| dcaf96015811c06816517f025b650e44039e571b |
|
16-May-2018 |
Adam Vartanian <flooey@gmail.com> |
Cherry-pick locking CL.
This uses a read/write lock around the ssl instance variable for
NativeSsl. The write lock is only taken during close(), where ssl is
cleared, so all other operations can proceed in parallel with one
another. I only added locking to the read- and write-style methods in
the class, rather than to methods that only read or write a property,
since the latter tend to be used only right when the SSL is created
and it would add a lot of noise to the code to lock everywhere, but
it's possible we want to add that as well for complete safety.
This should solve some longstanding but infrequent crashes we've seen
that involve race conditions with finalizers and other related
situations.
This is a cherry-pick of 47d96e94c8645d23a8f66033b4d124142ddc72b9 from
https://github.com/google/conscrypt.
Bug: 70507413
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt
Change-Id: Ie045232e08638ffd4199ac4b971ce12a72b402b1
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
| 1271f448571ee629e0bad47d70e30eeac549b549 |
|
15-May-2018 |
Adam Vartanian <flooey@google.com> |
Mitigate native crashes.
At least some of the native crashes are caused by race conditions
associated with some threads passing the isClosed() check at the
beginning of an operation while the close() method is executing.
Clearing the SSL variable before freeing the native resources should
reduce the frequency of this race condition.
Bug: 70507413
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt
Change-Id: Ibb5fef327ae1698ab362a7447e4b4150870ae93e
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
| 97637f49458c8a46a5dac80b7bbdd43f4d9e7435 |
|
19-Feb-2018 |
Adam Vartanian <flooey@gmail.com> |
Finalization safety for SSL_CTX objects. (#427)
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
| dce63f8f0e085be88719e2278bd82a8225e22d17 |
|
01-Feb-2018 |
Adam Vartanian <flooey@gmail.com> |
Pass NativeSsl references to NativeCrypto (#408)
* Pass NativeSsl references to NativeCrypto
The existing implementation of passing raw addresses to NativeCrypto
can cause issues where the native code may still be executing when the
finalizer runs and frees the underlying native resources. A call to
NativeSsl.read(), for instance, is not enough to keep the NativeSsl or
its owning socket alive, so if it's waiting for input the finalizer
can run. Switching to passing the Java object to native code keeps
the Java object alive for GC purposes, preventing its finalizer from
running.
As part of this, also move the freeing of NativeSsl instances into a
finalizer on NativeSsl instead of on the sockets. The sockets can
still become garbage even if the NativeSsl is kept alive, so we only
want to free it when the NativeSsl itself is garbage.
We will also want to do this for other native objects, but SSL*
instances are by far the most-used native objects and the most likely
to be used in a long-running I/O operation, so starting here gives us
a lot of benefit.
* Reliably close objects in tests.
* Pass both pointer and Java reference.
This allows us to access the SSL* pointer without having to indirect
through the Java object's fields, but still prevents the NativeSsl
from being GCed while the method is being run.
* Explain unsafe finalization fix in NativeCrypto Javadoc.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
| c88f9f55a523f128f0e4dace76a34724bfa1e88c |
|
08-Dec-2017 |
Nathan Mittler <nathanmittler@google.com> |
Refactoring externalization of SSLSessions (#383)
This is an implementation to #381. This change attempts to provide more
consistency to the session that is returned to the caller by `ConscryptEngine`/`ConscryptFileDescriptorSocket`.
Main changes:
- New interface ConscryptSession adds a few methods currently only defined by ActiveSession
- New interface SessionDecorator that defines getDelegate()
- New class ProvidedSessionDecorator delegates to an external provider of the "current" session. The provider implementations are in ConscryptEngine and ConscryptFileDescriptorSocket.
- New class SessionSnapshot that takes a snapshot of any ConscryptSession.
- Changed ActiveSession and SSLNullSession to implement ConscryptSession.
- Updated ConscryptEngine/ConscryptFileDescriptorSocket to create a SessionSnapshot when closing.
Additional cleanup:
- Split out Java7SessionWrapper into two classes: Java7ExtendedSSLSession and Java8ExtendedSSLSession. The Java 8 version no longer requires reflection and is more consistent with platform-specific code elsewhere. Both classes implement SessionDecorator.
- Renamed SslWrapper->NativeSsl and SslSessionWrapper->NativeSslSession for clarity, since the term "wrapper" was being overloaded.
Fixes #379
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|