27312c09f4968974b780741f11d7222e8a536065 |
|
18-May-2017 |
Nathan Mittler <nathanmittler@google.com> |
Fix unwrap bug for large messages. (#189) If you write a record and don't have enough destination buffer space to read all the plaintext, the plaintext gets left in the plaintext buffer and the next record you write ends up in the ciphertext buffer (and you read the leftover plaintext from the last record), and you continue to have a record sitting in the ciphertext buffer until you get two records that don't fit in the buffer together, at which point you get the short write and subsequent exception. Also added a test to verify the bug. Fix length checks for signed vs unsigned (Squash commit of 3264c8c17ddd7981aad0e8e7ea932efca1002dcb and 101b17c9e94b77c77b2981269c46bb2441dff332) Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Bug: 38228478 Change-Id: I698b89e6d97223ead980108416f1a203d181d35f
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
9e569de9108ef0fa5ce043ee51e3fc467863c95f |
|
21-Mar-2017 |
Kenny Root <kenny@the-b.org> |
Add Java 8 style SNI hostname to OpenSSLEngineImpl (#155) The SNIHostName, et al., support was lacking from OpenSSLEngineImpl causing endpoint protocol identification to fail in Netty tests.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
dbe082cb70a1ffbe1a693bd583a06ecad585f46d |
|
21-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Introducing top-level Conscrypt class (#152) This is a one-stop-shop for creating and configuring Conscrypt types. It allows a standard way for configuring extended settings that are not currently supported by the standard Java APIs.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
a679eec4ca62c3d0704986d86e77f39da974c6e7 |
|
16-Mar-2017 |
Kenny Root <kenny@the-b.org> |
Add error-prone and fix all the errors (#146)
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
5070bdfc6277af136b7eb5fe5d0d72ad2ff6a2eb |
|
16-Mar-2017 |
Kenny Root <kroot@google.com> |
Create @hide Doclet for public API docs This allows us to use @hide to prevent a class from showing up in the public API documentation.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
5ac8e317836e901e7b241b224b92f00cba2ed701 |
|
10-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Throw SSLHandshakeException for bad certs. (#147) Also expanding some of the test coverage in OpenSSLEngineImplTest.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
de343bb1ee01e6a866ffd484ecd897d0cac19014 |
|
02-Mar-2017 |
David Benjamin <davidben@google.com> |
Configure OCSP and SCTs on the SSL, not SSL_CTX. As Conscrypt is currently set up, one SSL_CTX (owned, ultimately, by the SSLContext) may correspond to multiple SSLParameters which, in the Java API, are configured on the SSLSocket or SSLEngine directly. Thus we should use the SSL versions of the APIs which now exist. This avoids mutating an SSL_CTX which may be shared by multiple SSLs with different configurations. Change-Id: I19485c316087004c6050d85520b0169f2ca0d493
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
eefe4decab17c7bf98059fc2962849020cc82d96 |
|
07-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Adding conversion utility ALPN protocols (#140) Exposing additional set methods in OpenSSLEngineImpl and OpenSSLSocketImpl to allow the caller to set the ALPN protocols without having to manually encode. Also simplifying the exposure of the maxSealOverhead value.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
43763077ddcd3ba66764bae2e1da1adfb51f8b56 |
|
06-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Allow handshakeListener to be set when engineState is MODE_SET (#137)
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
341ea78cbac5459551094928f5cfed1a9dda5c95 |
|
03-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Add handshake listener to engine. (#136) Fixes #60
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
5efa30bb44aaa6fad687d7670e83097f92b9e81f |
|
03-Mar-2017 |
Nathan Mittler <nathanmittler@google.com> |
Exposing SSL_max_seal_overhead (#135) Also adding a method to calculate the maximum buffer size required for a wrap operation.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
14defd77f62661d5104bcb31640ea5353432c606 |
|
27-Feb-2017 |
Nathan Mittler <nathanmittler@google.com> |
Less restrictive output buffer size in wrap() (#114) We currently require that the output buffer be >= MAX_PACKET_SIZE. This is needlessly strict and causes the Netty tests to fail, since they only use 2k buffers. This PR copies over some of the recent changes from Netty to handle this properly.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
fc94c9f2bf74421a319d3bb54eeb749f24967e11 |
|
16-Feb-2017 |
Kenny Root <kroot@google.com> |
Do not compare the plaintext buffer to encrypted packet size This was comparing the encrypted packet size to the plaintext output buffer size. The encryption can have a significant overhead, so this test was giving false answers at anything close to the getApplicationBufferSize() answer.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
d5d2c11d5491e4e9192f9d0e7bae086d31a7d472 |
|
09-Feb-2017 |
Kenny Root <kroot@google.com> |
Reduce Java lint warnings This reduces the number of Java lint warnings down to just the [serialization] class of warnings as well as the Sun proprietary warnings for the OpenJDK implementation. These changes do not result in any change of behavior, but the serialization changes might. Those will be fixed in a separate CL.
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
38ff07c8d63362d70a32938edb1bae9dea218f5b |
|
09-Feb-2017 |
Nathan Mittler <nathanmittler@google.com> |
Allow unwrapping large buffers (#78) Added a unit test class for the engine and created a test that reproduced the original problem. Also needed to share testing utilities between benchmarks and openjdk modules. Fixes #76
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
0d92f89dcb5b34ff4c182520ec10c4220cc465ec |
|
14-Dec-2016 |
Steven Valdez <svaldez@google.com> |
Fixing order of SSL_CTX/SSL initialization. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: I4a926afb5bf1b7ed29a2066b1d088b41a8ca845b
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
485f59ef78a981b17c53659fa7a5509a0d357478 |
|
01-Dec-2016 |
Kenny Root <kroot@google.com> |
Create abstract base for OpenSSL-backed SSLSession This will aid in creating an SSL*-backed implementation of the Java language SSLSession class for use when we have not established a session already during handshake or when in False Start. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: I58cfbee2940412beaed4a8d4d38211ecfbce7ec9
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
c92860619ed129c9f2ca753ce4659a4d8f83ba49 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Do not pass SSL_SESSION on verification callbacks In order to prepare for better SSLSession handling, eliminate the places in which SSL_SESSION objects are passed in and centralize it on SSL_get1_session in order to reduce the callsites of this to zero in the future. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: Id185b283f3d3e30d3d1b1d2b0f7a31a1f0831660
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
000cf15bf99f795b43cfc28c79d3594d964562cd |
|
08-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: eliminate HANDSHAKE_WANTED state Since pendingStatus(pendingOutboundEncryptedBytes()) will return the correct status for clients and servers, there is no need to have a separate state of HANDSHAKE_WANTED versus HANDSHAKE_STARTED. Eliminate the HANDSHAKE_WANTED state and let pendingStatus(...) switch between NEED_WRAP and NEED_UNWRAP. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: Idecebf27f0169d2ca35ea48bd7added59a2d871a
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
b7a23f060211c1f5564e16ab90778c22acf48d22 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: clear the handshakeSession near setting it handshakeSession is only valid when calling out to certificate verifiers. Certificate verification happens during the call to SSL_do_handshake via the cert_verify_callback in org_conscrypt_NativeCrypto.cpp which creates a JNI call into the verifyCertificateChain Java language method. During the JNI call to verifyCertificateChain, handshakeSession is set before calling out to the X509TrustManager to verify the certificate chain. To maintain symmetry in setting and unsetting of handshakeSession, dereference it at the conclusion of verifyCertificateChain. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: I9aa35cf01d2c15e7a23d1e87f2417009902b9091
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
115cfbb0e25e27aa867cfbfe8e35da1c31b98c62 |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
OpenSSLEngineImpl: add a default case to silence warnings This is warning in ErrorProne about a lack of default case. Add it to show the intention here. Test: mmma -j32 external/conscrypt Change-Id: Ib9095ccd29881a0a3f590a26aa5ca456102d99d7
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
6822ee0ad197f08ec325e35bb7176d1e84dd23ea |
|
03-Dec-2016 |
Kenny Root <kroot@google.com> |
Move cert reference chain building function This is going to be used in a couple more places in the future, so move it to OpenSSLX509Certificate. Test: cts-tradefed run cts -m CtsLibcoreOkHttpTestCases -a arm64-v8a Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a Change-Id: Ic8dd2483475528ae5c5eb8ee9ad98120459dc1bc
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|
7782d132fab6ac9f30b97d76ed3a51126ed3e6d1 |
|
22-Nov-2016 |
nmittler <nathanmittler@google.com> |
Restructuring conscrypt into submodules Change-Id: I2a4dea5d2a5f35b29fdbb96bcdae1888a4fe2b7e
/external/conscrypt/common/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
|