diff options
| author | Adam Vartanian <flooey@gmail.com> | 2018-02-13 15:35:15 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-02-13 15:35:15 +0000 |
| commit | 3e48a0c1a22286405faca7c7892b750bff42d0f0 (patch) | |
| tree | aef61c84d36f8fe8896c96941d545d0460bd4019 | |
| parent | be361cf9ce25c704982422ef47c4f4354daf3d9f (diff) | |
| download | conscrypt-3e48a0c1a22286405faca7c7892b750bff42d0f0.tar.gz | |
Add compile option for checking error queue. (#416)
We need to ensure that the BoringSSL error stack is clear when
returning from native functions, otherwise a later function might
inspect the error stack and interpret it incorrectly.
Adds the compile option CONSCRYPT_CHECK_ERROR_QUEUE which enables the
macro CHECK_ERROR_QUEUE_ON_RETURN. That macro, when enabled, creates
a class that checks the error queue is empty in its destructor. The
macro has been added to almost every native method called from Java,
enforcing that the error queue is empty when we return from native
code back to Java code.
Adds the gradle property checkErrorQueue to enable the code and adds
it to the Travis config.
Also fixes a couple places found by this checking that we were failing
to clear the error queue after handling errors.
| -rw-r--r-- | .travis.yml | 4 | ||||
| -rw-r--r-- | common/src/jni/main/cpp/conscrypt/native_crypto.cc | 332 | ||||
| -rw-r--r-- | common/src/jni/main/include/conscrypt/jniutil.h | 33 | ||||
| -rw-r--r-- | openjdk/build.gradle | 4 |
4 files changed, 355 insertions, 18 deletions
diff --git a/.travis.yml b/.travis.yml index 431f9699..75104831 100644 --- a/.travis.yml +++ b/.travis.yml @@ -112,7 +112,7 @@ script: git rev-list $(git merge-base HEAD origin/master)..HEAD | xargs -i git diff-tree --no-commit-id --name-only -r {} | grep -E '\.java$' | xargs -r git ls-files | xargs -r java -jar $HOME/gjf.jar -a -i --fix-imports-only && git diff --exit-code || { git reset --hard; false; } fi - - ./gradlew build + - ./gradlew build -PcheckErrorQueue # Also test with Java 6 on linux - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TRAVIS_PULL_REQUEST" != "false" ]]; @@ -121,7 +121,7 @@ script: fi - if [[ "$TRAVIS_OS_NAME" == "linux" && "$TRAVIS_PULL_REQUEST" != "false" ]]; then - ./gradlew check -DjavaExecutable64=${JAVA6_HOME}/bin/java; + ./gradlew check -DjavaExecutable64=${JAVA6_HOME}/bin/java -PcheckErrorQueue; fi after_script: diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index b8e70909..bd815876 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -183,6 +183,7 @@ static bool arrayToBignum(JNIEnv* env, jbyteArray source, BIGNUM** dest) { BIGNUM* ret = BN_bin2bn(tmp, tmpSize, *dest); if (ret == nullptr) { conscrypt::jniutil::throwRuntimeException(env, "Conversion to BIGNUM failed"); + ERR_clear_error(); JNI_TRACE("arrayToBignum(%p, %p) => threw exception", source, dest); return false; } @@ -324,6 +325,7 @@ jbyteArray CBBToByteArray(JNIEnv* env, CBB* cbb) { size_t len; if (!CBB_finish(cbb, &data, &len)) { conscrypt::jniutil::throwRuntimeException(env, "CBB_finish failed"); + ERR_clear_error(); JNI_TRACE("creating byte array failed"); return nullptr; } @@ -847,6 +849,7 @@ static void NativeCrypto_clinit(JNIEnv*, jclass) { static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jbyteArray e, jbyteArray d, jbyteArray p, jbyteArray q, jbyteArray dmp1, jbyteArray dmq1, jbyteArray iqmp) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_new_RSA(n=%p, e=%p, d=%p, p=%p, q=%p, dmp1=%p, dmq1=%p, iqmp=%p)", n, e, d, p, q, dmp1, dmq1, iqmp); @@ -927,6 +930,7 @@ static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jb } if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_new failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(rsa); @@ -937,6 +941,7 @@ static jlong NativeCrypto_EVP_PKEY_new_RSA(JNIEnv* env, jclass, jbyteArray n, jb static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject groupRef, jobject pubkeyRef, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_new_EC_KEY(%p, %p, %p)", groupRef, pubkeyRef, keyJavaBytes); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); if (group == nullptr) { @@ -1012,6 +1017,7 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group if (EVP_PKEY_assign_EC_KEY(pkey.get(), eckey.get()) != 1) { JNI_TRACE("EVP_PKEY_new_EC(%p, %p, %p) => threw error", group, pubkey, keyJavaBytes); conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(eckey); @@ -1021,6 +1027,7 @@ static jlong NativeCrypto_EVP_PKEY_new_EC_KEY(JNIEnv* env, jclass, jobject group } static int NativeCrypto_EVP_PKEY_type(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_PKEY_type(%p)", pkey); @@ -1066,14 +1073,17 @@ static jstring evp_print_func(JNIEnv* env, jobject pkeyRef, print_func* func, } static jstring NativeCrypto_EVP_PKEY_print_public(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_print_func(env, pkeyRef, EVP_PKEY_print_public, "EVP_PKEY_print_public"); } static jstring NativeCrypto_EVP_PKEY_print_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_print_func(env, pkeyRef, EVP_PKEY_print_params, "EVP_PKEY_print_params"); } -static void NativeCrypto_EVP_PKEY_free(JNIEnv*, jclass, jlong pkeyRef) { +static void NativeCrypto_EVP_PKEY_free(JNIEnv* env, jclass, jlong pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = reinterpret_cast<EVP_PKEY*>(pkeyRef); JNI_TRACE("EVP_PKEY_free(%p)", pkey); @@ -1083,6 +1093,7 @@ static void NativeCrypto_EVP_PKEY_free(JNIEnv*, jclass, jlong pkeyRef) { } static jint NativeCrypto_EVP_PKEY_cmp(JNIEnv* env, jclass, jobject pkey1Ref, jobject pkey2Ref) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_cmp(%p, %p)", pkey1Ref, pkey2Ref); EVP_PKEY* pkey1 = fromContextObject<EVP_PKEY>(env, pkey1Ref); if (pkey1 == nullptr) { @@ -1105,6 +1116,7 @@ static jint NativeCrypto_EVP_PKEY_cmp(JNIEnv* env, jclass, jobject pkey1Ref, job * static native byte[] EVP_marshal_private_key(long) */ static jbyteArray NativeCrypto_EVP_marshal_private_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_marshal_private_key(%p)", pkey); @@ -1132,6 +1144,7 @@ static jbyteArray NativeCrypto_EVP_marshal_private_key(JNIEnv* env, jclass, jobj * static native long EVP_parse_private_key(byte[]) */ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_parse_private_key(%p)", keyJavaBytes); ScopedByteArrayRO bytes(env, keyJavaBytes); @@ -1148,6 +1161,7 @@ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray // so we do the same for compatibility. if (!pkey) { conscrypt::jniutil::throwParsingException(env, "Error parsing private key"); + ERR_clear_error(); JNI_TRACE("bytes=%p EVP_parse_private_key => threw exception", keyJavaBytes); return 0; } @@ -1160,6 +1174,7 @@ static jlong NativeCrypto_EVP_parse_private_key(JNIEnv* env, jclass, jbyteArray * static native byte[] EVP_marshal_public_key(long) */ static jbyteArray NativeCrypto_EVP_marshal_public_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EVP_marshal_public_key(%p)", pkey); @@ -1187,6 +1202,7 @@ static jbyteArray NativeCrypto_EVP_marshal_public_key(JNIEnv* env, jclass, jobje * static native long EVP_parse_public_key(byte[]) */ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray keyJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_parse_public_key(%p)", keyJavaBytes); ScopedByteArrayRO bytes(env, keyJavaBytes); @@ -1203,6 +1219,7 @@ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray k // so we do the same for compatibility. if (!pkey) { conscrypt::jniutil::throwParsingException(env, "Error parsing public key"); + ERR_clear_error(); JNI_TRACE("bytes=%p EVP_parse_public_key => threw exception", keyJavaBytes); return 0; } @@ -1213,6 +1230,7 @@ static jlong NativeCrypto_EVP_parse_public_key(JNIEnv* env, jclass, jbyteArray k static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject javaKey, jbyteArray modulusBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("getRSAPrivateKeyWrapper(%p, %p)", javaKey, modulusBytes); size_t cached_size; @@ -1245,6 +1263,7 @@ static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject j if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { conscrypt::jniutil::throwRuntimeException(env, "getRSAPrivateKeyWrapper failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(rsa); @@ -1253,6 +1272,7 @@ static jlong NativeCrypto_getRSAPrivateKeyWrapper(JNIEnv* env, jclass, jobject j static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject javaKey, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("getECPrivateKeyWrapper(%p, %p)", javaKey, group); if (group == nullptr) { @@ -1280,6 +1300,7 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja env->DeleteGlobalRef(ex_data->private_key); delete ex_data; conscrypt::jniutil::throwRuntimeException(env, "EC_KEY_set_ex_data"); + ERR_clear_error(); return 0; } @@ -1294,6 +1315,7 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja if (EVP_PKEY_assign_EC_KEY(pkey.get(), ecKey.get()) != 1) { conscrypt::jniutil::throwRuntimeException(env, "getECPrivateKeyWrapper failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(ecKey); @@ -1305,6 +1327,7 @@ static jlong NativeCrypto_getECPrivateKeyWrapper(JNIEnv* env, jclass, jobject ja */ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusBits, jbyteArray publicExponent) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("RSA_generate_key_ex(%d, %p)", modulusBits, publicExponent); BIGNUM* eRef = nullptr; @@ -1332,6 +1355,7 @@ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusB if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { conscrypt::jniutil::throwRuntimeException(env, "RSA_generate_key_ex failed"); + ERR_clear_error(); return 0; } @@ -1341,6 +1365,7 @@ static jlong NativeCrypto_RSA_generate_key_ex(JNIEnv* env, jclass, jint modulusB } static jint NativeCrypto_RSA_size(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("RSA_size(%p)", pkey); @@ -1351,6 +1376,7 @@ static jint NativeCrypto_RSA_size(JNIEnv* env, jclass, jobject pkeyRef) { bssl::UniquePtr<RSA> rsa(EVP_PKEY_get1_RSA(pkey)); if (rsa.get() == nullptr) { conscrypt::jniutil::throwRuntimeException(env, "RSA_size failed"); + ERR_clear_error(); return 0; } @@ -1363,6 +1389,7 @@ typedef int RSACryptOperation(size_t flen, const unsigned char* from, unsigned c static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, JNIEnv* env, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("%s(%d, %p, %p, %p)", caller, flen, fromJavaBytes, toJavaBytes, pkey); @@ -1394,6 +1421,7 @@ static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, JNI_TRACE("%s => threw error", caller); } else { conscrypt::jniutil::throwBadPaddingException(env, caller); + ERR_clear_error(); JNI_TRACE("%s => threw padding exception", caller); } return -1; @@ -1407,24 +1435,28 @@ static jint RSA_crypt_operation(RSACryptOperation operation, const char* caller, static jint NativeCrypto_RSA_private_encrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_private_encrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_public_decrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_public_decrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_public_encrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_public_encrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } static jint NativeCrypto_RSA_private_decrypt(JNIEnv* env, jclass, jint flen, jbyteArray fromJavaBytes, jbyteArray toJavaBytes, jobject pkeyRef, jint padding) { + CHECK_ERROR_QUEUE_ON_RETURN; return RSA_crypt_operation(RSA_private_decrypt, __FUNCTION__, env, flen, fromJavaBytes, toJavaBytes, pkeyRef, padding); } @@ -1433,6 +1465,7 @@ static jint NativeCrypto_RSA_private_decrypt(JNIEnv* env, jclass, jint flen, * public static native byte[][] get_RSA_public_params(long); */ static jobjectArray NativeCrypto_get_RSA_public_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("get_RSA_public_params(%p)", pkey); @@ -1470,6 +1503,7 @@ static jobjectArray NativeCrypto_get_RSA_public_params(JNIEnv* env, jclass, jobj * public static native byte[][] get_RSA_private_params(long); */ static jobjectArray NativeCrypto_get_RSA_private_params(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("get_RSA_public_params(%p)", pkey); @@ -1556,6 +1590,7 @@ static jobjectArray NativeCrypto_get_RSA_private_params(JNIEnv* env, jclass, job static void NativeCrypto_chacha20_encrypt_decrypt(JNIEnv* env, jclass, jbyteArray inBytes, jint inOffset, jbyteArray outBytes, jint outOffset, jint length, jbyteArray keyBytes, jbyteArray nonceBytes, jint blockCounter) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("chacha20_encrypt_decrypt"); ScopedByteArrayRO in(env, inBytes); if (in.get() == nullptr) { @@ -1588,6 +1623,7 @@ static void NativeCrypto_chacha20_encrypt_decrypt(JNIEnv* env, jclass, jbyteArra } static jlong NativeCrypto_EC_GROUP_new_by_curve_name(JNIEnv* env, jclass, jstring curveNameJava) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_GROUP_new_by_curve_name(%p)", curveNameJava); ScopedUtfChars curveName(env, curveNameJava); @@ -1617,6 +1653,7 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray jbyteArray aBytes, jbyteArray bBytes, jbyteArray xBytes, jbyteArray yBytes, jbyteArray orderBytes, jint cofactorInt) { + CHECK_ERROR_QUEUE_ON_RETURN; BIGNUM *p = nullptr, *a = nullptr, *b = nullptr, *x = nullptr, *y = nullptr; BIGNUM *order = nullptr, *cofactor = nullptr; @@ -1686,6 +1723,7 @@ static jlong NativeCrypto_EC_GROUP_new_arbitrary(JNIEnv* env, jclass, jbyteArray } static jstring NativeCrypto_EC_GROUP_get_curve_name(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_curve_name(%p)", group); @@ -1706,6 +1744,7 @@ static jstring NativeCrypto_EC_GROUP_get_curve_name(JNIEnv* env, jclass, jobject } static jobjectArray NativeCrypto_EC_GROUP_get_curve(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_curve(%p)", group); if (group == nullptr) { @@ -1751,6 +1790,7 @@ static jobjectArray NativeCrypto_EC_GROUP_get_curve(JNIEnv* env, jclass, jobject } static jbyteArray NativeCrypto_EC_GROUP_get_order(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_order(%p)", group); if (group == nullptr) { @@ -1780,6 +1820,7 @@ static jbyteArray NativeCrypto_EC_GROUP_get_order(JNIEnv* env, jclass, jobject g } static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_degree(%p)", group); if (group == nullptr) { @@ -1790,6 +1831,7 @@ static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupR if (degree == 0) { JNI_TRACE("EC_GROUP_get_degree(%p) => unsupported", group); conscrypt::jniutil::throwRuntimeException(env, "not supported"); + ERR_clear_error(); return 0; } @@ -1798,6 +1840,7 @@ static jint NativeCrypto_EC_GROUP_get_degree(JNIEnv* env, jclass, jobject groupR } static jbyteArray NativeCrypto_EC_GROUP_get_cofactor(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_cofactor(%p)", group); if (group == nullptr) { @@ -1827,6 +1870,7 @@ static jbyteArray NativeCrypto_EC_GROUP_get_cofactor(JNIEnv* env, jclass, jobjec } static void NativeCrypto_EC_GROUP_clear_free(JNIEnv* env, jclass, jlong groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_GROUP* group = reinterpret_cast<EC_GROUP*>(groupRef); JNI_TRACE("EC_GROUP_clear_free(%p)", group); @@ -1841,6 +1885,7 @@ static void NativeCrypto_EC_GROUP_clear_free(JNIEnv* env, jclass, jlong groupRef } static jlong NativeCrypto_EC_GROUP_get_generator(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_GROUP_get_generator(%p)", group); @@ -1863,6 +1908,7 @@ static jlong NativeCrypto_EC_GROUP_get_generator(JNIEnv* env, jclass, jobject gr } static jlong NativeCrypto_EC_POINT_new(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_POINT_new(%p)", group); @@ -1881,6 +1927,7 @@ static jlong NativeCrypto_EC_POINT_new(JNIEnv* env, jclass, jobject groupRef) { } static void NativeCrypto_EC_POINT_clear_free(JNIEnv* env, jclass, jlong groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EC_POINT* group = reinterpret_cast<EC_POINT*>(groupRef); JNI_TRACE("EC_POINT_clear_free(%p)", group); @@ -1897,6 +1944,7 @@ static void NativeCrypto_EC_POINT_clear_free(JNIEnv* env, jclass, jlong groupRef static void NativeCrypto_EC_POINT_set_affine_coordinates(JNIEnv* env, jclass, jobject groupRef, jobject pointRef, jbyteArray xjavaBytes, jbyteArray yjavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_POINT_set_affine_coordinates(%p, %p, %p, %p)", groupRef, pointRef, xjavaBytes, yjavaBytes); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); @@ -1935,6 +1983,7 @@ static void NativeCrypto_EC_POINT_set_affine_coordinates(JNIEnv* env, jclass, jo static jobjectArray NativeCrypto_EC_POINT_get_affine_coordinates(JNIEnv* env, jclass, jobject groupRef, jobject pointRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_POINT_get_affine_coordinates(%p, %p)", groupRef, pointRef); const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); if (group == nullptr) { @@ -1978,6 +2027,7 @@ static jobjectArray NativeCrypto_EC_POINT_get_affine_coordinates(JNIEnv* env, jc } static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_KEY_generate_key(%p)", group); if (group == nullptr) { @@ -2011,6 +2061,7 @@ static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject group } if (EVP_PKEY_assign_EC_KEY(pkey.get(), eckey.get()) != 1) { conscrypt::jniutil::throwRuntimeException(env, "EVP_PKEY_assign_EC_KEY failed"); + ERR_clear_error(); return 0; } OWNERSHIP_TRANSFERRED(eckey); @@ -2020,6 +2071,7 @@ static jlong NativeCrypto_EC_KEY_generate_key(JNIEnv* env, jclass, jobject group } static jlong NativeCrypto_EC_KEY_get1_group(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get1_group(%p)", pkey); @@ -2041,6 +2093,7 @@ static jlong NativeCrypto_EC_KEY_get1_group(JNIEnv* env, jclass, jobject pkeyRef } static jbyteArray NativeCrypto_EC_KEY_get_private_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get_private_key(%p)", pkey); @@ -2068,6 +2121,7 @@ static jbyteArray NativeCrypto_EC_KEY_get_private_key(JNIEnv* env, jclass, jobje } static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("EC_KEY_get_public_key(%p)", pkey); @@ -2087,6 +2141,7 @@ static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pke if (dup.get() == nullptr) { JNI_TRACE("EC_KEY_get_public_key(%p) => can't dup public key", pkey); conscrypt::jniutil::throwRuntimeException(env, "EC_POINT_dup"); + ERR_clear_error(); return 0; } @@ -2095,6 +2150,7 @@ static jlong NativeCrypto_EC_KEY_get_public_key(JNIEnv* env, jclass, jobject pke } static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jobject groupRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EC_GROUP* group = fromContextObject<EC_GROUP>(env, groupRef); JNI_TRACE("EC_KEY_marshal_curve_name(%p)", group); if (group == nullptr) { @@ -2111,6 +2167,7 @@ static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jo if (!EC_KEY_marshal_curve_name(cbb.get(), group)) { conscrypt::jniutil::throwIOException(env, "Error writing ASN.1 encoding"); + ERR_clear_error(); JNI_TRACE("group=%p EC_KEY_marshal_curve_name => error", group); return nullptr; } @@ -2119,6 +2176,7 @@ static jbyteArray NativeCrypto_EC_KEY_marshal_curve_name(JNIEnv* env, jclass, jo } static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArray curveNameBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EC_KEY_parse_curve_name(%p)", curveNameBytes); ScopedByteArrayRO bytes(env, curveNameBytes); @@ -2133,6 +2191,7 @@ static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArra bssl::UniquePtr<EC_GROUP> group(EC_KEY_parse_curve_name(&cbs)); if (!group || CBS_len(&cbs) != 0) { conscrypt::jniutil::throwIOException(env, "Error reading ASN.1 encoding"); + ERR_clear_error(); JNI_TRACE("bytes=%p EC_KEY_parse_curve_name => threw exception", curveNameBytes); return 0; } @@ -2143,6 +2202,7 @@ static jlong NativeCrypto_EC_KEY_parse_curve_name(JNIEnv* env, jclass, jbyteArra static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArray, jint outOffset, jobject pubkeyRef, jobject privkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("ECDH_compute_key(%p, %d, %p, %p)", outArray, outOffset, pubkeyRef, privkeyRef); EVP_PKEY* pubPkey = fromContextObject<EVP_PKEY>(env, pubkeyRef); if (pubPkey == nullptr) { @@ -2219,6 +2279,7 @@ static jint NativeCrypto_ECDH_compute_key(JNIEnv* env, jclass, jbyteArray outArr } static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_size(%p)", pkey); @@ -2229,6 +2290,7 @@ static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { bssl::UniquePtr<EC_KEY> ec_key(EVP_PKEY_get1_EC_KEY(pkey)); if (ec_key.get() == nullptr) { conscrypt::jniutil::throwRuntimeException(env, "ECDSA_size failed"); + ERR_clear_error(); return 0; } @@ -2240,6 +2302,7 @@ static jint NativeCrypto_ECDSA_size(JNIEnv* env, jclass, jobject pkeyRef) { static jint NativeCrypto_ECDSA_sign(JNIEnv* env, jclass, jbyteArray data, jbyteArray sig, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_sign(%p, %p, %p)", data, sig, pkey); @@ -2280,6 +2343,7 @@ static jint NativeCrypto_ECDSA_sign(JNIEnv* env, jclass, jbyteArray data, jbyteA static jint NativeCrypto_ECDSA_verify(JNIEnv* env, jclass, jbyteArray data, jbyteArray sig, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("ECDSA_verify(%p, %p, %p)", data, sig, pkey); @@ -2331,6 +2395,7 @@ static jint NativeCrypto_ECDSA_verify(JNIEnv* env, jclass, jbyteArray data, jbyt } static jlong NativeCrypto_EVP_MD_CTX_create(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE_MD("EVP_MD_CTX_create()"); bssl::UniquePtr<EVP_MD_CTX> ctx(EVP_MD_CTX_create()); @@ -2344,6 +2409,7 @@ static jlong NativeCrypto_EVP_MD_CTX_create(JNIEnv* env, jclass) { } static void NativeCrypto_EVP_MD_CTX_cleanup(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, ctxRef); JNI_TRACE_MD("EVP_MD_CTX_cleanup(%p)", ctx); @@ -2352,7 +2418,8 @@ static void NativeCrypto_EVP_MD_CTX_cleanup(JNIEnv* env, jclass, jobject ctxRef) } } -static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv*, jclass, jlong ctxRef) { +static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv* env, jclass, jlong ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = reinterpret_cast<EVP_MD_CTX*>(ctxRef); JNI_TRACE_MD("EVP_MD_CTX_destroy(%p)", ctx); @@ -2363,6 +2430,7 @@ static void NativeCrypto_EVP_MD_CTX_destroy(JNIEnv*, jclass, jlong ctxRef) { static jint NativeCrypto_EVP_MD_CTX_copy_ex(JNIEnv* env, jclass, jobject dstCtxRef, jobject srcCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE_MD("EVP_MD_CTX_copy_ex(%p. %p)", dstCtxRef, srcCtxRef); EVP_MD_CTX* dst_ctx = fromContextObject<EVP_MD_CTX>(env, dstCtxRef); if (dst_ctx == nullptr) { @@ -2391,6 +2459,7 @@ static jint NativeCrypto_EVP_MD_CTX_copy_ex(JNIEnv* env, jclass, jobject dstCtxR */ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, jbyteArray hash, jint offset) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, ctxRef); JNI_TRACE_MD("EVP_DigestFinal_ex(%p, %p, %d)", ctx, hash, offset); @@ -2420,6 +2489,7 @@ static jint NativeCrypto_EVP_DigestFinal_ex(JNIEnv* env, jclass, jobject ctxRef, static jint NativeCrypto_EVP_DigestInit_ex(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* ctx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); const EVP_MD* evp_md = reinterpret_cast<const EVP_MD*>(evpMdRef); JNI_TRACE_MD("EVP_DigestInit_ex(%p, %p)", ctx, evp_md); @@ -2448,6 +2518,7 @@ static jint NativeCrypto_EVP_DigestInit_ex(JNIEnv* env, jclass, jobject evpMdCtx * public static native int EVP_get_digestbyname(java.lang.String) */ static jlong NativeCrypto_EVP_get_digestbyname(JNIEnv* env, jclass, jstring algorithm) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_EVP_get_digestbyname(%p)", algorithm); if (algorithm == nullptr) { @@ -2491,6 +2562,7 @@ static jlong NativeCrypto_EVP_get_digestbyname(JNIEnv* env, jclass, jstring algo * public static native int EVP_MD_size(long) */ static jint NativeCrypto_EVP_MD_size(JNIEnv* env, jclass, jlong evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD* evp_md = reinterpret_cast<EVP_MD*>(evpMdRef); JNI_TRACE("NativeCrypto_EVP_MD_size(%p)", evp_md); @@ -2541,12 +2613,14 @@ static jlong evpDigestSignVerifyInit(JNIEnv* env, static jlong NativeCrypto_EVP_DigestSignInit(JNIEnv* env, jclass, jobject evpMdCtxRef, const jlong evpMdRef, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpDigestSignVerifyInit(env, EVP_DigestSignInit, "EVP_DigestSignInit", evpMdCtxRef, evpMdRef, pkeyRef); } static jlong NativeCrypto_EVP_DigestVerifyInit(JNIEnv* env, jclass, jobject evpMdCtxRef, const jlong evpMdRef, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpDigestSignVerifyInit(env, EVP_DigestVerifyInit, "EVP_DigestVerifyInit", evpMdCtxRef, evpMdRef, pkeyRef); } @@ -2662,11 +2736,13 @@ static void evpUpdate(JNIEnv* env, jobject evpMdCtxRef, jbyteArray inJavaBytes, static void NativeCrypto_EVP_DigestUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestUpdateDirect", EVP_DigestUpdate); } static void NativeCrypto_EVP_DigestUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestUpdate", EVP_DigestUpdate); } @@ -2674,12 +2750,14 @@ static void NativeCrypto_EVP_DigestUpdate(JNIEnv* env, jclass, jobject evpMdCtxR static void NativeCrypto_EVP_DigestSignUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestSignUpdate", EVP_DigestSignUpdate); } static void NativeCrypto_EVP_DigestSignUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestSignUpdateDirect", EVP_DigestSignUpdate); } @@ -2687,17 +2765,20 @@ static void NativeCrypto_EVP_DigestSignUpdateDirect(JNIEnv* env, jclass, jobject static void NativeCrypto_EVP_DigestVerifyUpdate(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray inJavaBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inJavaBytes, inOffset, inLength, "EVP_DigestVerifyUpdate", EVP_DigestVerifyUpdate); } static void NativeCrypto_EVP_DigestVerifyUpdateDirect(JNIEnv* env, jclass, jobject evpMdCtxRef, jlong inPtr, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; evpUpdate(env, evpMdCtxRef, inPtr, inLength, "EVP_DigestVerifyUpdateDirect", EVP_DigestVerifyUpdate); } static jbyteArray NativeCrypto_EVP_DigestSignFinal(JNIEnv* env, jclass, jobject evpMdCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* mdCtx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); JNI_TRACE("EVP_DigestSignFinal(%p)", mdCtx); @@ -2744,6 +2825,7 @@ static jbyteArray NativeCrypto_EVP_DigestSignFinal(JNIEnv* env, jclass, jobject static jboolean NativeCrypto_EVP_DigestVerifyFinal(JNIEnv* env, jclass, jobject evpMdCtxRef, jbyteArray signature, jint offset, jint len) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_MD_CTX* mdCtx = fromContextObject<EVP_MD_CTX>(env, evpMdCtxRef); JNI_TRACE("EVP_DigestVerifyFinal(%p)", mdCtx); @@ -2841,6 +2923,7 @@ static jint evpPkeyEncryptDecrypt(JNIEnv* env, static jint NativeCrypto_EVP_PKEY_encrypt(JNIEnv* env, jclass, jobject evpPkeyCtxRef, jbyteArray out, jint outOffset, jbyteArray inBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEncryptDecrypt(env, EVP_PKEY_encrypt, "EVP_PKEY_encrypt", evpPkeyCtxRef, out, outOffset, inBytes, inOffset, inLength); } @@ -2848,6 +2931,7 @@ static jint NativeCrypto_EVP_PKEY_encrypt(JNIEnv* env, jclass, jobject evpPkeyCt static jint NativeCrypto_EVP_PKEY_decrypt(JNIEnv* env, jclass, jobject evpPkeyCtxRef, jbyteArray out, jint outOffset, jbyteArray inBytes, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEncryptDecrypt(env, EVP_PKEY_decrypt, "EVP_PKEY_decrypt", evpPkeyCtxRef, out, outOffset, inBytes, inOffset, inLength); } @@ -2881,14 +2965,17 @@ static jlong evpPkeyEcryptDecryptInit(JNIEnv* env, jobject evpPkeyRef, } static jlong NativeCrypto_EVP_PKEY_encrypt_init(JNIEnv* env, jclass, jobject evpPkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEcryptDecryptInit(env, evpPkeyRef, EVP_PKEY_encrypt_init, "encrypt"); } static jlong NativeCrypto_EVP_PKEY_decrypt_init(JNIEnv* env, jclass, jobject evpPkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return evpPkeyEcryptDecryptInit(env, evpPkeyRef, EVP_PKEY_decrypt_init, "decrypt"); } -static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv*, jclass, jlong pkeyCtxRef) { +static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv* env, jclass, jlong pkeyCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(pkeyCtxRef); JNI_TRACE("EVP_PKEY_CTX_free(%p)", pkeyCtx); @@ -2898,6 +2985,7 @@ static void NativeCrypto_EVP_PKEY_CTX_free(JNIEnv*, jclass, jlong pkeyCtxRef) { } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_padding(JNIEnv* env, jclass, jlong ctx, jint pad) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(ctx); JNI_TRACE("EVP_PKEY_CTX_set_rsa_padding(%p, %d)", pkeyCtx, pad); if (pkeyCtx == nullptr) { @@ -2919,6 +3007,7 @@ static void NativeCrypto_EVP_PKEY_CTX_set_rsa_padding(JNIEnv* env, jclass, jlong static void NativeCrypto_EVP_PKEY_CTX_set_rsa_pss_saltlen(JNIEnv* env, jclass, jlong ctx, jint len) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(ctx); JNI_TRACE("EVP_PKEY_CTX_set_rsa_pss_saltlen(%p, %d)", pkeyCtx, len); if (pkeyCtx == nullptr) { @@ -2965,18 +3054,21 @@ static void evpPkeyCtxCtrlMdOp(JNIEnv* env, jlong pkeyCtxRef, jlong mdRef, const static void NativeCrypto_EVP_PKEY_CTX_set_rsa_mgf1_md(JNIEnv* env, jclass, jlong pkeyCtxRef, jlong mdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; evpPkeyCtxCtrlMdOp(env, pkeyCtxRef, mdRef, "EVP_PKEY_CTX_set_rsa_mgf1_md", EVP_PKEY_CTX_set_rsa_mgf1_md); } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_md(JNIEnv* env, jclass, jlong pkeyCtxRef, jlong mdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; evpPkeyCtxCtrlMdOp(env, pkeyCtxRef, mdRef, "EVP_PKEY_CTX_set_rsa_oaep_md", EVP_PKEY_CTX_set_rsa_oaep_md); } static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_label(JNIEnv* env, jclass, jlong pkeyCtxRef, jbyteArray labelJava) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_PKEY_CTX* pkeyCtx = reinterpret_cast<EVP_PKEY_CTX*>(pkeyCtxRef); JNI_TRACE("EVP_PKEY_CTX_set_rsa_oaep_label(%p, %p)", pkeyCtx, labelJava); if (pkeyCtx == nullptr) { @@ -3006,6 +3098,7 @@ static void NativeCrypto_EVP_PKEY_CTX_set_rsa_oaep_label(JNIEnv* env, jclass, jl } static jlong NativeCrypto_EVP_get_cipherbyname(JNIEnv* env, jclass, jstring algorithm) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_get_cipherbyname(%p)", algorithm); ScopedUtfChars scoped_alg(env, algorithm); @@ -3055,6 +3148,7 @@ static jlong NativeCrypto_EVP_get_cipherbyname(JNIEnv* env, jclass, jstring algo static void NativeCrypto_EVP_CipherInit_ex(JNIEnv* env, jclass, jobject ctxRef, jlong evpCipherRef, jbyteArray keyArray, jbyteArray ivArray, jboolean encrypting) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); const EVP_CIPHER* evpCipher = reinterpret_cast<const EVP_CIPHER*>(evpCipherRef); JNI_TRACE("EVP_CipherInit_ex(%p, %p, %p, %p, %d)", ctx, evpCipher, keyArray, ivArray, @@ -3107,6 +3201,7 @@ static void NativeCrypto_EVP_CipherInit_ex(JNIEnv* env, jclass, jobject ctxRef, static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, jbyteArray outArray, jint outOffset, jbyteArray inArray, jint inOffset, jint inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CipherUpdate(%p, %p, %d, %p, %d)", ctx, outArray, outOffset, inArray, inOffset); @@ -3158,6 +3253,7 @@ static jint NativeCrypto_EVP_CipherUpdate(JNIEnv* env, jclass, jobject ctxRef, j static jint NativeCrypto_EVP_CipherFinal_ex(JNIEnv* env, jclass, jobject ctxRef, jbyteArray outArray, jint outOffset) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CipherFinal_ex(%p, %p, %d)", ctx, outArray, outOffset); @@ -3190,6 +3286,7 @@ static jint NativeCrypto_EVP_CipherFinal_ex(JNIEnv* env, jclass, jobject ctxRef, } static jint NativeCrypto_EVP_CIPHER_iv_length(JNIEnv* env, jclass, jlong evpCipherRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_CIPHER* evpCipher = reinterpret_cast<const EVP_CIPHER*>(evpCipherRef); JNI_TRACE("EVP_CIPHER_iv_length(%p)", evpCipher); @@ -3205,6 +3302,7 @@ static jint NativeCrypto_EVP_CIPHER_iv_length(JNIEnv* env, jclass, jlong evpCiph } static jlong NativeCrypto_EVP_CIPHER_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_CIPHER_CTX_new()"); bssl::UniquePtr<EVP_CIPHER_CTX> ctx(EVP_CIPHER_CTX_new()); @@ -3219,6 +3317,7 @@ static jlong NativeCrypto_EVP_CIPHER_CTX_new(JNIEnv* env, jclass) { } static jint NativeCrypto_EVP_CIPHER_CTX_block_size(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CIPHER_CTX_block_size(%p)", ctx); @@ -3233,6 +3332,7 @@ static jint NativeCrypto_EVP_CIPHER_CTX_block_size(JNIEnv* env, jclass, jobject } static jint NativeCrypto_get_EVP_CIPHER_CTX_buf_len(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("get_EVP_CIPHER_CTX_buf_len(%p)", ctx); @@ -3247,6 +3347,7 @@ static jint NativeCrypto_get_EVP_CIPHER_CTX_buf_len(JNIEnv* env, jclass, jobject } static jboolean NativeCrypto_get_EVP_CIPHER_CTX_final_used(JNIEnv* env, jclass, jobject ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("get_EVP_CIPHER_CTX_final_used(%p)", ctx); @@ -3262,6 +3363,7 @@ static jboolean NativeCrypto_get_EVP_CIPHER_CTX_final_used(JNIEnv* env, jclass, static void NativeCrypto_EVP_CIPHER_CTX_set_padding(JNIEnv* env, jclass, jobject ctxRef, jboolean enablePaddingBool) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); jint enablePadding = enablePaddingBool ? 1 : 0; JNI_TRACE("EVP_CIPHER_CTX_set_padding(%p, %d)", ctx, enablePadding); @@ -3277,6 +3379,7 @@ static void NativeCrypto_EVP_CIPHER_CTX_set_padding(JNIEnv* env, jclass, jobject static void NativeCrypto_EVP_CIPHER_CTX_set_key_length(JNIEnv* env, jclass, jobject ctxRef, jint keySizeBits) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = fromContextObject<EVP_CIPHER_CTX>(env, ctxRef); JNI_TRACE("EVP_CIPHER_CTX_set_key_length(%p, %d)", ctx, keySizeBits); @@ -3294,32 +3397,37 @@ static void NativeCrypto_EVP_CIPHER_CTX_set_key_length(JNIEnv* env, jclass, jobj JNI_TRACE("EVP_CIPHER_CTX_set_key_length(%p, %d) => success", ctx, keySizeBits); } -static void NativeCrypto_EVP_CIPHER_CTX_free(JNIEnv*, jclass, jlong ctxRef) { +static void NativeCrypto_EVP_CIPHER_CTX_free(JNIEnv* env, jclass, jlong ctxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; EVP_CIPHER_CTX* ctx = reinterpret_cast<EVP_CIPHER_CTX*>(ctxRef); JNI_TRACE("EVP_CIPHER_CTX_free(%p)", ctx); EVP_CIPHER_CTX_free(ctx); } -static jlong NativeCrypto_EVP_aead_aes_128_gcm(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_aes_128_gcm(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_aes_128_gcm(); JNI_TRACE("EVP_aead_aes_128_gcm => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } -static jlong NativeCrypto_EVP_aead_aes_256_gcm(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_aes_256_gcm(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_aes_256_gcm(); JNI_TRACE("EVP_aead_aes_256_gcm => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } -static jlong NativeCrypto_EVP_aead_chacha20_poly1305(JNIEnv*, jclass) { +static jlong NativeCrypto_EVP_aead_chacha20_poly1305(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* ctx = EVP_aead_chacha20_poly1305(); JNI_TRACE("EVP_aead_chacha20_poly1305 => ctx=%p", ctx); return reinterpret_cast<jlong>(ctx); } static jint NativeCrypto_EVP_AEAD_max_overhead(JNIEnv* env, jclass, jlong evpAeadRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* evpAead = reinterpret_cast<const EVP_AEAD*>(evpAeadRef); JNI_TRACE("EVP_AEAD_max_overhead(%p)", evpAead); if (evpAead == nullptr) { @@ -3332,6 +3440,7 @@ static jint NativeCrypto_EVP_AEAD_max_overhead(JNIEnv* env, jclass, jlong evpAea } static jint NativeCrypto_EVP_AEAD_nonce_length(JNIEnv* env, jclass, jlong evpAeadRef) { + CHECK_ERROR_QUEUE_ON_RETURN; const EVP_AEAD* evpAead = reinterpret_cast<const EVP_AEAD*>(evpAeadRef); JNI_TRACE("EVP_AEAD_nonce_length(%p)", evpAead); if (evpAead == nullptr) { @@ -3442,6 +3551,7 @@ static jint NativeCrypto_EVP_AEAD_CTX_seal(JNIEnv* env, jclass, jlong evpAeadRef jint outOffset, jbyteArray nonceArray, jbyteArray inArray, jint inOffset, jint inLength, jbyteArray aadArray) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_aead_ctx_op(env, evpAeadRef, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray, EVP_AEAD_CTX_seal); } @@ -3451,11 +3561,13 @@ static jint NativeCrypto_EVP_AEAD_CTX_open(JNIEnv* env, jclass, jlong evpAeadRef jint outOffset, jbyteArray nonceArray, jbyteArray inArray, jint inOffset, jint inLength, jbyteArray aadArray) { + CHECK_ERROR_QUEUE_ON_RETURN; return evp_aead_ctx_op(env, evpAeadRef, keyArray, tagLen, outArray, outOffset, nonceArray, inArray, inOffset, inLength, aadArray, EVP_AEAD_CTX_open); } static jlong NativeCrypto_HMAC_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("HMAC_CTX_new"); auto hmacCtx = new HMAC_CTX; if (hmacCtx == nullptr) { @@ -3467,7 +3579,8 @@ static jlong NativeCrypto_HMAC_CTX_new(JNIEnv* env, jclass) { return reinterpret_cast<jlong>(hmacCtx); } -static void NativeCrypto_HMAC_CTX_free(JNIEnv*, jclass, jlong hmacCtxRef) { +static void NativeCrypto_HMAC_CTX_free(JNIEnv* env, jclass, jlong hmacCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = reinterpret_cast<HMAC_CTX*>(hmacCtxRef); JNI_TRACE("HMAC_CTX_free(%p)", hmacCtx); if (hmacCtx == nullptr) { @@ -3479,6 +3592,7 @@ static void NativeCrypto_HMAC_CTX_free(JNIEnv*, jclass, jlong hmacCtxRef) { static void NativeCrypto_HMAC_Init_ex(JNIEnv* env, jclass, jobject hmacCtxRef, jbyteArray keyArray, jobject evpMdRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); const EVP_MD* md = reinterpret_cast<const EVP_MD*>(evpMdRef); JNI_TRACE("HMAC_Init_ex(%p, %p, %p)", hmacCtx, keyArray, md); @@ -3500,6 +3614,7 @@ static void NativeCrypto_HMAC_Init_ex(JNIEnv* env, jclass, jobject hmacCtxRef, j static void NativeCrypto_HMAC_UpdateDirect(JNIEnv* env, jclass, jobject hmacCtxRef, jlong inPtr, int inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); const uint8_t* p = reinterpret_cast<const uint8_t*>(inPtr); JNI_TRACE("HMAC_UpdateDirect(%p, %p, %d)", hmacCtx, p, inLength); @@ -3522,6 +3637,7 @@ static void NativeCrypto_HMAC_UpdateDirect(JNIEnv* env, jclass, jobject hmacCtxR static void NativeCrypto_HMAC_Update(JNIEnv* env, jclass, jobject hmacCtxRef, jbyteArray inArray, jint inOffset, int inLength) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); JNI_TRACE("HMAC_Update(%p, %p, %d, %d)", hmacCtx, inArray, inOffset, inLength); @@ -3550,6 +3666,7 @@ static void NativeCrypto_HMAC_Update(JNIEnv* env, jclass, jobject hmacCtxRef, jb } static jbyteArray NativeCrypto_HMAC_Final(JNIEnv* env, jclass, jobject hmacCtxRef) { + CHECK_ERROR_QUEUE_ON_RETURN; HMAC_CTX* hmacCtx = fromContextObject<HMAC_CTX>(env, hmacCtxRef); JNI_TRACE("HMAC_Final(%p)", hmacCtx); @@ -3578,6 +3695,7 @@ static jbyteArray NativeCrypto_HMAC_Final(JNIEnv* env, jclass, jobject hmacCtxRe } static void NativeCrypto_RAND_bytes(JNIEnv* env, jclass, jbyteArray output) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_RAND_bytes(%p)", output); ScopedByteArrayRW outputBytes(env, output); @@ -3618,6 +3736,7 @@ static jstring ASN1_OBJECT_to_OID_string(JNIEnv* env, const ASN1_OBJECT* obj) { static jlong NativeCrypto_create_BIO_InputStream(JNIEnv* env, jclass, jobject streamObj, jboolean isFinite) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("create_BIO_InputStream(%p)", streamObj); if (streamObj == nullptr) { @@ -3637,6 +3756,7 @@ static jlong NativeCrypto_create_BIO_InputStream(JNIEnv* env, jclass, jobject st } static jlong NativeCrypto_create_BIO_OutputStream(JNIEnv* env, jclass, jobject streamObj) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("create_BIO_OutputStream(%p)", streamObj); if (streamObj == nullptr) { @@ -3656,6 +3776,7 @@ static jlong NativeCrypto_create_BIO_OutputStream(JNIEnv* env, jclass, jobject s } static void NativeCrypto_BIO_free_all(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_free_all(%p)", bio); @@ -3763,6 +3884,7 @@ static jobject GENERAL_NAME_to_jobject(JNIEnv* env, GENERAL_NAME* gen) { static jobjectArray NativeCrypto_get_X509_GENERAL_NAME_stack(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jint type) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_GENERAL_NAME_stack(%p, %d)", x509, type); @@ -3857,6 +3979,7 @@ static jobjectArray NativeCrypto_get_X509_GENERAL_NAME_stack(JNIEnv* env, jclass } static jlong NativeCrypto_X509_get_notBefore(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_notBefore(%p)", x509); @@ -3872,6 +3995,7 @@ static jlong NativeCrypto_X509_get_notBefore(JNIEnv* env, jclass, jlong x509Ref, } static jlong NativeCrypto_X509_get_notAfter(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_notAfter(%p)", x509); @@ -3887,7 +4011,8 @@ static jlong NativeCrypto_X509_get_notAfter(JNIEnv* env, jclass, jlong x509Ref, } // NOLINTNEXTLINE(runtime/int) -static long NativeCrypto_X509_get_version(JNIEnv*, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { +static long NativeCrypto_X509_get_version(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_version(%p)", x509); @@ -3933,6 +4058,7 @@ static ASN1_INTEGER* X509_REVOKED_get_serialNumber(X509_REVOKED* x) { #endif static jbyteArray NativeCrypto_X509_get_serialNumber(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_serialNumber(%p)", x509); return get_X509Type_serialNumber<X509>(env, x509, X509_get_serialNumber); @@ -3940,12 +4066,14 @@ static jbyteArray NativeCrypto_X509_get_serialNumber(JNIEnv* env, jclass, jlong static jbyteArray NativeCrypto_X509_REVOKED_get_serialNumber(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_serialNumber(%p)", revoked); return get_X509Type_serialNumber<X509_REVOKED>(env, revoked, X509_REVOKED_get_serialNumber); } static void NativeCrypto_X509_verify(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("X509_verify(%p, %p)", x509, pkey); @@ -3970,12 +4098,14 @@ static void NativeCrypto_X509_verify(JNIEnv* env, jclass, jlong x509Ref, CONSCRY } static jbyteArray NativeCrypto_get_X509_cert_info_enc(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_cert_info_enc(%p)", x509); return ASN1ToByteArray<X509_CINF>(env, x509->cert_info, i2d_X509_CINF); } static jint NativeCrypto_get_X509_ex_flags(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_flags(%p)", x509); @@ -3990,8 +4120,9 @@ static jint NativeCrypto_get_X509_ex_flags(JNIEnv* env, jclass, jlong x509Ref, C return static_cast<jint>(x509->ex_flags); } -static jboolean NativeCrypto_X509_check_issued(JNIEnv*, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, +static jboolean NativeCrypto_X509_check_issued(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, jlong x509Ref2, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509_1 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref1)); X509* x509_2 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref2)); JNI_TRACE("X509_check_issued(%p, %p)", x509_1, x509_2); @@ -4043,12 +4174,14 @@ static jbyteArray get_X509Type_signature(JNIEnv* env, T* x509Type, } static jbyteArray NativeCrypto_get_X509_signature(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_signature(%p)", x509); return get_X509Type_signature<X509>(env, x509, get_X509_signature); } static jbyteArray NativeCrypto_get_X509_CRL_signature(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_signature(%p)", crl); return get_X509Type_signature<X509_CRL>(env, crl, get_X509_CRL_signature); @@ -4056,6 +4189,7 @@ static jbyteArray NativeCrypto_get_X509_CRL_signature(JNIEnv* env, jclass, jlong static jlong NativeCrypto_X509_CRL_get0_by_cert(JNIEnv* env, jclass, jlong x509crlRef, CONSCRYPT_UNUSED jobject holder, jlong x509Ref, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* x509crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509crlRef)); X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_CRL_get0_by_cert(%p, %p)", x509crl, x509); @@ -4083,6 +4217,7 @@ static jlong NativeCrypto_X509_CRL_get0_by_cert(JNIEnv* env, jclass, jlong x509c static jlong NativeCrypto_X509_CRL_get0_by_serial(JNIEnv* env, jclass, jlong x509crlRef, CONSCRYPT_UNUSED jobject holder, jbyteArray serialArray) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* x509crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509crlRef)); JNI_TRACE("X509_CRL_get0_by_serial(%p, %p)", x509crl, serialArray); @@ -4125,6 +4260,7 @@ static jlong NativeCrypto_X509_CRL_get0_by_serial(JNIEnv* env, jclass, jlong x50 } static jlongArray NativeCrypto_X509_CRL_get_REVOKED(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_REVOKED(%p)", crl); @@ -4153,12 +4289,14 @@ static jlongArray NativeCrypto_X509_CRL_get_REVOKED(JNIEnv* env, jclass, jlong x } static jbyteArray NativeCrypto_i2d_X509_CRL(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("i2d_X509_CRL(%p)", crl); return ASN1ToByteArray<X509_CRL>(env, crl, i2d_X509_CRL); } static void NativeCrypto_X509_CRL_free(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_free(%p)", crl); @@ -4172,6 +4310,7 @@ static void NativeCrypto_X509_CRL_free(JNIEnv* env, jclass, jlong x509CrlRef, CO } static void NativeCrypto_X509_CRL_print(JNIEnv* env, jclass, jlong bioRef, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_print(%p, %p)", bio, crl); @@ -4197,6 +4336,7 @@ static void NativeCrypto_X509_CRL_print(JNIEnv* env, jclass, jlong bioRef, jlong } static jstring NativeCrypto_get_X509_CRL_sig_alg_oid(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_sig_alg_oid(%p)", crl); @@ -4212,6 +4352,7 @@ static jstring NativeCrypto_get_X509_CRL_sig_alg_oid(JNIEnv* env, jclass, jlong static jbyteArray NativeCrypto_get_X509_CRL_sig_alg_parameter(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_sig_alg_parameter(%p)", crl); @@ -4230,13 +4371,15 @@ static jbyteArray NativeCrypto_get_X509_CRL_sig_alg_parameter(JNIEnv* env, jclas } static jbyteArray NativeCrypto_X509_CRL_get_issuer_name(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_issuer_name(%p)", crl); return ASN1ToByteArray<X509_NAME>(env, X509_CRL_get_issuer(crl), i2d_X509_NAME); } // NOLINTNEXTLINE(runtime/int) -static long NativeCrypto_X509_CRL_get_version(JNIEnv*, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { +static long NativeCrypto_X509_CRL_get_version(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_version(%p)", crl); @@ -4294,6 +4437,7 @@ static jbyteArray X509Type_get_ext_oid(JNIEnv* env, T* x509Type, jstring oidStri } static jlong NativeCrypto_X509_CRL_get_ext(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_ext(%p, %p)", crl, oid); X509_EXTENSION* ext = @@ -4304,6 +4448,7 @@ static jlong NativeCrypto_X509_CRL_get_ext(JNIEnv* env, jclass, jlong x509CrlRef static jlong NativeCrypto_X509_REVOKED_get_ext(JNIEnv* env, jclass, jlong x509RevokedRef, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_ext(%p, %p)", revoked, oid); X509_EXTENSION* ext = @@ -4314,6 +4459,7 @@ static jlong NativeCrypto_X509_REVOKED_get_ext(JNIEnv* env, jclass, jlong x509Re } static jlong NativeCrypto_X509_REVOKED_dup(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_dup(%p)", revoked); @@ -4330,6 +4476,7 @@ static jlong NativeCrypto_X509_REVOKED_dup(JNIEnv* env, jclass, jlong x509Revoke static jlong NativeCrypto_get_X509_REVOKED_revocationDate(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("get_X509_REVOKED_revocationDate(%p)", revoked); @@ -4349,6 +4496,7 @@ static jlong NativeCrypto_get_X509_REVOKED_revocationDate(JNIEnv* env, jclass, #endif static void NativeCrypto_X509_REVOKED_print(JNIEnv* env, jclass, jlong bioRef, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_print(%p, %p)", bio, revoked); @@ -4377,6 +4525,7 @@ static void NativeCrypto_X509_REVOKED_print(JNIEnv* env, jclass, jlong bioRef, #endif static jbyteArray NativeCrypto_get_X509_CRL_crl_enc(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("get_X509_CRL_crl_enc(%p)", crl); return ASN1ToByteArray<X509_CRL_INFO>(env, crl->crl, i2d_X509_CRL_INFO); @@ -4384,6 +4533,7 @@ static jbyteArray NativeCrypto_get_X509_CRL_crl_enc(JNIEnv* env, jclass, jlong x static void NativeCrypto_X509_CRL_verify(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); EVP_PKEY* pkey = fromContextObject<EVP_PKEY>(env, pkeyRef); JNI_TRACE("X509_CRL_verify(%p, %p)", crl, pkey); @@ -4408,6 +4558,7 @@ static void NativeCrypto_X509_CRL_verify(JNIEnv* env, jclass, jlong x509CrlRef, } static jlong NativeCrypto_X509_CRL_get_lastUpdate(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_lastUpdate(%p)", crl); @@ -4423,6 +4574,7 @@ static jlong NativeCrypto_X509_CRL_get_lastUpdate(JNIEnv* env, jclass, jlong x50 } static jlong NativeCrypto_X509_CRL_get_nextUpdate(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_nextUpdate(%p)", crl); @@ -4438,6 +4590,7 @@ static jlong NativeCrypto_X509_CRL_get_nextUpdate(JNIEnv* env, jclass, jlong x50 } static jbyteArray NativeCrypto_i2d_X509_REVOKED(JNIEnv* env, jclass, jlong x509RevokedRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* x509Revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("i2d_X509_REVOKED(%p)", x509Revoked); @@ -4445,6 +4598,7 @@ static jbyteArray NativeCrypto_i2d_X509_REVOKED(JNIEnv* env, jclass, jlong x509R } static jint NativeCrypto_X509_supported_extension(JNIEnv* env, jclass, jlong x509ExtensionRef) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_EXTENSION* ext = reinterpret_cast<X509_EXTENSION*>(static_cast<uintptr_t>(x509ExtensionRef)); @@ -4466,6 +4620,7 @@ static inline void get_ASN1_TIME_data(char** data, int* output, size_t len) { static void NativeCrypto_ASN1_TIME_to_Calendar(JNIEnv* env, jclass, jlong asn1TimeRef, jobject calendar) { + CHECK_ERROR_QUEUE_ON_RETURN; ASN1_TIME* asn1Time = reinterpret_cast<ASN1_TIME*>(static_cast<uintptr_t>(asn1TimeRef)); JNI_TRACE("ASN1_TIME_to_Calendar(%p, %p)", asn1Time, calendar); @@ -4513,6 +4668,7 @@ struct CbsHandle { }; static jlong NativeCrypto_asn1_read_init(JNIEnv* env, jclass, jbyteArray data) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("asn1_read_init(%p)", data); ScopedByteArrayRO bytes(env, data); @@ -4532,6 +4688,7 @@ static jlong NativeCrypto_asn1_read_init(JNIEnv* env, jclass, jbyteArray data) { } static jlong NativeCrypto_asn1_read_sequence(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_sequence(%p)", cbs); @@ -4547,6 +4704,7 @@ static jlong NativeCrypto_asn1_read_sequence(JNIEnv* env, jclass, jlong cbsRef) static jboolean NativeCrypto_asn1_read_next_tag_is(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef, jint tag) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_next_tag_is(%p)", cbs); @@ -4557,6 +4715,7 @@ static jboolean NativeCrypto_asn1_read_next_tag_is(CONSCRYPT_UNUSED JNIEnv* env, } static jlong NativeCrypto_asn1_read_tagged(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_tagged(%p)", cbs); @@ -4571,6 +4730,7 @@ static jlong NativeCrypto_asn1_read_tagged(JNIEnv* env, jclass, jlong cbsRef) { } static jbyteArray NativeCrypto_asn1_read_octetstring(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_octetstring(%p)", cbs); @@ -4595,6 +4755,7 @@ static jbyteArray NativeCrypto_asn1_read_octetstring(JNIEnv* env, jclass, jlong } static jlong NativeCrypto_asn1_read_uint64(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_uint64(%p)", cbs); @@ -4608,6 +4769,7 @@ static jlong NativeCrypto_asn1_read_uint64(JNIEnv* env, jclass, jlong cbsRef) { } static void NativeCrypto_asn1_read_null(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_null(%p)", cbs); @@ -4618,6 +4780,7 @@ static void NativeCrypto_asn1_read_null(JNIEnv* env, jclass, jlong cbsRef) { } static jstring NativeCrypto_asn1_read_oid(JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_oid(%p)", cbs); @@ -4643,6 +4806,7 @@ static jstring NativeCrypto_asn1_read_oid(JNIEnv* env, jclass, jlong cbsRef) { static jboolean NativeCrypto_asn1_read_is_empty(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CbsHandle* cbs = reinterpret_cast<CbsHandle*>(static_cast<uintptr_t>(cbsRef)); JNI_TRACE("asn1_read_is_empty(%p)", cbs); @@ -4652,6 +4816,7 @@ static jboolean NativeCrypto_asn1_read_is_empty(CONSCRYPT_UNUSED JNIEnv* env, jc } static void NativeCrypto_asn1_read_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbsRef) { + CHECK_ERROR_QUEUE_ON_RETURN; if (cbsRef == 0) { JNI_TRACE("asn1_read_free(0)"); return; @@ -4662,6 +4827,7 @@ static void NativeCrypto_asn1_read_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jl } static jlong NativeCrypto_asn1_write_init(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("asn1_write_init"); std::unique_ptr<CBB> cbb(new CBB()); if (!CBB_init(cbb.get(), 128)) { @@ -4673,6 +4839,7 @@ static jlong NativeCrypto_asn1_write_init(JNIEnv* env, jclass) { } static jlong NativeCrypto_asn1_write_sequence(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_sequence(%p)", cbb); @@ -4686,6 +4853,7 @@ static jlong NativeCrypto_asn1_write_sequence(JNIEnv* env, jclass, jlong cbbRef) } static jlong NativeCrypto_asn1_write_tag(JNIEnv* env, jclass, jlong cbbRef, jint tag) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_tag(%p)", cbb); @@ -4701,6 +4869,7 @@ static jlong NativeCrypto_asn1_write_tag(JNIEnv* env, jclass, jlong cbbRef, jint static void NativeCrypto_asn1_write_octetstring(JNIEnv* env, jclass, jlong cbbRef, jbyteArray data) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_octetstring(%p, %p)", cbb, data); @@ -4727,6 +4896,7 @@ static void NativeCrypto_asn1_write_octetstring(JNIEnv* env, jclass, jlong cbbRe } static void NativeCrypto_asn1_write_uint64(JNIEnv* env, jclass, jlong cbbRef, jlong data) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_uint64(%p)", cbb); @@ -4737,6 +4907,7 @@ static void NativeCrypto_asn1_write_uint64(JNIEnv* env, jclass, jlong cbbRef, jl } static void NativeCrypto_asn1_write_null(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_null(%p)", cbb); @@ -4752,6 +4923,7 @@ static void NativeCrypto_asn1_write_null(JNIEnv* env, jclass, jlong cbbRef) { } static void NativeCrypto_asn1_write_oid(JNIEnv* env, jclass, jlong cbbRef, jstring oid) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_oid(%p)", cbb); @@ -4773,6 +4945,7 @@ static void NativeCrypto_asn1_write_oid(JNIEnv* env, jclass, jlong cbbRef, jstri } static void NativeCrypto_asn1_write_flush(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_flush(%p)", cbb); @@ -4783,6 +4956,7 @@ static void NativeCrypto_asn1_write_flush(JNIEnv* env, jclass, jlong cbbRef) { } static jbyteArray NativeCrypto_asn1_write_finish(JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_finish(%p)", cbb); @@ -4808,6 +4982,7 @@ static jbyteArray NativeCrypto_asn1_write_finish(JNIEnv* env, jclass, jlong cbbR } static void NativeCrypto_asn1_write_cleanup(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; CBB* cbb = reinterpret_cast<CBB*>(static_cast<uintptr_t>(cbbRef)); JNI_TRACE("asn1_write_cleanup(%p)", cbb); @@ -4815,6 +4990,7 @@ static void NativeCrypto_asn1_write_cleanup(CONSCRYPT_UNUSED JNIEnv* env, jclass } static void NativeCrypto_asn1_write_free(CONSCRYPT_UNUSED JNIEnv* env, jclass, jlong cbbRef) { + CHECK_ERROR_QUEUE_ON_RETURN; if (cbbRef == 0) { JNI_TRACE("asn1_write_free(0)"); return; @@ -4844,14 +5020,17 @@ static jlong d2i_ASN1Object_to_jlong(JNIEnv* env, jlong bioRef) { } static jlong NativeCrypto_d2i_X509_CRL_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return d2i_ASN1Object_to_jlong<X509_CRL, d2i_X509_CRL_bio>(env, bioRef); } static jlong NativeCrypto_d2i_X509_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; return d2i_ASN1Object_to_jlong<X509, d2i_X509_bio>(env, bioRef); } static jlong NativeCrypto_d2i_X509(JNIEnv* env, jclass, jbyteArray certBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedByteArrayRO bytes(env, certBytes); if (bytes.get() == nullptr) { JNI_TRACE("NativeCrypto_d2i_X509(%p) => using byte array failed", certBytes); @@ -4870,12 +5049,14 @@ static jlong NativeCrypto_d2i_X509(JNIEnv* env, jclass, jbyteArray certBytes) { } static jbyteArray NativeCrypto_i2d_X509(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("i2d_X509(%p)", x509); return ASN1ToByteArray<X509>(env, x509, i2d_X509); } static jbyteArray NativeCrypto_i2d_X509_PUBKEY(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("i2d_X509_PUBKEY(%p)", x509); return ASN1ToByteArray<X509_PUBKEY>(env, X509_get_X509_PUBKEY(x509), i2d_X509_PUBKEY); @@ -4908,24 +5089,28 @@ static jlong PEM_to_jlong(JNIEnv* env, jlong bioRef) { } static jlong NativeCrypto_PEM_read_bio_X509(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_X509(0x%llx)", (long long)bioRef); return PEM_to_jlong<X509, PEM_read_bio_X509>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_X509_CRL(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_X509_CRL(0x%llx)", (long long)bioRef); return PEM_to_jlong<X509_CRL, PEM_read_bio_X509_CRL>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_PUBKEY(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_PUBKEY(0x%llx)", (long long)bioRef); return PEM_to_jlong<EVP_PKEY, PEM_read_bio_PUBKEY>(env, bioRef); } static jlong NativeCrypto_PEM_read_bio_PrivateKey(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("PEM_read_bio_PrivateKey(0x%llx)", (long long)bioRef); return PEM_to_jlong<EVP_PKEY, PEM_read_bio_PrivateKey>(env, bioRef); @@ -4954,6 +5139,7 @@ static jlongArray PKCS7_to_ItemArray(JNIEnv* env, T_stack* stack, T* (*dup_func) #define PKCS7_CRLS 2 static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsArray) { + CHECK_ERROR_QUEUE_ON_RETURN; STACK_OF(X509)* stack = sk_X509_new_null(); ScopedLongArrayRO certs(env, certsArray); @@ -4980,6 +5166,7 @@ static jbyteArray NativeCrypto_i2d_PKCS7(JNIEnv* env, jclass, jlongArray certsAr } static jlongArray NativeCrypto_PEM_read_bio_PKCS7(JNIEnv* env, jclass, jlong bioRef, jint which) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("PEM_read_bio_PKCS7_CRLs(%p)", bio); @@ -5010,6 +5197,7 @@ static jlongArray NativeCrypto_PEM_read_bio_PKCS7(JNIEnv* env, jclass, jlong bio } static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, jint which) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("d2i_PKCS7_bio(%p, %d)", bio, which); @@ -5069,6 +5257,7 @@ static jlongArray NativeCrypto_d2i_PKCS7_bio(JNIEnv* env, jclass, jlong bioRef, } static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlong bioRef) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("ASN1_seq_unpack_X509_bio(%p)", bio); @@ -5095,6 +5284,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo CBS_init(&cbs, data, len); if (!CBS_get_asn1(&cbs, &sequence, CBS_ASN1_SEQUENCE)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } @@ -5102,6 +5292,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo CBS child; if (!CBS_get_asn1_element(&sequence, &child, CBS_ASN1_SEQUENCE)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } @@ -5110,6 +5301,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo bssl::UniquePtr<X509> cert(d2i_X509(nullptr, &tmp, static_cast<long>(CBS_len(&child)))); if (!cert || tmp != CBS_data(&child) + CBS_len(&child)) { conscrypt::jniutil::throwParsingException(env, "Error reading X.509 data"); + ERR_clear_error(); return nullptr; } @@ -5134,6 +5326,7 @@ static jlongArray NativeCrypto_ASN1_seq_unpack_X509_bio(JNIEnv* env, jclass, jlo } static jbyteArray NativeCrypto_ASN1_seq_pack_X509(JNIEnv* env, jclass, jlongArray certs) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("ASN1_seq_pack_X509(%p)", certs); ScopedLongArrayRO certsArray(env, certs); if (certsArray.get() == nullptr) { @@ -5166,6 +5359,7 @@ static jbyteArray NativeCrypto_ASN1_seq_pack_X509(JNIEnv* env, jclass, jlongArra } static void NativeCrypto_X509_free(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_free(%p)", x509); @@ -5179,6 +5373,7 @@ static void NativeCrypto_X509_free(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT } static jlong NativeCrypto_X509_dup(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_dup(%p)", x509); @@ -5193,6 +5388,7 @@ static jlong NativeCrypto_X509_dup(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT static jint NativeCrypto_X509_cmp(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT_UNUSED jobject holder, jlong x509Ref2, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509_1 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref1)); X509* x509_2 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref2)); JNI_TRACE("X509_cmp(%p, %p)", x509_1, x509_2); @@ -5215,6 +5411,7 @@ static jint NativeCrypto_X509_cmp(JNIEnv* env, jclass, jlong x509Ref1, CONSCRYPT } static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_delete_ext(%p, %p)", x509, oidString); @@ -5233,9 +5430,9 @@ static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CON bssl::UniquePtr<ASN1_OBJECT> obj(OBJ_txt2obj(oid.c_str(), 1 /* allow numerical form only */)); if (obj.get() == nullptr) { JNI_TRACE("X509_delete_ext(%p, %s) => oid conversion failed", x509, oid.c_str()); - ERR_clear_error(); conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", "Invalid OID."); + ERR_clear_error(); return; } @@ -5256,6 +5453,7 @@ static void NativeCrypto_X509_delete_ext(JNIEnv* env, jclass, jlong x509Ref, CON static void NativeCrypto_X509_print_ex(JNIEnv* env, jclass, jlong bioRef, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jlong nmflagJava, jlong certflagJava) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); // NOLINTNEXTLINE(runtime/int) @@ -5285,6 +5483,7 @@ static void NativeCrypto_X509_print_ex(JNIEnv* env, jclass, jlong bioRef, jlong } static jlong NativeCrypto_X509_get_pubkey(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_pubkey(%p)", x509); @@ -5317,18 +5516,21 @@ static jlong NativeCrypto_X509_get_pubkey(JNIEnv* env, jclass, jlong x509Ref, CO } static jbyteArray NativeCrypto_X509_get_issuer_name(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_issuer_name(%p)", x509); return ASN1ToByteArray<X509_NAME>(env, X509_get_issuer_name(x509), i2d_X509_NAME); } static jbyteArray NativeCrypto_X509_get_subject_name(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_subject_name(%p)", x509); return ASN1ToByteArray<X509_NAME>(env, X509_get_subject_name(x509), i2d_X509_NAME); } static jstring NativeCrypto_get_X509_pubkey_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_pubkey_oid(%p)", x509); @@ -5343,6 +5545,7 @@ static jstring NativeCrypto_get_X509_pubkey_oid(JNIEnv* env, jclass, jlong x509R } static jstring NativeCrypto_get_X509_sig_alg_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_sig_alg_oid(%p)", x509); @@ -5357,6 +5560,7 @@ static jstring NativeCrypto_get_X509_sig_alg_oid(JNIEnv* env, jclass, jlong x509 } static jbyteArray NativeCrypto_get_X509_sig_alg_parameter(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_sig_alg_parameter(%p)", x509); @@ -5375,6 +5579,7 @@ static jbyteArray NativeCrypto_get_X509_sig_alg_parameter(JNIEnv* env, jclass, j } static jbooleanArray NativeCrypto_get_X509_issuerUID(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_issuerUID(%p)", x509); @@ -5393,6 +5598,7 @@ static jbooleanArray NativeCrypto_get_X509_issuerUID(JNIEnv* env, jclass, jlong } static jbooleanArray NativeCrypto_get_X509_subjectUID(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_subjectUID(%p)", x509); @@ -5411,6 +5617,7 @@ static jbooleanArray NativeCrypto_get_X509_subjectUID(JNIEnv* env, jclass, jlong } static jbooleanArray NativeCrypto_get_X509_ex_kusage(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_kusage(%p)", x509); @@ -5431,6 +5638,7 @@ static jbooleanArray NativeCrypto_get_X509_ex_kusage(JNIEnv* env, jclass, jlong } static jobjectArray NativeCrypto_get_X509_ex_xkusage(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_xkusage(%p)", x509); @@ -5466,6 +5674,7 @@ static jobjectArray NativeCrypto_get_X509_ex_xkusage(JNIEnv* env, jclass, jlong } static jint NativeCrypto_get_X509_ex_pathlen(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("get_X509_ex_pathlen(%p)", x509); @@ -5484,6 +5693,7 @@ static jint NativeCrypto_get_X509_ex_pathlen(JNIEnv* env, jclass, jlong x509Ref, static jbyteArray NativeCrypto_X509_get_ext_oid(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509* x509 = reinterpret_cast<X509*>(static_cast<uintptr_t>(x509Ref)); JNI_TRACE("X509_get_ext_oid(%p, %p)", x509, oidString); return X509Type_get_ext_oid<X509, X509_get_ext_by_OBJ, X509_get_ext>(env, x509, oidString); @@ -5491,6 +5701,7 @@ static jbyteArray NativeCrypto_X509_get_ext_oid(JNIEnv* env, jclass, jlong x509R static jbyteArray NativeCrypto_X509_CRL_get_ext_oid(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_CRL* crl = reinterpret_cast<X509_CRL*>(static_cast<uintptr_t>(x509CrlRef)); JNI_TRACE("X509_CRL_get_ext_oid(%p, %p)", crl, oidString); return X509Type_get_ext_oid<X509_CRL, X509_CRL_get_ext_by_OBJ, X509_CRL_get_ext>(env, crl, @@ -5499,6 +5710,7 @@ static jbyteArray NativeCrypto_X509_CRL_get_ext_oid(JNIEnv* env, jclass, jlong x static jbyteArray NativeCrypto_X509_REVOKED_get_ext_oid(JNIEnv* env, jclass, jlong x509RevokedRef, jstring oidString) { + CHECK_ERROR_QUEUE_ON_RETURN; X509_REVOKED* revoked = reinterpret_cast<X509_REVOKED*>(static_cast<uintptr_t>(x509RevokedRef)); JNI_TRACE("X509_REVOKED_get_ext_oid(%p, %p)", revoked, oidString); return X509Type_get_ext_oid<X509_REVOKED, X509_REVOKED_get_ext_by_OBJ, X509_REVOKED_get_ext>( @@ -5557,6 +5769,7 @@ static jobjectArray get_X509Type_ext_oids(JNIEnv* env, jlong x509Ref, jint criti static jobjectArray NativeCrypto_get_X509_ext_oids(JNIEnv* env, jclass, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_ext_oids(0x%llx, %d)", (long long)x509Ref, critical); return get_X509Type_ext_oids<X509, decltype(X509::cert_info), &X509::cert_info, @@ -5565,6 +5778,7 @@ static jobjectArray NativeCrypto_get_X509_ext_oids(JNIEnv* env, jclass, jlong x5 static jobjectArray NativeCrypto_get_X509_CRL_ext_oids(JNIEnv* env, jclass, jlong x509CrlRef, CONSCRYPT_UNUSED jobject holder, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_CRL_ext_oids(0x%llx, %d)", (long long)x509CrlRef, critical); return get_X509Type_ext_oids<X509_CRL, decltype(X509_CRL::crl), &X509_CRL::crl, @@ -5573,6 +5787,7 @@ static jobjectArray NativeCrypto_get_X509_CRL_ext_oids(JNIEnv* env, jclass, jlon static jobjectArray NativeCrypto_get_X509_REVOKED_ext_oids(JNIEnv* env, jclass, jlong x509RevokedRef, jint critical) { + CHECK_ERROR_QUEUE_ON_RETURN; // NOLINTNEXTLINE(runtime/int) JNI_TRACE("get_X509_CRL_ext_oids(0x%llx, %d)", (long long)x509RevokedRef, critical); return get_X509Type_ext_oids<X509_REVOKED, decltype(X509_REVOKED::extensions), nullptr, @@ -6180,7 +6395,8 @@ static SSL_SESSION* server_session_requested_callback(SSL* ssl, const uint8_t* i return ssl_session_ptr; } -static jint NativeCrypto_EVP_has_aes_hardware(JNIEnv*, jclass) { +static jint NativeCrypto_EVP_has_aes_hardware(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; int ret = 0; ret = EVP_has_aes_hardware(); JNI_TRACE("EVP_has_aes_hardware => %d", ret); @@ -6244,6 +6460,7 @@ static const uint16_t kDefaultSignatureAlgorithms[] = { * public static native int SSL_CTX_new(); */ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { + CHECK_ERROR_QUEUE_ON_RETURN; bssl::UniquePtr<SSL_CTX> sslCtx(SSL_CTX_new(TLS_with_buffers_method())); if (sslCtx.get() == nullptr) { conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "SSL_CTX_new"); @@ -6317,6 +6534,7 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { * public static native void SSL_CTX_free(long ssl_ctx) */ static void NativeCrypto_SSL_CTX_free(JNIEnv* env, jclass, jlong ssl_ctx_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_free", ssl_ctx); if (ssl_ctx == nullptr) { @@ -6327,6 +6545,7 @@ static void NativeCrypto_SSL_CTX_free(JNIEnv* env, jclass, jlong ssl_ctx_address static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlong ssl_ctx_address, jbyteArray sid_ctx) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_set_session_id_context sid_ctx=%p", ssl_ctx, sid_ctx); @@ -6360,6 +6579,7 @@ static void NativeCrypto_SSL_CTX_set_session_id_context(JNIEnv* env, jclass, jlo static jlong NativeCrypto_SSL_CTX_set_timeout(JNIEnv* env, jclass, jlong ssl_ctx_address, jlong seconds) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_CTX_set_timeout seconds=%d", ssl_ctx, (int)seconds); if (ssl_ctx == nullptr) { @@ -6373,6 +6593,7 @@ static jlong NativeCrypto_SSL_CTX_set_timeout(JNIEnv* env, jclass, jlong ssl_ctx * public static native int SSL_new(long ssl_ctx) throws SSLException; */ static jlong NativeCrypto_SSL_new(JNIEnv* env, jclass, jlong ssl_ctx_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); JNI_TRACE("ssl_ctx=%p NativeCrypto_SSL_new", ssl_ctx); if (ssl_ctx == nullptr) { @@ -6405,8 +6626,9 @@ static jlong NativeCrypto_SSL_new(JNIEnv* env, jclass, jlong ssl_ctx_address) { } static void NativeCrypto_SSL_enable_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_enable_tls_channel_id", ssl); + JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_tls_channel_id", ssl); if (ssl == nullptr) { return; } @@ -6423,8 +6645,9 @@ static void NativeCrypto_SSL_enable_tls_channel_id(JNIEnv* env, jclass, jlong ss } static jbyteArray NativeCrypto_SSL_get_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_get_tls_channel_id", ssl); + JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_channel_id", ssl); if (ssl == nullptr) { return nullptr; } @@ -6455,12 +6678,13 @@ static jbyteArray NativeCrypto_SSL_get_tls_channel_id(JNIEnv* env, jclass, jlong return nullptr; } - JNI_TRACE("ssl=%p NativeCrypto_NativeCrypto_SSL_get_tls_channel_id() => %p", ssl, javaBytes); + JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_channel_id() => %p", ssl, javaBytes); return javaBytes; } static void NativeCrypto_SSL_set1_tls_channel_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p SSL_set1_tls_channel_id privatekey=%p", ssl, pkeyRef); if (ssl == nullptr) { @@ -6490,6 +6714,7 @@ static void NativeCrypto_SSL_set1_tls_channel_id(JNIEnv* env, jclass, jlong ssl_ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray encodedCertificatesJava, jobject pkeyRef) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_chain_and_key certificates=%p, privateKey=%p", ssl, encodedCertificatesJava, pkeyRef); @@ -6547,6 +6772,7 @@ static void NativeCrypto_setLocalCertsAndPrivateKey(JNIEnv* env, jclass, jlong s static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray principals) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_client_CA_list principals=%p", ssl, principals); if (ssl == nullptr) { @@ -6596,6 +6822,7 @@ static void NativeCrypto_SSL_set_client_CA_list(JNIEnv* env, jclass, jlong ssl_a * public static native long SSL_set_mode(long ssl, long mode); */ static jlong NativeCrypto_SSL_set_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_set_mode mode=0x%llx", ssl, (long long)mode); @@ -6612,6 +6839,7 @@ static jlong NativeCrypto_SSL_set_mode(JNIEnv* env, jclass, jlong ssl_address, C * public static native long SSL_set_options(long ssl, long options); */ static jlong NativeCrypto_SSL_set_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong options) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_set_options options=0x%llx", ssl, (long long)options); @@ -6628,6 +6856,7 @@ static jlong NativeCrypto_SSL_set_options(JNIEnv* env, jclass, jlong ssl_address * public static native long SSL_clear_options(long ssl, long options); */ static jlong NativeCrypto_SSL_clear_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong options) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_options options=0x%llx", ssl, (long long)options); @@ -6644,6 +6873,7 @@ static jlong NativeCrypto_SSL_clear_options(JNIEnv* env, jclass, jlong ssl_addre * public static native void SSL_enable_signed_cert_timestamps(long ssl); */ static void NativeCrypto_SSL_enable_signed_cert_timestamps(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_signed_cert_timestamps", ssl); if (ssl == nullptr) { @@ -6658,6 +6888,7 @@ static void NativeCrypto_SSL_enable_signed_cert_timestamps(JNIEnv* env, jclass, */ static jbyteArray NativeCrypto_SSL_get_signed_cert_timestamp_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_signed_cert_timestamp_list", ssl); if (ssl == nullptr) { @@ -6685,6 +6916,7 @@ static jbyteArray NativeCrypto_SSL_get_signed_cert_timestamp_list(JNIEnv* env, j */ static void NativeCrypto_SSL_set_signed_cert_timestamp_list(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jbyteArray list) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_signed_cert_timestamp_list", ssl); if (ssl == nullptr) { @@ -6709,6 +6941,7 @@ static void NativeCrypto_SSL_set_signed_cert_timestamp_list(JNIEnv* env, jclass, * public static native void SSL_enable_ocsp_stapling(long ssl); */ static void NativeCrypto_SSL_enable_ocsp_stapling(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_enable_ocsp_stapling", ssl); if (ssl == nullptr) { @@ -6722,6 +6955,7 @@ static void NativeCrypto_SSL_enable_ocsp_stapling(JNIEnv* env, jclass, jlong ssl * public static native byte[] SSL_get_ocsp_response(long ssl); */ static jbyteArray NativeCrypto_SSL_get_ocsp_response(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_ocsp_response", ssl); if (ssl == nullptr) { @@ -6755,6 +6989,7 @@ static jbyteArray NativeCrypto_SSL_get_ocsp_response(JNIEnv* env, jclass, jlong */ static void NativeCrypto_SSL_set_ocsp_response(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jbyteArray response) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_ocsp_response", ssl); if (ssl == nullptr) { @@ -6782,6 +7017,7 @@ static void NativeCrypto_SSL_set_ocsp_response(JNIEnv* env, jclass, jlong ssl_ad const size_t MAX_TLS_UNIQUE_LENGTH = 16; static jbyteArray NativeCrypto_SSL_get_tls_unique(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_tls_unique", ssl); if (ssl == nullptr) { @@ -6812,6 +7048,7 @@ static jbyteArray NativeCrypto_SSL_get_tls_unique(JNIEnv* env, jclass, jlong ssl static void NativeCrypto_SSL_use_psk_identity_hint(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jstring identityHintJava) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_use_psk_identity_hint identityHint=%p", ssl, identityHintJava); @@ -6840,6 +7077,7 @@ static void NativeCrypto_SSL_use_psk_identity_hint(JNIEnv* env, jclass, jlong ss static void NativeCrypto_set_SSL_psk_client_callback_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_set_SSL_psk_client_callback_enabled(%d)", ssl, enabled); if (ssl == nullptr) { @@ -6851,6 +7089,7 @@ static void NativeCrypto_set_SSL_psk_client_callback_enabled(JNIEnv* env, jclass static void NativeCrypto_set_SSL_psk_server_callback_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_set_SSL_psk_server_callback_enabled(%d)", ssl, enabled); if (ssl == nullptr) { @@ -6861,6 +7100,7 @@ static void NativeCrypto_set_SSL_psk_server_callback_enabled(JNIEnv* env, jclass } static jlongArray NativeCrypto_SSL_get_ciphers(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_ciphers", ssl); if (ssl == nullptr) { @@ -6884,6 +7124,7 @@ static jlongArray NativeCrypto_SSL_get_ciphers(JNIEnv* env, jclass, jlong ssl_ad */ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobjectArray cipherSuites) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=%p", ssl, cipherSuites); if (ssl == nullptr) { @@ -6911,6 +7152,7 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add JNI_TRACE("ssl=%p NativeCrypto_SSL_set_cipher_lists cipherSuites=empty => error", ssl); conscrypt::jniutil::throwRuntimeException( env, "SSL_set_cipher_list did not update ciphers!"); + ERR_clear_error(); } return; } @@ -6983,6 +7225,7 @@ static void NativeCrypto_SSL_set_cipher_lists(JNIEnv* env, jclass, jlong ssl_add } static void NativeCrypto_SSL_set_accept_state(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_accept_state", ssl); if (ssl == nullptr) { @@ -6992,6 +7235,7 @@ static void NativeCrypto_SSL_set_accept_state(JNIEnv* env, jclass, jlong ssl_add } static void NativeCrypto_SSL_set_connect_state(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_connect_state", ssl); if (ssl == nullptr) { @@ -7004,6 +7248,7 @@ static void NativeCrypto_SSL_set_connect_state(JNIEnv* env, jclass, jlong ssl_ad * Sets certificate expectations, especially for server to request client auth */ static void NativeCrypto_SSL_set_verify(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jint mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_verify mode=%x", ssl, mode); if (ssl == nullptr) { @@ -7017,6 +7262,7 @@ static void NativeCrypto_SSL_set_verify(JNIEnv* env, jclass, jlong ssl_address, */ static void NativeCrypto_SSL_set_session(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session => exception", ssl); @@ -7050,6 +7296,7 @@ static void NativeCrypto_SSL_set_session(JNIEnv* env, jclass, jlong ssl_address, */ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean creation_enabled) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_session_creation_enabled creation_enabled=%d", ssl, creation_enabled); @@ -7065,6 +7312,7 @@ static void NativeCrypto_SSL_set_session_creation_enabled(JNIEnv* env, jclass, j } static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_session_reused", ssl); if (ssl == nullptr) { @@ -7077,6 +7325,7 @@ static jboolean NativeCrypto_SSL_session_reused(JNIEnv* env, jclass, jlong ssl_a } static void NativeCrypto_SSL_accept_renegotiations(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_accept_renegotiations", ssl); if (ssl == nullptr) { @@ -7088,6 +7337,7 @@ static void NativeCrypto_SSL_accept_renegotiations(JNIEnv* env, jclass, jlong ss static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jstring hostname) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_tlsext_host_name hostname=%p", ssl, hostname); if (ssl == nullptr) { @@ -7112,6 +7362,7 @@ static void NativeCrypto_SSL_set_tlsext_host_name(JNIEnv* env, jclass, jlong ssl } static jstring NativeCrypto_SSL_get_servername(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_servername", ssl); if (ssl == nullptr) { @@ -7226,6 +7477,7 @@ static int alpn_select_callback(SSL* ssl, const unsigned char** out, unsigned ch static jbyteArray NativeCrypto_getApplicationProtocol(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_getApplicationProtocol", ssl); if (ssl == nullptr) { @@ -7247,6 +7499,7 @@ static jbyteArray NativeCrypto_getApplicationProtocol(JNIEnv* env, jclass, static void NativeCrypto_setApplicationProtocols(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jboolean client_mode, jbyteArray protocols) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return; @@ -7292,6 +7545,7 @@ static void NativeCrypto_setApplicationProtocols(JNIEnv* env, jclass, jlong ssl_ static void NativeCrypto_setApplicationProtocolSelector(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject selector) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_setApplicationProtocolSelector selector=%p", ssl, selector); if (ssl == nullptr) { @@ -7315,6 +7569,7 @@ static void NativeCrypto_setApplicationProtocolSelector(JNIEnv* env, jclass, jlo */ static void NativeCrypto_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jint timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_do_handshake fd=%p shc=%p timeout_millis=%d", ssl, fdObject, shc, timeout_millis); @@ -7474,6 +7729,7 @@ static void NativeCrypto_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address } static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_current_cipher", ssl); if (ssl == nullptr) { @@ -7490,6 +7746,7 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss } static jstring NativeCrypto_SSL_get_version(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_version", ssl); if (ssl == nullptr) { @@ -7502,6 +7759,7 @@ static jstring NativeCrypto_SSL_get_version(JNIEnv* env, jclass, jlong ssl_addre static jobjectArray NativeCrypto_SSL_get0_peer_certificates(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get0_peer_certificates", ssl); if (ssl == nullptr) { @@ -7657,6 +7915,7 @@ static int sslRead(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, char* b static jint NativeCrypto_SSL_read(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jbyteArray b, jint offset, jint len, jint read_timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE( "ssl=%p NativeCrypto_SSL_read fd=%p shc=%p b=%p offset=%d len=%d " @@ -7932,6 +8191,7 @@ static int sslWrite(JNIEnv* env, SSL* ssl, jobject fdObject, jobject shc, const static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc, jbyteArray b, jint offset, jint len, jint write_timeout_millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE( "ssl=%p NativeCrypto_SSL_write fd=%p shc=%p b=%p offset=%d len=%d " @@ -8025,6 +8285,7 @@ static void NativeCrypto_SSL_write(JNIEnv* env, jclass, jlong ssl_address, CONSC * Interrupt any pending I/O before closing the socket. */ static void NativeCrypto_SSL_interrupt(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); JNI_TRACE("ssl=%p NativeCrypto_SSL_interrupt", ssl); if (ssl == nullptr) { @@ -8050,6 +8311,7 @@ static void NativeCrypto_SSL_interrupt(JNIEnv* env, jclass, jlong ssl_address, C */ static void NativeCrypto_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject fdObject, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); JNI_TRACE("ssl=%p NativeCrypto_SSL_shutdown fd=%p shc=%p", ssl, fdObject, shc); if (ssl == nullptr) { @@ -8124,6 +8386,7 @@ static void NativeCrypto_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CO } static jint NativeCrypto_SSL_get_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; const SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_shutdown", ssl); if (ssl == nullptr) { @@ -8139,6 +8402,7 @@ static jint NativeCrypto_SSL_get_shutdown(JNIEnv* env, jclass, jlong ssl_address * public static native void SSL_free(long ssl); */ static void NativeCrypto_SSL_free(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_free", ssl); if (ssl == nullptr) { @@ -8156,6 +8420,7 @@ static void NativeCrypto_SSL_free(JNIEnv* env, jclass, jlong ssl_address, CONSCR */ static jbyteArray NativeCrypto_SSL_SESSION_session_id(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_session_id", ssl_session); if (ssl_session == nullptr) { @@ -8178,6 +8443,7 @@ static jbyteArray NativeCrypto_SSL_SESSION_session_id(JNIEnv* env, jclass, * actual SSL session. */ static jlong NativeCrypto_SSL_SESSION_get_time(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_time", ssl_session); if (ssl_session == nullptr) { @@ -8197,6 +8463,7 @@ static jlong NativeCrypto_SSL_SESSION_get_time(JNIEnv* env, jclass, jlong ssl_se * actual SSL session. */ static jlong NativeCrypto_SSL_get_time(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_time", ssl); if (ssl == nullptr) { @@ -8221,6 +8488,7 @@ static jlong NativeCrypto_SSL_get_time(JNIEnv* env, jclass, jlong ssl_address, C * Sets the timeout on the SSL session. */ static jlong NativeCrypto_SSL_set_timeout(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong millis) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set_timeout", ssl); if (ssl == nullptr) { @@ -8245,6 +8513,7 @@ static jlong NativeCrypto_SSL_set_timeout(JNIEnv* env, jclass, jlong ssl_address * Gets the timeout for the SSL session. */ static jlong NativeCrypto_SSL_get_timeout(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_timeout", ssl); if (ssl == nullptr) { @@ -8269,6 +8538,7 @@ static jlong NativeCrypto_SSL_get_timeout(JNIEnv* env, jclass, jlong ssl_address * Gets the timeout for the SSL session. */ static jlong NativeCrypto_SSL_SESSION_get_timeout(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_timeout", ssl_session); if (ssl_session == nullptr) { @@ -8282,6 +8552,7 @@ static jlong NativeCrypto_SSL_SESSION_get_timeout(JNIEnv* env, jclass, jlong ssl * Gets the ID for the SSL session, or null if no session is currently available. */ static jbyteArray NativeCrypto_SSL_session_id(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_session_id", ssl); if (ssl == nullptr) { @@ -8312,6 +8583,7 @@ static jbyteArray NativeCrypto_SSL_session_id(JNIEnv* env, jclass, jlong ssl_add */ static jstring NativeCrypto_SSL_SESSION_get_version(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_get_version", ssl_session); if (ssl_session == nullptr) { @@ -8326,6 +8598,7 @@ static jstring NativeCrypto_SSL_SESSION_get_version(JNIEnv* env, jclass, * Gets and returns in a string the cipher negotiated for the SSL session. */ static jstring NativeCrypto_SSL_SESSION_cipher(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_cipher", ssl_session); if (ssl_session == nullptr) { @@ -8341,6 +8614,7 @@ static jstring NativeCrypto_SSL_SESSION_cipher(JNIEnv* env, jclass, jlong ssl_se * Increments the reference count of the session. */ static void NativeCrypto_SSL_SESSION_up_ref(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_up_ref", ssl_session); if (ssl_session == nullptr) { @@ -8353,6 +8627,7 @@ static void NativeCrypto_SSL_SESSION_up_ref(JNIEnv* env, jclass, jlong ssl_sessi * Frees the SSL session. */ static void NativeCrypto_SSL_SESSION_free(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_free", ssl_session); if (ssl_session == nullptr) { @@ -8367,6 +8642,7 @@ static void NativeCrypto_SSL_SESSION_free(JNIEnv* env, jclass, jlong ssl_session * See apache mod_ssl. */ static jbyteArray NativeCrypto_i2d_SSL_SESSION(JNIEnv* env, jclass, jlong ssl_session_address) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true); JNI_TRACE("ssl_session=%p NativeCrypto_i2d_SSL_SESSION", ssl_session); if (ssl_session == nullptr) { @@ -8379,6 +8655,7 @@ static jbyteArray NativeCrypto_i2d_SSL_SESSION(JNIEnv* env, jclass, jlong ssl_se * Deserialize the session. */ static jlong NativeCrypto_d2i_SSL_SESSION(JNIEnv* env, jclass, jbyteArray javaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("NativeCrypto_d2i_SSL_SESSION bytes=%p", javaBytes); ScopedByteArrayRO bytes(env, javaBytes); @@ -8411,6 +8688,7 @@ static jlong NativeCrypto_ERR_peek_last_error(JNIEnv*, jclass) { } static jstring NativeCrypto_SSL_CIPHER_get_kx_name(JNIEnv* env, jclass, jlong cipher_address) { + CHECK_ERROR_QUEUE_ON_RETURN; const SSL_CIPHER* cipher = to_SSL_CIPHER(env, cipher_address, true); const char* kx_name = nullptr; @@ -8420,6 +8698,7 @@ static jstring NativeCrypto_SSL_CIPHER_get_kx_name(JNIEnv* env, jclass, jlong ci } static jobjectArray NativeCrypto_get_cipher_names(JNIEnv* env, jclass, jstring selectorJava) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedUtfChars selector(env, selectorJava); if (selector.c_str() == nullptr) { conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException", @@ -8666,6 +8945,7 @@ static jbyteArray NativeCrypto_get_ocsp_single_extension(JNIEnv* env, jclass, jbyteArray ocspDataBytes, jstring oid, jlong x509Ref, CONSCRYPT_UNUSED jobject holder, jlong issuerX509Ref, CONSCRYPT_UNUSED jobject holder2) { + CHECK_ERROR_QUEUE_ON_RETURN; ScopedByteArrayRO ocspData(env, ocspDataBytes); if (ocspData.get() == nullptr) { return nullptr; @@ -8723,6 +9003,7 @@ static jlong NativeCrypto_getDirectBufferAddress(JNIEnv* env, jclass, jobject bu } static jint NativeCrypto_SSL_get_error(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jint ret) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8735,6 +9016,7 @@ static void NativeCrypto_SSL_clear_error(JNIEnv*, jclass) { } static jint NativeCrypto_SSL_pending_readable_bytes(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8743,6 +9025,7 @@ static jint NativeCrypto_SSL_pending_readable_bytes(JNIEnv* env, jclass, jlong s } static jint NativeCrypto_SSL_pending_written_bytes_in_BIO(JNIEnv* env, jclass, jlong bio_address) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = to_SSL_BIO(env, bio_address, true); if (bio == nullptr) { return 0; @@ -8751,6 +9034,7 @@ static jint NativeCrypto_SSL_pending_written_bytes_in_BIO(JNIEnv* env, jclass, j } static jint NativeCrypto_SSL_max_seal_overhead(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8762,6 +9046,7 @@ static jint NativeCrypto_SSL_max_seal_overhead(JNIEnv* env, jclass, jlong ssl_ad * public static native int SSL_new_BIO(long ssl) throws SSLException; */ static jlong NativeCrypto_SSL_BIO_new(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_BIO_new", ssl); if (ssl == nullptr) { @@ -8785,6 +9070,7 @@ static jlong NativeCrypto_SSL_BIO_new(JNIEnv* env, jclass, jlong ssl_address, CO static jint NativeCrypto_ENGINE_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; @@ -8866,6 +9152,7 @@ static jint NativeCrypto_ENGINE_SSL_do_handshake(JNIEnv* env, jclass, jlong ssl_ } static void NativeCrypto_ENGINE_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, false); if (ssl == nullptr) { return; @@ -8931,6 +9218,7 @@ static void NativeCrypto_ENGINE_SSL_shutdown(JNIEnv* env, jclass, jlong ssl_addr static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong address, jint length, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); char* destPtr = reinterpret_cast<char*>(address); if (ssl == nullptr) { @@ -8964,6 +9252,7 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a appData->clearCallbackState(); if (env->ExceptionCheck()) { // An exception was thrown by one of the callbacks. Just propagate that exception. + ERR_clear_error(); JNI_TRACE("ssl=%p NativeCrypto_ENGINE_SSL_read_direct => THROWN_EXCEPTION", ssl); return -1; } @@ -9022,6 +9311,7 @@ static jint NativeCrypto_ENGINE_SSL_read_direct(JNIEnv* env, jclass, jlong ssl_a static int NativeCrypto_ENGINE_SSL_write_BIO_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jlong address, jint len, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; @@ -9075,6 +9365,7 @@ static int NativeCrypto_ENGINE_SSL_write_BIO_direct(JNIEnv* env, jclass, jlong s static int NativeCrypto_ENGINE_SSL_write_BIO_heap(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jbyteArray sourceJava, jint sourceOffset, jint sourceLength, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; @@ -9139,6 +9430,7 @@ static int NativeCrypto_ENGINE_SSL_write_BIO_heap(JNIEnv* env, jclass, jlong ssl static int NativeCrypto_ENGINE_SSL_read_BIO_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jlong address, jint outputSize, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; @@ -9188,6 +9480,7 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_direct(JNIEnv* env, jclass, jlong ss static int NativeCrypto_ENGINE_SSL_read_BIO_heap(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong bioRef, jbyteArray destJava, jint destOffset, jint destLength, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return -1; @@ -9249,6 +9542,7 @@ static int NativeCrypto_ENGINE_SSL_read_BIO_heap(JNIEnv* env, jclass, jlong ssl_ */ static int NativeCrypto_ENGINE_SSL_write_direct(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong address, jint len, jobject shc) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); const char* sourcePtr = reinterpret_cast<const char*>(address); if (ssl == nullptr) { @@ -9289,6 +9583,7 @@ static int NativeCrypto_ENGINE_SSL_write_direct(JNIEnv* env, jclass, jlong ssl_a // TESTING METHODS BEGIN static int NativeCrypto_BIO_read(JNIEnv* env, jclass, jlong bioRef, jbyteArray outputJavaBytes) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_read(%p, %p)", bio, outputJavaBytes); @@ -9321,6 +9616,7 @@ static int NativeCrypto_BIO_read(JNIEnv* env, jclass, jlong bioRef, jbyteArray o static void NativeCrypto_BIO_write(JNIEnv* env, jclass, jlong bioRef, jbyteArray inputJavaBytes, jint offset, jint length) { + CHECK_ERROR_QUEUE_ON_RETURN; BIO* bio = reinterpret_cast<BIO*>(static_cast<uintptr_t>(bioRef)); JNI_TRACE("BIO_write(%p, %p, %d, %d)", bio, inputJavaBytes, offset, length); @@ -9358,6 +9654,7 @@ static void NativeCrypto_BIO_write(JNIEnv* env, jclass, jlong bioRef, jbyteArray * public static native long SSL_clear_mode(long ssl, long mode); */ static jlong NativeCrypto_SSL_clear_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder, jlong mode) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); // NOLINTNEXTLINE(runtime/int) JNI_TRACE("ssl=%p NativeCrypto_SSL_clear_mode mode=0x%llx", ssl, (long long)mode); @@ -9374,6 +9671,7 @@ static jlong NativeCrypto_SSL_clear_mode(JNIEnv* env, jclass, jlong ssl_address, * public static native long SSL_get_mode(long ssl); */ static jlong NativeCrypto_SSL_get_mode(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_mode", ssl); if (ssl == nullptr) { @@ -9389,6 +9687,7 @@ static jlong NativeCrypto_SSL_get_mode(JNIEnv* env, jclass, jlong ssl_address, C * public static native long SSL_get_options(long ssl); */ static jlong NativeCrypto_SSL_get_options(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_get_options", ssl); if (ssl == nullptr) { @@ -9401,6 +9700,7 @@ static jlong NativeCrypto_SSL_get_options(JNIEnv* env, jclass, jlong ssl_address } static jlong NativeCrypto_SSL_get1_session(JNIEnv* env, jclass, jlong ssl_address, CONSCRYPT_UNUSED jobject ssl_holder) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, ssl_address, true); if (ssl == nullptr) { return 0; diff --git a/common/src/jni/main/include/conscrypt/jniutil.h b/common/src/jni/main/include/conscrypt/jniutil.h index 2fb36d5f..58c280d7 100644 --- a/common/src/jni/main/include/conscrypt/jniutil.h +++ b/common/src/jni/main/include/conscrypt/jniutil.h @@ -264,6 +264,39 @@ extern int throwSSLExceptionWithSslErrors(JNIEnv* env, SSL* ssl, int sslErrorCod const char* message, int (*actualThrow)(JNIEnv*, const char*) = throwSSLExceptionStr); + +#ifdef CONSCRYPT_CHECK_ERROR_QUEUE +/** + * Class that checks that the error queue is empty on destruction. It should only be used + * via the macro CHECK_ERROR_QUEUE_ON_RETURN, which can be placed at the top of a function to + * ensure that the error queue is empty whenever the function exits. + */ +class ErrorQueueChecker { +public: + ErrorQueueChecker(JNIEnv* env) : env(env) {} + ~ErrorQueueChecker() { + if (ERR_peek_error() != 0) { + const char* file; + int line; + unsigned long error = ERR_get_error_line(&file, &line); + char message[256]; + ERR_error_string_n(error, message, sizeof(message)); + char result[500]; + snprintf(result, sizeof(result), "Error queue should have been empty but was (%s:%d) %s", file, line, message); + // If there's a pending exception, we want to throw the assertion error instead + env->ExceptionClear(); + throwAssertionError(env, result); + } + } +private: + JNIEnv* env; +}; + +#define CHECK_ERROR_QUEUE_ON_RETURN conscrypt::jniutil::ErrorQueueChecker __checker(env) +#else +#define CHECK_ERROR_QUEUE_ON_RETURN ((void)0) +#endif // CONSCRYPT_CHECK_ERROR_QUEUE + } // namespace jniutil } // namespace conscrypt diff --git a/openjdk/build.gradle b/openjdk/build.gradle index 22e8af37..3f67c5a1 100644 --- a/openjdk/build.gradle +++ b/openjdk/build.gradle @@ -357,6 +357,10 @@ model { "-I$jdkIncludeDir/linux", "-I$jdkIncludeDir/darwin", "-I$jdkIncludeDir/win32" + if (rootProject.hasProperty('checkErrorQueue')) { + System.out.println("Compiling with error queue checking enabled") + cppCompiler.define "CONSCRYPT_CHECK_ERROR_QUEUE" + } // Static link to BoringSSL linker.args "-O3", |