mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
121
trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl
vendored
Normal file
121
trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl
vendored
Normal file
|
@ -0,0 +1,121 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
#Convert CCM CAVS test vectors to a format suitable for evp_test
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
my $alg;
|
||||
my $mode;
|
||||
my $keylen;
|
||||
my $key = "";
|
||||
my $iv = "";
|
||||
my $aad = "";
|
||||
my $ct = "";
|
||||
my $pt = "";
|
||||
my $tag = "";
|
||||
my $aadlen = 0;
|
||||
my $ptlen = 0;
|
||||
my $taglen = 0;
|
||||
my $res = "";
|
||||
my $intest = 0;
|
||||
my $fixediv = 0;
|
||||
|
||||
while (<STDIN>)
|
||||
{
|
||||
chomp;
|
||||
|
||||
# Pull out the cipher mode from the comment at the beginning of the file
|
||||
if(/^#\s*"([^-]+)-\w+" information/) {
|
||||
$mode = lc($1);
|
||||
# Pull out the key length from the comment at the beginning of the file
|
||||
} elsif(/^#\s*(\w+) Keylen: (\d+)/) {
|
||||
$alg = lc($1);
|
||||
$keylen = $2;
|
||||
# Some parameters common to many tests appear as a list in square brackets
|
||||
# so parse these
|
||||
} elsif(/\[(.*)\]/) {
|
||||
my @pairs = split(/, /, $1);
|
||||
foreach my $pair (@pairs) {
|
||||
$pair =~ /(\w+)\s*=\s*(\d+)/;
|
||||
# AAD Length
|
||||
if ($1 eq "Alen") {
|
||||
$aadlen = $2;
|
||||
# Plaintext length
|
||||
} elsif ($1 eq "Plen") {
|
||||
$ptlen = $2;
|
||||
# Tag length
|
||||
} elsif ($1 eq "Tlen") {
|
||||
$taglen = $2;
|
||||
}
|
||||
}
|
||||
# Key/Value pair
|
||||
} elsif (/^\s*(\w+)\s*=\s*(\S.*)\r/) {
|
||||
if ($1 eq "Key") {
|
||||
$key = $2;
|
||||
} elsif ($1 eq "Nonce") {
|
||||
$iv = $2;
|
||||
if ($intest == 0) {
|
||||
$fixediv = 1;
|
||||
} else {
|
||||
$fixediv = 0;
|
||||
}
|
||||
} elsif ($1 eq "Adata") {
|
||||
$aad = $2;
|
||||
} elsif ($1 eq "CT") {
|
||||
$ct = substr($2, 0, length($2) - ($taglen * 2));
|
||||
$tag = substr($2, $taglen * -2);
|
||||
} elsif ($1 eq "Payload") {
|
||||
$pt = $2;
|
||||
} elsif ($1 eq "Result") {
|
||||
if ($2 =~ /Fail/) {
|
||||
$res = "CIPHERUPDATE_ERROR";
|
||||
}
|
||||
} elsif ($1 eq "Count") {
|
||||
$intest = 1;
|
||||
} elsif ($1 eq "Plen") {
|
||||
$ptlen = $2;
|
||||
} elsif ($1 eq "Tlen") {
|
||||
$taglen = $2;
|
||||
} elsif ($1 eq "Alen") {
|
||||
$aadlen = $2;
|
||||
}
|
||||
# Something else - probably just a blank line
|
||||
} elsif ($intest) {
|
||||
print "Cipher = $alg-$keylen-$mode\n";
|
||||
print "Key = $key\n";
|
||||
print "IV = $iv\n";
|
||||
print "AAD =";
|
||||
if ($aadlen > 0) {
|
||||
print " $aad";
|
||||
}
|
||||
print "\nTag =";
|
||||
if ($taglen > 0) {
|
||||
print " $tag";
|
||||
}
|
||||
print "\nPlaintext =";
|
||||
if ($ptlen > 0) {
|
||||
print " $pt";
|
||||
}
|
||||
print "\nCiphertext = $ct\n";
|
||||
if ($res ne "") {
|
||||
print "Operation = DECRYPT\n";
|
||||
print "Result = $res\n";
|
||||
}
|
||||
print "\n";
|
||||
$res = "";
|
||||
if ($fixediv == 0) {
|
||||
$iv = "";
|
||||
}
|
||||
$aad = "";
|
||||
$tag = "";
|
||||
$pt = "";
|
||||
$intest = 0;
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -35,7 +35,7 @@ Find small errors (nits) in documentation. Options:
|
|||
-l Print bogus links
|
||||
-n Print nits in POD pages
|
||||
-p Warn if non-public name documented (implies -n)
|
||||
-u List undocumented functions
|
||||
-u Count undocumented functions
|
||||
-h Print this help message
|
||||
-c List undocumented commands and options
|
||||
EOF
|
||||
|
@ -137,6 +137,20 @@ sub name_synopsis()
|
|||
}
|
||||
}
|
||||
|
||||
# Check if SECTION ($3) is located before BEFORE ($4)
|
||||
sub check_section_location()
|
||||
{
|
||||
my $id = shift;
|
||||
my $contents = shift;
|
||||
my $section = shift;
|
||||
my $before = shift;
|
||||
|
||||
return
|
||||
unless $contents =~ /=head1 $section/ and $contents =~ /=head1 $before/;
|
||||
print "$id $section should be placed before $before section\n"
|
||||
if $contents =~ /=head1 $before.*=head1 $section/ms;
|
||||
}
|
||||
|
||||
sub check()
|
||||
{
|
||||
my $filename = shift;
|
||||
|
@ -152,6 +166,13 @@ sub check()
|
|||
|
||||
my $id = "${filename}:1:";
|
||||
|
||||
# Check ordering of some sections in man3
|
||||
if ( $filename =~ m|man3/| ) {
|
||||
&check_section_location($id, $contents, "RETURN VALUES", "EXAMPLES");
|
||||
&check_section_location($id, $contents, "SEE ALSO", "HISTORY");
|
||||
&check_section_location($id, $contents, "EXAMPLES", "SEE ALSO");
|
||||
}
|
||||
|
||||
&name_synopsis($id, $filename, $contents)
|
||||
unless $contents =~ /=for comment generic/
|
||||
or $filename =~ m@man[157]/@;
|
||||
|
@ -162,6 +183,10 @@ sub check()
|
|||
if $contents !~ /=cut\n$/;
|
||||
print "$id more than one cut line.\n"
|
||||
if $contents =~ /=cut.*=cut/ms;
|
||||
print "$id EXAMPLE not EXAMPLES section.\n"
|
||||
if $contents =~ /=head1 EXAMPLE[^S]/;
|
||||
print "$id WARNING not WARNINGS section.\n"
|
||||
if $contents =~ /=head1 WARNING[^S]/;
|
||||
print "$id missing copyright\n"
|
||||
if $contents !~ /Copyright .* The OpenSSL Project Authors/;
|
||||
print "$id copyright not last\n"
|
||||
|
@ -269,6 +294,7 @@ my %docced;
|
|||
sub checkmacros()
|
||||
{
|
||||
my $count = 0;
|
||||
my %seen;
|
||||
|
||||
print "# Checking macros (approximate)\n";
|
||||
foreach my $f ( glob('include/openssl/*.h') ) {
|
||||
|
@ -280,7 +306,7 @@ sub checkmacros()
|
|||
while ( <IN> ) {
|
||||
next unless /^#\s*define\s*(\S+)\(/;
|
||||
my $macro = $1;
|
||||
next if $docced{$macro};
|
||||
next if $docced{$macro} || defined $seen{$macro};
|
||||
next if $macro =~ /i2d_/
|
||||
|| $macro =~ /d2i_/
|
||||
|| $macro =~ /DEPRECATEDIN/
|
||||
|
@ -288,6 +314,7 @@ sub checkmacros()
|
|||
|| $macro =~ /DECLARE_/;
|
||||
print "$f:$macro\n" if $opt_d;
|
||||
$count++;
|
||||
$seen{$macro} = 1;
|
||||
}
|
||||
close(IN);
|
||||
}
|
||||
|
@ -299,15 +326,17 @@ sub printem()
|
|||
my $libname = shift;
|
||||
my $numfile = shift;
|
||||
my $count = 0;
|
||||
my %seen;
|
||||
|
||||
foreach my $func ( &parsenum($numfile) ) {
|
||||
next if $docced{$func};
|
||||
next if $docced{$func} || defined $seen{$func};
|
||||
|
||||
# Skip ASN1 utilities
|
||||
next if $func =~ /^ASN1_/;
|
||||
|
||||
print "$libname:$func\n" if $opt_d;
|
||||
$count++;
|
||||
$seen{$func} = 1;
|
||||
}
|
||||
print "# Found $count missing from $numfile\n\n";
|
||||
}
|
||||
|
|
19
trunk/3rdparty/openssl-1.1-fit/util/fix-includes
vendored
Executable file
19
trunk/3rdparty/openssl-1.1-fit/util/fix-includes
vendored
Executable file
|
@ -0,0 +1,19 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
find -name ossl_typ.h -o \( \
|
||||
-name '*.h' -o \
|
||||
-name '*.h.in' -o \
|
||||
-name '*.c' -o \
|
||||
-name '*.ec' -o \
|
||||
-name 'README*' -o \
|
||||
-name '*.pod' -o \
|
||||
-name '*.conf' \
|
||||
\) -exec sed -E -i \
|
||||
-f util/fix-includes.sed {} \;
|
5
trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed
vendored
Normal file
5
trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed
vendored
Normal file
|
@ -0,0 +1,5 @@
|
|||
s|internal/([a-z0-9_]+)_int\.h|crypto/\1.h|g ;
|
||||
s@internal/(aria.h|async.h|bn_conf.h|bn_dh.h|bn_srp.h|chacha.h|ctype.h|__DECC_INCLUDE_EPILOGUE.H|__DECC_INCLUDE_PROLOGUE.H|dso_conf.h|engine.h|lhash.h|md32_common.h|objects.h|poly1305.h|sha.h|siphash.h|sm2err.h|sm2.h|sm3.h|sm4.h|store.h|foobar)@crypto/\1@g ;
|
||||
s/constant_time_locl/constant_time/g ;
|
||||
s/_lo?cl\.h/_local.h/g ;
|
||||
s/_int\.h/_local.h/g ;
|
|
@ -4579,3 +4579,15 @@ EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION:
|
|||
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
|
||||
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
|
||||
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
|
||||
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
|
||||
X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION:
|
||||
X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION:
|
||||
EVP_PKEY_meth_set_digestsign 4539 1_1_1e EXIST::FUNCTION:
|
||||
EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION:
|
||||
EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION:
|
||||
EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION:
|
||||
RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA
|
||||
X509_ALGOR_copy 4544 1_1_1h EXIST::FUNCTION:
|
||||
X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION:
|
||||
X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION:
|
||||
EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC
|
||||
|
|
4
trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl
vendored
4
trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl
vendored
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -360,7 +360,7 @@ sub do_defs
|
|||
|
||||
# params: symbol, alias, platforms, kind
|
||||
# The reason to put this subroutine in a variable is that
|
||||
# it will otherwise create it's own, unshared, version of
|
||||
# it will otherwise create its own, unshared, version of
|
||||
# %tag and %variant...
|
||||
my $make_variant = sub
|
||||
{
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -34,11 +34,12 @@ sub do_mkdir_p {
|
|||
}
|
||||
|
||||
unless (mkdir($dir, 0777)) {
|
||||
local($err) = $!;
|
||||
if (-d $dir) {
|
||||
# We raced against another instance doing the same thing.
|
||||
return;
|
||||
}
|
||||
die "Cannot create directory $dir: $!\n";
|
||||
die "Cannot create directory $dir: $err\n";
|
||||
}
|
||||
print "created directory `$dir'\n";
|
||||
}
|
||||
|
|
8
trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl
vendored
8
trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl
vendored
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -417,9 +417,7 @@ print STDERR "\n" if $debug;
|
|||
&phase("Writing files");
|
||||
my $newstate = 0;
|
||||
foreach my $lib ( keys %errorfile ) {
|
||||
if ( ! $fnew{$lib} && ! $rnew{$lib} ) {
|
||||
next unless $rebuild;
|
||||
}
|
||||
next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
|
||||
next if scalar keys %modules > 0 && !$modules{$lib};
|
||||
next if $nowrite;
|
||||
print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
|
||||
|
@ -455,6 +453,8 @@ foreach my $lib ( keys %errorfile ) {
|
|||
#ifndef HEADER_${lib}ERR_H
|
||||
# define HEADER_${lib}ERR_H
|
||||
|
||||
# include <openssl/symhacks.h>
|
||||
|
||||
EOF
|
||||
if ( $internal ) {
|
||||
# Declare the load function because the generate C file
|
||||
|
|
4
trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl
vendored
4
trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl
vendored
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -46,7 +46,7 @@ if ( $filename =~ /openssl/i ) {
|
|||
$vft = "VFT_APP";
|
||||
}
|
||||
|
||||
my $YEAR = [localtime()]->[5] + 1900;
|
||||
my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900;
|
||||
print <<___;
|
||||
#include <winver.h>
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
|
|||
rel2abs/;
|
||||
use File::Path 2.00 qw/rmtree mkpath/;
|
||||
use File::Basename;
|
||||
use Cwd qw/getcwd abs_path/;
|
||||
|
||||
my $level = 0;
|
||||
|
||||
|
@ -164,13 +165,13 @@ C<indir> takes some additional options OPTS that affect the subdirectory:
|
|||
|
||||
=item B<create =E<gt> 0|1>
|
||||
|
||||
When set to 1 (or any value that perl preceives as true), the subdirectory
|
||||
When set to 1 (or any value that perl perceives as true), the subdirectory
|
||||
will be created if it doesn't already exist. This happens before BLOCK
|
||||
is executed.
|
||||
|
||||
=item B<cleanup =E<gt> 0|1>
|
||||
|
||||
When set to 1 (or any value that perl preceives as true), the subdirectory
|
||||
When set to 1 (or any value that perl perceives as true), the subdirectory
|
||||
will be cleaned out and removed. This happens both before and after BLOCK
|
||||
is executed.
|
||||
|
||||
|
@ -869,8 +870,8 @@ failures will result in a C<BAIL_OUT> at the end of its run.
|
|||
sub __env {
|
||||
(my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
|
||||
|
||||
$directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP};
|
||||
$directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP};
|
||||
$directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP});
|
||||
$directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP});
|
||||
$directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
|
||||
$directories{SRCAPPS} = __srctop_dir("apps");
|
||||
$directories{BLDFUZZ} = __bldtop_dir("fuzz");
|
||||
|
@ -903,26 +904,26 @@ sub __srctop_file {
|
|||
BAIL_OUT("Must run setup() first") if (! $test_name);
|
||||
|
||||
my $f = pop;
|
||||
return catfile($directories{SRCTOP},@_,$f);
|
||||
return abs2rel(catfile($directories{SRCTOP},@_,$f),getcwd);
|
||||
}
|
||||
|
||||
sub __srctop_dir {
|
||||
BAIL_OUT("Must run setup() first") if (! $test_name);
|
||||
|
||||
return catdir($directories{SRCTOP},@_);
|
||||
return abs2rel(catdir($directories{SRCTOP},@_), getcwd);
|
||||
}
|
||||
|
||||
sub __bldtop_file {
|
||||
BAIL_OUT("Must run setup() first") if (! $test_name);
|
||||
|
||||
my $f = pop;
|
||||
return catfile($directories{BLDTOP},@_,$f);
|
||||
return abs2rel(catfile($directories{BLDTOP},@_,$f), getcwd);
|
||||
}
|
||||
|
||||
sub __bldtop_dir {
|
||||
BAIL_OUT("Must run setup() first") if (! $test_name);
|
||||
|
||||
return catdir($directories{BLDTOP},@_);
|
||||
return abs2rel(catdir($directories{BLDTOP},@_), getcwd);
|
||||
}
|
||||
|
||||
# __exeext is a function that returns the platform dependent file extension
|
||||
|
|
105
trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm
vendored
Normal file
105
trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm
vendored
Normal file
|
@ -0,0 +1,105 @@
|
|||
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
use strict;
|
||||
|
||||
package TLSProxy::CertificateRequest;
|
||||
|
||||
use vars '@ISA';
|
||||
push @ISA, 'TLSProxy::Message';
|
||||
|
||||
sub new
|
||||
{
|
||||
my $class = shift;
|
||||
my ($server,
|
||||
$data,
|
||||
$records,
|
||||
$startoffset,
|
||||
$message_frag_lens) = @_;
|
||||
|
||||
my $self = $class->SUPER::new(
|
||||
$server,
|
||||
TLSProxy::Message::MT_CERTIFICATE_REQUEST,
|
||||
$data,
|
||||
$records,
|
||||
$startoffset,
|
||||
$message_frag_lens);
|
||||
|
||||
$self->{extension_data} = "";
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub parse
|
||||
{
|
||||
my $self = shift;
|
||||
my $ptr = 1;
|
||||
|
||||
if (TLSProxy::Proxy->is_tls13()) {
|
||||
my $request_ctx_len = unpack('C', $self->data);
|
||||
my $request_ctx = substr($self->data, $ptr, $request_ctx_len);
|
||||
$ptr += $request_ctx_len;
|
||||
|
||||
my $extensions_len = unpack('n', substr($self->data, $ptr));
|
||||
$ptr += 2;
|
||||
my $extension_data = substr($self->data, $ptr);
|
||||
if (length($extension_data) != $extensions_len) {
|
||||
die "Invalid extension length\n";
|
||||
}
|
||||
my %extensions = ();
|
||||
while (length($extension_data) >= 4) {
|
||||
my ($type, $size) = unpack("nn", $extension_data);
|
||||
my $extdata = substr($extension_data, 4, $size);
|
||||
$extension_data = substr($extension_data, 4 + $size);
|
||||
$extensions{$type} = $extdata;
|
||||
}
|
||||
$self->extension_data(\%extensions);
|
||||
|
||||
print " Extensions Len:".$extensions_len."\n";
|
||||
}
|
||||
# else parse TLSv1.2 version - we don't support that at the moment
|
||||
}
|
||||
|
||||
#Reconstruct the on-the-wire message data following changes
|
||||
sub set_message_contents
|
||||
{
|
||||
my $self = shift;
|
||||
my $data;
|
||||
my $extensions = "";
|
||||
|
||||
foreach my $key (keys %{$self->extension_data}) {
|
||||
my $extdata = ${$self->extension_data}{$key};
|
||||
$extensions .= pack("n", $key);
|
||||
$extensions .= pack("n", length($extdata));
|
||||
$extensions .= $extdata;
|
||||
}
|
||||
|
||||
$data = pack('n', length($extensions));
|
||||
$data .= $extensions;
|
||||
$self->data($data);
|
||||
}
|
||||
|
||||
#Read/write accessors
|
||||
sub extension_data
|
||||
{
|
||||
my $self = shift;
|
||||
if (@_) {
|
||||
$self->{extension_data} = shift;
|
||||
}
|
||||
return $self->{extension_data};
|
||||
}
|
||||
sub set_extension
|
||||
{
|
||||
my ($self, $ext_type, $ext_data) = @_;
|
||||
$self->{extension_data}{$ext_type} = $ext_data;
|
||||
}
|
||||
sub delete_extension
|
||||
{
|
||||
my ($self, $ext_type) = @_;
|
||||
delete $self->{extension_data}{$ext_type};
|
||||
}
|
||||
1;
|
|
@ -1,4 +1,4 @@
|
|||
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -129,6 +129,11 @@ use constant {
|
|||
CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
|
||||
};
|
||||
|
||||
use constant {
|
||||
CLIENT => 0,
|
||||
SERVER => 1
|
||||
};
|
||||
|
||||
my $payload = "";
|
||||
my $messlen = -1;
|
||||
my $mt;
|
||||
|
@ -338,6 +343,15 @@ sub create_message
|
|||
[@message_frag_lens]
|
||||
);
|
||||
$message->parse();
|
||||
} elsif ($mt == MT_CERTIFICATE_REQUEST) {
|
||||
$message = TLSProxy::CertificateRequest->new(
|
||||
$server,
|
||||
$data,
|
||||
[@message_rec_list],
|
||||
$startoffset,
|
||||
[@message_frag_lens]
|
||||
);
|
||||
$message->parse();
|
||||
} elsif ($mt == MT_CERTIFICATE_VERIFY) {
|
||||
$message = TLSProxy::CertificateVerify->new(
|
||||
$server,
|
||||
|
@ -434,7 +448,7 @@ sub ciphersuite
|
|||
}
|
||||
|
||||
#Update all the underlying records with the modified data from this message
|
||||
#Note: Only supports re-encrypting for TLSv1.3
|
||||
#Note: Only supports TLSv1.3 and ETM encryption
|
||||
sub repack
|
||||
{
|
||||
my $self = shift;
|
||||
|
@ -476,15 +490,38 @@ sub repack
|
|||
# (If a length override is ever needed to construct invalid packets,
|
||||
# use an explicit override field instead.)
|
||||
$rec->decrypt_len(length($rec->decrypt_data));
|
||||
$rec->len($rec->len + length($msgdata) - $old_length);
|
||||
# Only support re-encryption for TLSv1.3.
|
||||
if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
|
||||
#Add content type (1 byte) and 16 tag bytes
|
||||
$rec->data($rec->decrypt_data
|
||||
.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
|
||||
# Only support re-encryption for TLSv1.3 and ETM.
|
||||
if ($rec->encrypted()) {
|
||||
if (TLSProxy::Proxy->is_tls13()) {
|
||||
#Add content type (1 byte) and 16 tag bytes
|
||||
$rec->data($rec->decrypt_data
|
||||
.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
|
||||
} elsif ($rec->etm()) {
|
||||
my $data = $rec->decrypt_data;
|
||||
#Add padding
|
||||
my $padval = length($data) % 16;
|
||||
$padval = 15 - $padval;
|
||||
for (0..$padval) {
|
||||
$data .= pack("C", $padval);
|
||||
}
|
||||
|
||||
#Add MAC. Assumed to be 20 bytes
|
||||
foreach my $macval (0..19) {
|
||||
$data .= pack("C", $macval);
|
||||
}
|
||||
|
||||
if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) {
|
||||
#Explicit IV
|
||||
$data = ("\0"x16).$data;
|
||||
}
|
||||
$rec->data($data);
|
||||
} else {
|
||||
die "Unsupported encryption: No ETM";
|
||||
}
|
||||
} else {
|
||||
$rec->data($rec->decrypt_data);
|
||||
}
|
||||
$rec->len(length($rec->data));
|
||||
|
||||
#Update the fragment len in case we changed it above
|
||||
${$self->message_frag_lens}[0] = length($msgdata)
|
||||
|
|
|
@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
|
|||
use TLSProxy::ServerHello;
|
||||
use TLSProxy::EncryptedExtensions;
|
||||
use TLSProxy::Certificate;
|
||||
use TLSProxy::CertificateRequest;
|
||||
use TLSProxy::CertificateVerify;
|
||||
use TLSProxy::ServerKeyExchange;
|
||||
use TLSProxy::NewSessionTicket;
|
||||
|
@ -451,7 +452,7 @@ sub clientstart
|
|||
} else {
|
||||
# It's a bit counter-intuitive spot to make next connection to
|
||||
# the s_server. Rationale is that established connection works
|
||||
# as syncronization point, in sense that this way we know that
|
||||
# as synchronization point, in sense that this way we know that
|
||||
# s_server is actually done with current session...
|
||||
$self->connect_to_server();
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#! /usr/bin/env perl
|
||||
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -116,7 +116,8 @@ sub checkhandshake($$$$)
|
|||
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $message->mt() !=
|
||||
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
|
||||
|
||||
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
|
||||
&& !TLSProxy::Proxy::is_tls13();
|
||||
|
@ -124,7 +125,7 @@ sub checkhandshake($$$$)
|
|||
my $extchnum = 1;
|
||||
my $extshnum = 1;
|
||||
for (my $extloop = 0;
|
||||
$extensions[$extloop][2] != 0;
|
||||
$extensions[$extloop][3] != 0;
|
||||
$extloop++) {
|
||||
$extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
|
||||
&& TLSProxy::Proxy::is_tls13();
|
||||
|
@ -135,6 +136,7 @@ sub checkhandshake($$$$)
|
|||
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $extshnum != $shnum;
|
||||
next if ($message->mt() != $extensions[$extloop][0]);
|
||||
next if ($message->server() != $extensions[$extloop][2]);
|
||||
$numtests++;
|
||||
}
|
||||
$numtests++;
|
||||
|
@ -182,7 +184,8 @@ sub checkhandshake($$$$)
|
|||
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $message->mt() !=
|
||||
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
|
||||
|
||||
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
|
||||
&& !TLSProxy::Proxy::is_tls13();
|
||||
|
@ -197,7 +200,7 @@ sub checkhandshake($$$$)
|
|||
my $msgexts = $message->extension_data();
|
||||
my $extchnum = 1;
|
||||
my $extshnum = 1;
|
||||
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
|
||||
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
|
||||
$extloop++) {
|
||||
#In TLSv1.3 we can have two ClientHellos if there has been a
|
||||
#HelloRetryRequest, and they may have different extensions. Skip
|
||||
|
@ -211,12 +214,13 @@ sub checkhandshake($$$$)
|
|||
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $extshnum != $shnum;
|
||||
next if ($message->mt() != $extensions[$extloop][0]);
|
||||
ok (($extensions[$extloop][2] & $exttype) == 0
|
||||
next if ($message->server() != $extensions[$extloop][2]);
|
||||
ok (($extensions[$extloop][3] & $exttype) == 0
|
||||
|| defined ($msgexts->{$extensions[$extloop][1]}),
|
||||
"Extension presence check (Message: ".$message->mt()
|
||||
." Extension: ".($extensions[$extloop][2] & $exttype).", "
|
||||
." Extension: ".($extensions[$extloop][3] & $exttype).", "
|
||||
.$extloop.")");
|
||||
$extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
|
||||
$extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
|
||||
}
|
||||
ok($extcount == keys %$msgexts, "Extensions count mismatch ("
|
||||
.$extcount.", ".(keys %$msgexts)
|
||||
|
|
|
@ -75,11 +75,15 @@ X509_STORE_CTX_lookup_crls_fn datatype
|
|||
X509_STORE_CTX_verify_cb datatype
|
||||
X509_STORE_CTX_verify_fn datatype
|
||||
X509_STORE_set_verify_cb_func datatype
|
||||
X509_LOOKUP datatype
|
||||
X509_LOOKUP_METHOD datatype
|
||||
X509_LOOKUP_TYPE datatype
|
||||
X509_LOOKUP_get_by_alias_fn datatype
|
||||
X509_LOOKUP_get_by_subject_fn datatype
|
||||
X509_LOOKUP_get_by_fingerprint_fn datatype
|
||||
X509_LOOKUP_ctrl_fn datatype
|
||||
X509_LOOKUP_get_by_issuer_serial_fn datatype
|
||||
X509_STORE datatype
|
||||
bio_info_cb datatype
|
||||
BIO_info_cb datatype
|
||||
custom_ext_add_cb datatype
|
||||
|
@ -228,6 +232,8 @@ EVP_PKEY_CTX_set_dh_pad define
|
|||
EVP_PKEY_CTX_set_dh_rfc5114 define
|
||||
EVP_PKEY_CTX_set_dhx_rfc5114 define
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_bits define
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_q_bits define
|
||||
EVP_PKEY_CTX_set_dsa_paramgen_md define
|
||||
EVP_PKEY_CTX_set_ec_param_enc define
|
||||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid define
|
||||
EVP_PKEY_CTX_set_ecdh_cofactor_mode define
|
||||
|
@ -450,6 +456,8 @@ SSL_want_x509_lookup define
|
|||
SSLv23_client_method define
|
||||
SSLv23_method define
|
||||
SSLv23_server_method define
|
||||
X509_LOOKUP_add_dir define
|
||||
X509_LOOKUP_load_file define
|
||||
X509_STORE_set_lookup_crls_cb define
|
||||
X509_STORE_set_verify_func define
|
||||
EVP_PKEY_CTX_set1_id define
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue