openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
diff --git a/patches/progs.patch b/patches/progs.patch
index d8249e6..d7b794c 100644
--- a/patches/progs.patch
+++ b/patches/progs.patch
@@ -1,17 +1,6 @@
-diff -uarp openssl-0.9.8k.orig/apps/progs.h openssl-0.9.8k/apps/progs.h
---- openssl-0.9.8k.orig/apps/progs.h 2008-04-03 16:03:41.000000000 -0700
-+++ openssl-0.9.8k/apps/progs.h 2009-09-29 18:07:01.000000000 -0700
-@@ -22,7 +22,9 @@ extern int ecparam_main(int argc,char *a
- extern int x509_main(int argc,char *argv[]);
- extern int genrsa_main(int argc,char *argv[]);
- extern int gendsa_main(int argc,char *argv[]);
-+#if 0 /* ANDROID */
- extern int s_server_main(int argc,char *argv[]);
-+#endif
- extern int s_client_main(int argc,char *argv[]);
- extern int speed_main(int argc,char *argv[]);
- extern int s_time_main(int argc,char *argv[]);
-@@ -39,7 +41,9 @@ extern int spkac_main(int argc,char *arg
+--- openssl-1.0.0.orig/apps/progs.h 2009-06-30 08:08:38.000000000 -0700
++++ openssl-1.0.0/apps/progs.h 2010-04-14 14:19:31.000000000 -0700
+@@ -43,7 +43,9 @@ extern int spkac_main(int argc,char *arg
extern int smime_main(int argc,char *argv[]);
extern int rand_main(int argc,char *argv[]);
extern int engine_main(int argc,char *argv[]);
@@ -19,11 +8,11 @@
extern int ocsp_main(int argc,char *argv[]);
+#endif
extern int prime_main(int argc,char *argv[]);
+ extern int ts_main(int argc,char *argv[]);
- #define FUNC_TYPE_GENERAL 1
-@@ -97,7 +101,9 @@ FUNCTION functions[] = {
- {FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+@@ -107,7 +109,9 @@ FUNCTION functions[] = {
#endif
+ {FUNC_TYPE_GENERAL,"genpkey",genpkey_main},
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
- {FUNC_TYPE_GENERAL,"s_server",s_server_main},
+#if 0 /* ANDROID */
@@ -32,35 +21,31 @@
#endif
#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
{FUNC_TYPE_GENERAL,"s_client",s_client_main},
-@@ -129,7 +135,9 @@ FUNCTION functions[] = {
- #ifndef OPENSSL_NO_ENGINE
- {FUNC_TYPE_GENERAL,"engine",engine_main},
+@@ -133,9 +137,11 @@ FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
#endif
-+#ifndef OPENSSL_NO_OCSP
- {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+ {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
++#if 0 /* ANDROID */
+ {FUNC_TYPE_GENERAL,"pkey",pkey_main},
+ {FUNC_TYPE_GENERAL,"pkeyparam",pkeyparam_main},
+ {FUNC_TYPE_GENERAL,"pkeyutl",pkeyutl_main},
+#endif
+ {FUNC_TYPE_GENERAL,"spkac",spkac_main},
+ {FUNC_TYPE_GENERAL,"smime",smime_main},
+ {FUNC_TYPE_GENERAL,"rand",rand_main},
+@@ -146,7 +152,9 @@ FUNCTION functions[] = {
+ {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+ #endif
{FUNC_TYPE_GENERAL,"prime",prime_main},
++#if 0 /* ANDROID */
+ {FUNC_TYPE_GENERAL,"ts",ts_main},
++#endif
#ifndef OPENSSL_NO_MD2
{FUNC_TYPE_MD,"md2",dgst_main},
-diff -uarp openssl-0.9.8k.orig/apps/speed.c openssl-0.9.8k/apps/speed.c
---- openssl-0.9.8k.orig/apps/speed.c 2009-01-07 02:48:22.000000000 -0800
-+++ openssl-0.9.8k/apps/speed.c 2009-09-29 18:06:38.000000000 -0700
-@@ -108,12 +108,12 @@
- #include <signal.h>
#endif
-
--#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
-+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) || defined(HAVE_ANDROID_OS)
- # define USE_TOD
- #elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
- # define TIMES
- #endif
--#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
-+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) && !defined(HAVE_ANDROID_OS) /* FIXME */
- # define TIMEB
- #endif
-
-@@ -1836,6 +1836,7 @@ int MAIN(int argc, char **argv)
+--- openssl-1.0.0.orig/apps/speed.c 2010-03-03 11:56:17.000000000 -0800
++++ openssl-1.0.0/apps/speed.c 2010-04-13 16:53:43.000000000 -0700
+@@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv)
}
}
@@ -68,11 +53,23 @@
if (doit[D_IGE_128_AES])
{
for (j=0; j<SIZE_NUM; j++)
-@@ -1879,6 +1880,7 @@ int MAIN(int argc, char **argv)
- }
- }
+@@ -1763,6 +1764,7 @@ int MAIN(int argc, char **argv)
+
+
#endif
+#endif
#ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML])
{
+--- openssl-1.0.0.orig/apps/s_client.c 2009-12-16 12:28:28.000000000 -0800
++++ openssl-1.0.0/apps/s_client.c 2010-04-14 14:25:09.000000000 -0700
+@@ -216,6 +216,9 @@ static int c_ign_eof=0;
+ /* Default PSK identity and key */
+ static char *psk_identity="Client_identity";
+ /*char *psk_key=NULL; by default PSK is not used */
++#if 1 /* ANDROID */
++char *psk_key=NULL;
++#endif
+
+ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+ unsigned int max_identity_len, unsigned char *psk,