-
Notifications
You must be signed in to change notification settings - Fork 29.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
deps: switch openssl to quictls/openssl
As of quictls/openssl@0c70d48 Source: https://github.com/quictls/openssl/tree/OpenSSL_1_1_1j+quic Signed-off-by: James M Snell <jasnell@gmail.com> PR-URL: #37601 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Jiawen Geng <technicalcute@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com>
- Loading branch information
1 parent
ede34aa
commit 6d77b61
Showing
45 changed files
with
2,207 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
openssl/fuzz/corpora |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
114 changes: 114 additions & 0 deletions
114
deps/openssl/openssl/Configurations/90-team.norelease.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
## -*- mode: perl; -*- | ||
## Build configuration targets for openssl-team members | ||
|
||
my %targets = ( | ||
"purify" => { | ||
inherit_from => [ 'BASE_unix' ], | ||
cc => "purify gcc", | ||
CFLAGS => "-g -Wall", | ||
thread_scheme => "(unknown)", | ||
ex_libs => add(" ","-lsocket -lnsl"), | ||
}, | ||
"debug" => { | ||
inherit_from => [ 'BASE_unix' ], | ||
cc => "gcc", | ||
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror", | ||
thread_scheme => "(unknown)", | ||
}, | ||
"debug-erbridge" => { | ||
inherit_from => [ 'BASE_unix', "x86_64_asm" ], | ||
cc => "gcc", | ||
cflags => combine(join(' ', @gcc_devteam_warn), | ||
"-DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g", | ||
threads("-D_REENTRANT")), | ||
ex_libs => add(" ","-ldl"), | ||
bn_ops => "SIXTY_FOUR_BIT_LONG", | ||
thread_scheme => "pthreads", | ||
perlasm_scheme => "elf", | ||
dso_scheme => "dlfcn", | ||
shared_target => "linux-shared", | ||
shared_cflag => "-fPIC", | ||
shared_ldflag => "-m64", | ||
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | ||
multilib => "64", | ||
}, | ||
"debug-linux-pentium" => { | ||
inherit_from => [ 'BASE_unix', "x86_elf_asm" ], | ||
cc => "gcc", | ||
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall", | ||
threads("-D_REENTRANT")), | ||
ex_libs => add(" ","-ldl"), | ||
bn_ops => "BN_LLONG", | ||
thread_scheme => "pthreads", | ||
dso_scheme => "dlfcn", | ||
}, | ||
"debug-linux-ppro" => { | ||
inherit_from => [ 'BASE_unix', "x86_elf_asm" ], | ||
cc => "gcc", | ||
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall", | ||
threads("-D_REENTRANT")), | ||
ex_libs => add(" ","-ldl"), | ||
bn_ops => "BN_LLONG", | ||
thread_scheme => "pthreads", | ||
dso_scheme => "dlfcn", | ||
}, | ||
"debug-linux-ia32-aes" => { | ||
inherit_from => [ 'BASE_unix' ], | ||
cc => "gcc", | ||
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", | ||
threads("-D_REENTRANT")), | ||
ex_libs => add(" ","-ldl"), | ||
bn_ops => "BN_LLONG", | ||
cpuid_asm_src => "x86cpuid.s", | ||
bn_asm_src => "bn-586.s co-586.s x86-mont.s", | ||
des_asm_src => "des-586.s crypt586.s", | ||
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s", | ||
bf_asm_src => "bf-586.s", | ||
md5_asm_src => "md5-586.s", | ||
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s", | ||
cast_asm_src => "cast-586.s", | ||
rc4_asm_src => "rc4-586.s", | ||
rmd160_asm_src => "rmd-586.s", | ||
rc5_asm_src => "rc5-586.s", | ||
wp_asm_src => "wp_block.s wp-mmx.s", | ||
modes_asm_src => "ghash-x86.s", | ||
padlock_asm_src => "e_padlock-x86.s", | ||
thread_scheme => "pthreads", | ||
perlasm_scheme => "elf", | ||
dso_scheme => "dlfcn", | ||
shared_target => "linux-shared", | ||
shared_cflag => "-fPIC", | ||
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | ||
}, | ||
"debug-test-64-clang" => { | ||
inherit_from => [ 'BASE_unix', "x86_64_asm" ], | ||
cc => "clang", | ||
cflags => combine(join(' ', @gcc_devteam_warn), | ||
"-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe", | ||
threads("${BSDthreads}")), | ||
bn_ops => "SIXTY_FOUR_BIT_LONG", | ||
thread_scheme => "pthreads", | ||
perlasm_scheme => "elf", | ||
dso_scheme => "dlfcn", | ||
shared_target => "bsd-gcc-shared", | ||
shared_cflag => "-fPIC", | ||
shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)", | ||
}, | ||
"darwin64-debug-test-64-clang" => { | ||
inherit_from => [ 'BASE_unix', "x86_64_asm" ], | ||
cc => "clang", | ||
cflags => combine("-arch x86_64 -DL_ENDIAN", | ||
join(' ', @gcc_devteam_warn), | ||
"-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe", | ||
threads("${BSDthreads}")), | ||
sys_id => "MACOSX", | ||
bn_ops => "SIXTY_FOUR_BIT_LONG", | ||
thread_scheme => "pthreads", | ||
perlasm_scheme => "macosx", | ||
dso_scheme => "dlfcn", | ||
shared_target => "darwin-shared", | ||
shared_cflag => "-fPIC -fno-common", | ||
shared_ldflag => "-arch x86_64 -dynamiclib", | ||
shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib", | ||
}, | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
|
||
OpenSSL 1.1.1j 16 Feb 2021 | ||
|
||
Copyright (c) 1998-2020 The OpenSSL Project | ||
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | ||
All rights reserved. | ||
|
||
DESCRIPTION | ||
----------- | ||
|
||
The OpenSSL Project is a collaborative effort to develop a robust, | ||
commercial-grade, fully featured, and Open Source toolkit implementing the | ||
Transport Layer Security (TLS) protocols (including SSLv3) as well as a | ||
full-strength general purpose cryptographic library. | ||
|
||
OpenSSL is descended from the SSLeay library developed by Eric A. Young | ||
and Tim J. Hudson. The OpenSSL toolkit is licensed under a dual-license (the | ||
OpenSSL license plus the SSLeay license), which means that you are free to | ||
get and use it for commercial and non-commercial purposes as long as you | ||
fulfill the conditions of both licenses. | ||
|
||
OVERVIEW | ||
-------- | ||
|
||
The OpenSSL toolkit includes: | ||
|
||
libssl (with platform specific naming): | ||
Provides the client and server-side implementations for SSLv3 and TLS. | ||
|
||
libcrypto (with platform specific naming): | ||
Provides general cryptographic and X.509 support needed by SSL/TLS but | ||
not logically part of it. | ||
|
||
openssl: | ||
A command line tool that can be used for: | ||
Creation of key parameters | ||
Creation of X.509 certificates, CSRs and CRLs | ||
Calculation of message digests | ||
Encryption and decryption | ||
SSL/TLS client and server tests | ||
Handling of S/MIME signed or encrypted mail | ||
And more... | ||
|
||
INSTALLATION | ||
------------ | ||
|
||
See the appropriate file: | ||
INSTALL Linux, Unix, Windows, OpenVMS, ... | ||
NOTES.* INSTALL addendums for different platforms | ||
|
||
SUPPORT | ||
------- | ||
|
||
See the OpenSSL website www.openssl.org for details on how to obtain | ||
commercial technical support. Free community support is available through the | ||
openssl-users email list (see | ||
https://www.openssl.org/community/mailinglists.html for further details). | ||
|
||
If you have any problems with OpenSSL then please take the following steps | ||
first: | ||
|
||
- Download the latest version from the repository | ||
to see if the problem has already been addressed | ||
- Configure with no-asm | ||
- Remove compiler optimization flags | ||
|
||
If you wish to report a bug then please include the following information | ||
and create an issue on GitHub: | ||
|
||
- OpenSSL version: output of 'openssl version -a' | ||
- Configuration data: output of 'perl configdata.pm --dump' | ||
- OS Name, Version, Hardware platform | ||
- Compiler Details (name, version) | ||
- Application Details (name, version) | ||
- Problem Description (steps that will reproduce the problem, if known) | ||
- Stack Traceback (if the application dumps core) | ||
|
||
Just because something doesn't work the way you expect does not mean it | ||
is necessarily a bug in OpenSSL. Use the openssl-users email list for this type | ||
of query. | ||
|
||
HOW TO CONTRIBUTE TO OpenSSL | ||
---------------------------- | ||
|
||
See CONTRIBUTING | ||
|
||
LEGALITIES | ||
---------- | ||
|
||
A number of nations restrict the use or export of cryptography. If you | ||
are potentially subject to such restrictions you should seek competent | ||
professional legal advice before attempting to develop or distribute | ||
cryptographic code. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
What This Is | ||
============ | ||
|
||
This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition to the | ||
website, the official source distribution is at https://github.com/openssl/openssl. | ||
The OpenSSL `README` can be found at [README-OpenSSL.md](README-OpenSSL.md). | ||
|
||
This fork adds API that can be used by QUIC implementations for connection | ||
handshakes. Quoting the IETF Working group | ||
[charter](https://datatracker.ietf.org/wg/quic/about/), QUIC is a "UDP-based, | ||
stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you | ||
should use the official OpenSSL distributions. | ||
|
||
This API's here are used by Microsoft's | ||
[MsQuic](https://github.com/microsoft/msquic) and Google's | ||
[Chromium QUIC](https://chromium.googlesource.com/chromium/src/+/master/net/quic/) | ||
|
||
We are not in competition with OpenSSL project. We informed them of | ||
our plans to fork the code before we went public. We do not speak for the | ||
OpenSSL project, and can only point to a | ||
[blog post](https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/) that | ||
provides their view of QUIC support. | ||
|
||
As stated in their blog post, the OpenSSL team is focused on their 3.0 release | ||
which is still in alpha, and does not intend to add QUIC functionality to 1.1.x. | ||
There is a community need for a QUIC capable TLS library. This fork is intended | ||
as stopgap solution to enable higher level frameworks and runtimes to use QUIC | ||
with the proven and reliable TLS functionality from OpenSSL. This fork will be | ||
maintained until OpenSSL officially provides reasonable support for QUIC | ||
implementations. | ||
|
||
This fork can be considered a supported version of | ||
[OpenSSL PR 8797](https://github.com/openssl/openssl/pull/8797). | ||
We will endeavor to track OpenSSL releases within a day or so, and there is an | ||
item below about how we'll follow their tagging. | ||
|
||
On to the questions and answers. | ||
|
||
What about branches? | ||
-------------------- | ||
We don't want to conflict with OpenSSL branch names. Our current plan is to append | ||
`+quic`. Release tags are likely to be the QUIC branch with `-releaseX` appended. | ||
For example, the OpenSSL tag `openssl-3.0.0-alpha12` would have a branch named | ||
`openssl-3.0.0-alpha12+quic` and a release tag of `openssl-3.0.0-alpha12+quic-release1` | ||
|
||
How are you keeping current with OpenSSL? | ||
----------------------------------------- | ||
(In other words, "What about rebasing?") | ||
|
||
Our plan it to always rebase on top of an upstream release tag. In particular: | ||
- The changes for QUIC will always be at the tip of the branch -- you will know what | ||
is from the original OpenSSL and what is for QUIC. | ||
- New versions are quickly created once upstream creates a new tag. | ||
- The use of git commands (such as "cherry") can be used to ensure that all changes | ||
have moved forward with minimal or no changes. You will be able to see "QUIC: Add X" | ||
on all branches and the commit itself will be nearly identical on all branches, and | ||
any changes to that can be easily identified. | ||
|
||
What about library names? | ||
------------------------- | ||
Library names will be the same, but will use a different version number. The version | ||
numbers for the current OpenSSL libraries are `1.1` (for the 1.1.0 and 1.1.1 branches) | ||
and `3` (for the to-be-3.0 branch). We will be prefixing 81 (ASCII for 'Q') to | ||
the version numbers to generate a unique version number. | ||
|
||
``` | ||
libcrypto.so.81.3 libcrypto.so.81.1.1 libcrypto.so.1.1 libcrypto.so.3 | ||
libssl.so.81.3 libssl.so.81.1.1 libsslo.so.1.1 libssl.so.3 | ||
``` | ||
The SONAME of these libraries are all different, guaranteeing the correct library | ||
will be used. | ||
|
||
...and the executable? | ||
---------------------- | ||
We currently do not have any plans to change the name, mainly because we | ||
haven't made any changes there. If you see a need, please open an issue. | ||
|
||
The `openssl version` command will report that it is `+quic` enabled. | ||
|
||
...and FIPS? | ||
------------ | ||
We are not doing anything with FIPS. This is actually good news: you should | ||
be able to load the OpenSSL 3.0 FIPS module into an application built against | ||
this fork and everything should Just Work™. | ||
|
||
How can I contribute? | ||
--------------------- | ||
We want any code here to be acceptable to OpenSSL. This means that all contributors | ||
must have signed the appropriate | ||
[contributor license agreements](https://www.openssl.org/policies/cla.html). We | ||
will not ask for copies of any paperwork, you just need to tell us that you've | ||
done so (and we might verify with OpenSSL). We are only interested in making it | ||
easier and better for at least the mentioned QUIC implementations to use a variant | ||
of OpenSSL. If you have a pull request that changes the TLS protocol, or adds | ||
assembly support for a new CPU, or otherwise is not specific to enabling QUIC, | ||
please contribute that to OpenSSL. This fork is intended to be a clean extension | ||
to OpenSSL, with the deltas being specific to QUIC. | ||
|
||
Who are you? | ||
------------ | ||
This is a collaborative effort between [Akamai](https://www.akamai.com) and | ||
[Microsoft](https://www.microsoft.com). We welcome anyone to contribute! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.