|
|
|
|
Name: openssl
|
|
|
|
|
URL: http://openssl.org/source/
|
|
|
|
|
Version: 1.0.0f
|
|
|
|
|
License: BSDish
|
|
|
|
|
License File: openssl/LICENSE
|
|
|
|
|
|
|
|
|
|
Description:
|
|
|
|
|
This is OpenSSL, the standard SSL/TLS library, which is used only in Android.
|
|
|
|
|
|
|
|
|
|
It's an unmodified, upstream source except for the patches listed below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
********************************************************************************
|
|
|
|
|
The following patches are taken from Android Open Source Project.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
progs.patch:
|
|
|
|
|
|
|
|
|
|
Fixup sources under the apps/ directory that are not built under the android environment.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
small_records.patch:
|
|
|
|
|
|
|
|
|
|
Reduce OpenSSL memory consumption.
|
|
|
|
|
SSL records may be as large as 16K, but are typically < 2K. In
|
|
|
|
|
addition, a historic bug in Windows allowed records to be as large
|
|
|
|
|
32K. OpenSSL statically allocates read and write buffers (34K and
|
|
|
|
|
18K respectively) used for processing records.
|
|
|
|
|
With this patch, OpenSSL statically allocates 4K + 4K buffers, with
|
|
|
|
|
the option of dynamically growing buffers to 34K + 4K, which is a
|
|
|
|
|
saving of 44K per connection for the typical case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
handshake_cutthrough.patch
|
|
|
|
|
|
|
|
|
|
Enables SSL3+ clients to send application data immediately following the
|
|
|
|
|
Finished message even when negotiating full-handshakes. With this patch,
|
|
|
|
|
clients can negotiate SSL connections in 1-RTT even when performing
|
|
|
|
|
full-handshakes.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
jsse.patch
|
|
|
|
|
|
|
|
|
|
Support for JSSE implementation based on OpenSSL.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
npn.patch
|
|
|
|
|
|
|
|
|
|
Transport Layer Security (TLS) Next Protocol Negotiation Extension
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sha1_armv4_large.patch
|
|
|
|
|
|
|
|
|
|
This patch eliminates memory stores to addresses below SP.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
openssl_no_dtls1.patch
|
|
|
|
|
|
|
|
|
|
Add missing #ifndef OPENSSL_NO_DTLS1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
********************************************************************************
|
|
|
|
|
The following patches are needed to compile this openssl on Chromium and pass
|
|
|
|
|
the related net unit tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
empty_OPENSSL_cpuid_setup.patch
|
|
|
|
|
|
|
|
|
|
Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
|
|
|
|
|
error. We should figure out how to geenrate platform specific implementation
|
|
|
|
|
of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
x509_hash_name_algorithm_change.patch
|
|
|
|
|
|
|
|
|
|
There are many symbolic links under /etc/ssl/certs created by using hash of
|
|
|
|
|
the pem certificates in order for OpenSSL to find those certificate.
|
|
|
|
|
Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
|
|
|
|
|
However the new openssl changed the hash algorithm, Unless you compile/install
|
|
|
|
|
the latest openssl library and re-create all related symbolic links, the new
|
|
|
|
|
openssl can not find some certificates because the links of those certificates
|
|
|
|
|
were created by using old hash algorithm, which causes some tests failed.
|
|
|
|
|
This patch gives a way to find a certificate according to its hash by using both
|
|
|
|
|
new algorithm and old algorithm.
|
|
|
|
|
crbug.com/111045 is used to track this issue.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
tls_exporter.patch
|
|
|
|
|
|
|
|
|
|
Keying Material Exporters for Transport Layer Security (RFC 5705).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Android platform support
|
|
|
|
|
|
|
|
|
|
Copy config/android/openssl/opensslconf.h from Android's
|
|
|
|
|
external/openssl/include/openssl/opensslconf.h
|
