Permalink
Commits on Dec 28, 2010
  1. openssl: Make usage of engine support optional

    This is required for some third-party components on specific devices.
    
    Change-Id: I35c3cfcf603bc720f6e6697b3c745a74b459b4e7
    cyanogen committed Oct 9, 2010
Commits on Oct 15, 2010
  1. Build static libcrypto.

    Change-Id: I8a6b108a3fca6999cb103867f781338c4ddea446
    wangying1015 committed Oct 14, 2010
Commits on Sep 27, 2010
  1. reconcile froyo-release into gingerbread

    Change-Id: I9dec219f7f1c29d9205fef7f8d16977d78265de6
    Jean-Baptiste Queru committed Sep 27, 2010
Commits on Sep 21, 2010
  1. Update ThirdPartyProject.prop for openssl

    Change-Id: I0bf5bcd108425fe45889e3f1e08cb7f75fa9afa2
    bdcgoogle committed Sep 21, 2010
Commits on Sep 17, 2010
  1. Remove SHA0 from openssl

    Recent a bug was found that would have been much more obvious if not
    for the confusion that "sha" means "SHA-0" in openssl and "SHA" means
    "SHA-1" to Java programmers. Removing SHA-0 should be not be an
    interoperability issue, it was never really used, was apparently
    flawed, so like MD2 we will just remove it.
    
    Bug: 2997009
    
    Change-Id: I630c851fb2f5f344ef7a2c62c7092843cb40818c
    bdcgoogle committed Sep 17, 2010
Commits on Sep 16, 2010
  1. Add optional tags to OpenSSL.

    Change-Id: I45a7de1d858907239c23e0682ef1f52920d35502
    Jesse Wilson committed Sep 16, 2010
Commits on Aug 31, 2010
  1. resolved conflicts for merge of 5a7d71b to gingerbread

    Change-Id: If7733f1e7351843b439e8e6b22db8de24a45858b
    bdcgoogle committed Aug 25, 2010
  2. Restore handshake_cutthrough accidentally disabled by renegotiation s…

    …upport
    
    This fixes a problem introduced in 4a25f3f
    
    Tracking CL 17037347
    
    Oops: we disabled False Start even for initial handshakes by checking
    previous_client_finished_len (which will be > 0 since this is after
    ssl3_send_finished()) instead of previous_server_finished_len (== 0
    before first ssl3_get_finished(), i.e. in the initial handshake when
    we'd want to do a False Start).
    
    Change-Id: Id919c4e912be3bed9a0bd5755ebbf82de2d4784e
    bdcgoogle committed Aug 31, 2010
Commits on Aug 27, 2010
  1. ssl3_write_bytes should only break up application data packets

    This is for Microsoft SSL server implementation compatability.
    
    Bug: 2916185
    Change-Id: Idb8935a28395c53b6bad0c7d35c821efeef364cd
    bdcgoogle committed with android-build SharedAccount Aug 23, 2010
Commits on Aug 25, 2010
  1. am 5a7d71b: (-s ours) ssl3_write_bytes should only break up applicati…

    …on data packets
    
    Merge commit '5a7d71beb4546d6d0b6950ff6f0207d18ebff4e2' into gingerbread
    
    * commit '5a7d71beb4546d6d0b6950ff6f0207d18ebff4e2':
      ssl3_write_bytes should only break up application data packets
    bdcgoogle committed with Android Git Automerger Aug 25, 2010
Commits on Aug 24, 2010
  1. ssl3_write_bytes should only break up application data packets

    This is for Microsoft SSL server implementation compatability.
    
    Bug: 2916185
    Change-Id: Idb8935a28395c53b6bad0c7d35c821efeef364cd
    bdcgoogle committed Aug 23, 2010
Commits on Aug 19, 2010
  1. Support dalvikvm on a Linux x86 host

    Change-Id: I6bd10d19e40f3a699797fa2c3d91a5cbf37864fd
    Jesse Wilson committed Aug 18, 2010
Commits on Aug 18, 2010
  1. enabling blowfish in openssl

    Manual changes:
    
        Changing build/config to remove OPENSSL_NO_BF and no-bf
    
    	openssl.config
    	android-config.mk
    
        Add list of new files to build for blowfish
    
    	patches/crypto_Android.mk
    
        Need to clean because we are changing build flags
    
    	CleanSpec.mk
    
    Derived changes:
    
        Changed by import_openssl.sh based on android-config.mk change
    
    	crypto/opensslconf.h
    	include/openssl/opensslconf.h
    
        Derived from patches/crypto_Android.mk by import_openssl.sh
    
    	crypto/Android.mk
    
        Newly imported files by import_openssl.sh with updated openssl.config
    
    	crypto/bf/COPYRIGHT
    	crypto/bf/asm/bf-586.pl
    	crypto/bf/asm/bf-686.pl
    	crypto/bf/bf_cfb64.c
    	crypto/bf/bf_ecb.c
    	crypto/bf/bf_enc.c
    	crypto/bf/bf_locl.h
    	crypto/bf/bf_ofb64.c
    	crypto/bf/bf_pi.h
    	crypto/bf/bf_skey.c
    	crypto/bf/blowfish.h
    	include/openssl/blowfish.h
    
    Bug: 1856777
    Change-Id: Id984df3834fa1d935feb9910c26a082242a9a8e1
    bdcgoogle committed Aug 18, 2010
  2. Upgrade to openssl-1.0.0a

    - Updated README.android
    - Updated openssl.version
    - Ran ./import_openssl.sh import .../openssl-1.0.0a.tar.gz
      (which is responsible for the rest of the changes)
    
    Change-Id: I3214fb8cb5297d68edc7632bbd9027952fec559b
    bdcgoogle committed Aug 18, 2010
Commits on Aug 4, 2010
Commits on Jul 29, 2010
  1. Support for TLS Extensions enabled SSLSockets with fallback to vanila…

    … SSL
    
    See also b/1569612
    
    Summary:
    - OpenSSlSocket support for SNI, session tickets, compression
    - URLConnection mimics Chrome behavior of trying connection with these enabled,
      falling back to SSL w/o encryption on failure
    
    Details:
    
    libcore
    
      URLConnection https retry
    
        Change HttpConnection.getSecureSocket to enable non-standard features on first
        connection attempt. On second attempt, we back off to SSLv3 from
        TLSv1, mimicking Chrome's behavior.
    
    	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/http/HttpConnection.java
    
        Change HttpsEngine.connect to implement SSL reconnect
    
    	luni/src/main/java/org/apache/harmony/luni/internal/net/www/protocol/https/HttpsURLConnectionImpl.java
    
      OpenSSL SSLSocket implementation
    
        OpenSSLSocketImpl and OpenSSLServerSocketImpl now have an array of
        enabled compression methods interface and implementation to
        parallel that of procotols and ciphersuites.
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
    
        OpenSSLSessionImpl now has a cache of the native
        compressionMethod. Since null is allowed, we default the cache to
        a different sentinel value, the empty string, to determine if we
        have to make the JNI call to fill in the value. Also replaced
        "gives" javadoc working with "returns".
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
    
        OpenSSLSocketImpl session caching now needs to skip cached
        sessions with mismatched compression requirements. Again the fact
        that null is an allowed special case makes it slightly different
        than the existing protocol and cipher suite code path.
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
    
        OpenSSLSocketImpl.startHandshake now uses NativeCrypto to support
        our non-standard extensions.
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
    
      NativeCrypto changes
        - Added declaration of SSL options for tickets and compression.
        - Added general "compression methods" interface
          paralleling "cipher suites" and "protocols" interfaces. Primary
          difference is that a empty array, signifying no compression
          desired, is allowed. Alternative would be to require a "NULL"
          compression method to be specified.
        - Added SSL_set_tlsext_host_name to set SNI (Server Name Indication) value
        - Added SSL_get_servername to read SNI (Server Name Indication) value
        - Added SSL_SESSION_compress_meth read negotiated compression method
        - SSL_new makes sure to default compression to off for compatibility
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
    	luni/src/main/native/NativeCrypto.cpp
    
      Testing
    
        Added URLConnectionTest.testConnectViaHttpsWithSSLFallback to make
        sure we properly retry an https connection if the server
        terminates unexpectedly. Fixed up
        URLConnectionTest.testHttpsWithCustomTrustManager with new
        expected certificate chain. Fixed a few mistaken
        TestSSLContext.serverContext uses to clientContext
    
    	luni/src/test/java/java/net/URLConnectionTest.java
    
        Added test_SSL_set_tlsext_host_name, test_SSL_get_servername,
        test_SSL_SESSION_compress_meth. Added a number of missing fail()
        calls in expected exception cases which caught one test with
        mistaken expectations. Removed some unnecessary scopes. Fixed some
        badly scoped catch blocks.
    
    	luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
    
        Changed MockWebServer to support a new MockResponse propery of
        disconnectAtStart, which immediately terminates the connection
    
    	support/src/test/java/tests/http/MockResponse.java
    	support/src/test/java/tests/http/MockWebServer.java
    
    external/openssl
    
       Restore -ZLIB to OpenSSL build. Note that NativeCrypto.SSL_new
       disables compression by for default SSLSocket for compatibility.
    	android-config.mk
       Force clean build with new CFLAGS
    	CleanSpec.mk
    
    Change-Id: Ic8158c7e7ffafdb70f8897b04a861849cb9ac1d7
    bdcgoogle committed Jul 23, 2010
Commits on Jul 28, 2010
Commits on Jul 27, 2010
Commits on Jul 23, 2010
  1. Merge commit 'goog/froyo' into froyo-release

    android-build SharedAccount committed Jul 23, 2010
Commits on Jul 19, 2010
  1. am 7bee512: am f695f1c: add meta-files about 3rd party projects

    Merge commit '7bee5127b293b097f86c35c557766493baa51a09' into dalvik-dev
    
    * commit '7bee5127b293b097f86c35c557766493baa51a09':
      add meta-files about 3rd party projects
    The Android Open Source Project committed with Android Git Automerger Jul 19, 2010
Commits on Jul 16, 2010
  1. am f695f1c: add meta-files about 3rd party projects

    Merge commit 'f695f1ccffd5c57f89acf1ed6bf5df7d02df4da3'
    
    * commit 'f695f1ccffd5c57f89acf1ed6bf5df7d02df4da3':
      add meta-files about 3rd party projects
    The Android Open Source Project committed with Android Git Automerger Jul 16, 2010
  2. add meta-files about 3rd party projects

    Change-Id: I883d183bc5fe4f93c21e820128be669cf3916e59
    The Android Open Source Project committed Jul 16, 2010
  3. Restoring openssl s_server, pkey, pkeyparam, pkeyutl

    This is only for the /system/bin/openssl test app which does not ship
    by default. Instructions for running s_server for testing are added in
    README.android.
    
    Change-Id: I9c6032871f853c780e4c9ffef9b2dd8ad009f32b
    bdcgoogle committed Jul 16, 2010
Commits on Jul 13, 2010
  1. Improved client certificate and certificate chain support

    Summary:
    - openssl: add openssl support for specifying per key certificate chains
    - libcore: properly implement client certificate request call back
    - libcore: properly implement sending certificate chain
    - libcore: properly implement retreiving local certificate chain
    - libcore: added an SSLContext for non-OpenSSL SSLSocket creation
    
    Details:
    
    external/openssl
    
        Improve patch generate support by applying all other patches to
        baseline to remove cross polluting other patch changes into target
        patch. Move cleanup of ./Configure output to import script from
        openssl.config.
    
     	import_openssl.sh
    	openssl.config
    
       Adding SSL_use_certificate_chain and SSL_get_certificate_chain to
       continue to finish most of remaining JSSE issues.
    
    	include/openssl/ssl.h
    	ssl/s3_both.c
    	ssl/ssl.h
    	ssl/ssl_locl.h
    	ssl/ssl_rsa.c
    
       Updated patch (and list of input files to patch)
    
    	patches/jsse.patch
    	openssl.config
    
    libcore
    
        Restoring SSLContextImpl as provider of non-OpenSSL SSLSocketImpl
        instances for interoperability testing. OpenSSLContextImpl is the
        new subclass that provides OpenSSLSocketImpl. JSSEProvider
        provides the old style SSLContexts, OpenSSLProvider provides the
        OpenSSL SSLContext, which includes the "default" context. Changed
        to register SSLContexts without aliases to match the RI.
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLProvider.java
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLContextImpl.java
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java
    
        Native interface updates to support OpenSSLSocketImpl improvements
        - KEY_TYPES now expanded based on what we are being provided by OpenSSL.
          keyType function now maps key type values received from
          clientCertificateRequested callback.
        - Removed remaining uses of string PEM encoding, now using ASN1 DER consistently
          Includes SSL_SESSION_get_peer_cert_chain, verifyCertificateChain
        - Fixed clientCertificateRequested to properly include all key
          types supported by server, not just the one from the cipher
          suite. We also now properly include the list of supported CAs to
          help the client select a certificate to use.
        - Fixed NativeCrypto.SSL_use_certificate implementation to use new
          SSL_use_certificate_chain function from openssl to pass chain to
          OpenSSL.
        - Added error handling of all uses of sk_*_push which can fail due to out of memory
        - Fixed compile warning due to missing JNI_TRACE argument
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
    	luni/src/main/native/NativeCrypto.cpp
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
    
        Pass this into chooseServerAlias call as well in significantly revamped choseClientAlias
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
    
        Minor code cleanup while reviewing diff between checkClientTrusted and checkServerTrusted
    
    	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/TrustManagerImpl.java
    
       Improvements to SSL test support to go along with client
       certificate and certificate chain changes. TestSSLContext now has
       separate contexts for the client and server (as well as seperate
       key stores information). TestKeyStore now is more realistic by
       default, creating a CA, intermediate CA, and separate client and
       server certificates, as well as a client keystore that simply
       contains the CA and no certificates.
    
    	support/src/test/java/javax/net/ssl/TestKeyStore.java
    	support/src/test/java/javax/net/ssl/TestSSLContext.java
    
         Tests tracking API changes. Tests involving cert chains now now
         updated to use TestKeyStore.assertChainLength to avoid hardwiring
         expected chain length in tests. These tests also now use
         TestSSLContext.assertClientCertificateChain to validate that the
         chain is properly constructed and trusted by a trust manager.
    
    	luni/src/test/java/java/net/URLConnectionTest.java
    	luni/src/test/java/javax/net/ssl/SSLContextTest.java
    	luni/src/test/java/javax/net/ssl/SSLEngineTest.java
    	luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java
    	luni/src/test/java/javax/net/ssl/SSLSessionTest.java
    	luni/src/test/java/javax/net/ssl/SSLSocketTest.java
    	support/src/test/java/java/security/StandardNames.java
    	support/src/test/java/javax/net/ssl/TestSSLEnginePair.java
    	support/src/test/java/javax/net/ssl/TestSSLSocketPair.java
    
    frameworks/base
    
        Tracking change of SSLContextImpl to OpenSSLContextImpl
    
    	core/java/android/net/SSLCertificateSocketFactory.java
    	core/java/android/net/http/HttpsConnection.java
    	tests/CoreTests/android/core/SSLPerformanceTest.java
    	tests/CoreTests/android/core/SSLSocketTest.java
    
        Tracking changes to TestSSLContext
    
    	core/tests/coretests/src/android/net/http/HttpsThroughHttpProxyTest.java
    
    Change-Id: I792921617164a98467c500d7fe53dbd738adfa02
    bdcgoogle committed Jul 13, 2010
Commits on Jul 9, 2010
  1. am 46eb264: Remove diff between master and dalvik-dev branches due to…

    … inconsistent conflict resolution
    
    Merge commit '46eb26418ab46c4bb55b6349ebad4c23c8ee9de9' into dalvik-dev
    
    * commit '46eb26418ab46c4bb55b6349ebad4c23c8ee9de9':
      Remove diff between master and dalvik-dev branches due to inconsistent conflict resolution
    bdcgoogle committed with Android Git Automerger Jul 9, 2010
  2. Remove diff between master and dalvik-dev branches due to inconsisten…

    …t conflict resolution
    
    Change-Id: I163fb4c336535f145553063acfebf637c3684c9e
    bdcgoogle committed Jul 9, 2010
  3. am cbffe1c: Update openssl regression testing instructions

    Merge commit 'cbffe1cc8dc1d50c8a77850b6e2403e5c158d193' into dalvik-dev
    
    * commit 'cbffe1cc8dc1d50c8a77850b6e2403e5c158d193':
      Update openssl regression testing instructions
    bdcgoogle committed with Android Git Automerger Jul 9, 2010
  4. am 97e7027: (-s ours) Change openssl testing instructions from run-co…

    …re-tests to vogar
    
    Merge commit '97e702718aecc03601f61498399d852821612f01' into dalvik-dev
    
    * commit '97e702718aecc03601f61498399d852821612f01':
      Change openssl testing instructions from run-core-tests to vogar
    bdcgoogle committed with Android Git Automerger Jul 9, 2010
Commits on Jul 8, 2010
  1. Merge "Don't include termio.h if compile with android toolchain, sinc…

    …e current bionic C does not have this header. __ANDROID__ is defined by androideabi toolchain." into dalvik-dev
    bdcgoogle committed with Android (Google) Code Review Jul 8, 2010
  2. am 9236263: (-s ours) import_openssl.sh improvements based on externa…

    …l/bouncycastle work
    
    Merge commit '9236263621bae68ac3e819dba9a0743e700c107f' into dalvik-dev
    
    * commit '9236263621bae68ac3e819dba9a0743e700c107f':
      import_openssl.sh improvements based on external/bouncycastle work
    bdcgoogle committed with Android Git Automerger Jul 8, 2010
  3. Don't include termio.h if compile with android toolchain, since

    current bionic C does not have this header.
    __ANDROID__ is defined by androideabi toolchain.
    
    Currently, build of openssl includes termios.h, instead of
    termio.h. This patch makes sure that we keep this behavior
    before/after we upgrade Android toolchain.
    
    In this patch, we also update the patch file and config file,
    such that this patch is not dropped when openssl is upgraded
    in the future.
    
    Change-Id: I35e8dcce456966f585ff07b5ff4edf7ee4cf8baf
    
    Conflicts:
    
    	openssl.config
    bdcgoogle committed Jul 8, 2010
  4. import_openssl.sh improvements based on external/bouncycastle work

    Tested with
       ./import_openssl.sh import .../openssl-1.0.0.tar.gz
    and confirmed no source changes
    
    Also added debug flags in android-config.mk for later use
    
    Change-Id: Idbfefe7bc16790060eb58c116b0961c195b3a087
    
    Conflicts:
    
    	openssl.config
    bdcgoogle committed Jul 8, 2010
  5. am 1cf4269: resolved conflicts for merge of 9b613ca to master

    Merge commit '1cf4269ac2edd833534436369e658c7b2efb5e21' into dalvik-dev
    
    * commit '1cf4269ac2edd833534436369e658c7b2efb5e21':
      support renegotiation with handshake cutthrough
    bdcgoogle committed with Android Git Automerger Jul 8, 2010