Chromium Code Reviews Chromium Code Reviews
Issue 10911247:
Upstream openssl to version 1.0.1c (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/| Index: README.chromium |
| =================================================================== |
| --- README.chromium (revision 156279) |
| +++ README.chromium (working copy) |
| @@ -1,78 +1,93 @@ |
| Name: openssl |
| URL: http://openssl.org/source/ |
| -Version: 1.0.0f |
| +Version: 1.0.1c |
| License: BSDish |
| License File: openssl/LICENSE |
| License Android Compatible: yes |
| Security Critical: yes |
| Description: |
| -This is OpenSSL, the standard SSL/TLS library, which is used only in Android. |
| +This is OpenSSL, the standard SSL/TLS library, which is used *only* in |
| +Android. There are no plans to support OpenSSL on other platforms. |
| +For more context, please read: |
| -It's an unmodified, upstream source except for the patches listed below. |
| + https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ-NL-YJ |
| -******************************************************************************** |
| -The following patches are taken from Android Open Source Project. |
| +This shall track the state of the Android platform's openssl version of |
| +the library, with some important details listed here: |
| + - The Android version lives under $ANDROID/external/openssl, while |
| + the Chromum version (these files) live under |
| + $CHROMIUM/src/third_party/openssl. |
| -progs.patch: |
| + - The Android version corresponds to the upstream original sources with |
| + the patches under $ANDROID/external/openssl/patches. It also does |
| + not include many files and directories that are not necessary for the |
| + Android build. |
| -Fixup sources under the apps/ directory that are not built under the android environment. |
| + - The Chromium version corresponds to the upstream original sources with |
| + the patches under $CHROMIUM/src/third_party/openssl/patches/ applied. |
| + Most of these patches come from the Android tree, with a few additional |
| + ones. |
| + The file patches/README lists the purpose of each Android patch. |
| + Additional Chromium-specific patches also exist and are described |
| + at the end of this document. |
| -small_records.patch: |
| + - The Chromium openssl.gyp tries to match the Android.mk when it comes |
| + to listing all source files. There is no direct mapping due to many |
| + differences in their structure. To make this slightly easier, this file |
| + doesn't use the convention of listing *all* source files under openssl, |
| + then conditionally removing them for an Android build. |
| -Reduce OpenSSL memory consumption. |
| -SSL records may be as large as 16K, but are typically < 2K. In |
| -addition, a historic bug in Windows allowed records to be as large |
| -32K. OpenSSL statically allocates read and write buffers (34K and |
| -18K respectively) used for processing records. |
| -With this patch, OpenSSL statically allocates 4K + 4K buffers, with |
| -the option of dynamically growing buffers to 34K + 4K, which is a |
| -saving of 44K per connection for the typical case. |
| + Instead, only the files needed for the build are listed in 'sources'. |
| + Given that they is a very large number of files that are not used in |
|
Philippe
2012/09/12 16:19:43
Nit: s/they/there
digit1
2012/09/12 16:42:54
Done. Sorry for the multiple patches, but gcl uplo
|
| + the build, this simplified the task of keeping both files in sync. |
| + - The Android tree also includes auto-generated assembly files for |
| + ARM, x86 and MIPS, used to speed up some crypto computations. They |
| + are generated by the $ANDROID/external/openssl/import_openssl.sh |
| + script (which itself invokes a bunch of Perl generations scripts) |
| + and have a file extension of .s |
| -handshake_cutthrough.patch |
| + These files are also copied into the Chromium tree, with an .S file |
| + extension, because they require being sent to the C preprocessor before |
| + the assembler. |
| -Enables SSL3+ clients to send application data immediately following the |
| -Finished message even when negotiating full-handshakes. With this patch, |
| -clients can negotiate SSL connections in 1-RTT even when performing |
| -full-handshakes. |
| + The original Android.mk uses a feature not supported by gyp, which is: |
| + LOCAL_AS_FLAGS := -x assembler-with-cpp |
| -jsse.patch |
| + It tells the build system to apply the '-x assembler-with-cpp' flag |
| + only to assembler files. |
| -Support for JSSE implementation based on OpenSSL. |
| + By using .S instead, the build 'just works' on Chromium. |
| + - The Android build holds all configuration in |
| + external/openssl/android-config.mk which is a Makefile fragment used |
| + to define compiler flags that define configuration macros, to be used |
| + when building *and* using the library. |
| -npn.patch |
| + The Chromium version uses config/android/openssl/opensslconf.h instead |
| + to hold the definition of these variables. Its parent directory must |
| + appear *before* openssl/include when building and using the library. |
| + This is taken care of by openssl.gyp here. |
| -Transport Layer Security (TLS) Next Protocol Negotiation Extension |
| + Due to this, the Chromium tree also does not include obsolete copies |
| + of opensslconf.h which appear in the Android source tree (and do not |
| + seem to be really included during the build). |
| +******************************************************************************** |
| +The following Chromium-specific patches are applied on top of the Android |
| +ones: |
| -sha1_armv4_large.patch |
| +<none> |
| -This patch eliminates memory stores to addresses below SP. |
| - |
| - |
| -openssl_no_dtls1.patch |
| - |
| -Add missing #ifndef OPENSSL_NO_DTLS1 |
| - |
| - |
| ******************************************************************************** |
| The following patches are needed to compile this openssl on Chromium and pass |
| the related net unit tests. |
| - |
| -empty_OPENSSL_cpuid_setup.patch |
| - |
| -Use a empty implementation for function OPENSSL_cpuid_setup to resolve link |
| -error. We should figure out how to geenrate platform specific implementation |
| -of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl. |
| - |
| - |
| x509_hash_name_algorithm_change.patch |
| There are many symbolic links under /etc/ssl/certs created by using hash of |
| @@ -86,13 +101,7 @@ |
| new algorithm and old algorithm. |
| crbug.com/111045 is used to track this issue. |
| +fix-clang-build.patch |
| -tls_exporter.patch |
| - |
| -Keying Material Exporters for Transport Layer Security (RFC 5705). |
| - |
| - |
| -Android platform support |
| - |
| -Copy config/android/openssl/opensslconf.h from Android's |
| -external/openssl/include/openssl/opensslconf.h |
| +Small patch to fix various minor issues which prevent building the library |
| +with Clang. |
