Bump openssl to latest in master-alpha10-quic-support (#1072)

.azure/azure-pipelines.ci.yml

@@ -247,15 +247,16 @@ stages:
       extraBuildArgs: -Clang
       skipArtifacts: true
       extraName: 'clang'
-  - template: ./templates/build-config-user.yml
-    parameters:
-      image: ubuntu-latest
-      container: raspbian
-      platform: linux
-      arch: arm
-      tls: openssl
-      ubuntuVersion: 18.04
-      extraBuildArgs: -DisableLogs -Generator Ninja -ToolchainFile cmake/toolchains/arm-pi-gnueabihf.toolchain.cmake
+# Currently broken by latest OpenSSL branch update
+#  - template: ./templates/build-config-user.yml
+#    parameters:
+#      image: ubuntu-latest
+#      container: raspbian
+#      platform: linux
+#      arch: arm
+#      tls: openssl
+#      ubuntuVersion: 18.04
+#      extraBuildArgs: -DisableLogs -Generator Ninja -ToolchainFile cmake/toolchains/arm-pi-gnueabihf.toolchain.cmake
 
 #
 # Performance Tests

.azure/templates/build-config-user.yml

@@ -48,7 +48,7 @@ jobs:
 
   - task: Cache@2
     inputs:
-      key:  '"${{ parameters.platform }}_${{ parameters.arch }}_${{ parameters.tls }}_${{ parameters.extraName }}_${{ parameters.config }}_1" | .gitmodules'
+      key:  '"${{ parameters.platform }}_${{ parameters.arch }}_${{ parameters.tls }}_${{ parameters.extraName }}_${{ parameters.config }}_2" | .gitmodules'
       path: build/${{ parameters.platform }}/${{ parameters.arch }}_${{ parameters.tls }}/openssl
     displayName: Cache OpenSSL
     condition: and(succeeded(), eq('${{ parameters.tls }}', 'openssl'))

.gitmodules

@@ -4,7 +4,7 @@
 [submodule "submodules/openssl"]
 	path = submodules/openssl
 	url = https://github.com/akamai/openssl.git
-	branch = master-alpha4-quic-support
+	branch = master-alpha10-quic-support
 [submodule "submodules/everest"]
 	path = submodules/everest
 	url = https://github.com/nibanks/everest-dist.git

CMakeLists.txt

@@ -419,7 +419,6 @@ if(QUIC_TLS STREQUAL "openssl")
 
             set(OPENSSL_CONFIG_FLAGS
                 enable-tls1_3 no-makedepend no-dgram no-ssl3 no-psk no-srp
-                no-autoerrinit no-filenames no-ui-console no-err
                 no-zlib no-egd no-uplink no-idea no-rc5 no-rc4 no-afalgeng no-acvp_tests
                 no-comp no-cmp no-cms no-ct no-srp no-srtp no-ts no-fips no-gost no-padlockeng no-dso no-ec2m
                 no-tls1 no-tls1_1 no-tls1_2 no-dtls no-dtls1 no-dtls1_2 no-ssl

src/manifest/clog.sidecar

@@ -8465,9 +8465,25 @@
       ],
       "macroName": "QuicTraceLogConnError"
     },
+    "OpenSslQuicDataErrorStr": {
+      "ModuleProperites": {},
+      "TraceString": "[conn][%p] SSL_provide_quic_data failed: %s",
+      "UniqueId": "OpenSslQuicDataErrorStr",
+      "splitArgs": [
+        {
+          "DefinationEncoding": "p",
+          "MacroVariableName": "arg1"
+        },
+        {
+          "DefinationEncoding": "s",
+          "MacroVariableName": "arg3"
+        }
+      ],
+      "macroName": "QuicTraceLogConnError"
+    },
     "OpenSslHandshakeErrorStr": {
       "ModuleProperites": {},
-      "TraceString": "[conn][%p] TLS handshake error: %s",
+      "TraceString": "[conn][%p] TLS handshake error: %s, file:%s:%d",
       "UniqueId": "OpenSslHandshakeErrorStr",
       "splitArgs": [
         {
@@ -8477,6 +8493,14 @@
         {
           "DefinationEncoding": "s",
           "MacroVariableName": "arg3"
+        },
+        {
+          "DefinationEncoding": "s",
+          "MacroVariableName": "arg4"
+        },
+        {
+          "DefinationEncoding": "d",
+          "MacroVariableName": "arg5"
         }
       ],
       "macroName": "QuicTraceLogConnError"
@@ -12000,7 +12024,11 @@
         "TraceID": "OpenSslAlert"
       },
       {
-        "UniquenessHash": "04956959-ecb5-9bea-dd79-ca22765f2c95",
+        "UniquenessHash": "33c7b405-30d7-b1d6-1c60-91d15920e2dc",
+        "TraceID": "OpenSslQuicDataErrorStr"
+      },
+      {
+        "UniquenessHash": "ea63635a-adff-b833-abb2-009297ee0ca0",
         "TraceID": "OpenSslHandshakeErrorStr"
       },
       {

src/perf/lib/RpsClient.cpp

@@ -265,9 +265,12 @@ RpsClient::Start(
     }
 
     if (!CxPlatEventWaitWithTimeout(AllConnected.Handle, RPS_ALL_CONNECT_TIMEOUT)) {
-        WriteOutput("Timeout waiting for connections.\n");
-        Running = false;
-        return QUIC_STATUS_CONNECTION_TIMEOUT;
+        if (ActiveConnections == 0) {
+            WriteOutput("Failed to connect to the server\n");
+            Running = false;
+            return QUIC_STATUS_CONNECTION_TIMEOUT;
+        }
+        WriteOutput("WARNING: Only %u (of %u) connections connected successfully.\n", ActiveConnections, ConnectionCount);
     }
 
     WriteOutput("All Connected! Waiting for idle.\n");

src/platform/cert_capi_openssl.c

@@ -17,6 +17,10 @@ Environment:
 #include "platform_internal.h"
 
 #define OPENSSL_SUPPRESS_DEPRECATED 1 // For hmac.h, which was deprecated in 3.0
+#ifdef _WIN32
+#pragma warning(push)
+#pragma warning(disable:4100) // Unreferenced parameter errcode in inline function
+#endif
 #include "openssl/err.h"
 #include "openssl/hmac.h"
 #include "openssl/kdf.h"
@@ -24,6 +28,9 @@ Environment:
 #include "openssl/rsa.h"
 #include "openssl/ssl.h"
 #include "openssl/x509.h"
+#ifdef _WIN32
+#pragma warning(pop)
+#endif
 #ifdef QUIC_CLOG
 #include "cert_capi_openssl.c.clog.h"
 #endif

src/platform/selfsign_openssl.c

@@ -12,14 +12,22 @@ Abstract:
 #define QUIC_TEST_APIS 1
 #define _CRT_SECURE_NO_WARNINGS // NOLINT bugprone-reserved-identifier,cert-dcl37-c,cert-dcl51-cpp
 
-#include "openssl/ec.h"
+#include "platform_internal.h"
+#ifdef _WIN32
+#pragma warning(push)
+#pragma warning(disable:4100) // Unreferenced parameter errcode in inline function
+#endif
+#include "openssl/ssl.h"
 #include "openssl/err.h"
 #include "openssl/kdf.h"
 #include "openssl/pem.h"
 #include "openssl/rsa.h"
 #include "openssl/ssl.h"
 #include "openssl/x509.h"
-#include "platform_internal.h"
+#include "openssl/pem.h"
+#ifdef _WIN32
+#pragma warning(pop)
+#endif
 #ifdef QUIC_CLOG
 #include "selfsign_openssl.c.clog.h"
 #endif

src/platform/tls_openssl.c

@@ -12,6 +12,10 @@ Abstract:
 #include "platform_internal.h"
 
 #define OPENSSL_SUPPRESS_DEPRECATED 1 // For hmac.h, which was deprecated in 3.0
+#ifdef _WIN32
+#pragma warning(push)
+#pragma warning(disable:4100) // Unreferenced parameter errcode in inline function
+#endif
 #include "openssl/err.h"
 #include "openssl/hmac.h"
 #include "openssl/kdf.h"
@@ -19,6 +23,9 @@ Abstract:
 #include "openssl/rsa.h"
 #include "openssl/ssl.h"
 #include "openssl/x509.h"
+#ifdef _WIN32
+#pragma warning(pop)
+#endif
 #ifdef QUIC_CLOG
 #include "tls_openssl.c.clog.h"
 #endif
@@ -1013,24 +1020,30 @@ CxPlatTlsProcessData(
         goto Exit;
     }
 
+    TlsContext->State = State;
+    TlsContext->ResultFlags = 0;
+
     if (*BufferLength != 0) {
         QuicTraceLogConnVerbose(
             OpenSslProcessData,
             TlsContext->Connection,
             "Processing %u received bytes",
             *BufferLength);
-    }
 
-    TlsContext->State = State;
-    TlsContext->ResultFlags = 0;
-
-    if (SSL_provide_quic_data(
-            TlsContext->Ssl,
-            (OSSL_ENCRYPTION_LEVEL)TlsContext->State->ReadKey,
-            Buffer,
-            *BufferLength) != 1) {
-        TlsContext->ResultFlags |= CXPLAT_TLS_RESULT_ERROR;
-        goto Exit;
+        if (SSL_provide_quic_data(
+                TlsContext->Ssl,
+                (OSSL_ENCRYPTION_LEVEL)TlsContext->State->ReadKey,
+                Buffer,
+                *BufferLength) != 1) {
+            char buf[256];
+            QuicTraceLogConnError(
+                OpenSslQuicDataErrorStr,
+                TlsContext->Connection,
+                "SSL_provide_quic_data failed: %s",
+                ERR_error_string(ERR_get_error(), buf));
+            TlsContext->ResultFlags |= CXPLAT_TLS_RESULT_ERROR;
+            goto Exit;
+        }
     }
 
     if (!State->HandshakeComplete) {
@@ -1042,14 +1055,21 @@ CxPlatTlsProcessData(
             case SSL_ERROR_WANT_WRITE:
                 goto Exit;
 
-            case SSL_ERROR_SSL:
+            case SSL_ERROR_SSL: {
+                char buf[256];
+                const char* file;
+                int line;
+                ERR_error_string_n(ERR_get_error_line(&file, &line), buf, sizeof(buf));
                 QuicTraceLogConnError(
                     OpenSslHandshakeErrorStr,
                     TlsContext->Connection,
-                    "TLS handshake error: %s",
-                    ERR_error_string(ERR_get_error(), NULL));
+                    "TLS handshake error: %s, file:%s:%d",
+                    "",
+                    file,
+                    line);
                 TlsContext->ResultFlags |= CXPLAT_TLS_RESULT_ERROR;
                 goto Exit;
+            }
 
             default:
                 QuicTraceLogConnError(
@@ -1139,14 +1159,21 @@ CxPlatTlsProcessData(
         case SSL_ERROR_WANT_WRITE:
             goto Exit;
 
-        case SSL_ERROR_SSL:
+        case SSL_ERROR_SSL: {
+            char buf[256];
+            const char* file;
+            int line;
+            ERR_error_string_n(ERR_get_error_line(&file, &line), buf, sizeof(buf));
             QuicTraceLogConnError(
                 OpenSslHandshakeErrorStr,
                 TlsContext->Connection,
-                "TLS handshake error: %s",
-                ERR_error_string(ERR_get_error(), NULL));
+                "TLS handshake error: %s, file:%s:%d",
+                "",
+                file,
+                line);
             TlsContext->ResultFlags |= CXPLAT_TLS_RESULT_ERROR;
             goto Exit;
+        }
 
         default:
             QuicTraceLogConnError(

submodules/openssl

@@ -1 +1 @@
-Subproject commit 6c04318b50013d69b6dc6d8214ff13e05131637c
+Subproject commit 484fcc7392f3d7f4c257448f9aa70ad4f788ed33