| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
toArray() was returning entries in reverse order.
toArray(T[]) was correct.
Thanks to Chris Povirk for discovering.
The fix is simple.
Change includes additional tests to avoid regressions.
Test & support code has been cleaned up a little to
improve coverage and make it (slightly) less horrible.
Bug: https://code.google.com/p/android/issues/detail?id=72073
Change-Id: I42ff90e0f592482289cd0cd9fdbdaabf0c17ad93
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This documents and tests that TLS-PSK cipher suites are enabled
if a PSKKeyManager is provided to SSLContext during its
initialization.
Bug: 15073623
Change-Id: I8e2bc3e7a1ea8a986e468973b6bad19dc6b7bc3c
|
| | |
| |
| |
| |
| |
| | |
(cherry picked from commit 36214feb86a0963b23f34c8c63584252bd757e19)
Change-Id: I96d5109c01e39255b9970f7a515ddd3575a50e56
|
| |/
|
|
|
| |
Bug: 15073623
Change-Id: I427c99f4c1c72690d95e5a3c63763631c41ddae2
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This CL updates the Javadoc of SSLSocket and SSLEngine to list the
now supported TLS-PSK cipher suites. It also adds tests to assert
that these cipher suites are actually supported by SSLSocket and
SSLEngine.
Bug: 15073623
Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb
|
| |/
|
|
|
|
|
|
|
| |
Now that the default SSLEngine implementation is backed by the same
OpenSSL stack as the default SSLSocket implementation, the sets of
supported/enabled cipher suites and protocols should remain the same
between SSLEngine and SSLSocket.
Change-Id: I1ed88f39b07950e5d8b6e2fc7d6482a034626de3
|
| |
|
|
|
|
|
|
|
|
| |
We have modified OpenSSL source code such that size of RSA key should be at least 512 bits or more to support
higher quality key generation as lower key sizes are vulnerable to attack.
Thus we need to increase the size to 512 to avoid CTS failures, please refer to it also.
https://code.google.com/p/android/issues/detail?id=66394
Change-Id: I95d734033227ed1497a5bc0fd0010f62b12c01c5
Signed-off-by: DanielMo <DanielMo@fih-foxconn.com>
|
| |
|
|
|
|
|
| |
This adds all the possible key types from the Standard Names document to
the tests.
Change-Id: Ifbca56371261c040c3cb9e0d80447e9cb73cad0f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add CloseGuardMonitor to intercept and collate CloseGuard reports and if
necessary throw an exception listing the resource leaks.
* Add ResourceLeakageDetector to abstract away the CloseGuardMonitor which will
not work on RI.
* Add AbstractResourceLeakageDetectorTestCase as a base class for tests
that need to detect resource leaks, in future this could be handled by
modifications to Cts and Vogar test runners.
* Remove CloseGuardTester and its sole usage in ProcessBuilderTest.
* Remove CloseGuardGuard from within URLConnectionTest
* Change ZipFileTest, ProcessBuilderTest, URLConnectionTest to use new
mechanism, fix issues that are identified and do some cleanup/remove
duplicated code.
Bug: https://code.google.com/p/android/issues/detail?id=66383
Change-Id: Id026dbb6bc66091a15f07329e6371cd0d1f32cf5
|
| |
|
|
| |
Change-Id: Ie700aa16d91fba53fc5eb2555829cb74d84b12ad
|
| |
|
|
|
|
|
|
| |
The assymmetry between client and server with create sessions seems
strange. It seems like a bug in the RI, so make sure Android does the
right thing.
Change-Id: I7b7ab501bd1963757b7f067c6ace8230a19a3e53
|
| |
|
|
|
|
|
| |
Our new OpenSSL-based SSLEngine supports all the new stuff and no longer
fails tests.
Change-Id: I7db8e5134ca36ebd963c7081cd7ba79d91b3e5e2
|
| |
|
|
|
|
|
|
| |
The RI now supports TLSv1.2 with SSLEngine, so update all the
expectations for their tests. It also appears to disable "weak"
algorithms when you select TLSv1.2.
Change-Id: I564283bb4945d3b71bee0f89c93c6dd6e238b4f8
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the X509ExtendedTrustManager class and all its ancillary
methods that allow it to be used. This allows the
endpointVerificationAlgorithm setting to be enabled on SSLSocket to
check that the cerificate given for the endpoint during the handshake
matched the expected hostname.
Since X509ExtendedTrustManager allows you to pass in an SSLSocket, there
is a new call added to SSLSocket called getHandshakeSession which does
not force the handshake to take place.
Bug: 13103812
Change-Id: I18a18b4f457d1676c8dc9a2a7bf7c3c4646a0425
|
| |
|
|
|
|
| |
The RI doesn't use DH_RSA and DH_DSA, but we do. Only remove them when
the RI is running the tests.
Change-Id: Id496a60e64ea51b105b7548e219e9340608f4672
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
The two classes in some places assumed that only one KeyManager is
necessary or that only the first provided KeyManager is important.
Change-Id: I88629778911503ac7c233341d44612247d799d22
|
| |/
|
|
| |
Change-Id: Ia20902cc63d5e3ef1ac4cfc7a0b651368e845867
|
| |
|
|
|
|
|
|
|
| |
System.gc() has changed in Android: it doesn't gc every time
any more. Runtime.getRuntime().gc() is more likely to cause
a garbage collection.
Change-Id: I294c98a3b82ccb8867b6667d35c88fe9441110db
Bug: 13097524
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
URLConnection.getHeaderLong() and
URLConnection.getContentLengthLong().
These methods are required by okhttp.
Changed JarURLConnectionImpl.getContentLength() to return -1
when the size of an entry cannot be represented as an int.
Previously it would have returned a corrupted, possibly
negative, value due to a cast.
Changed FileURLConnection.getContentLength() to return -1
when the size of the file cannot be represented as an int.
Previously it would have returned a corrupted, possibly
negative, value due to a cast.
Change-Id: Ib43e68a2536c2602b4c7ee0cda68fa1f90045f57
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Get rid of Support_PlatformFile, use File.createTempFile
instead.
- Replace numerous uses of "user.dir" / "user.home" etc. with
File.createTempFile
- Replace calls to Process / chmod with Libcore.os.chmod. The
calls wouldn't have worked anyway, since chmod on android
doesn't understand the incremental (+w, -x) syntax.
Change-Id: Ic6944568bbee6a548da6dcb4364b882636f2959f
|
| |
|
|
|
| |
These resources were used only by DalvikExecTest.
Change-Id: Icb063fcf96593eeb3c6d9392214b3bc67305af53
|
| |
|
|
|
| |
TimaKeyStore is Samsung's TrustZone-based KeyStore
service provider. It should be skipped for KeyStore
test cases since Samsung has it's own test cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This tests that PKCS#7 padding for all Cipher transformations which
currently support PKCS#5 padding.
PKCS#5 padding is a special case of PKCS#7 padding. PKCS#5 padding
is defined specifically for 64 bit long blocks. However, lots of code
assumes that PKCS#5 for other block sizes works exactly like PKCS#7,
and thus uses PKCS#5 padding where PKCS#7 should actually be used
(e.g., with AES). Thus, we assert the assumption that PKCS#7 padding
works exactly like PKCS#5 padding.
Change-Id: I0ca8a952c67bc7aff172e22bd730378d41438067
|
| |
|
|
|
|
|
| |
Update cert tests to save the private keys and also change the main
certificate to a negative serial to exercise more corner cases.
Change-Id: Ia59eece8ced0988b140ebf2e932b54298047f32d
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Support_PortManager didn't really work, so rewrite all tests
that use it.
Also, dedup OldDatagramSocketTest with the harmony DatagramSocketTest.
Fix various broken test cases and terribly written tests.
bug: 11689863
Change-Id: I4efb9e02eb88517273fff50a0dec1d0262feafb2
|
| |
|
|
|
|
|
|
|
|
|
| |
Although HMAC-MD5 is not yet broken, the foundations are shaky --
see http://tools.ietf.org/html/rfc6151.
Scans show that disabling these TLS/SSL cipher suites currently
causes handshake issues with 0.4% of the ecosystem.
Bug: 11220570
Change-Id: I1970d2ecbdf3c0d26e45d439047b1d3884ade2ec
|
| |
|
|
|
|
|
|
|
|
|
| |
The documentation for the list of TLS/SSL cipher suites used by
default states that cipher suites offering Forward Secrecy are
preferred. This CL adjusts the list to conform: FS cipher suites
that use RC4_128 bulk encryption algorithm were not preferred
over non-FS cipher suites that use AES.
Bug: 11220570
Change-Id: Ic9019306898600086920874474764186b710c3ef
|
| |
|
|
|
|
|
|
|
| |
This is a follow-up to 5b15ad6b3d508a97d1cd23667afaee8c55072718 which
removed static key ECDH cipher suites from the default list, but
where the list of permitted key exchanges wasn't updated.
Bug: 11220570
Change-Id: I319e21bf4475ddb9e6262b41dda99f5e33b1816f
|
| |
|
|
|
|
|
|
|
|
|
| |
The effective key length for 3DES_EDE bulk encryption algorithm
is only 112 bits. We're now aiming for 128 and higher.
Scans show that removing these cipher suites from the default list
causes handshake issues only with 0.15% of the ecosystem.
Bug: 11220570
Change-Id: Ie01ebe8134d08a36b276295b804540157963be8f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
These cipher suites use a static key for ECDH on the server side.
When client certificates are used, a static key is also used on the
client side, leading to the same premaster secret for all connections
between a particular client and server. Also, these cipher suites do
not provide forward secrecy.
Scans show that removing these cipher suites from the default list
does not affect connectivity to servers and is thus safe.
Bug: 11220570
Change-Id: If34f4a3888ed9972c39d171656a85c61dfa98ea1
|
| |
|
|
|
|
|
|
| |
AES-GCM is preferred to AES-CBC whose MAC-pad-then-encrypt approach
has issues (e.g., Lucky 13 attack).
Bug: 11220570
Change-Id: Ib007bc89ccf08358ed3f093f630350fa859e7c35
|
| |
|
|
|
|
|
|
| |
This adds support for AES-GCM and AES-CBC with MACs based on SHA256
and SHA384.
Bug: 11220570
Change-Id: I56e7e25c5cd65a4c7662da6d4bbe5720f427e677
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TLSv1.1 and TLSv1.2 offer built-in protection against BEAST attack
and support for GCM cipher suites.
This change causes TLS/SSL handshake failures with a small fraction
of servers, load balancers and TLS/SSL accelerators with broken
TLS/SSL implementations.
Scans demonstrate that the number is around 0.6%. Breaking
connectivity (using platform default settings) to a tiny minority of
the ecosystem is acceptable because this inconvenience is outweighed
by the added safety for the overwheling majority of the ecosystem.
App developers affected by this issue should consider asking such
servers to be fixed or explicitly disabling TLSv1.1 and TLSv1.2 in
their apps.
Bug: 11220570
Change-Id: Ice9e8ce550401ba5e3385fd369c40f01c06ac7fd
|
| |
|
|
| |
Change-Id: I3c939e9275ba8f1d00342d1f83c6fdaf110f2317
|
| |
|
|
| |
Change-Id: I4b5a5123977a1df152f097e2c7ed86cf7dbcfe9e
|
| |
|
|
|
|
|
|
| |
The Javadoc of javax.net.ssl.SSLEngine now lists the protocols and
cipher suites supported and enabled by default.
Bug: 11220570
Change-Id: I6e365d58bfe2ddf60bae9dc7ccd0a33249e9e125
|
| |
|
|
|
|
|
|
| |
The Javadoc of javax.net.ssl.SSLSocket now lists the protocols and
cipher suites supported and enabled by default.
Bug: 11220570
Change-Id: I3b6a96a86618370a55abf3307cbaadd1a1587066
|
| |\
| |
| |
| |
| | |
* commit '439113b7577fa3ed7c974fe158034649551130c4':
Import resources, fix JarURLConnectionTest.
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The test case with the escaped URL still fails.
Change-Id: Iae3a58fea800d8b981cb09474d1fa77b7c361e4e
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* commit 'ebf160a0a41f2ea819b5c5c2e33199c098312941':
Add serialization golden files, fix tests.
|
| | |\ \ |
|
| | | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Moves a few golden files from luni/ to harmony-tests/
- Delete dead code in SerializationTester
- Fix a bug in SerializationTest (not sure how this
ever worked for resources with "." in their name)
Change-Id: Ia5b1376f4ada9b9c706a266ae077debeea5b1f29
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* commit '4cac31eba78e0002e19dae81443f664c66d83340':
Add untracked harmony tests.
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This has been deduped against :
libcore/luni/src/test/java/org/apache/harmony/luni/tests
libcore/luni/src/test/java/tests/api/
libcore/harmony-tests/src/test/java/tests/api
This is a minimal change that builds the entire test suite.
Many tests don't pass yet, they will be fixed in follow ups.
Notable tests that haven't been moved:
- ExcludedProxyTest: Might make requests to (now defunct)
external servers. All of this code is tested in okhttp.
- URLClassLoaderTest: Has a dependency on jetty, tested in
okhttp.
Notable test cases that haven't been moved:
- URLTest: overlap with okhttp, might make requests to
external servers.
- ServerSocketTest#test_init: Uses Support_execJava, which
we don't support yet. Isn't testing anything useful.
- FileTest#testDeleteOnExist: Uses Support_execJava which we don't
support yet. This is a useful test and we must ressurect it if
at all possible.
bug: 11650799
Change-Id: Ib277eb0bad465ea72b090168490a1a633611b3f3
|
| |\ \ \
| |/ /
|/| |
| | | |
Change-Id: Ibd80c5f1a8b7b2fb7b4e77c40e5a0499effff6aa
|
