h2o · kazuho · Dec 20, 2024 · Dec 20, 2024
diff --git a/fuzz/fuzz-asn1.c b/fuzz/fuzz-asn1.c
@@ -67,7 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
         byte_index = byte_index % bytes_max;
         expected_type = feeder_next_byte();
         ptls_asn1_get_expected_type_and_length(bytes, bytes_max, byte_index, expected_type, &length, &indefinite_length, &last_byte,
-                &decode_error, &ctx);
+                                               &decode_error, &ctx);
     } else if (ret == 2 || ret == 3) {
         ptls_context_t ctx = {};
         char fname[] = "/tmp/XXXXXXXX";
@@ -85,20 +85,19 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
         ctx.key_exchanges = ptls_minicrypto_key_exchanges;
         ctx.cipher_suites = ptls_minicrypto_cipher_suites;
 
-	    if (ret == 2) {
+        if (ret == 2) {
             ptls_load_certificates(&ctx, fname);
             if (ctx.certificates.list) {
                 for (i = 0; i < ctx.certificates.count; i++) {
                     if (ctx.certificates.list[i].base)
                         free(ctx.certificates.list[i].base);
                 }
                 free(ctx.certificates.list);
-
             }
         } else {
             ptls_minicrypto_load_private_key(&ctx, fname);
         }
-out2:
+    out2:
         close(fd);
         unlink(fname);
     }

diff --git a/fuzz/fuzz-client-hello.c b/fuzz/fuzz-client-hello.c
@@ -20,89 +20,86 @@
 #include "picotls/openssl.h"
 #include "util.h"
 
-void deterministic_random_bytes(void *buf, size_t len) {
-  for (int i = 0; i < len; i++) {
-    ((uint8_t *)buf)[i] = 0;
-  }
+void deterministic_random_bytes(void *buf, size_t len)
+{
+    for (int i = 0; i < len; i++) {
+        ((uint8_t *)buf)[i] = 0;
+    }
 }
 
-uint8_t fake_ticket[] = {
-    0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00,
-    0x01, 0x67, 0x7b, 0xce, 0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37,
-    0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f, 0x15, 0x4c, 0x93, 0x8f,
-    0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54,
-    0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e,
-    0x1a, 0x95, 0x85, 0xc5, 0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02,
-    0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00};
-
-static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls,
-                                  int is_encrypt, ptls_buffer_t *dst,
-                                  ptls_iovec_t src) {
-  (void)_self;
-  int ret;
-
-  if (is_encrypt) {
-    if ((ret = ptls_buffer_reserve(dst, 32)) != 0) return ret;
-    memcpy(dst->base + dst->off, fake_ticket, 32);
-    dst->off += 32;
-  } else {
-    if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0) return ret;
-    memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket));
-    dst->off += sizeof(fake_ticket);
-  }
-
-  return 0;
+uint8_t fake_ticket[] = {0x00, 0x4d, 0x70, 0x74, 0x6c, 0x73, 0x30, 0x30, 0x30, 0x31, 0x00, 0x00, 0x01, 0x67, 0x7b, 0xce,
+                         0xa7, 0x55, 0x00, 0x30, 0x45, 0xc2, 0x95, 0x37, 0x16, 0x9e, 0x79, 0x8c, 0x0c, 0x53, 0x14, 0x3f,
+                         0x15, 0x4c, 0x93, 0x8f, 0x74, 0x65, 0x76, 0x7a, 0x76, 0x1e, 0x4f, 0x90, 0xbf, 0xa1, 0xb9, 0x54,
+                         0xfd, 0x4e, 0x06, 0x4a, 0xd4, 0xb2, 0x84, 0xad, 0x12, 0xc9, 0xf1, 0x1e, 0x1a, 0x95, 0x85, 0xc5,
+                         0x19, 0xc1, 0x69, 0x5f, 0x00, 0x17, 0x13, 0x02, 0xed, 0xec, 0xfb, 0xd7, 0x00, 0x00, 0x00};
+
+static int encrypt_ticket_cb_fake(ptls_encrypt_ticket_t *_self, ptls_t *tls, int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src)
+{
+    (void)_self;
+    int ret;
+
+    if (is_encrypt) {
+        if ((ret = ptls_buffer_reserve(dst, 32)) != 0)
+            return ret;
+        memcpy(dst->base + dst->off, fake_ticket, 32);
+        dst->off += 32;
+    } else {
+        if ((ret = ptls_buffer_reserve(dst, sizeof(fake_ticket))) != 0)
+            return ret;
+        memcpy(dst->base + dst->off, fake_ticket, sizeof(fake_ticket));
+        dst->off += sizeof(fake_ticket);
+    }
+
+    return 0;
 }
 
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  // key exchanges
-  ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
-  key_exchanges[0] = &ptls_openssl_secp256r1;
-  // the second cipher suite is used for the PSK ticket
-  ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256,
-                                          &ptls_openssl_aes256gcmsha384, NULL};
-
-  // create ptls_context_t
-  ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time,
-                               key_exchanges, cipher_suites};
-  ctx_server.verify_certificate = NULL;
-
-  // setup server fake cache
-  struct st_util_session_cache_t sc;
-  sc.super.cb = encrypt_ticket_cb_fake;
-  ctx_server.ticket_lifetime = UINT_MAX;
-  ctx_server.max_early_data_size = 8192;
-  ctx_server.encrypt_ticket = &sc.super;
-
-  // create pls_t
-  ptls_t *tls_server = ptls_new(&ctx_server, 1);  // 1: server
-
-  // empty hsprop
-  ptls_handshake_properties_t hsprop = {{{{NULL}}}};
-
-  // buffers
-  ptls_buffer_t server_response;
-  ptls_buffer_init(&server_response, "", 0);
-
-  // accept client_hello
-  size_t consumed = size;
-  int ret =
-      ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop);
-
-  // more messages to parse?
-  if (ret == 0 && size - consumed > 0) {
-    size = size - consumed;
-    // reset buffer
-    ptls_buffer_dispose(&server_response);
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    // key exchanges
+    ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
+    key_exchanges[0] = &ptls_openssl_secp256r1;
+    // the second cipher suite is used for the PSK ticket
+    ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, &ptls_openssl_aes256gcmsha384, NULL};
+
+    // create ptls_context_t
+    ptls_context_t ctx_server = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
+    ctx_server.verify_certificate = NULL;
+
+    // setup server fake cache
+    struct st_util_session_cache_t sc;
+    sc.super.cb = encrypt_ticket_cb_fake;
+    ctx_server.ticket_lifetime = UINT_MAX;
+    ctx_server.max_early_data_size = 8192;
+    ctx_server.encrypt_ticket = &sc.super;
+
+    // create pls_t
+    ptls_t *tls_server = ptls_new(&ctx_server, 1); // 1: server
+
+    // empty hsprop
+    ptls_handshake_properties_t hsprop = {{{{NULL}}}};
+
+    // buffers
+    ptls_buffer_t server_response;
     ptls_buffer_init(&server_response, "", 0);
-    // receive messages
-    ptls_receive(tls_server, &server_response, data + consumed, &size);
-  }
 
-  // clean
-  ptls_buffer_dispose(&server_response);
-  ptls_free(tls_server);
+    // accept client_hello
+    size_t consumed = size;
+    int ret = ptls_handshake(tls_server, &server_response, data, &consumed, &hsprop);
+
+    // more messages to parse?
+    if (ret == 0 && size - consumed > 0) {
+        size = size - consumed;
+        // reset buffer
+        ptls_buffer_dispose(&server_response);
+        ptls_buffer_init(&server_response, "", 0);
+        // receive messages
+        ptls_receive(tls_server, &server_response, data + consumed, &size);
+    }
+
+    // clean
+    ptls_buffer_dispose(&server_response);
+    ptls_free(tls_server);
 
-  //
-  return 0;
+    //
+    return 0;
 }
diff --git a/fuzz/fuzz-server-hello.c b/fuzz/fuzz-server-hello.c
@@ -20,68 +20,68 @@
 #include "picotls/openssl.h"
 #include "util.h"
 
-void deterministic_random_bytes(void *buf, size_t len) {
-  for (int i = 0; i < len; i++) {
-    ((uint8_t *)buf)[i] = 0;
-  }
+void deterministic_random_bytes(void *buf, size_t len)
+{
+    for (int i = 0; i < len; i++) {
+        ((uint8_t *)buf)[i] = 0;
+    }
 }
 
-static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls,
-                          ptls_iovec_t src) {
-  return 0;
+static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src)
+{
+    return 0;
 }
 
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  // key exchanges
-  ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
-  key_exchanges[0] = &ptls_openssl_secp256r1;
-  ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    // key exchanges
+    ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
+    key_exchanges[0] = &ptls_openssl_secp256r1;
+    ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};
 
-  // create ptls_context_t
-  ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time,
-                               key_exchanges, cipher_suites};
-  ctx_client.verify_certificate = NULL;
+    // create ptls_context_t
+    ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
+    ctx_client.verify_certificate = NULL;
 
-  // create pls_t
-  ptls_t *tls_client = ptls_new(&ctx_client, 0);  // 0: client
+    // create pls_t
+    ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client
 
-  // fake ticket saving
-  static struct st_util_save_ticket_t st;
-  st.super.cb = fake_ticket_cb;
-  ctx_client.save_ticket = &st.super;
+    // fake ticket saving
+    static struct st_util_save_ticket_t st;
+    st.super.cb = fake_ticket_cb;
+    ctx_client.save_ticket = &st.super;
 
-  // empty hsprop
-  ptls_handshake_properties_t hsprop = {{{{NULL}}}};
+    // empty hsprop
+    ptls_handshake_properties_t hsprop = {{{{NULL}}}};
 
-  // buffers
-  ptls_buffer_t client_encbuf;
-  ptls_buffer_init(&client_encbuf, "", 0);
-
-  // generate client_hello
-  ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);
-
-  // reset buffer
-  ptls_buffer_dispose(&client_encbuf);
-  ptls_buffer_init(&client_encbuf, "", 0);
+    // buffers
+    ptls_buffer_t client_encbuf;
+    ptls_buffer_init(&client_encbuf, "", 0);
 
-  // accept server
-  size_t consumed = size;
-  int ret =
-      ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);
+    // generate client_hello
+    ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);
 
-  // more messages to parse?
-  if (ret == 0 && size - consumed > 0) {
-    size = size - consumed;
     // reset buffer
     ptls_buffer_dispose(&client_encbuf);
     ptls_buffer_init(&client_encbuf, "", 0);
-    // receive messages
-    ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
-  }
 
-  // cleaning
-  ptls_buffer_dispose(&client_encbuf);
-  ptls_free(tls_client);
+    // accept server
+    size_t consumed = size;
+    int ret = ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);
+
+    // more messages to parse?
+    if (ret == 0 && size - consumed > 0) {
+        size = size - consumed;
+        // reset buffer
+        ptls_buffer_dispose(&client_encbuf);
+        ptls_buffer_init(&client_encbuf, "", 0);
+        // receive messages
+        ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
+    }
+
+    // cleaning
+    ptls_buffer_dispose(&client_encbuf);
+    ptls_free(tls_client);
 
-  return 0;
+    return 0;
 }
diff --git a/include/picotls.h b/include/picotls.h
@@ -208,7 +208,7 @@ extern "C" {
 #define PTLS_ERROR_GET_CLASS(e) ((e) & ~0xff)
 #define PTLS_ALERT_TO_SELF_ERROR(e) ((e) + PTLS_ERROR_CLASS_SELF_ALERT)
 #define PTLS_ALERT_TO_PEER_ERROR(e) ((e) + PTLS_ERROR_CLASS_PEER_ALERT)
-#define PTLS_ERROR_TO_ALERT(e) ((e)&0xff)
+#define PTLS_ERROR_TO_ALERT(e) ((e) & 0xff)
 
 /* the HKDF prefix */
 #define PTLS_HKDF_EXPAND_LABEL_PREFIX "tls13 "
@@ -298,25 +298,19 @@ extern "C" {
 #define PTLS_CERTIFICATE_TYPE_RAW_PUBLIC_KEY 2
 
 #define PTLS_ZERO_DIGEST_SHA256                                                                                                    \
-    {                                                                                                                              \
-        0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4,    \
-            0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55                                                 \
-    }
+    {0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24,                               \
+     0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55}
 
 #define PTLS_ZERO_DIGEST_SHA384                                                                                                    \
-    {                                                                                                                              \
-        0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a, 0x21, 0xfd, 0xb7, 0x11,    \
-            0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda, 0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65,      \
-            0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b                                                                   \
-    }
+    {0x38, 0xb0, 0x60, 0xa7, 0x51, 0xac, 0x96, 0x38, 0x4c, 0xd9, 0x32, 0x7e, 0xb1, 0xb1, 0xe3, 0x6a,                               \
+     0x21, 0xfd, 0xb7, 0x11, 0x14, 0xbe, 0x07, 0x43, 0x4c, 0x0c, 0xc7, 0xbf, 0x63, 0xf6, 0xe1, 0xda,                               \
+     0x27, 0x4e, 0xde, 0xbf, 0xe7, 0x6f, 0x65, 0xfb, 0xd5, 0x1a, 0xd2, 0xf1, 0x48, 0x98, 0xb9, 0x5b}
 
 #define PTLS_ZERO_DIGEST_SHA512                                                                                                    \
-    {                                                                                                                              \
-        0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07, 0xd6, 0x20, 0xe4, 0x05,    \
-            0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce, 0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2,      \
-            0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f, 0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38,      \
-            0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e                                                                                     \
-    }
+    {0xcf, 0x83, 0xe1, 0x35, 0x7e, 0xef, 0xb8, 0xbd, 0xf1, 0x54, 0x28, 0x50, 0xd6, 0x6d, 0x80, 0x07,                               \
+     0xd6, 0x20, 0xe4, 0x05, 0x0b, 0x57, 0x15, 0xdc, 0x83, 0xf4, 0xa9, 0x21, 0xd3, 0x6c, 0xe9, 0xce,                               \
+     0x47, 0xd0, 0xd1, 0x3c, 0x5d, 0x85, 0xf2, 0xb0, 0xff, 0x83, 0x18, 0xd2, 0x87, 0x7e, 0xec, 0x2f,                               \
+     0x63, 0xb9, 0x31, 0xbd, 0x47, 0x41, 0x7a, 0x81, 0xa5, 0x38, 0x32, 0x7a, 0xf9, 0x27, 0xda, 0x3e}
 
 #define PTLS_TO__STR(n) #n
 #define PTLS_TO_STR(n) PTLS_TO__STR(n)
@@ -363,10 +357,10 @@ typedef struct st_ptls_key_exchange_context_t {
     ptls_iovec_t pubkey;
     /**
      * This function can be used for deriving a shared secret or for destroying the context.
-     * When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key being
-     * given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling `free`.
-     * When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL.
-     * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
+     * When `secret` is non-NULL, this callback derives the shared secret using the private key of the context and the peer key
+     * being given, and sets the value in `secret`. The memory pointed to by `secret->base` must be freed by the caller by calling
+     * `free`. When `release` is set, the callee frees resources allocated to the context and set *keyex to NULL. Upon failure
+     * (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
      */
     int (*on_exchange)(struct st_ptls_key_exchange_context_t **keyex, int release, ptls_iovec_t *secret, ptls_iovec_t peerkey);
 } ptls_key_exchange_context_t;
@@ -388,7 +382,8 @@ typedef const struct st_ptls_key_exchange_algorithm_t {
      * Implements synchronous key exchange. Called when ServerHello is generated.
      * Given a public key provided by the peer (`peerkey`), this callback generates an ephemeral private and public key, and returns
      * the public key (`pubkey`) and a secret (`secret`) derived from the peerkey and private key.
-     * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are zero-cleared.
+     * Upon failure (i.e., when an PTLS error code is returned), `*pubkey` and `*secret` either remain unchanged or are
+     * zero-cleared.
      */
     int (*exchange)(const struct st_ptls_key_exchange_algorithm_t *algo, ptls_iovec_t *pubkey, ptls_iovec_t *secret,
                     ptls_iovec_t peerkey);

diff --git a/include/picotls/openssl.h b/include/picotls/openssl.h
@@ -39,8 +39,7 @@ extern "C" {
 #define PTLS_OPENSSL_HAVE_CHACHA20_POLY1305 0
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && \
-    !defined(OPENSSL_NO_ASYNC)
+#if OPENSSL_VERSION_NUMBER >= 0x10100010L && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC)
 #include <openssl/async.h>
 #define PTLS_OPENSSL_HAVE_ASYNC 1
 #else