Revert "Merge upstream master"
This reverts commit 68b4c5642bcbd1aa147f57acb9229873ca74159b.
Change-Id: I9cfab89bccbf813786d142cdeb27a16ed301a575
diff --git a/release/Dockerfile b/Dockerfile
similarity index 98%
rename from release/Dockerfile
rename to Dockerfile
index 17072c7..bc22fd8 100644
--- a/release/Dockerfile
+++ b/Dockerfile
@@ -22,8 +22,6 @@
RUN yum install -y epel-release
RUN yum install -y clang
-RUN yum update -y nss
-
# Install Java 8
RUN wget -q --no-cookies --no-check-certificate \
--header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" \
diff --git a/README.md b/README.md
index 4fa3e17..54f79fb 100644
--- a/README.md
+++ b/README.md
@@ -66,7 +66,7 @@
<dependency>
<groupId>org.conscrypt</groupId>
<artifactId>conscrypt-openjdk</artifactId>
- <version>1.1.0</version>
+ <version>1.0.1</version>
<classifier>${os.detected.classifier}</classifier>
</dependency>
```
@@ -89,7 +89,7 @@
apply plugin: "com.google.osdetector"
dependencies {
- compile 'org.conscrypt:conscrypt-openjdk:1.1.0:' + osdetector.classifier
+ compile 'org.conscrypt:conscrypt-openjdk:1.0.1:' + osdetector.classifier
}
```
@@ -107,14 +107,14 @@
<dependency>
<groupId>org.conscrypt</groupId>
<artifactId>conscrypt-openjdk-uber</artifactId>
- <version>1.1.0</version>
+ <version>1.0.1</version>
</dependency>
```
###### Gradle
```gradle
dependencies {
- compile 'org.conscrypt:conscrypt-openjdk-uber:1.1.0'
+ compile 'org.conscrypt:conscrypt-openjdk-uber:1.0.1'
}
```
diff --git a/release/README.md b/RELEASING.md
similarity index 95%
rename from release/README.md
rename to RELEASING.md
index 0af1239..ad0ade4 100644
--- a/release/README.md
+++ b/RELEASING.md
@@ -69,7 +69,7 @@
### Create the release branch
-We use a branch named `<major>.<minor>.x` for all releases in a series.
+We use a branch named `v<major>.<minor>.x` for all releases in a series.
Create the branch and push it to GitHub:
@@ -78,11 +78,6 @@
$ git push upstream 1.0.x
```
-### Set the branch protection settings
-
-In the GitHub UI, go to Settings -> Branches and mark the new branch as
-protected, with administrators included and restrict pushes to administrators.
-
### Update the master version
Update the master branch's version to the next minor snapshot.
@@ -132,7 +127,7 @@
1. From the conscrypt source directory:
```bash
- $ docker build -t conscrypt-deploy release
+ $ docker build -t conscrypt-deploy .
```
1. Start a Docker container that has the deploy environment set up for you. The
Conscrypt source is cloned into `/conscrypt`.
diff --git a/build.gradle b/build.gradle
index 460e966..b975684 100644
--- a/build.gradle
+++ b/build.gradle
@@ -46,7 +46,7 @@
group = "org.conscrypt"
description = 'Conscrypt is an alternate Java Security Provider that uses BoringSSL'
- version = "1.2.0-SNAPSHOT"
+ version = "1.1.0-SNAPSHOT"
ext {
os = org.gradle.internal.os.OperatingSystem.current();
@@ -60,21 +60,11 @@
throw new GradleException("Unsupported os: " + os.name)
}
- if (project.hasProperty("boringsslHome")) {
- boringsslHome = project.property("boringsslHome")
- } else {
- boringsslHome = "$System.env.BORINGSSL_HOME"
- }
-
+ boringsslHome = "$System.env.BORINGSSL_HOME"
boringsslIncludeDir = normalizePath("$boringsslHome/include")
boringssl32BuildDir = normalizePath("$boringsslHome/build32")
boringssl64BuildDir = normalizePath("$boringsslHome/build64")
-
- if (project.hasProperty("jdkHome")) {
- jdkHome = project.property("jdkHome")
- } else {
- jdkHome = "$System.env.JAVA_HOME"
- }
+ jdkHome = "$System.env.JAVA_HOME"
jdkIncludeDir = normalizePath("$jdkHome/include")
// Needs to be binary compatible with androidMinSdkVersion
androidMinJavaVersion = JavaVersion.VERSION_1_7
diff --git a/common/src/jni/main/cpp/conscrypt/jniload.cc b/common/src/jni/main/cpp/conscrypt/jniload.cc
index c06cac3..b43066c 100644
--- a/common/src/jni/main/cpp/conscrypt/jniload.cc
+++ b/common/src/jni/main/cpp/conscrypt/jniload.cc
@@ -18,8 +18,8 @@
#include <conscrypt/compatibility_close_monitor.h>
#include <conscrypt/jniutil.h>
-#include <conscrypt/logging.h>
#include <conscrypt/native_crypto.h>
+#include <conscrypt/macros.h>
#ifndef CONSCRYPT_JNI_VERSION
#define CONSCRYPT_JNI_VERSION JNI_VERSION_1_6
@@ -32,7 +32,7 @@
jint libconscrypt_JNI_OnLoad(JavaVM* vm, void*) {
JNIEnv* env;
if (vm->GetEnv(reinterpret_cast<void**>(&env), CONSCRYPT_JNI_VERSION) != JNI_OK) {
- CONSCRYPT_LOG_ERROR("Could not get JNIEnv");
+ ALOGE("Could not get JNIEnv");
return JNI_ERR;
}
diff --git a/common/src/jni/main/cpp/conscrypt/jniutil.cc b/common/src/jni/main/cpp/conscrypt/jniutil.cc
index 9bf1ba1..ab9d1f1 100644
--- a/common/src/jni/main/cpp/conscrypt/jniutil.cc
+++ b/common/src/jni/main/cpp/conscrypt/jniutil.cc
@@ -80,7 +80,7 @@
void jniRegisterNativeMethods(JNIEnv* env, const char* className, const JNINativeMethod* gMethods,
int numMethods) {
- CONSCRYPT_LOG_VERBOSE("Registering %s's %d native methods...", className, numMethods);
+ ALOGV("Registering %s's %d native methods...", className, numMethods);
ScopedLocalRef<jclass> c(env, env->FindClass(className));
if (c.get() == nullptr) {
@@ -126,13 +126,13 @@
jclass exceptionClass = env->FindClass(className);
if (exceptionClass == nullptr) {
- CONSCRYPT_LOG_ERROR("Unable to find exception class %s", className);
+ ALOGD("Unable to find exception class %s", className);
/* ClassNotFoundException now pending */
return -1;
}
if (env->ThrowNew(exceptionClass, msg) != JNI_OK) {
- CONSCRYPT_LOG_ERROR("Failed throwing '%s' '%s'", className, msg);
+ ALOGD("Failed throwing '%s' '%s'", className, msg);
/* an exception, most likely OOM, will now be pending */
return -1;
}
@@ -449,7 +449,7 @@
if (asprintf(&str, "%s: ssl=%p: %s", message, ssl, sslErrorStr) <= 0) {
// problem with asprintf, just throw argument message, log everything
int ret = actualThrow(env, message);
- CONSCRYPT_LOG_VERBOSE("%s: ssl=%p: %s", message, ssl, sslErrorStr);
+ ALOGV("%s: ssl=%p: %s", message, ssl, sslErrorStr);
ERR_clear_error();
return ret;
}
@@ -505,7 +505,7 @@
ret = actualThrow(env, allocStr);
}
- CONSCRYPT_LOG_VERBOSE("%s", allocStr);
+ ALOGV("%s", allocStr);
free(allocStr);
ERR_clear_error();
return ret;
diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
index 5576340..f0d4d90 100644
--- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc
+++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
@@ -22,7 +22,6 @@
#include <conscrypt/compat.h>
#include <conscrypt/compatibility_close_monitor.h>
#include <conscrypt/jniutil.h>
-#include <conscrypt/logging.h>
#include <conscrypt/macros.h>
#include <conscrypt/native_crypto.h>
#include <conscrypt/netutil.h>
@@ -551,7 +550,7 @@
"rawSignDigestWithPrivateKey",
"(Ljava/security/PrivateKey;[B)[B");
if (rawSignMethod == nullptr) {
- CONSCRYPT_LOG_ERROR("Could not find rawSignDigestWithPrivateKey");
+ ALOGE("Could not find rawSignDigestWithPrivateKey");
return nullptr;
}
@@ -586,7 +585,7 @@
env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass,
"rsaDecryptWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B");
if (rsaDecryptMethod == nullptr) {
- CONSCRYPT_LOG_ERROR("Could not find rsaDecryptWithPrivateKey");
+ ALOGE("Could not find rsaDecryptWithPrivateKey");
return nullptr;
}
@@ -776,7 +775,7 @@
// Retrieve private key JNI reference.
jobject private_key = EcKeyGetKey(ec_key);
if (!private_key) {
- CONSCRYPT_LOG_ERROR("Null JNI reference passed to EcdsaMethodSign!");
+ ALOGE("Null JNI reference passed to EcdsaMethodSign!");
return 0;
}
@@ -790,7 +789,7 @@
env, rawSignDigestWithPrivateKey(env, private_key,
reinterpret_cast<const char*>(digest), digest_len));
if (signature.get() == nullptr) {
- CONSCRYPT_LOG_ERROR("Could not sign message in EcdsaMethodDoSign!");
+ ALOGE("Could not sign message in EcdsaMethodDoSign!");
return 0;
}
@@ -799,7 +798,7 @@
// ECDSA_size().
size_t max_expected_size = ECDSA_size(ec_key);
if (signatureBytes.size() > max_expected_size) {
- CONSCRYPT_LOG_ERROR("ECDSA Signature size mismatch, actual: %zd, expected <= %zd", signatureBytes.size(),
+ ALOGE("ECDSA Signature size mismatch, actual: %zd, expected <= %zd", signatureBytes.size(),
max_expected_size);
return 0;
}
@@ -6053,7 +6052,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in cert_verify_callback");
+ ALOGE("AppData->env missing in cert_verify_callback");
JNI_TRACE("ssl=%p cert_verify_callback => 0", ssl);
return ssl_verify_invalid;
}
@@ -6105,7 +6104,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in info_callback");
+ ALOGE("AppData->env missing in info_callback");
JNI_TRACE("ssl=%p info_callback env error", ssl);
return;
}
@@ -6148,7 +6147,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in cert_cb");
+ ALOGE("AppData->env missing in cert_cb");
JNI_TRACE("ssl=%p cert_cb env error => 0", ssl);
return 0;
}
@@ -6210,7 +6209,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in psk_client_callback");
+ ALOGE("AppData->env missing in psk_client_callback");
JNI_TRACE("ssl=%p psk_client_callback env error", ssl);
return 0;
}
@@ -6278,7 +6277,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in psk_server_callback");
+ ALOGE("AppData->env missing in psk_server_callback");
JNI_TRACE("ssl=%p psk_server_callback env error", ssl);
return 0;
}
@@ -6332,7 +6331,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in new_session_callback");
+ ALOGE("AppData->env missing in new_session_callback");
JNI_TRACE("ssl=%p new_session_callback env error", ssl);
return 0;
}
@@ -6368,7 +6367,7 @@
AppData* appData = toAppData(ssl);
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in server_session_requested_callback");
+ ALOGE("AppData->env missing in server_session_requested_callback");
JNI_TRACE("ssl=%p server_session_requested_callback env error", ssl);
return 0;
}
@@ -6418,13 +6417,13 @@
struct timeval tv;
if (gettimeofday(&tv, NULL)) {
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", "debug_print_packet_data: could not get time of day");
+ ALOG(LOG_INFO, LOG_TAG "-jni", "debug_print_packet_data: could not get time of day");
return;
}
// Packet preamble for text2pcap
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %c %ld.%06ld", ssl, direction, tv.tv_sec,
- static_cast<long>(tv.tv_usec));
+ ALOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %c %ld.%06ld", ssl, direction, tv.tv_sec,
+ tv.tv_usec);
char out[kDataWidth * 3 + 1];
for (size_t i = 0; i < len; i += kDataWidth) {
@@ -6433,17 +6432,17 @@
for (size_t j = 0, offset = 0; j < n; j++, offset += 3) {
int ret = snprintf(out + offset, sizeof(out) - offset, "%02x ", data[i + j] & 0xFF);
if (ret < 0 || static_cast<size_t>(ret) >= sizeof(out) - offset) {
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", "debug_print_packet_data failed to output %d", ret);
+ ALOG(LOG_INFO, LOG_TAG "-jni", "debug_print_packet_data failed to output %d", ret);
return;
}
}
// Print out packet data in format understood by text2pcap
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %06zx %s", ssl, i, out);
+ ALOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %06zx %s", ssl, i, out);
}
// Conclude the packet data
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %06zx", ssl, len);
+ ALOG(LOG_INFO, LOG_TAG "-jni", "ssl=%p SSL_DATA: %06zx", ssl, len);
}
/*
@@ -6644,7 +6643,7 @@
// NOLINTNEXTLINE(runtime/int)
long ret = SSL_enable_tls_channel_id(ssl);
if (ret != 1L) {
- CONSCRYPT_LOG_ERROR("%s", ERR_error_string(ERR_peek_error(), nullptr));
+ ALOGE("%s", ERR_error_string(ERR_peek_error(), nullptr));
conscrypt::jniutil::throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE,
"Error enabling Channel ID");
JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_tls_channel_id => error", ssl);
@@ -6679,7 +6678,7 @@
JNI_TRACE("NativeCrypto_SSL_get_tls_channel_id(%p) => not available", ssl);
return nullptr;
} else if (ret != 64) {
- CONSCRYPT_LOG_ERROR("%s", ERR_error_string(ERR_peek_error(), nullptr));
+ ALOGE("%s", ERR_error_string(ERR_peek_error(), nullptr));
conscrypt::jniutil::throwSSLExceptionWithSslErrors(env, ssl, SSL_ERROR_NONE,
"Error getting Channel ID");
JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_channel_id => error, returned %zd", ssl, ret);
@@ -6709,7 +6708,7 @@
long ret = SSL_set1_tls_channel_id(ssl, pkey);
if (ret != 1L) {
- CONSCRYPT_LOG_ERROR("%s", ERR_error_string(ERR_peek_error(), nullptr));
+ ALOGE("%s", ERR_error_string(ERR_peek_error(), nullptr));
conscrypt::jniutil::throwSSLExceptionWithSslErrors(
env, ssl, SSL_ERROR_NONE, "Error setting private key for Channel ID");
JNI_TRACE("ssl=%p SSL_set1_tls_channel_id => error", ssl);
@@ -7550,7 +7549,7 @@
}
JNIEnv* env = appData->env;
if (env == nullptr) {
- CONSCRYPT_LOG_ERROR("AppData->env missing in alpn_select_callback");
+ ALOGE("AppData->env missing in alpn_select_callback");
JNI_TRACE("ssl=%p alpn_select_callback => 0", ssl);
return SSL_TLSEXT_ERR_NOACK;
}
@@ -7790,7 +7789,7 @@
return;
}
} else {
- // CONSCRYPT_LOG_ERROR("Unknown error %d during handshake", error);
+ // ALOGE("Unknown error %d during handshake", error);
break;
}
}
@@ -7868,7 +7867,7 @@
return nullptr;
}
- const STACK_OF(CRYPTO_BUFFER)* chain = SSL_get0_peer_certificates(ssl);
+ STACK_OF(CRYPTO_BUFFER)* chain = SSL_get0_peer_certificates(ssl);
if (chain == nullptr) {
return nullptr;
}
@@ -8706,14 +8705,7 @@
if (ssl_session == nullptr) {
return nullptr;
}
-#if BORINGSSL_API_VERSION < 8
- // TODO(davidben): Remove this ifdef once
- // https://boringssl.googlesource.com/boringssl/+/b8b1a9d8de02c5b8ba7151a70c140a91877e9f6d
- // has propagated to all Conscrypt downstreams.
const SSL_CIPHER* cipher = ssl_session->cipher;
-#else
- const SSL_CIPHER* cipher = SSL_SESSION_get0_cipher(ssl_session);
-#endif
const char* name = SSL_CIPHER_standard_name(cipher);
JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_cipher => %s", ssl_session, name);
return env->NewStringUTF(name);
diff --git a/common/src/jni/main/include/conscrypt/app_data.h b/common/src/jni/main/include/conscrypt/app_data.h
index 557eccc..fb3026b 100644
--- a/common/src/jni/main/include/conscrypt/app_data.h
+++ b/common/src/jni/main/include/conscrypt/app_data.h
@@ -132,11 +132,11 @@
appData.get()->interruptEvent = interruptEvent;
#else
if (pipe(appData.get()->fdsEmergency) == -1) {
- CONSCRYPT_LOG_ERROR("AppData::create pipe(2) failed: %s", strerror(errno));
+ ALOGE("AppData::create pipe(2) failed: %s", strerror(errno));
return nullptr;
}
if (!netutil::setBlocking(appData.get()->fdsEmergency[0], false)) {
- CONSCRYPT_LOG_ERROR("AppData::create fcntl(2) failed: %s", strerror(errno));
+ ALOGE("AppData::create fcntl(2) failed: %s", strerror(errno));
return nullptr;
}
#endif
diff --git a/common/src/jni/main/include/conscrypt/jniutil.h b/common/src/jni/main/include/conscrypt/jniutil.h
index d979091..92e3ea7 100644
--- a/common/src/jni/main/include/conscrypt/jniutil.h
+++ b/common/src/jni/main/include/conscrypt/jniutil.h
@@ -20,7 +20,6 @@
#include <jni.h>
#include <openssl/ssl.h>
-#include <conscrypt/logging.h>
#include <conscrypt/macros.h>
#include <nativehelper/ScopedLocalRef.h>
@@ -67,7 +66,7 @@
int ret = gJavaVM->AttachCurrentThread(reinterpret_cast<void**>(&env), nullptr);
#endif
if (ret < 0) {
- CONSCRYPT_LOG_ERROR("Could not attach JavaVM to find current JNIEnv");
+ ALOGE("Could not attach JavaVM to find current JNIEnv");
return nullptr;
}
return env;
@@ -84,7 +83,7 @@
ScopedLocalRef<jclass> localClass(env, env->FindClass(className));
jclass globalRef = reinterpret_cast<jclass>(env->NewGlobalRef(localClass.get()));
if (globalRef == nullptr) {
- CONSCRYPT_LOG_ERROR("failed to find class %s", className);
+ ALOGE("failed to find class %s", className);
abort();
}
return globalRef;
@@ -93,7 +92,7 @@
inline jmethodID getMethodRef(JNIEnv* env, jclass clazz, const char* name, const char* sig) {
jmethodID localMethod = env->GetMethodID(clazz, name, sig);
if (localMethod == nullptr) {
- CONSCRYPT_LOG_ERROR("could not find method %s", name);
+ ALOGE("could not find method %s", name);
abort();
}
return localMethod;
@@ -102,7 +101,7 @@
inline jfieldID getFieldRef(JNIEnv* env, jclass clazz, const char* name, const char* sig) {
jfieldID localField = env->GetFieldID(clazz, name, sig);
if (localField == nullptr) {
- CONSCRYPT_LOG_ERROR("could not find field %s", name);
+ ALOGE("could not find field %s", name);
abort();
}
return localField;
@@ -112,7 +111,7 @@
ScopedLocalRef<jclass> localClass(env, env->FindClass(name));
jclass result = reinterpret_cast<jclass>(env->NewGlobalRef(localClass.get()));
if (result == nullptr) {
- CONSCRYPT_LOG_ERROR("failed to find class '%s'", name);
+ ALOGE("failed to find class '%s'", name);
abort();
}
return result;
diff --git a/common/src/jni/main/include/conscrypt/logging.h b/common/src/jni/main/include/conscrypt/logging.h
deleted file mode 100644
index be1b373..0000000
--- a/common/src/jni/main/include/conscrypt/logging.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef CONSCRYPT_LOGGING_H_
-#define CONSCRYPT_LOGGING_H_
-
-#include <conscrypt/macros.h>
-
-#define LOG_TAG "NativeCrypto"
-
-#ifndef CONSCRYPT_UNBUNDLED
-
-#include <log/log.h>
-
-#define CONSCRYPT_LOG(priority, tag, ...) ALOG(priority, tag, __VA_ARGS__)
-#define CONSCRYPT_LOG_ERROR(...) ALOG(LOG_ERROR, LOG_TAG, __VA_ARGS__)
-#define CONSCRYPT_LOG_INFO(...) ALOG(LOG_INFO, LOG_TAG, __VA_ARGS__)
-#if LOG_NDEBUG
-#define CONSCRYPT_LOG_VERBOSE(...) ((void)0)
-#else
-#define CONSCRYPT_LOG_VERBOSE(...) ALOG(LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
-#endif // LOG_DEBUG
-
-#elif defined(ANDROID) && !defined(CONSCRYPT_OPENJDK) // !CONSCRYPT_UNBUNDLED
-
-#include <android/log.h>
-#ifndef ALOG
-#define ALOG(priority, tag, ...) __android_log_print(ANDROID_##priority, tag, __VA_ARGS__)
-#endif
-
-#define CONSCRYPT_LOG(priority, tag, ...) ALOG(priority, tag, __VA_ARGS__)
-#define CONSCRYPT_LOG_ERROR(...) ALOG(LOG_ERROR, LOG_TAG, __VA_ARGS__)
-#define CONSCRYPT_LOG_INFO(...) ALOG(LOG_INFO, LOG_TAG, __VA_ARGS__)
-#if LOG_NDEBUG
-#define CONSCRYPT_LOG_VERBOSE(...) ((void)0)
-#else
-#define CONSCRYPT_LOG_VERBOSE(...) ALOG(LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
-#endif
-
-#else // !ANDROID
-
-// LOG_NDEBUG is an Android property that turns off verbose logging
-#ifndef LOG_NDEBUG
-#define LOG_NDEBUG 1
-#endif
-
-#include <stdio.h>
-
-#define CONSCRYPT_LOG(priority, tag, ...) CONSCRYPT_##priority(__VA_ARGS__)
-
-#define CONSCRYPT_LOG_ERROR(...) { \
- fprintf(stderr, __VA_ARGS__); \
- fprintf(stderr, "\n"); \
-}
-#define CONSCRYPT_LOG_INFO(...) { \
- fprintf(stderr, __VA_ARGS__); \
- fprintf(stderr, "\n"); \
-}
-#if LOG_NDEBUG
-#define CONSCRYPT_LOG_VERBOSE(...) ((void)0)
-#else
-#define CONSCRYPT_LOG_VERBOSE(...) { \
- fprintf(stderr, __VA_ARGS__); \
- fprintf(stderr, "\n"); \
-}
-#endif // LOG_NDEBUG
-
-#endif // !ANDROID
-
-#endif // CONSCRYPT_LOGGING_H_
diff --git a/common/src/jni/main/include/conscrypt/macros.h b/common/src/jni/main/include/conscrypt/macros.h
index c7330ea..fceb258 100644
--- a/common/src/jni/main/include/conscrypt/macros.h
+++ b/common/src/jni/main/include/conscrypt/macros.h
@@ -139,4 +139,79 @@
((chunk_offset) < 0 || (chunk_offset) > static_cast<ssize_t>(array_len) || (chunk_len) < 0 || \
(chunk_len) > static_cast<ssize_t>(array_len) - (chunk_offset))
+// Define logging macros...
+
+#define LOG_TAG "NativeCrypto"
+
+#ifndef CONSCRYPT_UNBUNDLED
+
+#include <log/log.h>
+
+#elif defined(ANDROID) && !defined(CONSCRYPT_OPENJDK)
+
+#include <android/log.h>
+#ifndef ALOG
+#define ALOG(priority, tag, ...) __android_log_print(ANDROID_##priority, tag, __VA_ARGS__)
+#endif
+#ifndef ALOGD
+#define ALOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
+#endif
+#ifndef ALOGE
+#define ALOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
+#endif
+
+#ifndef __ALOGV
+#define __ALOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
+#endif
+#ifndef ALOGV
+#if LOG_NDEBUG
+#define ALOGV(...) \
+ do { \
+ if (0) { \
+ __ALOGV(__VA_ARGS__); \
+ } \
+ } while (0)
+#else
+#define ALOGV(...) __ALOGV(__VA_ARGS__)
+#endif
+#endif
+
+#else // !ANDROID
+
+#define LOG_INFO ((void)0)
+
+#define ALOG(...) VA_ARGS_UNUSED(__VA_ARGS__)
+#define ALOGD(...) VA_ARGS_UNUSED(__VA_ARGS__)
+#define ALOGE(...) VA_ARGS_UNUSED(__VA_ARGS__)
+#define ALOGV(...) VA_ARGS_UNUSED(__VA_ARGS__)
+
+#define UNUSED_1(a) ((void)(a))
+#define UNUSED_2(a, b) ((void)(a)), UNUSED_1(b)
+#define UNUSED_3(a, b, c) ((void)(a)), UNUSED_2(b, c)
+#define UNUSED_4(a, b, c, d) ((void)(a)), UNUSED_3(b, c, d)
+#define UNUSED_5(a, b, c, d, e) ((void)(a)), UNUSED_4(b, c, d, e)
+#define UNUSED_6(a, b, c, d, e, f) ((void)(a)), UNUSED_5(b, c, d, e, f)
+#define UNUSED_7(a, b, c, d, e, f, g) ((void)(a)), UNUSED_6(b, c, d, e, f, g)
+#define UNUSED_8(a, b, c, d, e, f, g, h) ((void)(a)), UNUSED_7(b, c, d, e, f, g, h)
+#define UNUSED_9(a, b, c, d, e, f, g, h, i) ((void)(a)), UNUSED_8(b, c, d, e, f, g, h, i)
+#define UNUSED_10(a, b, c, d, e, f, g, h, i, j) ((void)(a)), UNUSED_9(b, c, d, e, f, g, h, i, j)
+#define UNUSED_11(a, b, c, d, e, f, g, h, i, j, k) \
+ ((void)(a)), UNUSED_10(b, c, d, e, f, g, h, i, j, k)
+#define UNUSED_12(a, b, c, d, e, f, g, h, i, j, k, l) \
+ ((void)(a)), UNUSED_11(b, c, d, e, f, g, h, i, j, k, l)
+#define UNUSED_13(a, b, c, d, e, f, g, h, i, j, k, l, m) \
+ ((void)(a)), UNUSED_12(b, c, d, e, f, g, h, i, j, k, l, m)
+#define UNUSED_14(a, b, c, d, e, f, g, h, i, j, k, l, m, n) \
+ ((void)(a)), UNUSED_13(b, c, d, e, f, g, h, i, j, k, l, m, n)
+
+#define VA_ARGS_UNUSED_IMPL_(num) UNUSED_##num
+#define VA_ARGS_UNUSED_IMPL(num) VA_ARGS_UNUSED_IMPL_(num)
+
+#define VA_NARGS_IMPL(_1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, _13, _14, N, ...) N
+#define VA_NARGS(...) VA_NARGS_IMPL(__VA_ARGS__, 14, 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, 1)
+
+#define VA_ARGS_UNUSED(...) VA_ARGS_UNUSED_IMPL(VA_NARGS(__VA_ARGS__))(__VA_ARGS__)
+
+#endif // !ANDROID
+
#endif // CONSCRYPT_MACROS_H_
diff --git a/common/src/jni/main/include/conscrypt/trace.h b/common/src/jni/main/include/conscrypt/trace.h
index 766214b..1a0f790 100644
--- a/common/src/jni/main/include/conscrypt/trace.h
+++ b/common/src/jni/main/include/conscrypt/trace.h
@@ -19,7 +19,7 @@
#include <stdio.h>
#include <cstddef>
-#include <conscrypt/logging.h>
+#include <conscrypt/macros.h>
namespace conscrypt {
namespace trace {
@@ -65,18 +65,41 @@
} // namespace trace
} // namespace conscrypt
-#define JNI_TRACE(...) \
- if (conscrypt::trace::kWithJniTrace) { \
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
+#ifdef ANDROID
+
+#define JNI_TRACE(...) \
+ if (conscrypt::trace::kWithJniTrace) { \
+ ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
}
-#define JNI_TRACE_MD(...) \
- if (conscrypt::trace::kWithJniTraceMd) { \
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
+#define JNI_TRACE_MD(...) \
+ if (conscrypt::trace::kWithJniTraceMd) { \
+ ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
}
-#define JNI_TRACE_KEYS(...) \
- if (conscrypt::trace::kWithJniTraceKeys) { \
- CONSCRYPT_LOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
+#define JNI_TRACE_KEYS(...) \
+ if (conscrypt::trace::kWithJniTraceKeys) { \
+ ALOG(LOG_INFO, LOG_TAG "-jni", __VA_ARGS__); \
}
+
+#else
+
+#define JNI_TRACE(...) \
+ if (conscrypt::trace::kWithJniTrace) { \
+ printf(__VA_ARGS__); \
+ printf("\n"); \
+ }
+#define JNI_TRACE_MD(...) \
+ if (conscrypt::trace::kWithJniTraceMd) { \
+ printf(__VA_ARGS__); \
+ printf("\n"); \
+ }
+#define JNI_TRACE_KEYS(...) \
+ if (conscrypt::trace::kWithJniTraceKeys) { \
+ printf(__VA_ARGS__); \
+ printf("\n"); \
+ }
+
+#endif // ANDROID
+
#define JNI_TRACE_PACKET_DATA(ssl, dir, data, len) \
if (conscrypt::trace::kWithJniTracePackets) { \
debug_print_packet_data(ssl, dir, data, len); \
diff --git a/common/src/main/java/org/conscrypt/AddressUtils.java b/common/src/main/java/org/conscrypt/AddressUtils.java
index f480884..a363411 100644
--- a/common/src/main/java/org/conscrypt/AddressUtils.java
+++ b/common/src/main/java/org/conscrypt/AddressUtils.java
@@ -40,12 +40,9 @@
return false;
}
- // Must be a FQDN that does not have a trailing dot.
- return (sniHostname.equalsIgnoreCase("localhost")
- || sniHostname.indexOf('.') != -1)
- && !Platform.isLiteralIpAddress(sniHostname)
- && !sniHostname.endsWith(".")
- && sniHostname.indexOf('\0') == -1;
+ // Must be a FQDN.
+ return sniHostname.indexOf('.') != -1 && !Platform.isLiteralIpAddress(sniHostname);
+
}
/**
diff --git a/common/src/main/java/org/conscrypt/Conscrypt.java b/common/src/main/java/org/conscrypt/Conscrypt.java
index f044213..ddd89aa 100644
--- a/common/src/main/java/org/conscrypt/Conscrypt.java
+++ b/common/src/main/java/org/conscrypt/Conscrypt.java
@@ -214,7 +214,6 @@
*
* @param socket the socket
* @param hostname the desired SNI hostname, or null to disable
- * @throws IllegalArgumentException if the supplied hostname is not a valid SNI hostname.
*/
public static void setHostname(SSLSocket socket, String hostname) {
toConscrypt(socket).setHostname(hostname);
diff --git a/common/src/main/java/org/conscrypt/ConscryptEngine.java b/common/src/main/java/org/conscrypt/ConscryptEngine.java
index 7f9200f..b332934 100644
--- a/common/src/main/java/org/conscrypt/ConscryptEngine.java
+++ b/common/src/main/java/org/conscrypt/ConscryptEngine.java
@@ -362,14 +362,9 @@
/**
* This method enables Server Name Indication (SNI) and overrides the {@link PeerInfoProvider}
* supplied during engine creation.
- *
- * @throws IllegalArgumentException if the supplied hostname is not a valid SNI hostname.
*/
@Override
void setHostname(String hostname) {
- if ((hostname != null) && !AddressUtils.isValidSniHostname(hostname)) {
- throw new IllegalArgumentException("Invalid SNI hostname: " + hostname);
- }
sslParameters.setUseSni(hostname != null);
this.peerHostname = hostname;
}
diff --git a/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java b/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java
index 99128ad..9628ea7 100644
--- a/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java
+++ b/common/src/main/java/org/conscrypt/ConscryptEngineSocket.java
@@ -308,7 +308,6 @@
* This method enables Server Name Indication
*
* @param hostname the desired SNI hostname, or null to disable
- * @throws IllegalArgumentException if the supplied hostname is not a valid SNI hostname.
*/
@Override
public final void setHostname(String hostname) {
diff --git a/common/src/main/java/org/conscrypt/ConscryptFileDescriptorSocket.java b/common/src/main/java/org/conscrypt/ConscryptFileDescriptorSocket.java
index 3523589..5d6c301 100644
--- a/common/src/main/java/org/conscrypt/ConscryptFileDescriptorSocket.java
+++ b/common/src/main/java/org/conscrypt/ConscryptFileDescriptorSocket.java
@@ -758,13 +758,9 @@
* This method enables Server Name Indication
*
* @param hostname the desired SNI hostname, or null to disable
- * @throws IllegalArgumentException if the supplied hostname is not a valid SNI hostname.
*/
@Override
public final void setHostname(String hostname) {
- if ((hostname != null) && !AddressUtils.isValidSniHostname(hostname)) {
- throw new IllegalArgumentException("Invalid SNI hostname: " + hostname);
- }
sslParameters.setUseSni(hostname != null);
super.setHostname(hostname);
}
@@ -1081,10 +1077,8 @@
if (guard != null) {
Platform.closeGuardWarnIfOpen(guard);
}
- if (ssl != null) {
- synchronized (ssl) {
- transitionTo(STATE_CLOSED);
- }
+ synchronized (ssl) {
+ transitionTo(STATE_CLOSED);
}
} finally {
super.finalize();
diff --git a/common/src/main/java/org/conscrypt/OpenSSLSocketFactoryImpl.java b/common/src/main/java/org/conscrypt/OpenSSLSocketFactoryImpl.java
index d69a3c0..61e5fb6 100644
--- a/common/src/main/java/org/conscrypt/OpenSSLSocketFactoryImpl.java
+++ b/common/src/main/java/org/conscrypt/OpenSSLSocketFactoryImpl.java
@@ -148,7 +148,7 @@
throw new SocketException("Socket is not connected.");
}
- if (!useEngineSocket && hasFileDescriptor(socket)) {
+ if (hasFileDescriptor(socket) && !useEngineSocket) {
return createFileDescriptorSocket(
socket, hostname, port, autoClose, (SSLParametersImpl) sslParameters.clone());
} else {
diff --git a/openjdk-integ-tests/src/test/java/org/conscrypt/javax/crypto/CipherTest.java b/openjdk-integ-tests/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
index 58c054c..81c9901 100644
--- a/openjdk-integ-tests/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
+++ b/openjdk-integ-tests/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
@@ -3514,7 +3514,6 @@
DES_Plaintext1_PKCS5_Padded,
DES_Plaintext1_Encrypted_With_DES_112_KEY_And_DESEDE_CBC_PKCS5PADDING_With_DES_IV1
) {
- @Override
public boolean compatibleWith(String provider) {
// SunJCE doesn't support extending 112-bit keys to 168-bit keys
return !provider.equals("SunJCE");
@@ -4188,25 +4187,10 @@
String msg = "update() should throw IllegalStateException [mode=" + opmode + "]";
final int bs = createAesCipher(opmode).getBlockSize();
assertEquals(16, bs); // check test is set up correctly
- assertIllegalStateException(msg, new Runnable() {
- @Override
- public void run() {
- createAesCipher(opmode).update(new byte[0]);
- }
- });
- assertIllegalStateException(msg, new Runnable() {
- @Override
- public void run() {
- createAesCipher(opmode).update(new byte[2 * bs]);
- }
- });
- assertIllegalStateException(msg, new Runnable() {
- @Override
- public void run() {
- createAesCipher(opmode).update(
- new byte[2 * bs] /* input */, bs /* inputOffset */, 0 /* inputLen */);
- }
- });
+ assertIllegalStateException(msg, new Runnable() { public void run() { createAesCipher(opmode).update(new byte[0]); } });
+ assertIllegalStateException(msg, new Runnable() { public void run() { createAesCipher(opmode).update(new byte[2 * bs]); } });
+ assertIllegalStateException(msg, new Runnable() { public void run() { createAesCipher(opmode).update(
+ new byte[2 * bs] /* input */, bs /* inputOffset */, 0 /* inputLen */); } });
try {
createAesCipher(opmode).update(new byte[2*bs] /* input */, 0 /* inputOffset */,
2 * bs /* inputLen */, new byte[2 * bs] /* output */, 0 /* outputOffset */);
@@ -4807,13 +4791,13 @@
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1");
PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(),
- "salt".getBytes(TestUtils.UTF_8),
+ "salt".getBytes(),
100, 128);
SecretKey secretKey = skf.generateSecret(pbeks);
Cipher cipher =
Cipher.getInstance("PBEWITHSHAAND128BITAES-CBC-BC");
- PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(TestUtils.UTF_8), 100);
+ PBEParameterSpec paramSpec = new PBEParameterSpec("salt".getBytes(), 100);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
assertEquals(Arrays.toString(ciphertext), Arrays.toString(cipher.doFinal(plaintext)));
@@ -4844,7 +4828,7 @@
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA1");
PBEKeySpec pbeks = new PBEKeySpec("password".toCharArray(),
- "salt".getBytes(TestUtils.UTF_8),
+ "salt".getBytes(),
100, 128);
SecretKey secretKey = skf.generateSecret(pbeks);
Cipher cipher =
diff --git a/openjdk-integ-tests/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketTest.java b/openjdk-integ-tests/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketTest.java
index 333e457..1634c4c 100644
--- a/openjdk-integ-tests/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketTest.java
+++ b/openjdk-integ-tests/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketTest.java
@@ -37,7 +37,6 @@
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.Thread.UncaughtExceptionHandler;
-import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.net.ConnectException;
@@ -2315,33 +2314,6 @@
}
@Test
- public void test_SSLSocket_setInvalidHostname() throws Exception {
- TestSSLContext context = TestSSLContext.create();
- SSLSocket client =
- (SSLSocket) context.clientContext.getSocketFactory().createSocket();
- try {
- client.connect(new InetSocketAddress(context.host, context.port));
- Method getHostname = client.getClass().getMethod("getHostname");
- getHostname.setAccessible(true);
- String originalHostname = (String) getHostname.invoke(client);
-
- try {
- Method setHostname = client.getClass().getMethod("setHostname", String.class);
- setHostname.setAccessible(true);
- setHostname.invoke(client, "sslsockettest.androidcts.google.com.");
- } catch (InvocationTargetException expected) {
- assertTrue(expected.getCause() instanceof IllegalArgumentException);
- }
-
- // Ensure that setting an illegal hostname doesn't change getHostname
- assertEquals(originalHostname, getHostname.invoke(client));
- } finally {
- client.close();
- context.close();
- }
- }
-
- @Test
public void test_SSLSocket_SNIHostName() throws Exception {
TestUtils.assumeSNIHostnameAvailable();
TestSSLContext c = TestSSLContext.create();
diff --git a/openjdk-uber/build.gradle b/openjdk-uber/build.gradle
index effa812..3933458 100644
--- a/openjdk-uber/build.gradle
+++ b/openjdk-uber/build.gradle
@@ -6,7 +6,6 @@
'osx-x86_64,linux-x86_64,windows-x86,windows-x86_64')).split(',')
classesDir = "${buildDir}/classes"
resourcesDir = "${buildDir}/resources"
- sourcesDir = "${buildDir}/sources"
}
if (buildUberJar) {
@@ -20,10 +19,6 @@
from resourcesDir
}
- sourcesJar {
- from sourcesDir
- }
-
// Add the dependencies for the uber jar.
uberJarClassifiers.each { uberJarClassifier ->
dependencies.uberJar "${group}:conscrypt-openjdk:${version}:${uberJarClassifier}"
@@ -57,14 +52,6 @@
}
jar.dependsOn copyClasses
- task copySources(type: Copy, dependsOn: ":conscrypt-openjdk:sourcesJar") {
- from {
- project(":conscrypt-openjdk").sourceSets.main.java
- }
- into file(sourcesDir)
- }
- sourcesJar.dependsOn copySources
-
// Append the BoringSSL-Version to the manifest. Note that this assumes that the
// version of BoringSSL for each artifact exactly matches the one on the
// current system.
diff --git a/openjdk/src/test/java/org/conscrypt/AddressUtilsTest.java b/openjdk/src/test/java/org/conscrypt/AddressUtilsTest.java
index b49da7f..e748234 100644
--- a/openjdk/src/test/java/org/conscrypt/AddressUtilsTest.java
+++ b/openjdk/src/test/java/org/conscrypt/AddressUtilsTest.java
@@ -30,10 +30,6 @@
assertFalse(AddressUtils.isValidSniHostname("www"));
}
- public void test_isValidSniHostname_Localhost_Success() throws Exception {
- assertTrue(AddressUtils.isValidSniHostname("LOCALhost"));
- }
-
public void test_isValidSniHostname_IPv4_Failure() throws Exception {
assertFalse(AddressUtils.isValidSniHostname("192.168.0.1"));
}
@@ -42,14 +38,6 @@
assertFalse(AddressUtils.isValidSniHostname("2001:db8::1"));
}
- public void test_isValidSniHostname_TrailingDot() throws Exception {
- assertFalse(AddressUtils.isValidSniHostname("www.google.com."));
- }
-
- public void test_isValidSniHostname_NullByte() throws Exception {
- assertFalse(AddressUtils.isValidSniHostname("www\0.google.com"));
- }
-
public void test_isLiteralIpAddress_IPv4_Success() throws Exception {
assertTrue(AddressUtils.isLiteralIpAddress("127.0.0.1"));
assertTrue(AddressUtils.isLiteralIpAddress("255.255.255.255"));
diff --git a/platform/src/main/java/org/conscrypt/ChainStrengthAnalyzer.java b/platform/src/main/java/org/conscrypt/ChainStrengthAnalyzer.java
index af2a3e2..0807178 100644
--- a/platform/src/main/java/org/conscrypt/ChainStrengthAnalyzer.java
+++ b/platform/src/main/java/org/conscrypt/ChainStrengthAnalyzer.java
@@ -42,9 +42,6 @@
"1.2.840.113549.1.1.2", // md2WithRSAEncryption
"1.2.840.113549.1.1.3", // md4WithRSAEncryption
"1.2.840.113549.1.1.4", // md5WithRSAEncryption
- "1.2.840.113549.1.1.5", // sha1WithRSAEncryption
- "1.2.840.10040.4.3", //dsa-with-sha1
- "1.2.840.10045.4.1", //ecdsa-with-sha1
};
public static final void check(X509Certificate[] chain) throws CertificateException {
diff --git a/platform/src/test/java/org/conscrypt/ChainStrengthAnalyzerTest.java b/platform/src/test/java/org/conscrypt/ChainStrengthAnalyzerTest.java
index 0cef464..da25acc 100644
--- a/platform/src/test/java/org/conscrypt/ChainStrengthAnalyzerTest.java
+++ b/platform/src/test/java/org/conscrypt/ChainStrengthAnalyzerTest.java
@@ -169,74 +169,6 @@
"-----END CERTIFICATE-----";
//openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
- //-newkey rsa:2048 -sha1 -keyout k.pem -out md5.pem
- private static final String SHA1_RSA_PEM = "" +
- "-----BEGIN CERTIFICATE-----\n" +
- "MIIDZDCCAkygAwIBAgIJALW5K4gErucTMA0GCSqGSIb3DQEBBQUAMEcxCzAJBgNV\n" +
- "BAYTAlVTMREwDwYDVQQIDAhUZXN0c290YTESMBAGA1UEBwwJVGVzdHZpbGxlMREw\n" +
- "DwYDVQQDDAh0ZXN0LmNvbTAeFw0xODA0MTIxOTM1MzlaFw0xOTA0MTIxOTM1Mzla\n" +
- "MEcxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhUZXN0c290YTESMBAGA1UEBwwJVGVz\n" +
- "dHZpbGxlMREwDwYDVQQDDAh0ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" +
- "ADCCAQoCggEBAMAphayEftP2twO/FpfUoERx9Y2DyaSMqvLND5Ay6wDXuLMN6qWX\n" +
- "3ljtEJW3ZVYM2gEhRIXKKUYt0lyx5EuE0VxrNOVyncr8/SQUY2tYlCSB1LLeOzGB\n" +
- "sYvVzEon/FUeKlRmcgae9FdqDP/t1pCwVdSxIhYxGoPt+znsbrT2UFO7yBw2WDZa\n" +
- "P8pLP8VeryXWLyAjX2ezxBNVpxwPBsdssrMRqX2BvsZt9pVx87weBH8Mj1lnGJL2\n" +
- "4ekfUonSEgT6hhCJv8G6PPvXvV2XWmGzjh+CyaEncoODa5a16JHVmq/BNtK6o/OB\n" +
- "YNrne86kDCzpruA69JtSYAf9YM2TU8vy6GECAwEAAaNTMFEwHQYDVR0OBBYEFHFu\n" +
- "2+j9+gNDXIlvtDq7P7A6JYnZMB8GA1UdIwQYMBaAFHFu2+j9+gNDXIlvtDq7P7A6\n" +
- "JYnZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBALnB+IOCAuWU\n" +
- "BEC8AtPzQaBQh2MJhzIg+0HHOGldkMX6jRGRnySf31okZMr9FjLkUMEwyylZvFI1\n" +
- "fFIdq7a070XAH1u4k/Xx7xi7R0+sfnceaLrt1nvOyhEjitLzLT/+zblMrvY+PvpF\n" +
- "JkUNSKbd8XkSSMvV3U4bmkAZfP/LIJ8juSrNwzsfIu7IPBq+3yPFZpBR/UNH/NhP\n" +
- "/9OmD8bLwSer9xAcWFT3JVljtaHmL3D+mP/Q1n2lsb7VhrZ4XESLN8thWxWddRC7\n" +
- "/72ObwvnJIPGB4Knybv8qee02ZDZRKcjFp872FeIkpHMfG/G/kwQiNzvA6cmwTYQ\n" +
- "QeVc5iP8Lqo=\n" +
- "-----END CERTIFICATE-----";
-
-
- //openssl ecparam -genkey -name prime256v1 -out eckey.pem && \
- //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
- //-newkey ec:eckey.pem -sha1 -keyout k.pem -out sha1.pem
- private static final String SHA1_ECDSA_PEM = "" +
- "-----BEGIN CERTIFICATE-----\n" +
- "MIIB1zCCAX2gAwIBAgIJAKS+GaTWit91MAkGByqGSM49BAEwRzELMAkGA1UEBhMC\n" +
- "VVMxETAPBgNVBAgMCFRlc3Rzb3RhMRIwEAYDVQQHDAlUZXN0dmlsbGUxETAPBgNV\n" +
- "BAMMCHRlc3QuY29tMB4XDTE4MDQxMjE5NDAyMloXDTE5MDQxMjE5NDAyMlowRzEL\n" +
- "MAkGA1UEBhMCVVMxETAPBgNVBAgMCFRlc3Rzb3RhMRIwEAYDVQQHDAlUZXN0dmls\n" +
- "bGUxETAPBgNVBAMMCHRlc3QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\n" +
- "VYHDIpvFu7UBWsfF9G8L5V5Cj+wIGHXIUIYp/GVri9bCTZBkLMqcoNyYKWDKDQb5\n" +
- "sKuo/CCSo5+1dPSjy8gm8KNTMFEwHQYDVR0OBBYEFI8coJOBd83LFcwx7ypFc7F0\n" +
- "B7clMB8GA1UdIwQYMBaAFI8coJOBd83LFcwx7ypFc7F0B7clMA8GA1UdEwEB/wQF\n" +
- "MAMBAf8wCQYHKoZIzj0EAQNJADBGAiEAjXa+FcLuU4jRVf93c4vY8EmATcjFrb4h\n" +
- "bKrvFxXMUpkCIQCllGWVU3j8Np8DxX0MK2Af/5h8O4zlr9DvPUpCsggaQw==\n" +
- "-----END CERTIFICATE-----";
-
- //openssl dsaparam -out dsakey.pem -genkey 1024 && \
- //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
- //-newkey dsa:dsakey.pem -sha1 -keyout k.pem -out sha1.pem
- private static final String SHA1_DSA_PEM = "" +
- "-----BEGIN CERTIFICATE-----\n" +
- "MIIDHzCCAt2gAwIBAgIJAPO9edaSntPLMAkGByqGSM44BAMwRzELMAkGA1UEBhMC\n" +
- "VVMxETAPBgNVBAgMCFRlc3Rzb3RhMRIwEAYDVQQHDAlUZXN0dmlsbGUxETAPBgNV\n" +
- "BAMMCHRlc3QuY29tMB4XDTE4MDQxMjE5NTAyN1oXDTE5MDQxMjE5NTAyN1owRzEL\n" +
- "MAkGA1UEBhMCVVMxETAPBgNVBAgMCFRlc3Rzb3RhMRIwEAYDVQQHDAlUZXN0dmls\n" +
- "bGUxETAPBgNVBAMMCHRlc3QuY29tMIIBtzCCASwGByqGSM44BAEwggEfAoGBAMZy\n" +
- "BYuw9s+UFLnrErRwysU2dfcY0tv4b8FIi63JtF12kTborQkyxilNtDDtBVEA0mKE\n" +
- "13dvd8JQx2+d6LwHSiaaS2n2/XofVn61HmDNPns1zV8m9XvUX8Cqmz0+1dgyZx0Y\n" +
- "dP+eg2BjfhfX/6tXWXMd2t2+y3sJalLh9KeC/LftAhUA2RmeKHbNMj9pC9wOj8Yj\n" +
- "u239Q1ECgYEAhnfB/Z2S/lYc2c78PU2DcChXsj+Mp8ITUwTVg+G4+WvqGzX6FFzr\n" +
- "9/eTrn+rPLkKDJonHW/OZyVFK2mVQ/s5xE8Wn9YDUYkNPlJ/dFB+okmhZE8hDRwF\n" +
- "LsgtrLgJqpOEw54b37hyqdvk2vtHI+ANU+jZONRdsmWT9HZ0ryJGqY8DgYQAAoGA\n" +
- "U8tXEXYh4oCAGLG+S7aNI73LN+a/n0r1aSJM8XuNExZus/eaXCHqEreUi/SBXVEm\n" +
- "UJEXnsRwzLyErE24yBlQzLBoMbHqJnIOJRmxjrQ7xo9vivo53woIbxHSRdWlzfwW\n" +
- "14yR5dSVDEVI30TTT/zAoNIWvegHXO2LCeEZ/ilLPxCjUzBRMB0GA1UdDgQWBBQB\n" +
- "cKP86kuQ/GEG+n0NdJK7A9uBOTAfBgNVHSMEGDAWgBQBcKP86kuQ/GEG+n0NdJK7\n" +
- "A9uBOTAPBgNVHRMBAf8EBTADAQH/MAkGByqGSM44BAMDMQAwLgIVAIIMd1qgBuGf\n" +
- "zY7SmaNFYmeQV2qpAhUAkPFti47uD7JjdAEqJ/nFMhYcolQ=\n" +
- "-----END CERTIFICATE-----";
-
-
- //openssl req -x509 -nodes -days 365 -subj '/C=US/ST=Testsota/L=Testville/CN=test.com' \
//-newkey rsa:512 -sha256 -keyout k.pem -out short.pem
private static final String SHORT_RSA_PEM = "" +
"-----BEGIN CERTIFICATE-----\n" +
@@ -290,7 +222,6 @@
"9eAwAhAzX+1NE+FY0kk74wH83Cz0\n" +
"-----END CERTIFICATE-----";
-
public void testMD2() throws Exception {
assertBad(MD2_RSA_PEM, "Weak hash check did not fail as expected");
}
@@ -303,12 +234,6 @@
assertBad(MD5_RSA_PEM, "Weak hash check did not fail as expected");
}
- public void testSHA1() throws Exception {
- assertBad(SHA1_RSA_PEM, "Weak SHA1 RSA signature did not fail as expected");
- assertBad(SHA1_ECDSA_PEM, "Weak SHA1 ECDSA signature did not fail as expected");
- assertBad(SHA1_DSA_PEM, "Weak SHA1 DSA signature did not fail as expected");
- }
-
public void testRsa512() throws Exception {
assertBad(SHORT_RSA_PEM, "Short RSA modulus check did not fail as expected");
}
diff --git a/release/docker b/release/docker
deleted file mode 100755
index 70cf64a..0000000
--- a/release/docker
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-#
-# Release automation script for running within the Docker container.
-# This script is invoked from the Linux script.
-#
-# Because this is run in the Docker container, we can use absolute
-# paths to everything and generally count on everything being where we
-# expect it to be.
-
-set -e
-
-if [ -z "$1" ]; then
- echo "Usage: $0 <version>"
- exit 1
-fi
-
-cd /conscrypt
-
-BRANCH=$(echo "$1" | sed -E 's/([0-9]+[.][0-9]+[.])[0-9]+/\1x/')
-git checkout "$BRANCH"
-
-# Update the gradle.properties file for the location of files in the
-# container.
-
-# The host copy may have the signingKeystore and
-# signingPassword properties commented out because signing isn't
-# routinely done for development builds, so ensure they're
-# uncommented.
-sed -i 's/#signingKeystore/signingKeystore/' /root/.gradle/gradle.properties
-sed -i 's/#signingPassword/signingPassword/' /root/.gradle/gradle.properties
-sed -i 's\signing.secretKeyRingFile=.*\signing.secretKeyRingFile=/root/.gnupg/secring.gpg\' /root/.gradle/gradle.properties
-sed -i 's\signingKeystore=.*\signingKeystore=/root/certkeystore\' /root/.gradle/gradle.properties
-
-./gradlew conscrypt-openjdk:build
-./gradlew -Dorg.gradle.parallel=false uploadArchives
-
-cd /usr/src/boringssl
-
-echo "***************************************************************"
-echo "** BoringSSL revision: $(git rev-parse HEAD)"
-echo "***************************************************************"
diff --git a/release/linux b/release/linux
deleted file mode 100755
index 807d774..0000000
--- a/release/linux
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-#
-# Release automation script for Linux builds. This should be run
-# first. Must be run from the top-level conscrypt directory.
-
-set -e
-
-if [ -z "$1" ]; then
- echo "Usage: $0 <version>"
- exit 1
-fi
-
-# Replace the last numerical component of the release with and x, so
-# 1.2.3 becomes 1.2.x
-BRANCH=$(echo "$1" | sed -E 's/([0-9]+[.][0-9]+[.])[0-9]+/\1x/')
-
-git checkout "$BRANCH"
-
-# Update the build.gradle file for the new version
-sed -i 's/version = ".*"/version = "'"$1"'"/' build.gradle
-
-# Commit the build.gradle, tag the release, and push upstream
-git commit -a -m "Preparing version $1"
-git tag -a "$1" -m "Version $1"
-git push upstream "$BRANCH"
-git push upstream "$1"
-
-# Build and start the Docker container
-docker build -t conscrypt-deploy release
-CONTAINER_ID=$(docker run -itd conscrypt-deploy)
-
-# Copy the relevant files from the host machine into the container
-docker exec $CONTAINER_ID mkdir /root/.gradle
-docker cp ~/.gnupg $CONTAINER_ID:/root/
-docker cp ~/.gradle/gradle.properties $CONTAINER_ID:/root/.gradle/
-docker cp "$(grep signingKeystore ~/.gradle/gradle.properties | cut -d= -f2)" $CONTAINER_ID:/root/certkeystore
-
-# Run the release automation script for the docker container
-docker exec $CONTAINER_ID scl enable devtoolset-2 "/conscrypt/release/docker $1"
diff --git a/release/macos b/release/macos
deleted file mode 100755
index 2996153..0000000
--- a/release/macos
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# Release automation script for MacOS builds. This should be run
-# after the Linux build has created the staging repository and
-# selected the BoringSSL revision. Must be run from the top-level
-# conscrypt directory, which should be synced to the appropriate
-# release branch.
-
-set -e
-
-if [ -z "$2" ]; then
- echo "Usage: $0 <boringssl revision> <repository ID>"
- exit 1
-fi
-
-if [ -z "$JAVA_HOME" ]; then
- export JAVA_HOME=$(/usr/libexec/java_home)
-fi
-
-# If BORINGSSL_HOME isn't set, assume it's located at ../boringssl
-if [ -z "$BORINGSSL_HOME" ]; then
- export BORINGSSL_HOME=$(cd ../boringssl; pwd -P)
-fi
-
-pushd "$BORINGSSL_HOME" >/dev/null
-git checkout master
-git pull
-git checkout $1
-cd build64
-ninja
-popd >/dev/null
-
-./gradlew conscrypt-openjdk:build
-./gradlew conscrypt-openjdk:uploadArchives -Dorg.gradle.parallel=false -PrepositoryId="$2"
diff --git a/release/windows.bat b/release/windows.bat
deleted file mode 100644
index 57c6c9a..0000000
--- a/release/windows.bat
+++ /dev/null
@@ -1,45 +0,0 @@
-REM Release automation script for Windows builds. This should be run
-REM after the Linux build has created the staging repository and
-REM selected the BoringSSL revision. Must be run from the top-level
-REM conscrypt directory, which should be synced to the appropriate
-REM release branch.
-
-@echo off
-setlocal
-
-if "%2"=="" (
- echo Usage: %0 ^<boringssl revision^> ^<repository ID^>
- exit /B
-)
-
-REM TODO(flooey): The BoringSSL directory needs to be at ../boringssl
-pushd ..\boringssl
-
-if "%JAVA_HOME%"=="" (
- for /F "usebackq delims==" %%i in (`where java`) do set JAVA_HOME=%%~dpi
-)
-set JAVA_HOME=%JAVA_HOME:\bin\=%
-
-if "%BORINGSSL_HOME%"=="" (set BORINGSSL_HOME=%cd%)
-
-git checkout master
-git pull
-git checkout %1
-
-pushd .
-call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" x86
-popd
-cd build32
-ninja
-cd ..
-
-pushd .
-call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" x86_amd64
-popd
-cd build64
-ninja
-
-popd
-
-call gradlew conscrypt-openjdk:build
-call gradlew conscrypt-openjdk:uploadArchives -Dorg.gradle.parallel=false -PrepositoryId=%2
diff --git a/testing/src/main/java/org/conscrypt/java/security/TestKeyStore.java b/testing/src/main/java/org/conscrypt/java/security/TestKeyStore.java
index 33adac8..ce7d2b2 100644
--- a/testing/src/main/java/org/conscrypt/java/security/TestKeyStore.java
+++ b/testing/src/main/java/org/conscrypt/java/security/TestKeyStore.java
@@ -688,13 +688,13 @@
String keyAlgorithm = privateKey.getAlgorithm();
String signatureAlgorithm;
if (keyAlgorithm.equals("RSA")) {
- signatureAlgorithm = "sha256WithRSA";
+ signatureAlgorithm = "sha1WithRSA";
} else if (keyAlgorithm.equals("DSA")) {
- signatureAlgorithm = "sha256WithDSA";
+ signatureAlgorithm = "sha1WithDSA";
} else if (keyAlgorithm.equals("EC")) {
- signatureAlgorithm = "sha256WithECDSA";
+ signatureAlgorithm = "sha1WithECDSA";
} else if (keyAlgorithm.equals("EC_RSA")) {
- signatureAlgorithm = "sha256WithRSA";
+ signatureAlgorithm = "sha1WithRSA";
} else {
throw new IllegalArgumentException("Unknown key algorithm " + keyAlgorithm);
}