File Coverage

blib/lib/Crypt/MatrixSSL3.pm

Criterion	Covered	Total	%
statement	537	542	99.0
branch	8	12	66.6
condition			n/a
subroutine	177	179	98.8
pod	2	2	100.0
total	724	735	98.5

line	stmt	bran	sub	pod	time	code
1						package Crypt::MatrixSSL3;
2	22		22		1564681	use 5.006;
	22				256
3	22		22		115	use strict;
	22				40
	22				457
4	22		22		98	use warnings;
	22				63
	22				738
5	22		22		130	use Carp;
	22				72
	22				1528
6
7	22		22		134	use Scalar::Util qw( dualvar );
	22				48
	22				1103
8	22		22		133	use XSLoader;
	22				40
	22				799
9
10						BEGIN {
11	22		22		9542	use version 0.77 (); our $VERSION = 'v3.9.2';
	22		22		39928
	22				1005
	22				96
12	22				23282	XSLoader::load(__PACKAGE__,$VERSION);
13						}
14
15	22		22		10770	use File::ShareDir;
	22				559685
	22				1743
16						our $CA_CERTIFICATES = File::ShareDir::dist_file('Crypt-MatrixSSL3', 'ca-certificates.crt');
17
18						# WARNING The CONST_* constants automatically parsed from this file by
19						# Makefile.PL to generate const-*.inc, so if these constants will be
20						# reformatted there may be needs in updating regexp in Makefile.PL.
21	22				1813	use constant CONST_VERSION_INT => qw(
22						SSL2_MAJ_VER
23						SSL3_MAJ_VER
24						SSL3_MIN_VER
25						TLS_1_1_MIN_VER
26						TLS_1_2_MIN_VER
27						TLS_MAJ_VER
28						TLS_MIN_VER
29						TLS_HIGHEST_MINOR
30						MATRIXSSL_VERSION_MAJOR
31						MATRIXSSL_VERSION_MINOR
32						MATRIXSSL_VERSION_PATCH
33	22		22		176	);
	22				52
34	22				2179	use constant CONST_VERSION => (
35						CONST_VERSION_INT,
36						'MATRIXSSL_VERSION_CODE',
37						'MATRIXSSL_VERSION',
38	22		22		132	);
	22				42
39	22				1433	use constant CONST_CIPHER => qw(
40						SSL_NULL_WITH_NULL_NULL
41						SSL_RSA_WITH_NULL_MD5
42						SSL_RSA_WITH_NULL_SHA
43						SSL_RSA_WITH_RC4_128_MD5
44						SSL_RSA_WITH_RC4_128_SHA
45						TLS_RSA_WITH_IDEA_CBC_SHA
46						SSL_RSA_WITH_3DES_EDE_CBC_SHA
47						SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
48						SSL_DH_anon_WITH_RC4_128_MD5
49						SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
50						TLS_RSA_WITH_AES_128_CBC_SHA
51						TLS_DHE_RSA_WITH_AES_128_CBC_SHA
52						TLS_DH_anon_WITH_AES_128_CBC_SHA
53						TLS_RSA_WITH_AES_256_CBC_SHA
54						TLS_DHE_RSA_WITH_AES_256_CBC_SHA
55						TLS_DH_anon_WITH_AES_256_CBC_SHA
56						TLS_RSA_WITH_AES_128_CBC_SHA256
57						TLS_RSA_WITH_AES_256_CBC_SHA256
58						TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
59						TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
60						TLS_RSA_WITH_SEED_CBC_SHA
61						TLS_PSK_WITH_AES_128_CBC_SHA
62						TLS_PSK_WITH_AES_128_CBC_SHA256
63						TLS_PSK_WITH_AES_256_CBC_SHA384
64						TLS_PSK_WITH_AES_256_CBC_SHA
65						TLS_DHE_PSK_WITH_AES_128_CBC_SHA
66						TLS_DHE_PSK_WITH_AES_256_CBC_SHA
67						TLS_RSA_WITH_AES_128_GCM_SHA256
68						TLS_RSA_WITH_AES_256_GCM_SHA384
69						TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
70						TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
71						TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
72						TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
73						TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
74						TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
75						TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
76						TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
77						TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
78						TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
79						TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
80						TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
81						TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
82						TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
83						TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
84						TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
85						TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
86						TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
87						TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
88						TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
89						TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
90						TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
91						TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
92						TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
93						TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
94						TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
95						TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
96	22		22		180	);
	22				51
97
98	22				1033	use constant CONST_SESSION_OPTION => qw(
99						SSL_OPTION_FULL_HANDSHAKE
100	22		22		132	);
	22				45
101
102	22				1797	use constant CONST_ALERT_LEVEL => qw(
103						SSL_ALERT_LEVEL_WARNING
104						SSL_ALERT_LEVEL_FATAL
105	22		22		114	);
	22				46
106
107	22				2039	use constant CONST_ALERT_DESCR => qw(
108						SSL_ALERT_NONE
109						SSL_ALERT_CLOSE_NOTIFY
110						SSL_ALERT_UNEXPECTED_MESSAGE
111						SSL_ALERT_BAD_RECORD_MAC
112						SSL_ALERT_DECRYPTION_FAILED
113						SSL_ALERT_RECORD_OVERFLOW
114						SSL_ALERT_DECOMPRESSION_FAILURE
115						SSL_ALERT_HANDSHAKE_FAILURE
116						SSL_ALERT_NO_CERTIFICATE
117						SSL_ALERT_BAD_CERTIFICATE
118						SSL_ALERT_UNSUPPORTED_CERTIFICATE
119						SSL_ALERT_CERTIFICATE_REVOKED
120						SSL_ALERT_CERTIFICATE_EXPIRED
121						SSL_ALERT_CERTIFICATE_UNKNOWN
122						SSL_ALERT_ILLEGAL_PARAMETER
123						SSL_ALERT_UNKNOWN_CA
124						SSL_ALERT_ACCESS_DENIED
125						SSL_ALERT_DECODE_ERROR
126						SSL_ALERT_DECRYPT_ERROR
127						SSL_ALERT_PROTOCOL_VERSION
128						SSL_ALERT_INSUFFICIENT_SECURITY
129						SSL_ALERT_INTERNAL_ERROR
130						SSL_ALERT_INAPPROPRIATE_FALLBACK
131						SSL_ALERT_NO_RENEGOTIATION
132						SSL_ALERT_UNSUPPORTED_EXTENSION
133						SSL_ALERT_UNRECOGNIZED_NAME
134						SSL_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE
135						SSL_ALERT_UNKNOWN_PSK_IDENTITY
136						SSL_ALERT_NO_APP_PROTOCOL
137	22		22		156	);
	22				52
138
139						# Order is important in CONST_ERROR and CONST_RC! Some constants have same
140						# value, but their names ordered to get better output in %RETURN_CODE.
141	22				1682	use constant CONST_ERROR => qw(
142						PS_FAILURE
143						MATRIXSSL_ERROR
144						PS_ARG_FAIL
145						PS_PLATFORM_FAIL
146						PS_MEM_FAIL
147						PS_LIMIT_FAIL
148						PS_UNSUPPORTED_FAIL
149						PS_DISABLED_FEATURE_FAIL
150						PS_PROTOCOL_FAIL
151						PS_TIMEOUT_FAIL
152						PS_INTERRUPT_FAIL
153						PS_PENDING
154						PS_EAGAIN
155						PS_PARSE_FAIL
156						PS_CERT_AUTH_FAIL_BC
157						PS_CERT_AUTH_FAIL_DN
158						PS_CERT_AUTH_FAIL_SIG
159						PS_CERT_AUTH_FAIL_REVOKED
160						PS_CERT_AUTH_FAIL
161						PS_CERT_AUTH_FAIL_EXTENSION
162						PS_CERT_AUTH_FAIL_PATH_LEN
163						PS_CERT_AUTH_FAIL_AUTHKEY
164						PS_SIGNATURE_MISMATCH
165						PS_AUTH_FAIL
166	22		22		139	);
	22				39
167
168	22				1467	use constant CONST_RC => qw(
169						PS_SUCCESS
170						MATRIXSSL_SUCCESS
171						MATRIXSSL_REQUEST_SEND
172						MATRIXSSL_REQUEST_RECV
173						MATRIXSSL_REQUEST_CLOSE
174						MATRIXSSL_APP_DATA
175						MATRIXSSL_HANDSHAKE_COMPLETE
176						MATRIXSSL_RECEIVED_ALERT
177						MATRIXSSL_APP_DATA_COMPRESSED
178	22		22		141	);
	22				44
179
180	22				1247	use constant CONST_LIMIT => qw(
181						SSL_MAX_DISABLED_CIPHERS
182						SSL_MAX_PLAINTEXT_LEN
183						SSL_MAX_RECORD_LEN
184						SSL_MAX_BUF_SIZE
185	22		22		144	);
	22				52
186
187	22				1341	use constant CONST_VALIDATE => qw(
188						SSL_ALLOW_ANON_CONNECTION
189	22		22		128	);
	22				45
190
191	22				1335	use constant CONST_BOOL => qw(
192						PS_TRUE
193						PS_FALSE
194	22		22		149	);
	22				35
195
196	22				2640	use constant CONST_CAPABILITIES => qw(
197						SHARED_SESSION_CACHE_ENABLED
198						STATELESS_TICKETS_ENABLED
199						DH_PARAMS_ENABLED
200						ALPN_ENABLED
201						SNI_ENABLED
202						OCSP_STAPLES_ENABLED
203						CERTIFICATE_TRANSPARENCY_ENABLED
204	22		22		137	);
	22				42
205
206						BEGIN {
207	22		22		139	for (
208						CONST_VERSION_INT,
209						CONST_CIPHER,
210						CONST_SESSION_OPTION,
211						CONST_ALERT_LEVEL,
212						CONST_ALERT_DESCR,
213						CONST_ERROR,
214						CONST_RC,
215						CONST_LIMIT,
216						CONST_VALIDATE,
217						CONST_BOOL,
218						CONST_CAPABILITIES,
219						) {
220						## no critic (ProhibitStringyEval, RequireCheckingReturnValueOfEval)
221	3212	50	22		190483	eval 'use constant '.$_.' => '.(0+constant($_)).'; 1' or croak $@;
	22		22		144
	22		22		634
	22		22		835
	22		22		158
	22		22		67
	22		22		733
	22		22		162
	22		22		54
	22		22		737
	22		22		125
	22		22		42
	22		22		792
	22		22		132
	22		22		42
	22		22		670
	22		22		135
	22		22		39
	22		22		621
	22		22		126
	22		22		39
	22		22		643
	22		22		120
	22		22		51
	22		22		741
	22		22		123
	22		22		48
	22		22		722
	22		22		125
	22		22		52
	22		22		632
	22		22		131
	22		22		41
	22		22		619
	22		22		119
	22		22		41
	22		22		623
	22		22		133
	22		22		39
	22		22		588
	22		22		123
	22		22		44
	22		22		667
	22		22		123
	22		22		36
	22		22		647
	22		22		127
	22		22		41
	22		22		599
	22		22		135
	22		22		330
	22		22		706
	22		22		138
	22		22		42
	22		22		694
	22		22		123
	22		22		42
	22		22		654
	22		22		140
	22		22		58
	22		22		662
	22		22		136
	22		22		56
	22		22		678
	22		22		125
	22		22		49
	22		22		648
	22		22		124
	22		22		46
	22		22		652
	22		22		120
	22		22		45
	22		22		626
	22		22		135
	22		22		55
	22		22		652
	22		22		123
	22		22		45
	22		22		904
	22		22		138
	22		22		73
	22		22		684
	22		22		126
	22		22		40
	22		22		682
	22		22		121
	22		22		43
	22		22		629
	22		22		127
	22		22		39
	22		22		616
	22		22		120
	22		22		38
	22		22		666
	22		22		124
	22		22		42
	22		22		618
	22		22		145
	22		22		729
	22		22		824
	22		22		119
	22		22		42
	22		22		717
	22		22		122
	22		22		44
	22		22		656
	22		22		122
	22		22		40
	22		22		620
	22		22		137
	22		22		41
	22		22		621
	22		22		123
	22		22		45
	22		22		653
	22		22		132
	22		22		46
	22		22		693
	22		22		119
	22		22		45
	22		22		647
	22		22		137
	22		22		42
	22		22		734
	22		22		125
	22		22		39
	22		22		611
	22		22		123
	22		22		39
	22		22		649
	22		22		120
	22		22		42
	22		22		638
	22		22		131
	22		22		40
	22		22		634
	22		22		126
	22		22		40
	22		22		676
	22		22		135
	22		22		37
	22		22		711
	22		22		140
	22		22		46
	22		22		688
	22		22		120
	22				51
	22				637
	22				129
	22				40
	22				626
	22				139
	22				48
	22				7750
	22				139
	22				56
	22				736
	22				132
	22				43
	22				720
	22				130
	22				43
	22				642
	22				125
	22				40
	22				651
	22				136
	22				43
	22				631
	22				122
	22				42
	22				610
	22				129
	22				41
	22				775
	22				126
	22				41
	22				696
	22				125
	22				41
	22				872
	22				118
	22				40
	22				703
	22				121
	22				44
	22				659
	22				124
	22				41
	22				627
	22				144
	22				52
	22				654
	22				127
	22				39
	22				632
	22				133
	22				46
	22				657
	22				129
	22				42
	22				673
	22				171
	22				42
	22				619
	22				122
	22				52
	22				689
	22				123
	22				42
	22				595
	22				136
	22				53
	22				654
	22				153
	22				56
	22				704
	22				127
	22				43
	22				632
	22				125
	22				42
	22				600
	22				130
	22				42
	22				594
	22				129
	22				36
	22				606
	22				123
	22				52
	22				734
	22				127
	22				50
	22				735
	22				134
	22				53
	22				719
	22				127
	22				54
	22				628
	22				120
	22				42
	22				634
	22				137
	22				39
	22				602
	22				158
	22				41
	22				677
	22				133
	22				40
	22				1110
	22				136
	22				39
	22				675
	22				125
	22				43
	22				616
	22				137
	22				38
	22				611
	22				128
	22				39
	22				611
	22				130
	22				38
	22				630
	22				129
	22				43
	22				1195
	22				131
	22				51
	22				603
	22				149
	22				41
	22				601
	22				132
	22				42
	22				649
	22				120
	22				43
	22				892
	22				143
	22				56
	22				724
	22				132
	22				52
	22				639
	22				135
	22				1341
	22				813
	22				122
	22				38
	22				596
	22				115
	22				42
	22				571
	22				122
	22				47
	22				609
	22				127
	22				41
	22				639
	22				128
	22				59
	22				735
	22				128
	22				51
	22				674
	22				155
	22				41
	22				615
	22				127
	22				50
	22				616
	22				122
	22				40
	22				602
	22				121
	22				37
	22				625
	22				130
	22				42
	22				663
	22				124
	22				47
	22				644
	22				130
	22				62
	22				702
	22				133
	22				45
	22				663
	22				139
	22				43
	22				618
	22				132
	22				41
	22				629
	22				122
	22				46
	22				692
	22				131
	22				41
	22				634
	22				126
	22				55
	22				648
	22				122
	22				41
	22				608
	22				123
	22				40
	22				633
	22				132
	22				36
	22				650
	22				142
	22				43
	22				638
	22				122
	22				60
	22				670
	22				153
	22				68
	22				670
	22				128
	22				40
	22				615
	22				121
	22				40
	22				613
	22				124
	22				43
	22				660
	22				143
	22				49
	22				616
	22				134
	22				44
	22				781
	22				139
	22				60
	22				731
	22				132
	22				44
	22				631
	22				126
	22				39
	22				604
	22				132
	22				43
	22				615
	22				124
	22				40
	22				598
	22				124
	22				60
	22				704
	22				138
	22				56
	22				648
	22				163
	22				39
	22				661
	22				123
	22				42
	22				638
	22				125
	22				50
	22				611
	22				137
	22				41
	22				593
	22				123
	22				40
	22				670
	22				131
	22				46
	22				632
	22				142
	22				70
	22				756
	22				131
	22				39
	22				591
	22				140
	22				38
	22				652
	22				127
	22				37
	22				623
	22				121
	22				47
	22				606
	22				139
	22				58
	22				709
222						}
223						}
224						# TODO ExtUtils::Constant fail to generate correct const-*.inc when both
225						# string and integer constants used. So, hardcode these constants
226						# here until this issue will be fixed.
227	22		22		129	use constant MATRIXSSL_VERSION_CODE => 'OPEN';
	22				42
	22				1685
228	22				7661	use constant MATRIXSSL_VERSION => sprintf '%d.%d.%d-%s',
229						MATRIXSSL_VERSION_MAJOR,
230						MATRIXSSL_VERSION_MINOR,
231						MATRIXSSL_VERSION_PATCH,
232	22		22		134	MATRIXSSL_VERSION_CODE;
	22				39
233
234						my %ALERT_LEVEL = map { 0+constant($_) => $_ } CONST_ALERT_LEVEL;
235						my %ALERT_DESCR = map { 0+constant($_) => $_ } CONST_ALERT_DESCR;
236						my %RETURN_CODE = map { 0+constant($_) => $_ } CONST_ERROR, CONST_RC;
237
238
239						#
240						# Usage: use Crypt::MatrixSSL3 qw( :all :DEFAULT :RC :Cipher SSL_MAX_PLAINTEXT_LEN ... )
241						#
242						my %TAGS = (
243						Version => [ CONST_VERSION ],
244						Cipher => [ CONST_CIPHER ],
245						SessOpts => [ CONST_SESSION_OPTION ],
246						Alert => [ CONST_ALERT_LEVEL, CONST_ALERT_DESCR ],
247						Error => [ CONST_ERROR ],
248						RC => [ CONST_RC ],
249						Limit => [ CONST_LIMIT ],
250						Validate => [ CONST_VALIDATE ],
251						Bool => [ CONST_BOOL ],
252						Capabilities => [ CONST_CAPABILITIES ],
253						Func => [qw(
254						set_cipher_suite_enabled_status
255						get_ssl_alert
256						get_ssl_error
257						)],
258						);
259						$TAGS{all} = [ map { @{$_} } values %TAGS ];
260						$TAGS{DEFAULT} = [ 'SSL_MAX_PLAINTEXT_LEN', @{$TAGS{RC}} ];
261						my %KNOWN = map { $_ => 1 } @{ $TAGS{all} };
262
263						sub import {
264	22		22		206	my (undef, @p) = @_;
265	22	100			132	if (!@p) {
266	6				31	@p = (':DEFAULT');
267						}
268	22	50			63	@p = map { /\A:(\w+)\z/xms ? @{ $TAGS{$1} \|\| [] } : $_ } @p;
	39	100			203
	35				354
269
270	22				156	my $pkg = caller;
271	22		22		170	no strict 'refs';
	22				52
	22				10459
272
273	22				428	for my $func (@p) {
274	1815	50			3171	next if !$KNOWN{$func};
275	1815				2020	*{"${pkg}::$func"} = \&{$func};
	1815				4752
	1815				3020
276						}
277
278	22				35595	return;
279						}
280
281
282						sub get_ssl_alert {
283	91		91	1	4452681	my ($pt_buf) = @_;
284	91				511	my ($level_code, $descr_code) = map {ord} split //ms, $pt_buf;
	182				571
285	91				751	my $level = dualvar $level_code, $ALERT_LEVEL{$level_code};
286	91				349	my $descr = dualvar $descr_code, $ALERT_DESCR{$descr_code};
287	91	50			558	return wantarray ? ($level, $descr) : $descr;
288						}
289
290						sub get_ssl_error {
291	0		0	1	0	my ($rc) = @_;
292	0				0	my $error = dualvar $rc, $RETURN_CODE{$rc};
293	0				0	return $error;
294						}
295
296
297						## no critic (ProhibitMultiplePackages)
298
299						# shift/goto trick used to force correct source line in XS's croak()
300						package Crypt::MatrixSSL3::Keys;
301	100807		100807		2229788	sub new { shift; goto &Crypt::MatrixSSL3::KeysPtr::new }
	100807				219380
302
303						package Crypt::MatrixSSL3::SessID;
304	110023		110023		668082	sub new { shift; goto &Crypt::MatrixSSL3::SessIDPtr::new }
	110023				249710
305
306						package Crypt::MatrixSSL3::Client;
307	11156		11156		152480	sub new { shift; goto &Crypt::MatrixSSL3::SessPtr::new_client }
	11156				410734
308
309						package Crypt::MatrixSSL3::Server;
310	11158		11158		94751693	sub new { shift; goto &Crypt::MatrixSSL3::SessPtr::new_server }
	11158				71944
311
312						package Crypt::MatrixSSL3::HelloExt;
313	0		0			sub new { shift; goto &Crypt::MatrixSSL3::HelloExtPtr::new }
	0
314
315
316						1;
317						__END__