dcaf96015811c06816517f025b650e44039e571b |
|
16-May-2018 |
Adam Vartanian <flooey@gmail.com> |
Cherry-pick locking CL. This uses a read/write lock around the ssl instance variable for NativeSsl. The write lock is only taken during close(), where ssl is cleared, so all other operations can proceed in parallel with one another. I only added locking to the read- and write-style methods in the class, rather than to methods that only read or write a property, since the latter tend to be used only right when the SSL is created and it would add a lot of noise to the code to lock everywhere, but it's possible we want to add that as well for complete safety. This should solve some longstanding but infrequent crashes we've seen that involve race conditions with finalizers and other related situations. This is a cherry-pick of 47d96e94c8645d23a8f66033b4d124142ddc72b9 from https://github.com/google/conscrypt. Bug: 70507413 Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt Change-Id: Ie045232e08638ffd4199ac4b971ce12a72b402b1
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
1271f448571ee629e0bad47d70e30eeac549b549 |
|
15-May-2018 |
Adam Vartanian <flooey@google.com> |
Mitigate native crashes. At least some of the native crashes are caused by race conditions associated with some threads passing the isClosed() check at the beginning of an operation while the close() method is executing. Clearing the SSL variable before freeing the native resources should reduce the frequency of this race condition. Bug: 70507413 Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt Change-Id: Ibb5fef327ae1698ab362a7447e4b4150870ae93e
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
97637f49458c8a46a5dac80b7bbdd43f4d9e7435 |
|
19-Feb-2018 |
Adam Vartanian <flooey@gmail.com> |
Finalization safety for SSL_CTX objects. (#427)
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
dce63f8f0e085be88719e2278bd82a8225e22d17 |
|
01-Feb-2018 |
Adam Vartanian <flooey@gmail.com> |
Pass NativeSsl references to NativeCrypto (#408) * Pass NativeSsl references to NativeCrypto The existing implementation of passing raw addresses to NativeCrypto can cause issues where the native code may still be executing when the finalizer runs and frees the underlying native resources. A call to NativeSsl.read(), for instance, is not enough to keep the NativeSsl or its owning socket alive, so if it's waiting for input the finalizer can run. Switching to passing the Java object to native code keeps the Java object alive for GC purposes, preventing its finalizer from running. As part of this, also move the freeing of NativeSsl instances into a finalizer on NativeSsl instead of on the sockets. The sockets can still become garbage even if the NativeSsl is kept alive, so we only want to free it when the NativeSsl itself is garbage. We will also want to do this for other native objects, but SSL* instances are by far the most-used native objects and the most likely to be used in a long-running I/O operation, so starting here gives us a lot of benefit. * Reliably close objects in tests. * Pass both pointer and Java reference. This allows us to access the SSL* pointer without having to indirect through the Java object's fields, but still prevents the NativeSsl from being GCed while the method is being run. * Explain unsafe finalization fix in NativeCrypto Javadoc.
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|
c88f9f55a523f128f0e4dace76a34724bfa1e88c |
|
08-Dec-2017 |
Nathan Mittler <nathanmittler@google.com> |
Refactoring externalization of SSLSessions (#383) This is an implementation to #381. This change attempts to provide more consistency to the session that is returned to the caller by `ConscryptEngine`/`ConscryptFileDescriptorSocket`. Main changes: - New interface ConscryptSession adds a few methods currently only defined by ActiveSession - New interface SessionDecorator that defines getDelegate() - New class ProvidedSessionDecorator delegates to an external provider of the "current" session. The provider implementations are in ConscryptEngine and ConscryptFileDescriptorSocket. - New class SessionSnapshot that takes a snapshot of any ConscryptSession. - Changed ActiveSession and SSLNullSession to implement ConscryptSession. - Updated ConscryptEngine/ConscryptFileDescriptorSocket to create a SessionSnapshot when closing. Additional cleanup: - Split out Java7SessionWrapper into two classes: Java7ExtendedSSLSession and Java8ExtendedSSLSession. The Java 8 version no longer requires reflection and is more consistent with platform-specific code elsewhere. Both classes implement SessionDecorator. - Renamed SslWrapper->NativeSsl and SslSessionWrapper->NativeSslSession for clarity, since the term "wrapper" was being overloaded. Fixes #379
/external/conscrypt/common/src/main/java/org/conscrypt/NativeSsl.java
|