diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 21:12:02 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 21:12:02 +0000 |
commit | 77e50caaf2ef81cd91075cf836fed0e75718ffb4 (patch) | |
tree | 53b7b411290b63192fc9e924a3b6b65cdf67e9d0 /debian/vendor-h2o/deps/picotls/t/util.h | |
parent | Adding upstream version 1.8.3. (diff) | |
download | dnsdist-77e50caaf2ef81cd91075cf836fed0e75718ffb4.tar.xz dnsdist-77e50caaf2ef81cd91075cf836fed0e75718ffb4.zip |
Adding debian version 1.8.3-2.debian/1.8.3-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/vendor-h2o/deps/picotls/t/util.h')
-rw-r--r-- | debian/vendor-h2o/deps/picotls/t/util.h | 240 |
1 files changed, 240 insertions, 0 deletions
diff --git a/debian/vendor-h2o/deps/picotls/t/util.h b/debian/vendor-h2o/deps/picotls/t/util.h new file mode 100644 index 0000000..78ce87c --- /dev/null +++ b/debian/vendor-h2o/deps/picotls/t/util.h @@ -0,0 +1,240 @@ +/* + * Copyright (c) 2016,2017 DeNA Co., Ltd., Kazuho Oku, Fastly + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + */ +#ifndef util_h +#define util_h + +#ifndef _XOPEN_SOURCE +#define _XOPEN_SOURCE 700 /* required for glibc to use getaddrinfo, etc. */ +#endif + +#include <errno.h> +#include <netdb.h> +#include <netinet/in.h> +#include <stdio.h> +#include <string.h> +#include <sys/param.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <openssl/pem.h> +#include "picotls/openssl.h" + +static inline void load_certificate_chain(ptls_context_t *ctx, const char *fn) +{ + if (ptls_load_certificates(ctx, (char *)fn) != 0) { + fprintf(stderr, "failed to load certificate:%s:%s\n", fn, strerror(errno)); + exit(1); + } +} + +static inline void load_private_key(ptls_context_t *ctx, const char *fn) +{ + static ptls_openssl_sign_certificate_t sc; + FILE *fp; + EVP_PKEY *pkey; + + if ((fp = fopen(fn, "rb")) == NULL) { + fprintf(stderr, "failed to open file:%s:%s\n", fn, strerror(errno)); + exit(1); + } + pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + + if (pkey == NULL) { + fprintf(stderr, "failed to read private key from file:%s\n", fn); + exit(1); + } + + ptls_openssl_init_sign_certificate(&sc, pkey); + EVP_PKEY_free(pkey); + + ctx->sign_certificate = &sc.super; +} + +struct st_util_save_ticket_t { + ptls_save_ticket_t super; + char fn[MAXPATHLEN]; +}; + +static int save_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src) +{ + struct st_util_save_ticket_t *self = (void *)_self; + FILE *fp; + + if ((fp = fopen(self->fn, "wb")) == NULL) { + fprintf(stderr, "failed to open file:%s:%s\n", self->fn, strerror(errno)); + return PTLS_ERROR_LIBRARY; + } + fwrite(src.base, 1, src.len, fp); + fclose(fp); + + return 0; +} + +static inline void setup_session_file(ptls_context_t *ctx, ptls_handshake_properties_t *hsprop, const char *fn) +{ + static struct st_util_save_ticket_t st; + FILE *fp; + + /* setup save_ticket callback */ + strcpy(st.fn, fn); + st.super.cb = save_ticket_cb; + ctx->save_ticket = &st.super; + + /* load session ticket if possible */ + if ((fp = fopen(fn, "rb")) != NULL) { + static uint8_t ticket[16384]; + size_t ticket_size = fread(ticket, 1, sizeof(ticket), fp); + if (ticket_size == 0 || !feof(fp)) { + fprintf(stderr, "failed to load ticket from file:%s\n", fn); + exit(1); + } + fclose(fp); + hsprop->client.session_ticket = ptls_iovec_init(ticket, ticket_size); + } +} + +static inline void setup_verify_certificate(ptls_context_t *ctx) +{ + static ptls_openssl_verify_certificate_t vc; + ptls_openssl_init_verify_certificate(&vc, NULL); + ctx->verify_certificate = &vc.super; +} + +struct st_util_log_secret_t { + ptls_log_secret_t super; + FILE *fp; +}; + +static void fprinthex(FILE *fp, ptls_iovec_t vec) +{ + size_t i; + for (i = 0; i != vec.len; ++i) + fprintf(fp, "%02x", vec.base[i]); +} + +static void log_secret_cb(ptls_log_secret_t *_self, ptls_t *tls, const char *label, ptls_iovec_t secret) +{ + struct st_util_log_secret_t *self = (void *)_self; + + fprintf(self->fp, "%s ", label); + fprinthex(self->fp, ptls_get_client_random(tls)); + fprintf(self->fp, " "); + fprinthex(self->fp, secret); + fprintf(self->fp, "\n"); + fflush(self->fp); +} + +static inline void setup_log_secret(ptls_context_t *ctx, const char *fn) +{ + static struct st_util_log_secret_t ls; + + if ((ls.fp = fopen(fn, "at")) == NULL) { + fprintf(stderr, "failed to open file:%s:%s\n", fn, strerror(errno)); + exit(1); + } + ls.super.cb = log_secret_cb; + ctx->log_secret = &ls.super; +} + +/* single-entry session cache */ +struct st_util_session_cache_t { + ptls_encrypt_ticket_t super; + uint8_t id[32]; + ptls_iovec_t data; +}; + +static int encrypt_ticket_cb(ptls_encrypt_ticket_t *_self, ptls_t *tls, int is_encrypt, ptls_buffer_t *dst, ptls_iovec_t src) +{ + struct st_util_session_cache_t *self = (void *)_self; + int ret; + + if (is_encrypt) { + + /* replace the cached entry along with a newly generated session id */ + free(self->data.base); + if ((self->data.base = malloc(src.len)) == NULL) + return PTLS_ERROR_NO_MEMORY; + + ptls_get_context(tls)->random_bytes(self->id, sizeof(self->id)); + memcpy(self->data.base, src.base, src.len); + self->data.len = src.len; + + /* store the session id in buffer */ + if ((ret = ptls_buffer_reserve(dst, sizeof(self->id))) != 0) + return ret; + memcpy(dst->base + dst->off, self->id, sizeof(self->id)); + dst->off += sizeof(self->id); + + } else { + + /* check if session id is the one stored in cache */ + if (src.len != sizeof(self->id)) + return PTLS_ERROR_SESSION_NOT_FOUND; + if (memcmp(self->id, src.base, sizeof(self->id)) != 0) + return PTLS_ERROR_SESSION_NOT_FOUND; + + /* return the cached value */ + if ((ret = ptls_buffer_reserve(dst, self->data.len)) != 0) + return ret; + memcpy(dst->base + dst->off, self->data.base, self->data.len); + dst->off += self->data.len; + } + + return 0; +} + +static inline void setup_session_cache(ptls_context_t *ctx) +{ + static struct st_util_session_cache_t sc; + + sc.super.cb = encrypt_ticket_cb; + + ctx->ticket_lifetime = 86400; + ctx->max_early_data_size = 8192; + ctx->encrypt_ticket = &sc.super; +} + +static inline int resolve_address(struct sockaddr *sa, socklen_t *salen, const char *host, const char *port, int family, int type, + int proto) +{ + struct addrinfo hints, *res; + int err; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = family; + hints.ai_socktype = type; + hints.ai_protocol = proto; + hints.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV | AI_PASSIVE; + if ((err = getaddrinfo(host, port, &hints, &res)) != 0 || res == NULL) { + fprintf(stderr, "failed to resolve address:%s:%s:%s\n", host, port, + err != 0 ? gai_strerror(err) : "getaddrinfo returned NULL"); + return -1; + } + + memcpy(sa, res->ai_addr, res->ai_addrlen); + *salen = res->ai_addrlen; + + freeaddrinfo(res); + return 0; +} + +#endif |