diff options
author | Adam Vartanian <flooey@google.com> | 2018-02-14 14:19:59 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2018-02-14 14:19:59 +0000 |
commit | 0933dfb7a3ad3f7720a5985b8e4b4dc0337b72b7 (patch) | |
tree | a009756dfcedf5de3d8ccd9bcc852e5c951a59f8 | |
parent | 0a68cb155abcbc1e38d77031d34afe8141473dec (diff) | |
parent | 8fb98a90b19c23fca998b32af80cb5a3a13a4d74 (diff) | |
download | conscrypt-0933dfb7a3ad3f7720a5985b8e4b4dc0337b72b7.tar.gz |
Merge upstream master am: 730d65c7b4
am: 8fb98a90b1
Change-Id: I3da96a9f87c3b6c32f48f475aa994c6f91398ecc
-rw-r--r-- | .travis.yml | 4 | ||||
-rw-r--r-- | README.md | 24 | ||||
-rw-r--r-- | common/src/jni/main/cpp/conscrypt/jniutil.cc | 56 | ||||
-rw-r--r-- | common/src/jni/main/cpp/conscrypt/native_crypto.cc | 949 | ||||
-rw-r--r-- | common/src/jni/main/include/conscrypt/jniutil.h | 61 | ||||
-rw-r--r-- | common/src/jni/unbundled/include/NetFd.h | 2 | ||||
-rw-r--r-- | common/src/jni/unbundled/include/nativehelper/ScopedPrimitiveArray.h | 4 | ||||
-rw-r--r-- | common/src/jni/unbundled/include/nativehelper/ScopedUtfChars.h | 2 | ||||
-rw-r--r-- | openjdk/build.gradle | 4 | ||||
-rw-r--r-- | openjdk/src/test/java/org/conscrypt/AbstractSessionContextTest.java | 4 |
10 files changed, 736 insertions, 374 deletions
diff --git a/.travis.yml b/.travis.yml index 431f9699..75104831 100644 --- a/.travis.yml +++ b/.travis.yml @@ -112,7 +112,7 @@ script: git rev-list $(git merge-base HEAD origin/master)..HEAD | xargs -i git diff-tree --no-commit-id --name-only -r {} | grep -E '\.java$' | xargs -r git ls-files | xargs -r java -jar $HOME/gjf.jar -a -i --fix-imports-only && git diff --exit-code || { git reset --hard; false; } fi - - ./gradlew build + - ./gradlew build -PcheckErrorQueue # Also test with Java 6 on linux - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TRAVIS_PULL_REQUEST" != "false" ]]; @@ -121,7 +121,7 @@ script: fi - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TRAVIS_PULL_REQUEST" != "false" ]]; then - ./gradlew check -DjavaExecutable64=${JAVA6_HOME}/bin/java; + ./gradlew check -DjavaExecutable64=${JAVA6_HOME}/bin/java -PcheckErrorQueue; fi after_script: @@ -41,11 +41,12 @@ directly from the Maven repositories. The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms: -Classifier | Description ----------------- | ----------- -windows-x86_64 | Windows distribution -osx-x86_64 | Mac distribution -linux-x86_64 | Used for Linux +Classifier | OS | Architecture +-----------| ------- | ---------------- | +linux-x86_64 | Linux | x86_64 (64-bit) +osx-x86_64 | Mac | x86_64 (64-bit) +windows-x86 | Windows | x86 (32-bit) +windows-x86_64 | Windows | x86_64 (64-bit) ##### Maven @@ -65,7 +66,7 @@ Use the [os-maven-plugin](https://github.com/trustin/os-maven-plugin) to add the <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.0.0</version> <classifier>${os.detected.classifier}</classifier> </dependency> ``` @@ -88,7 +89,7 @@ buildscript { apply plugin: "com.google.osdetector" dependencies { - compile 'org.conscrypt:conscrypt-jdk:1.1.0-SNAPSHOT:' + osdetector.classifier + compile 'org.conscrypt:conscrypt-jdk:1.0.0:' + osdetector.classifier } ``` @@ -106,14 +107,14 @@ To depend on the uber jar, simply use the `conscrypt-openjdk-uber` artifacts. <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk-uber</artifactId> - <version>1.1.0-SNAPSHOT</version> + <version>1.0.0</version> </dependency> ``` ###### Gradle ```gradle dependencies { - compile 'org.conscrypt:conscrypt-jdk-uber:1.1.0-SNAPSHOT' + compile 'org.conscrypt:conscrypt-jdk-uber:1.0.0' } ``` @@ -146,6 +147,5 @@ These modules provide the `Platform` class for non-Android (OpenJDK-based) syste a native library loader supports bundling the shared library with the JAR. ### Platform - -This is not an actual module and is not part of the default build. This is used for building - Conscrypt as an embedded component of the Android platform. +This module contains code that is bundled with the Android operating system. The inclusion in the +build is only to ensure that changes to other modules do not accidentally break the Android build. diff --git a/common/src/jni/main/cpp/conscrypt/jniutil.cc b/common/src/jni/main/cpp/conscrypt/jniutil.cc index c31f1c4d..952ef0db 100644 --- a/common/src/jni/main/cpp/conscrypt/jniutil.cc +++ b/common/src/jni/main/cpp/conscrypt/jniutil.cc @@ -122,7 +122,7 @@ bool isGetByteArrayElementsLikelyToReturnACopy(size_t size) { #endif } -int jniThrowException(JNIEnv* env, const char* className, const char* msg) { +int throwException(JNIEnv* env, const char* className, const char* msg) { jclass exceptionClass = env->FindClass(className); if (exceptionClass == nullptr) { @@ -141,59 +141,63 @@ int jniThrowException(JNIEnv* env, const char* className, const char* msg) { return 0; } -int jniThrowRuntimeException(JNIEnv* env, const char* msg) { - return conscrypt::jniutil::jniThrowException(env, "java/lang/RuntimeException", msg); +int throwRuntimeException(JNIEnv* env, const char* msg) { + return conscrypt::jniutil::throwException(env, "java/lang/RuntimeException", msg); } -int jniThrowNullPointerException(JNIEnv* env, const char* msg) { - return conscrypt::jniutil::jniThrowException(env, "java/lang/NullPointerException", msg); +int throwAssertionError(JNIEnv* env, const char* msg) { + return conscrypt::jniutil::throwException(env, "java/lang/AssertionError", msg); } -int jniThrowOutOfMemory(JNIEnv* env, const char* message) { - return conscrypt::jniutil::jniThrowException(env, "java/lang/OutOfMemoryError", message); +int throwNullPointerException(JNIEnv* env, const char* msg) { + return conscrypt::jniutil::throwException(env, "java/lang/NullPointerException", msg); +} + +int throwOutOfMemory(JNIEnv* env, const char* message) { + return conscrypt::jniutil::throwException(env, "java/lang/OutOfMemoryError", message); } int throwBadPaddingException(JNIEnv* env, const char* message) { JNI_TRACE("throwBadPaddingException %s", message); - return conscrypt::jniutil::jniThrowException(env, "javax/crypto/BadPaddingException", message); + return conscrypt::jniutil::throwException(env, "javax/crypto/BadPaddingException", message); } int throwSignatureException(JNIEnv* env, const char* message) { JNI_TRACE("throwSignatureException %s", message); - return conscrypt::jniutil::jniThrowException(env, "java/security/SignatureException", message); + return conscrypt::jniutil::throwException(env, "java/security/SignatureException", message); } int throwInvalidKeyException(JNIEnv* env, const char* message) { JNI_TRACE("throwInvalidKeyException %s", message); - return conscrypt::jniutil::jniThrowException(env, "java/security/InvalidKeyException", message); + return conscrypt::jniutil::throwException(env, "java/security/InvalidKeyException", message); } int throwIllegalBlockSizeException(JNIEnv* env, const char* message) { JNI_TRACE("throwIllegalBlockSizeException %s", message); - return conscrypt::jniutil::jniThrowException( + return conscrypt::jniutil::throwException( env, "javax/crypto/IllegalBlockSizeException", message); } int throwNoSuchAlgorithmException(JNIEnv* env, const char* message) { JNI_TRACE("throwUnknownAlgorithmException %s", message); - return conscrypt::jniutil::jniThrowException( + return conscrypt::jniutil::throwException( env, "java/security/NoSuchAlgorithmException", message); } int throwIOException(JNIEnv* env, const char* message) { JNI_TRACE("throwIOException %s", message); - return conscrypt::jniutil::jniThrowException(env, "java/io/IOException", message); + return conscrypt::jniutil::throwException(env, "java/io/IOException", message); } int throwParsingException(JNIEnv* env, const char* message) { - return conscrypt::jniutil::jniThrowException(env, TO_STRING(JNI_JARJAR_PREFIX) + return conscrypt::jniutil::throwException(env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/OpenSSLX509CertificateFactory$ParsingException", message); } int throwInvalidAlgorithmParameterException(JNIEnv* env, const char* message) { JNI_TRACE("throwInvalidAlgorithmParameterException %s", message); - return conscrypt::jniutil::jniThrowException( + return conscrypt::jniutil::throwException( env, "java/security/InvalidAlgorithmParameterException", message); } @@ -313,19 +317,23 @@ int throwForX509Error(JNIEnv* env, int reason, const char* message, } } -bool throwExceptionIfNecessary(JNIEnv* env, CONSCRYPT_UNUSED const char* location, - int (*defaultThrow)(JNIEnv*, const char*)) { +void throwExceptionFromBoringSSLError(JNIEnv* env, CONSCRYPT_UNUSED const char* location, + int (*defaultThrow)(JNIEnv*, const char*)) { const char* file; int line; const char* data; int flags; // NOLINTNEXTLINE(runtime/int) unsigned long error = ERR_get_error_line_data(&file, &line, &data, &flags); - bool result = false; + + if (error == 0) { + throwAssertionError(env, "throwExceptionFromBoringSSLError called with no error"); + return; + } // If there's an error from BoringSSL it may have been caused by an exception in Java code, so // ensure there isn't a pending exception before we throw a new one. - if ((error != 0) && !env->ExceptionCheck()) { + if (!env->ExceptionCheck()) { char message[256]; ERR_error_string_n(error, message, sizeof(message)); int library = ERR_GET_LIB(error); @@ -356,32 +364,30 @@ bool throwExceptionIfNecessary(JNIEnv* env, CONSCRYPT_UNUSED const char* locatio defaultThrow(env, message); break; } - result = true; } ERR_clear_error(); - return result; } int throwSocketTimeoutException(JNIEnv* env, const char* message) { JNI_TRACE("throwSocketTimeoutException %s", message); - return conscrypt::jniutil::jniThrowException(env, "java/net/SocketTimeoutException", message); + return conscrypt::jniutil::throwException(env, "java/net/SocketTimeoutException", message); } int throwSSLHandshakeExceptionStr(JNIEnv* env, const char* message) { JNI_TRACE("throwSSLExceptionStr %s", message); - return conscrypt::jniutil::jniThrowException( + return conscrypt::jniutil::throwException( env, "javax/net/ssl/SSLHandshakeException", message); } int throwSSLExceptionStr(JNIEnv* env, const char* message) { JNI_TRACE("throwSSLExceptionStr %s", message); - return conscrypt::jniutil::jniThrowException(env, "javax/net/ssl/SSLException", message); + return conscrypt::jniutil::throwException(env, "javax/net/ssl/SSLException", message); } int throwSSLProtocolExceptionStr(JNIEnv* env, const char* message) { JNI_TRACE("throwSSLProtocolExceptionStr %s", message); - return conscrypt::jniutil::jniThrowException( + return conscrypt::jniutil::throwException( env, "javax/net/ssl/SSLProtocolException", message); } diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 9d78bf51..bd815876 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -72,7 +72,7 @@ static SSL_CTX* to_SSL_CTX(JNIEnv* env, jlong ssl_ctx_address, bool throwIfNull) SSL_CTX* ssl_ctx = reinterpret_cast<SSL_CTX*>(static_cast<uintptr_t>(ssl_ctx_address)); if ((ssl_ctx == nullptr) && throwIfNull) { JNI_TRACE("ssl_ctx == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "ssl_ctx == null"); + conscrypt::jniutil::throwNullPointerException(env, "ssl_ctx == null"); } return ssl_ctx; } @@ -81,7 +81,7 @@ static SSL* to_SSL(JNIEnv* env, jlong ssl_address, bool throwIfNull) { SSL* ssl = reinterpret_cast<SSL*>(static_cast<uintptr_t>(ssl_address)); if ((ssl == nullptr) && throwIfNull) { JNI_TRACE("ssl == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "ssl == null"); + conscrypt::jniutil::throwNullPointerException(env, "ssl == null"); } return ssl; } @@ -90,7 +90,7 @@ static BIO* to_SSL_BIO(JNIEnv* env, jlong bio_address, bool throwIfNull) { BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bio_address)); if ((bio == nullptr) && throwIfNull) { JNI_TRACE("bio == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); } return bio; } @@ -100,7 +100,7 @@ static SSL_SESSION* to_SSL_SESSION(JNIEnv* env, jlong ssl_session_address, bool reinterpret_cast<SSL_SESSION*>(static_cast<uintptr_t>(ssl_session_address)); if ((ssl_session == nullptr) && throwIfNull) { JNI_TRACE("ssl_session == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "ssl_session == null"); + conscrypt::jniutil::throwNullPointerException(env, "ssl_session == null"); } return ssl_session; } @@ -110,7 +110,7 @@ static SSL_CIPHER* to_SSL_CIPHER(JNIEnv* env, jlong ssl_cipher_address, bool thr reinterpret_cast<SSL_CIPHER*>(static_cast<uintptr_t>(ssl_cipher_address)); if ((ssl_cipher == nullptr) && throwIfNull) { JNI_TRACE("ssl_cipher == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "ssl_cipher == null"); + conscrypt::jniutil::throwNullPointerException(env, "ssl_cipher == null"); } return ssl_cipher; } @@ -119,14 +119,14 @@ template <typename T> static T* fromContextObject(JNIEnv* env, jobject contextObject) { if (contextObject == nullptr) { JNI_TRACE("contextObject == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "contextObject == null"); + conscrypt::jniutil::throwNullPointerException(env, "contextObject == null"); return nullptr; } T* ref = reinterpret_cast<T*>( env->GetLongField(contextObject, conscrypt::jniutil::nativeRef_context)); if (ref == nullptr) { JNI_TRACE("ref == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "ref == null"); + conscrypt::jniutil::throwNullPointerException(env, "ref == null"); return nullptr; } return ref; @@ -141,7 +141,7 @@ static bool arrayToBignum(JNIEnv* env, jbyteArray source, BIGNUM** dest) { JNI_TRACE("arrayToBignum(%p, %p)", source, dest); if (dest == nullptr) { JNI_TRACE("arrayToBignum(%p, %p) => dest is null!", source, dest); - conscrypt::jniutil::jniThrowNullPointerException(env, "dest == null"); + conscrypt::jniutil::throwNullPointerException(env, "dest == null"); return false; } JNI_TRACE("arrayToBignum(%p, %p) *dest == %p", source, dest, *dest); @@ -182,7 +182,8 @@ static bool arrayToBignum(JNIEnv* env, jbyteArray source, BIGNUM** dest) { } BIGNUM* ret = BN_bin2bn(tmp, tmpSize, *dest); if (ret == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "Conversion to BIGNUM failed"); + conscrypt::jniutil::throwRuntimeException(env, "Conversion to BIGNUM failed"); + ERR_clear_error(); JNI_TRACE("arrayToBignum(%p, %p) => threw exception", source, dest); return false; } @@ -216,7 +217,7 @@ static bool arrayToBignumSize(JNIEnv* env, jbyteArray source, size_t* out_size) if ((tmp[0] & 0x80) != 0) { // Negative numbers are invalid. - conscrypt::jniutil::jniThrowRuntimeException(env, "Negative number"); + conscrypt::jniutil::throwRuntimeException(env, "Negative number"); return false; } @@ -236,7 +237,7 @@ static jbyteArray bignumToArray(JNIEnv* env, const BIGNUM* source, const char* s JNI_TRACE("bignumToArray(%p, %s)", source, sourceName); if (source == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, sourceName); + conscrypt::jniutil::throwNullPointerException(env, sourceName); return nullptr; } @@ -250,7 +251,7 @@ static jbyteArray bignumToArray(JNIEnv* env, const BIGNUM* source, const char* s unsigned char* tmp = reinterpret_cast<unsigned char*>(bytes.get()); if (BN_num_bytes(source) > 0 && BN_bn2bin(source, tmp + 1) <= 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "bignumToArray"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "bignumToArray"); return nullptr; } @@ -280,14 +281,14 @@ static jbyteArray bignumToArray(JNIEnv* env, const BIGNUM* source, const char* s template <typename T> jbyteArray ASN1ToByteArray(JNIEnv* env, T* obj, int (*i2d_func)(T*, unsigned char**)) { if (obj == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "ASN1 input == null"); + conscrypt::jniutil::throwNullPointerException(env, "ASN1 input == null"); JNI_TRACE("ASN1ToByteArray(%p) => null input", obj); return nullptr; } int derLen = i2d_func(obj, nullptr); if (derLen < 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "ASN1ToByteArray"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ASN1ToByteArray"); JNI_TRACE("ASN1ToByteArray(%p) => measurement failed", obj); return nullptr; } @@ -307,7 +308,7 @@ jbyteArray ASN1ToByteArray(JNIEnv* env, T* obj, int (*i2d_func)(T*, unsigned cha unsigned char* p = reinterpret_cast<unsigned char*>(bytes.get()); int ret = i2d_func(obj, &p); if (ret < 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "ASN1ToByteArray"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ASN1ToByteArray"); JNI_TRACE("ASN1ToByteArray(%p) => final conversion failed", obj); return nullptr; } @@ -323,7 +324,8 @@ jbyteArray CBBToByteArray(JNIEnv* env, CBB* cbb) { uint8_t* data; size_t len; if (!CBB_finish(cbb, &data, &len)) { - conscrypt::jniutil::jniThrowRuntimeException(env, "CBB_finish failed"); + conscrypt::jniutil::throwRuntimeException(env, "CBB_finish failed"); + ERR_clear_error(); JNI_TRACE("creating byte array failed"); return nullptr; } @@ -348,7 +350,7 @@ jbyteArray CBBToByteArray(JNIEnv* env, CBB* cbb) { jbyteArray CryptoBufferToByteArray(JNIEnv* env, const CRYPTO_BUFFER* buf) { if (CRYPTO_BUFFER_len(buf) > INT_MAX) { JNI_TRACE("buffer too large"); - conscrypt::jniutil::jniThrowRuntimeException(env, "buffer too large"); + conscrypt::jniutil::throwRuntimeException(env, "buffer too large"); return nullptr; } @@ -368,7 +370,7 @@ bssl::UniquePtr<CRYPTO_BUFFER> ByteArrayToCryptoBuffer(JNIEnv* env, const jbyteA CONSCRYPT_UNUSED CRYPTO_BUFFER_POOL* pool) { if (array == nullptr) { JNI_TRACE("array was null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "array == null"); + conscrypt::jniutil::throwNullPointerException(env, "array == null"); return nullptr; } @@ -382,7 +384,7 @@ bssl::UniquePtr<CRYPTO_BUFFER> ByteArrayToCryptoBuffer(JNIEnv* env, const jbyteA reinterpret_cast<const uint8_t*>(arrayRo.get()), arrayRo.size(), nullptr)); if (!ret) { JNI_TRACE("failed to allocate CRYPTO_BUFFER"); - conscrypt::jniutil::jniThrowOutOfMemory(env, "failed to allocate CRYPTO_BUFFER"); + conscrypt::jniutil::throwOutOfMemory(env, "failed to allocate CRYPTO_BUFFER"); return nullptr; } @@ -394,7 +396,7 @@ static jobjectArray CryptoBuffersToObjectArray(JNIEnv* env, size_t numBuffers = sk_CRYPTO_BUFFER_num(buffers); if (numBuffers > INT_MAX) { JNI_TRACE("too many buffers"); - conscrypt::jniutil::jniThrowRuntimeException(env, "too many buffers"); + conscrypt::jniutil::throwRuntimeException(env, "too many buffers"); return nullptr; } @@ -847,17 +849,18 @@ static void NativeCrypto_clinit(JNIEnv*, jclass) { static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jbyteArray e, jbyteArray d, jbyteArray p, jbyteArray q, jbyteArray dmp1, jbyteArray dmq1, jbyteArray iqmp) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_new_RSA(n=%p, e=%p, d=%p, p=%p, q=%p, dmp1=%p, dmq1=%p, iqmp=%p)", n, e, d, p, q, dmp1, dmq1, iqmp); bssl::UniquePtr<RSA> rsa(RSA_new()); if (rsa.get() == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "RSA_new failed"); + conscrypt::jniutil::throwRuntimeException(env, "RSA_new failed"); return 0; } if (e == nullptr && d == nullptr) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "e == null && d == null"); JNI_TRACE("NativeCrypto_EVP_PKEY_new_RSA => e == null && d == null"); return 0; @@ -903,7 +906,7 @@ static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jb } if (rsa->n == nullptr || (rsa->e == nullptr && rsa->d == nullptr)) { - conscrypt::jniutil::jniThrowRuntimeException(env, "Unable to convert BigInteger to BIGNUM"); + conscrypt::jniutil::throwRuntimeException(env, "Unable to convert BigInteger to BIGNUM"); return 0; } @@ -922,11 +925,12 @@ static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jb bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "EVP_PKEY_new failed"); + conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_new failed"); return 0; } if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { - conscrypt::jniutil::jniThrowRuntimeException(env, "EVP_PKEY_new failed"); + conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_new failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(rsa); @@ -937,6 +941,7 @@ static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jb static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject groupRef, jobject pubkeyRef, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p)", groupRef, pubkeyRef, keyJavaBytes); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); if (group == nullptr) { @@ -957,14 +962,14 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new()); if (eckey.get() == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "EC_KEY_new failed"); + conscrypt::jniutil::throwRuntimeException(env, "EC_KEY_new failed"); return 0; } if (EC_KEY_set_group(eckey.get(), group) != 1) { JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p) > EC_KEY_set_group failed", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_group"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_group"); return 0; } @@ -972,7 +977,7 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group if (EC_KEY_set_public_key(eckey.get(), pubkey) != 1) { JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p) => EC_KEY_set_private_key failed", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_public_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_public_key"); return 0; } } @@ -981,15 +986,15 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group if (EC_KEY_set_private_key(eckey.get(), key.get()) != 1) { JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p) => EC_KEY_set_private_key failed", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_private_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_private_key"); return 0; } if (pubkey == nullptr) { bssl::UniquePtr<EC_POINT> calcPubkey(EC_POINT_new(group)); if (!EC_POINT_mul(group, calcPubkey.get(), key.get(), nullptr, nullptr, nullptr)) { - JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p) => can't calulate public key", group, + JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p) => can't calculate public key", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_private_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_private_key"); return 0; } EC_KEY_set_public_key(eckey.get(), calcPubkey.get()); @@ -999,19 +1004,20 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group if (!EC_KEY_check_key(eckey.get())) { JNI_TRACE("EVP_KEY_new_EC_KEY(%p, %p, %p) => invalid key created", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_check_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_check_key"); return 0; } bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { JNI_TRACE("EVP_PKEY_new_EC(%p, %p, %p) => threw error", group, pubkey, keyJavaBytes); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_new failed"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_new failed"); return 0; } if (EVP_PKEY_assign_EC_KEY(pkey.get(), eckey.get()) != 1) { JNI_TRACE("EVP_PKEY_new_EC(%p, %p, %p) => threw error", group, pubkey, keyJavaBytes); - conscrypt::jniutil::jniThrowRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(eckey); @@ -1021,6 +1027,7 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group } static int NativeCrypto_EVP_PKEY_type(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_PKEY_type(%p)", pkey); @@ -1046,12 +1053,12 @@ static jstring evp_print_func(JNIEnv* env, jobject pkeyRef, print_func* func, bssl::UniquePtr<BIO> buffer(BIO_new(BIO_s_mem())); if (buffer.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate BIO"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate BIO"); return nullptr; } if (func(buffer.get(), pkey, 0, nullptr) != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, debug_name); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, debug_name); return nullptr; } // Null terminate this @@ -1066,14 +1073,17 @@ static jstring evp_print_func(JNIEnv* env, jobject pkeyRef, print_func* func, } static jstring NativeCrypto_EVP_PKEY_print_public(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_print_func(env, pkeyRef, EVP_PKEY_print_public, "EVP_PKEY_print_public"); } static jstring NativeCrypto_EVP_PKEY_print_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_print_func(env, pkeyRef, EVP_PKEY_print_params, "EVP_PKEY_print_params"); } -static void NativeCrypto_EVP_PKEY_free(JNIEnv*, jclass, jlong pkeyRef) { +static void NativeCrypto_EVP_PKEY_free(JNIEnv* env, jclass, jlong pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = reinterpret_cast<EVP_PKEY*>(pkeyRef); JNI_TRACE("EVP_PKEY_free(%p)", pkey); @@ -1083,6 +1093,7 @@ static void NativeCrypto_EVP_PKEY_free(JNIEnv*, jclass, jlong pkeyRef) { } static jint NativeCrypto_EVP_PKEY_cmp(JNIEnv* env, jclass, jobject pkey1Ref, jobject pkey2Ref) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_cmp(%p, %p)", pkey1Ref, pkey2Ref); EVP_PKEY* pkey1 = fromContextObject<EVP_PKEY>(env, pkey1Ref); if (pkey1 == nullptr) { @@ -1105,6 +1116,7 @@ static jint NativeCrypto_EVP_PKEY_cmp(JNIEnv* env, jclass, jobject pkey1Ref, job * static native byte[] EVP_marshal_private_key(long) */ static jbyteArray NativeCrypto_EVP_marshal_private_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_marshal_private_key(%p)", pkey); @@ -1114,13 +1126,13 @@ static jbyteArray NativeCrypto_EVP_marshal_private_key(JNIEnv* env, jclass, jobj bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 64)) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "CBB_init failed"); + conscrypt::jniutil::throwOutOfMemory(env, "CBB_init failed"); JNI_TRACE("CBB_init failed"); return nullptr; } if (!EVP_marshal_private_key(cbb.get(), pkey)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_marshal_private_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_marshal_private_key"); JNI_TRACE("key=%p EVP_marshal_private_key => error", pkey); return nullptr; } @@ -1132,6 +1144,7 @@ static jbyteArray NativeCrypto_EVP_marshal_private_key(JNIEnv* env, jclass, jobj * static native long EVP_parse_private_key(byte[]) */ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_parse_private_key(%p)", keyJavaBytes); ScopedByteArrayRO bytes(env, keyJavaBytes); @@ -1148,6 +1161,7 @@ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray // so we do the same for compatibility. if (!pkey) { conscrypt::jniutil::throwParsingException(env, "Error parsing private key"); + ERR_clear_error(); JNI_TRACE("bytes=%p EVP_parse_private_key => threw exception", keyJavaBytes); return 0; } @@ -1160,6 +1174,7 @@ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray * static native byte[] EVP_marshal_public_key(long) */ static jbyteArray NativeCrypto_EVP_marshal_public_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_marshal_public_key(%p)", pkey); @@ -1169,13 +1184,13 @@ static jbyteArray NativeCrypto_EVP_marshal_public_key(JNIEnv* env, jclass, jobje bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 64)) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "CBB_init failed"); + conscrypt::jniutil::throwOutOfMemory(env, "CBB_init failed"); JNI_TRACE("CBB_init failed"); return nullptr; } if (!EVP_marshal_public_key(cbb.get(), pkey)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_marshal_public_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_marshal_public_key"); JNI_TRACE("key=%p EVP_marshal_public_key => error", pkey); return nullptr; } @@ -1187,6 +1202,7 @@ static jbyteArray NativeCrypto_EVP_marshal_public_key(JNIEnv* env, jclass, jobje * static native long EVP_parse_public_key(byte[]) */ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_parse_public_key(%p)", keyJavaBytes); ScopedByteArrayRO bytes(env, keyJavaBytes); @@ -1203,6 +1219,7 @@ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray k // so we do the same for compatibility. if (!pkey) { conscrypt::jniutil::throwParsingException(env, "Error parsing public key"); + ERR_clear_error(); JNI_TRACE("bytes=%p EVP_parse_public_key => threw exception", keyJavaBytes); return 0; } @@ -1213,6 +1230,7 @@ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray k static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject javaKey, jbyteArray modulusBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("getRSAPrivateKeyWrapper(%p, %p)", javaKey, modulusBytes); size_t cached_size; @@ -1225,7 +1243,7 @@ static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject j bssl::UniquePtr<RSA> rsa(RSA_new_method(g_engine)); if (rsa.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate RSA key"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate RSA key"); return 0; } @@ -1237,14 +1255,15 @@ static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject j bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { JNI_TRACE("getRSAPrivateKeyWrapper failed"); - conscrypt::jniutil::jniThrowRuntimeException(env, + conscrypt::jniutil::throwRuntimeException(env, "NativeCrypto_getRSAPrivateKeyWrapper failed"); ERR_clear_error(); return 0; } if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { - conscrypt::jniutil::jniThrowRuntimeException(env, "getRSAPrivateKeyWrapper failed"); + conscrypt::jniutil::throwRuntimeException(env, "getRSAPrivateKeyWrapper failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(rsa); @@ -1253,6 +1272,7 @@ static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject j static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject javaKey, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("getECPrivateKeyWrapper(%p, %p)", javaKey, group); if (group == nullptr) { @@ -1263,13 +1283,13 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja bssl::UniquePtr<EC_KEY> ecKey(EC_KEY_new_method(g_engine)); if (ecKey.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate EC key"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate EC key"); return 0; } if (EC_KEY_set_group(ecKey.get(), group) != 1) { JNI_TRACE("getECPrivateKeyWrapper(%p, %p) => EC_KEY_set_group error", javaKey, group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_group"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_group"); return 0; } @@ -1279,21 +1299,23 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja if (!EC_KEY_set_ex_data(ecKey.get(), g_ecdsa_exdata_index, ex_data)) { env->DeleteGlobalRef(ex_data->private_key); delete ex_data; - conscrypt::jniutil::jniThrowRuntimeException(env, "EC_KEY_set_ex_data"); + conscrypt::jniutil::throwRuntimeException(env, "EC_KEY_set_ex_data"); + ERR_clear_error(); return 0; } bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { JNI_TRACE("getECPrivateKeyWrapper failed"); - conscrypt::jniutil::jniThrowRuntimeException(env, + conscrypt::jniutil::throwRuntimeException(env, "NativeCrypto_getECPrivateKeyWrapper failed"); ERR_clear_error(); return 0; } if (EVP_PKEY_assign_EC_KEY(pkey.get(), ecKey.get()) != 1) { - conscrypt::jniutil::jniThrowRuntimeException(env, "getECPrivateKeyWrapper failed"); + conscrypt::jniutil::throwRuntimeException(env, "getECPrivateKeyWrapper failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(ecKey); @@ -1305,6 +1327,7 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja */ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusBits, jbyteArray publicExponent) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("RSA_generate_key_ex(%d, %p)", modulusBits, publicExponent); BIGNUM* eRef = nullptr; @@ -1315,23 +1338,24 @@ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusB bssl::UniquePtr<RSA> rsa(RSA_new()); if (rsa.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate RSA key"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate RSA key"); return 0; } if (RSA_generate_key_ex(rsa.get(), modulusBits, e.get(), nullptr) != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "RSA_generate_key_ex failed"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "RSA_generate_key_ex failed"); return 0; } bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate RSA key"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate RSA key"); return 0; } if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { - conscrypt::jniutil::jniThrowRuntimeException(env, "RSA_generate_key_ex failed"); + conscrypt::jniutil::throwRuntimeException(env, "RSA_generate_key_ex failed"); + ERR_clear_error(); return 0; } @@ -1341,6 +1365,7 @@ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusB } static jint NativeCrypto_RSA_size(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("RSA_size(%p)", pkey); @@ -1350,7 +1375,8 @@ static jint NativeCrypto_RSA_size(JNIEnv* env, jclass, jobject pkeyRef) { bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(pkey)); if (rsa.get() == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "RSA_size failed"); + conscrypt::jniutil::throwRuntimeException(env, "RSA_size failed"); + ERR_clear_error(); return 0; } @@ -1363,6 +1389,7 @@ typedef int RSACryptOperation(size_t flen, const unsigned char* from, unsigned c static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, JNIEnv* env, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("%s(%d, %p, %p, %p)", caller, flen, fromJavaBytes, toJavaBytes, pkey); @@ -1389,10 +1416,12 @@ static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, operation(static_cast<size_t>(flen), reinterpret_cast<const unsigned char*>(from.get()), reinterpret_cast<unsigned char*>(to.get()), rsa.get(), padding); if (resultSize == -1) { - if (conscrypt::jniutil::throwExceptionIfNecessary(env, caller)) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, caller); JNI_TRACE("%s => threw error", caller); } else { conscrypt::jniutil::throwBadPaddingException(env, caller); + ERR_clear_error(); JNI_TRACE("%s => threw padding exception", caller); } return -1; @@ -1406,24 +1435,28 @@ static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, static jint NativeCrypto_RSA_private_encrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_private_encrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_public_decrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_public_decrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_public_encrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_public_encrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_private_decrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_private_decrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } @@ -1432,6 +1465,7 @@ static jint NativeCrypto_RSA_private_decrypt(JNIEnv* env, jclass, jint flen, * public static native byte[][] get_RSA_public_params(long); */ static jobjectArray NativeCrypto_get_RSA_public_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("get_RSA_public_params(%p)", pkey); @@ -1441,7 +1475,7 @@ static jobjectArray NativeCrypto_get_RSA_public_params(JNIEnv* env, jclass, jobj bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(pkey)); if (rsa.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "get_RSA_public_params failed"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "get_RSA_public_params failed"); return nullptr; } @@ -1469,6 +1503,7 @@ static jobjectArray NativeCrypto_get_RSA_public_params(JNIEnv* env, jclass, jobj * public static native byte[][] get_RSA_private_params(long); */ static jobjectArray NativeCrypto_get_RSA_private_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("get_RSA_public_params(%p)", pkey); @@ -1478,7 +1513,7 @@ static jobjectArray NativeCrypto_get_RSA_private_params(JNIEnv* env, jclass, job bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(pkey)); if (rsa.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "get_RSA_public_params failed"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "get_RSA_public_params failed"); return nullptr; } @@ -1555,6 +1590,7 @@ static jobjectArray NativeCrypto_get_RSA_private_params(JNIEnv* env, jclass, job static void NativeCrypto_chacha20_encrypt_decrypt(JNIEnv* env, jclass, jbyteArray inBytes, jint inOffset, jbyteArray outBytes, jint outOffset, jint length, jbyteArray keyBytes, jbyteArray nonceBytes, jint blockCounter) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("chacha20_encrypt_decrypt"); ScopedByteArrayRO in(env, inBytes); if (in.get() == nullptr) { @@ -1587,6 +1623,7 @@ static void NativeCrypto_chacha20_encrypt_decrypt(JNIEnv* env, jclass, jbyteArra } static jlong NativeCrypto_EC_GROUP_new_by_curve_name(JNIEnv* env, jclass, jstring curveNameJava) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_GROUP_new_by_curve_name(%p)", curveNameJava); ScopedUtfChars curveName(env, curveNameJava); @@ -1616,13 +1653,14 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray jbyteArray aBytes, jbyteArray bBytes, jbyteArray xBytes, jbyteArray yBytes, jbyteArray orderBytes, jint cofactorInt) { + CHECK_ERROR_QUEUE_ON_RETURN; BIGNUM *p = nullptr, *a = nullptr, *b = nullptr, *x = nullptr, *y = nullptr; BIGNUM *order = nullptr, *cofactor = nullptr; JNI_TRACE("EC_GROUP_new_arbitrary"); if (cofactorInt < 1) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "cofactor < 1"); return 0; } @@ -1657,7 +1695,7 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray bssl::UniquePtr<EC_GROUP> group(EC_GROUP_new_curve_GFp(p, a, b, ctx.get())); if (group.get() == nullptr) { JNI_TRACE("EC_GROUP_new_curve_GFp => null"); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_GROUP_new_curve_GFp"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_GROUP_new_curve_GFp"); return 0; } @@ -1670,13 +1708,13 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray if (!EC_POINT_set_affine_coordinates_GFp(group.get(), generator.get(), x, y, ctx.get())) { JNI_TRACE("EC_POINT_set_affine_coordinates_GFp => error"); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_POINT_set_affine_coordinates_GFp"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_POINT_set_affine_coordinates_GFp"); return 0; } if (!EC_GROUP_set_generator(group.get(), generator.get(), order, cofactor)) { JNI_TRACE("EC_GROUP_set_generator => error"); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_GROUP_set_generator"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_GROUP_set_generator"); return 0; } @@ -1685,6 +1723,7 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray } static jstring NativeCrypto_EC_GROUP_get_curve_name(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_curve_name(%p)", group); @@ -1705,6 +1744,7 @@ static jstring NativeCrypto_EC_GROUP_get_curve_name(JNIEnv* env, jclass, jobject } static jobjectArray NativeCrypto_EC_GROUP_get_curve(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_curve(%p)", group); if (group == nullptr) { @@ -1718,7 +1758,7 @@ static jobjectArray NativeCrypto_EC_GROUP_get_curve(JNIEnv* env, jclass, jobject int ret = EC_GROUP_get_curve_GFp(group, p.get(), a.get(), b.get(), nullptr); if (ret != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_GROUP_get_curve"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_GROUP_get_curve"); return nullptr; } @@ -1750,6 +1790,7 @@ static jobjectArray NativeCrypto_EC_GROUP_get_curve(JNIEnv* env, jclass, jobject } static jbyteArray NativeCrypto_EC_GROUP_get_order(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_order(%p)", group); if (group == nullptr) { @@ -1759,13 +1800,13 @@ static jbyteArray NativeCrypto_EC_GROUP_get_order(JNIEnv* env, jclass, jobject g bssl::UniquePtr<BIGNUM> order(BN_new()); if (order.get() == nullptr) { JNI_TRACE("EC_GROUP_get_order(%p) => can't create BN", group); - conscrypt::jniutil::jniThrowOutOfMemory(env, "BN_new"); + conscrypt::jniutil::throwOutOfMemory(env, "BN_new"); return nullptr; } if (EC_GROUP_get_order(group, order.get(), nullptr) != 1) { JNI_TRACE("EC_GROUP_get_order(%p) => threw error", group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_GROUP_get_order"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_GROUP_get_order"); return nullptr; } @@ -1779,6 +1820,7 @@ static jbyteArray NativeCrypto_EC_GROUP_get_order(JNIEnv* env, jclass, jobject g } static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_degree(%p)", group); if (group == nullptr) { @@ -1788,7 +1830,8 @@ static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupR jint degree = static_cast<jint>(EC_GROUP_get_degree(group)); if (degree == 0) { JNI_TRACE("EC_GROUP_get_degree(%p) => unsupported", group); - conscrypt::jniutil::jniThrowRuntimeException(env, "not supported"); + conscrypt::jniutil::throwRuntimeException(env, "not supported"); + ERR_clear_error(); return 0; } @@ -1797,6 +1840,7 @@ static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupR } static jbyteArray NativeCrypto_EC_GROUP_get_cofactor(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_cofactor(%p)", group); if (group == nullptr) { @@ -1806,13 +1850,13 @@ static jbyteArray NativeCrypto_EC_GROUP_get_cofactor(JNIEnv* env, jclass, jobjec bssl::UniquePtr<BIGNUM> cofactor(BN_new()); if (cofactor.get() == nullptr) { JNI_TRACE("EC_GROUP_get_cofactor(%p) => can't create BN", group); - conscrypt::jniutil::jniThrowOutOfMemory(env, "BN_new"); + conscrypt::jniutil::throwOutOfMemory(env, "BN_new"); return nullptr; } if (EC_GROUP_get_cofactor(group, cofactor.get(), nullptr) != 1) { JNI_TRACE("EC_GROUP_get_cofactor(%p) => threw error", group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_GROUP_get_cofactor"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_GROUP_get_cofactor"); return nullptr; } @@ -1826,12 +1870,13 @@ static jbyteArray NativeCrypto_EC_GROUP_get_cofactor(JNIEnv* env, jclass, jobjec } static void NativeCrypto_EC_GROUP_clear_free(JNIEnv* env, jclass, jlong groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_GROUP* group = reinterpret_cast<EC_GROUP*>(groupRef); JNI_TRACE("EC_GROUP_clear_free(%p)", group); if (group == nullptr) { JNI_TRACE("EC_GROUP_clear_free => group == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "group == null"); + conscrypt::jniutil::throwNullPointerException(env, "group == null"); return; } @@ -1840,6 +1885,7 @@ static void NativeCrypto_EC_GROUP_clear_free(JNIEnv* env, jclass, jlong groupRef } static jlong NativeCrypto_EC_GROUP_get_generator(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_generator(%p)", group); @@ -1853,7 +1899,7 @@ static jlong NativeCrypto_EC_GROUP_get_generator(JNIEnv* env, jclass, jobject gr bssl::UniquePtr<EC_POINT> dup(EC_POINT_dup(generator, group)); if (dup.get() == nullptr) { JNI_TRACE("EC_GROUP_get_generator(%p) => oom error", group); - conscrypt::jniutil::jniThrowOutOfMemory(env, "unable to dupe generator"); + conscrypt::jniutil::throwOutOfMemory(env, "unable to dupe generator"); return 0; } @@ -1862,6 +1908,7 @@ static jlong NativeCrypto_EC_GROUP_get_generator(JNIEnv* env, jclass, jobject gr } static jlong NativeCrypto_EC_POINT_new(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_POINT_new(%p)", group); @@ -1872,7 +1919,7 @@ static jlong NativeCrypto_EC_POINT_new(JNIEnv* env, jclass, jobject groupRef) { EC_POINT* point = EC_POINT_new(group); if (point == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable create an EC_POINT"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable create an EC_POINT"); return 0; } @@ -1880,12 +1927,13 @@ static jlong NativeCrypto_EC_POINT_new(JNIEnv* env, jclass, jobject groupRef) { } static void NativeCrypto_EC_POINT_clear_free(JNIEnv* env, jclass, jlong groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_POINT* group = reinterpret_cast<EC_POINT*>(groupRef); JNI_TRACE("EC_POINT_clear_free(%p)", group); if (group == nullptr) { JNI_TRACE("EC_POINT_clear_free => group == null"); - conscrypt::jniutil::jniThrowNullPointerException(env, "group == null"); + conscrypt::jniutil::throwNullPointerException(env, "group == null"); return; } @@ -1896,6 +1944,7 @@ static void NativeCrypto_EC_POINT_clear_free(JNIEnv* env, jclass, jlong groupRef static void NativeCrypto_EC_POINT_set_affine_coordinates(JNIEnv* env, jclass, jobject groupRef, jobject pointRef, jbyteArray xjavaBytes, jbyteArray yjavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_POINT_set_affine_coordinates(%p, %p, %p, %p)", groupRef, pointRef, xjavaBytes, yjavaBytes); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); @@ -1923,7 +1972,8 @@ static void NativeCrypto_EC_POINT_set_affine_coordinates(JNIEnv* env, jclass, jo int ret = EC_POINT_set_affine_coordinates_GFp(group, point, x.get(), y.get(), nullptr); if (ret != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_POINT_set_affine_coordinates"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_POINT_set_affine_coordinates"); + return; } JNI_TRACE("EC_POINT_set_affine_coordinates(%p, %p, %p, %p) => %d", group, point, xjavaBytes, @@ -1933,6 +1983,7 @@ static void NativeCrypto_EC_POINT_set_affine_coordinates(JNIEnv* env, jclass, jo static jobjectArray NativeCrypto_EC_POINT_get_affine_coordinates(JNIEnv* env, jclass, jobject groupRef, jobject pointRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_POINT_get_affine_coordinates(%p, %p)", groupRef, pointRef); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); if (group == nullptr) { @@ -1950,7 +2001,7 @@ static jobjectArray NativeCrypto_EC_POINT_get_affine_coordinates(JNIEnv* env, jc int ret = EC_POINT_get_affine_coordinates_GFp(group, point, x.get(), y.get(), nullptr); if (ret != 1) { JNI_TRACE("EC_POINT_get_affine_coordinates(%p, %p)", group, point); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_POINT_get_affine_coordinates"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_POINT_get_affine_coordinates"); return nullptr; } @@ -1976,6 +2027,7 @@ static jobjectArray NativeCrypto_EC_POINT_get_affine_coordinates(JNIEnv* env, jc } static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_KEY_generate_key(%p)", group); if (group == nullptr) { @@ -1985,30 +2037,31 @@ static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject group bssl::UniquePtr<EC_KEY> eckey(EC_KEY_new()); if (eckey.get() == nullptr) { JNI_TRACE("EC_KEY_generate_key(%p) => EC_KEY_new() oom", group); - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to create an EC_KEY"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to create an EC_KEY"); return 0; } if (EC_KEY_set_group(eckey.get(), group) != 1) { JNI_TRACE("EC_KEY_generate_key(%p) => EC_KEY_set_group error", group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_group"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_group"); return 0; } if (EC_KEY_generate_key(eckey.get()) != 1) { JNI_TRACE("EC_KEY_generate_key(%p) => EC_KEY_generate_key error", group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_set_group"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_set_group"); return 0; } bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); if (pkey.get() == nullptr) { JNI_TRACE("EC_KEY_generate_key(%p) => threw error", group); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EC_KEY_generate_key"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EC_KEY_generate_key"); return 0; } if (EVP_PKEY_assign_EC_KEY(pkey.get(), eckey.get()) != 1) { - conscrypt::jniutil::jniThrowRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(eckey); @@ -2018,6 +2071,7 @@ static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject group } static jlong NativeCrypto_EC_KEY_get1_group(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get1_group(%p)", pkey); @@ -2027,7 +2081,7 @@ static jlong NativeCrypto_EC_KEY_get1_group(JNIEnv* env, jclass, jobject pkeyRef } if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) { - conscrypt::jniutil::jniThrowRuntimeException(env, "not EC key"); + conscrypt::jniutil::throwRuntimeException(env, "not EC key"); JNI_TRACE("EC_KEY_get1_group(%p) => not EC key (type == %d)", pkey, EVP_PKEY_type(pkey->type)); return 0; @@ -2039,6 +2093,7 @@ static jlong NativeCrypto_EC_KEY_get1_group(JNIEnv* env, jclass, jobject pkeyRef } static jbyteArray NativeCrypto_EC_KEY_get_private_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get_private_key(%p)", pkey); @@ -2049,7 +2104,7 @@ static jbyteArray NativeCrypto_EC_KEY_get_private_key(JNIEnv* env, jclass, jobje bssl::UniquePtr<EC_KEY> eckey(EVP_PKEY_get1_EC_KEY(pkey)); if (eckey.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_get1_EC_KEY"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_get1_EC_KEY"); return nullptr; } @@ -2066,6 +2121,7 @@ static jbyteArray NativeCrypto_EC_KEY_get_private_key(JNIEnv* env, jclass, jobje } static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get_public_key(%p)", pkey); @@ -2076,7 +2132,7 @@ static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pke bssl::UniquePtr<EC_KEY> eckey(EVP_PKEY_get1_EC_KEY(pkey)); if (eckey.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_get1_EC_KEY"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_get1_EC_KEY"); return 0; } @@ -2084,7 +2140,8 @@ static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pke EC_POINT_dup(EC_KEY_get0_public_key(eckey.get()), EC_KEY_get0_group(eckey.get()))); if (dup.get() == nullptr) { JNI_TRACE("EC_KEY_get_public_key(%p) => can't dup public key", pkey); - conscrypt::jniutil::jniThrowRuntimeException(env, "EC_POINT_dup"); + conscrypt::jniutil::throwRuntimeException(env, "EC_POINT_dup"); + ERR_clear_error(); return 0; } @@ -2093,6 +2150,7 @@ static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pke } static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_KEY_marshal_curve_name(%p)", group); if (group == nullptr) { @@ -2102,13 +2160,14 @@ static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jo bssl::ScopedCBB cbb; if (!CBB_init(cbb.get(), 64)) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "CBB_init failed"); + conscrypt::jniutil::throwOutOfMemory(env, "CBB_init failed"); JNI_TRACE("CBB_init failed"); return nullptr; } if (!EC_KEY_marshal_curve_name(cbb.get(), group)) { conscrypt::jniutil::throwIOException(env, "Error writing ASN.1 encoding"); + ERR_clear_error(); JNI_TRACE("group=%p EC_KEY_marshal_curve_name => error", group); return nullptr; } @@ -2117,6 +2176,7 @@ static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jo } static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArray curveNameBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_KEY_parse_curve_name(%p)", curveNameBytes); ScopedByteArrayRO bytes(env, curveNameBytes); @@ -2131,6 +2191,7 @@ static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArra bssl::UniquePtr<EC_GROUP> group(EC_KEY_parse_curve_name(&cbs)); if (!group || CBS_len(&cbs) != 0) { conscrypt::jniutil::throwIOException(env, "Error reading ASN.1 encoding"); + ERR_clear_error(); JNI_TRACE("bytes=%p EC_KEY_parse_curve_name => threw exception", curveNameBytes); return 0; } @@ -2141,6 +2202,7 @@ static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArra static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArray, jint outOffset, jobject pubkeyRef, jobject privkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("ECDH_compute_key(%p, %d, %p, %p)", outArray, outOffset, pubkeyRef, privkeyRef); EVP_PKEY* pubPkey = fromContextObject<EVP_PKEY>(env, pubkeyRef); if (pubPkey == nullptr) { @@ -2162,21 +2224,21 @@ static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArr } if (ARRAY_OFFSET_INVALID(out, outOffset)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", nullptr); return -1; } if (pubPkey == nullptr) { JNI_TRACE("ECDH_compute_key(%p) => pubPkey == null", pubPkey); - conscrypt::jniutil::jniThrowNullPointerException(env, "pubPkey == null"); + conscrypt::jniutil::throwNullPointerException(env, "pubPkey == null"); return -1; } bssl::UniquePtr<EC_KEY> pubkey(EVP_PKEY_get1_EC_KEY(pubPkey)); if (pubkey.get() == nullptr) { JNI_TRACE("ECDH_compute_key(%p) => can't get public key", pubPkey); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_get1_EC_KEY public", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_get1_EC_KEY public", conscrypt::jniutil::throwInvalidKeyException); return -1; } @@ -2184,20 +2246,20 @@ static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArr const EC_POINT* pubkeyPoint = EC_KEY_get0_public_key(pubkey.get()); if (pubkeyPoint == nullptr) { JNI_TRACE("ECDH_compute_key(%p) => can't get public key point", pubPkey); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_get1_EC_KEY public", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_get1_EC_KEY public", conscrypt::jniutil::throwInvalidKeyException); return -1; } if (privPkey == nullptr) { JNI_TRACE("ECDH_compute_key(%p) => privKey == null", pubPkey); - conscrypt::jniutil::jniThrowNullPointerException(env, "privPkey == null"); + conscrypt::jniutil::throwNullPointerException(env, "privPkey == null"); return -1; } bssl::UniquePtr<EC_KEY> privkey(EVP_PKEY_get1_EC_KEY(privPkey)); if (privkey.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_get1_EC_KEY private", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_get1_EC_KEY private", conscrypt::jniutil::throwInvalidKeyException); return -1; } @@ -2207,7 +2269,7 @@ static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArr privkey.get(), nullptr /* No KDF */); if (outputLength == -1) { JNI_TRACE("ECDH_compute_key(%p) => outputLength = -1", pubPkey); - conscrypt::jniutil::throwExceptionIfNecessary(env, "ECDH_compute_key", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ECDH_compute_key", conscrypt::jniutil::throwInvalidKeyException); return -1; } @@ -2217,6 +2279,7 @@ static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArr } static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_size(%p)", pkey); @@ -2226,7 +2289,8 @@ static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { bssl::UniquePtr<EC_KEY> ec_key(EVP_PKEY_get1_EC_KEY(pkey)); if (ec_key.get() == nullptr) { - conscrypt::jniutil::jniThrowRuntimeException(env, "ECDSA_size failed"); + conscrypt::jniutil::throwRuntimeException(env, "ECDSA_size failed"); + ERR_clear_error(); return 0; } @@ -2238,6 +2302,7 @@ static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { static jint NativeCrypto_ECDSA_sign(JNIEnv* env, jclass, jbyteArray data, jbyteArray sig, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_sign(%p, %p, %p)", data, sig, pkey); @@ -2265,7 +2330,8 @@ static jint NativeCrypto_ECDSA_sign(JNIEnv* env, jclass, jbyteArray data, jbyteA data_array.size(), reinterpret_cast<unsigned char*>(sig_array.get()), &sig_size, ec_key.get()); if (result == 0) { - if (conscrypt::jniutil::throwExceptionIfNecessary(env, "ECDSA_sign")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ECDSA_sign"); JNI_TRACE("ECDSA_sign => threw error"); } return -1; @@ -2277,6 +2343,7 @@ static jint NativeCrypto_ECDSA_sign(JNIEnv* env, jclass, jbyteArray data, jbyteA static jint NativeCrypto_ECDSA_verify(JNIEnv* env, jclass, jbyteArray data, jbyteArray sig, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_verify(%p, %p, %p)", data, sig, pkey); @@ -2315,12 +2382,12 @@ static jint NativeCrypto_ECDSA_verify(JNIEnv* env, jclass, jbyteArray data, jbyt JNI_TRACE("ECDSA_verify(%p, %p, %p) => %d", data, sig, pkey, result); return 0; } - if (conscrypt::jniutil::throwExceptionIfNecessary(env, "ECDSA_verify")) { + if (error != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ECDSA_verify"); JNI_TRACE("ECDSA_verify => threw error"); - } else { - return 0; + return -1; } - return -1; + return 0; } JNI_TRACE("ECDSA_verify(%p, %p, %p) => %d", data, sig, pkey, result); @@ -2328,11 +2395,12 @@ static jint NativeCrypto_ECDSA_verify(JNIEnv* env, jclass, jbyteArray data, jbyt } static jlong NativeCrypto_EVP_MD_CTX_create(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE_MD("EVP_MD_CTX_create()"); bssl::UniquePtr<EVP_MD_CTX> ctx(EVP_MD_CTX_create()); if (ctx.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable create a EVP_MD_CTX"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable create a EVP_MD_CTX"); return 0; } @@ -2341,6 +2409,7 @@ static jlong NativeCrypto_EVP_MD_CTX_create(JNIEnv* env, jclass) { } static void NativeCrypto_EVP_MD_CTX_cleanup(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, ctxRef); JNI_TRACE_MD("EVP_MD_CTX_cleanup(%p)", ctx); @@ -2349,7 +2418,8 @@ static void NativeCrypto_EVP_MD_CTX_cleanup(JNIEnv* env, jclass, jobject ctxRef) } } -static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv*, jclass, jlong ctxRef) { +static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv* env, jclass, jlong ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = reinterpret_cast<EVP_MD_CTX*>(ctxRef); JNI_TRACE_MD("EVP_MD_CTX_destroy(%p)", ctx); @@ -2360,6 +2430,7 @@ static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv*, jclass, jlong ctxRef) { static jint NativeCrypto_EVP_MD_CTX_copy_ex(JNIEnv* env, jclass, jobject dstCtxRef, jobject srcCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE_MD("EVP_MD_CTX_copy_ex(%p. %p)", dstCtxRef, srcCtxRef); EVP_MD_CTX* dst_ctx = fromContextObject<EVP_MD_CTX>(env, dstCtxRef); if (dst_ctx == nullptr) { @@ -2375,7 +2446,7 @@ static jint NativeCrypto_EVP_MD_CTX_copy_ex(JNIEnv* env, jclass, jobject dstCtxR int result = EVP_MD_CTX_copy_ex(dst_ctx, src_ctx); if (result == 0) { - conscrypt::jniutil::jniThrowRuntimeException(env, "Unable to copy EVP_MD_CTX"); + conscrypt::jniutil::throwRuntimeException(env, "Unable to copy EVP_MD_CTX"); ERR_clear_error(); } @@ -2388,6 +2459,7 @@ static jint NativeCrypto_EVP_MD_CTX_copy_ex(JNIEnv* env, jclass, jobject dstCtxR */ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, jbyteArray hash, jint offset) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, ctxRef); JNI_TRACE_MD("EVP_DigestFinal_ex(%p, %p, %d)", ctx, hash, offset); @@ -2395,7 +2467,7 @@ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, JNI_TRACE("EVP_DigestFinal_ex => ctx == null"); return -1; } else if (hash == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "hash == null"); + conscrypt::jniutil::throwNullPointerException(env, "hash == null"); return -1; } @@ -2407,7 +2479,8 @@ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, int ok = EVP_DigestFinal_ex(ctx, reinterpret_cast<unsigned char*>(hashBytes.get() + offset), &bytesWritten); if (ok == 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_DigestFinal_ex"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_DigestFinal_ex"); + return -1; } JNI_TRACE_MD("EVP_DigestFinal_ex(%p, %p, %d) => %d (%d)", ctx, hash, offset, bytesWritten, ok); @@ -2416,6 +2489,7 @@ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, static jint NativeCrypto_EVP_DigestInit_ex(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); const EVP_MD* evp_md = reinterpret_cast<const EVP_MD*>(evpMdRef); JNI_TRACE_MD("EVP_DigestInit_ex(%p, %p)", ctx, evp_md); @@ -2424,14 +2498,14 @@ static jint NativeCrypto_EVP_DigestInit_ex(JNIEnv* env, jclass, jobject evpMdCtx JNI_TRACE("EVP_DigestInit_ex(%p) => ctx == null", evp_md); return 0; } else if (evp_md == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "evp_md == null"); + conscrypt::jniutil::throwNullPointerException(env, "evp_md == null"); return 0; } int ok = EVP_DigestInit_ex(ctx, evp_md, nullptr); if (ok == 0) { - bool exception = conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_DigestInit_ex"); - if (exception) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_DigestInit_ex"); JNI_TRACE("EVP_DigestInit_ex(%p) => threw exception", evp_md); return 0; } @@ -2444,10 +2518,11 @@ static jint NativeCrypto_EVP_DigestInit_ex(JNIEnv* env, jclass, jobject evpMdCtx * public static native int EVP_get_digestbyname(java.lang.String) */ static jlong NativeCrypto_EVP_get_digestbyname(JNIEnv* env, jclass, jstring algorithm) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_EVP_get_digestbyname(%p)", algorithm); if (algorithm == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, nullptr); + conscrypt::jniutil::throwNullPointerException(env, nullptr); return -1; } @@ -2476,7 +2551,7 @@ static jlong NativeCrypto_EVP_get_digestbyname(JNIEnv* env, jclass, jstring algo md = EVP_sha512(); } else { JNI_TRACE("NativeCrypto_EVP_get_digestbyname(%s) => error", alg); - conscrypt::jniutil::jniThrowRuntimeException(env, "Hash algorithm not found"); + conscrypt::jniutil::throwRuntimeException(env, "Hash algorithm not found"); return 0; } @@ -2487,11 +2562,12 @@ static jlong NativeCrypto_EVP_get_digestbyname(JNIEnv* env, jclass, jstring algo * public static native int EVP_MD_size(long) */ static jint NativeCrypto_EVP_MD_size(JNIEnv* env, jclass, jlong evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD* evp_md = reinterpret_cast<EVP_MD*>(evpMdRef); JNI_TRACE("NativeCrypto_EVP_MD_size(%p)", evp_md); if (evp_md == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, nullptr); + conscrypt::jniutil::throwNullPointerException(env, nullptr); return -1; } @@ -2520,14 +2596,14 @@ static jlong evpDigestSignVerifyInit(JNIEnv* env, if (md == nullptr) { JNI_TRACE("ctx=%p %s => md == null", mdCtx, jniName); - conscrypt::jniutil::jniThrowNullPointerException(env, "md == null"); + conscrypt::jniutil::throwNullPointerException(env, "md == null"); return 0; } EVP_PKEY_CTX* pctx = nullptr; if (init_func(mdCtx, &pctx, md, nullptr, pkey) <= 0) { JNI_TRACE("ctx=%p %s => threw exception", mdCtx, jniName); - conscrypt::jniutil::throwExceptionIfNecessary(env, jniName); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, jniName); return 0; } @@ -2537,12 +2613,14 @@ static jlong evpDigestSignVerifyInit(JNIEnv* env, static jlong NativeCrypto_EVP_DigestSignInit(JNIEnv* env, jclass, jobject evpMdCtxRef, const jlong evpMdRef, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpDigestSignVerifyInit(env, EVP_DigestSignInit, "EVP_DigestSignInit", evpMdCtxRef, evpMdRef, pkeyRef); } static jlong NativeCrypto_EVP_DigestVerifyInit(JNIEnv* env, jclass, jobject evpMdCtxRef, const jlong evpMdRef, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpDigestSignVerifyInit(env, EVP_DigestVerifyInit, "EVP_DigestVerifyInit", evpMdCtxRef, evpMdRef, pkeyRef); } @@ -2558,13 +2636,14 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jlong inPtr, jint inLeng } if (p == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, nullptr); + conscrypt::jniutil::throwNullPointerException(env, nullptr); return; } if (!update_func(mdCtx, p, static_cast<std::size_t>(inLength))) { JNI_TRACE("ctx=%p %s => threw exception", mdCtx, jniName); - conscrypt::jniutil::throwExceptionIfNecessary(env, jniName); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, jniName); + return; } JNI_TRACE_MD("%s(%p, %p, %d) => success", jniName, mdCtx, p, inLength); @@ -2581,13 +2660,13 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, } if (inJavaBytes == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "inBytes"); + conscrypt::jniutil::throwNullPointerException(env, "inBytes"); return; } size_t array_size = static_cast<size_t>(env->GetArrayLength(inJavaBytes)); if (ARRAY_CHUNK_INVALID(array_size, inOffset, inLength)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "inBytes"); return; } @@ -2615,7 +2694,7 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint buf_size = (remaining >= 65536) ? 65536 : remaining; std::unique_ptr<jbyte[]> buf(new jbyte[static_cast<unsigned int>(buf_size)]); if (buf.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate chunk buffer"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate chunk buffer"); return; } while (remaining > 0) { @@ -2638,7 +2717,7 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, // use GetByteArrayElements or another approach. jbyte* array_elements = env->GetByteArrayElements(inJavaBytes, nullptr); if (array_elements == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to obtain elements of inBytes"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to obtain elements of inBytes"); return; } const unsigned char* buf = reinterpret_cast<const unsigned char*>(array_elements); @@ -2648,7 +2727,7 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, if (!update_func_result) { JNI_TRACE("ctx=%p %s => threw exception", mdCtx, jniName); - conscrypt::jniutil::throwExceptionIfNecessary(env, jniName); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, jniName); return; } @@ -2657,11 +2736,13 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, static void NativeCrypto_EVP_DigestUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestUpdateDirect", EVP_DigestUpdate); } static void NativeCrypto_EVP_DigestUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestUpdate", EVP_DigestUpdate); } @@ -2669,12 +2750,14 @@ static void NativeCrypto_EVP_DigestUpdate(JNIEnv* env, jclass, jobject evpMdCtxR static void NativeCrypto_EVP_DigestSignUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestSignUpdate", EVP_DigestSignUpdate); } static void NativeCrypto_EVP_DigestSignUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestSignUpdateDirect", EVP_DigestSignUpdate); } @@ -2682,17 +2765,20 @@ static void NativeCrypto_EVP_DigestSignUpdateDirect(JNIEnv* env, jclass, jobject static void NativeCrypto_EVP_DigestVerifyUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestVerifyUpdate", EVP_DigestVerifyUpdate); } static void NativeCrypto_EVP_DigestVerifyUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestVerifyUpdateDirect", EVP_DigestVerifyUpdate); } static jbyteArray NativeCrypto_EVP_DigestSignFinal(JNIEnv* env, jclass, jobject evpMdCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* mdCtx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); JNI_TRACE("EVP_DigestSignFinal(%p)", mdCtx); @@ -2703,31 +2789,31 @@ static jbyteArray NativeCrypto_EVP_DigestSignFinal(JNIEnv* env, jclass, jobject size_t maxLen; if (EVP_DigestSignFinal(mdCtx, nullptr, &maxLen) != 1) { JNI_TRACE("ctx=%p EVP_DigestSignFinal => threw exception", mdCtx); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_DigestSignFinal"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_DigestSignFinal"); return nullptr; } std::unique_ptr<unsigned char[]> buffer(new unsigned char[maxLen]); if (buffer.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate signature buffer"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate signature buffer"); return nullptr; } size_t actualLen(maxLen); if (EVP_DigestSignFinal(mdCtx, buffer.get(), &actualLen) != 1) { JNI_TRACE("ctx=%p EVP_DigestSignFinal => threw exception", mdCtx); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_DigestSignFinal"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_DigestSignFinal"); return nullptr; } if (actualLen > maxLen) { JNI_TRACE("ctx=%p EVP_DigestSignFinal => signature too long: %zd vs %zd", mdCtx, actualLen, maxLen); - conscrypt::jniutil::jniThrowRuntimeException(env, "EVP_DigestSignFinal signature too long"); + conscrypt::jniutil::throwRuntimeException(env, "EVP_DigestSignFinal signature too long"); return nullptr; } ScopedLocalRef<jbyteArray> sigJavaBytes(env, env->NewByteArray(static_cast<jint>(actualLen))); if (sigJavaBytes.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Failed to allocate signature byte[]"); + conscrypt::jniutil::throwOutOfMemory(env, "Failed to allocate signature byte[]"); return nullptr; } env->SetByteArrayRegion(sigJavaBytes.get(), 0, static_cast<jint>(actualLen), @@ -2739,6 +2825,7 @@ static jbyteArray NativeCrypto_EVP_DigestSignFinal(JNIEnv* env, jclass, jobject static jboolean NativeCrypto_EVP_DigestVerifyFinal(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray signature, jint offset, jint len) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* mdCtx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); JNI_TRACE("EVP_DigestVerifyFinal(%p)", mdCtx); @@ -2752,7 +2839,7 @@ static jboolean NativeCrypto_EVP_DigestVerifyFinal(JNIEnv* env, jclass, jobject } if (ARRAY_OFFSET_LENGTH_INVALID(sigBytes, offset, len)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "signature"); return 0; } @@ -2769,7 +2856,7 @@ static jboolean NativeCrypto_EVP_DigestVerifyFinal(JNIEnv* env, jclass, jobject } else { // Error while verifying signature JNI_TRACE("ctx=%p EVP_DigestVerifyFinal => threw exception", mdCtx); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_DigestVerifyFinal"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_DigestVerifyFinal"); return 0; } @@ -2806,13 +2893,13 @@ static jint evpPkeyEncryptDecrypt(JNIEnv* env, } if (ARRAY_OFFSET_INVALID(outBytes, outOffset)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "outBytes"); return 0; } if (ARRAY_OFFSET_LENGTH_INVALID(inBytes, inOffset, inLength)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "inBytes"); return 0; } @@ -2823,7 +2910,7 @@ static jint evpPkeyEncryptDecrypt(JNIEnv* env, if (!encrypt_decrypt_func(pkeyCtx, outBuf + outOffset, &outLength, inBuf + inOffset, static_cast<size_t>(inLength))) { JNI_TRACE("ctx=%p %s => threw exception", pkeyCtx, jniName); - conscrypt::jniutil::throwExceptionIfNecessary(env, jniName, + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, jniName, conscrypt::jniutil::throwBadPaddingException); return 0; } @@ -2836,6 +2923,7 @@ static jint evpPkeyEncryptDecrypt(JNIEnv* env, static jint NativeCrypto_EVP_PKEY_encrypt(JNIEnv* env, jclass, jobject evpPkeyCtxRef, jbyteArray out, jint outOffset, jbyteArray inBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEncryptDecrypt(env, EVP_PKEY_encrypt, "EVP_PKEY_encrypt", evpPkeyCtxRef, out, outOffset, inBytes, inOffset, inLength); } @@ -2843,6 +2931,7 @@ static jint NativeCrypto_EVP_PKEY_encrypt(JNIEnv* env, jclass, jobject evpPkeyCt static jint NativeCrypto_EVP_PKEY_decrypt(JNIEnv* env, jclass, jobject evpPkeyCtxRef, jbyteArray out, jint outOffset, jbyteArray inBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEncryptDecrypt(env, EVP_PKEY_decrypt, "EVP_PKEY_decrypt", evpPkeyCtxRef, out, outOffset, inBytes, inOffset, inLength); } @@ -2859,14 +2948,14 @@ static jlong evpPkeyEcryptDecryptInit(JNIEnv* env, jobject evpPkeyRef, bssl::UniquePtr<EVP_PKEY_CTX> pkeyCtx(EVP_PKEY_CTX_new(pkey, nullptr)); if (pkeyCtx.get() == nullptr) { JNI_TRACE("EVP_PKEY_%s_init(%p) => threw exception", opType, pkey); - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_PKEY_CTX_new", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_PKEY_CTX_new", conscrypt::jniutil::throwInvalidKeyException); return 0; } if (!real_func(pkeyCtx.get())) { JNI_TRACE("EVP_PKEY_%s_init(%p) => threw exception", opType, pkey); - conscrypt::jniutil::throwExceptionIfNecessary(env, opType, + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, opType, conscrypt::jniutil::throwInvalidKeyException); return 0; } @@ -2876,14 +2965,17 @@ static jlong evpPkeyEcryptDecryptInit(JNIEnv* env, jobject evpPkeyRef, } static jlong NativeCrypto_EVP_PKEY_encrypt_init(JNIEnv* env, jclass, jobject evpPkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEcryptDecryptInit(env, evpPkeyRef, EVP_PKEY_encrypt_init, "encrypt"); } static jlong NativeCrypto_EVP_PKEY_decrypt_init(JNIEnv* env, jclass, jobject evpPkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEcryptDecryptInit(env, evpPkeyRef, EVP_PKEY_decrypt_init, "decrypt"); } -static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv*, jclass, jlong pkeyCtxRef) { +static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv* env, jclass, jlong pkeyCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(pkeyCtxRef); JNI_TRACE("EVP_PKEY_CTX_free(%p)", pkeyCtx); @@ -2893,17 +2985,18 @@ static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv*, jclass, jlong pkeyCtxRef) { } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_padding(JNIEnv* env, jclass, jlong ctx, jint pad) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(ctx); JNI_TRACE("EVP_PKEY_CTX_set_rsa_padding(%p, %d)", pkeyCtx, pad); if (pkeyCtx == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "ctx == null"); + conscrypt::jniutil::throwNullPointerException(env, "ctx == null"); return; } int result = EVP_PKEY_CTX_set_rsa_padding(pkeyCtx, static_cast<int>(pad)); if (result <= 0) { JNI_TRACE("ctx=%p EVP_PKEY_CTX_set_rsa_padding => threw exception", pkeyCtx); - conscrypt::jniutil::throwExceptionIfNecessary( + conscrypt::jniutil::throwExceptionFromBoringSSLError( env, "EVP_PKEY_CTX_set_rsa_padding", conscrypt::jniutil::throwInvalidAlgorithmParameterException); return; @@ -2914,17 +3007,18 @@ static void NativeCrypto_EVP_PKEY_CTX_set_rsa_padding(JNIEnv* env, jclass, jlong static void NativeCrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(JNIEnv* env, jclass, jlong ctx, jint len) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(ctx); JNI_TRACE("EVP_PKEY_CTX_set_rsa_pss_saltlen(%p, %d)", pkeyCtx, len); if (pkeyCtx == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "ctx == null"); + conscrypt::jniutil::throwNullPointerException(env, "ctx == null"); return; } int result = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkeyCtx, static_cast<int>(len)); if (result <= 0) { JNI_TRACE("ctx=%p EVP_PKEY_CTX_set_rsa_pss_saltlen => threw exception", pkeyCtx); - conscrypt::jniutil::throwExceptionIfNecessary( + conscrypt::jniutil::throwExceptionFromBoringSSLError( env, "EVP_PKEY_CTX_set_rsa_pss_saltlen", conscrypt::jniutil::throwInvalidAlgorithmParameterException); return; @@ -2939,18 +3033,18 @@ static void evpPkeyCtxCtrlMdOp(JNIEnv* env, jlong pkeyCtxRef, jlong mdRef, const EVP_MD* md = reinterpret_cast<EVP_MD*>(mdRef); JNI_TRACE("%s(%p, %p)", jniName, pkeyCtx, md); if (pkeyCtx == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "pkeyCtx == null"); + conscrypt::jniutil::throwNullPointerException(env, "pkeyCtx == null"); return; } if (md == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "md == null"); + conscrypt::jniutil::throwNullPointerException(env, "md == null"); return; } int result = ctrl_func(pkeyCtx, md); if (result <= 0) { JNI_TRACE("ctx=%p %s => threw exception", pkeyCtx, jniName); - conscrypt::jniutil::throwExceptionIfNecessary( + conscrypt::jniutil::throwExceptionFromBoringSSLError( env, jniName, conscrypt::jniutil::throwInvalidAlgorithmParameterException); return; } @@ -2960,22 +3054,25 @@ static void evpPkeyCtxCtrlMdOp(JNIEnv* env, jlong pkeyCtxRef, jlong mdRef, const static void NativeCrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(JNIEnv* env, jclass, jlong pkeyCtxRef, jlong mdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; evpPkeyCtxCtrlMdOp(env, pkeyCtxRef, mdRef, "EVP_PKEY_CTX_set_rsa_mgf1_md", EVP_PKEY_CTX_set_rsa_mgf1_md); } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_md(JNIEnv* env, jclass, jlong pkeyCtxRef, jlong mdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; evpPkeyCtxCtrlMdOp(env, pkeyCtxRef, mdRef, "EVP_PKEY_CTX_set_rsa_oaep_md", EVP_PKEY_CTX_set_rsa_oaep_md); } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_label(JNIEnv* env, jclass, jlong pkeyCtxRef, jbyteArray labelJava) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(pkeyCtxRef); JNI_TRACE("EVP_PKEY_CTX_set_rsa_oaep_label(%p, %p)", pkeyCtx, labelJava); if (pkeyCtx == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "pkeyCtx == null"); + conscrypt::jniutil::throwNullPointerException(env, "pkeyCtx == null"); return; } @@ -2990,7 +3087,7 @@ static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_label(JNIEnv* env, jclass, jl int result = EVP_PKEY_CTX_set0_rsa_oaep_label(pkeyCtx, label.get(), labelBytes.size()); if (result <= 0) { JNI_TRACE("ctx=%p EVP_PKEY_CTX_set_rsa_oaep_label => threw exception", pkeyCtx); - conscrypt::jniutil::throwExceptionIfNecessary( + conscrypt::jniutil::throwExceptionFromBoringSSLError( env, "EVP_PKEY_CTX_set_rsa_oaep_label", conscrypt::jniutil::throwInvalidAlgorithmParameterException); return; @@ -3001,6 +3098,7 @@ static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_label(JNIEnv* env, jclass, jl } static jlong NativeCrypto_EVP_get_cipherbyname(JNIEnv* env, jclass, jstring algorithm) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_get_cipherbyname(%p)", algorithm); ScopedUtfChars scoped_alg(env, algorithm); @@ -3050,6 +3148,7 @@ static jlong NativeCrypto_EVP_get_cipherbyname(JNIEnv* env, jclass, jstring algo static void NativeCrypto_EVP_CipherInit_ex(JNIEnv* env, jclass, jobject ctxRef, jlong evpCipherRef, jbyteArray keyArray, jbyteArray ivArray, jboolean encrypting) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); const EVP_CIPHER* evpCipher = reinterpret_cast<const EVP_CIPHER*>(evpCipherRef); JNI_TRACE("EVP_CipherInit_ex(%p, %p, %p, %p, %d)", ctx, evpCipher, keyArray, ivArray, @@ -3086,7 +3185,7 @@ static void NativeCrypto_EVP_CipherInit_ex(JNIEnv* env, jclass, jobject ctxRef, if (!EVP_CipherInit_ex(ctx, evpCipher, nullptr, keyPtr.get(), ivPtr.get(), encrypting ? 1 : 0)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_CipherInit_ex"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_CipherInit_ex"); JNI_TRACE("EVP_CipherInit_ex => error initializing cipher"); return; } @@ -3102,6 +3201,7 @@ static void NativeCrypto_EVP_CipherInit_ex(JNIEnv* env, jclass, jobject ctxRef, static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, jbyteArray outArray, jint outOffset, jbyteArray inArray, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CipherUpdate(%p, %p, %d, %p, %d)", ctx, outArray, outOffset, inArray, inOffset); @@ -3115,7 +3215,7 @@ static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, j return 0; } if (ARRAY_OFFSET_LENGTH_INVALID(inBytes, inOffset, inLength)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "inBytes"); return 0; } @@ -3125,7 +3225,7 @@ static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, j return 0; } if (ARRAY_OFFSET_LENGTH_INVALID(outBytes, outOffset, inLength)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "outBytes"); return 0; } @@ -3141,7 +3241,7 @@ static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, j int outl; if (!EVP_CipherUpdate(ctx, out + outOffset, &outl, in + inOffset, inLength)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_CipherUpdate"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_CipherUpdate"); JNI_TRACE("ctx=%p EVP_CipherUpdate => threw error", ctx); return 0; } @@ -3153,6 +3253,7 @@ static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, j static jint NativeCrypto_EVP_CipherFinal_ex(JNIEnv* env, jclass, jobject ctxRef, jbyteArray outArray, jint outOffset) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CipherFinal_ex(%p, %p, %d)", ctx, outArray, outOffset); @@ -3170,7 +3271,8 @@ static jint NativeCrypto_EVP_CipherFinal_ex(JNIEnv* env, jclass, jobject ctxRef, int outl; if (!EVP_CipherFinal_ex(ctx, out + outOffset, &outl)) { - if (conscrypt::jniutil::throwExceptionIfNecessary(env, "EVP_CipherFinal_ex")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "EVP_CipherFinal_ex"); JNI_TRACE("ctx=%p EVP_CipherFinal_ex => threw error", ctx); } else { conscrypt::jniutil::throwBadPaddingException(env, "EVP_CipherFinal_ex"); @@ -3184,11 +3286,12 @@ static jint NativeCrypto_EVP_CipherFinal_ex(JNIEnv* env, jclass, jobject ctxRef, } static jint NativeCrypto_EVP_CIPHER_iv_length(JNIEnv* env, jclass, jlong evpCipherRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_CIPHER* evpCipher = reinterpret_cast<const EVP_CIPHER*>(evpCipherRef); JNI_TRACE("EVP_CIPHER_iv_length(%p)", evpCipher); if (evpCipher == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "evpCipher == null"); + conscrypt::jniutil::throwNullPointerException(env, "evpCipher == null"); JNI_TRACE("EVP_CIPHER_iv_length => evpCipher == null"); return 0; } @@ -3199,11 +3302,12 @@ static jint NativeCrypto_EVP_CIPHER_iv_length(JNIEnv* env, jclass, jlong evpCiph } static jlong NativeCrypto_EVP_CIPHER_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_CIPHER_CTX_new()"); bssl::UniquePtr<EVP_CIPHER_CTX> ctx(EVP_CIPHER_CTX_new()); if (ctx.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate cipher context"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate cipher context"); JNI_TRACE("EVP_CipherInit_ex => context allocation error"); return 0; } @@ -3213,6 +3317,7 @@ static jlong NativeCrypto_EVP_CIPHER_CTX_new(JNIEnv* env, jclass) { } static jint NativeCrypto_EVP_CIPHER_CTX_block_size(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CIPHER_CTX_block_size(%p)", ctx); @@ -3227,6 +3332,7 @@ static jint NativeCrypto_EVP_CIPHER_CTX_block_size(JNIEnv* env, jclass, jobject } static jint NativeCrypto_get_EVP_CIPHER_CTX_buf_len(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("get_EVP_CIPHER_CTX_buf_len(%p)", ctx); @@ -3241,6 +3347,7 @@ static jint NativeCrypto_get_EVP_CIPHER_CTX_buf_len(JNIEnv* env, jclass, jobject } static jboolean NativeCrypto_get_EVP_CIPHER_CTX_final_used(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("get_EVP_CIPHER_CTX_final_used(%p)", ctx); @@ -3256,6 +3363,7 @@ static jboolean NativeCrypto_get_EVP_CIPHER_CTX_final_used(JNIEnv* env, jclass, static void NativeCrypto_EVP_CIPHER_CTX_set_padding(JNIEnv* env, jclass, jobject ctxRef, jboolean enablePaddingBool) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); jint enablePadding = enablePaddingBool ? 1 : 0; JNI_TRACE("EVP_CIPHER_CTX_set_padding(%p, %d)", ctx, enablePadding); @@ -3271,6 +3379,7 @@ static void NativeCrypto_EVP_CIPHER_CTX_set_padding(JNIEnv* env, jclass, jobject static void NativeCrypto_EVP_CIPHER_CTX_set_key_length(JNIEnv* env, jclass, jobject ctxRef, jint keySizeBits) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CIPHER_CTX_set_key_length(%p, %d)", ctx, keySizeBits); @@ -3280,7 +3389,7 @@ static void NativeCrypto_EVP_CIPHER_CTX_set_key_length(JNIEnv* env, jclass, jobj } if (!EVP_CIPHER_CTX_set_key_length(ctx, static_cast<unsigned int>(keySizeBits))) { - conscrypt::jniutil::throwExceptionIfNecessary(env, + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "NativeCrypto_EVP_CIPHER_CTX_set_key_length"); JNI_TRACE("NativeCrypto_EVP_CIPHER_CTX_set_key_length => threw error"); return; @@ -3288,36 +3397,41 @@ static void NativeCrypto_EVP_CIPHER_CTX_set_key_length(JNIEnv* env, jclass, jobj JNI_TRACE("EVP_CIPHER_CTX_set_key_length(%p, %d) => success", ctx, keySizeBits); } -static void NativeCrypto_EVP_CIPHER_CTX_free(JNIEnv*, jclass, jlong ctxRef) { +static void NativeCrypto_EVP_CIPHER_CTX_free(JNIEnv* env, jclass, jlong ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = reinterpret_cast<EVP_CIPHER_CTX*>(ctxRef); JNI_TRACE("EVP_CIPHER_CTX_free(%p)", ctx); EVP_CIPHER_CTX_free(ctx); } -static jlong NativeCrypto_EVP_aead_aes_128_gcm(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_aes_128_gcm(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_aes_128_gcm(); JNI_TRACE("EVP_aead_aes_128_gcm => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } -static jlong NativeCrypto_EVP_aead_aes_256_gcm(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_aes_256_gcm(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_aes_256_gcm(); JNI_TRACE("EVP_aead_aes_256_gcm => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } -static jlong NativeCrypto_EVP_aead_chacha20_poly1305(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_chacha20_poly1305(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_chacha20_poly1305(); JNI_TRACE("EVP_aead_chacha20_poly1305 => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } static jint NativeCrypto_EVP_AEAD_max_overhead(JNIEnv* env, jclass, jlong evpAeadRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* evpAead = reinterpret_cast<const EVP_AEAD*>(evpAeadRef); JNI_TRACE("EVP_AEAD_max_overhead(%p)", evpAead); if (evpAead == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "evpAead == null"); + conscrypt::jniutil::throwNullPointerException(env, "evpAead == null"); return 0; } jint maxOverhead = static_cast<jint>(EVP_AEAD_max_overhead(evpAead)); @@ -3326,10 +3440,11 @@ static jint NativeCrypto_EVP_AEAD_max_overhead(JNIEnv* env, jclass, jlong evpAea } static jint NativeCrypto_EVP_AEAD_nonce_length(JNIEnv* env, jclass, jlong evpAeadRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* evpAead = reinterpret_cast<const EVP_AEAD*>(evpAeadRef); JNI_TRACE("EVP_AEAD_nonce_length(%p)", evpAead); if (evpAead == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "evpAead == null"); + conscrypt::jniutil::throwNullPointerException(env, "evpAead == null"); return 0; } jint nonceLength = static_cast<jint>(EVP_AEAD_nonce_length(evpAead)); @@ -3364,7 +3479,7 @@ static jint evp_aead_ctx_op(JNIEnv* env, jlong evpAeadRef, jbyteArray keyArray, JNI_TRACE("evp_aead_ctx_op(%p, %p, %d, %p, %d, %p, %p, %d, %d, %p) => out offset invalid", evpAead, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray); - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "out"); return 0; } @@ -3380,7 +3495,7 @@ static jint evp_aead_ctx_op(JNIEnv* env, jlong evpAeadRef, jbyteArray keyArray, "invalid", evpAead, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray); - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "in"); return 0; } @@ -3406,7 +3521,7 @@ static jint evp_aead_ctx_op(JNIEnv* env, jlong evpAeadRef, jbyteArray keyArray, const uint8_t* keyTmp = reinterpret_cast<const uint8_t*>(keyBytes.get()); if (!EVP_AEAD_CTX_init(aeadCtx.get(), evpAead, keyTmp, keyBytes.size(), static_cast<size_t>(tagLen), nullptr)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "failure initializing AEAD context"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "failure initializing AEAD context"); JNI_TRACE( "evp_aead_ctx_op(%p, %p, %d, %p, %d, %p, %p, %d, %d, %p) => fail EVP_AEAD_CTX_init", evpAead, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, @@ -3421,7 +3536,8 @@ static jint evp_aead_ctx_op(JNIEnv* env, jlong evpAeadRef, jbyteArray keyArray, if (!realFunc(aeadCtx.get(), outTmp + outOffset, &actualOutLength, outBytes.size() - outOffset, nonceTmp, nonceBytes.size(), inTmp + inOffset, static_cast<size_t>(inLength), aad_chars, aad_chars_size)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "evp_aead_ctx_op"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "evp_aead_ctx_op"); + return 0; } JNI_TRACE("evp_aead_ctx_op(%p, %p, %d, %p, %d, %p, %p, %d, %d, %p) => success outlength=%zd", @@ -3435,6 +3551,7 @@ static jint NativeCrypto_EVP_AEAD_CTX_seal(JNIEnv* env, jclass, jlong evpAeadRef jint outOffset, jbyteArray nonceArray, jbyteArray inArray, jint inOffset, jint inLength, jbyteArray aadArray) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_aead_ctx_op(env, evpAeadRef, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray, EVP_AEAD_CTX_seal); } @@ -3444,15 +3561,17 @@ static jint NativeCrypto_EVP_AEAD_CTX_open(JNIEnv* env, jclass, jlong evpAeadRef jint outOffset, jbyteArray nonceArray, jbyteArray inArray, jint inOffset, jint inLength, jbyteArray aadArray) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_aead_ctx_op(env, evpAeadRef, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray, EVP_AEAD_CTX_open); } static jlong NativeCrypto_HMAC_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("HMAC_CTX_new"); auto hmacCtx = new HMAC_CTX; if (hmacCtx == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate HMAC_CTX"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate HMAC_CTX"); return 0; } @@ -3460,7 +3579,8 @@ static jlong NativeCrypto_HMAC_CTX_new(JNIEnv* env, jclass) { return reinterpret_cast<jlong>(hmacCtx); } -static void NativeCrypto_HMAC_CTX_free(JNIEnv*, jclass, jlong hmacCtxRef) { +static void NativeCrypto_HMAC_CTX_free(JNIEnv* env, jclass, jlong hmacCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = reinterpret_cast<HMAC_CTX*>(hmacCtxRef); JNI_TRACE("HMAC_CTX_free(%p)", hmacCtx); if (hmacCtx == nullptr) { @@ -3472,6 +3592,7 @@ static void NativeCrypto_HMAC_CTX_free(JNIEnv*, jclass, jlong hmacCtxRef) { static void NativeCrypto_HMAC_Init_ex(JNIEnv* env, jclass, jobject hmacCtxRef, jbyteArray keyArray, jobject evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); const EVP_MD* md = reinterpret_cast<const EVP_MD*>(evpMdRef); JNI_TRACE("HMAC_Init_ex(%p, %p, %p)", hmacCtx, keyArray, md); @@ -3485,7 +3606,7 @@ static void NativeCrypto_HMAC_Init_ex(JNIEnv* env, jclass, jobject hmacCtxRef, j const uint8_t* keyPtr = reinterpret_cast<const uint8_t*>(keyBytes.get()); if (!HMAC_Init_ex(hmacCtx, keyPtr, keyBytes.size(), md, nullptr)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "HMAC_Init_ex"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "HMAC_Init_ex"); JNI_TRACE("HMAC_Init_ex(%p, %p, %p) => fail HMAC_Init_ex", hmacCtx, keyArray, md); return; } @@ -3493,6 +3614,7 @@ static void NativeCrypto_HMAC_Init_ex(JNIEnv* env, jclass, jobject hmacCtxRef, j static void NativeCrypto_HMAC_UpdateDirect(JNIEnv* env, jclass, jobject hmacCtxRef, jlong inPtr, int inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); const uint8_t* p = reinterpret_cast<const uint8_t*>(inPtr); JNI_TRACE("HMAC_UpdateDirect(%p, %p, %d)", hmacCtx, p, inLength); @@ -3502,19 +3624,20 @@ static void NativeCrypto_HMAC_UpdateDirect(JNIEnv* env, jclass, jobject hmacCtxR } if (p == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, nullptr); + conscrypt::jniutil::throwNullPointerException(env, nullptr); return; } if (!HMAC_Update(hmacCtx, p, static_cast<size_t>(inLength))) { JNI_TRACE("HMAC_UpdateDirect(%p, %p, %d) => threw exception", hmacCtx, p, inLength); - conscrypt::jniutil::throwExceptionIfNecessary(env, "HMAC_UpdateDirect"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "HMAC_UpdateDirect"); return; } } static void NativeCrypto_HMAC_Update(JNIEnv* env, jclass, jobject hmacCtxRef, jbyteArray inArray, jint inOffset, int inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); JNI_TRACE("HMAC_Update(%p, %p, %d, %d)", hmacCtx, inArray, inOffset, inLength); @@ -3528,7 +3651,7 @@ static void NativeCrypto_HMAC_Update(JNIEnv* env, jclass, jobject hmacCtxRef, jb } if (ARRAY_OFFSET_LENGTH_INVALID(inBytes, inOffset, inLength)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "inBytes"); return; } @@ -3537,12 +3660,13 @@ static void NativeCrypto_HMAC_Update(JNIEnv* env, jclass, jobject hmacCtxRef, jb if (!HMAC_Update(hmacCtx, inPtr + inOffset, static_cast<size_t>(inLength))) { JNI_TRACE("HMAC_Update(%p, %p, %d, %d) => threw exception", hmacCtx, inArray, inOffset, inLength); - conscrypt::jniutil::throwExceptionIfNecessary(env, "HMAC_Update"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "HMAC_Update"); return; } } static jbyteArray NativeCrypto_HMAC_Final(JNIEnv* env, jclass, jobject hmacCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); JNI_TRACE("HMAC_Final(%p)", hmacCtx); @@ -3554,7 +3678,7 @@ static jbyteArray NativeCrypto_HMAC_Final(JNIEnv* env, jclass, jobject hmacCtxRe unsigned len; if (!HMAC_Final(hmacCtx, result, &len)) { JNI_TRACE("HMAC_Final(%p) => threw exception", hmacCtx); - conscrypt::jniutil::throwExceptionIfNecessary(env, "HMAC_Final"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "HMAC_Final"); return nullptr; } @@ -3571,6 +3695,7 @@ static jbyteArray NativeCrypto_HMAC_Final(JNIEnv* env, jclass, jobject hmacCtxRe } static void NativeCrypto_RAND_bytes(JNIEnv* env, jclass, jbyteArray output) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_RAND_bytes(%p)", output); ScopedByteArrayRW outputBytes(env, output); @@ -3580,7 +3705,7 @@ static void NativeCrypto_RAND_bytes(JNIEnv* env, jclass, jbyteArray output) { unsigned char* tmp = reinterpret_cast<unsigned char*>(outputBytes.get()); if (RAND_bytes(tmp, outputBytes.size()) <= 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "NativeCrypto_RAND_bytes"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "NativeCrypto_RAND_bytes"); JNI_TRACE("tmp=%p NativeCrypto_RAND_bytes => threw error", tmp); return; } @@ -3597,10 +3722,10 @@ static jstring ASN1_OBJECT_to_OID_string(JNIEnv* env, const ASN1_OBJECT* obj) { char output[128]; int ret = OBJ_obj2txt(output, sizeof(output), obj, 1); if (ret < 0) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "ASN1_OBJECT_to_OID_string"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "ASN1_OBJECT_to_OID_string"); return nullptr; } else if (size_t(ret) >= sizeof(output)) { - conscrypt::jniutil::jniThrowRuntimeException(env, + conscrypt::jniutil::throwRuntimeException(env, "ASN1_OBJECT_to_OID_string buffer too small"); return nullptr; } @@ -3611,10 +3736,11 @@ static jstring ASN1_OBJECT_to_OID_string(JNIEnv* env, const ASN1_OBJECT* obj) { static jlong NativeCrypto_create_BIO_InputStream(JNIEnv* env, jclass, jobject streamObj, jboolean isFinite) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("create_BIO_InputStream(%p)", streamObj); if (streamObj == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "stream == null"); + conscrypt::jniutil::throwNullPointerException(env, "stream == null"); return 0; } @@ -3630,10 +3756,11 @@ static jlong NativeCrypto_create_BIO_InputStream(JNIEnv* env, jclass, jobject st } static jlong NativeCrypto_create_BIO_OutputStream(JNIEnv* env, jclass, jobject streamObj) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("create_BIO_OutputStream(%p)", streamObj); if (streamObj == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "stream == null"); + conscrypt::jniutil::throwNullPointerException(env, "stream == null"); return 0; } @@ -3649,11 +3776,12 @@ static jlong NativeCrypto_create_BIO_OutputStream(JNIEnv* env, jclass, jobject s } static void NativeCrypto_BIO_free_all(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_free_all(%p)", bio); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); return; } @@ -3666,7 +3794,7 @@ static jstring X509_NAME_to_jstring(JNIEnv* env, X509_NAME* name, unsigned long bssl::UniquePtr<BIO> buffer(BIO_new(BIO_s_mem())); if (buffer.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate BIO"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate BIO"); JNI_TRACE("X509_NAME_to_jstring(%p) => threw error", name); return nullptr; } @@ -3756,11 +3884,12 @@ static jobject GENERAL_NAME_to_jobject(JNIEnv* env, GENERAL_NAME* gen) { static jobjectArray NativeCrypto_get_X509_GENERAL_NAME_stack(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jint type) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_GENERAL_NAME_stack(%p, %d)", x509, type); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_GENERAL_NAME_stack(%p, %d) => x509 == null", x509, type); return nullptr; } @@ -3850,11 +3979,12 @@ static jobjectArray NativeCrypto_get_X509_GENERAL_NAME_stack(JNIEnv* env, jclass } static jlong NativeCrypto_X509_get_notBefore(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_notBefore(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_get_notBefore(%p) => x509 == null", x509); return 0; } @@ -3865,11 +3995,12 @@ static jlong NativeCrypto_X509_get_notBefore(JNIEnv* env, jclass, jlong x509Ref, } static jlong NativeCrypto_X509_get_notAfter(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_notAfter(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_get_notAfter(%p) => x509 == null", x509); return 0; } @@ -3880,7 +4011,8 @@ static jlong NativeCrypto_X509_get_notAfter(JNIEnv* env, jclass, jlong x509Ref, } // NOLINTNEXTLINE(runtime/int) -static long NativeCrypto_X509_get_version(JNIEnv*, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { +static long NativeCrypto_X509_get_version(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_version(%p)", x509); @@ -3896,7 +4028,7 @@ static jbyteArray get_X509Type_serialNumber(JNIEnv* env, T* x509Type, JNI_TRACE("get_X509Type_serialNumber(%p)", x509Type); if (x509Type == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509Type == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509Type == null"); JNI_TRACE("get_X509Type_serialNumber(%p) => x509Type == null", x509Type); return nullptr; } @@ -3926,6 +4058,7 @@ static ASN1_INTEGER* X509_REVOKED_get_serialNumber(X509_REVOKED* x) { #endif static jbyteArray NativeCrypto_X509_get_serialNumber(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_serialNumber(%p)", x509); return get_X509Type_serialNumber<X509>(env, x509, X509_get_serialNumber); @@ -3933,12 +4066,14 @@ static jbyteArray NativeCrypto_X509_get_serialNumber(JNIEnv* env, jclass, jlong static jbyteArray NativeCrypto_X509_REVOKED_get_serialNumber(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_serialNumber(%p)", revoked); return get_X509Type_serialNumber<X509_REVOKED>(env, revoked, X509_REVOKED_get_serialNumber); } static void NativeCrypto_X509_verify(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("X509_verify(%p, %p)", x509, pkey); @@ -3949,31 +4084,33 @@ static void NativeCrypto_X509_verify(JNIEnv* env, jclass, jlong x509Ref, CONSCRY } if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_verify(%p, %p) => x509 == null", x509, pkey); return; } if (X509_verify(x509, pkey) != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "X509_verify"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "X509_verify"); JNI_TRACE("X509_verify(%p, %p) => verify failure", x509, pkey); - } else { - JNI_TRACE("X509_verify(%p, %p) => verify success", x509, pkey); + return; } + JNI_TRACE("X509_verify(%p, %p) => verify success", x509, pkey); } static jbyteArray NativeCrypto_get_X509_cert_info_enc(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_cert_info_enc(%p)", x509); return ASN1ToByteArray<X509_CINF>(env, x509->cert_info, i2d_X509_CINF); } static jint NativeCrypto_get_X509_ex_flags(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_flags(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_ex_flags(%p) => x509 == null", x509); return 0; } @@ -3983,8 +4120,9 @@ static jint NativeCrypto_get_X509_ex_flags(JNIEnv* env, jclass, jlong x509Ref, C return static_cast<jint>(x509->ex_flags); } -static jboolean NativeCrypto_X509_check_issued(JNIEnv*, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, +static jboolean NativeCrypto_X509_check_issued(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, jlong x509Ref2, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509_1 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref1)); X509* x509_2 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref2)); JNI_TRACE("X509_check_issued(%p, %p)", x509_1, x509_2); @@ -4008,7 +4146,7 @@ static jbyteArray get_X509Type_signature(JNIEnv* env, T* x509Type, JNI_TRACE("get_X509Type_signature(%p)", x509Type); if (x509Type == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509Type == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509Type == null"); JNI_TRACE("get_X509Type_signature(%p) => x509Type == null", x509Type); return nullptr; } @@ -4036,12 +4174,14 @@ static jbyteArray get_X509Type_signature(JNIEnv* env, T* x509Type, } static jbyteArray NativeCrypto_get_X509_signature(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_signature(%p)", x509); return get_X509Type_signature<X509>(env, x509, get_X509_signature); } static jbyteArray NativeCrypto_get_X509_CRL_signature(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_signature(%p)", crl); return get_X509Type_signature<X509_CRL>(env, crl, get_X509_CRL_signature); @@ -4049,16 +4189,17 @@ static jbyteArray NativeCrypto_get_X509_CRL_signature(JNIEnv* env, jclass, jlong static jlong NativeCrypto_X509_CRL_get0_by_cert(JNIEnv* env, jclass, jlong x509crlRef, CONSCRYPT_UNUSED jobject holder, jlong x509Ref, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* x509crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509crlRef)); X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_CRL_get0_by_cert(%p, %p)", x509crl, x509); if (x509crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509crl == null"); JNI_TRACE("X509_CRL_get0_by_cert(%p, %p) => x509crl == null", x509crl, x509); return 0; } else if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_CRL_get0_by_cert(%p, %p) => x509 == null", x509crl, x509); return 0; } @@ -4076,11 +4217,12 @@ static jlong NativeCrypto_X509_CRL_get0_by_cert(JNIEnv* env, jclass, jlong x509c static jlong NativeCrypto_X509_CRL_get0_by_serial(JNIEnv* env, jclass, jlong x509crlRef, CONSCRYPT_UNUSED jobject holder, jbyteArray serialArray) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* x509crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509crlRef)); JNI_TRACE("X509_CRL_get0_by_serial(%p, %p)", x509crl, serialArray); if (x509crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509crl == null"); JNI_TRACE("X509_CRL_get0_by_serial(%p, %p) => crl == null", x509crl, serialArray); return 0; } @@ -4094,7 +4236,7 @@ static jlong NativeCrypto_X509_CRL_get0_by_serial(JNIEnv* env, jclass, jlong x50 BIGNUM* serialBare = serialBn.get(); if (!arrayToBignum(env, serialArray, &serialBare)) { if (!env->ExceptionCheck()) { - conscrypt::jniutil::jniThrowNullPointerException(env, "serial == null"); + conscrypt::jniutil::throwNullPointerException(env, "serial == null"); } JNI_TRACE("X509_CRL_get0_by_serial(%p, %p) => BN conversion failed", x509crl, serialArray); return 0; @@ -4118,11 +4260,12 @@ static jlong NativeCrypto_X509_CRL_get0_by_serial(JNIEnv* env, jclass, jlong x50 } static jlongArray NativeCrypto_X509_CRL_get_REVOKED(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_REVOKED(%p)", crl); if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); return nullptr; } @@ -4146,17 +4289,19 @@ static jlongArray NativeCrypto_X509_CRL_get_REVOKED(JNIEnv* env, jclass, jlong x } static jbyteArray NativeCrypto_i2d_X509_CRL(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("i2d_X509_CRL(%p)", crl); return ASN1ToByteArray<X509_CRL>(env, crl, i2d_X509_CRL); } static void NativeCrypto_X509_CRL_free(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_free(%p)", crl); if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("X509_CRL_free(%p) => crl == null", crl); return; } @@ -4165,36 +4310,38 @@ static void NativeCrypto_X509_CRL_free(JNIEnv* env, jclass, jlong x509CrlRef, CO } static void NativeCrypto_X509_CRL_print(JNIEnv* env, jclass, jlong bioRef, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_print(%p, %p)", bio, crl); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("X509_CRL_print(%p, %p) => bio == null", bio, crl); return; } if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("X509_CRL_print(%p, %p) => crl == null", bio, crl); return; } if (!X509_CRL_print(bio, crl)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "X509_CRL_print"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "X509_CRL_print"); JNI_TRACE("X509_CRL_print(%p, %p) => threw error", bio, crl); - } else { - JNI_TRACE("X509_CRL_print(%p, %p) => success", bio, crl); + return; } + JNI_TRACE("X509_CRL_print(%p, %p) => success", bio, crl); } static jstring NativeCrypto_get_X509_CRL_sig_alg_oid(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_sig_alg_oid(%p)", crl); if (crl == nullptr || crl->sig_alg == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, + conscrypt::jniutil::throwNullPointerException(env, "crl == null || crl->sig_alg == null"); JNI_TRACE("get_X509_CRL_sig_alg_oid(%p) => crl == null", crl); return nullptr; @@ -4205,11 +4352,12 @@ static jstring NativeCrypto_get_X509_CRL_sig_alg_oid(JNIEnv* env, jclass, jlong static jbyteArray NativeCrypto_get_X509_CRL_sig_alg_parameter(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_sig_alg_parameter(%p)", crl); if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("get_X509_CRL_sig_alg_parameter(%p) => crl == null", crl); return nullptr; } @@ -4223,13 +4371,15 @@ static jbyteArray NativeCrypto_get_X509_CRL_sig_alg_parameter(JNIEnv* env, jclas } static jbyteArray NativeCrypto_X509_CRL_get_issuer_name(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_issuer_name(%p)", crl); return ASN1ToByteArray<X509_NAME>(env, X509_CRL_get_issuer(crl), i2d_X509_NAME); } // NOLINTNEXTLINE(runtime/int) -static long NativeCrypto_X509_CRL_get_version(JNIEnv*, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { +static long NativeCrypto_X509_CRL_get_version(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_version(%p)", crl); @@ -4245,7 +4395,7 @@ static X509_EXTENSION* X509Type_get_ext(JNIEnv* env, T* x509Type, jstring oidStr JNI_TRACE("X509Type_get_ext(%p)", x509Type); if (x509Type == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); return nullptr; } @@ -4287,6 +4437,7 @@ static jbyteArray X509Type_get_ext_oid(JNIEnv* env, T* x509Type, jstring oidStri } static jlong NativeCrypto_X509_CRL_get_ext(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_ext(%p, %p)", crl, oid); X509_EXTENSION* ext = @@ -4297,6 +4448,7 @@ static jlong NativeCrypto_X509_CRL_get_ext(JNIEnv* env, jclass, jlong x509CrlRef static jlong NativeCrypto_X509_REVOKED_get_ext(JNIEnv* env, jclass, jlong x509RevokedRef, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_ext(%p, %p)", revoked, oid); X509_EXTENSION* ext = @@ -4307,11 +4459,12 @@ static jlong NativeCrypto_X509_REVOKED_get_ext(JNIEnv* env, jclass, jlong x509Re } static jlong NativeCrypto_X509_REVOKED_dup(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_dup(%p)", revoked); if (revoked == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "revoked == null"); + conscrypt::jniutil::throwNullPointerException(env, "revoked == null"); JNI_TRACE("X509_REVOKED_dup(%p) => revoked == null", revoked); return 0; } @@ -4323,11 +4476,12 @@ static jlong NativeCrypto_X509_REVOKED_dup(JNIEnv* env, jclass, jlong x509Revoke static jlong NativeCrypto_get_X509_REVOKED_revocationDate(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("get_X509_REVOKED_revocationDate(%p)", revoked); if (revoked == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "revoked == null"); + conscrypt::jniutil::throwNullPointerException(env, "revoked == null"); JNI_TRACE("get_X509_REVOKED_revocationDate(%p) => revoked == null", revoked); return 0; } @@ -4342,18 +4496,19 @@ static jlong NativeCrypto_get_X509_REVOKED_revocationDate(JNIEnv* env, jclass, #endif static void NativeCrypto_X509_REVOKED_print(JNIEnv* env, jclass, jlong bioRef, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_print(%p, %p)", bio, revoked); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("X509_REVOKED_print(%p, %p) => bio == null", bio, revoked); return; } if (revoked == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "revoked == null"); + conscrypt::jniutil::throwNullPointerException(env, "revoked == null"); JNI_TRACE("X509_REVOKED_print(%p, %p) => revoked == null", bio, revoked); return; } @@ -4370,6 +4525,7 @@ static void NativeCrypto_X509_REVOKED_print(JNIEnv* env, jclass, jlong bioRef, #endif static jbyteArray NativeCrypto_get_X509_CRL_crl_enc(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_crl_enc(%p)", crl); return ASN1ToByteArray<X509_CRL_INFO>(env, crl->crl, i2d_X509_CRL_INFO); @@ -4377,6 +4533,7 @@ static jbyteArray NativeCrypto_get_X509_CRL_crl_enc(JNIEnv* env, jclass, jlong x static void NativeCrypto_X509_CRL_verify(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("X509_CRL_verify(%p, %p)", crl, pkey); @@ -4387,25 +4544,26 @@ static void NativeCrypto_X509_CRL_verify(JNIEnv* env, jclass, jlong x509CrlRef, } if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("X509_CRL_verify(%p, %p) => crl == null", crl, pkey); return; } if (X509_CRL_verify(crl, pkey) != 1) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "X509_CRL_verify"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "X509_CRL_verify"); JNI_TRACE("X509_CRL_verify(%p, %p) => verify failure", crl, pkey); - } else { - JNI_TRACE("X509_CRL_verify(%p, %p) => verify success", crl, pkey); + return; } + JNI_TRACE("X509_CRL_verify(%p, %p) => verify success", crl, pkey); } static jlong NativeCrypto_X509_CRL_get_lastUpdate(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_lastUpdate(%p)", crl); if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("X509_CRL_get_lastUpdate(%p) => crl == null", crl); return 0; } @@ -4416,11 +4574,12 @@ static jlong NativeCrypto_X509_CRL_get_lastUpdate(JNIEnv* env, jclass, jlong x50 } static jlong NativeCrypto_X509_CRL_get_nextUpdate(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_nextUpdate(%p)", crl); if (crl == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "crl == null"); + conscrypt::jniutil::throwNullPointerException(env, "crl == null"); JNI_TRACE("X509_CRL_get_nextUpdate(%p) => crl == null", crl); return 0; } @@ -4431,6 +4590,7 @@ static jlong NativeCrypto_X509_CRL_get_nextUpdate(JNIEnv* env, jclass, jlong x50 } static jbyteArray NativeCrypto_i2d_X509_REVOKED(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* x509Revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("i2d_X509_REVOKED(%p)", x509Revoked); @@ -4438,11 +4598,12 @@ static jbyteArray NativeCrypto_i2d_X509_REVOKED(JNIEnv* env, jclass, jlong x509R } static jint NativeCrypto_X509_supported_extension(JNIEnv* env, jclass, jlong x509ExtensionRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_EXTENSION* ext = reinterpret_cast<X509_EXTENSION*>(static_cast<uintptr_t>(x509ExtensionRef)); if (ext == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "ext == null"); + conscrypt::jniutil::throwNullPointerException(env, "ext == null"); return 0; } @@ -4459,22 +4620,23 @@ static inline void get_ASN1_TIME_data(char** data, int* output, size_t len) { static void NativeCrypto_ASN1_TIME_to_Calendar(JNIEnv* env, jclass, jlong asn1TimeRef, jobject calendar) { + CHECK_ERROR_QUEUE_ON_RETURN; ASN1_TIME* asn1Time = reinterpret_cast<ASN1_TIME*>(static_cast<uintptr_t>(asn1TimeRef)); JNI_TRACE("ASN1_TIME_to_Calendar(%p, %p)", asn1Time, calendar); if (asn1Time == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "asn1Time == null"); + conscrypt::jniutil::throwNullPointerException(env, "asn1Time == null"); return; } bssl::UniquePtr<ASN1_GENERALIZEDTIME> gen(ASN1_TIME_to_generalizedtime(asn1Time, nullptr)); if (gen.get() == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "asn1Time == null"); + conscrypt::jniutil::throwNullPointerException(env, "asn1Time == null"); return; } if (gen->length < 14 || gen->data == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, + conscrypt::jniutil::throwNullPointerException(env, "gen->length < 14 || gen->data == null"); return; } @@ -4506,6 +4668,7 @@ struct CbsHandle { }; static jlong NativeCrypto_asn1_read_init(JNIEnv* env, jclass, jbyteArray data) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("asn1_read_init(%p)", data); ScopedByteArrayRO bytes(env, data); @@ -4525,6 +4688,7 @@ static jlong NativeCrypto_asn1_read_init(JNIEnv* env, jclass, jbyteArray data) { } static jlong NativeCrypto_asn1_read_sequence(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_sequence(%p)", cbs); @@ -4540,6 +4704,7 @@ static jlong NativeCrypto_asn1_read_sequence(JNIEnv* env, jclass, jlong cbsRef) static jboolean NativeCrypto_asn1_read_next_tag_is(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef, jint tag) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_next_tag_is(%p)", cbs); @@ -4550,6 +4715,7 @@ static jboolean NativeCrypto_asn1_read_next_tag_is(CONSCRYPT_UNUSED JNIEnv* env, } static jlong NativeCrypto_asn1_read_tagged(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_tagged(%p)", cbs); @@ -4564,6 +4730,7 @@ static jlong NativeCrypto_asn1_read_tagged(JNIEnv* env, jclass, jlong cbsRef) { } static jbyteArray NativeCrypto_asn1_read_octetstring(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_octetstring(%p)", cbs); @@ -4588,6 +4755,7 @@ static jbyteArray NativeCrypto_asn1_read_octetstring(JNIEnv* env, jclass, jlong } static jlong NativeCrypto_asn1_read_uint64(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_uint64(%p)", cbs); @@ -4601,6 +4769,7 @@ static jlong NativeCrypto_asn1_read_uint64(JNIEnv* env, jclass, jlong cbsRef) { } static void NativeCrypto_asn1_read_null(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_null(%p)", cbs); @@ -4611,6 +4780,7 @@ static void NativeCrypto_asn1_read_null(JNIEnv* env, jclass, jlong cbsRef) { } static jstring NativeCrypto_asn1_read_oid(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_oid(%p)", cbs); @@ -4636,6 +4806,7 @@ static jstring NativeCrypto_asn1_read_oid(JNIEnv* env, jclass, jlong cbsRef) { static jboolean NativeCrypto_asn1_read_is_empty(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_is_empty(%p)", cbs); @@ -4645,6 +4816,7 @@ static jboolean NativeCrypto_asn1_read_is_empty(CONSCRYPT_UNUSED JNIEnv* env, jc } static void NativeCrypto_asn1_read_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; if (cbsRef == 0) { JNI_TRACE("asn1_read_free(0)"); return; @@ -4655,6 +4827,7 @@ static void NativeCrypto_asn1_read_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jl } static jlong NativeCrypto_asn1_write_init(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("asn1_write_init"); std::unique_ptr<CBB> cbb(new CBB()); if (!CBB_init(cbb.get(), 128)) { @@ -4666,6 +4839,7 @@ static jlong NativeCrypto_asn1_write_init(JNIEnv* env, jclass) { } static jlong NativeCrypto_asn1_write_sequence(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_sequence(%p)", cbb); @@ -4679,6 +4853,7 @@ static jlong NativeCrypto_asn1_write_sequence(JNIEnv* env, jclass, jlong cbbRef) } static jlong NativeCrypto_asn1_write_tag(JNIEnv* env, jclass, jlong cbbRef, jint tag) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_tag(%p)", cbb); @@ -4694,6 +4869,7 @@ static jlong NativeCrypto_asn1_write_tag(JNIEnv* env, jclass, jlong cbbRef, jint static void NativeCrypto_asn1_write_octetstring(JNIEnv* env, jclass, jlong cbbRef, jbyteArray data) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_octetstring(%p, %p)", cbb, data); @@ -4720,6 +4896,7 @@ static void NativeCrypto_asn1_write_octetstring(JNIEnv* env, jclass, jlong cbbRe } static void NativeCrypto_asn1_write_uint64(JNIEnv* env, jclass, jlong cbbRef, jlong data) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_uint64(%p)", cbb); @@ -4730,6 +4907,7 @@ static void NativeCrypto_asn1_write_uint64(JNIEnv* env, jclass, jlong cbbRef, jl } static void NativeCrypto_asn1_write_null(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_null(%p)", cbb); @@ -4745,6 +4923,7 @@ static void NativeCrypto_asn1_write_null(JNIEnv* env, jclass, jlong cbbRef) { } static void NativeCrypto_asn1_write_oid(JNIEnv* env, jclass, jlong cbbRef, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_oid(%p)", cbb); @@ -4766,6 +4945,7 @@ static void NativeCrypto_asn1_write_oid(JNIEnv* env, jclass, jlong cbbRef, jstri } static void NativeCrypto_asn1_write_flush(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_flush(%p)", cbb); @@ -4776,6 +4956,7 @@ static void NativeCrypto_asn1_write_flush(JNIEnv* env, jclass, jlong cbbRef) { } static jbyteArray NativeCrypto_asn1_write_finish(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_finish(%p)", cbb); @@ -4801,6 +4982,7 @@ static jbyteArray NativeCrypto_asn1_write_finish(JNIEnv* env, jclass, jlong cbbR } static void NativeCrypto_asn1_write_cleanup(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_cleanup(%p)", cbb); @@ -4808,6 +4990,7 @@ static void NativeCrypto_asn1_write_cleanup(CONSCRYPT_UNUSED JNIEnv* env, jclass } static void NativeCrypto_asn1_write_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; if (cbbRef == 0) { JNI_TRACE("asn1_write_free(0)"); return; @@ -4823,13 +5006,13 @@ static jlong d2i_ASN1Object_to_jlong(JNIEnv* env, jlong bioRef) { JNI_TRACE("d2i_ASN1Object_to_jlong(%p)", bio); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); return 0; } T* x = d2i_func(bio, nullptr); if (x == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "d2i_ASN1Object_to_jlong"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "d2i_ASN1Object_to_jlong"); return 0; } @@ -4837,14 +5020,17 @@ static jlong d2i_ASN1Object_to_jlong(JNIEnv* env, jlong bioRef) { } static jlong NativeCrypto_d2i_X509_CRL_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return d2i_ASN1Object_to_jlong<X509_CRL, d2i_X509_CRL_bio>(env, bioRef); } static jlong NativeCrypto_d2i_X509_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return d2i_ASN1Object_to_jlong<X509, d2i_X509_bio>(env, bioRef); } static jlong NativeCrypto_d2i_X509(JNIEnv* env, jclass, jbyteArray certBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedByteArrayRO bytes(env, certBytes); if (bytes.get() == nullptr) { JNI_TRACE("NativeCrypto_d2i_X509(%p) => using byte array failed", certBytes); @@ -4855,7 +5041,7 @@ static jlong NativeCrypto_d2i_X509(JNIEnv* env, jclass, jbyteArray certBytes) { // NOLINTNEXTLINE(runtime/int) X509* x = d2i_X509(nullptr, &tmp, static_cast<long>(bytes.size())); if (x == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "Error reading X.509 data", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "Error reading X.509 data", conscrypt::jniutil::throwParsingException); return 0; } @@ -4863,12 +5049,14 @@ static jlong NativeCrypto_d2i_X509(JNIEnv* env, jclass, jbyteArray certBytes) { } static jbyteArray NativeCrypto_i2d_X509(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("i2d_X509(%p)", x509); return ASN1ToByteArray<X509>(env, x509, i2d_X509); } static jbyteArray NativeCrypto_i2d_X509_PUBKEY(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("i2d_X509_PUBKEY(%p)", x509); return ASN1ToByteArray<X509_PUBKEY>(env, X509_get_X509_PUBKEY(x509), i2d_X509_PUBKEY); @@ -4880,17 +5068,17 @@ static jlong PEM_to_jlong(JNIEnv* env, jlong bioRef) { JNI_TRACE("PEM_to_jlong(%p)", bio); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("PEM_to_jlong(%p) => bio == null", bio); return 0; } T* x = PEM_read_func(bio, nullptr, nullptr, nullptr); if (x == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "PEM_to_jlong"); - // Sometimes the PEM functions fail without pushing an error - if (!env->ExceptionCheck()) { - conscrypt::jniutil::jniThrowRuntimeException(env, "Failure parsing PEM"); + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PEM_to_jlong"); + } else { + conscrypt::jniutil::throwRuntimeException(env, "Failure parsing PEM"); } JNI_TRACE("PEM_to_jlong(%p) => threw exception", bio); return 0; @@ -4901,24 +5089,28 @@ static jlong PEM_to_jlong(JNIEnv* env, jlong bioRef) { } static jlong NativeCrypto_PEM_read_bio_X509(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_X509(0x%llx)", (long long)bioRef); return PEM_to_jlong<X509, PEM_read_bio_X509>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_X509_CRL(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_X509_CRL(0x%llx)", (long long)bioRef); return PEM_to_jlong<X509_CRL, PEM_read_bio_X509_CRL>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_PUBKEY(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_PUBKEY(0x%llx)", (long long)bioRef); return PEM_to_jlong<EVP_PKEY, PEM_read_bio_PUBKEY>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_PrivateKey(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_PrivateKey(0x%llx)", (long long)bioRef); return PEM_to_jlong<EVP_PKEY, PEM_read_bio_PrivateKey>(env, bioRef); @@ -4947,6 +5139,7 @@ static jlongArray PKCS7_to_ItemArray(JNIEnv* env, T_stack* stack, T* (*dup_func) #define PKCS7_CRLS 2 static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsArray) { + CHECK_ERROR_QUEUE_ON_RETURN; STACK_OF(X509)* stack = sk_X509_new_null(); ScopedLongArrayRO certs(env, certsArray); @@ -4954,7 +5147,7 @@ static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsAr X509* item = reinterpret_cast<X509*>(certs[i]); if (sk_X509_push(stack, item) == 0) { sk_X509_free(stack); - conscrypt::jniutil::throwExceptionIfNecessary(env, "sk_X509_push"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "sk_X509_push"); return nullptr; } } @@ -4963,7 +5156,7 @@ static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsAr CBB_init(out.get(), 1024 * certs.size()); if (!PKCS7_bundle_certificates(out.get(), stack)) { sk_X509_free(stack); - conscrypt::jniutil::throwExceptionIfNecessary(env, "PKCS7_bundle_certificates"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PKCS7_bundle_certificates"); return nullptr; } @@ -4973,11 +5166,12 @@ static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsAr } static jlongArray NativeCrypto_PEM_read_bio_PKCS7(JNIEnv* env, jclass, jlong bioRef, jint which) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("PEM_read_bio_PKCS7_CRLs(%p)", bio); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("PEM_read_bio_PKCS7_CRLs(%p) => bio == null", bio); return nullptr; } @@ -4985,29 +5179,30 @@ static jlongArray NativeCrypto_PEM_read_bio_PKCS7(JNIEnv* env, jclass, jlong bio if (which == PKCS7_CERTS) { bssl::UniquePtr<STACK_OF(X509)> outCerts(sk_X509_new_null()); if (!PKCS7_get_PEM_certificates(outCerts.get(), bio)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "PKCS7_get_PEM_certificates"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PKCS7_get_PEM_certificates"); return nullptr; } return PKCS7_to_ItemArray<X509, STACK_OF(X509)>(env, outCerts.get(), X509_dup); } else if (which == PKCS7_CRLS) { bssl::UniquePtr<STACK_OF(X509_CRL)> outCRLs(sk_X509_CRL_new_null()); if (!PKCS7_get_PEM_CRLs(outCRLs.get(), bio)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "PKCS7_get_PEM_CRLs"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PKCS7_get_PEM_CRLs"); return nullptr; } return PKCS7_to_ItemArray<X509_CRL, STACK_OF(X509_CRL)>(env, outCRLs.get(), X509_CRL_dup); } else { - conscrypt::jniutil::jniThrowRuntimeException(env, "unknown PKCS7 field"); + conscrypt::jniutil::throwRuntimeException(env, "unknown PKCS7 field"); return nullptr; } } static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, jint which) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("d2i_PKCS7_bio(%p, %d)", bio, which); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("d2i_PKCS7_bio(%p, %d) => bio == null", bio, which); return nullptr; } @@ -5015,7 +5210,9 @@ static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, uint8_t* data; size_t len; if (!BIO_read_asn1(bio, &data, &len, 256 * 1024 * 1024 /* max length, 256MB for sanity */)) { - if (!conscrypt::jniutil::throwExceptionIfNecessary(env, "Error reading PKCS#7 data")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "Error reading PKCS#7 data"); + } else { conscrypt::jniutil::throwParsingException(env, "Error reading PKCS#7 data"); } JNI_TRACE("d2i_PKCS7_bio(%p, %d) => error reading BIO", bio, which); @@ -5029,7 +5226,9 @@ static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, if (which == PKCS7_CERTS) { bssl::UniquePtr<STACK_OF(X509)> outCerts(sk_X509_new_null()); if (!PKCS7_get_certificates(outCerts.get(), &cbs)) { - if (!conscrypt::jniutil::throwExceptionIfNecessary(env, "PKCS7_get_certificates")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PKCS7_get_certificates"); + } else { conscrypt::jniutil::throwParsingException(env, "Error parsing PKCS#7 certificate data"); } @@ -5041,7 +5240,9 @@ static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, } else if (which == PKCS7_CRLS) { bssl::UniquePtr<STACK_OF(X509_CRL)> outCRLs(sk_X509_CRL_new_null()); if (!PKCS7_get_CRLs(outCRLs.get(), &cbs)) { - if (!conscrypt::jniutil::throwExceptionIfNecessary(env, "PKCS7_get_CRLs")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "PKCS7_get_CRLs"); + } else { conscrypt::jniutil::throwParsingException(env, "Error parsing PKCS#7 CRL data"); } JNI_TRACE("d2i_PKCS7_bio(%p, %d) => error reading CRLs", bio, which); @@ -5050,19 +5251,22 @@ static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, JNI_TRACE("d2i_PKCS7_bio(%p, %d) => success CRLs", bio, which); return PKCS7_to_ItemArray<X509_CRL, STACK_OF(X509_CRL)>(env, outCRLs.get(), X509_CRL_dup); } else { - conscrypt::jniutil::jniThrowRuntimeException(env, "unknown PKCS7 field"); + conscrypt::jniutil::throwRuntimeException(env, "unknown PKCS7 field"); return nullptr; } } static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("ASN1_seq_unpack_X509_bio(%p)", bio); uint8_t* data; size_t len; if (!BIO_read_asn1(bio, &data, &len, 256 * 1024 * 1024 /* max length, 256MB for sanity */)) { - if (!conscrypt::jniutil::throwExceptionIfNecessary(env, "Error reading X.509 data")) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "Error reading X.509 data"); + } else { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); } JNI_TRACE("ASN1_seq_unpack_X509_bio(%p) => error reading BIO", bio); @@ -5080,6 +5284,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo CBS_init(&cbs, data, len); if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } @@ -5087,6 +5292,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo CBS child; if (!CBS_get_asn1_element(&sequence, &child, CBS_ASN1_SEQUENCE)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } @@ -5095,11 +5301,12 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo bssl::UniquePtr<X509> cert(d2i_X509(nullptr, &tmp, static_cast<long>(CBS_len(&child)))); if (!cert || tmp != CBS_data(&child) + CBS_len(&child)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } if (!sk_X509_push(path.get(), cert.get())) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to push local certificate"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to push local certificate"); return nullptr; } OWNERSHIP_TRANSFERRED(cert); @@ -5119,6 +5326,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo } static jbyteArray NativeCrypto_ASN1_seq_pack_X509(JNIEnv* env, jclass, jlongArray certs) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("ASN1_seq_pack_X509(%p)", certs); ScopedLongArrayRO certsArray(env, certs); if (certsArray.get() == nullptr) { @@ -5151,11 +5359,12 @@ static jbyteArray NativeCrypto_ASN1_seq_pack_X509(JNIEnv* env, jclass, jlongArra } static void NativeCrypto_X509_free(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_free(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_free(%p) => x509 == null", x509); return; } @@ -5164,11 +5373,12 @@ static void NativeCrypto_X509_free(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT } static jlong NativeCrypto_X509_dup(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_dup(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_dup(%p) => x509 == null", x509); return 0; } @@ -5178,18 +5388,19 @@ static jlong NativeCrypto_X509_dup(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT static jint NativeCrypto_X509_cmp(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, jlong x509Ref2, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509_1 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref1)); X509* x509_2 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref2)); JNI_TRACE("X509_cmp(%p, %p)", x509_1, x509_2); if (x509_1 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509_1 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509_1 == null"); JNI_TRACE("X509_cmp(%p, %p) => x509_1 == null", x509_1, x509_2); return -1; } if (x509_2 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509_2 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509_2 == null"); JNI_TRACE("X509_cmp(%p, %p) => x509_2 == null", x509_1, x509_2); return -1; } @@ -5200,11 +5411,12 @@ static jint NativeCrypto_X509_cmp(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT } static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_delete_ext(%p, %p)", x509, oidString); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_delete_ext(%p, %p) => x509 == null", x509, oidString); return; } @@ -5218,9 +5430,9 @@ static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CON bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj(oid.c_str(), 1 /* allow numerical form only */)); if (obj.get() == nullptr) { JNI_TRACE("X509_delete_ext(%p, %s) => oid conversion failed", x509, oid.c_str()); - ERR_clear_error(); - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Invalid OID."); + ERR_clear_error(); return; } @@ -5241,6 +5453,7 @@ static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CON static void NativeCrypto_X509_print_ex(JNIEnv* env, jclass, jlong bioRef, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jlong nmflagJava, jlong certflagJava) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); // NOLINTNEXTLINE(runtime/int) @@ -5250,31 +5463,32 @@ static void NativeCrypto_X509_print_ex(JNIEnv* env, jclass, jlong bioRef, jlong JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld)", bio, x509, nmflag, certflag); if (bio == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "bio == null"); + conscrypt::jniutil::throwNullPointerException(env, "bio == null"); JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld) => bio == null", bio, x509, nmflag, certflag); return; } if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld) => x509 == null", bio, x509, nmflag, certflag); return; } if (!X509_print_ex(bio, x509, nmflag, certflag)) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "X509_print_ex"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "X509_print_ex"); JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld) => threw error", bio, x509, nmflag, certflag); - } else { - JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld) => success", bio, x509, nmflag, certflag); + return; } + JNI_TRACE("X509_print_ex(%p, %p, %ld, %ld) => success", bio, x509, nmflag, certflag); } static jlong NativeCrypto_X509_get_pubkey(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_pubkey(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("X509_get_pubkey(%p) => x509 == null", x509); return 0; } @@ -5292,7 +5506,7 @@ static jlong NativeCrypto_X509_get_pubkey(JNIEnv* env, jclass, jlong x509Ref, CO return 0; } - conscrypt::jniutil::throwExceptionIfNecessary(env, "X509_get_pubkey", + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "X509_get_pubkey", conscrypt::jniutil::throwInvalidKeyException); return 0; } @@ -5302,23 +5516,26 @@ static jlong NativeCrypto_X509_get_pubkey(JNIEnv* env, jclass, jlong x509Ref, CO } static jbyteArray NativeCrypto_X509_get_issuer_name(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_issuer_name(%p)", x509); return ASN1ToByteArray<X509_NAME>(env, X509_get_issuer_name(x509), i2d_X509_NAME); } static jbyteArray NativeCrypto_X509_get_subject_name(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_subject_name(%p)", x509); return ASN1ToByteArray<X509_NAME>(env, X509_get_subject_name(x509), i2d_X509_NAME); } static jstring NativeCrypto_get_X509_pubkey_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_pubkey_oid(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_pubkey_oid(%p) => x509 == null", x509); return nullptr; } @@ -5328,11 +5545,12 @@ static jstring NativeCrypto_get_X509_pubkey_oid(JNIEnv* env, jclass, jlong x509R } static jstring NativeCrypto_get_X509_sig_alg_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_sig_alg_oid(%p)", x509); if (x509 == nullptr || x509->sig_alg == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, + conscrypt::jniutil::throwNullPointerException(env, "x509 == null || x509->sig_alg == null"); JNI_TRACE("get_X509_sig_alg_oid(%p) => x509 == null", x509); return nullptr; @@ -5342,11 +5560,12 @@ static jstring NativeCrypto_get_X509_sig_alg_oid(JNIEnv* env, jclass, jlong x509 } static jbyteArray NativeCrypto_get_X509_sig_alg_parameter(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_sig_alg_parameter(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_sig_alg_parameter(%p) => x509 == null", x509); return nullptr; } @@ -5360,11 +5579,12 @@ static jbyteArray NativeCrypto_get_X509_sig_alg_parameter(JNIEnv* env, jclass, j } static jbooleanArray NativeCrypto_get_X509_issuerUID(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_issuerUID(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_issuerUID(%p) => x509 == null", x509); return nullptr; } @@ -5378,11 +5598,12 @@ static jbooleanArray NativeCrypto_get_X509_issuerUID(JNIEnv* env, jclass, jlong } static jbooleanArray NativeCrypto_get_X509_subjectUID(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_subjectUID(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_subjectUID(%p) => x509 == null", x509); return nullptr; } @@ -5396,11 +5617,12 @@ static jbooleanArray NativeCrypto_get_X509_subjectUID(JNIEnv* env, jclass, jlong } static jbooleanArray NativeCrypto_get_X509_ex_kusage(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_kusage(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_ex_kusage(%p) => x509 == null", x509); return nullptr; } @@ -5416,11 +5638,12 @@ static jbooleanArray NativeCrypto_get_X509_ex_kusage(JNIEnv* env, jclass, jlong } static jobjectArray NativeCrypto_get_X509_ex_xkusage(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_xkusage(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_ex_xkusage(%p) => x509 == null", x509); return nullptr; } @@ -5451,11 +5674,12 @@ static jobjectArray NativeCrypto_get_X509_ex_xkusage(JNIEnv* env, jclass, jlong } static jint NativeCrypto_get_X509_ex_pathlen(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_pathlen(%p)", x509); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509_ex_pathlen(%p) => x509 == null", x509); return 0; } @@ -5469,6 +5693,7 @@ static jint NativeCrypto_get_X509_ex_pathlen(JNIEnv* env, jclass, jlong x509Ref, static jbyteArray NativeCrypto_X509_get_ext_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_ext_oid(%p, %p)", x509, oidString); return X509Type_get_ext_oid<X509, X509_get_ext_by_OBJ, X509_get_ext>(env, x509, oidString); @@ -5476,6 +5701,7 @@ static jbyteArray NativeCrypto_X509_get_ext_oid(JNIEnv* env, jclass, jlong x509R static jbyteArray NativeCrypto_X509_CRL_get_ext_oid(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_ext_oid(%p, %p)", crl, oidString); return X509Type_get_ext_oid<X509_CRL, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext>(env, crl, @@ -5484,6 +5710,7 @@ static jbyteArray NativeCrypto_X509_CRL_get_ext_oid(JNIEnv* env, jclass, jlong x static jbyteArray NativeCrypto_X509_REVOKED_get_ext_oid(JNIEnv* env, jclass, jlong x509RevokedRef, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_ext_oid(%p, %p)", revoked, oidString); return X509Type_get_ext_oid<X509_REVOKED, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext>( @@ -5497,12 +5724,12 @@ static jobjectArray get_X509Type_ext_oids(JNIEnv* env, jlong x509Ref, jint criti JNI_TRACE("get_X509Type_ext_oids(%p, %d)", x509, critical); if (x509 == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509 == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509 == null"); JNI_TRACE("get_X509Type_ext_oids(%p, %d) => x509 == null", x509, critical); return nullptr; } if (member != nullptr && x509->*member == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "x509->*member == null"); + conscrypt::jniutil::throwNullPointerException(env, "x509->*member == null"); JNI_TRACE("get_X509Type_ext_oids(%p, %d) => x509->*member == null", x509, critical); return nullptr; } @@ -5542,6 +5769,7 @@ static jobjectArray get_X509Type_ext_oids(JNIEnv* env, jlong x509Ref, jint criti static jobjectArray NativeCrypto_get_X509_ext_oids(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_ext_oids(0x%llx, %d)", (long long)x509Ref, critical); return get_X509Type_ext_oids<X509, decltype(X509::cert_info), &X509::cert_info, @@ -5550,6 +5778,7 @@ static jobjectArray NativeCrypto_get_X509_ext_oids(JNIEnv* env, jclass, jlong x5 static jobjectArray NativeCrypto_get_X509_CRL_ext_oids(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_CRL_ext_oids(0x%llx, %d)", (long long)x509CrlRef, critical); return get_X509Type_ext_oids<X509_CRL, decltype(X509_CRL::crl), &X509_CRL::crl, @@ -5558,6 +5787,7 @@ static jobjectArray NativeCrypto_get_X509_CRL_ext_oids(JNIEnv* env, jclass, jlon static jobjectArray NativeCrypto_get_X509_REVOKED_ext_oids(JNIEnv* env, jclass, jlong x509RevokedRef, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_CRL_ext_oids(0x%llx, %d)", (long long)x509RevokedRef, critical); return get_X509Type_ext_oids<X509_REVOKED, decltype(X509_REVOKED::extensions), nullptr, @@ -6165,7 +6395,8 @@ static SSL_SESSION* server_session_requested_callback(SSL* ssl, const uint8_t* i return ssl_session_ptr; } -static jint NativeCrypto_EVP_has_aes_hardware(JNIEnv*, jclass) { +static jint NativeCrypto_EVP_has_aes_hardware(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; int ret = 0; ret = EVP_has_aes_hardware(); JNI_TRACE("EVP_has_aes_hardware => %d", ret); @@ -6229,9 +6460,10 @@ static const uint16_t kDefaultSignatureAlgorithms[] = { * public static native int SSL_CTX_new(); */ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; bssl::UniquePtr<SSL_CTX> sslCtx(SSL_CTX_new(TLS_with_buffers_method())); if (sslCtx.get() == nullptr) { - conscrypt::jniutil::throwExceptionIfNecessary(env, "SSL_CTX_new"); + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "SSL_CTX_new"); return 0; } SSL_CTX_set_options( @@ -6290,7 +6522,7 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { if (!SSL_CTX_set_signing_algorithm_prefs( sslCtx.get(), kDefaultSignatureAlgorithms, sizeof(kDefaultSignatureAlgorithms) / sizeof(kDefaultSignatureAlgorithms[0]))) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable set signing algorithms"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable set signing algorithms"); return 0; } @@ -6302,6 +6534,7 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { * public static native void SSL_CTX_free(long ssl_ctx) */ static void NativeCrypto_SSL_CTX_free(JNIEnv* env, jclass, jlong ssl_ctx_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_free", ssl_ctx); if (ssl_ctx == nullptr) { @@ -6312,6 +6545,7 @@ static void NativeCrypto_SSL_CTX_free(JNIEnv* env, jclass, jlong ssl_ctx_address static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlong ssl_ctx_address, jbyteArray sid_ctx) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_set_session_id_context sid_ctx=%p", ssl_ctx, sid_ctx); @@ -6328,7 +6562,7 @@ static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlo unsigned int length = static_cast<unsigned int>(buf.size()); if (length > SSL_MAX_SSL_SESSION_ID_LENGTH) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "length > SSL_MAX_SSL_SESSION_ID_LENGTH"); JNI_TRACE("NativeCrypto_SSL_CTX_set_session_id_context => length = %d", length); return; @@ -6336,7 +6570,7 @@ static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlo const unsigned char* bytes = reinterpret_cast<const unsigned char*>(buf.get()); int result = SSL_CTX_set_session_id_context(ssl_ctx, bytes, length); if (result == 0) { - conscrypt::jniutil::throwExceptionIfNecessary( + conscrypt::jniutil::throwExceptionFromBoringSSLError( env, "NativeCrypto_SSL_CTX_set_session_id_context"); return; } @@ -6345,6 +6579,7 @@ static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlo static jlong NativeCrypto_SSL_CTX_set_timeout(JNIEnv* env, jclass, jlong ssl_ctx_address, jlong seconds) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_set_timeout seconds=%d", ssl_ctx, (int)seconds); if (ssl_ctx == nullptr) { @@ -6358,6 +6593,7 @@ static jlong NativeCrypto_SSL_CTX_set_timeout(JNIEnv* env, jclass, jlong ssl_ctx * public static native int SSL_new(long ssl_ctx) throws SSLException; */ static jlong NativeCrypto_SSL_new(JNIEnv* env, jclass, jlong ssl_ctx_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_new", ssl_ctx); if (ssl_ctx == nullptr) { @@ -6390,8 +6626,9 @@ static jlong NativeCrypto_SSL_new(JNIEnv* env, jclass, jlong ssl_ctx_address) { } static void NativeCrypto_SSL_enable_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_enable_tls_channel_id", ssl); + JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_tls_channel_id", ssl); if (ssl == nullptr) { return; } @@ -6408,8 +6645,9 @@ static void NativeCrypto_SSL_enable_tls_channel_id(JNIEnv* env, jclass, jlong ss } static jbyteArray NativeCrypto_SSL_get_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_get_tls_channel_id", ssl); + JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_channel_id", ssl); if (ssl == nullptr) { return nullptr; } @@ -6440,12 +6678,13 @@ static jbyteArray NativeCrypto_SSL_get_tls_channel_id(JNIEnv* env, jclass, jlong return nullptr; } - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_get_tls_channel_id() => %p", ssl, javaBytes); + JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_channel_id() => %p", ssl, javaBytes); return javaBytes; } static void NativeCrypto_SSL_set1_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p SSL_set1_tls_channel_id privatekey=%p", ssl, pkeyRef); if (ssl == nullptr) { @@ -6475,6 +6714,7 @@ static void NativeCrypto_SSL_set1_tls_channel_id(JNIEnv* env, jclass, jlong ssl_ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray encodedCertificatesJava, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key certificates=%p, privateKey=%p", ssl, encodedCertificatesJava, pkeyRef); @@ -6482,19 +6722,19 @@ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong s return; } if (encodedCertificatesJava == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "certificates == null"); + conscrypt::jniutil::throwNullPointerException(env, "certificates == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key => certificates == null", ssl); return; } size_t numCerts = static_cast<size_t>(env->GetArrayLength(encodedCertificatesJava)); if (numCerts == 0) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "certificates.length == 0"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key => certificates.length == 0", ssl); return; } if (pkeyRef == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "privateKey == null"); + conscrypt::jniutil::throwNullPointerException(env, "privateKey == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key => privateKey == null", ssl); return; } @@ -6502,7 +6742,7 @@ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong s // Get the private key. EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); if (pkey == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "pkey == null"); + conscrypt::jniutil::throwNullPointerException(env, "pkey == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key => pkey == null", ssl); return; } @@ -6532,6 +6772,7 @@ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong s static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray principals) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list principals=%p", ssl, principals); if (ssl == nullptr) { @@ -6539,14 +6780,14 @@ static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_a } if (principals == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "principals == null"); + conscrypt::jniutil::throwNullPointerException(env, "principals == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals == null", ssl); return; } int length = env->GetArrayLength(principals); if (length == 0) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "principals.length == 0"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principals.length == 0", ssl); return; @@ -6554,7 +6795,7 @@ static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_a bssl::UniquePtr<STACK_OF(CRYPTO_BUFFER)> principalsStack(sk_CRYPTO_BUFFER_new_null()); if (principalsStack.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate principal stack"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate principal stack"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => stack allocation error", ssl); return; } @@ -6566,7 +6807,7 @@ static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_a return; } if (!sk_CRYPTO_BUFFER_push(principalsStack.get(), buf.get())) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to push principal"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to push principal"); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list => principal push error", ssl); return; } @@ -6581,6 +6822,7 @@ static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_a * public static native long SSL_set_mode(long ssl, long mode); */ static jlong NativeCrypto_SSL_set_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_set_mode mode=0x%llx", ssl, (long long)mode); @@ -6597,6 +6839,7 @@ static jlong NativeCrypto_SSL_set_mode(JNIEnv* env, jclass, jlong ssl_address, C * public static native long SSL_set_options(long ssl, long options); */ static jlong NativeCrypto_SSL_set_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong options) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_set_options options=0x%llx", ssl, (long long)options); @@ -6613,6 +6856,7 @@ static jlong NativeCrypto_SSL_set_options(JNIEnv* env, jclass, jlong ssl_address * public static native long SSL_clear_options(long ssl, long options); */ static jlong NativeCrypto_SSL_clear_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong options) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_options options=0x%llx", ssl, (long long)options); @@ -6629,6 +6873,7 @@ static jlong NativeCrypto_SSL_clear_options(JNIEnv* env, jclass, jlong ssl_addre * public static native void SSL_enable_signed_cert_timestamps(long ssl); */ static void NativeCrypto_SSL_enable_signed_cert_timestamps(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_signed_cert_timestamps", ssl); if (ssl == nullptr) { @@ -6643,6 +6888,7 @@ static void NativeCrypto_SSL_enable_signed_cert_timestamps(JNIEnv* env, jclass, */ static jbyteArray NativeCrypto_SSL_get_signed_cert_timestamp_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_signed_cert_timestamp_list", ssl); if (ssl == nullptr) { @@ -6670,6 +6916,7 @@ static jbyteArray NativeCrypto_SSL_get_signed_cert_timestamp_list(JNIEnv* env, j */ static void NativeCrypto_SSL_set_signed_cert_timestamp_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jbyteArray list) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_signed_cert_timestamp_list", ssl); if (ssl == nullptr) { @@ -6694,6 +6941,7 @@ static void NativeCrypto_SSL_set_signed_cert_timestamp_list(JNIEnv* env, jclass, * public static native void SSL_enable_ocsp_stapling(long ssl); */ static void NativeCrypto_SSL_enable_ocsp_stapling(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_ocsp_stapling", ssl); if (ssl == nullptr) { @@ -6707,6 +6955,7 @@ static void NativeCrypto_SSL_enable_ocsp_stapling(JNIEnv* env, jclass, jlong ssl * public static native byte[] SSL_get_ocsp_response(long ssl); */ static jbyteArray NativeCrypto_SSL_get_ocsp_response(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_ocsp_response", ssl); if (ssl == nullptr) { @@ -6740,6 +6989,7 @@ static jbyteArray NativeCrypto_SSL_get_ocsp_response(JNIEnv* env, jclass, jlong */ static void NativeCrypto_SSL_set_ocsp_response(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jbyteArray response) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_ocsp_response", ssl); if (ssl == nullptr) { @@ -6767,6 +7017,7 @@ static void NativeCrypto_SSL_set_ocsp_response(JNIEnv* env, jclass, jlong ssl_ad const size_t MAX_TLS_UNIQUE_LENGTH = 16; static jbyteArray NativeCrypto_SSL_get_tls_unique(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_unique", ssl); if (ssl == nullptr) { @@ -6797,6 +7048,7 @@ static jbyteArray NativeCrypto_SSL_get_tls_unique(JNIEnv* env, jclass, jlong ssl static void NativeCrypto_SSL_use_psk_identity_hint(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jstring identityHintJava) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_use_psk_identity_hint identityHint=%p", ssl, identityHintJava); @@ -6825,6 +7077,7 @@ static void NativeCrypto_SSL_use_psk_identity_hint(JNIEnv* env, jclass, jlong ss static void NativeCrypto_set_SSL_psk_client_callback_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_set_SSL_psk_client_callback_enabled(%d)", ssl, enabled); if (ssl == nullptr) { @@ -6836,6 +7089,7 @@ static void NativeCrypto_set_SSL_psk_client_callback_enabled(JNIEnv* env, jclass static void NativeCrypto_set_SSL_psk_server_callback_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_set_SSL_psk_server_callback_enabled(%d)", ssl, enabled); if (ssl == nullptr) { @@ -6846,6 +7100,7 @@ static void NativeCrypto_set_SSL_psk_server_callback_enabled(JNIEnv* env, jclass } static jlongArray NativeCrypto_SSL_get_ciphers(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_ciphers", ssl); if (ssl == nullptr) { @@ -6869,13 +7124,14 @@ static jlongArray NativeCrypto_SSL_get_ciphers(JNIEnv* env, jclass, jlong ssl_ad */ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray cipherSuites) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=%p", ssl, cipherSuites); if (ssl == nullptr) { return; } if (cipherSuites == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "cipherSuites == null"); + conscrypt::jniutil::throwNullPointerException(env, "cipherSuites == null"); return; } @@ -6894,8 +7150,9 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add ERR_clear_error(); if (sk_SSL_CIPHER_num(SSL_get_ciphers(ssl)) != 0) { JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=empty => error", ssl); - conscrypt::jniutil::jniThrowRuntimeException( + conscrypt::jniutil::throwRuntimeException( env, "SSL_set_cipher_list did not update ciphers!"); + ERR_clear_error(); } return; } @@ -6912,14 +7169,14 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add } if (cipherStringLen + 1 < cipherStringLen) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Overflow in cipher suite strings"); return; } cipherStringLen += 1; /* For the separating colon */ if (cipherStringLen + c.size() < cipherStringLen) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Overflow in cipher suite strings"); return; } @@ -6927,7 +7184,7 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add } if (cipherStringLen + 1 < cipherStringLen) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Overflow in cipher suite strings"); return; } @@ -6935,7 +7192,7 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add std::unique_ptr<char[]> cipherString(new char[cipherStringLen]); if (cipherString.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to alloc cipher string"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to alloc cipher string"); return; } memcpy(cipherString.get(), noSSLv2, strlen(noSSLv2)); @@ -6953,7 +7210,7 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add cipherString[j++] = 0; if (j != cipherStringLen) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Internal error"); return; } @@ -6961,13 +7218,14 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=%s", ssl, cipherString.get()); if (!SSL_set_cipher_list(ssl, cipherString.get())) { ERR_clear_error(); - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Illegal cipher suite strings."); return; } } static void NativeCrypto_SSL_set_accept_state(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_accept_state", ssl); if (ssl == nullptr) { @@ -6977,6 +7235,7 @@ static void NativeCrypto_SSL_set_accept_state(JNIEnv* env, jclass, jlong ssl_add } static void NativeCrypto_SSL_set_connect_state(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_connect_state", ssl); if (ssl == nullptr) { @@ -6989,6 +7248,7 @@ static void NativeCrypto_SSL_set_connect_state(JNIEnv* env, jclass, jlong ssl_ad * Sets certificate expectations, especially for server to request client auth */ static void NativeCrypto_SSL_set_verify(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jint mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_verify mode=%x", ssl, mode); if (ssl == nullptr) { @@ -7002,6 +7262,7 @@ static void NativeCrypto_SSL_set_verify(JNIEnv* env, jclass, jlong ssl_address, */ static void NativeCrypto_SSL_set_session(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session => exception", ssl); @@ -7035,6 +7296,7 @@ static void NativeCrypto_SSL_set_session(JNIEnv* env, jclass, jlong ssl_address, */ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean creation_enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session_creation_enabled creation_enabled=%d", ssl, creation_enabled); @@ -7050,6 +7312,7 @@ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass, j } static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused", ssl); if (ssl == nullptr) { @@ -7062,6 +7325,7 @@ static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_a } static void NativeCrypto_SSL_accept_renegotiations(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_accept_renegotiations", ssl); if (ssl == nullptr) { @@ -7073,6 +7337,7 @@ static void NativeCrypto_SSL_accept_renegotiations(JNIEnv* env, jclass, jlong ss static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jstring hostname) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_tlsext_host_name hostname=%p", ssl, hostname); if (ssl == nullptr) { @@ -7097,6 +7362,7 @@ static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass, jlong ssl } static jstring NativeCrypto_SSL_get_servername(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_servername", ssl); if (ssl == nullptr) { @@ -7211,6 +7477,7 @@ static int alpn_select_callback(SSL* ssl, const unsigned char** out, unsigned ch static jbyteArray NativeCrypto_getApplicationProtocol(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_getApplicationProtocol", ssl); if (ssl == nullptr) { @@ -7232,6 +7499,7 @@ static jbyteArray NativeCrypto_getApplicationProtocol(JNIEnv* env, jclass, static void NativeCrypto_setApplicationProtocols(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean client_mode, jbyteArray protocols) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return; @@ -7277,6 +7545,7 @@ static void NativeCrypto_setApplicationProtocols(JNIEnv* env, jclass, jlong ssl_ static void NativeCrypto_setApplicationProtocolSelector(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject selector) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_setApplicationProtocolSelector selector=%p", ssl, selector); if (ssl == nullptr) { @@ -7300,6 +7569,7 @@ static void NativeCrypto_setApplicationProtocolSelector(JNIEnv* env, jclass, jlo */ static void NativeCrypto_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jint timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake fd=%p shc=%p timeout_millis=%d", ssl, fdObject, shc, timeout_millis); @@ -7307,12 +7577,12 @@ static void NativeCrypto_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address return; } if (fdObject == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "fd == null"); + conscrypt::jniutil::throwNullPointerException(env, "fd == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake fd == null => exception", ssl); return; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake sslHandshakeCallbacks == null => exception", ssl); return; @@ -7459,6 +7729,7 @@ static void NativeCrypto_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address } static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_current_cipher", ssl); if (ssl == nullptr) { @@ -7475,6 +7746,7 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss } static jstring NativeCrypto_SSL_get_version(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_version", ssl); if (ssl == nullptr) { @@ -7487,6 +7759,7 @@ static jstring NativeCrypto_SSL_get_version(JNIEnv* env, jclass, jlong ssl_addre static jobjectArray NativeCrypto_SSL_get0_peer_certificates(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get0_peer_certificates", ssl); if (ssl == nullptr) { @@ -7642,6 +7915,7 @@ static int sslRead(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, char* b static jint NativeCrypto_SSL_read(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jbyteArray b, jint offset, jint len, jint read_timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE( "ssl=%p NativeCrypto_SSL_read fd=%p shc=%p b=%p offset=%d len=%d " @@ -7651,24 +7925,24 @@ static jint NativeCrypto_SSL_read(JNIEnv* env, jclass, jlong ssl_address, CONSCR return 0; } if (fdObject == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "fd == null"); + conscrypt::jniutil::throwNullPointerException(env, "fd == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_read => fd == null", ssl); return 0; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_read => sslHandshakeCallbacks == null", ssl); return 0; } if (b == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "b == null"); + conscrypt::jniutil::throwNullPointerException(env, "b == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_read => b == null", ssl); return 0; } size_t array_size = static_cast<size_t>(env->GetArrayLength(b)); if (ARRAY_CHUNK_INVALID(array_size, offset, len)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", "b"); + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "b"); JNI_TRACE("ssl=%p NativeCrypto_SSL_read => ArrayIndexOutOfBoundsException", ssl); return 0; } @@ -7693,7 +7967,7 @@ static jint NativeCrypto_SSL_read(JNIEnv* env, jclass, jlong ssl_address, CONSCR std::unique_ptr<jbyte[]> buf(new jbyte[static_cast<unsigned int>(buf_size)]); // TODO(flooey): Use new(std::nothrow). if (buf.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate chunk buffer"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate chunk buffer"); return 0; } // TODO(flooey): Fix cumulative read timeout? The effective timeout is the multiplied @@ -7917,6 +8191,7 @@ static int sslWrite(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, const static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jbyteArray b, jint offset, jint len, jint write_timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE( "ssl=%p NativeCrypto_SSL_write fd=%p shc=%p b=%p offset=%d len=%d " @@ -7926,24 +8201,24 @@ static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSC return; } if (fdObject == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "fd == null"); + conscrypt::jniutil::throwNullPointerException(env, "fd == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_write => fd == null", ssl); return; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_write => sslHandshakeCallbacks == null", ssl); return; } if (b == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "b == null"); + conscrypt::jniutil::throwNullPointerException(env, "b == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_write => b == null", ssl); return; } size_t array_size = static_cast<size_t>(env->GetArrayLength(b)); if (ARRAY_CHUNK_INVALID(array_size, offset, len)) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", "b"); + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "b"); JNI_TRACE("ssl=%p NativeCrypto_SSL_write => ArrayIndexOutOfBoundsException", ssl); return; } @@ -7962,7 +8237,7 @@ static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSC jint buf_size = (remaining >= 65536) ? 65536 : remaining; std::unique_ptr<jbyte[]> buf(new jbyte[static_cast<unsigned int>(buf_size)]); if (buf.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate chunk buffer"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate chunk buffer"); return; } while (remaining > 0) { @@ -8010,6 +8285,7 @@ static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSC * Interrupt any pending I/O before closing the socket. */ static void NativeCrypto_SSL_interrupt(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); JNI_TRACE("ssl=%p NativeCrypto_SSL_interrupt", ssl); if (ssl == nullptr) { @@ -8035,6 +8311,7 @@ static void NativeCrypto_SSL_interrupt(JNIEnv* env, jclass, jlong ssl_address, C */ static void NativeCrypto_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown fd=%p shc=%p", ssl, fdObject, shc); if (ssl == nullptr) { @@ -8044,7 +8321,7 @@ static void NativeCrypto_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CO return; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown => sslHandshakeCallbacks == null", ssl); return; } @@ -8109,6 +8386,7 @@ static void NativeCrypto_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CO } static jint NativeCrypto_SSL_get_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; const SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_shutdown", ssl); if (ssl == nullptr) { @@ -8124,6 +8402,7 @@ static jint NativeCrypto_SSL_get_shutdown(JNIEnv* env, jclass, jlong ssl_address * public static native void SSL_free(long ssl); */ static void NativeCrypto_SSL_free(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_free", ssl); if (ssl == nullptr) { @@ -8141,6 +8420,7 @@ static void NativeCrypto_SSL_free(JNIEnv* env, jclass, jlong ssl_address, CONSCR */ static jbyteArray NativeCrypto_SSL_SESSION_session_id(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_session_id", ssl_session); if (ssl_session == nullptr) { @@ -8163,6 +8443,7 @@ static jbyteArray NativeCrypto_SSL_SESSION_session_id(JNIEnv* env, jclass, * actual SSL session. */ static jlong NativeCrypto_SSL_SESSION_get_time(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_time", ssl_session); if (ssl_session == nullptr) { @@ -8182,6 +8463,7 @@ static jlong NativeCrypto_SSL_SESSION_get_time(JNIEnv* env, jclass, jlong ssl_se * actual SSL session. */ static jlong NativeCrypto_SSL_get_time(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_time", ssl); if (ssl == nullptr) { @@ -8206,6 +8488,7 @@ static jlong NativeCrypto_SSL_get_time(JNIEnv* env, jclass, jlong ssl_address, C * Sets the timeout on the SSL session. */ static jlong NativeCrypto_SSL_set_timeout(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_timeout", ssl); if (ssl == nullptr) { @@ -8230,6 +8513,7 @@ static jlong NativeCrypto_SSL_set_timeout(JNIEnv* env, jclass, jlong ssl_address * Gets the timeout for the SSL session. */ static jlong NativeCrypto_SSL_get_timeout(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_timeout", ssl); if (ssl == nullptr) { @@ -8254,6 +8538,7 @@ static jlong NativeCrypto_SSL_get_timeout(JNIEnv* env, jclass, jlong ssl_address * Gets the timeout for the SSL session. */ static jlong NativeCrypto_SSL_SESSION_get_timeout(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_timeout", ssl_session); if (ssl_session == nullptr) { @@ -8267,6 +8552,7 @@ static jlong NativeCrypto_SSL_SESSION_get_timeout(JNIEnv* env, jclass, jlong ssl * Gets the ID for the SSL session, or null if no session is currently available. */ static jbyteArray NativeCrypto_SSL_session_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_session_id", ssl); if (ssl == nullptr) { @@ -8297,6 +8583,7 @@ static jbyteArray NativeCrypto_SSL_session_id(JNIEnv* env, jclass, jlong ssl_add */ static jstring NativeCrypto_SSL_SESSION_get_version(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_version", ssl_session); if (ssl_session == nullptr) { @@ -8311,6 +8598,7 @@ static jstring NativeCrypto_SSL_SESSION_get_version(JNIEnv* env, jclass, * Gets and returns in a string the cipher negotiated for the SSL session. */ static jstring NativeCrypto_SSL_SESSION_cipher(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_cipher", ssl_session); if (ssl_session == nullptr) { @@ -8326,6 +8614,7 @@ static jstring NativeCrypto_SSL_SESSION_cipher(JNIEnv* env, jclass, jlong ssl_se * Increments the reference count of the session. */ static void NativeCrypto_SSL_SESSION_up_ref(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_up_ref", ssl_session); if (ssl_session == nullptr) { @@ -8338,6 +8627,7 @@ static void NativeCrypto_SSL_SESSION_up_ref(JNIEnv* env, jclass, jlong ssl_sessi * Frees the SSL session. */ static void NativeCrypto_SSL_SESSION_free(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_free", ssl_session); if (ssl_session == nullptr) { @@ -8352,6 +8642,7 @@ static void NativeCrypto_SSL_SESSION_free(JNIEnv* env, jclass, jlong ssl_session * See apache mod_ssl. */ static jbyteArray NativeCrypto_i2d_SSL_SESSION(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_i2d_SSL_SESSION", ssl_session); if (ssl_session == nullptr) { @@ -8364,6 +8655,7 @@ static jbyteArray NativeCrypto_i2d_SSL_SESSION(JNIEnv* env, jclass, jlong ssl_se * Deserialize the session. */ static jlong NativeCrypto_d2i_SSL_SESSION(JNIEnv* env, jclass, jbyteArray javaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_d2i_SSL_SESSION bytes=%p", javaBytes); ScopedByteArrayRO bytes(env, javaBytes); @@ -8377,8 +8669,10 @@ static jlong NativeCrypto_d2i_SSL_SESSION(JNIEnv* env, jclass, jbyteArray javaBy if (ssl_session == nullptr || ucp != (reinterpret_cast<const unsigned char*>(bytes.get()) + bytes.size())) { - if (!conscrypt::jniutil::throwExceptionIfNecessary(env, "d2i_SSL_SESSION", - conscrypt::jniutil::throwIOException)) { + if (ERR_peek_error() != 0) { + conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "d2i_SSL_SESSION", + conscrypt::jniutil::throwIOException); + } else { conscrypt::jniutil::throwIOException(env, "d2i_SSL_SESSION"); } JNI_TRACE("NativeCrypto_d2i_SSL_SESSION => failure to convert"); @@ -8394,6 +8688,7 @@ static jlong NativeCrypto_ERR_peek_last_error(JNIEnv*, jclass) { } static jstring NativeCrypto_SSL_CIPHER_get_kx_name(JNIEnv* env, jclass, jlong cipher_address) { + CHECK_ERROR_QUEUE_ON_RETURN; const SSL_CIPHER* cipher = to_SSL_CIPHER(env, cipher_address, true); const char* kx_name = nullptr; @@ -8403,9 +8698,10 @@ static jstring NativeCrypto_SSL_CIPHER_get_kx_name(JNIEnv* env, jclass, jlong ci } static jobjectArray NativeCrypto_get_cipher_names(JNIEnv* env, jclass, jstring selectorJava) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedUtfChars selector(env, selectorJava); if (selector.c_str() == nullptr) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "selector == null"); return nullptr; } @@ -8416,7 +8712,7 @@ static jobjectArray NativeCrypto_get_cipher_names(JNIEnv* env, jclass, jstring s bssl::UniquePtr<SSL> ssl(SSL_new(sslCtx.get())); if (!SSL_set_cipher_list(ssl.get(), selector.c_str())) { - conscrypt::jniutil::jniThrowException(env, "java/lang/IllegalArgumentException", + conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Unable to set SSL cipher list"); return nullptr; } @@ -8649,6 +8945,7 @@ static jbyteArray NativeCrypto_get_ocsp_single_extension(JNIEnv* env, jclass, jbyteArray ocspDataBytes, jstring oid, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jlong issuerX509Ref, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedByteArrayRO ocspData(env, ocspDataBytes); if (ocspData.get() == nullptr) { return nullptr; @@ -8706,6 +9003,7 @@ static jlong NativeCrypto_getDirectBufferAddress(JNIEnv* env, jclass, jobject bu } static jint NativeCrypto_SSL_get_error(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jint ret) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8718,6 +9016,7 @@ static void NativeCrypto_SSL_clear_error(JNIEnv*, jclass) { } static jint NativeCrypto_SSL_pending_readable_bytes(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8726,6 +9025,7 @@ static jint NativeCrypto_SSL_pending_readable_bytes(JNIEnv* env, jclass, jlong s } static jint NativeCrypto_SSL_pending_written_bytes_in_BIO(JNIEnv* env, jclass, jlong bio_address) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = to_SSL_BIO(env, bio_address, true); if (bio == nullptr) { return 0; @@ -8734,6 +9034,7 @@ static jint NativeCrypto_SSL_pending_written_bytes_in_BIO(JNIEnv* env, jclass, j } static jint NativeCrypto_SSL_max_seal_overhead(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8745,6 +9046,7 @@ static jint NativeCrypto_SSL_max_seal_overhead(JNIEnv* env, jclass, jlong ssl_ad * public static native int SSL_new_BIO(long ssl) throws SSLException; */ static jlong NativeCrypto_SSL_BIO_new(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_BIO_new", ssl); if (ssl == nullptr) { @@ -8768,6 +9070,7 @@ static jlong NativeCrypto_SSL_BIO_new(JNIEnv* env, jclass, jlong ssl_address, CO static jint NativeCrypto_ENGINE_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8775,7 +9078,7 @@ static jint NativeCrypto_ENGINE_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_ JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_do_handshake shc=%p", ssl, shc); if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_do_handshake => sslHandshakeCallbacks == null", ssl); return 0; @@ -8849,6 +9152,7 @@ static jint NativeCrypto_ENGINE_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_ } static void NativeCrypto_ENGINE_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); if (ssl == nullptr) { return; @@ -8856,7 +9160,7 @@ static void NativeCrypto_ENGINE_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_addr JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_shutdown", ssl); if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_shutdown => sslHandshakeCallbacks == null", ssl); return; } @@ -8914,6 +9218,7 @@ static void NativeCrypto_ENGINE_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_addr static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong address, jint length, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); char* destPtr = reinterpret_cast<char*>(address); if (ssl == nullptr) { @@ -8923,7 +9228,7 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a destPtr, length, shc); if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_read_direct => sslHandshakeCallbacks == null", ssl); return -1; @@ -8947,6 +9252,7 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a appData->clearCallbackState(); if (env->ExceptionCheck()) { // An exception was thrown by one of the callbacks. Just propagate that exception. + ERR_clear_error(); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_read_direct => THROWN_EXCEPTION", ssl); return -1; } @@ -8974,14 +9280,14 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a // TODO(nmittler): Can this happen with memory BIOs? // Connection closed without proper shutdown. Tell caller we // have reached end-of-stream. - conscrypt::jniutil::jniThrowException(env, "java/io/EOFException", "Read error"); + conscrypt::jniutil::throwException(env, "java/io/EOFException", "Read error"); break; } if (errno == EINTR) { // TODO(nmittler): Can this happen with memory BIOs? // System call has been interrupted. Simply retry. - conscrypt::jniutil::jniThrowException(env, "java/io/InterruptedIOException", + conscrypt::jniutil::throwException(env, "java/io/InterruptedIOException", "Read error"); break; } @@ -9005,12 +9311,13 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a static int NativeCrypto_ENGINE_SSL_write_BIO_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jlong address, jint len, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE( "ssl=%p NativeCrypto_ENGINE_SSL_write_BIO_direct => " "sslHandshakeCallbacks == null", @@ -9058,12 +9365,13 @@ static int NativeCrypto_ENGINE_SSL_write_BIO_direct(JNIEnv* env, jclass, jlong s static int NativeCrypto_ENGINE_SSL_write_BIO_heap(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jbyteArray sourceJava, jint sourceOffset, jint sourceLength, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_write_BIO_heap => sslHandshakeCallbacks == null", ssl); return -1; @@ -9087,7 +9395,7 @@ static int NativeCrypto_ENGINE_SSL_write_BIO_heap(JNIEnv* env, jclass, jlong ssl "ssl=%p NativeCrypto_ENGINE_SSL_write_BIO_heap => sourceOffset=%d, " "sourceLength=%d, size=%zd", ssl, sourceOffset, sourceLength, source.size()); - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", nullptr); return -1; } @@ -9122,12 +9430,13 @@ static int NativeCrypto_ENGINE_SSL_write_BIO_heap(JNIEnv* env, jclass, jlong ssl static int NativeCrypto_ENGINE_SSL_read_BIO_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jlong address, jint outputSize, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_read_BIO_direct => sslHandshakeCallbacks == null", ssl); return -1; @@ -9138,7 +9447,7 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_direct(JNIEnv* env, jclass, jlong ss } char* destPtr = reinterpret_cast<char*>(address); if (destPtr == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "destPtr == null"); + conscrypt::jniutil::throwNullPointerException(env, "destPtr == null"); return -1; } @@ -9171,12 +9480,13 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_direct(JNIEnv* env, jclass, jlong ss static int NativeCrypto_ENGINE_SSL_read_BIO_heap(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jbyteArray destJava, jint destOffset, jint destLength, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; } if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_read_BIO_heap => sslHandshakeCallbacks == null", ssl); return -1; @@ -9195,7 +9505,7 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_heap(JNIEnv* env, jclass, jlong ssl_ "ssl=%p NativeCrypto_ENGINE_SSL_read_BIO_heap => destOffset=%d, destLength=%d, " "size=%zd", ssl, destOffset, destLength, dest.size()); - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", nullptr); return -1; } @@ -9232,6 +9542,7 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_heap(JNIEnv* env, jclass, jlong ssl_ */ static int NativeCrypto_ENGINE_SSL_write_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong address, jint len, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); const char* sourcePtr = reinterpret_cast<const char*>(address); if (ssl == nullptr) { @@ -9240,7 +9551,7 @@ static int NativeCrypto_ENGINE_SSL_write_direct(JNIEnv* env, jclass, jlong ssl_a JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_write_direct address=%p length=%d shc=%p", ssl, sourcePtr, len, shc); if (shc == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "sslHandshakeCallbacks == null"); + conscrypt::jniutil::throwNullPointerException(env, "sslHandshakeCallbacks == null"); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_write_direct => sslHandshakeCallbacks == null", ssl); return -1; @@ -9272,11 +9583,12 @@ static int NativeCrypto_ENGINE_SSL_write_direct(JNIEnv* env, jclass, jlong ssl_a // TESTING METHODS BEGIN static int NativeCrypto_BIO_read(JNIEnv* env, jclass, jlong bioRef, jbyteArray outputJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_read(%p, %p)", bio, outputJavaBytes); if (outputJavaBytes == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "output == null"); + conscrypt::jniutil::throwNullPointerException(env, "output == null"); JNI_TRACE("BIO_read(%p, %p) => output == null", bio, outputJavaBytes); return 0; } @@ -9286,7 +9598,7 @@ static int NativeCrypto_BIO_read(JNIEnv* env, jclass, jlong bioRef, jbyteArray o std::unique_ptr<unsigned char[]> buffer( new unsigned char[static_cast<unsigned int>(outputSize)]); if (buffer.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate buffer for read"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for read"); return 0; } @@ -9304,17 +9616,18 @@ static int NativeCrypto_BIO_read(JNIEnv* env, jclass, jlong bioRef, jbyteArray o static void NativeCrypto_BIO_write(JNIEnv* env, jclass, jlong bioRef, jbyteArray inputJavaBytes, jint offset, jint length) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_write(%p, %p, %d, %d)", bio, inputJavaBytes, offset, length); if (inputJavaBytes == nullptr) { - conscrypt::jniutil::jniThrowNullPointerException(env, "input == null"); + conscrypt::jniutil::throwNullPointerException(env, "input == null"); return; } int inputSize = env->GetArrayLength(inputJavaBytes); if (offset < 0 || offset > inputSize || length < 0 || length > inputSize - offset) { - conscrypt::jniutil::jniThrowException(env, "java/lang/ArrayIndexOutOfBoundsException", + conscrypt::jniutil::throwException(env, "java/lang/ArrayIndexOutOfBoundsException", "inputJavaBytes"); JNI_TRACE("BIO_write(%p, %p, %d, %d) => IOOB", bio, inputJavaBytes, offset, length); return; @@ -9322,7 +9635,7 @@ static void NativeCrypto_BIO_write(JNIEnv* env, jclass, jlong bioRef, jbyteArray std::unique_ptr<unsigned char[]> buffer(new unsigned char[static_cast<unsigned int>(length)]); if (buffer.get() == nullptr) { - conscrypt::jniutil::jniThrowOutOfMemory(env, "Unable to allocate buffer for write"); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for write"); return; } @@ -9341,6 +9654,7 @@ static void NativeCrypto_BIO_write(JNIEnv* env, jclass, jlong bioRef, jbyteArray * public static native long SSL_clear_mode(long ssl, long mode); */ static jlong NativeCrypto_SSL_clear_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_mode mode=0x%llx", ssl, (long long)mode); @@ -9357,6 +9671,7 @@ static jlong NativeCrypto_SSL_clear_mode(JNIEnv* env, jclass, jlong ssl_address, * public static native long SSL_get_mode(long ssl); */ static jlong NativeCrypto_SSL_get_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_mode", ssl); if (ssl == nullptr) { @@ -9372,6 +9687,7 @@ static jlong NativeCrypto_SSL_get_mode(JNIEnv* env, jclass, jlong ssl_address, C * public static native long SSL_get_options(long ssl); */ static jlong NativeCrypto_SSL_get_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_options", ssl); if (ssl == nullptr) { @@ -9384,6 +9700,7 @@ static jlong NativeCrypto_SSL_get_options(JNIEnv* env, jclass, jlong ssl_address } static jlong NativeCrypto_SSL_get1_session(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; diff --git a/common/src/jni/main/include/conscrypt/jniutil.h b/common/src/jni/main/include/conscrypt/jniutil.h index bf1bbefe..92e3ea7e 100644 --- a/common/src/jni/main/include/conscrypt/jniutil.h +++ b/common/src/jni/main/include/conscrypt/jniutil.h @@ -146,25 +146,28 @@ extern bool isGetByteArrayElementsLikelyToReturnACopy(size_t size); * * Returns 0 on success, nonzero if something failed (e.g. the exception * class couldn't be found, so *an* exception will still be pending). - * - * Currently aborts the VM if it can't throw the exception. */ -extern int jniThrowException(JNIEnv* env, const char* className, const char* msg); +extern int throwException(JNIEnv* env, const char* className, const char* msg); /** * Throw a java.lang.RuntimeException, with an optional message. */ -extern int jniThrowRuntimeException(JNIEnv* env, const char* msg); +extern int throwRuntimeException(JNIEnv* env, const char* msg); + +/** + * Throw a java.lang.AssertionError, with an optional message. + */ +extern int throwAssertionError(JNIEnv* env, const char* msg); /* * Throw a java.lang.NullPointerException, with an optional message. */ -extern int jniThrowNullPointerException(JNIEnv* env, const char* msg); +extern int throwNullPointerException(JNIEnv* env, const char* msg); /** * Throws a OutOfMemoryError with the given string as a message. */ -extern int jniThrowOutOfMemory(JNIEnv* env, const char* message); +extern int throwOutOfMemory(JNIEnv* env, const char* message); /** * Throws a BadPaddingException with the given string as a message. @@ -219,14 +222,13 @@ extern int throwForX509Error(JNIEnv* env, int reason, const char* message, int (*defaultThrow)(JNIEnv*, const char*)); /* - * Checks this thread's OpenSSL error queue and throws a RuntimeException if - * necessary. - * - * @return true if an exception was thrown, false if not. + * Checks this thread's OpenSSL error stack and throws an appropriate exception + * type based on the type of error found. If no error is present, throws + * AssertionError. */ -extern bool throwExceptionIfNecessary(JNIEnv* env, const char* location, - int (*defaultThrow)(JNIEnv*, - const char*) = jniThrowRuntimeException); +extern void throwExceptionFromBoringSSLError(JNIEnv* env, const char* location, + int (*defaultThrow)(JNIEnv*, + const char*) = throwRuntimeException); /** * Throws an SocketTimeoutException with the given string as a message. @@ -262,6 +264,39 @@ extern int throwSSLExceptionWithSslErrors(JNIEnv* env, SSL* ssl, int sslErrorCod const char* message, int (*actualThrow)(JNIEnv*, const char*) = throwSSLExceptionStr); + +#ifdef CONSCRYPT_CHECK_ERROR_QUEUE +/** + * Class that checks that the error queue is empty on destruction. It should only be used + * via the macro CHECK_ERROR_QUEUE_ON_RETURN, which can be placed at the top of a function to + * ensure that the error queue is empty whenever the function exits. + */ +class ErrorQueueChecker { +public: + ErrorQueueChecker(JNIEnv* env) : env(env) {} + ~ErrorQueueChecker() { + if (ERR_peek_error() != 0) { + const char* file; + int line; + unsigned long error = ERR_get_error_line(&file, &line); + char message[256]; + ERR_error_string_n(error, message, sizeof(message)); + char result[500]; + snprintf(result, sizeof(result), "Error queue should have been empty but was (%s:%d) %s", file, line, message); + // If there's a pending exception, we want to throw the assertion error instead + env->ExceptionClear(); + throwAssertionError(env, result); + } + } +private: + JNIEnv* env; +}; + +#define CHECK_ERROR_QUEUE_ON_RETURN conscrypt::jniutil::ErrorQueueChecker __checker(env) +#else +#define CHECK_ERROR_QUEUE_ON_RETURN UNUSED_ARGUMENT(env) +#endif // CONSCRYPT_CHECK_ERROR_QUEUE + } // namespace jniutil } // namespace conscrypt diff --git a/common/src/jni/unbundled/include/NetFd.h b/common/src/jni/unbundled/include/NetFd.h index c2c79453..72a2b5d5 100644 --- a/common/src/jni/unbundled/include/NetFd.h +++ b/common/src/jni/unbundled/include/NetFd.h @@ -31,7 +31,7 @@ class NetFd { mFd = conscrypt::jniutil::jniGetFDFromFileDescriptor(mEnv, mFileDescriptor); bool closed = (mFd == -1); if (closed) { - conscrypt::jniutil::jniThrowException(mEnv, "java/net/SocketException", + conscrypt::jniutil::throwException(mEnv, "java/net/SocketException", "Socket closed"); } return closed; diff --git a/common/src/jni/unbundled/include/nativehelper/ScopedPrimitiveArray.h b/common/src/jni/unbundled/include/nativehelper/ScopedPrimitiveArray.h index f4ee0aba..c5e36de2 100644 --- a/common/src/jni/unbundled/include/nativehelper/ScopedPrimitiveArray.h +++ b/common/src/jni/unbundled/include/nativehelper/ScopedPrimitiveArray.h @@ -31,7 +31,7 @@ Scoped##NAME##ArrayRO(JNIEnv* env, PRIMITIVE_TYPE##Array javaArray) \ : mEnv(env), mJavaArray(javaArray), mRawArray(nullptr) { \ if (mJavaArray == nullptr) { \ - conscrypt::jniutil::jniThrowNullPointerException(mEnv, nullptr); \ + conscrypt::jniutil::throwNullPointerException(mEnv, nullptr); \ } else { \ mRawArray = mEnv->Get##NAME##ArrayElements(mJavaArray, nullptr); \ } \ @@ -89,7 +89,7 @@ INSTANTIATE_SCOPED_PRIMITIVE_ARRAY_RO(jshort, Short); Scoped##NAME##ArrayRW(JNIEnv* env, PRIMITIVE_TYPE##Array javaArray) \ : mEnv(env), mJavaArray(javaArray), mRawArray(nullptr) { \ if (mJavaArray == nullptr) { \ - conscrypt::jniutil::jniThrowNullPointerException(mEnv, nullptr); \ + conscrypt::jniutil::throwNullPointerException(mEnv, nullptr); \ } else { \ mRawArray = mEnv->Get##NAME##ArrayElements(mJavaArray, nullptr); \ } \ diff --git a/common/src/jni/unbundled/include/nativehelper/ScopedUtfChars.h b/common/src/jni/unbundled/include/nativehelper/ScopedUtfChars.h index 32ae7e93..30deea5d 100644 --- a/common/src/jni/unbundled/include/nativehelper/ScopedUtfChars.h +++ b/common/src/jni/unbundled/include/nativehelper/ScopedUtfChars.h @@ -34,7 +34,7 @@ class ScopedUtfChars { ScopedUtfChars(JNIEnv* env, jstring s) : env_(env), string_(s) { if (s == nullptr) { utf_chars_ = nullptr; - conscrypt::jniutil::jniThrowNullPointerException(env, nullptr); + conscrypt::jniutil::throwNullPointerException(env, nullptr); } else { utf_chars_ = env->GetStringUTFChars(s, nullptr); } diff --git a/openjdk/build.gradle b/openjdk/build.gradle index 22e8af37..3f67c5a1 100644 --- a/openjdk/build.gradle +++ b/openjdk/build.gradle @@ -357,6 +357,10 @@ model { "-I$jdkIncludeDir/linux", "-I$jdkIncludeDir/darwin", "-I$jdkIncludeDir/win32" + if (rootProject.hasProperty('checkErrorQueue')) { + System.out.println("Compiling with error queue checking enabled") + cppCompiler.define "CONSCRYPT_CHECK_ERROR_QUEUE" + } // Static link to BoringSSL linker.args "-O3", diff --git a/openjdk/src/test/java/org/conscrypt/AbstractSessionContextTest.java b/openjdk/src/test/java/org/conscrypt/AbstractSessionContextTest.java index 68b7f14d..94326ebf 100644 --- a/openjdk/src/test/java/org/conscrypt/AbstractSessionContextTest.java +++ b/openjdk/src/test/java/org/conscrypt/AbstractSessionContextTest.java @@ -117,13 +117,13 @@ public abstract class AbstractSessionContextTest<T extends AbstractSessionContex } private void assertSessionContextContents( - NativeSslSession[] contains, NativeSslSession[] exludes) { + NativeSslSession[] contains, NativeSslSession[] excludes) { assertEquals(contains.length, size(context)); for (NativeSslSession s : contains) { assertSame(s.getPeerHost(), s, getCachedSession(context, s)); } - for (NativeSslSession s : exludes) { + for (NativeSslSession s : excludes) { assertNull(s.getPeerHost(), getCachedSession(context, s)); } } |