clang-format
diff --git a/lib/chacha20poly1305.h b/lib/chacha20poly1305.h
index ad2d7fe..9bdc9cc 100644
--- a/lib/chacha20poly1305.h
+++ b/lib/chacha20poly1305.h
@@ -161,7 +161,7 @@
struct chacha20poly1305_context_t *ctx = (struct chacha20poly1305_context_t *)_ctx;
memcpy(ctx->static_iv, iv, sizeof(ctx->static_iv));
- }
+}
static int chacha20poly1305_setup_crypto(ptls_aead_context_t *_ctx, int is_enc, const void *key, const void *iv,
ptls_cipher_algorithm_t *chacha,
diff --git a/lib/cifra.c b/lib/cifra.c
index 5fe9feb..6be752f 100644
--- a/lib/cifra.c
+++ b/lib/cifra.c
@@ -23,24 +23,20 @@
#include "picotls.h"
#include "picotls/minicrypto.h"
-ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = {// ciphers used with sha512 and sha384 (must be first)
- &ptls_minicrypto_aes256gcmsha384,
+ptls_cipher_suite_t *ptls_minicrypto_cipher_suites[] = { // ciphers used with sha512 and sha384 (must be first)
+ &ptls_minicrypto_aes256gcmsha384,
- // ciphers used with sha256
- &ptls_minicrypto_aes128gcmsha256,
- &ptls_minicrypto_chacha20poly1305sha256,
- NULL};
+ // ciphers used with sha256
+ &ptls_minicrypto_aes128gcmsha256, &ptls_minicrypto_chacha20poly1305sha256, NULL};
-ptls_cipher_suite_t *ptls_minicrypto_cipher_suites_all[] = {// ciphers used with sha512 and sha384 (must be first)
+ptls_cipher_suite_t *ptls_minicrypto_cipher_suites_all[] = { // ciphers used with sha512 and sha384 (must be first)
#ifdef PTLS_HAVE_AEGIS
- &ptls_minicrypto_aegis256sha512,
+ &ptls_minicrypto_aegis256sha512,
#endif
- &ptls_minicrypto_aes256gcmsha384,
+ &ptls_minicrypto_aes256gcmsha384,
- // ciphers used with sha256
+// ciphers used with sha256
#ifdef PTLS_HAVE_AEGIS
- &ptls_minicrypto_aegis128lsha256,
+ &ptls_minicrypto_aegis128lsha256,
#endif
- &ptls_minicrypto_aes128gcmsha256,
- &ptls_minicrypto_chacha20poly1305sha256,
- NULL};
+ &ptls_minicrypto_aes128gcmsha256, &ptls_minicrypto_chacha20poly1305sha256, NULL};
diff --git a/lib/cifra/libaegis.c b/lib/cifra/libaegis.c
index 76fc9e4..8956ee4 100644
--- a/lib/cifra/libaegis.c
+++ b/lib/cifra/libaegis.c
@@ -31,7 +31,7 @@
PTLS_AEGIS128L_KEY_SIZE,
PTLS_AEGIS128L_IV_SIZE,
PTLS_AEGIS128L_TAG_SIZE,
- { 0, 0 },
+ {0, 0},
0,
0,
sizeof(struct aegis128l_context_t),
@@ -49,7 +49,7 @@
PTLS_AEGIS256_KEY_SIZE,
PTLS_AEGIS256_IV_SIZE,
PTLS_AEGIS256_TAG_SIZE,
- { 0, 0 },
+ {0, 0},
0,
0,
sizeof(struct aegis256_context_t),
diff --git a/lib/libaegis.h b/lib/libaegis.h
index ec78a4b..bc82042 100644
--- a/lib/libaegis.h
+++ b/lib/libaegis.h
@@ -63,7 +63,8 @@
struct aegis128l_context_t *ctx = (struct aegis128l_context_t *)_ctx;
size_t written;
- aegis128l_state_encrypt_update(&ctx->st, (uint8_t *)output, inlen + aegis128l_TAILBYTES_MAX, &written, (const uint8_t *)input, inlen);
+ aegis128l_state_encrypt_update(&ctx->st, (uint8_t *)output, inlen + aegis128l_TAILBYTES_MAX, &written, (const uint8_t *)input,
+ inlen);
return written;
}
@@ -73,7 +74,8 @@
struct aegis128l_context_t *ctx = (struct aegis128l_context_t *)_ctx;
size_t written;
- aegis128l_state_encrypt_final(&ctx->st, (uint8_t *)output, aegis128l_TAILBYTES_MAX + PTLS_AEGIS128L_TAG_SIZE, &written, PTLS_AEGIS128L_TAG_SIZE);
+ aegis128l_state_encrypt_final(&ctx->st, (uint8_t *)output, aegis128l_TAILBYTES_MAX + PTLS_AEGIS128L_TAG_SIZE, &written,
+ PTLS_AEGIS128L_TAG_SIZE);
return written;
}
@@ -177,7 +179,8 @@
struct aegis256_context_t *ctx = (struct aegis256_context_t *)_ctx;
size_t written;
- aegis256_state_encrypt_update(&ctx->st, (uint8_t *)output, inlen + aegis256_TAILBYTES_MAX, &written, (const uint8_t *)input, inlen);
+ aegis256_state_encrypt_update(&ctx->st, (uint8_t *)output, inlen + aegis256_TAILBYTES_MAX, &written, (const uint8_t *)input,
+ inlen);
return written;
}
@@ -187,7 +190,8 @@
struct aegis256_context_t *ctx = (struct aegis256_context_t *)_ctx;
size_t written;
- aegis256_state_encrypt_final(&ctx->st, (uint8_t *)output, aegis256_TAILBYTES_MAX + PTLS_AEGIS256_TAG_SIZE, &written, PTLS_AEGIS256_TAG_SIZE);
+ aegis256_state_encrypt_final(&ctx->st, (uint8_t *)output, aegis256_TAILBYTES_MAX + PTLS_AEGIS256_TAG_SIZE, &written,
+ PTLS_AEGIS256_TAG_SIZE);
return written;
}
diff --git a/lib/mbedtls_sign.c b/lib/mbedtls_sign.c
index 1098686..2e167ae 100644
--- a/lib/mbedtls_sign.c
+++ b/lib/mbedtls_sign.c
@@ -1,24 +1,24 @@
/*
-* Copyright (c) 2023, Christian Huitema
-*
-* Permission is hereby granted, free of charge, to any person obtaining a copy
-* of this software and associated documentation files (the "Software"), to
-* deal in the Software without restriction, including without limitation the
-* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-* sell copies of the Software, and to permit persons to whom the Software is
-* furnished to do so, subject to the following conditions:
-*
-* The above copyright notice and this permission notice shall be included in
-* all copies or substantial portions of the Software.
-*
-* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-* IN THE SOFTWARE.
-*/
+ * Copyright (c) 2023, Christian Huitema
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to
+ * deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+ * sell copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+ * IN THE SOFTWARE.
+ */
#ifdef _WINDOWS
#include "wincompat.h"
@@ -47,30 +47,29 @@
ptls_sign_certificate_t super;
mbedtls_svc_key_id_t key_id;
psa_key_attributes_t attributes;
- const ptls_mbedtls_signature_scheme_t * schemes;
+ const ptls_mbedtls_signature_scheme_t *schemes;
} ptls_mbedtls_sign_certificate_t;
-static const unsigned char ptls_mbedtls_oid_ec_key[] = { 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 };
-static const unsigned char ptls_mbedtls_oid_rsa_key[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01 };
-static const unsigned char ptls_mbedtls_oid_ed25519[] = { 0x2b, 0x65, 0x70 };
+static const unsigned char ptls_mbedtls_oid_ec_key[] = {0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01};
+static const unsigned char ptls_mbedtls_oid_rsa_key[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01};
+static const unsigned char ptls_mbedtls_oid_ed25519[] = {0x2b, 0x65, 0x70};
-static const ptls_mbedtls_signature_scheme_t rsa_signature_schemes[] = {
- {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA256, PSA_ALG_SHA_256},
- {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA384, PSA_ALG_SHA_384},
- {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA512, PSA_ALG_SHA_512},
- {UINT16_MAX, PSA_ALG_NONE}};
+static const ptls_mbedtls_signature_scheme_t rsa_signature_schemes[] = {{PTLS_SIGNATURE_RSA_PSS_RSAE_SHA256, PSA_ALG_SHA_256},
+ {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA384, PSA_ALG_SHA_384},
+ {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA512, PSA_ALG_SHA_512},
+ {UINT16_MAX, PSA_ALG_NONE}};
static const ptls_mbedtls_signature_scheme_t secp256r1_signature_schemes[] = {
{PTLS_SIGNATURE_ECDSA_SECP256R1_SHA256, PSA_ALG_SHA_256}, {UINT16_MAX, PSA_ALG_NONE}};
static const ptls_mbedtls_signature_scheme_t secp384r1_signature_schemes[] = {
{PTLS_SIGNATURE_ECDSA_SECP384R1_SHA384, PSA_ALG_SHA_384}, {UINT16_MAX, PSA_ALG_NONE}};
static const ptls_mbedtls_signature_scheme_t secp521r1_signature_schemes[] = {
{PTLS_SIGNATURE_ECDSA_SECP521R1_SHA512, PSA_ALG_SHA_512}, {UINT16_MAX, PSA_ALG_NONE}};
-static const ptls_mbedtls_signature_scheme_t ed25519_signature_schemes[] = {
- {PTLS_SIGNATURE_ED25519, PSA_ALG_NONE}, {UINT16_MAX, PSA_ALG_NONE}};
+static const ptls_mbedtls_signature_scheme_t ed25519_signature_schemes[] = {{PTLS_SIGNATURE_ED25519, PSA_ALG_NONE},
+ {UINT16_MAX, PSA_ALG_NONE}};
#if defined(MBEDTLS_PEM_PARSE_C)
-static int ptls_mbedtls_parse_der_length(const unsigned char* pem_buf, size_t pem_len, size_t* px, size_t *pl)
+static int ptls_mbedtls_parse_der_length(const unsigned char *pem_buf, size_t pem_len, size_t *px, size_t *pl)
{
int ret = 0;
size_t x = *px;
@@ -92,7 +91,7 @@
return ret;
}
-static int ptls_mbedtls_parse_ecdsa_field(const unsigned char* pem_buf, size_t pem_len, size_t* key_index, size_t* key_length)
+static int ptls_mbedtls_parse_ecdsa_field(const unsigned char *pem_buf, size_t pem_len, size_t *key_index, size_t *key_length)
{
int ret = 0;
int param_index_index = -1;
@@ -100,12 +99,9 @@
size_t x = 0;
// const unsigned char head = { 0x30, l-2, 0x02, 0x01, 0x01, 0x04 }
- if (pem_len < 16 ||
- pem_buf[x++] != 0x30 /* type = sequence */)
- {
+ if (pem_len < 16 || pem_buf[x++] != 0x30 /* type = sequence */) {
ret = -1;
- }
- else {
+ } else {
size_t l = 0;
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l);
@@ -113,15 +109,11 @@
ret = -1;
}
}
- if (ret == 0){
- if (pem_buf[x++] != 0x02 /* type = int */ ||
- pem_buf[x++] != 0x01 /* length of int = 1 */ ||
- pem_buf[x++] != 0x01 /* version = 1 */ ||
- pem_buf[x++] != 0x04 /*octet string */ ||
- pem_buf[x] + x >= pem_len) {
+ if (ret == 0) {
+ if (pem_buf[x++] != 0x02 /* type = int */ || pem_buf[x++] != 0x01 /* length of int = 1 */ ||
+ pem_buf[x++] != 0x01 /* version = 1 */ || pem_buf[x++] != 0x04 /*octet string */ || pem_buf[x] + x >= pem_len) {
ret = -1;
- }
- else {
+ } else {
*key_index = x + 1;
*key_length = pem_buf[x];
x += 1 + pem_buf[x];
@@ -132,19 +124,16 @@
if (x + pem_buf[x] >= pem_len) {
/* EC parameters extend beyond buffer */
ret = -1;
- }
- else {
+ } else {
x += pem_buf[x] + 1;
}
}
if (ret == 0 && x < pem_len) {
/* skip the public key parameter */
- if (pem_buf[x++] != 0xa1 ||
- x >= pem_len) {
+ if (pem_buf[x++] != 0xa1 || x >= pem_len) {
ret = -1;
- }
- else {
+ } else {
size_t l = 0;
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l);
x += l;
@@ -160,12 +149,11 @@
}
/* On input, key_index points at the "key information" in a
-* "private key" message. For EDDSA, this contains an
-* octet string carrying the key itself. On return, key index
-* and key length are updated to point at the key field.
-*/
-static int ptls_mbedtls_parse_eddsa_key(const unsigned char* pem_buf, size_t pem_len,
- size_t* key_index, size_t* key_length)
+ * "private key" message. For EDDSA, this contains an
+ * octet string carrying the key itself. On return, key index
+ * and key length are updated to point at the key field.
+ */
+static int ptls_mbedtls_parse_eddsa_key(const unsigned char *pem_buf, size_t pem_len, size_t *key_index, size_t *key_length)
{
int ret = 0;
size_t x = *key_index;
@@ -177,8 +165,7 @@
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l_key);
if (x + l_key != *key_index + *key_length) {
ret = -1;
- }
- else {
+ } else {
*key_index = x;
*key_length = l_key;
}
@@ -187,12 +174,11 @@
}
/* If using PKCS8 encoding, the "private key" field contains the
-* same "ecdsa field" found in PEM "EC PRIVATE KEY" files. We
-* use the same parser, but we need to reset indices so they
-* reflect the unwrapped key.
-*/
-int ptls_mbedtls_parse_ec_private_key(const unsigned char* pem_buf, size_t pem_len,
- size_t* key_index, size_t* key_length)
+ * same "ecdsa field" found in PEM "EC PRIVATE KEY" files. We
+ * use the same parser, but we need to reset indices so they
+ * reflect the unwrapped key.
+ */
+int ptls_mbedtls_parse_ec_private_key(const unsigned char *pem_buf, size_t pem_len, size_t *key_index, size_t *key_length)
{
size_t x_offset = 0;
size_t x_len = 0;
@@ -205,9 +191,8 @@
return ret;
}
-int test_parse_private_key_field(const unsigned char* pem_buf, size_t pem_len,
- size_t* oid_index, size_t *oid_length,
- size_t* key_index, size_t* key_length)
+int test_parse_private_key_field(const unsigned char *pem_buf, size_t pem_len, size_t *oid_index, size_t *oid_length,
+ size_t *key_index, size_t *key_length)
{
int ret = 0;
size_t l_oid = 0;
@@ -217,12 +202,9 @@
size_t x = 0;
/* const unsigned char head = {0x30, l - 2, 0x02, 0x01, 0x00} */
- if (pem_len < 16 ||
- pem_buf[x++] != 0x30 /* type = sequence */)
- {
+ if (pem_len < 16 || pem_buf[x++] != 0x30 /* type = sequence */) {
ret = -1;
- }
- else {
+ } else {
size_t l = 0;
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l);
@@ -231,31 +213,25 @@
}
}
if (ret == 0) {
- if (pem_buf[x++] != 0x02 /* type = int */ ||
- pem_buf[x++] != 0x01 /* length of int = 1 */ ||
- pem_buf[x++] != 0x00 /* version = 0 */ ||
- pem_buf[x++] != 0x30 /* sequence */){
+ if (pem_buf[x++] != 0x02 /* type = int */ || pem_buf[x++] != 0x01 /* length of int = 1 */ ||
+ pem_buf[x++] != 0x00 /* version = 0 */ || pem_buf[x++] != 0x30 /* sequence */) {
ret = -1;
- }
- else {
+ } else {
/* the sequence contains the OID and optional key attributes,
- * which we ignore for now.
- */
+ * which we ignore for now.
+ */
size_t l_seq = 0;
size_t x_seq;
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l_seq);
x_seq = x;
- if (x + l_seq >= pem_len ||
- pem_buf[x++] != 0x06) {
+ if (x + l_seq >= pem_len || pem_buf[x++] != 0x06) {
ret = -1;
- }
- else {
+ } else {
l_oid = pem_buf[x++];
x_oid = x;
if (x + l_oid > x_seq + l_seq) {
ret = -1;
- }
- else {
+ } else {
x = x_seq + l_seq;
}
}
@@ -263,14 +239,12 @@
}
if (ret == 0) {
/* At that point the oid has been identified.
- * The next parameter is an octet string containing the key info.
- */
+ * The next parameter is an octet string containing the key info.
+ */
size_t l = 0;
- if (x + 2 > pem_len ||
- pem_buf[x++] != 0x04){
+ if (x + 2 > pem_len || pem_buf[x++] != 0x04) {
ret = -1;
- }
- else {
+ } else {
ret = ptls_mbedtls_parse_der_length(pem_buf, pem_len, &x, &l_key);
x_key = x;
x += l_key;
@@ -287,11 +261,8 @@
return ret;
}
-int ptls_mbedtls_get_der_key(mbedtls_pem_context* pem,
- mbedtls_pk_type_t * pk_type,
- const unsigned char* key, size_t keylen,
- const unsigned char* pwd, size_t pwdlen,
- int (*f_rng)(void*, unsigned char*, size_t), void* p_rng)
+int ptls_mbedtls_get_der_key(mbedtls_pem_context *pem, mbedtls_pk_type_t *pk_type, const unsigned char *key, size_t keylen,
+ const unsigned char *pwd, size_t pwdlen, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#if defined(MBEDTLS_PEM_PARSE_C)
@@ -308,25 +279,19 @@
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- }
- else {
- ret = mbedtls_pem_read_buffer(pem,
- "-----BEGIN RSA PRIVATE KEY-----",
- "-----END RSA PRIVATE KEY-----",
- key, pwd, pwdlen, &len);
+ } else {
+ ret = mbedtls_pem_read_buffer(pem, "-----BEGIN RSA PRIVATE KEY-----", "-----END RSA PRIVATE KEY-----", key, pwd, pwdlen,
+ &len);
}
if (ret == 0) {
- * pk_type = MBEDTLS_PK_RSA;
+ *pk_type = MBEDTLS_PK_RSA;
return ret;
- }
- else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
- }
- else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
- }
- else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
#endif /* MBEDTLS_RSA_C */
@@ -335,24 +300,18 @@
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- }
- else {
- ret = mbedtls_pem_read_buffer(pem,
- "-----BEGIN EC PRIVATE KEY-----",
- "-----END EC PRIVATE KEY-----",
- key, pwd, pwdlen, &len);
+ } else {
+ ret =
+ mbedtls_pem_read_buffer(pem, "-----BEGIN EC PRIVATE KEY-----", "-----END EC PRIVATE KEY-----", key, pwd, pwdlen, &len);
}
if (ret == 0) {
- * pk_type = MBEDTLS_PK_ECKEY;
+ *pk_type = MBEDTLS_PK_ECKEY;
return ret;
- }
- else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
- }
- else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
+ } else if (ret == MBEDTLS_ERR_PEM_PASSWORD_REQUIRED) {
return MBEDTLS_ERR_PK_PASSWORD_REQUIRED;
- }
- else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
@@ -360,17 +319,12 @@
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- }
- else {
- ret = mbedtls_pem_read_buffer(pem,
- "-----BEGIN PRIVATE KEY-----",
- "-----END PRIVATE KEY-----",
- key, NULL, 0, &len);
+ } else {
+ ret = mbedtls_pem_read_buffer(pem, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----", key, NULL, 0, &len);
if (ret == 0) {
/* info is unknown */
return ret;
- }
- else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
}
@@ -379,18 +333,14 @@
/* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
if (key[keylen - 1] != '\0') {
ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
- }
- else {
- ret = mbedtls_pem_read_buffer(pem,
- "-----BEGIN ENCRYPTED PRIVATE KEY-----",
- "-----END ENCRYPTED PRIVATE KEY-----",
- key, NULL, 0, &len);
+ } else {
+ ret = mbedtls_pem_read_buffer(pem, "-----BEGIN ENCRYPTED PRIVATE KEY-----", "-----END ENCRYPTED PRIVATE KEY-----", key,
+ NULL, 0, &len);
}
if (ret == 0) {
/* infor is unknown */
return ret;
- }
- else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
+ } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
return ret;
}
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
@@ -398,11 +348,10 @@
}
#endif
-const ptls_mbedtls_signature_scheme_t* ptls_mbedtls_select_signature_scheme(
- const ptls_mbedtls_signature_scheme_t *available,
- const uint16_t *algorithms, size_t num_algorithms)
+const ptls_mbedtls_signature_scheme_t *ptls_mbedtls_select_signature_scheme(const ptls_mbedtls_signature_scheme_t *available,
+ const uint16_t *algorithms, size_t num_algorithms)
{
- const ptls_mbedtls_signature_scheme_t* scheme;
+ const ptls_mbedtls_signature_scheme_t *scheme;
/* select the algorithm, driven by server-isde preference of `available` */
for (scheme = available; scheme->scheme_id != UINT16_MAX; ++scheme) {
for (size_t i = 0; i != num_algorithms; ++i) {
@@ -414,8 +363,7 @@
return NULL;
}
-int ptls_mbedtls_set_available_schemes(
- ptls_mbedtls_sign_certificate_t* signer)
+int ptls_mbedtls_set_available_schemes(ptls_mbedtls_sign_certificate_t *signer)
{
int ret = 0;
psa_algorithm_t algo = psa_get_key_algorithm(&signer->attributes);
@@ -463,54 +411,51 @@
}
/*
-* Sign a certificate
-* - step1, selected a signature algorithm compatible with the public key algorithm
-* and with the list specified by the application.
-* - step2, compute the hash with the specified algorithm.
-* - step3, compute the signature of the hash using psa_sign_hash.
-*
-* In the case of RSA, we use the algorithm PSA_ALG_RSA_PKCS1V15_SIGN_RAW, which
-* pads the hash according to PKCS1V15 before doing the private key operation.
-* The implementation of RSA/PKCS1V15 also includes a verification step to protect
-* against key attacks through partial faults.
-*
-* MBEDTLS has a "psa_sign_message" that combines step2 and step3. However, it
-* requires specifying an algorithm type that exactly specifies the signature
-* algorithm, such as "RSA with SHA384". This is not compatible with the
-* "RSA sign raw" algorithm. Instead, we decompose the operation in two steps.
-* There is no performance penalty doing so, as "psa_sign_message" is only
-* a convenience API.
-*/
+ * Sign a certificate
+ * - step1, selected a signature algorithm compatible with the public key algorithm
+ * and with the list specified by the application.
+ * - step2, compute the hash with the specified algorithm.
+ * - step3, compute the signature of the hash using psa_sign_hash.
+ *
+ * In the case of RSA, we use the algorithm PSA_ALG_RSA_PKCS1V15_SIGN_RAW, which
+ * pads the hash according to PKCS1V15 before doing the private key operation.
+ * The implementation of RSA/PKCS1V15 also includes a verification step to protect
+ * against key attacks through partial faults.
+ *
+ * MBEDTLS has a "psa_sign_message" that combines step2 and step3. However, it
+ * requires specifying an algorithm type that exactly specifies the signature
+ * algorithm, such as "RSA with SHA384". This is not compatible with the
+ * "RSA sign raw" algorithm. Instead, we decompose the operation in two steps.
+ * There is no performance penalty doing so, as "psa_sign_message" is only
+ * a convenience API.
+ */
-int ptls_mbedtls_sign_certificate(ptls_sign_certificate_t* _self, ptls_t* tls,
- ptls_async_job_t** async, uint16_t* selected_algorithm,
- ptls_buffer_t* outbuf, ptls_iovec_t input, const uint16_t* algorithms, size_t num_algorithms)
+int ptls_mbedtls_sign_certificate(ptls_sign_certificate_t *_self, ptls_t *tls, ptls_async_job_t **async,
+ uint16_t *selected_algorithm, ptls_buffer_t *outbuf, ptls_iovec_t input,
+ const uint16_t *algorithms, size_t num_algorithms)
{
int ret = 0;
- ptls_mbedtls_sign_certificate_t* self = (ptls_mbedtls_sign_certificate_t*)
- (((unsigned char*)_self) - offsetof(struct st_ptls_mbedtls_sign_certificate_t, super));
+ ptls_mbedtls_sign_certificate_t *self =
+ (ptls_mbedtls_sign_certificate_t *)(((unsigned char *)_self) - offsetof(struct st_ptls_mbedtls_sign_certificate_t, super));
/* First, find the set of compatible algorithms */
- const ptls_mbedtls_signature_scheme_t* scheme =
- ptls_mbedtls_select_signature_scheme(self->schemes, algorithms, num_algorithms);
+ const ptls_mbedtls_signature_scheme_t *scheme = ptls_mbedtls_select_signature_scheme(self->schemes, algorithms, num_algorithms);
if (scheme == NULL) {
ret = PTLS_ERROR_INCOMPATIBLE_KEY;
- }
- else {
+ } else {
/* First prepare the hash */
unsigned char hash_buffer[PTLS_MAX_DIGEST_SIZE];
- unsigned char* hash_value = NULL;
+ unsigned char *hash_value = NULL;
size_t hash_length = 0;
if (scheme->hash_algo == PSA_ALG_NONE) {
hash_value = input.base;
hash_length = input.len;
- }
- else {
- if (psa_hash_compute(scheme->hash_algo, input.base, input.len, hash_buffer, PTLS_MAX_DIGEST_SIZE, &hash_length) != PSA_SUCCESS) {
+ } else {
+ if (psa_hash_compute(scheme->hash_algo, input.base, input.len, hash_buffer, PTLS_MAX_DIGEST_SIZE, &hash_length) !=
+ PSA_SUCCESS) {
ret = PTLS_ERROR_NOT_AVAILABLE;
- }
- else {
+ } else {
hash_value = hash_buffer;
}
}
@@ -522,8 +467,7 @@
if (sign_algo == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
/* assume at most 4096 bit key */
nb_bytes = 512;
- }
- else {
+ } else {
/* Max size assumed, secp521r1 */
nb_bytes = 124;
}
@@ -533,11 +477,10 @@
if ((ret = ptls_buffer_reserve(outbuf, nb_bytes)) == 0) {
size_t signature_length = 0;
- if (psa_sign_hash(self->key_id, sign_algo, hash_value, hash_length,
- outbuf->base + outbuf->off, nb_bytes, &signature_length) != 0) {
+ if (psa_sign_hash(self->key_id, sign_algo, hash_value, hash_length, outbuf->base + outbuf->off, nb_bytes,
+ &signature_length) != 0) {
ret = PTLS_ERROR_INCOMPATIBLE_KEY;
- }
- else {
+ } else {
outbuf->off += signature_length;
}
}
@@ -549,8 +492,9 @@
void ptls_mbedtls_dispose_sign_certificate(ptls_sign_certificate_t *_self)
{
if (_self != NULL) {
- ptls_mbedtls_sign_certificate_t* self = (ptls_mbedtls_sign_certificate_t*)
- (((unsigned char*)_self) - offsetof(struct st_ptls_mbedtls_sign_certificate_t, super));
+ ptls_mbedtls_sign_certificate_t *self =
+ (ptls_mbedtls_sign_certificate_t *)(((unsigned char *)_self) -
+ offsetof(struct st_ptls_mbedtls_sign_certificate_t, super));
/* Destroy the key */
psa_destroy_key(self->key_id);
psa_reset_key_attributes(&self->attributes);
@@ -559,24 +503,24 @@
}
}
/*
-* An RSa key is encoded in DER as:
-* RSAPrivateKey ::= SEQUENCE {
-* version INTEGER, -- must be 0
-* modulus INTEGER, -- n
-* publicExponent INTEGER, -- e
-* privateExponent INTEGER, -- d
-* prime1 INTEGER, -- p
-* prime2 INTEGER, -- q
-* exponent1 INTEGER, -- d mod (p-1)
-* exponent2 INTEGER, -- d mod (q-1)
-* coefficient INTEGER, -- (inverse of q) mod p
-* }
-*
-* The number of key bits is the size in bits of the integer N.
-* We must decode the length in octets of the integer representation,
-* then subtract the number of zeros at the beginning of the data.
-*/
-int ptls_mbedtls_rsa_get_key_bits(const unsigned char* key_value, size_t key_length, size_t * p_nb_bits)
+ * An RSa key is encoded in DER as:
+ * RSAPrivateKey ::= SEQUENCE {
+ * version INTEGER, -- must be 0
+ * modulus INTEGER, -- n
+ * publicExponent INTEGER, -- e
+ * privateExponent INTEGER, -- d
+ * prime1 INTEGER, -- p
+ * prime2 INTEGER, -- q
+ * exponent1 INTEGER, -- d mod (p-1)
+ * exponent2 INTEGER, -- d mod (q-1)
+ * coefficient INTEGER, -- (inverse of q) mod p
+ * }
+ *
+ * The number of key bits is the size in bits of the integer N.
+ * We must decode the length in octets of the integer representation,
+ * then subtract the number of zeros at the beginning of the data.
+ */
+int ptls_mbedtls_rsa_get_key_bits(const unsigned char *key_value, size_t key_length, size_t *p_nb_bits)
{
int ret = 0;
size_t nb_bytes = 0;
@@ -593,15 +537,10 @@
}
}
- if (ret == 0 &&
- key_value[x] == 0x02 &&
- key_value[x + 1] == 0x01 &&
- key_value[x + 2] == 0x00 &&
- key_value[x + 3] == 0x02) {
+ if (ret == 0 && key_value[x] == 0x02 && key_value[x + 1] == 0x01 && key_value[x + 2] == 0x00 && key_value[x + 3] == 0x02) {
x += 4;
ret = ptls_mbedtls_parse_der_length(key_value, key_length, &x, &nb_bytes);
- }
- else {
+ } else {
ret = -1;
}
@@ -611,8 +550,7 @@
if (v == 0) {
nb_bits -= 8;
- }
- else {
+ } else {
while ((v & 0x80) == 0) {
nb_bits--;
v <<= 1;
@@ -623,8 +561,7 @@
return ret;
}
-void ptls_mbedtls_set_rsa_key_attributes(ptls_mbedtls_sign_certificate_t* signer,
- const unsigned char * key_value, size_t key_length)
+void ptls_mbedtls_set_rsa_key_attributes(ptls_mbedtls_sign_certificate_t *signer, const unsigned char *key_value, size_t key_length)
{
size_t nb_bits = 0;
psa_set_key_usage_flags(&signer->attributes, PSA_KEY_USAGE_SIGN_HASH);
@@ -635,7 +572,7 @@
}
}
-int ptls_mbedtls_set_ec_key_attributes(ptls_mbedtls_sign_certificate_t* signer, size_t key_length)
+int ptls_mbedtls_set_ec_key_attributes(ptls_mbedtls_sign_certificate_t *signer, size_t key_length)
{
int ret = 0;
@@ -643,52 +580,44 @@
psa_set_key_algorithm(&signer->attributes, PSA_ALG_ECDSA_BASE);
psa_set_key_type(&signer->attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
if (key_length == 32) {
- psa_set_key_algorithm(&signer->attributes,
- PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
+ psa_set_key_algorithm(&signer->attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
psa_set_key_bits(&signer->attributes, 256);
- }
- else if (key_length == 48) {
- psa_set_key_algorithm(&signer->attributes,
- PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384));
+ } else if (key_length == 48) {
+ psa_set_key_algorithm(&signer->attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384));
psa_set_key_bits(&signer->attributes, 384);
- }
- else if (key_length == 66) {
- psa_set_key_algorithm(&signer->attributes,
- PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512));
+ } else if (key_length == 66) {
+ psa_set_key_algorithm(&signer->attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512));
psa_set_key_bits(&signer->attributes, 521);
- }
- else {
+ } else {
ret = -1;
}
return ret;
}
-
-int ptls_mbedtls_load_private_key(ptls_context_t* ctx, char const* pem_fname)
+int ptls_mbedtls_load_private_key(ptls_context_t *ctx, char const *pem_fname)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
- unsigned char* buf;
- mbedtls_pem_context pem = { 0 };
+ unsigned char *buf;
+ mbedtls_pem_context pem = {0};
mbedtls_pk_type_t pk_type = 0;
mbedtls_svc_key_id_t key_id = 0;
size_t key_length = 0;
size_t key_index = 0;
- ptls_mbedtls_sign_certificate_t* signer = (ptls_mbedtls_sign_certificate_t*)malloc(sizeof(ptls_mbedtls_sign_certificate_t));
+ ptls_mbedtls_sign_certificate_t *signer = (ptls_mbedtls_sign_certificate_t *)malloc(sizeof(ptls_mbedtls_sign_certificate_t));
if (signer == NULL) {
- return(PTLS_ERROR_NO_MEMORY);
+ return (PTLS_ERROR_NO_MEMORY);
}
memset(signer, 0, sizeof(ptls_mbedtls_sign_certificate_t));
signer->attributes = psa_key_attributes_init();
if ((ret = mbedtls_pk_load_file(pem_fname, &buf, &n)) != 0) {
if (ret == MBEDTLS_ERR_PK_ALLOC_FAILED) {
- return(PTLS_ERROR_NO_MEMORY);
- }
- else {
- return(PTLS_ERROR_NOT_AVAILABLE);
+ return (PTLS_ERROR_NO_MEMORY);
+ } else {
+ return (PTLS_ERROR_NOT_AVAILABLE);
}
}
ret = ptls_mbedtls_get_der_key(&pem, &pk_type, buf, n, NULL, 0, NULL, NULL);
@@ -704,21 +633,20 @@
if (pk_type == MBEDTLS_PK_RSA) {
key_length = pem.private_buflen;
ptls_mbedtls_set_rsa_key_attributes(signer, pem.private_buf, key_length);
- }
- else if (pk_type == MBEDTLS_PK_ECKEY) {
+ } else if (pk_type == MBEDTLS_PK_ECKEY) {
ret = ptls_mbedtls_parse_ecdsa_field(pem.private_buf, pem.private_buflen, &key_index, &key_length);
if (ret == 0) {
ret = ptls_mbedtls_set_ec_key_attributes(signer, key_length);
}
- }
- else if (pk_type == MBEDTLS_PK_NONE) {
+ } else if (pk_type == MBEDTLS_PK_NONE) {
/* TODO: not clear whether MBDED TLS supports ED25519 yet. Probably not. */
/* Should have option to encode RSA or ECDSA using PKCS8 */
size_t oid_index = 0;
size_t oid_length = 0;
psa_set_key_usage_flags(&signer->attributes, PSA_KEY_USAGE_SIGN_HASH);
- ret = test_parse_private_key_field(pem.private_buf, pem.private_buflen, &oid_index, &oid_length, &key_index, &key_length);
+ ret =
+ test_parse_private_key_field(pem.private_buf, pem.private_buflen, &oid_index, &oid_length, &key_index, &key_length);
if (ret == 0) {
/* need to parse the OID in order to set the parameters */
@@ -728,27 +656,23 @@
if (ret == 0) {
ret = ptls_mbedtls_set_ec_key_attributes(signer, key_length);
}
- }
- else if (oid_length == sizeof(ptls_mbedtls_oid_ed25519) &&
- memcmp(pem.private_buf + oid_index, ptls_mbedtls_oid_ed25519, sizeof(ptls_mbedtls_oid_ed25519)) == 0) {
+ } else if (oid_length == sizeof(ptls_mbedtls_oid_ed25519) &&
+ memcmp(pem.private_buf + oid_index, ptls_mbedtls_oid_ed25519, sizeof(ptls_mbedtls_oid_ed25519)) == 0) {
/* We recognized ED25519 -- PSA_ECC_FAMILY_TWISTED_EDWARDS -- PSA_ALG_ED25519PH */
psa_set_key_algorithm(&signer->attributes, PSA_ALG_PURE_EDDSA);
psa_set_key_type(&signer->attributes, PSA_ECC_FAMILY_TWISTED_EDWARDS);
ret = ptls_mbedtls_parse_eddsa_key(pem.private_buf, pem.private_buflen, &key_index, &key_length);
psa_set_key_bits(&signer->attributes, 256);
- }
- else if (oid_length == sizeof(ptls_mbedtls_oid_rsa_key) &&
- memcmp(pem.private_buf + oid_index, ptls_mbedtls_oid_rsa_key, sizeof(ptls_mbedtls_oid_rsa_key)) == 0) {
+ } else if (oid_length == sizeof(ptls_mbedtls_oid_rsa_key) &&
+ memcmp(pem.private_buf + oid_index, ptls_mbedtls_oid_rsa_key, sizeof(ptls_mbedtls_oid_rsa_key)) == 0) {
/* We recognized RSA */
key_length = pem.private_buflen;
ptls_mbedtls_set_rsa_key_attributes(signer, pem.private_buf, key_length);
- }
- else {
+ } else {
ret = PTLS_ERROR_NOT_AVAILABLE;
}
}
- }
- else {
+ } else {
ret = -1;
}
@@ -758,8 +682,7 @@
if (status != PSA_SUCCESS) {
ret = -1;
- }
- else {
+ } else {
ret = ptls_mbedtls_set_available_schemes(signer);
}
}
diff --git a/lib/openssl.c b/lib/openssl.c
index 70a3e7e..8ca5a6c 100644
--- a/lib/openssl.c
+++ b/lib/openssl.c
@@ -101,22 +101,21 @@
#endif
static const ptls_openssl_signature_scheme_t rsa_signature_schemes[] = {{PTLS_SIGNATURE_RSA_PSS_RSAE_SHA256, EVP_sha256},
- {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA384, EVP_sha384},
- {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA512, EVP_sha512},
- {UINT16_MAX, NULL}};
-static const ptls_openssl_signature_scheme_t secp256r1_signature_schemes[] = {
- {PTLS_SIGNATURE_ECDSA_SECP256R1_SHA256, EVP_sha256}, {UINT16_MAX, NULL}};
+ {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA384, EVP_sha384},
+ {PTLS_SIGNATURE_RSA_PSS_RSAE_SHA512, EVP_sha512},
+ {UINT16_MAX, NULL}};
+static const ptls_openssl_signature_scheme_t secp256r1_signature_schemes[] = {{PTLS_SIGNATURE_ECDSA_SECP256R1_SHA256, EVP_sha256},
+ {UINT16_MAX, NULL}};
#if PTLS_OPENSSL_HAVE_SECP384R1
-static const ptls_openssl_signature_scheme_t secp384r1_signature_schemes[] = {
- {PTLS_SIGNATURE_ECDSA_SECP384R1_SHA384, EVP_sha384}, {UINT16_MAX, NULL}};
+static const ptls_openssl_signature_scheme_t secp384r1_signature_schemes[] = {{PTLS_SIGNATURE_ECDSA_SECP384R1_SHA384, EVP_sha384},
+ {UINT16_MAX, NULL}};
#endif
#if PTLS_OPENSSL_HAVE_SECP521R1
-static const ptls_openssl_signature_scheme_t secp521r1_signature_schemes[] = {
- {PTLS_SIGNATURE_ECDSA_SECP521R1_SHA512, EVP_sha512}, {UINT16_MAX, NULL}};
+static const ptls_openssl_signature_scheme_t secp521r1_signature_schemes[] = {{PTLS_SIGNATURE_ECDSA_SECP521R1_SHA512, EVP_sha512},
+ {UINT16_MAX, NULL}};
#endif
#if PTLS_OPENSSL_HAVE_ED25519
-static const ptls_openssl_signature_scheme_t ed25519_signature_schemes[] = {{PTLS_SIGNATURE_ED25519, NULL},
- {UINT16_MAX, NULL}};
+static const ptls_openssl_signature_scheme_t ed25519_signature_schemes[] = {{PTLS_SIGNATURE_ED25519, NULL}, {UINT16_MAX, NULL}};
#endif
/**
@@ -854,8 +853,8 @@
#endif
-static int do_sign(EVP_PKEY *key, const ptls_openssl_signature_scheme_t *scheme, ptls_buffer_t *outbuf,
- ptls_iovec_t input, ptls_async_job_t **async)
+static int do_sign(EVP_PKEY *key, const ptls_openssl_signature_scheme_t *scheme, ptls_buffer_t *outbuf, ptls_iovec_t input,
+ ptls_async_job_t **async)
{
EVP_MD_CTX *ctx = NULL;
const EVP_MD *md = scheme->scheme_md != NULL ? scheme->scheme_md() : NULL;
@@ -2183,7 +2182,6 @@
.hash = &ptls_openssl_sha256};
#endif
-
#if PTLS_HAVE_AEGIS
ptls_aead_algorithm_t ptls_openssl_aegis128l = {
.name = "AEGIS-128L",
@@ -2194,7 +2192,7 @@
.key_size = PTLS_AEGIS128L_KEY_SIZE,
.iv_size = PTLS_AEGIS128L_IV_SIZE,
.tag_size = PTLS_AEGIS128L_TAG_SIZE,
- .tls12 = { .fixed_iv_size = 0, .record_iv_size = 0 },
+ .tls12 = {.fixed_iv_size = 0, .record_iv_size = 0},
.non_temporal = 0,
.align_bits = 0,
.context_size = sizeof(struct aegis128l_context_t),
@@ -2214,45 +2212,43 @@
.key_size = PTLS_AEGIS256_KEY_SIZE,
.iv_size = PTLS_AEGIS256_IV_SIZE,
.tag_size = PTLS_AEGIS256_TAG_SIZE,
- .tls12 = { .fixed_iv_size = 0, .record_iv_size = 0 },
+ .tls12 = {.fixed_iv_size = 0, .record_iv_size = 0},
.non_temporal = 0,
.align_bits = 0,
.context_size = sizeof(struct aegis256_context_t),
.setup_crypto = aegis256_setup_crypto,
};
ptls_cipher_suite_t ptls_openssl_aegis256sha512 = {.id = PTLS_CIPHER_SUITE_AEGIS256_SHA512,
- .name = PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA512,
- .aead = &ptls_openssl_aegis256,
- .hash = &ptls_openssl_sha512};
+ .name = PTLS_CIPHER_SUITE_NAME_AEGIS256_SHA512,
+ .aead = &ptls_openssl_aegis256,
+ .hash = &ptls_openssl_sha512};
#endif
+ptls_cipher_suite_t *ptls_openssl_cipher_suites[] = { // ciphers used with sha384 (must be first)
+ &ptls_openssl_aes256gcmsha384,
-
-ptls_cipher_suite_t *ptls_openssl_cipher_suites[] = {// ciphers used with sha384 (must be first)
- &ptls_openssl_aes256gcmsha384,
-
- // ciphers used with sha256
- &ptls_openssl_aes128gcmsha256,
+ // ciphers used with sha256
+ &ptls_openssl_aes128gcmsha256,
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
- &ptls_openssl_chacha20poly1305sha256,
+ &ptls_openssl_chacha20poly1305sha256,
#endif
- NULL};
+ NULL};
-ptls_cipher_suite_t *ptls_openssl_cipher_suites_all[] = {// ciphers used with sha384 (must be first)
+ptls_cipher_suite_t *ptls_openssl_cipher_suites_all[] = { // ciphers used with sha384 (must be first)
#if PTLS_HAVE_AEGIS
- &ptls_openssl_aegis256sha512,
+ &ptls_openssl_aegis256sha512,
#endif
- &ptls_openssl_aes256gcmsha384,
+ &ptls_openssl_aes256gcmsha384,
- // ciphers used with sha256
+// ciphers used with sha256
#if PTLS_HAVE_AEGIS
- &ptls_openssl_aegis128lsha256,
+ &ptls_openssl_aegis128lsha256,
#endif
- &ptls_openssl_aes128gcmsha256,
+ &ptls_openssl_aes128gcmsha256,
#if PTLS_OPENSSL_HAVE_CHACHA20_POLY1305
- &ptls_openssl_chacha20poly1305sha256,
+ &ptls_openssl_chacha20poly1305sha256,
#endif
- NULL};
+ NULL};
ptls_cipher_suite_t *ptls_openssl_tls12_cipher_suites[] = {&ptls_openssl_tls12_ecdhe_rsa_aes128gcmsha256,
&ptls_openssl_tls12_ecdhe_ecdsa_aes128gcmsha256,
diff --git a/lib/picotls.c b/lib/picotls.c
index 7f8fd9a..c73c2dc 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -4371,8 +4371,9 @@
{ /* select (or check) cipher-suite, create key_schedule */
ptls_cipher_suite_t *cs;
- if ((ret = select_cipher(&cs, tls->ctx->cipher_suites, ch->cipher_suites.base,
- ch->cipher_suites.base + ch->cipher_suites.len, tls->ctx->server_cipher_preference, tls->ctx->server_cipher_chacha_priority)) != 0)
+ if ((ret =
+ select_cipher(&cs, tls->ctx->cipher_suites, ch->cipher_suites.base, ch->cipher_suites.base + ch->cipher_suites.len,
+ tls->ctx->server_cipher_preference, tls->ctx->server_cipher_chacha_priority)) != 0)
goto Exit;
if (!is_second_flight) {
tls->cipher_suite = cs;
diff --git a/t/picotls.c b/t/picotls.c
index 8bc5ab4..0137833 100644
--- a/t/picotls.c
+++ b/t/picotls.c
@@ -87,7 +87,8 @@
}
{
- ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes128gcmsha256, &ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_chacha20poly1305sha256, NULL};
+ ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes128gcmsha256, &ptls_minicrypto_aes256gcmsha384,
+ &ptls_minicrypto_chacha20poly1305sha256, NULL};
static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256)};
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 0) == 0);
ok(selected == &ptls_minicrypto_aes128gcmsha256);
@@ -96,8 +97,10 @@
}
{
- ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_chacha20poly1305sha256, &ptls_minicrypto_aes128gcmsha256, NULL};
- static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256), C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
+ ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_chacha20poly1305sha256,
+ &ptls_minicrypto_aes128gcmsha256, NULL};
+ static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256),
+ C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 0) == 0);
ok(selected == &ptls_minicrypto_aes256gcmsha384);
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 1) == 0);
@@ -107,8 +110,10 @@
}
{
- ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_chacha20poly1305sha256, &ptls_minicrypto_aes128gcmsha256, NULL};
- static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256), C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
+ ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_chacha20poly1305sha256,
+ &ptls_minicrypto_aes128gcmsha256, NULL};
+ static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256), C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256),
+ C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 1) == 0);
ok(selected == &ptls_minicrypto_aes256gcmsha384);
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 1) == 0);
@@ -117,7 +122,8 @@
{
ptls_cipher_suite_t *candidates[] = {&ptls_minicrypto_aes256gcmsha384, &ptls_minicrypto_aes128gcmsha256, NULL};
- static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256), C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
+ static const uint8_t input[] = {C(PTLS_CIPHER_SUITE_CHACHA20_POLY1305_SHA256), C(PTLS_CIPHER_SUITE_AES_128_GCM_SHA256),
+ C(PTLS_CIPHER_SUITE_AES_256_GCM_SHA384)};
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 0) == 0);
ok(selected == &ptls_minicrypto_aes256gcmsha384);
ok(select_cipher(&selected, candidates, input, input + sizeof(input), 1, 1) == 0);
