diff options
author | Kenny Root <kroot@google.com> | 2016-09-08 12:09:48 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2016-09-09 11:28:43 -0700 |
commit | 2486fc8f8dfcddfda57f79bfab770803f06a8bd1 (patch) | |
tree | ac0f133632b6f643880059c6e83302a2998f0737 | |
parent | 3a4043b92acabbbf97a95b791a22c861e1c0b855 (diff) | |
download | conscrypt-nougat-mr1.5-release.tar.gz |
Remove SSL_CTX_set_tmp_ecdh callandroid-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1nougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-cts-release
This now has the undesired effect of making a client only support this
curve for ECDHE. This used to be needed to allow a server to handshake
with ECDHE, but is now unnecessary for BoringSSL. The client doesn't
want this call and the server no longer needs this call, so delete it.
(cherry picked from commit 1ba6bcf113085c493ccd4574ed685cd0efad4aeb)
Test: mmma -j32 external/conscrypt && make -j32 build-art-host vogar && vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Bug: 31393711
Change-Id: Ib7afdcc3ea7ee3d2222a262f3c57abd065a4b4e1
-rw-r--r-- | src/main/native/org_conscrypt_NativeCrypto.cpp | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/src/main/native/org_conscrypt_NativeCrypto.cpp b/src/main/native/org_conscrypt_NativeCrypto.cpp index 9af0cda7..bd26fd53 100644 --- a/src/main/native/org_conscrypt_NativeCrypto.cpp +++ b/src/main/native/org_conscrypt_NativeCrypto.cpp @@ -8113,14 +8113,6 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) { SSL_CTX_set_tmp_rsa_callback(sslCtx.get(), tmp_rsa_callback); SSL_CTX_set_tmp_dh_callback(sslCtx.get(), tmp_dh_callback); - // If negotiating ECDH, use P-256. - Unique_EC_KEY ec(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - if (ec.get() == nullptr) { - throwExceptionIfNecessary(env, "EC_KEY_new_by_curve_name"); - return 0; - } - SSL_CTX_set_tmp_ecdh(sslCtx.get(), ec.get()); - JNI_TRACE("NativeCrypto_SSL_CTX_new => %p", sslCtx.get()); return (jlong) sslCtx.release(); } |