提交 · aa519853be79ae92e6aa8ec34de5d1803d721b00 · OpenHarmony / Third Party Openssl

19 10月, 2018 1 次提交

Fix tls_cbc_digest_record is slow using SHA-384 and short messages · aa519853

由 armfazh 提交于 10月 19, 2018

The formula used for this is now

kVarianceBlocks = ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1

Notice that md_block_size=64 for SHA256, which results on the
magic constant kVarianceBlocks = 6.
However, md_block_size=128 for SHA384 leading to kVarianceBlocks = 4.

CLA:trivial
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7342)

(cherry picked from commit cb8164b05e3bad5586c2a109bbdbab1ad65a1a6f)

aa519853

03 8月, 2017 1 次提交

Move ossl_assert · 67dc995e

由 Matt Caswell 提交于 8月 02, 2017

Move the definition of ossl_assert() out of e_os.h which is intended for OS
specific things. Instead it is moved into internal/cryptlib.h.

This also changes the definition to remove the (int) cast.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4073)

67dc995e

31 7月, 2017 1 次提交

Fix typos in files in ssl directory · 3519bae5

由 Xiaoyin Liu 提交于 7月 30, 2017

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4052)

3519bae5

22 5月, 2017 2 次提交

Convert existing usage of assert() to ossl_assert() in libssl · b77f3ed1

由 Matt Caswell 提交于 5月 22, 2017

Provides consistent output and approach.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)

b77f3ed1

M
Replace instances of OPENSSL_assert() with soft asserts in libssl · 380a522f
由 Matt Caswell 提交于 5月 19, 2017
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3496)
```
380a522f

28 2月, 2017 1 次提交

Clean up references to FIPS · b53338cb

由 Emilia Kasper 提交于 2月 28, 2017

This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.
Reviewed-by: NStephen Henson <steve@openssl.org>

b53338cb

04 11月, 2016 3 次提交
- M
  Provide some constant time functions for dealing with size_t values · 2688e7a0
  由 Matt Caswell 提交于 10月 19, 2016
```
Also implement the using of them
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  2688e7a0
- M
  Fix misc size_t issues causing Windows warnings in 64 bit · 348240c6
  由 Matt Caswell 提交于 10月 19, 2016
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  348240c6
- M
  Convert ssl3_cbc_digest_record for size_t · d0e7c31d
  由 Matt Caswell 提交于 10月 03, 2016
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  d0e7c31d
18 8月, 2016 1 次提交

Indent ssl/ · a230b26e

由 Emilia Kasper 提交于 8月 05, 2016

Run util/openssl-format-source on ssl/

Some comments and hand-formatted tables were fixed up
manually by disabling auto-formatting.
Reviewed-by: NRich Salz <rsalz@openssl.org>

a230b26e

15 7月, 2016 1 次提交
- D
  check return values for EVP_Digest*() APIs · d166ed8c
  由 Dr. Stephen Henson 提交于 6月 18, 2016
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  d166ed8c
18 5月, 2016 1 次提交

由 Rich Salz 提交于 5月 17, 2016

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

846e33c7

27 1月, 2016 1 次提交

Remove /* foo.c */ comments · 34980760

由 Rich Salz 提交于 12月 18, 2015

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

34980760

08 12月, 2015 2 次提交
- R
  Cleanup: fix all sources that used EVP_MD_CTX_(create|init|destroy) · bfb0641f
  由 Richard Levitte 提交于 12月 02, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  bfb0641f
- R
  Adjust all accesses to EVP_MD_CTX to use accessor functions. · 6e59a892
  由 Richard Levitte 提交于 11月 27, 2015
```
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  6e59a892
21 11月, 2015 1 次提交

Good hygiene with size_t output argument. · 5c649375

由 Viktor Dukhovni 提交于 11月 21, 2015

Though the callers check the function return value and ignore the
size_t output argument on failure, it is still often not ideal to
store (-1) in size_t on error. That might signal an unduly large
buffer. Instead set the size_t to 0, to indicate no space.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

5c649375

20 11月, 2015 1 次提交

Ensure all EVP calls have their returns checked where appropriate · 5f3d93e4

由 Matt Caswell 提交于 11月 06, 2015

There are lots of calls to EVP functions from within libssl There were
various places where we should probably check the return value but don't.
This adds these checks.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

5f3d93e4

14 5月, 2015 1 次提交

Identify and move OpenSSL internal header files · 68570797

由 Richard Levitte 提交于 5月 14, 2015

There are header files in crypto/ that are used by the rest of
OpenSSL.  Move those to include/internal and adapt the affected source
code, Makefiles and scripts.

The header files that got moved are:

crypto/constant_time_locl.h
crypto/o_dir.h
crypto/o_str.h
Reviewed-by: NMatt Caswell <matt@openssl.org>

68570797

01 5月, 2015 1 次提交

Add sanity check in ssl3_cbc_digest_record · 29b0a15a

由 Matt Caswell 提交于 4月 27, 2015

For SSLv3 the code assumes that |header_length| > |md_block_size|. Whilst
this is true for all SSLv3 ciphersuites, this fact is far from obvious by
looking at the code. If this were not the case then an integer overflow
would occur, leading to a subsequent buffer overflow. Therefore I have
added an explicit sanity check to ensure header_length is always valid.
Thanks to Kevin Wojtysiak (Int3 Solutions) and Paramjot Oberoi (Int3
Solutions) for reporting this issue.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

29b0a15a

26 3月, 2015 1 次提交
- M
  Move more SSL3_RECORD oriented functions into ssl3_record.c · 02a36fda
  由 Matt Caswell 提交于 2月 01, 2015
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
  02a36fda
28 1月, 2015 1 次提交

OPENSSL_NO_xxx cleanup: SHA · 474e469b

由 Rich Salz 提交于 1月 27, 2015

Remove support for SHA0 and DSS0 (they were broken), and remove
the ability to attempt to build without SHA (it didn't work).
For simplicity, remove the option of not building various SHA algorithms;
you could argue that SHA_224/256/384/512 should be kept, since they're
like crypto algorithms, but I decided to go the other way.
So these options are gone:
	GENUINE_DSA         OPENSSL_NO_SHA0
	OPENSSL_NO_SHA      OPENSSL_NO_SHA1
	OPENSSL_NO_SHA224   OPENSSL_NO_SHA256
	OPENSSL_NO_SHA384   OPENSSL_NO_SHA512
Reviewed-by: NRichard Levitte <levitte@openssl.org>

474e469b

22 1月, 2015 3 次提交
- M
  More comment realignment · 35a1cc90
  由 Matt Caswell 提交于 1月 17, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  35a1cc90
- M
  Re-align some comments after running the reformat script. · 50e735f9
  由 Matt Caswell 提交于 1月 05, 2015
```
This should be a one off operation (subsequent invokation of the
script should not move them)
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  50e735f9
- M
  Run util/openssl-format-source -v -c . · 0f113f3e
  由 Matt Caswell 提交于 1月 22, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  0f113f3e
06 1月, 2015 1 次提交
- M
  Further comment amendments to preserve formatting prior to source reformat · 3a83462d
  由 Matt Caswell 提交于 1月 05, 2015
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  3a83462d
31 12月, 2014 1 次提交

mark all block comments that need format preserving so that · 1d97c843

由 Tim Hudson 提交于 12月 28, 2014

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

1d97c843

08 12月, 2014 1 次提交

Remove some unnecessary OPENSSL_FIPS references · 00b4ee76

由 Dr. Stephen Henson 提交于 10月 18, 2014

FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: NTim Hudson <tjh@openssl.org>

00b4ee76

24 9月, 2014 1 次提交

RT3066: rewrite RSA padding checks to be slightly more constant time. · 294d1e36

由 Emilia Kasper 提交于 8月 28, 2014

Also tweak s3_cbc.c to use new constant-time methods.
Also fix memory leaks from internal errors in RSA_padding_check_PKCS1_OAEP_mgf1

This patch is based on the original RT submission by Adam Langley <agl@chromium.org>,
as well as code from BoringSSL and OpenSSL.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

294d1e36

28 8月, 2014 1 次提交

Constant-time utilities · 5a3d21c0

由 Emilia Kasper 提交于 8月 28, 2014

Pull constant-time methods out to a separate header, add tests.
Reviewed-by: NBodo Moeller <bodo@openssl.org>

5a3d21c0

06 9月, 2013 1 次提交
- V
  
  misspellings fixes by https://github.com/vlajos/misspell_fixer · 478b50cf
  由 Veres Lajos 提交于 6月 13, 2013
  
  478b50cf
18 3月, 2013 1 次提交

Use enc_flags when deciding protocol variations. · cbd64894

由 Dr. Stephen Henson 提交于 3月 13, 2013

Use the enc_flags field to determine whether we should use explicit IV,
signature algorithms or SHA256 default PRF instead of hard coding which
versions support each requirement.

cbd64894

22 2月, 2013 1 次提交
- B
  Fix ignored return value warnings. · 0850f118
  由 Ben Laurie 提交于 2月 21, 2013
```
Not sure why I am getting these now and not before.
```
  0850f118
12 2月, 2013 1 次提交

Check DTLS_BAD_VER for version number. · d980abb2

由 David Woodhouse 提交于 2月 12, 2013

The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.

PR:2984

d980abb2

09 2月, 2013 1 次提交
- A
  
  s3_cbc.c: make CBC_MAC_ROTATE_IN_PLACE universal. · f93a4187
  由 Andy Polyakov 提交于 2月 08, 2013
  
  f93a4187
08 2月, 2013 3 次提交
- A
  
  s3_cbc.c: get rid of expensive divisions. · c98a4545
  由 Andy Polyakov 提交于 2月 08, 2013
  
  c98a4545
- A
  
  s3_cbc.c: fix warning [in Windows build]. · 0e4f7045
  由 Andy Polyakov 提交于 2月 08, 2013
  
  0e4f7045
- A
  ssl/*: revert "remove SSL_RECORD->orig_len" and merge "fix IV". · dd7e60bd
  由 Andy Polyakov 提交于 2月 08, 2013
```
Revert is appropriate because binary compatibility is not an issue
in 1.1.
```
  dd7e60bd
07 2月, 2013 1 次提交

Fix for EXP-RC2-CBC-MD5 · 32620fe9

由 Adam Langley 提交于 2月 06, 2013

MD5 should use little endian order. Fortunately the only ciphersuite
affected is EXP-RC2-CBC-MD5 (TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5) which
is a rarely used export grade ciphersuite.
(cherry picked from commit f306b87d766e6ecf30824635c7c395b67cff9dbc)

32620fe9

06 2月, 2013 2 次提交

e_aes_cbc_hmac_sha1.c: address the CBC decrypt timing issues. · 9970308c

由 Andy Polyakov 提交于 2月 02, 2013

Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f3c2a2d33785b5563d929d0472f1721)

9970308c

ssl/*: remove SSL3_RECORD->orig_len to restore binary compatibility. · 2aec073a

由 Andy Polyakov 提交于 2月 01, 2013

Kludge alert. This is arranged by passing padding length in unused
bits of SSL3_RECORD->type, so that orig_len can be reconstructed.
(cherry picked from commit 8bfd4c659f180a6ce34f21c0e62956b362067fba)

2aec073a

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功