deps: update ngtcp2 to 1.20.0

PR-URL: #61511
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>

Author: nodejs-github-bot

deps/ngtcp2/ngtcp2/crypto/boringssl/boringssl.c

@@ -39,6 +39,7 @@
 #include <openssl/chacha.h>
 #include <openssl/rand.h>
 
+#include "ngtcp2_macro.h"
 #include "shared.h"
 
 typedef enum ngtcp2_crypto_boringssl_cipher_type {
@@ -419,7 +420,7 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
 #else  /* !defined(WORDS_BIGENDIAN) */
     memcpy(&counter, sample, sizeof(counter));
 #endif /* !defined(WORDS_BIGENDIAN) */
-    CRYPTO_chacha_20(dest, PLAINTEXT, sizeof(PLAINTEXT) - 1, ctx->key,
+    CRYPTO_chacha_20(dest, PLAINTEXT, ngtcp2_strlen_lit(PLAINTEXT), ctx->key,
                      sample + sizeof(counter), counter);
     return 0;
   default:

deps/ngtcp2/ngtcp2/crypto/ossl/ossl.c

@@ -845,8 +845,9 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
   (void)hp;
 
   if (!EVP_EncryptInit_ex(actx, NULL, NULL, NULL, sample) ||
-      !EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT, sizeof(PLAINTEXT) - 1) ||
-      !EVP_EncryptFinal_ex(actx, dest + sizeof(PLAINTEXT) - 1, &len)) {
+      !EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT,
+                         ngtcp2_strlen_lit(PLAINTEXT)) ||
+      !EVP_EncryptFinal_ex(actx, dest + ngtcp2_strlen_lit(PLAINTEXT), &len)) {
     return -1;
   }
 

deps/ngtcp2/ngtcp2/crypto/picotls/picotls.c

@@ -35,6 +35,7 @@
 #include <picotls.h>
 #include <picotls/openssl.h>
 
+#include "ngtcp2_macro.h"
 #include "shared.h"
 
 ngtcp2_crypto_aead *ngtcp2_crypto_aead_aes_128_gcm(ngtcp2_crypto_aead *aead) {
@@ -357,7 +358,7 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
   (void)hp;
 
   ptls_cipher_init(actx, sample);
-  ptls_cipher_encrypt(actx, dest, PLAINTEXT, sizeof(PLAINTEXT) - 1);
+  ptls_cipher_encrypt(actx, dest, PLAINTEXT, ngtcp2_strlen_lit(PLAINTEXT));
 
   return 0;
 }

deps/ngtcp2/ngtcp2/crypto/quictls/quictls.c

@@ -40,6 +40,7 @@
 #  include <openssl/core_names.h>
 #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
 
+#include "ngtcp2_macro.h"
 #include "shared.h"
 
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -785,8 +786,9 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
   (void)hp;
 
   if (!EVP_EncryptInit_ex(actx, NULL, NULL, NULL, sample) ||
-      !EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT, sizeof(PLAINTEXT) - 1) ||
-      !EVP_EncryptFinal_ex(actx, dest + sizeof(PLAINTEXT) - 1, &len)) {
+      !EVP_EncryptUpdate(actx, dest, &len, PLAINTEXT,
+                         ngtcp2_strlen_lit(PLAINTEXT)) ||
+      !EVP_EncryptFinal_ex(actx, dest + ngtcp2_strlen_lit(PLAINTEXT), &len)) {
     return -1;
   }
 

deps/ngtcp2/ngtcp2/crypto/shared.c

@@ -53,9 +53,9 @@ int ngtcp2_crypto_hkdf_expand_label(uint8_t *dest, size_t destlen,
 
   *p++ = (uint8_t)(destlen / 256);
   *p++ = (uint8_t)(destlen % 256);
-  *p++ = (uint8_t)(sizeof(LABEL) - 1 + labellen);
-  memcpy(p, LABEL, sizeof(LABEL) - 1);
-  p += sizeof(LABEL) - 1;
+  *p++ = (uint8_t)(ngtcp2_strlen_lit(LABEL) + labellen);
+  memcpy(p, LABEL, ngtcp2_strlen_lit(LABEL));
+  p += ngtcp2_strlen_lit(LABEL);
   memcpy(p, label, labellen);
   p += labellen;
   *p++ = 0;
@@ -88,11 +88,11 @@ int ngtcp2_crypto_derive_initial_secrets(uint8_t *rx_secret, uint8_t *tx_secret,
   case NGTCP2_PROTO_VER_V1:
   default:
     salt = (const uint8_t *)NGTCP2_INITIAL_SALT_V1;
-    saltlen = sizeof(NGTCP2_INITIAL_SALT_V1) - 1;
+    saltlen = ngtcp2_strlen_lit(NGTCP2_INITIAL_SALT_V1);
     break;
   case NGTCP2_PROTO_VER_V2:
     salt = (const uint8_t *)NGTCP2_INITIAL_SALT_V2;
-    saltlen = sizeof(NGTCP2_INITIAL_SALT_V2) - 1;
+    saltlen = ngtcp2_strlen_lit(NGTCP2_INITIAL_SALT_V2);
     break;
   }
 
@@ -111,10 +111,12 @@ int ngtcp2_crypto_derive_initial_secrets(uint8_t *rx_secret, uint8_t *tx_secret,
 
   if (ngtcp2_crypto_hkdf_expand_label(
         client_secret, NGTCP2_CRYPTO_INITIAL_SECRETLEN, &ctx.md, initial_secret,
-        NGTCP2_CRYPTO_INITIAL_SECRETLEN, CLABEL, sizeof(CLABEL) - 1) != 0 ||
+        NGTCP2_CRYPTO_INITIAL_SECRETLEN, CLABEL,
+        ngtcp2_strlen_lit(CLABEL)) != 0 ||
       ngtcp2_crypto_hkdf_expand_label(
         server_secret, NGTCP2_CRYPTO_INITIAL_SECRETLEN, &ctx.md, initial_secret,
-        NGTCP2_CRYPTO_INITIAL_SECRETLEN, SLABEL, sizeof(SLABEL) - 1) != 0) {
+        NGTCP2_CRYPTO_INITIAL_SECRETLEN, SLABEL,
+        ngtcp2_strlen_lit(SLABEL)) != 0) {
     return -1;
   }
 
@@ -148,19 +150,19 @@ int ngtcp2_crypto_derive_packet_protection_key(
   switch (version) {
   case NGTCP2_PROTO_VER_V2:
     key_label = KEY_LABEL_V2;
-    key_labellen = sizeof(KEY_LABEL_V2) - 1;
+    key_labellen = ngtcp2_strlen_lit(KEY_LABEL_V2);
     iv_label = IV_LABEL_V2;
-    iv_labellen = sizeof(IV_LABEL_V2) - 1;
+    iv_labellen = ngtcp2_strlen_lit(IV_LABEL_V2);
     hp_key_label = HP_KEY_LABEL_V2;
-    hp_key_labellen = sizeof(HP_KEY_LABEL_V2) - 1;
+    hp_key_labellen = ngtcp2_strlen_lit(HP_KEY_LABEL_V2);
     break;
   default:
     key_label = KEY_LABEL_V1;
-    key_labellen = sizeof(KEY_LABEL_V1) - 1;
+    key_labellen = ngtcp2_strlen_lit(KEY_LABEL_V1);
     iv_label = IV_LABEL_V1;
-    iv_labellen = sizeof(IV_LABEL_V1) - 1;
+    iv_labellen = ngtcp2_strlen_lit(IV_LABEL_V1);
     hp_key_label = HP_KEY_LABEL_V1;
-    hp_key_labellen = sizeof(HP_KEY_LABEL_V1) - 1;
+    hp_key_labellen = ngtcp2_strlen_lit(HP_KEY_LABEL_V1);
   }
 
   if (ngtcp2_crypto_hkdf_expand_label(key, keylen, md, secret, secretlen,
@@ -194,11 +196,11 @@ int ngtcp2_crypto_update_traffic_secret(uint8_t *dest, uint32_t version,
   switch (version) {
   case NGTCP2_PROTO_VER_V2:
     label = LABEL_V2;
-    labellen = sizeof(LABEL_V2) - 1;
+    labellen = ngtcp2_strlen_lit(LABEL_V2);
     break;
   default:
     label = LABEL;
-    labellen = sizeof(LABEL) - 1;
+    labellen = ngtcp2_strlen_lit(LABEL);
   }
 
   if (ngtcp2_crypto_hkdf_expand_label(dest, secretlen, md, secret, secretlen,
@@ -592,11 +594,11 @@ int ngtcp2_crypto_derive_and_install_initial_key(
     case NGTCP2_PROTO_VER_V1:
     default:
       retry_key = (const uint8_t *)NGTCP2_RETRY_KEY_V1;
-      retry_noncelen = sizeof(NGTCP2_RETRY_NONCE_V1) - 1;
+      retry_noncelen = ngtcp2_strlen_lit(NGTCP2_RETRY_NONCE_V1);
       break;
     case NGTCP2_PROTO_VER_V2:
       retry_key = (const uint8_t *)NGTCP2_RETRY_KEY_V2;
-      retry_noncelen = sizeof(NGTCP2_RETRY_NONCE_V2) - 1;
+      retry_noncelen = ngtcp2_strlen_lit(NGTCP2_RETRY_NONCE_V2);
       break;
     }
 
@@ -845,7 +847,7 @@ int ngtcp2_crypto_generate_stateless_reset_token(uint8_t *token,
   if (ngtcp2_crypto_hkdf(token, NGTCP2_STATELESS_RESET_TOKENLEN,
                          ngtcp2_crypto_md_sha256(&md), secret, secretlen,
                          cid->data, cid->datalen, info,
-                         sizeof(info) - 1) != 0) {
+                         ngtcp2_strlen_lit(info)) != 0) {
     return -1;
   }
 
@@ -865,8 +867,8 @@ static int crypto_derive_token_key(uint8_t *key, size_t keylen, uint8_t *iv,
   uint8_t *p;
 
   assert(ngtcp2_crypto_md_hashlen(md) == sizeof(intsecret));
-  assert(info_prefixlen + sizeof(key_info_suffix) - 1 <= sizeof(info));
-  assert(info_prefixlen + sizeof(iv_info_suffix) - 1 <= sizeof(info));
+  assert(info_prefixlen + ngtcp2_strlen_lit(key_info_suffix) <= sizeof(info));
+  assert(info_prefixlen + ngtcp2_strlen_lit(iv_info_suffix) <= sizeof(info));
 
   if (ngtcp2_crypto_hkdf_extract(intsecret, md, secret, secretlen, salt,
                                  saltlen) != 0) {
@@ -876,8 +878,8 @@ static int crypto_derive_token_key(uint8_t *key, size_t keylen, uint8_t *iv,
   memcpy(info, info_prefix, info_prefixlen);
   p = info + info_prefixlen;
 
-  memcpy(p, key_info_suffix, sizeof(key_info_suffix) - 1);
-  p += sizeof(key_info_suffix) - 1;
+  memcpy(p, key_info_suffix, ngtcp2_strlen_lit(key_info_suffix));
+  p += ngtcp2_strlen_lit(key_info_suffix);
 
   if (ngtcp2_crypto_hkdf_expand(key, keylen, md, intsecret, sizeof(intsecret),
                                 info, (size_t)(p - info)) != 0) {
@@ -886,8 +888,8 @@ static int crypto_derive_token_key(uint8_t *key, size_t keylen, uint8_t *iv,
 
   p = info + info_prefixlen;
 
-  memcpy(p, iv_info_suffix, sizeof(iv_info_suffix) - 1);
-  p += sizeof(iv_info_suffix) - 1;
+  memcpy(p, iv_info_suffix, ngtcp2_strlen_lit(iv_info_suffix));
+  p += ngtcp2_strlen_lit(iv_info_suffix);
 
   if (ngtcp2_crypto_hkdf_expand(iv, ivlen, md, intsecret, sizeof(intsecret),
                                 info, (size_t)(p - info)) != 0) {
@@ -963,10 +965,10 @@ ngtcp2_ssize ngtcp2_crypto_generate_retry_token(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, sizeof(rand_data),
-                              retry_token_info_prefix,
-                              sizeof(retry_token_info_prefix) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        sizeof(rand_data), retry_token_info_prefix,
+        ngtcp2_strlen_lit(retry_token_info_prefix)) != 0) {
     return -1;
   }
 
@@ -1040,10 +1042,10 @@ int ngtcp2_crypto_verify_retry_token(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, NGTCP2_CRYPTO_TOKEN_RAND_DATALEN,
-                              retry_token_info_prefix,
-                              sizeof(retry_token_info_prefix) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        NGTCP2_CRYPTO_TOKEN_RAND_DATALEN, retry_token_info_prefix,
+        ngtcp2_strlen_lit(retry_token_info_prefix)) != 0) {
     return -1;
   }
 
@@ -1143,10 +1145,10 @@ ngtcp2_ssize ngtcp2_crypto_generate_retry_token2(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, sizeof(rand_data),
-                              retry_token_info_prefix2,
-                              sizeof(retry_token_info_prefix2) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        sizeof(rand_data), retry_token_info_prefix2,
+        ngtcp2_strlen_lit(retry_token_info_prefix2)) != 0) {
     return -1;
   }
 
@@ -1221,10 +1223,10 @@ int ngtcp2_crypto_verify_retry_token2(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, NGTCP2_CRYPTO_TOKEN_RAND_DATALEN,
-                              retry_token_info_prefix2,
-                              sizeof(retry_token_info_prefix2) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        NGTCP2_CRYPTO_TOKEN_RAND_DATALEN, retry_token_info_prefix2,
+        ngtcp2_strlen_lit(retry_token_info_prefix2)) != 0) {
     return NGTCP2_CRYPTO_ERR_INTERNAL;
   }
 
@@ -1366,10 +1368,10 @@ static ngtcp2_ssize crypto_generate_regular_token(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, sizeof(rand_data),
-                              regular_token_info_prefix,
-                              sizeof(regular_token_info_prefix) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        sizeof(rand_data), regular_token_info_prefix,
+        ngtcp2_strlen_lit(regular_token_info_prefix)) != 0) {
     return -1;
   }
 
@@ -1442,10 +1444,10 @@ static ngtcp2_ssize crypto_verify_regular_token(
   assert(sizeof(key) == keylen);
   assert(sizeof(iv) == ivlen);
 
-  if (crypto_derive_token_key(key, keylen, iv, ivlen, &md, secret, secretlen,
-                              rand_data, NGTCP2_CRYPTO_TOKEN_RAND_DATALEN,
-                              regular_token_info_prefix,
-                              sizeof(regular_token_info_prefix) - 1) != 0) {
+  if (crypto_derive_token_key(
+        key, keylen, iv, ivlen, &md, secret, secretlen, rand_data,
+        NGTCP2_CRYPTO_TOKEN_RAND_DATALEN, regular_token_info_prefix,
+        ngtcp2_strlen_lit(regular_token_info_prefix)) != 0) {
     return NGTCP2_CRYPTO_ERR_INTERNAL;
   }
 
@@ -1601,11 +1603,11 @@ ngtcp2_ssize ngtcp2_crypto_write_retry(uint8_t *dest, size_t destlen,
   case NGTCP2_PROTO_VER_V1:
   default:
     key = (const uint8_t *)NGTCP2_RETRY_KEY_V1;
-    noncelen = sizeof(NGTCP2_RETRY_NONCE_V1) - 1;
+    noncelen = ngtcp2_strlen_lit(NGTCP2_RETRY_NONCE_V1);
     break;
   case NGTCP2_PROTO_VER_V2:
     key = (const uint8_t *)NGTCP2_RETRY_KEY_V2;
-    noncelen = sizeof(NGTCP2_RETRY_NONCE_V2) - 1;
+    noncelen = ngtcp2_strlen_lit(NGTCP2_RETRY_NONCE_V2);
     break;
   }
 

deps/ngtcp2/ngtcp2/crypto/wolfssl/wolfssl.c

@@ -34,6 +34,7 @@
 #include <wolfssl/ssl.h>
 #include <wolfssl/quic.h>
 
+#include "ngtcp2_macro.h"
 #include "shared.h"
 
 #define PRINTF_DEBUG 0
@@ -297,9 +298,10 @@ int ngtcp2_crypto_hp_mask(uint8_t *dest, const ngtcp2_crypto_cipher *hp,
   if (wolfSSL_EVP_EncryptInit_ex(actx, NULL, NULL, NULL, sample) !=
         WOLFSSL_SUCCESS ||
       wolfSSL_EVP_CipherUpdate(actx, dest, &len, PLAINTEXT,
-                               sizeof(PLAINTEXT) - 1) != WOLFSSL_SUCCESS ||
-      wolfSSL_EVP_EncryptFinal_ex(actx, dest + sizeof(PLAINTEXT) - 1, &len) !=
-        WOLFSSL_SUCCESS) {
+                               ngtcp2_strlen_lit(PLAINTEXT)) !=
+        WOLFSSL_SUCCESS ||
+      wolfSSL_EVP_EncryptFinal_ex(actx, dest + ngtcp2_strlen_lit(PLAINTEXT),
+                                  &len) != WOLFSSL_SUCCESS) {
     DEBUG_MSG("WOLFSSL: hp_mask FAILED\n");
     return -1;
   }

deps/ngtcp2/ngtcp2/examples/client.cc

@@ -1049,16 +1049,17 @@ ngtcp2_ssize write_pkt(ngtcp2_conn *conn, ngtcp2_path *path,
 ngtcp2_ssize Client::write_pkt(ngtcp2_path *path, ngtcp2_pkt_info *pi,
                                uint8_t *dest, size_t destlen,
                                ngtcp2_tstamp ts) {
-  std::array<nghttp3_vec, 16> vec;
+  std::array<SharedVec, 16> vec;
 
   for (;;) {
     int64_t stream_id = -1;
     int fin = 0;
     nghttp3_ssize sveccnt = 0;
 
     if (httpconn_ && ngtcp2_conn_get_max_data_left(conn_)) {
-      sveccnt = nghttp3_conn_writev_stream(httpconn_, &stream_id, &fin,
-                                           vec.data(), vec.size());
+      sveccnt = nghttp3_conn_writev_stream(
+        httpconn_, &stream_id, &fin,
+        reinterpret_cast<nghttp3_vec *>(vec.data()), vec.size());
       if (sveccnt < 0) {
         std::cerr << "nghttp3_conn_writev_stream: "
                   << nghttp3_strerror(static_cast<int>(sveccnt)) << std::endl;
@@ -1071,7 +1072,6 @@ ngtcp2_ssize Client::write_pkt(ngtcp2_path *path, ngtcp2_pkt_info *pi,
     }
 
     ngtcp2_ssize ndatalen;
-    auto v = vec.data();
     auto vcnt = static_cast<size_t>(sveccnt);
 
     uint32_t flags = NGTCP2_WRITE_STREAM_FLAG_MORE;
@@ -1081,7 +1081,7 @@ ngtcp2_ssize Client::write_pkt(ngtcp2_path *path, ngtcp2_pkt_info *pi,
 
     auto nwrite = ngtcp2_conn_writev_stream(
       conn_, path, pi, dest, destlen, &ndatalen, flags, stream_id,
-      reinterpret_cast<const ngtcp2_vec *>(v), vcnt, ts);
+      reinterpret_cast<const ngtcp2_vec *>(vec.data()), vcnt, ts);
     if (nwrite < 0) {
       switch (nwrite) {
       case NGTCP2_ERR_STREAM_DATA_BLOCKED: