Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I5269be7d8e6c8ac399d86d9b48bfbd5cfabe0d19

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>

Signed-off-by: NHJ <huangjun42@huawei.com>

Description:openssl 1.1.1d used bu libhapverify
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:Yes, it is
PrivateCode(Yes/No):No

Change-Id: I8968f9c0f146b587da17a3e603bd04fb7b4c505b
Reviewed-on: http://mgit-tm.rnd.huawei.com/7842784Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
Reviewed-by: Nweiping 00548480 <ping.wei@huawei.com>

Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>

CLA: trivial
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)

(cherry picked from commit 79c44b4e3044aee9dc9618850d4f1ce067757b4b)

Description:openssl开源社区安全补丁
Team:EMUI
Feature or Bugfix:Feature
Binary Source:NA
PrivateCode(Yes/No):No

Change-Id: Ia942e70461a3a5337de001ab0f40604776fe8f91
Reviewed-on: http://mgit-tm.rnd.huawei.com/6664137Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nyanglijun 00294367 <yanglijun@huawei.com>
Reviewed-by: Nluomeiling 00216346 <luomeiling@huawei.com>
Reviewed-by: Nshenchunlong 00356424 <shenchunlong@huawei.com>

We also add this to our x86_64 builds on appveyor

(cherry picked from commit b4a7b4ec4acc712b1f22a83966ac986b510f25d8)
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10365)

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

  '*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9681)

Mingw config targets assumed that resulting programs and libraries are
installed in a Unix-like environment and the default installation
prefix was therefore set to '/usr/local'.

However, mingw programs are installed in a Windows environment, and
the installation directories should therefore have Windows defaults,
i.e. the same kind of defaults as the VC config targets.

A difficulty is, however, that a "cross compiled" build can't figure
out the system defaults from environment the same way it's done when
building "natively", so we have to fall back to hard coded defaults in
that case.

Tests can still be performed when cross compiled on a non-Windows
platform, since all tests only depend on the source and build
directory, and otherwise relies on normal local paths.

CVE-2019-1552
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9400)

Use -bnoentry, not -bexpall
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9012)

(cherry picked from commit f3d6a3644679d37e791408ff3750d0baa76d1206)

The AIX binder needs to be instructed that the output will have no entry
point (see AIX' ld manual: -e in the Flags section; autoexp and noentry
in the Binder section).
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8282)

(cherry picked from commit c1b3846242fc1a7791beca42f548c325c35e269b)

VMS doesn't currently support unloading of shared object, and we need
to reflect that.  Without this, the shlibload test fails
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8131)

(cherry picked from commit d1dd5d6f4c2f13478aa45557b4546febd51f0cb3)

This option prevents OpenSSL from pinning itself in memory.

Fixes #7598

[extended tests]
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7983)

It's being replaced with constant-time alternative.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7589)

(cherry picked from commit b34446cca2b1814fa674adc8076707d2b65a697f)

This typo prevented ia64 assembler to be compiled on VMS
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7700)

(cherry picked from commit 04375857cf4971460c473fa44bef86351f2177fe)

On the same note, change the 'NASM not found' message to give specific
advice on how to handle the failure.

Fixes #6765
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6771)

This makes AIX build procedure behave more like e.g. Solaris. Most
notably this makes it possible to pass -Wl,-R,'$(LIBRPATH)' at config
time to embed installation destination as library search path into
openssl binary. This doesn't imply that other applications have to be
linked with -bsvr4, they are free to choose whatever appropriate for
given circumstances.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6487)

AIX treats its shared libraries in unique manner, by placing multiple
shared objects of different versions and bitnesses, into .a file.
So far we have been naively linking with version-less libcrypto|ssl.so,
which poses long-term maintenance problems. One could choose to link
straight with libcrypto.so.X.Y [or libcrypto.X.Y.so], but it would be
inconsistent with the way AIX [or Unix] does things.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6487)

Add irix-common template that covers even irix-shared from shared-info.pl.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6536)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6477)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6477)

[omit even -b:SRE, as it's implied by -G flag.]
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6453)

Add aix-common template that covers even aix-shared from shared-info.pl,
add -bsymbolic to shared_ldflags.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6453)

The flag was apparently omitted in switch from Makefile.shared to
shared-info.pl. Do put it back! And in the process move all
solaris-shared flags from shared-info.pl to solaris-common.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6446)

Move ios targets to 15-ios.conf and modernize by deploying xcrun.
This excuses user from looking for paths and setting environment
variables. [Thanks to @0neday for hint.]
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6410)

Rationale for enforcing no-engine is because of disconnect between
compile-time config and run-time, which is a per-application sandbox
directory which one can't predict in advance. Besides, none of the
bundled engines actually give an edge on iOS...
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6106)

Reviewed-by: NRich Salz <rsalz@openssl.org>

HP-UX provides sockets symbols with incompatible prototypes under same
name. This caused problems in 64-bit builds. Additional macros force
unambiguous symbols with unambiguous prototypes.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5742)

picker() is type agnostic, but its output consumer is not. Or rather
it doesn't work if picker() picks nothing when consumer expects
array. So ensure array is returned when array is expected.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5770)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5756)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5713)

Although it deviates from the actual prototype of DSO_dsobyaddr(), this
is now ISO C compliant and gcc -Wpedantic accepts the code.

Added DATA segment checking to catch ptrgl virtual addresses. Avoid
memleaks with every AIX/dladdr() call. Removed debug-fprintf()s.
Added test case for DSO_dsobyaddr(), which will eventually call dladdr().
Removed unecessary AIX ifdefs again.

The implementation can only lookup function symbols, no data symbols.
Added PIC-flag to aix*-cc build targets.

As AIX is missing a dladdr() implementation it is currently uncertain our
exit()-handlers can still be called when the application exits. After
dlclose() the whole library might have been unloaded already.
Signed-off-by: NMatthias Kraft <makr@gmx.eu>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5668)

The Debian build system uses a `debian' target which sets CFLAGS and
then we have for instance debian-amd64 which inherits from
linux-x86_64 and debian [0]. So far so good.

Unless there are different suggestions how to do this, I would keep it.
However since the target name does not start with `linux', the build
system does not enable the afalg engine. So in order to get enabled, I
added a
	`enable           => [ "afalgeng" ],'
to the generic linux config which sets it explicit (as suggested by
Richard Levitte). Having this set, we can check for it instead matching
the target name.

[0] https://sources.debian.org/src/openssl/1.1.0g-2/Configurations/20-debian.conf/Signed-off-by: NSebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5169)

We have '--strict-warnings' for this kind of stuff...  also, user
flags are added last, so this overrides any warning supression
--strict-warnings may put in place (for good reasons).

Fixes #5609
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5612)

Move Android targets to separate file, automate sysroot setup and
add support for NDK 16.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5589)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5574)

$target{build_scheme} consists of fixed number of elements with 3rd
element denoting VC install-path "flavour", i.e. where to install things.
Instead of looking at 3rd, let's look at last. This allows to override
flavour from template in a simple way.

Configurations/10-main.conf: define generic "flavour" in VC-common
template. Since VC-W32 was the only recognized "flavour", remove
"flavour" definitions from all targets/templates, but VC-WIN32. And
rename VC-W32 to VC-WOW.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5502)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5502)