diff --git a/fuzz/fuzz-asn1.c b/fuzz/fuzz-asn1.c index dc8b0705c..9452d1496 100644 --- a/fuzz/fuzz-asn1.c +++ b/fuzz/fuzz-asn1.c @@ -67,7 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) byte_index = byte_index % bytes_max; expected_type = feeder_next_byte(); ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, expected_type, &length, &indefinite_length, &last_byte, - &decode_error, &ctx); + &decode_error, &ctx); } else if (ret == 2 || ret == 3) { ptls_context_t ctx = {}; char fname[] = "/tmp/XXXXXXXX"; @@ -85,7 +85,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) ctx.key_exchanges = ptls_minicrypto_key_exchanges; ctx.cipher_suites = ptls_minicrypto_cipher_suites; - if (ret == 2) { + if (ret == 2) { ptls_load_certificates(&ctx, fname); if (ctx.certificates.list) { for (i = 0; i < ctx.certificates.count; i++) { @@ -93,12 +93,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) free(ctx.certificates.list[i].base); } free(ctx.certificates.list); - } } else { ptls_minicrypto_load_private_key(&ctx, fname); } -out2: + out2: close(fd); unlink(fname); } diff --git a/fuzz/fuzz-client-hello.c b/fuzz/fuzz-client-hello.c index bfafff30d..73ef9fdc9 100644 --- a/fuzz/fuzz-client-hello.c +++ b/fuzz/fuzz-client-hello.c @@ -20,89 +20,86 @@ #include "picotls/openssl.h" #include "util.h" -void deterministic_random_bytes(void *buf, size_t len) { - for (int i = 0; i < len; i++) { - ((uint8_t *)buf)[i] = 0; - } +void deterministic_random_bytes(void *buf, size_t len) +{ + for (int i = 0; i < len; i++) { + ((uint8_t *)buf)[i] = 0; + } } -uint8_t fake_ticket[] = { - 0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00, - 0x01, 0x67, 0x7b, 0xce, 0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37, - 0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f, 0x15, 0x4c, 0x93, 0x8f, - 0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54, - 0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e, - 0x1a, 0x95, 0x85, 0xc5, 0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02, - 0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00}; - -static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls, - int is_encrypt, ptls_buffer_t *dst, - ptls_iovec_t src) { - (void)_self; - int ret; - - if (is_encrypt) { - if ((ret = ptls_buffer_reserve(dst, 32)) != 0) return ret; - memcpy(dst->base + dst->off, fake_ticket, 32); - dst->off += 32; - } else { - if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0) return ret; - memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket)); - dst->off += sizeof(fake_ticket); - } - - return 0; +uint8_t fake_ticket[] = {0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00, 0x01, 0x67, 0x7b, 0xce, + 0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37, 0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f, + 0x15, 0x4c, 0x93, 0x8f, 0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54, + 0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e, 0x1a, 0x95, 0x85, 0xc5, + 0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02, 0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00}; + +static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls, int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src) +{ + (void)_self; + int ret; + + if (is_encrypt) { + if ((ret = ptls_buffer_reserve(dst, 32)) != 0) + return ret; + memcpy(dst->base + dst->off, fake_ticket, 32); + dst->off += 32; + } else { + if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0) + return ret; + memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket)); + dst->off += sizeof(fake_ticket); + } + + return 0; } -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - // key exchanges - ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL}; - key_exchanges[0] = &ptls_openssl_secp256r1; - // the second cipher suite is used for the PSK ticket - ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, - &ptls_openssl_aes256gcmsha384, NULL}; - - // create ptls_context_t - ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time, - key_exchanges, cipher_suites}; - ctx_server.verify_certificate = NULL; - - // setup server fake cache - struct st_util_session_cache_t sc; - sc.super.cb = encrypt_ticket_cb_fake; - ctx_server.ticket_lifetime = UINT_MAX; - ctx_server.max_early_data_size = 8192; - ctx_server.encrypt_ticket = &sc.super; - - // create pls_t - ptls_t *tls_server = ptls_new(&ctx_server, 1); // 1: server - - // empty hsprop - ptls_handshake_properties_t hsprop = {{{{NULL}}}}; - - // buffers - ptls_buffer_t server_response; - ptls_buffer_init(&server_response, "", 0); - - // accept client_hello - size_t consumed = size; - int ret = - ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop); - - // more messages to parse? - if (ret == 0 && size - consumed > 0) { - size = size - consumed; - // reset buffer - ptls_buffer_dispose(&server_response); +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + // key exchanges + ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL}; + key_exchanges[0] = &ptls_openssl_secp256r1; + // the second cipher suite is used for the PSK ticket + ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, &ptls_openssl_aes256gcmsha384, NULL}; + + // create ptls_context_t + ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites}; + ctx_server.verify_certificate = NULL; + + // setup server fake cache + struct st_util_session_cache_t sc; + sc.super.cb = encrypt_ticket_cb_fake; + ctx_server.ticket_lifetime = UINT_MAX; + ctx_server.max_early_data_size = 8192; + ctx_server.encrypt_ticket = &sc.super; + + // create pls_t + ptls_t *tls_server = ptls_new(&ctx_server, 1); // 1: server + + // empty hsprop + ptls_handshake_properties_t hsprop = {{{{NULL}}}}; + + // buffers + ptls_buffer_t server_response; ptls_buffer_init(&server_response, "", 0); - // receive messages - ptls_receive(tls_server, &server_response, data + consumed, &size); - } - // clean - ptls_buffer_dispose(&server_response); - ptls_free(tls_server); + // accept client_hello + size_t consumed = size; + int ret = ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop); + + // more messages to parse? + if (ret == 0 && size - consumed > 0) { + size = size - consumed; + // reset buffer + ptls_buffer_dispose(&server_response); + ptls_buffer_init(&server_response, "", 0); + // receive messages + ptls_receive(tls_server, &server_response, data + consumed, &size); + } + + // clean + ptls_buffer_dispose(&server_response); + ptls_free(tls_server); - // - return 0; + // + return 0; } diff --git a/fuzz/fuzz-server-hello.c b/fuzz/fuzz-server-hello.c index 7059ae652..f8e1e8547 100644 --- a/fuzz/fuzz-server-hello.c +++ b/fuzz/fuzz-server-hello.c @@ -20,68 +20,68 @@ #include "picotls/openssl.h" #include "util.h" -void deterministic_random_bytes(void *buf, size_t len) { - for (int i = 0; i < len; i++) { - ((uint8_t *)buf)[i] = 0; - } +void deterministic_random_bytes(void *buf, size_t len) +{ + for (int i = 0; i < len; i++) { + ((uint8_t *)buf)[i] = 0; + } } -static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, - ptls_iovec_t src) { - return 0; +static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src) +{ + return 0; } -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - // key exchanges - ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL}; - key_exchanges[0] = &ptls_openssl_secp256r1; - ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL}; +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + // key exchanges + ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL}; + key_exchanges[0] = &ptls_openssl_secp256r1; + ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL}; - // create ptls_context_t - ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, - key_exchanges, cipher_suites}; - ctx_client.verify_certificate = NULL; + // create ptls_context_t + ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites}; + ctx_client.verify_certificate = NULL; - // create pls_t - ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client + // create pls_t + ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client - // fake ticket saving - static struct st_util_save_ticket_t st; - st.super.cb = fake_ticket_cb; - ctx_client.save_ticket = &st.super; + // fake ticket saving + static struct st_util_save_ticket_t st; + st.super.cb = fake_ticket_cb; + ctx_client.save_ticket = &st.super; - // empty hsprop - ptls_handshake_properties_t hsprop = {{{{NULL}}}}; + // empty hsprop + ptls_handshake_properties_t hsprop = {{{{NULL}}}}; - // buffers - ptls_buffer_t client_encbuf; - ptls_buffer_init(&client_encbuf, "", 0); - - // generate client_hello - ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop); - - // reset buffer - ptls_buffer_dispose(&client_encbuf); - ptls_buffer_init(&client_encbuf, "", 0); + // buffers + ptls_buffer_t client_encbuf; + ptls_buffer_init(&client_encbuf, "", 0); - // accept server - size_t consumed = size; - int ret = - ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop); + // generate client_hello + ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop); - // more messages to parse? - if (ret == 0 && size - consumed > 0) { - size = size - consumed; // reset buffer ptls_buffer_dispose(&client_encbuf); ptls_buffer_init(&client_encbuf, "", 0); - // receive messages - ptls_receive(tls_client, &client_encbuf, data + consumed, &size); - } - // cleaning - ptls_buffer_dispose(&client_encbuf); - ptls_free(tls_client); + // accept server + size_t consumed = size; + int ret = ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop); + + // more messages to parse? + if (ret == 0 && size - consumed > 0) { + size = size - consumed; + // reset buffer + ptls_buffer_dispose(&client_encbuf); + ptls_buffer_init(&client_encbuf, "", 0); + // receive messages + ptls_receive(tls_client, &client_encbuf, data + consumed, &size); + } + + // cleaning + ptls_buffer_dispose(&client_encbuf); + ptls_free(tls_client); - return 0; + return 0; } diff --git a/include/picotls.h b/include/picotls.h index 2aaa7e37a..5a6a205fd 100644 --- a/include/picotls.h +++ b/include/picotls.h @@ -208,7 +208,7 @@ extern "C" { #define PTLS_ERROR_GET_CLASS(e) ((e) & ~0xff) #define PTLS_ALERT_TO_SELF_ERROR(e) ((e) + PTLS_ERROR_CLASS_SELF_ALERT) #define PTLS_ALERT_TO_PEER_ERROR(e) ((e) + PTLS_ERROR_CLASS_PEER_ALERT) -#define PTLS_ERROR_TO_ALERT(e) ((e)&0xff) +#define PTLS_ERROR_TO_ALERT(e) ((e) & 0xff) /* the HKDF prefix */ #define PTLS_HKDF_EXPAND_LABEL_PREFIX "tls13 " @@ -298,25 +298,19 @@ extern "C" { #define PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY 2 #define PTLS_ZERO_DIGEST_SHA256 \ - { \ - 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, \ - 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55 \ - } + {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, \ + 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55} #define PTLS_ZERO_DIGEST_SHA384 \ - { \ - 0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11, \ - 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, \ - 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b \ - } + {0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, \ + 0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, \ + 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b} #define PTLS_ZERO_DIGEST_SHA512 \ - { \ - 0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05, \ - 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, \ - 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, \ - 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e \ - } + {0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, \ + 0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, \ + 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, \ + 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e} #define PTLS_TO__STR(n) #n #define PTLS_TO_STR(n) PTLS_TO__STR(n) @@ -363,10 +357,10 @@ typedef struct st_ptls_key_exchange_context_t { ptls_iovec_t pubkey; /** * This function can be used for deriving a shared secret or for destroying the context. - * When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key being - * given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling `free`. - * When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL. - * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared. + * When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key + * being given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling + * `free`. When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL. Upon failure + * (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared. */ int (*on_exchange)(struct st_ptls_key_exchange_context_t **keyex, int release, ptls_iovec_t *secret, ptls_iovec_t peerkey); } ptls_key_exchange_context_t; @@ -388,7 +382,8 @@ typedef const struct st_ptls_key_exchange_algorithm_t { * Implements synchronous key exchange. Called when ServerHello is generated. * Given a public key provided by the peer (`peerkey`), this callback generates an ephemeral private and public key, and returns * the public key (`pubkey`) and a secret (`secret`) derived from the peerkey and private key. - * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared. + * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are + * zero-cleared. */ int (*exchange)(const struct st_ptls_key_exchange_algorithm_t *algo, ptls_iovec_t *pubkey, ptls_iovec_t *secret, ptls_iovec_t peerkey); diff --git a/include/picotls/openssl.h b/include/picotls/openssl.h index 526285cb1..97bcb6e36 100644 --- a/include/picotls/openssl.h +++ b/include/picotls/openssl.h @@ -39,8 +39,7 @@ extern "C" { #define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 0 #endif -#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && \ - !defined(OPENSSL_NO_ASYNC) +#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC) #include #define PTLS_OPENSSL_HAVE_ASYNC 1 #else