1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

AppleM1: Update openssl to v1.1.1l

This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions

View file

@ -11,7 +11,7 @@
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,7 +12,57 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
#include "internal/nelem.h"
/*-
* Attribute flags.
* CMS attribute restrictions are discussed in
* - RFC 5652 Section 11.
* ESS attribute restrictions are discussed in
* - RFC 2634 Section 1.3.4 AND
* - RFC 5035 Section 5.4
*/
/* This is a signed attribute */
#define CMS_ATTR_F_SIGNED 0x01
/* This is an unsigned attribute */
#define CMS_ATTR_F_UNSIGNED 0x02
/* Must be present if there are any other attributes of the same type */
#define CMS_ATTR_F_REQUIRED_COND 0x10
/* There can only be one instance of this attribute */
#define CMS_ATTR_F_ONLY_ONE 0x20
/* The Attribute's value must have exactly one entry */
#define CMS_ATTR_F_ONE_ATTR_VALUE 0x40
/* Attributes rules for different attributes */
static const struct {
int nid; /* The attribute id */
int flags;
} cms_attribute_properties[] = {
/* See RFC Section 11 */
{ NID_pkcs9_contentType, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE
| CMS_ATTR_F_REQUIRED_COND },
{ NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE
| CMS_ATTR_F_REQUIRED_COND },
{ NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE },
{ NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED },
/* ESS */
{ NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE },
{ NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE },
{ NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED
| CMS_ATTR_F_ONLY_ONE
| CMS_ATTR_F_ONE_ATTR_VALUE }
};
/* CMS SignedData Attribute utilities */
@ -149,4 +199,86 @@ void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
}
/* Specific attribute cases */
/*
* Retrieve an attribute by nid from a stack of attributes starting at index
* *lastpos + 1.
* Returns the attribute or NULL if there is no attribute.
* If an attribute was found *lastpos returns the index of the found attribute.
*/
static X509_ATTRIBUTE *cms_attrib_get(int nid,
const STACK_OF(X509_ATTRIBUTE) *attrs,
int *lastpos)
{
X509_ATTRIBUTE *at;
int loc;
loc = X509at_get_attr_by_NID(attrs, nid, *lastpos);
if (loc < 0)
return NULL;
at = X509at_get_attr(attrs, loc);
*lastpos = loc;
return at;
}
static int cms_check_attribute(int nid, int flags, int type,
const STACK_OF(X509_ATTRIBUTE) *attrs,
int have_attrs)
{
int lastpos = -1;
X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos);
if (at != NULL) {
int count = X509_ATTRIBUTE_count(at);
/* Is this attribute allowed? */
if (((flags & type) == 0)
/* check if multiple attributes of the same type are allowed */
|| (((flags & CMS_ATTR_F_ONLY_ONE) != 0)
&& cms_attrib_get(nid, attrs, &lastpos) != NULL)
/* Check if attribute should have exactly one value in its set */
|| (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0)
&& count != 1)
/* There should be at least one value */
|| count == 0)
return 0;
} else {
/* fail if a required attribute is missing */
if (have_attrs
&& ((flags & CMS_ATTR_F_REQUIRED_COND) != 0)
&& (flags & type) != 0)
return 0;
}
return 1;
}
/*
* Check that the signerinfo attributes obey the attribute rules which includes
* the following checks
* - If any signed attributes exist then there must be a Content Type
* and Message Digest attribute in the signed attributes.
* - The countersignature attribute is an optional unsigned attribute only.
* - Content Type, Message Digest, and Signing time attributes are signed
* attributes. Only one instance of each is allowed, with each of these
* attributes containing a single attribute value in its set.
*/
int CMS_si_check_attributes(const CMS_SignerInfo *si)
{
int i;
int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0);
int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0);
for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) {
int nid = cms_attribute_properties[i].nid;
int flags = cms_attribute_properties[i].flags;
if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED,
si->signedAttrs, have_signed_attrs)
|| !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED,
si->unsignedAttrs, have_unsigned_attrs)) {
CMSerr(CMS_F_CMS_SI_CHECK_ATTRIBUTES, CMS_R_ATTRIBUTE_ERROR);
return 0;
}
}
return 1;
}

View file

@ -15,7 +15,7 @@
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/comp.h>
#include "cms_lcl.h"
#include "cms_local.h"
#ifdef ZLIB

View file

@ -13,7 +13,7 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
/* CMS DigestedData Utilities */

View file

@ -14,7 +14,7 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/rand.h>
#include "cms_lcl.h"
#include "cms_local.h"
/* CMS EncryptedData Utilities */

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,9 +14,9 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "cms_local.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
/* CMS EnvelopedData Utilities */
@ -363,6 +363,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
unsigned char *ek = NULL;
size_t eklen;
int ret = 0;
size_t fixlen = 0;
CMS_EncryptedContentInfo *ec;
ec = cms->d.envelopedData->encryptedContentInfo;
@ -371,6 +372,19 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
return 0;
}
if (cms->d.envelopedData->encryptedContentInfo->havenocert
&& !cms->d.envelopedData->encryptedContentInfo->debug) {
X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
if (ciph == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
return 0;
}
fixlen = EVP_CIPHER_key_length(ciph);
}
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
if (ktri->pctx == NULL)
return 0;
@ -401,7 +415,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
ktri->encryptedKey->data,
ktri->encryptedKey->length) <= 0) {
ktri->encryptedKey->length) <= 0
|| eklen == 0
|| (fixlen != 0 && eklen != fixlen)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
goto err;
}

View file

@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -146,6 +146,8 @@ static const ERR_STRING_DATA CMS_str_functs[] = {
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
"CMS_SignerInfo_verify_content"},
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SI_CHECK_ATTRIBUTES, 0),
"CMS_si_check_attributes"},
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
{ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
@ -155,6 +157,7 @@ static const ERR_STRING_DATA CMS_str_functs[] = {
static const ERR_STRING_DATA CMS_str_reasons[] = {
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
"certificate already present"},
{ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),

View file

@ -14,7 +14,7 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)

View file

@ -12,7 +12,7 @@
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
{

View file

@ -14,8 +14,8 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "cms_local.h"
#include "crypto/asn1.h"
/* Key Agreement Recipient Info (KARI) routines */
@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
if (!pk)
return 1;
pctx = EVP_PKEY_CTX_new(pk, NULL);
if (!pctx || !EVP_PKEY_derive_init(pctx))
if (!pctx || EVP_PKEY_derive_init(pctx) <= 0)
goto err;
kari->pctx = pctx;
return 1;

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,7 +14,7 @@
#include <openssl/bio.h>
#include <openssl/asn1.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "cms_local.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
@ -92,12 +92,13 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
default:
CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
return NULL;
goto err;
}
if (cmsbio)
return BIO_push(cmsbio, cont);
err:
if (!icont)
BIO_free(cont);
return NULL;

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_CMS_LCL_H
# define HEADER_CMS_LCL_H
#ifndef OSSL_CRYPTO_CMS_LOCAL_H
# define OSSL_CRYPTO_CMS_LOCAL_H
# include <openssl/x509.h>
@ -125,6 +125,8 @@ struct CMS_EncryptedContentInfo_st {
size_t keylen;
/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
int debug;
/* Set to 1 if we have no cert and need extra safety measures for MMA */
int havenocert;
};
struct CMS_RecipientInfo_st {
@ -317,8 +319,6 @@ struct CMS_OtherKeyAttribute_st {
/* ESS structures */
# ifdef HEADER_X509V3_H
struct CMS_ReceiptRequest_st {
ASN1_OCTET_STRING *signedContentIdentifier;
CMS_ReceiptsFrom *receiptsFrom;
@ -332,7 +332,6 @@ struct CMS_ReceiptsFrom_st {
STACK_OF(GENERAL_NAMES) *receiptList;
} d;
};
# endif
struct CMS_Receipt_st {
int32_t version;
@ -416,6 +415,8 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
/* PWRI routines */
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de);
/* SignerInfo routines */
int CMS_si_check_attributes(const CMS_SignerInfo *si);
DECLARE_ASN1_ITEM(CMS_CertificateChoices)
DECLARE_ASN1_ITEM(CMS_DigestedData)

View file

@ -15,8 +15,8 @@
#include <openssl/cms.h>
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "cms_local.h"
#include "crypto/asn1.h"
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ossl_ssize_t passlen)

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -14,9 +14,9 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "cms_local.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
/* CMS SignedData Utilities */
@ -109,6 +109,27 @@ static void cms_sd_set_version(CMS_SignedData *sd)
}
/*
* RFC 5652 Section 11.1 Content Type
* The content-type attribute within signed-data MUST
* 1) be present if there are signed attributes
* 2) match the content type in the signed-data,
* 3) be a signed attribute.
* 4) not have more than one copy of the attribute.
*
* Note that since the CMS_SignerInfo_sign() always adds the "signing time"
* attribute, the content type attribute MUST be added also.
* Assumptions: This assumes that the attribute does not already exist.
*/
static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si)
{
ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType;
/* Add the contentType attribute */
return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
V_ASN1_OBJECT, ctype, -1) > 0;
}
/* Copy an existing messageDigest value */
static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
@ -328,6 +349,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (flags & CMS_REUSE_DIGEST) {
if (!cms_copy_messageDigest(cms, si))
goto err;
if (!cms_set_si_contentType_attr(cms, si))
goto err;
if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
!CMS_SignerInfo_sign(si))
goto err;
@ -558,8 +581,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
*/
if (CMS_signed_get_attr_count(si) >= 0) {
ASN1_OBJECT *ctype =
cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
@ -568,9 +589,9 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
V_ASN1_OCTET_STRING, md, mdlen))
goto err;
/* Copy content type across */
if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
V_ASN1_OBJECT, ctype, -1) <= 0)
if (!cms_set_si_contentType_attr(cms, si))
goto err;
if (!CMS_SignerInfo_sign(si))
goto err;
} else if (si->pctx) {
@ -650,6 +671,9 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
}
if (!CMS_si_check_attributes(si))
goto err;
if (si->pctx)
pctx = si->pctx;
else {
@ -696,7 +720,6 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
OPENSSL_free(abuf);
EVP_MD_CTX_reset(mctx);
return 0;
}
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
@ -711,6 +734,9 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
return -1;
}
if (!CMS_si_check_attributes(si))
return -1;
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (md == NULL)
return -1;
@ -871,8 +897,10 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
ASN1_INTEGER *key = NULL;
if (keysize > 0) {
key = ASN1_INTEGER_new();
if (key == NULL || !ASN1_INTEGER_set(key, keysize))
if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
ASN1_INTEGER_free(key);
return 0;
}
}
alg = X509_ALGOR_new();
if (alg == NULL) {

View file

@ -1,5 +1,5 @@
/*
* Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -13,8 +13,8 @@
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
#include "internal/asn1_int.h"
#include "cms_local.h"
#include "crypto/asn1.h"
static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
{
@ -341,7 +341,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
char *ptr;
long len;
len = BIO_get_mem_data(dcont, &ptr);
tmpin = BIO_new_mem_buf(ptr, len);
tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
if (tmpin == NULL) {
CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
goto err2;
@ -743,6 +743,10 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
cms->d.envelopedData->encryptedContentInfo->debug = 1;
else
cms->d.envelopedData->encryptedContentInfo->debug = 0;
if (!cert)
cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
else
cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
if (!pk && !cert && !dcont && !out)
return 1;
if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))