| 87955877681c4c832ee3df0bdba67d3e2e3d49f2 |
|
19-Nov-2014 |
Kenny Root <kroot@google.com> |
Add hack to fix RC4_INT problems
The opensslconf.h for 64-bit has a special case for linux-x86_64 that sets
RC4_INT to "unsigned int" instead of "unsigned char" Without this hack, any
server that chooses RC4-SHA for the SSL connection will segmentation fault
on x86-64 since the assembly code disagrees with the field size that C believes
it is.
(cherry picked from commit 9eca647003c7969ecb6fce2b5ff3965d3536fa67)
Bug: 18434518
Change-Id: I4eb1395fc122df5185af74500f4155a1095535c5
/external/openssl/import_openssl.sh
|
| 2e15b90d15e01bccec5e7a55b6da85e9eb719cf2 |
|
20-Jun-2014 |
Kenny Root <kroot@google.com> |
Check and normalize defines during import
Change-Id: Ia3732dc47f956ab75cb0aa012918f280746c8858
/external/openssl/import_openssl.sh
|
| 3f9e6ada2c9f7183a41081263585e6a70bbd9f59 |
|
19-Jun-2014 |
Kenny Root <kroot@google.com> |
Update ARM assembly patch
Change-Id: I9facdfa167df5fd95a9f573045093d4e4c5dc345
/external/openssl/import_openssl.sh
|
| 55b62558a1bc39a51b9075c3b1b0394693560449 |
|
19-Jun-2014 |
Kenny Root <kroot@google.com> |
Move conversion from ISO-8859-1 to UTF8 after applying patches
Change-Id: I070e546f0f7587a90c32e652ff65ffddf90f41f3
/external/openssl/import_openssl.sh
|
| e91828962ff55b7b3f8cb7ff982c265e1458faa4 |
|
12-Jun-2014 |
Kenny Root <kroot@google.com> |
Use numbering for patch orders
Change-Id: Id0e75f71e7c0b9950505e1d679690119e5d2597b
/external/openssl/import_openssl.sh
|
| cad53f2dbfd09d2ed441342a7f2f69530cb4622e |
|
29-May-2014 |
Kenny Root <kroot@google.com> |
Merge "Fix x86 and x86_64 assembly generation"
|
| d55031a5e797d10e7106668121d18ef5608aaed9 |
|
28-May-2014 |
Kenny Root <kroot@google.com> |
Add bitsliced AES for ARMv7
From commit 028bac0670c167f154438742eb4d0fbed73df209 on OpenSSL Git.
Change-Id: I8666b524dc749327c95a1643195145729cd530a0
/external/openssl/import_openssl.sh
|
| c34190ed12e47436253524e764732bbb7990dcae |
|
28-May-2014 |
Kenny Root <kroot@google.com> |
Fix x86 and x86_64 assembly generation
The CFLAGS need to be passed to the x86 assembly generating script so it
can select the right features.
Also add define flags to both x86 and x86_64 so it uses the VPAES and
BSAES implementations if applicable.
Change-Id: Iea2de77609be9c8595e6db0e4542fdff90b60611
/external/openssl/import_openssl.sh
|
| 90c3d84ab87e2dcb2eb7640a4875448d16db9fb4 |
|
21-May-2014 |
Ying Wang <wangying@google.com> |
Fix host multilib build.
Bug: 13751317
Change-Id: Ia7c12f22d875a78abc59c5181842085fb61fcd5a
/external/openssl/import_openssl.sh
|
| 2120d1a08077f76d6838f61169ea9982147789e7 |
|
29-Mar-2014 |
Kenny Root <kroot@google.com> |
Fix the location of perl binary
To make imports reproducible on MacOS, set the PERL environment variable
to the one in /usr/bin/perl so we don't get clobbered by homebrew or
MacPorts.
Change-Id: I952d8643a3ad8963389716143a0ddf16339c5e01
/external/openssl/import_openssl.sh
|
| f718b4cdc9619bd3e6a082dfb2b4f5d2ceb85427 |
|
29-Mar-2014 |
Kenny Root <kroot@google.com> |
Merge "Make sure import script is consistent across OS revs"
|
| d6ac5f6fe21f2e7cc2d49e06b097750d14f421cf |
|
28-Mar-2014 |
Kenny Root <kroot@google.com> |
Make sure import script is consistent across OS revs
Previous versions of Perl would not try to use UTF-8 on the scripts, but
the newer versions do. Disable this to make sure the output is
repeatable across Perl revisions.
Also the output format of "file" had changed across revisions of the OS,
so make sure we specify a flag that works to print out the
machine-readable MIME encoding.
Change-Id: I4213f0e57a16c030383be0a5f5ceb6b1e6e976e5
/external/openssl/import_openssl.sh
|
| cdeb264dec1936bb34064daaac932a97ebfa8ac5 |
|
28-Mar-2014 |
Kenny Root <kroot@android.com> |
Merge "Fixes to import_openssl.sh to allow to run on a Mac."
|
| 6eb98cdb6b8b25a0c0f23458a369f3d060914147 |
|
17-Jan-2014 |
Aaron Gamble <jgamble@nvidia.com> |
Add support for building crypto for trusty
openssl.config: Sources new openssl.trusty.config
openssl.trusty.config: Trusty specific config variables.
import_openssh.sh:
* Generate Crypto-trusty-config.mk
* Generate build-config-trusty.mk
* New ./Configure target to generate opensslconf-trusty.h
rules.mk: Trusty build system makefile. Uses *-trusty*.mk's generated by
import_openssl.sh.
Change-Id: I4a0c6c61ee2dea45adb4bdfcb36628b9671bbd7f
/external/openssl/import_openssl.sh
|
| 06e71ba5926940701b4c12669bab323503a2a3c5 |
|
28-Mar-2014 |
Ian Rogers <irogers@google.com> |
Fixes to import_openssl.sh to allow to run on a Mac.
Change-Id: Id136446396392d5b3a9572072d35517e6e121907
/external/openssl/import_openssl.sh
|
| b75561649fce4e0604f099097d6d8c3ba18e6331 |
|
24-Mar-2014 |
Alex Ray <aray@google.com> |
libcrypto-static: static config headers
The default configuration include header is "opensslconf.h", but for static
builds it will be "opensslconf-static.h". The library internally references the
former, so consumers of the static version of libcrypto will need to manually
#include <openssl/opensslconf-static.h> before any other openssl headers, or
else risk configuring for features not present.
Change-Id: I327ee423c00780ca8b1ccdfab1f67d43c4a22010
/external/openssl/import_openssl.sh
|
| 25ffdb2ec9d4bac7dc838ee573da65c86b47c48a |
|
21-Mar-2014 |
Alex Ray <aray@google.com> |
libcrypto: configure "no-dso" for static builds
Right now we configure with DSO even when building a static version of the
library, which introduces a dependency on libdl. We don't statically build
libdl, so libcrypto_static needs NO_DSO in order to be used in static
executables.
Change-Id: Ic27900f19600c1d882c1ed5aca483b15190b1e02
/external/openssl/import_openssl.sh
|
| b95c4f932e1bb760895fc6dcd2a2bba0ff08576a |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds
Support multilib builds by setting LOCAL_*_arch instead of setting
LOCAL_* based on $(TARGET_ARCH). Also converts the makefile
included once per file to be separate target and host makefiles
included once per build rule.
This is a revert of the revert in 92141a022d7567551bd721f5c00d9d3e14615926,
with conflicts resolved and a build fix from Fengwei Yin
<fengwei.yin@intel.com> to remove the unset local_cflags variable.
Change-Id: I77c786b69e946bb82b5b8613de99cf4b3fa6e30a
/external/openssl/import_openssl.sh
|
| f5463684121f89bee8cfe91918b04ace5112bc74 |
|
22-Feb-2014 |
Ian Rogers <irogers@google.com> |
Allow HOST_ARCH x86_64 to build.
Warn for unknown host build architectures.
Change-Id: Ia5089abbfa00f5e1985c64aa81a00f4f6fc7c7e2
/external/openssl/import_openssl.sh
|
| 92141a022d7567551bd721f5c00d9d3e14615926 |
|
06-Feb-2014 |
Colin Cross <ccross@android.com> |
Revert "external/openssl: add support for multilib builds"
This reverts commit 799b1cbcb88d3e2f24a1f6e7e78c20bee5a03730.
Change-Id: I3490f1cd5a9ecea7a69d3e078907ce3e897a1dc3
/external/openssl/import_openssl.sh
|
| 799b1cbcb88d3e2f24a1f6e7e78c20bee5a03730 |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds
Support multilib builds by setting LOCAL_*_arch instead of setting
LOCAL_* based on $(TARGET_ARCH). Also converts the makefile
included once per file to be separate target and host makefiles
included once per build rule.
Change-Id: I982d9963285ea6832b18be255c4afe06731ab571
/external/openssl/import_openssl.sh
|
| 4332ad1725fc5498e9def81d6cdc2fce210cac8a |
|
03-Feb-2014 |
Colin Cross <ccross@android.com> |
Revert "external/openssl: add support for multilib builds"
This reverts commit d633fb4198cc620f7332536011298b939e49ea66.
Change-Id: I9ec55d510623d77e8ea157d28fb7ee167ccdcc7b
/external/openssl/import_openssl.sh
|
| d633fb4198cc620f7332536011298b939e49ea66 |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds
Support multilib builds by setting LOCAL_*_arch instead of setting
LOCAL_* based on $(TARGET_ARCH). Also converts the makefile
included once per file to be separate target and host makefiles
included once per build rule.
Change-Id: I6954099e1ad3d002749e3a1c06f26ed39c1d7edf
/external/openssl/import_openssl.sh
|
| 6d72e0d3699e1b3aeff19a71e681b1e5fa3c9e25 |
|
29-Jan-2014 |
Ian Rogers <irogers@google.com> |
Fix BUILD_HOST_64bit.
Change-Id: Iaff271c87e20cf9bdf6cf3d101a34b3d4613932d
/external/openssl/import_openssl.sh
|
| 42b0d23b64a729be142dc0285992a20b93cbe40f |
|
22-Jan-2014 |
Colin Cross <ccross@android.com> |
openssl: rename aarch64 target to arm64
Rename aarch64 build targets to arm64. The gcc toolchain is still
aarch64.
Change-Id: Ia92d8a50824e5329cf00fd6f4f92eae112b7f3a3
/external/openssl/import_openssl.sh
|
| ff41a4bc41ae1e1391f9b05117623ff70b985983 |
|
07-Jan-2014 |
Kenny Root <kroot@google.com> |
Import OpenSSL 1.0.1f
Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file:
9ef09e97dfc9f14ac2c042f3b7e301098794fc0f openssl-1.0.1f.tar.gz
Some changes had to be made to the existing source:
Fixed the import script to work with "sh -x" for debugging problems.
Update some of the files from patches/ to work with 1.0.1f, because
1.0.1f fixes have used some of the constants that were used (0x20L was
changed to 0x80L and 0x40L was changed to 0x100L).
Delete the "Makefile.save" files that are newly present in the
OpenSSL 1.0.1f release tarball.
Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1
/external/openssl/import_openssl.sh
|
| 400df0a1337a517d628426522a358a1c5d22fccf |
|
06-Dec-2013 |
Alexey Volkov <alexey.v.volkov@intel.com> |
Fix compilation issues on x86_64
Change-Id: I5683f9b5221c8598d5a52c7016fdd22ab00b186f
Signed-off-by: Alexey Volkov <alexey.v.volkov@intel.com>
/external/openssl/import_openssl.sh
|
| 65059ad50d95a660023b80c8e3b13047ee456835 |
|
12-Dec-2013 |
Ashok Bhat <ashok.bhat@arm.com> |
AArch64: Enable build of openssl
Note that NDK is not used as it is not available
for AArch64.
Change-Id: Ie0194e8f97c3adb479d58ab2562a3e04325c63ef
Signed-off-by: Ashok Bhat <ashok.bhat@arm.com>
/external/openssl/import_openssl.sh
|
| 7619a21fcfdfb373f1e1170d03777747e83978f6 |
|
29-Oct-2013 |
Kenny Root <kroot@google.com> |
Parse patch file for files touched
Use the existing patch to find out which files the patch touches. This
reduces the amount of config file lines we need to add when putting in a
new patch.
Change-Id: Ibb79d61b538bbacc7029bd7f86f5d10b863df716
/external/openssl/import_openssl.sh
|
| 9372a376498e2db4b6c8339cf7ae43ba66ab8151 |
|
26-Jul-2013 |
Alex Klyubin <klyubin@google.com> |
Fix typo in OPENSSL_DIR_ORIG variable name.
Change-Id: I7d8b77d77979f69cbb5e63f1fcab802e9dcccfe0
/external/openssl/import_openssl.sh
|
| 063cfe18eb26487c1e69f0b9f408b3849c81a84a |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Move more build configuration to openssl.config
This patch makes openssl.config the only place where common
and architecture-specific sources and compiler flags are listed.
Its content is processed by import_openssl.sh to generate new
build config files (Crypto-config.mk, Ssl-config.mk, Apps-config.mk)
which are themselves included by simplified Crypto.mk, Ssl.mk, Apps.mk.
+ Add a new script (check-all-builds.sh) that can rebuild six
different variants of openssl in one go. This is useful to quickly
check that a change didn't break a specific build, e.g. when
adding new patch or upgrading the OpenSSL sources.
See './check-all-builds.sh --help' for more info.
Note: Clang-based builds are currently broken, so only GCC-based
ones are activated at the moment.
Change-Id: If08c204e4dc9b081ce676bc7984d039670e115b0
/external/openssl/import_openssl.sh
|
| 9fbf99a3a3ee41ed303a97b0b00808236d187bc0 |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Auto-generate configuration flags.
This modifies import_openssl.sh to parse the configured Makefile
and extract the appropriate compiler flags that were currently
defined manually in android-config.mk
- Modifies openssl.config to add missing configure options to
ensure the final result is the same than before the patch.
This also updates crypto/opensslconf.h.
- The generated output is stored in build-config.mk which content
directly comes from the OpenSSL Makefile.
- android-config.mk is still used to define LOCAL_CFLAGS from
the definitions in build-config.mk, as well as perform minimal
extra filtering.
- Remove the section in README.android about manually changing
android-config.mk.
Change-Id: I5275de69a817aa7c9880ea48e5d6a8ac1652a1e4
/external/openssl/import_openssl.sh
|
| 1762a559ef393f9c15300398433598989033385f |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Convert ISO-8859-1 files to UTF-8.
This patch modifies import_openssl.sh to convert all untarred OpenSSL
source files that are in ISO-8859-1 encoding into UTF-8.
The main reason for this is that the Chromium review tool doesn't support
anything else (i.e. "git cl upload" will barf with a mysterious Python
exception if the uploaded diff files aren't UTF-8).
This makes it easier to import the Android sources into the Chromium tree,
and should have no impact on the build products.
Change-Id: I43df753c41f5d9ed853a4252d7d05c5bbced98b4
/external/openssl/import_openssl.sh
|
| 04ef91b390dfcc6125913e2f2af502d23d7a5112 |
|
05-Feb-2013 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1d upgrade
Change-Id: Ie980c8834cf2c843858182d98d1f60c65a2a9b70
/external/openssl/import_openssl.sh
|
| 85dbb371d6ce544388360f64389b5007fe7f384b |
|
24-Jan-2013 |
David 'Digit' Turner <digit@android.com> |
Add another missing x86_64 assembly file generation step.
Change-Id: I357c33a297937c2e64cfa8c6e49795cd1e865544
/external/openssl/import_openssl.sh
|
| 153b100b9bdd15db2ad0c0963e299ed6841a794d |
|
23-Jan-2013 |
David 'Digit' Turner <digit@android.com> |
Fix x86_64 assembly file generation.
The "sha512-x86_64.pl" script actually needs the name of the output
file as its second parameter to determine whether to generate SHA-256
or SHA-512 routines.
This patch does the following:
- Fix import_openssl.sh to invoke the script properly
- Add the generation of sha256-x86_64.S as well.
Note that this patch is the result of running:
./import_openssl.sh import /path/to/openssl-1.0.1c.tar.gz
Which means that no other source files were impacted by the change.
Only needed for the Chromium x86_64 "linux_redux" build and the
SPDY host proxy program (flip_in_mem_edsm_server).
Change-Id: Ia40737f5952c7b156bd51844571e4f759910a6a1
/external/openssl/import_openssl.sh
|
| 20777798f5184ef65e59bb5eb91ac9e839d7afeb |
|
10-Dec-2012 |
David 'Digit' Turner <digit@android.com> |
Add x86_64 assembly files.
This patch modifies import_openssl.sh to also generate assembly
files for x86_64 (using the appropriate Perl scripts).
These new sources are not used by the Android build, but by the
Chromium "linux_redux" build which uses OpenSSL has its SSL engine.
Change-Id: I3d1435de17f2de10633a71b9197b6cec328e93a7
/external/openssl/import_openssl.sh
|
| 19d5d6fe6ced25a9888f107d5e3957d3a1800a82 |
|
10-Dec-2012 |
David 'Digit' Turner <digit@android.com> |
Add x86 cpuid assembly file.
This patch does the following:
- Adds the generation of crypto/x86cpuid.S in import_openssl.sh.
- Modifies Crypto.mk to ensure that the corresponding functions
are linked and used at runtime.
Note that mem_clr.c is removed from the x86 build. Its sole purpose
is to provide a generic implementation of OPENSSL_cleanse, which is
provided by the x86cpuid.S source file now.
Change-Id: I7cbf6b12220def11498e591dc64787ef76303c9e
/external/openssl/import_openssl.sh
|
| 2c4d015c2c3dbe9cf62004171e265487dfa22469 |
|
05-Nov-2012 |
Daniel Leung <daniel.leung@linux.intel.com> |
x86: Fix DT_TEXTREL in assembly code
Regenerate some assembly files to make them PIC friendly.
The perl script needs to be passed "-fPIC" to properly generate PIC
friendly code for x86.
The import_openssl.sh has also been updated to include -fPIC when
generating assembly files for x86.
Change-Id: Ie174b5f74cf7fcdad1339892302b8762ee43ed7c
Signed-off-by: Daniel Leung <daniel.leung@linux.intel.com>
/external/openssl/import_openssl.sh
|
| 9838b9f4b038825b061a6b323842f9d23729eac0 |
|
05-Oct-2012 |
David 'Digit' Turner <digit@google.com> |
Rename assembly files with .S extensions.
The openssl files were generated with an .s extension,
which tells GCC that they normally don't need to be sent
to the pre-processor (i.e. they are passed directly to the
assembler).
Unfortunately, all these files _do_ need to be preprocessed,
which is why 'LOCAL_AS_CFLAGS := -x assembler-with-cpp' was
required in Crypto.mk.
As simpler way to solve the issue is simply to use an .S
extension when generating the assembly files. GCC knows
that these must be pre-processed first.
So the patch does:
- Rename all .s files to .S
- Remove the use of -x assembler-with-cpp from Crypto.mk
- Modify import_openssl.sh to directly generate .S files
(tested)
Context: This makes it easier to reuse the exact same sources
for Chrome on Android. Its gyp build system doesn't
have a feature comparable to LOCAL_AS_CFLAGS.
Change-Id: I708d9fbcf8d42b5c39a7d30df2b03ed79a3e62f0
/external/openssl/import_openssl.sh
|
| c58cd0fd2cebb61b0e0f200e01562c542525ef46 |
|
13-Sep-2012 |
Catalin Ionita <catalin.ionita@intel.com> |
Enable openssl crypto optimizations for x86 platform
Asm files attached to this patch were generated from the
current OpenSSL version.
Change-Id: I05ef67a6e34016ef94a0ef23ca264bcac805b1cc
Signed-off-by: Catalin Ionita <catalin.ionita@intel.com>
/external/openssl/import_openssl.sh
|
| 2178392bec7b69d0f469bce29f653c9fbd09b614 |
|
02-Aug-2012 |
Chris Dearman <chris@mips.com> |
[MIPS] Append private_ to AES_set_encrypt_key and AES_set_decrypt_key for MIPS.
Update import script to generate o32 .s files for MIPS.
Release 1.0.1 of openssl renamed the C and assembler routines for
AES_set_encrypt_key() and AES_set_decrypt_key(), but forgot to do this in the
Mips assembler version. The following mips_private.patch fixes that
problem in the upstream source, until such time as it is fixed upstream.
The upstream version of openssl builds for a "n32" Mips abi used on SGI
workstations. Android's import_openssl.sh script is now modified to
build for the "o32" abi used throughout Mips Android. That change is
permanent, and will not be upstreamed.
Signed-off-by: Raghu Gandham <raghu@mips.com>
Change-Id: Iec5ce7f11a74a3674e96057f2ce97d8ba9238464
/external/openssl/import_openssl.sh
|
| 8dc607f5fdfe0293d04050de758484fc0d22833d |
|
08-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
Move OpenSSL makefiles to one directory to avoid future patching issues
Change-Id: I39f6cfc61f484f4457bda3003e5992dfc7e20186
/external/openssl/import_openssl.sh
|
| 26674baf1ef727d9c0f12939c08ea90b56f65c26 |
|
31-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Enable additional asm on arm
Bug: 6168278
Change-Id: Icb87356462ff2219c939bfeedc6aac7f4db69af7
/external/openssl/import_openssl.sh
|
| 7f1d63479ce92a2a4a0874b007e49f8acb13a0d9 |
|
15-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
am db166823: Merge "From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001 Subject: [MIPS] MIPS assembler pack update"
* commit 'db166823303559663b1c209e14b326160519c51c':
From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001 Subject: [MIPS] MIPS assembler pack update
|
| b83a02d94f9ba66fc5da46c2e27572674ea17931 |
|
21-Feb-2012 |
Petar Jovanovic <petar.jovanovic@rt-rk.com> |
From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001
Subject: [MIPS] MIPS assembler pack update
Asm changes have been taken from http://cvs.openssl.org/chngview?cn=21708
These should discarded when the code base moves to OpenSSL 1.0.1 or above.
Additional changes have also been added to the Android make files, so it builds
correctly for MIPS architecture.
Change-Id: Ifc139e624d50510727180b03b15e15f7bbeda4d1
Signed-Off-By: Petar Jovanovic <petarj@mips.com>
/external/openssl/import_openssl.sh
|
| 7b476c43f6a45574eb34697244b592e7b09f05a3 |
|
04-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0f
Bug: 5822335
Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f
/external/openssl/import_openssl.sh
|
| 4f16e619f191ec2041275b4ff5235663d583e484 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Improved client certificate and certificate chain support
Summary:
- openssl: add openssl support for specifying per key certificate chains
- libcore: properly implement client certificate request call back
- libcore: properly implement sending certificate chain
- libcore: properly implement retreiving local certificate chain
- libcore: added an SSLContext for non-OpenSSL SSLSocket creation
Details:
external/openssl
Improve patch generate support by applying all other patches to
baseline to remove cross polluting other patch changes into target
patch. Move cleanup of ./Configure output to import script from
openssl.config.
import_openssl.sh
openssl.config
Adding SSL_use_certificate_chain and SSL_get_certificate_chain to
continue to finish most of remaining JSSE issues.
include/openssl/ssl.h
ssl/s3_both.c
ssl/ssl.h
ssl/ssl_locl.h
ssl/ssl_rsa.c
Updated patch (and list of input files to patch)
patches/jsse.patch
openssl.config
libcore
Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl
instances for interoperability testing. OpenSSLContextImpl is the
new subclass that provides OpenSSLSocketImpl. JSSEProvider
provides the old style SSLContexts, OpenSSLProvider provides the
OpenSSL SSLContext, which includes the "default" context. Changed
to register SSLContexts without aliases to match the RI.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
Native interface updates to support OpenSSLSocketImpl improvements
- KEY_TYPES now expanded based on what we are being provided by OpenSSL.
keyType function now maps key type values received from
clientCertificateRequested callback.
- Removed remaining uses of string PEM encoding, now using ASN1 DER consistently
Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain
- Fixed clientCertificateRequested to properly include all key
types supported by server, not just the one from the cipher
suite. We also now properly include the list of supported CAs to
help the client select a certificate to use.
- Fixed NativeCrypto.SSL_use_certificate implementation to use new
SSL_use_certificate_chain function from openssl to pass chain to
OpenSSL.
- Added error handling of all uses of sk_*_push which can fail due to out of memory
- Fixed compile warning due to missing JNI_TRACE argument
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/native/NativeCrypto.cpp
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
Improvements to SSL test support to go along with client
certificate and certificate chain changes. TestSSLContext now has
separate contexts for the client and server (as well as seperate
key stores information). TestKeyStore now is more realistic by
default, creating a CA, intermediate CA, and separate client and
server certificates, as well as a client keystore that simply
contains the CA and no certificates.
support/src/test/java/javax/net/ssl/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Tests tracking API changes. Tests involving cert chains now now
updated to use TestKeyStore.assertChainLength to avoid hardwiring
expected chain length in tests. These tests also now use
TestSSLContext.assertClientCertificateChain to validate that the
chain is properly constructed and trusted by a trust manager.
luni/src/test/java/java/net/URLConnectionTest.java
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/javax/net/ssl/TestSSLEnginePair.java
support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
frameworks/base
Tracking change of SSLContextImpl to OpenSSLContextImpl
core/java/android/net/SSLCertificateSocketFactory.java
core/java/android/net/http/HttpsConnection.java
tests/CoreTests/android/core/SSLPerformanceTest.java
tests/CoreTests/android/core/SSLSocketTest.java
Tracking changes to TestSSLContext
core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java
Change-Id: I792921617164a98467c500d7fe53dbd738adfa02
/external/openssl/import_openssl.sh
|
| 8c67d9d5244d5942ca08f8a69c2c83418188fef0 |
|
10-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
import_openssl.sh improvements based on external/bouncycastle work
Tested with
./import_openssl.sh import .../openssl-1.0.0.tar.gz
and confirmed no source changes
Also added debug flags in android-config.mk for later use
Change-Id: Idbfefe7bc16790060eb58c116b0961c195b3a087
/external/openssl/import_openssl.sh
|
| 925e1a4723895097daa6f8551a4144abd1d2d1ed |
|
26-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
Fix for openssl-1.0.0 small_records.patch
There were two issues with the first version of small_records.patch
- the resize check was immediately after the size check, so the
size check always failed before the resize happened.
- openssl-1.0.0 needs extra space to be allocated for alignment
patches/small_records.patch
Regenerated file
ssl/s3_pkt.c
Added patch generatation support, as opposed to just regenerate when
patches no longer apply on upgrade. Usage:
import_openssl.sh generate <patch/foo.patch> <openssl-tarball.tar.gz>
import_openssl.sh
As part of "import_openssl.sh generate", moved definition of
imported sources to openssl.config instead of wired in the code.
openssl.config
Add browser testing note with https://online.citibank.com
README.android
/external/openssl/import_openssl.sh
|
| 674ff29eb647c577ba1ef822c373ead69dc386cf |
|
15-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
/external/openssl/import_openssl.sh
|
| cb10715cbfca3534fb93aef2a3bc2e15265524d1 |
|
23-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
fix /mnt/sdcard to /sdcard in android.testssl
found when merging to dalvik-dev where test failed because of incorrect path
Change-Id: Ib87af202fdf4027d8c133a27bd956227c6d741e6
/external/openssl/import_openssl.sh
|
| 99ed67e397c4f2d3e0e65fa714a416bb73a0d108 |
|
17-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
b/2522132 Native crash in sslRead()
Summary:
- the small_records.patch finished code review today, importing final version
- the native crash reflected an underling openssl issue, so we have a new patch for this
Details:
Adding new patch for b/2522132 crash
patches/bad_version.patch
Syncing small_records.patch with reviewed version
patches/small_records.patch
Adding new patch to the list of active patches
openssl.config
Adding description of the new bad_version.patch
patches/README
Minor test script changes
- Added adb remount
- Simplified /mnt/sdcard to /sdcard
patches/testssl.sh
Added trace message as each patch is applied so I could more
easily confirm that the newly added bad_version.patch was applied.
import_openssl.sh
Automatically generated files:
android.testssl/testssl.sh
ssl/d1_pkt.c
ssl/s3_both.c
ssl/s3_pkt.c
Change-Id: I1ca1b69d612ef425203074c58c031d6a681b92fe
/external/openssl/import_openssl.sh
|
| 98d58bb80c64b02a33662f0ea80351d4a1535267 |
|
09-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh
Testing Summary:
- Passed new android.testssl/testssl.sh
- General testing with BrowserActivity based program
Details:
Expanded detail in README.android about how to build and test openssl
upgrades based on my first experience.
modified: README.android
Significant rework of import_openssl.sh script that does most of
the work of the upgrade. Most of the existing code became the main
and import functions. The newly regenerate code helps regenerate
patch files, building on the fact that import now keeps and
original unmodified read-only source tree for use for patch
generation. Patch generation relies on additions to openssl.config
for defining which patches include which files. Note that
sometimes a file may be patched multiple times, in that case
manual review is still necessary to prune the patch after
auto-regeneration. Other enhancements to import_openssl.sh include
generating android.testssl and printing Makefile defines for
android-config.mk review.
modified: import_openssl.sh
Test support files for openssl/
Add support for building /system/bin/ssltest as test executible for
use by testssl script. Need confirmation that this is the right way
to define such a test binary.
modified: patches/ssl_Android.mk
Driver script that generates user and CA keys and certs on the
device with /system/bin/openssl before running testssl. Based on
openssl/test/testss for generation and openssl/test/Makefile
test_ssl for test execution.
new file: patches/testssl.sh
Note all following android.testssl files are automatically
imported from openssl, although possible with modifications by
import_openssl.sh
testssl script imported from openssl/test that does the bulk of
the testing. Includes new tests patched in for our additions.
new file: android.testssl/testssl
CA and user certificate configuration files from openssl.
Automatically imported from openssl/test/
new file: android.testssl/CAss.cnf
new file: android.testssl/Uss.cnf
certificate and key test file imported from openssl/apps
new file: android.testssl/server2.pem
Actual 0.9.8m upgrade specific bits
Trying to bring ngm's small records support into 0.9.8m. Needs
signoff by ngm although it does pass testing.
modified: patches/small_records.patch
Update openssl.config for 0.9.8m. Expanded lists of undeeded
directories and files for easier update and review, adding new
excludes. Also added new definitions to support "import_openssl.sh
regenerate" for patch updating.
modified: openssl.config
Updated OPENSSL_VERSION to 0.9.8m
modified: openssl.version
Automatically imported/patched files. Seems like it could be
further pruned in by openssl.config UNNEEDED_SOURCES, but extra
stuff doesn't end up impacting device.
modified: apps/...
modified: crypto/...
modified: include/...
modified: ssl/...
Other Android build stuff.
Note for these patches/... is source, .../Android.mk is derived.
Split LOCAL_CFLAGS additions into lines based on openssl/Makefile
source for easier comparison when upgrading. I knowingly left the
lines long and unwrapped for easy vdiff with openssl/Makefile
modified: android-config.mk
Removed local -DOPENSSL_NO_ECDH already in android-config.mk.
modified: patches/apps_Android.mk
Sync up with changes that had crept into derived crypto/Android.mk
modified: patches/crypto_Android.mk
Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/import_openssl.sh
|
| 1fada29eaaa2a758ba3f68ee9ede8b6715673146 |
|
01-Oct-2009 |
Nagendra Modadugu <ngm@google.com> |
Add small_records.patch and handshake_cutthrough.patch.
See patches/README for additional details.
/external/openssl/import_openssl.sh
|
| e45f106cb6b47af1f21efe76e933bdea2f5dd1ca |
|
30-Sep-2009 |
Nagendra Modadugu <ngm@google.com> |
Upgrade to openssl-0.9.8k.
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
/external/openssl/import_openssl.sh
|