AppleM1: Update openssl to v1.1.1l

2025-03-09 15:49:59 +00:00 · 2022-08-14 19:05:01 +08:00 · 2022-08-14 19:05:01 +08:00 · b787656eea
commit b787656eea
parent 1fe12b8e8c
990 changed files with 13406 additions and 18710 deletions
--- a/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
+++ b/trunk/3rdparty/openssl-1.1-fit/apps/s_server.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 * Copyright 2005 Nokia. All rights reserved.
 *
@ -133,6 +133,17 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,

    if (s_debug)
        BIO_printf(bio_s_out, "psk_server_cb\n");
+
+    if (SSL_version(ssl) >= TLS1_3_VERSION) {
+        /*
+         * This callback is designed for use in TLSv1.2. It is possible to use
+         * a single callback for all protocol versions - but it is preferred to
+         * use a dedicated callback for TLSv1.3. For TLSv1.3 we have
+         * psk_find_session_cb.
+         */
+        return 0;
+    }
+
    if (identity == NULL) {
        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
        goto out_err;
@ -180,9 +191,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 }
 #endif

-#define TLS13_AES_128_GCM_SHA256_BYTES  ((const unsigned char *)"\x13\x01")
-#define TLS13_AES_256_GCM_SHA384_BYTES  ((const unsigned char *)"\x13\x02")
-
 static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
                               size_t identity_len, SSL_SESSION **sess)
 {
@ -1907,7 +1915,7 @@ int s_server_main(int argc, char *argv[])
        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");

        if (sdebug)
-            ssl_ctx_security_debug(ctx, sdebug);
+            ssl_ctx_security_debug(ctx2, sdebug);

        if (session_id_prefix) {
            if (strlen(session_id_prefix) >= 32)
@ -3208,6 +3216,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
                if (e[0] == ' ')
                    break;

+                if (e[0] == ':') {
+                    /* Windows drive. We treat this the same way as ".." */
+                    dot = -1;
+                    break;
+                }
+
                switch (dot) {
                case 1:
                    dot = (e[0] == '.') ? 2 : 0;
@ -3216,11 +3230,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
                    dot = (e[0] == '.') ? 3 : 0;
                    break;
                case 3:
-                    dot = (e[0] == '/') ? -1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
                    break;
                }
                if (dot == 0)
-                    dot = (e[0] == '/') ? 1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
            }
            dot = (dot == 3) || (dot == -1); /* filename contains ".."
                                              * component */
@ -3234,11 +3248,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)

            if (dot) {
                BIO_puts(io, text);
-                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
                break;
            }

-            if (*p == '/') {
+            if (*p == '/' || *p == '\\') {
                BIO_puts(io, text);
                BIO_printf(io, "'%s' is an invalid path\r\n", p);
                break;