From 640caa04f7c99015d23169a2328f1b7bdf75def6 Mon Sep 17 00:00:00 2001 From: juergw Date: Mon, 8 Dec 2025 11:17:43 +0000 Subject: [PATCH 01/33] Add SSL_set1_curve_list to NativeCrpto. --- .../jni/main/cpp/conscrypt/native_crypto.cc | 32 ++++++++++ .../main/java/org/conscrypt/NativeCrypto.java | 8 +++ .../java/org/conscrypt/NativeCryptoTest.java | 63 +++++++++++++++++++ 3 files changed, 103 insertions(+) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 8a8a5f17b..2704e3fda 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9861,6 +9861,37 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss return env->NewStringUTF(name); } + +static void NativeCrypto_SSL_set1_curve_list(JNIEnv* env, jclass, jlong sslAddress, + CONSCRYPT_UNUSED jobject sslHolder, + jstring curveNameList) { + CHECK_ERROR_QUEUE_ON_RETURN; + SSL* ssl = to_SSL(env, sslAddress, true); + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_curve_list curves=%p", ssl, + curveNameList); + if (ssl == nullptr) { + return; + } + if (curveNameList == nullptr) { + conscrypt::jniutil::throwNullPointerException(env, + "curveNameList == null"); + return; + } + + ScopedLocalRef curve(env, curveNameList); + ScopedUtfChars c(env, curve.get()); + if (c.c_str() == nullptr) { + conscrypt::jniutil::throwNullPointerException(env, "c.c_str() == null"); + return; + } + + if (!SSL_set1_curves_list(ssl, c.c_str())) { + ERR_clear_error(); + conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing curve list"); + return; + } +} + static jstring NativeCrypto_SSL_get_curve_name(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder) { CHECK_ERROR_QUEUE_ON_RETURN; @@ -12497,6 +12528,7 @@ static JNINativeMethod sNativeCryptoMethods[] = { CONSCRYPT_NATIVE_METHOD(SSL_get_servername, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_do_handshake, "(J" REF_SSL FILE_DESCRIPTOR SSL_CALLBACKS "I)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_current_cipher, "(J" REF_SSL ")Ljava/lang/String;"), + CONSCRYPT_NATIVE_METHOD(SSL_set1_curve_list, "(J" REF_SSL "Ljava/lang/String;)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_curve_name, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get_version, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get0_peer_certificates, "(J" REF_SSL ")[[B"), diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index 24afc900d..b9064cabf 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -1343,6 +1343,14 @@ static native void SSL_do_handshake(long ssl, NativeSsl ssl_holder, FileDescript public static native String SSL_get_current_cipher(long ssl, NativeSsl ssl_holder); + /** + * Sets the curves that are enabled in the SSL. + * + *

The format of the curve list is a colon separated list of curves. For example, + * "x25519:X25519MLKEM768". + */ + public static native void SSL_set1_curve_list(long ssl, NativeSsl sslHolder, String curveNameList); + public static native String SSL_get_curve_name(long ssl, NativeSsl sslHolder); public static native String SSL_get_version(long ssl, NativeSsl ssl_holder); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index ed3469d2c..402db6367 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -356,6 +356,69 @@ public void test_SSL_new() throws Exception { NativeCrypto.SSL_CTX_free(c, null); } + @Test + public void setCurveList_colonSeparatedListsOfSupportedCurves_noErrors() throws Exception { + long c = NativeCrypto.SSL_CTX_new(); + long s = NativeCrypto.SSL_new(c, null); + + NativeCrypto.SSL_set1_curve_list(s, null, "X25519"); + NativeCrypto.SSL_set1_curve_list(s, null, "x25519"); // alias for X25519 + NativeCrypto.SSL_set1_curve_list(s, null, "P-256"); + NativeCrypto.SSL_set1_curve_list(s, null, "prime256v1"); // alias for P-256 + NativeCrypto.SSL_set1_curve_list(s, null, "P-384"); + NativeCrypto.SSL_set1_curve_list(s, null, "secp384r1"); // alias for P-384 + NativeCrypto.SSL_set1_curve_list(s, null, "P-521"); + NativeCrypto.SSL_set1_curve_list(s, null, "secp521r1"); // alias for P-521 + NativeCrypto.SSL_set1_curve_list(s, null, "X25519MLKEM768"); + NativeCrypto.SSL_set1_curve_list(s, null, "X25519Kyber768Draft00"); + NativeCrypto.SSL_set1_curve_list(s, null, "MLKEM1024"); + + NativeCrypto.SSL_set1_curve_list(s, null, "x25519:X25519MLKEM768:P-256:secp384r1:P-521"); + + NativeCrypto.SSL_free(s, null); + NativeCrypto.SSL_CTX_free(c, null); + } + + @Test + public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentException() throws Exception { + long c = NativeCrypto.SSL_CTX_new(); + long s = NativeCrypto.SSL_new(c, null); + + String[] unsupportedOrInvalid = { + "SecP256r1MLKEM768", + "SecP384r1MLKEM1024", + "secp256r1", // This alias for P-256 is not supported. + "x448", + "MLKEM768", + "ffdhe2048", + "ffdhe3072", + "ffdhe4096", + "ffdhe6144", + "ffdhe8192", + "P-224", + // invalid + "", + ":", + ":P-256", + "P-256 ", + " P-256", + "P-256:", + "P-256:", + "P-256: P-384", + "P-256:P-256", // duplicate are not allowed + "x25519:X25519", // the same curve with different names is not allowed + "P-384:secp384r1", // the same curve with different names is not allowed + }; + + for (String curve : unsupportedOrInvalid) { + assertThrows(curve, SSLException.class, + () -> NativeCrypto.SSL_set1_curve_list(s, null, curve)); + } + + NativeCrypto.SSL_free(s, null); + NativeCrypto.SSL_CTX_free(c, null); + } + @Test public void setLocalCertsAndPrivateKey_withNullSSLShouldThrow() throws Exception { assertThrows(NullPointerException.class, From 618a736a175ed58b3fae1b3b1014ab488c08c30e Mon Sep 17 00:00:00 2001 From: juergw Date: Mon, 8 Dec 2025 12:17:35 +0000 Subject: [PATCH 02/33] Fix format. --- .../jni/main/cpp/conscrypt/native_crypto.cc | 1 - .../main/java/org/conscrypt/NativeCrypto.java | 13 +++---- .../java/org/conscrypt/NativeCryptoTest.java | 34 ++++++------------- 3 files changed, 17 insertions(+), 31 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 2704e3fda..4826fecc9 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9861,7 +9861,6 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss return env->NewStringUTF(name); } - static void NativeCrypto_SSL_set1_curve_list(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder, jstring curveNameList) { diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index b9064cabf..0b515a82c 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -1344,12 +1344,13 @@ static native void SSL_do_handshake(long ssl, NativeSsl ssl_holder, FileDescript public static native String SSL_get_current_cipher(long ssl, NativeSsl ssl_holder); /** - * Sets the curves that are enabled in the SSL. - * - *

The format of the curve list is a colon separated list of curves. For example, - * "x25519:X25519MLKEM768". - */ - public static native void SSL_set1_curve_list(long ssl, NativeSsl sslHolder, String curveNameList); + * Sets the curves that are enabled in the SSL. + * + *

The format of the curve list is a colon separated list of curves. For example, + * "x25519:X25519MLKEM768". + */ + public static native void SSL_set1_curve_list( + long ssl, NativeSsl sslHolder, String curveNameList); public static native String SSL_get_curve_name(long ssl, NativeSsl sslHolder); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 402db6367..d901961a6 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -385,34 +385,20 @@ public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentExcepti long s = NativeCrypto.SSL_new(c, null); String[] unsupportedOrInvalid = { - "SecP256r1MLKEM768", - "SecP384r1MLKEM1024", - "secp256r1", // This alias for P-256 is not supported. - "x448", - "MLKEM768", - "ffdhe2048", - "ffdhe3072", - "ffdhe4096", - "ffdhe6144", - "ffdhe8192", - "P-224", - // invalid - "", - ":", - ":P-256", - "P-256 ", - " P-256", - "P-256:", - "P-256:", - "P-256: P-384", - "P-256:P-256", // duplicate are not allowed - "x25519:X25519", // the same curve with different names is not allowed - "P-384:secp384r1", // the same curve with different names is not allowed + "SecP256r1MLKEM768", "SecP384r1MLKEM1024", + "secp256r1", // This alias for P-256 is not supported. + "x448", "MLKEM768", "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", + "P-224", + // invalid + "", ":", ":P-256", "P-256 ", " P-256", "P-256:", "P-256:", "P-256: P-384", + "P-256:P-256", // duplicate are not allowed + "x25519:X25519", // the same curve with different names is not allowed + "P-384:secp384r1", // the same curve with different names is not allowed }; for (String curve : unsupportedOrInvalid) { assertThrows(curve, SSLException.class, - () -> NativeCrypto.SSL_set1_curve_list(s, null, curve)); + () -> NativeCrypto.SSL_set1_curve_list(s, null, curve)); } NativeCrypto.SSL_free(s, null); From 0dcb7ffc53f3562492faa88ae7266351185c00f4 Mon Sep 17 00:00:00 2001 From: juergw Date: Mon, 8 Dec 2025 12:21:56 +0000 Subject: [PATCH 03/33] Fix format. --- .../jni/main/cpp/conscrypt/native_crypto.cc | 22 +++++++++---------- .../java/org/conscrypt/NativeCryptoTest.java | 3 ++- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 4826fecc9..26cf3158d 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9862,32 +9862,30 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss } static void NativeCrypto_SSL_set1_curve_list(JNIEnv* env, jclass, jlong sslAddress, - CONSCRYPT_UNUSED jobject sslHolder, - jstring curveNameList) { + CONSCRYPT_UNUSED jobject sslHolder, + jstring curveNameList) { CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); - JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_curve_list curves=%p", ssl, - curveNameList); + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_curve_list curves=%p", ssl, curveNameList); if (ssl == nullptr) { return; } if (curveNameList == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, - "curveNameList == null"); - return; + conscrypt::jniutil::throwNullPointerException(env, "curveNameList == null"); + return; } ScopedLocalRef curve(env, curveNameList); ScopedUtfChars c(env, curve.get()); if (c.c_str() == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, "c.c_str() == null"); - return; + conscrypt::jniutil::throwNullPointerException(env, "c.c_str() == null"); + return; } if (!SSL_set1_curves_list(ssl, c.c_str())) { - ERR_clear_error(); - conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing curve list"); - return; + ERR_clear_error(); + conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing curve list"); + return; } } diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index d901961a6..46c19ade0 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -380,7 +380,8 @@ public void setCurveList_colonSeparatedListsOfSupportedCurves_noErrors() throws } @Test - public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentException() throws Exception { + public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentException() + throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); From 2b1aab274b9977bfdda3a98302d2eaebf4b7a3c5 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 12:18:32 +0000 Subject: [PATCH 04/33] Use *Groups* instead of *Curves*. --- .../jni/main/cpp/conscrypt/native_crypto.cc | 18 ++++---- .../main/java/org/conscrypt/NativeCrypto.java | 4 +- .../java/org/conscrypt/NativeCryptoTest.java | 43 ++++++++----------- 3 files changed, 30 insertions(+), 35 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 26cf3158d..6771682b3 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9861,22 +9861,22 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss return env->NewStringUTF(name); } -static void NativeCrypto_SSL_set1_curve_list(JNIEnv* env, jclass, jlong sslAddress, +static void NativeCrypto_SSL_set1_groups_list(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder, - jstring curveNameList) { + jstring groupsList) { CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); - JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_curve_list curves=%p", ssl, curveNameList); + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups_list curves=%p", ssl, groupsList); if (ssl == nullptr) { return; } - if (curveNameList == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, "curveNameList == null"); + if (groupsList == nullptr) { + conscrypt::jniutil::throwNullPointerException(env, "groupsList == null"); return; } - ScopedLocalRef curve(env, curveNameList); - ScopedUtfChars c(env, curve.get()); + ScopedLocalRef group(env, groupsList); + ScopedUtfChars c(env, group.get()); if (c.c_str() == nullptr) { conscrypt::jniutil::throwNullPointerException(env, "c.c_str() == null"); return; @@ -9884,7 +9884,7 @@ static void NativeCrypto_SSL_set1_curve_list(JNIEnv* env, jclass, jlong sslAddre if (!SSL_set1_curves_list(ssl, c.c_str())) { ERR_clear_error(); - conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing curve list"); + conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing group list"); return; } } @@ -12525,7 +12525,7 @@ static JNINativeMethod sNativeCryptoMethods[] = { CONSCRYPT_NATIVE_METHOD(SSL_get_servername, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_do_handshake, "(J" REF_SSL FILE_DESCRIPTOR SSL_CALLBACKS "I)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_current_cipher, "(J" REF_SSL ")Ljava/lang/String;"), - CONSCRYPT_NATIVE_METHOD(SSL_set1_curve_list, "(J" REF_SSL "Ljava/lang/String;)V"), + CONSCRYPT_NATIVE_METHOD(SSL_set1_groups_list, "(J" REF_SSL "Ljava/lang/String;)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_curve_name, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get_version, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get0_peer_certificates, "(J" REF_SSL ")[[B"), diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index 0b515a82c..8777779dd 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -1349,8 +1349,8 @@ static native void SSL_do_handshake(long ssl, NativeSsl ssl_holder, FileDescript *

The format of the curve list is a colon separated list of curves. For example, * "x25519:X25519MLKEM768". */ - public static native void SSL_set1_curve_list( - long ssl, NativeSsl sslHolder, String curveNameList); + public static native void SSL_set1_groups_list( + long ssl, NativeSsl sslHolder, String groupsList); public static native String SSL_get_curve_name(long ssl, NativeSsl sslHolder); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 46c19ade0..4f04ae2e1 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -357,49 +357,44 @@ public void test_SSL_new() throws Exception { } @Test - public void setCurveList_colonSeparatedListsOfSupportedCurves_noErrors() throws Exception { + public void setGroupsList_colonSeparatedListsOfSupportedGroups_noErrors() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - NativeCrypto.SSL_set1_curve_list(s, null, "X25519"); - NativeCrypto.SSL_set1_curve_list(s, null, "x25519"); // alias for X25519 - NativeCrypto.SSL_set1_curve_list(s, null, "P-256"); - NativeCrypto.SSL_set1_curve_list(s, null, "prime256v1"); // alias for P-256 - NativeCrypto.SSL_set1_curve_list(s, null, "P-384"); - NativeCrypto.SSL_set1_curve_list(s, null, "secp384r1"); // alias for P-384 - NativeCrypto.SSL_set1_curve_list(s, null, "P-521"); - NativeCrypto.SSL_set1_curve_list(s, null, "secp521r1"); // alias for P-521 - NativeCrypto.SSL_set1_curve_list(s, null, "X25519MLKEM768"); - NativeCrypto.SSL_set1_curve_list(s, null, "X25519Kyber768Draft00"); - NativeCrypto.SSL_set1_curve_list(s, null, "MLKEM1024"); + NativeCrypto.SSL_set1_groups_list(s, null, "X25519"); + NativeCrypto.SSL_set1_groups_list(s, null, "x25519"); // alias for X25519 + NativeCrypto.SSL_set1_groups_list(s, null, "P-256"); + NativeCrypto.SSL_set1_groups_list(s, null, "prime256v1"); // alias for P-256 + NativeCrypto.SSL_set1_groups_list(s, null, "P-384"); + NativeCrypto.SSL_set1_groups_list(s, null, "secp384r1"); // alias for P-384 + NativeCrypto.SSL_set1_groups_list(s, null, "P-521"); + NativeCrypto.SSL_set1_groups_list(s, null, "secp521r1"); // alias for P-521 + NativeCrypto.SSL_set1_groups_list(s, null, "X25519MLKEM768"); + NativeCrypto.SSL_set1_groups_list(s, null, "X25519Kyber768Draft00"); + NativeCrypto.SSL_set1_groups_list(s, null, "MLKEM1024"); - NativeCrypto.SSL_set1_curve_list(s, null, "x25519:X25519MLKEM768:P-256:secp384r1:P-521"); + NativeCrypto.SSL_set1_groups_list(s, null, "x25519:X25519MLKEM768:P-256:secp384r1:P-521"); NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); } + @Test - public void setCurveList_unsupportedCurvesOrInvalid_throwsIllegalArgumentException() - throws Exception { + public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - String[] unsupportedOrInvalid = { - "SecP256r1MLKEM768", "SecP384r1MLKEM1024", - "secp256r1", // This alias for P-256 is not supported. - "x448", "MLKEM768", "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192", - "P-224", - // invalid + String[] invalidInputs = { "", ":", ":P-256", "P-256 ", " P-256", "P-256:", "P-256:", "P-256: P-384", "P-256:P-256", // duplicate are not allowed "x25519:X25519", // the same curve with different names is not allowed "P-384:secp384r1", // the same curve with different names is not allowed }; - for (String curve : unsupportedOrInvalid) { - assertThrows(curve, SSLException.class, - () -> NativeCrypto.SSL_set1_curve_list(s, null, curve)); + for (String groupsList : invalidInputs) { + assertThrows(groupsList, SSLException.class, + () -> NativeCrypto.SSL_set1_groups_list(s, null, groupsList)); } NativeCrypto.SSL_free(s, null); From c3c71751d816880d7952f2aa0577732df9a4ed7e Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 12:22:13 +0000 Subject: [PATCH 05/33] Fix format. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 4 ++-- openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 6771682b3..2ea9f3034 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9862,8 +9862,8 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss } static void NativeCrypto_SSL_set1_groups_list(JNIEnv* env, jclass, jlong sslAddress, - CONSCRYPT_UNUSED jobject sslHolder, - jstring groupsList) { + CONSCRYPT_UNUSED jobject sslHolder, + jstring groupsList) { CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups_list curves=%p", ssl, groupsList); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 4f04ae2e1..4c752f175 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -379,7 +379,6 @@ public void setGroupsList_colonSeparatedListsOfSupportedGroups_noErrors() throws NativeCrypto.SSL_CTX_free(c, null); } - @Test public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws Exception { long c = NativeCrypto.SSL_CTX_new(); @@ -394,7 +393,7 @@ public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws E for (String groupsList : invalidInputs) { assertThrows(groupsList, SSLException.class, - () -> NativeCrypto.SSL_set1_groups_list(s, null, groupsList)); + () -> NativeCrypto.SSL_set1_groups_list(s, null, groupsList)); } NativeCrypto.SSL_free(s, null); From 07dfede85f25f1f30df69438e6a21be8c9ab9195 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 13:07:44 +0000 Subject: [PATCH 06/33] Remove more invalid test cases. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 4 ++-- openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java | 5 +---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 2ea9f3034..e3aa1a1e2 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9866,7 +9866,7 @@ static void NativeCrypto_SSL_set1_groups_list(JNIEnv* env, jclass, jlong sslAddr jstring groupsList) { CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); - JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups_list curves=%p", ssl, groupsList); + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups_list groupsList=%p", ssl, groupsList); if (ssl == nullptr) { return; } @@ -9882,7 +9882,7 @@ static void NativeCrypto_SSL_set1_groups_list(JNIEnv* env, jclass, jlong sslAddr return; } - if (!SSL_set1_curves_list(ssl, c.c_str())) { + if (!SSL_set1_groups_list(ssl, c.c_str())) { ERR_clear_error(); conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing group list"); return; diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 4c752f175..85a983b65 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -385,10 +385,7 @@ public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws E long s = NativeCrypto.SSL_new(c, null); String[] invalidInputs = { - "", ":", ":P-256", "P-256 ", " P-256", "P-256:", "P-256:", "P-256: P-384", - "P-256:P-256", // duplicate are not allowed - "x25519:X25519", // the same curve with different names is not allowed - "P-384:secp384r1", // the same curve with different names is not allowed + "", ":", ":P-256", "P-256:", "P-256:" }; for (String groupsList : invalidInputs) { From 758e20ca88389d1fec6d786c3b962eb5dd443b41 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 13:15:45 +0000 Subject: [PATCH 07/33] Fix format. --- openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 85a983b65..170fbc059 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -384,10 +384,7 @@ public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws E long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - String[] invalidInputs = { - "", ":", ":P-256", "P-256:", "P-256:" - }; - + String[] invalidInputs = {"", ":", ":P-256", "P-256:", "P-256:"}; for (String groupsList : invalidInputs) { assertThrows(groupsList, SSLException.class, () -> NativeCrypto.SSL_set1_groups_list(s, null, groupsList)); From cd91d217ae379cf16f0973b8623c767e9c9bec8b Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 14:32:54 +0000 Subject: [PATCH 08/33] Wrap SSL_set1_groups instead. SSL_set1_groups is simpler. --- .../jni/main/cpp/conscrypt/native_crypto.cc | 26 +++++------- .../main/java/org/conscrypt/NativeCrypto.java | 9 +--- constants/src/gen/cpp/generate_constants.cc | 8 ++++ .../java/org/conscrypt/NativeCryptoTest.java | 42 ++++++++++--------- 4 files changed, 41 insertions(+), 44 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index e3aa1a1e2..449e691ca 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9861,30 +9861,24 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss return env->NewStringUTF(name); } -static void NativeCrypto_SSL_set1_groups_list(JNIEnv* env, jclass, jlong sslAddress, +static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder, - jstring groupsList) { + jintArray groups) { CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); - JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups_list groupsList=%p", ssl, groupsList); + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups groups=%p", ssl, groups); if (ssl == nullptr) { return; } - if (groupsList == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, "groupsList == null"); + if (groups == nullptr) { + conscrypt::jniutil::throwNullPointerException(env, + "groups == null"); return; } - - ScopedLocalRef group(env, groupsList); - ScopedUtfChars c(env, group.get()); - if (c.c_str() == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, "c.c_str() == null"); - return; - } - - if (!SSL_set1_groups_list(ssl, c.c_str())) { + ScopedIntArrayRO groups_ro(env, groups); + if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { + conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); - conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing group list"); return; } } @@ -12525,7 +12519,7 @@ static JNINativeMethod sNativeCryptoMethods[] = { CONSCRYPT_NATIVE_METHOD(SSL_get_servername, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_do_handshake, "(J" REF_SSL FILE_DESCRIPTOR SSL_CALLBACKS "I)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_current_cipher, "(J" REF_SSL ")Ljava/lang/String;"), - CONSCRYPT_NATIVE_METHOD(SSL_set1_groups_list, "(J" REF_SSL "Ljava/lang/String;)V"), + CONSCRYPT_NATIVE_METHOD(SSL_set1_groups, "(J" REF_SSL "[I)V"), CONSCRYPT_NATIVE_METHOD(SSL_get_curve_name, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get_version, "(J" REF_SSL ")Ljava/lang/String;"), CONSCRYPT_NATIVE_METHOD(SSL_get0_peer_certificates, "(J" REF_SSL ")[[B"), diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index 8777779dd..9269ba708 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -1343,14 +1343,7 @@ static native void SSL_do_handshake(long ssl, NativeSsl ssl_holder, FileDescript public static native String SSL_get_current_cipher(long ssl, NativeSsl ssl_holder); - /** - * Sets the curves that are enabled in the SSL. - * - *

The format of the curve list is a colon separated list of curves. For example, - * "x25519:X25519MLKEM768". - */ - public static native void SSL_set1_groups_list( - long ssl, NativeSsl sslHolder, String groupsList); + public static native void SSL_set1_groups(long ssl, NativeSsl sslHolder, int[] groups); public static native String SSL_get_curve_name(long ssl, NativeSsl sslHolder); diff --git a/constants/src/gen/cpp/generate_constants.cc b/constants/src/gen/cpp/generate_constants.cc index 874f32e45..27b5f0785 100644 --- a/constants/src/gen/cpp/generate_constants.cc +++ b/constants/src/gen/cpp/generate_constants.cc @@ -60,6 +60,14 @@ int main(int /* argc */, char ** /* argv */) { CONST(EVP_PKEY_ML_DSA_65); CONST(EVP_PKEY_ML_DSA_87); + CONST(NID_X25519); + CONST(NID_X9_62_prime256v1); + CONST(NID_secp384r1); + CONST(NID_secp521r1); + CONST(NID_X25519MLKEM768); + CONST(NID_X25519Kyber768Draft00); + CONST(NID_ML_KEM_1024); + CONST(RSA_PKCS1_PADDING); CONST(RSA_NO_PADDING); CONST(RSA_PKCS1_OAEP_PADDING); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 170fbc059..08a56583a 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -357,38 +357,40 @@ public void test_SSL_new() throws Exception { } @Test - public void setGroupsList_colonSeparatedListsOfSupportedGroups_noErrors() throws Exception { + public void setGroupsList_validGroups_works() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - NativeCrypto.SSL_set1_groups_list(s, null, "X25519"); - NativeCrypto.SSL_set1_groups_list(s, null, "x25519"); // alias for X25519 - NativeCrypto.SSL_set1_groups_list(s, null, "P-256"); - NativeCrypto.SSL_set1_groups_list(s, null, "prime256v1"); // alias for P-256 - NativeCrypto.SSL_set1_groups_list(s, null, "P-384"); - NativeCrypto.SSL_set1_groups_list(s, null, "secp384r1"); // alias for P-384 - NativeCrypto.SSL_set1_groups_list(s, null, "P-521"); - NativeCrypto.SSL_set1_groups_list(s, null, "secp521r1"); // alias for P-521 - NativeCrypto.SSL_set1_groups_list(s, null, "X25519MLKEM768"); - NativeCrypto.SSL_set1_groups_list(s, null, "X25519Kyber768Draft00"); - NativeCrypto.SSL_set1_groups_list(s, null, "MLKEM1024"); - - NativeCrypto.SSL_set1_groups_list(s, null, "x25519:X25519MLKEM768:P-256:secp384r1:P-521"); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X25519}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X9_62_prime256v1}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_secp384r1}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_secp521r1}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X25519MLKEM768}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X25519Kyber768Draft00}); + NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_ML_KEM_1024}); + + NativeCrypto.SSL_set1_groups(s, null, new int[] { + NativeConstants.NID_X25519, + NativeConstants.NID_X9_62_prime256v1, + NativeConstants.NID_secp384r1, + NativeConstants.NID_secp521r1, + NativeConstants.NID_X25519MLKEM768, + NativeConstants.NID_X25519Kyber768Draft00, + NativeConstants.NID_ML_KEM_1024 + }); NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); } @Test - public void setGroupsList_invalidInput_throwsIllegalArgumentException() throws Exception { + public void setGroupsList_invalidGroups_throwsSSLException() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - String[] invalidInputs = {"", ":", ":P-256", "P-256:", "P-256:"}; - for (String groupsList : invalidInputs) { - assertThrows(groupsList, SSLException.class, - () -> NativeCrypto.SSL_set1_groups_list(s, null, groupsList)); - } + assertThrows( + SSLException.class, + () -> NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.EVP_PKEY_RSA})); NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); From 9b6e909c707085ef5368fbbeeb899293bfceb0b9 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 14:39:28 +0000 Subject: [PATCH 09/33] Fix format. --- .../java/org/conscrypt/NativeCryptoTest.java | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 08a56583a..7146beebf 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -366,18 +366,16 @@ public void setGroupsList_validGroups_works() throws Exception { NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_secp384r1}); NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_secp521r1}); NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X25519MLKEM768}); - NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_X25519Kyber768Draft00}); + NativeCrypto.SSL_set1_groups( + s, null, new int[] {NativeConstants.NID_X25519Kyber768Draft00}); NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.NID_ML_KEM_1024}); - NativeCrypto.SSL_set1_groups(s, null, new int[] { - NativeConstants.NID_X25519, - NativeConstants.NID_X9_62_prime256v1, - NativeConstants.NID_secp384r1, - NativeConstants.NID_secp521r1, - NativeConstants.NID_X25519MLKEM768, - NativeConstants.NID_X25519Kyber768Draft00, - NativeConstants.NID_ML_KEM_1024 - }); + NativeCrypto.SSL_set1_groups(s, null, + new int[] {NativeConstants.NID_X25519, NativeConstants.NID_X9_62_prime256v1, + NativeConstants.NID_secp384r1, NativeConstants.NID_secp521r1, + NativeConstants.NID_X25519MLKEM768, + NativeConstants.NID_X25519Kyber768Draft00, + NativeConstants.NID_ML_KEM_1024}); NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); @@ -388,9 +386,10 @@ public void setGroupsList_invalidGroups_throwsSSLException() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); - assertThrows( - SSLException.class, - () -> NativeCrypto.SSL_set1_groups(s, null, new int[] {NativeConstants.EVP_PKEY_RSA})); + assertThrows(SSLException.class, + () + -> NativeCrypto.SSL_set1_groups( + s, null, new int[] {NativeConstants.EVP_PKEY_RSA})); NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); From 369b955088f4d31c4e6f4f20aee785a354d0ea0e Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 14:42:15 +0000 Subject: [PATCH 10/33] Fix format. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 449e691ca..55c371ad5 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9862,8 +9862,8 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss } static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, - CONSCRYPT_UNUSED jobject sslHolder, - jintArray groups) { + CONSCRYPT_UNUSED jobject sslHolder, jintArray groups) { + CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups groups=%p", ssl, groups); @@ -9871,8 +9871,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, return; } if (groups == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, - "groups == null"); + conscrypt::jniutil::throwNullPointerException(env, "groups == null"); return; } ScopedIntArrayRO groups_ro(env, groups); From b8f2a3190b766075b74caafbc31f2a3e7421dee9 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 14:43:48 +0000 Subject: [PATCH 11/33] Remove empty line. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 1 - 1 file changed, 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 55c371ad5..16df47736 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9863,7 +9863,6 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder, jintArray groups) { - CHECK_ERROR_QUEUE_ON_RETURN; SSL* ssl = to_SSL(env, sslAddress, true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups groups=%p", ssl, groups); From 301f16d31eea2d2eb6b7dfd164e8673d512ab4f5 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 15:04:57 +0000 Subject: [PATCH 12/33] Remove unnecessary null check. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 4 ---- openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java | 6 +++++- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 16df47736..b9101acdf 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9869,10 +9869,6 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, if (ssl == nullptr) { return; } - if (groups == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, "groups == null"); - return; - } ScopedIntArrayRO groups_ro(env, groups); if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 7146beebf..1d31c9116 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -382,7 +382,7 @@ public void setGroupsList_validGroups_works() throws Exception { } @Test - public void setGroupsList_invalidGroups_throwsSSLException() throws Exception { + public void setGroupsList_invalidInput_throws() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); @@ -391,6 +391,10 @@ public void setGroupsList_invalidGroups_throwsSSLException() throws Exception { -> NativeCrypto.SSL_set1_groups( s, null, new int[] {NativeConstants.EVP_PKEY_RSA})); + assertThrows(NullPointerException.class, + () + -> NativeCrypto.SSL_set1_groups(s, null, null)); + NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); } From 8f10b6500c7290a71caddf2c6ab7c95311c8e334 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 15:07:53 +0000 Subject: [PATCH 13/33] Fix format. --- openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java index 1d31c9116..d470bd38f 100644 --- a/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java +++ b/openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java @@ -386,15 +386,13 @@ public void setGroupsList_invalidInput_throws() throws Exception { long c = NativeCrypto.SSL_CTX_new(); long s = NativeCrypto.SSL_new(c, null); + assertThrows(NullPointerException.class, () -> NativeCrypto.SSL_set1_groups(s, null, null)); + assertThrows(SSLException.class, () -> NativeCrypto.SSL_set1_groups( s, null, new int[] {NativeConstants.EVP_PKEY_RSA})); - assertThrows(NullPointerException.class, - () - -> NativeCrypto.SSL_set1_groups(s, null, null)); - NativeCrypto.SSL_free(s, null); NativeCrypto.SSL_CTX_free(c, null); } From fc0b291dfa1347b70a73db450e228f9a1a8b93f9 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 15:53:20 +0000 Subject: [PATCH 14/33] Add null check back. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index b9101acdf..8fb969d02 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9869,6 +9869,11 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, if (ssl == nullptr) { return; } + if (groups == nullptr) { + conscrypt::jniutil::throwNullPointerException(env, + "groups == null"); + return; + } ScopedIntArrayRO groups_ro(env, groups); if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); From 215a4bef94dd76b57608ee60c83f5bf3da076782 Mon Sep 17 00:00:00 2001 From: juergw Date: Wed, 10 Dec 2025 15:56:37 +0000 Subject: [PATCH 15/33] Fix format. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 8fb969d02..16df47736 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9870,9 +9870,8 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, return; } if (groups == nullptr) { - conscrypt::jniutil::throwNullPointerException(env, - "groups == null"); - return; + conscrypt::jniutil::throwNullPointerException(env, "groups == null"); + return; } ScopedIntArrayRO groups_ro(env, groups); if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { From 5d38a5222b77220baa9e15a506841ebe12726ec3 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 08:29:24 +0000 Subject: [PATCH 16/33] Comment out some code to debug. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 16df47736..8a75d137d 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9873,12 +9873,13 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwNullPointerException(env, "groups == null"); return; } - ScopedIntArrayRO groups_ro(env, groups); - if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { - conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); - ERR_clear_error(); - return; - } + // Comment out to see if this compiles... + // ScopedIntArrayRO groups_ro(env, groups); + // if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { + // conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); + // ERR_clear_error(); + // return; + // } } static jstring NativeCrypto_SSL_get_curve_name(JNIEnv* env, jclass, jlong sslAddress, From e307c402056c0cf5a96e55bf5bdbf37ca68aabaa Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 08:54:28 +0000 Subject: [PATCH 17/33] Uncomment line. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 8a75d137d..6b3802db5 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9873,8 +9873,9 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwNullPointerException(env, "groups == null"); return; } + ScopedIntArrayRO groups_ro(env, groups); + JNI_TRACE("groups_ro.size()=%d", groups_ro.size()); // Comment out to see if this compiles... - // ScopedIntArrayRO groups_ro(env, groups); // if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { // conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); // ERR_clear_error(); From 9a551ca996298bdaa692363920658f259045293b Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 09:11:11 +0000 Subject: [PATCH 18/33] change --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 6b3802db5..2ded569e7 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9874,7 +9874,12 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, return; } ScopedIntArrayRO groups_ro(env, groups); - JNI_TRACE("groups_ro.size()=%d", groups_ro.size()); + size_t num_groups = groups_ro.size(); + if (num_groups == 0) { + conscrypt::jniutil::throwSSLExceptionStr(env, "no groups"); + ERR_clear_error(); + return; + } // Comment out to see if this compiles... // if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { // conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); From bcf2bd8432eb02bfad63edc228ec36115825730d Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 09:17:08 +0000 Subject: [PATCH 19/33] Call _ro.get(). --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 2ded569e7..fc3d52da6 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9880,6 +9880,12 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, ERR_clear_error(); return; } + const jint* groups_ptr = groups_ro.get(); + if (groups_ptr == nullptr) { + conscrypt::jniutil::throwSSLExceptionStr(env, "groups_ptr == nullptr"); + ERR_clear_error(); + return; + } // Comment out to see if this compiles... // if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { // conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); From 51433aebcd467bb0846e125311fa8af92ec1213a Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 09:36:41 +0000 Subject: [PATCH 20/33] Type cast. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index fc3d52da6..c987b9ae2 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9880,7 +9880,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, ERR_clear_error(); return; } - const jint* groups_ptr = groups_ro.get(); + const int* groups_ptr = (const int*) groups_ro.get(); if (groups_ptr == nullptr) { conscrypt::jniutil::throwSSLExceptionStr(env, "groups_ptr == nullptr"); ERR_clear_error(); From cf3dc6084120bfcf1f44696d892f476a6933b0d4 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 09:40:35 +0000 Subject: [PATCH 21/33] Fix format --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index c987b9ae2..573212a51 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9880,7 +9880,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, ERR_clear_error(); return; } - const int* groups_ptr = (const int*) groups_ro.get(); + const int* groups_ptr = (const int*)groups_ro.get(); if (groups_ptr == nullptr) { conscrypt::jniutil::throwSSLExceptionStr(env, "groups_ptr == nullptr"); ERR_clear_error(); From 2c324425f8e3bcc395a5319aff4b82d9cb464f28 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 09:57:25 +0000 Subject: [PATCH 22/33] Uncomment everthing. --- .../src/jni/main/cpp/conscrypt/native_crypto.cc | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 573212a51..1b3095f2c 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9875,23 +9875,12 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, } ScopedIntArrayRO groups_ro(env, groups); size_t num_groups = groups_ro.size(); - if (num_groups == 0) { - conscrypt::jniutil::throwSSLExceptionStr(env, "no groups"); - ERR_clear_error(); - return; - } const int* groups_ptr = (const int*)groups_ro.get(); - if (groups_ptr == nullptr) { - conscrypt::jniutil::throwSSLExceptionStr(env, "groups_ptr == nullptr"); + if (!SSL_set1_groups(ssl, groups_ptr, num_groups)) { + conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; } - // Comment out to see if this compiles... - // if (!SSL_set1_groups(ssl, groups_ro.get(), groups_ro.size())) { - // conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); - // ERR_clear_error(); - // return; - // } } static jstring NativeCrypto_SSL_get_curve_name(JNIEnv* env, jclass, jlong sslAddress, From dd02bcab6c85d19a2198de3259ea78ace03f1b8a Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 10:15:38 +0000 Subject: [PATCH 23/33] Add check that _ro is not null. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 1b3095f2c..712d83d5b 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9874,6 +9874,11 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, return; } ScopedIntArrayRO groups_ro(env, groups); + if (context_bytes.get() == nullptr) { + JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups => threw exception", ssl); + conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); + return; + } size_t num_groups = groups_ro.size(); const int* groups_ptr = (const int*)groups_ro.get(); if (!SSL_set1_groups(ssl, groups_ptr, num_groups)) { From 3a77610a4fcc153f2e789b27a2de05e421dbfb9f Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 10:18:15 +0000 Subject: [PATCH 24/33] Fix typo. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 712d83d5b..2289e4521 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9874,7 +9874,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, return; } ScopedIntArrayRO groups_ro(env, groups); - if (context_bytes.get() == nullptr) { + if (groups_ro.get() == nullptr) { JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups => threw exception", ssl); conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; From b9b88a93cae1a35ad9ca1edce3bc539786b2e800 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 10:21:58 +0000 Subject: [PATCH 25/33] Inline variables. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 2289e4521..6eeeac2ca 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9879,9 +9879,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - size_t num_groups = groups_ro.size(); - const int* groups_ptr = (const int*)groups_ro.get(); - if (!SSL_set1_groups(ssl, groups_ptr, num_groups)) { + if (!SSL_set1_groups(ssl, (const int*)groups_ro.get(), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; From 8be461f92e3d676c2449fd96fff7a208748e5227 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 11:40:54 +0000 Subject: [PATCH 26/33] Use static_cast. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 6eeeac2ca..866e5b127 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9879,7 +9879,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - if (!SSL_set1_groups(ssl, (const int*)groups_ro.get(), groups_ro.size())) { + if (!SSL_set1_groups(ssl, static_cast (groups_ro.get()), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; From c9c0d45e05e89ae62b769ef0e211e40824f8f083 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 11:45:35 +0000 Subject: [PATCH 27/33] Fix format --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 866e5b127..ac401854b 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9879,7 +9879,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - if (!SSL_set1_groups(ssl, static_cast (groups_ro.get()), groups_ro.size())) { + if (!SSL_set1_groups(ssl, static_cast(groups_ro.get()), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; From b7f4f2049ef098461a560bbf787f2d5ec271b216 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 12:20:00 +0000 Subject: [PATCH 28/33] Use reinterpret_cast. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index ac401854b..b9172d3ed 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9879,7 +9879,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - if (!SSL_set1_groups(ssl, static_cast(groups_ro.get()), groups_ro.size())) { + if (!SSL_set1_groups(ssl, reinterpret_cast(groups_ro.get()), groups_ro.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; From 725248f565233b7d9af64ffd5b0ed3ae3d2aa81a Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 12:48:47 +0000 Subject: [PATCH 29/33] Create vector of int and copy jint values over. int and jint may not have the same size, so doing this makes sure that it always works. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index b9172d3ed..948dd2be2 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9879,7 +9879,12 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - if (!SSL_set1_groups(ssl, reinterpret_cast(groups_ro.get()), groups_ro.size())) { + size_t num_groups = groups_ro.size(); + std::vector groups_vector(num_groups); + for (size_t i = 0; i < num_groups; ++i) { + groups_vector[i] = groups_ro.get()[i]; + } + if (!SSL_set1_groups(ssl, groups_vector.data(), groups_vector.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); return; From 41fbc164e0b298ff88b30a15c486303640c3e0b0 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 13:17:39 +0000 Subject: [PATCH 30/33] Add comment. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 948dd2be2..7a95d5116 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9864,9 +9864,10 @@ static jstring NativeCrypto_SSL_get_current_cipher(JNIEnv* env, jclass, jlong ss static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, CONSCRYPT_UNUSED jobject sslHolder, jintArray groups) { CHECK_ERROR_QUEUE_ON_RETURN; - SSL* ssl = to_SSL(env, sslAddress, true); + SSL* ssl = to_SSL(env, sslAddress, /* throwIfNull= */ true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups groups=%p", ssl, groups); if (ssl == nullptr) { + // to_SSL already called conscrypt::jniutil::throwNullPointerException return; } if (groups == nullptr) { From 3a1b260ad16f6148be254fa1facb764212431728 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 13:19:32 +0000 Subject: [PATCH 31/33] fix format --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 7a95d5116..6227620dd 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9867,7 +9867,7 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, SSL* ssl = to_SSL(env, sslAddress, /* throwIfNull= */ true); JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_groups groups=%p", ssl, groups); if (ssl == nullptr) { - // to_SSL already called conscrypt::jniutil::throwNullPointerException + // to_SSL already called conscrypt::jniutil::throwNullPointerException return; } if (groups == nullptr) { From 6ddd41192aef1c1b4e5546115ac07b74a61c33f3 Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 14:20:08 +0000 Subject: [PATCH 32/33] Use push-back. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 6227620dd..2d66be00d 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9880,11 +9880,12 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, conscrypt::jniutil::throwOutOfMemory(env, "Unable to allocate buffer for groups"); return; } - size_t num_groups = groups_ro.size(); - std::vector groups_vector(num_groups); - for (size_t i = 0; i < num_groups; ++i) { - groups_vector[i] = groups_ro.get()[i]; + std::vector groups_vector; + groups_vector.reserve(groups_ro.size()); + for (jint group_id : groups_ro) { + groups_vector.push_back(group_id); } + if (!SSL_set1_groups(ssl, groups_vector.data(), groups_vector.size())) { conscrypt::jniutil::throwSSLExceptionStr(env, "Error parsing groups"); ERR_clear_error(); From 5b0e8d15c515ea0761c8a06ea5e3c659ce74787e Mon Sep 17 00:00:00 2001 From: juergw Date: Thu, 11 Dec 2025 14:23:14 +0000 Subject: [PATCH 33/33] Use normal for loop. --- common/src/jni/main/cpp/conscrypt/native_crypto.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 2d66be00d..52b6a9346 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -9882,8 +9882,9 @@ static void NativeCrypto_SSL_set1_groups(JNIEnv* env, jclass, jlong sslAddress, } std::vector groups_vector; groups_vector.reserve(groups_ro.size()); - for (jint group_id : groups_ro) { - groups_vector.push_back(group_id); + const jint* groups_ptr = groups_ro.get(); + for (int i = 0; i < groups_ro.size(); i++) { + groups_vector.push_back(groups_ptr[i]); } if (!SSL_set1_groups(ssl, groups_vector.data(), groups_vector.size())) {