From 535b2ec3a4b34bbe3b5560baf6019a3e34d9c982 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 19 Sep 2014 09:43:41 +0200 Subject: Sync OpenSSL with AOSP --- main/openssl/Crypto.mk | 26 +++++++++++++++----------- main/openssl/Ssl.mk | 19 +++++++++++++++---- main/openssl/crypto/perlasm/x86asm.pl | 2 ++ main/openssl/crypto/perlasm/x86gas.pl | 2 ++ main/openssl/crypto/x86cpuid.S | 2 ++ main/openssl/crypto/x86cpuid.pl | 3 +++ main/openssl/include/openssl/ssl.h | 1 + main/openssl/ndk-build-clear.mk | 20 ++++++++++---------- main/openssl/ndk-build.mk | 2 +- main/openssl/ssl/s3_pkt.c | 7 +++---- main/openssl/ssl/ssl.h | 1 + 11 files changed, 55 insertions(+), 30 deletions(-) diff --git a/main/openssl/Crypto.mk b/main/openssl/Crypto.mk index 6565f97c..621627bf 100644 --- a/main/openssl/Crypto.mk +++ b/main/openssl/Crypto.mk @@ -3,6 +3,7 @@ include $(CLEAR_VARS) include $(LOCAL_PATH)/ndk-build-clear.mk LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +LOCAL_C_INCLUDES := $(log_c_includes) # The static library should be used in only unbundled apps # and we don't have clang in unbundled build yet. @@ -25,6 +26,7 @@ include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) include $(LOCAL_PATH)/ndk-build-clear.mk LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +LOCAL_C_INCLUDES := $(log_c_includes) # If we're building an unbundled build, don't try to use clang since it's not # in the NDK yet. This can be removed when a clang version that is fast enough @@ -50,22 +52,25 @@ include $(BUILD_SHARED_LIBRARY) ####################################### # host shared library -#include $(CLEAR_VARS) -#LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) -#LOCAL_CFLAGS += -DPURIFY -#LOCAL_LDLIBS += -ldl -#LOCAL_MODULE_TAGS := optional -#LOCAL_MODULE := libcrypto-host -#LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk -#include $(LOCAL_PATH)/Crypto-config-host.mk -#include $(LOCAL_PATH)/android-config.mk -#include $(BUILD_HOST_SHARED_LIBRARY) +# include $(CLEAR_VARS) +# LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +# LOCAL_C_INCLUDES := $(log_c_includes) +# LOCAL_CFLAGS += -DPURIFY +# LOCAL_LDLIBS += -ldl +# LOCAL_MODULE_TAGS := optional +# LOCAL_MODULE := libcrypto-host +# LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Crypto.mk +# LOCAL_MULTILIB := both +# include $(LOCAL_PATH)/Crypto-config-host.mk +# include $(LOCAL_PATH)/android-config.mk +# include $(BUILD_HOST_SHARED_LIBRARY) ######################################## # host static library, which is used by some SDK tools. # include $(CLEAR_VARS) # LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +# LOCAL_C_INCLUDES := $(log_c_includes) # LOCAL_CFLAGS += -DPURIFY # LOCAL_LDLIBS += -ldl # LOCAL_MODULE_TAGS := optional @@ -74,4 +79,3 @@ include $(BUILD_SHARED_LIBRARY) # include $(LOCAL_PATH)/Crypto-config-host.mk # include $(LOCAL_PATH)/android-config.mk # include $(BUILD_HOST_STATIC_LIBRARY) - diff --git a/main/openssl/Ssl.mk b/main/openssl/Ssl.mk index 6c04950a..0cb93eac 100644 --- a/main/openssl/Ssl.mk +++ b/main/openssl/Ssl.mk @@ -3,6 +3,9 @@ include $(CLEAR_VARS) include $(LOCAL_PATH)/ndk-build-clear.mk +LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +LOCAL_C_INCLUDES := $(log_c_includes) + # The static library should be used in only unbundled apps # and we don't have clang in unbundled build yet. LOCAL_SDK_VERSION := 9 @@ -10,7 +13,6 @@ LOCAL_SDK_VERSION := 9 LOCAL_SRC_FILES += $(target_src_files) LOCAL_CFLAGS += $(target_c_flags) LOCAL_C_INCLUDES += $(target_c_includes) -LOCAL_SHARED_LIBRARIES = $(log_shared_libraries) LOCAL_MODULE_TAGS := optional LOCAL_MODULE := libssl_static LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk @@ -23,6 +25,8 @@ include $(BUILD_STATIC_LIBRARY) # target shared library include $(CLEAR_VARS) include $(LOCAL_PATH)/ndk-build-clear.mk +LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +LOCAL_C_INCLUDES := $(log_c_includes) # If we're building an unbundled build, don't try to use clang since it's not # in the NDK yet. This can be removed when a clang version that is fast enough @@ -33,7 +37,7 @@ else LOCAL_SDK_VERSION := 9 endif -LOCAL_SHARED_LIBRARIES += libcrypto $(log_shared_libraries) +LOCAL_SHARED_LIBRARIES += libcrypto LOCAL_MODULE_TAGS := optional LOCAL_MODULE := libssl LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk @@ -46,9 +50,13 @@ include $(BUILD_SHARED_LIBRARY) # ####################################### # # host shared library # include $(CLEAR_VARS) -# LOCAL_SHARED_LIBRARIES += libcrypto-host $(log_shared_libraries) +# LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +# LOCAL_C_INCLUDES := $(log_c_includes) + +# LOCAL_SHARED_LIBRARIES += libcrypto-host # LOCAL_MODULE_TAGS := optional # LOCAL_MODULE := libssl-host +# LOCAL_MULTILIB := both # LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/android-config.mk $(LOCAL_PATH)/Ssl.mk # include $(LOCAL_PATH)/Ssl-config-host.mk # include $(LOCAL_PATH)/android-config.mk @@ -57,8 +65,11 @@ include $(BUILD_SHARED_LIBRARY) # ####################################### # # ssltest # include $(CLEAR_VARS) +# LOCAL_SHARED_LIBRARIES := $(log_shared_libraries) +# LOCAL_C_INCLUDES := $(log_c_includes) + # LOCAL_SRC_FILES := ssl/ssltest.c -# LOCAL_SHARED_LIBRARIES := libssl libcrypto $(log_shared_libraries) +# LOCAL_SHARED_LIBRARIES := libssl libcrypto # LOCAL_MODULE := ssltest # LOCAL_MULTILIB := both # LOCAL_MODULE_STEM_32 := ssltest diff --git a/main/openssl/crypto/perlasm/x86asm.pl b/main/openssl/crypto/perlasm/x86asm.pl index eb543db2..3f190ae5 100644 --- a/main/openssl/crypto/perlasm/x86asm.pl +++ b/main/openssl/crypto/perlasm/x86asm.pl @@ -257,4 +257,6 @@ EOF &file($filename); } +sub ::hidden {} + 1; diff --git a/main/openssl/crypto/perlasm/x86gas.pl b/main/openssl/crypto/perlasm/x86gas.pl index 682a3a31..735c1ad2 100644 --- a/main/openssl/crypto/perlasm/x86gas.pl +++ b/main/openssl/crypto/perlasm/x86gas.pl @@ -250,4 +250,6 @@ ___ sub ::dataseg { push(@out,".data\n"); } +*::hidden = sub { push(@out,".hidden\t$nmdecor$_[0]\n"); } if ($::elf); + 1; diff --git a/main/openssl/crypto/x86cpuid.S b/main/openssl/crypto/x86cpuid.S index 87a46d4b..10be221c 100644 --- a/main/openssl/crypto/x86cpuid.S +++ b/main/openssl/crypto/x86cpuid.S @@ -341,6 +341,8 @@ OPENSSL_ia32_rdrand: cmovel %ecx,%eax ret .size OPENSSL_ia32_rdrand,.-.L_OPENSSL_ia32_rdrand_begin +.hidden OPENSSL_cpuid_setup +.hidden OPENSSL_ia32cap_P .comm OPENSSL_ia32cap_P,8,4 .section .init call OPENSSL_cpuid_setup diff --git a/main/openssl/crypto/x86cpuid.pl b/main/openssl/crypto/x86cpuid.pl index b270b443..0212a5b6 100644 --- a/main/openssl/crypto/x86cpuid.pl +++ b/main/openssl/crypto/x86cpuid.pl @@ -355,4 +355,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &initseg("OPENSSL_cpuid_setup"); +&hidden("OPENSSL_cpuid_setup"); +&hidden("OPENSSL_ia32cap_P"); + &asm_finish(); diff --git a/main/openssl/include/openssl/ssl.h b/main/openssl/include/openssl/ssl.h index a85841b3..7566f2df 100644 --- a/main/openssl/include/openssl/ssl.h +++ b/main/openssl/include/openssl/ssl.h @@ -669,6 +669,7 @@ struct ssl_session_st * and Finished. This mode enables full-handshakes to 'complete' in * one RTT. */ #define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L + /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: * the first record will contain a single byte and the second will contain the * rest of the bytes. This effectively randomises the IV and prevents BEAST diff --git a/main/openssl/ndk-build-clear.mk b/main/openssl/ndk-build-clear.mk index 0d7404a1..dad2a75e 100644 --- a/main/openssl/ndk-build-clear.mk +++ b/main/openssl/ndk-build-clear.mk @@ -1,14 +1,14 @@ -LOCAL_SRC_FILES_x86 := -LOCAL_CFLAGS_x86 := +LOCAL_SRC_FILES_x86 := +LOCAL_CFLAGS_x86 := -LOCAL_SRC_FILES_arm64 := -LOCAL_CFLAGS_arm64 := +LOCAL_SRC_FILES_arm64 := +LOCAL_CFLAGS_arm64 := -LOCAL_SRC_FILES_arm := -LOCAL_CFLAGS_arm := +LOCAL_SRC_FILES_arm := +LOCAL_CFLAGS_arm := -LOCAL_SRC_FILES_x86_64 := -LOCAL_CFLAGS_x86_64 := +LOCAL_SRC_FILES_x86_64 := +LOCAL_CFLAGS_x86_64 := -LOCAL_SRC_FILES_mips := -LOCAL_CFLAGS_mips := +LOCAL_SRC_FILES_mips := +LOCAL_CFLAGS_mips := diff --git a/main/openssl/ndk-build.mk b/main/openssl/ndk-build.mk index 50372e92..aa746b86 100644 --- a/main/openssl/ndk-build.mk +++ b/main/openssl/ndk-build.mk @@ -1,3 +1,3 @@ -LOCAL_SRC_FILES := $(LOCAL_SRC_FILES_$(TARGET_ARCH)) +LOCAL_SRC_FILES := $(LOCAL_SRC_FILES_$(TARGET_ARCH)) LOCAL_CFLAGS += $(LOCAL_CFLAGS_$(TARGET_ARCH)) LOCAL_CFLAGS += $(LOCAL_CFLAGS_32) diff --git a/main/openssl/ssl/s3_pkt.c b/main/openssl/ssl/s3_pkt.c index 60c4f1a4..df436cf7 100644 --- a/main/openssl/ssl/s3_pkt.c +++ b/main/openssl/ssl/s3_pkt.c @@ -632,9 +632,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) !s->s3->record_split_done) { fragment = 1; - /* The first byte will be in its own record, so we - * can write an extra byte. */ - max++; /* record_split_done records that the splitting has * been done in case we hit an SSL_WANT_WRITE condition. * In that case, we don't need to do the split again. */ @@ -650,6 +647,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) if (i <= 0) { s->s3->wnum=tot; + /* Try to write the fragment next time. */ + s->s3->record_split_done = 0; return i; } @@ -701,7 +700,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, /* if it went, fall through and send more stuff */ } - if (wb->buf == NULL) + if (wb->buf == NULL) if (!ssl3_setup_write_buffer(s)) return -1; diff --git a/main/openssl/ssl/ssl.h b/main/openssl/ssl/ssl.h index a85841b3..7566f2df 100644 --- a/main/openssl/ssl/ssl.h +++ b/main/openssl/ssl/ssl.h @@ -669,6 +669,7 @@ struct ssl_session_st * and Finished. This mode enables full-handshakes to 'complete' in * one RTT. */ #define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000080L + /* When set, TLS 1.0 and SSLv3, multi-byte, CBC records will be split in two: * the first record will contain a single byte and the second will contain the * rest of the bytes. This effectively randomises the IV and prevents BEAST -- cgit v1.2.3