Google Git
Sign in
android / platform / external / conscrypt / 959e25c^! / .
commit959e25c3aeb8122eb736be64e6aed48f1cf0706f[log] [tgz]
authorKenny Root <kroot@google.com>Wed May 20 13:39:29 2015 -0700
committerKenny Root <kroot@google.com>Wed May 20 15:58:10 2015 -0700
tree38eef8778d911ce939a236064cf12a13e635a26a
parent732e4009b4a2df2d4154bbb46980e4aadc2d6d9f [diff]
SSL: select the right key type for kx

During the switch to BoringSSL this function was rewritten and it
requested DH public key with RSA signature for a lot of things.

(cherry picked from commit d8606d56b6367d55174527c2206e51b474caf0d2)

Bug: 20641394
Change-Id: Id3880b01ed1810c5d7af9996c48ce45fdf4850f8

diff --git a/src/main/java/org/conscrypt/SSLParametersImpl.java b/src/main/java/org/conscrypt/SSLParametersImpl.java
index 71d8552..0101935 100644
--- a/src/main/java/org/conscrypt/SSLParametersImpl.java
+++ b/src/main/java/org/conscrypt/SSLParametersImpl.java

@@ -895,19 +895,19 @@
         this.endpointIdentificationAlgorithm = endpointIdentificationAlgorithm;
     }
 
-    /** Key type: RSA. */
+    /** Key type: RSA certificate. */
     private static final String KEY_TYPE_RSA = "RSA";
 
-    /** Key type: Diffie-Hellman with RSA signature. */
+    /** Key type: Diffie-Hellman certificate signed by issuer with RSA signature. */
     private static final String KEY_TYPE_DH_RSA = "DH_RSA";
 
-    /** Key type: Elliptic Curve. */
+    /** Key type: Elliptic Curve certificate. */
     private static final String KEY_TYPE_EC = "EC";
 
-    /** Key type: Elliptic Curve with ECDSA signature. */
+    /** Key type: Elliptic Curve certificate signed by issuer with ECDSA signature. */
     private static final String KEY_TYPE_EC_EC = "EC_EC";
 
-    /** Key type: Elliptic Curve with RSA signature. */
+    /** Key type: Elliptic Curve certificate signed by issuer with RSA signature. */
     private static final String KEY_TYPE_EC_RSA = "EC_RSA";
 
     /**
@@ -917,15 +917,15 @@
      */
     private static String getServerX509KeyType(long sslCipherNative) throws SSLException {
         String kx_name = NativeCrypto.SSL_CIPHER_get_kx_name(sslCipherNative);
-        if (kx_name.equals("RSA")) {
+        if (kx_name.equals("RSA") || kx_name.equals("DHE_RSA") || kx_name.equals("ECDHE_RSA")) {
             return KEY_TYPE_RSA;
-        } else if (kx_name.equals("DHE_RSA")) {
-            return KEY_TYPE_DH_RSA;
         } else if (kx_name.equals("ECDHE_ECDSA")) {
+            return KEY_TYPE_EC;
+        } else if (kx_name.equals("ECDH_RSA")) {
+            return KEY_TYPE_EC_RSA;
+        } else if (kx_name.equals("ECDH_ECDSA")) {
             return KEY_TYPE_EC_EC;
-        } else if (kx_name.equals("ECDHE_RSA")) {
-            return KEY_TYPE_DH_RSA;
-        } else if (kx_name.equals("DHE_RSA")) {
+        } else if (kx_name.equals("DH_RSA")) {
             return KEY_TYPE_DH_RSA;
         } else {
             return null;