| Name: openssl |
| URL: http://openssl.org/source/ |
| Version: 1.0.1r |
| License: BSDish |
| License File: openssl/LICENSE |
| License Android Compatible: yes |
| Security Critical: yes |
| |
| Description: |
| This is OpenSSL, the standard SSL/TLS library, which is used *only* in |
| the following cases: |
| |
| - For Chrome/Chromium, only on Android to implement SSL/TLS support |
| (while certificate validation is performed through the platform APIs), |
| instead of using NSS as on other Linux-based operating systems. |
| |
| Note that there is no plans to support OpenSSL in Chromium on other |
| platforms. For more context, please read: |
| |
| https://groups.google.com/a/chromium.org/d/msg/chromium-dev/gmO3U9HLY3Y/RPGNiQ-NL-YJ |
| |
| - To implement net/tools/flip_server, a host-side tool. Read more about |
| it at the following page: |
| |
| http://dev.chromium.org/spdy/running_flipinmemserver |
| |
| This means that the library must be built, at a minimum, for Android, Linux |
| and Darwin systems. |
| |
| Android/ARM Android/x86 Linux/x86 Linux/x86_64 Darwin/x86 Darwin/x86_64 |
| |
| This source shall track the state of the Android platform's openssl version |
| of the library, with some important details listed here: |
| |
| - The Android version lives under $ANDROID/external/openssl, while |
| the Chromum version (these files) live under |
| $CHROMIUM/src/third_party/openssl. |
| |
| - The Android version corresponds to the upstream original sources with |
| the patches under $ANDROID/external/openssl/patches applied. It also |
| does not include many files and directories that are not necessary for |
| the Android build. |
| |
| - The Chromium version corresponds to the upstream original sources with |
| the patches under $CHROMIUM/src/third_party/openssl/patches/ applied. |
| Most of these patches come from the Android tree, with a few additional |
| ones. |
| |
| The file patches/README lists the purpose of each Android patch. |
| Additional Chromium-specific patches also exist and are described |
| at the end of this document. |
| |
| - The Chromium openssl.gyp tries to match the Android.mk when it comes |
| to listing all source files. There is no direct mapping due to many |
| differences in their structure. To make this slightly easier, this file |
| doesn't use the convention of listing *all* source files under openssl, |
| then conditionally removing them for an Android build. |
| |
| Instead, only the files needed for the build are listed in 'sources'. |
| Given that there is a very large number of files that are not used in |
| the build, this simplified the task of keeping both files in sync. |
| |
| - The Android tree also includes auto-generated assembly files for |
| ARM, x86 and MIPS, used to speed up some crypto computations. They |
| are generated by the $ANDROID/external/openssl/import_openssl.sh |
| script (which itself invokes a bunch of Perl generations scripts) |
| and have a file extension of .s |
| |
| These files are also copied into the Chromium tree, with an .S file |
| extension, because they require being sent to the C preprocessor |
| before the assembler. |
| |
| The original Android.mk uses a feature not supported by gyp, which is: |
| |
| LOCAL_AS_FLAGS := -x assembler-with-cpp |
| |
| It tells the build system to apply the '-x assembler-with-cpp' flag |
| only to assembler files. |
| |
| By using .S instead, the build 'just works' on Chromium. |
| |
| - The Android build holds all configuration in |
| external/openssl/android-config.mk which is a Makefile fragment used |
| to define compiler flags that define configuration macros, to be used |
| when building *and* using the library. |
| |
| The Chromium version uses config/<name>/openssl/opensslconf.h instead, |
| where name can be 'android', 'piii' or 'k8', corresponding to the |
| Android, Posix/ia32 or Posix/x64 builds. |
| |
| These headers hold the definition of these configuration variables. |
| Their parent directory must appear *before* openssl/include when |
| building and using the library. This is taken care of by openssl.gyp |
| here. |
| |
| Due to this, the Chromium tree also does not include obsolete copies |
| of opensslconf.h which appear in the Android source tree (and do not |
| seem to be really included during the build). |
| |
| *************************************************************************** |
| The following patches are needed to compile this openssl on Chromium and |
| pass the related net unit tests. They are applied on top of the |
| Android-specific patches described under patches/README: |
| |
| x509_hash_name_algorithm_change.patch |
| |
| There are many symbolic links under /etc/ssl/certs created by using hash |
| of the PEM certificates in order for OpenSSL to find those certificates. |
| Openssl has a tool to help you create hash symbolic links (tools/c_rehash). |
| However the new openssl changed the hash algorithm. Unless you |
| compile/install the latest openssl library and re-create all related |
| symbolic links, the new openssl can not find some certificates because |
| the links of those certificates were created by using old hash algorithm, |
| which causes some tests failed. This patch gives a way to find a |
| certificate according to its hash by using both new algorithm and old |
| algorithm. crbug.com/111045 is used to track this issue. |
| |
| fix-clang-build.patch |
| |
| Small patch to fix various minor issues which prevent building the library |
| with Clang. |
