Skip to content

Commit 15530a7

Browse files
nodejs-github-botaduh95
nodejs-github-bot
authored and
aduh95
committed
deps: update ngtcp2 to 1.22.0
PR-URL: #62595 Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
1 parent 9b29be6 commit 15530a7

114 files changed

Lines changed: 5216 additions & 4339 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

deps/ngtcp2/ngtcp2/crypto/boringssl/boringssl.c

Lines changed: 27 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -402,7 +402,7 @@ int ngtcp2_crypto_decrypt(uint8_t *dest, const ngtcp2_crypto_aead *aead,
402402
int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
403403
const ngtcp2_crypto_cipher_ctx *hp_ctx,
404404
const uint8_t *sample) {
405-
static const uint8_t PLAINTEXT[] = "\x00\x00\x00\x00\x00";
405+
static const uint8_t PLAINTEXT[16] = {0};
406406
ngtcp2_crypto_boringssl_cipher_ctx *ctx = hp_ctx->native_handle;
407407
uint32_t counter;
408408

@@ -420,7 +420,7 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
420420
#else /* !defined(WORDS_BIGENDIAN) */
421421
memcpy(&counter, sample, sizeof(counter));
422422
#endif /* !defined(WORDS_BIGENDIAN) */
423-
CRYPTO_chacha_20(dest, PLAINTEXT, ngtcp2_strlen_lit(PLAINTEXT), ctx->key,
423+
CRYPTO_chacha_20(dest, PLAINTEXT, sizeof(PLAINTEXT), ctx->key,
424424
sample + sizeof(counter), counter);
425425
return 0;
426426
default:
@@ -436,7 +436,8 @@ int ngtcp2_crypto_read_write_crypto_data(
436436
int rv;
437437
int err;
438438

439-
if (SSL_provide_quic_data(
439+
if (datalen &&
440+
SSL_provide_quic_data(
440441
ssl,
441442
ngtcp2_crypto_boringssl_from_ngtcp2_encryption_level(encryption_level),
442443
data, datalen) != 1) {
@@ -465,6 +466,16 @@ int ngtcp2_crypto_read_write_crypto_data(
465466
}
466467

467468
goto retry;
469+
case SSL_ERROR_WANT_X509_LOOKUP:
470+
case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
471+
case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
472+
/* It might be better to return this error, but ngtcp2 does
473+
not need to know whether handshake has been interrupted or
474+
not. We expect that necessary plumbing should be done by
475+
application when handshake is interrupted (e.g., via
476+
SSL_PRIVATE_KEY_METHOD). If it does not work, we will
477+
reconsider this. */
478+
return 0;
468479
default:
469480
return -1;
470481
}
@@ -568,6 +579,19 @@ int ngtcp2_crypto_get_path_challenge_data_cb(ngtcp2_conn *conn, uint8_t *data,
568579
return 0;
569580
}
570581

582+
int ngtcp2_crypto_get_path_challenge_data2_cb(ngtcp2_conn *conn,
583+
ngtcp2_path_challenge_data *data,
584+
void *user_data) {
585+
(void)conn;
586+
(void)user_data;
587+
588+
if (RAND_bytes(data->data, NGTCP2_PATH_CHALLENGE_DATALEN) != 1) {
589+
return NGTCP2_ERR_CALLBACK_FAILURE;
590+
}
591+
592+
return 0;
593+
}
594+
571595
int ngtcp2_crypto_random(uint8_t *data, size_t datalen) {
572596
if (RAND_bytes(data, datalen) != 1) {
573597
return -1;

deps/ngtcp2/ngtcp2/crypto/includes/ngtcp2/ngtcp2_crypto.h

Lines changed: 39 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -524,11 +524,14 @@ NGTCP2_EXTERN int ngtcp2_crypto_recv_client_initial_cb(ngtcp2_conn *conn,
524524
* completes. It is allowed to call this function with |datalen| ==
525525
* 0. In this case, no additional read operation is done.
526526
*
527+
* This function is implemented per TLS backend. See
528+
* :ref:`tls-integration` for more details.
529+
*
527530
* This function returns 0 if it succeeds, or a negative error code.
528531
* The generic error code is -1 if a specific error code is not
529532
* suitable. The error codes less than -10000 are specific to
530-
* underlying TLS implementation. For quictls, the error codes are
531-
* defined in *ngtcp2_crypto_quictls.h*.
533+
* underlying TLS implementation. Refer to the implementation
534+
* specific header files for error codes.
532535
*/
533536
NGTCP2_EXTERN int
534537
ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
@@ -542,11 +545,22 @@ ngtcp2_crypto_read_write_crypto_data(ngtcp2_conn *conn,
542545
* `ngtcp2_crypto_read_write_crypto_data`. It can be directly passed
543546
* to :member:`ngtcp2_callbacks.recv_crypto_data` field.
544547
*
548+
* For quictls and OpenSSL, the following error codes are treated as
549+
* success:
550+
*
551+
* - -10001 (e.g., :macro:`NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_X509_LOOKUP`)
552+
* - -10002 (e.g., :macro:`NGTCP2_CRYPTO_QUICTLS_ERR_TLS_WANT_CLIENT_HELLO_CB`)
553+
*
554+
* To continue the interrupted handshake, call
555+
* `ngtcp2_conn_continue_handshake`.
556+
*
557+
* See :ref:`tls-integration` for more details.
558+
*
545559
* If this function is used, the TLS implementation specific error
546560
* codes described in `ngtcp2_crypto_read_write_crypto_data` are
547-
* treated as if it returns -1. Do not use this function if an
548-
* application wishes to use the TLS implementation specific error
549-
* codes.
561+
* treated as if it returns -1 except for those that are listed above.
562+
* Do not use this function if an application wishes to use the TLS
563+
* implementation specific error codes.
550564
*/
551565
NGTCP2_EXTERN int ngtcp2_crypto_recv_crypto_data_cb(
552566
ngtcp2_conn *conn, ngtcp2_encryption_level encryption_level, uint64_t offset,
@@ -583,15 +597,15 @@ NGTCP2_EXTERN int ngtcp2_crypto_generate_stateless_reset_token(
583597
* :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY` is the magic byte for
584598
* Retry token generated by `ngtcp2_crypto_generate_retry_token`.
585599
*/
586-
#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY 0xb6
600+
#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY 0xB6
587601

588602
/**
589603
* @macro
590604
*
591605
* :macro:`NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2` is the magic byte for
592606
* Retry token generated by `ngtcp2_crypto_generate_retry_token2`.
593607
*/
594-
#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2 0xb7
608+
#define NGTCP2_CRYPTO_TOKEN_MAGIC_RETRY2 0xB7
595609

596610
/**
597611
* @macro
@@ -978,11 +992,29 @@ NGTCP2_EXTERN void ngtcp2_crypto_delete_crypto_cipher_ctx_cb(
978992
*
979993
* This function can be directly passed to
980994
* :member:`ngtcp2_callbacks.get_path_challenge_data` field.
995+
*
996+
* Deprecated since v1.22.0. Use
997+
* `ngtcp2_crypto_get_path_challenge_data2_cb` instead.
981998
*/
982999
NGTCP2_EXTERN int ngtcp2_crypto_get_path_challenge_data_cb(ngtcp2_conn *conn,
9831000
uint8_t *data,
9841001
void *user_data);
9851002

1003+
/**
1004+
* @function
1005+
*
1006+
* `ngtcp2_crypto_get_path_challenge_data2_cb` writes unpredictable
1007+
* sequence of :macro:`NGTCP2_PATH_CHALLENGE_DATALEN` bytes to |data|
1008+
* which is sent with PATH_CHALLENGE frame.
1009+
*
1010+
* This function can be directly passed to
1011+
* :member:`ngtcp2_callbacks.get_path_challenge_data2` field.
1012+
*
1013+
* This function has been available since v1.22.0.
1014+
*/
1015+
NGTCP2_EXTERN int ngtcp2_crypto_get_path_challenge_data2_cb(
1016+
ngtcp2_conn *conn, ngtcp2_path_challenge_data *data, void *user_data);