Name: openssl
URL: http://openssl.org/source/
Version: 1.0.1p
License: BSDish
License File: openssl/LICENSE
License Android Compatible: yes
Security Critical: yes

Description:
This is OpenSSL, the standard SSL/TLS library, which is used *only* in
the following cases:

 - For Chrome/Chromium, only on Android to implement SSL/TLS support
   (while certificate validation is performed through the platform APIs),
   instead of using NSS as on other Linux-based operating systems.

   Note that there is no plans to support OpenSSL in Chromium on other
   platforms. For more context, please read:

     https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ-NL-YJ

 - To implement net/tools/flip_server, a host-side tool. Read more about
   it at the following page:

     http://dev.chromium.org/spdy/running_flipinmemserver   

This means that the library must be built, at a minimum, for Android, Linux
and Darwin systems.

  Android/ARM Android/x86 Linux/x86 Linux/x86_64 Darwin/x86 Darwin/x86_64

This source shall track the state of the Android platform's openssl version
of the library, with some important details listed here:

 - The Android version lives under $ANDROID/external/openssl, while
   the Chromum version (these files) live under
   $CHROMIUM/src/third_party/openssl.

 - The Android version corresponds to the upstream original sources with
   the patches under $ANDROID/external/openssl/patches applied. It also
   does not include many files and directories that are not necessary for
   the Android build.

 - The Chromium version corresponds to the upstream original sources with
   the patches under $CHROMIUM/src/third_party/openssl/patches/ applied.
   Most of these patches come from the Android tree, with a few additional
   ones.

   The file patches/README lists the purpose of each Android patch.
   Additional Chromium-specific patches also exist and are described
   at the end of this document.

 - The Chromium openssl.gyp tries to match the Android.mk when it comes
   to listing all source files. There is no direct mapping due to many
   differences in their structure. To make this slightly easier, this file
   doesn't use the convention of listing *all* source files under openssl,
   then conditionally removing them for an Android build.

   Instead, only the files needed for the build are listed in 'sources'.
   Given that there is a very large number of files that are not used in
   the build, this simplified the task of keeping both files in sync.

 - The Android tree also includes auto-generated assembly files for
   ARM, x86 and MIPS, used to speed up some crypto computations. They
   are generated by the $ANDROID/external/openssl/import_openssl.sh
   script (which itself invokes a bunch of Perl generations scripts)
   and have a file extension of .s

   These files are also copied into the Chromium tree, with an .S file
   extension, because they require being sent to the C preprocessor
   before the assembler.

   The original Android.mk uses a feature not supported by gyp, which is:

     LOCAL_AS_FLAGS := -x assembler-with-cpp

   It tells the build system to apply the '-x assembler-with-cpp' flag
   only to assembler files.

   By using .S instead, the build 'just works' on Chromium.

 - The Android build holds all configuration in
   external/openssl/android-config.mk which is a Makefile fragment used
   to define compiler flags that define configuration macros, to be used
   when building *and* using the library.

   The Chromium version uses config/<name>/openssl/opensslconf.h instead,
   where name can be 'android', 'piii' or 'k8', corresponding to the
   Android, Posix/ia32 or Posix/x64 builds.

   These headers hold the definition of these configuration variables.
   Their parent directory must appear *before* openssl/include when
   building and using the library. This is taken care of by openssl.gyp
   here.

   Due to this, the Chromium tree also does not include obsolete copies
   of opensslconf.h which appear in the Android source tree (and do not
   seem to be really included during the build).

***************************************************************************
The following patches are needed to compile this openssl on Chromium and
pass the related net unit tests. They are applied on top of the
Android-specific patches described under patches/README:

x509_hash_name_algorithm_change.patch

There are many symbolic links under /etc/ssl/certs created by using hash
of the PEM certificates in order for OpenSSL to find those certificates.
Openssl has a tool to help you create hash symbolic links (tools/c_rehash).
However the new openssl changed the hash algorithm. Unless you
compile/install the latest openssl library and re-create all related
symbolic links, the new openssl can not find some certificates because
the links of those certificates were created by using old hash algorithm,
which causes some tests failed. This patch gives a way to find a
certificate according to its hash by using both new algorithm and old
algorithm. crbug.com/111045 is used to track this issue.

fix-clang-build.patch

Small patch to fix various minor issues which prevent building the library
with Clang.
