Merge "Merge Conscrypt upstream master." am: 383f874837

Original change: https://android-review.googlesource.com/c/platform/external/conscrypt/+/1699807 Change-Id: I132f004bcdc2793e42191cafec0b252548bb0e7d
author: Pete Bentley <prb@google.com> 2021-06-22 12:30:56 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-06-22 12:30:56 +0000
commit: 963052e46700b8905218922eaf1f3d2c380eeb4d (patch)
tree: 4b778fc567d42bd871b2ba8f44cad6fd1271c2ce
parent: 3df5e14a1786676954ddab1fa490a323a2a0daba (diff)
parent: 383f874837952427bde2ec6bae2423536a24449c (diff)
download: conscrypt-963052e46700b8905218922eaf1f3d2c380eeb4d.tar.gz
3 files changed, 91 insertions, 59 deletions
diff --git a/common/src/jni/main/cpp/conscrypt/jniutil.cc b/common/src/jni/main/cpp/conscrypt/jniutil.cc
index c30adf10..34dd2b13 100644
--- a/common/src/jni/main/cpp/conscrypt/jniutil.cc
+++ b/common/src/jni/main/cpp/conscrypt/jniutil.cc
@@ -38,9 +38,12 @@ jclass inputStreamClass;
 jclass outputStreamClass;
 jclass stringClass;
 jclass byteBufferClass;
-jclass bufferClass;
+static jclass bufferClass;
+static jclass fileDescriptorClass;
+static jclass sslHandshakeCallbacksClass;
 
 jfieldID nativeRef_address;
+static jfieldID fileDescriptor_fd;
 
 jmethodID calendar_setMethod;
 jmethodID inputStream_readMethod;
@@ -50,6 +53,18 @@ jmethodID outputStream_writeMethod;
 jmethodID outputStream_flushMethod;
 jmethodID buffer_positionMethod;
 jmethodID buffer_limitMethod;
+jmethodID cryptoUpcallsClass_rawSignMethod;
+jmethodID cryptoUpcallsClass_rsaSignMethod;
+jmethodID cryptoUpcallsClass_rsaDecryptMethod;
+jmethodID sslHandshakeCallbacks_verifyCertificateChain;
+jmethodID sslHandshakeCallbacks_onSSLStateChange;
+jmethodID sslHandshakeCallbacks_clientCertificateRequested;
+jmethodID sslHandshakeCallbacks_serverCertificateRequested;
+jmethodID sslHandshakeCallbacks_clientPSKKeyRequested;
+jmethodID sslHandshakeCallbacks_serverPSKKeyRequested;
+jmethodID sslHandshakeCallbacks_onNewSessionEstablished;
+jmethodID sslHandshakeCallbacks_selectApplicationProtocol;
+jmethodID sslHandshakeCallbacks_serverSessionRequested;
 
 void init(JavaVM* vm, JNIEnv* env) {
     gJavaVM = vm;
@@ -64,6 +79,7 @@ void init(JavaVM* vm, JNIEnv* env) {
     stringClass = findClass(env, "java/lang/String");
     byteBufferClass = findClass(env, "java/nio/ByteBuffer");
     bufferClass = findClass(env, "java/nio/Buffer");
+    fileDescriptorClass = findClass(env, "java/io/FileDescriptor");
 
     cryptoUpcallsClass = getGlobalRefToClass(
             env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/CryptoUpcalls");
@@ -71,8 +87,15 @@ void init(JavaVM* vm, JNIEnv* env) {
             env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/NativeRef");
     openSslInputStreamClass = getGlobalRefToClass(
             env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/OpenSSLBIOInputStream");
+    sslHandshakeCallbacksClass = getGlobalRefToClass(
+            env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/NativeCrypto$SSLHandshakeCallbacks");
 
     nativeRef_address = getFieldRef(env, nativeRefClass, "address", "J");
+#if defined(ANDROID) && !defined(CONSCRYPT_OPENJDK)
+    fileDescriptor_fd = getFieldRef(env, fileDescriptorClass, "descriptor", "I");
+#else /* !ANDROID || CONSCRYPT_OPENJDK */
+    fileDescriptor_fd = getFieldRef(env, fileDescriptorClass, "fd", "I");
+#endif
 
     calendar_setMethod = getMethodRef(env, calendarClass, "set", "(IIIIII)V");
     inputStream_readMethod = getMethodRef(env, inputStreamClass, "read", "([B)I");
@@ -84,6 +107,40 @@ void init(JavaVM* vm, JNIEnv* env) {
     outputStream_flushMethod = getMethodRef(env, outputStreamClass, "flush", "()V");
     buffer_positionMethod = getMethodRef(env, bufferClass, "position", "()I");
     buffer_limitMethod = getMethodRef(env, bufferClass, "limit", "()I");
+    sslHandshakeCallbacks_verifyCertificateChain = getMethodRef(
+            env, sslHandshakeCallbacksClass, "verifyCertificateChain", "([[BLjava/lang/String;)V");
+    sslHandshakeCallbacks_onSSLStateChange =
+            getMethodRef(env, sslHandshakeCallbacksClass, "onSSLStateChange", "(II)V");
+    sslHandshakeCallbacks_clientCertificateRequested = getMethodRef(
+            env, sslHandshakeCallbacksClass, "clientCertificateRequested", "([B[I[[B)V");
+    sslHandshakeCallbacks_serverCertificateRequested =
+            getMethodRef(env, sslHandshakeCallbacksClass, "serverCertificateRequested", "()V");
+    sslHandshakeCallbacks_clientPSKKeyRequested = getMethodRef(
+            env, sslHandshakeCallbacksClass, "clientPSKKeyRequested", "(Ljava/lang/String;[B[B)I");
+    sslHandshakeCallbacks_serverPSKKeyRequested =
+            getMethodRef(env, sslHandshakeCallbacksClass, "serverPSKKeyRequested",
+                         "(Ljava/lang/String;Ljava/lang/String;[B)I");
+    sslHandshakeCallbacks_onNewSessionEstablished =
+            getMethodRef(env, sslHandshakeCallbacksClass, "onNewSessionEstablished", "(J)V");
+    sslHandshakeCallbacks_serverSessionRequested =
+            getMethodRef(env, sslHandshakeCallbacksClass, "serverSessionRequested", "([B)J");
+    sslHandshakeCallbacks_selectApplicationProtocol =
+            getMethodRef(env, sslHandshakeCallbacksClass, "selectApplicationProtocol", "([B)I");
+    cryptoUpcallsClass_rawSignMethod = env->GetStaticMethodID(
+            cryptoUpcallsClass, "ecSignDigestWithPrivateKey", "(Ljava/security/PrivateKey;[B)[B");
+    if (cryptoUpcallsClass_rawSignMethod == nullptr) {
+        env->FatalError("Could not find ecSignDigestWithPrivateKey");
+    }
+    cryptoUpcallsClass_rsaSignMethod = env->GetStaticMethodID(
+            cryptoUpcallsClass, "rsaSignDigestWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B");
+    if (cryptoUpcallsClass_rsaSignMethod == nullptr) {
+        env->FatalError("Could not find rsaSignDigestWithPrivateKey");
+    }
+    cryptoUpcallsClass_rsaDecryptMethod = env->GetStaticMethodID(
+            cryptoUpcallsClass, "rsaDecryptWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B");
+    if (cryptoUpcallsClass_rsaDecryptMethod == nullptr) {
+        env->FatalError("Could not find rsaDecryptWithPrivateKey");
+    }
 }
 
 void jniRegisterNativeMethods(JNIEnv* env, const char* className, const JNINativeMethod* gMethods,
@@ -106,14 +163,8 @@ void jniRegisterNativeMethods(JNIEnv* env, const char* className, const JNINativ
 }
 
 int jniGetFDFromFileDescriptor(JNIEnv* env, jobject fileDescriptor) {
-    ScopedLocalRef<jclass> localClass(env, env->FindClass("java/io/FileDescriptor"));
-#if defined(ANDROID) && !defined(CONSCRYPT_OPENJDK)
-    static jfieldID fid = env->GetFieldID(localClass.get(), "descriptor", "I");
-#else /* !ANDROID || CONSCRYPT_OPENJDK */
-    static jfieldID fid = env->GetFieldID(localClass.get(), "fd", "I");
-#endif
     if (fileDescriptor != nullptr) {
-        return env->GetIntField(fileDescriptor, fid);
+        return env->GetIntField(fileDescriptor, fileDescriptor_fd);
     } else {
         return -1;
     }
@@ -153,9 +204,11 @@ int throwRuntimeException(JNIEnv* env, const char* msg) {
     return conscrypt::jniutil::throwException(env, "java/lang/RuntimeException", msg);
 }
 
+#ifdef CONSCRYPT_CHECK_ERROR_QUEUE
 int throwAssertionError(JNIEnv* env, const char* msg) {
     return conscrypt::jniutil::throwException(env, "java/lang/AssertionError", msg);
 }
+#endif
 
 int throwNullPointerException(JNIEnv* env, const char* msg) {
     return conscrypt::jniutil::throwException(env, "java/lang/NullPointerException", msg);
diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
index 5b0acf0d..86ecd992 100644
--- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc
+++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc
@@ -559,16 +559,9 @@ static jbyteArray ecSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, co
         memcpy(messageBytes.get(), message, message_len);
     }
 
-    jmethodID rawSignMethod = env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass,
-                                                     "ecSignDigestWithPrivateKey",
-                                                     "(Ljava/security/PrivateKey;[B)[B");
-    if (rawSignMethod == nullptr) {
-        CONSCRYPT_LOG_ERROR("Could not find ecSignDigestWithPrivateKey");
-        return nullptr;
-    }
-
     return reinterpret_cast<jbyteArray>(env->CallStaticObjectMethod(
-            conscrypt::jniutil::cryptoUpcallsClass, rawSignMethod, privateKey, messageArray.get()));
+            conscrypt::jniutil::cryptoUpcallsClass,
+            conscrypt::jniutil::cryptoUpcallsClass_rawSignMethod, privateKey, messageArray.get()));
 }
 
 static jbyteArray rsaSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, jint padding,
@@ -594,16 +587,9 @@ static jbyteArray rsaSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, j
         memcpy(messageBytes.get(), message, message_len);
     }
 
-    jmethodID rsaSignMethod = env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass,
-                                                     "rsaSignDigestWithPrivateKey",
-                                                     "(Ljava/security/PrivateKey;I[B)[B");
-    if (rsaSignMethod == nullptr) {
-        CONSCRYPT_LOG_ERROR("Could not find rsaSignDigestWithPrivateKey");
-        return nullptr;
-    }
-
     return reinterpret_cast<jbyteArray>(
-            env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, rsaSignMethod,
+            env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass,
+                                        conscrypt::jniutil::cryptoUpcallsClass_rsaSignMethod,
                                         privateKey, padding, messageArray.get()));
 }
 
@@ -634,16 +620,9 @@ static jbyteArray rsaDecryptWithPrivateKey(JNIEnv* env, jobject privateKey, jint
         memcpy(ciphertextBytes.get(), ciphertext, ciphertext_len);
     }
 
-    jmethodID rsaDecryptMethod =
-            env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass,
-                                   "rsaDecryptWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B");
-    if (rsaDecryptMethod == nullptr) {
-        CONSCRYPT_LOG_ERROR("Could not find rsaDecryptWithPrivateKey");
-        return nullptr;
-    }
-
     return reinterpret_cast<jbyteArray>(
-            env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, rsaDecryptMethod,
+            env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass,
+                                        conscrypt::jniutil::cryptoUpcallsClass_rsaDecryptMethod,
                                         privateKey, padding, ciphertextArray.get()));
 }
 
@@ -6553,9 +6532,7 @@ static ssl_verify_result_t cert_verify_callback(SSL* ssl, CONSCRYPT_UNUSED uint8
     }
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID =
-            env->GetMethodID(cls, "verifyCertificateChain", "([[BLjava/lang/String;)V");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_verifyCertificateChain;
 
     const SSL_CIPHER* cipher = SSL_get_pending_cipher(ssl);
     const char* authMethod = SSL_CIPHER_get_kx_name(cipher);
@@ -6599,11 +6576,9 @@ static void info_callback(const SSL* ssl, int type, int value) {
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
 
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "onSSLStateChange", "(II)V");
-
     JNI_TRACE("ssl=%p info_callback calling onSSLStateChange", ssl);
-    env->CallVoidMethod(sslHandshakeCallbacks, methodID, type, value);
+    env->CallVoidMethod(sslHandshakeCallbacks,
+                        conscrypt::jniutil::sslHandshakeCallbacks_onSSLStateChange, type, value);
 
     if (env->ExceptionCheck()) {
         JNI_TRACE("ssl=%p info_callback exception", ssl);
@@ -6641,8 +6616,7 @@ static int cert_cb(SSL* ssl, CONSCRYPT_UNUSED void* arg) {
     }
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
 
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "clientCertificateRequested", "([B[I[[B)V");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_clientCertificateRequested;
 
     // Call Java callback which can reconfigure the client certificate.
     const uint8_t* ctype = nullptr;
@@ -6716,8 +6690,7 @@ static enum ssl_select_cert_result_t select_certificate_cb(const SSL_CLIENT_HELL
     }
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "serverCertificateRequested", "()V");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverCertificateRequested;
 
     JNI_TRACE("ssl=%p select_certificate_cb calling serverCertificateRequested", ssl);
     env->CallVoidMethod(sslHandshakeCallbacks, methodID);
@@ -6751,9 +6724,7 @@ static unsigned int psk_client_callback(SSL* ssl, const char* hint, char* identi
     }
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID =
-            env->GetMethodID(cls, "clientPSKKeyRequested", "(Ljava/lang/String;[B[B)I");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_clientPSKKeyRequested;
     JNI_TRACE("ssl=%p psk_client_callback calling clientPSKKeyRequested", ssl);
     ScopedLocalRef<jstring> identityHintJava(env,
                                              (hint != nullptr) ? env->NewStringUTF(hint) : nullptr);
@@ -6819,9 +6790,7 @@ static unsigned int psk_server_callback(SSL* ssl, const char* identity, unsigned
     }
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "serverPSKKeyRequested",
-                                          "(Ljava/lang/String;Ljava/lang/String;[B)I");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverPSKKeyRequested;
     JNI_TRACE("ssl=%p psk_server_callback calling serverPSKKeyRequested", ssl);
     const char* identityHint = SSL_get_psk_identity_hint(ssl);
     ScopedLocalRef<jstring> identityHintJava(
@@ -6873,8 +6842,7 @@ static int new_session_callback(SSL* ssl, SSL_SESSION* session) {
     }
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "onNewSessionEstablished", "(J)V");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_onNewSessionEstablished;
     JNI_TRACE("ssl=%p new_session_callback calling onNewSessionEstablished", ssl);
     env->CallVoidMethod(sslHandshakeCallbacks, methodID, reinterpret_cast<jlong>(session));
     if (env->ExceptionCheck()) {
@@ -6918,8 +6886,7 @@ static SSL_SESSION* server_session_requested_callback(SSL* ssl, const uint8_t* i
                             reinterpret_cast<const jbyte*>(id));
 
     jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks;
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "serverSessionRequested", "([B)J");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverSessionRequested;
     JNI_TRACE("ssl=%p server_session_requested_callback calling serverSessionRequested", ssl);
     jlong ssl_session_address = env->CallLongMethod(sslHandshakeCallbacks, methodID, id_array);
     if (env->ExceptionCheck()) {
@@ -8041,8 +8008,7 @@ static int selectApplicationProtocol(SSL* ssl, JNIEnv* env, jobject sslHandshake
                             reinterpret_cast<const jbyte*>(in));
 
     // Invoke the selection method.
-    jclass cls = env->GetObjectClass(sslHandshakeCallbacks);
-    jmethodID methodID = env->GetMethodID(cls, "selectApplicationProtocol", "([B)I");
+    jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_selectApplicationProtocol;
     jint offset = env->CallIntMethod(sslHandshakeCallbacks, methodID, protocols.get());
 
     if (offset < 0) {
diff --git a/common/src/jni/main/include/conscrypt/jniutil.h b/common/src/jni/main/include/conscrypt/jniutil.h
index 6f55608b..35b3c998 100644
--- a/common/src/jni/main/include/conscrypt/jniutil.h
+++ b/common/src/jni/main/include/conscrypt/jniutil.h
@@ -41,7 +41,6 @@ extern jclass inputStreamClass;
 extern jclass outputStreamClass;
 extern jclass stringClass;
 extern jclass byteBufferClass;
-extern jclass bufferClass;
 
 extern jfieldID nativeRef_address;
 
@@ -53,6 +52,18 @@ extern jmethodID outputStream_writeMethod;
 extern jmethodID outputStream_flushMethod;
 extern jmethodID buffer_positionMethod;
 extern jmethodID buffer_limitMethod;
+extern jmethodID cryptoUpcallsClass_rawSignMethod;
+extern jmethodID cryptoUpcallsClass_rsaSignMethod;
+extern jmethodID cryptoUpcallsClass_rsaDecryptMethod;
+extern jmethodID sslHandshakeCallbacks_verifyCertificateChain;
+extern jmethodID sslHandshakeCallbacks_onSSLStateChange;
+extern jmethodID sslHandshakeCallbacks_clientCertificateRequested;
+extern jmethodID sslHandshakeCallbacks_serverCertificateRequested;
+extern jmethodID sslHandshakeCallbacks_clientPSKKeyRequested;
+extern jmethodID sslHandshakeCallbacks_serverPSKKeyRequested;
+extern jmethodID sslHandshakeCallbacks_onNewSessionEstablished;
+extern jmethodID sslHandshakeCallbacks_selectApplicationProtocol;
+extern jmethodID sslHandshakeCallbacks_serverSessionRequested;
 
 /**
  * Initializes the JNI constants from the environment.
@@ -159,10 +170,12 @@ extern int throwException(JNIEnv* env, const char* className, const char* msg);
  */
 extern int throwRuntimeException(JNIEnv* env, const char* msg);
 
+#ifdef CONSCRYPT_CHECK_ERROR_QUEUE
 /**
  * Throw a java.lang.AssertionError, with an optional message.
  */
 extern int throwAssertionError(JNIEnv* env, const char* msg);
+#endif
 
 /*
  * Throw a java.lang.NullPointerException, with an optional message.
author	Pete Bentley <prb@google.com>	2021-06-22 12:30:56 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-06-22 12:30:56 +0000
commit	963052e46700b8905218922eaf1f3d2c380eeb4d (patch)
tree	4b778fc567d42bd871b2ba8f44cad6fd1271c2ce
parent	3df5e14a1786676954ddab1fa490a323a2a0daba (diff)
parent	383f874837952427bde2ec6bae2423536a24449c (diff)
download	conscrypt-963052e46700b8905218922eaf1f3d2c380eeb4d.tar.gz