Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / ff41a4bc41ae1e1391f9b05117623ff70b985983^! / . / ssl / s3_lib.c
commitff41a4bc41ae1e1391f9b05117623ff70b985983[log] [tgz]
authorKenny Root <kroot@google.com>Tue Jan 07 10:19:10 2014 -0800
committerKenny Root <kroot@google.com>Wed Jan 08 13:39:40 2014 -0800
tree93bb31a6e63d94176f4f979e447e9c33bd7a4724
parentaf55dde627407177a5aa92a7077672dadab4d587 [diff] [blame]
Import OpenSSL 1.0.1f

Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file:
9ef09e97dfc9f14ac2c042f3b7e301098794fc0f  openssl-1.0.1f.tar.gz

Some changes had to be made to the existing source:

Fixed the import script to work with "sh -x" for debugging problems.

Update some of the files from patches/ to work with 1.0.1f, because
1.0.1f fixes have used some of the constants that were used (0x20L was
changed to 0x80L and 0x40L was changed to 0x100L).

Delete the "Makefile.save" files that are newly present in the
OpenSSL 1.0.1f release tarball.

Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 1d3af82..f7a5c6f 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c

@@ -1683,7 +1683,7 @@
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	168,
 	168,
@@ -1699,7 +1699,7 @@
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	128,
 	128,
@@ -1715,7 +1715,7 @@
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	256,
 	256,
@@ -3047,6 +3047,11 @@
 		s->s3->tmp.ecdh = NULL;
 		}
 #endif
+#ifndef OPENSSL_NO_TLSEXT
+#ifndef OPENSSL_NO_EC
+	s->s3->is_probably_safari = 0;
+#endif /* !OPENSSL_NO_EC */
+#endif /* !OPENSSL_NO_TLSEXT */
 
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
@@ -4085,6 +4090,13 @@
 		ii=sk_SSL_CIPHER_find(allow,c);
 		if (ii >= 0)
 			{
+#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
+			if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+				{
+				if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
+				continue;
+				}
+#endif
 			ret=sk_SSL_CIPHER_value(allow,ii);
 			break;
 			}
@@ -4356,7 +4368,7 @@
 long ssl_get_algorithm2(SSL *s)
 	{
 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
-	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+	if (s->method->version == TLS1_2_VERSION &&
 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
 	return alg2;