Merge pull request !98 from wanghao-free/OpenHarmony_1.0.1_release

Signed-off-by: Nwanghaixiang <wanghaixiang@huawei.com>

Merge pull request !90 from wanghao-free/OpenHarmony_1.0.1_release

Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>

Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !89 from wanghao-free/OpenHarmony_1.0.1_release

add rsa_sup_mul.c from CVE-2022-4304 fix https://github.com/openssl/openssl/commit/43d8f88511991533f53680a751e9326999a6a31fSigned-off-by: Ncode4lala <fengziteng2@huawei.com>

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !86 from wanghao-free/OpenHarmony_1.0.1_release

Merge pull request !84 from fengjiahui4/OpenHarmony_1.0.1_release

Signed-off-by: Nwanghao-free <wanghao453@h-partners.com>

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !82 from wanghao-free/OpenHarmony_1.0.1_release

Call PEM_read_bio_ex() and expect a failure. There should be no dangling
ptrs and therefore there should be no double free if we free the ptrs on
error.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !31 from zhao_zhen_zhou/release

Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>

Change-Id: Ia29013889dd9f784266e06998eb6c61bb37441cc

Description: add COPYRIGHT.OpenSource files
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Ib7349a14e12eb5e229988bb4f5a57f05714bf78e
Reviewed-on: http://mgit-tm.rnd.huawei.com/10077179Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Npuxing 00257459 <puxing@huawei.com>

Description:add copyright statement for Build.gn
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Id0a6bec931218dde977f6273e165cd2e9d23f7b5
Reviewed-on: http://mgit-tm.rnd.huawei.com/9705303Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Npuxing 00257459 <puxing@huawei.com>

Description:add README.OpenSource for openssl
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: If550e5045ef804ed04d8dab875158e389976793f
Reviewed-on: http://mgit-tm.rnd.huawei.com/9463064Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:openssl bugfix CVE-2020-1967
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Ifc70e8c5f7401befd441f1461b97fba8bbb5c38d
Reviewed-on: http://mgit-tm.rnd.huawei.com/9327840Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nwanglechao 00496819 <wanglechao@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Conflicts:
	CHANGES
	CONTRIBUTING
	Configurations/50-win-onecore.conf
	Configurations/90-team.norelease.conf
	Configurations/unix-Makefile.tmpl
	Configure
	NEWS
	NOTES.ANDROID
	README
	apps/rehash.c
	apps/s_cb.c
	apps/s_server.c
	apps/speed.c
	config
	crypto/aes/asm/aes-s390x.pl
	crypto/aes/asm/aesni-x86_64.pl
	crypto/aes/asm/aesp8-ppc.pl
	crypto/aes/asm/aesv8-armx.pl
	crypto/aes/asm/vpaes-armv8.pl
	crypto/aes/asm/vpaes-x86_64.pl
	crypto/asn1/charmap.h
	crypto/asn1/x_bignum.c
	crypto/bio/b_addr.c
	crypto/bio/bss_file.c
	crypto/bn/asm/armv8-mont.pl
	crypto/bn/asm/mips.pl
	crypto/bn/asm/ppc.pl
	crypto/bn/asm/rsaz-avx2.pl
	crypto/bn/asm/rsaz-x86_64.pl
	crypto/bn/asm/x86_64-mont5.pl
	crypto/bn/bn_local.h
	crypto/bn/bn_prime.c
	crypto/bn/bn_prime.h
	crypto/chacha/asm/chacha-armv8.pl
	crypto/cms/cms_att.c
	crypto/conf/conf_def.h
	crypto/conf/conf_lib.c
	crypto/dh/dh_gen.c
	crypto/dso/dso_dlfcn.c
	crypto/ec/asm/ecp_nistz256-armv8.pl
	crypto/ec/asm/ecp_nistz256-sparcv9.pl
	crypto/ec/asm/ecp_nistz256-x86_64.pl
	crypto/ec/asm/x25519-ppc64.pl
	crypto/ec/ec_asn1.c
	crypto/ec/ec_local.h
	crypto/ec/ecp_nistp224.c
	crypto/ec/ecp_nistp256.c
	crypto/ec/ecp_nistp521.c
	crypto/ec/ecp_nistz256.c
	crypto/ec/ecx_meth.c
	crypto/engine/eng_openssl.c
	crypto/err/err.c
	crypto/err/openssl.txt
	crypto/evp/e_aes.c
	crypto/evp/evp_err.c
	crypto/hmac/hmac.c
	crypto/modes/asm/ghash-x86_64.pl
	crypto/objects/obj_dat.h
	crypto/objects/obj_xref.h
	crypto/perlasm/x86_64-xlate.pl
	crypto/poly1305/asm/poly1305-armv8.pl
	crypto/ppccpuid.pl
	crypto/rand/drbg_lib.c
	crypto/rand/rand_err.c
	crypto/rand/rand_lib.c
	crypto/rand/rand_local.h
	crypto/rand/rand_unix.c
	crypto/rand/rand_vms.c
	crypto/rsa/rsa_ossl.c
	crypto/rsa/rsa_pk1.c
	crypto/rsa/rsa_pmeth.c
	crypto/rsa/rsa_ssl.c
	crypto/sha/asm/keccak1600-armv4.pl
	crypto/sha/asm/keccak1600-armv8.pl
	crypto/sha/asm/sha512-armv8.pl
	crypto/sha/asm/sha512-sparcv9.pl
	crypto/threads_none.c
	crypto/threads_win.c
	crypto/x509/x509_cmp.c
	crypto/x509/x509_vfy.c
	crypto/x509/x_crl.c
	crypto/x509v3/v3_purp.c
	doc/HOWTO/proxy_certificates.txt
	doc/man1/enc.pod
	doc/man1/s_client.pod
	doc/man1/x509.pod
	doc/man3/BN_generate_prime.pod
	doc/man3/CRYPTO_memcmp.pod
	doc/man3/EC_GROUP_copy.pod
	doc/man3/EVP_DigestSignInit.pod
	doc/man3/EVP_DigestVerifyInit.pod
	doc/man3/EVP_PKEY_new.pod
	doc/man3/EVP_SignInit.pod
	doc/man3/OPENSSL_malloc.pod
	doc/man3/RAND_bytes.pod
	doc/man3/RAND_set_rand_method.pod
	doc/man3/RSA_get0_key.pod
	doc/man3/SSL_SESSION_get0_hostname.pod
	doc/man3/SSL_get_error.pod
	doc/man3/X509_LOOKUP_meth_new.pod
	doc/man3/X509_STORE_add_cert.pod
	doc/man3/X509_cmp.pod
	doc/man3/X509_get_extension_flags.pod
	doc/man3/d2i_X509.pod
	doc/man5/config.pod
	doc/man7/Ed25519.pod
	doc/man7/X25519.pod
	e_os.h
	engines/e_afalg.c
	include/crypto/dso_conf.h.in
	include/internal/constant_time.h
	include/openssl/bio.h
	include/openssl/evperr.h
	include/openssl/lhash.h
	include/openssl/obj_mac.h
	include/openssl/opensslv.h
	include/openssl/randerr.h
	include/openssl/sslerr.h
	krb5
	ssl/record/rec_layer_s3.c
	ssl/s3_lib.c
	ssl/ssl_lib.c
	ssl/ssl_local.h
	ssl/statem/extensions.c
	ssl/statem/extensions_srvr.c
	ssl/statem/statem_lib.c
	ssl/statem/statem_srvr.c
	ssl/t1_lib.c
	ssl/tls13_enc.c
	test/bio_memleak_test.c
	test/bntest.c
	test/build.info
	test/certs/root-cert-rsa2.pem
	test/certs/server-pss-restrict-cert.pem
	test/certs/server-pss-restrict-key.pem
	test/certs/setup.sh
	test/dtlstest.c
	test/ec_internal_test.c
	test/ecdsatest.h
	test/ectest.c
	test/evp_extra_test.c
	test/recipes/02-test_errstr.t
	test/recipes/03-test_internal_ec.t
	test/recipes/30-test_evp_data/evpccmcavs.txt
	test/recipes/80-test_cms_data/bad_signtime_attr.cms
	test/recipes/80-test_cms_data/ct_multiple_attr.cms
	test/recipes/80-test_cms_data/no_ct_attr.cms
	test/recipes/80-test_cms_data/no_md_attr.cms
	test/recipes/90-test_bio_memleak.t
	test/recipes/90-test_includes_data/includes-eq-ws.cnf
	test/recipes/90-test_includes_data/includes-eq.cnf
	test/shlibloadtest.c
	test/ssl-tests/29-dtls-sctp-label-bug.conf
	test/ssl-tests/29-dtls-sctp-label-bug.conf.in
	test/sslapitest.c
	test/testutil.h
	test/testutil/random.c
	util/cavs-to-evptest.pl
	util/libcrypto.num
	util/perl/OpenSSL/Test.pm
	util/perl/TLSProxy/CertificateRequest.pm

Change-Id: I388e77b9fc937720aaf18841949f5f954ef2131b

Description:reduce warnning
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I2743c085e500027a5fce1c2587c048ba6b7b8a15
Reviewed-on: http://mgit-tm.rnd.huawei.com/9247216Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:reduce openssl create_asm_file scripe warnnings
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I0b7eeb4ce96b6a095b048ac7a6b1b38a55dd8180
Reviewed-on: http://mgit-tm.rnd.huawei.com/9196224Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:return 1 when fail
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I3e7959117a8f0fcbb8b0f43d07a7228d7b3e5487
Reviewed-on: http://mgit-tm.rnd.huawei.com/9162304Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:Openssl bugfix CVE-2019-1551
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I73aa3eb8c8f1fcbd49183ddfe3e2ea17a4c12bc5
Reviewed-on: http://mgit-tm.rnd.huawei.com/9089040Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:use openssl asm mode
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Id449bd200b5e2ef817ac329fc6874190bc245ad4
Reviewed-on: http://mgit-tm.rnd.huawei.com/9083098Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:openssl bugfix CVE-2020-1967
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I1758c03b34d28c1bd9253c3943b77a86ed795133
Reviewed-on: http://mgit-tm.rnd.huawei.com/8972328Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:openssl support to build by arm
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Iedde66caa66b2baa5c1a4508240849da0e434efd
Reviewed-on: http://mgit-tm.rnd.huawei.com/8910856Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11445)

The fix consists of putting all destination directories
between double-quotes to make the default (and any custom)
prefixes containing spaces to work when doing 'make install'.

Also enable CI test with x86 mingw cross-build.

[extended tests]
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11434)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11400)

This partially reverts commit db943f43.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11400)

CLA: trivial
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11372)

(cherry picked from commit 402b00d57921a0c8cd641b190d36bf39ea5fb592)

Basically we use EXFLAG_INVALID for all kinds of out of memory and
all kinds of parse errors in x509v3_cache_extensions.

[extended tests]
Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10756)