OLD | NEW |
---|---|
1 Name: openssl | 1 Name: openssl |
2 URL: http://openssl.org/source/ | 2 URL: http://openssl.org/source/ |
3 Version: 1.0.0f | 3 Version: 1.0.1c |
4 License: BSDish | 4 License: BSDish |
5 License File: openssl/LICENSE | 5 License File: openssl/LICENSE |
6 License Android Compatible: yes | 6 License Android Compatible: yes |
7 Security Critical: yes | 7 Security Critical: yes |
8 | 8 |
9 Description: | 9 Description: |
10 This is OpenSSL, the standard SSL/TLS library, which is used only in Android. | 10 This is OpenSSL, the standard SSL/TLS library, which is used *only* in |
11 Android. There are no plans to support OpenSSL on other platforms. | |
12 For more context, please read: | |
11 | 13 |
12 It's an unmodified, upstream source except for the patches listed below. | 14 https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ -NL-YJ |
13 | 15 |
14 | 16 |
17 This shall track the state of the Android platform's openssl version of | |
18 the library, with some important details listed here: | |
19 | |
20 - The Android version lives under $ANDROID/external/openssl, while | |
21 the Chromum version (these files) live under | |
22 $CHROMIUM/src/third_party/openssl. | |
23 | |
24 - The Android version corresponds to the upstream original sources with | |
25 the patches under $ANDROID/external/openssl/patches. It also does | |
26 not include many files and directories that are not necessary for the | |
27 Android build. | |
28 | |
29 - The Chromium version corresponds to the upstream original sources with | |
30 the patches under $CHROMIUM/src/third_party/openssl/patches/ applied. | |
31 Most of these patches come from the Android tree, with a few additional | |
32 ones. | |
33 | |
34 The file patches/README lists the purpose of each Android patch. | |
35 Additional Chromium-specific patches also exist and are described | |
36 at the end of this document. | |
37 | |
38 - The Chromium openssl.gyp tries to match the Android.mk when it comes | |
39 to listing all source files. There is no direct mapping due to many | |
40 differences in their structure. To make this slightly easier, this file | |
41 doesn't use the convention of listing *all* source files under openssl, | |
42 then conditionally removing them for an Android build. | |
43 | |
44 Instead, only the files needed for the build are listed in 'sources'. | |
45 Given that they is a very large number of files that are not used in | |
Philippe
2012/09/12 16:19:43
Nit: s/they/there
digit1
2012/09/12 16:42:54
Done. Sorry for the multiple patches, but gcl uplo
| |
46 the build, this simplified the task of keeping both files in sync. | |
47 | |
48 - The Android tree also includes auto-generated assembly files for | |
49 ARM, x86 and MIPS, used to speed up some crypto computations. They | |
50 are generated by the $ANDROID/external/openssl/import_openssl.sh | |
51 script (which itself invokes a bunch of Perl generations scripts) | |
52 and have a file extension of .s | |
53 | |
54 These files are also copied into the Chromium tree, with an .S file | |
55 extension, because they require being sent to the C preprocessor before | |
56 the assembler. | |
57 | |
58 The original Android.mk uses a feature not supported by gyp, which is: | |
59 | |
60 LOCAL_AS_FLAGS := -x assembler-with-cpp | |
61 | |
62 It tells the build system to apply the '-x assembler-with-cpp' flag | |
63 only to assembler files. | |
64 | |
65 By using .S instead, the build 'just works' on Chromium. | |
66 | |
67 - The Android build holds all configuration in | |
68 external/openssl/android-config.mk which is a Makefile fragment used | |
69 to define compiler flags that define configuration macros, to be used | |
70 when building *and* using the library. | |
71 | |
72 The Chromium version uses config/android/openssl/opensslconf.h instead | |
73 to hold the definition of these variables. Its parent directory must | |
74 appear *before* openssl/include when building and using the library. | |
75 This is taken care of by openssl.gyp here. | |
76 | |
77 Due to this, the Chromium tree also does not include obsolete copies | |
78 of opensslconf.h which appear in the Android source tree (and do not | |
79 seem to be really included during the build). | |
80 | |
15 ******************************************************************************** | 81 ******************************************************************************** |
16 The following patches are taken from Android Open Source Project. | 82 The following Chromium-specific patches are applied on top of the Android |
83 ones: | |
17 | 84 |
18 | 85 <none> |
19 progs.patch: | |
20 | |
21 Fixup sources under the apps/ directory that are not built under the android env ironment. | |
22 | |
23 | |
24 small_records.patch: | |
25 | |
26 Reduce OpenSSL memory consumption. | |
27 SSL records may be as large as 16K, but are typically < 2K. In | |
28 addition, a historic bug in Windows allowed records to be as large | |
29 32K. OpenSSL statically allocates read and write buffers (34K and | |
30 18K respectively) used for processing records. | |
31 With this patch, OpenSSL statically allocates 4K + 4K buffers, with | |
32 the option of dynamically growing buffers to 34K + 4K, which is a | |
33 saving of 44K per connection for the typical case. | |
34 | |
35 | |
36 handshake_cutthrough.patch | |
37 | |
38 Enables SSL3+ clients to send application data immediately following the | |
39 Finished message even when negotiating full-handshakes. With this patch, | |
40 clients can negotiate SSL connections in 1-RTT even when performing | |
41 full-handshakes. | |
42 | |
43 | |
44 jsse.patch | |
45 | |
46 Support for JSSE implementation based on OpenSSL. | |
47 | |
48 | |
49 npn.patch | |
50 | |
51 Transport Layer Security (TLS) Next Protocol Negotiation Extension | |
52 | |
53 | |
54 sha1_armv4_large.patch | |
55 | |
56 This patch eliminates memory stores to addresses below SP. | |
57 | |
58 | |
59 openssl_no_dtls1.patch | |
60 | |
61 Add missing #ifndef OPENSSL_NO_DTLS1 | |
62 | |
63 | 86 |
64 ******************************************************************************** | 87 ******************************************************************************** |
65 The following patches are needed to compile this openssl on Chromium and pass | 88 The following patches are needed to compile this openssl on Chromium and pass |
66 the related net unit tests. | 89 the related net unit tests. |
67 | 90 |
68 | |
69 empty_OPENSSL_cpuid_setup.patch | |
70 | |
71 Use a empty implementation for function OPENSSL_cpuid_setup to resolve link | |
72 error. We should figure out how to geenrate platform specific implementation | |
73 of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl. | |
74 | |
75 | |
76 x509_hash_name_algorithm_change.patch | 91 x509_hash_name_algorithm_change.patch |
77 | 92 |
78 There are many symbolic links under /etc/ssl/certs created by using hash of | 93 There are many symbolic links under /etc/ssl/certs created by using hash of |
79 the pem certificates in order for OpenSSL to find those certificate. | 94 the pem certificates in order for OpenSSL to find those certificate. |
80 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) | 95 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) |
81 However the new openssl changed the hash algorithm, Unless you compile/install | 96 However the new openssl changed the hash algorithm, Unless you compile/install |
82 the latest openssl library and re-create all related symbolic links, the new | 97 the latest openssl library and re-create all related symbolic links, the new |
83 openssl can not find some certificates because the links of those certificates | 98 openssl can not find some certificates because the links of those certificates |
84 were created by using old hash algorithm, which causes some tests failed. | 99 were created by using old hash algorithm, which causes some tests failed. |
85 This patch gives a way to find a certificate according to its hash by using both | 100 This patch gives a way to find a certificate according to its hash by using both |
86 new algorithm and old algorithm. | 101 new algorithm and old algorithm. |
87 crbug.com/111045 is used to track this issue. | 102 crbug.com/111045 is used to track this issue. |
88 | 103 |
104 fix-clang-build.patch | |
89 | 105 |
90 tls_exporter.patch | 106 Small patch to fix various minor issues which prevent building the library |
91 | 107 with Clang. |
92 Keying Material Exporters for Transport Layer Security (RFC 5705). | |
93 | |
94 | |
95 Android platform support | |
96 | |
97 Copy config/android/openssl/opensslconf.h from Android's | |
98 external/openssl/include/openssl/opensslconf.h | |
OLD | NEW |