Upstream changes from elsewhere into github. (#1404)

Includes the following changes:
- Stop requiring testing method for HPKE duck typing
- Stop throwing an extra null pointer exception in native_crypto
- Simplify Conscrypt instance checks in `getApplicationProtocol`.

Author: miguelaranda0

common/src/jni/main/cpp/conscrypt/native_crypto.cc

@@ -11845,8 +11845,6 @@ static jboolean NativeCrypto_SSL_set1_ech_config_list(JNIEnv* env, jclass, jlong
     SSL* ssl = to_SSL(env, ssl_address, true);
     JNI_TRACE("ssl=%p NativeCrypto_SSL_set1_ech_config_list(%p)", ssl, configJavaBytes);
     if (ssl == nullptr) {
-        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, ssl address");
-        ERR_clear_error();
         return JNI_FALSE;
     }
     ScopedByteArrayRO configBytes(env, configJavaBytes);
@@ -11951,23 +11949,20 @@ static jboolean NativeCrypto_SSL_ech_accepted(JNIEnv* env, jclass, jlong ssl_add
     JNI_TRACE("NativeCrypto_SSL_ech_accepted");
     CHECK_ERROR_QUEUE_ON_RETURN;
     SSL* ssl = to_SSL(env, ssl_address, true);
-    JNI_TRACE("ssl=%p NativeCrypto_SSL_ech_accepted", ssl);
     if (ssl == nullptr) {
-        conscrypt::jniutil::throwNullPointerException(env, "Null pointer, ssl address");
-        ERR_clear_error();
         return JNI_FALSE;
     }
-    jboolean accepted = SSL_ech_accepted(ssl);
+    JNI_TRACE("ssl=%p NativeCrypto_SSL_ech_accepted", ssl);
 
-    if (!accepted) {
+    if (!SSL_ech_accepted(ssl)) {
         conscrypt::jniutil::throwParsingException(env, "Invalid ECH config list");
         ERR_clear_error();
         JNI_TRACE("ssl=%p NativeCrypto_SSL_ech_accepted => threw exception", ssl);
         return JNI_FALSE;
     }
 
-    JNI_TRACE("ssl=%p NativeCrypto_SSL_ech_accepted => %d", ssl, accepted);
-    return accepted;
+    JNI_TRACE("ssl=%p NativeCrypto_SSL_ech_accepted => %d", ssl, JNI_TRUE);
+    return JNI_TRUE;
 }
 
 static jboolean NativeCrypto_SSL_CTX_ech_enable_server(JNIEnv* env, jclass, jlong ssl_ctx_address,

common/src/main/java/org/conscrypt/Conscrypt.java

@@ -457,17 +457,11 @@ public static String getApplicationProtocol(SSLSocket socket) {
         if (isConscrypt(socket)) {
             return toConscrypt(socket).getApplicationProtocol();
         }
-        try {
-            if (!Class.forName("com.android.org.conscrypt.AbstractConscryptSocket")
-                            .isInstance(socket)) {
-                throw new IllegalArgumentException(
-                        "Not a conscrypt socket: " + socket.getClass().getName());
-            }
-            return invokeConscryptMethod(socket, "getApplicationProtocol");
-        } catch (ClassNotFoundException e) {
+        if (!socket.getClass().getName().contains("conscrypt")) {
             throw new IllegalArgumentException(
-                    "Not a conscrypt socket: " + socket.getClass().getName(), e);
+                    "Not a conscrypt socket: " + socket.getClass().getName());
         }
+        return invokeConscryptMethod(socket, "getApplicationProtocol");
     }
 
     /**
@@ -751,17 +745,11 @@ public static String getApplicationProtocol(SSLEngine engine) {
         if (isConscrypt(engine)) {
             return toConscrypt(engine).getApplicationProtocol();
         }
-        try {
-            if (!Class.forName("com.android.org.conscrypt.AbstractConscryptEngine")
-                            .isInstance(engine)) {
-                throw new IllegalArgumentException(
-                        "Not a conscrypt engine: " + engine.getClass().getName());
-            }
-            return invokeConscryptMethod(engine, "getApplicationProtocol");
-        } catch (ClassNotFoundException e) {
+        if (!engine.getClass().getName().contains("conscrypt")) {
             throw new IllegalArgumentException(
-                    "Not a conscrypt engine: " + engine.getClass().getName(), e);
+                    "Not a conscrypt engine: " + engine.getClass().getName());
         }
+        return invokeConscryptMethod(engine, "getApplicationProtocol");
     }
 
     /**

common/src/main/java/org/conscrypt/DuckTypedHpkeSpi.java

@@ -44,6 +44,9 @@ private DuckTypedHpkeSpi(Object delegate) throws NoSuchMethodException {
       if (targetMethod.isSynthetic()) {
         continue;
       }
+      if (targetMethod.getName().equals("engineInitSenderForTesting")) {
+          continue;
+      }
 
       Method sourceMethod =
           sourceClass.getMethod(targetMethod.getName(), targetMethod.getParameterTypes());
@@ -132,6 +135,10 @@ public void engineInitSender(
   @Override
   public void engineInitSenderForTesting(PublicKey recipientKey, byte[] info, PrivateKey senderKey,
           byte[] psk, byte[] pskId, byte[] sKe) throws InvalidKeyException {
+      if (!methods.containsKey("engineInitSenderForTesting")) {
+          throw new UnsupportedOperationException(
+                  "engineInitSenderForTesting is not supported by the delegate");
+      }
       invokeWithPossibleInvalidKey("engineInitSenderForTesting",
               recipientKey, info, senderKey, psk, pskId, sKe);
   }

common/src/test/java/org/conscrypt/DuckTypedHpkeSpiTest.java

@@ -27,7 +27,6 @@
 import static org.conscrypt.HpkeFixture.DEFAULT_SUITE_NAME;
 import static org.conscrypt.HpkeFixture.createDefaultHpkeContextRecipient;
 import static org.conscrypt.HpkeFixture.createDefaultHpkeContextSender;
-import static org.conscrypt.HpkeTestVectorsTest.getHpkeEncryptionRecords;
 import static org.conscrypt.TestUtils.encodeHex;
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
@@ -36,6 +35,13 @@
 import static org.junit.Assert.assertThrows;
 import static org.junit.Assert.assertTrue;
 
+import org.conscrypt.java.security.DefaultKeys;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
@@ -44,16 +50,6 @@
 import java.security.Provider;
 import java.security.PublicKey;
 import java.security.Security;
-import java.util.List;
-
-import org.conscrypt.HpkeTestVectorsTest.HpkeData;
-import org.conscrypt.HpkeTestVectorsTest.HpkeEncryptionData;
-import org.conscrypt.java.security.DefaultKeys;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.JUnit4;
 
 /**
  * Tests for DuckTypedHpkeSpiTest. Essentially the same as the tests for HpkeContext but
@@ -134,14 +130,6 @@ public void export() throws Exception {
         assertNotEquals(encodeHex(export1), encodeHex(export2));
     }
 
-    @Test
-    public void vectors() throws Exception {
-        final List<HpkeData> records = getHpkeEncryptionRecords();
-        for (HpkeData record : records) {
-            testHpkeEncryption(record);
-        }
-    }
-
     @Test
     public void initInvalidKeys() throws Exception {
         HpkeContextSender sender = HpkeContextSender.getInstance(DEFAULT_SUITE_NAME);
@@ -167,67 +155,37 @@ public void initInvalidKeys() throws Exception {
                 () -> recipient.init(DEFAULT_ENC, invalidKey, DEFAULT_INFO));
     }
 
-  @Test
-  public void testSeal_missingRequiredParameters_throwNullException() throws Exception {
-    HpkeContextSender ctxSender = HpkeContextSender.getInstance(DEFAULT_SUITE_NAME);
-    ctxSender.init(DEFAULT_PK, DEFAULT_INFO);
-    assertThrows(NullPointerException.class,
-        () -> ctxSender.seal(/* plaintext= */ null, DEFAULT_AAD));
-  }
-
-  @Test
-  public void testExport_lowerEdgeLength() throws Exception {
-    final HpkeContextSender ctxSender = createDefaultHpkeContextSender();
-    final byte[] enc = ctxSender.getEncapsulated();
-    final byte[] export = ctxSender.export(/* length= */ 0, DEFAULT_EXPORTER_CONTEXT);
-    assertNotNull(enc);
-    assertNotNull(export);
-    assertThrows(IllegalArgumentException.class,
-        () -> ctxSender.export(/* length= */ -1, DEFAULT_EXPORTER_CONTEXT));
-  }
-
-
-  @Test
-  public void testInitUnsupportedModes() throws Exception {
-    HpkeContextSender sender = HpkeContextSender.getInstance(DEFAULT_SUITE_NAME);
-    byte[] psk = "Shhh! Secret!".getBytes(StandardCharsets.UTF_8);
-    byte[] pskId = "id".getBytes(StandardCharsets.UTF_8);
-
-    assertThrows(UnsupportedOperationException.class, () ->
-        sender.init(DEFAULT_PK, DEFAULT_INFO, DEFAULT_SK));
-    assertThrows(UnsupportedOperationException.class, () ->
-        sender.init(DEFAULT_PK, DEFAULT_INFO, psk, pskId));
-    assertThrows(UnsupportedOperationException.class, () ->
-        sender.init(DEFAULT_PK, DEFAULT_INFO, DEFAULT_SK, psk, pskId));
-  }
-
-    // Copied from HpkeTestVectorsTest but with extra checks to ensure we are operating on
-    // duck typed instances.
-    private void testHpkeEncryption(HpkeData record) throws Exception {
-        final byte[] enc = record.pkEm;
-
-        // Encryption
-        final HpkeContextSender contextSender =
-            setupBaseForTesting(record.hpkeSuite, record.pkRm, record.info, record.skEm);
-        assertForeign(contextSender);
-        final byte[] encResult = contextSender.getEncapsulated();
-        assertArrayEquals("Failed encryption 'enc' " + encodeHex(enc), enc, encResult);
-        for (HpkeEncryptionData encryption : record.encryptions) {
-            final byte[] ciphertext = contextSender.seal(encryption.pt, encryption.aad);
-            assertArrayEquals("Failed encryption 'ciphertext' on data : " + encryption,
-                encryption.ct, ciphertext);
-        }
+    @Test
+    public void testSeal_missingRequiredParameters_throwNullException() throws Exception {
+        HpkeContextSender ctxSender = HpkeContextSender.getInstance(DEFAULT_SUITE_NAME);
+        ctxSender.init(DEFAULT_PK, DEFAULT_INFO);
+        assertThrows(NullPointerException.class,
+                () -> ctxSender.seal(/* plaintext= */ null, DEFAULT_AAD));
+    }
 
-        // Decryption
-        final HpkeContextRecipient contextRecipient =
-            HpkeContextRecipient.getInstance(record.hpkeSuite.name());
-        assertForeign(contextRecipient);
-        contextRecipient.init(enc, record.skRm, record.info);
-        for (HpkeEncryptionData encryption : record.encryptions) {
-            final byte[] plaintext = contextRecipient.open(encryption.ct, encryption.aad);
-            assertArrayEquals(
-                "Failed decryption on data : " + encryption, encryption.pt, plaintext);
-        }
+    @Test
+    public void testExport_lowerEdgeLength() throws Exception {
+        final HpkeContextSender ctxSender = createDefaultHpkeContextSender();
+        final byte[] enc = ctxSender.getEncapsulated();
+        final byte[] export = ctxSender.export(/* length= */ 0, DEFAULT_EXPORTER_CONTEXT);
+        assertNotNull(enc);
+        assertNotNull(export);
+        assertThrows(IllegalArgumentException.class,
+                () -> ctxSender.export(/* length= */ -1, DEFAULT_EXPORTER_CONTEXT));
+    }
+
+    @Test
+    public void testInitUnsupportedModes() throws Exception {
+        HpkeContextSender sender = HpkeContextSender.getInstance(DEFAULT_SUITE_NAME);
+        byte[] psk = "Shhh! Secret!".getBytes(StandardCharsets.UTF_8);
+        byte[] pskId = "id".getBytes(StandardCharsets.UTF_8);
+
+        assertThrows(UnsupportedOperationException.class,
+                () -> sender.init(DEFAULT_PK, DEFAULT_INFO, DEFAULT_SK));
+        assertThrows(UnsupportedOperationException.class,
+                () -> sender.init(DEFAULT_PK, DEFAULT_INFO, psk, pskId));
+        assertThrows(UnsupportedOperationException.class,
+                () -> sender.init(DEFAULT_PK, DEFAULT_INFO, DEFAULT_SK, psk, pskId));
     }
 
     private HpkeContextSender setupBaseForTesting(