commit 3b3a910c5cad139e3ac3ebca1a4b93604263e6c8
author Kazuho Oku <kazuhooku@gmail.com> Fri Feb 17 12:24:06 2023 +0900
committer GitHub <noreply@github.com> Fri Feb 17 12:24:06 2023 +0900
tree 3f6dcd019578e1fe1cb2bf74cab442f3008d5913
parent eb837a16d04c01ca21f1e1ef71632d74d00e6fad
parent 7f9ba67e4f06e6072d7213f79ad0d3257ef07be1

Merge pull request #467 from h2o/kazuho/boring

add support for boringssl

.github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 77f314b..02cd626 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,7 +64,7 @@
       env:
         OPENSSL: ${{ matrix.openssl }}
       run: |
-        brew install perl libfaketime ${OPENSSL}
+        brew install perl libfaketime pkg-config ${OPENSSL}
         perl -v
         curl -sSfL https://cpanmin.us | perl - -v --notest Scope::Guard Test::TCP
 

lib/picotls.c

diff --git a/lib/picotls.c b/lib/picotls.c
index d1064e3..dc71e66 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -1668,8 +1668,9 @@
 
 static void log_client_random(ptls_t *tls)
 {
-    PTLS_PROBE(CLIENT_RANDOM, tls,
-               ptls_hexdump(alloca(sizeof(tls->client_random) * 2 + 1), tls->client_random, sizeof(tls->client_random)));
+    char buf[sizeof(tls->client_random) * 2 + 1];
+
+    PTLS_PROBE(CLIENT_RANDOM, tls, ptls_hexdump(buf, tls->client_random, sizeof(tls->client_random)));
     PTLS_LOG_CONN(client_random, tls, { PTLS_LOG_ELEMENT_HEXDUMP(bytes, tls->client_random, sizeof(tls->client_random)); });
 }
 
@@ -4370,14 +4371,15 @@
     if (!is_second_flight) {
         if (ch->cookie.all.len != 0 && key_share.algorithm != NULL) {
 
-            /* use cookie to check the integrity of the handshake, and update the context */
-            size_t sigsize = tls->ctx->cipher_suites[0]->hash->digest_size;
-            uint8_t *sig = alloca(sigsize);
-            if ((ret = calc_cookie_signature(tls, properties, key_share.algorithm, ch->cookie.tbs, sig)) != 0)
-                goto Exit;
-            if (!(ch->cookie.signature.len == sigsize && ptls_mem_equal(ch->cookie.signature.base, sig, sigsize))) {
-                ret = PTLS_ALERT_HANDSHAKE_FAILURE;
-                goto Exit;
+            { /* use cookie to check the integrity of the handshake, and update the context */
+                uint8_t sig[PTLS_MAX_DIGEST_SIZE];
+                size_t sigsize = tls->ctx->cipher_suites[0]->hash->digest_size;
+                if ((ret = calc_cookie_signature(tls, properties, key_share.algorithm, ch->cookie.tbs, sig)) != 0)
+                    goto Exit;
+                if (!(ch->cookie.signature.len == sigsize && ptls_mem_equal(ch->cookie.signature.base, sig, sigsize))) {
+                    ret = PTLS_ALERT_HANDSHAKE_FAILURE;
+                    goto Exit;
+                }
             }
             /* integrity check passed; update states */
             key_schedule_update_ch1hash_prefix(tls->key_schedule);

t/cli.c

diff --git a/t/cli.c b/t/cli.c
index 67bfd4d..ef3c1ed 100644
--- a/t/cli.c
+++ b/t/cli.c
@@ -57,16 +57,6 @@
 /* sentinels indicating that the endpoint is in benchmark mode */
 static const char input_file_is_benchmark[] = "is:benchmark";
 
-static ptls_hpke_kem_t *find_kem(ptls_key_exchange_algorithm_t *algo)
-{
-    for (size_t i = 0; ptls_openssl_hpke_kems[i] != NULL; ++i)
-        if (ptls_openssl_hpke_kems[i]->keyex == algo)
-            return ptls_openssl_hpke_kems[i];
-
-    fprintf(stderr, "HPKE KEM not found for %s\n", algo->name);
-    return NULL;
-}
-
 static void shift_buffer(ptls_buffer_t *buf, size_t delta)
 {
     if (delta != 0) {