1
0
Fork 0
mirror of https://github.com/ossrs/srs.git synced 2025-03-09 15:49:59 +00:00

AppleM1: Update openssl to v1.1.1l

This commit is contained in:
winlin 2022-08-14 19:05:01 +08:00
parent 1fe12b8e8c
commit b787656eea
990 changed files with 13406 additions and 18710 deletions

View file

@ -12,7 +12,7 @@ of these components is defined by:
3) A set of accessor macros
All struct definitions are in record.h. The functions and macros are either
defined in record.h or record_locl.h dependent on whether they are intended to
defined in record.h or record_local.h dependent on whether they are intended to
be private to the record layer, or whether they form part of the API to the rest
of libssl.
@ -55,7 +55,7 @@ Conceptually it looks like this:
|| rec_layer_d1.c ||
||____________________||
|______________________|
record_locl.h ^ ^ ^
record_local.h ^ ^ ^
_________________| | |_________________
| | |
_____V_________ ______V________ _______V________

View file

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
#include "../ssl_local.h"
#include "record_local.h"
/* mod 128 saturating subtract of two 64-bit values in big-endian order */
static int satsub64be(const unsigned char *v1, const unsigned char *v2)

View file

@ -1,5 +1,5 @@
/*
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -9,11 +9,11 @@
#include <stdio.h>
#include <errno.h>
#include "../ssl_locl.h"
#include "../ssl_local.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include "record_locl.h"
#include "../packet_locl.h"
#include "record_local.h"
#include "../packet_local.h"
#include "internal/cryptlib.h"
int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
@ -46,6 +46,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
{
if (rl->d == NULL)
return;
DTLS_RECORD_LAYER_clear(rl);
pqueue_free(rl->d->unprocessed_rcds.q);
pqueue_free(rl->d->processed_rcds.q);
@ -808,8 +811,8 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
wb = &s->rlayer.wbuf[0];
/*
* first check if there is a SSL3_BUFFER still being written out. This
* will happen with non blocking IO
* DTLS writes whole datagrams, so there can't be anything left in
* the buffer.
*/
if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -10,15 +10,15 @@
#include <stdio.h>
#include <limits.h>
#include <errno.h>
#include "../ssl_locl.h"
#include "../ssl_local.h"
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <openssl/rand.h>
#include "record_locl.h"
#include "../packet_locl.h"
#include "record_local.h"
#include "../packet_local.h"
#if defined(OPENSSL_SMALL_FOOTPRINT) || \
!( defined(AES_ASM) && ( \
!( defined(AESNI_ASM) && ( \
defined(__x86_64) || defined(__x86_64__) || \
defined(_M_AMD64) || defined(_M_X64) ) \
)
@ -172,9 +172,9 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
/*
* If extend == 0, obtain new n-byte packet; if extend == 1, increase
* packet by another n bytes. The packet will be in the sub-array of
* s->s3->rbuf.buf specified by s->packet and s->packet_length. (If
* s->rlayer.read_ahead is set, 'max' bytes may be stored in rbuf [plus
* s->packet_length bytes if extend == 1].)
* s->rlayer.rbuf.buf specified by s->rlayer.packet and
* s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
* be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
* if clearold == 1, move the packet to the start of the buffer; if
* clearold == 0 then leave any old packets where they were
*/
@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
s->rlayer.wnum = 0;
/*
* If we are supposed to be sending a KeyUpdate then go into init unless we
* have writes pending - in which case we should finish doing that first.
*/
if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
ossl_statem_set_in_init(s, 1);
/*
* When writing early data on the server side we could be "in_init" in
* between receiving the EoED and the CF - but we don't want to handle those
@ -628,8 +635,9 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
*/
s->s3->empty_fragment_done = 0;
if ((i == (int)n) && s->mode & SSL_MODE_RELEASE_BUFFERS &&
!SSL_IS_DTLS(s))
if (tmpwrit == n
&& (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
&& !SSL_IS_DTLS(s))
ssl3_release_write_buffer(s);
*written = tot + tmpwrit;

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
#include "../ssl_local.h"
#include "record_local.h"
void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
{
@ -74,7 +74,6 @@ int ssl3_setup_read_buffer(SSL *s)
b->len = len;
}
RECORD_LAYER_set_packet(&s->rlayer, &(b->buf[0]));
return 1;
}
@ -94,7 +93,7 @@ int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
headerlen = SSL3_RT_HEADER_LENGTH;
#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
align = SSL3_ALIGN_PAYLOAD - 1;
#endif
len = ssl_get_max_send_fragment(s)

View file

@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -7,10 +7,10 @@
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "internal/constant_time_locl.h"
#include "../ssl_local.h"
#include "internal/constant_time.h"
#include <openssl/rand.h>
#include "record_locl.h"
#include "record_local.h"
#include "internal/cryptlib.h"
static const unsigned char ssl3_pad_1[48] = {
@ -405,7 +405,7 @@ int ssl3_get_record(SSL *s)
more = thisrr->length;
}
if (more > 0) {
/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
/* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
rret = ssl3_read_n(s, more, more, 1, 0, &n);
if (rret <= 0)
@ -416,9 +416,9 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LENGTH
* + thisrr->length, or s->packet_length == SSL2_RT_HEADER_LENGTH
* + thisrr->length and we have that many bytes in s->packet
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
* + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
* + thisrr->length and we have that many bytes in s->rlayer.packet
*/
if (thisrr->rec_version == SSL2_VERSION) {
thisrr->input =
@ -429,11 +429,11 @@ int ssl3_get_record(SSL *s)
}
/*
* ok, we can now read from 's->packet' data into 'thisrr' thisrr->input
* points at thisrr->length bytes, which need to be copied into
* thisrr->data by either the decryption or by the decompression When
* the data is 'copied' into the thisrr->data buffer, thisrr->input will
* be pointed at the new buffer
* ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
* thisrr->input points at thisrr->length bytes, which need to be copied
* into thisrr->data by either the decryption or by the decompression.
* When the data is 'copied' into the thisrr->data buffer,
* thisrr->input will be updated to point at the new buffer
*/
/*
@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
RECORD_LAYER_reset_read_sequence(&s->rlayer);
return 1;
}
SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
return -1;
}
@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
* SSLfatal() for internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding is invalid or, if sending, an internal error
@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
* internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
} else if ((bs != 1) && sending) {
padnum = bs - (reclen[ctr] % bs);
/* Add weird padding of upto 256 bytes */
/* Add weird padding of up to 256 bytes */
if (padnum > MAX_PADDING) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
@ -1610,21 +1610,22 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
int imac_size;
size_t mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
rr = RECORD_LAYER_get_rrec(&s->rlayer);
sess = s->session;
/*
* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
* and we have that many bytes in s->packet
* At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
* and we have that many bytes in s->rlayer.packet
*/
rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
/*
* ok, we can now read from 's->packet' data into 'rr' rr->input points
* at rr->length bytes, which need to be copied into rr->data by either
* the decryption or by the decompression When the data is 'copied' into
* the rr->data buffer, rr->input will be pointed at the new buffer
* ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
* points at rr->length bytes, which need to be copied into rr->data by
* either the decryption or by the decompression. When the data is 'copied'
* into the rr->data buffer, rr->input will be pointed at the new buffer
*/
/*
@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
/*-
* enc_err is:
* 0: (in non-constant time) if the record is publically invalid.
* 0: (in non-constant time) if the record is publicly invalid.
* 1: if the padding is valid
* -1: if the padding is invalid
*/
@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
}
}
if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
/* use current Max Fragment Length setting if applicable */
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session);
/* send overflow if the plaintext is too long now it has passed MAC */
if (rr->length > max_plain_length) {
SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
SSL_R_DATA_LENGTH_TOO_LONG);
return 0;
@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s)
/* If received packet overflows own-client Max Fragment Length setting */
if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
&& rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) {
/* record too long, silently discard it */
rr->length = 0;
rr->read = 1;
@ -1941,7 +1947,7 @@ int dtls1_get_record(SSL *s)
if (rr->length >
RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
/* now s->packet_length == DTLS1_RT_HEADER_LENGTH */
/* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
more = rr->length;
rret = ssl3_read_n(s, more, more, 1, 1, &n);
/* this packet contained a partial record, dump it */
@ -1957,7 +1963,7 @@ int dtls1_get_record(SSL *s)
}
/*
* now n == rr->length, and s->packet_length ==
* now n == rr->length, and s->rlayer.packet_length ==
* DTLS1_RT_HEADER_LENGTH + rr->length
*/
}

View file

@ -7,8 +7,8 @@
* https://www.openssl.org/source/license.html
*/
#include "../ssl_locl.h"
#include "record_locl.h"
#include "../ssl_local.h"
#include "record_local.h"
#include "internal/cryptlib.h"
/*-
@ -16,7 +16,7 @@
* internal errors, but not otherwise.
*
* Returns:
* 0: (in non-constant time) if the record is publically invalid (i.e. too
* 0: (in non-constant time) if the record is publicly invalid (i.e. too
* short etc).
* 1: if the record encryption was successful.
* -1: if the record's AEAD-authenticator is invalid or, if sending,