-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: master QUIC support #8797
WIP: master QUIC support #8797
Commits on Jan 12, 2021
-
Add support for BoringSSL QUIC APIs
This adds a compatible API for BoringSSL's QUIC support, based on the current |draft-ietf-quic-tls|. Based on BoringSSL commit 3c034b2cf386b3131f75520705491871a2e0cafe Based on BoringSSL commit c8e0f90f83b9ec38ea833deb86b5a41360b62b6a Based on BoringSSL commit 3cbb0299a28a8bd0136257251a78b91a96c5eec8 Based on BoringSSL commit cc9d935256539af2d3b7f831abf57c0d685ffd81 Based on BoringSSL commit e6eef1ca16a022e476bbaedffef044597cfc8f4b Based on BoringSSL commit 6f733791148cf8a076bf0e95498235aadbe5926d Based on BoringSSL commit 384d0eaf1930af1ebc47eda751f0c78dfcba1c03 Based on BoringSSL commit a0373182eb5cc7b81d49f434596b473c7801c942 Based on BoringSSL commit b1b76aee3cb43ce11889403c5334283d951ebd37
Configuration menu - View commit details
-
Copy full SHA for f5d0a9c - Browse repository at this point
Copy the full SHA f5d0a9cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 3432dcc - Browse repository at this point
Copy the full SHA 3432dccView commit details -
Configuration menu - View commit details
-
Copy full SHA for ea00895 - Browse repository at this point
Copy the full SHA ea00895View commit details -
Configuration menu - View commit details
-
Copy full SHA for a76e5ba - Browse repository at this point
Copy the full SHA a76e5baView commit details -
Configuration menu - View commit details
-
Copy full SHA for d2b7f45 - Browse repository at this point
Copy the full SHA d2b7f45View commit details -
Configuration menu - View commit details
-
Copy full SHA for df08303 - Browse repository at this point
Copy the full SHA df08303View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0f4b66d - Browse repository at this point
Copy the full SHA 0f4b66dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0ba4eaa - Browse repository at this point
Copy the full SHA 0ba4eaaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 320f4bc - Browse repository at this point
Copy the full SHA 320f4bcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 8f0a2e6 - Browse repository at this point
Copy the full SHA 8f0a2e6View commit details -
Configuration menu - View commit details
-
Copy full SHA for c8290eb - Browse repository at this point
Copy the full SHA c8290ebView commit details -
Configuration menu - View commit details
-
Copy full SHA for b05295e - Browse repository at this point
Copy the full SHA b05295eView commit details -
Configuration menu - View commit details
-
Copy full SHA for aff5fbc - Browse repository at this point
Copy the full SHA aff5fbcView commit details -
Configuration menu - View commit details
-
Copy full SHA for cb01453 - Browse repository at this point
Copy the full SHA cb01453View commit details -
Configuration menu - View commit details
-
Copy full SHA for 00cf3ff - Browse repository at this point
Copy the full SHA 00cf3ffView commit details -
Configuration menu - View commit details
-
Copy full SHA for 9e7c41c - Browse repository at this point
Copy the full SHA 9e7c41cView commit details -
Move QUIC code out of tls13_change_cipher_state()
Create quic_change_cipher_state() that does the minimal required to generate the QUIC secrets. (e.g. encryption contexts are not initialized).
Configuration menu - View commit details
-
Copy full SHA for b98c9fc - Browse repository at this point
Copy the full SHA b98c9fcView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4ff8254 - Browse repository at this point
Copy the full SHA 4ff8254View commit details -
Configuration menu - View commit details
-
Copy full SHA for cdcc973 - Browse repository at this point
Copy the full SHA cdcc973View commit details -
Configuration menu - View commit details
-
Copy full SHA for 809ae19 - Browse repository at this point
Copy the full SHA 809ae19View commit details -
Configuration menu - View commit details
-
Copy full SHA for 2f22820 - Browse repository at this point
Copy the full SHA 2f22820View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3a4a7a8 - Browse repository at this point
Copy the full SHA 3a4a7a8View commit details -
Configuration menu - View commit details
-
Copy full SHA for 44575d9 - Browse repository at this point
Copy the full SHA 44575d9View commit details -
Some cleanup for the main QUIC changes
Try to reduce unneeded whitespace changes and wrap new code to 80 columns. Reword documentation to attempt to improve clarity. Add some more sanity checks and clarifying comments to the code. Update referenced I-D versions.
Configuration menu - View commit details
-
Copy full SHA for c44fbbf - Browse repository at this point
Copy the full SHA c44fbbfView commit details -
QUIC does not use the TLS KeyUpdate message/mechanism, and indeed it is an error to generate or receive such a message. Add the necessary checks (noting that the check for receipt should be redundant since SSL_provide_quic_data() is the only way to provide input to the TLS layer for a QUIC connection).
Configuration menu - View commit details
-
Copy full SHA for dc6a2e1 - Browse repository at this point
Copy the full SHA dc6a2e1View commit details -
For now, just test that we don't generate any, since we don't really expose the mechanics for encrypting one and the QUIC API is not integrated into the TLSProxy setup.
Configuration menu - View commit details
-
Copy full SHA for 0b88010 - Browse repository at this point
Copy the full SHA 0b88010View commit details -
Fix out-of-bounds read when TLS msg is split up into multiple chunks
Previously, SSL_provide_quic_data tried to handle this kind of situation, but it failed when the length of input data is less than SSL3_HM_HEADER_LENGTH. If that happens, the code might get wrong message length by reading value from out-of-bounds region.
Configuration menu - View commit details
-
Copy full SHA for 187e7ec - Browse repository at this point
Copy the full SHA 187e7ecView commit details -
Revert "Fix out-of-bounds read when TLS msg is split up into multiple…
… chunks" This reverts commit d7ddc33b323540ae2bb21327ba44f10881e6a9ce.
Configuration menu - View commit details
-
Copy full SHA for e168f71 - Browse repository at this point
Copy the full SHA e168f71View commit details -
Make all data supplied via SSL_provide_quic_data() pass through an internal buffer, so that we can handle data supplied with arbitrary framing and only parse complete TLS records onto the list of QUIC_DATA managed by quic_input_data_head/quic_input_data_tail. This lets us remove the concept of "incomplete" QUIC_DATA structures, and the 'offset' field needed to support them. However, we've already moved the provided data onto the buffer by the time we can check for KeyUpdate messages, so defer that check to quic_get_message() (where it is adjacent to the preexisting ChangeCipherSpec check). To avoid extra memory copies, we also make the QUIC_DATA structures just store offsets into the consolidated buffer instead of having copies of the TLS handshake messages themselves.
Configuration menu - View commit details
-
Copy full SHA for 52873c6 - Browse repository at this point
Copy the full SHA 52873c6View commit details -
Enforce consistent encryption level for handshake messages
The QUIC-TLS spec requires that TLS handshake messages do not cross encryption level boundaries, but we were not previously enforcing this.
Configuration menu - View commit details
-
Copy full SHA for 714b289 - Browse repository at this point
Copy the full SHA 714b289View commit details -
Configuration menu - View commit details
-
Copy full SHA for 3d026f4 - Browse repository at this point
Copy the full SHA 3d026f4View commit details -
Configuration menu - View commit details
-
Copy full SHA for d60a8fb - Browse repository at this point
Copy the full SHA d60a8fbView commit details