提交 · f9b6c0ba4c02497782f801e3c45688f3efaac55c · OpenHarmony / Third Party Openssl

12 3月, 2014 1 次提交

Fix for CVE-2014-0076 · f9b6c0ba

由 Dr. Stephen Henson 提交于 3月 12, 2014

Fix for the attack described in the paper "Recovering OpenSSL
ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
by Yuval Yarom and Naomi Benger. Details can be obtained from:
http://eprint.iacr.org/2014/140

Thanks to Yuval Yarom and Naomi Benger for discovering this
flaw and to Yuval Yarom for supplying a fix.
(cherry picked from commit 2198be3483259de374f91e57d247d0fc667aef29)

Conflicts:

	CHANGES

f9b6c0ba

10 3月, 2014 2 次提交
- D
  
  typo · a029788b
  由 Dr. Stephen Henson 提交于 3月 10, 2014
  
  a029788b
- D
  
  Simplify ssl_add_cert_chain logic. · d628885e
  由 Dr. Stephen Henson 提交于 3月 09, 2014
  
  d628885e
08 3月, 2014 1 次提交
- D
  Remove -WX option from debug-VC-WIN32 · ab0f8804
  由 Dr. Stephen Henson 提交于 3月 07, 2014
```
(cherry picked from commit 7a3e67f029969620966b8a627b8485d83692cca5)
```
  ab0f8804
07 3月, 2014 2 次提交

A
engines/ccgost/gosthash.c: simplify and avoid SEGV. · ea38f020
由 Andy Polyakov 提交于 3月 07, 2014
```
PR: 3275
```
ea38f020

SPARC T4 assembly pack: treat zero input length in CBC. · 5e44c144

由 Andy Polyakov 提交于 3月 07, 2014

The problem is that OpenSSH calls EVP_Cipher, which is not as
protective as EVP_CipherUpdate. Formally speaking we ought to
do more checks in *_cipher methods, including rejecting
lengths not divisible by block size (unless ciphertext stealing
is in place). But for now I implement check for zero length in
low-level based on precedent.

PR: 3087, 2775

5e44c144

06 3月, 2014 3 次提交
- A
  
  dh_check.c: check BN_CTX_get's return value. · 53e51612
  由 Andy Polyakov 提交于 3月 06, 2014
  
  53e51612
- A
  test/Makefile: allow emulated test (e.g. under wine). · 687403fb
  由 Andy Polyakov 提交于 3月 06, 2014
```
Submitted by: Roumen Petrov
```
  687403fb
- A
  bss_dgram.c,d1_lib.c: make it compile with mingw. · 972b0dc3
  由 Andy Polyakov 提交于 3月 06, 2014
```
Submitted by: Roumen Petrov
```
  972b0dc3
04 3月, 2014 1 次提交
- D
  For self signed root only indicate one error. · 315cd871
  由 Dr. Stephen Henson 提交于 3月 03, 2014
```
(cherry picked from commit bdfc0e284c89dd5781259cc19aa264aded538492)
```
  315cd871
02 3月, 2014 3 次提交

PKCS#8 support for alternative PRFs. · 5693a308

由 Dr. Stephen Henson 提交于 2月 28, 2014

Add option to set an alternative to the default hmacWithSHA1 PRF
for PKCS#8 private key encryptions. This is used automatically
by PKCS8_encrypt if the nid specified is a PRF.

Add option to pkcs8 utility.

Update docs.
(cherry picked from commit b60272b01fcb4f69201b3e1659b4f7e9e9298dfb)

5693a308

D
Fix memory leak. · 01757858
由 Dr. Stephen Henson 提交于 2月 28, 2014
```
(cherry picked from commit 124d218889dfca33d277404612f1319afe04107e)
```
01757858

Add function to free compression methods. · db7b5e0d

由 Dr. Stephen Henson 提交于 2月 28, 2014

Although the memory allocated by compression methods is fixed and
cannot grow over time it can cause warnings in some leak checking
tools. The function SSL_COMP_free_compression_methods() will free
and zero the list of supported compression methods. This should
*only* be called in a single threaded context when an application
is shutting down to avoid interfering with existing contexts
attempting to look up compression methods.
(cherry picked from commit 976c58302b13d085edb3ab822f5eac4b2f1bff95)

db7b5e0d

01 3月, 2014 1 次提交
- A
  Makefile.org: fix syntax error on Solaris. · 65370f9b
  由 Andy Polyakov 提交于 2月 28, 2014
```
PR: 3271
```
  65370f9b
27 2月, 2014 5 次提交
- A
  
  Configure: mark unixware target as elf-1. · 4ca02656
  由 Andy Polyakov 提交于 2月 27, 2014
  
  4ca02656
- A
  
  perlasm/x86asm.pl: recognize elf-1 denoting old ELF platforms. · b62a4a1c
  由 Andy Polyakov 提交于 2月 27, 2014
  
  b62a4a1c
- A
  
  perlasm/x86gas.pl: limit special OPENSSL_ia32cap_P treatment to ELF. · ce876d83
  由 Andy Polyakov 提交于 2月 27, 2014
  
  ce876d83
- A
  
  rc4/asm/rc4-586.pl: allow for 386-only build. · f861b1d4
  由 Andy Polyakov 提交于 2月 27, 2014
  
  f861b1d4
- A
  
  des/asm/des-586.pl: shortcut reference to DES_SPtrans. · fd361a67
  由 Andy Polyakov 提交于 2月 27, 2014
  
  fd361a67
26 2月, 2014 7 次提交
- R
  
  CABForum EV OIDs for Subject Jurisdiction of Incorporation or Registration. · 52f71f81
  由 Rob Stradling 提交于 2月 25, 2014
  
  52f71f81
- D
  Fix for WIN32 builds with KRB5 · 031ea2d1
  由 Dr. Stephen Henson 提交于 2月 26, 2014
```
(cherry picked from commit 3eddd1706a30cdf3dc9278692d8ee9038eac8a0d)
```
  031ea2d1
- A
  
  sha/asm/sha256-586.pl: don't try to compile SIMD with no-sse2. · d49135e7
  由 Andy Polyakov 提交于 2月 26, 2014
  
  d49135e7
- A
  
  sha/asm/sha512-x86_64.pl: fix compilation error on Solaris. · 147cca8f
  由 Andy Polyakov 提交于 2月 26, 2014
  
  147cca8f
- A
  
  Configure: blended processor target in solaris-x86-cc. · 7bb9d84e
  由 Andy Polyakov 提交于 2月 26, 2014
  
  7bb9d84e
- A
  ssl/t1_enc.c: check EVP_MD_CTX_copy return value. · 03da57fe
  由 Andy Polyakov 提交于 2月 25, 2014
```
PR: 3201
```
  03da57fe
- A
  
  aes/asm/vpaes-ppc.pl: fix traceback info. · e704741b
  由 Andy Polyakov 提交于 2月 25, 2014
  
  e704741b
25 2月, 2014 6 次提交
- D
  Don't use BN_ULLONG in n2l8 use SCTS_TIMESTAMP. · e0520c65
  由 Dr. Stephen Henson 提交于 2月 25, 2014
```
(cherry picked from commit 3678161d717d0f46c5b5b052a6d6a33438b1df00)
```
  e0520c65
- D
  Fix for v3_scts.c · 3a325c60
  由 Dr. Stephen Henson 提交于 2月 25, 2014
```
Not all platforms define BN_ULLONG. Define SCTS_TIMESTAMP as a type
which should work on all platforms.
(cherry picked from commit 6634416732b94627eba1c47de3c3a6321a5458f0)
```
  3a325c60
- D
  
  Add -show_chain option to print out verified chain. · 86a2f966
  由 Dr. Stephen Henson 提交于 2月 25, 2014
  
  86a2f966
- D
  Avoid Windows 8 Getversion deprecated errors. · a4cc3c80
  由 Dr. Stephen Henson 提交于 2月 25, 2014
```
Windows 8 SDKs complain that GetVersion() is deprecated.

We only use GetVersion like this:

	(GetVersion() < 0x80000000)

which checks if the Windows version is NT based. Use a macro check_winnt()
which uses GetVersion() on older SDK versions and true otherwise.
```
  a4cc3c80
- R
  
  Parse non-v1 SCTs less awkwardly. · 19f65ddb
  由 Rob Stradling 提交于 2月 25, 2014
  
  19f65ddb
- A
  ms/do_win64a.bat: forward to NUL, not NUL:. · 63aff300
  由 Andy Polyakov 提交于 2月 24, 2014
```
Allegedly formwarding to NUL: sometimes creates NUL file in file
system.

PR: 3250
```
  63aff300
24 2月, 2014 3 次提交
- A
  BC-32.pl: refresh Borland C support. · 779c51c6
  由 Andy Polyakov 提交于 2月 24, 2014
```
PR: 3251
Suggested by: Thorsten Schning
```
  779c51c6
- A
  x509/by_dir.c: fix run-away pointer (and potential SEGV) · 758954e0
  由 Andy Polyakov 提交于 2月 24, 2014
```
when adding duplicates in add_cert_dir.

PR: 3261
Reported by: Marian Done
```
  758954e0
- A
  
  config: recognize ARMv8/AArch64 target. · d099f0ed
  由 Andy Polyakov 提交于 2月 24, 2014
  
  d099f0ed
23 2月, 2014 2 次提交

D
Only set current certificate to valid values. · 358d352a
由 Dr. Stephen Henson 提交于 2月 23, 2014
```
When setting the current certificate check that it has a corresponding
private key.
```
358d352a

New chain building flags. · 13dc3ce9

由 Dr. Stephen Henson 提交于 2月 23, 2014

New flags to build certificate chains. The can be used to rearrange
the chain so all an application needs to do is add all certificates
in arbitrary order and then build the chain to check and correct them.

Add verify error code when building chain.

Update docs.

13dc3ce9

22 2月, 2014 1 次提交
- D
  
  Option to set current cert to server certificate. · daddd9a9
  由 Dr. Stephen Henson 提交于 2月 21, 2014
  
  daddd9a9
21 2月, 2014 2 次提交
- A
  
  aes/asm/aesni-x86[_64].pl: minor Atom-specific performance tweak. · 214368ff
  由 Andy Polyakov 提交于 2月 21, 2014
  
  214368ff
- D
  fix WIN32 warnings · 47739161
  由 Dr. Stephen Henson 提交于 2月 20, 2014
```
(cherry picked from commit b709f8ef54b1c9ad513878ba0213aa651a9acef8)
```
  47739161

OpenHarmony / Third Party Openssl 大约 1 年 前同步成功

OpenHarmony / Third Party Openssl
大约 1 年前同步成功