summaryrefslogtreecommitdiff
path: root/app/openssl/patches
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-04-09 17:07:48 +0200
committerParménides GV <parmegv@sdf.org>2014-04-09 17:15:17 +0200
commit51ff5a18f1f074e27e97d822745551a7e8fa068d (patch)
tree402e7dd42778a218635bb29a4c2dff93ea7f6525 /app/openssl/patches
parent910b0e1746ab3f63e63808b198ad51fec5b635e5 (diff)
parentb5ba0abc1610dd4bf573ebcabc5e8f6ab0c9528f (diff)
Merge branch 'feature/implement-gradle-build-system-#4676' into develop
Diffstat (limited to 'app/openssl/patches')
-rw-r--r--app/openssl/patches/README39
-rw-r--r--app/openssl/patches/apps_Android.mk87
-rw-r--r--app/openssl/patches/crypto_Android.mk559
-rw-r--r--app/openssl/patches/ssl_Android.mk98
-rwxr-xr-xapp/openssl/patches/testssl.sh77
5 files changed, 860 insertions, 0 deletions
diff --git a/app/openssl/patches/README b/app/openssl/patches/README
new file mode 100644
index 00000000..54b6e068
--- /dev/null
+++ b/app/openssl/patches/README
@@ -0,0 +1,39 @@
+progs.patch:
+
+Fixup sources under the apps/ directory that are not built under the android environment.
+
+
+small_records.patch:
+
+Reduce OpenSSL memory consumption.
+SSL records may be as large as 16K, but are typically < 2K. In
+addition, a historic bug in Windows allowed records to be as large
+32K. OpenSSL statically allocates read and write buffers (34K and
+18K respectively) used for processing records.
+With this patch, OpenSSL statically allocates 4K + 4K buffers, with
+the option of dynamically growing buffers to 34K + 4K, which is a
+saving of 44K per connection for the typical case.
+
+
+handshake_cutthrough.patch
+
+Enables SSL3+ clients to send application data immediately following the
+Finished message even when negotiating full-handshakes. With this patch,
+clients can negotiate SSL connections in 1-RTT even when performing
+full-handshakes.
+
+jsse.patch
+
+Support for JSSE implementation based on OpenSSL.
+
+npn.patch
+
+Transport Layer Security (TLS) Next Protocol Negotiation Extension
+
+sslv3_uninit_padding.patch
+
+This patch sets the padding for SSLv3 block ciphers to zero.
+
+sha1_armv4_large.patch
+
+This patch eliminates memory stores to addresses below SP.
diff --git a/app/openssl/patches/apps_Android.mk b/app/openssl/patches/apps_Android.mk
new file mode 100644
index 00000000..20cc5a9d
--- /dev/null
+++ b/app/openssl/patches/apps_Android.mk
@@ -0,0 +1,87 @@
+# Copyright 2006 The Android Open Source Project
+
+LOCAL_PATH:= $(call my-dir)
+
+local_src_files:= \
+ app_rand.c \
+ apps.c \
+ asn1pars.c \
+ ca.c \
+ ciphers.c \
+ crl.c \
+ crl2p7.c \
+ dgst.c \
+ dh.c \
+ dhparam.c \
+ dsa.c \
+ dsaparam.c \
+ ecparam.c \
+ ec.c \
+ enc.c \
+ engine.c \
+ errstr.c \
+ gendh.c \
+ gendsa.c \
+ genpkey.c \
+ genrsa.c \
+ nseq.c \
+ ocsp.c \
+ openssl.c \
+ passwd.c \
+ pkcs12.c \
+ pkcs7.c \
+ pkcs8.c \
+ pkey.c \
+ pkeyparam.c \
+ pkeyutl.c \
+ prime.c \
+ rand.c \
+ req.c \
+ rsa.c \
+ rsautl.c \
+ s_cb.c \
+ s_client.c \
+ s_server.c \
+ s_socket.c \
+ s_time.c \
+ sess_id.c \
+ smime.c \
+ speed.c \
+ spkac.c \
+ verify.c \
+ version.c \
+ x509.c
+
+local_shared_libraries := \
+ libssl \
+ libcrypto
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/include
+
+local_cflags := -DMONOLITH
+
+# These flags omit whole features from the commandline "openssl".
+# However, portions of these features are actually turned on.
+local_cflags += -DOPENSSL_NO_DTLS1
+
+include $(CLEAR_VARS)
+LOCAL_MODULE:= openssl
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := $(local_src_files)
+LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
+LOCAL_C_INCLUDES := $(local_c_includes)
+LOCAL_CFLAGS := $(local_cflags)
+include $(LOCAL_PATH)/../android-config.mk
+include $(BUILD_EXECUTABLE)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE:= openssl
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := $(local_src_files)
+LOCAL_SHARED_LIBRARIES := $(local_shared_libraries)
+LOCAL_C_INCLUDES := $(local_c_includes)
+LOCAL_CFLAGS := $(local_cflags)
+include $(LOCAL_PATH)/../android-config.mk
+include $(BUILD_HOST_EXECUTABLE)
diff --git a/app/openssl/patches/crypto_Android.mk b/app/openssl/patches/crypto_Android.mk
new file mode 100644
index 00000000..6f09fa53
--- /dev/null
+++ b/app/openssl/patches/crypto_Android.mk
@@ -0,0 +1,559 @@
+LOCAL_PATH:= $(call my-dir)
+
+arm_cflags := -DOPENSSL_BN_ASM_MONT -DAES_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM
+arm_src_files := \
+ aes/asm/aes-armv4.s \
+ bn/asm/armv4-mont.s \
+ sha/asm/sha1-armv4-large.s \
+ sha/asm/sha256-armv4.s \
+ sha/asm/sha512-armv4.s
+non_arm_src_files := aes/aes_core.c
+
+local_src_files := \
+ cryptlib.c \
+ mem.c \
+ mem_clr.c \
+ mem_dbg.c \
+ cversion.c \
+ ex_data.c \
+ cpt_err.c \
+ ebcdic.c \
+ uid.c \
+ o_time.c \
+ o_str.c \
+ o_dir.c \
+ aes/aes_cbc.c \
+ aes/aes_cfb.c \
+ aes/aes_ctr.c \
+ aes/aes_ecb.c \
+ aes/aes_misc.c \
+ aes/aes_ofb.c \
+ aes/aes_wrap.c \
+ asn1/a_bitstr.c \
+ asn1/a_bool.c \
+ asn1/a_bytes.c \
+ asn1/a_d2i_fp.c \
+ asn1/a_digest.c \
+ asn1/a_dup.c \
+ asn1/a_enum.c \
+ asn1/a_gentm.c \
+ asn1/a_i2d_fp.c \
+ asn1/a_int.c \
+ asn1/a_mbstr.c \
+ asn1/a_object.c \
+ asn1/a_octet.c \
+ asn1/a_print.c \
+ asn1/a_set.c \
+ asn1/a_sign.c \
+ asn1/a_strex.c \
+ asn1/a_strnid.c \
+ asn1/a_time.c \
+ asn1/a_type.c \
+ asn1/a_utctm.c \
+ asn1/a_utf8.c \
+ asn1/a_verify.c \
+ asn1/ameth_lib.c \
+ asn1/asn1_err.c \
+ asn1/asn1_gen.c \
+ asn1/asn1_lib.c \
+ asn1/asn1_par.c \
+ asn1/asn_mime.c \
+ asn1/asn_moid.c \
+ asn1/asn_pack.c \
+ asn1/bio_asn1.c \
+ asn1/bio_ndef.c \
+ asn1/d2i_pr.c \
+ asn1/d2i_pu.c \
+ asn1/evp_asn1.c \
+ asn1/f_enum.c \
+ asn1/f_int.c \
+ asn1/f_string.c \
+ asn1/i2d_pr.c \
+ asn1/i2d_pu.c \
+ asn1/n_pkey.c \
+ asn1/nsseq.c \
+ asn1/p5_pbe.c \
+ asn1/p5_pbev2.c \
+ asn1/p8_pkey.c \
+ asn1/t_bitst.c \
+ asn1/t_crl.c \
+ asn1/t_pkey.c \
+ asn1/t_req.c \
+ asn1/t_spki.c \
+ asn1/t_x509.c \
+ asn1/t_x509a.c \
+ asn1/tasn_dec.c \
+ asn1/tasn_enc.c \
+ asn1/tasn_fre.c \
+ asn1/tasn_new.c \
+ asn1/tasn_prn.c \
+ asn1/tasn_typ.c \
+ asn1/tasn_utl.c \
+ asn1/x_algor.c \
+ asn1/x_attrib.c \
+ asn1/x_bignum.c \
+ asn1/x_crl.c \
+ asn1/x_exten.c \
+ asn1/x_info.c \
+ asn1/x_long.c \
+ asn1/x_name.c \
+ asn1/x_nx509.c \
+ asn1/x_pkey.c \
+ asn1/x_pubkey.c \
+ asn1/x_req.c \
+ asn1/x_sig.c \
+ asn1/x_spki.c \
+ asn1/x_val.c \
+ asn1/x_x509.c \
+ asn1/x_x509a.c \
+ bf/bf_cfb64.c \
+ bf/bf_ecb.c \
+ bf/bf_enc.c \
+ bf/bf_ofb64.c \
+ bf/bf_skey.c \
+ bio/b_dump.c \
+ bio/b_print.c \
+ bio/b_sock.c \
+ bio/bf_buff.c \
+ bio/bf_nbio.c \
+ bio/bf_null.c \
+ bio/bio_cb.c \
+ bio/bio_err.c \
+ bio/bio_lib.c \
+ bio/bss_acpt.c \
+ bio/bss_bio.c \
+ bio/bss_conn.c \
+ bio/bss_dgram.c \
+ bio/bss_fd.c \
+ bio/bss_file.c \
+ bio/bss_log.c \
+ bio/bss_mem.c \
+ bio/bss_null.c \
+ bio/bss_sock.c \
+ bn/bn_add.c \
+ bn/bn_asm.c \
+ bn/bn_blind.c \
+ bn/bn_const.c \
+ bn/bn_ctx.c \
+ bn/bn_div.c \
+ bn/bn_err.c \
+ bn/bn_exp.c \
+ bn/bn_exp2.c \
+ bn/bn_gcd.c \
+ bn/bn_gf2m.c \
+ bn/bn_kron.c \
+ bn/bn_lib.c \
+ bn/bn_mod.c \
+ bn/bn_mont.c \
+ bn/bn_mpi.c \
+ bn/bn_mul.c \
+ bn/bn_nist.c \
+ bn/bn_prime.c \
+ bn/bn_print.c \
+ bn/bn_rand.c \
+ bn/bn_recp.c \
+ bn/bn_shift.c \
+ bn/bn_sqr.c \
+ bn/bn_sqrt.c \
+ bn/bn_word.c \
+ buffer/buf_err.c \
+ buffer/buffer.c \
+ comp/c_rle.c \
+ comp/c_zlib.c \
+ comp/comp_err.c \
+ comp/comp_lib.c \
+ conf/conf_api.c \
+ conf/conf_def.c \
+ conf/conf_err.c \
+ conf/conf_lib.c \
+ conf/conf_mall.c \
+ conf/conf_mod.c \
+ conf/conf_sap.c \
+ des/cbc_cksm.c \
+ des/cbc_enc.c \
+ des/cfb64ede.c \
+ des/cfb64enc.c \
+ des/cfb_enc.c \
+ des/des_enc.c \
+ des/des_old.c \
+ des/des_old2.c \
+ des/ecb3_enc.c \
+ des/ecb_enc.c \
+ des/ede_cbcm_enc.c \
+ des/enc_read.c \
+ des/enc_writ.c \
+ des/fcrypt.c \
+ des/fcrypt_b.c \
+ des/ofb64ede.c \
+ des/ofb64enc.c \
+ des/ofb_enc.c \
+ des/pcbc_enc.c \
+ des/qud_cksm.c \
+ des/rand_key.c \
+ des/read2pwd.c \
+ des/rpc_enc.c \
+ des/set_key.c \
+ des/str2key.c \
+ des/xcbc_enc.c \
+ dh/dh_ameth.c \
+ dh/dh_asn1.c \
+ dh/dh_check.c \
+ dh/dh_depr.c \
+ dh/dh_err.c \
+ dh/dh_gen.c \
+ dh/dh_key.c \
+ dh/dh_lib.c \
+ dh/dh_pmeth.c \
+ dsa/dsa_ameth.c \
+ dsa/dsa_asn1.c \
+ dsa/dsa_depr.c \
+ dsa/dsa_err.c \
+ dsa/dsa_gen.c \
+ dsa/dsa_key.c \
+ dsa/dsa_lib.c \
+ dsa/dsa_ossl.c \
+ dsa/dsa_pmeth.c \
+ dsa/dsa_prn.c \
+ dsa/dsa_sign.c \
+ dsa/dsa_vrf.c \
+ dso/dso_dl.c \
+ dso/dso_dlfcn.c \
+ dso/dso_err.c \
+ dso/dso_lib.c \
+ dso/dso_null.c \
+ dso/dso_openssl.c \
+ ec/ec2_mult.c \
+ ec/ec2_smpl.c \
+ ec/ec_ameth.c \
+ ec/ec_asn1.c \
+ ec/ec_check.c \
+ ec/ec_curve.c \
+ ec/ec_cvt.c \
+ ec/ec_err.c \
+ ec/ec_key.c \
+ ec/ec_lib.c \
+ ec/ec_mult.c \
+ ec/ec_pmeth.c \
+ ec/ec_print.c \
+ ec/eck_prn.c \
+ ec/ecp_mont.c \
+ ec/ecp_nist.c \
+ ec/ecp_smpl.c \
+ ecdh/ech_err.c \
+ ecdh/ech_key.c \
+ ecdh/ech_lib.c \
+ ecdh/ech_ossl.c \
+ ecdsa/ecs_asn1.c \
+ ecdsa/ecs_err.c \
+ ecdsa/ecs_lib.c \
+ ecdsa/ecs_ossl.c \
+ ecdsa/ecs_sign.c \
+ ecdsa/ecs_vrf.c \
+ err/err.c \
+ err/err_all.c \
+ err/err_prn.c \
+ evp/bio_b64.c \
+ evp/bio_enc.c \
+ evp/bio_md.c \
+ evp/bio_ok.c \
+ evp/c_all.c \
+ evp/c_allc.c \
+ evp/c_alld.c \
+ evp/digest.c \
+ evp/e_aes.c \
+ evp/e_bf.c \
+ evp/e_des.c \
+ evp/e_des3.c \
+ evp/e_null.c \
+ evp/e_old.c \
+ evp/e_rc2.c \
+ evp/e_rc4.c \
+ evp/e_rc5.c \
+ evp/e_xcbc_d.c \
+ evp/encode.c \
+ evp/evp_acnf.c \
+ evp/evp_enc.c \
+ evp/evp_err.c \
+ evp/evp_key.c \
+ evp/evp_lib.c \
+ evp/evp_pbe.c \
+ evp/evp_pkey.c \
+ evp/m_dss.c \
+ evp/m_dss1.c \
+ evp/m_ecdsa.c \
+ evp/m_md4.c \
+ evp/m_md5.c \
+ evp/m_mdc2.c \
+ evp/m_null.c \
+ evp/m_ripemd.c \
+ evp/m_sha1.c \
+ evp/m_sigver.c \
+ evp/m_wp.c \
+ evp/names.c \
+ evp/p5_crpt.c \
+ evp/p5_crpt2.c \
+ evp/p_dec.c \
+ evp/p_enc.c \
+ evp/p_lib.c \
+ evp/p_open.c \
+ evp/p_seal.c \
+ evp/p_sign.c \
+ evp/p_verify.c \
+ evp/pmeth_fn.c \
+ evp/pmeth_gn.c \
+ evp/pmeth_lib.c \
+ hmac/hm_ameth.c \
+ hmac/hm_pmeth.c \
+ hmac/hmac.c \
+ krb5/krb5_asn.c \
+ lhash/lh_stats.c \
+ lhash/lhash.c \
+ md4/md4_dgst.c \
+ md4/md4_one.c \
+ md5/md5_dgst.c \
+ md5/md5_one.c \
+ modes/cbc128.c \
+ modes/cfb128.c \
+ modes/ctr128.c \
+ modes/ofb128.c \
+ objects/o_names.c \
+ objects/obj_dat.c \
+ objects/obj_err.c \
+ objects/obj_lib.c \
+ objects/obj_xref.c \
+ ocsp/ocsp_asn.c \
+ ocsp/ocsp_cl.c \
+ ocsp/ocsp_err.c \
+ ocsp/ocsp_ext.c \
+ ocsp/ocsp_ht.c \
+ ocsp/ocsp_lib.c \
+ ocsp/ocsp_prn.c \
+ ocsp/ocsp_srv.c \
+ ocsp/ocsp_vfy.c \
+ pem/pem_all.c \
+ pem/pem_err.c \
+ pem/pem_info.c \
+ pem/pem_lib.c \
+ pem/pem_oth.c \
+ pem/pem_pk8.c \
+ pem/pem_pkey.c \
+ pem/pem_seal.c \
+ pem/pem_sign.c \
+ pem/pem_x509.c \
+ pem/pem_xaux.c \
+ pem/pvkfmt.c \
+ pkcs12/p12_add.c \
+ pkcs12/p12_asn.c \
+ pkcs12/p12_attr.c \
+ pkcs12/p12_crpt.c \
+ pkcs12/p12_crt.c \
+ pkcs12/p12_decr.c \
+ pkcs12/p12_init.c \
+ pkcs12/p12_key.c \
+ pkcs12/p12_kiss.c \
+ pkcs12/p12_mutl.c \
+ pkcs12/p12_npas.c \
+ pkcs12/p12_p8d.c \
+ pkcs12/p12_p8e.c \
+ pkcs12/p12_utl.c \
+ pkcs12/pk12err.c \
+ pkcs7/pk7_asn1.c \
+ pkcs7/pk7_attr.c \
+ pkcs7/pk7_doit.c \
+ pkcs7/pk7_lib.c \
+ pkcs7/pk7_mime.c \
+ pkcs7/pk7_smime.c \
+ pkcs7/pkcs7err.c \
+ rand/md_rand.c \
+ rand/rand_egd.c \
+ rand/rand_err.c \
+ rand/rand_lib.c \
+ rand/rand_unix.c \
+ rand/randfile.c \
+ rc2/rc2_cbc.c \
+ rc2/rc2_ecb.c \
+ rc2/rc2_skey.c \
+ rc2/rc2cfb64.c \
+ rc2/rc2ofb64.c \
+ rc4/rc4_enc.c \
+ rc4/rc4_skey.c \
+ ripemd/rmd_dgst.c \
+ ripemd/rmd_one.c \
+ rsa/rsa_ameth.c \
+ rsa/rsa_asn1.c \
+ rsa/rsa_chk.c \
+ rsa/rsa_eay.c \
+ rsa/rsa_err.c \
+ rsa/rsa_gen.c \
+ rsa/rsa_lib.c \
+ rsa/rsa_none.c \
+ rsa/rsa_null.c \
+ rsa/rsa_oaep.c \
+ rsa/rsa_pk1.c \
+ rsa/rsa_pmeth.c \
+ rsa/rsa_prn.c \
+ rsa/rsa_pss.c \
+ rsa/rsa_saos.c \
+ rsa/rsa_sign.c \
+ rsa/rsa_ssl.c \
+ rsa/rsa_x931.c \
+ sha/sha1_one.c \
+ sha/sha1dgst.c \
+ sha/sha256.c \
+ sha/sha512.c \
+ sha/sha_dgst.c \
+ stack/stack.c \
+ ts/ts_err.c \
+ txt_db/txt_db.c \
+ ui/ui_compat.c \
+ ui/ui_err.c \
+ ui/ui_lib.c \
+ ui/ui_openssl.c \
+ ui/ui_util.c \
+ x509/by_dir.c \
+ x509/by_file.c \
+ x509/x509_att.c \
+ x509/x509_cmp.c \
+ x509/x509_d2.c \
+ x509/x509_def.c \
+ x509/x509_err.c \
+ x509/x509_ext.c \
+ x509/x509_lu.c \
+ x509/x509_obj.c \
+ x509/x509_r2x.c \
+ x509/x509_req.c \
+ x509/x509_set.c \
+ x509/x509_trs.c \
+ x509/x509_txt.c \
+ x509/x509_v3.c \
+ x509/x509_vfy.c \
+ x509/x509_vpm.c \
+ x509/x509cset.c \
+ x509/x509name.c \
+ x509/x509rset.c \
+ x509/x509spki.c \
+ x509/x509type.c \
+ x509/x_all.c \
+ x509v3/pcy_cache.c \
+ x509v3/pcy_data.c \
+ x509v3/pcy_lib.c \
+ x509v3/pcy_map.c \
+ x509v3/pcy_node.c \
+ x509v3/pcy_tree.c \
+ x509v3/v3_akey.c \
+ x509v3/v3_akeya.c \
+ x509v3/v3_alt.c \
+ x509v3/v3_bcons.c \
+ x509v3/v3_bitst.c \
+ x509v3/v3_conf.c \
+ x509v3/v3_cpols.c \
+ x509v3/v3_crld.c \
+ x509v3/v3_enum.c \
+ x509v3/v3_extku.c \
+ x509v3/v3_genn.c \
+ x509v3/v3_ia5.c \
+ x509v3/v3_info.c \
+ x509v3/v3_int.c \
+ x509v3/v3_lib.c \
+ x509v3/v3_ncons.c \
+ x509v3/v3_ocsp.c \
+ x509v3/v3_pci.c \
+ x509v3/v3_pcia.c \
+ x509v3/v3_pcons.c \
+ x509v3/v3_pku.c \
+ x509v3/v3_pmaps.c \
+ x509v3/v3_prn.c \
+ x509v3/v3_purp.c \
+ x509v3/v3_skey.c \
+ x509v3/v3_sxnet.c \
+ x509v3/v3_utl.c \
+ x509v3/v3err.c
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/crypto/asn1 \
+ external/openssl/crypto/evp \
+ external/openssl/include \
+ external/openssl/include/openssl \
+ external/zlib
+
+local_c_flags := -DNO_WINDOWS_BRAINDEATH
+
+#######################################
+# target static library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags)
+LOCAL_C_INCLUDES += $(local_c_includes)
+ifeq ($(TARGET_ARCH),arm)
+ LOCAL_SRC_FILES += $(arm_src_files)
+ LOCAL_CFLAGS += $(arm_cflags)
+else
+ LOCAL_SRC_FILES += $(non_arm_src_files)
+endif
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto_static
+include $(BUILD_STATIC_LIBRARY)
+
+#######################################
+# target shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+# Use the NDK prebuilt libz and libdl.
+LOCAL_LDFLAGS += -lz -ldl
+else
+LOCAL_SHARED_LIBRARIES += libz libdl
+endif
+
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags)
+LOCAL_C_INCLUDES += $(local_c_includes)
+ifeq ($(TARGET_ARCH),arm)
+ LOCAL_SRC_FILES += $(arm_src_files)
+ LOCAL_CFLAGS += $(arm_cflags)
+else
+ LOCAL_SRC_FILES += $(non_arm_src_files)
+endif
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto
+include $(BUILD_SHARED_LIBRARY)
+
+#######################################
+# host shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags) -DPURIFY
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SRC_FILES += $(non_arm_src_files)
+LOCAL_STATIC_LIBRARIES += libz
+LOCAL_LDLIBS += -ldl
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto
+include $(BUILD_HOST_SHARED_LIBRARY)
+
+########################################
+# host static library, which is used by some SDK tools.
+
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_CFLAGS += $(local_c_flags) -DPURIFY
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SRC_FILES += $(non_arm_src_files)
+LOCAL_STATIC_LIBRARIES += libz
+LOCAL_LDLIBS += -ldl
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libcrypto_static
+include $(BUILD_HOST_STATIC_LIBRARY)
diff --git a/app/openssl/patches/ssl_Android.mk b/app/openssl/patches/ssl_Android.mk
new file mode 100644
index 00000000..487aabbc
--- /dev/null
+++ b/app/openssl/patches/ssl_Android.mk
@@ -0,0 +1,98 @@
+LOCAL_PATH:= $(call my-dir)
+
+local_c_includes := \
+ external/openssl \
+ external/openssl/include \
+ external/openssl/crypto
+
+local_src_files:= \
+ s2_meth.c \
+ s2_srvr.c \
+ s2_clnt.c \
+ s2_lib.c \
+ s2_enc.c \
+ s2_pkt.c \
+ s3_meth.c \
+ s3_srvr.c \
+ s3_clnt.c \
+ s3_lib.c \
+ s3_enc.c \
+ s3_pkt.c \
+ s3_both.c \
+ s23_meth.c \
+ s23_srvr.c \
+ s23_clnt.c \
+ s23_lib.c \
+ s23_pkt.c \
+ t1_meth.c \
+ t1_srvr.c \
+ t1_clnt.c \
+ t1_lib.c \
+ t1_enc.c \
+ t1_reneg.c \
+ ssl_lib.c \
+ ssl_err2.c \
+ ssl_cert.c \
+ ssl_sess.c \
+ ssl_ciph.c \
+ ssl_stat.c \
+ ssl_rsa.c \
+ ssl_asn1.c \
+ ssl_txt.c \
+ ssl_algs.c \
+ bio_ssl.c \
+ ssl_err.c \
+ kssl.c
+
+#######################################
+# target static library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl_static
+include $(BUILD_STATIC_LIBRARY)
+
+#######################################
+# target shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+
+ifneq ($(TARGET_ARCH),x86)
+LOCAL_NDK_VERSION := 5
+LOCAL_SDK_VERSION := 9
+endif
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES += libcrypto
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl
+include $(BUILD_SHARED_LIBRARY)
+
+#######################################
+# host shared library
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES += $(local_src_files)
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES += libcrypto
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE:= libssl
+include $(BUILD_HOST_SHARED_LIBRARY)
+
+#######################################
+# ssltest
+include $(CLEAR_VARS)
+include $(LOCAL_PATH)/../android-config.mk
+LOCAL_SRC_FILES:= ssltest.c
+LOCAL_C_INCLUDES += $(local_c_includes)
+LOCAL_SHARED_LIBRARIES := libssl libcrypto
+LOCAL_MODULE:= ssltest
+LOCAL_MODULE_TAGS := optional
+include $(BUILD_EXECUTABLE)
diff --git a/app/openssl/patches/testssl.sh b/app/openssl/patches/testssl.sh
new file mode 100755
index 00000000..cd560928
--- /dev/null
+++ b/app/openssl/patches/testssl.sh
@@ -0,0 +1,77 @@
+#!/bin/bash
+#
+# Copyright (C) 2010 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# Android testssl.sh driver script for openssl's testssl
+#
+# based on openssl's test/testss script and test/Makefile's test_ssl target
+#
+
+set -e
+trap "echo Exiting on unexpected error." ERR
+
+device=/sdcard/android.testssl
+
+digest='-sha1'
+reqcmd="adb shell /system/bin/openssl req"
+x509cmd="adb shell /system/bin/openssl x509 $digest"
+
+CAkey="$device/keyCA.ss"
+CAcert="$device/certCA.ss"
+CAreq="$device/reqCA.ss"
+CAconf="$device/CAss.cnf"
+
+Uconf="$device/Uss.cnf"
+Ureq="$device/reqU.ss"
+Ukey="$device/keyU.ss"
+Ucert="$device/certU.ss"
+
+echo
+echo "setting up"
+adb remount
+adb shell rm -r $device
+adb shell mkdir $device
+
+echo
+echo "pushing test files to device"
+adb push . $device
+
+echo
+echo "make a certificate request using 'req'"
+adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
+req_new='-new'
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
+
+echo
+echo "convert the certificate request into a self signed certificate using 'x509'"
+$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
+
+echo
+echo "make a user certificate request using 'req'"
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
+
+echo
+echo "sign user certificate request with the just created CA via 'x509'"
+$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
+
+echo
+echo "running testssl"
+./testssl $Ukey $Ucert $CAcert
+
+echo
+echo "cleaning up"
+adb shell rm -r $device