openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I90fb1566dede6034eebc96d2b0dcf4533d9643bf
diff --git a/apps/openssl.c b/apps/openssl.c
index 480fef9..851e639 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -135,19 +135,17 @@
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
* functions. */
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
-static unsigned long MS_CALLBACK hash(const void *a_void);
-/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
-static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
+static LHASH_OF(FUNCTION) *prog_init(void );
+static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
+static void list_pkey(BIO *out);
+static void list_cipher(BIO *out);
+static void list_md(BIO *out);
char *default_config_file=NULL;
/* Make sure there is only one when MONOLITH is defined */
#ifdef MONOLITH
CONF *config=NULL;
BIO *bio_err=NULL;
-int in_FIPS_mode=0;
#endif
@@ -227,28 +225,12 @@
int n,i,ret=0;
int argc;
char **argv,*p;
- LHASH *prog=NULL;
+ LHASH_OF(FUNCTION) *prog=NULL;
long errline;
arg.data=NULL;
arg.count=0;
- in_FIPS_mode = 0;
-
- if(getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode_set(1)) {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- EXIT(1);
- }
- in_FIPS_mode = 1;
-#else
- fprintf(stderr, "FIPS mode not supported.\n");
- EXIT(1);
-#endif
- }
-
if (bio_err == NULL)
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -290,9 +272,21 @@
i=NCONF_load(config,p,&errline);
if (i == 0)
{
- NCONF_free(config);
- config = NULL;
- ERR_clear_error();
+ if (ERR_GET_REASON(ERR_peek_last_error())
+ == CONF_R_NO_SUCH_FILE)
+ {
+ BIO_printf(bio_err,
+ "WARNING: can't open config file: %s\n",p);
+ ERR_clear_error();
+ NCONF_free(config);
+ config = NULL;
+ }
+ else
+ {
+ ERR_print_errors(bio_err);
+ NCONF_free(config);
+ exit(1);
+ }
}
prog=prog_init();
@@ -301,7 +295,7 @@
program_name(Argv[0],pname,sizeof pname);
f.name=pname;
- fp=(FUNCTION *)lh_retrieve(prog,&f);
+ fp=lh_FUNCTION_retrieve(prog,&f);
if (fp != NULL)
{
Argv[0]=pname;
@@ -368,7 +362,7 @@
NCONF_free(config);
config=NULL;
}
- if (prog != NULL) lh_free(prog);
+ if (prog != NULL) lh_FUNCTION_free(prog);
if (arg.data != NULL) OPENSSL_free(arg.data);
apps_shutdown();
@@ -384,9 +378,13 @@
#define LIST_STANDARD_COMMANDS "list-standard-commands"
#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_MESSAGE_DIGEST_ALGORITHMS "list-message-digest-algorithms"
#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+#define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
+#define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"
-static int do_cmd(LHASH *prog, int argc, char *argv[])
+
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
{
FUNCTION f,*fp;
int i,ret=1,tp,nl;
@@ -394,7 +392,22 @@
if ((argc <= 0) || (argv[0] == NULL))
{ ret=0; goto end; }
f.name=argv[0];
- fp=(FUNCTION *)lh_retrieve(prog,&f);
+ fp=lh_FUNCTION_retrieve(prog,&f);
+ if (fp == NULL)
+ {
+ if (EVP_get_digestbyname(argv[0]))
+ {
+ f.type = FUNC_TYPE_MD;
+ f.func = dgst_main;
+ fp = &f;
+ }
+ else if (EVP_get_cipherbyname(argv[0]))
+ {
+ f.type = FUNC_TYPE_CIPHER;
+ f.func = enc_main;
+ fp = &f;
+ }
+ }
if (fp != NULL)
{
ret=fp->func(argc,argv);
@@ -409,7 +422,7 @@
}
#endif
f.name=argv[0]+3;
- ret = (lh_retrieve(prog,&f) != NULL);
+ ret = (lh_FUNCTION_retrieve(prog,&f) != NULL);
if (!ret)
BIO_printf(bio_stdout, "%s\n", argv[0]);
else
@@ -427,7 +440,10 @@
}
else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
- (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+ (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
+ (strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
+ (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
+ (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
{
int list_type;
BIO *bio_stdout;
@@ -436,6 +452,12 @@
list_type = FUNC_TYPE_GENERAL;
else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
list_type = FUNC_TYPE_MD;
+ else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0)
+ list_type = FUNC_TYPE_MD_ALG;
+ else if (strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0)
+ list_type = FUNC_TYPE_PKEY;
+ else if (strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0)
+ list_type = FUNC_TYPE_CIPHER_ALG;
else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
list_type = FUNC_TYPE_CIPHER;
bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
@@ -445,10 +467,23 @@
bio_stdout = BIO_push(tmpbio, bio_stdout);
}
#endif
-
- for (fp=functions; fp->name != NULL; fp++)
- if (fp->type == list_type)
- BIO_printf(bio_stdout, "%s\n", fp->name);
+
+ if (!load_config(bio_err, NULL))
+ goto end;
+
+ if (list_type == FUNC_TYPE_PKEY)
+ list_pkey(bio_stdout);
+ if (list_type == FUNC_TYPE_MD_ALG)
+ list_md(bio_stdout);
+ if (list_type == FUNC_TYPE_CIPHER_ALG)
+ list_cipher(bio_stdout);
+ else
+ {
+ for (fp=functions; fp->name != NULL; fp++)
+ if (fp->type == list_type)
+ BIO_printf(bio_stdout, "%s\n",
+ fp->name);
+ }
BIO_free_all(bio_stdout);
ret=0;
goto end;
@@ -511,9 +546,94 @@
return strcmp(f1->name,f2->name);
}
-static LHASH *prog_init(void)
+static void list_pkey(BIO *out)
{
- LHASH *ret;
+ int i;
+ for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
+ {
+ const EVP_PKEY_ASN1_METHOD *ameth;
+ int pkey_id, pkey_base_id, pkey_flags;
+ const char *pinfo, *pem_str;
+ ameth = EVP_PKEY_asn1_get0(i);
+ EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+ &pinfo, &pem_str, ameth);
+ if (pkey_flags & ASN1_PKEY_ALIAS)
+ {
+ BIO_printf(out, "Name: %s\n",
+ OBJ_nid2ln(pkey_id));
+ BIO_printf(out, "\tType: Alias to %s\n",
+ OBJ_nid2ln(pkey_base_id));
+ }
+ else
+ {
+ BIO_printf(out, "Name: %s\n", pinfo);
+ BIO_printf(out, "\tType: %s Algorithm\n",
+ pkey_flags & ASN1_PKEY_DYNAMIC ?
+ "External" : "Builtin");
+ BIO_printf(out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+ if (pem_str == NULL)
+ pem_str = "(none)";
+ BIO_printf(out, "\tPEM string: %s\n", pem_str);
+ }
+
+ }
+ }
+
+static void list_cipher_fn(const EVP_CIPHER *c,
+ const char *from, const char *to, void *arg)
+ {
+ if (c)
+ BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
+ else
+ {
+ if (!from)
+ from = "<undefined>";
+ if (!to)
+ to = "<undefined>";
+ BIO_printf(arg, "%s => %s\n", from, to);
+ }
+ }
+
+static void list_cipher(BIO *out)
+ {
+ EVP_CIPHER_do_all_sorted(list_cipher_fn, out);
+ }
+
+static void list_md_fn(const EVP_MD *m,
+ const char *from, const char *to, void *arg)
+ {
+ if (m)
+ BIO_printf(arg, "%s\n", EVP_MD_name(m));
+ else
+ {
+ if (!from)
+ from = "<undefined>";
+ if (!to)
+ to = "<undefined>";
+ BIO_printf(arg, "%s => %s\n", from, to);
+ }
+ }
+
+static void list_md(BIO *out)
+ {
+ EVP_MD_do_all_sorted(list_md_fn, out);
+ }
+
+static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b)
+ {
+ return strncmp(a->name,b->name,8);
+ }
+static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)
+
+static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
+ {
+ return lh_strhash(a->name);
+ }
+static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)
+
+static LHASH_OF(FUNCTION) *prog_init(void)
+ {
+ LHASH_OF(FUNCTION) *ret;
FUNCTION *f;
size_t i;
@@ -522,23 +642,11 @@
;
qsort(functions,i,sizeof *functions,SortFnByName);
- if ((ret=lh_new(hash, cmp)) == NULL)
+ if ((ret=lh_FUNCTION_new()) == NULL)
return(NULL);
for (f=functions; f->name != NULL; f++)
- lh_insert(ret,f);
+ (void)lh_FUNCTION_insert(ret,f);
return(ret);
}
-/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
-static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
- {
- return(strncmp(((const FUNCTION *)a_void)->name,
- ((const FUNCTION *)b_void)->name,8));
- }
-
-/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
-static unsigned long MS_CALLBACK hash(const void *a_void)
- {
- return(lh_strhash(((const FUNCTION *)a_void)->name));
- }