Merge pull request #467 from h2o/kazuho/boring
add support for boringssl
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 77f314b..02cd626 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -64,7 +64,7 @@
env:
OPENSSL: ${{ matrix.openssl }}
run: |
- brew install perl libfaketime ${OPENSSL}
+ brew install perl libfaketime pkg-config ${OPENSSL}
perl -v
curl -sSfL https://cpanmin.us | perl - -v --notest Scope::Guard Test::TCP
diff --git a/lib/picotls.c b/lib/picotls.c
index d1064e3..dc71e66 100644
--- a/lib/picotls.c
+++ b/lib/picotls.c
@@ -1668,8 +1668,9 @@
static void log_client_random(ptls_t *tls)
{
- PTLS_PROBE(CLIENT_RANDOM, tls,
- ptls_hexdump(alloca(sizeof(tls->client_random) * 2 + 1), tls->client_random, sizeof(tls->client_random)));
+ char buf[sizeof(tls->client_random) * 2 + 1];
+
+ PTLS_PROBE(CLIENT_RANDOM, tls, ptls_hexdump(buf, tls->client_random, sizeof(tls->client_random)));
PTLS_LOG_CONN(client_random, tls, { PTLS_LOG_ELEMENT_HEXDUMP(bytes, tls->client_random, sizeof(tls->client_random)); });
}
@@ -4370,14 +4371,15 @@
if (!is_second_flight) {
if (ch->cookie.all.len != 0 && key_share.algorithm != NULL) {
- /* use cookie to check the integrity of the handshake, and update the context */
- size_t sigsize = tls->ctx->cipher_suites[0]->hash->digest_size;
- uint8_t *sig = alloca(sigsize);
- if ((ret = calc_cookie_signature(tls, properties, key_share.algorithm, ch->cookie.tbs, sig)) != 0)
- goto Exit;
- if (!(ch->cookie.signature.len == sigsize && ptls_mem_equal(ch->cookie.signature.base, sig, sigsize))) {
- ret = PTLS_ALERT_HANDSHAKE_FAILURE;
- goto Exit;
+ { /* use cookie to check the integrity of the handshake, and update the context */
+ uint8_t sig[PTLS_MAX_DIGEST_SIZE];
+ size_t sigsize = tls->ctx->cipher_suites[0]->hash->digest_size;
+ if ((ret = calc_cookie_signature(tls, properties, key_share.algorithm, ch->cookie.tbs, sig)) != 0)
+ goto Exit;
+ if (!(ch->cookie.signature.len == sigsize && ptls_mem_equal(ch->cookie.signature.base, sig, sigsize))) {
+ ret = PTLS_ALERT_HANDSHAKE_FAILURE;
+ goto Exit;
+ }
}
/* integrity check passed; update states */
key_schedule_update_ch1hash_prefix(tls->key_schedule);
diff --git a/t/cli.c b/t/cli.c
index 67bfd4d..ef3c1ed 100644
--- a/t/cli.c
+++ b/t/cli.c
@@ -57,16 +57,6 @@
/* sentinels indicating that the endpoint is in benchmark mode */
static const char input_file_is_benchmark[] = "is:benchmark";
-static ptls_hpke_kem_t *find_kem(ptls_key_exchange_algorithm_t *algo)
-{
- for (size_t i = 0; ptls_openssl_hpke_kems[i] != NULL; ++i)
- if (ptls_openssl_hpke_kems[i]->keyex == algo)
- return ptls_openssl_hpke_kems[i];
-
- fprintf(stderr, "HPKE KEM not found for %s\n", algo->name);
- return NULL;
-}
-
static void shift_buffer(ptls_buffer_t *buf, size_t delta)
{
if (delta != 0) {