392aa7cc7d2b122614c5393c3e357da07fd07af3 |
|
16-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1 upgrade Bug: 6168278 Change-Id: I648f9172828120df5d19a14425e9ceec92647921
/external/openssl/ssl/s3_both.c
|
bf9ac266e34f910ace31880ea92b8deaf6212aa6 |
|
29-Nov-2010 |
Kristian Monsen <kristianm@google.com> |
Patch OpenSSL to enable SPDY Change-Id: Ie076e26ab49f1addd7a918271e85d779f47167ac
/external/openssl/ssl/s3_both.c
|
4f16e619f191ec2041275b4ff5235663d583e484 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Improved client certificate and certificate chain support Summary: - openssl: add openssl support for specifying per key certificate chains - libcore: properly implement client certificate request call back - libcore: properly implement sending certificate chain - libcore: properly implement retreiving local certificate chain - libcore: added an SSLContext for non-OpenSSL SSLSocket creation Details: external/openssl Improve patch generate support by applying all other patches to baseline to remove cross polluting other patch changes into target patch. Move cleanup of ./Configure output to import script from openssl.config. import_openssl.sh openssl.config Adding SSL_use_certificate_chain and SSL_get_certificate_chain to continue to finish most of remaining JSSE issues. include/openssl/ssl.h ssl/s3_both.c ssl/ssl.h ssl/ssl_locl.h ssl/ssl_rsa.c Updated patch (and list of input files to patch) patches/jsse.patch openssl.config libcore Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl instances for interoperability testing. OpenSSLContextImpl is the new subclass that provides OpenSSLSocketImpl. JSSEProvider provides the old style SSLContexts, OpenSSLProvider provides the OpenSSL SSLContext, which includes the "default" context. Changed to register SSLContexts without aliases to match the RI. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Native interface updates to support OpenSSLSocketImpl improvements - KEY_TYPES now expanded based on what we are being provided by OpenSSL. keyType function now maps key type values received from clientCertificateRequested callback. - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain - Fixed clientCertificateRequested to properly include all key types supported by server, not just the one from the cipher suite. We also now properly include the list of supported CAs to help the client select a certificate to use. - Fixed NativeCrypto.SSL_use_certificate implementation to use new SSL_use_certificate_chain function from openssl to pass chain to OpenSSL. - Added error handling of all uses of sk_*_push which can fail due to out of memory - Fixed compile warning due to missing JNI_TRACE argument luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Improvements to SSL test support to go along with client certificate and certificate chain changes. TestSSLContext now has separate contexts for the client and server (as well as seperate key stores information). TestKeyStore now is more realistic by default, creating a CA, intermediate CA, and separate client and server certificates, as well as a client keystore that simply contains the CA and no certificates. support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Tests tracking API changes. Tests involving cert chains now now updated to use TestKeyStore.assertChainLength to avoid hardwiring expected chain length in tests. These tests also now use TestSSLContext.assertClientCertificateChain to validate that the chain is properly constructed and trusted by a trust manager. luni/src/test/java/java/net/URLConnectionTest.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java frameworks/base Tracking change of SSLContextImpl to OpenSSLContextImpl core/java/android/net/SSLCertificateSocketFactory.java core/java/android/net/http/HttpsConnection.java tests/CoreTests/android/core/SSLPerformanceTest.java tests/CoreTests/android/core/SSLSocketTest.java Tracking changes to TestSSLContext core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java Change-Id: I792921617164a98467c500d7fe53dbd738adfa02
/external/openssl/ssl/s3_both.c
|
674ff29eb647c577ba1ef822c373ead69dc386cf |
|
15-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.0 upgrade external/openssl Updated version to 1.0.0 openssl.version Updated small records patch for 1.0.0. This is probably the most significant change. patches/small_records.patch Removed bad_version.patch since fix is included in 0.9.8n and beyond patches/README patches/bad_version.patch openssl.config Changed import_openssl.sh to generate armv4 asm with the 1.0.0 scripts, not our backported 0.9.9-dev backported version in patches/arm-asm.patch. import_openssl.sh openssl.config patches/README patches/arm-asm.patch Added -DOPENSSL_NO_STORE to match ./Configure output Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher android-config.mk openssl.config Fixed import to remove include directory during import like other imported directories (apps, ssl, crypto) import_openssl.sh Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use. openssl.config Updated to build newly required files patches/apps_Android.mk patches/crypto_Android.mk Disable some new openssl tools patches/progs.patch Updated upgrade testing notes to include running BigInteger tests README.android Automatically imported android.testssl/ apps/ crypto/ e_os.h e_os2.h include/ ssl/ dalvik Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns so there are not duplicate ciphersuite names in getEnabledCipherSuites. libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Updated OpenSSLSocketImpl_cipherauthenticationmethod for new SSL_CIPHER algorithms -> algorithm_auth (and const-ness) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp test_EnabledCipherSuites on both SSLSocketTest and SSLServerSocketTest caught the makeCipherList problem. However the asserts where a bit out of sync and didn't give good messages because they didn't actually show what was going on. As part of debugging the issue they found, I tried to make align the asserts and improve their output for the future. libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java vendor/google Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility libraries/libjingle/talk/base/openssladapter.cc Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
/external/openssl/ssl/s3_both.c
|
99ed67e397c4f2d3e0e65fa714a416bb73a0d108 |
|
17-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
b/2522132 Native crash in sslRead() Summary: - the small_records.patch finished code review today, importing final version - the native crash reflected an underling openssl issue, so we have a new patch for this Details: Adding new patch for b/2522132 crash patches/bad_version.patch Syncing small_records.patch with reviewed version patches/small_records.patch Adding new patch to the list of active patches openssl.config Adding description of the new bad_version.patch patches/README Minor test script changes - Added adb remount - Simplified /mnt/sdcard to /sdcard patches/testssl.sh Added trace message as each patch is applied so I could more easily confirm that the newly added bad_version.patch was applied. import_openssl.sh Automatically generated files: android.testssl/testssl.sh ssl/d1_pkt.c ssl/s3_both.c ssl/s3_pkt.c Change-Id: I1ca1b69d612ef425203074c58c031d6a681b92fe
/external/openssl/ssl/s3_both.c
|
98d58bb80c64b02a33662f0ea80351d4a1535267 |
|
09-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh Testing Summary: - Passed new android.testssl/testssl.sh - General testing with BrowserActivity based program Details: Expanded detail in README.android about how to build and test openssl upgrades based on my first experience. modified: README.android Significant rework of import_openssl.sh script that does most of the work of the upgrade. Most of the existing code became the main and import functions. The newly regenerate code helps regenerate patch files, building on the fact that import now keeps and original unmodified read-only source tree for use for patch generation. Patch generation relies on additions to openssl.config for defining which patches include which files. Note that sometimes a file may be patched multiple times, in that case manual review is still necessary to prune the patch after auto-regeneration. Other enhancements to import_openssl.sh include generating android.testssl and printing Makefile defines for android-config.mk review. modified: import_openssl.sh Test support files for openssl/ Add support for building /system/bin/ssltest as test executible for use by testssl script. Need confirmation that this is the right way to define such a test binary. modified: patches/ssl_Android.mk Driver script that generates user and CA keys and certs on the device with /system/bin/openssl before running testssl. Based on openssl/test/testss for generation and openssl/test/Makefile test_ssl for test execution. new file: patches/testssl.sh Note all following android.testssl files are automatically imported from openssl, although possible with modifications by import_openssl.sh testssl script imported from openssl/test that does the bulk of the testing. Includes new tests patched in for our additions. new file: android.testssl/testssl CA and user certificate configuration files from openssl. Automatically imported from openssl/test/ new file: android.testssl/CAss.cnf new file: android.testssl/Uss.cnf certificate and key test file imported from openssl/apps new file: android.testssl/server2.pem Actual 0.9.8m upgrade specific bits Trying to bring ngm's small records support into 0.9.8m. Needs signoff by ngm although it does pass testing. modified: patches/small_records.patch Update openssl.config for 0.9.8m. Expanded lists of undeeded directories and files for easier update and review, adding new excludes. Also added new definitions to support "import_openssl.sh regenerate" for patch updating. modified: openssl.config Updated OPENSSL_VERSION to 0.9.8m modified: openssl.version Automatically imported/patched files. Seems like it could be further pruned in by openssl.config UNNEEDED_SOURCES, but extra stuff doesn't end up impacting device. modified: apps/... modified: crypto/... modified: include/... modified: ssl/... Other Android build stuff. Note for these patches/... is source, .../Android.mk is derived. Split LOCAL_CFLAGS additions into lines based on openssl/Makefile source for easier comparison when upgrading. I knowingly left the lines long and unwrapped for easy vdiff with openssl/Makefile modified: android-config.mk Removed local -DOPENSSL_NO_ECDH already in android-config.mk. modified: patches/apps_Android.mk Sync up with changes that had crept into derived crypto/Android.mk modified: patches/crypto_Android.mk Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/ssl/s3_both.c
|
1fada29eaaa2a758ba3f68ee9ede8b6715673146 |
|
01-Oct-2009 |
Nagendra Modadugu <ngm@google.com> |
Add small_records.patch and handshake_cutthrough.patch. See patches/README for additional details.
/external/openssl/ssl/s3_both.c
|
656d9c7f52f88b3a3daccafa7655dec086c4756e |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_both.c
|
d2cbe6ee0fd4269543a9a243f2b0963ce6f46280 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_both.c
|
bdfb8ad83da0647e9b9a32792598e8ce7ba3ef4d |
|
12-Jan-1970 |
Upstream <upstream-import@none> |
external/openssl 0.9.8h
/external/openssl/ssl/s3_both.c
|