Skip to content

Commit

Permalink
clang-format modulo deps/ and picotlsvs/
Browse files Browse the repository at this point in the history
  • Loading branch information
kazuho committed Dec 20, 2024
1 parent c001ae8 commit 067101c
Show file tree
Hide file tree
Showing 5 changed files with 143 additions and 153 deletions.
7 changes: 3 additions & 4 deletions fuzz/fuzz-asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
byte_index = byte_index % bytes_max;
expected_type = feeder_next_byte();
ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, expected_type, &length, &indefinite_length, &last_byte,
&decode_error, &ctx);
&decode_error, &ctx);
} else if (ret == 2 || ret == 3) {
ptls_context_t ctx = {};
char fname[] = "/tmp/XXXXXXXX";
Expand All @@ -85,20 +85,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
ctx.key_exchanges = ptls_minicrypto_key_exchanges;
ctx.cipher_suites = ptls_minicrypto_cipher_suites;

if (ret == 2) {
if (ret == 2) {
ptls_load_certificates(&ctx, fname);
if (ctx.certificates.list) {
for (i = 0; i < ctx.certificates.count; i++) {
if (ctx.certificates.list[i].base)
free(ctx.certificates.list[i].base);
}
free(ctx.certificates.list);

}
} else {
ptls_minicrypto_load_private_key(&ctx, fname);
}
out2:
out2:
close(fd);
unlink(fname);
}
Expand Down
153 changes: 75 additions & 78 deletions fuzz/fuzz-client-hello.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,89 +20,86 @@
#include "picotls/openssl.h"
#include "util.h"

void deterministic_random_bytes(void *buf, size_t len) {
for (int i = 0; i < len; i++) {
((uint8_t *)buf)[i] = 0;
}
void deterministic_random_bytes(void *buf, size_t len)
{
for (int i = 0; i < len; i++) {
((uint8_t *)buf)[i] = 0;
}
}

uint8_t fake_ticket[] = {
0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00,
0x01, 0x67, 0x7b, 0xce, 0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37,
0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f, 0x15, 0x4c, 0x93, 0x8f,
0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54,
0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e,
0x1a, 0x95, 0x85, 0xc5, 0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02,
0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00};

static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls,
int is_encrypt, ptls_buffer_t *dst,
ptls_iovec_t src) {
(void)_self;
int ret;

if (is_encrypt) {
if ((ret = ptls_buffer_reserve(dst, 32)) != 0) return ret;
memcpy(dst->base + dst->off, fake_ticket, 32);
dst->off += 32;
} else {
if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0) return ret;
memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket));
dst->off += sizeof(fake_ticket);
}

return 0;
uint8_t fake_ticket[] = {0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00, 0x01, 0x67, 0x7b, 0xce,
0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37, 0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f,
0x15, 0x4c, 0x93, 0x8f, 0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54,
0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e, 0x1a, 0x95, 0x85, 0xc5,
0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02, 0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00};

static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls, int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src)
{
(void)_self;
int ret;

if (is_encrypt) {
if ((ret = ptls_buffer_reserve(dst, 32)) != 0)
return ret;
memcpy(dst->base + dst->off, fake_ticket, 32);
dst->off += 32;
} else {
if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0)
return ret;
memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket));
dst->off += sizeof(fake_ticket);
}

return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// key exchanges
ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
key_exchanges[0] = &ptls_openssl_secp256r1;
// the second cipher suite is used for the PSK ticket
ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256,
&ptls_openssl_aes256gcmsha384, NULL};

// create ptls_context_t
ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time,
key_exchanges, cipher_suites};
ctx_server.verify_certificate = NULL;

// setup server fake cache
struct st_util_session_cache_t sc;
sc.super.cb = encrypt_ticket_cb_fake;
ctx_server.ticket_lifetime = UINT_MAX;
ctx_server.max_early_data_size = 8192;
ctx_server.encrypt_ticket = &sc.super;

// create pls_t
ptls_t *tls_server = ptls_new(&ctx_server, 1); // 1: server

// empty hsprop
ptls_handshake_properties_t hsprop = {{{{NULL}}}};

// buffers
ptls_buffer_t server_response;
ptls_buffer_init(&server_response, "", 0);

// accept client_hello
size_t consumed = size;
int ret =
ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop);

// more messages to parse?
if (ret == 0 && size - consumed > 0) {
size = size - consumed;
// reset buffer
ptls_buffer_dispose(&server_response);
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
// key exchanges
ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
key_exchanges[0] = &ptls_openssl_secp256r1;
// the second cipher suite is used for the PSK ticket
ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, &ptls_openssl_aes256gcmsha384, NULL};

// create ptls_context_t
ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
ctx_server.verify_certificate = NULL;

// setup server fake cache
struct st_util_session_cache_t sc;
sc.super.cb = encrypt_ticket_cb_fake;
ctx_server.ticket_lifetime = UINT_MAX;
ctx_server.max_early_data_size = 8192;
ctx_server.encrypt_ticket = &sc.super;

// create pls_t
ptls_t *tls_server = ptls_new(&ctx_server, 1); // 1: server

// empty hsprop
ptls_handshake_properties_t hsprop = {{{{NULL}}}};

// buffers
ptls_buffer_t server_response;
ptls_buffer_init(&server_response, "", 0);
// receive messages
ptls_receive(tls_server, &server_response, data + consumed, &size);
}

// clean
ptls_buffer_dispose(&server_response);
ptls_free(tls_server);
// accept client_hello
size_t consumed = size;
int ret = ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop);

// more messages to parse?
if (ret == 0 && size - consumed > 0) {
size = size - consumed;
// reset buffer
ptls_buffer_dispose(&server_response);
ptls_buffer_init(&server_response, "", 0);
// receive messages
ptls_receive(tls_server, &server_response, data + consumed, &size);
}

// clean
ptls_buffer_dispose(&server_response);
ptls_free(tls_server);

//
return 0;
//
return 0;
}
96 changes: 48 additions & 48 deletions fuzz/fuzz-server-hello.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,68 +20,68 @@
#include "picotls/openssl.h"
#include "util.h"

void deterministic_random_bytes(void *buf, size_t len) {
for (int i = 0; i < len; i++) {
((uint8_t *)buf)[i] = 0;
}
void deterministic_random_bytes(void *buf, size_t len)
{
for (int i = 0; i < len; i++) {
((uint8_t *)buf)[i] = 0;
}
}

static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls,
ptls_iovec_t src) {
return 0;
static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src)
{
return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// key exchanges
ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
key_exchanges[0] = &ptls_openssl_secp256r1;
ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
// key exchanges
ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
key_exchanges[0] = &ptls_openssl_secp256r1;
ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};

// create ptls_context_t
ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time,
key_exchanges, cipher_suites};
ctx_client.verify_certificate = NULL;
// create ptls_context_t
ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
ctx_client.verify_certificate = NULL;

// create pls_t
ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client
// create pls_t
ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client

// fake ticket saving
static struct st_util_save_ticket_t st;
st.super.cb = fake_ticket_cb;
ctx_client.save_ticket = &st.super;
// fake ticket saving
static struct st_util_save_ticket_t st;
st.super.cb = fake_ticket_cb;
ctx_client.save_ticket = &st.super;

// empty hsprop
ptls_handshake_properties_t hsprop = {{{{NULL}}}};
// empty hsprop
ptls_handshake_properties_t hsprop = {{{{NULL}}}};

// buffers
ptls_buffer_t client_encbuf;
ptls_buffer_init(&client_encbuf, "", 0);

// generate client_hello
ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);

// reset buffer
ptls_buffer_dispose(&client_encbuf);
ptls_buffer_init(&client_encbuf, "", 0);
// buffers
ptls_buffer_t client_encbuf;
ptls_buffer_init(&client_encbuf, "", 0);

// accept server
size_t consumed = size;
int ret =
ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);
// generate client_hello
ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);

// more messages to parse?
if (ret == 0 && size - consumed > 0) {
size = size - consumed;
// reset buffer
ptls_buffer_dispose(&client_encbuf);
ptls_buffer_init(&client_encbuf, "", 0);
// receive messages
ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
}

// cleaning
ptls_buffer_dispose(&client_encbuf);
ptls_free(tls_client);
// accept server
size_t consumed = size;
int ret = ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);

// more messages to parse?
if (ret == 0 && size - consumed > 0) {
size = size - consumed;
// reset buffer
ptls_buffer_dispose(&client_encbuf);
ptls_buffer_init(&client_encbuf, "", 0);
// receive messages
ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
}

// cleaning
ptls_buffer_dispose(&client_encbuf);
ptls_free(tls_client);

return 0;
return 0;
}
37 changes: 16 additions & 21 deletions include/picotls.h
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ extern "C" {
#define PTLS_ERROR_GET_CLASS(e) ((e) & ~0xff)
#define PTLS_ALERT_TO_SELF_ERROR(e) ((e) + PTLS_ERROR_CLASS_SELF_ALERT)
#define PTLS_ALERT_TO_PEER_ERROR(e) ((e) + PTLS_ERROR_CLASS_PEER_ALERT)
#define PTLS_ERROR_TO_ALERT(e) ((e)&0xff)
#define PTLS_ERROR_TO_ALERT(e) ((e) & 0xff)

/* the HKDF prefix */
#define PTLS_HKDF_EXPAND_LABEL_PREFIX "tls13 "
Expand Down Expand Up @@ -298,25 +298,19 @@ extern "C" {
#define PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY 2

#define PTLS_ZERO_DIGEST_SHA256 \
{ \
0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, \
0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 \
}
{0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, \
0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}

#define PTLS_ZERO_DIGEST_SHA384 \
{ \
0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, \
0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, \
0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b \
}
{0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, \
0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, \
0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b}

#define PTLS_ZERO_DIGEST_SHA512 \
{ \
0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, \
0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, \
0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, \
0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e \
}
{0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, \
0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, \
0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, \
0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e}

#define PTLS_TO__STR(n) #n
#define PTLS_TO_STR(n) PTLS_TO__STR(n)
Expand Down Expand Up @@ -363,10 +357,10 @@ typedef struct st_ptls_key_exchange_context_t {
ptls_iovec_t pubkey;
/**
* This function can be used for deriving a shared secret or for destroying the context.
* When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key being
* given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling `free`.
* When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL.
* Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
* When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key
* being given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling
* `free`. When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL. Upon failure
* (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
*/
int (*on_exchange)(struct st_ptls_key_exchange_context_t **keyex, int release, ptls_iovec_t *secret, ptls_iovec_t peerkey);
} ptls_key_exchange_context_t;
Expand All @@ -388,7 +382,8 @@ typedef const struct st_ptls_key_exchange_algorithm_t {
* Implements synchronous key exchange. Called when ServerHello is generated.
* Given a public key provided by the peer (`peerkey`), this callback generates an ephemeral private and public key, and returns
* the public key (`pubkey`) and a secret (`secret`) derived from the peerkey and private key.
* Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
* Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are
* zero-cleared.
*/
int (*exchange)(const struct st_ptls_key_exchange_algorithm_t *algo, ptls_iovec_t *pubkey, ptls_iovec_t *secret,
ptls_iovec_t peerkey);
Expand Down
3 changes: 1 addition & 2 deletions include/picotls/openssl.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,7 @@ extern "C" {
#define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 0
#endif

#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && \
!defined(OPENSSL_NO_ASYNC)
#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC)
#include <openssl/async.h>
#define PTLS_OPENSSL_HAVE_ASYNC 1
#else
Expand Down

0 comments on commit 067101c

Please sign in to comment.