GitLab

Fix typo in name of des-ede mapping am: 0af37f8e am: a31bc9ee am: 74fe0c16 am: b4a74370 am: b3935d56
am: ff993fed

Change-Id: I4c6c07b1a813e41148bb65f9b04ba68e705c7a89

am: b3935d56

Change-Id: I940b282504848c1ea14187ea2b1f6a2342827404

am: b4a74370

Change-Id: I8daf68b72345115153e9608a7c28a55544a2fea0

am: 74fe0c16

Change-Id: I5b714850306362bbbf1750d89fa398f1ac033ad6

am: a31bc9ee

Change-Id: Ieabf25289af85daeb7d6cdec0e67910eeb3a6d12

am: ec50e3d8

Change-Id: I2ba2c941d202ecbe14e3640be6a371b43741f866

am: 0af37f8e

Change-Id: I1c2ca17759368d1c2203833fc539c713a7344f67

am: 3209baf3

Change-Id: Id3cf860a111e2d404037d154498d65e0a3a58e01

This was mapping 2-key 3DES to regular DES thus resulting in all
encryption using 2-key 3DES having the wrong answers.

(cherry picked from commit 55caed99)

Bug: 31081987
Change-Id: I44ba12dcf51d57952cf3ba501381d144d271a2a6

This was mapping 2-key 3DES to regular DES thus resulting in all
encryption using 2-key 3DES having the wrong answers.

(cherry picked from commit 55caed99)

Bug: 31081987
Change-Id: I44ba12dcf51d57952cf3ba501381d144d271a2a6

This now has the undesired effect of making a client only support this
curve for ECDHE. This used to be needed to allow a server to handshake
with ECDHE, but is now unnecessary for BoringSSL. The client doesn't
want this call and the server no longer needs this call, so delete it.

(cherry picked from commit 1ba6bcf1)

Test: mmma -j32 external/conscrypt && make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Bug: 31393711
Change-Id: Ib7afdcc3ea7ee3d2222a262f3c57abd065a4b4e1

Name was off by one.

(cherry picked from commit abdd1227)

Test: make -j 32
Bug: 31114355
Change-Id: Ia2ffa15b626dd057f34a5c51f4fbc67876813f6d

This was mapping 2-key 3DES to regular DES thus resulting in all
encryption using 2-key 3DES having the wrong answers.

Bug: 31081987

(cherry picked from commit 55caed99)

Change-Id: Id06d6c5b5a81142a06451f8ab8bf1c608bff7b6f

am: ce5bdd03

Change-Id: I41d2c084ae5a3f9b1729102ad608a40014123778

CertBlacklist was previously in bouncycastle, but with the enso switch
we no longer use their CertPathValidator and so blacklist checking
wasn't being done.

CertBlacklist is mostly unchanged from bouncycastle except removing the
bouncycastle Digest and Hex dependencies in isPublicKeyBlackListed.

Bug: 29397721
Change-Id: Icccdcc0e108e8b0c60c47522114749518247a598

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf am: 37a87dd8  -s ours am: 97adf6ee am: f4119242 am: 7281dbfc am: 3e855cdb
am: 80fd9357

* commit '80fd9357':
  Use SSL_session_reused to check when a session was reused

Change-Id: I42590ca2a936cb5f845083c37bffc84e8a9bbad0

Use SSL_session_reused to check when a session was reused am: 0b905f8e am: a2e751b4 am: 051cfe80 am: 215292da
am: 67abd0c8

* commit '67abd0c8':
  Use SSL_session_reused to check when a session was reused

Change-Id: I61d8e4c4a22df692172d81e4b1df3a7bd58d1256

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf am: 37a87dd8  -s ours am: 97adf6ee am: f4119242 am: 7281dbfc
am: 3e855cdb

* commit '3e855cdb':
  Use SSL_session_reused to check when a session was reused

Change-Id: Ib9f4b80dd63a6a34358641ee32e291fd9b9ff558

Use SSL_session_reused to check when a session was reused am: 0b905f8e am: a2e751b4 am: 051cfe80
am: 215292da

* commit '215292da':
  Use SSL_session_reused to check when a session was reused

Change-Id: I61463a8c680120a3d8496978d03680b3e8d292ea

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf am: 37a87dd8  -s ours am: 97adf6ee am: f4119242
am: 7281dbfc

* commit '7281dbfc':
  Use SSL_session_reused to check when a session was reused

Change-Id: Ifff55860931526e1fec83ebbe916551637592e51

am: 051cfe80

* commit '051cfe80':
  Use SSL_session_reused to check when a session was reused

Change-Id: I3a972ee0fb33770474a335392dae283c33854f23

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf am: 37a87dd8  -s ours am: 97adf6ee
am: f4119242

* commit 'f4119242':
  Use SSL_session_reused to check when a session was reused

Change-Id: I954fd0dd7f704154757dd6d330356aad8b5004af

am: a2e751b4

* commit 'a2e751b4':
  Use SSL_session_reused to check when a session was reused

Change-Id: If3ba7b806a4a67247146b89fb1073e353d80ef3f

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf am: 37a87dd8  -s ours
am: 97adf6ee

* commit '97adf6ee':
  Use SSL_session_reused to check when a session was reused

Change-Id: Ia45b3883b12a1e6961aae04c790379f22a34dcbe

am: 0b905f8e

* commit '0b905f8e':
  Use SSL_session_reused to check when a session was reused

Change-Id: I86105390b7f9f0af8e2293bd4032fe4fe9b2a471

Use SSL_session_reused to check when a session was reused am: efd7f14d am: 570b68b1 am: 79263dbf
am: 37a87dd8  -s ours

* commit '37a87dd8':
  Use SSL_session_reused to check when a session was reused

Change-Id: Iddfaf5121a109704cce8df7ca00fe1113f99514b

am: 79263dbf

* commit '79263dbf':
  Use SSL_session_reused to check when a session was reused

Change-Id: I7ef24f8b661f8ebbbaa7e5bc15046de469718a8e

am: 570b68b1

* commit '570b68b1':
  Use SSL_session_reused to check when a session was reused

Change-Id: Iec88b79b6ad31dcdd1c4e9f64b3a7fca1d384285

am: efd7f14d

* commit 'efd7f14d':
  Use SSL_session_reused to check when a session was reused

Change-Id: I5575ba2da8aa4acebd6e11a4089b5f152073bcd8

am: 1115fa0f

* commit '1115fa0f':
  Use SSL_session_reused to check when a session was reused

Change-Id: I37f063d9c60fbb7f7b86464f16d95873cb1e8838

The returned session_id could be exactly the same in the case of TLS
session tickets, so use the SSL_session_reused API to determine exactly
when a session was reused.

(cherry picked from commit 1115fa0f)

Bug: 28751153
Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f

The returned session_id could be exactly the same in the case of TLS
session tickets, so use the SSL_session_reused API to determine exactly
when a session was reused.

(cherry picked from commit 1115fa0f)

Bug: 28751153
Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f

The returned session_id could be exactly the same in the case of TLS
session tickets, so use the SSL_session_reused API to determine exactly
when a session was reused.

Bug: 28751153
Change-Id: Ie82e4d1bb326d7e7deb7981a1e57df393f6c0e1f

am: dd5e93cc

* commit 'dd5e93cc':
  UniqueMutex for explicit ordering with ScopedSslBio

Change-Id: Ibac52a957bebedf968ebd3ccbb0d3139c310ab5b

The MUTEX_LOCK / MUTEX_UNLOCK semantics work if you also explicitly
clear out resources that were supposed to be cleared before the lock is
released. However, with wrapper classes that do it automatically, you
can't get the correct ordering. Instead of converting these all to
manual acquire and release, convert the mutex handling to use automatic
release via UniqueMutex so that ordering is correct with resources that
should be protected by the mutex.

Thanks to Zhen Song for finding these issues.

(cherry picked from commit cdc9e2f0)

Bug: 28473706
Change-Id: I4b63ce674e0fc343fe156936df7e8f6e3130722f

This adds versions of the new checkServerTrusted methods that return the
built chain.

Bug: 27271561
Change-Id: Id03500dab962c949430ee217407bf64fec28adb7

When this Signature scheme was added to Conscrypt, we went with the
Bouncycastle name of "ECDSA." However, the Standard Names documentation
that "ECDSA" should not be used due to its ambiguity.

(cherry picked from commit b825b833)

Bug: 27753949
Change-Id: I20196550aa3cc70afaff1930d5e90e1c3a59ea82

am: 3b3bf012

* commit '3b3bf012':
  Fix updateAAD when offset is not 0