Skip to content
This repository was archived by the owner on Aug 11, 2020. It is now read-only.

deps: Add in necessary OpenSSL modifications #6

Closed
wants to merge 2 commits into from
Closed

deps: Add in necessary OpenSSL modifications #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
414becf
deps: Add interface required to implement QUIC draft-17
jasnell Feb 1, 2019
4cbaa3e
deps: Remove EOED when SSL_MODE_QUIC_HACK is enabled
jasnell Feb 1, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions deps/openssl/openssl/include/openssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,11 @@ typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
*/
# define SSL_MODE_ASYNC 0x00000100U

/*
* Support QUIC Hack
*/
# define SSL_MODE_QUIC_HACK 0x00000800U

/* Cert related flags */
/*
* Many implementations ignore some aspects of the TLS standards such as
Expand Down Expand Up @@ -621,6 +626,20 @@ void SSL_set_msg_callback(SSL *ssl,
# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))

typedef enum {
SSL_KEY_CLIENT_EARLY_TRAFFIC,
SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC,
SSL_KEY_CLIENT_APPLICATION_TRAFFIC,
SSL_KEY_SERVER_HANDSHAKE_TRAFFIC,
SSL_KEY_SERVER_APPLICATION_TRAFFIC
} OSSL_KEY_TYPE;

void SSL_set_key_callback(SSL *ssl,
int (*cb)(SSL *ssl, int name,
const unsigned char *secret,
size_t secretlen, void *arg),
void *arg);

# define SSL_get_extms_support(s) \
SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)

Expand Down
136 changes: 136 additions & 0 deletions deps/openssl/openssl/ssl/record/rec_layer_s3.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
#include <assert.h>
#include "../ssl_locl.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
Expand Down Expand Up @@ -347,6 +348,22 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
int i;
size_t tmpwrit;

if (s->mode & SSL_MODE_QUIC_HACK) {
/* If we have an alert to send, lets send it */
if (s->s3->alert_dispatch) {
i = s->method->ssl_dispatch_alert(s);
if (i <= 0) {
/* SSLfatal() already called if appropriate */
return i;
}
}

s->rwstate = SSL_WRITING;
*written = len;

return 1;
}

s->rwstate = SSL_NOTHING;
tot = s->rlayer.wnum;
/*
Expand Down Expand Up @@ -659,6 +676,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
size_t totlen = 0, len, wpinited = 0;
size_t j;

if (s->mode & SSL_MODE_QUIC_HACK) {
assert(0);
}

for (j = 0; j < numpipes; j++)
totlen += pipelens[j];
/*
Expand Down Expand Up @@ -1123,6 +1144,10 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
size_t currbuf = 0;
size_t tmpwrit = 0;

if (s->mode & SSL_MODE_QUIC_HACK) {
assert(0);
}

if ((s->rlayer.wpend_tot > len)
|| (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
&& (s->rlayer.wpend_buf != buf))
Expand Down Expand Up @@ -1226,6 +1251,117 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
}
}

if (s->mode & SSL_MODE_QUIC_HACK) {
/* In QUIC, we only expect handshake protocol. Alerts are
notified by decicated API function. */
if (!ossl_statem_get_in_handshake(s)) {
/* We found handshake data, so we're going back into init */
ossl_statem_set_in_init(s, 1);

i = s->handshake_func(s);
/* SSLfatal() already called if appropriate */
if (i < 0)
return i;
if (i == 0) {
return -1;
}
*readbytes = 0;
return 1;
}

if (s->rlayer.packet_length == 0) {
if (rbuf->left < 4) {
if (rbuf->len - rbuf->offset < 4 - rbuf->left) {
memmove(rbuf->buf, rbuf->buf + rbuf->offset - rbuf->left,
rbuf->left);
rbuf->offset = rbuf->left;
}
s->rwstate = SSL_READING;
/* TODO(size_t): Convert this function */
ret = BIO_read(s->rbio, rbuf->buf + rbuf->offset,
rbuf->len - rbuf->offset);
if (ret < 0) {
return -1;
}
/* TODO Check this is really ok */
if (ret == 0) {
*readbytes = 0;
return 1;
}

rbuf->left += ret;
rbuf->offset += ret;

if (rbuf->left < 4) {
*readbytes = 0;
return 1;
}
rbuf->offset -= rbuf->left;
}

switch (rbuf->buf[rbuf->offset]) {
case SSL3_MT_CLIENT_HELLO:
case SSL3_MT_SERVER_HELLO:
case SSL3_MT_NEWSESSION_TICKET:
case SSL3_MT_END_OF_EARLY_DATA:
case SSL3_MT_ENCRYPTED_EXTENSIONS:
case SSL3_MT_CERTIFICATE:
case SSL3_MT_CERTIFICATE_REQUEST:
case SSL3_MT_CERTIFICATE_VERIFY:
case SSL3_MT_FINISHED:
case SSL3_MT_KEY_UPDATE:
case SSL3_MT_MESSAGE_HASH:
break;
default:
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
ERR_R_INTERNAL_ERROR);
return -1;
}

s->rlayer.packet_length = (rbuf->buf[rbuf->offset + 1] << 16)
+ (rbuf->buf[rbuf->offset + 2] << 8)
+ rbuf->buf[rbuf->offset + 3] + 4;
}

if (s->rlayer.packet_length) {
size_t n;

n = len < s->rlayer.packet_length ? len : s->rlayer.packet_length;
if (rbuf->left == 0) {
s->rwstate = SSL_READING;
ret = BIO_read(s->rbio, buf, n);
if (ret >= 0) {
s->rlayer.packet_length -= ret;
*readbytes = ret;
if (recvd_type) {
*recvd_type = SSL3_RT_HANDSHAKE;
}
return 1;
}
return -1;
}

n = n < rbuf->left ? n : rbuf->left;

memcpy(buf, rbuf->buf + rbuf->offset, n);
rbuf->offset += n;
rbuf->left -= n;
s->rlayer.packet_length -= n;
if (rbuf->left == 0) {
rbuf->offset = 0;
}
*readbytes = n;
if (recvd_type) {
*recvd_type = SSL3_RT_HANDSHAKE;
}
return 1;
}

SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
ERR_R_INTERNAL_ERROR);
return -1;
}

if ((type && (type != SSL3_RT_APPLICATION_DATA)
&& (type != SSL3_RT_HANDSHAKE)) || (peek
&& (type !=
Expand Down
13 changes: 10 additions & 3 deletions deps/openssl/openssl/ssl/s3_msg.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,9 +74,16 @@ int ssl3_dispatch_alert(SSL *s)
size_t written;

s->s3->alert_dispatch = 0;
alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
&written);

if (!(s->mode & SSL_MODE_QUIC_HACK)) {
alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1,
0, &written);
} else {
s->rwstate = SSL_WRITING;
i = 1;
}

if (i <= 0) {
s->s3->alert_dispatch = 1;
} else {
Expand Down
16 changes: 16 additions & 0 deletions deps/openssl/openssl/ssl/ssl_lib.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1807,6 +1807,12 @@ int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
ret = SSL_accept(s);
if (ret <= 0) {
/* NBIO or error */
if ((s->mode & SSL_MODE_QUIC_HACK)
&& s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
*readbytes = 0;
return SSL_READ_EARLY_DATA_FINISH;
}

s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
return SSL_READ_EARLY_DATA_ERROR;
}
Expand Down Expand Up @@ -4299,6 +4305,16 @@ void SSL_set_msg_callback(SSL *ssl,
SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
}

void SSL_set_key_callback(SSL *ssl,
int (*cb)(SSL *ssl, int name,
const unsigned char *secret,
size_t secretlen, void *arg),
void *arg)
{
ssl->key_callback = cb;
ssl->key_callback_arg = arg;
}

void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
int (*cb) (SSL *ssl,
int
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/ssl/ssl_locl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1133,6 +1133,9 @@ struct ssl_st {
void (*msg_callback) (int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
void *msg_callback_arg;
int (*key_callback)(SSL *ssl, int name, const unsigned char *secret,
size_t secretlen, void *arg);
void *key_callback_arg;
int hit; /* reusing a previous session */
X509_VERIFY_PARAM *param;
/* Per connection DANE state */
Expand Down
3 changes: 2 additions & 1 deletion deps/openssl/openssl/ssl/statem/statem_clnt.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -450,7 +450,8 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
return WRITE_TRAN_CONTINUE;

case TLS_ST_PENDING_EARLY_DATA_END:
if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
if (!(s->mode & SSL_MODE_QUIC_HACK)
&& s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
return WRITE_TRAN_CONTINUE;
}
Expand Down
12 changes: 11 additions & 1 deletion deps/openssl/openssl/ssl/statem/statem_srvr.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt)
return 1;
}
break;
} else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
} else if (!(s->mode & SSL_MODE_QUIC_HACK)
&& s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
if (mt == SSL3_MT_END_OF_EARLY_DATA) {
st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
return 1;
Expand Down Expand Up @@ -935,6 +936,15 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
/* SSLfatal() already called */
return WORK_ERROR;

if ((s->mode & SSL_MODE_QUIC_HACK)
&& s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
if (!s->method->ssl3_enc->change_cipher_state(
s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ))
/* SSLfatal() already called */
return WORK_ERROR;
}
}
break;

Expand Down
50 changes: 50 additions & 0 deletions deps/openssl/openssl/ssl/tls13_enc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -625,6 +625,56 @@ int tls13_change_cipher_state(SSL *s, int which)
goto err;
}

if (s->key_callback) {
int type;
if (label == client_early_traffic) {
type = SSL_KEY_CLIENT_EARLY_TRAFFIC;
} else if (label == client_handshake_traffic) {
type = SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC;
} else if (label == client_application_traffic) {
type = SSL_KEY_CLIENT_APPLICATION_TRAFFIC;
} else if (label == server_handshake_traffic) {
type = SSL_KEY_SERVER_HANDSHAKE_TRAFFIC;
} else if (label == server_application_traffic) {
type = SSL_KEY_SERVER_APPLICATION_TRAFFIC;
} else {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
if (!s->key_callback(s, type, secret, hashlen, s->key_callback_arg)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}

if (s->server) {
switch (type) {
case SSL_KEY_CLIENT_HANDSHAKE_TRAFFIC:
case SSL_KEY_CLIENT_APPLICATION_TRAFFIC:
if (s->rlayer.rbuf.left) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
break;
}
} else {
switch (type) {
case SSL_KEY_SERVER_HANDSHAKE_TRAFFIC:
case SSL_KEY_SERVER_APPLICATION_TRAFFIC:
if (s->rlayer.rbuf.left) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
SSL_F_TLS13_CHANGE_CIPHER_STATE,
ERR_R_INTERNAL_ERROR);
goto err;
}
break;
}
}
}

if (label == server_application_traffic) {
memcpy(s->server_app_traffic_secret, secret, hashlen);
/* Now we create the exporter master secret */
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/util/libssl.num
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -498,3 +498,4 @@ SSL_CTX_get_recv_max_early_data 498 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_recv_max_early_data 499 1_1_1 EXIST::FUNCTION:
SSL_CTX_set_post_handshake_auth 500 1_1_1 EXIST::FUNCTION:
SSL_get_signature_type_nid 501 1_1_1a EXIST::FUNCTION:
SSL_set_key_callback 502 3_0_0 EXIST::FUNCTION: