mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -11,10 +11,10 @@
|
|||
#include "internal/cryptlib.h"
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "internal/asn1_int.h"
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/asn1.h"
|
||||
#include "crypto/evp.h"
|
||||
#include <openssl/cms.h>
|
||||
|
||||
/*
|
||||
|
@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
|
|||
err:
|
||||
OPENSSL_free(penc);
|
||||
X509_ALGOR_free(wrap_alg);
|
||||
OPENSSL_free(dukm);
|
||||
return rv;
|
||||
}
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/objects.h>
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,7 +10,9 @@
|
|||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
|
||||
# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
|
||||
|
||||
/*-
|
||||
* Check that p and g are suitable enough
|
||||
|
@ -22,7 +24,8 @@ int DH_check_params_ex(const DH *dh)
|
|||
{
|
||||
int errflags = 0;
|
||||
|
||||
(void)DH_check_params(dh, &errflags);
|
||||
if (!DH_check_params(dh, &errflags))
|
||||
return 0;
|
||||
|
||||
if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
|
||||
DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
|
||||
|
@ -58,27 +61,21 @@ int DH_check_params(const DH *dh, int *ret)
|
|||
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Check that p is a safe prime and
|
||||
* if g is 2, 3 or 5, check that it is a suitable generator
|
||||
* where
|
||||
* for 2, p mod 24 == 11
|
||||
* for 3, p mod 12 == 5
|
||||
* for 5, p mod 10 == 3 or 7
|
||||
* should hold.
|
||||
* g is a suitable generator.
|
||||
*/
|
||||
int DH_check_ex(const DH *dh)
|
||||
{
|
||||
int errflags = 0;
|
||||
|
||||
(void)DH_check(dh, &errflags);
|
||||
if (!DH_check(dh, &errflags))
|
||||
return 0;
|
||||
|
||||
if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
|
||||
DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
|
||||
|
@ -102,10 +99,11 @@ int DH_check(const DH *dh, int *ret)
|
|||
{
|
||||
int ok = 0, r;
|
||||
BN_CTX *ctx = NULL;
|
||||
BN_ULONG l;
|
||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||
|
||||
*ret = 0;
|
||||
if (!DH_check_params(dh, ret))
|
||||
return 0;
|
||||
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
|
@ -127,7 +125,7 @@ int DH_check(const DH *dh, int *ret)
|
|||
if (!BN_is_one(t1))
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
}
|
||||
r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
|
@ -139,23 +137,9 @@ int DH_check(const DH *dh, int *ret)
|
|||
*ret |= DH_CHECK_INVALID_Q_VALUE;
|
||||
if (dh->j && BN_cmp(dh->j, t1))
|
||||
*ret |= DH_CHECK_INVALID_J_VALUE;
|
||||
}
|
||||
|
||||
} else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
|
||||
l = BN_mod_word(dh->p, 24);
|
||||
if (l == (BN_ULONG)-1)
|
||||
goto err;
|
||||
if (l != 11)
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
} else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
|
||||
l = BN_mod_word(dh->p, 10);
|
||||
if (l == (BN_ULONG)-1)
|
||||
goto err;
|
||||
if ((l != 3) && (l != 7))
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
} else
|
||||
*ret |= DH_UNABLE_TO_CHECK_GENERATOR;
|
||||
|
||||
r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
|
@ -163,7 +147,7 @@ int DH_check(const DH *dh, int *ret)
|
|||
else if (!dh->q) {
|
||||
if (!BN_rshift1(t1, dh->p))
|
||||
goto err;
|
||||
r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
|
||||
r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
|
||||
if (r < 0)
|
||||
goto err;
|
||||
if (!r)
|
||||
|
@ -171,10 +155,8 @@ int DH_check(const DH *dh, int *ret)
|
|||
}
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
||||
|
@ -182,7 +164,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
|
|||
{
|
||||
int errflags = 0;
|
||||
|
||||
(void)DH_check(dh, &errflags);
|
||||
if (!DH_check_pub_key(dh, pub_key, &errflags))
|
||||
return 0;
|
||||
|
||||
if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
|
||||
DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
|
||||
|
@ -225,9 +208,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
|||
|
||||
ok = 1;
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -15,7 +15,7 @@
|
|||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
|
||||
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
||||
BN_GENCB *cb);
|
||||
|
@ -30,30 +30,33 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
|
|||
|
||||
/*-
|
||||
* We generate DH parameters as follows
|
||||
* find a prime q which is prime_len/2 bits long.
|
||||
* p=(2*q)+1 or (p-1)/2 = q
|
||||
* For this case, g is a generator if
|
||||
* g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
|
||||
* Since the factors of p-1 are q and 2, we just need to check
|
||||
* g^2 mod p != 1 and g^q mod p != 1.
|
||||
* find a prime p which is prime_len bits long,
|
||||
* where q=(p-1)/2 is also prime.
|
||||
* In the following we assume that g is not 0, 1 or p-1, since it
|
||||
* would generate only trivial subgroups.
|
||||
* For this case, g is a generator of the order-q subgroup if
|
||||
* g^q mod p == 1.
|
||||
* Or in terms of the Legendre symbol: (g/p) == 1.
|
||||
*
|
||||
* Having said all that,
|
||||
* there is another special case method for the generators 2, 3 and 5.
|
||||
* Using the quadratic reciprocity law it is possible to solve
|
||||
* (g/p) == 1 for the special values 2, 3, 5:
|
||||
* (2/p) == 1 if p mod 8 == 1 or 7.
|
||||
* (3/p) == 1 if p mod 12 == 1 or 11.
|
||||
* (5/p) == 1 if p mod 5 == 1 or 4.
|
||||
* See for instance: https://en.wikipedia.org/wiki/Legendre_symbol
|
||||
*
|
||||
* Since all safe primes > 7 must satisfy p mod 12 == 11
|
||||
* and all safe primes > 11 must satisfy p mod 5 != 1
|
||||
* we can further improve the condition for g = 2, 3 and 5:
|
||||
* for 2, p mod 24 == 23
|
||||
* for 3, p mod 12 == 11
|
||||
* for 5, p mod 60 == 59
|
||||
*
|
||||
* However for compatibility with previous versions we use:
|
||||
* for 2, p mod 24 == 11
|
||||
* for 3, p mod 12 == 5 <<<<< does not work for safe primes.
|
||||
* for 5, p mod 10 == 3 or 7
|
||||
*
|
||||
* Thanks to Phil Karn for the pointers about the
|
||||
* special generators and for answering some of my questions.
|
||||
*
|
||||
* I've implemented the second simple method :-).
|
||||
* Since DH should be using a safe prime (both p and q are prime),
|
||||
* this generator function can take a very very long time to run.
|
||||
*/
|
||||
/*
|
||||
* Actually there is no reason to insist that 'generator' be a generator.
|
||||
* It's just as OK (and in some sense better) to use a generator of the
|
||||
* order-q subgroup.
|
||||
* for 5, p mod 60 == 23
|
||||
*/
|
||||
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
||||
BN_GENCB *cb)
|
||||
|
@ -88,13 +91,10 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
|||
goto err;
|
||||
g = 2;
|
||||
} else if (generator == DH_GENERATOR_5) {
|
||||
if (!BN_set_word(t1, 10))
|
||||
if (!BN_set_word(t1, 60))
|
||||
goto err;
|
||||
if (!BN_set_word(t2, 3))
|
||||
if (!BN_set_word(t2, 23))
|
||||
goto err;
|
||||
/*
|
||||
* BN_set_word(t3,7); just have to miss out on these ones :-(
|
||||
*/
|
||||
g = 5;
|
||||
} else {
|
||||
/*
|
||||
|
@ -102,9 +102,9 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
|||
* not: since we are using safe primes, it will generate either an
|
||||
* order-q or an order-2q group, which both is OK
|
||||
*/
|
||||
if (!BN_set_word(t1, 2))
|
||||
if (!BN_set_word(t1, 12))
|
||||
goto err;
|
||||
if (!BN_set_word(t2, 1))
|
||||
if (!BN_set_word(t2, 11))
|
||||
goto err;
|
||||
g = generator;
|
||||
}
|
||||
|
@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
|
|||
ok = 0;
|
||||
}
|
||||
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ok;
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -9,8 +9,8 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "dh_locl.h"
|
||||
#include "internal/bn_int.h"
|
||||
#include "dh_local.h"
|
||||
#include "crypto/bn.h"
|
||||
|
||||
static int generate_key(DH *dh);
|
||||
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
|
||||
|
@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
|
|||
return dh->meth->generate_key(dh);
|
||||
}
|
||||
|
||||
/*-
|
||||
* NB: This function is inherently not constant time due to the
|
||||
* RFC 5246 (8.1.2) padding style that strips leading zero bytes.
|
||||
*/
|
||||
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
{
|
||||
return dh->meth->compute_key(key, pub_key, dh);
|
||||
int ret = 0, i;
|
||||
volatile size_t npad = 0, mask = 1;
|
||||
|
||||
/* compute the key; ret is constant unless compute_key is external */
|
||||
if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
|
||||
return ret;
|
||||
|
||||
/* count leading zero bytes, yet still touch all bytes */
|
||||
for (i = 0; i < ret; i++) {
|
||||
mask &= !key[i];
|
||||
npad += mask;
|
||||
}
|
||||
|
||||
/* unpad key */
|
||||
ret -= npad;
|
||||
/* key-dependent memory access, potentially leaking npad / ret */
|
||||
memmove(key, key + npad, ret);
|
||||
/* key-dependent memory access, potentially leaking npad / ret */
|
||||
memset(key + ret, 0, npad);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
{
|
||||
int rv, pad;
|
||||
|
||||
/* rv is constant unless compute_key is external */
|
||||
rv = dh->meth->compute_key(key, pub_key, dh);
|
||||
if (rv <= 0)
|
||||
return rv;
|
||||
pad = BN_num_bytes(dh->p) - rv;
|
||||
/* pad is constant (zero) unless compute_key is external */
|
||||
if (pad > 0) {
|
||||
memmove(key + pad, key, rv);
|
||||
memset(key, 0, pad);
|
||||
|
@ -125,6 +152,15 @@ static int generate_key(DH *dh)
|
|||
l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
|
||||
if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
|
||||
goto err;
|
||||
/*
|
||||
* We handle just one known case where g is a quadratic non-residue:
|
||||
* for g = 2: p % 8 == 3
|
||||
*/
|
||||
if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) {
|
||||
/* clear bit 0, since it won't be a secret anyway */
|
||||
if (!BN_clear_bit(priv_key, 0))
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -136,11 +172,11 @@ static int generate_key(DH *dh)
|
|||
BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
|
||||
|
||||
if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
|
||||
BN_free(prk);
|
||||
BN_clear_free(prk);
|
||||
goto err;
|
||||
}
|
||||
/* We MUST free prk before any further use of priv_key */
|
||||
BN_free(prk);
|
||||
BN_clear_free(prk);
|
||||
}
|
||||
|
||||
dh->pub_key = pub_key;
|
||||
|
@ -203,12 +239,10 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
|||
goto err;
|
||||
}
|
||||
|
||||
ret = BN_bn2bin(tmp, key);
|
||||
ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
|
||||
err:
|
||||
if (ctx != NULL) {
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
}
|
||||
BN_CTX_end(ctx);
|
||||
BN_CTX_free(ctx);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -11,7 +11,7 @@
|
|||
#include "internal/cryptlib.h"
|
||||
#include "internal/refcount.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/engine.h>
|
||||
|
||||
int DH_set_method(DH *dh, const DH_METHOD *meth)
|
||||
|
@ -234,11 +234,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
|
|||
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
|
||||
{
|
||||
if (pub_key != NULL) {
|
||||
BN_free(dh->pub_key);
|
||||
BN_clear_free(dh->pub_key);
|
||||
dh->pub_key = pub_key;
|
||||
}
|
||||
if (priv_key != NULL) {
|
||||
BN_free(dh->priv_key);
|
||||
BN_clear_free(dh->priv_key);
|
||||
dh->priv_key = priv_key;
|
||||
}
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <string.h>
|
||||
#include <openssl/err.h>
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -12,11 +12,11 @@
|
|||
#include <openssl/asn1t.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/evp.h>
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "internal/evp_int.h"
|
||||
#include "crypto/evp.h"
|
||||
|
||||
/* DH pkey context structure */
|
||||
|
||||
|
@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
|
|||
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
}
|
||||
dctx->prime_len = 1024;
|
||||
dctx->prime_len = 2048;
|
||||
dctx->subprime_len = -1;
|
||||
dctx->generator = 2;
|
||||
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
|
||||
|
|
|
@ -9,9 +9,9 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/bn.h>
|
||||
#include "internal/bn_dh.h"
|
||||
#include "crypto/bn_dh.h"
|
||||
|
||||
/*
|
||||
* Macro to make a DH structure from BIGNUM data. NB: although just copying
|
||||
|
|
|
@ -9,10 +9,10 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
#include "dh_locl.h"
|
||||
#include "dh_local.h"
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/objects.h>
|
||||
#include "internal/bn_dh.h"
|
||||
#include "crypto/bn_dh.h"
|
||||
|
||||
static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
|
||||
{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue