| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Support_PortManager didn't really work, so rewrite all tests
that use it.
Also, dedup OldDatagramSocketTest with the harmony DatagramSocketTest.
Fix various broken test cases and terribly written tests.
bug: 11689863
Change-Id: I4efb9e02eb88517273fff50a0dec1d0262feafb2
|
| |\
| |
| |
| | |
ranges for us."
|
| | |
| |
| |
| |
| |
| |
| | |
for us.
Bug: 12004664
Change-Id: Ia77d55e525c0d10741df7660db598d85b7d4a0a9
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
Also makes the constructor private & a field final.
Change-Id: I1df833cee5f4217bd800c36104da2a76a1f1877d
|
| |\ \ \ |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We look for the gzip magic bytes at the end of every
member and try to decompress the remainder of the
stream if we find it.
Note that this changes the behaviour of this class wrt.
the underlying stream: It is no longer self limiting. It
will attempt to read past the gzip trailer to look for
more data to decompress. Before this change, it would've
been possible to (hackily) consume the rest of the compressed
stream directly by inspecting the value of
InflaterInputStream.inf.getRemainingBytes(). It's no longer
possible to sensibly support that.
bug: https://code.google.com/p/android/issues/detail?id=63873
Change-Id: I818f77c052a811ed98b76243f2ad8a1a4d236d70
|
| |\ \ \ |
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Although HMAC-MD5 is not yet broken, the foundations are shaky --
see http://tools.ietf.org/html/rfc6151.
Scans show that disabling these TLS/SSL cipher suites currently
causes handshake issues with 0.4% of the ecosystem.
Bug: 11220570
Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec
|
| |\ \ \ |
|
| |/ / /
| | |
| | |
| | |
| | | |
Bug: 11220570
Change-Id: Ic918e806ae1d8ea9b98c690cfabd9c3245886525
|
| |\ \ \
| |/ /
|/| | |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We explicitly disallow setLevel or setStrategy after
setInput. (It's clearly documented in the method docs).
Presumably, this is to prevent users from shooting
themselves in the foot & causing issues by changing
the strategy / level after we've started deflating.
Change-Id: Ifd65728ff0ec7e47aeec716aeb6f44242573c491
|
| |\ \ |
|
| |/ /
| |
| |
| | |
Change-Id: I15c25ff373b1ca4acb5e530f75d028b971779549
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| | |
Removal of debug code gone bad.
Change-Id: I93d9decbd9d733cbeccd7832fef6857cf1b41b25
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- We now guarantee that available() returns 0 iff.
deflater.finished() == true. Note that this is still
inconsistent with the specification of InputStream#available.
- Remove an unnecessary array copy in DeflaterInputStream#read.
- Remove tests that expect an IllegalArgumentException for
negative skip count values. The InputStream spec doesn't mandate
that we must throw here, and it's better to be consistent with
every othem InputStream specialization in the code.
- Remove obsolete failures from brokentests.txt.
bug: 12189307
Change-Id: Ie9b1ad5d7c050b005b5f6f44a5a283bfdaeb1e81
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The documentation for the list of TLS/SSL cipher suites used by
default states that cipher suites offering Forward Secrecy are
preferred. This CL adjusts the list to conform: FS cipher suites
that use RC4_128 bulk encryption algorithm were not preferred
over non-FS cipher suites that use AES.
Bug: 11220570
Change-Id: Ic9019306898600086920874474764186b710c3ef
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This is a follow-up to 5b15ad6b3d508a97d1cd23667afaee8c55072718 which
removed static key ECDH cipher suites from the default list, but
where the list of permitted key exchanges wasn't updated.
Bug: 11220570
Change-Id: I319e21bf4475ddb9e6262b41dda99f5e33b1816f
|
| |\ \
| |/
|/| |
|
| |/
|
|
|
|
|
|
|
|
|
| |
The effective key length for 3DES_EDE bulk encryption algorithm
is only 112 bits. We're now aiming for 128 and higher.
Scans show that removing these cipher suites from the default list
causes handshake issues only with 0.15% of the ecosystem.
Bug: 11220570
Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
These cipher suites use a static key for ECDH on the server side.
When client certificates are used, a static key is also used on the
client side, leading to the same premaster secret for all connections
between a particular client and server. Also, these cipher suites do
not provide forward secrecy.
Scans show that removing these cipher suites from the default list
does not affect connectivity to servers and is thus safe.
Bug: 11220570
Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| |
| | |
Also remove tests with broken expectations that were never
implemented.
Change-Id: I5eb60d3e6dfb8ead6e23941fca1bc19f79c4a158
|
| |\ \
| |/
|/| |
|
| |/
|
|
|
|
|
| |
Also moves a couple of tests from luni/src/test to
harmony-tests/ where they belong.
Change-Id: I0b441b1fcbd355bd3c66551d16732a671fb64f54
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach
has issues (e.g., Lucky 13 attack).
Bug: 11220570
Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| | |
This reverts commit 5ce66d51d2c5707789a82bb4b02c8dce94bbaf9c.
|
| |\ \ |
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
This adds support for AES-GCM and AES-CBC with MACs based on SHA256
and SHA384.
Bug: 11220570
Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack
and support for GCM cipher suites.
This change causes TLS/SSL handshake failures with a small fraction
of servers, load balancers and TLS/SSL accelerators with broken
TLS/SSL implementations.
Scans demonstrate that the number is around 0.6%. Breaking
connectivity (using platform default settings) to a tiny minority of
the ecosystem is acceptable because this inconvenience is outweighed
by the added safety for the overwheling majority of the ecosystem.
App developers affected by this issue should consider asking such
servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in
their apps.
Bug: 11220570
Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
|
| |\ \ \
| |/ /
|/| | |
|
| |/ /
| |
| |
| |
| |
| | |
Several failures have already been fixed.
Change-Id: I2f372ec27c8b283ac5afaf3dcdcdc23ade07b4c7
|
| |\ \ |
|
| | |/
| |
| |
| | |
Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
|
| |\ \
| |/
|/| |
|
| |/
|
|
|
|
|
|
|
| |
This enables late binding support for Cipher algorithms. It will now pay
attention to SupportedKeyClasses and SupportedKeyFormats after the
Cipher#init(...) is called on the instance instead of selecting the
provider when Cipher#getInstance(...) creates the instance.
Change-Id: I27802f1f8b96d81dd2a269741d080dbe68232c9f
|
| |\ |
|
| | |
| |
| |
| | |
Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
|
| |\ \
| |/
|/| |
|
| |/
|
|
| |
Change-Id: I1ceb0d6d2d8c4f90a40865aa375fd7d93ddd4389
|
| |\ |
|
