Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ZSTD for compressed certificates #313

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+38 −12
Open

Support ZSTD for compressed certificates #313

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,14 @@ IF (OPENSSL_FOUND AND LIBC_RESOLV_LIB)
TARGET_LINK_LIBRARIES(cli ${LIBC_RESOLV_LIB})
ENDIF ()

FIND_LIBRARY(LibZSTD "zstd")
IF (LibZSTD)
MESSAGE(STATUS " Enabling ZSTD support")
ADD_DEFINITIONS(-DPTLS_HAVE_ZSTD)
LIST(APPEND CORE_EXTRA_LIBS ${LibZSTD})
TARGET_LINK_LIBRARIES(cli ${LibZSTD})
ENDIF ()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please move the detection logic next to the one that we have for brotli, and align the approach?

Then, we could do something like IF ((BROTLI_DEC_FOUND AND BROTLI_ENC_FOUND) OR ZSTD_FOUND) to link against lib/certificate_compression.c if either of the compression library was found.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review. I'll be working on the suggestions.


IF (BUILD_FUZZER)
IF (NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
MESSAGE(FATAL ERROR "The fuzzer needs clang as a compiler")
Expand Down
1 change: 1 addition & 0 deletions include/picotls/certificate_compression.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ extern "C" {

#define PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_GZIP 1
#define PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI 2
#define PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_ZSTD 3

typedef struct st_ptls_emit_compressed_certificate_t {
ptls_emit_certificate_t super;
Expand Down
41 changes: 29 additions & 12 deletions lib/certificate_compression.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,26 +24,43 @@
#include "brotli/decode.h"
#include "brotli/encode.h"
#include "picotls/certificate_compression.h"
#ifdef PTLS_HAVE_ZSTD
#include "zstd.h"
#endif

static inline int decompress_certificate(ptls_decompress_certificate_t *self, ptls_t *tls, uint16_t algorithm, ptls_iovec_t output,
ptls_iovec_t input)
{
if (algorithm != PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI)
goto Fail;

size_t decoded_size = output.len;
if (BrotliDecoderDecompress(input.len, input.base, &decoded_size, output.base) != BROTLI_DECODER_RESULT_SUCCESS)
goto Fail;

if (decoded_size != output.len)
goto Fail;

return 0;
if (algorithm == PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI) {

size_t decoded_size = output.len;
if (BrotliDecoderDecompress(input.len, input.base, &decoded_size, output.base) != BROTLI_DECODER_RESULT_SUCCESS)
goto Fail;

if (decoded_size != output.len)
goto Fail;

return 0;
#if PTLS_HAVE_ZSTD
} else if (algorithm == PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_ZSTD) {
size_t res = ZSTD_decompress(output.base, output.len, input.base, input.len);
if (ZSTD_isError(res))
goto Fail;
if (res != output.len)
goto Fail;
return 0;
#endif
}
Fail:
return PTLS_ALERT_BAD_CERTIFICATE;
}

static const uint16_t algorithms[] = {PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI, UINT16_MAX};
static const uint16_t algorithms[] = {
PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_BROTLI,
#if PTLS_HAVE_ZSTD
PTLS_CERTIFICATE_COMPRESSION_ALGORITHM_ZSTD,
#endif
UINT16_MAX};

ptls_decompress_certificate_t ptls_decompress_certificate = {algorithms, decompress_certificate};

Expand Down