Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I5269be7d8e6c8ac399d86d9b48bfbd5cfabe0d19

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: NHJ <huangjun42@huawei.com>

Reviewed-by: NPaul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/11344)

Description:openssl 1.1.1d used bu libhapverify
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:Yes, it is
PrivateCode(Yes/No):No

Change-Id: I8968f9c0f146b587da17a3e603bd04fb7b4c505b
Reviewed-on: http://mgit-tm.rnd.huawei.com/7842784Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
Reviewed-by: Nweiping 00548480 <ping.wei@huawei.com>

ECDSA_do_verify() is a function that verifies a ECDSA signature given a hash and a public EC key. The function is supposed to return 1 on valid signature, 0 on invalid signature and -1 on error. Previously, we returned 0 if the key did not have a verify_sig method. This is actually an error case and not an invalid signature. Consequently, this patch updates the return code to -1.

Fixes #8766
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10693)

(cherry picked from commit 26583f6aa8dc28e3598e61db66e54e2fdf8b195f)

Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like

  '*_lcl.h', '*_local.h', or '*_int.h'

This commit changes the different suffixes to '*_local.h' uniformly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9681)

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1168)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Don't have #error statements in header files, but instead wrap
the contents of that file in #ifndef OPENSSL_NO_xxx
This means it is now always safe to include the header file.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Add OPENSSL_clear_free which merges cleanse and free.
(Names was picked to be similar to BN_clear_free, etc.)
Removed OPENSSL_freeFunc macro.
Fixed the small simple ones that are left:
        CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

This warning breaks the build in 1.0.0 and 0.9.8
Reviewed-by: NAndy Polyakov <appro@openssl.org>

By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.

1. Reject signatures with non zero unused bits.

If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.

2. Check certificate algorithm consistency.

Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.

3. Check DSA/ECDSA signatures use DER.

Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.

This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).

CVE-2014-8275
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

for ecdh)

Reported by: Maxim Masiutin
Submitted by: Nils Larsch

Submitted by: Nils Larsch

This is not ECDSA specific, so it's now PEM_STRING_ECPRIVATEKEY etc.

Submitted by: Nils Larsch <nlarsch@compuserve.de>

Submitted by: Nils Larsch <nla@trustcenter.de>

functions in ui_compat.  This gave reason to rework that part more
thoroughly, so here are the changes made:

1. Add DES_read_password() and DES_read_2passwords() with the same
   functionality as the corresponding old des_ functions, as a
   convenience to the users.
2. Add UI_UTIL_read_pw_string() and UI_UTIL_read_pw() with the
   functionality from des_read_pw_string() and des_read_pw(), again as
   a concenience to the users.
3. Rename des_read_password(), des_read_2passwords(),
   des_read_pw_string() and des_read_pw() by changing des_ to
   _ossl_old_des_, and add the usual mapping macros.
4. Move the implementation of des_read_password() and
   des_read_2passwords() to the des directory, since they are tightly
   tied to DES anyway.

This change was inspired by a patch from Assar Westerlund <assar@sics.se>:

There are some functions that didn't get the kick-away-old-des-and-
replace-des-with-DES action.  Here's a patch that adds DES_ and des_
(in des_old.h) versions of des_read_pw_string et al.  This patch
includes some of the first des_old.h semi-colon macro fixes that I've
already sent.

libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_.  Compatibility routines are provided and declared by including
openssl/des_old.h.  Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.

The compatibility functions will be removed in some future release, at
the latest in version 1.0.

(meaning pointer to char) to des_cblock * (meaning pointer to
array with 8 char elements), which allows the compiler to
do more typechecking.  (The changed argument types were of type
des_cblock * back in SSLeay, and a lot of ugly casts were
used then to turn them into pointers to elements; but it can be
done without those casts.)

Introduce new type const_des_cblock -- before, the pointers rather
than the elements pointed to were declared const, and for
some reason gcc did not complain about this (but some other
compilers did).