mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -12,7 +12,7 @@ of these components is defined by:
|
|||
3) A set of accessor macros
|
||||
|
||||
All struct definitions are in record.h. The functions and macros are either
|
||||
defined in record.h or record_locl.h dependent on whether they are intended to
|
||||
defined in record.h or record_local.h dependent on whether they are intended to
|
||||
be private to the record layer, or whether they form part of the API to the rest
|
||||
of libssl.
|
||||
|
||||
|
@ -55,7 +55,7 @@ Conceptually it looks like this:
|
|||
|| rec_layer_d1.c ||
|
||||
||____________________||
|
||||
|______________________|
|
||||
record_locl.h ^ ^ ^
|
||||
record_local.h ^ ^ ^
|
||||
_________________| | |_________________
|
||||
| | |
|
||||
_____V_________ ______V________ _______V________
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
|
||||
/* mod 128 saturating subtract of two 64-bit values in big-endian order */
|
||||
static int satsub64be(const unsigned char *v1, const unsigned char *v2)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -9,11 +9,11 @@
|
|||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include "record_locl.h"
|
||||
#include "../packet_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "../packet_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
|
||||
|
@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
|
|||
|
||||
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
|
||||
{
|
||||
if (rl->d == NULL)
|
||||
return;
|
||||
|
||||
DTLS_RECORD_LAYER_clear(rl);
|
||||
pqueue_free(rl->d->unprocessed_rcds.q);
|
||||
pqueue_free(rl->d->processed_rcds.q);
|
||||
|
@ -808,8 +811,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
|
|||
wb = &s->rlayer.wbuf[0];
|
||||
|
||||
/*
|
||||
* first check if there is a SSL3_BUFFER still being written out. This
|
||||
* will happen with non blocking IO
|
||||
* DTLS writes whole datagrams, so there can't be anything left in
|
||||
* the buffer.
|
||||
*/
|
||||
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -10,15 +10,15 @@
|
|||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
#include <errno.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/rand.h>
|
||||
#include "record_locl.h"
|
||||
#include "../packet_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "../packet_local.h"
|
||||
|
||||
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
|
||||
!( defined(AES_ASM) && ( \
|
||||
!( defined(AESNI_ASM) && ( \
|
||||
defined(__x86_64) || defined(__x86_64__) || \
|
||||
defined(_M_AMD64) || defined(_M_X64) ) \
|
||||
)
|
||||
|
@ -172,9 +172,9 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
|
|||
/*
|
||||
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
|
||||
* packet by another n bytes. The packet will be in the sub-array of
|
||||
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
|
||||
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
|
||||
* s->packet_length bytes if extend == 1].)
|
||||
* s->rlayer.rbuf.buf specified by s->rlayer.packet and
|
||||
* s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
|
||||
* be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
|
||||
* if clearold == 1, move the packet to the start of the buffer; if
|
||||
* clearold == 0 then leave any old packets where they were
|
||||
*/
|
||||
|
@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
|||
|
||||
s->rlayer.wnum = 0;
|
||||
|
||||
/*
|
||||
* If we are supposed to be sending a KeyUpdate then go into init unless we
|
||||
* have writes pending - in which case we should finish doing that first.
|
||||
*/
|
||||
if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
|
||||
ossl_statem_set_in_init(s, 1);
|
||||
|
||||
/*
|
||||
* When writing early data on the server side we could be "in_init" in
|
||||
* between receiving the EoED and the CF - but we don't want to handle those
|
||||
|
@ -628,8 +635,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
|
|||
*/
|
||||
s->s3->empty_fragment_done = 0;
|
||||
|
||||
if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
|
||||
!SSL_IS_DTLS(s))
|
||||
if (tmpwrit == n
|
||||
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
|
||||
&& !SSL_IS_DTLS(s))
|
||||
ssl3_release_write_buffer(s);
|
||||
|
||||
*written = tot + tmpwrit;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
|
||||
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
|
||||
{
|
||||
|
@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
|
|||
b->len = len;
|
||||
}
|
||||
|
||||
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
@ -94,7 +93,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
|
|||
headerlen = SSL3_RT_HEADER_LENGTH;
|
||||
|
||||
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
|
||||
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
|
||||
align = SSL3_ALIGN_PAYLOAD - 1;
|
||||
#endif
|
||||
|
||||
len = ssl_get_max_send_fragment(s)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
|
@ -7,10 +7,10 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include <openssl/rand.h>
|
||||
#include "record_locl.h"
|
||||
#include "record_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
static const unsigned char ssl3_pad_1[48] = {
|
||||
|
@ -405,7 +405,7 @@ int ssl3_get_record(SSL *s)
|
|||
more = thisrr->length;
|
||||
}
|
||||
if (more > 0) {
|
||||
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
|
||||
/* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
|
||||
|
||||
rret = ssl3_read_n(s, more, more, 1, 0, &n);
|
||||
if (rret <= 0)
|
||||
|
@ -416,9 +416,9 @@ int ssl3_get_record(SSL *s)
|
|||
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
|
||||
|
||||
/*
|
||||
* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
|
||||
* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
|
||||
* + thisrr->length and we have that many bytes in s->packet
|
||||
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
|
||||
* + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
|
||||
* + thisrr->length and we have that many bytes in s->rlayer.packet
|
||||
*/
|
||||
if (thisrr->rec_version == SSL2_VERSION) {
|
||||
thisrr->input =
|
||||
|
@ -429,11 +429,11 @@ int ssl3_get_record(SSL *s)
|
|||
}
|
||||
|
||||
/*
|
||||
* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
|
||||
* points at thisrr->length bytes, which need to be copied into
|
||||
* thisrr->data by either the decryption or by the decompression When
|
||||
* the data is 'copied' into the thisrr->data buffer, thisrr->input will
|
||||
* be pointed at the new buffer
|
||||
* ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
|
||||
* thisrr->input points at thisrr->length bytes, which need to be copied
|
||||
* into thisrr->data by either the decryption or by the decompression.
|
||||
* When the data is 'copied' into the thisrr->data buffer,
|
||||
* thisrr->input will be updated to point at the new buffer
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
|
|||
RECORD_LAYER_reset_read_sequence(&s->rlayer);
|
||||
return 1;
|
||||
}
|
||||
SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
|
||||
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
|
||||
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
|
||||
return -1;
|
||||
}
|
||||
|
@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
|
|||
* SSLfatal() for internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record's padding is valid / the encryption was successful.
|
||||
* -1: if the record's padding is invalid or, if sending, an internal error
|
||||
|
@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
|
|||
* internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record's padding is valid / the encryption was successful.
|
||||
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
|
||||
|
@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
|
|||
} else if ((bs != 1) && sending) {
|
||||
padnum = bs - (reclen[ctr] % bs);
|
||||
|
||||
/* Add weird padding of upto 256 bytes */
|
||||
/* Add weird padding of up to 256 bytes */
|
||||
|
||||
if (padnum > MAX_PADDING) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
|
||||
|
@ -1610,21 +1610,22 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
int imac_size;
|
||||
size_t mac_size;
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
|
||||
|
||||
rr = RECORD_LAYER_get_rrec(&s->rlayer);
|
||||
sess = s->session;
|
||||
|
||||
/*
|
||||
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
|
||||
* and we have that many bytes in s->packet
|
||||
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
|
||||
* and we have that many bytes in s->rlayer.packet
|
||||
*/
|
||||
rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
|
||||
|
||||
/*
|
||||
* ok, we can now read from 's->packet' data into 'rr' rr->input points
|
||||
* at rr->length bytes, which need to be copied into rr->data by either
|
||||
* the decryption or by the decompression When the data is 'copied' into
|
||||
* the rr->data buffer, rr->input will be pointed at the new buffer
|
||||
* ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
|
||||
* points at rr->length bytes, which need to be copied into rr->data by
|
||||
* either the decryption or by the decompression. When the data is 'copied'
|
||||
* into the rr->data buffer, rr->input will be pointed at the new buffer
|
||||
*/
|
||||
|
||||
/*
|
||||
|
@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
|
||||
/*-
|
||||
* enc_err is:
|
||||
* 0: (in non-constant time) if the record is publically invalid.
|
||||
* 0: (in non-constant time) if the record is publicly invalid.
|
||||
* 1: if the padding is valid
|
||||
* -1: if the padding is invalid
|
||||
*/
|
||||
|
@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
|
|||
}
|
||||
}
|
||||
|
||||
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
|
||||
/* use current Max Fragment Length setting if applicable */
|
||||
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
|
||||
max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session);
|
||||
|
||||
/* send overflow if the plaintext is too long now it has passed MAC */
|
||||
if (rr->length > max_plain_length) {
|
||||
SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
|
||||
SSL_R_DATA_LENGTH_TOO_LONG);
|
||||
return 0;
|
||||
|
@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s)
|
|||
|
||||
/* If received packet overflows own-client Max Fragment Length setting */
|
||||
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
|
||||
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
|
||||
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) {
|
||||
/* record too long, silently discard it */
|
||||
rr->length = 0;
|
||||
rr->read = 1;
|
||||
|
@ -1941,7 +1947,7 @@ int dtls1_get_record(SSL *s)
|
|||
|
||||
if (rr->length >
|
||||
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
|
||||
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
|
||||
/* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
|
||||
more = rr->length;
|
||||
rret = ssl3_read_n(s, more, more, 1, 1, &n);
|
||||
/* this packet contained a partial record, dump it */
|
||||
|
@ -1957,7 +1963,7 @@ int dtls1_get_record(SSL *s)
|
|||
}
|
||||
|
||||
/*
|
||||
* now n == rr->length, and s->packet_length ==
|
||||
* now n == rr->length, and s->rlayer.packet_length ==
|
||||
* DTLS1_RT_HEADER_LENGTH + rr->length
|
||||
*/
|
||||
}
|
||||
|
|
|
@ -7,8 +7,8 @@
|
|||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include "../ssl_locl.h"
|
||||
#include "record_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "record_local.h"
|
||||
#include "internal/cryptlib.h"
|
||||
|
||||
/*-
|
||||
|
@ -16,7 +16,7 @@
|
|||
* internal errors, but not otherwise.
|
||||
*
|
||||
* Returns:
|
||||
* 0: (in non-constant time) if the record is publically invalid (i.e. too
|
||||
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
|
||||
* short etc).
|
||||
* 1: if the record encryption was successful.
|
||||
* -1: if the record's AEAD-authenticator is invalid or, if sending,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue