Imported OpenSSL 1.1.1d
This commit is contained in:
Steve Dower
@@ -137,17 +137,17 @@ sub name_synopsis()
|
||||
}
|
||||
}
|
||||
|
||||
# Check if SECTION is located before BEFORE
|
||||
# Check if SECTION ($3) is located before BEFORE ($4)
|
||||
sub check_section_location()
|
||||
{
|
||||
my $filename = shift;
|
||||
my $id = shift;
|
||||
my $contents = shift;
|
||||
my $section = shift;
|
||||
my $before = shift;
|
||||
|
||||
return unless $contents =~ /=head1 $section/
|
||||
and $contents =~ /=head1 $before/;
|
||||
print "$filename: $section should be placed before $before section\n"
|
||||
return
|
||||
unless $contents =~ /=head1 $section/ and $contents =~ /=head1 $before/;
|
||||
print "$id $section should be placed before $before section\n"
|
||||
if $contents =~ /=head1 $before.*=head1 $section/ms;
|
||||
}
|
||||
|
||||
@@ -164,15 +164,15 @@ sub check()
|
||||
close POD;
|
||||
}
|
||||
|
||||
# Check if EXAMPLES is located after RETURN VALUES section.
|
||||
&check_section_location($filename, $contents, "RETURN VALUES", "EXAMPLES") if $filename =~ m|man3/|;
|
||||
# Check if HISTORY is located after SEE ALSO
|
||||
&check_section_location($filename, $contents, "SEE ALSO", "HISTORY") if $filename =~ m|man3/|;
|
||||
# Check if SEE ALSO is located after EXAMPLES
|
||||
&check_section_location($filename, $contents, "EXAMPLES", "SEE ALSO") if $filename =~ m|man3/|;
|
||||
|
||||
my $id = "${filename}:1:";
|
||||
|
||||
# Check ordering of some sections in man3
|
||||
if ( $filename =~ m|man3/| ) {
|
||||
&check_section_location($id, $contents, "RETURN VALUES", "EXAMPLES");
|
||||
&check_section_location($id, $contents, "SEE ALSO", "HISTORY");
|
||||
&check_section_location($id, $contents, "EXAMPLES", "SEE ALSO");
|
||||
}
|
||||
|
||||
&name_synopsis($id, $filename, $contents)
|
||||
unless $contents =~ /=for comment generic/
|
||||
or $filename =~ m@man[157]/@;
|
||||
@@ -183,6 +183,10 @@ sub check()
|
||||
if $contents !~ /=cut\n$/;
|
||||
print "$id more than one cut line.\n"
|
||||
if $contents =~ /=cut.*=cut/ms;
|
||||
print "$id EXAMPLE not EXAMPLES section.\n"
|
||||
if $contents =~ /=head1 EXAMPLE[^S]/;
|
||||
print "$id WARNING not WARNINGS section.\n"
|
||||
if $contents =~ /=head1 WARNING[^S]/;
|
||||
print "$id missing copyright\n"
|
||||
if $contents !~ /Copyright .* The OpenSSL Project Authors/;
|
||||
print "$id copyright not last\n"
|
||||
|
||||
@@ -4580,3 +4580,5 @@ EVP_PKEY_meth_get_digest_custom 4533 1_1_1 EXIST::FUNCTION:
|
||||
OPENSSL_INIT_set_config_filename 4534 1_1_1b EXIST::FUNCTION:STDIO
|
||||
OPENSSL_INIT_set_config_file_flags 4535 1_1_1b EXIST::FUNCTION:STDIO
|
||||
EVP_PKEY_get0_engine 4536 1_1_1c EXIST::FUNCTION:ENGINE
|
||||
X509_get0_authority_serial 4537 1_1_1d EXIST::FUNCTION:
|
||||
X509_get0_authority_issuer 4538 1_1_1d EXIST::FUNCTION:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -360,7 +360,7 @@ sub do_defs
|
||||
|
||||
# params: symbol, alias, platforms, kind
|
||||
# The reason to put this subroutine in a variable is that
|
||||
# it will otherwise create it's own, unshared, version of
|
||||
# it will otherwise create its own, unshared, version of
|
||||
# %tag and %variant...
|
||||
my $make_variant = sub
|
||||
{
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -417,9 +417,7 @@ print STDERR "\n" if $debug;
|
||||
&phase("Writing files");
|
||||
my $newstate = 0;
|
||||
foreach my $lib ( keys %errorfile ) {
|
||||
if ( ! $fnew{$lib} && ! $rnew{$lib} ) {
|
||||
next unless $rebuild;
|
||||
}
|
||||
next if ! $fnew{$lib} && ! $rnew{$lib} && ! $rebuild;
|
||||
next if scalar keys %modules > 0 && !$modules{$lib};
|
||||
next if $nowrite;
|
||||
print STDERR "$lib: $fnew{$lib} new functions\n" if $fnew{$lib};
|
||||
@@ -455,6 +453,8 @@ foreach my $lib ( keys %errorfile ) {
|
||||
#ifndef HEADER_${lib}ERR_H
|
||||
# define HEADER_${lib}ERR_H
|
||||
|
||||
# include <openssl/symhacks.h>
|
||||
|
||||
EOF
|
||||
if ( $internal ) {
|
||||
# Declare the load function because the generate C file
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
|
||||
rel2abs/;
|
||||
use File::Path 2.00 qw/rmtree mkpath/;
|
||||
use File::Basename;
|
||||
use Cwd qw/abs_path/;
|
||||
|
||||
my $level = 0;
|
||||
|
||||
@@ -164,13 +165,13 @@ C<indir> takes some additional options OPTS that affect the subdirectory:
|
||||
|
||||
=item B<create =E<gt> 0|1>
|
||||
|
||||
When set to 1 (or any value that perl preceives as true), the subdirectory
|
||||
When set to 1 (or any value that perl perceives as true), the subdirectory
|
||||
will be created if it doesn't already exist. This happens before BLOCK
|
||||
is executed.
|
||||
|
||||
=item B<cleanup =E<gt> 0|1>
|
||||
|
||||
When set to 1 (or any value that perl preceives as true), the subdirectory
|
||||
When set to 1 (or any value that perl perceives as true), the subdirectory
|
||||
will be cleaned out and removed. This happens both before and after BLOCK
|
||||
is executed.
|
||||
|
||||
@@ -869,8 +870,8 @@ failures will result in a C<BAIL_OUT> at the end of its run.
|
||||
sub __env {
|
||||
(my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;
|
||||
|
||||
$directories{SRCTOP} = $ENV{SRCTOP} || $ENV{TOP};
|
||||
$directories{BLDTOP} = $ENV{BLDTOP} || $ENV{TOP};
|
||||
$directories{SRCTOP} = abs_path($ENV{SRCTOP} || $ENV{TOP});
|
||||
$directories{BLDTOP} = abs_path($ENV{BLDTOP} || $ENV{TOP});
|
||||
$directories{BLDAPPS} = $ENV{BIN_D} || __bldtop_dir("apps");
|
||||
$directories{SRCAPPS} = __srctop_dir("apps");
|
||||
$directories{BLDFUZZ} = __bldtop_dir("fuzz");
|
||||
|
||||
105
util/perl/TLSProxy/CertificateRequest.pm
Normal file
105
util/perl/TLSProxy/CertificateRequest.pm
Normal file
@@ -0,0 +1,105 @@
|
||||
# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
use strict;
|
||||
|
||||
package TLSProxy::CertificateRequest;
|
||||
|
||||
use vars '@ISA';
|
||||
push @ISA, 'TLSProxy::Message';
|
||||
|
||||
sub new
|
||||
{
|
||||
my $class = shift;
|
||||
my ($server,
|
||||
$data,
|
||||
$records,
|
||||
$startoffset,
|
||||
$message_frag_lens) = @_;
|
||||
|
||||
my $self = $class->SUPER::new(
|
||||
$server,
|
||||
TLSProxy::Message::MT_CERTIFICATE_REQUEST,
|
||||
$data,
|
||||
$records,
|
||||
$startoffset,
|
||||
$message_frag_lens);
|
||||
|
||||
$self->{extension_data} = "";
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub parse
|
||||
{
|
||||
my $self = shift;
|
||||
my $ptr = 1;
|
||||
|
||||
if (TLSProxy::Proxy->is_tls13()) {
|
||||
my $request_ctx_len = unpack('C', $self->data);
|
||||
my $request_ctx = substr($self->data, $ptr, $request_ctx_len);
|
||||
$ptr += $request_ctx_len;
|
||||
|
||||
my $extensions_len = unpack('n', substr($self->data, $ptr));
|
||||
$ptr += 2;
|
||||
my $extension_data = substr($self->data, $ptr);
|
||||
if (length($extension_data) != $extensions_len) {
|
||||
die "Invalid extension length\n";
|
||||
}
|
||||
my %extensions = ();
|
||||
while (length($extension_data) >= 4) {
|
||||
my ($type, $size) = unpack("nn", $extension_data);
|
||||
my $extdata = substr($extension_data, 4, $size);
|
||||
$extension_data = substr($extension_data, 4 + $size);
|
||||
$extensions{$type} = $extdata;
|
||||
}
|
||||
$self->extension_data(\%extensions);
|
||||
|
||||
print " Extensions Len:".$extensions_len."\n";
|
||||
}
|
||||
# else parse TLSv1.2 version - we don't support that at the moment
|
||||
}
|
||||
|
||||
#Reconstruct the on-the-wire message data following changes
|
||||
sub set_message_contents
|
||||
{
|
||||
my $self = shift;
|
||||
my $data;
|
||||
my $extensions = "";
|
||||
|
||||
foreach my $key (keys %{$self->extension_data}) {
|
||||
my $extdata = ${$self->extension_data}{$key};
|
||||
$extensions .= pack("n", $key);
|
||||
$extensions .= pack("n", length($extdata));
|
||||
$extensions .= $extdata;
|
||||
}
|
||||
|
||||
$data = pack('n', length($extensions));
|
||||
$data .= $extensions;
|
||||
$self->data($data);
|
||||
}
|
||||
|
||||
#Read/write accessors
|
||||
sub extension_data
|
||||
{
|
||||
my $self = shift;
|
||||
if (@_) {
|
||||
$self->{extension_data} = shift;
|
||||
}
|
||||
return $self->{extension_data};
|
||||
}
|
||||
sub set_extension
|
||||
{
|
||||
my ($self, $ext_type, $ext_data) = @_;
|
||||
$self->{extension_data}{$ext_type} = $ext_data;
|
||||
}
|
||||
sub delete_extension
|
||||
{
|
||||
my ($self, $ext_type) = @_;
|
||||
delete $self->{extension_data}{$ext_type};
|
||||
}
|
||||
1;
|
||||
@@ -129,6 +129,11 @@ use constant {
|
||||
CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
|
||||
};
|
||||
|
||||
use constant {
|
||||
CLIENT => 0,
|
||||
SERVER => 1
|
||||
};
|
||||
|
||||
my $payload = "";
|
||||
my $messlen = -1;
|
||||
my $mt;
|
||||
@@ -338,6 +343,15 @@ sub create_message
|
||||
[@message_frag_lens]
|
||||
);
|
||||
$message->parse();
|
||||
} elsif ($mt == MT_CERTIFICATE_REQUEST) {
|
||||
$message = TLSProxy::CertificateRequest->new(
|
||||
$server,
|
||||
$data,
|
||||
[@message_rec_list],
|
||||
$startoffset,
|
||||
[@message_frag_lens]
|
||||
);
|
||||
$message->parse();
|
||||
} elsif ($mt == MT_CERTIFICATE_VERIFY) {
|
||||
$message = TLSProxy::CertificateVerify->new(
|
||||
$server,
|
||||
|
||||
@@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
|
||||
use TLSProxy::ServerHello;
|
||||
use TLSProxy::EncryptedExtensions;
|
||||
use TLSProxy::Certificate;
|
||||
use TLSProxy::CertificateRequest;
|
||||
use TLSProxy::CertificateVerify;
|
||||
use TLSProxy::ServerKeyExchange;
|
||||
use TLSProxy::NewSessionTicket;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
#! /usr/bin/env perl
|
||||
# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the OpenSSL license (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
@@ -116,7 +116,8 @@ sub checkhandshake($$$$)
|
||||
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $message->mt() !=
|
||||
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
|
||||
|
||||
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
|
||||
&& !TLSProxy::Proxy::is_tls13();
|
||||
@@ -124,7 +125,7 @@ sub checkhandshake($$$$)
|
||||
my $extchnum = 1;
|
||||
my $extshnum = 1;
|
||||
for (my $extloop = 0;
|
||||
$extensions[$extloop][2] != 0;
|
||||
$extensions[$extloop][3] != 0;
|
||||
$extloop++) {
|
||||
$extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
|
||||
&& TLSProxy::Proxy::is_tls13();
|
||||
@@ -135,6 +136,7 @@ sub checkhandshake($$$$)
|
||||
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $extshnum != $shnum;
|
||||
next if ($message->mt() != $extensions[$extloop][0]);
|
||||
next if ($message->server() != $extensions[$extloop][2]);
|
||||
$numtests++;
|
||||
}
|
||||
$numtests++;
|
||||
@@ -182,7 +184,8 @@ sub checkhandshake($$$$)
|
||||
&& $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $message->mt() !=
|
||||
TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE
|
||||
&& $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
|
||||
|
||||
next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
|
||||
&& !TLSProxy::Proxy::is_tls13();
|
||||
@@ -197,7 +200,7 @@ sub checkhandshake($$$$)
|
||||
my $msgexts = $message->extension_data();
|
||||
my $extchnum = 1;
|
||||
my $extshnum = 1;
|
||||
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
|
||||
for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
|
||||
$extloop++) {
|
||||
#In TLSv1.3 we can have two ClientHellos if there has been a
|
||||
#HelloRetryRequest, and they may have different extensions. Skip
|
||||
@@ -211,12 +214,13 @@ sub checkhandshake($$$$)
|
||||
next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
|
||||
&& $extshnum != $shnum;
|
||||
next if ($message->mt() != $extensions[$extloop][0]);
|
||||
ok (($extensions[$extloop][2] & $exttype) == 0
|
||||
next if ($message->server() != $extensions[$extloop][2]);
|
||||
ok (($extensions[$extloop][3] & $exttype) == 0
|
||||
|| defined ($msgexts->{$extensions[$extloop][1]}),
|
||||
"Extension presence check (Message: ".$message->mt()
|
||||
." Extension: ".($extensions[$extloop][2] & $exttype).", "
|
||||
." Extension: ".($extensions[$extloop][3] & $exttype).", "
|
||||
.$extloop.")");
|
||||
$extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
|
||||
$extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
|
||||
}
|
||||
ok($extcount == keys %$msgexts, "Extensions count mismatch ("
|
||||
.$extcount.", ".(keys %$msgexts)
|
||||
|
||||
Reference in New Issue
Block a user