| 959e25c3aeb8122eb736be64e6aed48f1cf0706f |
|
20-May-2015 |
Kenny Root <kroot@google.com> |
SSL: select the right key type for kx
During the switch to BoringSSL this function was rewritten and it
requested DH public key with RSA signature for a lot of things.
(cherry picked from commit d8606d56b6367d55174527c2206e51b474caf0d2)
Bug: 20641394
Change-Id: Id3880b01ed1810c5d7af9996c48ce45fdf4850f8
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| f79c90d56464e254ce8645f886ec0ca47573ced1 |
|
24-Apr-2015 |
Adam Langley <agl@google.com> |
external/conscrypt: add NativeConstants.
NativeConstants.java is generated by a C program and thus the values
will automatically be kept in sync with the contents of the OpenSSL
headers.
Bug: 20521989
Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 7dab2fdf7cffde2f1b3b9e552c3a3f7c49953f13 |
|
09-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Enable any opaque private keys to be used with TLS/SSL stack.
Prior to this CL, opaque private keys -- those that do not
expose/export their key material -- were not supported by Conscrypt's
SSLSocket, SSLServerSocket and SSLEngine implementations if the keys
were backed by other providers.
This CL fixes this issue. Conscrypt's TLS/SSL stack now works with
arbitrary opaque private keys provided that:
* for EC private key: an installed implementation of NONEwithECDSA
Signature accepts the key for signing; and
* for RSA private key: an installed implementation of NONEwithRSA
Signature accepts the key for signing and an installed
implementation of RSA/ECB/PKCS1Padding Cipher accepts the key for
decryption.
This normally requires that the JCA Provider which produced the
PrivateKey instance expose the above Cipher transformation and
Signature algorithms.
HOW THIS WORKS
The underlying OpenSSL TLS/SSL stack uses the provided private keys
only to decrypt and sign. For opaque private keys these requests are
delegated (same as before, via CryptoUpcalls) to corresponding Cipher
(RSA/ECB/PKCS1Padding) and Signature (NONEwithRSA or NONEwithECDSA)
implementations.
Even when signing and decryption is outsourced, OpenSSL still needs
the modulus (for RSA) and order (for EC), supposedly to estimate
output size of signing or decryption operations. This information is
not available via the PrivateKey interface. However, an opaque private
key may still implement the RSAKey or ECKey interface which provides
access to modulus or order but does not provide access to key
material. Moreover, in all use cases of private keys with Conscrypt's
TLS/SSL stack the modulus or order can be obtained and provided to
OpenSSL. In the case of private keys used for client or server
authentication, the public key of the certificate is used as the
source of the information. In the case of TLS Channel ID, the order is
currently fixed and known (only NIST P-256 is supported).
Bug: 19284418
Change-Id: I8fea2492f9cf48cfc29c3e7d2ee99a68e84e82ec
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 668c1863ff8e20d130f91c5aba123354b229edf6 |
|
11-Mar-2015 |
Kenny Root <kroot@google.com> |
SSLParametersImpl: make some methods public
To help with testing, make some of the methods public so we can call
them from tests in a different ClassLoader.
Bug: 19657440
Change-Id: Ib5cb0629ffb52ac57ff24d9d5c4df1509897bd05
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| c4da67c549b0b711728b2bd1e55401ac21e032ce |
|
22-Dec-2014 |
Kenny Root <kroot@google.com> |
SSLParametersImpl: remove redundant SNI check method
This was the result of a bad merge resurrecting the method that had been
moved to AddressUtils.
Change-Id: I91dcd1bf21e3184bbdef93341d1c34fb0358b768
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 37e58bbef60b18389074d8ef8a8c470e47f3d7ee |
|
25-Nov-2014 |
Kenny Root <kroot@google.com> |
Convert EVP_PKEY to new style
To avoid conflicts in the language spec and how Conscrypt does native
calls, we need to wrap all native references in a Java object reference.
Calling NativeCrypto's static native methods with a raw pointer doesn't
guarantee that the calling object won't be finalized during the method
running.
This pass fixes EVP_PKEY references, but more passes are needed.
Bug: 16656908
Change-Id: I5925da40cb37cd328b3a126404944f771732a43e
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| b221fc936a19284974ba3fa9404bb7a2579f67b9 |
|
20-Nov-2014 |
Kenny Root <kroot@google.com> |
Always default to true for jsse.enableSNIExtension
Since both unbundled and platform agree now, we don't need the call in
Platform.java to check. We should always default to true.
Change-Id: I8fc3257871075b3c4ff128060972b6029ab2f640
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| e53baea9221be7f9828d0f338ede284e22f55722 |
|
13-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Remove support for DSS TLS/SSL cipher suites.
This is in preparation for migration from OpenSSL to BoringSSL.
BoringSSL does not support DSS.
DSS cipher suites are used by a vanishingly tiny fraction of the
Android ecosystem. In all cases, the server's SSL certificate is
self-signed (rather than CA issued), making it easy to switch to
a new self-signed certificate which is based on RSA or ECDSA.
Bug: 17409664
Change-Id: I91067ca9df764edd2b7820e5dec995f24f3910a1
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| b9bfe69f1c205ab67a03e10a01e2cc90871a0879 |
|
18-Nov-2014 |
Alex Klyubin <klyubin@google.com> |
Fix null elements in X509KeyManager.chooseClientAlias keyTypes.
This fixes an issue where client certificate types requested by the
server from the client, but not known by the client, manifest
themselves as null elements in X509KeyManager.chooseClientAlias
keyTypes argument.
The root cause was that for each element in the
CertificateRequest.certificate_types array an element was output into
the keyTypes array. For unknown values of certificate_type, a null
was output.
This CL fixes the issue by ignoring unknown values in
certificate_types array.
Bug: 18414726
Change-Id: I8565e19a610c0ecfb7cab1b7707c335e0eeb8d89
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| dee4e55cf84abc70ffa01cd6941576267b48b824 |
|
31-Oct-2014 |
Kenny Root <kroot@google.com> |
Remove SSLv3 from default protocols list for TLS
SSLv3 has some systemic problems demonstrated by the POODLE attack.
Disable it by default when "TLS" is requested since the documentation
in Java Standard Names allows us to not support SSL when TLS is
requested.
Bug: 17136008
Change-Id: Icad1639c7e33b6e495f452a5289b0d20b819d679
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 0b4bf3b34c15be6a7b3e02b4b4855049af183580 |
|
31-Oct-2014 |
Alex Klyubin <klyubin@google.com> |
Support duck-typed PSKKeyManager instances in SSLContext.init.
On some platforms there are multiple classes defining the
PSKKeyManager interface. At the moment, SSLContext.init does not
handle this situation.
This CL makes SSLContext.init treat KeyManager instances which expose
all the methods of PSKKeyManager interface as implementing this
interface. This duck-typing is achieved via Reflection.
Change-Id: I8a3146a9cabb3f951c95ca6d86d72589e0344fc1
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 966ae8a6e12f3235b1cb041e687bda11b41fe4eb |
|
18-Aug-2014 |
Kenny Root <kroot@google.com> |
Read property to enable SNI
Read the system property "jsse.enableSNIExtension" on whether to enable
Server Name Indication (SNI) extension. For unbundled builds, this will
be enabled by default. For platform builds, this will be disabled by
default.
Bug: 16658420
Bug: 17059757
Change-Id: I774f5406bf3fe601a42c4ef5e708b31800147eb9
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 342097db97a9b2736531033b2c4b4d8ce4998c67 |
|
20-Aug-2014 |
Kenny Root <kroot@google.com> |
Validate hostname is usable for SNI
According to RFC 6066 section 3, the hostname listed in the Server Name
Indication (SNI) field is a fully qualified domain name and IP
addresses are not permitted.
Bug: 16658420
Bug: 17059757
Change-Id: I804e46b6e66599b2770f0f4f0534467987e51208
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| cc2ef2e2e9ee64f2e0ac2abc7fdf636e2f81fa5e |
|
20-Aug-2014 |
Kenny Root <kroot@google.com> |
Rename hostname fields and methods to reflect usage
The hostname that was supplied when the socket was created is stored as
the "peerHostname" This is the only one that should be used for Server
Name Indication (SNI) purposes.
The "peerHostname" or the resolved IP address may be used for
certificate validation, so keep the use of "getHostname()" for
cerificate validation.
Bug: 16658420
Bug: 17059757
Change-Id: Ifd87dead44fb2f00bbfd5eac7e69fb3fc98e94b4
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| d1bbcd0ec973e1b8465c204c13b4925fd86e6484 |
|
11-Aug-2014 |
Kenny Root <kroot@google.com> |
Relax checks for key vs cert for wrapped keys
If a key is a wrapped platform key, we must relax the check. The reason
is that we may not have the public values we need to pass the
EVP_PKEY_cmp checks that this does.
Change-Id: I7ab2be51b0968a9cf771edea01d33fe2367c8185
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 8f9ac1af0cbdf00e5e47aee32c132522ebc3bd17 |
|
19-Jun-2014 |
Alex Klyubin <klyubin@google.com> |
Enable PSK cipher suites when PSKKeyManager is provided.
This enables TLS-PSK cipher suites by default iff SSLContext is
initialized with a PSKKeyManager. For consistency, X.509 based
cipher suites are no longer enabled by default at all times -- they
are now only enabled by default iff SSLContext is initialized with a
X509KeyManager or a X509TrustManager.
When both X.509 and PSK cipher suites need to be enabled, PSK cipher
suites are given higher priority in the resulting list of cipher
suites. This is based on the assumption that in most cases users of
TLS/SSL who enable TLS-PSK would prefer TLS-PSK to be used when the
peer supports TLS-PSK.
Bug: 15073623
Change-Id: I8e2bc3e7a1ea8a986e468973b6bad19dc6b7bc3c
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| a3284927fe74b688cfd8a57fdf7cdbf8eaa0123a |
|
17-Jun-2014 |
Brian Carlstrom <bdc@google.com> |
Remove
(cherry picked from commit b860016f415dfc5655dcee45f70e8871a2e3edfe)
Change-Id: I4302ea4e0200ac80a0b9f3b953d58270b65b3d0c
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 35f7742cbada75ba2ba2c57ef7014392eea3839d |
|
19-Jun-2014 |
Alex Klyubin <klyubin@google.com> |
Make setEnabledProtocols/CipherSuites copy their inputs.
SSLSocket, SSLServerSocket, and SSLEngine offer setEnabledProtocols
and setEnabledCipherSuites methods which take an array of protocols
or cipher suites as input. If these methods store references to the
input arrays, then the internal state (lists of enabled protocols and
cipher suites) of SSLSocket, SSLServerSocket, and SSLEngine could be
modified without going through the setter methods of these classes.
Bug: 15753142
Change-Id: Ia5248050d81320ed1da99892278bd60872605f52
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| f17361e797e5538e5c17b2ef6ef0f992bbc493fe |
|
19-Jun-2014 |
Alex Klyubin <klyubin@google.com> |
Remove unnecessary comments in SSLParametersImpl.
This is a follow-up cleanup requested during the code review of
ae2ecac00779167b0381c48da7c612567d1c646f.
Change-Id: I6c8ac2392c5f88ee732f5aa204e20cc1ee7e32d8
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| ae2ecac00779167b0381c48da7c612567d1c646f |
|
30-May-2014 |
Alex Klyubin <klyubin@google.com> |
SSLParametersImpl is the source of enabled cipher suites and protocols.
An instance of SSLParametersImpl is associated with SSLContext and is
then cloned into any SSLSocketFactory, SSLServerSocketFactory,
SSLSocket, SSLServerSocket, and SSLEngine. This CL ensures that all
these primitives obtain their list of enabled cipher suites and
protocols from their instance of SSLParametersImpl.
Bug: 15073623
Change-Id: I40bf32e8654b299518ec0e77c3218a0790d9c4fd
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 01cce891dd313a0fb9d4694283f2a13fb5c43afe |
|
09-May-2014 |
Alex Klyubin <klyubin@google.com> |
Expose support for TLS-PSK.
TLS-PSK (Pre-Shared Key) is a set of TLS/SSL cipher suites that use
symmetric (pre-shared) keys for mutual authentication of peers. These
cipher suites are in some scenarios more suitable than those based on
public key cryptography and X.509. See RFC 4279 (Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)) for more information.
OpenSSL currently supports only the following PSK cipher suites:
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA
The last four cipher suites mutually authenticate the peers and
secure the connection using a pre-shared symmetric key. These cipher
suites do not provide Forward Secrecy -- once the pre-shared key is
compromised, all previous communications secured with that key can be
decrypted. The first two cipher suites combine the pre-shared
symmetric key with an ephemeral key obtained from an ECDH key
exchange performed during the TLS/SSL handshake, thus providing
Forward Secrecy.
Users of TLS-PSK are expected to provide an implementation of
PSKKeyManager to SSLContext.init and then enable at least one PSK
cipher suite in SSLSocket/SSLEngine.
Bug: 15073623
Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 3e46e4ee56c8e37158f46941dedd5b436d724baa |
|
23-May-2014 |
Kenny Root <kroot@google.com> |
Unbundle: hacks to let Conscrypt compile standalone
This is the first pass at getting Conscrypt to compile standalone. It
works fine in apps currently. There are a few TODOs to fix.
Change-Id: I9b43ba12c55e04c8897ccacf38979ca671a55a26
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 767fda1ec66f2e2bf8a8f5fe17841906338b9471 |
|
13-May-2014 |
Alex Klyubin <klyubin@google.com> |
Get rid of some warnings.
Change-Id: I87f3ad5374d89e8acfdd78fe5af4b02be483cd3d
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| a132fc92896da9372f9a34ab1d6dca52c467d2f6 |
|
12-May-2014 |
Kenny Root <kroot@google.com> |
Turn off verify peer for servers with no client auth
Since the default is now SSL_VERIFY_PEER, as a server we need to
explicitly set that we don't want a client certificate by setting
SSL_VERIFY_NONE.
Change-Id: I740389cc59ef8cb444a0e504838a1c0591df2bf9
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 2a9ca52cd6a26a5db6df8148e4a1bcdf3d4d0aac |
|
01-May-2014 |
Kenny Root <kroot@google.com> |
Call SSL_set_alpn_protos with right native pointer
This change was missed during rebase of the OpenSSLEngine code since
this used to be SSL_CTX_set_alpn_protos.
Bug: 14273022
Change-Id: Ib72b27c8d5a4ddfde4e0c0ee2ab97bfb039c7f56
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| f878e438660d93f8689b864165230492e7a412d4 |
|
08-Nov-2013 |
Kenny Root <kroot@google.com> |
Add OpenSSLEngineImpl
Add support for SSLEngine via OpenSSL APIs. Currently this supports just
the basic SSLEngine functionality. It can be improved in efficiency and
performance, but it appears not to leak anything and be correct
according to our test suites.
Change-Id: Iea2dc3922e7c30e26daca38361877bd2f88ae668
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 3c072fb087eaa1a363fc673c60f5ef65390e356f |
|
07-Nov-2013 |
Kenny Root <kroot@google.com> |
Refactor OpenSSLSocketImpl
Move functionality that will be shared with OpenSSL's SSLEngine
implementation out of OpenSSLSocketImpl and into the (soon-to-be) shared
SSLParametersImpl.
The functionality should stay the same.
Change-Id: If8faa3ad2c9c73c0a0cd4b9716639b362b2b26a1
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| f111f6235d016ce54ab95a2c634a400efe29f24b |
|
31-Mar-2014 |
Kenny Root <kroot@google.com> |
Remove SSLEngineImpl
This is replaced by OpenSSL-backed SSLEngineImpl.
Change-Id: I7b51f6fa772e431c6283008535bfec90821d0bef
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| b3c6484a539961803e2709c9e3859d241ae00b12 |
|
24-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Correctly handle empty arrays in SSLContext.init.
The contract of SSLContext.init is that empty arrays of
KeyManager/TrustManager in its parameters are handled differently
from null arrays. This CL adjusts the behavaior to match the
contract. Namely, empty arrays mean that SSLContext is being
initialized without any KeyManagers/TrustManagers rather than with
default ones.
Bug: 13563675
Change-Id: I52adc5e7143d4f050be0b22b3b464c10bb97d102
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| d2cced8b10f5e4f600a5eb9464eba0da7c8f09de |
|
20-Mar-2014 |
Kenny Root <kroot@google.com> |
Use the new endpointVerificationAlgorithm API
Use the new X509ExtendedTrustManager and use the new
getEndpointVerificationAlgorithm to check the hostname during the
handshake.
Bug: 13103812
Change-Id: Id0a74d4ef21a7d7c90357a111f99b09971e535d0
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 4a4a74e84ee407eb49a01cf2325ea34fc92ed1a4 |
|
21-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Leave SSLParametersImpl.getDefaultX509TrustManager public.
I renamed this method from getDefaultTrustManager to
getDefaultX509TrustManager and erroneously made it private in
8d63ff1384e46407a7618df2b79b2b455795c396. I missed the fact that
it's being used from framework's
android.net.http.CertificateChainValidator.
This CL reverts this method to being public again.
Bug: 13563574
Change-Id: I601c651d631f5a2e4a04d21941186553988e5286
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 8d63ff1384e46407a7618df2b79b2b455795c396 |
|
19-Mar-2014 |
Alex Klyubin <klyubin@google.com> |
Support TLS/SSL without X509TrustManager or X509KeyManager.
This makes TLS/SSL primitives operate as expected when no
X509TrustManager or X509KeyManager is provided. Instead of blowing up
with KeyManagementException or NullPointerException (or similar) when
X509TrustManager or X509KeyManager is not provided, this CL makes
SSLContext.init accept such setup, and makes SSLSocket and SSLEngine
reject certificate chains, select no private keys/aliases, and accept
no certificate issuers.
Bug: 13563574
Change-Id: I8de58377a09025258357dd4da9f6cb1b6f2dab80
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|
| 860d2707ce126ef8f66e3eac7ceeab6d24218cd8 |
|
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Move JSSE to new package
To help with shipping the JSSE with apps that want to bundle it, move
it to a new package so that the tangles in other parts of the library
can be untangled.
Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430
/external/conscrypt/src/main/java/org/conscrypt/SSLParametersImpl.java
|