deps: switch openssl to quictls/openssl

As of
quictls/openssl@0c70d48

Source: https://github.com/quictls/openssl/tree/OpenSSL_1_1_1j+quic
Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: #37601
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>

deps/openssl/.gitignore

@@ -0,0 +1 @@
+openssl/fuzz/corpora

deps/openssl/openssl/CHANGES

@@ -215,6 +215,9 @@
 
  Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
 
+  *) Implement BoringSSL's QUIC API
+     [Todd Short]
+
   *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
      number generator (RNG). This was intended to include protection in the
      event of a fork() system call in order to ensure that the parent and child

deps/openssl/openssl/Configurations/90-team.norelease.conf

@@ -0,0 +1,114 @@
+## -*- mode: perl; -*-
+## Build configuration targets for openssl-team members
+
+my %targets = (
+    "purify" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "purify gcc",
+        CFLAGS           => "-g -Wall",
+        thread_scheme    => "(unknown)",
+        ex_libs          => add(" ","-lsocket -lnsl"),
+    },
+    "debug" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "gcc",
+        cflags           => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
+        thread_scheme    => "(unknown)",
+    },
+    "debug-erbridge" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "gcc",
+        cflags           => combine(join(' ', @gcc_devteam_warn),
+                                    "-DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_ldflag    => "-m64",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+        multilib         => "64",
+    },
+    "debug-linux-pentium" => {
+        inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ppro" => {
+        inherit_from     => [ 'BASE_unix', "x86_elf_asm" ],
+        cc               => "gcc",
+        cflags           => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        thread_scheme    => "pthreads",
+        dso_scheme       => "dlfcn",
+    },
+    "debug-linux-ia32-aes" => {
+        inherit_from     => [ 'BASE_unix' ],
+        cc               => "gcc",
+        cflags           => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
+                                    threads("-D_REENTRANT")),
+        ex_libs          => add(" ","-ldl"),
+        bn_ops           => "BN_LLONG",
+        cpuid_asm_src    => "x86cpuid.s",
+        bn_asm_src       => "bn-586.s co-586.s x86-mont.s",
+        des_asm_src      => "des-586.s crypt586.s",
+        aes_asm_src      => "aes_x86core.s aes_cbc.s aesni-x86.s",
+        bf_asm_src       => "bf-586.s",
+        md5_asm_src      => "md5-586.s",
+        sha1_asm_src     => "sha1-586.s sha256-586.s sha512-586.s",
+        cast_asm_src     => "cast-586.s",
+        rc4_asm_src      => "rc4-586.s",
+        rmd160_asm_src   => "rmd-586.s",
+        rc5_asm_src      => "rc5-586.s",
+        wp_asm_src       => "wp_block.s wp-mmx.s",
+        modes_asm_src    => "ghash-x86.s",
+        padlock_asm_src  => "e_padlock-x86.s",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "linux-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "debug-test-64-clang" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine(join(' ', @gcc_devteam_warn),
+                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "elf",
+        dso_scheme       => "dlfcn",
+        shared_target    => "bsd-gcc-shared",
+        shared_cflag     => "-fPIC",
+        shared_extension => ".so.\$(SHLIB_VERSION_NUMBER)",
+    },
+    "darwin64-debug-test-64-clang" => {
+        inherit_from     => [ 'BASE_unix', "x86_64_asm" ],
+        cc               => "clang",
+        cflags           => combine("-arch x86_64 -DL_ENDIAN",
+                                    join(' ', @gcc_devteam_warn),
+                                    "-Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_UNUSED -g3 -O3 -pipe",
+                                    threads("${BSDthreads}")),
+        sys_id           => "MACOSX",
+        bn_ops           => "SIXTY_FOUR_BIT_LONG",
+        thread_scheme    => "pthreads",
+        perlasm_scheme   => "macosx",
+        dso_scheme       => "dlfcn",
+        shared_target    => "darwin-shared",
+        shared_cflag     => "-fPIC -fno-common",
+        shared_ldflag    => "-arch x86_64 -dynamiclib",
+        shared_extension => ".\$(SHLIB_VERSION_NUMBER).dylib",
+    },
+);

deps/openssl/openssl/Configure

@@ -401,6 +401,7 @@ my @disablables = (
     "poly1305",
     "posix-io",
     "psk",
+    "quic",
     "rc2",
     "rc4",
     "rc5",
@@ -514,6 +515,8 @@ my @disable_cascades = (
     "comp"              => [ "zlib" ],
     "ec"                => [ "tls1_3", "sm2" ],
     "sm3"               => [ "sm2" ],
+    "tls1_3"            => [ "quic" ],
+
     sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
 
     sub { !$disabled{"msan"} } => [ "asm" ],

deps/openssl/openssl/INSTALL

@@ -457,6 +457,9 @@
   no-psk
                    Don't build support for Pre-Shared Key based ciphersuites.
 
+  no-quic
+                   Don't build with support for QUIC.
+
   no-rdrand
                    Don't use hardware RDRAND capabilities.
 

deps/openssl/openssl/README-OpenSSL.md

@@ -0,0 +1,93 @@
+
+ OpenSSL 1.1.1j 16 Feb 2021
+
+ Copyright (c) 1998-2020 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl (with platform specific naming):
+     Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto (with platform specific naming):
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     not logically part of it.
+
+ openssl:
+     A command line tool that can be used for:
+        Creation of key parameters
+        Creation of X.509 certificates, CSRs and CRLs
+        Calculation of message digests
+        Encryption and decryption
+        SSL/TLS client and server tests
+        Handling of S/MIME signed or encrypted mail
+        And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+        INSTALL         Linux, Unix, Windows, OpenVMS, ...
+        NOTES.*         INSTALL addendums for different platforms
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the latest version from the repository
+      to see if the problem has already been addressed
+    - Configure with no-asm
+    - Remove compiler optimization flags
+
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
+
+    - OpenSSL version: output of 'openssl version -a'
+    - Configuration data: output of 'perl configdata.pm --dump'
+    - OS Name, Version, Hardware platform
+    - Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.

deps/openssl/openssl/README.md

@@ -0,0 +1,102 @@
+What This Is
+============
+
+This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition to the
+website, the official source distribution is at https://github.com/openssl/openssl.
+The OpenSSL `README` can be found at [README-OpenSSL.md](README-OpenSSL.md).
+
+This fork adds API that can be used by QUIC implementations for connection
+handshakes. Quoting the IETF Working group
+[charter](https://datatracker.ietf.org/wg/quic/about/), QUIC is a "UDP-based,
+stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you
+should use the official OpenSSL distributions.
+
+This API's here are used by Microsoft's
+[MsQuic](https://github.com/microsoft/msquic) and Google's
+[Chromium QUIC](https://chromium.googlesource.com/chromium/src/+/master/net/quic/)
+
+We are not in competition with OpenSSL project. We informed them of
+our plans to fork the code before we went public. We do not speak for the
+OpenSSL project, and can only point to a
+[blog post](https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/) that
+provides their view of QUIC support.
+
+As stated in their blog post, the OpenSSL team is focused on their 3.0 release
+which is still in alpha, and does not intend to add QUIC functionality to 1.1.x.
+There is a community need for a QUIC capable TLS library. This fork is intended
+as stopgap solution to enable higher level frameworks and runtimes to use QUIC
+with the proven and reliable TLS functionality from OpenSSL. This fork will be
+maintained until OpenSSL officially provides reasonable support for QUIC
+implementations.
+
+This fork can be considered a supported version of
+[OpenSSL PR 8797](https://github.com/openssl/openssl/pull/8797).
+We will endeavor to track OpenSSL releases within a day or so, and there is an
+item below about how we'll follow their tagging.
+
+On to the questions and answers.
+
+What about branches?
+--------------------
+We don't want to conflict with OpenSSL branch names. Our current plan is to append
+`+quic`. Release tags are likely to be the QUIC branch with `-releaseX` appended.
+For example, the OpenSSL tag `openssl-3.0.0-alpha12` would have a branch named
+`openssl-3.0.0-alpha12+quic` and a release tag of `openssl-3.0.0-alpha12+quic-release1`
+
+How are you keeping current with OpenSSL?
+-----------------------------------------
+(In other words, "What about rebasing?")
+
+Our plan it to always rebase on top of an upstream release tag. In particular:
+- The changes for QUIC will always be at the tip of the branch -- you will know what
+is from the original OpenSSL and what is for QUIC.
+- New versions are quickly created once upstream creates a new tag.
+- The use of git commands (such as "cherry") can be used to ensure that all changes
+have moved forward with minimal or no changes. You will be able to see "QUIC: Add X"
+on all branches and the commit itself will be nearly identical on all branches, and
+any changes to that can be easily identified.
+
+What about library names?
+-------------------------
+Library names will be the same, but will use a different version number. The version
+numbers for the current OpenSSL libraries are `1.1` (for the 1.1.0 and 1.1.1 branches)
+and `3` (for the to-be-3.0 branch). We will be prefixing 81 (ASCII for 'Q') to
+the version numbers to generate a unique version number.
+
+```
+libcrypto.so.81.3   libcrypto.so.81.1.1   libcrypto.so.1.1   libcrypto.so.3
+libssl.so.81.3      libssl.so.81.1.1      libsslo.so.1.1     libssl.so.3
+```
+The SONAME of these libraries are all different, guaranteeing the correct library
+will be used.
+
+...and the executable?
+----------------------
+We currently do not have any plans to change the name, mainly because we
+haven't made any changes there. If you see a need, please open an issue.
+
+The `openssl version` command will report that it is `+quic` enabled.
+
+...and FIPS?
+------------
+We are not doing anything with FIPS. This is actually good news: you should
+be able to load the OpenSSL 3.0 FIPS module into an application built against
+this fork and everything should Just Work™.
+
+How can I contribute?
+---------------------
+We want any code here to be acceptable to OpenSSL. This means that all contributors
+must have signed the appropriate
+[contributor license agreements](https://www.openssl.org/policies/cla.html). We
+will not ask for copies of any paperwork, you just need to tell us that you've
+done so (and we might verify with OpenSSL). We are only interested in making it
+easier and better for at least the mentioned QUIC implementations to use a variant
+of OpenSSL. If you have a pull request that changes the TLS protocol, or adds
+assembly support for a new CPU, or otherwise is not specific to enabling QUIC,
+please contribute that to OpenSSL. This fork is intended to be a clean extension
+to OpenSSL, with the deltas being specific to QUIC.
+
+Who are you?
+------------
+This is a collaborative effort between [Akamai](https://www.akamai.com) and
+[Microsoft](https://www.microsoft.com). We welcome anyone to contribute!

deps/openssl/openssl/crypto/cversion.c

@@ -38,6 +38,10 @@ const char *OpenSSL_version(int t)
         return "ENGINESDIR: \"" ENGINESDIR "\"";
 #else
         return "ENGINESDIR: N/A";
+#endif
+#ifndef OPENSSL_NO_QUIC
+    case OPENSSL_INFO_QUIC:
+	return "QUIC";
 #endif
     }
     return "not available";