2e1be9d876e8c5554f91afee914641f323eebd4c |
|
27-Jun-2014 |
rich cannings <richc@google.com> |
Log CCS exceptions do not merge. Unlike the previous CL, this uses reflection for android.os.Process and android.util.EventLog throughout. (cherry picked from commit 35b1f354ec2b647966a198ffed932d82eb8eeb5b) Bug: 15452942 Change-Id: I34b9eaedf1f1e450b1f8004887bb0482601d789e
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
b860016f415dfc5655dcee45f70e8871a2e3edfe |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove Change-Id: Iea7c633eb68df576bf72314ff5ce31bc8094d9ce
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
6456f02c68008928011daa0dbbbbebf882fad5c8 |
|
27-Jun-2014 |
Rich Cannings <richc@google.com> |
Revert "Log OpenSSL CCS errors" This reverts commit b1599520cdcdda73babffc051590a2dd25cd50be. Some build targets (e.g. git_dalvik-dev) do not have API-1 Android APIs available, like android.os.Process and android.util.EventLog. Investigating. Change-Id: Iddce3f445be0502d1afa4f8244a7b8867721613e
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
b1599520cdcdda73babffc051590a2dd25cd50be |
|
19-Jun-2014 |
rich cannings <richc@google.com> |
Log OpenSSL CCS errors Bug: 15452942 Change-Id: I49e7bad6a65c70e113324c02fc23315cff168f5b
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
ae2ecac00779167b0381c48da7c612567d1c646f |
|
30-May-2014 |
Alex Klyubin <klyubin@google.com> |
SSLParametersImpl is the source of enabled cipher suites and protocols. An instance of SSLParametersImpl is associated with SSLContext and is then cloned into any SSLSocketFactory, SSLServerSocketFactory, SSLSocket, SSLServerSocket, and SSLEngine. This CL ensures that all these primitives obtain their list of enabled cipher suites and protocols from their instance of SSLParametersImpl. Bug: 15073623 Change-Id: I40bf32e8654b299518ec0e77c3218a0790d9c4fd
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
01cce891dd313a0fb9d4694283f2a13fb5c43afe |
|
09-May-2014 |
Alex Klyubin <klyubin@google.com> |
Expose support for TLS-PSK. TLS-PSK (Pre-Shared Key) is a set of TLS/SSL cipher suites that use symmetric (pre-shared) keys for mutual authentication of peers. These cipher suites are in some scenarios more suitable than those based on public key cryptography and X.509. See RFC 4279 (Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)) for more information. OpenSSL currently supports only the following PSK cipher suites: * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 * TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_AES_128_CBC_SHA * TLS_PSK_WITH_AES_256_CBC_SHA * TLS_PSK_WITH_RC4_128_SHA The last four cipher suites mutually authenticate the peers and secure the connection using a pre-shared symmetric key. These cipher suites do not provide Forward Secrecy -- once the pre-shared key is compromised, all previous communications secured with that key can be decrypted. The first two cipher suites combine the pre-shared symmetric key with an ephemeral key obtained from an ECDH key exchange performed during the TLS/SSL handshake, thus providing Forward Secrecy. Users of TLS-PSK are expected to provide an implementation of PSKKeyManager to SSLContext.init and then enable at least one PSK cipher suite in SSLSocket/SSLEngine. Bug: 15073623 Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
3e46e4ee56c8e37158f46941dedd5b436d724baa |
|
23-May-2014 |
Kenny Root <kroot@google.com> |
Unbundle: hacks to let Conscrypt compile standalone This is the first pass at getting Conscrypt to compile standalone. It works fine in apps currently. There are a few TODOs to fix. Change-Id: I9b43ba12c55e04c8897ccacf38979ca671a55a26
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
d985f665de7a6b0a92f36dd7d6e5550b6f98946e |
|
28-Apr-2014 |
Elliott Hughes <enh@google.com> |
Finish switching to android.system.Os. Looks like I missed one last time... Change-Id: Ib009e87493b36fc815166c44ce3c3a532aa5cd82
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
bcad63e381c5326a526a078ac17b8580874495b0 |
|
24-Apr-2014 |
Elliott Hughes <enh@google.com> |
Track libcore.os' move towards the light. Change-Id: Id41fb809eb764ce60f6d3cecf5715a57af432027
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
0dd7db8b85dfd8ad5d16d239432b9852450dc78f |
|
22-Apr-2014 |
Kenny Root <kroot@google.com> |
Add back missing sslSession Accidentally removed during refactor. Change-Id: I4295af935b269ec7ea91f1d1d140f32188e15e64
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
f878e438660d93f8689b864165230492e7a412d4 |
|
08-Nov-2013 |
Kenny Root <kroot@google.com> |
Add OpenSSLEngineImpl Add support for SSLEngine via OpenSSL APIs. Currently this supports just the basic SSLEngine functionality. It can be improved in efficiency and performance, but it appears not to leak anything and be correct according to our test suites. Change-Id: Iea2dc3922e7c30e26daca38361877bd2f88ae668
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
3c072fb087eaa1a363fc673c60f5ef65390e356f |
|
07-Nov-2013 |
Kenny Root <kroot@google.com> |
Refactor OpenSSLSocketImpl Move functionality that will be shared with OpenSSL's SSLEngine implementation out of OpenSSLSocketImpl and into the (soon-to-be) shared SSLParametersImpl. The functionality should stay the same. Change-Id: If8faa3ad2c9c73c0a0cd4b9716639b362b2b26a1
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
f111f6235d016ce54ab95a2c634a400efe29f24b |
|
31-Mar-2014 |
Kenny Root <kroot@google.com> |
Remove SSLEngineImpl This is replaced by OpenSSL-backed SSLEngineImpl. Change-Id: I7b51f6fa772e431c6283008535bfec90821d0bef
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
f8a9b546d57c4731805e73e1e96ff2fb3e77d6e0 |
|
31-Mar-2014 |
Kenny Root <kroot@google.com> |
ALPN: change socket calls to SSL_set_alpn_protos Calling SSL_CTX_set_alpn_protos appears to be detrimental to thread safety since the implementation of it resets the values. It's not idempotent to call it multiple times like SSL_CTX_enable_npn. Bug: https://code.google.com/p/android/issues/detail?id=67940 Change-Id: I09ed9e75d08528300b86201c3e847b26702d4284
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
d2cced8b10f5e4f600a5eb9464eba0da7c8f09de |
|
20-Mar-2014 |
Kenny Root <kroot@google.com> |
Use the new endpointVerificationAlgorithm API Use the new X509ExtendedTrustManager and use the new getEndpointVerificationAlgorithm to check the hostname during the handshake. Bug: 13103812 Change-Id: Id0a74d4ef21a7d7c90357a111f99b09971e535d0
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
02fb0575e69baf7e1bf58508e6a01a202f6d0524 |
|
21-Mar-2014 |
Kenny Root <kroot@google.com> |
Allow verification failures to send SSL alert Before we were relying on our pending exception to abort the SSL handshake, but the SSL alert was not sent to the server. This enables peer verification in the OpenSSL to send the alerts and cut the handshake off earlier. In OpenSSL, the ssl/s3_clnt.c had code that only sent an alert if verify mode was not SSL_VERIFY_NONE. Since we're handling all the verification during the callback, we can special case anything we want to do for anonymous ciphers in the callback. Change-Id: I6c8fd0d0c6402e29ef3cb5fc5156eef2f4191ff0
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
8d63ff1384e46407a7618df2b79b2b455795c396 |
|
19-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Support TLS/SSL without X509TrustManager or X509KeyManager. This makes TLS/SSL primitives operate as expected when no X509TrustManager or X509KeyManager is provided. Instead of blowing up with KeyManagementException or NullPointerException (or similar) when X509TrustManager or X509KeyManager is not provided, this CL makes SSLContext.init accept such setup, and makes SSLSocket and SSLEngine reject certificate chains, select no private keys/aliases, and accept no certificate issuers. Bug: 13563574 Change-Id: I8de58377a09025258357dd4da9f6cb1b6f2dab80
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
7dd8d0b433cf8212538aaaf8726f5222abf035dd |
|
09-Dec-2013 |
Matteo Franchin <matteo.franchin@arm.com> |
AArch64: Use long for pointers in Java sources. Fixing some mistakes in the JNI signatures: some pointers were passed via jint rather than jlong. Change-Id: I6120cc5742c8429a9e0fddda715b5169d820d31a Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
16c041fa20ef70221f487631f07eaf53d39ae51c |
|
06-Dec-2013 |
Kenny Root <kroot@google.com> |
Make some methods public for CTS Some methods are called from CTS. The ClassLoaders are different, so we need to make these public so we don't get any IllegalAccessError during CTS tests. Change-Id: I5ac7931694fb1eceb86ae306fca07fb314643fa9
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
2d089e18deae231149737cad6ce00f1e137a7199 |
|
21-Nov-2013 |
Alex Klyubin <klyubin@google.com> |
Stop depending on CipherSuite in OpenSSL-backed sockets. This is in preparation for removing Harmony-backed TLS/SSL implementations. Change-Id: Ic108e16d086fb99b69f0a4e4faeb816dc50a7643
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
57ef6334828dfb4f7f6834ddddf5a0ac61f1a4d0 |
|
07-Nov-2013 |
Kenny Root <kroot@google.com> |
Use SNI hostname for session caching The session caching wasn't paying attention to the requested SNI hostname when finding cached sessions. This checks the requested SNI hostname in an attempt to get the correct hostname from the cache. Change-Id: If3dbc64f11377a615389de9774c4061d1c92b997
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
f06338c01394610174fe2b3532beac56d61d9e26 |
|
07-Nov-2013 |
Kenny Root <kroot@google.com> |
Random cleanups of old code style Add @Override annotation, remove unused imports, and remove unnecessary casts. Also make sure annotations are on a line by themselves. Change-Id: I294b43353d7b1e77fd1c9d031af7b7062f024eee
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
f087968310bb5233b76ad42841eb07e3c327f40f |
|
05-Nov-2013 |
Alex Klyubin <klyubin@google.com> |
BEAST attack mitigation for OpenSSL-backed SSLSockets. This enables 1/n-1 record splitting for SSLSocket instances backed by OpenSSL. OpenSSL change: https://android-review.googlesource.com/#/c/69253/ Bug: 11514124 Change-Id: I3fef273edd417c51c5723d290656d2e03331d68a
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
8db22531f59b33539647ab95bb76354212d3866a |
|
18-Oct-2013 |
Narayan Kamath <narayan@google.com> |
Tidy up locking in OpenSSLSocketImpl. We guard all state with a single lock "stateLock", which replaces usages of "this" and "handshakeLock". We do not perform any blocking operations while holding this lock. In particular, startHandshake is no longer synchronized. We use a single integer to keep track of handshake state instead of a pair of booleans. Also fix a bug in getSession, the previous implementation wouldn't work in cut-through mode. This fixes a deadlock in SSLSocketTest_interrupt. Change-Id: I9aef991e0579d4094e287dde8e521d09d6468c51
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
0e9746b7b132058651155b33f219c7789997985b |
|
13-Sep-2013 |
Kenny Root <kroot@google.com> |
Conscrypt: use certificate references in SSL code Instead of marshalling and unmarshalling to ASN.1 DER, just use references to OpenSSL X509 objects everywhere applicable. Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
69c9293abd67eee175870a81f9ee24d7bd6acb50 |
|
10-Sep-2013 |
Brian Carlstrom <bdc@google.com> |
Some cleanup while investigating test_SSLSocket_interrupt Bug: 10681815 Change-Id: If9a76f4c55b578c6f135befebcc443ab9aef3073
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
8f367eb2a6725f13d4b88419450d58f989a29fa8 |
|
24-Jul-2013 |
Kenny Root <kroot@google.com> |
Delay SSLSocketImpl instantiation until needed Class preloading will create an instance of objects if they are in static fields, so put the ones we don't want instantiated into a holder class that is not preloaded. (cherry picked from commit da5b7116b58795b169961cbd63c2b21bac741d9a) Bug: 9984058 Change-Id: If8cb4280cbee79cd4d479fbf6a5297c8e5569b6c
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
8fa35332bfd0c9fe19d2b75622b56b25f62f7b2a |
|
17-Jul-2013 |
Brian Carlstrom <bdc@google.com> |
Call SSL_use_certificate before SSL_use_PrivateKey Bug: https://code.google.com/p/android/issues/detail?id=54433 Change-Id: Icf39b98802e2c6128e79c44eaf2cabc7b4805cc5
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
6fcf0cbeec79d1f2491d8d0774fdb314fc419ba3 |
|
25-Jun-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: Add ALPN support This adds the ability to use Application-Layer Protocol Negotiation (ALPN) as both a client and a server. ALPN is essentially like Next Protocol Negotiation (NPN) but negotiation is done in the clear. This allows the use of other protocols on the same port (e.g., SPDY instead of HTTP on port 80). Although previously clients using NPN were able to use cut-through, the new ALPN API does not provide for a way for a client to enable that during a callback. So the only difference is that NPN clients can enable SSL False Start while ALPN clients cannot currently. Change-Id: I42ff70f3711e9cccaf754d189f76eeaa9db5f981
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
1ecc0481f90d32b89b3b051cad70efe07468acd0 |
|
03-May-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: move key conversion to Java Key type conversion in native code is from the legacy period before the OpenSSLKey class existed. Use that to hold PKEY reference instead of converting it in native code. Change-Id: I84e9a6e1f2e0f95d2f44c18fa9f65cd15e039d63
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
3ff2b34d00ea89eec5b895d866fddf05942fd2a7 |
|
03-May-2013 |
Kenny Root <kroot@google.com> |
Move encoding method out of NativeCrypto Move the encoding method for X.509 out of NativeCrypto to the class that uses it. Change-Id: I57198101553f309c04b5e757716d1d807eb99a90
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|
860d2707ce126ef8f66e3eac7ceeab6d24218cd8 |
|
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Move JSSE to new package To help with shipping the JSSE with apps that want to bundle it, move it to a new package so that the tangles in other parts of the library can be untangled. Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLSocketImpl.java
|