Commits · 85ef1e25645cf07472cc82f86d46c1eddbb37de8 · halo / external_conscrypt

02 Feb, 2016 6 commits

Revert "Add ExtendedSSLSession, et al." · 85ef1e25
Kenny Root authored 9 years ago
```
am: 132c311d

* commit '132c311d':
  Revert "Add ExtendedSSLSession, et al."
```
85ef1e25

Revert "Add ExtendedSSLSession, et al." · 132c311d

Kenny Root authored 9 years ago

This reverts commit 38d12ed4.

This breaks the unbundled build because of OpenSSLExtendedSessionImpl.

Change-Id: I73951a6f1d5cb14c70cd807c2c895bbbdc4c8e40

132c311d

Add ExtendedSSLSession, et al. · b12cf067
Kenny Root authored 9 years ago
```
am: 38d12ed4

* commit '38d12ed4':
  Add ExtendedSSLSession, et al.
```
b12cf067

Add ExtendedSSLSession, et al. · 38d12ed4

Kenny Root authored 9 years ago

In order to support SNI certificate selection of the server-side and
enhanced certificate verification on the client side, we add
ExtendedSSLSession and the getHandshakeSession support.

This is just to set up for future implementations of SNI and
ExtendedX509TrustManager and doesn't actually implement the logic needed
to fully support the new features.

Change-Id: I300d3134d8ab9c184d6473183612dc53658a8221

38d12ed4

Add ChaCha20-Poly1305 as an enabled cipher suite · 0278b99b
Kenny Root authored 9 years ago
```
am: 6f9dffd8

* commit '6f9dffd8':
  Add ChaCha20-Poly1305 as an enabled cipher suite
```
0278b99b
Add ChaCha20-Poly1305 as an enabled cipher suite · 6f9dffd8
Kenny Root authored 9 years ago
```
Change-Id: Idc143d37c63cf3436ccdddc22abcb11802fc6615
```
6f9dffd8

28 Jan, 2016 2 commits

Compare keys using encoded form as a fallback · 98274583
Chad Brubaker authored 9 years ago
```
am: e06e7423

* commit 'e06e7423':
  Compare keys using encoded form as a fallback
```
98274583

Compare keys using encoded form as a fallback · e06e7423

Chad Brubaker authored 9 years ago

PublicKey.equals is not required to return true on the same public key
but from different providers, this causes incorrect lookup failures when
the key comes from keystore.

Change-Id: Iaedaa91c64eeede1d5021430c015aac746afbc97

e06e7423

27 Jan, 2016 2 commits

Make OpenSSLX509Certificate.hashCode match the RI · 34382647
Chad Brubaker authored 9 years ago
```
am: 45fad1a9

* commit '45fad1a9':
  Make OpenSSLX509Certificate.hashCode match the RI
```
34382647

Make OpenSSLX509Certificate.hashCode match the RI · 45fad1a9

Chad Brubaker authored 9 years ago

Use super.hashCode to make sure that hashCode matches the RI. Since the
underlying certificate (and therefore the hashcode) is immutable the
value is cached after the first call to avoid needlessly recomputing the
hash.

Bug:26386620
Change-Id: Ic480b48e57144ac730a33dcc313cdff57fe71157

45fad1a9

26 Jan, 2016 7 commits
- DO NOT MERGE ANYWHERE - Keep history after reset to dfeefc23 · 49b9ae20
  Baligh Uddin authored 9 years ago
  
  49b9ae20
- Keep history after reset to 87b44e33 · 25f8f983
  Baligh Uddin authored 9 years ago
```
am: 4ddae91b

* commit '4ddae91b':
```
  25f8f983
- Keep history after reset to 87b44e33 · 4ddae91b
  Baligh Uddin authored 9 years ago
  
  4ddae91b
- Keep history after reset to 0302aa08 · dfeefc23
  Baligh Uddin authored 9 years ago
```
am: 7dc2b75e

* commit '7dc2b75e':
```
  dfeefc23
- Keep history after reset to 0302aa08 · 7dc2b75e
  Baligh Uddin authored 9 years ago
  
  7dc2b75e
- Keep history after reset to 0302aa08 · bad46e59
  Baligh Uddin authored 9 years ago
  
  bad46e59
- keep history after reset to mnc-dr-dev · 71aab26d
  Baligh Uddin authored 9 years ago
```
am: 87b44e33  -s ours

* commit '87b44e33':
```
  71aab26d
25 Jan, 2016 1 commit
- keep history after reset to mnc-dr-dev · 87b44e33
  Baligh Uddin authored 9 years ago
  
  87b44e33
21 Jan, 2016 2 commits

Get rid of AlgNameMapper · 0302aa08
Kenny Root authored 9 years ago
```
am: d31ede7b

* commit 'd31ede7b':
  Get rid of AlgNameMapper
```
0302aa08

Get rid of AlgNameMapper · d31ede7b

Kenny Root authored 9 years ago

This was only a hack to support old Harmony code, so we don't need it
anymore. Remove the direct references to AlgNameMapper and use
reflection for compatibility in unbundled code.

Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6

d31ede7b

20 Jan, 2016 12 commits

Prevent duplicate certificates in TrustedCertificateIndex am: am:... · 903a97ba

Chad Brubaker authored 9 years ago

Prevent duplicate certificates in TrustedCertificateIndex am: 4c9f9c22 am: 1a86d309 am: 825390d5 am: 360cc576 am: 95de98f0
am: b84145b3

* commit 'b84145b3':
  Prevent duplicate certificates in TrustedCertificateIndex

903a97ba

Cache intermediate CA separately am: am: am: ... · 2f1dbee6

Chad Brubaker authored 9 years ago

Cache intermediate CA separately am: c4ab1b95 am: 2138a380 am: edac1314 am: 7e3bc71b am: b65bd711
am: e03c349a

* commit 'e03c349a':
  Cache intermediate CA separately

2f1dbee6

Prevent duplicate certificates in TrustedCertificateIndex am: am:... · b84145b3

Chad Brubaker authored 9 years ago

Prevent duplicate certificates in TrustedCertificateIndex am: 4c9f9c22 am: 1a86d309 am: 825390d5 am: 360cc576
am: 95de98f0

* commit '95de98f0':
  Prevent duplicate certificates in TrustedCertificateIndex

b84145b3

Cache intermediate CA separately am: c4ab1b95 am: 2138a380 am: edac1314 am: 7e3bc71b · e03c349a
Chad Brubaker authored 9 years ago
```
am: b65bd711

* commit 'b65bd711':
  Cache intermediate CA separately
```
e03c349a

Prevent duplicate certificates in TrustedCertificateIndex am: am:... · 95de98f0

Chad Brubaker authored 9 years ago

Prevent duplicate certificates in TrustedCertificateIndex am: 4c9f9c22 am: 1a86d309 am: 825390d5
am: 360cc576

* commit '360cc576':
  Prevent duplicate certificates in TrustedCertificateIndex

95de98f0

Cache intermediate CA separately am: c4ab1b95 am: 2138a380 am: edac1314 · b65bd711
Chad Brubaker authored 9 years ago
```
am: 7e3bc71b

* commit '7e3bc71b':
  Cache intermediate CA separately
```
b65bd711
Prevent duplicate certificates in TrustedCertificateIndex am: 4c9f9c22 am: 1a86d309 · 360cc576
Chad Brubaker authored 9 years ago
```
am: 825390d5

* commit '825390d5':
  Prevent duplicate certificates in TrustedCertificateIndex
```
360cc576
Cache intermediate CA separately am: c4ab1b95 am: 2138a380 · 7e3bc71b
Chad Brubaker authored 9 years ago
```
am: edac1314

* commit 'edac1314':
  Cache intermediate CA separately
```
7e3bc71b
Prevent duplicate certificates in TrustedCertificateIndex am: 4c9f9c22 · 825390d5
Chad Brubaker authored 9 years ago
```
am: 1a86d309

* commit '1a86d309':
  Prevent duplicate certificates in TrustedCertificateIndex
```
825390d5
Cache intermediate CA separately am: c4ab1b95 · edac1314
Chad Brubaker authored 9 years ago
```
am: 2138a380

* commit '2138a380':
  Cache intermediate CA separately
```
edac1314
Prevent duplicate certificates in TrustedCertificateIndex · 1a86d309
Chad Brubaker authored 9 years ago
```
am: 4c9f9c22

* commit '4c9f9c22':
  Prevent duplicate certificates in TrustedCertificateIndex
```
1a86d309
Cache intermediate CA separately · 2138a380
Chad Brubaker authored 9 years ago
```
am: c4ab1b95

* commit 'c4ab1b95':
  Cache intermediate CA separately
```
2138a380

19 Jan, 2016 3 commits

Prevent duplicate certificates in TrustedCertificateIndex · 4c9f9c22

Chad Brubaker authored 9 years ago

With the separate caching of intermediate certificates in
TrustManagerImpl a given intermediate may be passed into .index multiple
times. Avoid adding the certificate to the list each time.

(cherry-picked from commit d080e064)
Bug: 26232830
Change-Id: I6bed2c65d9e42e052b9b1b129200a997e7dca745

4c9f9c22

Cache intermediate CA separately · c4ab1b95

Chad Brubaker authored 9 years ago

Intermediate CAs are cached in order to support servers that fail to
sent a complete chain to a root. These certificates should be cached to
support these servers but these certificates must not be trusted as
trust anchors. Store them separately to prevent confusion between
trusted roots and cached intermediates.

(cherry-picked from commit 198aca1f)
Bug: 26232830
Change-Id: I520f50729b55fc7412c7d133335bc9e3c190bbf6

c4ab1b95

Merge "TrustManagerImplTest: instantiate TrustManagerImpl directly instead of using factory" · 203ee7dc
Sergio Giro authored 9 years ago

203ee7dc

18 Jan, 2016 2 commits

TrustManagerImplTest: instantiate TrustManagerImpl directly instead of using factory · 4288f1ca

Sergio Giro authored 9 years ago

The TrustManagerFactory is returning a RootTrustManager now instead of a TrustManagerImpl,
thus breaking the test.

Bug: 25992791
Change-Id: I5924b684a9c3f8c49818ceefb038886035a17f68

4288f1ca

OpenSSLX509CertPath: add null check in fromEncoding(InputStream) · e8eb8aed

Sergio Giro authored 9 years ago

Note the null check was in fromEncoding(InputStream, String)
already.

Bug: 25926066
Change-Id: Ic4a0d514c6b8e6d8af349a8202f26854f6975cd6

e8eb8aed

14 Jan, 2016 2 commits

external/conscrypt: sort list of cipher suite strings. · cabbd221
Adam Langley authored 9 years ago
```
This change sorts the list using sort(1).

Change-Id: Ief0c407969c92405464b9b2e9ebc694f98260263
```
cabbd221

external/conscrypt: add ChaCha20-Poly1305 cipher suite strings. · 8a585a55

Adam Langley authored 9 years ago

In preparation for a new BoringSSL import, this change adds the strings
for the ChaCha20-Poly1305-based cipher suites, as specified in
draft-ietf-tls-chacha20-poly1305-04.

This change will cause the ciphers to be advertised via
|getSupportedCipherSuites| even though BoringSSL hasn't been
updated yet. This will be a transient flaw.

Change-Id: If633ebb10f74d9f5706ad87d49b40ee5183dae8f

8a585a55

11 Jan, 2016 1 commit

Fix unneccessary access of BoringSSL SSL structs. · 883eeb45

David Benjamin authored 9 years ago

get_SSL_CIPHER_algorithm_mkey and get_SSL_CIPHER_algorithm_auth are never used.
There are also some struct accesses that have public API variants. Finally,
requiring ssl->server be set to 0 before SSL_set1_tls_channel_id was a bug that
has been fixed in BoringSSL. (See
https://boringssl.googlesource.com/boringssl/+/a3d9de05fb6df2c0dffab83717139e6c71d3d329/ssl/s3_lib.c#337)

Change-Id: If68efce2901f3ef89bdf5bb47cbc7d5fddaa6ef6

883eeb45