1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

AppleM1: Update openssl to v1.1.1l

This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions

View file

@ -11,10 +11,10 @@
#include "internal/cryptlib.h"
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "crypto/asn1.h"
#include "crypto/evp.h"
#include <openssl/cms.h>
/*
@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
err:
OPENSSL_free(penc);
X509_ALGOR_free(wrap_alg);
OPENSSL_free(dukm);
return rv;
}

View file

@ -10,7 +10,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/objects.h>
#include <openssl/asn1t.h>

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,7 +10,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include "dh_locl.h"
#include "dh_local.h"
# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
/*-
* Check that p and g are suitable enough
@ -22,7 +24,8 @@ int DH_check_params_ex(const DH *dh)
{
int errflags = 0;
(void)DH_check_params(dh, &errflags);
if (!DH_check_params(dh, &errflags))
return 0;
if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
@ -58,27 +61,21 @@ int DH_check_params(const DH *dh, int *ret)
ok = 1;
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
}
/*-
* Check that p is a safe prime and
* if g is 2, 3 or 5, check that it is a suitable generator
* where
* for 2, p mod 24 == 11
* for 3, p mod 12 == 5
* for 5, p mod 10 == 3 or 7
* should hold.
* g is a suitable generator.
*/
int DH_check_ex(const DH *dh)
{
int errflags = 0;
(void)DH_check(dh, &errflags);
if (!DH_check(dh, &errflags))
return 0;
if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
@ -102,10 +99,11 @@ int DH_check(const DH *dh, int *ret)
{
int ok = 0, r;
BN_CTX *ctx = NULL;
BN_ULONG l;
BIGNUM *t1 = NULL, *t2 = NULL;
*ret = 0;
if (!DH_check_params(dh, ret))
return 0;
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
@ -127,7 +125,7 @@ int DH_check(const DH *dh, int *ret)
if (!BN_is_one(t1))
*ret |= DH_NOT_SUITABLE_GENERATOR;
}
r = BN_is_prime_ex(dh->q, BN_prime_checks, ctx, NULL);
r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
if (r < 0)
goto err;
if (!r)
@ -139,23 +137,9 @@ int DH_check(const DH *dh, int *ret)
*ret |= DH_CHECK_INVALID_Q_VALUE;
if (dh->j && BN_cmp(dh->j, t1))
*ret |= DH_CHECK_INVALID_J_VALUE;
}
} else if (BN_is_word(dh->g, DH_GENERATOR_2)) {
l = BN_mod_word(dh->p, 24);
if (l == (BN_ULONG)-1)
goto err;
if (l != 11)
*ret |= DH_NOT_SUITABLE_GENERATOR;
} else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
l = BN_mod_word(dh->p, 10);
if (l == (BN_ULONG)-1)
goto err;
if ((l != 3) && (l != 7))
*ret |= DH_NOT_SUITABLE_GENERATOR;
} else
*ret |= DH_UNABLE_TO_CHECK_GENERATOR;
r = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL);
r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
if (r < 0)
goto err;
if (!r)
@ -163,7 +147,7 @@ int DH_check(const DH *dh, int *ret)
else if (!dh->q) {
if (!BN_rshift1(t1, dh->p))
goto err;
r = BN_is_prime_ex(t1, BN_prime_checks, ctx, NULL);
r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
if (r < 0)
goto err;
if (!r)
@ -171,10 +155,8 @@ int DH_check(const DH *dh, int *ret)
}
ok = 1;
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
}
@ -182,7 +164,8 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
{
int errflags = 0;
(void)DH_check(dh, &errflags);
if (!DH_check_pub_key(dh, pub_key, &errflags))
return 0;
if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
@ -225,9 +208,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
ok = 1;
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -15,7 +15,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include "dh_locl.h"
#include "dh_local.h"
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb);
@ -30,30 +30,33 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
/*-
* We generate DH parameters as follows
* find a prime q which is prime_len/2 bits long.
* p=(2*q)+1 or (p-1)/2 = q
* For this case, g is a generator if
* g^((p-1)/q) mod p != 1 for values of q which are the factors of p-1.
* Since the factors of p-1 are q and 2, we just need to check
* g^2 mod p != 1 and g^q mod p != 1.
* find a prime p which is prime_len bits long,
* where q=(p-1)/2 is also prime.
* In the following we assume that g is not 0, 1 or p-1, since it
* would generate only trivial subgroups.
* For this case, g is a generator of the order-q subgroup if
* g^q mod p == 1.
* Or in terms of the Legendre symbol: (g/p) == 1.
*
* Having said all that,
* there is another special case method for the generators 2, 3 and 5.
* Using the quadratic reciprocity law it is possible to solve
* (g/p) == 1 for the special values 2, 3, 5:
* (2/p) == 1 if p mod 8 == 1 or 7.
* (3/p) == 1 if p mod 12 == 1 or 11.
* (5/p) == 1 if p mod 5 == 1 or 4.
* See for instance: https://en.wikipedia.org/wiki/Legendre_symbol
*
* Since all safe primes > 7 must satisfy p mod 12 == 11
* and all safe primes > 11 must satisfy p mod 5 != 1
* we can further improve the condition for g = 2, 3 and 5:
* for 2, p mod 24 == 23
* for 3, p mod 12 == 11
* for 5, p mod 60 == 59
*
* However for compatibility with previous versions we use:
* for 2, p mod 24 == 11
* for 3, p mod 12 == 5 <<<<< does not work for safe primes.
* for 5, p mod 10 == 3 or 7
*
* Thanks to Phil Karn for the pointers about the
* special generators and for answering some of my questions.
*
* I've implemented the second simple method :-).
* Since DH should be using a safe prime (both p and q are prime),
* this generator function can take a very very long time to run.
*/
/*
* Actually there is no reason to insist that 'generator' be a generator.
* It's just as OK (and in some sense better) to use a generator of the
* order-q subgroup.
* for 5, p mod 60 == 23
*/
static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
BN_GENCB *cb)
@ -88,13 +91,10 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
goto err;
g = 2;
} else if (generator == DH_GENERATOR_5) {
if (!BN_set_word(t1, 10))
if (!BN_set_word(t1, 60))
goto err;
if (!BN_set_word(t2, 3))
if (!BN_set_word(t2, 23))
goto err;
/*
* BN_set_word(t3,7); just have to miss out on these ones :-(
*/
g = 5;
} else {
/*
@ -102,9 +102,9 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
* not: since we are using safe primes, it will generate either an
* order-q or an order-2q group, which both is OK
*/
if (!BN_set_word(t1, 2))
if (!BN_set_word(t1, 12))
goto err;
if (!BN_set_word(t2, 1))
if (!BN_set_word(t2, 11))
goto err;
g = generator;
}
@ -122,9 +122,7 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
ok = 0;
}
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ok;
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -9,8 +9,8 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_locl.h"
#include "internal/bn_int.h"
#include "dh_local.h"
#include "crypto/bn.h"
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
/*-
* NB: This function is inherently not constant time due to the
* RFC 5246 (8.1.2) padding style that strips leading zero bytes.
*/
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
return dh->meth->compute_key(key, pub_key, dh);
int ret = 0, i;
volatile size_t npad = 0, mask = 1;
/* compute the key; ret is constant unless compute_key is external */
if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
return ret;
/* count leading zero bytes, yet still touch all bytes */
for (i = 0; i < ret; i++) {
mask &= !key[i];
npad += mask;
}
/* unpad key */
ret -= npad;
/* key-dependent memory access, potentially leaking npad / ret */
memmove(key, key + npad, ret);
/* key-dependent memory access, potentially leaking npad / ret */
memset(key + ret, 0, npad);
return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
/* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
/* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@ -125,6 +152,15 @@ static int generate_key(DH *dh)
l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
goto err;
/*
* We handle just one known case where g is a quadratic non-residue:
* for g = 2: p % 8 == 3
*/
if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) {
/* clear bit 0, since it won't be a secret anyway */
if (!BN_clear_bit(priv_key, 0))
goto err;
}
}
}
@ -136,11 +172,11 @@ static int generate_key(DH *dh)
BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
BN_free(prk);
BN_clear_free(prk);
goto err;
}
/* We MUST free prk before any further use of priv_key */
BN_free(prk);
BN_clear_free(prk);
}
dh->pub_key = pub_key;
@ -203,12 +239,10 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
ret = BN_bn2bin(tmp, key);
ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return ret;
}

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,7 +11,7 @@
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include <openssl/bn.h>
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/engine.h>
int DH_set_method(DH *dh, const DH_METHOD *meth)
@ -234,11 +234,11 @@ void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
{
if (pub_key != NULL) {
BN_free(dh->pub_key);
BN_clear_free(dh->pub_key);
dh->pub_key = pub_key;
}
if (priv_key != NULL) {
BN_free(dh->priv_key);
BN_clear_free(dh->priv_key);
dh->priv_key = priv_key;
}

View file

@ -7,7 +7,7 @@
* https://www.openssl.org/source/license.html
*/
#include "dh_locl.h"
#include "dh_local.h"
#include <string.h>
#include <openssl/err.h>

View file

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -12,11 +12,11 @@
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/objects.h>
#include "internal/evp_int.h"
#include "crypto/evp.h"
/* DH pkey context structure */
@ -54,7 +54,7 @@ static int pkey_dh_init(EVP_PKEY_CTX *ctx)
DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
return 0;
}
dctx->prime_len = 1024;
dctx->prime_len = 2048;
dctx->subprime_len = -1;
dctx->generator = 2;
dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;

View file

@ -9,9 +9,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include "internal/bn_dh.h"
#include "crypto/bn_dh.h"
/*
* Macro to make a DH structure from BIGNUM data. NB: although just copying

View file

@ -9,10 +9,10 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include "dh_locl.h"
#include "dh_local.h"
#include <openssl/bn.h>
#include <openssl/objects.h>
#include "internal/bn_dh.h"
#include "crypto/bn_dh.h"
static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
{