ca6d8d34ee0e834b8c66e05aea93ec3d7abddb6b |
|
05-Jun-2015 |
Adam Langley <agl@google.com> |
external/conscrypt: tweaks for next BoringSSL import. Upstream BoringSSL has dropped |SSL_ST_BEFORE| (which appears to have been unused) and all the |*_LOCK_*| symbols. The latter are replaced with |*_up_ref|, with #if's so that it continues to work with OpenSSL. (cherry picked from commit ba3f063e2b5c18c42727416d173a9c8ef3e2ef08) Change-Id: Ib609c83d428b7624e24e3b96c93afc2e482e6a6d
/external/conscrypt/src/gen/native/generate_constants.cc
|
d1b4488c3989dd2ab532edfe7058232a8491cdb4 |
|
10-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Fix RSA upcalls from TLS/SSL into JCA. When BoringSSL/OpenSSL TLS/SSL stack operates on opaque private keys (those that don't expose their key material) it upcalls (via Conscrypt's NativeCrypto) into corresponding JCA Signature and Cipher primitives. This CL fixes two issues with RSA-related upcalls, which prevented the use of opaque RSA private keys for TLS/SSL with Conscrypt backed by BoringSSL: * RSA sign was upcalled into RSA Cipher decrypt using private key. In JCA, the correct upcall is RSA Signature sign. This is now invoked instead of RSA Cipher decrypt. * RSA decrypt was not implemented. It's now implemented. As part of implementing RSA decrypt upcall from BoringSSL, it transpired that BoringSSL requests no padding as opposed to OpenSSL which requests PKCS#1 padding. As a result, this CL modifies the decrypt upcall to take a padding parameter. The implementation of the upcall (see CryptoUpcalls.java) now supports PKCS#1 padding scheme, OAEP padding scheme, and no padding. This CL also drops the encrypt/decrypt flag from the RSA encrypt/decrypt upcall and simplies it into an RSA decrypt upcall. RSA encrypt upcall is not needed at all. (cherry-picked from commit 279e98451390d0a90c5fc04eac7ddd4045180465) Bug: 21738458 Change-Id: I075aa74e4cd89dd3ceab99f728ce371c7bc89cf0
/external/conscrypt/src/gen/native/generate_constants.cc
|
732e4009b4a2df2d4154bbb46980e4aadc2d6d9f |
|
15-May-2015 |
Kenny Root <kroot@google.com> |
Move BoringSSL indication to NativeConstants Toucing NativeCrypto causes System.loadLibrary(...) to be called which causes classloader initialization to fail during compile time. To allow more to be initialized, move this to NativeConstants. (cherry picked from commit f5b4518ebe23c76f931ddb157c44503c2f6b7dee) Bug: 21036900 Change-Id: I07f0f5be9559a9fa9a652d1bcd82a9f88640653e
/external/conscrypt/src/gen/native/generate_constants.cc
|
f79c90d56464e254ce8645f886ec0ca47573ced1 |
|
24-Apr-2015 |
Adam Langley <agl@google.com> |
external/conscrypt: add NativeConstants. NativeConstants.java is generated by a C program and thus the values will automatically be kept in sync with the contents of the OpenSSL headers. Bug: 20521989 Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
/external/conscrypt/src/gen/native/generate_constants.cc
|