Support for Signal calls.

Merge in RedPhone // FREEBIE
2025-11-10 11:44:25 +00:00 · 2015-09-09 13:54:29 -07:00
parent 3d4ae60d81
commit d83a3d71bc
2585 changed files with 803492 additions and 45 deletions
--- a/jni/openssl/patches/0016-ecdhe_psk_part2.patch
+++ b/jni/openssl/patches/0016-ecdhe_psk_part2.patch
@@ -0,0 +1,100 @@
+From cf389e16d8dc49e97c0b13ea3a1c373c6f6f94bd Mon Sep 17 00:00:00 2001
+From: Adam Langley <agl@chromium.org>
+Date: Wed, 4 Jun 2014 10:59:32 -0700
+Subject: ECDHE-PSK_AES-CBC-SHA_cipher_suites
+
+Add ECDHE-PSK AES-CBC-SHA cipher suites from RFC 5489.
+Remove ECDHE-PSK AES-CBC-SHA2 cipher suites from RFC 5489 because
+they cannot be used with SSLv3 and there's no way to express that in
+OpenSSL's configuration.
+---
+ ssl/s3_lib.c | 25 ++++++++++++-------------
+ ssl/tls1.h   | 14 ++++++++------
+ 2 files changed, 20 insertions(+), 19 deletions(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index f84da7f..e016fc8 100644
+--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
+@@ -2828,35 +2828,34 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
+ 
+ #ifndef OPENSSL_NO_PSK
+     /* ECDH PSK ciphersuites from RFC 5489 */
+-
+-	/* Cipher C037 */
+	/* Cipher C035 */
+ 	{
+ 	1,
+-	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+-	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+	TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+	TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+ 	SSL_kEECDH,
+ 	SSL_aPSK,
+ 	SSL_AES128,
+-	SSL_SHA256,
+	SSL_SHA1,
+ 	SSL_TLSV1,
+-	SSL_NOT_EXP|SSL_HIGH,
+-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA256,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 	128,
+ 	128,
+ 	},
+ 
+-	/* Cipher C038 */
+	/* Cipher C036 */
+ 	{
+ 	1,
+-	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+-	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+	TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+	TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+ 	SSL_kEECDH,
+ 	SSL_aPSK,
+ 	SSL_AES256,
+-	SSL_SHA384,
+	SSL_SHA1,
+ 	SSL_TLSV1,
+-	SSL_NOT_EXP|SSL_HIGH,
+-	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF_SHA384,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 	256,
+ 	256,
+ 	},
+diff --git a/ssl/tls1.h b/ssl/tls1.h
+index ec8948d..51d073d 100644
+--- a/ssl/tls1.h
+++ b/ssl/tls1.h
+@@ -531,9 +531,11 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+ #define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+ #define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+ 
+-/* ECDHE PSK ciphersuites from RFC 5489 */
+-#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0x0300C037
+-#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0x0300C038
+/* ECDHE PSK ciphersuites from RFC5489
+ * SHA-2 cipher suites are omitted because they cannot be used safely with
+ * SSLv3. */
+#define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
+#define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
+ 
+ /* XXX
+  * Inconsistency alert:
+@@ -686,9 +688,9 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+ #define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+ #define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
+ 
+-/* ECDHE PSK ciphersuites from RFC 5489 */
+-#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256  "ECDHE-PSK-WITH-AES-128-CBC-SHA256"
+-#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384  "ECDHE-PSK-WITH-AES-256-CBC-SHA384"
+/* ECDHE PSK ciphersuites from RFC5489 */
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA         "ECDHE-PSK-AES128-CBC-SHA"
+#define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA         "ECDHE-PSK-AES256-CBC-SHA"
+ 
+ #define TLS_CT_RSA_SIGN			1
+ #define TLS_CT_DSS_SIGN			2
+-- 
+2.0.0.526.g5318336