Adding SSL_set_cipher_lists and turning on elliptic curve
Summary:
- adding SSL_set_cipher_lists for JSSE support
- enabling elliptic curve for new JSSE cipher suites
Details:
Adding SSL_set_cipher_lists that allows setting of SSL ciphers (and
indirectly ciphers_by_id). This allows us to explicitly set a desired
cipher suite lists with our own ordering for JSSE support.
patches/jsse.patch
Enabling EC, ECDH, and ECDSA which are needed for RI 6 elliptic curve cipher suites.
- EC = Elliptic Curve
- ECDH = Elliptic Curve Diffie-Hellman
- ECDSA = Elliptic Curve Digital Signature Algorithm
android-config.mk
patches/apps_Android.mk
patches/crypto_Android.mk
openssl.config
Remove warning from openssl output to remove testssl warnings
patches/progs.patch
openssl.config
Misc
Update clean, build, and test instructions
README.android
Fixing whitespace inconsistency noted when updating clean target
patches/ssl_Android.mk
Generated files
Copied from patches:
apps/Android.mk
crypto/Android.mk
ssl/Android.mk
Newly imported EC files from openssl-1.0.0.tar.gz
Interestingly most of the needed files were already present, if not compiled.
crypto/ec/ec_ameth.c
crypto/ec/ec_pmeth.c
crypto/ec/eck_prn.c
SSL_set_cipher_lists
include/openssl/ssl.h
ssl/ssl.h
ssl/ssl_lib.c
Disabled warning
apps/openssl.c
Change-Id: I9edc9da2ea65d7d8e55257300a5978638a3e472d
diff --git a/ssl/ssl.h b/ssl/ssl.h
index e48f42e..f9e34ec 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1512,6 +1512,7 @@
BIO * SSL_get_wbio(const SSL *s);
#endif
int SSL_set_cipher_list(SSL *s, const char *str);
+int SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
void SSL_set_read_ahead(SSL *s, int yes);
int SSL_get_verify_mode(const SSL *s);
int SSL_get_verify_depth(const SSL *s);