From c3ae4aaac9f0b168aed063d3e86c5196608eaba1 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 15 Apr 2015 00:17:26 +0200 Subject: Move more to git, add submodules, fix build script, change hgignore to gitignore --- main/openssl | 1 + main/openssl/android.testssl/CAss.cnf | 76 ------------- main/openssl/android.testssl/Uss.cnf | 36 ------ main/openssl/android.testssl/server2.pem | 52 --------- main/openssl/android.testssl/testssl | 187 ------------------------------- main/openssl/android.testssl/testssl.sh | 77 ------------- 6 files changed, 1 insertion(+), 428 deletions(-) create mode 160000 main/openssl delete mode 100644 main/openssl/android.testssl/CAss.cnf delete mode 100644 main/openssl/android.testssl/Uss.cnf delete mode 100644 main/openssl/android.testssl/server2.pem delete mode 100755 main/openssl/android.testssl/testssl delete mode 100755 main/openssl/android.testssl/testssl.sh (limited to 'main/openssl/android.testssl') diff --git a/main/openssl b/main/openssl new file mode 160000 index 00000000..4d377a9c --- /dev/null +++ b/main/openssl @@ -0,0 +1 @@ +Subproject commit 4d377a9ce111930d8a8f06dc0e94a892a7f6c516 diff --git a/main/openssl/android.testssl/CAss.cnf b/main/openssl/android.testssl/CAss.cnf deleted file mode 100644 index 77c01c30..00000000 --- a/main/openssl/android.testssl/CAss.cnf +++ /dev/null @@ -1,76 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /sdcard/android.testssl/.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha1 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -commonName = Common Name (eg, YOUR name) -commonName_value = Dodgy CA - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = v3_ca # The extentions to add to the cert - -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. -preserve = no # keep passed DN ordering - -policy = policy_anything - -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - - - -[ v3_ca ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always -basicConstraints = CA:true,pathlen:1 -keyUsage = cRLSign, keyCertSign -issuerAltName=issuer:copy diff --git a/main/openssl/android.testssl/Uss.cnf b/main/openssl/android.testssl/Uss.cnf deleted file mode 100644 index 317ab6de..00000000 --- a/main/openssl/android.testssl/Uss.cnf +++ /dev/null @@ -1,36 +0,0 @@ -# -# SSLeay example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /sdcard/android.testssl/.rnd - -#################################################################### -[ req ] -default_bits = 2048 -default_keyfile = keySS.pem -distinguished_name = req_distinguished_name -encrypt_rsa_key = no -default_md = sha256 - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = AU -countryName_value = AU - -organizationName = Organization Name (eg, company) -organizationName_value = Dodgy Brothers - -0.commonName = Common Name (eg, YOUR name) -0.commonName_value = Brother 1 - -1.commonName = Common Name (eg, YOUR name) -1.commonName_value = Brother 2 - -[ v3_ee ] -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always -basicConstraints = CA:false -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -issuerAltName=issuer:copy - diff --git a/main/openssl/android.testssl/server2.pem b/main/openssl/android.testssl/server2.pem deleted file mode 100644 index a3927cf7..00000000 --- a/main/openssl/android.testssl/server2.pem +++ /dev/null @@ -1,52 +0,0 @@ -subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert #2 -issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA ------BEGIN CERTIFICATE----- -MIID6jCCAtKgAwIBAgIJALnu1NlVpZ60MA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV -BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT -VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZzELMAkG -A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU -RVNUSU5HIFBVUlBPU0VTIE9OTFkxHDAaBgNVBAMME1Rlc3QgU2VydmVyIENlcnQg -IzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrdi7j9yctG+L4EjBy -gjPmEqZzOJEQba26MoQGzglU7e5Xf59Rb/hgVQuKAoiZe7/R8rK4zJ4W7iXdXw0L -qBpyG8B5aGKeI32w+A9TcBApoXXL2CrYQEQjZwUIpLlYBIi2NkJj3nVkq5dgl1gO -ALiQ+W8jg3kzg5Ec9rimp9r93N8wsSL3awsafurmYCvOf7leHaMP1WJ/zDRGUNHG -/WtDjXc8ZUG1+6EXU9Jc2Fs+2Omf7fcN0l00AK/wPg8OaNS0rKyGq9JdIT9FRGV1 -bXe/rx58FaE5CItdwCSYhJvF/O95LWQoxJXye5bCFLmvDTEyVq9FMSCptfsmbXjE -ZGsXAgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJ -YIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1Ud -DgQWBBR52UaWWTKzZGDH/X4mWNcuqeQVazAfBgNVHSMEGDAWgBQ2w2yI55X+sL3s -zj49hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEANBW+XYLlHBqVY/31ie+3gRlS -LPfy4SIqn0t3RJjagT29MXprblBO2cbMO8VGjkQdKGpmMXjxbht2arOOUXRHX4n/ -XTyn/QHEf0bcwIITMReO3DZUPAEw8hSjn9xEOM0IRVOCP+mH5fi74QzzQaZVCyYg -5VtLKdww/+sc0nCbKl2KWgDluriH0nfVx95qgW3mg9dhXRr0zmf1w2zkBHYpARYL -Dew6Z8EE4tS3HJu8/qM6meWzNtrfonQ3eiiMxjZBxzV46jchBwa2z9XYhP6AmpPb -oeTSzcQNbWsxaGYzWo46oLDUZmJOwSBawbS31bZNMCoPIY6ukoesCzFSsUKZww== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEA63Yu4/cnLRvi+BIwcoIz5hKmcziREG2tujKEBs4JVO3uV3+f -UW/4YFULigKImXu/0fKyuMyeFu4l3V8NC6gachvAeWhiniN9sPgPU3AQKaF1y9gq -2EBEI2cFCKS5WASItjZCY951ZKuXYJdYDgC4kPlvI4N5M4ORHPa4pqfa/dzfMLEi -92sLGn7q5mArzn+5Xh2jD9Vif8w0RlDRxv1rQ413PGVBtfuhF1PSXNhbPtjpn+33 -DdJdNACv8D4PDmjUtKyshqvSXSE/RURldW13v68efBWhOQiLXcAkmISbxfzveS1k -KMSV8nuWwhS5rw0xMlavRTEgqbX7Jm14xGRrFwIDAQABAoIBAHLsTPihIfLnYIE5 -x4GsQQ5zXeBw5ITDM37ktwHnQDC+rIzyUl1aLD1AZRBoKinXd4lOTqLZ4/NHKx4A -DYr58mZtWyUmqLOMmQVuHXTZBlp7XtYuXMMNovQwjQlp9LicBeoBU6gQ5PVMtubD -F4xGF89Sn0cTHW3iMkqTtQ5KcR1j57OcJO0FEb1vPvk2MXI5ZyAatUYE7YacbEzd -rg02uIwx3FqNSkuSI79uz4hMdV5TPtuhxx9nTwj9aLUhXFeZ0mn2PVgVzEnnMoJb -+znlsZDgzDlJqdaD744YGWh8Z3OEssB35KfzFcdOeO6yH8lmv2Zfznk7pNPT7LTb -Lae9VgkCgYEA92p1qnAB3NtJtNcaW53i0S5WJgS1hxWKvUDx3lTB9s8X9fHpqL1a -E94fDfWzp/hax6FefUKIvBOukPLQ6bYjTMiFoOHzVirghAIuIUoMI5VtLhwD1hKs -Lr7l/dptMgKb1nZHyXoKHRBthsy3K4+udsPi8TzMvYElgEqyQIe/Rk0CgYEA86GL -8HC6zLszzKERDPBxrboRmoFvVUCTQDhsfj1M8aR3nQ8V5LkdIJc7Wqm/Ggfk9QRf -rJ8M2WUMlU5CNnCn/KCrKzCNZIReze3fV+HnKdbcXGLvgbHPrhnz8yYehUFG+RGq -bVyDWRU94T38izy2s5qMYrMJWZEYyXncSPbfcPMCgYAtaXfxcZ+V5xYPQFARMtiX -5nZfggvDoJuXgx0h3tK/N2HBfcaSdzbaYLG4gTmZggc/jwnl2dl5E++9oSPhUdIG -3ONSFUbxsOsGr9PBvnKd8WZZyUCXAVRjPBzAzF+whzQNWCZy/5htnz9LN7YDI9s0 -5113Q96cheDZPFydZY0hHQKBgQDVbEhNukM5xCiNcu+f2SaMnLp9EjQ4h5g3IvaP -5B16daw/Dw8LzcohWboqIxeAsze0GD/D1ZUJAEd0qBjC3g+a9BjefervCjKOzXng -38mEUm+6EwVjJSQcjSmycEs+Sr/kwr/8i5WYvU32+jk4tFgMoC+o6tQe/Uesf68k -z/dPVwKBgGbF7Vv1/3SmhlOy+zYyvJ0CrWtKxH9QP6tLIEgEpd8x7YTSuCH94yok -kToMXYA3sWNPt22GbRDZ+rcp4c7HkDx6I6vpdP9aQEwJTp0EPy0sgWr2XwYmreIQ -NFmkk8Itn9EY2R9VBaP7GLv5kvwxDdLAnmwGmzVtbmaVdxCaBwUk ------END RSA PRIVATE KEY----- diff --git a/main/openssl/android.testssl/testssl b/main/openssl/android.testssl/testssl deleted file mode 100755 index 66b87361..00000000 --- a/main/openssl/android.testssl/testssl +++ /dev/null @@ -1,187 +0,0 @@ -#!/bin/sh - -if [ "$1" = "" ]; then - key=../apps/server.pem -else - key="$1" -fi -if [ "$2" = "" ]; then - cert=../apps/server.pem -else - cert="$2" -fi -ssltest="adb shell /system/bin/ssltest -key $key -cert $cert -c_key $key -c_cert $cert" - -if adb shell /system/bin/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then - dsa_cert=YES -else - dsa_cert=NO -fi - -if [ "$3" = "" ]; then - CA="-CApath ../certs" -else - CA="-CAfile $3" -fi - -if [ "$4" = "" ]; then - extra="" -else - extra="$4" -fi - -############################################################################# - -echo test sslv2 -$ssltest -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication -$ssltest -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication - $ssltest -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication - $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 -$ssltest -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication -$ssltest -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication -$ssltest -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication -$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 -$ssltest $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication -$ssltest -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication -$ssltest -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough -$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1 - -echo test sslv2 via BIO pair -$ssltest -bio_pair -ssl2 $extra || exit 1 - -echo test sslv2 with server authentication via BIO pair -$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo test sslv2 with client authentication via BIO pair - $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 - - echo test sslv2 with both client and server authentication via BIO pair - $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 -fi - -echo test sslv3 via BIO pair -$ssltest -bio_pair -ssl3 $extra || exit 1 - -echo test sslv3 with server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 - -echo test sslv3 with client authentication via BIO pair -$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 - -echo test sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 via BIO pair -$ssltest $extra || exit 1 - -if [ $dsa_cert = NO ]; then - echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair' - $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1 -fi - -echo test sslv2/sslv3 with 1024bit DHE via BIO pair -$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 - -echo test sslv2/sslv3 with server authentication -$ssltest -bio_pair -server_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with client authentication via BIO pair -$ssltest -bio_pair -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair -$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 - -echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify -$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 - -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `adb shell /system/bin/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do - echo "Testing $cipher" - prot="" - if [ $protocol = "SSLv3" ] ; then - prot="-ssl3" - fi - $ssltest -cipher $cipher $prot - if [ $? -ne 0 ] ; then - echo "Failed $cipher" - exit 1 - fi - done -done - -############################################################################# - -if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then - echo skipping anonymous DH tests -else - echo test tls1 with 1024bit anonymous DH, multiple handshakes - $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 -fi - -if [ `adb shell /system/bin/openssl no-rsa` = no-dh ]; then - echo skipping RSA tests -else - echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' - adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - - if [ `adb shell /system/bin/openssl no-dh` = no-dh ]; then - echo skipping RSA+DHE tests - else - echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - adb shell /system/bin/ssltest -v -bio_pair -tls1 -cert /sdcard/android.testssl/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 - fi -fi - -echo test tls1 with PSK -$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -echo test tls1 with PSK via BIO pair -$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1 - -if adb shell /system/bin/openssl no-srp; then - echo skipping SRP tests -else - echo test tls1 with SRP - $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123 - - echo test tls1 with SRP via BIO pair - $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123 - - echo test tls1 with SRP auth - $ssltest -tls1 -cipher aSRP -srpuser test -srppass abc123 - - echo test tls1 with SRP auth via BIO pair - $ssltest -bio_pair -tls1 -cipher aSRP -srpuser test -srppass abc123 -fi - -exit 0 diff --git a/main/openssl/android.testssl/testssl.sh b/main/openssl/android.testssl/testssl.sh deleted file mode 100755 index cd560928..00000000 --- a/main/openssl/android.testssl/testssl.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2010 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Android testssl.sh driver script for openssl's testssl -# -# based on openssl's test/testss script and test/Makefile's test_ssl target -# - -set -e -trap "echo Exiting on unexpected error." ERR - -device=/sdcard/android.testssl - -digest='-sha1' -reqcmd="adb shell /system/bin/openssl req" -x509cmd="adb shell /system/bin/openssl x509 $digest" - -CAkey="$device/keyCA.ss" -CAcert="$device/certCA.ss" -CAreq="$device/reqCA.ss" -CAconf="$device/CAss.cnf" - -Uconf="$device/Uss.cnf" -Ureq="$device/reqU.ss" -Ukey="$device/keyU.ss" -Ucert="$device/certU.ss" - -echo -echo "setting up" -adb remount -adb shell rm -r $device -adb shell mkdir $device - -echo -echo "pushing test files to device" -adb push . $device - -echo -echo "make a certificate request using 'req'" -adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd" -req_new='-new' -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new - -echo -echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca - -echo -echo "make a user certificate request using 'req'" -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new - -echo -echo "sign user certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee - -echo -echo "running testssl" -./testssl $Ukey $Ucert $CAcert - -echo -echo "cleaning up" -adb shell rm -r $device -- cgit v1.2.3