps/openssl/patches` +directory in the file `0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch`. + +```text + $ git am deps/openssl/patches 0001-deps-add-support-for-BoringSSL-QUIC-APIs.patch +``` + +The patch file itself is generated by squashing commits from the +`OpenSSL_1_1_1d-quic` fork of the Akamai OpenSSL fork located +[here](https://github.com/akamai/openssl), starting with +[this commit](https://github.com/akamai/openssl/commit/f910151a5b60eb7b90d274332368226cc67479df), +then applying additional edits to update the implementation to +openssl-1.1.1e. As OpenSSL updates are made, additional updates +to the patch may be necessary to keep the patch in sync. + +The patch is currently supported only for openssl-1.1.1e. + ## 2. Execute `make` in `deps/openssl/config` directory Use `make` to regenerate all platform dependent files in |