3892ccded916112f3714092ae5976fcfd72d2099 |
|
04-Feb-2016 |
Kenny Root <kroot@google.com> |
X509 certificates: exception for no Signature provider found If the X.509 certificate's signature algorithm OID is not satisfied by any provider registered, a NoSuchAlgorithmException should be thrown. The previous behavior was an unchecked NullPointerException was thrown during the attempt to set up the (actually null) signature instance. Bug: 26954162 Change-Id: Iac3e27c823580738a54d75a45d39411456934dd5
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
45fad1a9e26a0dda99452f797fe6f1856a47f965 |
|
05-Jan-2016 |
Chad Brubaker <cbrubaker@google.com> |
Make OpenSSLX509Certificate.hashCode match the RI Use super.hashCode to make sure that hashCode matches the RI. Since the underlying certificate (and therefore the hashcode) is immutable the value is cached after the first call to avoid needlessly recomputing the hash. Bug:26386620 Change-Id: Ic480b48e57144ac730a33dcc313cdff57fe71157
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
d31ede7ba14b019d6a017f3585866a65891d1710 |
|
20-Jan-2016 |
Kenny Root <kroot@google.com> |
Get rid of AlgNameMapper This was only a hack to support old Harmony code, so we don't need it anymore. Remove the direct references to AlgNameMapper and use reflection for compatibility in unbundled code. Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
e0fb5c395e4f08439429b498648f5408996827de |
|
16-Sep-2015 |
Kenny Root <kroot@google.com> |
resolved conflicts for 64c85650 to stage-aosp-master Change-Id: Ib1a5f7bbe81fc88cf2b9837979650ed35665f1eb
|
64c85650fce6132ef66be9f7750cf28674cd65d7 |
|
21-Jul-2015 |
Paul Lietar <lietar@google.com> |
Add method to delete extension from a certificate The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned. The use case for this is recreating the TBS component of a Precertificate as described by RFC6962 section 3.2. Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
1f7f9361afdfe0b5813e7c6d0ce25576777eb7dc |
|
18-Jul-2015 |
Kenny Root <kroot@google.com> |
am 6e2618d6: OpenSSLX509Certificate: use OID if alg name unavailable * commit '6e2618d62eb9466609e44bed8d836d3787a23d1a': OpenSSLX509Certificate: use OID if alg name unavailable
|
6e2618d62eb9466609e44bed8d836d3787a23d1a |
|
15-Jul-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: use OID if alg name unavailable If we cannot map the signature OID type to a canonical name, then we should try to get an instance of the signature type using the OID. Additionally, we should return the OID for the #getSigAlgName instead of null. Bug: 22365511 Change-Id: I1ebf48667cf720ee5c7751667601eec2f6f8ec91
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
8d57b9dbbd883422a0ff02083bfcf637b097e504 |
|
28-May-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: mark mContext as transient Since mContext should not participate in the serialization process, hide it with the transient qualifier. This will prevent the field from initialization during the unserialization of this class. Then of course the instance will be in a valid state. Bug: 21437603 Change-Id: Id5b8a83b6000c2219f3246f93aff7a9c6453f639
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
42b8c5e4d608c6b967abb3d50afa629838301fa7 |
|
29-May-2015 |
Kenny Root <kroot@google.com> |
Revert "OpenSSLX509Certificate: mark mContext as transient" This reverts commit 998fbfcd4729ee2e196ed17106f76de93f33d7f0. Missing the test class. Change-Id: I426680f74c4f3ebeb42abd80ebfdba469247c348
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
998fbfcd4729ee2e196ed17106f76de93f33d7f0 |
|
28-May-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: mark mContext as transient Since mContext should not participate in the serialization process, hide it with the transient qualifier. This will prevent the field from initialization during the unserialization of this class. Then of course the instance will be in a valid state. Bug: 21437603 Change-Id: Ie9453c16d11820a91caff92c3f7b326d12f8a8f4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
d82dc06faee760a737da6f2755a9063637c206e3 |
|
19-May-2015 |
Adam Langley <agl@google.com> |
Add isFinite flag to OpenSSLBIOInputStream. The BIO created by OpenSSLBIOInputStream currently returns -1 and sets the retry flag when read() returns zero on the underlying InputStream. This is correct for “infinite” streams (like a socket), but isn't correct for streams that have a definitive EOF. This change adds a flag to OpenSSLBIOInputStream so that cases where the input is finite (i.e. when parsing a PKCS#7 or X.509 block) can correctly return 0 at EOF from |BIO_read|. (cherry picked from commit 66537ee0121bdd14737191d14927da223f0809ee) Bug: 21396526 Bug: 21209493 Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
66537ee0121bdd14737191d14927da223f0809ee |
|
19-May-2015 |
Adam Langley <agl@google.com> |
Add isFinite flag to OpenSSLBIOInputStream. The BIO created by OpenSSLBIOInputStream currently returns -1 and sets the retry flag when read() returns zero on the underlying InputStream. This is correct for “infinite” streams (like a socket), but isn't correct for streams that have a definitive EOF. This change adds a flag to OpenSSLBIOInputStream so that cases where the input is finite (i.e. when parsing a PKCS#7 or X.509 block) can correctly return 0 at EOF from |BIO_read|. Bug: 21396526 Bug: 21209493 Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
f79c90d56464e254ce8645f886ec0ca47573ced1 |
|
24-Apr-2015 |
Adam Langley <agl@google.com> |
external/conscrypt: add NativeConstants. NativeConstants.java is generated by a C program and thus the values will automatically be kept in sync with the contents of the OpenSSL headers. Bug: 20521989 Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
37e58bbef60b18389074d8ef8a8c470e47f3d7ee |
|
25-Nov-2014 |
Kenny Root <kroot@google.com> |
Convert EVP_PKEY to new style To avoid conflicts in the language spec and how Conscrypt does native calls, we need to wrap all native references in a Java object reference. Calling NativeCrypto's static native methods with a raw pointer doesn't guarantee that the calling object won't be finalized during the method running. This pass fixes EVP_PKEY references, but more passes are needed. Bug: 16656908 Change-Id: I5925da40cb37cd328b3a126404944f771732a43e
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
cb713c076de9b3d458727ecb2ae2658859a893e2 |
|
19-May-2014 |
Kenny Root <kroot@google.com> |
X509Certificate: add some context to thrown exceptions Bug: 14648280 Change-Id: I7bbf76e0d383d34fc5e5a49a8d45384e47f43f3a
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
19fdf1af6bada9ebf4820839780d8713ac3824fa |
|
10-Apr-2014 |
Kenny Root <kroot@google.com> |
Convert calls to BIO_free to BIO_free_all If we have a chain of BIO, we want to free the entire chain. Otherwise, we might accidentally leave references sitting around. This shouldn't matter for our current use-case, but might help in the future. Change-Id: I586937629e1e4f2e80b5feefe2f49a85e8a31d31
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
7c3263f16bae0f1b2125de2c3c1c683303e768ce |
|
31-Jan-2014 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: only catch BadPaddingException We only need to catch BadPaddingException right now. Let the other non-RuntimeException exceptions pass. Change-Id: I5b6878250d428b1ee953092967b7418003ee9216
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
1744cf2b54cc7183ff83a3a2eab3a92a8d95ff55 |
|
30-Jan-2014 |
Kenny Root <kroot@google.com> |
BIGNUM convert to Java BigInteger Java BigInteger is in two's complement, so it needs conversion for negative numbers. We were mishandling it before and the previous change just hacked around it. Actually convert to two's complement instead. Change-Id: I6bfe9577f0936678476193b55433b7d7dbc04400
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
cea9ec153ef5bf27e3eee74d7c503bce02084bc2 |
|
28-Jan-2014 |
Kenny Root <kroot@google.com> |
X509Certificate: SignatureException for verify Any verification error can throw random things like BadPaddingException. Swallow it and catch Exception for all these cases and rethrow as a SignatureException to avoid acting as any kind of oracle. Change-Id: I6b515148f86529fbe0895c9fdb0954306724ae54
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
0a97d659b889de0207e7b33423c5f345203c7f38 |
|
28-Jan-2014 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: negative serial numbers The constructor BigInteger(byte[]) expects two's complement encoding, but that's not what OpenSSL bn2bin returns. Bug: 12761797 Change-Id: I6c71f6fb88c2b1df7c372bf697728dac26571634
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
16c041fa20ef70221f487631f07eaf53d39ae51c |
|
06-Dec-2013 |
Kenny Root <kroot@google.com> |
Make some methods public for CTS Some methods are called from CTS. The ClassLoaders are different, so we need to make these public so we don't get any IllegalAccessError during CTS tests. Change-Id: I5ac7931694fb1eceb86ae306fca07fb314643fa9
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
0e9746b7b132058651155b33f219c7789997985b |
|
13-Sep-2013 |
Kenny Root <kroot@google.com> |
Conscrypt: use certificate references in SSL code Instead of marshalling and unmarshalling to ASN.1 DER, just use references to OpenSSL X509 objects everywhere applicable. Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
adf0d8d251eadb958b5e93cfe2600510f9c69f27 |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
Merge "NativeCrypto: Fix a lot of random doc bugs"
|
209c986cfe42dbaa5497c6e68d1b5db96b28db78 |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: Fix a lot of random doc bugs Remove lots of empty javadoc tags that were unused or invalid. Remove some unused imports. Mark a few input streams as intentionally unclosed. Change-Id: I04d8642abd2b0f2e9be02e227658a1b9bd192d24
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
7d97b2cee4acabea6c8cb795d25fb1fb564f016c |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: make our own X.509 key class Make a key class that just holds the encoded key bytes along with the algorithm identifier. Eclipse IDE made the entire class. Change-Id: I40b198e0f01121d77bfd26b3420068700ab69614
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
860d2707ce126ef8f66e3eac7ceeab6d24218cd8 |
|
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Move JSSE to new package To help with shipping the JSSE with apps that want to bundle it, move it to a new package so that the tangles in other parts of the library can be untangled. Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|