提交 · 1d97c8435171a7af575f73c526d79e1ef0ee5960 · OpenHarmony / Third Party Openssl

31 12月, 2014 1 次提交

mark all block comments that need format preserving so that · 1d97c843

由 Tim Hudson 提交于 12月 28, 2014

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

1d97c843

20 12月, 2014 1 次提交

RT3548: Remove outdated platforms · e03b2987

由 Rich Salz 提交于 12月 19, 2014

This commit removes all mention of NeXT and NextStep.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

e03b2987

19 12月, 2014 1 次提交
- M
  Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED · 53e95716
  由 Matt Caswell 提交于 12月 17, 2014
```
Introduce use of DECLARE_DEPRECATED
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  53e95716
17 12月, 2014 5 次提交
- A
  Premaster secret handling fixes · 4aecfd4d
  由 Adam Langley 提交于 12月 16, 2014
```
From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
```
  4aecfd4d
- R
  Clear warnings/errors within TLS_DEBUG code sections · 6dec5e1c
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  6dec5e1c
- R
  Clear warnings/errors within KSSL_DEBUG code sections · 3ddb2914
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  3ddb2914
- R
  Clear warnings/errors within CIPHER_DEBUG code sections · a501f647
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  a501f647
- R
  Clear warnings/errors within CIPHER_DEBUG code sections · 72b5d03b
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  72b5d03b
16 12月, 2014 7 次提交
- M
  The dtls1_output_cert_chain function no longer exists so remove it from · 789da2c7
  由 Matt Caswell 提交于 12月 03, 2014
```
ssl_locl.h
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  789da2c7
- A
  Don't set client_version to the ServerHello version. · ec1af3c4
  由 Adam Langley 提交于 12月 13, 2014
```
The client_version needs to be preserved for the RSA key exchange.

This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.

(From BoringSSL)
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  ec1af3c4
- M
  Add more meaningful OPENSSL_NO_ECDH error message for suite b mode · db812f2d
  由 Matt Caswell 提交于 12月 16, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  db812f2d
- M
  Add OPENSSL_NO_ECDH guards · af6e2d51
  由 Matt Caswell 提交于 11月 18, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  af6e2d51
- M
  Remove extraneous white space, and add some braces · 55e53026
  由 Matt Caswell 提交于 12月 15, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  55e53026
- M
  DTLS fixes for signed/unsigned issues · 1904d211
  由 Matt Caswell 提交于 12月 12, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  1904d211
- K
  Allow using -SSLv2 again when setting Protocol in the config. · 995207be
  由 Kurt Roeckx 提交于 12月 10, 2014
```
RT#3625
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  995207be
13 12月, 2014 1 次提交
- M
  Fixed memory leak if BUF_MEM_grow fails · 24097938
  由 Matt Caswell 提交于 12月 12, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
```
  24097938
12 12月, 2014 1 次提交
- M
  make update · fd0ba777
  由 Matt Caswell 提交于 12月 11, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  fd0ba777
11 12月, 2014 7 次提交
- J
  tls1_heartbeat: check for NULL after allocating buf · 288b4e4f
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  288b4e4f
- J
  tls1_process_heartbeat: check for NULL after allocating buffer · c27dc398
  由 Jonas Maebe 提交于 12月 07, 2014
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  c27dc398
- J
  SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ · fed5b552
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  fed5b552
- J
  serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo)... · e9e688ef
  由 Jonas Maebe 提交于 12月 09, 2013
```
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  e9e688ef
- J
  ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst · bf8e7047
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  bf8e7047
- J
  ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes · 9052ffda
  由 Jonas Maebe 提交于 12月 08, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  9052ffda
- J
  SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails · d00b1d62
  由 Jonas Maebe 提交于 12月 02, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  d00b1d62
09 12月, 2014 3 次提交

Include <openssl/foo.h> instead of "foo.h" · e52a3c3d

由 Geoff Thorpe 提交于 10月 11, 2014

Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

e52a3c3d

M
Fixed memory leak in the event of a failure of BUF_MEM_grow · 41bf2501
由 Matt Caswell 提交于 12月 04, 2014
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
41bf2501
M
Fix memory leak in SSL_new if errors occur. · 76e65090
由 Matt Caswell 提交于 12月 04, 2014
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
76e65090

08 12月, 2014 1 次提交

Remove some unnecessary OPENSSL_FIPS references · 00b4ee76

由 Dr. Stephen Henson 提交于 10月 18, 2014

FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: NTim Hudson <tjh@openssl.org>

00b4ee76

06 12月, 2014 1 次提交
- E
  Clarify the return values for SSL_get_shared_curve. · 376e2ca3
  由 Emilia Kasper 提交于 12月 04, 2014
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  376e2ca3
05 12月, 2014 7 次提交

Add extra checks for odd-length EC curve lists. · 740580c2

由 Emilia Kasper 提交于 12月 01, 2014

Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.
Reviewed-by: NMatt Caswell <matt@openssl.org>

740580c2

Reject elliptic curve lists of odd lengths. · 33d5ba86

由 Emilia Kasper 提交于 12月 01, 2014

The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.
Reviewed-by: NMatt Caswell <matt@openssl.org>

33d5ba86

J
ssl_create_cipher_list: check whether push onto cipherstack succeeds · f5905ba3
由 Jonas Maebe 提交于 12月 02, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
f5905ba3

ssl_cert_dup: Fix memory leak · b3b966fb

由 Jonas Maebe 提交于 12月 02, 2013

Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

b3b966fb

K
dtls1_new: free s on error path · 6c42b39c
由 Kurt Roeckx 提交于 12月 02, 2013
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
6c42b39c
J
dtls1_heartbeat: check for NULL after allocating s->cert->ctypes · 241e2dc9
由 Jonas Maebe 提交于 12月 08, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
241e2dc9
J
dtls1_process_heartbeat: check for NULL after allocating buffer · d15f5df7
由 Jonas Maebe 提交于 12月 08, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
d15f5df7

04 12月, 2014 2 次提交
- M
  Remove incorrect code inadvertently introduced through commit 59669b6a. · 71c16698
  由 Matt Caswell 提交于 12月 04, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  71c16698
- K
  Remove SSLv2 support · 45f55f6a
  由 Kurt Roeckx 提交于 11月 30, 2014
```
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  45f55f6a
03 12月, 2014 2 次提交
- M
  Remove "#if 0" code · 4bb8eb9c
  由 Matt Caswell 提交于 12月 03, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  4bb8eb9c
- M
  Only use the fallback mtu after 2 unsuccessful retransmissions if it is less · 047f2159
  由 Matt Caswell 提交于 12月 02, 2014
```
than the mtu we are already using
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  047f2159

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功