diff options
author | Pete Bentley <prb@google.com> | 2021-06-22 12:30:56 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2021-06-22 12:30:56 +0000 |
commit | 963052e46700b8905218922eaf1f3d2c380eeb4d (patch) | |
tree | 4b778fc567d42bd871b2ba8f44cad6fd1271c2ce | |
parent | 3df5e14a1786676954ddab1fa490a323a2a0daba (diff) | |
parent | 383f874837952427bde2ec6bae2423536a24449c (diff) | |
download | conscrypt-963052e46700b8905218922eaf1f3d2c380eeb4d.tar.gz |
Merge "Merge Conscrypt upstream master." am: 383f874837
Original change: https://android-review.googlesource.com/c/platform/external/conscrypt/+/1699807
Change-Id: I132f004bcdc2793e42191cafec0b252548bb0e7d
-rw-r--r-- | common/src/jni/main/cpp/conscrypt/jniutil.cc | 69 | ||||
-rw-r--r-- | common/src/jni/main/cpp/conscrypt/native_crypto.cc | 66 | ||||
-rw-r--r-- | common/src/jni/main/include/conscrypt/jniutil.h | 15 |
3 files changed, 91 insertions, 59 deletions
diff --git a/common/src/jni/main/cpp/conscrypt/jniutil.cc b/common/src/jni/main/cpp/conscrypt/jniutil.cc index c30adf10..34dd2b13 100644 --- a/common/src/jni/main/cpp/conscrypt/jniutil.cc +++ b/common/src/jni/main/cpp/conscrypt/jniutil.cc @@ -38,9 +38,12 @@ jclass inputStreamClass; jclass outputStreamClass; jclass stringClass; jclass byteBufferClass; -jclass bufferClass; +static jclass bufferClass; +static jclass fileDescriptorClass; +static jclass sslHandshakeCallbacksClass; jfieldID nativeRef_address; +static jfieldID fileDescriptor_fd; jmethodID calendar_setMethod; jmethodID inputStream_readMethod; @@ -50,6 +53,18 @@ jmethodID outputStream_writeMethod; jmethodID outputStream_flushMethod; jmethodID buffer_positionMethod; jmethodID buffer_limitMethod; +jmethodID cryptoUpcallsClass_rawSignMethod; +jmethodID cryptoUpcallsClass_rsaSignMethod; +jmethodID cryptoUpcallsClass_rsaDecryptMethod; +jmethodID sslHandshakeCallbacks_verifyCertificateChain; +jmethodID sslHandshakeCallbacks_onSSLStateChange; +jmethodID sslHandshakeCallbacks_clientCertificateRequested; +jmethodID sslHandshakeCallbacks_serverCertificateRequested; +jmethodID sslHandshakeCallbacks_clientPSKKeyRequested; +jmethodID sslHandshakeCallbacks_serverPSKKeyRequested; +jmethodID sslHandshakeCallbacks_onNewSessionEstablished; +jmethodID sslHandshakeCallbacks_selectApplicationProtocol; +jmethodID sslHandshakeCallbacks_serverSessionRequested; void init(JavaVM* vm, JNIEnv* env) { gJavaVM = vm; @@ -64,6 +79,7 @@ void init(JavaVM* vm, JNIEnv* env) { stringClass = findClass(env, "java/lang/String"); byteBufferClass = findClass(env, "java/nio/ByteBuffer"); bufferClass = findClass(env, "java/nio/Buffer"); + fileDescriptorClass = findClass(env, "java/io/FileDescriptor"); cryptoUpcallsClass = getGlobalRefToClass( env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/CryptoUpcalls"); @@ -71,8 +87,15 @@ void init(JavaVM* vm, JNIEnv* env) { env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/NativeRef"); openSslInputStreamClass = getGlobalRefToClass( env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/OpenSSLBIOInputStream"); + sslHandshakeCallbacksClass = getGlobalRefToClass( + env, TO_STRING(JNI_JARJAR_PREFIX) "org/conscrypt/NativeCrypto$SSLHandshakeCallbacks"); nativeRef_address = getFieldRef(env, nativeRefClass, "address", "J"); +#if defined(ANDROID) && !defined(CONSCRYPT_OPENJDK) + fileDescriptor_fd = getFieldRef(env, fileDescriptorClass, "descriptor", "I"); +#else /* !ANDROID || CONSCRYPT_OPENJDK */ + fileDescriptor_fd = getFieldRef(env, fileDescriptorClass, "fd", "I"); +#endif calendar_setMethod = getMethodRef(env, calendarClass, "set", "(IIIIII)V"); inputStream_readMethod = getMethodRef(env, inputStreamClass, "read", "([B)I"); @@ -84,6 +107,40 @@ void init(JavaVM* vm, JNIEnv* env) { outputStream_flushMethod = getMethodRef(env, outputStreamClass, "flush", "()V"); buffer_positionMethod = getMethodRef(env, bufferClass, "position", "()I"); buffer_limitMethod = getMethodRef(env, bufferClass, "limit", "()I"); + sslHandshakeCallbacks_verifyCertificateChain = getMethodRef( + env, sslHandshakeCallbacksClass, "verifyCertificateChain", "([[BLjava/lang/String;)V"); + sslHandshakeCallbacks_onSSLStateChange = + getMethodRef(env, sslHandshakeCallbacksClass, "onSSLStateChange", "(II)V"); + sslHandshakeCallbacks_clientCertificateRequested = getMethodRef( + env, sslHandshakeCallbacksClass, "clientCertificateRequested", "([B[I[[B)V"); + sslHandshakeCallbacks_serverCertificateRequested = + getMethodRef(env, sslHandshakeCallbacksClass, "serverCertificateRequested", "()V"); + sslHandshakeCallbacks_clientPSKKeyRequested = getMethodRef( + env, sslHandshakeCallbacksClass, "clientPSKKeyRequested", "(Ljava/lang/String;[B[B)I"); + sslHandshakeCallbacks_serverPSKKeyRequested = + getMethodRef(env, sslHandshakeCallbacksClass, "serverPSKKeyRequested", + "(Ljava/lang/String;Ljava/lang/String;[B)I"); + sslHandshakeCallbacks_onNewSessionEstablished = + getMethodRef(env, sslHandshakeCallbacksClass, "onNewSessionEstablished", "(J)V"); + sslHandshakeCallbacks_serverSessionRequested = + getMethodRef(env, sslHandshakeCallbacksClass, "serverSessionRequested", "([B)J"); + sslHandshakeCallbacks_selectApplicationProtocol = + getMethodRef(env, sslHandshakeCallbacksClass, "selectApplicationProtocol", "([B)I"); + cryptoUpcallsClass_rawSignMethod = env->GetStaticMethodID( + cryptoUpcallsClass, "ecSignDigestWithPrivateKey", "(Ljava/security/PrivateKey;[B)[B"); + if (cryptoUpcallsClass_rawSignMethod == nullptr) { + env->FatalError("Could not find ecSignDigestWithPrivateKey"); + } + cryptoUpcallsClass_rsaSignMethod = env->GetStaticMethodID( + cryptoUpcallsClass, "rsaSignDigestWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B"); + if (cryptoUpcallsClass_rsaSignMethod == nullptr) { + env->FatalError("Could not find rsaSignDigestWithPrivateKey"); + } + cryptoUpcallsClass_rsaDecryptMethod = env->GetStaticMethodID( + cryptoUpcallsClass, "rsaDecryptWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B"); + if (cryptoUpcallsClass_rsaDecryptMethod == nullptr) { + env->FatalError("Could not find rsaDecryptWithPrivateKey"); + } } void jniRegisterNativeMethods(JNIEnv* env, const char* className, const JNINativeMethod* gMethods, @@ -106,14 +163,8 @@ void jniRegisterNativeMethods(JNIEnv* env, const char* className, const JNINativ } int jniGetFDFromFileDescriptor(JNIEnv* env, jobject fileDescriptor) { - ScopedLocalRef<jclass> localClass(env, env->FindClass("java/io/FileDescriptor")); -#if defined(ANDROID) && !defined(CONSCRYPT_OPENJDK) - static jfieldID fid = env->GetFieldID(localClass.get(), "descriptor", "I"); -#else /* !ANDROID || CONSCRYPT_OPENJDK */ - static jfieldID fid = env->GetFieldID(localClass.get(), "fd", "I"); -#endif if (fileDescriptor != nullptr) { - return env->GetIntField(fileDescriptor, fid); + return env->GetIntField(fileDescriptor, fileDescriptor_fd); } else { return -1; } @@ -153,9 +204,11 @@ int throwRuntimeException(JNIEnv* env, const char* msg) { return conscrypt::jniutil::throwException(env, "java/lang/RuntimeException", msg); } +#ifdef CONSCRYPT_CHECK_ERROR_QUEUE int throwAssertionError(JNIEnv* env, const char* msg) { return conscrypt::jniutil::throwException(env, "java/lang/AssertionError", msg); } +#endif int throwNullPointerException(JNIEnv* env, const char* msg) { return conscrypt::jniutil::throwException(env, "java/lang/NullPointerException", msg); diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 5b0acf0d..86ecd992 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -559,16 +559,9 @@ static jbyteArray ecSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, co memcpy(messageBytes.get(), message, message_len); } - jmethodID rawSignMethod = env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass, - "ecSignDigestWithPrivateKey", - "(Ljava/security/PrivateKey;[B)[B"); - if (rawSignMethod == nullptr) { - CONSCRYPT_LOG_ERROR("Could not find ecSignDigestWithPrivateKey"); - return nullptr; - } - return reinterpret_cast<jbyteArray>(env->CallStaticObjectMethod( - conscrypt::jniutil::cryptoUpcallsClass, rawSignMethod, privateKey, messageArray.get())); + conscrypt::jniutil::cryptoUpcallsClass, + conscrypt::jniutil::cryptoUpcallsClass_rawSignMethod, privateKey, messageArray.get())); } static jbyteArray rsaSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, jint padding, @@ -594,16 +587,9 @@ static jbyteArray rsaSignDigestWithPrivateKey(JNIEnv* env, jobject privateKey, j memcpy(messageBytes.get(), message, message_len); } - jmethodID rsaSignMethod = env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass, - "rsaSignDigestWithPrivateKey", - "(Ljava/security/PrivateKey;I[B)[B"); - if (rsaSignMethod == nullptr) { - CONSCRYPT_LOG_ERROR("Could not find rsaSignDigestWithPrivateKey"); - return nullptr; - } - return reinterpret_cast<jbyteArray>( - env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, rsaSignMethod, + env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, + conscrypt::jniutil::cryptoUpcallsClass_rsaSignMethod, privateKey, padding, messageArray.get())); } @@ -634,16 +620,9 @@ static jbyteArray rsaDecryptWithPrivateKey(JNIEnv* env, jobject privateKey, jint memcpy(ciphertextBytes.get(), ciphertext, ciphertext_len); } - jmethodID rsaDecryptMethod = - env->GetStaticMethodID(conscrypt::jniutil::cryptoUpcallsClass, - "rsaDecryptWithPrivateKey", "(Ljava/security/PrivateKey;I[B)[B"); - if (rsaDecryptMethod == nullptr) { - CONSCRYPT_LOG_ERROR("Could not find rsaDecryptWithPrivateKey"); - return nullptr; - } - return reinterpret_cast<jbyteArray>( - env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, rsaDecryptMethod, + env->CallStaticObjectMethod(conscrypt::jniutil::cryptoUpcallsClass, + conscrypt::jniutil::cryptoUpcallsClass_rsaDecryptMethod, privateKey, padding, ciphertextArray.get())); } @@ -6553,9 +6532,7 @@ static ssl_verify_result_t cert_verify_callback(SSL* ssl, CONSCRYPT_UNUSED uint8 } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = - env->GetMethodID(cls, "verifyCertificateChain", "([[BLjava/lang/String;)V"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_verifyCertificateChain; const SSL_CIPHER* cipher = SSL_get_pending_cipher(ssl); const char* authMethod = SSL_CIPHER_get_kx_name(cipher); @@ -6599,11 +6576,9 @@ static void info_callback(const SSL* ssl, int type, int value) { jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "onSSLStateChange", "(II)V"); - JNI_TRACE("ssl=%p info_callback calling onSSLStateChange", ssl); - env->CallVoidMethod(sslHandshakeCallbacks, methodID, type, value); + env->CallVoidMethod(sslHandshakeCallbacks, + conscrypt::jniutil::sslHandshakeCallbacks_onSSLStateChange, type, value); if (env->ExceptionCheck()) { JNI_TRACE("ssl=%p info_callback exception", ssl); @@ -6641,8 +6616,7 @@ static int cert_cb(SSL* ssl, CONSCRYPT_UNUSED void* arg) { } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "clientCertificateRequested", "([B[I[[B)V"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_clientCertificateRequested; // Call Java callback which can reconfigure the client certificate. const uint8_t* ctype = nullptr; @@ -6716,8 +6690,7 @@ static enum ssl_select_cert_result_t select_certificate_cb(const SSL_CLIENT_HELL } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "serverCertificateRequested", "()V"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverCertificateRequested; JNI_TRACE("ssl=%p select_certificate_cb calling serverCertificateRequested", ssl); env->CallVoidMethod(sslHandshakeCallbacks, methodID); @@ -6751,9 +6724,7 @@ static unsigned int psk_client_callback(SSL* ssl, const char* hint, char* identi } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = - env->GetMethodID(cls, "clientPSKKeyRequested", "(Ljava/lang/String;[B[B)I"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_clientPSKKeyRequested; JNI_TRACE("ssl=%p psk_client_callback calling clientPSKKeyRequested", ssl); ScopedLocalRef<jstring> identityHintJava(env, (hint != nullptr) ? env->NewStringUTF(hint) : nullptr); @@ -6819,9 +6790,7 @@ static unsigned int psk_server_callback(SSL* ssl, const char* identity, unsigned } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "serverPSKKeyRequested", - "(Ljava/lang/String;Ljava/lang/String;[B)I"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverPSKKeyRequested; JNI_TRACE("ssl=%p psk_server_callback calling serverPSKKeyRequested", ssl); const char* identityHint = SSL_get_psk_identity_hint(ssl); ScopedLocalRef<jstring> identityHintJava( @@ -6873,8 +6842,7 @@ static int new_session_callback(SSL* ssl, SSL_SESSION* session) { } jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "onNewSessionEstablished", "(J)V"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_onNewSessionEstablished; JNI_TRACE("ssl=%p new_session_callback calling onNewSessionEstablished", ssl); env->CallVoidMethod(sslHandshakeCallbacks, methodID, reinterpret_cast<jlong>(session)); if (env->ExceptionCheck()) { @@ -6918,8 +6886,7 @@ static SSL_SESSION* server_session_requested_callback(SSL* ssl, const uint8_t* i reinterpret_cast<const jbyte*>(id)); jobject sslHandshakeCallbacks = appData->sslHandshakeCallbacks; - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "serverSessionRequested", "([B)J"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_serverSessionRequested; JNI_TRACE("ssl=%p server_session_requested_callback calling serverSessionRequested", ssl); jlong ssl_session_address = env->CallLongMethod(sslHandshakeCallbacks, methodID, id_array); if (env->ExceptionCheck()) { @@ -8041,8 +8008,7 @@ static int selectApplicationProtocol(SSL* ssl, JNIEnv* env, jobject sslHandshake reinterpret_cast<const jbyte*>(in)); // Invoke the selection method. - jclass cls = env->GetObjectClass(sslHandshakeCallbacks); - jmethodID methodID = env->GetMethodID(cls, "selectApplicationProtocol", "([B)I"); + jmethodID methodID = conscrypt::jniutil::sslHandshakeCallbacks_selectApplicationProtocol; jint offset = env->CallIntMethod(sslHandshakeCallbacks, methodID, protocols.get()); if (offset < 0) { diff --git a/common/src/jni/main/include/conscrypt/jniutil.h b/common/src/jni/main/include/conscrypt/jniutil.h index 6f55608b..35b3c998 100644 --- a/common/src/jni/main/include/conscrypt/jniutil.h +++ b/common/src/jni/main/include/conscrypt/jniutil.h @@ -41,7 +41,6 @@ extern jclass inputStreamClass; extern jclass outputStreamClass; extern jclass stringClass; extern jclass byteBufferClass; -extern jclass bufferClass; extern jfieldID nativeRef_address; @@ -53,6 +52,18 @@ extern jmethodID outputStream_writeMethod; extern jmethodID outputStream_flushMethod; extern jmethodID buffer_positionMethod; extern jmethodID buffer_limitMethod; +extern jmethodID cryptoUpcallsClass_rawSignMethod; +extern jmethodID cryptoUpcallsClass_rsaSignMethod; +extern jmethodID cryptoUpcallsClass_rsaDecryptMethod; +extern jmethodID sslHandshakeCallbacks_verifyCertificateChain; +extern jmethodID sslHandshakeCallbacks_onSSLStateChange; +extern jmethodID sslHandshakeCallbacks_clientCertificateRequested; +extern jmethodID sslHandshakeCallbacks_serverCertificateRequested; +extern jmethodID sslHandshakeCallbacks_clientPSKKeyRequested; +extern jmethodID sslHandshakeCallbacks_serverPSKKeyRequested; +extern jmethodID sslHandshakeCallbacks_onNewSessionEstablished; +extern jmethodID sslHandshakeCallbacks_selectApplicationProtocol; +extern jmethodID sslHandshakeCallbacks_serverSessionRequested; /** * Initializes the JNI constants from the environment. @@ -159,10 +170,12 @@ extern int throwException(JNIEnv* env, const char* className, const char* msg); */ extern int throwRuntimeException(JNIEnv* env, const char* msg); +#ifdef CONSCRYPT_CHECK_ERROR_QUEUE /** * Throw a java.lang.AssertionError, with an optional message. */ extern int throwAssertionError(JNIEnv* env, const char* msg); +#endif /* * Throw a java.lang.NullPointerException, with an optional message. |