From c3ae4aaac9f0b168aed063d3e86c5196608eaba1 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 15 Apr 2015 00:17:26 +0200 Subject: Move more to git, add submodules, fix build script, change hgignore to gitignore --- main/openssl | 1 + main/openssl/patches/README | 82 ----------------------------------------- main/openssl/patches/testssl.sh | 77 -------------------------------------- 3 files changed, 1 insertion(+), 159 deletions(-) create mode 160000 main/openssl delete mode 100644 main/openssl/patches/README delete mode 100755 main/openssl/patches/testssl.sh (limited to 'main/openssl/patches') diff --git a/main/openssl b/main/openssl new file mode 160000 index 00000000..4d377a9c --- /dev/null +++ b/main/openssl @@ -0,0 +1 @@ +Subproject commit 4d377a9ce111930d8a8f06dc0e94a892a7f6c516 diff --git a/main/openssl/patches/README b/main/openssl/patches/README deleted file mode 100644 index 53444701..00000000 --- a/main/openssl/patches/README +++ /dev/null @@ -1,82 +0,0 @@ -progs.patch: - -Fixup sources under the apps/ directory that are not built under the android environment. - - -handshake_cutthrough.patch - -Enables SSL3+ clients to send application data immediately following the -Finished message even when negotiating full-handshakes. With this patch, -clients can negotiate SSL connections in 1-RTT even when performing -full-handshakes. - -jsse.patch - -Support for JSSE implementation based on OpenSSL. - -channelid.patch - -Implements TLS Channel ID support as both a client and a server. -See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00. - -eng_dyn_dirs.patch - -Fixes the case of having multiple DIR_ADD commands sent to eng_dyn - -fix_clang_build.patch - -Fixes the Clang based build. - -tls12_digests.patch - -Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA -keys. - -alpn.patch - -This change adds support for ALPN in OpenSSL. ALPN is the IETF -blessed version of NPN and we'll be supporting both ALPN and NPN for -some time yet. - -cbc_record_splitting.patch - -BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1 -record splitting. Record splitting is disabled by default. - -dsa_nonce.patch - -Adds an option to mix in hash of message and private key into (EC)DSA nonces to -make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature -is disabled by default. - -ecdhe_psk.patch - -Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites. - -ecdhe_psk_part2.patch - -Removes ECHDE-PSK cipher suites with SHA-2 because they cannot be used with -SSLv3 (and there's no way to express that in OpenSSL's configuration). Adds -SHA-1 based ECDHE-PSK AES-CBC cipher suites instead. - -arm_asm.patch - -Adds newer ARM assembly pack with BSAES for ARMv7 and acceleration for ARMv8 -Based on branch available at: -https://git.linaro.org/people/ard.biesheuvel/openssl.git/shortlog/refs/heads/openssl-1.0.1f-with-arm-patches -c7b582ef23eb6f4386664e841e6e406d984c38d3^..cb8b1ab03e5c179a719afe83f03fecb1c2c78730 - -tls_psk_hint.patch - -Fixes issues with TLS-PSK identity hint implementation where -per-connection/session and per-context hints were being mixed up. - -psk_client_callback_128_byte_id_bug.patch - -Fixes the issue where it was impossible to return a 128 byte long PSK identity -(the maximum supported length) from psk_client_callback. - -tls_fallback_scsv.patch - -Adds the signalling cipher suite value (SCSV) from -https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 diff --git a/main/openssl/patches/testssl.sh b/main/openssl/patches/testssl.sh deleted file mode 100755 index cd560928..00000000 --- a/main/openssl/patches/testssl.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash -# -# Copyright (C) 2010 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# -# Android testssl.sh driver script for openssl's testssl -# -# based on openssl's test/testss script and test/Makefile's test_ssl target -# - -set -e -trap "echo Exiting on unexpected error." ERR - -device=/sdcard/android.testssl - -digest='-sha1' -reqcmd="adb shell /system/bin/openssl req" -x509cmd="adb shell /system/bin/openssl x509 $digest" - -CAkey="$device/keyCA.ss" -CAcert="$device/certCA.ss" -CAreq="$device/reqCA.ss" -CAconf="$device/CAss.cnf" - -Uconf="$device/Uss.cnf" -Ureq="$device/reqU.ss" -Ukey="$device/keyU.ss" -Ucert="$device/certU.ss" - -echo -echo "setting up" -adb remount -adb shell rm -r $device -adb shell mkdir $device - -echo -echo "pushing test files to device" -adb push . $device - -echo -echo "make a certificate request using 'req'" -adb shell "echo \"string to make the random number generator think it has entropy\" >> $device/.rnd" -req_new='-new' -$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new - -echo -echo "convert the certificate request into a self signed certificate using 'x509'" -$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca - -echo -echo "make a user certificate request using 'req'" -$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new - -echo -echo "sign user certificate request with the just created CA via 'x509'" -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee - -echo -echo "running testssl" -./testssl $Ukey $Ucert $CAcert - -echo -echo "cleaning up" -adb shell rm -r $device -- cgit v1.2.3