- 16 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Conflicts: CHANGES CONTRIBUTING Configurations/50-win-onecore.conf Configurations/90-team.norelease.conf Configurations/unix-Makefile.tmpl Configure NEWS NOTES.ANDROID README apps/rehash.c apps/s_cb.c apps/s_server.c apps/speed.c config crypto/aes/asm/aes-s390x.pl crypto/aes/asm/aesni-x86_64.pl crypto/aes/asm/aesp8-ppc.pl crypto/aes/asm/aesv8-armx.pl crypto/aes/asm/vpaes-armv8.pl crypto/aes/asm/vpaes-x86_64.pl crypto/asn1/charmap.h crypto/asn1/x_bignum.c crypto/bio/b_addr.c crypto/bio/bss_file.c crypto/bn/asm/armv8-mont.pl crypto/bn/asm/mips.pl crypto/bn/asm/ppc.pl crypto/bn/asm/rsaz-avx2.pl crypto/bn/asm/rsaz-x86_64.pl crypto/bn/asm/x86_64-mont5.pl crypto/bn/bn_local.h crypto/bn/bn_prime.c crypto/bn/bn_prime.h crypto/chacha/asm/chacha-armv8.pl crypto/cms/cms_att.c crypto/conf/conf_def.h crypto/conf/conf_lib.c crypto/dh/dh_gen.c crypto/dso/dso_dlfcn.c crypto/ec/asm/ecp_nistz256-armv8.pl crypto/ec/asm/ecp_nistz256-sparcv9.pl crypto/ec/asm/ecp_nistz256-x86_64.pl crypto/ec/asm/x25519-ppc64.pl crypto/ec/ec_asn1.c crypto/ec/ec_local.h crypto/ec/ecp_nistp224.c crypto/ec/ecp_nistp256.c crypto/ec/ecp_nistp521.c crypto/ec/ecp_nistz256.c crypto/ec/ecx_meth.c crypto/engine/eng_openssl.c crypto/err/err.c crypto/err/openssl.txt crypto/evp/e_aes.c crypto/evp/evp_err.c crypto/hmac/hmac.c crypto/modes/asm/ghash-x86_64.pl crypto/objects/obj_dat.h crypto/objects/obj_xref.h crypto/perlasm/x86_64-xlate.pl crypto/poly1305/asm/poly1305-armv8.pl crypto/ppccpuid.pl crypto/rand/drbg_lib.c crypto/rand/rand_err.c crypto/rand/rand_lib.c crypto/rand/rand_local.h crypto/rand/rand_unix.c crypto/rand/rand_vms.c crypto/rsa/rsa_ossl.c crypto/rsa/rsa_pk1.c crypto/rsa/rsa_pmeth.c crypto/rsa/rsa_ssl.c crypto/sha/asm/keccak1600-armv4.pl crypto/sha/asm/keccak1600-armv8.pl crypto/sha/asm/sha512-armv8.pl crypto/sha/asm/sha512-sparcv9.pl crypto/threads_none.c crypto/threads_win.c crypto/x509/x509_cmp.c crypto/x509/x509_vfy.c crypto/x509/x_crl.c crypto/x509v3/v3_purp.c doc/HOWTO/proxy_certificates.txt doc/man1/enc.pod doc/man1/s_client.pod doc/man1/x509.pod doc/man3/BN_generate_prime.pod doc/man3/CRYPTO_memcmp.pod doc/man3/EC_GROUP_copy.pod doc/man3/EVP_DigestSignInit.pod doc/man3/EVP_DigestVerifyInit.pod doc/man3/EVP_PKEY_new.pod doc/man3/EVP_SignInit.pod doc/man3/OPENSSL_malloc.pod doc/man3/RAND_bytes.pod doc/man3/RAND_set_rand_method.pod doc/man3/RSA_get0_key.pod doc/man3/SSL_SESSION_get0_hostname.pod doc/man3/SSL_get_error.pod doc/man3/X509_LOOKUP_meth_new.pod doc/man3/X509_STORE_add_cert.pod doc/man3/X509_cmp.pod doc/man3/X509_get_extension_flags.pod doc/man3/d2i_X509.pod doc/man5/config.pod doc/man7/Ed25519.pod doc/man7/X25519.pod e_os.h engines/e_afalg.c include/crypto/dso_conf.h.in include/internal/constant_time.h include/openssl/bio.h include/openssl/evperr.h include/openssl/lhash.h include/openssl/obj_mac.h include/openssl/opensslv.h include/openssl/randerr.h include/openssl/sslerr.h krb5 ssl/record/rec_layer_s3.c ssl/s3_lib.c ssl/ssl_lib.c ssl/ssl_local.h ssl/statem/extensions.c ssl/statem/extensions_srvr.c ssl/statem/statem_lib.c ssl/statem/statem_srvr.c ssl/t1_lib.c ssl/tls13_enc.c test/bio_memleak_test.c test/bntest.c test/build.info test/certs/root-cert-rsa2.pem test/certs/server-pss-restrict-cert.pem test/certs/server-pss-restrict-key.pem test/certs/setup.sh test/dtlstest.c test/ec_internal_test.c test/ecdsatest.h test/ectest.c test/evp_extra_test.c test/recipes/02-test_errstr.t test/recipes/03-test_internal_ec.t test/recipes/30-test_evp_data/evpccmcavs.txt test/recipes/80-test_cms_data/bad_signtime_attr.cms test/recipes/80-test_cms_data/ct_multiple_attr.cms test/recipes/80-test_cms_data/no_ct_attr.cms test/recipes/80-test_cms_data/no_md_attr.cms test/recipes/90-test_bio_memleak.t test/recipes/90-test_includes_data/includes-eq-ws.cnf test/recipes/90-test_includes_data/includes-eq.cnf test/shlibloadtest.c test/ssl-tests/29-dtls-sctp-label-bug.conf test/ssl-tests/29-dtls-sctp-label-bug.conf.in test/sslapitest.c test/testutil.h test/testutil/random.c util/cavs-to-evptest.pl util/libcrypto.num util/perl/OpenSSL/Test.pm util/perl/TLSProxy/CertificateRequest.pm Change-Id: I388e77b9fc937720aaf18841949f5f954ef2131b
-
- 11 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:reduce warnning Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I2743c085e500027a5fce1c2587c048ba6b7b8a15 Reviewed-on: http://mgit-tm.rnd.huawei.com/9247216Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 09 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:reduce openssl create_asm_file scripe warnnings Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I0b7eeb4ce96b6a095b048ac7a6b1b38a55dd8180 Reviewed-on: http://mgit-tm.rnd.huawei.com/9196224Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 05 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:return 1 when fail Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I3e7959117a8f0fcbb8b0f43d07a7228d7b3e5487 Reviewed-on: http://mgit-tm.rnd.huawei.com/9162304Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 01 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:Openssl bugfix CVE-2019-1551 Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I73aa3eb8c8f1fcbd49183ddfe3e2ea17a4c12bc5 Reviewed-on: http://mgit-tm.rnd.huawei.com/9089040Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 31 5月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:use openssl asm mode Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Id449bd200b5e2ef817ac329fc6874190bc245ad4 Reviewed-on: http://mgit-tm.rnd.huawei.com/9083098Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 25 5月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:openssl bugfix CVE-2020-1967 Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I1758c03b34d28c1bd9253c3943b77a86ed795133 Reviewed-on: http://mgit-tm.rnd.huawei.com/8972328Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 20 5月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:openssl support to build by arm Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iedde66caa66b2baa5c1a4508240849da0e434efd Reviewed-on: http://mgit-tm.rnd.huawei.com/8910856Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 31 3月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org>
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11445)
-
- 29 3月, 2020 1 次提交
-
-
由 Viktor Szakats 提交于
The fix consists of putting all destination directories between double-quotes to make the default (and any custom) prefixes containing spaces to work when doing 'make install'. Also enable CI test with x86 mingw cross-build. [extended tests] Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11434)
-
- 25 3月, 2020 3 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)
-
由 Tomas Mraz 提交于
This partially reverts commit db943f43. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)
-
由 Richard Könning 提交于
CLA: trivial Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NBen Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11372) (cherry picked from commit 402b00d57921a0c8cd641b190d36bf39ea5fb592)
-
- 23 3月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10756)
-
- 20 3月, 2020 1 次提交
-
-
由 FdaSilvaYY 提交于
Found by Coverity. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8274) (cherry picked from commit 23dc8feba817560485da00d690d7b7b9e5b15682)
-
- 19 3月, 2020 4 次提交
-
-
由 Bernd Edlinger 提交于
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
由 Bernd Edlinger 提交于
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
由 Bernd Edlinger 提交于
This should avoid half of the trial divisions in probable_prime_dh_safe and avoid bn_probable_prime_dh generating primes with special properties. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
由 Bernd Edlinger 提交于
Currently probable_prime makes sure that p-1 does not have any prime factors from 3..17863, which is useful for safe primes, but not necessarily for the general case. Issue was initially reported here: MIRONOV, I. Factoring RSA Moduli II. https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
- 17 3月, 2020 6 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com>
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com>
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11344)
-
由 Matt Caswell 提交于
Reviewed-by: NMark J. Cox <mark@awe.com> (Merged from https://github.com/openssl/openssl/pull/11342)
-
由 Matt Caswell 提交于
Reviewed-by: NMark J. Cox <mark@awe.com> (Merged from https://github.com/openssl/openssl/pull/11342)
-
由 Ben Kaduk 提交于
We have no need for a new set of SSL_CTXs in test_ccs_change_cipher(), so just keep using the original ones. Also, fix a typo in a comment. [extended tests] Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11336) (cherry picked from commit b3e6d666e351d45e93d29fe3813245b92a0f5815)
-
- 14 3月, 2020 6 次提交
-
-
由 Benjamin Kaduk 提交于
The TLS (pre-1.3) ChangeCipherState message is usually used to indicate the switch from the unencrypted to encrypted part of the handshake. However, it can also be used in cases where there is an existing session (such as during resumption handshakes) or when changing from one cipher to a different one (such as during renegotiation when the cipher list offered by the client has changed). This test serves to exercise such situations, allowing us to detect whether session objects are being modified in cases when they must remain immutable for thread-safety purposes. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 3cd14e5e65011660ad8e3603cf871c8366b565fd)
-
由 Benjamin Kaduk 提交于
The server-side ChangeCipherState processing stores the new cipher in the SSL_SESSION object, so that the new state can be used if this session gets resumed. However, writing to the session is only thread-safe for initial handshakes, as at other times the session object may be in a shared cache and in use by another thread at the same time. Reflect this invariant in the code by only writing to s->session->cipher when it is currently NULL (we do not cache sessions with no cipher). The code prior to this change would never actually change the (non-NULL) cipher value in a session object, since our server enforces that (pre-TLS-1.3) resumptions use the exact same cipher as the initial connection, and non-abbreviated renegotiations have produced a new session object before we get to this point. Regardless, include logic to detect such a condition and abort the handshake if it occurs, to avoid any risk of inadvertently using the wrong cipher on a connection. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 2e3ec2e1578977fca830a47fd7f521e290540e6d)
-
由 Benjamin Kaduk 提交于
TLS 1.3 maintains a separate keys chedule in the SSL object, but was writing to the 'master_key_length' field in the SSL_SESSION when generating the per-SSL master_secret. (The generate_master_secret SSL3_ENC_METHOD function needs an output variable for the master secret length, but the TLS 1.3 implementation just uses the output size of the handshake hash function to get the lengths, so the only natural-looking thing to use as the output length was the field in the session. This would potentially involve writing to a SSL_SESSION object that was in the cache (i.e., resumed) and shared with other threads, though. The thread-safety impact should be minimal, since TLS 1.3 requires the hash from the original handshake to be associated with the resumption PSK and used for the subsequent connection. This means that (in the resumption case) the value being written would be the same value that was previously there, so the only risk would be on architectures that can produce torn writes/reads for aligned size_t values. Since the value is essentially ignored anyway, just provide the address of a local dummy variable to generate_master_secret() instead. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit d74014c4b8740f28a54b562f799ad1e754b517b9)
-
由 Benjamin Kaduk 提交于
Use a space after a comma. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 1866a0d380fc361d9be2ca0509de0f2281505db5)
-
由 Benjamin Kaduk 提交于
The generated macros are TYPE_get_ex_new_index() (to match CRYPTO_get_ex_new_index()), not TYPE_get_new_ex_index(), even though the latter spelling seems more natural. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit fe41c06e69613b1a4814b3e3cdbf460f2678ec99)
-
由 Benjamin Kaduk 提交于
Generally modernize the language. Refer to TLS instead of SSL/TLS, and try to have more consistent usage of commas and that/which. Reword some descriptions to avoid implying that a list of potential reasons for behavior is an exhaustive list. Clarify how get_session_cb() is only called on servers (i.e., in general, and that it's given the session ID proposed by the client). Clarify the semantics of the get_cb()'s "copy" argument. The behavior seems to have changed in commit 8876bc05, though the behavior prior to that commit was not to leave the reference-count unchanged if *copy was not written to -- instead, libssl seemed to assume that the callback already had incremented the reference count. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10943) (cherry picked from commit 06f876837a8ec76b28c42953731a156c0c3700e2)
-
- 13 3月, 2020 1 次提交
-
-
由 Jakub Jelen 提交于
CLA: trivial Signed-off-by: NJakub Jelen <jjelen@redhat.com> Reviewed-by: NKurt Roeckx <kurt@roeckx.be> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11299) (cherry picked from commit c08dea30d4d127412097b39d9974ba6090041a7c)
-
- 12 3月, 2020 1 次提交
-
-
由 Dr. Matthias St. Pierre 提交于
(cherry picked from commit 88398d2a358f) Additionally, remove an outdated paragraph mentioning the .rnd file, which is obsolete in 1.1.1 since the RANDFILE entry was removed from openssl.cnf in commit 1fd6afb5. Also borrow some text from 'openssl(1)/Random State Options' on master (commit a397aca43598) to emphasize that it is not necessary anymore to restore and save the RNG state using the '-rand' and '-writerand' options. Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11251)
-
- 11 3月, 2020 2 次提交
-
-
由 Matt Caswell 提交于
This reverts commit b98efebe. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
由 Matt Caswell 提交于
This reverts commit 68436f0a. The OMC did not vote in favour of backporting this to 1.1.1, so this change should be reverted. Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11282)
-
- 09 3月, 2020 3 次提交
-
-
由 James Peach 提交于
CLA: trivial Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11253) (cherry picked from commit 9f44e96e245993c8e7aaa9fadf1d6713c9c60915)
-
由 Richard Levitte 提交于
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit 03d65ca2095777cf6314ad813eb7de5779c9b93d) Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11232)
-
由 Richard Levitte 提交于
We change the description to be about the key rather than the signature. How the key size is related to the signature is explained in the description of EVP_SignFinal() anyway. Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com> (cherry picked from commit 6942a0d6feb8d3dcbbc6a1ec6be9de7ab2df1530) Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/11232)
-
- 08 3月, 2020 1 次提交
-
-
由 Bastian Germann 提交于
OpenSSL 1.1.0 has extended option checking, and rejects passing a PKCS#11 engine URL to "-signkey" option. The actual code is ready to take it. Change the option parsing to allow an engine URL to be passed and modify the manpage accordingly. CLA: trivial (cherry picked from commit 16d560439d8b1be5082228a87576a8f79b3525ac) Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11173)
-