| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |/ /
| | |
| | |
| | | |
Change-Id: I7b830d485c1ff769993233b7ea69e36b354f3259
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
No one ever uses these. They are not the default anymore and haven't
been for several releases.
Change-Id: Ieff7c31b31f492107e6ee4d7e9e5aeb8893a0c4d
|
| | | |
| | |
| | |
| | |
| | |
| | | |
No longer needed since Conscrypt is the main provider.
Change-Id: I6cee3c33c00822cc320780d63cb76f42e6be2b71
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Remove all the warnings in my IDE with newfangled generics.
Change-Id: I7ee4b273c36db31bf318e56ab79e48fe963020e5
|
| |/ /
| |
| |
| |
| |
| |
| | |
The getRevokedCertificate(BigInteger) was scanning nonIndirectEntries,
but it didn't check "isIndirectCRL" first.
Change-Id: Ib1ca31d563c6bd9c62901a9eae9bea1bd92a1d9b
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Making the various Socket/Channel classes more consistent with each
other for synchronizing state between the Channel, Socket and the OS.
This is in preparation for NetworkChannel.bind().
Synchronizing state revealed a test that relied upon a Socket from a
channel not reporting isConnected() properly after a connect(). Tests
have been updated.
Reading the local address back from the OS revealed that Android is
using IPv6 and reports the string equivalent of IPv4's 0.0.0.0 as
"::". Updated a test that was relying on the string form.
Calling connect() twice on a DatagramSocket appears inconsistent with
itself and Channel and other Sockets. A pure DatagramSocket switches
over to the new remote address. I have changed the Channel-backed
DatagramSocket to throw an IllegalStateException exception, and have
created a bug to discuss making the calls more consistent.
Socket has been modified to avoid using the address field to store
the local address after a bind(). This field is documented as holding
the remote address, not the local.
Changed implementation of SocketChannelImpl.socket().getInputStream()
and SocketChannelImpl.socket().getOutputStream() to use the one that
is implemented by Socket and not a custom NIO-based implementation.
The use of NIO provided two parallel implementations for the same
thing. This change alters behavior when attempting to read zero bytes
and when a Channel is in non-blocking mode: now it throws
IllegalBlockingModeException rather than
ArrayIndexOutOfBoundsException. The tests have been updated.
Various tidying up changes to introduce @Override, remove
unnecessarily initialized local variables, fields, semi-colons,
javadocs and imports. Added close() calls for objects during tests
that were cluttering the logs.
Modified IoBridge.connect() to be void. Adjusted SocketChannelImpl
accordingly and tidied up impossible cases. Modified
SocketChannel.connect() so that it always returns false in
non-blocking mode. This looks like an existing bug:
it would previously have returned true, even though the connection
was potentially still pending. Tests have been added.
Also tidied up SocketChannelImpl.finishConnect() - it was potentially
resetting the isBound state.
Change-Id: Ic7943615b4b763f77e74397e0e91a62edc7d7017
bug: 12464155
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Note: FileChannel continues to implement ByteChannel for
now. Otherwise the API is visibly changed because SeekableByteChannel
is hidden.
Change-Id: If20c8c211e0a1f6003763ac702b2e2f8ad37e293
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
According to the docs, after calling truncate(x), if position() > x, position()
should be made to equal x. Note: It is to be set to x, not to the actual size
of the file, since truncate() doesn't actually grow the file. Subsequent writes
will grow the file to position().
Bug: 12757843
Change-Id: I5df1fbd59f1a8610bc60575dfa7f1396baf3ed47
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It turns out that any @param or @return gunk gets inherited even if you
supply new body text. So fix MatchResult's javadoc and make it clear
that Matcher just inherits. (I'm not sure I even knew MatchResult existed.)
Bug: https://code.google.com/p/android/issues/detail?id=64643
Change-Id: Iee86a026a2b72676af9c54627525bceb482b9f63
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Fix missing whitespace between @code and its contents
- Add a @since tag.
Change-Id: I0faad6971285a20c6988da434e376515acb5bd0b
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Most validation and sanity checking is performed entirely
in java. We use ICU only for converting back and forth
between Locale objects and BCP-47 language tags
(toLanguageTag & forLanguageTag).
The new APIs also add support for script subtags and
manipulation of unicode locale extensions.
Note that we do not implement
IllformedLocaleException.getErrorIndex. If anyone complains
or if it proves useful somehow, we could plumb the information
through from ICU if required.
bug: 8992787
Change-Id: I9b2d7f8d17f970d1b57111dcfe92c16e68b0fa67
|
| |\ \ \ \ |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As said in AttributeValue, DC and emailAddress should be encoded in
IA5String as specified by RFC5280.
Also the canonical encoding of a T61String could be PrintableString when
the string is only 'A' according to b/2102191 but this could be a
mistake.
Consecutive spaces and leading and trailing runs of spaces should be
escaped for RFC 1779.
Also the RFC 2259 doesn't specify anything other than the beginning or
end spaces, but the RI escapes the beginning and ending runs of spaces.
Bug: 12490346
Bug: 12490876
Change-Id: I6591156ba0a27a894241b039570488f89c885242
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
This increases speed of CipherInputStreamBenchmark from 606ms to 28.5ms.
Bug: 12246774
Change-Id: If61c0a055fe1b8e87909711b15d0441fcdbe46c7
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Implemented in terms of u_getPropertyValueEnum(UCHAR_SCRIPT,)
and uscript_getScript from ICU4C.
Since the Java 7 API specifies a subset of scripts known to
ICU4C, we map scripts not specified in the API to
UnicodeScript.UNKNOWN.
Like the UnicodeBlock API, our matching is far more lenient than
the RI.
Change-Id: I5247baddb2dde42d6a2042609370daeb616fe419
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Calls to DirectByteBuffer#free() will invalidate the buffer:
- isValid() will return false;
- subsequent operations which touch the inner buffer will
throw IllegalStateException.
Note: NioUtils#freeDirectByteBuffer can also be used to
invalidate the buffer.
Bug: 11512044
Change-Id: I78e00dc12b0dbfbd1be6af28bef2413053fb15cb
|
| |\ \ \ \
| |/ / /
|/| | | |
|
| | |/ /
| | |
| | |
| | |
| | | |
Bug: https://code.google.com/p/android/issues/detail?id=64643
Change-Id: Iae7f8faa10c23bd82dbc1466fb3aea2d2db07f16
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The creation of the StreamCorruptedException in the constructor adds expense.
A common usage of ObjectOutputStream in Android is to write Serializable
objects into a Parcel, which uses a ByteArrayOutputStream and should never fail
with an IOException. This change should provide a small speed up and reduce
memory usage for the common case.
StreamCorruptedException is intended for use when reading from an ObjectStream
and it is no longer used. Also, by throwing a new exception the root cause
(either the original failure, or of the failure to write the exception to the
output stream) is obscured. Of the two possible exceptions that could be thrown
it seems best to throw the original and swallow the second. Added documentation.
Small risk of externally visible changes if callers are depending on the exact
class of the exception thrown but the use of StreamCorruptedException is not
documented and is unlikely to break anybody.
Also tidying up other simple code problems:
1) Unused parameter on writeEnumDesc()
2) Removing the getFieldL native method. It is never called and does not appear
to be backed by any native code.
3) Removing unnecessary initialization of local variables.
bug: 6447733
Change-Id: If062aa8d376019ed0c8db969e8161f18898e64e5
|
| | |
| |
| |
| |
| |
| |
| | |
If we throw inside the ctor, it is impossible for clients
to pass the CloseGuard test for the associated Inflater.
Change-Id: I6c4e66a98742fbd15bcdd03aa03e2fa7e33e110b
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | | |
Also makes the constructor private & a field final.
Change-Id: I1df833cee5f4217bd800c36104da2a76a1f1877d
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We look for the gzip magic bytes at the end of every
member and try to decompress the remainder of the
stream if we find it.
Note that this changes the behaviour of this class wrt.
the underlying stream: It is no longer self limiting. It
will attempt to read past the gzip trailer to look for
more data to decompress. Before this change, it would've
been possible to (hackily) consume the rest of the compressed
stream directly by inspecting the value of
InflaterInputStream.inf.getRemainingBytes(). It's no longer
possible to sensibly support that.
bug: https://code.google.com/p/android/issues/detail?id=63873
Change-Id: I818f77c052a811ed98b76243f2ad8a1a4d236d70
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Although HMAC-MD5 is not yet broken, the foundations are shaky --
see http://tools.ietf.org/html/rfc6151.
Scans show that disabling these TLS/SSL cipher suites currently
causes handshake issues with 0.4% of the ecosystem.
Bug: 11220570
Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- We now guarantee that available() returns 0 iff.
deflater.finished() == true. Note that this is still
inconsistent with the specification of InputStream#available.
- Remove an unnecessary array copy in DeflaterInputStream#read.
- Remove tests that expect an IllegalArgumentException for
negative skip count values. The InputStream spec doesn't mandate
that we must throw here, and it's better to be consistent with
every othem InputStream specialization in the code.
- Remove obsolete failures from brokentests.txt.
bug: 12189307
Change-Id: Ie9b1ad5d7c050b005b5f6f44a5a283bfdaeb1e81
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The effective key length for 3DES_EDE bulk encryption algorithm
is only 112 bits. We're now aiming for 128 and higher.
Scans show that removing these cipher suites from the default list
causes handshake issues only with 0.15% of the ecosystem.
Bug: 11220570
Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
These cipher suites use a static key for ECDH on the server side.
When client certificates are used, a static key is also used on the
client side, leading to the same premaster secret for all connections
between a particular client and server. Also, these cipher suites do
not provide forward secrecy.
Scans show that removing these cipher suites from the default list
does not affect connectivity to servers and is thus safe.
Bug: 11220570
Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
|
| |/ /
| |
| |
| |
| |
| |
| | |
Also remove tests with broken expectations that were never
implemented.
Change-Id: I5eb60d3e6dfb8ead6e23941fca1bc19f79c4a158
|
| | |
| |
| |
| |
| |
| |
| |
| | |
AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach
has issues (e.g., Lucky 13 attack).
Bug: 11220570
Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This adds support for AES-GCM and AES-CBC with MACs based on SHA256
and SHA384.
Bug: 11220570
Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack
and support for GCM cipher suites.
This change causes TLS/SSL handshake failures with a small fraction
of servers, load balancers and TLS/SSL accelerators with broken
TLS/SSL implementations.
Scans demonstrate that the number is around 0.6%. Breaking
connectivity (using platform default settings) to a tiny minority of
the ecosystem is acceptable because this inconvenience is outweighed
by the added safety for the overwheling majority of the ecosystem.
App developers affected by this issue should consider asking such
servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in
their apps.
Bug: 11220570
Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
This enables late binding support for Cipher algorithms. It will now pay
attention to SupportedKeyClasses and SupportedKeyFormats after the
Cipher#init(...) is called on the instance instead of selecting the
provider when Cipher#getInstance(...) creates the instance.
Change-Id: I27802f1f8b96d81dd2a269741d080dbe68232c9f
|
| | |
| |
| |
| | |
Change-Id: I1ceb0d6d2d8c4f90a40865aa375fd7d93ddd4389
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and
cipher suites supported and enabled by default.
Bug: 11220570
Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The Javadoc of javax.net.ssl.SSLSocket now lists the protocols and
cipher suites supported and enabled by default.
Bug: 11220570
Change-Id: I3b6a96a86618370a55abf3307cbaadd1a1587066
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When malformed or unmappable characters span input
buffers, we'd end up setting a negative position on the
buffer.
Also fix up a few test cases which were wrong in
several ways.
- One test was simply checking for the wrong sort
of exception (unmappable vs malformed)
- Another test was expecting encode() to throw an
error (and ignoring flush) but the API allows flush
to throw an error instead of encode.
bug: 10729779
Change-Id: I6560b749ca2445651d61ca651f8a5e388cf1c1b0
|
| | | |
| | |
| | |
| | |
| | | |
Bug: https://code.google.com/p/android/issues/detail?id=62726
Change-Id: I1113be8745da7bc17c22057e0be78411dd66a745
|
| |/ /
| |
| |
| | |
Change-Id: Ia45aa76e42b06d7ed405d7a2f6851658fec0bff0
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Change-Id: If3d941154c658bd87ed968ae4d40cfb6806242ce
|
