Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / openssl / ad880030f0e8576c14b4ca332fe8b4f23257bc6d^! / . / patches / jsse.patch
commitad880030f0e8576c14b4ca332fe8b4f23257bc6d[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Fri May 14 11:42:48 2010 -0700
committerBrian Carlstrom <bdc@google.com>Fri May 14 11:52:11 2010 -0700
treef1c41b3727529d395df36e789115d9541e2c1a2f
parente296ea5cc0cd651d068eaf59a1552d07ea18b7c0 [diff] [blame]
Adding SSL_set_cipher_lists and turning on elliptic curve

Summary:
- adding SSL_set_cipher_lists for JSSE support
- enabling elliptic curve for new JSSE cipher suites

Details:

Adding SSL_set_cipher_lists that allows setting of SSL ciphers (and
indirectly ciphers_by_id). This allows us to explicitly set a desired
cipher suite lists with our own ordering for JSSE support.

	patches/jsse.patch

Enabling EC, ECDH, and ECDSA which are needed for RI 6 elliptic curve cipher suites.
- EC    = Elliptic Curve
- ECDH  = Elliptic Curve Diffie-Hellman
- ECDSA = Elliptic Curve Digital Signature Algorithm

	android-config.mk
	patches/apps_Android.mk
	patches/crypto_Android.mk
	openssl.config

Remove warning from openssl output to remove testssl warnings

	patches/progs.patch
	openssl.config

Misc

   Update clean, build, and test instructions

	README.android

   Fixing whitespace inconsistency noted when updating clean target

	patches/ssl_Android.mk

Generated files

   Copied from patches:

	apps/Android.mk
	crypto/Android.mk
	ssl/Android.mk

   Newly imported EC files from openssl-1.0.0.tar.gz
   Interestingly most of the needed files were already present, if not compiled.

	crypto/ec/ec_ameth.c
	crypto/ec/ec_pmeth.c
	crypto/ec/eck_prn.c

   SSL_set_cipher_lists

	include/openssl/ssl.h
	ssl/ssl.h
	ssl/ssl_lib.c

   Disabled warning

	apps/openssl.c

Change-Id: I9edc9da2ea65d7d8e55257300a5978638a3e472d

diff --git a/patches/jsse.patch b/patches/jsse.patch
index f1c14a8..b0ae319 100644
--- a/patches/jsse.patch
+++ b/patches/jsse.patch

@@ -10,7 +10,15 @@
  	/* Default generate session ID callback. */
  	GEN_SESSION_CB generate_session_id;
  
-@@ -1559,6 +1571,7 @@ int	SSL_SESSION_print(BIO *fp,const SSL_
+@@ -1500,6 +1512,7 @@ BIO *	SSL_get_rbio(const SSL *s);
+ BIO *	SSL_get_wbio(const SSL *s);
+ #endif
+ int	SSL_set_cipher_list(SSL *s, const char *str);
++int	SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
+ void	SSL_set_read_ahead(SSL *s, int yes);
+ int	SSL_get_verify_mode(const SSL *s);
+ int	SSL_get_verify_depth(const SSL *s);
+@@ -1559,6 +1572,7 @@ int	SSL_SESSION_print(BIO *fp,const SSL_
  void	SSL_SESSION_free(SSL_SESSION *ses);
  int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
  int	SSL_set_session(SSL *to, SSL_SESSION *session);
@@ -18,7 +26,7 @@
  int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
  int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
  int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-@@ -2204,6 +2217,7 @@ void ERR_load_SSL_strings(void);
+@@ -2204,6 +2218,7 @@ void ERR_load_SSL_strings(void);
  #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING		 345
  #define SSL_R_SERVERHELLO_TLSEXT			 275
  #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
@@ -27,7 +35,7 @@
  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
 --- openssl-1.0.0.orig/ssl/d1_clnt.c	2010-01-26 11:46:29.000000000 -0800
-+++ openssl-1.0.0/ssl/d1_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/d1_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s)
  #endif
  			(s->session->not_resumable))
@@ -42,7 +50,7 @@
  				goto err;
  			}
 --- openssl-1.0.0.orig/ssl/s23_clnt.c	2010-02-16 06:20:40.000000000 -0800
-+++ openssl-1.0.0/ssl/s23_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s23_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s
  
  	/* Since, if we are sending a ssl23 client hello, we are not
@@ -58,7 +66,7 @@
  		goto err;
  
 --- openssl-1.0.0.orig/ssl/s3_clnt.c	2010-02-27 16:24:24.000000000 -0800
-+++ openssl-1.0.0/ssl/s3_clnt.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s3_clnt.c	2010-05-12 22:07:36.000000000 -0700
 @@ -621,6 +668,12 @@ int ssl3_client_hello(SSL *s)
  #endif
  			(sess->not_resumable))
@@ -86,7 +94,7 @@
  				{
  				al=SSL_AD_INTERNAL_ERROR;
 --- openssl-1.0.0.orig/ssl/s3_srvr.c	2010-02-27 15:04:10.000000000 -0800
-+++ openssl-1.0.0/ssl/s3_srvr.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/s3_srvr.c	2010-05-12 22:07:36.000000000 -0700
 @@ -869,6 +869,12 @@ int ssl3_get_client_hello(SSL *s)
  	 */
  	if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
@@ -114,7 +122,7 @@
  				goto err;
  			}
 --- openssl-1.0.0.orig/ssl/ssl_err.c	2010-01-06 09:37:38.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_err.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_err.c	2010-05-12 22:07:36.000000000 -0700
 @@ -462,6 +462,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
  {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
  {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
@@ -124,7 +132,7 @@
  {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
  {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
 --- openssl-1.0.0.orig/ssl/ssl_lib.c	2010-02-17 11:43:46.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_lib.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_lib.c	2010-05-12 22:07:36.000000000 -0700
 @@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx)
  	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
  	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
@@ -133,8 +141,41 @@
  	s->generate_session_id=ctx->generate_session_id;
  
  	s->param = X509_VERIFY_PARAM_new();
+@@ -1303,6 +1304,32 @@ int SSL_set_cipher_list(SSL *s,const cha
+ 	return 1;
+ 	}
+ 
++/** specify the ciphers to be used by the SSL */
++int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
++	{
++	STACK_OF(SSL_CIPHER) *tmp_cipher_list;
++
++	if (sk == NULL)
++		return 0;
++
++        /* Based on end of ssl_create_cipher_list */
++	tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
++	if (tmp_cipher_list == NULL)
++		{
++		return 0;
++		}
++	if (s->cipher_list != NULL)
++		sk_SSL_CIPHER_free(s->cipher_list);
++	s->cipher_list = sk;
++	if (s->cipher_list_by_id != NULL)
++		sk_SSL_CIPHER_free(s->cipher_list_by_id);
++	s->cipher_list_by_id = tmp_cipher_list;
++	(void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
++
++	sk_SSL_CIPHER_sort(s->cipher_list_by_id);
++	return 1;
++	}
++
+ /* works well for SSLv2, not so good for SSLv3 */
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ 	{
 --- openssl-1.0.0.orig/ssl/ssl_sess.c	2010-02-01 08:49:42.000000000 -0800
-+++ openssl-1.0.0/ssl/ssl_sess.c	2010-05-03 01:44:52.000000000 -0700
++++ openssl-1.0.0/ssl/ssl_sess.c	2010-05-12 22:07:36.000000000 -0700
 @@ -261,6 +261,11 @@ static int def_generate_session_id(const
  	return 0;
  }