Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / ff41a4bc41ae1e1391f9b05117623ff70b985983^! / . / ssl / ssl.h
commitff41a4bc41ae1e1391f9b05117623ff70b985983[log] [tgz]
authorKenny Root <kroot@google.com>Tue Jan 07 10:19:10 2014 -0800
committerKenny Root <kroot@google.com>Wed Jan 08 13:39:40 2014 -0800
tree93bb31a6e63d94176f4f979e447e9c33bd7a4724
parentaf55dde627407177a5aa92a7077672dadab4d587 [diff] [blame]
Import OpenSSL 1.0.1f

Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file:
9ef09e97dfc9f14ac2c042f3b7e301098794fc0f  openssl-1.0.1f.tar.gz

Some changes had to be made to the existing source:

Fixed the import script to work with "sh -x" for debugging problems.

Update some of the files from patches/ to work with 1.0.1f, because
1.0.1f fixes have used some of the constants that were used (0x20L was
changed to 0x80L and 0x40L was changed to 0x100L).

Delete the "Makefile.save" files that are newly present in the
OpenSSL 1.0.1f release tarball.

Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2439ac6..4c38f6e 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h

@@ -555,11 +555,14 @@
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x00000080L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
+/* Hasn't done anything since OpenSSL 0.9.7h, retained for compatibility */
+#define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x0
+
 /* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is vestigial. Previously it disabled the
  * insertion of empty records in CBC mode, but the empty records were commonly
  * misinterpreted as EOF by other TLS stacks and so this was disabled by
@@ -645,15 +648,21 @@
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
+/* Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+#define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020L
+#define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040L
 /* When set, clients may send application data before receipt of CCS
  * and Finished.  This mode enables full-handshakes to 'complete' in
  * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000020L
+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L
 /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two:
  * the first record will contain a single byte and the second will contain the
  * rest of the bytes. This effectively randomises the IV and prevents BEAST
  * attacks. */
-#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000040L
+#define SSL_MODE_CBC_RECORD_SPLITTING 0x00000100L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */