- 11 Jun, 2015 8 commits
-
-
Kenny Root authored
-
Sergio Giro authored
- Consider the |final| buffer when computing the expected length - Should not expect an extra block when using padding in decrypting mode Bug: 19186852 Change-Id: I8c51b309ca98030ab1eda5b2a0201a97a5758072 (cherry-pick from 8fa4acdc)
-
Kenny Root authored
-
Alex Klyubin authored
-
Adam Langley authored
Upstream BoringSSL has dropped |SSL_ST_BEFORE| (which appears to have been unused) and all the |*_LOCK_*| symbols. The latter are replaced with |*_up_ref|, with #if's so that it continues to work with OpenSSL. (cherry picked from commit ba3f063e) Change-Id: Ib609c83d428b7624e24e3b96c93afc2e482e6a6d
-
Kenny Root authored
When using an opaque key, try to honor the system's preferred provider which is selected via late binding. If it's not found, try to find the first provider that initializes correctly with the given key. (cherry picked from commit c590a930) Bug: 21737886 Change-Id: I17483136aa5c1c5e474109525aefac9facaf7379
-
Adam Langley authored
When BoringSSL/OpenSSL TLS/SSL stack operates on opaque private keys (those that don't expose their key material) it upcalls (via Conscrypt's NativeCrypto) into corresponding JCA Signature and Cipher primitives. This fixes a crash in the ECDSA upcall when Conscrypt is used with BoringSSL. (cherry-picked from commit 61c66eb9) Bug: 21738458 Change-Id: I6def1bce62f20b2ec39fe88251975458e8813362
-
Alex Klyubin authored
When BoringSSL/OpenSSL TLS/SSL stack operates on opaque private keys (those that don't expose their key material) it upcalls (via Conscrypt's NativeCrypto) into corresponding JCA Signature and Cipher primitives. This CL fixes two issues with RSA-related upcalls, which prevented the use of opaque RSA private keys for TLS/SSL with Conscrypt backed by BoringSSL: * RSA sign was upcalled into RSA Cipher decrypt using private key. In JCA, the correct upcall is RSA Signature sign. This is now invoked instead of RSA Cipher decrypt. * RSA decrypt was not implemented. It's now implemented. As part of implementing RSA decrypt upcall from BoringSSL, it transpired that BoringSSL requests no padding as opposed to OpenSSL which requests PKCS#1 padding. As a result, this CL modifies the decrypt upcall to take a padding parameter. The implementation of the upcall (see CryptoUpcalls.java) now supports PKCS#1 padding scheme, OAEP padding scheme, and no padding. This CL also drops the encrypt/decrypt flag from the RSA encrypt/decrypt upcall and simplies it into an RSA decrypt upcall. RSA encrypt upcall is not needed at all. (cherry-picked from commit 279e9845) Bug: 21738458 Change-Id: I075aa74e4cd89dd3ceab99f728ce371c7bc89cf0
-
- 10 Jun, 2015 1 commit
-
-
Kenny Root authored
For the Java language, setting an empty cipher list is not an error but it's an error in OpenSSL. However, the underlying API actually updates the cipher list to an empty string as intended. So we need to handle this special case by clearing the error stack and making sure that our expectation is satisfied. (cherry picked from commit 5b6a5ecc) Bug: 21195269 Change-Id: Id21792215513f4e0d6e051160f69e5f830d39015
-
- 04 Jun, 2015 1 commit
-
- 02 Jun, 2015 4 commits
-
-
Kenny Root authored
* commit 'f6822ebc': OpenSSLX509Certificate: mark mContext as transient
-
Kenny Root authored
* commit 'fae34604': OpenSSLX509Certificate: mark mContext as transient
-
Kenny Root authored
* commit 'de55e62f': OpenSSLX509Certificate: mark mContext as transient
- 01 Jun, 2015 3 commits
-
-
Kenny Root authored
-
Kenny Root authored
We need to check the ERR stack on a return code of 0. Previously there was a comment indicating the weird behavior about DSA keys throwing after a check for a return value of -1, but this API is never supposed to return anything other than 1 for success or 0 for failure. (cherry picked from commit 49854878) Bug: 18869265 Change-Id: Ic871c63b6d65949053819950ed8053f47501bd60
-
Kenny Root authored
When an invalid key is passed in we may throw NoSuchAlgorithmException if it's a key we don't support, but we should convert this to the correct exception for this API. (cherry picked from commit ed396e93) Bug: 21209493 Change-Id: I55123035295203f2676538ac89ba4eb91141b273
-
- 29 May, 2015 1 commit
-
-
Kenny Root authored
A -1 error code should have an error on the stack that explains what the problem was, but if we call through to an ENGINE that fails we seem to end up with no error on the stack. Ensure we throw BadPaddingException in that case. (cherry picked from commit 6a1e7070) Bug: 19863798 Change-Id: Idecd9072c1e6636351bc90f16037852bdc55e4a0
-
- 28 May, 2015 4 commits
-
-
Kenny Root authored
Since mContext should not participate in the serialization process, hide it with the transient qualifier. This will prevent the field from initialization during the unserialization of this class. Then of course the instance will be in a valid state. (cherry picked from commit 8d57b9db) Bug: 21437603 Change-Id: Ie9453c16d11820a91caff92c3f7b326d12f8a8f4
-
Kenny Root authored
Since mContext should not participate in the serialization process, hide it with the transient qualifier. This will prevent the field from initialization during the unserialization of this class. Then of course the instance will be in a valid state. Bug: 21437603 Change-Id: Id5b8a83b6000c2219f3246f93aff7a9c6453f639
-
Kenny Root authored
This reverts commit 998fbfcd. Missing the test class. Change-Id: I426680f74c4f3ebeb42abd80ebfdba469247c348
-
Kenny Root authored
Since mContext should not participate in the serialization process, hide it with the transient qualifier. This will prevent the field from initialization during the unserialization of this class. Then of course the instance will be in a valid state. Bug: 21437603 Change-Id: Ie9453c16d11820a91caff92c3f7b326d12f8a8f4
-
- 22 May, 2015 2 commits
-
-
Adam Langley authored
Previously the code read the whole of the BIO and parsed any PKCS#7 blobs that were found. However, X509CertificateTest specifically tests that trailing data is retained when parsing PKCS#7 so this change makes it so. This depends on https://android-review.googlesource.com/#/c/151205/. (cherry picked from commit 0f84dc61) Bug: 21396526 Bug: 21209493 Change-Id: I4e07cebf599f52aedbea9b0a3f66d9a052c86aaa
-
Adam Langley authored
The BIO created by OpenSSLBIOInputStream currently returns -1 and sets the retry flag when read() returns zero on the underlying InputStream. This is correct for “infinite” streams (like a socket), but isn't correct for streams that have a definitive EOF. This change adds a flag to OpenSSLBIOInputStream so that cases where the input is finite (i.e. when parsing a PKCS#7 or X.509 block) can correctly return 0 at EOF from |BIO_read|. (cherry picked from commit 66537ee0) Bug: 21396526 Bug: 21209493 Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55
-
- 20 May, 2015 1 commit
-
-
Kenny Root authored
During the switch to BoringSSL this function was rewritten and it requested DH public key with RSA signature for a lot of things. (cherry picked from commit d8606d56) Bug: 20641394 Change-Id: Id3880b01ed1810c5d7af9996c48ce45fdf4850f8
-
- 15 May, 2015 1 commit
-
-
Kenny Root authored
Toucing NativeCrypto causes System.loadLibrary(...) to be called which causes classloader initialization to fail during compile time. To allow more to be initialized, move this to NativeConstants. (cherry picked from commit f5b4518e) Bug: 21036900 Change-Id: I07f0f5be9559a9fa9a652d1bcd82a9f88640653e
-
- 13 May, 2015 11 commits
-
-
Kenny Root authored
This includes AES/GCM/NoPadding support, changes for the latest BoringSSL revision, and some fixes while compiling with debugging flags fixes. Bug: 21085702 Change-Id: I0de7b15a32f532e625d74729fc6ff20809af6c78
-
Elliott Hughes authored
* commit '57ad13fd': Silence unused result warnings in conscrypt.
-
Adam Langley authored
The Java provider mechanism doesn't really let us fallback to another provider based on whether certain ECC groups are supported or not. Since I expect that some people will be trying to do Bitcoin on Android, this should keep them happy. Change-Id: I1db48b104e12a6e7dae21df9c31c21bff0d62a9b
-
Adam Langley authored
* commit '8d18c8a7': external/conscrypt: fix WITH_JNI_TRACE in light of BoringSSL update.
-
Kenny Root authored
* commit '7c0a4c86': Fix OpenSSL build for new AEAD changes
-
Kenny Root authored
* commit 'f6f6620c': OpenSSLCipher: add AEAD cipher
-
Kenny Root authored
* commit '110054e9': OpenSSLCipher: refactor in preparation for AEAD
-
Elliott Hughes authored
So we can turn on _FORTIFY_SOURCE=2 for the host. Bug: http://b/20558757 Change-Id: Ie2b3eb7efb69a3def64be2c35bd8cc5fe3a8d85e
-
Kenny Root authored
* commit '9b343fce': Rename Arrays to ArrayUtils
-
Adam Langley authored
These values in BoringSSL are now uint32_t's, which upsets the compiler when printing them as longs. This change casts the values to longs so that it continues to work with OpenSSL. Change-Id: I35af51d765d67b3c8c30e55b80eac24dda420a88
-
Kenny Root authored
Change-Id: I06304121d29d6fdcc7dab7a2c8e9d208a394e0a8
-
- 12 May, 2015 3 commits
-
-
Kenny Root authored
This allows us to provide an implementation of AES-GCM using the new EVP_AEAD interface in BoringSSL. It simply buffers up the input until doFinal(...) is called which makes it much safer than any streaming interfaces, because the caller can't use the plaintext until it's authenticated by the GHASH (or whatever other AEAD you happen to use). Bug: 20636336 Change-Id: I6e4b063a8137a16102b1f6ac15687a38ddfe1691
-
Kenny Root authored
BoringSSL uses a different interface for AEAD that is much simplier called EVP_AEAD. Separate out the EVP_CIPHER usage so that we can have another subclass with the EVP_AEAD usage. Bug: 20636336 Change-Id: I661d92bd449f2fcc3c4a6e511155490917ecef0c
-
Kenny Root authored
To avoid conflict with the java.util.Arrays class, rename our own internal compatibility class to ArrayUtils. Change-Id: Iae79a4d37749e16e62712f3bb5038d870b78d999
-