| 3892ccded916112f3714092ae5976fcfd72d2099 |
|
04-Feb-2016 |
Kenny Root <kroot@google.com> |
X509 certificates: exception for no Signature provider found
If the X.509 certificate's signature algorithm OID is not satisfied by
any provider registered, a NoSuchAlgorithmException should be thrown.
The previous behavior was an unchecked NullPointerException was thrown
during the attempt to set up the (actually null) signature instance.
Bug: 26954162
Change-Id: Iac3e27c823580738a54d75a45d39411456934dd5
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 45fad1a9e26a0dda99452f797fe6f1856a47f965 |
|
05-Jan-2016 |
Chad Brubaker <cbrubaker@google.com> |
Make OpenSSLX509Certificate.hashCode match the RI
Use super.hashCode to make sure that hashCode matches the RI. Since the
underlying certificate (and therefore the hashcode) is immutable the
value is cached after the first call to avoid needlessly recomputing the
hash.
Bug:26386620
Change-Id: Ic480b48e57144ac730a33dcc313cdff57fe71157
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| d31ede7ba14b019d6a017f3585866a65891d1710 |
|
20-Jan-2016 |
Kenny Root <kroot@google.com> |
Get rid of AlgNameMapper
This was only a hack to support old Harmony code, so we don't need it
anymore. Remove the direct references to AlgNameMapper and use
reflection for compatibility in unbundled code.
Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| e0fb5c395e4f08439429b498648f5408996827de |
|
16-Sep-2015 |
Kenny Root <kroot@google.com> |
resolved conflicts for 64c85650 to stage-aosp-master
Change-Id: Ib1a5f7bbe81fc88cf2b9837979650ed35665f1eb
|
| 64c85650fce6132ef66be9f7750cf28674cd65d7 |
|
21-Jul-2015 |
Paul Lietar <lietar@google.com> |
Add method to delete extension from a certificate
The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned.
The use case for this is recreating the TBS component of a Precertificate as
described by RFC6962 section 3.2.
Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 1f7f9361afdfe0b5813e7c6d0ce25576777eb7dc |
|
18-Jul-2015 |
Kenny Root <kroot@google.com> |
am 6e2618d6: OpenSSLX509Certificate: use OID if alg name unavailable
* commit '6e2618d62eb9466609e44bed8d836d3787a23d1a':
OpenSSLX509Certificate: use OID if alg name unavailable
|
| 6e2618d62eb9466609e44bed8d836d3787a23d1a |
|
15-Jul-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: use OID if alg name unavailable
If we cannot map the signature OID type to a canonical name, then we
should try to get an instance of the signature type using the OID.
Additionally, we should return the OID for the #getSigAlgName instead of
null.
Bug: 22365511
Change-Id: I1ebf48667cf720ee5c7751667601eec2f6f8ec91
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 8d57b9dbbd883422a0ff02083bfcf637b097e504 |
|
28-May-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: mark mContext as transient
Since mContext should not participate in the serialization process,
hide it with the transient qualifier. This will prevent the field from
initialization during the unserialization of this class. Then of course
the instance will be in a valid state.
Bug: 21437603
Change-Id: Id5b8a83b6000c2219f3246f93aff7a9c6453f639
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 42b8c5e4d608c6b967abb3d50afa629838301fa7 |
|
29-May-2015 |
Kenny Root <kroot@google.com> |
Revert "OpenSSLX509Certificate: mark mContext as transient"
This reverts commit 998fbfcd4729ee2e196ed17106f76de93f33d7f0. Missing the test class.
Change-Id: I426680f74c4f3ebeb42abd80ebfdba469247c348
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 998fbfcd4729ee2e196ed17106f76de93f33d7f0 |
|
28-May-2015 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: mark mContext as transient
Since mContext should not participate in the serialization process,
hide it with the transient qualifier. This will prevent the field from
initialization during the unserialization of this class. Then of course
the instance will be in a valid state.
Bug: 21437603
Change-Id: Ie9453c16d11820a91caff92c3f7b326d12f8a8f4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| d82dc06faee760a737da6f2755a9063637c206e3 |
|
19-May-2015 |
Adam Langley <agl@google.com> |
Add isFinite flag to OpenSSLBIOInputStream.
The BIO created by OpenSSLBIOInputStream currently returns -1 and sets
the retry flag when read() returns zero on the underlying InputStream.
This is correct for “infinite” streams (like a socket), but isn't
correct for streams that have a definitive EOF.
This change adds a flag to OpenSSLBIOInputStream so that cases where the
input is finite (i.e. when parsing a PKCS#7 or X.509 block) can
correctly return 0 at EOF from |BIO_read|.
(cherry picked from commit 66537ee0121bdd14737191d14927da223f0809ee)
Bug: 21396526
Bug: 21209493
Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 66537ee0121bdd14737191d14927da223f0809ee |
|
19-May-2015 |
Adam Langley <agl@google.com> |
Add isFinite flag to OpenSSLBIOInputStream.
The BIO created by OpenSSLBIOInputStream currently returns -1 and sets
the retry flag when read() returns zero on the underlying InputStream.
This is correct for “infinite” streams (like a socket), but isn't
correct for streams that have a definitive EOF.
This change adds a flag to OpenSSLBIOInputStream so that cases where the
input is finite (i.e. when parsing a PKCS#7 or X.509 block) can
correctly return 0 at EOF from |BIO_read|.
Bug: 21396526
Bug: 21209493
Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| f79c90d56464e254ce8645f886ec0ca47573ced1 |
|
24-Apr-2015 |
Adam Langley <agl@google.com> |
external/conscrypt: add NativeConstants.
NativeConstants.java is generated by a C program and thus the values
will automatically be kept in sync with the contents of the OpenSSL
headers.
Bug: 20521989
Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 37e58bbef60b18389074d8ef8a8c470e47f3d7ee |
|
25-Nov-2014 |
Kenny Root <kroot@google.com> |
Convert EVP_PKEY to new style
To avoid conflicts in the language spec and how Conscrypt does native
calls, we need to wrap all native references in a Java object reference.
Calling NativeCrypto's static native methods with a raw pointer doesn't
guarantee that the calling object won't be finalized during the method
running.
This pass fixes EVP_PKEY references, but more passes are needed.
Bug: 16656908
Change-Id: I5925da40cb37cd328b3a126404944f771732a43e
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| cb713c076de9b3d458727ecb2ae2658859a893e2 |
|
19-May-2014 |
Kenny Root <kroot@google.com> |
X509Certificate: add some context to thrown exceptions
Bug: 14648280
Change-Id: I7bbf76e0d383d34fc5e5a49a8d45384e47f43f3a
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 19fdf1af6bada9ebf4820839780d8713ac3824fa |
|
10-Apr-2014 |
Kenny Root <kroot@google.com> |
Convert calls to BIO_free to BIO_free_all
If we have a chain of BIO, we want to free the entire chain. Otherwise,
we might accidentally leave references sitting around. This shouldn't
matter for our current use-case, but might help in the future.
Change-Id: I586937629e1e4f2e80b5feefe2f49a85e8a31d31
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 7c3263f16bae0f1b2125de2c3c1c683303e768ce |
|
31-Jan-2014 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: only catch BadPaddingException
We only need to catch BadPaddingException right now. Let the other
non-RuntimeException exceptions pass.
Change-Id: I5b6878250d428b1ee953092967b7418003ee9216
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 1744cf2b54cc7183ff83a3a2eab3a92a8d95ff55 |
|
30-Jan-2014 |
Kenny Root <kroot@google.com> |
BIGNUM convert to Java BigInteger
Java BigInteger is in two's complement, so it needs conversion for
negative numbers. We were mishandling it before and the previous change
just hacked around it. Actually convert to two's complement instead.
Change-Id: I6bfe9577f0936678476193b55433b7d7dbc04400
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| cea9ec153ef5bf27e3eee74d7c503bce02084bc2 |
|
28-Jan-2014 |
Kenny Root <kroot@google.com> |
X509Certificate: SignatureException for verify
Any verification error can throw random things like BadPaddingException.
Swallow it and catch Exception for all these cases and rethrow as a
SignatureException to avoid acting as any kind of oracle.
Change-Id: I6b515148f86529fbe0895c9fdb0954306724ae54
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 0a97d659b889de0207e7b33423c5f345203c7f38 |
|
28-Jan-2014 |
Kenny Root <kroot@google.com> |
OpenSSLX509Certificate: negative serial numbers
The constructor BigInteger(byte[]) expects two's complement encoding,
but that's not what OpenSSL bn2bin returns.
Bug: 12761797
Change-Id: I6c71f6fb88c2b1df7c372bf697728dac26571634
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 16c041fa20ef70221f487631f07eaf53d39ae51c |
|
06-Dec-2013 |
Kenny Root <kroot@google.com> |
Make some methods public for CTS
Some methods are called from CTS. The ClassLoaders are different, so we
need to make these public so we don't get any IllegalAccessError during
CTS tests.
Change-Id: I5ac7931694fb1eceb86ae306fca07fb314643fa9
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 0e9746b7b132058651155b33f219c7789997985b |
|
13-Sep-2013 |
Kenny Root <kroot@google.com> |
Conscrypt: use certificate references in SSL code
Instead of marshalling and unmarshalling to ASN.1 DER, just use
references to OpenSSL X509 objects everywhere applicable.
Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| adf0d8d251eadb958b5e93cfe2600510f9c69f27 |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
Merge "NativeCrypto: Fix a lot of random doc bugs"
|
| 209c986cfe42dbaa5497c6e68d1b5db96b28db78 |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: Fix a lot of random doc bugs
Remove lots of empty javadoc tags that were unused or invalid.
Remove some unused imports.
Mark a few input streams as intentionally unclosed.
Change-Id: I04d8642abd2b0f2e9be02e227658a1b9bd192d24
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 7d97b2cee4acabea6c8cb795d25fb1fb564f016c |
|
07-May-2013 |
Kenny Root <kroot@google.com> |
NativeCrypto: make our own X.509 key class
Make a key class that just holds the encoded key bytes along with the
algorithm identifier. Eclipse IDE made the entire class.
Change-Id: I40b198e0f01121d77bfd26b3420068700ab69614
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|
| 860d2707ce126ef8f66e3eac7ceeab6d24218cd8 |
|
24-Apr-2013 |
Kenny Root <kroot@google.com> |
Move JSSE to new package
To help with shipping the JSSE with apps that want to bundle it, move
it to a new package so that the tangles in other parts of the library
can be untangled.
Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430
/external/conscrypt/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
|