mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
|
@ -10,10 +10,11 @@
|
|||
|
||||
#include "internal/cryptlib.h"
|
||||
#include <string.h>
|
||||
#include "ec_lcl.h"
|
||||
#include "ec_local.h"
|
||||
#include "internal/refcount.h"
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
#include "crypto/bn.h"
|
||||
|
||||
EC_KEY *EC_KEY_new(void)
|
||||
{
|
||||
|
@ -416,17 +417,86 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
|
|||
|
||||
int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
|
||||
{
|
||||
int fixed_top;
|
||||
const BIGNUM *order = NULL;
|
||||
BIGNUM *tmp_key = NULL;
|
||||
|
||||
if (key->group == NULL || key->group->meth == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* Not only should key->group be set, but it should also be in a valid
|
||||
* fully initialized state.
|
||||
*
|
||||
* Specifically, to operate in constant time, we need that the group order
|
||||
* is set, as we use its length as the fixed public size of any scalar used
|
||||
* as an EC private key.
|
||||
*/
|
||||
order = EC_GROUP_get0_order(key->group);
|
||||
if (order == NULL || BN_is_zero(order))
|
||||
return 0; /* This should never happen */
|
||||
|
||||
if (key->group->meth->set_private != NULL
|
||||
&& key->group->meth->set_private(key, priv_key) == 0)
|
||||
return 0;
|
||||
if (key->meth->set_private != NULL
|
||||
&& key->meth->set_private(key, priv_key) == 0)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* We should never leak the bit length of the secret scalar in the key,
|
||||
* so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
|
||||
* holding the secret scalar.
|
||||
*
|
||||
* This is important also because `BN_dup()` (and `BN_copy()`) do not
|
||||
* propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and
|
||||
* this brings an extra risk of inadvertently losing the flag, even when
|
||||
* the caller specifically set it.
|
||||
*
|
||||
* The propagation has been turned on and off a few times in the past
|
||||
* years because in some conditions has shown unintended consequences in
|
||||
* some code paths, so at the moment we can't fix this in the BN layer.
|
||||
*
|
||||
* In `EC_KEY_set_private_key()` we can work around the propagation by
|
||||
* manually setting the flag after `BN_dup()` as we know for sure that
|
||||
* inside the EC module the `BN_FLG_CONSTTIME` is always treated
|
||||
* correctly and should not generate unintended consequences.
|
||||
*
|
||||
* Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
|
||||
* to preallocate the BIGNUM internal buffer to a fixed public size big
|
||||
* enough that operations performed during the processing never trigger
|
||||
* a realloc which would leak the size of the scalar through memory
|
||||
* accesses.
|
||||
*
|
||||
* Fixed Length
|
||||
* ------------
|
||||
*
|
||||
* The order of the large prime subgroup of the curve is our choice for
|
||||
* a fixed public size, as that is generally the upper bound for
|
||||
* generating a private key in EC cryptosystems and should fit all valid
|
||||
* secret scalars.
|
||||
*
|
||||
* For preallocating the BIGNUM storage we look at the number of "words"
|
||||
* required for the internal representation of the order, and we
|
||||
* preallocate 2 extra "words" in case any of the subsequent processing
|
||||
* might temporarily overflow the order length.
|
||||
*/
|
||||
tmp_key = BN_dup(priv_key);
|
||||
if (tmp_key == NULL)
|
||||
return 0;
|
||||
|
||||
BN_set_flags(tmp_key, BN_FLG_CONSTTIME);
|
||||
|
||||
fixed_top = bn_get_top(order) + 2;
|
||||
if (bn_wexpand(tmp_key, fixed_top) == NULL) {
|
||||
BN_clear_free(tmp_key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
BN_clear_free(key->priv_key);
|
||||
key->priv_key = BN_dup(priv_key);
|
||||
return (key->priv_key == NULL) ? 0 : 1;
|
||||
key->priv_key = tmp_key;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
|
||||
|
@ -494,6 +564,13 @@ void EC_KEY_clear_flags(EC_KEY *key, int flags)
|
|||
key->flags &= ~flags;
|
||||
}
|
||||
|
||||
int EC_KEY_decoded_from_explicit_params(const EC_KEY *key)
|
||||
{
|
||||
if (key == NULL || key->group == NULL)
|
||||
return -1;
|
||||
return key->group->decoded_from_explicit_params;
|
||||
}
|
||||
|
||||
size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
|
||||
unsigned char **pbuf, BN_CTX *ctx)
|
||||
{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue