Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update openssl 1.1.1i #36520

Closed
wants to merge 5 commits into from

Commits on Dec 15, 2020

  1. Configuration menu
    Copy the full SHA
    71b887b View commit details
    Browse the repository at this point in the history
  2. deps: upgrade openssl sources to 1.1.1i

    This updates all sources in deps/openssl/openssl by:
        $ cd deps/openssl/
        $ rm -rf openssl
        $ tar zxf ~/tmp/openssl-1.1.1i.tar.gz
        $ mv openssl-1.1.1i openssl
        $ git add --all openssl
        $ git commit openssl
    MylesBorins committed Dec 15, 2020
    Configuration menu
    Copy the full SHA
    c4a3bb1 View commit details
    Browse the repository at this point in the history
  3. deps: various quic patches from akamai/openssl

    Add support for BoringSSL QUIC APIs
    
    This is a cherry-pick of 2a4b03a306439307e0b822b17eda3bdabddfbb68
    on the master-quic-support2 branch (2019-10-07)
    Which was a rebase/squash of master-quic-support:
    
    * 5aa62ce Add support for more secrets - Todd Short/Todd Short (master-quic-support)
    * 58e0643 Tweeks to quic_change_cipher_state() - Todd Short/Todd Short
    * 8169702 Move QUIC code out of tls13_change_cipher_state() - Todd Short/Todd Short
    * a08cfe6 Correctly disable middlebox compat - Todd Short/Todd Short
    * 3a9eabf Add OPENSSL_NO_QUIC wrapper - Todd Short/Todd Short
    * f550eca Add client early traffic secret storage - Todd Short/Todd Short
    * 1b787ae Quick fix: s2c to c2s for early secret - Todd Short/Todd Short
    * f97e6a9 Don't process an incomplete message - Todd Short/Todd Short
    * 81f0ce2 Reset init state in SSL_process_quic_post_handshake() - Todd Short/Todd Short
    * 5d59cf9 Fix quic_transport constructors/parsers - Todd Short/Todd Short
    * 5e5f91c Fix INSTALL nit. - Todd Short/Todd Short
    * bd290ab Fix duplicate word in docs - Todd Short/Todd Short
    * 699590b fixup! Handle partial handshake messages - Todd Short/Todd Short
    * a472a8d Handle partial handshake messages - Todd Short/Todd Short
    * 363cf3d fixup! Use proper secrets for handshake - Todd Short/Todd Short
    * b03fee6 Use proper secrets for handshake - Todd Short/Todd Short
    * 2ab1aa0 Move QUIC transport params to encrypted extensions - Todd Short/Todd Short
    * 0d16af9 Make temp secret names less confusing - Todd Short/Todd Short
    * abb6f39 New method to get QUIC secret length - Todd Short/Todd Short
    * 05fdae9 Add support for BoringSSL QUIC APIs - Todd Short/Todd Short
    
    This adds a compatible API for BoringSSL's QUIC support, based
    on the current |draft-ietf-quic-tls|.
    
    Based on BoringSSL commit 3c034b2cf386b3131f75520705491871a2e0cafe
    Based on BoringSSL commit c8e0f90f83b9ec38ea833deb86b5a41360b62b6a
    Based on BoringSSL commit 3cbb0299a28a8bd0136257251a78b91a96c5eec8
    Based on BoringSSL commit cc9d935256539af2d3b7f831abf57c0d685ffd81
    Based on BoringSSL commit e6eef1ca16a022e476bbaedffef044597cfc8f4b
    Based on BoringSSL commit 6f733791148cf8a076bf0e95498235aadbe5926d
    Based on BoringSSL commit 384d0eaf1930af1ebc47eda751f0c78dfcba1c03
    Based on BoringSSL commit a0373182eb5cc7b81d49f434596b473c7801c942
    Based on BoringSSL commit b1b76aee3cb43ce11889403c5334283d951ebd37
    
    New method to get QUIC secret length
    
    Make temp secret names less confusing
    
    Move QUIC transport params to encrypted extensions
    
    Use proper secrets for handshake
    
    fixup! Use proper secrets for handshake
    
    Handle partial handshake messages
    
    fixup! Handle partial handshake messages
    
    Fix duplicate word in docs
    
    Fix INSTALL nit.
    
    Fix quic_transport constructors/parsers
    
    Reset init state in SSL_process_quic_post_handshake()
    
    Don't process an incomplete message
    
    Quick fix: s2c to c2s for early secret
    
    Add client early traffic secret storage
    
    Add OPENSSL_NO_QUIC wrapper
    
    Correctly disable middlebox compat
    
    Move QUIC code out of tls13_change_cipher_state()
    
    Create quic_change_cipher_state() that does the minimal required
    to generate the QUIC secrets. (e.g. encryption contexts are not
    initialized).
    
    Tweeks to quic_change_cipher_state()
    
    Add support for more secrets
    
    Fix resumption secret
    
    (cherry picked from commit 16fafdf4e0ec6cddd5705f407e5dca26cb30914d)
    
    QUIC: Handle EndOfEarlyData and MaxEarlyData
    
    QUIC: Increase HKDF_MAXBUF to 2048
    
    Fall-through for 0RTT
    
    Some cleanup for the main QUIC changes
    
    Try to reduce unneeded whitespace changes and wrap new code to 80 columns.
    Reword documentation to attempt to improve clarity.
    Add some more sanity checks and clarifying comments to the code.
    Update referenced I-D versions.
    
    Prevent KeyUpdate for QUIC
    
    QUIC does not use the TLS KeyUpdate message/mechanism, and indeed
    it is an error to generate or receive such a message.  Add the
    necessary checks (noting that the check for receipt should be
    redundant since SSL_provide_quic_data() is the only way to provide
    input to the TLS layer for a QUIC connection).
    
    Test KeyUpdate rejection
    
    For now, just test that we don't generate any, since we don't really
    expose the mechanics for encrypting one and the QUIC API is not
    integrated into the TLSProxy setup.
    
    Fix out-of-bounds read when TLS msg is split up into multiple chunks
    
    Previously, SSL_provide_quic_data tried to handle this kind of
    situation, but it failed when the length of input data is less than
    SSL3_HM_HEADER_LENGTH.  If that happens, the code might get wrong
    message length by reading value from out-of-bounds region.
    
    Revert "Fix out-of-bounds read when TLS msg is split up into multiple chunks"
    
    This reverts commit 18f993cbdae498111c94a075fd9b115bd8367574.
    
    Test HKDF with empty IKM
    
    Add an extra EVP test that provides empty input key material.
    It currently fails, since attempting to set a zero-length key
    on an EVP_PKEY_CTX results in a call to OPENSSL_memdup() with
    length zero, which returns NULL and is detected as failure.
    
    Allow zero-length HKDF keys
    
    When making a copy to keep in the EVP_PKEY_CTX, allocate a single
    byte for the cached key instead of letting memdup return NULL
    and cause the call to fail.  The length still gets set to zero
    properly, so we don't end up inspecting the allocated byte, but
    it's important to have a non-NULL pointer set.
    
    Buffer all provided quic data
    
    Make all data supplied via SSL_provide_quic_data() pass through an
    internal buffer, so that we can handle data supplied with arbitrary
    framing and only parse complete TLS records onto the list of QUIC_DATA
    managed by quic_input_data_head/quic_input_data_tail.
    
    This lets us remove the concept of "incomplete" QUIC_DATA structures,
    and the 'offset' field needed to support them.
    
    However, we've already moved the provided data onto the buffer by
    the time we can check for KeyUpdate messages, so defer that check
    to quic_get_message() (where it is adjacent to the preexisting
    ChangeCipherSpec check).
    
    To avoid extra memory copies, we also make the QUIC_DATA structures
    just store offsets into the consolidated buffer instead of having copies
    of the TLS handshake messages themselves.
    
    enforce consistent encryption level for handshake messages
    
    The QUIC-TLS spec requires that TLS handshake messages do not cross
    encryption level boundaries, but we were not previously enforcing this.
    tmshort authored and MylesBorins committed Dec 15, 2020
    Configuration menu
    Copy the full SHA
    95d91c8 View commit details
    Browse the repository at this point in the history
  4. deps: re-enable OPENSSL_NO_QUIC guards

    PR-URL: nodejs#34033
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
    Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
    jasnell authored and MylesBorins committed Dec 15, 2020
    Configuration menu
    Copy the full SHA
    0cae9c4 View commit details
    Browse the repository at this point in the history
  5. deps: update archs files for OpenSSL-1.1.1i

    After an OpenSSL source update, all the config files need to be
    regenerated and committed by:
      $ make -C deps/openssl/config
      $ git add deps/openssl/config/archs
      $ git add deps/openssl/openssl/include/crypto/bn_conf.h
      $ git add deps/openssl/openssl/include/crypto/dso_conf.h
      $ git add deps/openssl/openssl/include/openssl/opensslconf.h
      $ git commit
    MylesBorins committed Dec 15, 2020
    Configuration menu
    Copy the full SHA
    3f77eb7 View commit details
    Browse the repository at this point in the history