Upstream openssl to version 1.0.1c

README.chromium

 Name: openssl
 URL: http://openssl.org/source/
-Version: 1.0.0f
+Version: 1.0.1c
 License: BSDish
 License File: openssl/LICENSE
 License Android Compatible: yes
 Security Critical: yes
 
 Description:
-This is OpenSSL, the standard SSL/TLS library, which is used only in Android.
+This is OpenSSL, the standard SSL/TLS library, which is used *only* in
+the following cases:
 
-It's an unmodified, upstream source except for the patches listed below.
+ - For Chrome/Chromium, only on Android to implement SSL/TLS support
+   (while certificate validation is performed through the platform APIs),
+   instead of using NSS as on other Linux-based operating systems.
 
+   Note that there is no plans to support OpenSSL in Chromium on other
+   platforms. For more context, please read:
 
-********************************************************************************
-The following patches are taken from Android Open Source Project.
+     https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ-NL-YJ
 
+ - To implement net/tools/flip_server, a host-side tool. Read more about
+   it at the following page:
 
-progs.patch:
+     http://dev.chromium.org/spdy/running_flipinmemserver   
 
-Fixup sources under the apps/ directory that are not built under the android environment.
+This means that the library must be built, at a minimum, for Android, Linux
+and Darwin systems.
 
+  Android/ARM Android/x86 Linux/x86 Linux/x86_64 Darwin/x86 Darwin/x86_64
 
-small_records.patch:
+This source shall track the state of the Android platform's openssl version
+of the library, with some important details listed here:
 
-Reduce OpenSSL memory consumption.
-SSL records may be as large as 16K, but are typically < 2K.  In
-addition, a historic bug in Windows allowed records to be as large
-32K.  OpenSSL statically allocates read and write buffers (34K and
-18K respectively) used for processing records.
-With this patch, OpenSSL statically allocates 4K + 4K buffers, with
-the option of dynamically growing buffers to 34K + 4K, which is a
-saving of 44K per connection for the typical case.
+ - The Android version lives under $ANDROID/external/openssl, while
+   the Chromum version (these files) live under
+   $CHROMIUM/src/third_party/openssl.
 
+ - The Android version corresponds to the upstream original sources with
+   the patches under $ANDROID/external/openssl/patches applied. It also
+   does not include many files and directories that are not necessary for
+   the Android build.
 
-handshake_cutthrough.patch
+ - The Chromium version corresponds to the upstream original sources with
+   the patches under $CHROMIUM/src/third_party/openssl/patches/ applied.
+   Most of these patches come from the Android tree, with a few additional
+   ones.
 
-Enables SSL3+ clients to send application data immediately following the
-Finished message even when negotiating full-handshakes.  With this patch,
-clients can negotiate SSL connections in 1-RTT even when performing
-full-handshakes.
+   The file patches/README lists the purpose of each Android patch.
+   Additional Chromium-specific patches also exist and are described
+   at the end of this document.
 
+ - The Chromium openssl.gyp tries to match the Android.mk when it comes
+   to listing all source files. There is no direct mapping due to many
+   differences in their structure. To make this slightly easier, this file
+   doesn't use the convention of listing *all* source files under openssl,
+   then conditionally removing them for an Android build.
 
-jsse.patch
+   Instead, only the files needed for the build are listed in 'sources'.
+   Given that there is a very large number of files that are not used in
+   the build, this simplified the task of keeping both files in sync.
 
-Support for JSSE implementation based on OpenSSL.
+ - The Android tree also includes auto-generated assembly files for
+   ARM, x86 and MIPS, used to speed up some crypto computations. They
+   are generated by the $ANDROID/external/openssl/import_openssl.sh
+   script (which itself invokes a bunch of Perl generations scripts)
+   and have a file extension of .s
 
+   These files are also copied into the Chromium tree, with an .S file
+   extension, because they require being sent to the C preprocessor
+   before the assembler.
 
-npn.patch
+   The original Android.mk uses a feature not supported by gyp, which is:
 
-Transport Layer Security (TLS) Next Protocol Negotiation Extension
+     LOCAL_AS_FLAGS := -x assembler-with-cpp
 
+   It tells the build system to apply the '-x assembler-with-cpp' flag
+   only to assembler files.
 
-sha1_armv4_large.patch
+   By using .S instead, the build 'just works' on Chromium.
 
-This patch eliminates memory stores to addresses below SP.
+ - The Android build holds all configuration in
+   external/openssl/android-config.mk which is a Makefile fragment used
+   to define compiler flags that define configuration macros, to be used
+   when building *and* using the library.
 
+   The Chromium version uses config/<name>/openssl/opensslconf.h instead,
+   where name can be 'android', 'piii' or 'k8', corresponding to the
+   Android, Posix/ia32 or Posix/x64 builds.
 
-openssl_no_dtls1.patch
+   These headers hold the definition of these configuration variables.
+   Their parent directory must appear *before* openssl/include when
+   building and using the library. This is taken care of by openssl.gyp
+   here.
 
-Add missing #ifndef OPENSSL_NO_DTLS1
+   Due to this, the Chromium tree also does not include obsolete copies
+   of opensslconf.h which appear in the Android source tree (and do not
+   seem to be really included during the build).
 
-
-********************************************************************************
-The following patches are needed to compile this openssl on Chromium and pass
-the related net unit tests.
-
-
-empty_OPENSSL_cpuid_setup.patch
-
-Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
-error. We should figure out how to geenrate platform specific implementation
-of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.
-
+***************************************************************************
+The following patches are needed to compile this openssl on Chromium and
+pass the related net unit tests. They are applied on top of the
+Android-specific patches described under patches/README:
 
 x509_hash_name_algorithm_change.patch
 
-There are many symbolic links under /etc/ssl/certs created by using hash of
-the pem certificates in order for OpenSSL to find those certificate.
-Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
-However the new openssl changed the hash algorithm, Unless you compile/install
-the latest openssl library and re-create all related symbolic links, the new
-openssl can not find some certificates because the links of those certificates
-were created by using old hash algorithm, which causes some tests failed.
-This patch gives a way to find a certificate according to its hash by using both
-new algorithm and old algorithm.
-crbug.com/111045 is used to track this issue.
+There are many symbolic links under /etc/ssl/certs created by using hash
+of the PEM certificates in order for OpenSSL to find those certificates.
+Openssl has a tool to help you create hash symbolic links (tools/c_rehash).
+However the new openssl changed the hash algorithm. Unless you
+compile/install the latest openssl library and re-create all related
+symbolic links, the new openssl can not find some certificates because
+the links of those certificates were created by using old hash algorithm,
+which causes some tests failed. This patch gives a way to find a
+certificate according to its hash by using both new algorithm and old
+algorithm. crbug.com/111045 is used to track this issue.
 
+fix-clang-build.patch
 
-tls_exporter.patch
-
-Keying Material Exporters for Transport Layer Security (RFC 5705).
-
-
-Android platform support
-
-Copy config/android/openssl/opensslconf.h from Android's
-external/openssl/include/openssl/opensslconf.h
+Small patch to fix various minor issues which prevent building the library
+with Clang.