diff options
author | jnd@chromium.org <jnd@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2012-01-25 01:50:40 +0000 |
---|---|---|
committer | jnd@chromium.org <jnd@chromium.org@4ff67af0-8c30-449e-8e8b-ad334ec8d88c> | 2012-01-25 01:50:40 +0000 |
commit | 480da75abf485e7e2a6be5acc0f71842368792c0 (patch) | |
tree | 4ccbebefd1a3ab6fb0ab91cca34b0459ce145f17 /README.chromium | |
parent | 864570723968450a32e842d39f46acfd9a5bb5e5 (diff) | |
download | openssl-480da75abf485e7e2a6be5acc0f71842368792c0.tar.gz |
Upgrade chrome's OpenSSL to same version Android ships with.
This change is basically from openssl.org with the patches applied as per patches/README in https://android.googlesource.com/platform/external/openssl, plus 3 patches for Chromium to pass compliation and tests. Please refer to b/5428019 for more details.
BUG=None
TEST=net_unittests
Review URL: https://chromiumcodereview.appspot.com/9254031
git-svn-id: http://src.chromium.org/svn/trunk/deps/third_party/openssl@118977 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
Diffstat (limited to 'README.chromium')
-rw-r--r-- | README.chromium | 72 |
1 files changed, 54 insertions, 18 deletions
diff --git a/README.chromium b/README.chromium index f012156..2838c3c 100644 --- a/README.chromium +++ b/README.chromium @@ -1,6 +1,6 @@ Name: openssl URL: http://openssl.org/source/ -Version: 0.9.8o +Version: 1.0.0f License: BSDish License File: openssl/LICENSE @@ -10,12 +10,25 @@ This is OpenSSL, the standard SSL/TLS library, which is used only in Android. It's an unmodified, upstream source except for the patches listed below. -Patches are applied in this order: +******************************************************************************** +The following patches are taken from Android Open Source Project. -missing_stddef.patch -Add stddef.h to header files which use size_t, otherwise apps that include -those headers get compiler errors. +progs.patch: + +Fixup sources under the apps/ directory that are not built under the android environment. + + +small_records.patch: + +Reduce OpenSSL memory consumption. +SSL records may be as large as 16K, but are typically < 2K. In +addition, a historic bug in Windows allowed records to be as large +32K. OpenSSL statically allocates read and write buffers (34K and +18K respectively) used for processing records. +With this patch, OpenSSL statically allocates 4K + 4K buffers, with +the option of dynamically growing buffers to 34K + 4K, which is a +saving of 44K per connection for the typical case. handshake_cutthrough.patch @@ -26,27 +39,50 @@ clients can negotiate SSL connections in 1-RTT even when performing full-handshakes. -next_proto_neg.patch +jsse.patch + +Support for JSSE implementation based on OpenSSL. + + +npn.patch + +Transport Layer Security (TLS) Next Protocol Negotiation Extension + + +sha1_armv4_large.patch + +This patch eliminates memory stores to addresses below SP. + + +openssl_no_dtls1.patch + +Add missing #ifndef OPENSSL_NO_DTLS1 -Adds next-protocol-negotation support: - http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00 -EXPERIMENTAL: this patches uses extension and handshake numbers that are not -assigned by IANA. +******************************************************************************** +The following patches are needed to compile this openssl on Chromium and pass +the related net unit tests. -This patch implements server and client side support. Additionally, it includes -code that assumes the structure of the 'opaque' protocol strings in the draft. +empty_OPENSSL_cpuid_setup.patch -snap_start.patch +Use a empty implementation for function OPENSSL_cpuid_setup to resolve link +error. We should figure out how to geenrate platform specific implementation +of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl. -Adds server-side support for Snap Start. This allows for 0-RTT handshakes in -the case that the application protocol involves the client side speaking first. -http://tools.ietf.org/html/draft-agl-tls-snapstart-00 +x509_hash_name_algorithm_change.patch -EXPERIMENTAL: this patches uses an extension number that is not assigned by -IANA. +There are many symbolic links under /etc/ssl/certs created by using hash of +the pem certificates in order for OpenSSL to find those certificate. +Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash) +However the new openssl changed the hash algorithm, Unless you compile/install +the latest openssl library and re-create all related symbolic links, the new +openssl can not find some certificates because the links of those certificates +were created by using old hash algorithm, which causes some tests failed. +This patch gives a way to find a certificate according to its hash by using both +new algorithm and old algorithm. +crbug.com/111045 is used to track this issue. Android platform support |