Imported OpenSSL 1.1.1d

2019-09-16 11:16:33 +01:00
parent ea3c37b9ec
commit 6f2f71e7ea
325 changed files with 5375 additions and 11047 deletions
--- a/util/perl/OpenSSL/Test.pm
+++ b/util/perl/OpenSSL/Test.pm
@@ -1,4 +1,4 @@
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -65,6 +65,7 @@ use File::Spec::Functions qw/file_name_is_absolute curdir canonpath splitdir
                             rel2abs/;
 use File::Path 2.00 qw/rmtree mkpath/;
 use File::Basename;
+use Cwd qw/abs_path/;

 my $level = 0;

@@ -164,13 +165,13 @@ C<indir> takes some additional options OPTS that affect the subdirectory:

 =item B<create =E<gt> 0|1>

-When set to 1 (or any value that perl preceives as true), the subdirectory
+When set to 1 (or any value that perl perceives as true), the subdirectory
 will be created if it doesn't already exist.  This happens before BLOCK
 is executed.

 =item B<cleanup =E<gt> 0|1>

-When set to 1 (or any value that perl preceives as true), the subdirectory
+When set to 1 (or any value that perl perceives as true), the subdirectory
 will be cleaned out and removed.  This happens both before and after BLOCK
 is executed.

@@ -869,8 +870,8 @@ failures will result in a C<BAIL_OUT> at the end of its run.
 sub __env {
    (my $recipe_datadir = basename($0)) =~ s/\.t$/_data/i;

-    $directories{SRCTOP}  = $ENV{SRCTOP} || $ENV{TOP};
-    $directories{BLDTOP}  = $ENV{BLDTOP} || $ENV{TOP};
+    $directories{SRCTOP}  = abs_path($ENV{SRCTOP} || $ENV{TOP});
+    $directories{BLDTOP}  = abs_path($ENV{BLDTOP} || $ENV{TOP});
    $directories{BLDAPPS} = $ENV{BIN_D}  || __bldtop_dir("apps");
    $directories{SRCAPPS} =                 __srctop_dir("apps");
    $directories{BLDFUZZ} =                 __bldtop_dir("fuzz");
--- a/util/perl/TLSProxy/CertificateRequest.pm
+++ b/util/perl/TLSProxy/CertificateRequest.pm
@@ -0,0 +1,105 @@
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+
+package TLSProxy::CertificateRequest;
+
+use vars '@ISA';
+push @ISA, 'TLSProxy::Message';
+
+sub new
+{
+    my $class = shift;
+    my ($server,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens) = @_;
+
+    my $self = $class->SUPER::new(
+        $server,
+        TLSProxy::Message::MT_CERTIFICATE_REQUEST,
+        $data,
+        $records,
+        $startoffset,
+        $message_frag_lens);
+
+    $self->{extension_data} = "";
+
+    return $self;
+}
+
+sub parse
+{
+    my $self = shift;
+    my $ptr = 1;
+
+    if (TLSProxy::Proxy->is_tls13()) {
+        my $request_ctx_len = unpack('C', $self->data);
+        my $request_ctx = substr($self->data, $ptr, $request_ctx_len);
+        $ptr += $request_ctx_len;
+
+        my $extensions_len = unpack('n', substr($self->data, $ptr));
+        $ptr += 2;
+        my $extension_data = substr($self->data, $ptr);
+        if (length($extension_data) != $extensions_len) {
+            die "Invalid extension length\n";
+        }
+        my %extensions = ();
+        while (length($extension_data) >= 4) {
+            my ($type, $size) = unpack("nn", $extension_data);
+            my $extdata = substr($extension_data, 4, $size);
+            $extension_data = substr($extension_data, 4 + $size);
+            $extensions{$type} = $extdata;
+        }
+        $self->extension_data(\%extensions);
+
+        print "    Extensions Len:".$extensions_len."\n";
+    }
+    # else parse TLSv1.2 version - we don't support that at the moment
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+    my $self = shift;
+    my $data;
+    my $extensions = "";
+
+    foreach my $key (keys %{$self->extension_data}) {
+        my $extdata = ${$self->extension_data}{$key};
+        $extensions .= pack("n", $key);
+        $extensions .= pack("n", length($extdata));
+        $extensions .= $extdata;
+    }
+
+    $data = pack('n', length($extensions));
+    $data .= $extensions;
+    $self->data($data);
+}
+
+#Read/write accessors
+sub extension_data
+{
+    my $self = shift;
+    if (@_) {
+        $self->{extension_data} = shift;
+    }
+    return $self->{extension_data};
+}
+sub set_extension
+{
+    my ($self, $ext_type, $ext_data) = @_;
+    $self->{extension_data}{$ext_type} = $ext_data;
+}
+sub delete_extension
+{
+    my ($self, $ext_type) = @_;
+    delete $self->{extension_data}{$ext_type};
+}
+1;
--- a/util/perl/TLSProxy/Message.pm
+++ b/util/perl/TLSProxy/Message.pm
@@ -129,6 +129,11 @@ use constant {
    CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
 };

+use constant {
+    CLIENT => 0,
+    SERVER => 1
+};
+
 my $payload = "";
 my $messlen = -1;
 my $mt;
@@ -338,6 +343,15 @@ sub create_message
            [@message_frag_lens]
        );
        $message->parse();
+    } elsif ($mt == MT_CERTIFICATE_REQUEST) {
+        $message = TLSProxy::CertificateRequest->new(
+            $server,
+            $data,
+            [@message_rec_list],
+            $startoffset,
+            [@message_frag_lens]
+        );
+        $message->parse();
    } elsif ($mt == MT_CERTIFICATE_VERIFY) {
        $message = TLSProxy::CertificateVerify->new(
            $server,
--- a/util/perl/TLSProxy/Proxy.pm
+++ b/util/perl/TLSProxy/Proxy.pm
@@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
 use TLSProxy::ServerHello;
 use TLSProxy::EncryptedExtensions;
 use TLSProxy::Certificate;
+use TLSProxy::CertificateRequest;
 use TLSProxy::CertificateVerify;
 use TLSProxy::ServerKeyExchange;
 use TLSProxy::NewSessionTicket;
--- a/util/perl/checkhandshake.pm
+++ b/util/perl/checkhandshake.pm
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -116,7 +116,8 @@ sub checkhandshake($$$$)
                    && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
                    && $message->mt() !=
                       TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
-                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);

            next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
                    && !TLSProxy::Proxy::is_tls13();
@@ -124,7 +125,7 @@ sub checkhandshake($$$$)
            my $extchnum = 1;
            my $extshnum = 1;
            for (my $extloop = 0;
-                    $extensions[$extloop][2] != 0;
+                    $extensions[$extloop][3] != 0;
                    $extloop++) {
                $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
                                 && TLSProxy::Proxy::is_tls13();
@@ -135,6 +136,7 @@ sub checkhandshake($$$$)
                next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
                                 && $extshnum != $shnum;
                next if ($message->mt() != $extensions[$extloop][0]);
+                next if ($message->server() != $extensions[$extloop][2]);
                $numtests++;
            }
            $numtests++;
@@ -182,7 +184,8 @@ sub checkhandshake($$$$)
                    && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
                    && $message->mt() !=
                       TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
-                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE);
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+                    && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);

            next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
                    && !TLSProxy::Proxy::is_tls13();
@@ -197,7 +200,7 @@ sub checkhandshake($$$$)
            my $msgexts = $message->extension_data();
            my $extchnum = 1;
            my $extshnum = 1;
-            for (my $extloop = 0, $extcount = 0; $extensions[$extloop][2] != 0;
+            for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
                                $extloop++) {
                #In TLSv1.3 we can have two ClientHellos if there has been a
                #HelloRetryRequest, and they may have different extensions. Skip
@@ -211,12 +214,13 @@ sub checkhandshake($$$$)
                next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
                                 && $extshnum != $shnum;
                next if ($message->mt() != $extensions[$extloop][0]);
-                ok (($extensions[$extloop][2] & $exttype) == 0
+                next if ($message->server() != $extensions[$extloop][2]);
+                ok (($extensions[$extloop][3] & $exttype) == 0
                      || defined ($msgexts->{$extensions[$extloop][1]}),
                    "Extension presence check (Message: ".$message->mt()
-                    ." Extension: ".($extensions[$extloop][2] & $exttype).", "
+                    ." Extension: ".($extensions[$extloop][3] & $exttype).", "
                    .$extloop.")");
-                $extcount++ if (($extensions[$extloop][2] & $exttype) != 0);
+                $extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
            }
            ok($extcount == keys %$msgexts, "Extensions count mismatch ("
                                            .$extcount.", ".(keys %$msgexts)