patches/README - platform/external/openssl - Git at Google

 progs.patch:

 Fixup sources under the apps/ directory that are not built under the android environment.


 handshake_cutthrough.patch

 Enables SSL3+ clients to send application data immediately following the
 Finished message even when negotiating full-handshakes.  With this patch,
 clients can negotiate SSL connections in 1-RTT even when performing
 full-handshakes.

 jsse.patch

 Support for JSSE implementation based on OpenSSL.

 channelid.patch

 Implements TLS Channel ID support as both a client and a server.
 See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.

 eng_dyn_dirs.patch

 Fixes the case of having multiple DIR_ADD commands sent to eng_dyn

 fix_clang_build.patch

 Fixes the Clang based build.

 tls12_digests.patch

 Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
 keys.

 alpn.patch

 This change adds support for ALPN in OpenSSL. ALPN is the IETF
 blessed version of NPN and we'll be supporting both ALPN and NPN for
 some time yet.

 cbc_record_splitting.patch

 BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
 record splitting. Record splitting is disabled by default.

 dsa_nonce.patch

 Adds an option to mix in hash of message and private key into (EC)DSA nonces to
 make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
 is disabled by default.

 ecdhe_psk.patch

 Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.

 ecdhe_psk_part2.patch

 Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with
 SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds
 SHA-1 based ECDHE-PSK AES-CBC cipher suites instead.

 arm_asm.patch

 Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8
 Based on branch available at:
 https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches
 c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730

 tls_psk_hint.patch

 Fixes issues with TLS-PSK identity hint implementation where
 per-connection/session and per-context hints were being mixed up.

 psk_client_callback_128_byte_id_bug.patch

 Fixes the issue where it was impossible to return a 128 byte long PSK identity
 (the maximum supported length) from psk_client_callback.

 tls_fallback_scsv.patch

 Adds the signalling cipher suite value (SCSV) from
 https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
	progs.patch:

	Fixup sources under the apps/ directory that are not built under the android environment.


	handshake_cutthrough.patch

	Enables SSL3+ clients to send application data immediately following the
	Finished message even when negotiating full-handshakes. With this patch,
	clients can negotiate SSL connections in 1-RTT even when performing
	full-handshakes.

	jsse.patch

	Support for JSSE implementation based on OpenSSL.

	channelid.patch

	Implements TLS Channel ID support as both a client and a server.
	See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.

	eng_dyn_dirs.patch

	Fixes the case of having multiple DIR_ADD commands sent to eng_dyn

	fix_clang_build.patch

	Fixes the Clang based build.

	tls12_digests.patch

	Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
	keys.

	alpn.patch

	This change adds support for ALPN in OpenSSL. ALPN is the IETF
	blessed version of NPN and we'll be supporting both ALPN and NPN for
	some time yet.

	cbc_record_splitting.patch

	BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
	record splitting. Record splitting is disabled by default.

	dsa_nonce.patch

	Adds an option to mix in hash of message and private key into (EC)DSA nonces to
	make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
	is disabled by default.

	ecdhe_psk.patch

	Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.

	ecdhe_psk_part2.patch

	Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with
	SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds
	SHA-1 based ECDHE-PSK AES-CBC cipher suites instead.

	arm_asm.patch

	Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8
	Based on branch available at:
	https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches
	c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730

	tls_psk_hint.patch

	Fixes issues with TLS-PSK identity hint implementation where
	per-connection/session and per-context hints were being mixed up.

	psk_client_callback_128_byte_id_bug.patch

	Fixes the issue where it was impossible to return a 128 byte long PSK identity
	(the maximum supported length) from psk_client_callback.

	tls_fallback_scsv.patch

	Adds the signalling cipher suite value (SCSV) from
	https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00