Skip to content

Commit

Permalink
deps: Port BoringSSL QUIC APIs
Browse files Browse the repository at this point in the history
PR-URL: nodejs#138
Reviewed-By: Anna Henningsen <anna@addaleax.net>
  • Loading branch information
jasnell committed Feb 13, 2020
1 parent 596d0d6 commit 1268968
Show file tree
Hide file tree
Showing 26 changed files with 892 additions and 31 deletions.
2 changes: 2 additions & 0 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,7 @@ my @disablables = (
"poly1305",
"posix-io",
"psk",
"quic",
"rc2",
"rc4",
"rc5",
Expand Down Expand Up @@ -494,6 +495,7 @@ my @disable_cascades = (
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],

sub { !$disabled{"msan"} } => [ "asm" ],
"tls1_3" => [ "quic" ],
);

# Avoid protocol support holes. Also disable all versions below N, if version
Expand Down
19 changes: 19 additions & 0 deletions deps/openssl/openssl/crypto/err/openssl.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1186,6 +1186,9 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names
SSL_F_PITEM_NEW:624:pitem_new
SSL_F_PQUEUE_NEW:625:pqueue_new
SSL_F_PROCESS_KEY_SHARE_EXT:439:*
SSL_F_QUIC_CHANGE_CIPHER_STATE:651:
SSL_F_QUIC_GET_MESSAGE:640:quic_get_message
SSL_F_QUIC_SET_ENCRYPTION_SECRETS:641:quic_set_encryption_secrets
SSL_F_READ_STATE_MACHINE:352:read_state_machine
SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret
Expand All @@ -1196,7 +1199,9 @@ SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
SSL_F_SSL3_CTRL:213:ssl3_ctrl
SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
SSL_F_SSL3_DISPATCH_ALERT:642:ssl3_dispatch_alert
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
SSL_F_SSL3_DO_WRITE:643:ssl3_do_write
SSL_F_SSL3_ENC:608:ssl3_enc
SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
Expand Down Expand Up @@ -1304,6 +1309,8 @@ SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:*
SSL_F_SSL_PEEK:270:SSL_peek
SSL_F_SSL_PEEK_EX:432:SSL_peek_ex
SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal
SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE:644:SSL_process_quic_post_handshake
SSL_F_SSL_PROVIDE_QUIC_DATA:645:SSL_provide_quic_data
SSL_F_SSL_READ:223:SSL_read
SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data
SSL_F_SSL_READ_EX:434:SSL_read_ex
Expand Down Expand Up @@ -1353,6 +1360,7 @@ SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data
SSL_F_SSL_WRITE_EARLY_FINISH:527:*
SSL_F_SSL_WRITE_EX:433:SSL_write_ex
SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal
SSL_F_STATEM_FLUSH:646:statem_flush
SSL_F_STATE_MACHINE:353:state_machine
SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
Expand Down Expand Up @@ -1416,6 +1424,8 @@ SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\
tls_construct_ctos_post_handshake_auth
SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk
SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes
SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS:647:\
tls_construct_ctos_quic_transport_params
SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate
SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct
SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name
Expand Down Expand Up @@ -1457,6 +1467,8 @@ SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share
SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen
SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg
SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk
SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS:648:\
tls_construct_stoc_quic_transport_params
SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate
SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name
SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket
Expand Down Expand Up @@ -1485,6 +1497,8 @@ SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth
SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS:649:\
tls_parse_ctos_quic_transport_params
SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
Expand All @@ -1503,6 +1517,8 @@ SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS:650:\
tls_parse_stoc_quic_transport_params
SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
Expand Down Expand Up @@ -2596,6 +2612,7 @@ SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE:158:\
SSL_R_BAD_CHANGE_CIPHER_SPEC:103:bad change cipher spec
SSL_R_BAD_CIPHER:186:bad cipher
SSL_R_BAD_DATA:390:bad data
SSL_R_BAD_DATA_LENGTH:294:bad data length
SSL_R_BAD_DATA_RETURNED_BY_CALLBACK:106:bad data returned by callback
SSL_R_BAD_DECOMPRESSION:107:bad decompression
SSL_R_BAD_DH_VALUE:102:bad dh value
Expand Down Expand Up @@ -2702,6 +2719,7 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
SSL_R_INSUFFICIENT_SECURITY:241:insufficient security
SSL_R_INTERNAL_ERROR:295:internal error
SSL_R_INVALID_ALERT:205:invalid alert
SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message
SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
Expand Down Expand Up @@ -2877,6 +2895,7 @@ SSL_R_VERSION_TOO_LOW:396:version too low
SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type
SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned
SSL_R_WRONG_CURVE:378:wrong curve
SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED:296:wrong encryption level received
SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length
SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size
SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type
Expand Down
4 changes: 4 additions & 0 deletions deps/openssl/openssl/include/openssl/evp.h
Original file line number Diff line number Diff line change
Expand Up @@ -1324,6 +1324,10 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
*/
# define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4

/* Used by Chromium/QUIC */
# define X25519_PRIVATE_KEY_LEN 32
# define X25519_PUBLIC_VALUE_LEN 32

const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
Expand Down
2 changes: 2 additions & 0 deletions deps/openssl/openssl/include/openssl/ossl_typ.h
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,8 @@ typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
typedef struct ossl_store_info_st OSSL_STORE_INFO;
typedef struct ossl_store_search_st OSSL_STORE_SEARCH;

typedef struct ssl_quic_method_st SSL_QUIC_METHOD;

#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
defined(INTMAX_MAX) && defined(UINTMAX_MAX)
typedef intmax_t ossl_intmax_t;
Expand Down
42 changes: 42 additions & 0 deletions deps/openssl/openssl/include/openssl/ssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -2432,6 +2432,48 @@ void SSL_set_allow_early_data_cb(SSL *s,
SSL_allow_early_data_cb_fn cb,
void *arg);

/*
* QUIC integration - The QUIC interface matches BoringSSL
*
* ssl_encryption_level_t represents a specific QUIC encryption level used to
* transmit handshake messages. BoringSSL has this as an 'enum'.
*/
typedef enum ssl_encryption_level_t {
ssl_encryption_initial = 0,
ssl_encryption_early_data,
ssl_encryption_handshake,
ssl_encryption_application
} OSSL_ENCRYPTION_LEVEL;

struct ssl_quic_method_st {
int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
const uint8_t *read_secret,
const uint8_t *write_secret, size_t secret_len);
int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
const uint8_t *data, size_t len);
int (*flush_flight)(SSL *ssl);
int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert);
};

__owur int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method);
__owur int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method);
__owur int SSL_set_quic_transport_params(SSL *ssl,
const uint8_t *params,
size_t params_len);
void SSL_get_peer_quic_transport_params(const SSL *ssl,
const uint8_t **out_params,
size_t *out_params_len);
__owur size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level);
__owur OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl);
__owur OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl);
__owur int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level,
const uint8_t *data, size_t len);
__owur int SSL_process_quic_post_handshake(SSL *ssl);

__owur int SSL_is_quic(SSL *ssl);

int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);

# ifdef __cplusplus
}
# endif
Expand Down
15 changes: 15 additions & 0 deletions deps/openssl/openssl/include/openssl/sslerr.h
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,9 @@ int ERR_load_SSL_strings(void);
# define SSL_F_PITEM_NEW 624
# define SSL_F_PQUEUE_NEW 625
# define SSL_F_PROCESS_KEY_SHARE_EXT 439
# define SSL_F_QUIC_CHANGE_CIPHER_STATE 0
# define SSL_F_QUIC_GET_MESSAGE 0
# define SSL_F_QUIC_SET_ENCRYPTION_SECRETS 0
# define SSL_F_READ_STATE_MACHINE 352
# define SSL_F_SET_CLIENT_CIPHERSUITE 540
# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET 595
Expand All @@ -105,7 +108,9 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL3_CTRL 213
# define SSL_F_SSL3_CTX_CTRL 133
# define SSL_F_SSL3_DIGEST_CACHED_RECORDS 293
# define SSL_F_SSL3_DISPATCH_ALERT 0
# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC 292
# define SSL_F_SSL3_DO_WRITE 0
# define SSL_F_SSL3_ENC 608
# define SSL_F_SSL3_FINAL_FINISH_MAC 285
# define SSL_F_SSL3_FINISH_MAC 587
Expand Down Expand Up @@ -210,6 +215,8 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_PEEK 270
# define SSL_F_SSL_PEEK_EX 432
# define SSL_F_SSL_PEEK_INTERNAL 522
# define SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE 0
# define SSL_F_SSL_PROVIDE_QUIC_DATA 0
# define SSL_F_SSL_READ 223
# define SSL_F_SSL_READ_EARLY_DATA 529
# define SSL_F_SSL_READ_EX 434
Expand Down Expand Up @@ -259,6 +266,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_SSL_WRITE_EARLY_FINISH 527
# define SSL_F_SSL_WRITE_EX 433
# define SSL_F_SSL_WRITE_INTERNAL 524
# define SSL_F_STATEM_FLUSH 0
# define SSL_F_STATE_MACHINE 353
# define SSL_F_TLS12_CHECK_PEER_SIGALG 333
# define SSL_F_TLS12_COPY_SIGALGS 533
Expand Down Expand Up @@ -318,6 +326,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH 619
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK 501
# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES 509
# define SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS 0
# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE 473
# define SSL_F_TLS_CONSTRUCT_CTOS_SCT 474
# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME 475
Expand Down Expand Up @@ -357,6 +366,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN 548
# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG 457
# define SSL_F_TLS_CONSTRUCT_STOC_PSK 504
# define SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS 0
# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE 458
# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME 459
# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET 460
Expand All @@ -382,6 +392,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH 620
# define SSL_F_TLS_PARSE_CTOS_PSK 505
# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES 572
# define SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS 0
# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE 464
# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME 573
# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET 574
Expand All @@ -400,6 +411,7 @@ int ERR_load_SSL_strings(void);
# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN 581
# define SSL_F_TLS_PARSE_STOC_NPN 582
# define SSL_F_TLS_PARSE_STOC_PSK 502
# define SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS 0
# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE 448
# define SSL_F_TLS_PARSE_STOC_SCT 564
# define SSL_F_TLS_PARSE_STOC_SERVER_NAME 583
Expand Down Expand Up @@ -461,6 +473,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_BAD_CHANGE_CIPHER_SPEC 103
# define SSL_R_BAD_CIPHER 186
# define SSL_R_BAD_DATA 390
# define SSL_R_BAD_DATA_LENGTH 294
# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
# define SSL_R_BAD_DECOMPRESSION 107
# define SSL_R_BAD_DH_VALUE 102
Expand Down Expand Up @@ -564,6 +577,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_INCONSISTENT_EARLY_DATA_SNI 231
# define SSL_R_INCONSISTENT_EXTMS 104
# define SSL_R_INSUFFICIENT_SECURITY 241
# define SSL_R_INTERNAL_ERROR 295
# define SSL_R_INVALID_ALERT 205
# define SSL_R_INVALID_CCS_MESSAGE 260
# define SSL_R_INVALID_CERTIFICATE_OR_ALG 238
Expand Down Expand Up @@ -761,6 +775,7 @@ int ERR_load_SSL_strings(void);
# define SSL_R_WRONG_CERTIFICATE_TYPE 383
# define SSL_R_WRONG_CIPHER_RETURNED 261
# define SSL_R_WRONG_CURVE 378
# define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 296
# define SSL_R_WRONG_SIGNATURE_LENGTH 264
# define SSL_R_WRONG_SIGNATURE_SIZE 265
# define SSL_R_WRONG_SIGNATURE_TYPE 370
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/include/openssl/tls1.h
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,9 @@ extern "C" {
/* Temporary extension type */
# define TLSEXT_TYPE_renegotiate 0xff01

/* ExtensionType value from draft-ietf-quic-tls-13 */
# define TLSEXT_TYPE_quic_transport_parameters 0xffa5

# ifndef OPENSSL_NO_NEXTPROTONEG
/* This is not an IANA defined extension number */
# define TLSEXT_TYPE_next_proto_neg 13172
Expand Down
3 changes: 2 additions & 1 deletion deps/openssl/openssl/ssl/build.info
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,5 @@ SOURCE[../libssl]=\
ssl_asn1.c ssl_txt.c ssl_init.c ssl_conf.c ssl_mcnf.c \
bio_ssl.c ssl_err.c tls_srp.c t1_trce.c ssl_utst.c \
record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c \
statem/statem.c record/ssl3_record_tls13.c
statem/statem.c record/ssl3_record_tls13.c \
ssl_quic.c statem/statem_quic.c
12 changes: 10 additions & 2 deletions deps/openssl/openssl/ssl/s3_msg.c
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,16 @@ int ssl3_dispatch_alert(SSL *s)

s->s3->alert_dispatch = 0;
alertlen = 2;
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
&written);
if (SSL_IS_QUIC(s)) {
if (!s->quic_method->send_alert(s, s->quic_write_level,
s->s3->send_alert[1])) {
SSLerr(SSL_F_SSL3_DISPATCH_ALERT, SSL_R_INTERNAL_ERROR);
return 0;
}
i = 1;
} else {
i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0, &written);
}
if (i <= 0) {
s->s3->alert_dispatch = 1;
} else {
Expand Down
32 changes: 32 additions & 0 deletions deps/openssl/openssl/ssl/ssl_ciph.c
Original file line number Diff line number Diff line change
Expand Up @@ -2162,3 +2162,35 @@ int ssl_cert_is_disabled(size_t idx)
return 1;
return 0;
}

int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c)
{
switch (c->algorithm2 & (0xFF << TLS1_PRF_DGST_SHIFT)) {
default:
break;
case TLS1_PRF_SHA1_MD5: /* TLS1_PRF */
return NID_md5_sha1;
case TLS1_PRF_SHA256:
return NID_sha256;
case TLS1_PRF_SHA384:
return NID_sha384;
case TLS1_PRF_GOST94:
return NID_id_GostR3411_94_prf;
case TLS1_PRF_GOST12_256:
return NID_id_GostR3411_2012_256;
case TLS1_PRF_GOST12_512:
return NID_id_GostR3411_2012_512;
}
/* TLSv1.3 ciphers don't specify separate PRF */
switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
default:
break;
case SSL_HANDSHAKE_MAC_MD5_SHA1: /* SSL_HANDSHAKE_MAC_DEFAULT */
return NID_md5_sha1;
case SSL_HANDSHAKE_MAC_SHA256:
return NID_sha256;
case SSL_HANDSHAKE_MAC_SHA384:
return NID_sha384;
}
return NID_undef;
}
4 changes: 4 additions & 0 deletions deps/openssl/openssl/ssl/ssl_err.c
Original file line number Diff line number Diff line change
Expand Up @@ -740,6 +740,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"bad change cipher spec"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_LENGTH), "bad data length"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
"bad data returned by callback"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"},
Expand Down Expand Up @@ -905,6 +906,7 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY),
"insufficient security"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INTERNAL_ERROR), "internal error"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE),
"invalid ccs message"},
Expand Down Expand Up @@ -1248,6 +1250,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED),
"wrong cipher returned"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED),
"wrong encryption level received"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH),
"wrong signature length"},
{ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE),
Expand Down
Loading

0 comments on commit 1268968

Please sign in to comment.