aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-02-05Do not depend on internals of the SSL state machine.HEADandroid-n-mr2-preview-2android-n-iot-release-smart-display-r2android-n-iot-release-smart-displayandroid-n-iot-release-polk-at1android-n-iot-release-lg-thinq-wk7android-n-iot-release-ihome-igv1android-n-iot-preview-4nougat-iot-releasen-iot-preview-4mastermainDavid Benjamin
tlsdate has a "time_is_an_illusion" parameter which uses the server's reported time (within some bounds) to check the certificate against. It does this by configuring the time on the SSL's X509_VERIFY_PARAM when one of the SSL3_ST_CR_SRVR_HELLO_A and SSL3_ST_CR_SRVR_HELLO_B states passes. In addition to depending on quirks of the OpenSSL state machine which BoringSSL would otherwise need to emulate, this code is wrong. It needs to run at a point after the server_random is filled in. In the original OpenSSL code, SSL3_ST_CR_SRVR_HELLO_A is when the message header is read, so this is too early. The _B also wouldn't work in a non-blocking socket because state mcahine might pause halfway through reading the body. This probably only worked because it only uses blocking BIOs. This also depends on OpenSSL's info_callback hacking the state transitions so SSL_state returned the previous state during the callback. Rather than ossify all these bugs, use SSL_CTX_set_cert_verify_callback. This overrides OpenSSL's call to X509_verify_cert. By looking up the server random immediately before verification, we are guaranteed server_random is filled in. At this point we also have an X509_STORE_CTX available, so we may set the time on it directly. Change-Id: I0a830984539d7e9e53c78891dea07f27f71edcbf Test: mma
2016-10-05Don't reach into BoringSSL structs. am: 5a3de7f113 am: cfb7a5c7aaandroid-n-mr2-preview-1sdk-releaseDavid Benjamin
am: 74ea02aa66 Change-Id: Icd52bce4997ee577ef096b82cfdf3f479064b381
2016-10-05Don't reach into BoringSSL structs. am: 5a3de7f113David Benjamin
am: cfb7a5c7aa Change-Id: Ibd161dd4080b7d317cf3baeb34f14c404ae7351e
2016-10-05Don't reach into BoringSSL structs.David Benjamin
am: 5a3de7f113 Change-Id: I7b54b1c354934ed2dae616dc6e088f27a9c08ac5
2016-09-23Don't reach into BoringSSL structs.android-n-mr1-preview-2android-n-mr1-preview-1David Benjamin
Instead, use the corresponding accessor. Note that SSL_get0_param is not quite what the old code was doing, but is the correct way to do this. I've confirmed the time still gets set either way. (The parameters ultimately used in the X509_STORE_CTX are first seeded from the X509_STORE, where the old code was modifying things, and then any parameters set via SSL_get0_param are applied.) See upstream docs here: https://www.openssl.org/docs/manmaster/ssl/SSL_get0_param.html Test: mmma -j200 external/tlsdate Change-Id: I6bffe27d1016ed4abad7f7c90ed72d5971fc7b23
2015-12-18Fix mips64 build.android-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-cts-7.0_r9android-cts-7.0_r8android-cts-7.0_r7android-cts-7.0_r6android-cts-7.0_r5android-cts-7.0_r4android-cts-7.0_r33android-cts-7.0_r32android-cts-7.0_r31android-cts-7.0_r30android-cts-7.0_r3android-cts-7.0_r29android-cts-7.0_r28android-cts-7.0_r27android-cts-7.0_r26android-cts-7.0_r25android-cts-7.0_r24android-cts-7.0_r23android-cts-7.0_r22android-cts-7.0_r21android-cts-7.0_r20android-cts-7.0_r2android-cts-7.0_r19android-cts-7.0_r18android-cts-7.0_r17android-cts-7.0_r16android-cts-7.0_r15android-cts-7.0_r14android-cts-7.0_r13android-cts-7.0_r12android-cts-7.0_r11android-cts-7.0_r10android-cts-7.0_r1android-7.1.2_r9android-7.1.2_r8android-7.1.2_r6android-7.1.2_r5android-7.1.2_r4android-7.1.2_r39android-7.1.2_r38android-7.1.2_r37android-7.1.2_r36android-7.1.2_r33android-7.1.2_r32android-7.1.2_r30android-7.1.2_r3android-7.1.2_r29android-7.1.2_r28android-7.1.2_r27android-7.1.2_r25android-7.1.2_r24android-7.1.2_r23android-7.1.2_r2android-7.1.2_r19android-7.1.2_r18android-7.1.2_r17android-7.1.2_r16android-7.1.2_r15android-7.1.2_r14android-7.1.2_r13android-7.1.2_r12android-7.1.2_r11android-7.1.2_r10android-7.1.2_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1android-7.1.0_r7android-7.1.0_r6android-7.1.0_r5android-7.1.0_r4android-7.1.0_r3android-7.1.0_r2android-7.1.0_r1android-7.0.0_r9android-7.0.0_r8android-7.0.0_r7android-7.0.0_r6android-7.0.0_r5android-7.0.0_r4android-7.0.0_r36android-7.0.0_r35android-7.0.0_r34android-7.0.0_r33android-7.0.0_r32android-7.0.0_r31android-7.0.0_r30android-7.0.0_r3android-7.0.0_r29android-7.0.0_r28android-7.0.0_r27android-7.0.0_r24android-7.0.0_r21android-7.0.0_r19android-7.0.0_r17android-7.0.0_r15android-7.0.0_r14android-7.0.0_r13android-7.0.0_r12android-7.0.0_r11android-7.0.0_r10android-7.0.0_r1nougat-releasenougat-mr2.3-releasenougat-mr2.2-releasenougat-mr2.1-releasenougat-mr2-security-releasenougat-mr2-releasenougat-mr2-pixel-releasenougat-mr2-devnougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-devnougat-mr1-cts-releasenougat-mr0.5-releasenougat-dr1-releasenougat-devnougat-cts-releasenougat-bugfix-releaseElliott Hughes
am: 8e4be28465 * commit '8e4be28465ee3c7732074443359cad925a9bf264': Fix mips64 build.
2015-12-18Fix mips64 build.android-wear-n-preview-3android-wear-n-preview-2android-wear-n-preview-1android-wear-7.1.1_r1android-n-preview-5android-n-preview-4android-n-preview-3android-n-preview-2android-n-preview-1android-n-iot-preview-2nougat-mr1-wear-releasen-iot-preview-2brillo-m9-releasebrillo-m9-devbrillo-m10-releasebrillo-m10-devElliott Hughes
Change-Id: I2cdc6527921915005c630aba7a183c6523d7f2c6
2015-12-16Add MIPS little endian architectures and fix preprocessor indentationChris Dearman
am: ce31a91f92 * commit 'ce31a91f92f677e2712d1a7f03da607db17a6b82': Add MIPS little endian architectures and fix preprocessor indentation
2015-12-14Add MIPS little endian architectures and fix preprocessor indentationChris Dearman
MIPS has distinct architecture identifiers for big endian and little endian. This change adds the little endian identifiers and updates the preprocessor indentation to consistently use 2 spaces. Change-Id: Ia48ec946a5b4619cf29f83deef8de2adc0136af5
2015-11-04tlsdate: prevent unnecessary rebuildsColin Cross
am: 75bc1ed95f * commit '75bc1ed95f269e1274dee1c13a1ce63bb6065ddb': tlsdate: prevent unnecessary rebuilds
2015-11-04tlsdate: prevent unnecessary rebuildsbrillo-m8-releasebrillo-m8-devColin Cross
tlsdate rebuilds every time the makefiles are reparsed because it embeds the output of a shell date command into the command line, and ninja reruns the command every time it changes. Replace $(shell date +%sL) with $$$(BUILD_NUMBER_FROM_FILE)L, which will read the build date from $(OUT_DIR)/build_date.txt. This date file will be updated on every build, but will not cause a rebuild if it changes, so the date from the most recent time the file was recompiled for other reasons will be used. Bug: 24790431 Change-Id: Ib93ead6512706e13ae6dbd271e7560a3e8c00e8a
2015-10-21Fix /data dir creation, \'tlsdated\' service class.Jorge Lucangeli Obes
am: 46e11a8543 * commit '46e11a854350ef2e36aaef2d9daf34f8d7af31f1': Fix /data dir creation, 'tlsdated' service class.
2015-10-20Fix /data dir creation, 'tlsdated' service class.brillo-m7-releasebrillo-m7-mr-devbrillo-m7-devJorge Lucangeli Obes
/data is not guaranteed to be mounted when 'boot' triggers. 'post-fs-data' guarantees that. Also, move the daemon to class 'late_start', since post-fs-data will not happen in time for class 'main'. Bug: 25122706 Change-Id: I2a636df27461ebc21270dd2380c6d5d69f253d3d
2015-10-13am fa9e6d3c: Remove verbose logging in \'tlsdated\' and \'tlsdate\'.Jorge Lucangeli Obes
* commit 'fa9e6d3cc3048f13a629e50808fc914a0f1a331a': Remove verbose logging in 'tlsdated' and 'tlsdate'.
2015-10-12Remove verbose logging in 'tlsdated' and 'tlsdate'.Jorge Lucangeli Obes
'tlsdated' and 'tlsdate' account for more than 50% of all logcat output in any Brillo build. Now that tlsdate is working, remove verbose logging. Bug: None Change-Id: I7c0461620df66a6dcc3ed2b391b2bada577a6a07
2015-10-02am e690a81d: Use a dedicated UID/GID for unprivileged execution.Gilad Arnold
* commit 'e690a81d99d4c1c88abf235b306ead73bbfaa012': Use a dedicated UID/GID for unprivileged execution.
2015-10-02Use a dedicated UID/GID for unprivileged execution.Gilad Arnold
Bug: 23651876 Change-Id: Ie924bbe5cee74e3095876d6386a6ea21399b8d97
2015-10-01am 1632583d: Remove \'seclabel\' option.Jorge Lucangeli Obes
* commit '1632583d26b8e926d84afec05f0e0d9bdf9ab0ca': Remove 'seclabel' option.
2015-10-01Remove 'seclabel' option.Jorge Lucangeli Obes
The executable is already labelled in the filesystem. Bug: 24571067 Change-Id: Ic6b9f85628ca391fc8e9d3232bc74d2df730be35
2015-09-04am e9132c01: Make tlsdated persist and load last set time.Gilad Arnold
* commit 'e9132c014d2a05e410f98cb777a4806dddde3e8e': Make tlsdated persist and load last set time.
2015-09-04Make tlsdated persist and load last set time.Gilad Arnold
This enables use of a timestamp file. Note the fchmod(2) call after file opening/creation, used for working around unfavorable umask settings. Bug: 22373707 Change-Id: Id759d3eda55c9c2215991268291ceeac490373d6
2015-09-01am 4a0ae017: Relocate a function to fix a build failure.Gilad Arnold
* commit '4a0ae0177f07c62d336268082539dd64149aa288': Relocate a function to fix a build failure.
2015-09-01am 727698b6: Free memory for supplementary groups as soon as possible.Gilad Arnold
* commit '727698b640dad91c1016d26e6cac74e5bc893598': Free memory for supplementary groups as soon as possible.
2015-09-01am 9451a040: Drop privileges to nobody:nobody, use supplementary groups as ↵Gilad Arnold
needed. * commit '9451a040340733ef044493ca396d8fb087df59e0': Drop privileges to nobody:nobody, use supplementary groups as needed.
2015-09-01Relocate a function to fix a build failure.Gilad Arnold
This ensures that parse_supp_groups() is only built with main(). Bug: 22373707 Change-Id: I81ab8b7718592d43a8ccccb1ee1e694367205463
2015-09-01Free memory for supplementary groups as soon as possible.Gilad Arnold
Bug: 22373707 Bug: 23651876 Change-Id: I51112d65f53489ff04a0f14b31c198ee4f49c0a3
2015-09-01Drop privileges to nobody:nobody, use supplementary groups as needed.Gilad Arnold
This ensures that, by default, tlsdated runs with the least privileges. We use the new supplementary groups feature to allow use of specific system resources (TCP sockets, DBus). Bug: 22373707 Bug: 23651876 Change-Id: I157f40c0fb42158bbc8f5233af49fe368d23892b
2015-09-01am aab93822: Support for dropping privileges with supplementary groups.Gilad Arnold
* commit 'aab9382297008c1d1b7cef361159a44885d52af0': Support for dropping privileges with supplementary groups.
2015-09-01am 98fc05cb: Run tlsdated without DBus.Gilad Arnold
* commit '98fc05cbb94eed6925d76de5a75e993296252e7c': Run tlsdated without DBus.
2015-09-01am 5dc2a431: Run tlsdated as root.Gilad Arnold
* commit '5dc2a431699336ef28d568ca41563e9f6ab84093': Run tlsdated as root.
2015-09-01am e779a4ea: Check whether DBus is initialized before attempting platform init.Gilad Arnold
* commit 'e779a4ea234801eb279f378b6999705f10cd5abc': Check whether DBus is initialized before attempting platform init.
2015-09-01am b470cc18: Run as non-root; drop privileges to inet:inet.Gilad Arnold
* commit 'b470cc18ef58c7c6d7e99f80559a69f65f5167e3': Run as non-root; drop privileges to inet:inet.
2015-09-01am f73a0e44: Do not open a BIO on stdout.Gilad Arnold
* commit 'f73a0e44adc986e575e9cb8e92a70f406e9d88f9': Do not open a BIO on stdout.
2015-09-01am 6b0a9342: Build tlsdate-helper in AOSP.Gilad Arnold
* commit '6b0a9342d07cce9b66dea2d3230f9bdadb9d44d9': Build tlsdate-helper in AOSP.
2015-09-01am 5f27bdda: Better handling of EVP_PKEY types.Gilad Arnold
* commit '5f27bddadbe222956e963686151a993ab07c7f94': Better handling of EVP_PKEY types.
2015-09-01am 6b31c0f5: Stop using SSL BIO.Gilad Arnold
* commit '6b31c0f559f7e7e9f3ccf29b4ffc4e7dbde420f3': Stop using SSL BIO.
2015-09-01Support for dropping privileges with supplementary groups.Gilad Arnold
On Android, we need support for supplementary groups when dropping privileges in order to retain permissions for accessing system resources such as the DBus socket. This CL: 1) Adds a flag -G to tlsdated for listing supplementary groups used when dropping privileges. 2) Adds '-G dbus' to tlsdated Android init script. Bug: 22373707 Bug: 23651876 Change-Id: I0769d5ef496d073c20016c3252c5edbfead2aaa5
2015-08-31Run tlsdated without DBus.Gilad Arnold
Due to dropping privileges early on in its execution, and due to Android's restricted access to DBus and limitations on supplementary GID setup, we temporarily disable tlsdated's connection to DBus. Bug: 22373707 Bug: 23651876 Change-Id: I392d41381e7515223a098457583d3019d65dc6e1
2015-08-31Run tlsdated as root.Gilad Arnold
This is actually needed so it can drop privileges shortly after starting. Bug: 22373707 Change-Id: Ie114a96b80bc5e50525411904c1266fa7072ded0
2015-08-31Check whether DBus is initialized before attempting platform init.Gilad Arnold
Otherwise, we segfault. Bug: 22373707 Change-Id: I94601696055e5f649334f470f4827f92614ff74a
2015-08-31Run as non-root; drop privileges to inet:inet.Gilad Arnold
1) We are adding a specific file capability (CAP_SYS_TIME) that allows tlsdated to start as user 'system', like other services. Hence, switching to use the standard init template. 2) Our unprivileged execution needs to connect a socket so we're reusing the existing 'inet' user/group. In the long run, we should have dedicated UID/GID for tlsdated that will provide these privileges. Bug: 22373707 Change-Id: I85f9a5ee744be71691f1187030021d3178ca0861
2015-08-29Do not open a BIO on stdout.Gilad Arnold
The returned object isn't used anyway. Bug: 22373707 Change-Id: I93fb7ef9c64ab4ffc60eed242264fe375ec55a95
2015-08-29Build tlsdate-helper in AOSP.Gilad Arnold
Bug: 22373707 Change-Id: I3b6cc6febc272926edaaf0a98fdd2908155a9ec1
2015-08-29Better handling of EVP_PKEY types.Gilad Arnold
1) EVP_PKEY_bits already returns the number of bits of keys of any type, so no need for case-by-case handling. 2) Some EVP_PKEY constants are not defined in BoringSSL, so we only test them if they're defined. The conversion from key types values to strings was moved to a separate function. Bug: 22373707 Change-Id: I73c383367147afb316fa6e92e456f24078d48c32
2015-08-28Stop using SSL BIO.Gilad Arnold
This type of BIO is not support in BoringSSL. Also, it is not really needed: the same can achieved with an ordinary connect BIO that is added to an SSL object. This form is backward compatible with OpenSSL and therefore preferable. Bug: 22373707 Change-Id: Ib140da3ce534c687dec1502c2cb1bb0b846bcad1
2015-08-28am 6198a2fa: Rename init.tlsdated.rc and tie it to the correct build target.Gilad Arnold
* commit '6198a2fae5cc4f2ccd3ee29160605cab75d7418c': Rename init.tlsdated.rc and tie it to the correct build target.
2015-08-28Rename init.tlsdated.rc and tie it to the correct build target.Gilad Arnold
1) With the new Android initrc installation schema, all init files are simply named <daemon_name>.rc. No reason to be different. 2) Actually tie it to tlsdated (and not tlsdated_unittest). Bug: 22373707 Change-Id: Icb0bc5794da81b81683982f5cae3056c2859877c
2015-08-28am 793a8117: Add init.tlsdated.rc.Gilad Arnold
* commit '793a81172b131dda5b85e009496344e24cfeab9f': Add init.tlsdated.rc.
2015-08-27Add init.tlsdated.rc.Gilad Arnold
Bug: 22373707 Change-Id: I6431bc535cbf19738c5b109f3ab56bcef1ad8fdd
2015-08-27am c31964b2: Use a group name that actually exists.Gilad Arnold
* commit 'c31964b2951090a14d1135e4738fe724e6136403': Use a group name that actually exists.
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 19:20:29 +0000