openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I90fb1566dede6034eebc96d2b0dcf4533d9643bf
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
index 71b98ec..e9ead3a 100644
--- a/crypto/rand/rand_unix.c
+++ b/crypto/rand/rand_unix.c
@@ -133,7 +133,50 @@
# define FD_SETSIZE (8*sizeof(fd_set))
#endif
-#ifdef __OpenBSD__
+#ifdef __VOS__
+int RAND_poll(void)
+{
+ unsigned char buf[ENTROPY_NEEDED];
+ pid_t curr_pid;
+ uid_t curr_uid;
+ static int first=1;
+ int i;
+ long rnd = 0;
+ struct timespec ts;
+ unsigned seed;
+
+/* The VOS random() function starts from a static seed so its
+ initial value is predictable. If random() returns the
+ initial value, reseed it with dynamic data. The VOS
+ real-time clock has a granularity of 1 nsec so it should be
+ reasonably difficult to predict its exact value. Do not
+ gratuitously reseed the PRNG because other code in this
+ process or thread may be using it. */
+
+ if (first) {
+ first = 0;
+ rnd = random ();
+ if (rnd == 1804289383) {
+ clock_gettime (CLOCK_REALTIME, &ts);
+ curr_pid = getpid();
+ curr_uid = getuid();
+ seed = ts.tv_sec ^ ts.tv_nsec ^ curr_pid ^ curr_uid;
+ srandom (seed);
+ }
+ }
+
+ for (i = 0; i < sizeof(buf); i++) {
+ if (i % 4 == 0)
+ rnd = random();
+ buf[i] = rnd;
+ rnd >>= 8;
+ }
+ RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+ memset(buf, 0, sizeof(buf));
+
+ return 1;
+}
+#elif defined __OpenBSD__
int RAND_poll(void)
{
u_int32_t rnd = 0, i;
@@ -163,7 +206,7 @@
static const char *randomfiles[] = { DEVRANDOM };
struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
int fd;
- size_t i;
+ unsigned int i;
#endif
#ifdef DEVRANDOM_EGD
static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
@@ -176,7 +219,8 @@
* have this. Use /dev/urandom if you can as /dev/random may block
* if it runs out of random entries. */
- for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
+ for (i = 0; (i < sizeof(randomfiles)/sizeof(randomfiles[0])) &&
+ (n < ENTROPY_NEEDED); i++)
{
if ((fd = open(randomfiles[i], O_RDONLY
#ifdef O_NONBLOCK
@@ -193,7 +237,7 @@
{
int usec = 10*1000; /* spend 10ms on each file */
int r;
- size_t j;
+ unsigned int j;
struct stat *st=&randomstats[i];
/* Avoid using same input... Used to be O_NOFOLLOW
@@ -211,7 +255,12 @@
{
int try_read = 0;
-#if defined(OPENSSL_SYS_LINUX)
+#if defined(OPENSSL_SYS_BEOS_R5)
+ /* select() is broken in BeOS R5, so we simply
+ * try to read something and snooze if we couldn't */
+ try_read = 1;
+
+#elif defined(OPENSSL_SYS_LINUX)
/* use poll() */
struct pollfd pset;
@@ -258,6 +307,10 @@
r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
if (r > 0)
n += r;
+#if defined(OPENSSL_SYS_BEOS_R5)
+ if (r == 0)
+ snooze(t.tv_usec);
+#endif
}
else
r = -1;
@@ -311,6 +364,14 @@
l=time(NULL);
RAND_add(&l,sizeof(l),0.0);
+#if defined(OPENSSL_SYS_BEOS)
+ {
+ system_info sysInfo;
+ get_system_info(&sysInfo);
+ RAND_add(&sysInfo,sizeof(sysInfo),0);
+ }
+#endif
+
#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
return 1;
#else