README.chromium - platform/external/chromium_org/third_party/openssl - Git at Google

 Name: openssl
 URL: http://openssl.org/source/
 Version: 1.0.0f
 License: BSDish
 License File: openssl/LICENSE

 Description:
 This is OpenSSL, the standard SSL/TLS library, which is used only in Android.

 It's an unmodified, upstream source except for the patches listed below.


 ********************************************************************************
 The following patches are taken from Android Open Source Project.


 progs.patch:

 Fixup sources under the apps/ directory that are not built under the android environment.


 small_records.patch:

 Reduce OpenSSL memory consumption.
 SSL records may be as large as 16K, but are typically < 2K.  In
 addition, a historic bug in Windows allowed records to be as large
 32K.  OpenSSL statically allocates read and write buffers (34K and
 18K respectively) used for processing records.
 With this patch, OpenSSL statically allocates 4K + 4K buffers, with
 the option of dynamically growing buffers to 34K + 4K, which is a
 saving of 44K per connection for the typical case.


 handshake_cutthrough.patch

 Enables SSL3+ clients to send application data immediately following the
 Finished message even when negotiating full-handshakes.  With this patch,
 clients can negotiate SSL connections in 1-RTT even when performing
 full-handshakes.


 jsse.patch

 Support for JSSE implementation based on OpenSSL.


 npn.patch

 Transport Layer Security (TLS) Next Protocol Negotiation Extension


 sha1_armv4_large.patch

 This patch eliminates memory stores to addresses below SP.


 openssl_no_dtls1.patch

 Add missing #ifndef OPENSSL_NO_DTLS1


 ********************************************************************************
 The following patches are needed to compile this openssl on Chromium and pass
 the related net unit tests.


 empty_OPENSSL_cpuid_setup.patch

 Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
 error. We should figure out how to geenrate platform specific implementation
 of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.


 x509_hash_name_algorithm_change.patch

 There are many symbolic links under /etc/ssl/certs created by using hash of
 the pem certificates in order for OpenSSL to find those certificate.
 Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
 However the new openssl changed the hash algorithm, Unless you compile/install
 the latest openssl library and re-create all related symbolic links, the new
 openssl can not find some certificates because the links of those certificates
 were created by using old hash algorithm, which causes some tests failed.
 This patch gives a way to find a certificate according to its hash by using both
 new algorithm and old algorithm.
 crbug.com/111045 is used to track this issue.


 tls_exporter.patch

 Keying Material Exporters for Transport Layer Security (RFC 5705).


 Android platform support

 Copy config/android/openssl/opensslconf.h from Android's
 external/openssl/include/openssl/opensslconf.h
	Name: openssl
	URL: http://openssl.org/source/
	Version: 1.0.0f
	License: BSDish
	License File: openssl/LICENSE

	Description:
	This is OpenSSL, the standard SSL/TLS library, which is used only in Android.

	It's an unmodified, upstream source except for the patches listed below.


	********************************************************************************
	The following patches are taken from Android Open Source Project.


	progs.patch:

	Fixup sources under the apps/ directory that are not built under the android environment.


	small_records.patch:

	Reduce OpenSSL memory consumption.
	SSL records may be as large as 16K, but are typically < 2K. In
	addition, a historic bug in Windows allowed records to be as large
	32K. OpenSSL statically allocates read and write buffers (34K and
	18K respectively) used for processing records.
	With this patch, OpenSSL statically allocates 4K + 4K buffers, with
	the option of dynamically growing buffers to 34K + 4K, which is a
	saving of 44K per connection for the typical case.


	handshake_cutthrough.patch

	Enables SSL3+ clients to send application data immediately following the
	Finished message even when negotiating full-handshakes. With this patch,
	clients can negotiate SSL connections in 1-RTT even when performing
	full-handshakes.


	jsse.patch

	Support for JSSE implementation based on OpenSSL.


	npn.patch

	Transport Layer Security (TLS) Next Protocol Negotiation Extension


	sha1_armv4_large.patch

	This patch eliminates memory stores to addresses below SP.


	openssl_no_dtls1.patch

	Add missing #ifndef OPENSSL_NO_DTLS1


	********************************************************************************
	The following patches are needed to compile this openssl on Chromium and pass
	the related net unit tests.


	empty_OPENSSL_cpuid_setup.patch

	Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
	error. We should figure out how to geenrate platform specific implementation
	of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.


	x509_hash_name_algorithm_change.patch

	There are many symbolic links under /etc/ssl/certs created by using hash of
	the pem certificates in order for OpenSSL to find those certificate.
	Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
	However the new openssl changed the hash algorithm, Unless you compile/install
	the latest openssl library and re-create all related symbolic links, the new
	openssl can not find some certificates because the links of those certificates
	were created by using old hash algorithm, which causes some tests failed.
	This patch gives a way to find a certificate according to its hash by using both
	new algorithm and old algorithm.
	crbug.com/111045 is used to track this issue.


	tls_exporter.patch

	Keying Material Exporters for Transport Layer Security (RFC 5705).


	Android platform support

	Copy config/android/openssl/opensslconf.h from Android's
	external/openssl/include/openssl/opensslconf.h