README.chromium - Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with.

Side by Side Diff: README.chromium

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/

Patch Set: '' Created 8 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 Name: openssl	1 Name: openssl

2 URL: http://openssl.org/source/	2 URL: http://openssl.org/source/

3 Version: 0.9.8o	3 Version: 1.0.0f

4 License: BSDish	4 License: BSDish

5 License File: openssl/LICENSE	5 License File: openssl/LICENSE

6	6

7 Description:	7 Description:

8 This is OpenSSL, the standard SSL/TLS library, which is used only in Android.	8 This is OpenSSL, the standard SSL/TLS library, which is used only in Android.

9	9

10 It's an unmodified, upstream source except for the patches listed below.	10 It's an unmodified, upstream source except for the patches listed below.

11	11

12	12

13 Patches are applied in this order:	13 ********************************************************************************

	14 The following patches are taken from Android Open Source Project.

14	15

15 missing_stddef.patch

16	16

17 Add stddef.h to header files which use size_t, otherwise apps that include	17 progs.patch:

18 those headers get compiler errors.	18

	19 Fixup sources under the apps/ directory that are not built under the android env ironment.

	20

	21

	22 small_records.patch:

	23

	24 Reduce OpenSSL memory consumption.

	25 SSL records may be as large as 16K, but are typically < 2K. In

	26 addition, a historic bug in Windows allowed records to be as large

	27 32K. OpenSSL statically allocates read and write buffers (34K and

	28 18K respectively) used for processing records.

	29 With this patch, OpenSSL statically allocates 4K + 4K buffers, with

	30 the option of dynamically growing buffers to 34K + 4K, which is a

	31 saving of 44K per connection for the typical case.

19	32

20	33

21 handshake_cutthrough.patch	34 handshake_cutthrough.patch

22	35

23 Enables SSL3+ clients to send application data immediately following the	36 Enables SSL3+ clients to send application data immediately following the

24 Finished message even when negotiating full-handshakes. With this patch,	37 Finished message even when negotiating full-handshakes. With this patch,

25 clients can negotiate SSL connections in 1-RTT even when performing	38 clients can negotiate SSL connections in 1-RTT even when performing

26 full-handshakes.	39 full-handshakes.

27	40

28	41

29 next_proto_neg.patch	42 jsse.patch

30	43

31 Adds next-protocol-negotation support:	44 Support for JSSE implementation based on OpenSSL.

32 http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00

33

34 EXPERIMENTAL: this patches uses extension and handshake numbers that are not

35 assigned by IANA.

36

37 This patch implements server and client side support. Additionally, it includes

38 code that assumes the structure of the 'opaque' protocol strings in the draft.

39	45

40	46

41 snap_start.patch	47 npn.patch

42	48

43 Adds server-side support for Snap Start. This allows for 0-RTT handshakes in	49 Transport Layer Security (TLS) Next Protocol Negotiation Extension

44 the case that the application protocol involves the client side speaking first.

45	50

46 http://tools.ietf.org/html/draft-agl-tls-snapstart-00

47	51

48 EXPERIMENTAL: this patches uses an extension number that is not assigned by	52 sha1_armv4_large.patch

49 IANA.	53

	54 This patch eliminates memory stores to addresses below SP.

	55

	56

	57 openssl_no_dtls1.patch

	58

	59 Add missing #ifndef OPENSSL_NO_DTLS1

	60

	61

	62 ********************************************************************************

	63 The following patches are needed to compile this openssl on Chromium and pass

	64 the related net unit tests.

	65

	66

	67 STORE_ATTR_INFO_compare_declaration_conflict.patch

	68

	69 The declaration of function STORE_ATTR_INFO_compare in latest openssl is

	70 changed in latest openssl library, but some machines may not install the

	71 latest openssl library. This patch makes sure we always use the declaration

	72 in current src directory instead of system-wide openssl include path.
	joth 2012/01/20 11:01:08 ouch. this sounds like the tip of a much deeper po ouch. this sounds like the tip of a much deeper possible problem. I think a more robust fix is to edit the .gyp file as necessary to ensure the local headers are always going to be used in preference to any system wide openssl headers. I'm OK doing it this way if we also raise a bug for this. (and link it here) Johnny(Jianning) Ding 2012/01/23 14:20:57 Done. Show quoted text On 2012/01/20 11:01:08, joth wrote: > ouch. this sounds like the tip of a much deeper possible problem. I think a more > robust fix is to edit the .gyp file as necessary to ensure the local headers are > always going to be used in preference to any system wide openssl headers. > > I'm OK doing it this way if we also raise a bug for this. (and link it here) Done.
	73

	74

	75 empty_OPENSSL_cpuid_setup.patch

	76

	77 Use a empty implementation for function OPENSSL_cpuid_setup to resolve link

	78 error. We should figure out how to geenrate platform specific implementation

	79 of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.

	80

	81

	82 x509_hash_name_algorithm_change.patch

	83

	84 There are many symbolic links under /etc/ssl/cert created by using hash of

	85 the pem certificates in order for OpenSSL to find those certificate.

	86 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)

	87 However the new openssl changed the has algorithm, Unless you compile/install
	joth 2012/01/20 11:01:08 nit: has->hash nit: has->hash Johnny(Jianning) Ding 2012/01/23 14:20:57 Done. Show quoted text On 2012/01/20 11:01:08, joth wrote: > nit: has->hash Done.
	88 the latest openssl library and re-create all related symbolic links, the new

	89 openssl can not find some certificates because the links of those certificates

	90 were created by using old hash algorithm, which causes some tests failed.

	91 This patch gives a way to find a certificate according to its hash by using both

	92 new algorithm and old algorithm.

	93

	94 Android platform support

	95

	96 Copy config/android/openssl/opensslconf.h from Android's

	97 external/openssl/include/openssl/opensslconf.h

50	98
	joth 2012/01/20 11:01:08 this section is duplicated. this section is duplicated. Johnny(Jianning) Ding 2012/01/23 14:20:57 Done. Show quoted text On 2012/01/20 11:01:08, joth wrote: > this section is duplicated. Done.
51	99

52 Android platform support	100 Android platform support

53	101

54 Copy config/android/openssl/opensslconf.h from Android's	102 Copy config/android/openssl/opensslconf.h from Android's

55 external/openssl/include/openssl/opensslconf.h	103 external/openssl/include/openssl/opensslconf.h

OLD	NEW

« no previous file with comments | « no previous file | config/android/openssl/opensslconf.h » ('j') | openssl.gyp » ('J')