mirror of
https://github.com/ossrs/srs.git
synced 2025-03-09 15:49:59 +00:00
AppleM1: Update openssl to v1.1.1l
This commit is contained in:
parent
1fe12b8e8c
commit
b787656eea
990 changed files with 13406 additions and 18710 deletions
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
|
||||
* Copyright 2005 Nokia. All rights reserved.
|
||||
*
|
||||
|
@ -10,9 +10,9 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include "../ssl_locl.h"
|
||||
#include "statem_locl.h"
|
||||
#include "internal/constant_time_locl.h"
|
||||
#include "../ssl_local.h"
|
||||
#include "statem_local.h"
|
||||
#include "internal/constant_time.h"
|
||||
#include "internal/cryptlib.h"
|
||||
#include <openssl/buffer.h>
|
||||
#include <openssl/rand.h>
|
||||
|
@ -23,9 +23,24 @@
|
|||
#include <openssl/dh.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/md5.h>
|
||||
#include <openssl/asn1t.h>
|
||||
|
||||
#define TICKET_NONCE_SIZE 8
|
||||
|
||||
typedef struct {
|
||||
ASN1_TYPE *kxBlob;
|
||||
ASN1_TYPE *opaqueBlob;
|
||||
} GOST_KX_MESSAGE;
|
||||
|
||||
DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
|
||||
|
||||
ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
|
||||
ASN1_SIMPLE(GOST_KX_MESSAGE, kxBlob, ASN1_ANY),
|
||||
ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY),
|
||||
} ASN1_SEQUENCE_END(GOST_KX_MESSAGE)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
|
||||
|
||||
static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
|
||||
|
||||
/*
|
||||
|
@ -502,12 +517,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
|
|||
return WRITE_TRAN_CONTINUE;
|
||||
|
||||
case TLS_ST_SR_KEY_UPDATE:
|
||||
if (s->key_update != SSL_KEY_UPDATE_NONE) {
|
||||
st->hand_state = TLS_ST_SW_KEY_UPDATE;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
}
|
||||
/* Fall through */
|
||||
|
||||
case TLS_ST_SW_KEY_UPDATE:
|
||||
st->hand_state = TLS_ST_OK;
|
||||
return WRITE_TRAN_CONTINUE;
|
||||
|
@ -734,7 +743,15 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
|
|||
case TLS_ST_SW_CHANGE:
|
||||
if (SSL_IS_TLS13(s))
|
||||
break;
|
||||
s->session->cipher = s->s3->tmp.new_cipher;
|
||||
/* Writes to s->session are only safe for initial handshakes */
|
||||
if (s->session->cipher == NULL) {
|
||||
s->session->cipher = s->s3->tmp.new_cipher;
|
||||
} else if (s->session->cipher != s->s3->tmp.new_cipher) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_OSSL_STATEM_SERVER_PRE_WORK,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return WORK_ERROR;
|
||||
}
|
||||
if (!s->method->ssl3_enc->setup_key_block(s)) {
|
||||
/* SSLfatal() already called */
|
||||
return WORK_ERROR;
|
||||
|
@ -774,6 +791,10 @@ static ossl_inline int conn_is_closed(void)
|
|||
#if defined(ECONNRESET)
|
||||
case ECONNRESET:
|
||||
return 1;
|
||||
#endif
|
||||
#if defined(WSAECONNRESET)
|
||||
case WSAECONNRESET:
|
||||
return 1;
|
||||
#endif
|
||||
default:
|
||||
return 0;
|
||||
|
@ -934,9 +955,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
|
|||
}
|
||||
#endif
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
/* TLS 1.3 gets the secret size from the handshake md */
|
||||
size_t dummy;
|
||||
if (!s->method->ssl3_enc->generate_master_secret(s,
|
||||
s->master_secret, s->handshake_secret, 0,
|
||||
&s->session->master_key_length)
|
||||
&dummy)
|
||||
|| !s->method->ssl3_enc->change_cipher_state(s,
|
||||
SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
|
||||
/* SSLfatal() already called */
|
||||
|
@ -1923,14 +1946,14 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
&& master_key_length > 0) {
|
||||
s->session->master_key_length = master_key_length;
|
||||
s->hit = 1;
|
||||
s->session->ciphers = ciphers;
|
||||
s->peer_ciphers = ciphers;
|
||||
s->session->verify_result = X509_V_OK;
|
||||
|
||||
ciphers = NULL;
|
||||
|
||||
/* check if some cipher was preferred by call back */
|
||||
if (pref_cipher == NULL)
|
||||
pref_cipher = ssl3_choose_cipher(s, s->session->ciphers,
|
||||
pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
|
||||
SSL_get_ciphers(s));
|
||||
if (pref_cipher == NULL) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
@ -1941,9 +1964,9 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
|
||||
s->session->cipher = pref_cipher;
|
||||
sk_SSL_CIPHER_free(s->cipher_list);
|
||||
s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers);
|
||||
s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
||||
sk_SSL_CIPHER_free(s->cipher_list_by_id);
|
||||
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers);
|
||||
s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2043,12 +2066,12 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
#endif
|
||||
|
||||
/*
|
||||
* Given s->session->ciphers and SSL_get_ciphers, we must pick a cipher
|
||||
* Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher
|
||||
*/
|
||||
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
sk_SSL_CIPHER_free(s->session->ciphers);
|
||||
s->session->ciphers = ciphers;
|
||||
sk_SSL_CIPHER_free(s->peer_ciphers);
|
||||
s->peer_ciphers = ciphers;
|
||||
if (ciphers == NULL) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
|
||||
|
@ -2064,6 +2087,10 @@ static int tls_early_post_process_client_hello(SSL *s)
|
|||
#else
|
||||
s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
|
||||
#endif
|
||||
if (!tls1_set_server_sigalgs(s)) {
|
||||
/* SSLfatal() already called */
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
sk_SSL_CIPHER_free(ciphers);
|
||||
|
@ -2151,6 +2178,7 @@ int tls_handle_alpn(SSL *s)
|
|||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
s->s3->alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
@ -2231,31 +2259,25 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
|
|||
if (wst == WORK_MORE_B) {
|
||||
if (!s->hit || SSL_IS_TLS13(s)) {
|
||||
/* Let cert callback update server certificates if required */
|
||||
if (!s->hit) {
|
||||
if (s->cert->cert_cb != NULL) {
|
||||
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
|
||||
if (rv == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
|
||||
SSL_R_CERT_CB_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (rv < 0) {
|
||||
s->rwstate = SSL_X509_LOOKUP;
|
||||
return WORK_MORE_B;
|
||||
}
|
||||
s->rwstate = SSL_NOTHING;
|
||||
}
|
||||
if (!tls1_set_server_sigalgs(s)) {
|
||||
/* SSLfatal already called */
|
||||
if (!s->hit && s->cert->cert_cb != NULL) {
|
||||
int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
|
||||
if (rv == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
|
||||
SSL_R_CERT_CB_ERROR);
|
||||
goto err;
|
||||
}
|
||||
if (rv < 0) {
|
||||
s->rwstate = SSL_X509_LOOKUP;
|
||||
return WORK_MORE_B;
|
||||
}
|
||||
s->rwstate = SSL_NOTHING;
|
||||
}
|
||||
|
||||
/* In TLSv1.3 we selected the ciphersuite before resumption */
|
||||
if (!SSL_IS_TLS13(s)) {
|
||||
cipher =
|
||||
ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
|
||||
ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
|
||||
|
||||
if (cipher == NULL) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
|
||||
|
@ -2556,7 +2578,7 @@ int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
|
|||
|
||||
s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
|
||||
if (s->s3->tmp.pkey == NULL) {
|
||||
/* SSLfatal() already called */
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -2832,9 +2854,16 @@ int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
|
|||
if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
|
||||
OPENSSL_free(s->pha_context);
|
||||
s->pha_context_len = 32;
|
||||
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL
|
||||
|| RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|
||||
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
|
||||
if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
|
||||
s->pha_context_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
|
||||
|| !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
|
||||
s->pha_context_len)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
|
@ -2948,6 +2977,7 @@ static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
|
|||
OPENSSL_cleanse(psk, psklen);
|
||||
|
||||
if (s->s3->tmp.psk == NULL) {
|
||||
s->s3->tmp.psklen = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
|
||||
return 0;
|
||||
|
@ -3324,9 +3354,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
const unsigned char *start;
|
||||
size_t outlen = 32, inlen;
|
||||
unsigned long alg_a;
|
||||
unsigned int asn1id, asn1len;
|
||||
GOST_KX_MESSAGE *pKX = NULL;
|
||||
const unsigned char *ptr;
|
||||
int ret = 0;
|
||||
PACKET encdata;
|
||||
|
||||
/* Get our certificate private key */
|
||||
alg_a = s->s3->tmp.new_cipher->algorithm_auth;
|
||||
|
@ -3367,42 +3397,33 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
|
||||
ERR_clear_error();
|
||||
}
|
||||
/* Decrypt session key */
|
||||
if (!PACKET_get_1(pkt, &asn1id)
|
||||
|| asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
|
||||
|| !PACKET_peek_1(pkt, &asn1len)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
if (asn1len == 0x81) {
|
||||
/*
|
||||
* Long form length. Should only be one byte of length. Anything else
|
||||
* isn't supported.
|
||||
* We did a successful peek before so this shouldn't fail
|
||||
*/
|
||||
if (!PACKET_forward(pkt, 1)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
} else if (asn1len >= 0x80) {
|
||||
/*
|
||||
* Indefinite length, or more than one long form length bytes. We don't
|
||||
* support it
|
||||
*/
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
} /* else short form length */
|
||||
|
||||
if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
ptr = PACKET_data(pkt);
|
||||
/* Some implementations provide extra data in the opaqueBlob
|
||||
* We have nothing to do with this blob so we just skip it */
|
||||
pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
|
||||
if (pKX == NULL
|
||||
|| pKX->kxBlob == NULL
|
||||
|| ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {
|
||||
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
inlen = PACKET_remaining(&encdata);
|
||||
start = PACKET_data(&encdata);
|
||||
|
||||
if (PACKET_remaining(pkt) != 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
|
||||
SSL_R_DECRYPTION_FAILED);
|
||||
goto err;
|
||||
}
|
||||
|
||||
inlen = pKX->kxBlob->value.sequence->length;
|
||||
start = pKX->kxBlob->value.sequence->data;
|
||||
|
||||
if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
|
||||
inlen) <= 0) {
|
||||
|
@ -3424,6 +3445,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
|
|||
ret = 1;
|
||||
err:
|
||||
EVP_PKEY_CTX_free(pkey_ctx);
|
||||
GOST_KX_MESSAGE_free(pKX);
|
||||
return ret;
|
||||
#else
|
||||
/* Should never happen */
|
||||
|
@ -3495,6 +3517,7 @@ MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
|
|||
#ifndef OPENSSL_NO_PSK
|
||||
OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
|
||||
s->s3->tmp.psk = NULL;
|
||||
s->s3->tmp.psklen = 0;
|
||||
#endif
|
||||
return MSG_PROCESS_ERROR;
|
||||
}
|
||||
|
@ -3730,6 +3753,7 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||
|
||||
sk_X509_pop_free(s->session->peer_chain, X509_free);
|
||||
s->session->peer_chain = sk;
|
||||
sk = NULL;
|
||||
|
||||
/*
|
||||
* Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
|
||||
|
@ -3744,7 +3768,6 @@ MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
|
|||
* Inconsistency alert: cert_chain does *not* include the peer's own
|
||||
* certificate, while we do include it in statem_clnt.c
|
||||
*/
|
||||
sk = NULL;
|
||||
|
||||
/* Save the current hash state for when we receive the CertificateVerify */
|
||||
if (SSL_IS_TLS13(s)) {
|
||||
|
@ -4104,6 +4127,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
s->session->ext.alpn_selected =
|
||||
OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
|
||||
if (s->session->ext.alpn_selected == NULL) {
|
||||
s->session->ext.alpn_selected_len = 0;
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
|
||||
ERR_R_MALLOC_FAILURE);
|
||||
|
@ -4115,9 +4139,12 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
|
|||
}
|
||||
|
||||
if (tctx->generate_ticket_cb != NULL &&
|
||||
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0)
|
||||
tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR,
|
||||
SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
goto err;
|
||||
|
||||
}
|
||||
/*
|
||||
* If we are using anti-replay protection then we behave as if
|
||||
* SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue