GitLab

* commit '6dcb23fe':
  Fix the ENGINE_finish/ENGINE_free mixup

* commit 'f427ec90':
  Fix the ENGINE_finish/ENGINE_free mixup

The tests were calling finish when it meant free. This caused tests to
segmentation fault next time the ENGINE was looked up in the dynamic
engine list.

(cherry picked from commit 984b7ec6)

Bug: 14994037
Change-Id: If7379fee26f7e79fa0b43104ac9d13b4ffb62ba8

The tests were calling finish when it meant free. This caused tests to
segmentation fault next time the ENGINE was looked up in the dynamic
engine list.

Bug: 14994037
Change-Id: If7379fee26f7e79fa0b43104ac9d13b4ffb62ba8

Bug: 16957575
Change-Id: I351316a62f9b583b37b54f3e7fbfaa0450439ca4

When the ByteBuffer didn't line up exactly with the backing array, it
would allocate a new buffer to write into. Instead, add the ability for
OpenSSL to read at an offset in the given array so a copy isn't needed.

(cherry picked from commit 7ed0fae1)

Change-Id: I149d3f94e4b5cbdc010df80439ae3300cbdc87a5

Checking the state of the connection is unreliable if SSL_read and
SSL_write are happening in another thread. Move the state checks inside
our application mutex so we don't run into another thread mutating the
state at the same time.

Bug: 15606096

(cherry picked from commit 0931d51c)

Change-Id: I151ecbc57278374007a56827a65295b4c9476732

(cherry picked from 26163c26)

Bug: 16352665
Bug: https://code.google.com/p/android/issues/detail?id=73745
Change-Id: I5bcaf3ee8910ff75e785baed4c4604fee6c5e700

Bug: 16029580

Change-Id: I09850d08b82f1929bae04d846b1f9807d10391ab

The decrypted bytes should written sequentially into each buffer of
the destination array until it's full before moving to the next
buffer.

(cherry picked from commit 41eb5b65)

Bug: 16352665
Change-Id: I2454249c167deafde6c12134d3c8cd658cd7c21b

This clarifies several points and adds sample code.

(cherry picked from commit 7ac13e03)

Bug: 15073623
Change-Id: I6d8cf195cbc7eb4528760145f62f3e3e7b8507f5

Unlike the previous CL, this uses reflection for android.os.Process and
android.util.EventLog throughout.

(cherry picked from commit 35b1f354)

Bug: 15452942
Change-Id: I34b9eaedf1f1e450b1f8004887bb0482601d789e

OpenSSL's RC4 mutates the given key. AES/CTR mutates the IV. We must
store these values locally to enable "doFinal" to cause the Cipher
instance to be reset to what it was right after "init".

Note that resetting and encrypting with the same key or IV breaks
semantic security.

(cherry picked from commit 084e3086)

Bug: 16298401
Bug: https://code.google.com/p/android/issues/detail?id=73339
Change-Id: Ie7e4dcb6cf6cc33ddad31d6b47066dc1b34e6894

(cherry picked from commit e08f2385)

Bug: 16352665
Change-Id: Idc78204b7077fb367b64e1867c807cd39f596f98

Fix "Buffers were not large enough" exception by directly using the
destination buffers.

Corrections around bytesProduced and bytesConsumed behavior.

Return BUFFER_OVERFLOW if a zero length destination is provided to
unwrap.

(cherry picked from commit bdfcc189)

Bug: 16352665
Change-Id: I1f1e9b72cd6968ed4f3c3c0edccbccebc33d6790

This enables TLS-PSK cipher suites by default iff SSLContext is
initialized with a PSKKeyManager. For consistency, X.509 based
cipher suites are no longer enabled by default at all times -- they
are now only enabled by default iff SSLContext is initialized with a
X509KeyManager or a X509TrustManager.

When both X.509 and PSK cipher suites need to be enabled, PSK cipher
suites are given higher priority in the resulting list of cipher
suites. This is based on the assumption that in most cases users of
TLS/SSL who enable TLS-PSK would prefer TLS-PSK to be used when the
peer supports TLS-PSK.

Bug: 15073623

(cherry picked from commit 8f9ac1af)

Change-Id: Icd7fe066147a6b2fc64d807204cc99f6af821313

Change-Id: I39ab275cd9744ba442fee7db9038107b4603526f

* commit 'fe4a6df5':
  Remove

* commit 'a3284927':
  Remove

(cherry picked from commit b860016f)

Change-Id: I4302ea4e0200ac80a0b9f3b953d58270b65b3d0c

Change-Id: Iea7c633eb68df576bf72314ff5ce31bc8094d9ce

This reverts commit b1599520.

Some build targets (e.g. git_dalvik-dev) do not have API-1 Android APIs available, like android.os.Process and android.util.EventLog. Investigating.

Change-Id: Iddce3f445be0502d1afa4f8244a7b8867721613e

Bug: 15452942
Change-Id: I49e7bad6a65c70e113324c02fc23315cff168f5b

* commit 'dbc347b9':
  Remove direct reference to PROVIDER_NAME

* commit 'd704c478':
  Assert that the padding extension is enabled by default.

* commit '35f7742c':
  Make setEnabledProtocols/CipherSuites copy their inputs.