summaryrefslogtreecommitdiff
path: root/main/openssl/patches
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-04-15 00:17:26 +0200
committerArne Schwabe <arne@rfc2549.org>2015-04-15 00:20:23 +0200
commitc3ae4aaac9f0b168aed063d3e86c5196608eaba1 (patch)
tree1a18e7d8751d4dd3682d82d12c8441b335112984 /main/openssl/patches
parent5e42114d22faefe7c272b1b498fdf5640da494c7 (diff)
Move more to git, add submodules, fix build script, change hgignore to gitignore
Diffstat (limited to 'main/openssl/patches')
m---------main/openssl0
-rw-r--r--main/openssl/patches/README82
-rwxr-xr-xmain/openssl/patches/testssl.sh77
3 files changed, 0 insertions, 159 deletions
diff --git a/main/openssl b/main/openssl
new file mode 160000
+Subproject 4d377a9ce111930d8a8f06dc0e94a892a7f6c51
diff --git a/main/openssl/patches/README b/main/openssl/patches/README
deleted file mode 100644
index 53444701..00000000
--- a/main/openssl/patches/README
+++ /dev/null
@@ -1,82 +0,0 @@
-progs.patch:
-
-Fixup sources under the apps/ directory that are not built under the android environment.
-
-
-handshake_cutthrough.patch
-
-Enables SSL3+ clients to send application data immediately following the
-Finished message even when negotiating full-handshakes. With this patch,
-clients can negotiate SSL connections in 1-RTT even when performing
-full-handshakes.
-
-jsse.patch
-
-Support for JSSE implementation based on OpenSSL.
-
-channelid.patch
-
-Implements TLS Channel ID support as both a client and a server.
-See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.
-
-eng_dyn_dirs.patch
-
-Fixes the case of having multiple DIR_ADD commands sent to eng_dyn
-
-fix_clang_build.patch
-
-Fixes the Clang based build.
-
-tls12_digests.patch
-
-Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
-keys.
-
-alpn.patch
-
-This change adds support for ALPN in OpenSSL. ALPN is the IETF
-blessed version of NPN and we'll be supporting both ALPN and NPN for
-some time yet.
-
-cbc_record_splitting.patch
-
-BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
-record splitting. Record splitting is disabled by default.
-
-dsa_nonce.patch
-
-Adds an option to mix in hash of message and private key into (EC)DSA nonces to
-make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
-is disabled by default.
-
-ecdhe_psk.patch
-
-Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.
-
-ecdhe_psk_part2.patch
-
-Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with
-SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds
-SHA-1 based ECDHE-PSK AES-CBC cipher suites instead.
-
-arm_asm.patch
-
-Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8
-Based on branch available at:
-https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches
-c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730
-
-tls_psk_hint.patch
-
-Fixes issues with TLS-PSK identity hint implementation where
-per-connection/session and per-context hints were being mixed up.
-
-psk_client_callback_128_byte_id_bug.patch
-
-Fixes the issue where it was impossible to return a 128 byte long PSK identity
-(the maximum supported length) from psk_client_callback.
-
-tls_fallback_scsv.patch
-
-Adds the signalling cipher suite value (SCSV) from
-https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
diff --git a/main/openssl/patches/testssl.sh b/main/openssl/patches/testssl.sh
deleted file mode 100755
index cd560928..00000000
--- a/main/openssl/patches/testssl.sh
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# Android testssl.sh driver script for openssl's testssl
-#
-# based on openssl's test/testss script and test/Makefile's test_ssl target
-#
-
-set -e
-trap "echo Exiting on unexpected error." ERR
-
-device=/sdcard/android.testssl
-
-digest='-sha1'
-reqcmd="adb shell /system/bin/openssl req"
-x509cmd="adb shell /system/bin/openssl x509 $digest"
-
-CAkey="$device/keyCA.ss"
-CAcert="$device/certCA.ss"
-CAreq="$device/reqCA.ss"
-CAconf="$device/CAss.cnf"
-
-Uconf="$device/Uss.cnf"
-Ureq="$device/reqU.ss"
-Ukey="$device/keyU.ss"
-Ucert="$device/certU.ss"
-
-echo
-echo "setting up"
-adb remount
-adb shell rm -r $device
-adb shell mkdir $device
-
-echo
-echo "pushing test files to device"
-adb push . $device
-
-echo
-echo "make a certificate request using 'req'"
-adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd"
-req_new='-new'
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new
-
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee
-
-echo
-echo "running testssl"
-./testssl $Ukey $Ucert $CAcert
-
-echo
-echo "cleaning up"
-adb shell rm -r $device