Mirror/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-07-15 20:25:17 +03:00
Code Issues Wiki Activity
aports/testing/litespeed/bssl.patch
Risgit 07cace6f53
testing/litespeed: upgrade to 1.7.16
2022-06-05 18:40:17 +02:00

179 lines
No EOL
5.8 KiB
Diff
Raw Blame History

--- a/crypto/fipsmodule/ec/p256-x86_64_test.cc
+++ b/crypto/fipsmodule/ec/p256-x86_64_test.cc
@@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <cinttypes>
#include <openssl/base.h>
#include <stdio.h>
--- a/crypto/fipsmodule/rand/fork_detect_test.cc
+++ b/crypto/fipsmodule/rand/fork_detect_test.cc
@@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <cinttypes>
#include <openssl/base.h>
// TSAN cannot cope with this test and complains that "starting new threads
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -12,6 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+#include <cinttypes>
#include <openssl/base.h>
#if !defined(OPENSSL_WINDOWS)
--- a/util/embed_test_data.go
+++ b/util/embed_test_data.go
@@ -90,6 +90,7 @@ func main() {
#include <algorithm>
#include <string>
+#include <stdio.h>
`)
--- a/tool/internal.h
+++ b/tool/internal.h
@@ -16,6 +16,7 @@
#define OPENSSL_HEADER_TOOL_INTERNAL_H
#include <openssl/base.h>
#include <openssl/span.h>
+#include <stdio.h>
#include <string>
#include <utility>
--- a/crypto/refcount_c11.c
+++ b/crypto/refcount_c11.c
@@ -26,13 +26,13 @@
// See comment above the typedef of CRYPTO_refcount_t about these tests.
-static_assert(alignof(CRYPTO_refcount_t) == alignof(_Atomic CRYPTO_refcount_t),
- "_Atomic alters the needed alignment of a reference count");
-static_assert(sizeof(CRYPTO_refcount_t) == sizeof(_Atomic CRYPTO_refcount_t),
- "_Atomic alters the size of a reference count");
+//static_assert(alignof(CRYPTO_refcount_t) == alignof(_Atomic CRYPTO_refcount_t),
+// "_Atomic alters the needed alignment of a reference count");
+//static_assert(sizeof(CRYPTO_refcount_t) == sizeof(_Atomic CRYPTO_refcount_t),
+// "_Atomic alters the size of a reference count");
-static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
- "CRYPTO_REFCOUNT_MAX is incorrect");
+//static_assert((CRYPTO_refcount_t)-1 == CRYPTO_REFCOUNT_MAX,
+// "CRYPTO_REFCOUNT_MAX is incorrect");
void CRYPTO_refcount_inc(CRYPTO_refcount_t *in_count) {
_Atomic CRYPTO_refcount_t *count = (_Atomic CRYPTO_refcount_t *) in_count;
commit 46f967bfe44a80bb4bc0e7e9d4b03de3f91d03fb
Author: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Fri Feb 22 11:51:21 2019 -0500
Add support for QUIC's use of max_early_data_size
The server MUST set this value to 0xFFFFFFFF in NewSessionTicket,
while the client should be able to examine it in order to verify
this requirement.
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -1744,6 +1744,11 @@ OPENSSL_EXPORT int SSL_SESSION_set_ticket(SSL_SESSION *session,
OPENSSL_EXPORT uint32_t
SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session);
+// SSL_SESSION_get_max_early_data_size returns ticket max early data size of
+// |session| in bytes or zero if none was set.
+OPENSSL_EXPORT uint32_t
+SSL_SESSION_get_max_early_data_size(const SSL_SESSION *session);
+
// SSL_SESSION_get0_cipher returns the cipher negotiated by the connection which
// established |session|.
//
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2506,6 +2506,10 @@ struct SSL_CONFIG {
// kMaxEarlyDataSkipped in tls_record.c, which is measured in ciphertext.
static const size_t kMaxEarlyDataAccepted = 14336;
+// kQUICMaxEarlyData is the value to which the max_early_data_size field
+// in a NewSessionTicket must be set when sent by a QUIC server.
+static const uint32_t kQUICMaxEarlyData = 0xffffffffu;
+
UniquePtr<CERT> ssl_cert_dup(CERT *cert);
void ssl_cert_clear_certs(CERT *cert);
bool ssl_set_cert(CERT *cert, UniquePtr<CRYPTO_BUFFER> buffer);
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc
@@ -1025,6 +1025,10 @@ uint32_t SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *session) {
return session->ticket_lifetime_hint;
}
+uint32_t SSL_SESSION_get_max_early_data_size(const SSL_SESSION *session) {
+ return session->ticket_max_early_data;
+}
+
const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *session) {
return session->cipher;
}
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -179,7 +179,11 @@ static bool add_new_session_tickets(SSL_HANDSHAKE *hs, bool *out_sent_tickets) {
}
session->ticket_age_add_valid = true;
if (ssl->enable_early_data) {
- session->ticket_max_early_data = kMaxEarlyDataAccepted;
+ if (ssl->quic_method == nullptr) {
+ session->ticket_max_early_data = kMaxEarlyDataAccepted;
+ } else {
+ session->ticket_max_early_data = kQUICMaxEarlyData;
+ }
}
static_assert(kNumTickets < 256, "Too many tickets");
commit 51875a39a01232359f1e13c1d428e95187034076
Author: Dmitri Tikhonov <dtikhonov@litespeedtech.com>
Date: Wed Feb 27 14:39:27 2019 -0500
Do not send EndOfEarlyData in QUIC
--- a/ssl/tls13_client.cc
+++ b/ssl/tls13_client.cc
@@ -629,12 +629,14 @@ static enum ssl_hs_wait_t do_send_end_of_early_data(SSL_HANDSHAKE *hs) {
if (ssl->s3->early_data_accepted) {
hs->can_early_write = false;
- ScopedCBB cbb;
- CBB body;
- if (!ssl->method->init_message(ssl, cbb.get(), &body,
- SSL3_MT_END_OF_EARLY_DATA) ||
- !ssl_add_message_cbb(ssl, cbb.get())) {
- return ssl_hs_error;
+ if (ssl->quic_method == nullptr) {
+ ScopedCBB cbb;
+ CBB body;
+ if (!ssl->method->init_message(ssl, cbb.get(), &body,
+ SSL3_MT_END_OF_EARLY_DATA) ||
+ !ssl_add_message_cbb(ssl, cbb.get())) {
+ return ssl_hs_error;
+ }
}
}
Reference in a new issue View git blame Copy permalink