summaryrefslogtreecommitdiffstats
path: root/crypto/src
Commit message (Collapse)AuthorAgeFilesLines
* Move conscrypt out to external/conscryptKenny Root2013-10-01134-39097/+0
| | | | Change-Id: I8895638441ceccb5d794238eb2c8f91a3028dcc9
* Remove unsupported Cipher modesKenny Root2013-09-302-82/+17
| | | | | | | OpenSSL silently ignores the padding modes when specified for stream ciphers, but apparently Java does not. Change-Id: Icd92122d63b3b8e99d704e8193414dda5057146d
* Conscrypt: correct key selection with no sigAlgKenny Root2013-09-271-3/+4
| | | | | | | | | | | | The KeyManagerImpl was changed to support the "EC_EC" and "EC_RSA" key types in the StandardNames document. The intention of those aliases are to require a certain signature type. If it is missing, it should accept any signature type as before. However, it was erroneously requiring the same signature type as the key type if it was missing. This causes RSA client certificates signed by an EC key, for instance, to fail. Bug: 10966884 Change-Id: I298bf65ac4c607ae13e24b44fb1b52ec341f9fcf
* Conscrypt: add SHA-224 with testsKenny Root2013-09-264-0/+51
| | | | | | | | SHA-224 has made a comeback in the latest StandardNames documentation. This change adds tests for SHA-224 and also Conscrypt providers for things we have code paths to support. Change-Id: I8c200082ff76ee4ae38b6efaa16e6741b33b7f5b
* Do not throw exception on Mac#resetKenny Root2013-09-251-0/+4
| | | | | | | | | OpenSSLMac was not checking whether it was initialized before dereferencing its macKey field. This caused callers to Mac#reset() before Mac#init() to get a NullPointerException. Bug: https://code.google.com/p/android/issues/detail?id=58179 Change-Id: I8523983fec578079a66a04d585c1ddbe7732575e
* Revert "Restore NativeCrypto#encodeCertificates for now"Kenny Root2013-09-121-10/+0
| | | | | | | This reverts commit 07ff5de463a219d97b5ea7abfaa42bf3ae55fb57 and commit 42567acf03ad437efd20e70790ae0f708dda15bc. Change-Id: I05712ea94f0b11cc5963af58fb5081e65c79c3f0
* Fix buildKenny Root2013-09-121-0/+1
| | | | | | Missed this during the git reset -p Change-Id: I6c089d2fb5192d43934d55949b261b05cb8d67da
* Restore NativeCrypto#encodeCertificates for nowKenny Root2013-09-121-0/+9
| | | | | | | Some other classes are using this. Restore this until they can be removed. Change-Id: Ibf188b7c4915865e20cc4ca51c73f26314df7828
* Conscrypt: use certificate references in SSL codeKenny Root2013-09-125-121/+152
| | | | | | | Instead of marshalling and unmarshalling to ASN.1 DER, just use references to OpenSSL X509 objects everywhere applicable. Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4
* Add specific exception for wrong final block lengthKenny Root2013-09-121-0/+1
| | | | | | | | | | EVP_DecryptFinal_ex can have an error on the wrong block length at the end of a decrypted block, so throw IllegalBlockSizeException when that happens instead of a RuntimeException. Bug: 10610957 Bug: https://code.google.com/p/android/issues/detail?id=58396 Change-Id: I70ea040c3b52fc30591963270850871a8cc581d3
* Merge "Conscrypt: remove dependence on stlport"Kenny Root2013-09-121-56/+32
|\
| * Conscrypt: remove dependence on stlportKenny Root2013-09-111-56/+32
| | | | | | | | | | | | | | This helps with unbundling of Conscrypt by not forcing the app to include a static version of stlport in their program. Change-Id: I5bd17213059b8ae4d8d86921d82b43465253a62f
* | Remove dependency on JNIHelp header side effects.Ruben Brunk2013-09-111-0/+1
|/ | | | | | | (cherrypick of cc5305a004afc334842a4afadca9530c2ea0c8ff.) Bug: 10680559 Change-Id: I49ad58dea61a0e558bebfbd76019e7e0730cab52
* Properly refcount X509 instancesKenny Root2013-09-111-6/+22
| | | | | | | | | | | | We were leaking X509 references from stacks before so we could get away with reusing references that should have been freed. Since we're properly tracking references now, we need to up the reference of things we're using. (cherry picked from commit 499f7cd642cc32f89f793fe356afbebeba8bf9c1) Bug: 10610037 Change-Id: I4a4beda9b635881c51194410a6da8274c3c1d429
* Return IvParameters in OpenSSLCipher#getParametersKenny Root2013-09-111-5/+44
| | | | | | | | | | | | | The getParameters() call was unimplemented in the OpenSSLCipher as an oversight. Add it so code relying on it will continue to work. Additionally add tests for getIV() and getParameters() to make sure they work correctly. (cherry picked from commit 8d59a14a150738b8b3a2a8c31d1a48b8ae0a3d0c) Bug: 10423926 Change-Id: I6bc7fc540509242dff9e5411f66f82be54691cb4
* Some cleanup while investigating test_SSLSocket_interruptBrian Carlstrom2013-09-101-53/+114
| | | | | Bug: 10681815 Change-Id: If9a76f4c55b578c6f135befebcc443ab9aef3073
* Delay SSLSocketImpl instantiation until neededKenny Root2013-09-104-5/+14
| | | | | | | | | | | Class preloading will create an instance of objects if they are in static fields, so put the ones we don't want instantiated into a holder class that is not preloaded. (cherry picked from commit da5b7116b58795b169961cbd63c2b21bac741d9a) Bug: 9984058 Change-Id: If8cb4280cbee79cd4d479fbf6a5297c8e5569b6c
* Use sk_FOO_pop_free instead of sk_FOO_freeKenny Root2013-09-101-4/+5
| | | | | | | | | | | | | The proper way to free a stack of owned "FOO" items is to use sk_FOO_pop_free since that will iterate through all the FOO instances in the stack and free them. Calling sk_FOO_free just frees the stack and not the items. (cherry picked from commit 64299318644c0c6b86992d414e68d0af236b52c5) Bug: 10610037 Bug: http://code.google.com/p/android/issues/detail?id=59536 Change-Id: I8af603b10219acb476666e77cc776b6936a19f8d
* Register Conscrypt as the AlgNameMapper sourceKenny Root2013-09-063-37/+58
| | | | | | | | | | | Conscrypt was moved out of libcore, so the call directly to NativeCrypto was removed as well. To break the dependency, introduce an interface that Conscrypt registers as to answer algorithm name to OID mapping queries and vice versa. (cherry picked from commit b6963ac272834ec5f791ecdc773d17cb156e23f0) Bug: 10310296
* Make sure ChannelID key is initializedKenny Root2013-09-061-0/+2
| | | | | | | | | | | This test used the test ChannelID key, but it didn't make sure it was initialized first. This made it appear sometimes depending on the order the tests were executed. (cherry picked from commit debfff83084b79b65c092cfe72ebea9d9a9548d6) Bug: 10210673 Change-Id: I5212e265611208ecb641a7d6b403985df603cb03
* Merge "Register Conscrypt as the AlgNameMapper source"Kenny Root2013-09-062-0/+37
|\
| * Register Conscrypt as the AlgNameMapper sourceKenny Root2013-09-062-0/+37
| | | | | | | | | | | | | | | | | | | | | | | | Conscrypt was moved out of libcore, so the call directly to NativeCrypto was removed as well. To break the dependency, introduce an interface that Conscrypt registers as to answer algorithm name to OID mapping queries and vice versa. (cherry picked from commit 6fcfb5a75dfb595ccbcf0a7a576ee7515fe2da32) Bug: 10310296 Change-Id: Ia9c802f1102df7209749a90d0ed3ed2831480b04
* | Merge "Call SSL_use_certificate before SSL_use_PrivateKey"Brian Carlstrom2013-09-061-3/+5
|\ \ | |/ |/|
| * Call SSL_use_certificate before SSL_use_PrivateKeyBrian Carlstrom2013-08-291-3/+5
| | | | | | | | | | Bug: https://code.google.com/p/android/issues/detail?id=54433 Change-Id: Icf39b98802e2c6128e79c44eaf2cabc7b4805cc5
* | Move conscrypt out libjavacore and split testsKenny Root2013-08-302-28/+6
|/ | | | | | | | | To make the situation with testing a little better and enable building core libraries totally independent of conscrypt, move the native registration to a JNI_OnLoad scheme. Also, since we want to separate the testing, make conscrypt build its own tests library. Change-Id: I9f2831839059c1c012ec7bdeab2f90b4e2f44bfd
* Fix BIO_OutputStream::write to return the correct length.Elliott Hughes2013-08-191-11/+27
| | | | | | | | | | | This was leaving bad OpenSSL error states lying around for later innocent calls to trip over. Also clean up some of the other error reporting/handling. Bug: 9822466 Bug: 10344304 Change-Id: I9e6d6fd9a6c5e466336217b47f45c211aff5555d
* Move libcore to C++11.Elliott Hughes2013-08-121-3/+2
| | | | Change-Id: I1942be8f7cef51265d53272f36a217e88bfede94
* If libcore wants ASCII casing, it needs to ask for it like everyone else.Elliott Hughes2013-08-021-2/+3
| | | | | | | http://elliotth.blogspot.com/2012/01/beware-convenience-methods.html Bug: https://code.google.com/p/android/issues/detail?id=58359 Change-Id: I597b2ac940f17b5b2bc176e390dc4b63fe0a4e72
* Fix libcore's NativeCode.mk so we actually compile with -Werror.Elliott Hughes2013-07-301-4/+5
| | | | Change-Id: Ib665ea7c6f54e43851bc04f0265e65218407c70f
* am 4c88ce8d: Merge "NativeCrypto: Add ALPN support"Kenny Root2013-06-264-93/+307
|\ | | | | | | | | * commit '4c88ce8dd817d164777adcdffca30b693e5d6eed': NativeCrypto: Add ALPN support
| * NativeCrypto: Add ALPN supportKenny Root2013-06-254-93/+307
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the ability to use Application-Layer Protocol Negotiation (ALPN) as both a client and a server. ALPN is essentially like Next Protocol Negotiation (NPN) but negotiation is done in the clear. This allows the use of other protocols on the same port (e.g., SPDY instead of HTTP on port 80). Although previously clients using NPN were able to use cut-through, the new ALPN API does not provide for a way for a client to enable that during a callback. So the only difference is that NPN clients can enable SSL False Start while ALPN clients cannot currently. Change-Id: I42ff70f3711e9cccaf754d189f76eeaa9db5f981
* | am aa1e1d6d: Merge "NativeCrypto: handle X.509 serial number 0"Kenny Root2013-06-051-3/+2
|\ \ | |/ | | | | | | * commit 'aa1e1d6d989c7a659659f4fd20387cf67f11f64a': NativeCrypto: handle X.509 serial number 0
| * NativeCrypto: handle X.509 serial number 0Kenny Root2013-06-051-3/+2
| | | | | | | | | | | | | | | | | | | | There is no need to try to convert numbers that are of zero length because they'll be zero anyway. Returning NULL in this instance caused a crash in X.509 code since it immediately tried to pass it to BigInteger which through a NullPointerException. Bug: 9297758 Change-Id: I719ca7b8f086937ee25094bfe981987def855744
* | am 940f8573: Merge "NativeCrypto: free error state on client_cb"Kenny Root2013-06-051-0/+5
|\ \ | |/ | | | | | | * commit '940f85738c2f1326317458f11f8d6b9880adfe42': NativeCrypto: free error state on client_cb
| * NativeCrypto: free error state on client_cbKenny Root2013-06-051-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | On a call to SSL_get_certificate() there appears to be one path that will set an error code (SSL_aANON) and returns NULL. This client_cb wasn't expecting NULL to be an error. To avoid the error from lingering and showing up in later tests, clear it so the later tests have more accurate errors. Bug: 9198763 Change-Id: I229c06fce042436a8545812c1d48c1210408d57e
* | am 40630ebf: Merge "NativeCrypto: check that npnProtocols != NULL"Kenny Root2013-05-291-14/+19
|\ \ | |/ | | | | | | * commit '40630ebf13e02c9ce1121584c84b3c2e4251a822': NativeCrypto: check that npnProtocols != NULL
| * Merge "NativeCrypto: check that npnProtocols != NULL"Kenny Root2013-05-291-14/+19
| |\
| | * NativeCrypto: check that npnProtocols != NULLKenny Root2013-05-291-14/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There appears to be a path where an application can not specify which NPN protocols it supports but can request that it is negotiated. Match the advertise method by checking that we have NPN methods set before using them in a call back to OpenSSL. Bug: 9186885 Change-Id: I1f35d45709f264d6e2f0c7fef316cb6d93db4ed1
* | | am c741f147: Merge "NativeCrypto: change debug format string to "%.*s""Kenny Root2013-05-291-2/+2
|\ \ \ | |/ / | | | | | | | | | * commit 'c741f1470f61f0d436d159edfc673d270b89857e': NativeCrypto: change debug format string to "%.*s"
| * | NativeCrypto: change debug format string to "%.*s"Kenny Root2013-05-291-2/+2
| |/ | | | | | | | | | | | | This ensures the string stops at the right place instead of running off the end of the buffer. This still doesn't help much for binary data. Change-Id: Ia56b07a586d8f55ebb0d4237f6d598b307f065fe
* | am 9fe691c8: Merge "NativeCrypto: add debug option for SSL streams"Kenny Root2013-05-281-0/+78
|\ \ | |/ | | | | | | * commit '9fe691c826e252e18eab41a1b1890e4d056d7715': NativeCrypto: add debug option for SSL streams
| * NativeCrypto: add debug option for SSL streamsKenny Root2013-05-281-0/+78
| | | | | | | | | | | | | | | | | | | | Print out the key in format suitable for Wireshark decrypting. To use this, see the comments next to the newly-defined flags. Wireshark 1.6 that comes with Ubuntu seems to be broken. Wireshark 1.8 works. Change-Id: Ifd6d75f03f76068085cec0620b465793c2d60587
* | am 99e1ae90: Merge "NativeCrypto: Fix a lot of random doc bugs"Kenny Root2013-05-0825-69/+37
|\ \ | |/ | | | | | | * commit '99e1ae90e2bbdaca696da6d6052de90cf74824dc': NativeCrypto: Fix a lot of random doc bugs
| * Merge "NativeCrypto: Fix a lot of random doc bugs"Kenny Root2013-05-0725-69/+37
| |\
| | * NativeCrypto: Fix a lot of random doc bugsKenny Root2013-05-0725-69/+37
| | | | | | | | | | | | | | | | | | | | | | | | Remove lots of empty javadoc tags that were unused or invalid. Remove some unused imports. Mark a few input streams as intentionally unclosed. Change-Id: I04d8642abd2b0f2e9be02e227658a1b9bd192d24
* | | am 4ffab68b: Merge "NativeCrypto: use strings instead of loading class"Kenny Root2013-05-081-65/+63
|\ \ \ | |/ / | | | | | | | | | * commit '4ffab68b792acd6c5374414858f9a845b0796ca1': NativeCrypto: use strings instead of loading class
| * | Merge "NativeCrypto: use strings instead of loading class"Kenny Root2013-05-071-65/+63
| |\ \
| | * | NativeCrypto: use strings instead of loading classKenny Root2013-05-071-65/+63
| | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using the Foo.class.getName() forces the class to be loaded when it's not necessarily ever used. Using a String for the class's name instead allows the class to be loaded lazily. All the classes used to appear in preloaded-classes when it wasn't ever really used in practice. Change-Id: I9f2acf60bed25f5c9b162c62023aef42e7859cf4
* | | am 30abb655: Merge "NativeCrypto: make our own X.509 key class"Kenny Root2013-05-082-2/+87
|\ \ \ | |/ / | | | | | | | | | * commit '30abb655066afb5eeaebb874efd7cb10ae4013ff': NativeCrypto: make our own X.509 key class
| * | Merge "NativeCrypto: make our own X.509 key class"Kenny Root2013-05-072-2/+87
| |\ \ | | |/ | |/|
generated by cgit v1.1 at 2025-08-18 03:34:55 +0000