提交 · cb2bc0543a27c48b165ca54069378155d69c41ee · OpenHarmony / Third Party Openssl

03 1月, 2015 3 次提交

D
Remove SGC restart flag. · 95275599
由 Dr. Stephen Henson 提交于 1月 02, 2015
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
95275599

由 Dr. Stephen Henson 提交于 10月 24, 2014

MS Server gated cryptography is obsolete and dates from the time of export
restrictions on strong encryption and is only used by ancient versions of
MSIE.
Reviewed-by: NMatt Caswell <matt@openssl.org>

63eab8a6

Clear existing extension state. · 4f605ccb

由 Dr. Stephen Henson 提交于 12月 05, 2014

When parsing ClientHello clear any existing extension state from
SRP login and SRTP profile.

Thanks to Karthikeyan Bhargavan for reporting this issue.
Reviewed-by: NMatt Caswell <matt@openssl.org>

4f605ccb

31 12月, 2014 3 次提交

remove duplicate defines · b17dcb0d

由 Martin Nowak 提交于 4月 21, 2014

Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

b17dcb0d

constify tls 1.2 lookup tables. · d97ed219

由 Cristian Rodríguez 提交于 4月 20, 2014

None of this should live in writable memory
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NGeoff Thorpe <geoff@openssl.org>

d97ed219

mark all block comments that need format preserving so that · 1d97c843

由 Tim Hudson 提交于 12月 28, 2014

indent will not alter them when reformatting comments
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

1d97c843

20 12月, 2014 1 次提交

RT3548: Remove outdated platforms · e03b2987

由 Rich Salz 提交于 12月 19, 2014

This commit removes all mention of NeXT and NextStep.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

e03b2987

19 12月, 2014 1 次提交
- M
  Change all instances of OPENSSL_NO_DEPRECATED to OPENSSL_USE_DEPRECATED · 53e95716
  由 Matt Caswell 提交于 12月 17, 2014
```
Introduce use of DECLARE_DEPRECATED
Reviewed-by: NRich Salz <rsalz@openssl.org>
```
  53e95716
17 12月, 2014 5 次提交
- A
  Premaster secret handling fixes · 4aecfd4d
  由 Adam Langley 提交于 12月 16, 2014
```
From BoringSSL
- Send an alert when the client key exchange isn't correctly formatted.
- Reject overly short RSA ciphertexts to avoid a (benign) out-of-bounds memory access.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
```
  4aecfd4d
- R
  Clear warnings/errors within TLS_DEBUG code sections · 6dec5e1c
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  6dec5e1c
- R
  Clear warnings/errors within KSSL_DEBUG code sections · 3ddb2914
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  3ddb2914
- R
  Clear warnings/errors within CIPHER_DEBUG code sections · a501f647
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  a501f647
- R
  Clear warnings/errors within CIPHER_DEBUG code sections · 72b5d03b
  由 Richard Levitte 提交于 12月 16, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  72b5d03b
16 12月, 2014 7 次提交
- M
  The dtls1_output_cert_chain function no longer exists so remove it from · 789da2c7
  由 Matt Caswell 提交于 12月 03, 2014
```
ssl_locl.h
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  789da2c7
- A
  Don't set client_version to the ServerHello version. · ec1af3c4
  由 Adam Langley 提交于 12月 13, 2014
```
The client_version needs to be preserved for the RSA key exchange.

This change also means that renegotiation will, like TLS, repeat the old
client_version rather than advertise only the final version. (Either way,
version change on renego is not allowed.) This is necessary in TLS to work
around an SChannel bug, but it's not strictly necessary in DTLS.

(From BoringSSL)
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  ec1af3c4
- M
  Add more meaningful OPENSSL_NO_ECDH error message for suite b mode · db812f2d
  由 Matt Caswell 提交于 12月 16, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  db812f2d
- M
  Add OPENSSL_NO_ECDH guards · af6e2d51
  由 Matt Caswell 提交于 11月 18, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  af6e2d51
- M
  Remove extraneous white space, and add some braces · 55e53026
  由 Matt Caswell 提交于 12月 15, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  55e53026
- M
  DTLS fixes for signed/unsigned issues · 1904d211
  由 Matt Caswell 提交于 12月 12, 2014
```
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  1904d211
- K
  Allow using -SSLv2 again when setting Protocol in the config. · 995207be
  由 Kurt Roeckx 提交于 12月 10, 2014
```
RT#3625
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
```
  995207be
13 12月, 2014 1 次提交
- M
  Fixed memory leak if BUF_MEM_grow fails · 24097938
  由 Matt Caswell 提交于 12月 12, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NKurt Roeckx <kurt@openssl.org>
```
  24097938
12 12月, 2014 1 次提交
- M
  make update · fd0ba777
  由 Matt Caswell 提交于 12月 11, 2014
```
Reviewed-by: NTim Hudson <tjh@openssl.org>
```
  fd0ba777
11 12月, 2014 7 次提交
- J
  tls1_heartbeat: check for NULL after allocating buf · 288b4e4f
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  288b4e4f
- J
  tls1_process_heartbeat: check for NULL after allocating buffer · c27dc398
  由 Jonas Maebe 提交于 12月 07, 2014
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  c27dc398
- J
  SSL_set_session: check for NULL after allocating s->kssl_ctx->client_princ · fed5b552
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  fed5b552
- J
  serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo)... · e9e688ef
  由 Jonas Maebe 提交于 12月 09, 2013
```
serverinfo_process_buffer: check result of realloc(ctx->cert->key->serverinfo) and don't leak memory if it fails
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  e9e688ef
- J
  ssl3_digest_cached_records: check for NULL after allocating s->s3->handshake_dgst · bf8e7047
  由 Jonas Maebe 提交于 12月 09, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  bf8e7047
- J
  ssl3_get_certificate_request: check for NULL after allocating s->cert->ctypes · 9052ffda
  由 Jonas Maebe 提交于 12月 08, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  9052ffda
- J
  SSL_COMP_add_compression_method: exit if allocating the new compression method struct fails · d00b1d62
  由 Jonas Maebe 提交于 12月 02, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  d00b1d62
09 12月, 2014 3 次提交

Include <openssl/foo.h> instead of "foo.h" · e52a3c3d

由 Geoff Thorpe 提交于 10月 11, 2014

Exported headers shouldn't be included as "foo.h" by code from the same
module, it should only do so for module-internal headers. This is
because the symlinking of exported headers (from include/openssl/foo.h
to crypto/foo/foo.h) is being removed, and the exported headers are
being moved to the include/openssl/ directory instead.

Change-Id: I4c1d80849544713308ddc6999a549848afc25f94
Signed-off-by: NGeoff Thorpe <geoff@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

e52a3c3d

M
Fixed memory leak in the event of a failure of BUF_MEM_grow · 41bf2501
由 Matt Caswell 提交于 12月 04, 2014
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
41bf2501
M
Fix memory leak in SSL_new if errors occur. · 76e65090
由 Matt Caswell 提交于 12月 04, 2014
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
76e65090

08 12月, 2014 1 次提交

Remove some unnecessary OPENSSL_FIPS references · 00b4ee76

由 Dr. Stephen Henson 提交于 10月 18, 2014

FIPS_mode() exists in all versions of OpenSSL but always returns 0 if OpenSSL is not FIPS
capable.
Reviewed-by: NTim Hudson <tjh@openssl.org>

00b4ee76

06 12月, 2014 1 次提交
- E
  Clarify the return values for SSL_get_shared_curve. · 376e2ca3
  由 Emilia Kasper 提交于 12月 04, 2014
```
Reviewed-by: NMatt Caswell <matt@openssl.org>
```
  376e2ca3
05 12月, 2014 6 次提交

Add extra checks for odd-length EC curve lists. · 740580c2

由 Emilia Kasper 提交于 12月 01, 2014

Odd-length lists should be rejected everywhere upon parsing. Nevertheless,
be extra careful and add guards against off-by-one reads.

Also, drive-by replace inexplicable double-negation with an explicit comparison.
Reviewed-by: NMatt Caswell <matt@openssl.org>

740580c2

Reject elliptic curve lists of odd lengths. · 33d5ba86

由 Emilia Kasper 提交于 12月 01, 2014

The Supported Elliptic Curves extension contains a vector of NamedCurves
of 2 bytes each, so the total length must be even. Accepting odd-length
lists was observed to lead to a non-exploitable one-byte out-of-bounds
read in the latest development branches (1.0.2 and master). Released
versions of OpenSSL are not affected.

Thanks to Felix Groebert of the Google Security Team for reporting this issue.
Reviewed-by: NMatt Caswell <matt@openssl.org>

33d5ba86

J
ssl_create_cipher_list: check whether push onto cipherstack succeeds · f5905ba3
由 Jonas Maebe 提交于 12月 02, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
f5905ba3

ssl_cert_dup: Fix memory leak · b3b966fb

由 Jonas Maebe 提交于 12月 02, 2013

Always use goto err on failure and call ssl_cert_free() on the error path so all
fields and "ret" itself are freed
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>

b3b966fb

K
dtls1_new: free s on error path · 6c42b39c
由 Kurt Roeckx 提交于 12月 02, 2013
```
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
6c42b39c
J
dtls1_heartbeat: check for NULL after allocating s->cert->ctypes · 241e2dc9
由 Jonas Maebe 提交于 12月 08, 2013
```
Signed-off-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
```
241e2dc9

OpenHarmony / Third Party Openssl 11 个月 前同步成功

OpenHarmony / Third Party Openssl
11 个月前同步成功