fc6ed1594aebe63aafa31af2bd01c41fab36d6cc |
|
17-Nov-2014 |
Kenny Root <kroot@google.com> |
Follow-up for 1.0.1j upgrade, part 2 The error messages SSL_R_NO_P256_SUPPORT from an internal patch and SSL_R_INAPPROPRIATE_FALLBACK from 1.0.1j upgrade conflict resulting in weird error messages. Tests were added to catch this regression in libcore change If8896d8f644095c13cbe44dd8ba7d4ef235385cf (cherry picked from commit b4e20dd70acc0a67c2aa2832b0ffad3a0bcb9bdd) Bug: 18018599 Change-Id: I62e50f14a41a9f3b53afbbd6382800a6e18e55ec
/external/openssl/include/openssl/ssl.h
|
c64f6fe2be99cb3fa8e491b5bede9a217de87a4c |
|
06-Nov-2014 |
Kenny Root <kroot@google.com> |
Upgrade to 1.0.1j Upgraded from archive: cff86857507624f0ad42d922bb6f77c4f1c2b819 openssl-1.0.1j.tar.gz (cherry picked from commit c642a4957fa6f518a02839abc38de4e1476cdfc6) Bug: 18018599 Change-Id: I7db55f15e6c5670cc2ced1ffbc736b1b354be740
/external/openssl/include/openssl/ssl.h
|
9a68a8fb86e7440763286e3ea8578099abd598e7 |
|
03-Oct-2014 |
Bodo Moeller <bmoeller@google.com> |
Add support for TLS_FALLBACK_SCSV Bug: 17750026 Change-Id: I4b5ba1a6edbdac57c29e1e3b9425b9f69275784f
/external/openssl/include/openssl/ssl.h
|
8e8ec665ac4a328d173417afae1ee58d0e7ea1b4 |
|
06-Aug-2014 |
Kenny Root <kroot@google.com> |
Retry sending record split fragment when SSL write fails When the write size was exactly SSL3_RT_MAX_PLAIN_LENGTH+1 and record splitting is needed, an extra byte would be added to the max size of the message to be written. This would cause the requested size to not exceed the max. If the SSL_WANT_WRITE error were returned, the next packet would not get the extra byte added to the max packet size since record_split_done is set. Since a different set of arguments (SSL3_RT_MAX_PLAIN_LENGTH+1 vs SSL3_RT_MAX_PLAIN_LENGTH) would be passed to do_ssl3_write, it would get an "SSL3_WRITE_PENDING:bad write retry" error. To avoid a failure in the opposite direction, the max variable increment is removed as well. This can happen when SSL_MODE_ENABLE_PARTIAL_WRITE is not enabled, the call to ssl3_write_bytes contains, e.g., buffer of 2*SSL3_RT_MAX_PLAIN_LENGTH where the first call into do_ssl3_write succeeds writing the first SSL3_RT_MAX_PLAIN_LENGTH bytes, but the writing the second SSL3_RT_MAX_PLAIN_LENGTH bytes fails. This means the first time the the second section of SSL3_RT_MAX_PLAIN_LENGTH bytes has called do_ssl3_write with "max" bytes, but next call to ssl3_write_bytes in turn calls into do_ssl3_write with "max+1" bytes. (cherry picked from commit 455e02af15d07aa8f8b22b5f6558c23f041c6b2a) Bug: 16482963 Change-Id: I28a515a970d535a7fbba9c0ba325c9aed633d1cc
/external/openssl/include/openssl/ssl.h
|
b0a77b1a27bcd7096df02a155b5aa5d2e8fdc768 |
|
17-Jun-2014 |
Alex Klyubin <klyubin@google.com> |
Add a missing declaration of SSL_CIPHER_authentication_method. The declaration of this method was accidentally removed from ssl.h in 392aa7cc7d2b122614c5393c3e357da07fd07af3. Bug: 15675825 Change-Id: I2e563d74aaec08ae5aa636cd38e6add98efec480
/external/openssl/include/openssl/ssl.h
|
77c6be7176c48d2ce4d5979a84876d34204eedaf |
|
12-Jun-2014 |
Kenny Root <kroot@google.com> |
Upgrade to OpenSSL 1.0.1h sha1sum of distribution: b2239599c8bf8f7fc48590a55205c26abe560bf8 openssl-1.0.1h.tar.gz Bug: 15442813 Change-Id: I9abd00afcb7efb0e80b27bf7beade3c6dc511082
/external/openssl/include/openssl/ssl.h
|
9ab523cb95e7ef674e9c41438d9f524063d14234 |
|
05-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Fix Early CCS bug SSL/TLS MITM vulnerability (CVE-2014-0224) (cherry picked from commit 9c58a18df94359edda520ebe95f6e0263e401aa4) Bug: 15442813 (cherry picked from commit 581e6bdd03b82570fe3860110a61474837fa8779) Change-Id: I8c18d49a3719906895326c82ea013b09be1a9b52
/external/openssl/include/openssl/ssl.h
|
3355e0f024c4cd610fbb32fdf148a6f376e9e74e |
|
05-May-2014 |
Alex Klyubin <klyubin@google.com> |
Fix TLS-PSK identity hint implementation issues. PSK identity hint can be stored in SSL_CTX and in SSL/SSL_SESSION, similar to other TLS parameters, with the value in SSL/SSL_SESSION taking precedence over the one in SSL_CTX. The value in SSL_CTX is shared (used as the default) between all SSL instances associated with that SSL_CTX, whereas the value in SSL/SSL_SESSION is confined to that particular TLS/SSL connection/session. The existing implementation of TLS-PSK does not correctly distinguish between PSK identity hint in SSL_CTX and in SSL/SSL_SESSION. This change fixes these issues: 1. SSL_use_psk_identity_hint does nothing and returns "success" when the SSL object does not have an associated SSL_SESSION. 2. On the client, the hint in SSL_CTX (which is shared between multiple SSL instances) is overwritten with the hint received from server or reset to NULL if no hint was received. 3. On the client, psk_client_callback is invoked with the hint from SSL_CTX rather than from current SSL/SSL_SESSION (i.e., the one received from the server). Issue #2 above masks this issue. 4. On the server, the hint in SSL/SSL_SESSION is ignored and the hint from SSL_CTX is sent to the client. 5. On the server, the hint in SSL/SSL_SESSION is reset to the one in SSL_CTX after the ClientKeyExchange message step. This change fixes the issues by: * Adding storage for the hint in the SSL object. The idea being that the hint in the associated SSL_SESSION takes precedence. * Reading the hint during the handshake only from the associated SSL_SESSION object. * Initializing the hint in SSL object with the one from the SSL_CTX object. * Initializing the hint in SSL_SESSION object with the one from the SSL object. * Making SSL_use_psk_identity_hint and SSL_get_psk_identity_hint set/get the hint to/from SSL_SESSION associated with the provided SSL object, or, if no SSL_SESSION is available, set/get the hint to/from the provided SSL object. * Removing code which resets the hint during handshake. Change-Id: I13f51a5e942269a727c9f26f31155e3d5093903f
/external/openssl/include/openssl/ssl.h
|
7f7ea2d72f2e316ba518e82f06513e3477840c15 |
|
07-Apr-2014 |
Kenny Root <kroot@google.com> |
Update to OpenSSL 1.0.1g Upgrade to the new OpenSSL 1.0.1g release. SHA-1 hash of file: b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c openssl-1.0.1g.tar.gz Change-Id: Ie839cf2a4367afbd2919180ea4ce016b1c8d6668
/external/openssl/include/openssl/ssl.h
|
ff41a4bc41ae1e1391f9b05117623ff70b985983 |
|
07-Jan-2014 |
Kenny Root <kroot@google.com> |
Import OpenSSL 1.0.1f Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file: 9ef09e97dfc9f14ac2c042f3b7e301098794fc0f openssl-1.0.1f.tar.gz Some changes had to be made to the existing source: Fixed the import script to work with "sh -x" for debugging problems. Update some of the files from patches/ to work with 1.0.1f, because 1.0.1f fixes have used some of the constants that were used (0x20L was changed to 0x80L and 0x40L was changed to 0x100L). Delete the "Makefile.save" files that are newly present in the OpenSSL 1.0.1f release tarball. Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1
/external/openssl/include/openssl/ssl.h
|
e6443cd9084e98ea362375c3f177a0eab7aa8fdc |
|
05-Nov-2013 |
Adam Langley <agl@chromium.org> |
Implement CBC record splitting. This patch removes support for empty records (which is almost universally disabled via SSL_OP_ALL) and adds optional support for 1/n-1 record splitting. The latter is not enabled by default, since it's not typically used on servers, but it should be enabled in web browsers since there are known attacks in that case (see BEAST). Bug: 11514124 Change-Id: I3fef273edd417c51c5723d290656d2e03331d68a
/external/openssl/include/openssl/ssl.h
|
ee53ab1212ec75db6e1704a6909c45c93dd411c3 |
|
24-Jun-2013 |
Kenny Root <kroot@google.com> |
Add ALPN support patch This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF blessed version of NPN and we'll be supporting both ALPN and NPN for some time yet. [1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00 Patch from Adam Langley <agl@chromium.org> Change-Id: I556b1ee877f398ae8b7f1d4abbaddc44611e5f51
/external/openssl/include/openssl/ssl.h
|
365d7e8ba65197a3bad7349848dc13be13d6922a |
|
05-Mar-2013 |
David 'Digit' Turner <digit@android.com> |
Fix Clang build. This contains a new Android-specific patch to fix the Chromium linux Clang builds. This updates patches/channelid.patch independently since this patch hasn't been submitted upstream yet. Change-Id: I9d9a2ca3ad8446a54db5a023571fde1bc0d276c5
/external/openssl/include/openssl/ssl.h
|
04ef91b390dfcc6125913e2f2af502d23d7a5112 |
|
05-Feb-2013 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1d upgrade Change-Id: Ie980c8834cf2c843858182d98d1f60c65a2a9b70
/external/openssl/include/openssl/ssl.h
|
f04b7b0cd950a9bf3c07edcbafb48afe63d4fed3 |
|
17-Jan-2013 |
Brian Carlstrom <bdc@google.com> |
Remove small_records.patch in favor of SSL_MODE_RELEASE_BUFFERS Restored handshake_cutthrough.patch to upstream having removed traces of the small_records.patch Change-Id: Iae8df5f24fe5fe566e81421e9db4c2f1ea5f1b53
/external/openssl/include/openssl/ssl.h
|
45bcfbcc39acc2213abd00ebcc794dcc40be39f7 |
|
16-Jan-2013 |
Adam Langley <agl@chromium.org> |
Add support for the TLS Channel ID extension. See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00. Change-Id: Id5b9799f96c0f7a1ef5ed8db9e40111a700d091f
/external/openssl/include/openssl/ssl.h
|
f42d491ab90c82302b0054c62014c1ee9b638aff |
|
28-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1b upgrade Change-Id: I4fe854007f774cf7f386cd405a9d21e6ca94e7b6
/external/openssl/include/openssl/ssl.h
|
a1a5710c055e139ea00e785f9eb55b3af3e4dab1 |
|
19-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1a upgrade Bug: 6366068 Change-Id: I0b6ec75b5c2a8f082b4b0fe6db2697d24f2f9b00
/external/openssl/include/openssl/ssl.h
|
392aa7cc7d2b122614c5393c3e357da07fd07af3 |
|
16-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1 upgrade Bug: 6168278 Change-Id: I648f9172828120df5d19a14425e9ceec92647921
/external/openssl/include/openssl/ssl.h
|
21c841450af61d0a9119cdc863e93d019127bfe1 |
|
12-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0h Change-Id: I0bc9b6b486bf10ebae34b994b63cf6011afdf5e1
/external/openssl/include/openssl/ssl.h
|
7b476c43f6a45574eb34697244b592e7b09f05a3 |
|
04-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0f Bug: 5822335 Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f
/external/openssl/include/openssl/ssl.h
|
bf9ac266e34f910ace31880ea92b8deaf6212aa6 |
|
29-Nov-2010 |
Kristian Monsen <kristianm@google.com> |
Patch OpenSSL to enable SPDY Change-Id: Ie076e26ab49f1addd7a918271e85d779f47167ac
/external/openssl/include/openssl/ssl.h
|
d524efd1ee2dde250eb759c483c9db089f653d16 |
|
03-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
Move NativeCrypto dependencies on openssl internals to jsse.patch Change-Id: I3cb6fb47f8294e5bc912e7ed073433925e9b120b
/external/openssl/include/openssl/ssl.h
|
4f16e619f191ec2041275b4ff5235663d583e484 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Improved client certificate and certificate chain support Summary: - openssl: add openssl support for specifying per key certificate chains - libcore: properly implement client certificate request call back - libcore: properly implement sending certificate chain - libcore: properly implement retreiving local certificate chain - libcore: added an SSLContext for non-OpenSSL SSLSocket creation Details: external/openssl Improve patch generate support by applying all other patches to baseline to remove cross polluting other patch changes into target patch. Move cleanup of ./Configure output to import script from openssl.config. import_openssl.sh openssl.config Adding SSL_use_certificate_chain and SSL_get_certificate_chain to continue to finish most of remaining JSSE issues. include/openssl/ssl.h ssl/s3_both.c ssl/ssl.h ssl/ssl_locl.h ssl/ssl_rsa.c Updated patch (and list of input files to patch) patches/jsse.patch openssl.config libcore Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl instances for interoperability testing. OpenSSLContextImpl is the new subclass that provides OpenSSLSocketImpl. JSSEProvider provides the old style SSLContexts, OpenSSLProvider provides the OpenSSL SSLContext, which includes the "default" context. Changed to register SSLContexts without aliases to match the RI. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Native interface updates to support OpenSSLSocketImpl improvements - KEY_TYPES now expanded based on what we are being provided by OpenSSL. keyType function now maps key type values received from clientCertificateRequested callback. - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain - Fixed clientCertificateRequested to properly include all key types supported by server, not just the one from the cipher suite. We also now properly include the list of supported CAs to help the client select a certificate to use. - Fixed NativeCrypto.SSL_use_certificate implementation to use new SSL_use_certificate_chain function from openssl to pass chain to OpenSSL. - Added error handling of all uses of sk_*_push which can fail due to out of memory - Fixed compile warning due to missing JNI_TRACE argument luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/NativeCrypto.cpp luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java Improvements to SSL test support to go along with client certificate and certificate chain changes. TestSSLContext now has separate contexts for the client and server (as well as seperate key stores information). TestKeyStore now is more realistic by default, creating a CA, intermediate CA, and separate client and server certificates, as well as a client keystore that simply contains the CA and no certificates. support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Tests tracking API changes. Tests involving cert chains now now updated to use TestKeyStore.assertChainLength to avoid hardwiring expected chain length in tests. These tests also now use TestSSLContext.assertClientCertificateChain to validate that the chain is properly constructed and trusted by a trust manager. luni/src/test/java/java/net/URLConnectionTest.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java support/src/test/java/javax/net/ssl/TestSSLSocketPair.java frameworks/base Tracking change of SSLContextImpl to OpenSSLContextImpl core/java/android/net/SSLCertificateSocketFactory.java core/java/android/net/http/HttpsConnection.java tests/CoreTests/android/core/SSLPerformanceTest.java tests/CoreTests/android/core/SSLSocketTest.java Tracking changes to TestSSLContext core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java Change-Id: I792921617164a98467c500d7fe53dbd738adfa02
/external/openssl/include/openssl/ssl.h
|
ad880030f0e8576c14b4ca332fe8b4f23257bc6d |
|
14-May-2010 |
Brian Carlstrom <bdc@google.com> |
Adding SSL_set_cipher_lists and turning on elliptic curve Summary: - adding SSL_set_cipher_lists for JSSE support - enabling elliptic curve for new JSSE cipher suites Details: Adding SSL_set_cipher_lists that allows setting of SSL ciphers (and indirectly ciphers_by_id). This allows us to explicitly set a desired cipher suite lists with our own ordering for JSSE support. patches/jsse.patch Enabling EC, ECDH, and ECDSA which are needed for RI 6 elliptic curve cipher suites. - EC = Elliptic Curve - ECDH = Elliptic Curve Diffie-Hellman - ECDSA = Elliptic Curve Digital Signature Algorithm android-config.mk patches/apps_Android.mk patches/crypto_Android.mk openssl.config Remove warning from openssl output to remove testssl warnings patches/progs.patch openssl.config Misc Update clean, build, and test instructions README.android Fixing whitespace inconsistency noted when updating clean target patches/ssl_Android.mk Generated files Copied from patches: apps/Android.mk crypto/Android.mk ssl/Android.mk Newly imported EC files from openssl-1.0.0.tar.gz Interestingly most of the needed files were already present, if not compiled. crypto/ec/ec_ameth.c crypto/ec/ec_pmeth.c crypto/ec/eck_prn.c SSL_set_cipher_lists include/openssl/ssl.h ssl/ssl.h ssl/ssl_lib.c Disabled warning apps/openssl.c Change-Id: I9edc9da2ea65d7d8e55257300a5978638a3e472d
/external/openssl/include/openssl/ssl.h
|
e296ea5cc0cd651d068eaf59a1552d07ea18b7c0 |
|
24-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
Adding SSL_set_session_creation_enabled for SSLSocket.setEnableSessionCreation(false) support SSL_set_session_creation_enabled implementation Add session_creation_enabled to ssl_st (aka SSL) Add SSL_set_session_creation_enabled(SSL*, int) declaration Add SSL_R_SESSION_MAY_NOT_BE_CREATED error reason include/openssl/ssl.h ssl/ssl.h Before creating session, check if session_creation_enabled. If not, error out, sending alert when possible in SSL3+ cases. ssl/d1_clnt.c ssl/s23_clnt.c ssl/s3_clnt.c ssl/s3_srvr.c Add error message for SSL_R_SESSION_MAY_NOT_BE_CREATED ssl/ssl_err.c Initialize session_creation_enabled to 1 in SSL_new ssl/ssl_lib.c Definition of SSL_set_session_creation_enabled. Add lower level check for session_creation_enabled in ssl_get_new_session in case it is not caught by higher levels. ssl/ssl_sess.c Patch details Added jsse.patch to list and add list of patched files. Fix whitespace to be tabs for consistency. openssl.config Add description of jsse.patch patches/README The patch itself, containing the above described changes patches/jsse.patch Testing Updated with note to run javax.net.ssl tests now that they are working reliably. README.android Change-Id: Ic46b257a459d21b013396d7a17321fb550f2c1b0
/external/openssl/include/openssl/ssl.h
|
248a4c78a25b81a72352125142f3fc04493f428b |
|
22-Apr-2010 |
Huahui Wu <hwu@google.com> |
Re-enable SSL's cut-through feature in Master over openSSL 1.0.0. It was pulled because of b/2586347 but it turns out to be a problem in the tests. The tests were fixed in Change Id8472487, and the feature is re-enabled here. Bug id: 2614118 Change-Id: I09caeb80eceb5cc5e1677947f54ced8ccc1677cd
/external/openssl/include/openssl/ssl.h
|
674ff29eb647c577ba1ef822c373ead69dc386cf |
|
15-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.0 upgrade external/openssl Updated version to 1.0.0 openssl.version Updated small records patch for 1.0.0. This is probably the most significant change. patches/small_records.patch Removed bad_version.patch since fix is included in 0.9.8n and beyond patches/README patches/bad_version.patch openssl.config Changed import_openssl.sh to generate armv4 asm with the 1.0.0 scripts, not our backported 0.9.9-dev backported version in patches/arm-asm.patch. import_openssl.sh openssl.config patches/README patches/arm-asm.patch Added -DOPENSSL_NO_STORE to match ./Configure output Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher android-config.mk openssl.config Fixed import to remove include directory during import like other imported directories (apps, ssl, crypto) import_openssl.sh Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use. openssl.config Updated to build newly required files patches/apps_Android.mk patches/crypto_Android.mk Disable some new openssl tools patches/progs.patch Updated upgrade testing notes to include running BigInteger tests README.android Automatically imported android.testssl/ apps/ crypto/ e_os.h e_os2.h include/ ssl/ dalvik Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns so there are not duplicate ciphersuite names in getEnabledCipherSuites. libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Updated OpenSSLSocketImpl_cipherauthenticationmethod for new SSL_CIPHER algorithms -> algorithm_auth (and const-ness) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod) libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp test_EnabledCipherSuites on both SSLSocketTest and SSLServerSocketTest caught the makeCipherList problem. However the asserts where a bit out of sync and didn't give good messages because they didn't actually show what was going on. As part of debugging the issue they found, I tried to make align the asserts and improve their output for the future. libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java vendor/google Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility libraries/libjingle/talk/base/openssladapter.cc Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
/external/openssl/include/openssl/ssl.h
|
7f9d8bc8c32fa4196cff8a8f1c64c5183eefad9e |
|
14-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
disable handshake_cutthrough.patch CTS tests exposed compatability problems for SSLSocket applications with handshake cutthrough enabled. Disabling until they can be resolved. b/2586347 Change-Id: If2e43f50712780e1905c86b64ac2f89e95e7cc95
/external/openssl/include/openssl/ssl.h
|
5f06f48e30a40f86ee704147d46e5e37383122fd |
|
30-Mar-2010 |
Huahui Wu <hwu@google.com> |
Re-enable the cut-through (a.k.a false start) feature in openSSL. This will save one RTT for SSL handshake. b/2511073 explains the details. Change-Id: I01cd02d2df375bc02eec12814308f0a6e63b8ae1
/external/openssl/include/openssl/ssl.h
|
a69b00f3432cbf516436c5cecdd177d14f3c4a5a |
|
12-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
b/2453395 cannot reach sslvpn.broadcom.com Disabled handshake_cutthrough.patch in openssl.config Change-Id: I4fe837876198dcf0593c5f5d32174d8af76f3f9f
/external/openssl/include/openssl/ssl.h
|
98d58bb80c64b02a33662f0ea80351d4a1535267 |
|
09-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh Testing Summary: - Passed new android.testssl/testssl.sh - General testing with BrowserActivity based program Details: Expanded detail in README.android about how to build and test openssl upgrades based on my first experience. modified: README.android Significant rework of import_openssl.sh script that does most of the work of the upgrade. Most of the existing code became the main and import functions. The newly regenerate code helps regenerate patch files, building on the fact that import now keeps and original unmodified read-only source tree for use for patch generation. Patch generation relies on additions to openssl.config for defining which patches include which files. Note that sometimes a file may be patched multiple times, in that case manual review is still necessary to prune the patch after auto-regeneration. Other enhancements to import_openssl.sh include generating android.testssl and printing Makefile defines for android-config.mk review. modified: import_openssl.sh Test support files for openssl/ Add support for building /system/bin/ssltest as test executible for use by testssl script. Need confirmation that this is the right way to define such a test binary. modified: patches/ssl_Android.mk Driver script that generates user and CA keys and certs on the device with /system/bin/openssl before running testssl. Based on openssl/test/testss for generation and openssl/test/Makefile test_ssl for test execution. new file: patches/testssl.sh Note all following android.testssl files are automatically imported from openssl, although possible with modifications by import_openssl.sh testssl script imported from openssl/test that does the bulk of the testing. Includes new tests patched in for our additions. new file: android.testssl/testssl CA and user certificate configuration files from openssl. Automatically imported from openssl/test/ new file: android.testssl/CAss.cnf new file: android.testssl/Uss.cnf certificate and key test file imported from openssl/apps new file: android.testssl/server2.pem Actual 0.9.8m upgrade specific bits Trying to bring ngm's small records support into 0.9.8m. Needs signoff by ngm although it does pass testing. modified: patches/small_records.patch Update openssl.config for 0.9.8m. Expanded lists of undeeded directories and files for easier update and review, adding new excludes. Also added new definitions to support "import_openssl.sh regenerate" for patch updating. modified: openssl.config Updated OPENSSL_VERSION to 0.9.8m modified: openssl.version Automatically imported/patched files. Seems like it could be further pruned in by openssl.config UNNEEDED_SOURCES, but extra stuff doesn't end up impacting device. modified: apps/... modified: crypto/... modified: include/... modified: ssl/... Other Android build stuff. Note for these patches/... is source, .../Android.mk is derived. Split LOCAL_CFLAGS additions into lines based on openssl/Makefile source for easier comparison when upgrading. I knowingly left the lines long and unwrapped for easy vdiff with openssl/Makefile modified: android-config.mk Removed local -DOPENSSL_NO_ECDH already in android-config.mk. modified: patches/apps_Android.mk Sync up with changes that had crept into derived crypto/Android.mk modified: patches/crypto_Android.mk Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/include/openssl/ssl.h
|
1fada29eaaa2a758ba3f68ee9ede8b6715673146 |
|
01-Oct-2009 |
Nagendra Modadugu <ngm@google.com> |
Add small_records.patch and handshake_cutthrough.patch. See patches/README for additional details.
/external/openssl/include/openssl/ssl.h
|
e45f106cb6b47af1f21efe76e933bdea2f5dd1ca |
|
30-Sep-2009 |
Nagendra Modadugu <ngm@google.com> |
Upgrade to openssl-0.9.8k. The source tree (and the size of the compiled library) can be reduced further. This will be done in a future commit.
/external/openssl/include/openssl/ssl.h
|
656d9c7f52f88b3a3daccafa7655dec086c4756e |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/include/openssl/ssl.h
|
d2cbe6ee0fd4269543a9a243f2b0963ce6f46280 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/include/openssl/ssl.h
|
f48372ded3bb76c2598392aa58abe6e2eb7432d2 |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
/external/openssl/include/openssl/ssl.h
|
bdfb8ad83da0647e9b9a32792598e8ce7ba3ef4d |
|
12-Jan-1970 |
Upstream <upstream-import@none> |
external/openssl 0.9.8h
/external/openssl/include/openssl/ssl.h
|