external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

AppleM1: Update openssl to v1.1.1l

Browse source
This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions
Download patch file Download diff file Expand all files Collapse all files

121
trunk/3rdparty/openssl-1.1-fit/util/cavs-to-evptest.pl vendored Normal file
View file

@ -0,0 +1,121 @@
#! /usr/bin/env perl
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#Convert CCM CAVS test vectors to a format suitable for evp_test
use strict;
use warnings;
my $alg;
my $mode;
my $keylen;
my $key = "";
my $iv = "";
my $aad = "";
my $ct = "";
my $pt = "";
my $tag = "";
my $aadlen = 0;
my $ptlen = 0;
my $taglen = 0;
my $res = "";
my $intest = 0;
my $fixediv = 0;
while (<STDIN>)
{
chomp;
# Pull out the cipher mode from the comment at the beginning of the file
if(/^#\s*"([^-]+)-\w+" information/) {
$mode = lc($1);
# Pull out the key length from the comment at the beginning of the file
} elsif(/^#\s*(\w+) Keylen: (\d+)/) {
$alg = lc($1);
$keylen = $2;
# Some parameters common to many tests appear as a list in square brackets
# so parse these
} elsif(/\[(.*)\]/) {
my @pairs = split(/, /, $1);
foreach my $pair (@pairs) {
$pair =~ /(\w+)\s*=\s*(\d+)/;
# AAD Length
if ($1 eq "Alen") {
$aadlen = $2;
# Plaintext length
} elsif ($1 eq "Plen") {
$ptlen = $2;
# Tag length
} elsif ($1 eq "Tlen") {
$taglen = $2;
}
}
# Key/Value pair
} elsif (/^\s*(\w+)\s*=\s*(\S.*)\r/) {
if ($1 eq "Key") {
$key = $2;
} elsif ($1 eq "Nonce") {
$iv = $2;
if ($intest == 0) {
$fixediv = 1;
} else {
$fixediv = 0;
}
} elsif ($1 eq "Adata") {
$aad = $2;
} elsif ($1 eq "CT") {
$ct = substr($2, 0, length($2) - ($taglen * 2));
$tag = substr($2, $taglen * -2);
} elsif ($1 eq "Payload") {
$pt = $2;
} elsif ($1 eq "Result") {
if ($2 =~ /Fail/) {
$res = "CIPHERUPDATE_ERROR";
}
} elsif ($1 eq "Count") {
$intest = 1;
} elsif ($1 eq "Plen") {
$ptlen = $2;
} elsif ($1 eq "Tlen") {
$taglen = $2;
} elsif ($1 eq "Alen") {
$aadlen = $2;
}
# Something else - probably just a blank line
} elsif ($intest) {
print "Cipher = $alg-$keylen-$mode\n";
print "Key = $key\n";
print "IV = $iv\n";
print "AAD =";
if ($aadlen > 0) {
print " $aad";
}
print "\nTag =";
if ($taglen > 0) {
print " $tag";
}
print "\nPlaintext =";
if ($ptlen > 0) {
print " $pt";
}
print "\nCiphertext = $ct\n";
if ($res ne "") {
print "Operation = DECRYPT\n";
print "Result = $res\n";
}
print "\n";
$res = "";
if ($fixediv == 0) {
$iv = "";
}
$aad = "";
$tag = "";
$pt = "";
$intest = 0;
}
}

37
trunk/3rdparty/openssl-1.1-fit/util/find-doc-nits vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -35,7 +35,7 @@ Find small errors (nits) in documentation. Options:
-l Print bogus links
-n Print nits in POD pages
-p Warn if non-public name documented (implies -n)
-u List undocumented functions
-u Count undocumented functions
-h Print this help message
-c List undocumented commands and options
EOF
@ -137,6 +137,20 @@ sub name_synopsis()
}
}
# Check if SECTION ($3) is located before BEFORE ($4)
sub check_section_location()
{
my $id = shift;
my $contents = shift;
my $section = shift;
my $before = shift;
return
unless $contents =~ /=head1 $section/ and $contents =~ /=head1 $before/;
print "$id $section should be placed before $before section\n"
if $contents =~ /=head1 $before.*=head1 $section/ms;
}
sub check()
{
my $filename = shift;
@ -152,6 +166,13 @@ sub check()
my $id = "${filename}:1:";
# Check ordering of some sections in man3
if ( $filename =~ m|man3/| ) {
&check_section_location($id, $contents, "RETURN VALUES", "EXAMPLES");
&check_section_location($id, $contents, "SEE ALSO", "HISTORY");
&check_section_location($id, $contents, "EXAMPLES", "SEE ALSO");
}
&name_synopsis($id, $filename, $contents)
unless $contents =~ /=for comment generic/
or $filename =~ m@man[157]/@;
@ -162,6 +183,10 @@ sub check()
if $contents !~ /=cut\n$/;
print "$id more than one cut line.\n"
if $contents =~ /=cut.*=cut/ms;
print "$id EXAMPLE not EXAMPLES section.\n"
if $contents =~ /=head1 EXAMPLE[^S]/;
print "$id WARNING not WARNINGS section.\n"
if $contents =~ /=head1 WARNING[^S]/;
print "$id missing copyright\n"
if $contents !~ /Copyright .* The OpenSSL Project Authors/;
print "$id copyright not last\n"
@ -269,6 +294,7 @@ my %docced;
sub checkmacros()
{
my $count = 0;
my %seen;
print "# Checking macros (approximate)\n";
foreach my $f ( glob('include/openssl/*.h') ) {
@ -280,7 +306,7 @@ sub checkmacros()
while ( <IN> ) {
next unless /^#\s*define\s*(\S+)\(/;
my $macro = $1;
next if $docced{$macro};
next if $docced{$macro} || defined $seen{$macro};
next if $macro =~ /i2d_/
|| $macro =~ /d2i_/
|| $macro =~ /DEPRECATEDIN/
@ -288,6 +314,7 @@ sub checkmacros()
|| $macro =~ /DECLARE_/;
print "$f:$macro\n" if $opt_d;
$count++;
$seen{$macro} = 1;
}
close(IN);
}
@ -299,15 +326,17 @@ sub printem()
my $libname = shift;
my $numfile = shift;
my $count = 0;
my %seen;
foreach my $func ( &parsenum($numfile) ) {
next if $docced{$func};
next if $docced{$func} || defined $seen{$func};
# Skip ASN1 utilities
next if $func =~ /^ASN1_/;
print "$libname:$func\n" if $opt_d;
$count++;
$seen{$func} = 1;
}
print "# Found $count missing from $numfile\n\n";
}

19
trunk/3rdparty/openssl-1.1-fit/util/fix-includes vendored Executable file
View file

@ -0,0 +1,19 @@
#!/bin/sh
#
# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
find -name ossl_typ.h -o \( \
-name '*.h' -o \
-name '*.h.in' -o \
-name '*.c' -o \
-name '*.ec' -o \
-name 'README*' -o \
-name '*.pod' -o \
-name '*.conf' \
\) -exec sed -E -i \
-f util/fix-includes.sed {} \;

5
trunk/3rdparty/openssl-1.1-fit/util/fix-includes.sed vendored Normal file
View file

@ -0,0 +1,5 @@
s|internal/([a-z0-9_]+)_int\.h|crypto/\1.h|g ;
s@internal/(aria.h|async.h|bn_conf.h|bn_dh.h|bn_srp.h|chacha.h|ctype.h|__DECC_INCLUDE_EPILOGUE.H|__DECC_INCLUDE_PROLOGUE.H|dso_conf.h|engine.h|lhash.h|md32_common.h|objects.h|poly1305.h|sha.h|siphash.h|sm2err.h|sm2.h|sm3.h|sm4.h|store.h|foobar)@crypto/\1@g ;
s/constant_time_locl/constant_time/g ;
s/_lo?cl\.h/_local.h/g ;
s/_int\.h/_local.h/g ;

12
trunk/3rdparty/openssl-1.1-fit/util/libcrypto.num vendored
View file

@ -4579,3 +4579,15 @@ EVP_PKEY_meth_set_digest_custom 4532 1_1_1 EXIST::FUNCTION:
EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION:
X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION:
EVP_PKEY_meth_set_digestsign 4539 1_1_1e EXIST::FUNCTION:
EVP_PKEY_meth_set_digestverify 4540 1_1_1e EXIST::FUNCTION:
EVP_PKEY_meth_get_digestverify 4541 1_1_1e EXIST::FUNCTION:
EVP_PKEY_meth_get_digestsign 4542 1_1_1e EXIST::FUNCTION:
RSA_get0_pss_params 4543 1_1_1e EXIST::FUNCTION:RSA
X509_ALGOR_copy 4544 1_1_1h EXIST::FUNCTION:
X509_REQ_set0_signature 4545 1_1_1h EXIST::FUNCTION:
X509_REQ_set1_signature_algo 4546 1_1_1h EXIST::FUNCTION:
EC_KEY_decoded_from_explicit_params 4547 1_1_1h EXIST::FUNCTION:EC

4
trunk/3rdparty/openssl-1.1-fit/util/mkdef.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -360,7 +360,7 @@ sub do_defs
# params: symbol, alias, platforms, kind
# The reason to put this subroutine in a variable is that
# it will otherwise create it's own, unshared, version of
# it will otherwise create its own, unshared, version of
# %tag and %variant...
my $make_variant = sub
{

5
trunk/3rdparty/openssl-1.1-fit/util/mkdir-p.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -34,11 +34,12 @@ sub do_mkdir_p {
}
unless (mkdir($dir, 0777)) {
local($err) = $!;
if (-d $dir) {
# We raced against another instance doing the same thing.
return;
}
die "Cannot create directory $dir: $!\n";
die "Cannot create directory $dir: $err\n";
}
print "created directory `$dir'\n";
}

8
trunk/3rdparty/openssl-1.1-fit/util/mkerr.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -417,9 +417,7 @@ print STDERR "\n" if $debug;
&phase("Writing files");
my $newstate = 0;
foreach my $lib ( keys %errorfile ) {
if ( ! $fnew{$lib} && ! $rnew{$lib} ) {
next unless $rebuild;
}
next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
next if scalar keys %modules > 0 && !$modules{$lib};
next if $nowrite;
print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
@ -455,6 +453,8 @@ foreach my $lib ( keys %errorfile ) {
#ifndef HEADER_${lib}ERR_H
# define HEADER_${lib}ERR_H
# include <openssl/symhacks.h>
EOF
if ( $internal ) {
# Declare the load function because the generate C file

4
trunk/3rdparty/openssl-1.1-fit/util/mkrc.pl vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -46,7 +46,7 @@ if ( $filename =~ /openssl/i ) {
$vft = "VFT_APP";
}
my $YEAR = [localtime()]->[5] + 1900;
my $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH} || time())]->[5] + 1900;
print <<___;
#include <winver.h>

19
trunk/3rdparty/openssl-1.1-fit/util/perl/OpenSSL/Test.pm vendored
View file

@ -1,4 +1,4 @@
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
rel2abs/;
use File::Path 2.00 qw/rmtree mkpath/;
use File::Basename;
use Cwd qw/getcwd abs_path/;
my $level = 0;
@ -164,13 +165,13 @@ C<indir> takes some additional options OPTS that affect the subdirectory:
=item B<create =E<gt> 0|1>
When set to 1 (or any value that perl preceives as true), the subdirectory
When set to 1 (or any value that perl perceives as true), the subdirectory
will be created if it doesn't already exist. This happens before BLOCK
is executed.
=item B<cleanup =E<gt> 0|1>
When set to 1 (or any value that perl preceives as true), the subdirectory
When set to 1 (or any value that perl perceives as true), the subdirectory
will be cleaned out and removed. This happens both before and after BLOCK
is executed.
@ -869,8 +870,8 @@ failures will result in a C<BAIL_OUT> at the end of its run.
sub __env {
(my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
$directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP};
$directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP};
$directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP});
$directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP});
$directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
$directories{SRCAPPS} = __srctop_dir("apps");
$directories{BLDFUZZ} = __bldtop_dir("fuzz");
@ -903,26 +904,26 @@ sub __srctop_file {
BAIL_OUT("Must run setup() first") if (! $test_name);
my $f = pop;
return catfile($directories{SRCTOP},@_,$f);
return abs2rel(catfile($directories{SRCTOP},@_,$f),getcwd);
}
sub __srctop_dir {
BAIL_OUT("Must run setup() first") if (! $test_name);
return catdir($directories{SRCTOP},@_);
return abs2rel(catdir($directories{SRCTOP},@_), getcwd);
}
sub __bldtop_file {
BAIL_OUT("Must run setup() first") if (! $test_name);
my $f = pop;
return catfile($directories{BLDTOP},@_,$f);
return abs2rel(catfile($directories{BLDTOP},@_,$f), getcwd);
}
sub __bldtop_dir {
BAIL_OUT("Must run setup() first") if (! $test_name);
return catdir($directories{BLDTOP},@_);
return abs2rel(catdir($directories{BLDTOP},@_), getcwd);
}
# __exeext is a function that returns the platform dependent file extension

105
trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/CertificateRequest.pm vendored Normal file
View file

@ -0,0 +1,105 @@
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
use strict;
package TLSProxy::CertificateRequest;
use vars '@ISA';
push @ISA, 'TLSProxy::Message';
sub new
{
my $class = shift;
my ($server,
$data,
$records,
$startoffset,
$message_frag_lens) = @_;
my $self = $class->SUPER::new(
$server,
TLSProxy::Message::MT_CERTIFICATE_REQUEST,
$data,
$records,
$startoffset,
$message_frag_lens);
$self->{extension_data} = "";
return $self;
}
sub parse
{
my $self = shift;
my $ptr = 1;
if (TLSProxy::Proxy->is_tls13()) {
my $request_ctx_len = unpack('C', $self->data);
my $request_ctx = substr($self->data, $ptr, $request_ctx_len);
$ptr += $request_ctx_len;
my $extensions_len = unpack('n', substr($self->data, $ptr));
$ptr += 2;
my $extension_data = substr($self->data, $ptr);
if (length($extension_data) != $extensions_len) {
die "Invalid extension length\n";
}
my %extensions = ();
while (length($extension_data) >= 4) {
my ($type, $size) = unpack("nn", $extension_data);
my $extdata = substr($extension_data, 4, $size);
$extension_data = substr($extension_data, 4 + $size);
$extensions{$type} = $extdata;
}
$self->extension_data(\%extensions);
print " Extensions Len:".$extensions_len."\n";
}
# else parse TLSv1.2 version - we don't support that at the moment
}
#Reconstruct the on-the-wire message data following changes
sub set_message_contents
{
my $self = shift;
my $data;
my $extensions = "";
foreach my $key (keys %{$self->extension_data}) {
my $extdata = ${$self->extension_data}{$key};
$extensions .= pack("n", $key);
$extensions .= pack("n", length($extdata));
$extensions .= $extdata;
}
$data = pack('n', length($extensions));
$data .= $extensions;
$self->data($data);
}
#Read/write accessors
sub extension_data
{
my $self = shift;
if (@_) {
$self->{extension_data} = shift;
}
return $self->{extension_data};
}
sub set_extension
{
my ($self, $ext_type, $ext_data) = @_;
$self->{extension_data}{$ext_type} = $ext_data;
}
sub delete_extension
{
my ($self, $ext_type) = @_;
delete $self->{extension_data}{$ext_type};
}
1;

53
trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Message.pm vendored
View file

@ -1,4 +1,4 @@
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -129,6 +129,11 @@ use constant {
CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
};
use constant {
CLIENT => 0,
SERVER => 1
};
my $payload = "";
my $messlen = -1;
my $mt;
@ -338,6 +343,15 @@ sub create_message
[@message_frag_lens]
);
$message->parse();
} elsif ($mt == MT_CERTIFICATE_REQUEST) {
$message = TLSProxy::CertificateRequest->new(
$server,
$data,
[@message_rec_list],
$startoffset,
[@message_frag_lens]
);
$message->parse();
} elsif ($mt == MT_CERTIFICATE_VERIFY) {
$message = TLSProxy::CertificateVerify->new(
$server,
@ -434,7 +448,7 @@ sub ciphersuite
}
#Update all the underlying records with the modified data from this message
#Note: Only supports re-encrypting for TLSv1.3
#Note: Only supports TLSv1.3 and ETM encryption
sub repack
{
my $self = shift;
@ -476,15 +490,38 @@ sub repack
# (If a length override is ever needed to construct invalid packets,
# use an explicit override field instead.)
$rec->decrypt_len(length($rec->decrypt_data));
$rec->len($rec->len + length($msgdata) - $old_length);
# Only support re-encryption for TLSv1.3.
if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
#Add content type (1 byte) and 16 tag bytes
$rec->data($rec->decrypt_data
.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
# Only support re-encryption for TLSv1.3 and ETM.
if ($rec->encrypted()) {
if (TLSProxy::Proxy->is_tls13()) {
#Add content type (1 byte) and 16 tag bytes
$rec->data($rec->decrypt_data
.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
} elsif ($rec->etm()) {
my $data = $rec->decrypt_data;
#Add padding
my $padval = length($data) % 16;
$padval = 15 - $padval;
for (0..$padval) {
$data .= pack("C", $padval);
}
#Add MAC. Assumed to be 20 bytes
foreach my $macval (0..19) {
$data .= pack("C", $macval);
}
if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) {
#Explicit IV
$data = ("\0"x16).$data;
}
$rec->data($data);
} else {
die "Unsupported encryption: No ETM";
}
} else {
$rec->data($rec->decrypt_data);
}
$rec->len(length($rec->data));
#Update the fragment len in case we changed it above
${$self->message_frag_lens}[0] = length($msgdata)

3
trunk/3rdparty/openssl-1.1-fit/util/perl/TLSProxy/Proxy.pm vendored
View file

@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
use TLSProxy::ServerHello;
use TLSProxy::EncryptedExtensions;
use TLSProxy::Certificate;
use TLSProxy::CertificateRequest;
use TLSProxy::CertificateVerify;
use TLSProxy::ServerKeyExchange;
use TLSProxy::NewSessionTicket;
@ -451,7 +452,7 @@ sub clientstart
} else {
# It's a bit counter-intuitive spot to make next connection to
# the s_server. Rationale is that established connection works
# as syncronization point, in sense that this way we know that
# as synchronization point, in sense that this way we know that
# s_server is actually done with current session...
$self->connect_to_server();
}

20
trunk/3rdparty/openssl-1.1-fit/util/perl/checkhandshake.pm vendored
View file

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -116,7 +116,8 @@ sub checkhandshake($$$$)
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
&& $message->mt() !=
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
&& !TLSProxy::Proxy::is_tls13();
@ -124,7 +125,7 @@ sub checkhandshake($$$$)
my $extchnum = 1;
my $extshnum = 1;
for (my $extloop = 0;
$extensions[$extloop][2] != 0;
$extensions[$extloop][3] != 0;
$extloop++) {
$extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
&& TLSProxy::Proxy::is_tls13();
@ -135,6 +136,7 @@ sub checkhandshake($$$$)
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
&& $extshnum != $shnum;
next if ($message->mt() != $extensions[$extloop][0]);
next if ($message->server() != $extensions[$extloop][2]);
$numtests++;
}
$numtests++;
@ -182,7 +184,8 @@ sub checkhandshake($$$$)
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
&& $message->mt() !=
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
&& !TLSProxy::Proxy::is_tls13();
@ -197,7 +200,7 @@ sub checkhandshake($$$$)
my $msgexts = $message->extension_data();
my $extchnum = 1;
my $extshnum = 1;
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
$extloop++) {
#In TLSv1.3 we can have two ClientHellos if there has been a
#HelloRetryRequest, and they may have different extensions. Skip
@ -211,12 +214,13 @@ sub checkhandshake($$$$)
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
&& $extshnum != $shnum;
next if ($message->mt() != $extensions[$extloop][0]);
ok (($extensions[$extloop][2] & $exttype) == 0
next if ($message->server() != $extensions[$extloop][2]);
ok (($extensions[$extloop][3] & $exttype) == 0
|| defined ($msgexts->{$extensions[$extloop][1]}),
"Extension presence check (Message: ".$message->mt()
." Extension: ".($extensions[$extloop][2] & $exttype).", "
." Extension: ".($extensions[$extloop][3] & $exttype).", "
.$extloop.")");
$extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
$extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
}
ok($extcount == keys %$msgexts, "Extensions count mismatch ("
.$extcount.", ".(keys %$msgexts)

8
trunk/3rdparty/openssl-1.1-fit/util/private.num vendored
View file

@ -75,11 +75,15 @@ X509_STORE_CTX_lookup_crls_fn datatype
X509_STORE_CTX_verify_cb datatype
X509_STORE_CTX_verify_fn datatype
X509_STORE_set_verify_cb_func datatype
X509_LOOKUP datatype
X509_LOOKUP_METHOD datatype
X509_LOOKUP_TYPE datatype
X509_LOOKUP_get_by_alias_fn datatype
X509_LOOKUP_get_by_subject_fn datatype
X509_LOOKUP_get_by_fingerprint_fn datatype
X509_LOOKUP_ctrl_fn datatype
X509_LOOKUP_get_by_issuer_serial_fn datatype
X509_STORE datatype
bio_info_cb datatype
BIO_info_cb datatype
custom_ext_add_cb datatype
@ -228,6 +232,8 @@ EVP_PKEY_CTX_set_dh_pad define
EVP_PKEY_CTX_set_dh_rfc5114 define
EVP_PKEY_CTX_set_dhx_rfc5114 define
EVP_PKEY_CTX_set_dsa_paramgen_bits define
EVP_PKEY_CTX_set_dsa_paramgen_q_bits define
EVP_PKEY_CTX_set_dsa_paramgen_md define
EVP_PKEY_CTX_set_ec_param_enc define
EVP_PKEY_CTX_set_ec_paramgen_curve_nid define
EVP_PKEY_CTX_set_ecdh_cofactor_mode define
@ -450,6 +456,8 @@ SSL_want_x509_lookup define
SSLv23_client_method define
SSLv23_method define
SSLv23_server_method define
X509_LOOKUP_add_dir define
X509_LOOKUP_load_file define
X509_STORE_set_lookup_crls_cb define
X509_STORE_set_verify_func define
EVP_PKEY_CTX_set1_id define