| 27312c09f4968974b780741f11d7222e8a536065 |
|
18-May-2017 |
Nathan Mittler <nathanmittler@google.com> |
Fix unwrap bug for large messages. (#189)
If you write a record and don't have enough destination buffer space to read all the plaintext, the plaintext gets left in the plaintext buffer and the next record you write ends up in the ciphertext buffer (and you read the leftover plaintext from the last record), and you continue to have a record sitting in the ciphertext buffer until you get two records that don't fit in the buffer together, at which point you get the short write and subsequent exception.
Also added a test to verify the bug.
Fix length checks for signed vs unsigned
(Squash commit of 3264c8c17ddd7981aad0e8e7ea932efca1002dcb and
101b17c9e94b77c77b2981269c46bb2441dff332)
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Bug: 38228478
Change-Id: I698b89e6d97223ead980108416f1a203d181d35f
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 9e569de9108ef0fa5ce043ee51e3fc467863c95f |
|
21-Mar-2017 |
Kenny Root <kenny@the-b.org> |
Add Java 8 style SNI hostname to OpenSSLEngineImpl (#155)
The SNIHostName, et al., support was lacking from OpenSSLEngineImpl
causing endpoint protocol identification to fail in Netty tests.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| dbe082cb70a1ffbe1a693bd583a06ecad585f46d |
|
21-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Introducing top-level Conscrypt class (#152)
This is a one-stop-shop for creating and configuring Conscrypt types. It allows a standard way for configuring extended settings that are not currently supported by the standard Java APIs.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| a679eec4ca62c3d0704986d86e77f39da974c6e7 |
|
16-Mar-2017 |
Kenny Root <kenny@the-b.org> |
Add error-prone and fix all the errors (#146)
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 5070bdfc6277af136b7eb5fe5d0d72ad2ff6a2eb |
|
16-Mar-2017 |
Kenny Root <kroot@google.com> |
Create @hide Doclet for public API docs
This allows us to use @hide to prevent a class from showing up in the
public API documentation.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 5ac8e317836e901e7b241b224b92f00cba2ed701 |
|
10-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Throw SSLHandshakeException for bad certs. (#147)
Also expanding some of the test coverage in OpenSSLEngineImplTest.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| de343bb1ee01e6a866ffd484ecd897d0cac19014 |
|
02-Mar-2017 |
David Benjamin <davidben@google.com> |
Configure OCSP and SCTs on the SSL, not SSL_CTX.
As Conscrypt is currently set up, one SSL_CTX (owned, ultimately, by the
SSLContext) may correspond to multiple SSLParameters which, in the Java
API, are configured on the SSLSocket or SSLEngine directly. Thus we
should use the SSL versions of the APIs which now exist. This avoids
mutating an SSL_CTX which may be shared by multiple SSLs with different
configurations.
Change-Id: I19485c316087004c6050d85520b0169f2ca0d493
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| eefe4decab17c7bf98059fc2962849020cc82d96 |
|
07-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Adding conversion utility ALPN protocols (#140)
Exposing additional set methods in OpenSSLEngineImpl and OpenSSLSocketImpl to allow the caller to set the ALPN protocols without having to manually encode.
Also simplifying the exposure of the maxSealOverhead value.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 43763077ddcd3ba66764bae2e1da1adfb51f8b56 |
|
06-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Allow handshakeListener to be set when engineState is MODE_SET (#137)
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 341ea78cbac5459551094928f5cfed1a9dda5c95 |
|
03-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Add handshake listener to engine. (#136)
Fixes #60
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 5efa30bb44aaa6fad687d7670e83097f92b9e81f |
|
03-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Exposing SSL_max_seal_overhead (#135)
Also adding a method to calculate the maximum buffer size required for a wrap operation.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 14defd77f62661d5104bcb31640ea5353432c606 |
|
27-Feb-2017 |
Nathan Mittler <nathanmittler@google.com> |
Less restrictive output buffer size in wrap() (#114)
We currently require that the output buffer be >= MAX_PACKET_SIZE. This is needlessly strict and causes the Netty tests to fail, since they only use 2k buffers.
This PR copies over some of the recent changes from Netty to handle this properly.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| fc94c9f2bf74421a319d3bb54eeb749f24967e11 |
|
16-Feb-2017 |
Kenny Root <kroot@google.com> |
Do not compare the plaintext buffer to encrypted packet size
This was comparing the encrypted packet size to the plaintext output
buffer size. The encryption can have a significant overhead, so this
test was giving false answers at anything close to the
getApplicationBufferSize() answer.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| d5d2c11d5491e4e9192f9d0e7bae086d31a7d472 |
|
09-Feb-2017 |
Kenny Root <kroot@google.com> |
Reduce Java lint warnings
This reduces the number of Java lint warnings down to just the
[serialization] class of warnings as well as the Sun proprietary
warnings for the OpenJDK implementation.
These changes do not result in any change of behavior, but the
serialization changes might. Those will be fixed in a separate CL.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 38ff07c8d63362d70a32938edb1bae9dea218f5b |
|
09-Feb-2017 |
Nathan Mittler <nathanmittler@google.com> |
Allow unwrapping large buffers (#78)
Added a unit test class for the engine and created a test that reproduced the original problem. Also needed to share testing utilities between benchmarks and openjdk modules.
Fixes #76
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 0d92f89dcb5b34ff4c182520ec10c4220cc465ec |
|
14-Dec-2016 |
Steven Valdez <svaldez@google.com> |
Fixing order of SSL_CTX/SSL initialization.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I4a926afb5bf1b7ed29a2066b1d088b41a8ca845b
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 485f59ef78a981b17c53659fa7a5509a0d357478 |
|
01-Dec-2016 |
Kenny Root <kroot@google.com> |
Create abstract base for OpenSSL-backed SSLSession
This will aid in creating an SSL*-backed implementation of the Java
language SSLSession class for use when we have not established a session
already during handshake or when in False Start.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I58cfbee2940412beaed4a8d4d38211ecfbce7ec9
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| c92860619ed129c9f2ca753ce4659a4d8f83ba49 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Do not pass SSL_SESSION on verification callbacks
In order to prepare for better SSLSession handling, eliminate the places
in which SSL_SESSION objects are passed in and centralize it on
SSL_get1_session in order to reduce the callsites of this to zero in the
future.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Id185b283f3d3e30d3d1b1d2b0f7a31a1f0831660
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 000cf15bf99f795b43cfc28c79d3594d964562cd |
|
08-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: eliminate HANDSHAKE_WANTED state
Since pendingStatus(pendingOutboundEncryptedBytes()) will return the
correct status for clients and servers, there is no need to have a
separate state of HANDSHAKE_WANTED versus HANDSHAKE_STARTED. Eliminate
the HANDSHAKE_WANTED state and let pendingStatus(...) switch between
NEED_WRAP and NEED_UNWRAP.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Idecebf27f0169d2ca35ea48bd7added59a2d871a
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| b7a23f060211c1f5564e16ab90778c22acf48d22 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: clear the handshakeSession near setting it
handshakeSession is only valid when calling out to certificate
verifiers. Certificate verification happens during the call to
SSL_do_handshake via the cert_verify_callback in
org_conscrypt_NativeCrypto.cpp which creates a JNI call into the
verifyCertificateChain Java language method.
During the JNI call to verifyCertificateChain, handshakeSession is set
before calling out to the X509TrustManager to verify the certificate
chain. To maintain symmetry in setting and unsetting of
handshakeSession, dereference it at the conclusion of
verifyCertificateChain.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: I9aa35cf01d2c15e7a23d1e87f2417009902b9091
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 115cfbb0e25e27aa867cfbfe8e35da1c31b98c62 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: add a default case to silence warnings
This is warning in ErrorProne about a lack of default case. Add it to
show the intention here.
Test: mmma -j32 external/conscrypt
Change-Id: Ib9095ccd29881a0a3f590a26aa5ca456102d99d7
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 6822ee0ad197f08ec325e35bb7176d1e84dd23ea |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Move cert reference chain building function
This is going to be used in a couple more places in the future, so move
it to OpenSSLX509Certificate.
Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a
Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Ic8dd2483475528ae5c5eb8ee9ad98120459dc1bc
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
| 7782d132fab6ac9f30b97d76ed3a51126ed3e6d1 |
|
22-Nov-2016 |
nmittler <nathanmittler@google.com> |
Restructuring conscrypt into submodules
Change-Id: I2a4dea5d2a5f35b29fdbb96bcdae1888a4fe2b7e
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|