Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / ad880030f0e8576c14b4ca332fe8b4f23257bc6d^! / . / patches
commitad880030f0e8576c14b4ca332fe8b4f23257bc6d[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Fri May 14 11:42:48 2010 -0700
committerBrian Carlstrom <bdc@google.com>Fri May 14 11:52:11 2010 -0700
treef1c41b3727529d395df36e789115d9541e2c1a2f
parente296ea5cc0cd651d068eaf59a1552d07ea18b7c0 [diff]
Adding SSL_set_cipher_lists and turning on elliptic curve

Summary:
- adding SSL_set_cipher_lists for JSSE support
- enabling elliptic curve for new JSSE cipher suites

Details:

Adding SSL_set_cipher_lists that allows setting of SSL ciphers (and
indirectly ciphers_by_id). This allows us to explicitly set a desired
cipher suite lists with our own ordering for JSSE support.

	patches/jsse.patch

Enabling EC, ECDH, and ECDSA which are needed for RI 6 elliptic curve cipher suites.
- EC    = Elliptic Curve
- ECDH  = Elliptic Curve Diffie-Hellman
- ECDSA = Elliptic Curve Digital Signature Algorithm

	android-config.mk
	patches/apps_Android.mk
	patches/crypto_Android.mk
	openssl.config

Remove warning from openssl output to remove testssl warnings

	patches/progs.patch
	openssl.config

Misc

   Update clean, build, and test instructions

	README.android

   Fixing whitespace inconsistency noted when updating clean target

	patches/ssl_Android.mk

Generated files

   Copied from patches:

	apps/Android.mk
	crypto/Android.mk
	ssl/Android.mk

   Newly imported EC files from openssl-1.0.0.tar.gz
   Interestingly most of the needed files were already present, if not compiled.

	crypto/ec/ec_ameth.c
	crypto/ec/ec_pmeth.c
	crypto/ec/eck_prn.c

   SSL_set_cipher_lists

	include/openssl/ssl.h
	ssl/ssl.h
	ssl/ssl_lib.c

   Disabled warning

	apps/openssl.c

Change-Id: I9edc9da2ea65d7d8e55257300a5978638a3e472d

diff --git a/patches/apps_Android.mk b/patches/apps_Android.mk
index a908806..e9f215c 100644
--- a/patches/apps_Android.mk
+++ b/patches/apps_Android.mk

@@ -17,6 +17,7 @@
 	dsa.c \
 	dsaparam.c \
 	ecparam.c \
+	ec.c \
 	enc.c \
 	engine.c \
 	errstr.c \
@@ -64,7 +65,7 @@
 
 # These flags omit whole features from the commandline "openssl".
 # However, portions of these features are actually turned on.
-LOCAL_CFLAGS += -DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_DTLS1
+LOCAL_CFLAGS += -DOPENSSL_NO_DTLS1
 
 
 LOCAL_MODULE:= openssl

diff --git a/patches/crypto_Android.mk b/patches/crypto_Android.mk
index 14bac8e..cb2dfd4 100644
--- a/patches/crypto_Android.mk
+++ b/patches/crypto_Android.mk

@@ -226,6 +226,33 @@
 	dso/dso_openssl.c \
 	dso/dso_vms.c \
 	dso/dso_win32.c \
+	ec/ec2_mult.c \
+	ec/ec2_smpl.c \
+	ec/ec_ameth.c \
+	ec/ec_asn1.c \
+	ec/ec_check.c \
+	ec/ec_curve.c \
+	ec/ec_cvt.c \
+	ec/ec_err.c \
+	ec/ec_key.c \
+	ec/ec_lib.c \
+	ec/ec_mult.c \
+	ec/ec_pmeth.c \
+	ec/ec_print.c \
+	ec/eck_prn.c \
+	ec/ecp_mont.c \
+	ec/ecp_nist.c \
+	ec/ecp_smpl.c \
+	ecdh/ech_err.c \
+	ecdh/ech_key.c \
+	ecdh/ech_lib.c \
+	ecdh/ech_ossl.c \
+	ecdsa/ecs_asn1.c \
+	ecdsa/ecs_err.c \
+	ecdsa/ecs_lib.c \
+	ecdsa/ecs_ossl.c \
+	ecdsa/ecs_sign.c \
+	ecdsa/ecs_vrf.c \
 	err/err.c \
 	err/err_all.c \
 	err/err_prn.c \
@@ -256,6 +283,7 @@
 	evp/evp_pkey.c \
 	evp/m_dss.c \
 	evp/m_dss1.c \
+	evp/m_ecdsa.c \
 	evp/m_md2.c \
 	evp/m_md4.c \
 	evp/m_md5.c \

diff --git a/patches/jsse.patch b/patches/jsse.patch
index f1c14a8..b0ae319 100644
--- a/patches/jsse.patch
+++ b/patches/jsse.patch

@@ -10,7 +10,15 @@
  	/* Default generate session ID callback. */
  	GEN_SESSION_CB generate_session_id;
  
-@@ -1559,6 +1571,7 @@ int	SSL_SESSION_print(BIO *fp,const SSL_
+@@ -1500,6 +1512,7 @@ BIO *	SSL_get_rbio(const SSL *s);
+ BIO *	SSL_get_wbio(const SSL *s);
+ #endif
+ int	SSL_set_cipher_list(SSL *s, const char *str);
++int	SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
+ void	SSL_set_read_ahead(SSL *s, int yes);
+ int	SSL_get_verify_mode(const SSL *s);
+ int	SSL_get_verify_depth(const SSL *s);
+@@ -1559,6 +1572,7 @@ int	SSL_SESSION_print(BIO *fp,const SSL_
  void	SSL_SESSION_free(SSL_SESSION *ses);
  int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
  int	SSL_set_session(SSL *to, SSL_SESSION *session);
@@ -18,7 +26,7 @@
  int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
  int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
  int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-@@ -2204,6 +2217,7 @@ void ERR_load_SSL_strings(void);
+@@ -2204,6 +2218,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
  #define SSL_R_SERVERHELLO_TLSEXT			 275
  #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
@@ -27,7 +35,7 @@
  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
 --- openssl-1.0.0.orig/ssl/d1_clnt.c	2010-01-26 11:46:29.000000000 -0800
-+++ openssl-1.0.0/ssl/d1_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/d1_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s)
  #endif
  			(s->session->not_resumable))
@@ -42,7 +50,7 @@
  				goto err;
  			}
 --- openssl-1.0.0.orig/ssl/s23_clnt.c	2010-02-16 06:20:40.000000000 -0800
-+++ openssl-1.0.0/ssl/s23_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s23_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s
  
  	/* Since, if we are sending a ssl23 client hello, we are not
@@ -58,7 +66,7 @@
  		goto err;
  
 --- openssl-1.0.0.orig/ssl/s3_clnt.c	2010-02-27 16:24:24.000000000 -0800
-+++ openssl-1.0.0/ssl/s3_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s3_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -621,6 +668,12 @@ int ssl3_client_hello(SSL *s)
  #endif
  			(sess->not_resumable))
@@ -86,7 +94,7 @@
  				{
  				al=SSL_AD_INTERNAL_ERROR;
 --- openssl-1.0.0.orig/ssl/s3_srvr.c	2010-02-27 15:04:10.000000000 -0800
-+++ openssl-1.0.0/ssl/s3_srvr.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s3_srvr.c	2010-05-12 22:07:36.000000000 -0700
 @@ -869,6 +869,12 @@ int ssl3_get_client_hello(SSL *s)
  	 */
  	if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
@@ -114,7 +122,7 @@
  				goto err;
  			}
 --- openssl-1.0.0.orig/ssl/ssl_err.c	2010-01-06 09:37:38.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_err.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_err.c	2010-05-12 22:07:36.000000000 -0700
 @@ -462,6 +462,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
  {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
  {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
@@ -124,7 +132,7 @@
  {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
  {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
 --- openssl-1.0.0.orig/ssl/ssl_lib.c	2010-02-17 11:43:46.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_lib.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_lib.c	2010-05-12 22:07:36.000000000 -0700
 @@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx)
  	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
  	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
@@ -133,8 +141,41 @@
  	s->generate_session_id=ctx->generate_session_id;
  
  	s->param = X509_VERIFY_PARAM_new();
+@@ -1303,6 +1304,32 @@ int SSL_set_cipher_list(SSL *s,const cha
+ 	return 1;
+ 	}
+ 
++/** specify the ciphers to be used by the SSL */
++int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
++	{
++	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
++
++	if (sk == NULL)
++		return 0;
++
++        /* Based on end of ssl_create_cipher_list */
++	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
++	if (tmp_cipher_list == NULL)
++		{
++		return 0;
++		}
++	if (s->cipher_list != NULL)
++		sk_SSL_CIPHER_free(s->cipher_list);
++	s->cipher_list = sk;
++	if (s->cipher_list_by_id != NULL)
++		sk_SSL_CIPHER_free(s->cipher_list_by_id);
++	s->cipher_list_by_id = tmp_cipher_list;
++	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
++
++	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
++	return 1;
++	}
++
+ /* works well for SSLv2, not so good for SSLv3 */
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ 	{
 --- openssl-1.0.0.orig/ssl/ssl_sess.c	2010-02-01 08:49:42.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_sess.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_sess.c	2010-05-12 22:07:36.000000000 -0700
 @@ -261,6 +261,11 @@ static int def_generate_session_id(const
  	return 0;
  }

diff --git a/patches/progs.patch b/patches/progs.patch
index d7b794c..f82ea66 100644
--- a/patches/progs.patch
+++ b/patches/progs.patch

@@ -1,5 +1,18 @@
+--- openssl-1.0.0.orig/apps/openssl.c	2009-10-04 09:43:21.000000000 -0700
++++ openssl-1.0.0/apps/openssl.c	2010-05-14 11:50:23.000000000 -0700
+@@ -275,8 +275,10 @@ int main(int Argc, char *Argv[])
+ 		if (ERR_GET_REASON(ERR_peek_last_error())
+ 		    == CONF_R_NO_SUCH_FILE)
+ 			{
++#if 0 /* ANDROID */
+ 			BIO_printf(bio_err,
+ 				   "WARNING: can't open config file: %s\n",p);
++#endif
+ 			ERR_clear_error();
+ 			NCONF_free(config);
+ 			config = NULL;
 --- openssl-1.0.0.orig/apps/progs.h	2009-06-30 08:08:38.000000000 -0700
-+++ openssl-1.0.0/apps/progs.h	2010-04-14 14:19:31.000000000 -0700
++++ openssl-1.0.0/apps/progs.h	2010-05-14 11:50:23.000000000 -0700
 @@ -43,7 +43,9 @@ extern int spkac_main(int argc,char *arg
  extern int smime_main(int argc,char *argv[]);
  extern int rand_main(int argc,char *argv[]);
@@ -44,7 +57,7 @@
  	{FUNC_TYPE_MD,"md2",dgst_main},
  #endif
 --- openssl-1.0.0.orig/apps/speed.c	2010-03-03 11:56:17.000000000 -0800
-+++ openssl-1.0.0/apps/speed.c	2010-04-13 16:53:43.000000000 -0700
++++ openssl-1.0.0/apps/speed.c	2010-05-14 11:50:23.000000000 -0700
 @@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv)
  			}
  		}

diff --git a/patches/ssl_Android.mk b/patches/ssl_Android.mk
index 6544fc5..ec6e78d 100644
--- a/patches/ssl_Android.mk
+++ b/patches/ssl_Android.mk

@@ -60,7 +60,7 @@
 
 # ssltest
 
-LOCAL_SRC_FILES:=ssltest.c
+LOCAL_SRC_FILES:= ssltest.c
 
 LOCAL_C_INCLUDES += $(local_c_includes)
 
@@ -68,7 +68,7 @@
 
 include $(LOCAL_PATH)/../android-config.mk
 
-LOCAL_MODULE:=ssltest
+LOCAL_MODULE:= ssltest
 
 LOCAL_MODULE_TAGS := optional