AppleM1: Update openssl to v1.1.1l

2025-03-09 15:49:59 +00:00 · 2022-08-14 19:05:01 +08:00 · 2022-08-14 19:05:01 +08:00 · b787656eea
commit b787656eea
parent 1fe12b8e8c
990 changed files with 13406 additions and 18710 deletions
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ameth.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -11,11 +11,11 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/bn.h>
 #include <openssl/cms.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"

 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
@ -503,7 +503,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)

    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
        *(int *)arg2 = NID_sha256;
-        return 2;
+        return 1;

    default:
        return -2;
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_asn1.c
@ -9,7 +9,7 @@

 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/rand.h>
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_err.c
@ -1,6 +1,6 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -52,6 +52,8 @@ static const ERR_STRING_DATA DSA_str_reasons[] = {
    "invalid digest type"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
+    "missing private key"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_gen.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -21,7 +21,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"

 int DSA_generate_parameters_ex(DSA *ret, int bits,
                               const unsigned char *seed_in, int seed_len,
@ -292,8 +292,7 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        if (seed_out)
            memcpy(seed_out, seed, qsize);
    }
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
    BN_CTX_free(ctx);
    BN_MONT_CTX_free(mont);
    return ok;
@ -607,8 +606,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
    OPENSSL_free(seed);
    if (seed_out != seed_tmp)
        OPENSSL_free(seed_tmp);
-    if (ctx)
-        BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
    BN_CTX_free(ctx);
    BN_MONT_CTX_free(mont);
    EVP_MD_CTX_free(mctx);
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_key.c
@ -11,7 +11,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"

 static int dsa_builtin_keygen(DSA *dsa);

--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_lib.c
@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
 #include <openssl/bn.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 #include <openssl/dh.h>
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_local.h
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_local.h
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_meth.c
@ -15,7 +15,7 @@
 * or in the file LICENSE in the source distribution.
 */

-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <string.h>
 #include <openssl/err.h>

--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_ossl.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -9,10 +9,10 @@

 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
+#include "crypto/bn.h"
 #include <openssl/bn.h>
 #include <openssl/sha.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>

 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
@ -72,6 +72,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        reason = DSA_R_MISSING_PARAMETERS;
        goto err;
    }
+    if (dsa->priv_key == NULL) {
+        reason = DSA_R_MISSING_PRIVATE_KEY;
+        goto err;
+    }

    ret = DSA_SIG_new();
    if (ret == NULL)
@ -190,6 +194,16 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
        return 0;
    }

+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+    if (dsa->priv_key == NULL) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
    k = BN_new();
    l = BN_new();
    if (k == NULL || l == NULL)
@ -242,7 +256,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
     * one bit longer than the modulus.
     *
     * There are some concerns about the efficacy of doing this.  More
-     * specificly refer to the discussion starting with:
+     * specifically refer to the discussion starting with:
     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
     * The fix is to rework BN so these gymnastics aren't required.
     */
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_pmeth.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -13,15 +13,15 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include "internal/evp_int.h"
-#include "dsa_locl.h"
+#include "crypto/evp.h"
+#include "dsa_local.h"

 /* DSA pkey context structure */

 typedef struct {
    /* Parameter gen parameters */
-    int nbits;                  /* size of p in bits (default: 1024) */
-    int qbits;                  /* size of q in bits (default: 160) */
+    int nbits;                  /* size of p in bits (default: 2048) */
+    int qbits;                  /* size of q in bits (default: 224) */
    const EVP_MD *pmd;          /* MD for parameter generation */
    /* Keygen callback info */
    int gentmp[2];
@ -35,8 +35,8 @@ static int pkey_dsa_init(EVP_PKEY_CTX *ctx)

    if (dctx == NULL)
        return 0;
-    dctx->nbits = 1024;
-    dctx->qbits = 160;
+    dctx->nbits = 2048;
+    dctx->qbits = 224;
    dctx->pmd = NULL;
    dctx->md = NULL;

@ -138,7 +138,11 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
-            EVP_MD_type((const EVP_MD *)p2) != NID_sha512) {
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
            return 0;
        }
@ -174,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
    }
    if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
        int qbits = atoi(value);
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
-                                 NULL);
+        return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits);
    }
    if (strcmp(type, "dsa_paramgen_md") == 0) {
        const EVP_MD *md = EVP_get_digestbyname(value);
@ -185,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
            DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
            return 0;
        }
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
-                                 (void *)md);
+        return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md);
    }
    return -2;
 }
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_prn.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -49,9 +49,11 @@ int DSA_print(BIO *bp, const DSA *x, int off)
    EVP_PKEY *pk;
    int ret;
    pk = EVP_PKEY_new();
-    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL)
        return 0;
-    ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
    EVP_PKEY_free(pk);
    return ret;
 }
@ -61,9 +63,11 @@ int DSAparams_print(BIO *bp, const DSA *x)
    EVP_PKEY *pk;
    int ret;
    pk = EVP_PKEY_new();
-    if (pk == NULL || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
+    if (pk == NULL)
        return 0;
-    ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
    EVP_PKEY_free(pk);
    return ret;
 }
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_sign.c
@ -8,7 +8,7 @@
 */

 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/bn.h>

 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
--- a/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c
+++ b/trunk/3rdparty/openssl-1.1-fit/crypto/dsa/dsa_vrf.c
@ -8,7 +8,7 @@
 */

 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"

 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)