commit dfb0109f81c45dd4b66cf732194f0cbbea290e63
author Christian Huitema <huitema@huitema.net> Tue Nov 08 15:00:43 2022 -0800
committer GitHub <noreply@github.com> Tue Nov 08 15:00:43 2022 -0800
tree db931e3db1c2d89f105892a104f7a549232439b8
parent bb1eebb366b4b85ce6d17148d454182505c15052

Kazuho/hpke as of 2022/11/08 (#4)

* it works

* import / export API (tls12 only atm)

* transplant other properties retained by picotls

* send alerts correctly

* add support for chachapoly

* fix alert type

* to avoid nonce reuse, start from what OpenSSL used

* record if session was reused

* update cifra, bcrypt backends

* fix MSVC compile error

* add `ptls_get_protocol_version`

* promote to public value

* ci: use Ubuntu 22.04 to test picotls with OpenSSL 3.0

* concept

* add ptlslog_set_fd(int) to set the fd

the cli support -j=file and PTLSLOG=file to use ptlslog_set_fd()

* revert the switch to writev(2)

discussion: https://github.com/h2o/picotls/pull/406#discussion_r926273677

* let PTLSLOG_CONN respect ptls_skip_tracing()

* ptlslog: add "module" field to provide who emits the event

* do not emit secret in PTLSLOG

* add PTLS_HEXDUMP macro as an easy-to-use handle for ptls_hexdump()

* introduce PTLSLOG_ELEMENT_UNSAFESTR()

* ptlslog: put JSON's null if a string value is NULL

* Revert "ptlslog: put JSON's null if a string value is NULL"

This reverts commit a163989193c205f311cf0417e62584d02ce801b8.

* inline function must be declared as static

* do not use PTLS_HEXDUMP; it is not available for VC++

* avoid errors in VC++

* disable wrarnings in VC++ for write(2)

* VC++ does not support VLAs

* invalidate ptlslog_fd when write(2) fails

* fix unsafe string handling in ptlslog

* remove debugging code

* add PTLSLOG_ELEMENT_HEXDUMP instead of PTLS_ELEMENT that depends on a GCC extesions

* allow ptlslog to set multiple fds (up to 8)

* remove a redundant ptlslog interface fromn cli.c

* reorder options

* close fd before invalidating it

* fix the return value of ptlslog_add_fd

* ptlslog: records num of lost events

* Fix compile warnings about unchecked returns in t/cli

* Fix Visual Studio warnings when using OpenSSL 3.0

* symbols defined in util.h do not have `ptls_` prefix

* first argument is an expression

* fix the image to  use ubuntu 22.04

* Add ticket functions which use OpenSSL v3 EVP_MAC_CTX

This change adds the following new ticket functions which use OpenSSL
v3 EVP_MAC_CTX.  HMAC APIs are deprecated in OpenSSL v3.  EVP_MAC_CTX
is its replacement.

- ptls_openssl_encrypt_ticket_evp
- ptls_openssl_decrypt_ticket_evp

* add failing test

* copy correct amount of data _and_ generate new vectors

* msvc requires an element

* clear GHASH vectors before calling `free`

* clang-format

* ptlslog: remove the limitation of PTLSLOG_MAXCONN

* do not use magic numbers

* ptlslog: check ptlslog is active or not at the beginning of PTLSLOG_CONN

* inlinize ptlslog_is_active()

* No need to call free() because realloc(ptr, 0) frees ptr and returns 0

* move the condition out of PTLSLOG_CONN

* add missing `inline` keyword

* revert using a label & goto because the label name must not be duplicated in a function

* comment

* rewrite escape_json_unsafe_string based on picojson.h

https://github.com/kazuho/picojson/blob/master/picojson.h#L531

* include pthread.h for Windows

* format

* ptlslog: introduce bool, and some internal funcs for optimizations

* fix comments

* use INT32_MIN value

* let ptlslog optional (enabled by default on Linux and macOS)

* suppress errors for Windows

* merge ptlslog.h into picotls.h (like those in pembase64.c), determine availability rather than let it be configurable (like `PTLS_OPENSSL_HAVE_*`)

* [xcode] add log.c

* do not expose the internals

* symbols use `ptls_` as prefix

* picotls checks allocation failure; returns PTLS_ERROR_*

* partial write is loss

* rename before refactor

* realloc(0) may return non-NULL, fd_index should not be incremented when removing fd

* let's use constant expressions

* rather than exposing an internal API used for building strings, promote JSON escape function to a public API

* revert changes to wincompat.h as they should be unnecessary now that logging is disabled on windows

* this is also unnecessary

* eaisest way to maintain compatibility is to not have new files; log.c is small anyways

* no need to define as a block (the macro cannot be used as an ordinary statement anyways)

* concede to using `snprintf` to support compilers that complain without having the wisdom to check the correctness

* [github actions] increase timeout

* use the result returned rather than recalculate

* better use `PTLS_LOG` assuming that we'd have `QUICLY_LOG` and `H2O_LOG` rather than `QUICLYLOG`, `H2OLOG`

* oops

* add tls12 cipher awareness

* add tls12 ciphers to supported cipher suites instead of using mapping table

* leave minicrypto alone

* remove new accessors

* rename tls12 ciphers but remove them from tls13 list

* iana_id is not needed

* export `find_cipher_suite` externally as `ptls_find_cipher_suite`

in addition export supported tls12 ciphers from openssl backend

* make PTLS_OPENSSL_HAVE_CHACHA20_POLY1305  checks consistent

Co-authored-by: Kazuho Oku <kazuhooku@gmail.com>

* ptls_find_cipher_suite should accept cipher list instead of context

* provide separate knob for including / excluding sensitive data

* revert unecessary change around alloca()

* s/ptlslog_/ptls_log_/ for (semi-)public functions

* check `ptls_log.is_active` first, but only once

* move `tls12_cipher_suites` to the end to improve source compatibility with existing code that uses positional initialization of a struct

* clang-format

* declare IANA IDs in the header file, fixes incorrect IANA ID (0x009d) used for `ptls_openssl_tls12_dhe_rsa_aes128gcmsha256` which results in incorrect cipher suite being returned due the value being added to `ptls_openssl_tls12_cipher_suites` prior to `ptls_openssl_tls12_rsa_aes256gcmsha384`

* and `.name`s also

* fix cipher name (amends #429)

* remove ones that are not going to be meaningful as performance optimization

* add callback for loading raw public keys (at the moment X25519-only)

* implement HPKE (basic mode, x25519-only)

* raw private key cannot be loaded in OpenSSL 1.x

* some deployments do not have x25519

* `load` should be available on both sides

* remove redundant code

* [xcode] add files

* update bcrypt backend following API changes

* MSVC does not like `{}`

* add missing include

* maybe these are the right names

* add casts to suppress unneeded compiler warnings from MSVC

Co-authored-by: Kazuho Oku <kazuhooku@gmail.com>
Co-authored-by: Goro Fuji <goro@fastly.com>
Co-authored-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Co-authored-by: Joe Calderon <jcalderon@fastly.com>
Co-authored-by: Joe Calderon <sleepybishop@users.noreply.github.com>