external/srs
1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00
Code Issues Releases Wiki Activity

AppleM1: Update openssl to v1.1.1l

Browse source
This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions
Download patch file Download diff file Expand all files Collapse all files

196
trunk/3rdparty/openssl-1.1-fit/crypto/rand/rand_lib.c vendored
View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -11,10 +11,10 @@
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/opensslconf.h>
#include "internal/rand_int.h"
#include "crypto/rand.h"
#include <openssl/engine.h>
#include "internal/thread_once.h"
#include "rand_lcl.h"
#include "rand_local.h"
#include "e_os.h"
#ifndef OPENSSL_NO_ENGINE
@ -26,8 +26,6 @@ static CRYPTO_RWLOCK *rand_meth_lock;
static const RAND_METHOD *default_RAND_meth;
static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
int rand_fork_count;
static CRYPTO_RWLOCK *rand_nonce_lock;
static int rand_nonce_count;
@ -137,7 +135,7 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
size_t entropy_available = 0;
RAND_POOL *pool;
if (drbg->parent && drbg->strength > drbg->parent->strength) {
if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
/*
* We currently don't support the algorithm from NIST SP 800-90C
* 10.1.2 to use a weaker DRBG as source
@ -150,12 +148,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
pool = drbg->seed_pool;
pool->entropy_requested = entropy;
} else {
pool = rand_pool_new(entropy, min_len, max_len);
pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
if (pool == NULL)
return 0;
}
if (drbg->parent) {
if (drbg->parent != NULL) {
size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
@ -163,7 +161,9 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
size_t bytes = 0;
/*
* Get random from parent, include our state as additional input.
* Get random data from parent. Include our address as additional input,
* in order to provide some additional distinction between different
* DRBG child instances.
* Our lock is already held, but we need to lock our parent before
* generating bits from it. (Note: taking the lock will be a no-op
* if locking if drbg->parent->lock == NULL.)
@ -172,10 +172,8 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
NULL, 0) != 0)
(unsigned char *)&drbg, sizeof(drbg)) != 0)
bytes = bytes_needed;
drbg->reseed_next_counter
= tsan_load(&drbg->parent->reseed_prop_counter);
rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes);
@ -216,8 +214,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
if (drbg->seed_pool == NULL)
OPENSSL_secure_clear_free(out, outlen);
if (drbg->seed_pool == NULL) {
if (drbg->secure)
OPENSSL_secure_clear_free(out, outlen);
else
OPENSSL_clear_free(out, outlen);
}
}
@ -235,9 +237,10 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
struct {
void * instance;
int count;
} data = { 0 };
} data;
pool = rand_pool_new(0, min_len, max_len);
memset(&data, 0, sizeof(data));
pool = rand_pool_new(0, 0, min_len, max_len);
if (pool == NULL)
return 0;
@ -266,7 +269,7 @@ size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
unsigned char *out, size_t outlen)
{
OPENSSL_secure_clear_free(out, outlen);
OPENSSL_clear_free(out, outlen);
}
/*
@ -298,11 +301,6 @@ void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
rand_pool_reattach(pool, out);
}
void rand_fork(void)
{
rand_fork_count++;
}
DEFINE_RUN_ONCE_STATIC(do_rand_init)
{
#ifndef OPENSSL_NO_ENGINE
@ -362,7 +360,7 @@ void rand_cleanup_int(void)
}
/*
* RAND_close_seed_files() ensures that any seed file decriptors are
* RAND_close_seed_files() ensures that any seed file descriptors are
* closed after use.
*/
void RAND_keep_random_devices_open(int keep)
@ -386,6 +384,9 @@ int RAND_poll(void)
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth == NULL)
return 0;
if (meth == RAND_OpenSSL()) {
/* fill random pool and seed the master DRBG */
RAND_DRBG *drbg = RAND_DRBG_get0_master();
@ -401,8 +402,8 @@ int RAND_poll(void)
} else {
/* fill random pool and seed the current legacy RNG */
pool = rand_pool_new(RAND_DRBG_STRENGTH,
RAND_DRBG_STRENGTH / 8,
pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
(RAND_DRBG_STRENGTH + 7) / 8,
RAND_POOL_MAX_LENGTH);
if (pool == NULL)
return 0;
@ -428,10 +429,16 @@ err:
* Allocate memory and initialize a new random pool
*/
RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
RAND_POOL *rand_pool_new(int entropy_requested, int secure,
size_t min_len, size_t max_len)
{
RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
RAND_POOL *pool;
size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
if (!RUN_ONCE(&rand_init, do_rand_init))
return NULL;
pool = OPENSSL_zalloc(sizeof(*pool));
if (pool == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
@ -440,14 +447,22 @@ RAND_POOL *rand_pool_new(int entropy_requested, size_t min_len, size_t max_len)
pool->min_len = min_len;
pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
RAND_POOL_MAX_LENGTH : max_len;
pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len;
if (pool->alloc_len > pool->max_len)
pool->alloc_len = pool->max_len;
if (secure)
pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len);
else
pool->buffer = OPENSSL_zalloc(pool->alloc_len);
pool->buffer = OPENSSL_secure_zalloc(pool->max_len);
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
goto err;
}
pool->entropy_requested = entropy_requested;
pool->secure = secure;
return pool;
@ -482,7 +497,7 @@ RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
pool->attached = 1;
pool->min_len = pool->max_len = pool->len;
pool->min_len = pool->max_len = pool->alloc_len = pool->len;
pool->entropy = entropy;
return pool;
@ -502,8 +517,13 @@ void rand_pool_free(RAND_POOL *pool)
* to rand_pool_attach() as `const unsigned char*`.
* (see corresponding comment in rand_pool_attach()).
*/
if (!pool->attached)
OPENSSL_secure_clear_free(pool->buffer, pool->max_len);
if (!pool->attached) {
if (pool->secure)
OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
else
OPENSSL_clear_free(pool->buffer, pool->alloc_len);
}
OPENSSL_free(pool);
}
@ -596,6 +616,42 @@ size_t rand_pool_entropy_needed(RAND_POOL *pool)
return 0;
}
/* Increase the allocation size -- not usable for an attached pool */
static int rand_pool_grow(RAND_POOL *pool, size_t len)
{
if (len > pool->alloc_len - pool->len) {
unsigned char *p;
const size_t limit = pool->max_len / 2;
size_t newlen = pool->alloc_len;
if (pool->attached || len > pool->max_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
return 0;
}
do
newlen = newlen < limit ? newlen * 2 : pool->max_len;
while (len > newlen - pool->len);
if (pool->secure)
p = OPENSSL_secure_zalloc(newlen);
else
p = OPENSSL_zalloc(newlen);
if (p == NULL) {
RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
return 0;
}
memcpy(p, pool->buffer, pool->len);
if (pool->secure)
OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
else
OPENSSL_clear_free(pool->buffer, pool->alloc_len);
pool->buffer = p;
pool->alloc_len = newlen;
}
return 1;
}
/*
* Returns the number of bytes needed to fill the pool, assuming
* the input has 1 / |entropy_factor| entropy bits per data bit.
@ -625,6 +681,24 @@ size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
/* to meet the min_len requirement */
bytes_needed = pool->min_len - pool->len;
/*
* Make sure the buffer is large enough for the requested amount
* of data. This guarantees that existing code patterns where
* rand_pool_add_begin, rand_pool_add_end or rand_pool_add
* are used to collect entropy data without any error handling
* whatsoever, continue to be valid.
* Furthermore if the allocation here fails once, make sure that
* we don't fall back to a less secure or even blocking random source,
* as that could happen by the existing code patterns.
* This is not a concern for additional data, therefore that
* is not needed if rand_pool_grow fails in other places.
*/
if (!rand_pool_grow(pool, bytes_needed)) {
/* persistent error for this pool */
pool->max_len = pool->len = 0;
return 0;
}
return bytes_needed;
}
@ -657,6 +731,27 @@ int rand_pool_add(RAND_POOL *pool,
}
if (len > 0) {
/*
* This is to protect us from accidentally passing the buffer
* returned from rand_pool_add_begin.
* The check for alloc_len makes sure we do not compare the
* address of the end of the allocated memory to something
* different, since that comparison would have an
* indeterminate result.
*/
if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) {
RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
return 0;
}
/*
* We have that only for cases when a pool is used to collect
* additional data.
* For entropy data, as long as the allocation request stays within
* the limits given by rand_pool_bytes_needed this rand_pool_grow
* below is guaranteed to succeed, thus no allocation happens.
*/
if (!rand_pool_grow(pool, len))
return 0;
memcpy(pool->buffer + pool->len, buffer, len);
pool->len += len;
pool->entropy += entropy;
@ -675,7 +770,7 @@ int rand_pool_add(RAND_POOL *pool,
* is returned without producing an error message.
*
* After updating the buffer, rand_pool_add_end() needs to be called
* to finish the udpate operation (see next comment).
* to finish the update operation (see next comment).
*/
unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
{
@ -689,9 +784,21 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
if (pool->buffer == NULL) {
RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
return 0;
return NULL;
}
/*
* As long as the allocation request stays within the limits given
* by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
* to succeed, thus no allocation happens.
* We have that only for cases when a pool is used to collect
* additional data. Then the buffer might need to grow here,
* and of course the caller is responsible to check the return
* value of this function.
*/
if (!rand_pool_grow(pool, len))
return NULL;
return pool->buffer + pool->len;
}
@ -706,7 +813,7 @@ unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
*/
int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
{
if (len > pool->max_len - pool->len) {
if (len > pool->alloc_len - pool->len) {
RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
return 0;
}
@ -794,7 +901,7 @@ void RAND_seed(const void *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth->seed != NULL)
if (meth != NULL && meth->seed != NULL)
meth->seed(buf, num);
}
@ -802,7 +909,7 @@ void RAND_add(const void *buf, int num, double randomness)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth->add != NULL)
if (meth != NULL && meth->add != NULL)
meth->add(buf, num, randomness);
}
@ -815,24 +922,22 @@ int RAND_priv_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
RAND_DRBG *drbg;
int ret;
if (meth != RAND_OpenSSL())
if (meth != NULL && meth != RAND_OpenSSL())
return RAND_bytes(buf, num);
drbg = RAND_DRBG_get0_private();
if (drbg == NULL)
return 0;
if (drbg != NULL)
return RAND_DRBG_bytes(drbg, buf, num);
ret = RAND_DRBG_bytes(drbg, buf, num);
return ret;
return 0;
}
int RAND_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth->bytes != NULL)
if (meth != NULL && meth->bytes != NULL)
return meth->bytes(buf, num);
RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
return -1;
@ -843,8 +948,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth->pseudorand != NULL)
if (meth != NULL && meth->pseudorand != NULL)
return meth->pseudorand(buf, num);
RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
return -1;
}
#endif
@ -853,7 +959,7 @@ int RAND_status(void)
{
const RAND_METHOD *meth = RAND_get_rand_method();
if (meth->status != NULL)
if (meth != NULL && meth->status != NULL)
return meth->status();
return 0;
}