Chromium Code Reviews Chromium Code Reviews
Issue 10911247:
Upstream openssl to version 1.0.1c (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/| OLD | NEW |
|---|---|
| 1 Name: openssl | 1 Name: openssl |
| 2 URL: http://openssl.org/source/ | 2 URL: http://openssl.org/source/ |
| 3 Version: 1.0.0f | 3 Version: 1.0.1c |
| 4 License: BSDish | 4 License: BSDish |
| 5 License File: openssl/LICENSE | 5 License File: openssl/LICENSE |
| 6 License Android Compatible: yes | 6 License Android Compatible: yes |
| 7 Security Critical: yes | 7 Security Critical: yes |
| 8 | 8 |
| 9 Description: | 9 Description: |
| 10 This is OpenSSL, the standard SSL/TLS library, which is used only in Android. | 10 This is OpenSSL, the standard SSL/TLS library, which is used *only* in |
| 11 Android. There are no plans to support OpenSSL on other platforms. | |
| 12 For more context, please read: | |
| 11 | 13 |
| 12 It's an unmodified, upstream source except for the patches listed below. | 14 https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ -NL-YJ |
| 13 | 15 |
| 14 | 16 |
| 17 This shall track the state of the Android platform's openssl version of | |
| 18 the library, with some important details listed here: | |
| 19 | |
| 20 - The Android version lives under $ANDROID/external/openssl, while | |
| 21 the Chromum version (these files) live under | |
| 22 $CHROMIUM/src/third_party/openssl. | |
| 23 | |
| 24 - The Android version corresponds to the upstream original sources with | |
| 25 the patches under $ANDROID/external/openssl/patches. It also does | |
| 26 not include many files and directories that are not necessary for the | |
| 27 Android build. | |
| 28 | |
| 29 - The Chromium version corresponds to the upstream original sources with | |
| 30 the patches under $CHROMIUM/src/third_party/openssl/patches/ applied. | |
| 31 Most of these patches come from the Android tree, with a few additional | |
| 32 ones. | |
| 33 | |
| 34 The file patches/README lists the purpose of each Android patch. | |
| 35 Additional Chromium-specific patches also exist and are described | |
| 36 at the end of this document. | |
| 37 | |
| 38 - The Chromium openssl.gyp tries to match the Android.mk when it comes | |
| 39 to listing all source files. There is no direct mapping due to many | |
| 40 differences in their structure. To make this slightly easier, this file | |
| 41 doesn't use the convention of listing *all* source files under openssl, | |
| 42 then conditionally removing them for an Android build. | |
| 43 | |
| 44 Instead, only the files needed for the build are listed in 'sources'. | |
| 45 Given that they is a very large number of files that are not used in | |
|
Philippe
2012/09/12 16:19:43
Nit: s/they/there
digit1
2012/09/12 16:42:54
Done. Sorry for the multiple patches, but gcl uplo
| |
| 46 the build, this simplified the task of keeping both files in sync. | |
| 47 | |
| 48 - The Android tree also includes auto-generated assembly files for | |
| 49 ARM, x86 and MIPS, used to speed up some crypto computations. They | |
| 50 are generated by the $ANDROID/external/openssl/import_openssl.sh | |
| 51 script (which itself invokes a bunch of Perl generations scripts) | |
| 52 and have a file extension of .s | |
| 53 | |
| 54 These files are also copied into the Chromium tree, with an .S file | |
| 55 extension, because they require being sent to the C preprocessor before | |
| 56 the assembler. | |
| 57 | |
| 58 The original Android.mk uses a feature not supported by gyp, which is: | |
| 59 | |
| 60 LOCAL_AS_FLAGS := -x assembler-with-cpp | |
| 61 | |
| 62 It tells the build system to apply the '-x assembler-with-cpp' flag | |
| 63 only to assembler files. | |
| 64 | |
| 65 By using .S instead, the build 'just works' on Chromium. | |
| 66 | |
| 67 - The Android build holds all configuration in | |
| 68 external/openssl/android-config.mk which is a Makefile fragment used | |
| 69 to define compiler flags that define configuration macros, to be used | |
| 70 when building *and* using the library. | |
| 71 | |
| 72 The Chromium version uses config/android/openssl/opensslconf.h instead | |
| 73 to hold the definition of these variables. Its parent directory must | |
| 74 appear *before* openssl/include when building and using the library. | |
| 75 This is taken care of by openssl.gyp here. | |
| 76 | |
| 77 Due to this, the Chromium tree also does not include obsolete copies | |
| 78 of opensslconf.h which appear in the Android source tree (and do not | |
| 79 seem to be really included during the build). | |
| 80 | |
| 15 ******************************************************************************** | 81 ******************************************************************************** |
| 16 The following patches are taken from Android Open Source Project. | 82 The following Chromium-specific patches are applied on top of the Android |
| 83 ones: | |
| 17 | 84 |
| 18 | 85 <none> |
| 19 progs.patch: | |
| 20 | |
| 21 Fixup sources under the apps/ directory that are not built under the android env ironment. | |
| 22 | |
| 23 | |
| 24 small_records.patch: | |
| 25 | |
| 26 Reduce OpenSSL memory consumption. | |
| 27 SSL records may be as large as 16K, but are typically < 2K. In | |
| 28 addition, a historic bug in Windows allowed records to be as large | |
| 29 32K. OpenSSL statically allocates read and write buffers (34K and | |
| 30 18K respectively) used for processing records. | |
| 31 With this patch, OpenSSL statically allocates 4K + 4K buffers, with | |
| 32 the option of dynamically growing buffers to 34K + 4K, which is a | |
| 33 saving of 44K per connection for the typical case. | |
| 34 | |
| 35 | |
| 36 handshake_cutthrough.patch | |
| 37 | |
| 38 Enables SSL3+ clients to send application data immediately following the | |
| 39 Finished message even when negotiating full-handshakes. With this patch, | |
| 40 clients can negotiate SSL connections in 1-RTT even when performing | |
| 41 full-handshakes. | |
| 42 | |
| 43 | |
| 44 jsse.patch | |
| 45 | |
| 46 Support for JSSE implementation based on OpenSSL. | |
| 47 | |
| 48 | |
| 49 npn.patch | |
| 50 | |
| 51 Transport Layer Security (TLS) Next Protocol Negotiation Extension | |
| 52 | |
| 53 | |
| 54 sha1_armv4_large.patch | |
| 55 | |
| 56 This patch eliminates memory stores to addresses below SP. | |
| 57 | |
| 58 | |
| 59 openssl_no_dtls1.patch | |
| 60 | |
| 61 Add missing #ifndef OPENSSL_NO_DTLS1 | |
| 62 | |
| 63 | 86 |
| 64 ******************************************************************************** | 87 ******************************************************************************** |
| 65 The following patches are needed to compile this openssl on Chromium and pass | 88 The following patches are needed to compile this openssl on Chromium and pass |
| 66 the related net unit tests. | 89 the related net unit tests. |
| 67 | 90 |
| 68 | |
| 69 empty_OPENSSL_cpuid_setup.patch | |
| 70 | |
| 71 Use a empty implementation for function OPENSSL_cpuid_setup to resolve link | |
| 72 error. We should figure out how to geenrate platform specific implementation | |
| 73 of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl. | |
| 74 | |
| 75 | |
| 76 x509_hash_name_algorithm_change.patch | 91 x509_hash_name_algorithm_change.patch |
| 77 | 92 |
| 78 There are many symbolic links under /etc/ssl/certs created by using hash of | 93 There are many symbolic links under /etc/ssl/certs created by using hash of |
| 79 the pem certificates in order for OpenSSL to find those certificate. | 94 the pem certificates in order for OpenSSL to find those certificate. |
| 80 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) | 95 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) |
| 81 However the new openssl changed the hash algorithm, Unless you compile/install | 96 However the new openssl changed the hash algorithm, Unless you compile/install |
| 82 the latest openssl library and re-create all related symbolic links, the new | 97 the latest openssl library and re-create all related symbolic links, the new |
| 83 openssl can not find some certificates because the links of those certificates | 98 openssl can not find some certificates because the links of those certificates |
| 84 were created by using old hash algorithm, which causes some tests failed. | 99 were created by using old hash algorithm, which causes some tests failed. |
| 85 This patch gives a way to find a certificate according to its hash by using both | 100 This patch gives a way to find a certificate according to its hash by using both |
| 86 new algorithm and old algorithm. | 101 new algorithm and old algorithm. |
| 87 crbug.com/111045 is used to track this issue. | 102 crbug.com/111045 is used to track this issue. |
| 88 | 103 |
| 104 fix-clang-build.patch | |
| 89 | 105 |
| 90 tls_exporter.patch | 106 Small patch to fix various minor issues which prevent building the library |
| 91 | 107 with Clang. |
| 92 Keying Material Exporters for Transport Layer Security (RFC 5705). | |
| 93 | |
| 94 | |
| 95 Android platform support | |
| 96 | |
| 97 Copy config/android/openssl/opensslconf.h from Android's | |
| 98 external/openssl/include/openssl/opensslconf.h | |
| OLD | NEW |
