Skip to content

Commit

Permalink
Revert "deps: various quic patches from akamai/openssl"
Browse files Browse the repository at this point in the history
This reverts commit 06c5b53.

PR-URL: #37067
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
  • Loading branch information
jasnell authored and targos committed Feb 2, 2021
1 parent 6756130 commit f74b376
Show file tree
Hide file tree
Showing 35 changed files with 33 additions and 1,532 deletions.
3 changes: 0 additions & 3 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -178,9 +178,6 @@

Changes between 1.1.1c and 1.1.1d [10 Sep 2019]

*) Implement BoringSSL's QUIC API
[Todd Short]

*) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
number generator (RNG). This was intended to include protection in the
event of a fork() system call in order to ensure that the parent and child
Expand Down
3 changes: 0 additions & 3 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -401,7 +401,6 @@ my @disablables = (
"poly1305",
"posix-io",
"psk",
"quic",
"rc2",
"rc4",
"rc5",
Expand Down Expand Up @@ -518,8 +517,6 @@ my @disable_cascades = (
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],

sub { !$disabled{"msan"} } => [ "asm" ],

"tls1_3" => [ "quic" ],
);

# Avoid protocol support holes. Also disable all versions below N, if version
Expand Down
3 changes: 0 additions & 3 deletions deps/openssl/openssl/INSTALL
Original file line number Diff line number Diff line change
Expand Up @@ -456,9 +456,6 @@
no-psk
Don't build support for Pre-Shared Key based ciphersuites.

no-quic
Don't build with support for QUIC.

no-rdrand
Don't use hardware RDRAND capabilities.

Expand Down
20 changes: 1 addition & 19 deletions deps/openssl/openssl/crypto/err/openssl.txt
Original file line number Diff line number Diff line change
Expand Up @@ -1183,7 +1183,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:*
SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\
ossl_statem_server_post_process_message
SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work
SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:ossl_statem_server_pre_work
SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:
SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message
SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition
SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\
Expand All @@ -1192,9 +1192,6 @@ SSL_F_PARSE_CA_NAMES:541:parse_ca_names
SSL_F_PITEM_NEW:624:pitem_new
SSL_F_PQUEUE_NEW:625:pqueue_new
SSL_F_PROCESS_KEY_SHARE_EXT:439:*
SSL_F_QUIC_CHANGE_CIPHER_STATE:639:quic_change_cipher_state
SSL_F_QUIC_GET_MESSAGE:641:quic_get_message
SSL_F_QUIC_SET_ENCRYPTION_SECRETS:642:quic_set_encryption_secrets
SSL_F_READ_STATE_MACHINE:352:read_state_machine
SSL_F_SET_CLIENT_CIPHERSUITE:540:set_client_ciphersuite
SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET:595:srp_generate_client_master_secret
Expand All @@ -1205,9 +1202,7 @@ SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM:130:ssl3_check_cert_and_algorithm
SSL_F_SSL3_CTRL:213:ssl3_ctrl
SSL_F_SSL3_CTX_CTRL:133:ssl3_ctx_ctrl
SSL_F_SSL3_DIGEST_CACHED_RECORDS:293:ssl3_digest_cached_records
SSL_F_SSL3_DISPATCH_ALERT:643:ssl3_dispatch_alert
SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC:292:ssl3_do_change_cipher_spec
SSL_F_SSL3_DO_WRITE:644:ssl3_do_write
SSL_F_SSL3_ENC:608:ssl3_enc
SSL_F_SSL3_FINAL_FINISH_MAC:285:ssl3_final_finish_mac
SSL_F_SSL3_FINISH_MAC:587:ssl3_finish_mac
Expand Down Expand Up @@ -1315,8 +1310,6 @@ SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT:311:*
SSL_F_SSL_PEEK:270:SSL_peek
SSL_F_SSL_PEEK_EX:432:SSL_peek_ex
SSL_F_SSL_PEEK_INTERNAL:522:ssl_peek_internal
SSL_F_SSL_PROCESS_QUIC_POST_HANDSHAKE:645:SSL_process_quic_post_handshake
SSL_F_SSL_PROVIDE_QUIC_DATA:646:SSL_provide_quic_data
SSL_F_SSL_READ:223:SSL_read
SSL_F_SSL_READ_EARLY_DATA:529:SSL_read_early_data
SSL_F_SSL_READ_EX:434:SSL_read_ex
Expand Down Expand Up @@ -1366,7 +1359,6 @@ SSL_F_SSL_WRITE_EARLY_DATA:526:SSL_write_early_data
SSL_F_SSL_WRITE_EARLY_FINISH:527:*
SSL_F_SSL_WRITE_EX:433:SSL_write_ex
SSL_F_SSL_WRITE_INTERNAL:524:ssl_write_internal
SSL_F_STATEM_FLUSH:647:statem_flush
SSL_F_STATE_MACHINE:353:state_machine
SSL_F_TLS12_CHECK_PEER_SIGALG:333:tls12_check_peer_sigalg
SSL_F_TLS12_COPY_SIGALGS:533:tls12_copy_sigalgs
Expand Down Expand Up @@ -1430,8 +1422,6 @@ SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH:619:\
tls_construct_ctos_post_handshake_auth
SSL_F_TLS_CONSTRUCT_CTOS_PSK:501:tls_construct_ctos_psk
SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES:509:tls_construct_ctos_psk_kex_modes
SSL_F_TLS_CONSTRUCT_CTOS_QUIC_TRANSPORT_PARAMS:648:\
tls_construct_ctos_quic_transport_params
SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE:473:tls_construct_ctos_renegotiate
SSL_F_TLS_CONSTRUCT_CTOS_SCT:474:tls_construct_ctos_sct
SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME:475:tls_construct_ctos_server_name
Expand Down Expand Up @@ -1473,8 +1463,6 @@ SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE:456:tls_construct_stoc_key_share
SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN:548:tls_construct_stoc_maxfragmentlen
SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG:457:tls_construct_stoc_next_proto_neg
SSL_F_TLS_CONSTRUCT_STOC_PSK:504:tls_construct_stoc_psk
SSL_F_TLS_CONSTRUCT_STOC_QUIC_TRANSPORT_PARAMS:649:\
tls_construct_stoc_quic_transport_params
SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE:458:tls_construct_stoc_renegotiate
SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME:459:tls_construct_stoc_server_name
SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET:460:tls_construct_stoc_session_ticket
Expand Down Expand Up @@ -1503,8 +1491,6 @@ SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN:571:tls_parse_ctos_maxfragmentlen
SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH:620:tls_parse_ctos_post_handshake_auth
SSL_F_TLS_PARSE_CTOS_PSK:505:tls_parse_ctos_psk
SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES:572:tls_parse_ctos_psk_kex_modes
SSL_F_TLS_PARSE_CTOS_QUIC_TRANSPORT_PARAMS:650:\
tls_parse_ctos_quic_transport_params
SSL_F_TLS_PARSE_CTOS_RENEGOTIATE:464:tls_parse_ctos_renegotiate
SSL_F_TLS_PARSE_CTOS_SERVER_NAME:573:tls_parse_ctos_server_name
SSL_F_TLS_PARSE_CTOS_SESSION_TICKET:574:tls_parse_ctos_session_ticket
Expand All @@ -1523,8 +1509,6 @@ SSL_F_TLS_PARSE_STOC_KEY_SHARE:445:tls_parse_stoc_key_share
SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN:581:tls_parse_stoc_maxfragmentlen
SSL_F_TLS_PARSE_STOC_NPN:582:tls_parse_stoc_npn
SSL_F_TLS_PARSE_STOC_PSK:502:tls_parse_stoc_psk
SSL_F_TLS_PARSE_STOC_QUIC_TRANSPORT_PARAMS:651:\
tls_parse_stoc_quic_transport_params
SSL_F_TLS_PARSE_STOC_RENEGOTIATE:448:tls_parse_stoc_renegotiate
SSL_F_TLS_PARSE_STOC_SCT:564:tls_parse_stoc_sct
SSL_F_TLS_PARSE_STOC_SERVER_NAME:583:tls_parse_stoc_server_name
Expand Down Expand Up @@ -2729,7 +2713,6 @@ SSL_R_INCONSISTENT_EARLY_DATA_ALPN:222:inconsistent early data alpn
SSL_R_INCONSISTENT_EARLY_DATA_SNI:231:inconsistent early data sni
SSL_R_INCONSISTENT_EXTMS:104:inconsistent extms
SSL_R_INSUFFICIENT_SECURITY:241:insufficient security
SSL_R_INTERNAL_ERROR:295:internal error
SSL_R_INVALID_ALERT:205:invalid alert
SSL_R_INVALID_CCS_MESSAGE:260:invalid ccs message
SSL_R_INVALID_CERTIFICATE_OR_ALG:238:invalid certificate or alg
Expand Down Expand Up @@ -2905,7 +2888,6 @@ SSL_R_VERSION_TOO_LOW:396:version too low
SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type
SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned
SSL_R_WRONG_CURVE:378:wrong curve
SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED:296:wrong encryption level received
SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length
SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size
SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type
Expand Down
7 changes: 2 additions & 5 deletions deps/openssl/openssl/crypto/kdf/hkdf.c
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
#include "internal/cryptlib.h"
#include "crypto/evp.h"

#define HKDF_MAXBUF 2048
#define HKDF_MAXBUF 1024

static unsigned char *HKDF(const EVP_MD *evp_md,
const unsigned char *salt, size_t salt_len,
Expand Down Expand Up @@ -107,10 +107,7 @@ static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
if (kctx->key != NULL)
OPENSSL_clear_free(kctx->key, kctx->key_len);

if (p1 == 0)
kctx->key = OPENSSL_zalloc(1);
else
kctx->key = OPENSSL_memdup(p2, p1);
kctx->key = OPENSSL_memdup(p2, p1);
if (kctx->key == NULL)
return 0;

Expand Down
13 changes: 0 additions & 13 deletions deps/openssl/openssl/doc/man3/SSL_CIPHER_get_name.pod
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ SSL_CIPHER_get_digest_nid,
SSL_CIPHER_get_handshake_digest,
SSL_CIPHER_get_kx_nid,
SSL_CIPHER_get_auth_nid,
SSL_CIPHER_get_prf_nid,
SSL_CIPHER_is_aead,
SSL_CIPHER_find,
SSL_CIPHER_get_id,
Expand All @@ -35,7 +34,6 @@ SSL_CIPHER_get_protocol_id
const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c);
int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
Expand Down Expand Up @@ -93,15 +91,6 @@ TLS 1.3 cipher suites) B<NID_auth_any> is returned. Examples (not comprehensive)
NID_auth_ecdsa
NID_auth_psk

SSL_CIPHER_get_prf_nid() retuns the pseudo-random function NID for B<c>. If B<c> is
a pre-TLS-1.2 cipher, it returns B<NID_md5_sha1> but note these ciphers use
SHA-256 in TLS 1.2. Other return values may be treated uniformly in all
applicable versions. Examples (not comprehensive):

NID_md5_sha1
NID_sha256
NID_sha384

SSL_CIPHER_is_aead() returns 1 if the cipher B<c> is AEAD (e.g. GCM or
ChaCha20/Poly1305), and 0 if it is not AEAD.

Expand Down Expand Up @@ -212,8 +201,6 @@ required to enable this function.

The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.

The SSL_CIPHER_get_prf_nid() function was added in OpenSSL 3.0.0.

=head1 COPYRIGHT

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Expand Down
Loading

0 comments on commit f74b376

Please sign in to comment.