Export from Google3

android/src/main/java/org/conscrypt/ConscryptStatsLog.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.conscrypt;
+
+/**
+ * Stub class for logging statistics events.
+ */
+public class ConscryptStatsLog {
+    public static final int TLS_HANDSHAKE_REPORTED = 0;
+
+    public static void write(int code, boolean arg1, int arg2, int arg3, int arg4) {}
+}

android/src/main/java/org/conscrypt/Platform.java

@@ -255,8 +255,12 @@ private static void setSSLParametersOnImpl(SSLParameters params, SSLParametersIm
         Method m_getUseCipherSuitesOrder = params.getClass().getMethod("getUseCipherSuitesOrder");
         impl.setUseCipherSuitesOrder((boolean) m_getUseCipherSuitesOrder.invoke(params));
 
-        Method getNamedGroupsMethod = params.getClass().getMethod("getNamedGroups");
-        impl.setNamedGroups((String[]) getNamedGroupsMethod.invoke(params));
+        try {
+            Method getNamedGroupsMethod = params.getClass().getMethod("getNamedGroups");
+            impl.setNamedGroups((String[]) getNamedGroupsMethod.invoke(params));
+        } catch (NoSuchMethodException | IllegalArgumentException e) {
+            // Do nothing.
+        }
     }
 
     public static void setSSLParameters(
@@ -327,8 +331,12 @@ private static void getSSLParametersFromImpl(SSLParameters params, SSLParameters
                 params.getClass().getMethod("setUseCipherSuitesOrder", boolean.class);
         m_setUseCipherSuitesOrder.invoke(params, impl.getUseCipherSuitesOrder());
 
-        Method setNamedGroupsMethod = params.getClass().getMethod("setNamedGroups", String[].class);
-        setNamedGroupsMethod.invoke(params, (Object[]) impl.getNamedGroups());
+        try {
+            Method setNamedGroupsMethod = params.getClass().getMethod("setNamedGroups", String[].class);
+            setNamedGroupsMethod.invoke(params, (Object) impl.getNamedGroups());
+        } catch (NoSuchMethodException | IllegalArgumentException e) {
+            // Do nothing.
+        }
     }
 
     public static void getSSLParameters(

common/src/main/java/org/conscrypt/ConscryptEngineSocket.java

@@ -511,8 +511,6 @@ public final void setWantClientAuth(boolean want) {
     @Override
     @SuppressWarnings("UnsynchronizedOverridesSynchronized")
     public final void close() throws IOException {
-        // TODO: Close SSL sockets using a background thread so they close gracefully.
-
         if (stateLock == null) {
             // Constructor failed, e.g. superclass constructor called close()
             return;
@@ -544,6 +542,9 @@ public final void close() throws IOException {
                 if (in != null) {
                     in.release();
                 }
+                if (out != null) {
+                    out.release();
+                }
             }
         }
     }
@@ -625,7 +626,7 @@ private void waitForHandshake() throws IOException {
 
     private void drainOutgoingQueue() {
         try {
-            while (engine.pendingOutboundEncryptedBytes() > 0) {
+            while (engine.pendingOutboundEncryptedBytes() > 0 && out != null) {
                 out.writeInternal(EMPTY_BUFFER);
                 // Always flush handshake frames immediately.
                 out.flushInternal();
@@ -661,10 +662,18 @@ private final class SSLOutputStream extends OutputStream {
         private final Object writeLock = new Object();
         private final ByteBuffer target;
         private final int targetArrayOffset;
+        private final AllocatedBuffer allocatedTargetBuffer;
         private OutputStream socketOutputStream;
 
         SSLOutputStream() {
-            target = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
+            if (bufferAllocator != null) {
+                allocatedTargetBuffer = bufferAllocator.allocateHeapBuffer(
+                        engine.getSession().getPacketBufferSize());
+                target = allocatedTargetBuffer.nioBuffer();
+            } else {
+                allocatedTargetBuffer = null;
+                target = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
+            }
             targetArrayOffset = target.arrayOffset();
         }
 
@@ -673,6 +682,14 @@ public void close() throws IOException {
             ConscryptEngineSocket.this.close();
         }
 
+        void release() {
+            synchronized (writeLock) {
+                if (allocatedTargetBuffer != null) {
+                    allocatedTargetBuffer.release();
+                }
+            }
+        }
+
         @Override
         public void write(int b) throws IOException {
             waitForHandshake();
@@ -770,6 +787,7 @@ private final class SSLInputStream extends InputStream {
         private final ByteBuffer fromSocket;
         private final int fromSocketArrayOffset;
         private final AllocatedBuffer allocatedBuffer;
+        private final AllocatedBuffer allocatedSocketBuffer;
         private InputStream socketInputStream;
 
         SSLInputStream() {
@@ -783,7 +801,15 @@ private final class SSLInputStream extends InputStream {
             }
             // Initially fromEngine.remaining() == 0.
             fromEngine.flip();
-            fromSocket = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
+
+            if (bufferAllocator != null) {
+                allocatedSocketBuffer = bufferAllocator.allocateHeapBuffer(
+                        engine.getSession().getPacketBufferSize());
+                fromSocket = allocatedSocketBuffer.nioBuffer();
+            } else {
+                allocatedSocketBuffer = null;
+                fromSocket = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
+            }
             fromSocketArrayOffset = fromSocket.arrayOffset();
         }
 
@@ -797,6 +823,9 @@ void release() {
                 if (allocatedBuffer != null) {
                     allocatedBuffer.release();
                 }
+                if (allocatedSocketBuffer != null) {
+                    allocatedSocketBuffer.release();
+                }
             }
         }
 

common/src/test/java/org/conscrypt/HostnameVerifierTest.java

@@ -31,7 +31,7 @@
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.security.auth.x500.X500Principal;
-import org.junit.Ignore;
+// g3-add: import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;

common/src/test/java/org/conscrypt/java/security/MessageDigestTest.java

@@ -169,13 +169,15 @@ private static Map<String, byte[]> getExpectations(String algorithm) throws Exce
             TestUtils.decodeHex(
                 "a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a6"
                     + "15b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26"));
-        putExpectation("SHAKE128-256", INPUT_EMPTY,
-                TestUtils.decodeHex(
-                        "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26"));
-        putExpectation("SHAKE256-512", INPUT_EMPTY,
-                TestUtils.decodeHex(
-                        "46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762f"
-                        + "d75dc4ddd8c0f200cb05019d67b592f6fc821c49479ab48640292eacb3b7c4be"));
+        putExpectation("SHAKE128-256",
+            INPUT_EMPTY,
+            TestUtils.decodeHex(
+                "7f9c2ba4e88f827d616045507605853ed73b8093f6efbc88eb1a6eacfa66ef26"));
+        putExpectation("SHAKE256-512",
+            INPUT_EMPTY,
+            TestUtils.decodeHex(
+                "46b9dd2b0ba88d13233b3feb743eeb243fcd52ea62b81b82b50c27646ed5762f"
+                    + "d75dc4ddd8c0f200cb05019d67b592f6fc821c49479ab48640292eacb3b7c4be"));
 
         // Regression test for a SHA-1 problem with inputs larger than 256 MiB. http://b/4501620
         // In mid-2013 this takes 3 minutes even on the host, so let's not run it on devices.

common/src/test/java/org/conscrypt/javax/crypto/XdhKeyFactoryTest.java

@@ -30,7 +30,7 @@
 import org.conscrypt.OpenSSLX25519PublicKey;
 import org.conscrypt.TestUtils;
 import org.conscrypt.XdhKeySpec;
-import org.junit.Ignore;
+// g3-add: import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

common/src/test/java/org/conscrypt/javax/net/ssl/HttpsURLConnectionTest.java

@@ -122,7 +122,8 @@ public void failedUrlConnect() throws Exception {
         Future<Void> future = executor.submit(server.run(op));
 
         HttpsURLConnection connection = server.tlsConnection("/file");
-        // g3-add: broken HTTPS hostname verification
+        // google3-added: broken HTTPS hostname verification: b/266061083
+connection.setHostnameVerifier(new FakeHostnameVerifier());
         int response = connection.getResponseCode();
         assertEquals(404, response);
 
@@ -138,7 +139,8 @@ public void successfulUrlConnect() throws Exception {
         Future<Void> future = executor.submit(server.run(op));
 
         HttpsURLConnection connection = server.tlsConnection("/file");
-        // g3-add: broken HTTPS hostname verification
+        // google3-added: broken HTTPS hostname verification: b/266061083
+connection.setHostnameVerifier(new FakeHostnameVerifier());
         int response = connection.getResponseCode();
         assertEquals(200, response);
 
@@ -193,7 +195,14 @@ public void urlConnectTimeout() throws Exception {
             }
             return null;
         });
-        future.get(2 * timeoutMillis, TimeUnit.MILLISECONDS);
+        try {
+      future.get(2 * timeoutMillis, TimeUnit.MILLISECONDS);
+    } catch (ExecutionException e) {
+      // google3 changed, DO NOT UPSTREAM: Currently no way to reliably generate a connection
+      // timeout on Forge, so just skip this test if we get a SocketException for now.
+      assumeFalse(e.getCause() instanceof SocketException);
+      throw e.getCause();
+    }
     }
 
     @Test

common/src/test/java/org/conscrypt/javax/net/ssl/SSLSocketVersionCompatibilityTest.java

@@ -52,7 +52,7 @@
 import org.conscrypt.tlswire.record.TlsRecord;
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Ignore;
+// g3-add: import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.Parameterized;

google3/src/google3_jniload.cc

@@ -0,0 +1,39 @@
+
+// JNI_OnLoad for Google3.
+
+#include <conscrypt/compatibility_close_monitor.h>
+#include <conscrypt/jniutil.h>
+#include <conscrypt/logging.h>
+#include <conscrypt/native_crypto.h>
+#include <jni.h>
+
+using ::conscrypt::CompatibilityCloseMonitor;
+using ::conscrypt::NativeCrypto;
+
+// This replicates functionality in jniload.cc for a couple of reasons:
+//  * This needs to be declared 'extern "C"', and jniload's isn't.
+//  * We can't include jniload.cc in our .so target at all due to
+//    symbol collisions in some targets that also compile in jniload.cc
+//    in a separate compilation unit(!).
+//
+// // TODO(b/408158702): Some refactoring of jniload.cc in upstream conscrypt
+// could remove the need for all or some of this.
+extern "C" JNIEXPORT jint JNI_OnLoad_conscrypt_google3(JavaVM* vm,
+                                                       void* reserved) {
+  JNIEnv* env;
+  if (vm->GetEnv(reinterpret_cast<void**>(&env), JNI_VERSION_1_8) != JNI_OK) {
+    CONSCRYPT_LOG_ERROR("Could not get JNIEnv");
+    return JNI_ERR;
+  }
+
+  // Initialize the JNI constants.
+  conscrypt::jniutil::init(vm, env);
+
+  // Register all of the native JNI methods.
+  NativeCrypto::registerNativeMethods(env);
+
+  // Perform static initialization of the close monitor (if required on this
+  // platform).
+  CompatibilityCloseMonitor::init();
+  return JNI_VERSION_1_8;
+}

google3/src/java7/java/org/conscrypt/Java8EngineSocket.java

@@ -0,0 +1,39 @@
+package org.conscrypt;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+
+/**
+ * Shim for Java 7-only google3 builds that does nothing.
+ */
+final class Java8EngineSocket extends ConscryptEngineSocket {
+    Java8EngineSocket(SSLParametersImpl sslParameters) throws IOException {
+        super(sslParameters);
+    }
+
+    Java8EngineSocket(String hostname, int port, SSLParametersImpl sslParameters)
+            throws IOException {
+        super(hostname, port, sslParameters);
+    }
+
+    Java8EngineSocket(InetAddress address, int port, SSLParametersImpl sslParameters)
+            throws IOException {
+        super(address, port, sslParameters);
+    }
+
+    Java8EngineSocket(String hostname, int port, InetAddress clientAddress, int clientPort,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(hostname, port, clientAddress, clientPort, sslParameters);
+    }
+
+    Java8EngineSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(address, port, clientAddress, clientPort, sslParameters);
+    }
+
+    Java8EngineSocket(Socket socket, String hostname, int port, boolean autoClose,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(socket, hostname, port, autoClose, sslParameters);
+    }
+}

google3/src/java7/java/org/conscrypt/Java8FileDescriptorSocket.java

@@ -0,0 +1,39 @@
+package org.conscrypt;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+
+/**
+ * Shim for Java 7-only google3 builds that does nothing.
+ */
+final class Java8FileDescriptorSocket extends ConscryptFileDescriptorSocket {
+    Java8FileDescriptorSocket(SSLParametersImpl sslParameters) throws IOException {
+        super(sslParameters);
+    }
+
+    Java8FileDescriptorSocket(String hostname, int port, SSLParametersImpl sslParameters)
+            throws IOException {
+        super(hostname, port, sslParameters);
+    }
+
+    Java8FileDescriptorSocket(InetAddress address, int port, SSLParametersImpl sslParameters)
+            throws IOException {
+        super(address, port, sslParameters);
+    }
+
+    Java8FileDescriptorSocket(String hostname, int port, InetAddress clientAddress, int clientPort,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(hostname, port, clientAddress, clientPort, sslParameters);
+    }
+
+    Java8FileDescriptorSocket(InetAddress address, int port, InetAddress clientAddress, int clientPort,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(address, port, clientAddress, clientPort, sslParameters);
+    }
+
+    Java8FileDescriptorSocket(Socket socket, String hostname, int port, boolean autoClose,
+            SSLParametersImpl sslParameters) throws IOException {
+        super(socket, hostname, port, autoClose, sslParameters);
+    }
+}