87955877681c4c832ee3df0bdba67d3e2e3d49f2 |
|
19-Nov-2014 |
Kenny Root <kroot@google.com> |
Add hack to fix RC4_INT problems The opensslconf.h for 64-bit has a special case for linux-x86_64 that sets RC4_INT to "unsigned int" instead of "unsigned char" Without this hack, any server that chooses RC4-SHA for the SSL connection will segmentation fault on x86-64 since the assembly code disagrees with the field size that C believes it is. (cherry picked from commit 9eca647003c7969ecb6fce2b5ff3965d3536fa67) Bug: 18434518 Change-Id: I4eb1395fc122df5185af74500f4155a1095535c5
/external/openssl/import_openssl.sh
|
2e15b90d15e01bccec5e7a55b6da85e9eb719cf2 |
|
20-Jun-2014 |
Kenny Root <kroot@google.com> |
Check and normalize defines during import Change-Id: Ia3732dc47f956ab75cb0aa012918f280746c8858
/external/openssl/import_openssl.sh
|
3f9e6ada2c9f7183a41081263585e6a70bbd9f59 |
|
19-Jun-2014 |
Kenny Root <kroot@google.com> |
Update ARM assembly patch Change-Id: I9facdfa167df5fd95a9f573045093d4e4c5dc345
/external/openssl/import_openssl.sh
|
55b62558a1bc39a51b9075c3b1b0394693560449 |
|
19-Jun-2014 |
Kenny Root <kroot@google.com> |
Move conversion from ISO-8859-1 to UTF8 after applying patches Change-Id: I070e546f0f7587a90c32e652ff65ffddf90f41f3
/external/openssl/import_openssl.sh
|
e91828962ff55b7b3f8cb7ff982c265e1458faa4 |
|
12-Jun-2014 |
Kenny Root <kroot@google.com> |
Use numbering for patch orders Change-Id: Id0e75f71e7c0b9950505e1d679690119e5d2597b
/external/openssl/import_openssl.sh
|
cad53f2dbfd09d2ed441342a7f2f69530cb4622e |
|
29-May-2014 |
Kenny Root <kroot@google.com> |
Merge "Fix x86 and x86_64 assembly generation"
|
d55031a5e797d10e7106668121d18ef5608aaed9 |
|
28-May-2014 |
Kenny Root <kroot@google.com> |
Add bitsliced AES for ARMv7 From commit 028bac0670c167f154438742eb4d0fbed73df209 on OpenSSL Git. Change-Id: I8666b524dc749327c95a1643195145729cd530a0
/external/openssl/import_openssl.sh
|
c34190ed12e47436253524e764732bbb7990dcae |
|
28-May-2014 |
Kenny Root <kroot@google.com> |
Fix x86 and x86_64 assembly generation The CFLAGS need to be passed to the x86 assembly generating script so it can select the right features. Also add define flags to both x86 and x86_64 so it uses the VPAES and BSAES implementations if applicable. Change-Id: Iea2de77609be9c8595e6db0e4542fdff90b60611
/external/openssl/import_openssl.sh
|
90c3d84ab87e2dcb2eb7640a4875448d16db9fb4 |
|
21-May-2014 |
Ying Wang <wangying@google.com> |
Fix host multilib build. Bug: 13751317 Change-Id: Ia7c12f22d875a78abc59c5181842085fb61fcd5a
/external/openssl/import_openssl.sh
|
2120d1a08077f76d6838f61169ea9982147789e7 |
|
29-Mar-2014 |
Kenny Root <kroot@google.com> |
Fix the location of perl binary To make imports reproducible on MacOS, set the PERL environment variable to the one in /usr/bin/perl so we don't get clobbered by homebrew or MacPorts. Change-Id: I952d8643a3ad8963389716143a0ddf16339c5e01
/external/openssl/import_openssl.sh
|
f718b4cdc9619bd3e6a082dfb2b4f5d2ceb85427 |
|
29-Mar-2014 |
Kenny Root <kroot@google.com> |
Merge "Make sure import script is consistent across OS revs"
|
d6ac5f6fe21f2e7cc2d49e06b097750d14f421cf |
|
28-Mar-2014 |
Kenny Root <kroot@google.com> |
Make sure import script is consistent across OS revs Previous versions of Perl would not try to use UTF-8 on the scripts, but the newer versions do. Disable this to make sure the output is repeatable across Perl revisions. Also the output format of "file" had changed across revisions of the OS, so make sure we specify a flag that works to print out the machine-readable MIME encoding. Change-Id: I4213f0e57a16c030383be0a5f5ceb6b1e6e976e5
/external/openssl/import_openssl.sh
|
cdeb264dec1936bb34064daaac932a97ebfa8ac5 |
|
28-Mar-2014 |
Kenny Root <kroot@android.com> |
Merge "Fixes to import_openssl.sh to allow to run on a Mac."
|
6eb98cdb6b8b25a0c0f23458a369f3d060914147 |
|
17-Jan-2014 |
Aaron Gamble <jgamble@nvidia.com> |
Add support for building crypto for trusty openssl.config: Sources new openssl.trusty.config openssl.trusty.config: Trusty specific config variables. import_openssh.sh: * Generate Crypto-trusty-config.mk * Generate build-config-trusty.mk * New ./Configure target to generate opensslconf-trusty.h rules.mk: Trusty build system makefile. Uses *-trusty*.mk's generated by import_openssl.sh. Change-Id: I4a0c6c61ee2dea45adb4bdfcb36628b9671bbd7f
/external/openssl/import_openssl.sh
|
06e71ba5926940701b4c12669bab323503a2a3c5 |
|
28-Mar-2014 |
Ian Rogers <irogers@google.com> |
Fixes to import_openssl.sh to allow to run on a Mac. Change-Id: Id136446396392d5b3a9572072d35517e6e121907
/external/openssl/import_openssl.sh
|
b75561649fce4e0604f099097d6d8c3ba18e6331 |
|
24-Mar-2014 |
Alex Ray <aray@google.com> |
libcrypto-static: static config headers The default configuration include header is "opensslconf.h", but for static builds it will be "opensslconf-static.h". The library internally references the former, so consumers of the static version of libcrypto will need to manually #include <openssl/opensslconf-static.h> before any other openssl headers, or else risk configuring for features not present. Change-Id: I327ee423c00780ca8b1ccdfab1f67d43c4a22010
/external/openssl/import_openssl.sh
|
25ffdb2ec9d4bac7dc838ee573da65c86b47c48a |
|
21-Mar-2014 |
Alex Ray <aray@google.com> |
libcrypto: configure "no-dso" for static builds Right now we configure with DSO even when building a static version of the library, which introduces a dependency on libdl. We don't statically build libdl, so libcrypto_static needs NO_DSO in order to be used in static executables. Change-Id: Ic27900f19600c1d882c1ed5aca483b15190b1e02
/external/openssl/import_openssl.sh
|
b95c4f932e1bb760895fc6dcd2a2bba0ff08576a |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds Support multilib builds by setting LOCAL_*_arch instead of setting LOCAL_* based on $(TARGET_ARCH). Also converts the makefile included once per file to be separate target and host makefiles included once per build rule. This is a revert of the revert in 92141a022d7567551bd721f5c00d9d3e14615926, with conflicts resolved and a build fix from Fengwei Yin <fengwei.yin@intel.com> to remove the unset local_cflags variable. Change-Id: I77c786b69e946bb82b5b8613de99cf4b3fa6e30a
/external/openssl/import_openssl.sh
|
f5463684121f89bee8cfe91918b04ace5112bc74 |
|
22-Feb-2014 |
Ian Rogers <irogers@google.com> |
Allow HOST_ARCH x86_64 to build. Warn for unknown host build architectures. Change-Id: Ia5089abbfa00f5e1985c64aa81a00f4f6fc7c7e2
/external/openssl/import_openssl.sh
|
92141a022d7567551bd721f5c00d9d3e14615926 |
|
06-Feb-2014 |
Colin Cross <ccross@android.com> |
Revert "external/openssl: add support for multilib builds" This reverts commit 799b1cbcb88d3e2f24a1f6e7e78c20bee5a03730. Change-Id: I3490f1cd5a9ecea7a69d3e078907ce3e897a1dc3
/external/openssl/import_openssl.sh
|
799b1cbcb88d3e2f24a1f6e7e78c20bee5a03730 |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds Support multilib builds by setting LOCAL_*_arch instead of setting LOCAL_* based on $(TARGET_ARCH). Also converts the makefile included once per file to be separate target and host makefiles included once per build rule. Change-Id: I982d9963285ea6832b18be255c4afe06731ab571
/external/openssl/import_openssl.sh
|
4332ad1725fc5498e9def81d6cdc2fce210cac8a |
|
03-Feb-2014 |
Colin Cross <ccross@android.com> |
Revert "external/openssl: add support for multilib builds" This reverts commit d633fb4198cc620f7332536011298b939e49ea66. Change-Id: I9ec55d510623d77e8ea157d28fb7ee167ccdcc7b
/external/openssl/import_openssl.sh
|
d633fb4198cc620f7332536011298b939e49ea66 |
|
30-Jan-2014 |
Colin Cross <ccross@android.com> |
external/openssl: add support for multilib builds Support multilib builds by setting LOCAL_*_arch instead of setting LOCAL_* based on $(TARGET_ARCH). Also converts the makefile included once per file to be separate target and host makefiles included once per build rule. Change-Id: I6954099e1ad3d002749e3a1c06f26ed39c1d7edf
/external/openssl/import_openssl.sh
|
6d72e0d3699e1b3aeff19a71e681b1e5fa3c9e25 |
|
29-Jan-2014 |
Ian Rogers <irogers@google.com> |
Fix BUILD_HOST_64bit. Change-Id: Iaff271c87e20cf9bdf6cf3d101a34b3d4613932d
/external/openssl/import_openssl.sh
|
42b0d23b64a729be142dc0285992a20b93cbe40f |
|
22-Jan-2014 |
Colin Cross <ccross@android.com> |
openssl: rename aarch64 target to arm64 Rename aarch64 build targets to arm64. The gcc toolchain is still aarch64. Change-Id: Ia92d8a50824e5329cf00fd6f4f92eae112b7f3a3
/external/openssl/import_openssl.sh
|
ff41a4bc41ae1e1391f9b05117623ff70b985983 |
|
07-Jan-2014 |
Kenny Root <kroot@google.com> |
Import OpenSSL 1.0.1f Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file: 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f openssl-1.0.1f.tar.gz Some changes had to be made to the existing source: Fixed the import script to work with "sh -x" for debugging problems. Update some of the files from patches/ to work with 1.0.1f, because 1.0.1f fixes have used some of the constants that were used (0x20L was changed to 0x80L and 0x40L was changed to 0x100L). Delete the "Makefile.save" files that are newly present in the OpenSSL 1.0.1f release tarball. Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1
/external/openssl/import_openssl.sh
|
400df0a1337a517d628426522a358a1c5d22fccf |
|
06-Dec-2013 |
Alexey Volkov <alexey.v.volkov@intel.com> |
Fix compilation issues on x86_64 Change-Id: I5683f9b5221c8598d5a52c7016fdd22ab00b186f Signed-off-by: Alexey Volkov <alexey.v.volkov@intel.com>
/external/openssl/import_openssl.sh
|
65059ad50d95a660023b80c8e3b13047ee456835 |
|
12-Dec-2013 |
Ashok Bhat <ashok.bhat@arm.com> |
AArch64: Enable build of openssl Note that NDK is not used as it is not available for AArch64. Change-Id: Ie0194e8f97c3adb479d58ab2562a3e04325c63ef Signed-off-by: Ashok Bhat <ashok.bhat@arm.com>
/external/openssl/import_openssl.sh
|
7619a21fcfdfb373f1e1170d03777747e83978f6 |
|
29-Oct-2013 |
Kenny Root <kroot@google.com> |
Parse patch file for files touched Use the existing patch to find out which files the patch touches. This reduces the amount of config file lines we need to add when putting in a new patch. Change-Id: Ibb79d61b538bbacc7029bd7f86f5d10b863df716
/external/openssl/import_openssl.sh
|
9372a376498e2db4b6c8339cf7ae43ba66ab8151 |
|
26-Jul-2013 |
Alex Klyubin <klyubin@google.com> |
Fix typo in OPENSSL_DIR_ORIG variable name. Change-Id: I7d8b77d77979f69cbb5e63f1fcab802e9dcccfe0
/external/openssl/import_openssl.sh
|
063cfe18eb26487c1e69f0b9f408b3849c81a84a |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Move more build configuration to openssl.config This patch makes openssl.config the only place where common and architecture-specific sources and compiler flags are listed. Its content is processed by import_openssl.sh to generate new build config files (Crypto-config.mk, Ssl-config.mk, Apps-config.mk) which are themselves included by simplified Crypto.mk, Ssl.mk, Apps.mk. + Add a new script (check-all-builds.sh) that can rebuild six different variants of openssl in one go. This is useful to quickly check that a change didn't break a specific build, e.g. when adding new patch or upgrading the OpenSSL sources. See './check-all-builds.sh --help' for more info. Note: Clang-based builds are currently broken, so only GCC-based ones are activated at the moment. Change-Id: If08c204e4dc9b081ce676bc7984d039670e115b0
/external/openssl/import_openssl.sh
|
9fbf99a3a3ee41ed303a97b0b00808236d187bc0 |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Auto-generate configuration flags. This modifies import_openssl.sh to parse the configured Makefile and extract the appropriate compiler flags that were currently defined manually in android-config.mk - Modifies openssl.config to add missing configure options to ensure the final result is the same than before the patch. This also updates crypto/opensslconf.h. - The generated output is stored in build-config.mk which content directly comes from the OpenSSL Makefile. - android-config.mk is still used to define LOCAL_CFLAGS from the definitions in build-config.mk, as well as perform minimal extra filtering. - Remove the section in README.android about manually changing android-config.mk. Change-Id: I5275de69a817aa7c9880ea48e5d6a8ac1652a1e4
/external/openssl/import_openssl.sh
|
1762a559ef393f9c15300398433598989033385f |
|
19-Feb-2013 |
David 'Digit' Turner <digit@android.com> |
Convert ISO-8859-1 files to UTF-8. This patch modifies import_openssl.sh to convert all untarred OpenSSL source files that are in ISO-8859-1 encoding into UTF-8. The main reason for this is that the Chromium review tool doesn't support anything else (i.e. "git cl upload" will barf with a mysterious Python exception if the uploaded diff files aren't UTF-8). This makes it easier to import the Android sources into the Chromium tree, and should have no impact on the build products. Change-Id: I43df753c41f5d9ed853a4252d7d05c5bbced98b4
/external/openssl/import_openssl.sh
|
04ef91b390dfcc6125913e2f2af502d23d7a5112 |
|
05-Feb-2013 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1d upgrade Change-Id: Ie980c8834cf2c843858182d98d1f60c65a2a9b70
/external/openssl/import_openssl.sh
|
85dbb371d6ce544388360f64389b5007fe7f384b |
|
24-Jan-2013 |
David 'Digit' Turner <digit@android.com> |
Add another missing x86_64 assembly file generation step. Change-Id: I357c33a297937c2e64cfa8c6e49795cd1e865544
/external/openssl/import_openssl.sh
|
153b100b9bdd15db2ad0c0963e299ed6841a794d |
|
23-Jan-2013 |
David 'Digit' Turner <digit@android.com> |
Fix x86_64 assembly file generation. The "sha512-x86_64.pl" script actually needs the name of the output file as its second parameter to determine whether to generate SHA-256 or SHA-512 routines. This patch does the following: - Fix import_openssl.sh to invoke the script properly - Add the generation of sha256-x86_64.S as well. Note that this patch is the result of running: ./import_openssl.sh import /path/to/openssl-1.0.1c.tar.gz Which means that no other source files were impacted by the change. Only needed for the Chromium x86_64 "linux_redux" build and the SPDY host proxy program (flip_in_mem_edsm_server). Change-Id: Ia40737f5952c7b156bd51844571e4f759910a6a1
/external/openssl/import_openssl.sh
|
20777798f5184ef65e59bb5eb91ac9e839d7afeb |
|
10-Dec-2012 |
David 'Digit' Turner <digit@android.com> |
Add x86_64 assembly files. This patch modifies import_openssl.sh to also generate assembly files for x86_64 (using the appropriate Perl scripts). These new sources are not used by the Android build, but by the Chromium "linux_redux" build which uses OpenSSL has its SSL engine. Change-Id: I3d1435de17f2de10633a71b9197b6cec328e93a7
/external/openssl/import_openssl.sh
|
19d5d6fe6ced25a9888f107d5e3957d3a1800a82 |
|
10-Dec-2012 |
David 'Digit' Turner <digit@android.com> |
Add x86 cpuid assembly file. This patch does the following: - Adds the generation of crypto/x86cpuid.S in import_openssl.sh. - Modifies Crypto.mk to ensure that the corresponding functions are linked and used at runtime. Note that mem_clr.c is removed from the x86 build. Its sole purpose is to provide a generic implementation of OPENSSL_cleanse, which is provided by the x86cpuid.S source file now. Change-Id: I7cbf6b12220def11498e591dc64787ef76303c9e
/external/openssl/import_openssl.sh
|
2c4d015c2c3dbe9cf62004171e265487dfa22469 |
|
05-Nov-2012 |
Daniel Leung <daniel.leung@linux.intel.com> |
x86: Fix DT_TEXTREL in assembly code Regenerate some assembly files to make them PIC friendly. The perl script needs to be passed "-fPIC" to properly generate PIC friendly code for x86. The import_openssl.sh has also been updated to include -fPIC when generating assembly files for x86. Change-Id: Ie174b5f74cf7fcdad1339892302b8762ee43ed7c Signed-off-by: Daniel Leung <daniel.leung@linux.intel.com>
/external/openssl/import_openssl.sh
|
9838b9f4b038825b061a6b323842f9d23729eac0 |
|
05-Oct-2012 |
David 'Digit' Turner <digit@google.com> |
Rename assembly files with .S extensions. The openssl files were generated with an .s extension, which tells GCC that they normally don't need to be sent to the pre-processor (i.e. they are passed directly to the assembler). Unfortunately, all these files _do_ need to be preprocessed, which is why 'LOCAL_AS_CFLAGS := -x assembler-with-cpp' was required in Crypto.mk. As simpler way to solve the issue is simply to use an .S extension when generating the assembly files. GCC knows that these must be pre-processed first. So the patch does: - Rename all .s files to .S - Remove the use of -x assembler-with-cpp from Crypto.mk - Modify import_openssl.sh to directly generate .S files (tested) Context: This makes it easier to reuse the exact same sources for Chrome on Android. Its gyp build system doesn't have a feature comparable to LOCAL_AS_CFLAGS. Change-Id: I708d9fbcf8d42b5c39a7d30df2b03ed79a3e62f0
/external/openssl/import_openssl.sh
|
c58cd0fd2cebb61b0e0f200e01562c542525ef46 |
|
13-Sep-2012 |
Catalin Ionita <catalin.ionita@intel.com> |
Enable openssl crypto optimizations for x86 platform Asm files attached to this patch were generated from the current OpenSSL version. Change-Id: I05ef67a6e34016ef94a0ef23ca264bcac805b1cc Signed-off-by: Catalin Ionita <catalin.ionita@intel.com>
/external/openssl/import_openssl.sh
|
2178392bec7b69d0f469bce29f653c9fbd09b614 |
|
02-Aug-2012 |
Chris Dearman <chris@mips.com> |
[MIPS] Append private_ to AES_set_encrypt_key and AES_set_decrypt_key for MIPS. Update import script to generate o32 .s files for MIPS. Release 1.0.1 of openssl renamed the C and assembler routines for AES_set_encrypt_key() and AES_set_decrypt_key(), but forgot to do this in the Mips assembler version. The following mips_private.patch fixes that problem in the upstream source, until such time as it is fixed upstream. The upstream version of openssl builds for a "n32" Mips abi used on SGI workstations. Android's import_openssl.sh script is now modified to build for the "o32" abi used throughout Mips Android. That change is permanent, and will not be upstreamed. Signed-off-by: Raghu Gandham <raghu@mips.com> Change-Id: Iec5ce7f11a74a3674e96057f2ce97d8ba9238464
/external/openssl/import_openssl.sh
|
8dc607f5fdfe0293d04050de758484fc0d22833d |
|
08-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
Move OpenSSL makefiles to one directory to avoid future patching issues Change-Id: I39f6cfc61f484f4457bda3003e5992dfc7e20186
/external/openssl/import_openssl.sh
|
26674baf1ef727d9c0f12939c08ea90b56f65c26 |
|
31-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Enable additional asm on arm Bug: 6168278 Change-Id: Icb87356462ff2219c939bfeedc6aac7f4db69af7
/external/openssl/import_openssl.sh
|
7f1d63479ce92a2a4a0874b007e49f8acb13a0d9 |
|
15-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
am db166823: Merge "From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001 Subject: [MIPS] MIPS assembler pack update" * commit 'db166823303559663b1c209e14b326160519c51c': From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001 Subject: [MIPS] MIPS assembler pack update
|
b83a02d94f9ba66fc5da46c2e27572674ea17931 |
|
21-Feb-2012 |
Petar Jovanovic <petar.jovanovic@rt-rk.com> |
From 67b1ae72527c9e173ace98e805e8b9c090455873 Mon Sep 17 00:00:00 2001 Subject: [MIPS] MIPS assembler pack update Asm changes have been taken from http://cvs.openssl.org/chngview?cn=21708 These should discarded when the code base moves to OpenSSL 1.0.1 or above. Additional changes have also been added to the Android make files, so it builds correctly for MIPS architecture. Change-Id: Ifc139e624d50510727180b03b15e15f7bbeda4d1 Signed-Off-By: Petar Jovanovic <petarj@mips.com>
/external/openssl/import_openssl.sh
|
7b476c43f6a45574eb34697244b592e7b09f05a3 |
|
04-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0f Bug: 5822335 Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f
/external/openssl/import_openssl.sh
|
4f16e619f191ec2041275b4ff5235663d583e484 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Improved client certificate and certificate chain support Summary: - openssl: add openssl support for specifying per key certificate chains - libcore: properly implement client certificate request call back - libcore: properly implement sending certificate chain - libcore: properly implement retreiving local certificate chain - libcore: added an SSLContext for non-OpenSSL SSLSocket creation Details: external/openssl Improve patch generate support by applying all other patches to baseline to remove cross polluting other patch changes into target patch. Move cleanup of ./Configure output to import script from openssl.config. import_openssl.sh openssl.config Adding SSL_use_certificate_chain and SSL_get_certificate_chain to continue to finish most of remaining JSSE issues. include/openssl/ssl.h ssl/s3_both.c ssl/ssl.h ssl/ssl_locl.h ssl/ssl_rsa.c Updated patch (and list of input files to patch) patches/jsse.patch openssl.config libcore Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl instances for interoperability testing. OpenSSLContextImpl is the new subclass that provides OpenSSLSocketImpl. JSSEProvider provides the old style SSLContexts, OpenSSLProvider provides the OpenSSL SSLContext, which includes the "default" context. Changed to register SSLContexts without aliases to match the RI. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Native interface updates to support OpenSSLSocketImpl improvements - KEY_TYPES now expanded based on what we are being provided by OpenSSL. keyType function now maps key type values received from clientCertificateRequested callback. - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain - Fixed clientCertificateRequested to properly include all key types supported by server, not just the one from the cipher suite. We also now properly include the list of supported CAs to help the client select a certificate to use. - Fixed NativeCrypto.SSL_use_certificate implementation to use new SSL_use_certificate_chain function from openssl to pass chain to OpenSSL. - Added error handling of all uses of sk_*_push which can fail due to out of memory - Fixed compile warning due to missing JNI_TRACE argument luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Improvements to SSL test support to go along with client certificate and certificate chain changes. TestSSLContext now has separate contexts for the client and server (as well as seperate key stores information). TestKeyStore now is more realistic by default, creating a CA, intermediate CA, and separate client and server certificates, as well as a client keystore that simply contains the CA and no certificates. support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Tests tracking API changes. Tests involving cert chains now now updated to use TestKeyStore.assertChainLength to avoid hardwiring expected chain length in tests. These tests also now use TestSSLContext.assertClientCertificateChain to validate that the chain is properly constructed and trusted by a trust manager. luni/src/test/java/java/net/URLConnectionTest.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java frameworks/base Tracking change of SSLContextImpl to OpenSSLContextImpl core/java/android/net/SSLCertificateSocketFactory.java core/java/android/net/http/HttpsConnection.java tests/CoreTests/android/core/SSLPerformanceTest.java tests/CoreTests/android/core/SSLSocketTest.java Tracking changes to TestSSLContext core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java Change-Id: I792921617164a98467c500d7fe53dbd738adfa02
/external/openssl/import_openssl.sh
|
8c67d9d5244d5942ca08f8a69c2c83418188fef0 |
|
10-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
import_openssl.sh improvements based on external/bouncycastle work Tested with ./import_openssl.sh import .../openssl-1.0.0.tar.gz and confirmed no source changes Also added debug flags in android-config.mk for later use Change-Id: Idbfefe7bc16790060eb58c116b0961c195b3a087
/external/openssl/import_openssl.sh
|
925e1a4723895097daa6f8551a4144abd1d2d1ed |
|
26-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
Fix for openssl-1.0.0 small_records.patch There were two issues with the first version of small_records.patch - the resize check was immediately after the size check, so the size check always failed before the resize happened. - openssl-1.0.0 needs extra space to be allocated for alignment patches/small_records.patch Regenerated file ssl/s3_pkt.c Added patch generatation support, as opposed to just regenerate when patches no longer apply on upgrade. Usage: import_openssl.sh generate <patch/foo.patch> <openssl-tarball.tar.gz> import_openssl.sh As part of "import_openssl.sh generate", moved definition of imported sources to openssl.config instead of wired in the code. openssl.config Add browser testing note with https://online.citibank.com README.android
/external/openssl/import_openssl.sh
|
674ff29eb647c577ba1ef822c373ead69dc386cf |
|
15-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.0 upgrade external/openssl Updated version to 1.0.0 openssl.version Updated small records patch for 1.0.0. This is probably the most significant change. patches/small_records.patch Removed bad_version.patch since fix is included in 0.9.8n and beyond patches/README patches/bad_version.patch openssl.config Changed import_openssl.sh to generate armv4 asm with the 1.0.0 scripts, not our backported 0.9.9-dev backported version in patches/arm-asm.patch. import_openssl.sh openssl.config patches/README patches/arm-asm.patch Added -DOPENSSL_NO_STORE to match ./Configure output Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher android-config.mk openssl.config Fixed import to remove include directory during import like other imported directories (apps, ssl, crypto) import_openssl.sh Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use. openssl.config Updated to build newly required files patches/apps_Android.mk patches/crypto_Android.mk Disable some new openssl tools patches/progs.patch Updated upgrade testing notes to include running BigInteger tests README.android Automatically imported android.testssl/ apps/ crypto/ e_os.h e_os2.h include/ ssl/ dalvik Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns so there are not duplicate ciphersuite names in getEnabledCipherSuites. libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Updated OpenSSLSocketImpl_cipherauthenticationmethod for new SSL_CIPHER algorithms -> algorithm_auth (and const-ness) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp test_EnabledCipherSuites on both SSLSocketTest and SSLServerSocketTest caught the makeCipherList problem. However the asserts where a bit out of sync and didn't give good messages because they didn't actually show what was going on. As part of debugging the issue they found, I tried to make align the asserts and improve their output for the future. libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java vendor/google Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility libraries/libjingle/talk/base/openssladapter.cc Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
/external/openssl/import_openssl.sh
|
cb10715cbfca3534fb93aef2a3bc2e15265524d1 |
|
23-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
fix /mnt/sdcard to /sdcard in android.testssl found when merging to dalvik-dev where test failed because of incorrect path Change-Id: Ib87af202fdf4027d8c133a27bd956227c6d741e6
/external/openssl/import_openssl.sh
|
99ed67e397c4f2d3e0e65fa714a416bb73a0d108 |
|
17-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
b/2522132 Native crash in sslRead() Summary: - the small_records.patch finished code review today, importing final version - the native crash reflected an underling openssl issue, so we have a new patch for this Details: Adding new patch for b/2522132 crash patches/bad_version.patch Syncing small_records.patch with reviewed version patches/small_records.patch Adding new patch to the list of active patches openssl.config Adding description of the new bad_version.patch patches/README Minor test script changes - Added adb remount - Simplified /mnt/sdcard to /sdcard patches/testssl.sh Added trace message as each patch is applied so I could more easily confirm that the newly added bad_version.patch was applied. import_openssl.sh Automatically generated files: android.testssl/testssl.sh ssl/d1_pkt.c ssl/s3_both.c ssl/s3_pkt.c Change-Id: I1ca1b69d612ef425203074c58c031d6a681b92fe
/external/openssl/import_openssl.sh
|
98d58bb80c64b02a33662f0ea80351d4a1535267 |
|
09-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh Testing Summary: - Passed new android.testssl/testssl.sh - General testing with BrowserActivity based program Details: Expanded detail in README.android about how to build and test openssl upgrades based on my first experience. modified: README.android Significant rework of import_openssl.sh script that does most of the work of the upgrade. Most of the existing code became the main and import functions. The newly regenerate code helps regenerate patch files, building on the fact that import now keeps and original unmodified read-only source tree for use for patch generation. Patch generation relies on additions to openssl.config for defining which patches include which files. Note that sometimes a file may be patched multiple times, in that case manual review is still necessary to prune the patch after auto-regeneration. Other enhancements to import_openssl.sh include generating android.testssl and printing Makefile defines for android-config.mk review. modified: import_openssl.sh Test support files for openssl/ Add support for building /system/bin/ssltest as test executible for use by testssl script. Need confirmation that this is the right way to define such a test binary. modified: patches/ssl_Android.mk Driver script that generates user and CA keys and certs on the device with /system/bin/openssl before running testssl. Based on openssl/test/testss for generation and openssl/test/Makefile test_ssl for test execution. new file: patches/testssl.sh Note all following android.testssl files are automatically imported from openssl, although possible with modifications by import_openssl.sh testssl script imported from openssl/test that does the bulk of the testing. Includes new tests patched in for our additions. new file: android.testssl/testssl CA and user certificate configuration files from openssl. Automatically imported from openssl/test/ new file: android.testssl/CAss.cnf new file: android.testssl/Uss.cnf certificate and key test file imported from openssl/apps new file: android.testssl/server2.pem Actual 0.9.8m upgrade specific bits Trying to bring ngm's small records support into 0.9.8m. Needs signoff by ngm although it does pass testing. modified: patches/small_records.patch Update openssl.config for 0.9.8m. Expanded lists of undeeded directories and files for easier update and review, adding new excludes. Also added new definitions to support "import_openssl.sh regenerate" for patch updating. modified: openssl.config Updated OPENSSL_VERSION to 0.9.8m modified: openssl.version Automatically imported/patched files. Seems like it could be further pruned in by openssl.config UNNEEDED_SOURCES, but extra stuff doesn't end up impacting device. modified: apps/... modified: crypto/... modified: include/... modified: ssl/... Other Android build stuff. Note for these patches/... is source, .../Android.mk is derived. Split LOCAL_CFLAGS additions into lines based on openssl/Makefile source for easier comparison when upgrading. I knowingly left the lines long and unwrapped for easy vdiff with openssl/Makefile modified: android-config.mk Removed local -DOPENSSL_NO_ECDH already in android-config.mk. modified: patches/apps_Android.mk Sync up with changes that had crept into derived crypto/Android.mk modified: patches/crypto_Android.mk Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/import_openssl.sh
|
1fada29eaaa2a758ba3f68ee9ede8b6715673146 |
|
01-Oct-2009 |
Nagendra Modadugu <ngm@google.com> |
Add small_records.patch and handshake_cutthrough.patch. See patches/README for additional details.
/external/openssl/import_openssl.sh
|
e45f106cb6b47af1f21efe76e933bdea2f5dd1ca |
|
30-Sep-2009 |
Nagendra Modadugu <ngm@google.com> |
Upgrade to openssl-0.9.8k. The source tree (and the size of the compiled library) can be reduced further. This will be done in a future commit.
/external/openssl/import_openssl.sh
|