Age | Commit message (Collapse) | Author |
|
This change includes the following changes from OpenSSL:
a07856a08d7e8d76273e5d05099914aa335da143
"Delays the queue insertion until after the ssl3_setup_buffers() call due to use-after-free bug. PR#3362"
725c5f1ad393a7bc344348d0ec7c268aaf2700a7
"Fix use after free."
(Not a problem unless read-ahead is used, which it is not in Chrome)
bcc311668ede6ffdcd6dc5a65454a548b5404fcc
"Free up s->d1->buffered_app_data.q properly. PR#3286"
b107586c0c3447ea22dba8698ebbcd81bb29d48c
"Fixed NULL pointer dereference. See PR#3321"
d0666f289ac013094bbbf547bfbcd616199b7d2d
"evp: prevent underflow in base64 decoding. This patch resolves RT ticket #2608."
a41d5174e27c99d1caefd76a8e927c814ede509e
"Initialize num properly."
8eb094b9460575a328ba04708147c91fc267b394
"Double free in i2o_ECPublicKey. PR: 3338."
9c8dc84ac16a2f21063ae36809d202d0284ecf82
"Fix double frees."
BUG=381169
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@275836 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This change includes the following commits from upstream:
8011cd56e39a433b1837465259a9bd24a38727fb
d3152655d5319ce883c8e3ac4b99f8de4c59d846
006cd7083f76ed5cb0d9a914857e9231ef1bc317
bc8923b1ec9c467755cd86f7848c50ee8812e441
1632ef744872edc2aa2a53d487d3e79c965a4ad3
These address the following CVEs:
CVE-2014-3470
CVE-2014-0221
CVE-2014-0224
CVE-2014-0195
BUG=381169
https://codereview.chromium.org/317183003/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@275106 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
The original logic was a confusing spaghetti and mixed up initialization for
all the different cases together. Tidy it up in preparation for having to
adjust this logic later to support asynchronous crypto operations.
BUG=none
R=agl@chromium.org
Review URL: https://codereview.chromium.org//284693002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@270417 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
Exposes the certificate_types parameter in a CertificateRequest.
BUG=165446
Review URL: https://codereview.chromium.org/254723002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@269864 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
New tls channel id version extracted from patch 0015-channelid.patch attached to http://crbug.com/366961.
BUG=366961
Review URL: https://codereview.chromium.org/259963009
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@269063 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
(https://codereview.chromium.org/259963009/)
Reason for revert:
I was a little quick committing this. If someone adds another OpenSSL patch and rolls OpenSSL version forward in DEPS the current channel id test will fail on Android, since tls lite has not yet been updated. I'll revert and sync commit and DEPS update with commit of TLS lite.
Original issue's description:
> New tls channel id version for OpenSSL
>
> New tls channel id version extracted from patch 0015-channelid.patch attached to http://crbug.com/366961.
>
> BUG=366961
TBR=wtc@chromium.org,rsleevi@chromium.org,agl@chromium.org
NOTREECHECKS=true
NOTRY=true
BUG=366961
Review URL: https://codereview.chromium.org/270103002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@268540 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
New tls channel id version extracted from patch 0015-channelid.patch attached to http://crbug.com/366961.
BUG=366961
Review URL: https://codereview.chromium.org/259963009
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@268457 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
WebSphere Application Server 7.0 appears to be intolerant of an
empty extension at the end. To that end, also ensure we never
send an empty padding extension.
BUG=363583
Review URL: https://codereview.chromium.org/241613002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@267674 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
Add (redundant because of SSL3_RT_MAX_PLAIN_LENGTH) length check,
don't pad DTLS, and move the SSL23 special case closer to the SSL23
code.
BUG=none
Review URL: https://codereview.chromium.org/242453005
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@267663 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
Some of the limit checks reference p rather than ret. p is the original buffer
position, not the current one. Fix those and rename p to orig so it's clearer.
BUF_MEM_grow allocates 4/3 the size requested, so it doesn't overflow the
actual allocation.
BUG=none
Review URL: https://codereview.chromium.org/258143004
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@267648 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
R=agl@chromium.org,davidben@chromium.org,rsleevi@chromium.org
BUG=361311
Review URL: https://codereview.chromium.org/227553012
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@262509 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
https://src.chromium.org/viewvc/chrome?view=rev&revision=260918 doesn't build
with clang.
BUG=354132
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@260940 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
NPN (or later ALPN) and a PFS cipher suite are required.
BUG=354132
R=agl@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org//215593003
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@260918 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This works around a bug in some versions of F5 devices that causes the
connection to hang when the ClientHello record is between 256 and 511 bytes
long.
https://tools.ietf.org/html/draft-agl-tls-padding-02
Based on the upstream patch to do the same thing:
0467ea68624450ecece4cde0d5803499aaff19c2
BUG=none
https://codereview.chromium.org/112933006
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@243334 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
ChaCha20 is safe and fast on all hardware, while AES-GCM is only so when using
hardware support. Google servers will be using the client's preference to
select between ChaCha20 and AES-GCM and this change makes ChaCha the top
preference on Android.
BUG=310768
https://codereview.chromium.org/76823002/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@236537 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This change is not as scary as it appears. Most of the code has already been
reviewed and is running in production without issues. The only new code is the
ARM support.
ARM now builds both the NEON and generic versions of the code and can enable
the NEON code at runtime by calling CRYPTO_set_NEON_capable(1). This patch does
not contain the code to call that, however.
The addition openssl/patches/channelidchromium.patch and
fix_lhash_iteration.patch is noise from the import script.
BUG=310768
https://codereview.chromium.org/59083010/
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@233370 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This is a port of the following AOSP patch:
https://android-review.googlesource.com/#/c/68853/
It fixes a bug that happens when trying to delete items from
a lhash table while it is being iterated over with a call
to lh_doall or lh_doall_arg.
It looks like the source tree is slightly out-of-sync from
the state of running ./import_from_android.sh, but the differences
are minor / not significant.
This patch tries to fix a P1 bug, so doesn't try to address this
(the differences have been removed for easier reviewing).
BUG=298606
R=agl@chromium.org,rsleevi@chromium.org,wtc@chromium.org
TBR=darin@chromium.org
Review URL: https://codereview.chromium.org/59793002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@233017 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
BUG=306176
R=agl@chromium.org, wtc@chromium.org
Review URL: https://codereview.chromium.org/39723002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230977 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
TBR=agl@chromium.org
BUG=306176
Review URL: https://codereview.chromium.org/36693002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230364 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
R=agl@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org/35493002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230363 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
The previous API of openssl for channel ID forces the client to set the
private key before knowing if the server supports channel ID. This
updates the API so that the client can set the private key after the
handshake started and the server confirmed it supports the protocol.
R=agl@chromium.org, digit@chromium.org
Review URL: https://codereview.chromium.org/28983003
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@230132 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
remote servers when the TLS ClientHello record exceeds 256 bytes.
This patch changes the number of ECC formats advertised in the ClientHello
to exactly match the same formats advertised by the desktop version of
Chromium during TLS negotiation, netting a savings of approximately 50
bytes in the ClientHello record. This effectively eliminates the occurrence
of the issue.
Patch is named with a 'z' to ensure it is applied after the other patches
in the folder when import_from_android.sh is run, since that script processes
patches in alphabetical order.
R=digit@chromium.org,wtc@chromium.org
BUG:chromium:245500
TEST:
1. With V25, Visit http://campusstatebank.com
2. Enter a fictitious username and click "Submit"
3. The "processing login" page appears.
4. Nothing happens. In some cases, the logo will fail to show.
5. With the proposed patch applied, visit http://campusstatebank.com
6. Enter a fictitious username and click "Submit"
7. The "processing login" page appears.
8. The browser is redirected to a page where the password can be entered.
Contributed by mckev@amazon.com
Review URL: https://chromiumcodereview.appspot.com/17425002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@207965 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
The previous commit didn't change the files under openssl/,
because the import_openssl.sh script used by import_from_android.sh
removes the 'openssl' directory completely to replace it with
new files.
This has the unfortunate side-effect of removing all .svn subdirs,
making it impossible to send the right set of changes during
"svn commit".
This patch modifies import_from_android.sh to save/restore the
subversion directories to avoid this problem.
BUG=none
TBR=wtc@chromium.org, rsleevi@google.com, agl@chromium.org
Review URL: https://codereview.chromium.org/12780010
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@188770 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
Compared to the previous version, this includes the following fixes:
- Remove "small_records.patch".
https://android-review.googlesource.com/#/c/49977/
- Add support for TLS channel ID.
https://android-review.googlesource.com/#/c/49984/
- Remove recursive lock in X509_PUBKEY_get.
https://android-review.googlesource.com/#/c/50413/
- Add x86_64 assembly files and use them.
https://android-review.googlesource.com/#/c/47913/
https://android-review.googlesource.com/#/c/50401/
https://android-review.googlesource.com/#/c/50402/
This should only matter for the "linux_redux" build, and
the net/tools/flip_server binary (flip_in_mem_edsm_server)
which implements a host SPDY proxy.
- Remove obsolete patch file fix-clang-build.patch.
Review URL: https://codereview.chromium.org/12033053
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@178558 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This patch updates the openssl sources and corresponding build files
to version 1.0.1c to match the sources currently used by the Android
platform.
As a reminder, Chromium itself *only* uses openssl on Android, and only
to implement SSL sockets (certificate verification is performed
differently using platform APIs that talk to the framework through JNI).
On the other hand, net/tools/flip_server is a host tool that links
directly to this openssl library, and needs to be built on all
Posix systems.
Please read README.chromium, which contains a detailed list of the
patch's contents (i.e. where the sources come from, what patches were
applied, etc).
Tested:
There is no way to test this patch directly in upstream Chromium at
the moment, so all changes here have been tested downstream. All
net_unittests pass after the patch is applied. I have also used the
browser to manually navigate to various https:// sites without issues,
but would appreciate any hint on ensuring this still works well.
I have *manually* checked, by inspecting the sources, that the following
previous patches are not needed anymore because they have been integrated
into the upstream openssl source distribution:
patches/empty_OPENSSL_cpuid_setup.patch
patches/npn.patch
patches/openssl_no_dtls1.patch
patches/tls_exporter.patch
The sources have been built succesfully under the following conditions:
- Downstream reference build for ARM
- Downstream SDK build for ARM
- Downstream SDK build for x86
- Downstream Clang build for ARM
- Upstream SDK build for ARM
- Upstream SDK build for x86
Finally, I have tested that net/tools/flip_server still builds
properly on Linux/x64 and Linux/ia32.
Review URL: https://codereview.chromium.org/10911247
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@164645 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
Review URL: http://codereview.chromium.org/9633002
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@125658 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
This change is basically from openssl.org with the patches applied as per patches/README in https://android.googlesource.com/platform/external/openssl, plus 3 patches for Chromium to pass compliation and tests. Please refer to b/5428019 for more details.
BUG=None
TEST=net_unittests
Review URL: https://chromiumcodereview.appspot.com/9254031
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@118977 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|
|
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@65201 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
|