| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes openssl.config the only place where common
and architecture-specific sources and compiler flags are listed.
Its content is processed by import_openssl.sh to generate new
build config files (Crypto-config.mk, Ssl-config.mk, Apps-config.mk)
which are themselves included by simplified Crypto.mk, Ssl.mk, Apps.mk.
+ Add a new script (check-all-builds.sh) that can rebuild six
different variants of openssl in one go. This is useful to quickly
check that a change didn't break a specific build, e.g. when
adding new patch or upgrading the OpenSSL sources.
See './check-all-builds.sh --help' for more info.
Note: Clang-based builds are currently broken, so only GCC-based
ones are activated at the moment.
Change-Id: If08c204e4dc9b081ce676bc7984d039670e115b0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies import_openssl.sh to parse the configured Makefile
and extract the appropriate compiler flags that were currently
defined manually in android-config.mk
- Modifies openssl.config to add missing configure options to
ensure the final result is the same than before the patch.
This also updates crypto/opensslconf.h.
- The generated output is stored in build-config.mk which content
directly comes from the OpenSSL Makefile.
- android-config.mk is still used to define LOCAL_CFLAGS from
the definitions in build-config.mk, as well as perform minimal
extra filtering.
- Remove the section in README.android about manually changing
android-config.mk.
Change-Id: I5275de69a817aa7c9880ea48e5d6a8ac1652a1e4
|
|
|
|
| |
Change-Id: I29e482421ce6976f9065e6fe4cd1e527a0e2c60d
|
|
|
|
| |
Change-Id: Ifbcf5ce396d45170d04c0b6005e41f998fe04253
|
|
|
|
|
| |
Bug: 3249410
Change-Id: Iac938a7d2f17b73dcb82b031607dae96dbb35f34
|
|
|
|
|
|
|
|
|
| |
- Updated README.android
- Updated openssl.version
- Ran ./import_openssl.sh import .../openssl-1.0.0a.tar.gz
(which is responsible for the rest of the changes)
Change-Id: I3214fb8cb5297d68edc7632bbd9027952fec559b
|
|
|
|
|
|
|
|
| |
This is only for the /system/bin/openssl test app which does not ship
by default. Instructions for running s_server for testing are added in
README.android.
Change-Id: I9c6032871f853c780e4c9ffef9b2dd8ad009f32b
|
|
|
|
|
|
|
|
|
|
| |
Tested with
./import_openssl.sh import .../openssl-1.0.0.tar.gz
and confirmed no source changes
Also added debug flags in android-config.mk for later use
Change-Id: Idbfefe7bc16790060eb58c116b0961c195b3a087
|
|
|
|
| |
Change-Id: Iee9d6bce0dbc8155c5fe95c2ea96bf6daee97d5f
|
|
|
|
| |
Change-Id: I921e9feeb9b390a541584b769d95432d106bb21d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
- adding SSL_set_cipher_lists for JSSE support
- enabling elliptic curve for new JSSE cipher suites
Details:
Adding SSL_set_cipher_lists that allows setting of SSL ciphers (and
indirectly ciphers_by_id). This allows us to explicitly set a desired
cipher suite lists with our own ordering for JSSE support.
patches/jsse.patch
Enabling EC, ECDH, and ECDSA which are needed for RI 6 elliptic curve cipher suites.
- EC = Elliptic Curve
- ECDH = Elliptic Curve Diffie-Hellman
- ECDSA = Elliptic Curve Digital Signature Algorithm
android-config.mk
patches/apps_Android.mk
patches/crypto_Android.mk
openssl.config
Remove warning from openssl output to remove testssl warnings
patches/progs.patch
openssl.config
Misc
Update clean, build, and test instructions
README.android
Fixing whitespace inconsistency noted when updating clean target
patches/ssl_Android.mk
Generated files
Copied from patches:
apps/Android.mk
crypto/Android.mk
ssl/Android.mk
Newly imported EC files from openssl-1.0.0.tar.gz
Interestingly most of the needed files were already present, if not compiled.
crypto/ec/ec_ameth.c
crypto/ec/ec_pmeth.c
crypto/ec/eck_prn.c
SSL_set_cipher_lists
include/openssl/ssl.h
ssl/ssl.h
ssl/ssl_lib.c
Disabled warning
apps/openssl.c
Change-Id: I9edc9da2ea65d7d8e55257300a5978638a3e472d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SSLSocket.setEnableSessionCreation(false) support
SSL_set_session_creation_enabled implementation
Add session_creation_enabled to ssl_st (aka SSL)
Add SSL_set_session_creation_enabled(SSL*, int) declaration
Add SSL_R_SESSION_MAY_NOT_BE_CREATED error reason
include/openssl/ssl.h
ssl/ssl.h
Before creating session, check if session_creation_enabled.
If not, error out, sending alert when possible in SSL3+ cases.
ssl/d1_clnt.c
ssl/s23_clnt.c
ssl/s3_clnt.c
ssl/s3_srvr.c
Add error message for SSL_R_SESSION_MAY_NOT_BE_CREATED
ssl/ssl_err.c
Initialize session_creation_enabled to 1 in SSL_new
ssl/ssl_lib.c
Definition of SSL_set_session_creation_enabled. Add lower level
check for session_creation_enabled in ssl_get_new_session in case
it is not caught by higher levels.
ssl/ssl_sess.c
Patch details
Added jsse.patch to list and add list of patched files.
Fix whitespace to be tabs for consistency.
openssl.config
Add description of jsse.patch
patches/README
The patch itself, containing the above described changes
patches/jsse.patch
Testing
Updated with note to run javax.net.ssl tests now that they are working reliably.
README.android
Change-Id: Ic46b257a459d21b013396d7a17321fb550f2c1b0
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two issues with the first version of small_records.patch
- the resize check was immediately after the size check, so the
size check always failed before the resize happened.
- openssl-1.0.0 needs extra space to be allocated for alignment
patches/small_records.patch
Regenerated file
ssl/s3_pkt.c
Added patch generatation support, as opposed to just regenerate when
patches no longer apply on upgrade. Usage:
import_openssl.sh generate <patch/foo.patch> <openssl-tarball.tar.gz>
import_openssl.sh
As part of "import_openssl.sh generate", moved definition of
imported sources to openssl.config instead of wired in the code.
openssl.config
Add browser testing note with https://online.citibank.com
README.android
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
external/openssl
Updated version to 1.0.0
openssl.version
Updated small records patch for 1.0.0. This is probably the most significant change.
patches/small_records.patch
Removed bad_version.patch since fix is included in 0.9.8n and beyond
patches/README
patches/bad_version.patch
openssl.config
Changed import_openssl.sh to generate armv4 asm with the 1.0.0
scripts, not our backported 0.9.9-dev backported version in
patches/arm-asm.patch.
import_openssl.sh
openssl.config
patches/README
patches/arm-asm.patch
Added -DOPENSSL_NO_STORE to match ./Configure output
Added -DOPENSSL_NO_WHIRLPOOL (no-whrlpool) to skip new optional cipher
android-config.mk
openssl.config
Fixed import to remove include directory during import like other
imported directories (apps, ssl, crypto)
import_openssl.sh
Updated UNNEEDED_SOURCES. Pruned Makefiles which we don't use.
openssl.config
Updated to build newly required files
patches/apps_Android.mk
patches/crypto_Android.mk
Disable some new openssl tools
patches/progs.patch
Updated upgrade testing notes to include running BigInteger tests
README.android
Automatically imported
android.testssl/
apps/
crypto/
e_os.h
e_os2.h
include/
ssl/
dalvik
Change makeCipherList to skip SSLv2 ciphers that 1.0.0 now returns
so there are not duplicate ciphersuite names in getEnabledCipherSuites.
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Updated OpenSSLSocketImpl_cipherauthenticationmethod for new
SSL_CIPHER algorithms -> algorithm_auth (and const-ness)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
Update to const SSL_CIPHER in OpenSSLSessionImpl_getCipherSuite (and cipherauthenticationmethod)
libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
test_EnabledCipherSuites on both SSLSocketTest and
SSLServerSocketTest caught the makeCipherList problem. However the
asserts where a bit out of sync and didn't give good messages
because they didn't actually show what was going on. As part of
debugging the issue they found, I tried to make align the asserts
and improve their output for the future.
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLServerSocketTest.java
libcore/x-net/src/test/java/tests/api/javax/net/ssl/SSLSocketTest.java
vendor/google
Add const to X509V3_EXT_METHOD* for 1.0.0 compatibility
libraries/libjingle/talk/base/openssladapter.cc
Change-Id: I608dbb2ecf4b7a15e13b3f3dcea7c0443ff01e32
|
|
|
|
|
|
|
|
| |
CTS tests exposed compatability problems for SSLSocket applications
with handshake cutthrough enabled. Disabling until they can be
resolved. b/2586347
Change-Id: If2e43f50712780e1905c86b64ac2f89e95e7cc95
|
|
|
|
|
|
| |
information
Change-Id: If7d1a6d23fc1aaba72d4de713b0fdbf367560a30
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Testing Summary:
- Passed new android.testssl/testssl.sh
- General testing with BrowserActivity based program
Details:
Expanded detail in README.android about how to build and test openssl
upgrades based on my first experience.
modified: README.android
Significant rework of import_openssl.sh script that does most of
the work of the upgrade. Most of the existing code became the main
and import functions. The newly regenerate code helps regenerate
patch files, building on the fact that import now keeps and
original unmodified read-only source tree for use for patch
generation. Patch generation relies on additions to openssl.config
for defining which patches include which files. Note that
sometimes a file may be patched multiple times, in that case
manual review is still necessary to prune the patch after
auto-regeneration. Other enhancements to import_openssl.sh include
generating android.testssl and printing Makefile defines for
android-config.mk review.
modified: import_openssl.sh
Test support files for openssl/
Add support for building /system/bin/ssltest as test executible for
use by testssl script. Need confirmation that this is the right way
to define such a test binary.
modified: patches/ssl_Android.mk
Driver script that generates user and CA keys and certs on the
device with /system/bin/openssl before running testssl. Based on
openssl/test/testss for generation and openssl/test/Makefile
test_ssl for test execution.
new file: patches/testssl.sh
Note all following android.testssl files are automatically
imported from openssl, although possible with modifications by
import_openssl.sh
testssl script imported from openssl/test that does the bulk of
the testing. Includes new tests patched in for our additions.
new file: android.testssl/testssl
CA and user certificate configuration files from openssl.
Automatically imported from openssl/test/
new file: android.testssl/CAss.cnf
new file: android.testssl/Uss.cnf
certificate and key test file imported from openssl/apps
new file: android.testssl/server2.pem
Actual 0.9.8m upgrade specific bits
Trying to bring ngm's small records support into 0.9.8m. Needs
signoff by ngm although it does pass testing.
modified: patches/small_records.patch
Update openssl.config for 0.9.8m. Expanded lists of undeeded
directories and files for easier update and review, adding new
excludes. Also added new definitions to support "import_openssl.sh
regenerate" for patch updating.
modified: openssl.config
Updated OPENSSL_VERSION to 0.9.8m
modified: openssl.version
Automatically imported/patched files. Seems like it could be
further pruned in by openssl.config UNNEEDED_SOURCES, but extra
stuff doesn't end up impacting device.
modified: apps/...
modified: crypto/...
modified: include/...
modified: ssl/...
Other Android build stuff.
Note for these patches/... is source, .../Android.mk is derived.
Split LOCAL_CFLAGS additions into lines based on openssl/Makefile
source for easier comparison when upgrading. I knowingly left the
lines long and unwrapped for easy vdiff with openssl/Makefile
modified: android-config.mk
Removed local -DOPENSSL_NO_ECDH already in android-config.mk.
modified: patches/apps_Android.mk
Sync up with changes that had crept into derived crypto/Android.mk
modified: patches/crypto_Android.mk
Change-Id: I73204c56cdaccfc45d03a9c8088a6a93003d7ce6
|
|
|
|
|
|
| |
The source tree (and the size of the compiled library)
can be reduced further. This will be done in a future
commit.
|
| |
|
| |
|
| |
|
| |
|
|
|