Initial support for client/server-only operation

CMakeLists.txt

@@ -119,6 +119,11 @@ SET(TEST_EXES test-minicrypto.t)
 SET(PTLSBENCH_LIBS
     picotls-minicrypto picotls-core)
 
+if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+  # on Darwin, try and pick up openssl from homebrew
+  set(CMAKE_PREFIX_PATH /usr/local/opt/openssl@1.1 /usr/local/opt/openssl)
+endif()
+
 FIND_PACKAGE(OpenSSL)
 IF (OPENSSL_FOUND AND NOT (OPENSSL_VERSION VERSION_LESS "1.0.1"))
     MESSAGE(STATUS "  Enabling OpenSSL support")

include/picotls.h

@@ -60,8 +60,10 @@ extern "C" {
 
 #define PTLS_ELEMENTSOF(x) (PTLS_ASSERT_IS_ARRAY_EXPR(x) * sizeof(x) / sizeof((x)[0]))
 
-#ifdef _WINDOWS
+#if defined(_WINDOWS)
 #define PTLS_THREADLOCAL __declspec(thread)
+#elif defined(PARTICLE)
+#define PTLS_THREADLOCAL
 #else
 #define PTLS_THREADLOCAL __thread
 #define PTLS_HAVE_LOG 1
@@ -71,6 +73,10 @@ extern "C" {
 #define PTLS_FUZZ_HANDSHAKE 0
 #endif
 
+#ifdef PTLS_MINIMIZE_STACK
+extern void ptls_cleanup_free(void *p);
+#endif
+
 #define PTLS_HELLO_RANDOM_SIZE 32
 
 #define PTLS_AES128_KEY_SIZE 16
@@ -606,6 +612,10 @@ typedef struct st_ptls_on_client_hello_parameters_t {
      * Raw value of the client_hello message.
      */
     ptls_iovec_t raw_message;
+    /**
+     * points to the cipher-suites section of the raw_message (see above)
+     */
+    ptls_iovec_t cipher_suites;
     /**
      *
      */
@@ -621,10 +631,6 @@ typedef struct st_ptls_on_client_hello_parameters_t {
         const uint16_t *list;
         size_t count;
     } certificate_compression_algorithms;
-    struct {
-        const uint16_t *list;
-        size_t count;
-    } cipher_suites;
     struct {
         const uint8_t *list;
         size_t count;
@@ -1234,6 +1240,7 @@ uint64_t ptls_decode_quicint(const uint8_t **src, const uint8_t *end);
         ptls_decode_assert_block_close((src), end);                                                                                \
     } while (0)
 
+#if PTLS_HAVE_LOG
 #define PTLS_LOG__DO_LOG(module, type, block)                                                                                      \
     do {                                                                                                                           \
         int ptlslog_skip = 0;                                                                                                      \
@@ -1252,15 +1259,15 @@ uint64_t ptls_decode_quicint(const uint8_t **src, const uint8_t *end);
 
 #define PTLS_LOG(module, type, block)                                                                                              \
     do {                                                                                                                           \
-        if (!ptls_log.is_active)                                                                                                   \
+        if (!PTLS_LOG_IS_ACTIVE(ptls_log))                                                                                         \
             break;                                                                                                                 \
         PTLS_LOG__DO_LOG((module), (type), (block));                                                                               \
     } while (0)
 
 #define PTLS_LOG_CONN(type, tls, block)                                                                                            \
     do {                                                                                                                           \
         ptls_t *_tls = (tls);                                                                                                      \
-        if (!ptls_log.is_active || ptls_skip_tracing(_tls))                                                                        \
+        if (!PTLS_LOG_IS_ACTIVE(ptls_log) || ptls_skip_tracing(_tls))                                                              \
             break;                                                                                                                 \
         PTLS_LOG__DO_LOG(picotls, type, {                                                                                          \
             PTLS_LOG_ELEMENT_PTR(tls, _tls);                                                                                       \
@@ -1360,15 +1367,29 @@ uint64_t ptls_decode_quicint(const uint8_t **src, const uint8_t *end);
             }                                                                                                                      \
         }                                                                                                                          \
     } while (0)
+#else
+#define PTLS_LOG_CONN(...)
+#define PTLS_LOG__DO_LOG(...)
+#endif
 
 /**
  * User API is exposed only when logging is supported by the platform.
  */
 typedef struct st_ptls_log_t {
+#if PTLS_HAVE_LOG
     unsigned is_active : 1;
+#else
+    unsigned : 1;
+#endif
     unsigned include_appdata : 1;
 } ptls_log_t;
 
+#if PTLS_HAVE_LOG
+#define PTLS_LOG_IS_ACTIVE(log) (log.is_active)
+#else
+#define PTLS_LOG_IS_ACTIVE(log) (0)
+#endif
+
 #if PTLS_HAVE_LOG
 extern volatile ptls_log_t ptls_log;
 /**
@@ -1522,7 +1543,13 @@ int ptls_update_key(ptls_t *tls, int request_update);
 /**
  * Returns if the context is a server context.
  */
+#if defined(PICOTLS_CLIENT) && !defined(PICOTLS_SERVER)
+#define ptls_is_server(x) (0)
+#elif !defined(PICOTLS_CLIENT) && defined(PICOTLS_SERVER)
+#define ptls_is_server(x) (1)
+#else
 int ptls_is_server(ptls_t *tls);
+#endif
 /**
  * returns per-record overhead
  */

lib/hpke.c

@@ -48,10 +48,14 @@ static int labeled_extract(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *ciphe
                            const char *label, ptls_iovec_t ikm)
 {
     ptls_buffer_t labeled_ikm;
-    uint8_t labeled_ikm_smallbuf[64];
     int ret;
 
+#ifdef PTLS_MINIMIZE_STACK
+    ptls_buffer_init(&labeled_ikm, "", 0);
+#else
+    uint8_t labeled_ikm_smallbuf[64];
     ptls_buffer_init(&labeled_ikm, labeled_ikm_smallbuf, sizeof(labeled_ikm_smallbuf));
+#endif
 
     ptls_buffer_pushv(&labeled_ikm, HPKE_V1_LABEL, strlen(HPKE_V1_LABEL));
     if ((ret = build_suite_id(&labeled_ikm, kem, cipher)) != 0)
@@ -71,12 +75,16 @@ static int labeled_expand(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher
                           const char *label, ptls_iovec_t info)
 {
     ptls_buffer_t labeled_info;
-    uint8_t labeled_info_smallbuf[64];
     int ret;
 
     assert(outlen < UINT16_MAX);
 
+#ifdef PTLS_MINIMIZE_STACK
+    ptls_buffer_init(&labeled_info, "", 0);
+#else
+    uint8_t labeled_info_smallbuf[64];
     ptls_buffer_init(&labeled_info, labeled_info_smallbuf, sizeof(labeled_info_smallbuf));
+#endif
 
     ptls_buffer_push16(&labeled_info, (uint16_t)outlen);
     ptls_buffer_pushv(&labeled_info, HPKE_V1_LABEL, strlen(HPKE_V1_LABEL));
@@ -97,10 +105,15 @@ static int extract_and_expand(ptls_hpke_kem_t *kem, void *secret, size_t secret_
                               ptls_iovec_t dh)
 {
     ptls_buffer_t kem_context;
-    uint8_t kem_context_smallbuf[128], eae_prk[PTLS_MAX_DIGEST_SIZE];
+    uint8_t eae_prk[PTLS_MAX_DIGEST_SIZE];
     int ret;
 
+#ifdef PTLS_MINIMIZE_STACK
+    ptls_buffer_init(&kem_context, "", 0);
+#else
+    uint8_t kem_context_smallbuf[128];
     ptls_buffer_init(&kem_context, kem_context_smallbuf, sizeof(kem_context_smallbuf));
+#endif
 
     ptls_buffer_pushv(&kem_context, pk_s.base, pk_s.len);
     ptls_buffer_pushv(&kem_context, pk_r.base, pk_r.len);
@@ -172,13 +185,27 @@ static int key_schedule(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher,
                         const void *shared_secret, ptls_iovec_t info)
 {
     ptls_buffer_t key_schedule_context;
-    uint8_t key_schedule_context_smallbuf[128], secret[PTLS_MAX_DIGEST_SIZE], key[PTLS_MAX_SECRET_SIZE],
-        base_nonce[PTLS_MAX_IV_SIZE];
+#ifdef PTLS_MINIMIZE_STACK
+    uint8_t *tmp __attribute__((__cleanup__(ptls_cleanup_free))) =
+        malloc(PTLS_MAX_DIGEST_SIZE + PTLS_MAX_SECRET_SIZE + PTLS_MAX_IV_SIZE);
+    if (tmp == NULL)
+        return PTLS_ERROR_NO_MEMORY;
+#define secret (tmp)
+#define key (tmp + PTLS_MAX_DIGEST_SIZE)
+#define base_nonce (key + PTLS_MAX_SECRET_SIZE)
+#else
+    uint8_t secret[PTLS_MAX_DIGEST_SIZE], key[PTLS_MAX_SECRET_SIZE], base_nonce[PTLS_MAX_IV_SIZE];
+#endif
     int ret;
 
     *ctx = NULL;
 
+#ifdef PTLS_MINIMIZE_STACK
+    ptls_buffer_init(&key_schedule_context, "", 0);
+#else
+    uint8_t key_schedule_context_smallbuf[128];
     ptls_buffer_init(&key_schedule_context, key_schedule_context_smallbuf, sizeof(key_schedule_context_smallbuf));
+#endif
 
     /* key_schedule_context = concat(mode, LabeledExtract("", "psk_id_hash", psk_id), LabeledExtract("", "info_hash", info)) */
     ptls_buffer_push(&key_schedule_context, PTLS_HPKE_MODE_BASE);
@@ -214,6 +241,9 @@ static int key_schedule(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher,
     ptls_clear_memory(key, sizeof(key));
     ptls_clear_memory(base_nonce, sizeof(base_nonce));
     return ret;
+#undef secret
+#undef key
+#undef base_nonce
 }
 
 int ptls_hpke_setup_base_s(ptls_hpke_kem_t *kem, ptls_hpke_cipher_suite_t *cipher, ptls_iovec_t *pk_s, ptls_aead_context_t **ctx,