Description:openssl support to build by arm
Team:OTHERS
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Iedde66caa66b2baa5c1a4508240849da0e434efd
Reviewed-on: http://mgit-tm.rnd.huawei.com/8910856Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>

Description:openssl 1.1.1d used bu libhapverify
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:Yes, it is
PrivateCode(Yes/No):No

Change-Id: I8968f9c0f146b587da17a3e603bd04fb7b4c505b
Reviewed-on: http://mgit-tm.rnd.huawei.com/7842784Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
Reviewed-by: Nweiping 00548480 <ping.wei@huawei.com>

Description:build opennssl static library and used by verify signature for hap package
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I55654d67a0a165e770a119d61dc3f6c249350f85
Reviewed-on: http://mgit-tm.rnd.huawei.com/7603160Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com>
Reviewed-by: Nfanshaojun 00317284 <fanshaojun@huawei.com>

Description:remove openssl

Team:EMUI
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Ifce67cfdff8696c12fcbf4d92a56add91c395982
Reviewed-on: http://mgit-tm.rnd.huawei.com/7449332Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nluomeiling 00216346 <luomeiling@huawei.com>
Reviewed-by: Nshenchunlong 00356424 <shenchunlong@huawei.com>

Change-Id: I4a35fb43d9c8595242a32e8ff46d69d1d7354517

Description:fix update fail
Team:PDU_DRV
Feature or Bugfix:Bugfix
Binary Source:No
PrivateCode(Yes/No):Yes

Change-Id: Ic8d6f87762156f2d2359bfbed217db2b757111b5
Reviewed-on: http://mgit-tm.rnd.huawei.com/7145240Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nqiuzeling 00405843 <qiuzeling@huawei.com>

Description: Use static openssl libs in poco, and NOT export openssl symbols
Team: EMUI
Feature or Bugfix: Bugfix
Binary Source: No
PrivateCode(Yes/No): No

Change-Id: I0dc10a9c97287c925f1cc0238f9e59f5dd1e216b
Reviewed-on: http://mgit-tm.rnd.huawei.com/7118156Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nqiuzeling 00405843 <qiuzeling@huawei.com>

Description:add libcrypto_commu shared library
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):Yes

Change-Id: I11ae34ecb11d0439cdc659ec33942079d21c4ea1
Reviewed-on: http://mgit-tm.rnd.huawei.com/7008248Reviewed-by: Npengjianxin 00207387 <pengjianxin@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>

Description:openssl开源社区安全补丁
Team:EMUI
Feature or Bugfix:Feature
Binary Source:NA
PrivateCode(Yes/No):No

Change-Id: Ia942e70461a3a5337de001ab0f40604776fe8f91
Reviewed-on: http://mgit-tm.rnd.huawei.com/6664137Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nyanglijun 00294367 <yanglijun@huawei.com>
Reviewed-by: Nluomeiling 00216346 <luomeiling@huawei.com>
Reviewed-by: Nshenchunlong 00356424 <shenchunlong@huawei.com>

Description: update clang
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: Ieadde6bd478cf975c3aedd420eacb939b7a64e39
Reviewed-on: http://mgit-tm.rnd.huawei.com/5955463Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nwangxing 00438353 <raymond.wangxing@huawei.com>

Description: remove coverage for openssl
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):Yes

Change-Id: Ic398e7bedf43045e5791d908e28a012958ff3eb3
Reviewed-on: http://mgit-tm.rnd.huawei.com/5196945Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nwangjuntao 00221367 <wangjuntao.wang@huawei.com>

This reverts commit dfe61e61.

Change-Id: I397f096843a3952cc6df1ef76ac6e666ac466195
Reviewed-on: http://mgit-tm.rnd.huawei.com/5015417Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nwangyanbo 00291255 <wangyanbo3@huawei.com>
Reviewed-by: Ntenghui 00211420 <th.tenghui@huawei.com>

This reverts commit 487cd50bbe2cd30aedfcb35fda706061c05628e9.

Change-Id: I03d4dcc6246c1037abc8afc34ddec50ba0a8451f
Reviewed-on: http://mgit-tm.rnd.huawei.com/5004161Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>
Reviewed-by: Nliwei 00495960 <sirius.liwei@huawei.com>

Description:D-Transport: Connection Setup on Server side
Team:OTHERS
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I1214f2f74b233555f2903a23990640852e42cca6
Reviewed-on: http://mgit-tm.rnd.huawei.com/4999713Reviewed-by: Nwangyanbo 00291255 <wangyanbo3@huawei.com>
Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>
Reviewed-by: Ntenghui 00211420 <th.tenghui@huawei.com>

Description: Prevent over long nonces in ChaCha20-Poly1305

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
every encryption operation. RFC 7539 specifies that the nonce value (IV)
should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
front pads the nonce with 0 bytes if it is less than 12 bytes. However it
also incorrectly allows a nonce to be set of up to 16 bytes. In this case
only the last 12 bytes are significant and any additional leading bytes are
ignored.

It is a requirement of using this cipher that nonce values are unique.
Messages encrypted using a reused nonce value are susceptible to serious
confidentiality and integrity attacks. If an application changes the
default nonce length to be longer than 12 bytes and then makes a change to
the leading bytes of the nonce expecting the new value to be a new unique
nonce then such an application could inadvertently encrypt messages with a
reused nonce.

Additionally the ignored bytes in a long nonce are not covered by the
integrity guarantee of this cipher. Any application that relies on the
integrity of these ignored leading bytes of a long nonce may be further
affected.

Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
because no such use sets such a long nonce value. However user
applications that use this cipher directly and set a non-default nonce
length to be longer than 12 bytes may be vulnerable.

CVE-2019-1543

Team:PDU_DRV
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I5085b1e79835cfae4d7122311d857c09a14e2420
Reviewed-on: http://mgit-tm.rnd.huawei.com/4573465Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Nwangyanbo 00291255 <wangyanbo3@huawei.com>
Reviewed-by: Nxiaofuzhou 00203296 <xiaofuzhou@huawei.com>

Description:openssl code
Team:PDU_DRV
Feature or Bugfix:Feature
Binary Source:No
PrivateCode(Yes/No):No

Change-Id: I12fb83105e4aa3c64bb744fe6da458fb6809f1db
Reviewed-on: http://mgit-tm.rnd.huawei.com/4532569Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com>
Reviewed-by: Ngaokui 00368537 <gaokui1@huawei.com>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7669)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NNicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7664)

Without this precaution, we end up having directory targets depend on
shlib object files for which there are no rules.
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7645)

Mingw and Cygwin builds install the DLLs in the application directory,
not the library directory, so ensure that one is created for them when
installing the DLLs.

Fixes #7653
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7654)

(cherry picked from commit 9694ebf753e571a55935a63b4df8016e7bd3248d)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

(cherry picked from commit 6b956fe77b8aeb899ef7bdfa147a00bda51b804a)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7643)

(cherry picked from commit 79d7fb990cd28bbe2888ed8f9051ab54c9f986b0)

Fixes #7641

[extended tests]
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7642)

(cherry picked from commit c7af8b0a267981c25cc42643493289a01ffe1bbd)

dsa_builtin_paramgen2 expects the L parameter to be greater than N,
otherwise the generation will get stuck in an infinite loop.
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>

(cherry picked from commit 3afd38b277a806b901e039c6ad281c5e5c97ef67)

(Merged from https://github.com/openssl/openssl/pull/7493)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7620)

(cherry picked from commit 65d2c16cbe0da8efed2f285f59930297326fb435)

Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7633)

(cherry picked from commit 2dc37bc2b4c678462a24d2904604e58c0c5ac1cb)

We therefore must add defaults.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

(cherry picked from commit 45cdae1c7c93fe7ef2a981da4c36c3b8cb09e855)

When libssl and libcrypto are compiled on Linux with "-rpath", but
not "--enable-new-dtags", the RPATH takes precedence over
LD_LIBRARY_PATH, and we end up running with the wrong libraries.
This is resolved by using full (or at least relative, rather than
just the filename to be found on LD_LIBRARY_PATH) paths to the
shared objects.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7626)

(cherry picked from commit 18289399743da6c3db462f37fc8797738e8acf7c)

Fixes #7634
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7635)

    SSL_get_signature_nid()      -- local signature algorithm
    SSL_get_signature_type_nid() -- local signature algorithm key type
    SSL_get_peer_tmp_key()       -- Peer key-exchange public key
    SSL_get_tmp_key              -- local key exchange public key

Aliased pre-existing SSL_get_server_tmp_key(), which was formerly
just for clients, to SSL_get_peer_tmp_key().  Changed internal
calls to use the new name.
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

(cherry picked from commit 6e68dae85a8f91944370125561c7ec0d5da46c20)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

(cherry picked from commit fb8c83599e869516552f7c27bdc4dd26947fe657)

SSL(_CTX)?_set_client_CA_list() was a server side only function in 1.1.0.
If it was called on the client side then it was ignored. In 1.1.1 it now
makes sense to have a CA list defined for both client and server (the
client now sends it the the TLSv1.3 certificate_authorities extension).
Unfortunately some applications were using the same SSL_CTX for both
clients and servers and this resulted in some client ClientHellos being
excessively large due to the number of certificate authorities being sent.

This commit seperates out the CA list updated by
SSL(_CTX)?_set_client_CA_list() and the more generic
SSL(_CTX)?_set0_CA_list(). This means that SSL(_CTX)?_set_client_CA_list()
still has no effect on the client side. If both CA lists are set then
SSL(_CTX)?_set_client_CA_list() takes priority.

Fixes #7411
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7503)

(cherry picked from commit 98732979001dbb59320803713c4c91ba40234250)

Just refering to a hash table element as an array reference will
automatically create that element.  Avoid that by defaulting to
a separate empty array reference.

Fixes #7543
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7544)

(cherry picked from commit 3bed01a09071fb289484dfd265f0a8a991537282)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit 24ae00388fb9e25af8f94d36b7c191ae90061586)

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit 83c81eebed52aa84b6b34d26e984c859158ca1c0)

TLSv1.3 is more restrictive about the curve used. There must be a matching
sig alg defined for that curve. Therefore if we are using some other curve
in our certificate then we should not negotiate TLSv1.3.

Fixes #7435
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7442)

(cherry picked from commit de4dc598024fd0a9c2b7a466fd5323755d369522)

Setting the SipHash hash size and setting its key is done with two
independent functions...  and yet, the internals depend on both.

Unfortunately, the function to change the size wasn't adapted for the
possibility that the key was set first, with a different hash size.

This changes the hash setting function to fix the internal values
(which is easy, fortunately) according to the hash size.

evpmac.txt value for digestsize:8 is also corrected.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7613)

(cherry picked from commit 425036130dfb3cfbef5937772f7526ce60133264)

Reviewed-by: NKurt Roeckx <kurt@roeckx.be>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
GH: #7391
(cherry picked from commit 75b68c9e4e8591a4ebe083cb207aeb121baf549f)