commit | bb1eebb366b4b85ce6d17148d454182505c15052 | [log] [tgz] |
---|---|---|
author | Christian Huitema <huitema@huitema.net> | Tue Nov 08 13:37:11 2022 -0800 |
committer | GitHub <noreply@github.com> | Tue Nov 08 13:37:11 2022 -0800 |
tree | 91edde331f2127cb15efd129c8bb874d3b5ca0f6 | |
parent | 716935f8f1d94d3134c794d1ac51dd5ff885063d [diff] |
Align 11/8/2022 (#3) * it works * import / export API (tls12 only atm) * transplant other properties retained by picotls * send alerts correctly * add support for chachapoly * fix alert type * to avoid nonce reuse, start from what OpenSSL used * record if session was reused * update cifra, bcrypt backends * fix MSVC compile error * add `ptls_get_protocol_version` * promote to public value * ci: use Ubuntu 22.04 to test picotls with OpenSSL 3.0 * concept * add ptlslog_set_fd(int) to set the fd the cli support -j=file and PTLSLOG=file to use ptlslog_set_fd() * revert the switch to writev(2) discussion: https://github.com/h2o/picotls/pull/406#discussion_r926273677 * let PTLSLOG_CONN respect ptls_skip_tracing() * ptlslog: add "module" field to provide who emits the event * do not emit secret in PTLSLOG * add PTLS_HEXDUMP macro as an easy-to-use handle for ptls_hexdump() * introduce PTLSLOG_ELEMENT_UNSAFESTR() * ptlslog: put JSON's null if a string value is NULL * Revert "ptlslog: put JSON's null if a string value is NULL" This reverts commit a163989193c205f311cf0417e62584d02ce801b8. * inline function must be declared as static * do not use PTLS_HEXDUMP; it is not available for VC++ * avoid errors in VC++ * disable wrarnings in VC++ for write(2) * VC++ does not support VLAs * invalidate ptlslog_fd when write(2) fails * fix unsafe string handling in ptlslog * remove debugging code * add PTLSLOG_ELEMENT_HEXDUMP instead of PTLS_ELEMENT that depends on a GCC extesions * allow ptlslog to set multiple fds (up to 8) * remove a redundant ptlslog interface fromn cli.c * reorder options * close fd before invalidating it * fix the return value of ptlslog_add_fd * ptlslog: records num of lost events * Fix compile warnings about unchecked returns in t/cli * Fix Visual Studio warnings when using OpenSSL 3.0 * symbols defined in util.h do not have `ptls_` prefix * first argument is an expression * fix the image to use ubuntu 22.04 * Add ticket functions which use OpenSSL v3 EVP_MAC_CTX This change adds the following new ticket functions which use OpenSSL v3 EVP_MAC_CTX. HMAC APIs are deprecated in OpenSSL v3. EVP_MAC_CTX is its replacement. - ptls_openssl_encrypt_ticket_evp - ptls_openssl_decrypt_ticket_evp * add failing test * copy correct amount of data _and_ generate new vectors * msvc requires an element * clear GHASH vectors before calling `free` * clang-format * ptlslog: remove the limitation of PTLSLOG_MAXCONN * do not use magic numbers * ptlslog: check ptlslog is active or not at the beginning of PTLSLOG_CONN * inlinize ptlslog_is_active() * No need to call free() because realloc(ptr, 0) frees ptr and returns 0 * move the condition out of PTLSLOG_CONN * add missing `inline` keyword * revert using a label & goto because the label name must not be duplicated in a function * comment * rewrite escape_json_unsafe_string based on picojson.h https://github.com/kazuho/picojson/blob/master/picojson.h#L531 * include pthread.h for Windows * format * ptlslog: introduce bool, and some internal funcs for optimizations * fix comments * use INT32_MIN value * let ptlslog optional (enabled by default on Linux and macOS) * suppress errors for Windows * merge ptlslog.h into picotls.h (like those in pembase64.c), determine availability rather than let it be configurable (like `PTLS_OPENSSL_HAVE_*`) * [xcode] add log.c * do not expose the internals * symbols use `ptls_` as prefix * picotls checks allocation failure; returns PTLS_ERROR_* * partial write is loss * rename before refactor * realloc(0) may return non-NULL, fd_index should not be incremented when removing fd * let's use constant expressions * rather than exposing an internal API used for building strings, promote JSON escape function to a public API * revert changes to wincompat.h as they should be unnecessary now that logging is disabled on windows * this is also unnecessary * eaisest way to maintain compatibility is to not have new files; log.c is small anyways * no need to define as a block (the macro cannot be used as an ordinary statement anyways) * concede to using `snprintf` to support compilers that complain without having the wisdom to check the correctness * [github actions] increase timeout * use the result returned rather than recalculate * better use `PTLS_LOG` assuming that we'd have `QUICLY_LOG` and `H2O_LOG` rather than `QUICLYLOG`, `H2OLOG` * oops * add tls12 cipher awareness * add tls12 ciphers to supported cipher suites instead of using mapping table * leave minicrypto alone * remove new accessors * rename tls12 ciphers but remove them from tls13 list * iana_id is not needed * export `find_cipher_suite` externally as `ptls_find_cipher_suite` in addition export supported tls12 ciphers from openssl backend * make PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 checks consistent Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> * ptls_find_cipher_suite should accept cipher list instead of context * provide separate knob for including / excluding sensitive data * revert unecessary change around alloca() * s/ptlslog_/ptls_log_/ for (semi-)public functions * check `ptls_log.is_active` first, but only once * move `tls12_cipher_suites` to the end to improve source compatibility with existing code that uses positional initialization of a struct * clang-format * declare IANA IDs in the header file, fixes incorrect IANA ID (0x009d) used for `ptls_openssl_tls12_dhe_rsa_aes128gcmsha256` which results in incorrect cipher suite being returned due the value being added to `ptls_openssl_tls12_cipher_suites` prior to `ptls_openssl_tls12_rsa_aes256gcmsha384` * and `.name`s also * fix cipher name (amends #429) * remove ones that are not going to be meaningful as performance optimization * add casts to suppress unneeded compiler warnings from MSVC Co-authored-by: Kazuho Oku <kazuhooku@gmail.com> Co-authored-by: Goro Fuji <goro@fastly.com> Co-authored-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Co-authored-by: Joe Calderon <jcalderon@fastly.com> Co-authored-by: Joe Calderon <sleepybishop@users.noreply.github.com>
Picotls is a TLS 1.3 (RFC 8446) protocol stack written in C, with the following features:
Primary goal of the project is to create a fast, tiny, low-latency TLS 1.3 implementation that can be used with the HTTP/2 protocol stack and the upcoming QUIC stack of the H2O HTTP/2 server.
The TLS protocol implementation of picotls is licensed under the MIT license.
License and the cryptographic algorithms supported by the crypto bindings are as follows:
Binding | License | Key Exchange | Certificate | AEAD cipher |
---|---|---|---|---|
minicrypto | CC0 / 2-clause BSD | secp256r1, x25519 | ECDSA (secp256r1)1 | AES-128-GCM, chacha20-poly1305 |
OpenSSL | OpenSSL | secp256r1, secp384r1, secp521r1, x25519 | RSA, ECDSA (secp256r1, secp384r1, secp521r1), ed25519 | AES-128-GCM, AES-256-GCM, chacha20-poly1305 |
Note 1: Minicrypto binding is capable of signing a handshake using the certificate's key, but cannot verify a signature sent by the peer.
If you have cloned picotls from git then ensure that you have initialised the submodules:
% git submodule init % git submodule update
Build using cmake:
% cmake . % make % make check
A dedicated documentation for using picotls with Visual Studio can be found in WindowsPort.md.
Developer documentation should be available on the wiki.
Run the test server (at 127.0.0.1:8443):
% ./cli -c /path/to/certificate.pem -k /path/to/private-key.pem 127.0.0.1 8443
Connect to the test server:
% ./cli 127.0.0.1 8443
Using resumption:
% ./cli -s session-file 127.0.0.1 8443
The session-file is read-write. The cli server implements a single-entry session cache. The cli server sends NewSessionTicket when it first sends application data after receiving ClientFinished.
Using early-data:
% ./cli -s session-file -e 127.0.0.1 8443
When -e
option is used, client first waits for user input, and then sends CLIENT_HELLO along with the early-data.
The software is provided under the MIT license. Note that additional licences apply if you use the minicrypto binding (see above).
Please report vulnerabilities to h2o-vuln@googlegroups.com. See SECURITY.md for more information.