diff options
author | Arne Schwabe <arne@rfc2549.org> | 2015-04-15 00:17:26 +0200 |
---|---|---|
committer | Arne Schwabe <arne@rfc2549.org> | 2015-04-15 00:20:23 +0200 |
commit | c3ae4aaac9f0b168aed063d3e86c5196608eaba1 (patch) | |
tree | 1a18e7d8751d4dd3682d82d12c8441b335112984 /main/openssl/patches | |
parent | 5e42114d22faefe7c272b1b498fdf5640da494c7 (diff) |
Move more to git, add submodules, fix build script, change hgignore to gitignore
Diffstat (limited to 'main/openssl/patches')
m--------- | main/openssl | 0 | ||||
-rw-r--r-- | main/openssl/patches/README | 82 | ||||
-rwxr-xr-x | main/openssl/patches/testssl.sh | 77 |
3 files changed, 0 insertions, 159 deletions
diff --git a/main/openssl b/main/openssl new file mode 160000 +Subproject 4d377a9ce111930d8a8f06dc0e94a892a7f6c51 diff --git a/main/openssl/patches/README b/main/openssl/patches/README deleted file mode 100644 index 53444701..00000000 --- a/main/openssl/patches/README +++ /dev/null @@ -1,82 +0,0 @@ -progs.patch: - -Fixup sources under the apps/ directory that are not built under the android environment. - - -handshake_cutthrough.patch - -Enables SSL3+ clients to send application data immediately following the -Finished message even when negotiating full-handshakes. With this patch, -clients can negotiate SSL connections in 1-RTT even when performing -full-handshakes. - -jsse.patch - -Support for JSSE implementation based on OpenSSL. - -channelid.patch - -Implements TLS Channel ID support as both a client and a server. -See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00. - -eng_dyn_dirs.patch - -Fixes the case of having multiple DIR_ADD commands sent to eng_dyn - -fix_clang_build.patch - -Fixes the Clang based build. - -tls12_digests.patch - -Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA -keys. - -alpn.patch - -This change adds support for ALPN in OpenSSL. ALPN is the IETF -blessed version of NPN and we'll be supporting both ALPN and NPN for -some time yet. - -cbc_record_splitting.patch - -BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1 -record splitting. Record splitting is disabled by default. - -dsa_nonce.patch - -Adds an option to mix in hash of message and private key into (EC)DSA nonces to -make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature -is disabled by default. - -ecdhe_psk.patch - -Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites. - -ecdhe_psk_part2.patch - -Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with -SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds -SHA-1 based ECDHE-PSK AES-CBC cipher suites instead. - -arm_asm.patch - -Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8 -Based on branch available at: -https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches -c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730 - -tls_psk_hint.patch - -Fixes issues with TLS-PSK identity hint implementation where -per-connection/session and per-context hints were being mixed up. - -psk_client_callback_128_byte_id_bug.patch - -Fixes the issue where it was impossible to return a 128 byte long PSK identity -(the maximum supported length) from psk_client_callback. - -tls_fallback_scsv.patch - -Adds the signalling cipher suite value (SCSV) from -https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 diff --git a/main/openssl/patches/testssl.sh b/main/openssl/patches/testssl.sh deleted file mode 100755 index cd560928..00000000 --- a/main/openssl/patches/testssl.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2010 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Android testssl.sh driver script for openssl's testssl -# -# based on openssl's test/testss script and test/Makefile's test_ssl target -# - -set -e -trap "echo Exiting on unexpected error." ERR - -device=/sdcard/android.testssl - -digest='-sha1' -reqcmd="adb shell /system/bin/openssl req" -x509cmd="adb shell /system/bin/openssl x509 $digest" - -CAkey="$device/keyCA.ss" -CAcert="$device/certCA.ss" -CAreq="$device/reqCA.ss" -CAconf="$device/CAss.cnf" - -Uconf="$device/Uss.cnf" -Ureq="$device/reqU.ss" -Ukey="$device/keyU.ss" -Ucert="$device/certU.ss" - -echo -echo "setting up" -adb remount -adb shell rm -r $device -adb shell mkdir $device - -echo -echo "pushing test files to device" -adb push . $device - -echo -echo "make a certificate request using 'req'" -adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd" -req_new='-new' -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new - -echo -echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca - -echo -echo "make a user certificate request using 'req'" -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new - -echo -echo "sign user certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee - -echo -echo "running testssl" -./testssl $Ukey $Ucert $CAcert - -echo -echo "cleaning up" -adb shell rm -r $device |