/system/lib64/libcrypto.so and 23,8% Crashrate
Today I learned the following lessons:
- do not rely on Crashlytics/Fabric.io alone => if something breaks before you will only see the crashes in Google Play. I was shocked suddenly seeing a 23,8% crash rate in Android Oreo - but only 8.0.0 - not 8.0.1
- Life as an Android developer is hard
- do not save money on your SSL certificate - Grade A is not good enough
- https://developer.android.com/about/versions/oreo/android-8.1
- https://github.com/google/conscrypt/issues/520
Interesting bit:
Cryptography updates
A number of cryptography changes have been made with Android 8.1:
- New algorithms have been implemented in Conscrypt. The Conscrypt implementation is preferentially used over the existing Bouncy Castle implementation. New algorithms include:
AlgorithmParameters:GCMKeyGenerator:AESKeyGenerator:DESEDEKeyGenerator:HMACMD5KeyGenerator:HMACSHA1KeyGenerator:HMACSHA224KeyGenerator:HMACSHA256KeyGenerator:HMACSHA384KeyGenerator:HMACSHA512SecretKeyFactory:DESEDESignature:NONEWITHECDSA
Cipher.getParameters().getParameterSpec(IvParameterSpec.class)no longer works for algorithms that use GCM. Instead, usegetParameterSpec(GCMParameterSpec.class).- Many internal Conscrypt classes associated with TLS were refactored. Since developers sometimes access these reflectively, shims have been left in place to support previous usage, but some details have changed. For example, sockets previously were of type
OpenSSLSocketImpl, but now they’re of typeConscryptFileDescriptorSocketorConscryptEngineSocket, both of which extendOpenSSLSocketImpl. SSLSessionmethods used to throwIllegalArgumentExceptionwhen passed a null reference, they now throwNullPointerException.- The RSA
KeyFactoryno longer allows generation of keys from byte arrays that are larger than the encoded key. Calls togeneratePrivate()andgeneratePublic()that provide aKeySpecwhere the key structure does not fill the entire buffer will result in anInvalidKeySpecException. - When a socket read is interrupted by the socket being closed, Conscrypt used to return -1 from the read. The read now throws
SocketException. - The set of root CA certificates has been changed, mostly removing a large number of obsolete certificates, but also removing the root certificates for WoSign and StartCom. For more information on this decision, see the Google Security Blog post, Final removal of trust in WoSign and StartCom Certificates.
#00 pc 00000000000b01d4 /system/lib64/libcrypto.so (x509_name_ex_i2d+48)
#01 pc 0000000000047608 /system/lib64/libcrypto.so (ASN1_item_ex_i2d+312)
#02 pc 000000000004742c /system/lib64/libcrypto.so (asn1_item_flags_i2d+84)
#03 pc 000000000001c174 /system/lib64/libjavacrypto.so (_ZL34NativeCrypto_X509_get_subject_nameP7_JNIEnvP7_jclassl+64)
#04 pc 0000000000028ec8 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.NativeCrypto.ASN1_seq_unpack_X509_bio [DEDUPED]+152)
#05 pc 0000000000050b3c /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.OpenSSLX509Certificate.getSubjectX500Principal+60)
#06 pc 00000000000610b4 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.TrustedCertificateIndex.findBySubjectAndPublicKey+68)
#07 pc 000000000005cf34 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.TrustManagerImpl.checkTrusted+404)
#08 pc 000000000005cd58 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.TrustManagerImpl.checkTrusted+536)
#09 pc 000000000005fe74 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer+308)
#10 pc 0000000001170384 /system/framework/arm64/boot-framework.oat (android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted+84)
#11 pc 0000000001171434 /system/framework/arm64/boot-framework.oat (android.security.net.config.RootTrustManager.checkServerTrusted+388)
#12 pc 000000000005338c /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.Platform.checkServerTrusted+380)
#13 pc 000000000003dfec /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain+764)
#14 pc 0000000000509384 /system/lib64/libart.so (art_quick_invoke_stub+580)
#15 pc 00000000000d8078 /system/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+200)
#16 pc 000000000043111c /system/lib64/libart.so (_ZN3artL18InvokeWithArgArrayERKNS_33ScopedObjectAccessAlreadyRunnableEPNS_9ArtMethodEPNS_8ArgArrayEPNS_6JValueEPKc+104)
#17 pc 0000000000432594 /system/lib64/libart.so (_ZN3art35InvokeVirtualOrInterfaceWithVarArgsERKNS_33ScopedObjectAccessAlreadyRunnableEP8_jobjectP10_jmethodIDSt9__va_list+448)
#18 pc 0000000000325e10 /system/lib64/libart.so (_ZN3art3JNI15CallVoidMethodVEP7_JNIEnvP8_jobjectP10_jmethodIDSt9__va_list+632)
#19 pc 000000000002f450 /system/lib64/libjavacrypto.so (_ZN7_JNIEnv14CallVoidMethodEP8_jobjectP10_jmethodIDz+120)
#20 pc 000000000002ff68 /system/lib64/libjavacrypto.so (_ZL20cert_verify_callbackP17x509_store_ctx_stPv+192)
#21 pc 0000000000029298 /system/lib64/libssl.so (ssl_crypto_x509_session_verify_cert_chain+232)
#22 pc 0000000000013b80 /system/lib64/libssl.so (ssl3_connect+2904)
#23 pc 0000000000021fbc /system/lib64/libssl.so (SSL_do_handshake+64)
#24 pc 0000000000025874 /system/lib64/libjavacrypto.so (_ZL29NativeCrypto_SSL_do_handshakeP7_JNIEnvP7_jclasslP8_jobjectS4_i+272)
#25 pc 000000000002c3d8 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.NativeCrypto.SSL_do_handshake+216)
#26 pc 000000000003d434 /system/framework/arm64/boot-conscrypt.oat (com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake+1492)
#27 pc 0000000000509384 /system/lib64/libart.so (art_quick_invoke_stub+580)
#28 pc 00000000000d8078 /system/lib64/libart.so (_ZN3art9ArtMethod6InvokeEPNS_6ThreadEPjjPNS_6JValueEPKc+200)
#29 pc 00000000002821dc /system/lib64/libart.so (_ZN3art11interpreter34ArtInterpreterToCompiledCodeBridgeEPNS_6ThreadEPNS_9ArtMethodEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+352)
#30 pc 000000000027c8a4 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+672)
#31 pc 00000000004f3d30 /system/lib64/libart.so (MterpInvokeVirtualQuick+680)
#32 pc 00000000004fea94 /system/lib64/libart.so (ExecuteMterpImpl+29972)
#33 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#34 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#35 pc 000000000027c884 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+640)
#36 pc 00000000004f1e78 /system/lib64/libart.so (MterpInvokeDirect+504)
#37 pc 00000000004fae14 /system/lib64/libart.so (ExecuteMterpImpl+14484)
#38 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#39 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#40 pc 000000000027c884 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+640)
#41 pc 00000000004f1e78 /system/lib64/libart.so (MterpInvokeDirect+504)
#42 pc 00000000004fae14 /system/lib64/libart.so (ExecuteMterpImpl+14484)
#43 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#44 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#45 pc 000000000027d6f4 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb1ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+584)
#46 pc 00000000004f4130 /system/lib64/libart.so (MterpInvokeVirtualQuickRange+516)
#47 pc 00000000004feb14 /system/lib64/libart.so (ExecuteMterpImpl+30100)
#48 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#49 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#50 pc 000000000027d6f4 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb1ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+584)
#51 pc 00000000004f3754 /system/lib64/libart.so (MterpInvokeDirectRange+424)
#52 pc 00000000004fb114 /system/lib64/libart.so (ExecuteMterpImpl+15252)
#53 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#54 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#55 pc 000000000027d6f4 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb1ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+584)
#56 pc 00000000004f3754 /system/lib64/libart.so (MterpInvokeDirectRange+424)
#57 pc 00000000004fb114 /system/lib64/libart.so (ExecuteMterpImpl+15252)
#58 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
#59 pc 0000000000263d20 /system/lib64/libart.so (_ZN3art11interpreter33ArtInterpreterToInterpreterBridgeEPNS_6ThreadEPKNS_7DexFile8CodeItemEPNS_11ShadowFrameEPNS_6JValueE+212)
#60 pc 000000000027c884 /system/lib64/libart.so (_ZN3art11interpreter6DoCallILb0ELb0EEEbPNS_9ArtMethodEPNS_6ThreadERNS_11ShadowFrameEPKNS_11InstructionEtPNS_6JValueE+640)
#61 pc 00000000004f3d30 /system/lib64/libart.so (MterpInvokeVirtualQuick+680)
#62 pc 00000000004fea94 /system/lib64/libart.so (ExecuteMterpImpl+29972)
#63 pc 000000000025d620 /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadEPKNS_7DexFile8CodeItemERNS_11ShadowFrameENS_6JValueEb+444)
