GitLab

The latter doesn't OpenSSL_free memory allocated by EVP_CIPHER_CTX_new.

It's worth noting that EVP_CIPHER_CTX_free doesn't check the return
value of EVP_CIPHER_CTX_cleanup so we can't throw if cleanup failed, but
we were only ever calling this method from a finalizer anyway.

(cherry picked from commit c6465293)

bug: 18617384
Change-Id: Ida65e14ffbed41f56a59e2f5fe77289cac0f5947

The EncapsulatedContentInfo must be present in the output, but OpenSSL
will fill in a zero-length OID if you don't call PKCS7_set_content on the
outer PKCS7 container. So we construct an empty PKCS7 data container and
set it as the content. This fixes the invalid PKCS7 output.

Bug: 18664989
Change-Id: I6f4cf785dd02ee40f1951d098fa987aa25d2421a

Since nothing was being pushed onto the stack, no exception was thrown
in throwExceptionIfNecessary with the constant time fix present in
1.0.1j. The fix is to throw our own error if nothing was thrown.

Bug: 18621207
Change-Id: I25e653c493e162c5fda46f320117c013a2661aa4

1.0.1j introduced a new error reason for RSA padding checks that wasn't
mapped resulting in a RuntimeException. Add this to the list of reasons
so we throw the correct BadPaddingException.

Bug: 18665649
Change-Id: I96ce13f6dee10ca89e74c558ecb338f9dbd907ba

Change-Id: I8b60efdbab806d6ffba67292b8f003df8cb895e5

Since SSL_clear can fail, we should clear the OpenSSL ERR stack if it
does fail. However, to aid in spotting bugs, only clear the stack if the
SSL_clear itself fails.

Bug: 18570895
Change-Id: I053d2e2792e64923c1e128b4fcae23b2e660a992

Change-Id: I3ccab83a36ba016bd1bf9068a90b1afbf2aea7ed

... either during the handshake or after. With this change, we're
backward compatible with older versions of android. Note that newer
versions of apache-http rely on this behaviour.

bug: 18554122

(cherry picked from commit 6a1b7a85)

Change-Id: I741d2585548b3d72abae2b696eee2a186e58414c

We were using a non-null hostname as a hint that the socket was
constructed with an explicit host and port. This is no longer true
because the hostname can be non-null when SNI is used (i.e setHostname
is called with a non-null hostname).

bug: 18428603

(cherry picked from commit 13164097)

Change-Id: I5a76a17259e4f50a0b8a29b37a647265a755e326

Bug: 16656908
Change-Id: Ie912f376f69327ce634cac50763bf86b418049f5

Bug: 16656908
Change-Id: Id519c20474a02c70e72d362bc84d26855a74fa33

During the compatibility with BoringSSL change, this appears accidentally
removed without removing any of the references from NativeCrypto.java
or OpenSSLCipher.java

Change-Id: I7fe686b367994f127675b076ab49712767203f49

To avoid conflicts in the language spec and how Conscrypt does native
calls, we need to wrap all native references in a Java object reference.
Calling NativeCrypto's static native methods with a raw pointer doesn't
guarantee that the calling object won't be finalized during the method
running.

This pass fixes EVP_PKEY references, but more passes are needed.

Bug: 16656908
Change-Id: I5925da40cb37cd328b3a126404944f771732a43e

The update to BoringSSL broke some of the tracing messages, so fix their
formatting to compile correctly with warning on.

Change-Id: I6c7a1e0069b61a787d9e00b929a6c4fa4358a063

Change-Id: I5ecaa9ce3f5cc6fe8728f7811fcc965f46f1e942

To avoid conflicts in the language spec and how Conscrypt does native
calls, we need to wrap all native references in a Java object reference.
Calling NativeCrypto's static native methods with a raw pointer doesn't
guarantee that the calling object won't be finalized during the method
running.

Bug: 16656908
Change-Id: I165e041a8fe056770d6ce6d6cd064c411575b7c4

BoringSSL removes support for DSA, so there's no point in maintaining
this now. There have been virtually zero SSL certificates issued using
DSA for many years as well.

Change-Id: Id940643b85ba39b03038aabc6da9ec0285db66c4

Change-Id: I9234e649a910408cff9f9d33008642e0c8334276

Clang/llvm gives warning on them.

Change-Id: I788807e414a1ab1519396f3a682cfdf50d6f7fca

Prior to this change TLS/SSL sessions did not time out.

Bug: 18370076
Change-Id: I596423b9c56bfc5f337a17aba02fbb9a9f2ded36

Since both unbundled and platform agree now, we don't need the call in
Platform.java to check. We should always default to true.

Change-Id: I8fc3257871075b3c4ff128060972b6029ab2f640

Change-Id: Ibb669022449a21bc8f2aa4558fbdc747aa1bff2c

Change-Id: Ib7297bb0631caafed1ff04bcf2d73aea512c01c1

BoringSSL reads /dev/urandom directly, so these calls aren't needed.
However, OpenSSL needs these calls in some instances to protect against
other things going wrong elsewhere.

Restore the previous code until BoringSSL is in the tree.

Change-Id: I55624e0d98b04e9f5411f69e13a70a78fa0c0d7f

This is quite a substantial change because of the changes to ENGINEs in
BoringSSL.

For the most part, #ifs are used to allow the code to work with either
OpenSSL or BoringSSL. However, in several places, support for things
that BoringSSL is dropping have been removed, even when OpenSSL is used.
This includes DSA keys and tests for the ENGINE bits that are going away
because it's unclear how to skip compiling those tests.

Change-Id: I941a5ed232391f84b45e070c19d2ffb7ad162b7b

This is in preparation for migration from OpenSSL to BoringSSL.
BoringSSL does not support DSS.

DSS cipher suites are used by a vanishingly tiny fraction of the
Android ecosystem. In all cases, the server's SSL certificate is
self-signed (rather than CA issued), making it easy to switch to
a new self-signed certificate which is based on RSA or ECDSA.

Bug: 17409664
Change-Id: I91067ca9df764edd2b7820e5dec995f24f3910a1

This fixes an issue where client certificate types requested by the
server from the client, but not known by the client, manifest
themselves as null elements in X509KeyManager.chooseClientAlias
keyTypes argument.

The root cause was that for each element in the
CertificateRequest.certificate_types array an element was output into
the keyTypes array. For unknown values of certificate_type, a null
was output.

This CL fixes the issue by ignoring unknown values in
certificate_types array.

Bug: 18414726
Change-Id: I8565e19a610c0ecfb7cab1b7707c335e0eeb8d89

During the switch to BoringSSL, agl noticed the error state wasn't being
preserved correctly. Integrate part of the BoringSSL change to preserve
error states.

Bug: 18388980
Change-Id: I9a6fea4f3bf457808a337604290c6bfd1b9ea84e

(cherry picked from commit cd50afad1567b1311e6e979e94a7167b7bf69c94)

Bug: 17877118
Change-Id: I388b59cde58fdc506ecac9f536e4bbd9161df6ad

The benefit of enabling SNI by default is that is makes it easier to
setup/move to virtual hosting, and also use more specific/restricted
SSL certificates without having to modify clients.

SNI is so widely deployed these days that it is not expected to cause
any significant issues by being on by default. Moreover, it's on by
default in the RI.

Bug: 16658420
Change-Id: I0d5d13152ffcc3cf1e01afe7a45f69e7aaf6d4bc

The unbundled release unconditionally enabled LOG_NDEBUG features. Check
for that define before enabling ALOGV so we don't spam the log.

Bug: 17445714
Change-Id: Ideb61d0fce385df356be56a65794d1b738f5a3bb

Bug: 18018599
Change-Id: I2b8c62190a9dd5e5fdc6894334cf1d3edfce0a06

* commit 'dee4e55c':
  Remove SSLv3 from default protocols list for TLS

SSLv3 has some systemic problems demonstrated by the POODLE attack.
Disable it by default when "TLS" is requested since the documentation
in Java Standard Names allows us to not support SSL when TLS is
requested.

Bug: 17136008
Change-Id: Icad1639c7e33b6e495f452a5289b0d20b819d679

* commit '7e3bd54e':
  Support duck-typed PSKKeyManager instances in SSLContext.init.

On some platforms there are multiple classes defining the
PSKKeyManager interface. At the moment, SSLContext.init does not
handle this situation.

This CL makes SSLContext.init treat KeyManager instances which expose
all the methods of PSKKeyManager interface as implementing this
interface. This duck-typing is achieved via Reflection.

Change-Id: I8a3146a9cabb3f951c95ca6d86d72589e0344fc1