aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2016-09-08 12:09:48 -0700
committerKenny Root <kroot@google.com>2016-09-09 11:28:43 -0700
commit2486fc8f8dfcddfda57f79bfab770803f06a8bd1 (patch)
treeac0f133632b6f643880059c6e83302a2998f0737
parent3a4043b92acabbbf97a95b791a22c861e1c0b855 (diff)
downloadconscrypt-2486fc8f8dfcddfda57f79bfab770803f06a8bd1.tar.gz
Remove SSL_CTX_set_tmp_ecdh callandroid-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1nougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-cts-release
This now has the undesired effect of making a client only support this curve for ECDHE. This used to be needed to allow a server to handshake with ECDHE, but is now unnecessary for BoringSSL. The client doesn't want this call and the server no longer needs this call, so delete it. (cherry picked from commit 1ba6bcf113085c493ccd4574ed685cd0efad4aeb) Test: mmma -j32 external/conscrypt && make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java Bug: 31393711 Change-Id: Ib7afdcc3ea7ee3d2222a262f3c57abd065a4b4e1
Diffstat
-rw-r--r--src/main/native/org_conscrypt_NativeCrypto.cpp8
1 files changed, 0 insertions, 8 deletions
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp
index 9af0cda7..bd26fd53 100644
--- a/src/main/native/org_conscrypt_NativeCrypto.cpp
+++ b/src/main/native/org_conscrypt_NativeCrypto.cpp
@@ -8113,14 +8113,6 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) {
SSL_CTX_set_tmp_rsa_callback(sslCtx.get(), tmp_rsa_callback);
SSL_CTX_set_tmp_dh_callback(sslCtx.get(), tmp_dh_callback);
- // If negotiating ECDH, use P-256.
- Unique_EC_KEY ec(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
- if (ec.get() == nullptr) {
- throwExceptionIfNecessary(env, "EC_KEY_new_by_curve_name");
- return 0;
- }
- SSL_CTX_set_tmp_ecdh(sslCtx.get(), ec.get());
-
JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get());
return (jlong) sslCtx.release();
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 18:18:55 +0000