Skip to content

Commit

Permalink
deps: Add interface required to implement QUIC draft-17
Browse files Browse the repository at this point in the history 
Ported from
tatsuhiro-t/openssl@920a331

PR-URL: nodejs#6
Reviewed-By: Daniel Bevenius <[email protected]>
  • Loading branch information
@jasnell @juanarbol
jasnell authored and juanarbol committed Dec 17, 2019
1 parent 08d13b4 commit 3541a29
Show file tree
Hide file tree
Showing 7 changed files with 227 additions and 21 deletions.
19 changes: 19 additions & 0 deletions deps/openssl/openssl/include/openssl/ssl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -507,6 +507,11 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
*/
# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U

/*
* Support QUIC Hack
*/
# define SSL_MODE_QUIC_HACK 0x00000800U

/* Cert related flags */
/*
* Many implementations ignore some aspects of the TLS standards such as
Expand Down Expand Up @@ -634,6 +639,20 @@ void SSL_set_msg_callback(SSL *ssl,
# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

typedef enum {
SSL_KEY_CLIENT_EARLY_TRAFFIC,
SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC,
SSL_KEY_CLIENT_APPLICATION_TRAFFIC,
SSL_KEY_SERVER_HANDSHAKE_TRAFFIC,
SSL_KEY_SERVER_APPLICATION_TRAFFIC
} OSSL_KEY_TYPE;

void SSL_set_key_callback(SSL *ssl,
int (*cb)(SSL *ssl, int name,
const unsigned char *secret,
size_t secretlen, void *arg),
void *arg);

# define SSL_get_extms_support(s) \
SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)

Expand Down
136 changes: 136 additions & 0 deletions deps/openssl/openssl/ssl/record/rec_layer_s3.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
#include <assert.h>
#include "../ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
Expand Down Expand Up @@ -347,6 +348,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
int i;
size_t tmpwrit;

if (s->mode & SSL_MODE_QUIC_HACK) {
/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
return i;
}
}

s->rwstate = SSL_WRITING;
*written = len;

return 1;
}

s->rwstate = SSL_NOTHING;
tot = s->rlayer.wnum;
/*
Expand Down Expand Up @@ -667,6 +684,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t totlen = 0, len, wpinited = 0;
size_t j;

if (s->mode & SSL_MODE_QUIC_HACK) {
assert(0);
}

for (j = 0; j < numpipes; j++)
totlen += pipelens[j];
/*
Expand Down Expand Up @@ -1131,6 +1152,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
size_t currbuf = 0;
size_t tmpwrit = 0;

if (s->mode & SSL_MODE_QUIC_HACK) {
assert(0);
}

if ((s->rlayer.wpend_tot > len)
|| (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
&& (s->rlayer.wpend_buf != buf))
Expand Down Expand Up @@ -1234,6 +1259,117 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
}

if (s->mode & SSL_MODE_QUIC_HACK) {
/* In QUIC, we only expect handshake protocol. Alerts are
notified by decicated API function. */
if (!ossl_statem_get_in_handshake(s)) {
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);

i = s->handshake_func(s);
/* SSLfatal() already called if appropriate */
if (i < 0)
return i;
if (i == 0) {
return -1;
}
*readbytes = 0;
return 1;
}

if (s->rlayer.packet_length == 0) {
if (rbuf->left < 4) {
if (rbuf->len - rbuf->offset < 4 - rbuf->left) {
memmove(rbuf->buf, rbuf->buf + rbuf->offset - rbuf->left,
rbuf->left);
rbuf->offset = rbuf->left;
}
s->rwstate = SSL_READING;
/* TODO(size_t): Convert this function */
ret = BIO_read(s->rbio, rbuf->buf + rbuf->offset,
rbuf->len - rbuf->offset);
if (ret < 0) {
return -1;
}
/* TODO Check this is really ok */
if (ret == 0) {
*readbytes = 0;
return 1;
}

rbuf->left += ret;
rbuf->offset += ret;

if (rbuf->left < 4) {
*readbytes = 0;
return 1;
}
rbuf->offset -= rbuf->left;
}

switch (rbuf->buf[rbuf->offset]) {
case SSL3_MT_CLIENT_HELLO:
case SSL3_MT_SERVER_HELLO:
case SSL3_MT_NEWSESSION_TICKET:
case SSL3_MT_END_OF_EARLY_DATA:
case SSL3_MT_ENCRYPTED_EXTENSIONS:
case SSL3_MT_CERTIFICATE:
case SSL3_MT_CERTIFICATE_REQUEST:
case SSL3_MT_CERTIFICATE_VERIFY:
case SSL3_MT_FINISHED:
case SSL3_MT_KEY_UPDATE:
case SSL3_MT_MESSAGE_HASH:
break;
default:
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
ERR_R_INTERNAL_ERROR);
return -1;
}

s->rlayer.packet_length = (rbuf->buf[rbuf->offset + 1] << 16)
+ (rbuf->buf[rbuf->offset + 2] << 8)
+ rbuf->buf[rbuf->offset + 3] + 4;
}

if (s->rlayer.packet_length) {
size_t n;

n = len < s->rlayer.packet_length ? len : s->rlayer.packet_length;
if (rbuf->left == 0) {
s->rwstate = SSL_READING;
ret = BIO_read(s->rbio, buf, n);
if (ret >= 0) {
s->rlayer.packet_length -= ret;
*readbytes = ret;
if (recvd_type) {
*recvd_type = SSL3_RT_HANDSHAKE;
}
return 1;
}
return -1;
}

n = n < rbuf->left ? n : rbuf->left;

memcpy(buf, rbuf->buf + rbuf->offset, n);
rbuf->offset += n;
rbuf->left -= n;
s->rlayer.packet_length -= n;
if (rbuf->left == 0) {
rbuf->offset = 0;
}
*readbytes = n;
if (recvd_type) {
*recvd_type = SSL3_RT_HANDSHAKE;
}
return 1;
}

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
ERR_R_INTERNAL_ERROR);
return -1;
}

if ((type && (type != SSL3_RT_APPLICATION_DATA)
&& (type != SSL3_RT_HANDSHAKE)) || (peek
&& (type !=
Expand Down
17 changes: 8 additions & 9 deletions deps/openssl/openssl/ssl/s3_msg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,17 +74,16 @@ int ssl3_dispatch_alert(SSL *s)
size_t written;

s->s3->alert_dispatch = 0;
alertlen = 2;
if (SSL_IS_QUIC(s)) {
if (!s->quic_method->send_alert(s, s->quic_write_level,
s->s3->send_alert[1])) {
SSLerr(SSL_F_SSL3_DISPATCH_ALERT, SSL_R_INTERNAL_ERROR);
return 0;
}
i = 1;

if (!(s->mode & SSL_MODE_QUIC_HACK)) {
alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1,
0, &written);
} else {
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, &written);
s->rwstate = SSL_WRITING;
i = 1;
}

if (i <= 0) {
s->s3->alert_dispatch = 1;
} else {
Expand Down
10 changes: 10 additions & 0 deletions deps/openssl/openssl/ssl/ssl_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4357,6 +4357,16 @@ void SSL_set_msg_callback(SSL *ssl,
SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
}

void SSL_set_key_callback(SSL *ssl,
int (*cb)(SSL *ssl, int name,
const unsigned char *secret,
size_t secretlen, void *arg),
void *arg)
{
ssl->key_callback = cb;
ssl->key_callback_arg = arg;
}

void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
int
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/ssl/ssl_locl.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1141,6 +1141,9 @@ struct ssl_st {
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int (*key_callback)(SSL *ssl, int name, const unsigned char *secret,
size_t secretlen, void *arg);
void *key_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
/* Per connection DANE state */
Expand Down
50 changes: 50 additions & 0 deletions deps/openssl/openssl/ssl/tls13_enc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -778,6 +778,56 @@ int tls13_change_cipher_state(SSL *s, int which)
goto err;
}

if (s->key_callback) {
int type;
if (label == client_early_traffic) {
type = SSL_KEY_CLIENT_EARLY_TRAFFIC;
} else if (label == client_handshake_traffic) {
type = SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC;
} else if (label == client_application_traffic) {
type = SSL_KEY_CLIENT_APPLICATION_TRAFFIC;
} else if (label == server_handshake_traffic) {
type = SSL_KEY_SERVER_HANDSHAKE_TRAFFIC;
} else if (label == server_application_traffic) {
type = SSL_KEY_SERVER_APPLICATION_TRAFFIC;
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (!s->key_callback(s, type, secret, hashlen, s->key_callback_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}

if (s->server) {
switch (type) {
case SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC:
case SSL_KEY_CLIENT_APPLICATION_TRAFFIC:
if (s->rlayer.rbuf.left) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
break;
}
} else {
switch (type) {
case SSL_KEY_SERVER_HANDSHAKE_TRAFFIC:
case SSL_KEY_SERVER_APPLICATION_TRAFFIC:
if (s->rlayer.rbuf.left) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
break;
}
}
}

if (label == server_application_traffic) {
memcpy(s->server_app_traffic_secret, secret, hashlen);
/* Now we create the exporter master secret */
Expand Down
13 changes: 1 addition & 12 deletions deps/openssl/openssl/util/libssl.num
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,15 +498,4 @@ SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION:
SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION:
SSL_set_quic_transport_params 510 3_0_0 EXIST::FUNCTION:QUIC
SSL_get_peer_quic_transport_params 511 3_0_0 EXIST::FUNCTION:QUIC
SSL_quic_max_handshake_flight_len 512 3_0_0 EXIST::FUNCTION:QUIC
SSL_quic_read_level 513 3_0_0 EXIST::FUNCTION:QUIC
SSL_quic_write_level 514 3_0_0 EXIST::FUNCTION:QUIC
SSL_provide_quic_data 515 3_0_0 EXIST::FUNCTION:QUIC
SSL_CTX_set_quic_method 516 3_0_0 EXIST::FUNCTION:QUIC
SSL_set_quic_method 517 3_0_0 EXIST::FUNCTION:QUIC
SSL_process_quic_post_handshake 518 3_0_0 EXIST::FUNCTION:QUIC
SSL_CIPHER_get_prf_nid 519 3_0_0 EXIST::FUNCTION:
SSL_is_quic 520 3_0_0 EXIST::FUNCTION:QUIC
SSL_set_quic_early_data_enabled 521 3_0_0 EXIST::FUNCTION:QUIC
SSL_set_key_callback 502 3_0_0 EXIST::FUNCTION:

0 comments on commit 3541a29

Please sign in to comment.