| c64f6fe2be99cb3fa8e491b5bede9a217de87a4c |
|
06-Nov-2014 |
Kenny Root <kroot@google.com> |
Upgrade to 1.0.1j
Upgraded from archive:
cff86857507624f0ad42d922bb6f77c4f1c2b819 openssl-1.0.1j.tar.gz
(cherry picked from commit c642a4957fa6f518a02839abc38de4e1476cdfc6)
Bug: 18018599
Change-Id: I7db55f15e6c5670cc2ced1ffbc736b1b354be740
/external/openssl/ssl/s3_lib.c
|
| 9a68a8fb86e7440763286e3ea8578099abd598e7 |
|
03-Oct-2014 |
Bodo Moeller <bmoeller@google.com> |
Add support for TLS_FALLBACK_SCSV
Bug: 17750026
Change-Id: I4b5ba1a6edbdac57c29e1e3b9425b9f69275784f
/external/openssl/ssl/s3_lib.c
|
| 37da3e839dd053106842299f7192ce9c88207094 |
|
04-Jun-2014 |
Alex Klyubin <klyubin@google.com> |
Replace ECDHE-PSK SHA-2 cipher suites with SHA-1 ones.
The SHA-2 based cipher suites cannot be used with SSLv3 but there is
no way to express that in OpenSSL's configuration. This CL thus
replaces the SHA-2 cipher suites with SHA-1 ones.
Bug: 15073623
Change-Id: I427c99f4c1c72690d95e5a3c63763631c41ddae2
/external/openssl/ssl/s3_lib.c
|
| 77c6be7176c48d2ce4d5979a84876d34204eedaf |
|
12-Jun-2014 |
Kenny Root <kroot@google.com> |
Upgrade to OpenSSL 1.0.1h
sha1sum of distribution:
b2239599c8bf8f7fc48590a55205c26abe560bf8 openssl-1.0.1h.tar.gz
Bug: 15442813
Change-Id: I9abd00afcb7efb0e80b27bf7beade3c6dc511082
/external/openssl/ssl/s3_lib.c
|
| de9675dad342fcf6fe0ed86d083c027e88e44b6b |
|
29-Apr-2014 |
Alex Klyubin <klyubin@google.com> |
Add support for TLS-ECDHE-PSK cipher suites
This adds support for
* TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256, and
* TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384.
Change-Id: I2de54e4bae0f04f862564468be9328801ef5f74a
/external/openssl/ssl/s3_lib.c
|
| ff41a4bc41ae1e1391f9b05117623ff70b985983 |
|
07-Jan-2014 |
Kenny Root <kroot@google.com> |
Import OpenSSL 1.0.1f
Upgrade to the new OpenSSL 1.0.1f release. SHA-1 hash of file:
9ef09e97dfc9f14ac2c042f3b7e301098794fc0f openssl-1.0.1f.tar.gz
Some changes had to be made to the existing source:
Fixed the import script to work with "sh -x" for debugging problems.
Update some of the files from patches/ to work with 1.0.1f, because
1.0.1f fixes have used some of the constants that were used (0x20L was
changed to 0x80L and 0x40L was changed to 0x100L).
Delete the "Makefile.save" files that are newly present in the
OpenSSL 1.0.1f release tarball.
Change-Id: Ib0f13b91e863157da23ec1d736ff2d788897d9f1
/external/openssl/ssl/s3_lib.c
|
| ee53ab1212ec75db6e1704a6909c45c93dd411c3 |
|
24-Jun-2013 |
Kenny Root <kroot@google.com> |
Add ALPN support patch
This change adds support for ALPN[1] in OpenSSL. ALPN is the IETF
blessed version of NPN and we'll be supporting both ALPN and NPN for
some time yet.
[1] https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-00
Patch from Adam Langley <agl@chromium.org>
Change-Id: I556b1ee877f398ae8b7f1d4abbaddc44611e5f51
/external/openssl/ssl/s3_lib.c
|
| 04ef91b390dfcc6125913e2f2af502d23d7a5112 |
|
05-Feb-2013 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1d upgrade
Change-Id: Ie980c8834cf2c843858182d98d1f60c65a2a9b70
/external/openssl/ssl/s3_lib.c
|
| 45bcfbcc39acc2213abd00ebcc794dcc40be39f7 |
|
16-Jan-2013 |
Adam Langley <agl@chromium.org> |
Add support for the TLS Channel ID extension.
See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.
Change-Id: Id5b9799f96c0f7a1ef5ed8db9e40111a700d091f
/external/openssl/ssl/s3_lib.c
|
| a1a5710c055e139ea00e785f9eb55b3af3e4dab1 |
|
19-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1a upgrade
Bug: 6366068
Change-Id: I0b6ec75b5c2a8f082b4b0fe6db2697d24f2f9b00
/external/openssl/ssl/s3_lib.c
|
| 392aa7cc7d2b122614c5393c3e357da07fd07af3 |
|
16-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.1 upgrade
Bug: 6168278
Change-Id: I648f9172828120df5d19a14425e9ceec92647921
/external/openssl/ssl/s3_lib.c
|
| 7b476c43f6a45574eb34697244b592e7b09f05a3 |
|
04-Jan-2012 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0f
Bug: 5822335
Change-Id: Iadf81526a10b072ff323730db0e1897faea7a13f
/external/openssl/ssl/s3_lib.c
|
| ee7afb3c942c4eefef6ed06201eafaf8ec58e2e3 |
|
06-Sep-2011 |
Brian Carlstrom <bdc@google.com> |
Upgrade to openssl-1.0.0e
Bug: 5261862
Change-Id: I34d2d458aa85e61b1faacb8b5f386353be679d9b
/external/openssl/ssl/s3_lib.c
|
| bf9ac266e34f910ace31880ea92b8deaf6212aa6 |
|
29-Nov-2010 |
Kristian Monsen <kristianm@google.com> |
Patch OpenSSL to enable SPDY
Change-Id: Ie076e26ab49f1addd7a918271e85d779f47167ac
/external/openssl/ssl/s3_lib.c
|
| ef1d181713d602df2075f0bf367788fd8b15100d |
|
22-Apr-2010 |
Huahui Wu <hwu@google.com> |
Re-enable SSL's cut-through feature in Master over openSSL 1.0.0.
It was pulled because of b/2586347 but it turns out to be a problem in
the tests. The tests were fixed in Change Id8472487, and the feature
is re-enabled here.
Bug id: 2614118
Change-Id: I0bf365dbacd8e962e1156fb1f94a684c60802f4d
/external/openssl/ssl/s3_lib.c
|
| 221304ee937bc0910948a8be1320cb8cc4eb6d36 |
|
15-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
openssl-1.0.0 upgrade
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I90fb1566dede6034eebc96d2b0dcf4533d9643bf
/external/openssl/ssl/s3_lib.c
|
| 7f9d8bc8c32fa4196cff8a8f1c64c5183eefad9e |
|
14-Apr-2010 |
Brian Carlstrom <bdc@google.com> |
disable handshake_cutthrough.patch
CTS tests exposed compatability problems for SSLSocket applications
with handshake cutthrough enabled. Disabling until they can be
resolved. b/2586347
Change-Id: If2e43f50712780e1905c86b64ac2f89e95e7cc95
/external/openssl/ssl/s3_lib.c
|
| 5f06f48e30a40f86ee704147d46e5e37383122fd |
|
30-Mar-2010 |
Huahui Wu <hwu@google.com> |
Re-enable the cut-through (a.k.a false start) feature in openSSL.
This will save one RTT for SSL handshake.
b/2511073 explains the details.
Change-Id: I01cd02d2df375bc02eec12814308f0a6e63b8ae1
/external/openssl/ssl/s3_lib.c
|
| a69b00f3432cbf516436c5cecdd177d14f3c4a5a |
|
12-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
b/2453395 cannot reach sslvpn.broadcom.com
Disabled handshake_cutthrough.patch in openssl.config
Change-Id: I4fe837876198dcf0593c5f5d32174d8af76f3f9f
/external/openssl/ssl/s3_lib.c
|
| 98d58bb80c64b02a33662f0ea80351d4a1535267 |
|
09-Mar-2010 |
Brian Carlstrom <bdc@google.com> |
Summary: upgrading to openssl-0.9.8m and adding new testssl.sh
Testing Summary:
- Passed new android.testssl/testssl.sh
- General testing with BrowserActivity based program
Details:
Expanded detail in README.android about how to build and test openssl
upgrades based on my first experience.
modified: README.android
Significant rework of import_openssl.sh script that does most of
the work of the upgrade. Most of the existing code became the main
and import functions. The newly regenerate code helps regenerate
patch files, building on the fact that import now keeps and
original unmodified read-only source tree for use for patch
generation. Patch generation relies on additions to openssl.config
for defining which patches include which files. Note that
sometimes a file may be patched multiple times, in that case
manual review is still necessary to prune the patch after
auto-regeneration. Other enhancements to import_openssl.sh include
generating android.testssl and printing Makefile defines for
android-config.mk review.
modified: import_openssl.sh
Test support files for openssl/
Add support for building /system/bin/ssltest as test executible for
use by testssl script. Need confirmation that this is the right way
to define such a test binary.
modified: patches/ssl_Android.mk
Driver script that generates user and CA keys and certs on the
device with /system/bin/openssl before running testssl. Based on
openssl/test/testss for generation and openssl/test/Makefile
test_ssl for test execution.
new file: patches/testssl.sh
Note all following android.testssl files are automatically
imported from openssl, although possible with modifications by
import_openssl.sh
testssl script imported from openssl/test that does the bulk of
the testing. Includes new tests patched in for our additions.
new file: android.testssl/testssl
CA and user certificate configuration files from openssl.
Automatically imported from openssl/test/
new file: android.testssl/CAss.cnf
new file: android.testssl/Uss.cnf
certificate and key test file imported from openssl/apps
new file: android.testssl/server2.pem
Actual 0.9.8m upgrade specific bits
Trying to bring ngm's small records support into 0.9.8m. Needs
signoff by ngm although it does pass testing.
modified: patches/small_records.patch
Update openssl.config for 0.9.8m. Expanded lists of undeeded
directories and files for easier update and review, adding new
excludes. Also added new definitions to support "import_openssl.sh
regenerate" for patch updating.
modified: openssl.config
Updated OPENSSL_VERSION to 0.9.8m
modified: openssl.version
Automatically imported/patched files. Seems like it could be
further pruned in by openssl.config UNNEEDED_SOURCES, but extra
stuff doesn't end up impacting device.
modified: apps/...
modified: crypto/...
modified: include/...
modified: ssl/...
Other Android build stuff.
Note for these patches/... is source, .../Android.mk is derived.
Split LOCAL_CFLAGS additions into lines based on openssl/Makefile
source for easier comparison when upgrading. I knowingly left the
lines long and unwrapped for easy vdiff with openssl/Makefile
modified: android-config.mk
Removed local -DOPENSSL_NO_ECDH already in android-config.mk.
modified: patches/apps_Android.mk
Sync up with changes that had crept into derived crypto/Android.mk
modified: patches/crypto_Android.mk
Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
/external/openssl/ssl/s3_lib.c
|
| 8a903428736d72d6272cb91d66fb8ed46aaaeb1f |
|
06-Oct-2009 |
Nagendra Modadugu <ngm@google.com> |
Modify handshake_patch such that app data is sent along with CCS/Finished.
/external/openssl/ssl/s3_lib.c
|
| e45f106cb6b47af1f21efe76e933bdea2f5dd1ca |
|
30-Sep-2009 |
Nagendra Modadugu <ngm@google.com> |
Upgrade to openssl-0.9.8k.
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
/external/openssl/ssl/s3_lib.c
|
| 656d9c7f52f88b3a3daccafa7655dec086c4756e |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_lib.c
|
| d2cbe6ee0fd4269543a9a243f2b0963ce6f46280 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
/external/openssl/ssl/s3_lib.c
|
| bdfb8ad83da0647e9b9a32792598e8ce7ba3ef4d |
|
12-Jan-1970 |
Upstream <upstream-import@none> |
external/openssl 0.9.8h
/external/openssl/ssl/s3_lib.c
|