Skip to content

Commit

Permalink
deps: update ngtcp2 to 1.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@nodejs-github-bot @targos
nodejs-github-bot authored and targos committed Dec 23, 2023
1 parent 674d31d commit aa87692
Show file tree
Hide file tree
Showing 68 changed files with 7,658 additions and 7,242 deletions.
9 changes: 5 additions & 4 deletions deps/ngtcp2/ngtcp2.gyp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@
'ngtcp2/lib/ngtcp2_addr.c',
'ngtcp2/lib/ngtcp2_balloc.c',
'ngtcp2/lib/ngtcp2_bbr.c',
'ngtcp2/lib/ngtcp2_bbr2.c',
'ngtcp2/lib/ngtcp2_buf.c',
'ngtcp2/lib/ngtcp2_cc.c',
'ngtcp2/lib/ngtcp2_cid.c',
'ngtcp2/lib/ngtcp2_conn.c',
'ngtcp2/lib/ngtcp2_conv.c',
'ngtcp2/lib/ngtcp2_conversion.c',
'ngtcp2/lib/ngtcp2_crypto.c',
'ngtcp2/lib/ngtcp2_err.c',
'ngtcp2/lib/ngtcp2_frame_chain.c',
'ngtcp2/lib/ngtcp2_gaptr.c',
'ngtcp2/lib/ngtcp2_idtr.c',
'ngtcp2/lib/ngtcp2_ksl.c',
Expand Down Expand Up @@ -43,8 +44,8 @@
'ngtcp2/lib/ngtcp2_window_filter.c',
'ngtcp2/crypto/shared.c'
],
'ngtcp2_sources_openssl': [
'ngtcp2/crypto/openssl/openssl.c'
'ngtcp2_sources_quictls': [
'ngtcp2/crypto/quictls/quictls.c'
],
'ngtcp2_sources_boringssl': [
'ngtcp2/crypto/boringssl/boringssl.c'
Expand Down Expand Up @@ -132,7 +133,7 @@
},
'sources': [
'<@(ngtcp2_sources)',
'<@(ngtcp2_sources_openssl)',
'<@(ngtcp2_sources_quictls)',
]
},
{
Expand Down
116 changes: 78 additions & 38 deletions deps/ngtcp2/ngtcp2/crypto/boringssl/boringssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,8 @@ ngtcp2_crypto_aead *ngtcp2_crypto_aead_retry(ngtcp2_crypto_aead *aead) {
return ngtcp2_crypto_aead_init(aead, (void *)EVP_aead_aes_128_gcm());
}

static const EVP_AEAD *crypto_ssl_get_aead(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
static const EVP_AEAD *crypto_cipher_id_get_aead(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
return EVP_aead_aes_128_gcm();
case TLS1_CK_AES_256_GCM_SHA384:
Expand All @@ -105,8 +105,8 @@ static const EVP_AEAD *crypto_ssl_get_aead(SSL *ssl) {
}
}

static uint64_t crypto_ssl_get_aead_max_encryption(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
static uint64_t crypto_cipher_id_get_aead_max_encryption(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
case TLS1_CK_AES_256_GCM_SHA384:
return NGTCP2_CRYPTO_MAX_ENCRYPTION_AES_GCM;
Expand All @@ -117,8 +117,9 @@ static uint64_t crypto_ssl_get_aead_max_encryption(SSL *ssl) {
}
}

static uint64_t crypto_ssl_get_aead_max_decryption_failure(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
static uint64_t
crypto_cipher_id_get_aead_max_decryption_failure(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
case TLS1_CK_AES_256_GCM_SHA384:
return NGTCP2_CRYPTO_MAX_DECRYPTION_FAILURE_AES_GCM;
Expand All @@ -129,8 +130,9 @@ static uint64_t crypto_ssl_get_aead_max_decryption_failure(SSL *ssl) {
}
}

static const ngtcp2_crypto_boringssl_cipher *crypto_ssl_get_hp(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
static const ngtcp2_crypto_boringssl_cipher *
crypto_cipher_id_get_hp(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
return &crypto_cipher_aes_128;
case TLS1_CK_AES_256_GCM_SHA384:
Expand All @@ -142,8 +144,8 @@ static const ngtcp2_crypto_boringssl_cipher *crypto_ssl_get_hp(SSL *ssl) {
}
}

static const EVP_MD *crypto_ssl_get_md(SSL *ssl) {
switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))) {
static const EVP_MD *crypto_cipher_id_get_md(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
case TLS1_CK_CHACHA20_POLY1305_SHA256:
return EVP_sha256();
Expand All @@ -154,15 +156,47 @@ static const EVP_MD *crypto_ssl_get_md(SSL *ssl) {
}
}

static int supported_cipher_id(uint32_t cipher_id) {
switch (cipher_id) {
case TLS1_CK_AES_128_GCM_SHA256:
case TLS1_CK_AES_256_GCM_SHA384:
case TLS1_CK_CHACHA20_POLY1305_SHA256:
return 1;
default:
return 0;
}
}

static ngtcp2_crypto_ctx *crypto_ctx_cipher_id(ngtcp2_crypto_ctx *ctx,
uint32_t cipher_id) {
ngtcp2_crypto_aead_init(&ctx->aead,
(void *)crypto_cipher_id_get_aead(cipher_id));
ctx->md.native_handle = (void *)crypto_cipher_id_get_md(cipher_id);
ctx->hp.native_handle = (void *)crypto_cipher_id_get_hp(cipher_id);
ctx->max_encryption = crypto_cipher_id_get_aead_max_encryption(cipher_id);
ctx->max_decryption_failure =
crypto_cipher_id_get_aead_max_decryption_failure(cipher_id);

return ctx;
}

ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls(ngtcp2_crypto_ctx *ctx,
void *tls_native_handle) {
SSL *ssl = tls_native_handle;
ngtcp2_crypto_aead_init(&ctx->aead, (void *)crypto_ssl_get_aead(ssl));
ctx->md.native_handle = (void *)crypto_ssl_get_md(ssl);
ctx->hp.native_handle = (void *)crypto_ssl_get_hp(ssl);
ctx->max_encryption = crypto_ssl_get_aead_max_encryption(ssl);
ctx->max_decryption_failure = crypto_ssl_get_aead_max_decryption_failure(ssl);
return ctx;
const SSL_CIPHER *cipher = SSL_get_current_cipher(ssl);
uint32_t cipher_id;

if (cipher == NULL) {
return NULL;
}

cipher_id = SSL_CIPHER_get_id(cipher);

if (!supported_cipher_id(cipher_id)) {
return NULL;
}

return crypto_ctx_cipher_id(ctx, cipher_id);
}

ngtcp2_crypto_ctx *ngtcp2_crypto_ctx_tls_early(ngtcp2_crypto_ctx *ctx,
Expand Down Expand Up @@ -394,15 +428,17 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
}
}

int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
ngtcp2_crypto_level crypto_level,
const uint8_t *data, size_t datalen) {
int ngtcp2_crypto_read_write_crypto_data(
ngtcp2_conn *conn, ngtcp2_encryption_level encryption_level,
const uint8_t *data, size_t datalen) {
SSL *ssl = ngtcp2_conn_get_tls_native_handle(conn);
int rv;
int err;

if (SSL_provide_quic_data(
ssl, ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level(crypto_level),
ssl,
ngtcp2_crypto_boringssl_from_ngtcp2_encryption_level(
encryption_level),
data, datalen) != 1) {
return -1;
}
Expand All @@ -423,7 +459,10 @@ int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,

SSL_reset_early_data_reject(ssl);

ngtcp2_conn_early_data_rejected(conn);
rv = ngtcp2_conn_tls_early_data_rejected(conn);
if (rv != 0) {
return -1;
}

goto retry;
default:
Expand All @@ -435,7 +474,7 @@ int ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
return 0;
}

ngtcp2_conn_handshake_completed(conn);
ngtcp2_conn_tls_handshake_completed(conn);
}

rv = SSL_process_quic_post_handshake(ssl);
Expand Down Expand Up @@ -464,7 +503,7 @@ int ngtcp2_crypto_set_remote_transport_params(ngtcp2_conn *conn, void *tls) {

SSL_get_peer_quic_transport_params(ssl, &tp, &tplen);

rv = ngtcp2_conn_decode_remote_transport_params(conn, tp, tplen);
rv = ngtcp2_conn_decode_and_set_remote_transport_params(conn, tp, tplen);
if (rv != 0) {
ngtcp2_conn_set_tls_error(conn, rv);
return -1;
Expand All @@ -482,33 +521,34 @@ int ngtcp2_crypto_set_local_transport_params(void *tls, const uint8_t *buf,
return 0;
}

ngtcp2_crypto_level ngtcp2_crypto_boringssl_from_ssl_encryption_level(
ngtcp2_encryption_level ngtcp2_crypto_boringssl_from_ssl_encryption_level(
enum ssl_encryption_level_t ssl_level) {
switch (ssl_level) {
case ssl_encryption_initial:
return NGTCP2_CRYPTO_LEVEL_INITIAL;
return NGTCP2_ENCRYPTION_LEVEL_INITIAL;
case ssl_encryption_early_data:
return NGTCP2_CRYPTO_LEVEL_EARLY;
return NGTCP2_ENCRYPTION_LEVEL_0RTT;
case ssl_encryption_handshake:
return NGTCP2_CRYPTO_LEVEL_HANDSHAKE;
return NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE;
case ssl_encryption_application:
return NGTCP2_CRYPTO_LEVEL_APPLICATION;
return NGTCP2_ENCRYPTION_LEVEL_1RTT;
default:
assert(0);
abort();
}
}

enum ssl_encryption_level_t ngtcp2_crypto_boringssl_from_ngtcp2_crypto_level(
ngtcp2_crypto_level crypto_level) {
switch (crypto_level) {
case NGTCP2_CRYPTO_LEVEL_INITIAL:
enum ssl_encryption_level_t
ngtcp2_crypto_boringssl_from_ngtcp2_encryption_level(
ngtcp2_encryption_level encryption_level) {
switch (encryption_level) {
case NGTCP2_ENCRYPTION_LEVEL_INITIAL:
return ssl_encryption_initial;
case NGTCP2_CRYPTO_LEVEL_HANDSHAKE:
case NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE:
return ssl_encryption_handshake;
case NGTCP2_CRYPTO_LEVEL_APPLICATION:
case NGTCP2_ENCRYPTION_LEVEL_1RTT:
return ssl_encryption_application;
case NGTCP2_CRYPTO_LEVEL_EARLY:
case NGTCP2_ENCRYPTION_LEVEL_0RTT:
return ssl_encryption_early_data;
default:
assert(0);
Expand Down Expand Up @@ -541,7 +581,7 @@ static int set_read_secret(SSL *ssl, enum ssl_encryption_level_t bssl_level,
size_t secretlen) {
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
ngtcp2_crypto_level level =
ngtcp2_encryption_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(bssl_level);
(void)cipher;

Expand All @@ -558,7 +598,7 @@ static int set_write_secret(SSL *ssl, enum ssl_encryption_level_t bssl_level,
size_t secretlen) {
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
ngtcp2_crypto_level level =
ngtcp2_encryption_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(bssl_level);
(void)cipher;

Expand All @@ -574,7 +614,7 @@ static int add_handshake_data(SSL *ssl, enum ssl_encryption_level_t bssl_level,
const uint8_t *data, size_t datalen) {
ngtcp2_crypto_conn_ref *conn_ref = SSL_get_app_data(ssl);
ngtcp2_conn *conn = conn_ref->get_conn(conn_ref);
ngtcp2_crypto_level level =
ngtcp2_encryption_level level =
ngtcp2_crypto_boringssl_from_ssl_encryption_level(bssl_level);
int rv;

Expand Down
Loading

0 comments on commit aa87692

Please sign in to comment.