zte's code,first commit
Change-Id: I9a04da59e459a9bc0d67f101f700d9d7dc8d681b
diff --git a/ap/lib/libssl/openssl-1.1.1o/util/perl/checkhandshake.pm b/ap/lib/libssl/openssl-1.1.1o/util/perl/checkhandshake.pm
new file mode 100644
index 0000000..04441b5
--- /dev/null
+++ b/ap/lib/libssl/openssl-1.1.1o/util/perl/checkhandshake.pm
@@ -0,0 +1,232 @@
+#! /usr/bin/env perl
+# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package checkhandshake;
+
+use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file srctop_dir bldtop_dir/;
+use OpenSSL::Test::Utils;
+use TLSProxy::Proxy;
+
+use Exporter;
+our @ISA = 'Exporter';
+our @EXPORT = qw(@handmessages @extensions checkhandshake);
+
+use constant {
+ DEFAULT_HANDSHAKE => 1,
+ OCSP_HANDSHAKE => 2,
+ RESUME_HANDSHAKE => 4,
+ CLIENT_AUTH_HANDSHAKE => 8,
+ RENEG_HANDSHAKE => 16,
+ NPN_HANDSHAKE => 32,
+ EC_HANDSHAKE => 64,
+ HRR_HANDSHAKE => 128,
+ HRR_RESUME_HANDSHAKE => 256,
+
+ ALL_HANDSHAKES => 511
+};
+
+use constant {
+ #DEFAULT also includes SESSION_TICKET_SRV_EXTENSION and SERVER_NAME_CLI
+ DEFAULT_EXTENSIONS => 0x00000007,
+ SESSION_TICKET_SRV_EXTENSION => 0x00000002,
+ SERVER_NAME_CLI_EXTENSION => 0x00000004,
+ SERVER_NAME_SRV_EXTENSION => 0x00000008,
+ STATUS_REQUEST_CLI_EXTENSION => 0x00000010,
+ STATUS_REQUEST_SRV_EXTENSION => 0x00000020,
+ ALPN_CLI_EXTENSION => 0x00000040,
+ ALPN_SRV_EXTENSION => 0x00000080,
+ SCT_CLI_EXTENSION => 0x00000100,
+ SCT_SRV_EXTENSION => 0x00000200,
+ RENEGOTIATE_CLI_EXTENSION => 0x00000400,
+ NPN_CLI_EXTENSION => 0x00000800,
+ NPN_SRV_EXTENSION => 0x00001000,
+ SRP_CLI_EXTENSION => 0x00002000,
+ #Client side for ec point formats is a default extension
+ EC_POINT_FORMAT_SRV_EXTENSION => 0x00004000,
+ PSK_CLI_EXTENSION => 0x00008000,
+ PSK_SRV_EXTENSION => 0x00010000,
+ KEY_SHARE_SRV_EXTENSION => 0x00020000,
+ PSK_KEX_MODES_EXTENSION => 0x00040000,
+ KEY_SHARE_HRR_EXTENSION => 0x00080000,
+ SUPPORTED_GROUPS_SRV_EXTENSION => 0x00100000,
+ POST_HANDSHAKE_AUTH_CLI_EXTENSION => 0x00200000
+};
+
+our @handmessages = ();
+our @extensions = ();
+
+sub checkhandshake($$$$)
+{
+ my ($proxy, $handtype, $exttype, $testname) = @_;
+
+ subtest $testname => sub {
+ my $loop = 0;
+ my $numtests;
+ my $extcount;
+ my $clienthelloseen = 0;
+
+ my $lastmt = 0;
+ my $numsh = 0;
+ if (TLSProxy::Proxy::is_tls13()) {
+ #How many ServerHellos are we expecting?
+ for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
+ next if (($handmessages[$loop][1] & $handtype) == 0);
+ $numsh++ if ($lastmt != TLSProxy::Message::MT_SERVER_HELLO
+ && $handmessages[$loop][0] == TLSProxy::Message::MT_SERVER_HELLO);
+ $lastmt = $handmessages[$loop][0];
+ }
+ }
+
+ #First count the number of tests
+ my $nextmess = 0;
+ my $message = undef;
+ my $chnum = 0;
+ my $shnum = 0;
+ if (!TLSProxy::Proxy::is_tls13()) {
+ # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
+ # and SH
+ $chnum = 1;
+ $shnum = 1;
+ }
+ #If we're only expecting one ServerHello out of two then we skip the
+ #first ServerHello in the list completely
+ $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
+ $loop = 0;
+ for ($numtests = 0; $handmessages[$loop][1] != 0; $loop++) {
+ next if (($handmessages[$loop][1] & $handtype) == 0);
+ if (scalar @{$proxy->message_list} > $nextmess) {
+ $message = ${$proxy->message_list}[$nextmess];
+ $nextmess++;
+ } else {
+ $message = undef;
+ }
+ $numtests++;
+
+ next if (!defined $message);
+ if (TLSProxy::Proxy::is_tls13()) {
+ $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
+ $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
+ }
+ next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
+ && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
+ && $message->mt() !=
+ TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
+
+ next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
+ && !TLSProxy::Proxy::is_tls13();
+
+ my $extchnum = 1;
+ my $extshnum = 1;
+ for (my $extloop = 0;
+ $extensions[$extloop][3] != 0;
+ $extloop++) {
+ $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
+ && TLSProxy::Proxy::is_tls13();
+ $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
+ && $extchnum == 2;
+ next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
+ && $extchnum != $chnum;
+ next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
+ && $extshnum != $shnum;
+ next if ($message->mt() != $extensions[$extloop][0]);
+ next if ($message->server() != $extensions[$extloop][2]);
+ $numtests++;
+ }
+ $numtests++;
+ }
+
+ plan tests => $numtests;
+
+ $nextmess = 0;
+ $message = undef;
+ if (TLSProxy::Proxy::is_tls13()) {
+ $chnum = 0;
+ $shnum = 0;
+ } else {
+ # In non-TLSv1.3 we always treat reneg CH and SH like the first CH
+ # and SH
+ $chnum = 1;
+ $shnum = 1;
+ }
+ #If we're only expecting one ServerHello out of two then we skip the
+ #first ServerHello in the list completely
+ $shnum++ if ($numsh == 1 && TLSProxy::Proxy::is_tls13());
+ for ($loop = 0; $handmessages[$loop][1] != 0; $loop++) {
+ next if (($handmessages[$loop][1] & $handtype) == 0);
+ if (scalar @{$proxy->message_list} > $nextmess) {
+ $message = ${$proxy->message_list}[$nextmess];
+ $nextmess++;
+ } else {
+ $message = undef;
+ }
+ if (!defined $message) {
+ fail("Message type check. Got nothing, expected "
+ .$handmessages[$loop][0]);
+ next;
+ } else {
+ ok($message->mt == $handmessages[$loop][0],
+ "Message type check. Got ".$message->mt
+ .", expected ".$handmessages[$loop][0]);
+ }
+ if (TLSProxy::Proxy::is_tls13()) {
+ $chnum++ if $message->mt() == TLSProxy::Message::MT_CLIENT_HELLO;
+ $shnum++ if $message->mt() == TLSProxy::Message::MT_SERVER_HELLO;
+ }
+
+ next if ($message->mt() != TLSProxy::Message::MT_CLIENT_HELLO
+ && $message->mt() != TLSProxy::Message::MT_SERVER_HELLO
+ && $message->mt() !=
+ TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE
+ && $message->mt() != TLSProxy::Message::MT_CERTIFICATE_REQUEST);
+
+ next if $message->mt() == TLSProxy::Message::MT_CERTIFICATE
+ && !TLSProxy::Proxy::is_tls13();
+
+ if ($message->mt() == TLSProxy::Message::MT_CLIENT_HELLO) {
+ #Add renegotiate extension we will expect if renegotiating
+ $exttype |= RENEGOTIATE_CLI_EXTENSION
+ if ($clienthelloseen && !TLSProxy::Proxy::is_tls13());
+ $clienthelloseen = 1;
+ }
+ #Now check that we saw the extensions we expected
+ my $msgexts = $message->extension_data();
+ my $extchnum = 1;
+ my $extshnum = 1;
+ for (my $extloop = 0, $extcount = 0; $extensions[$extloop][3] != 0;
+ $extloop++) {
+ #In TLSv1.3 we can have two ClientHellos if there has been a
+ #HelloRetryRequest, and they may have different extensions. Skip
+ #if these are extensions for a different ClientHello
+ $extchnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_CLIENT_HELLO
+ && TLSProxy::Proxy::is_tls13();
+ $extshnum = 2 if $extensions[$extloop][0] != TLSProxy::Message::MT_SERVER_HELLO
+ && $extchnum == 2;
+ next if $extensions[$extloop][0] == TLSProxy::Message::MT_CLIENT_HELLO
+ && $extchnum != $chnum;
+ next if $extensions[$extloop][0] == TLSProxy::Message::MT_SERVER_HELLO
+ && $extshnum != $shnum;
+ next if ($message->mt() != $extensions[$extloop][0]);
+ next if ($message->server() != $extensions[$extloop][2]);
+ ok (($extensions[$extloop][3] & $exttype) == 0
+ || defined ($msgexts->{$extensions[$extloop][1]}),
+ "Extension presence check (Message: ".$message->mt()
+ ." Extension: ".($extensions[$extloop][3] & $exttype).", "
+ .$extloop.")");
+ $extcount++ if (($extensions[$extloop][3] & $exttype) != 0);
+ }
+ ok($extcount == keys %$msgexts, "Extensions count mismatch ("
+ .$extcount.", ".(keys %$msgexts)
+ .")");
+ }
+ }
+}
+
+1;