openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index e7509f0..144b81e 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -55,6 +55,32 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
+/* ====================================================================
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * The portions of the attached software ("Contribution") is developed by
+ * Nokia Corporation and is licensed pursuant to the OpenSSL open source
+ * license.
+ *
+ * The Contribution, originally written by Mika Kousa and Pasi Eronen of
+ * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
+ * support (see RFC 4279) to OpenSSL.
+ *
+ * No patent licenses or other rights except those expressly stated in
+ * the OpenSSL open source license shall be deemed granted or received
+ * expressly, by implication, estoppel, or otherwise.
+ *
+ * No assurances are provided by Nokia that the Contribution does not
+ * infringe the patent or other intellectual property rights of any third
+ * party or that the license provides you with all the necessary rights
+ * to make use of the Contribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
+ * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
+ * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
+ * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
+ * OTHERWISE.
+ */
#include <stdio.h>
#include "ssl_locl.h"
@@ -414,6 +440,12 @@
case TLS1_AD_INTERNAL_ERROR: str="IE"; break;
case TLS1_AD_USER_CANCELLED: str="US"; break;
case TLS1_AD_NO_RENEGOTIATION: str="NR"; break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION: str="UE"; break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE: str="CO"; break;
+ case TLS1_AD_UNRECOGNIZED_NAME: str="UN"; break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE: str="BR"; break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE: str="BH"; break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY: str="UP"; break;
default: str="UK"; break;
}
return(str);
@@ -497,6 +529,24 @@
case TLS1_AD_NO_RENEGOTIATION:
str="no renegotiation";
break;
+ case TLS1_AD_UNSUPPORTED_EXTENSION:
+ str="unsupported extension";
+ break;
+ case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+ str="certificate unobtainable";
+ break;
+ case TLS1_AD_UNRECOGNIZED_NAME:
+ str="unrecognized name";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+ str="bad certificate status response";
+ break;
+ case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+ str="bad certificate hash value";
+ break;
+ case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+ str="unknown PSK identity";
+ break;
default: str="unknown"; break;
}
return(str);