From 6fb716bcbe2747cf1f13fcbfffa18a2c59619625 Mon Sep 17 00:00:00 2001 From: Narayan Kamath Date: Mon, 18 May 2015 12:48:39 +0100 Subject: Add test_PacketSocketAddress to the list of known failures. Needs CAP_NET_RAW which means it can only ever run successfully as root. bug: 19764047 (cherry picked from commit 676fbcf150d23bb81da6dccd40bcd085a2eeee8a) Change-Id: I6c24cb9a781340d4c92fb53aa2670ddb99031c73 --- expectations/knownfailures.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/expectations/knownfailures.txt b/expectations/knownfailures.txt index 6470e36..6aac9eb 100644 --- a/expectations/knownfailures.txt +++ b/expectations/knownfailures.txt @@ -1509,5 +1509,13 @@ "libcore.java.util.zip.Zip64FileTest#testZip64Support_totalLargerThan4G", "libcore.java.util.zip.Zip64FileTest#testZip64Support_hugeEntry" ] +}, +{ + description: "OsTest.test_PacketSocketAddress needs CAP_NET_RAW", + bug: 19764047, + result: EXEC_FAILED, + names: [ + "libcore.io.OsTest#test_PacketSocketAddress" + ] } ] -- cgit v1.1 From 3592cd2135a96441acd631ce97d0bdc4ab6f995e Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 12 May 2015 10:03:53 -0700 Subject: No need to test EC keys of 192 bits EC keys of 192 bits have a security level of 96 bits which is well below accepted minimum levels according to NIST SP800 131A. No need to be able to generate these anymore. Instead test 521-bit EC keys. (cherry picked from commit 9b8f9a1bb00f70f79f175282969d428d2aade062) Bug: 20563457 Change-Id: I674c255c55c910bb8f9ccdf1e5ad7f69a2bdac69 --- .../src/test/java/libcore/java/security/KeyPairGeneratorTest.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java b/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java index 7e08b5f..1320a8a 100644 --- a/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java +++ b/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java @@ -45,6 +45,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; +import java.util.Locale; import java.util.Map; import java.util.Set; import javax.crypto.interfaces.DHPrivateKey; @@ -198,7 +199,6 @@ public class KeyPairGeneratorTest extends TestCase { putKeySize("DiffieHellman", 512); putKeySize("DiffieHellman", 512+64); putKeySize("DiffieHellman", 1024); - putKeySize("EC", 192); putKeySize("EC", 224); putKeySize("EC", 256); putKeySize("EC", 384); @@ -207,10 +207,10 @@ public class KeyPairGeneratorTest extends TestCase { /** Elliptic Curve Crypto named curves that should be supported. */ private static final String[] EC_NAMED_CURVES = { - // NIST P-192 aka SECG secp192r1 aka ANSI X9.62 prime192v1 - "secp192r1", "prime192v1", // NIST P-256 aka SECG secp256r1 aka ANSI X9.62 prime256v1 "secp256r1", "prime256v1", + // NIST P-521 aka SECG secp521r1 + "secp521r1", }; private void test_KeyPairGenerator(KeyPairGenerator kpg) throws Exception { @@ -267,7 +267,7 @@ public class KeyPairGeneratorTest extends TestCase { } private void test_Key(KeyPairGenerator kpg, Key k) throws Exception { - String expectedAlgorithm = kpg.getAlgorithm().toUpperCase(); + String expectedAlgorithm = kpg.getAlgorithm().toUpperCase(Locale.ROOT); if (StandardNames.IS_RI && expectedAlgorithm.equals("DIFFIEHELLMAN")) { expectedAlgorithm = "DH"; } -- cgit v1.1 From bcdfeb2893b61ad97ba0bfac21bd6470267169ae Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Tue, 9 Jun 2015 11:08:52 -0700 Subject: Relax the test for inappropriate fallback Since we don't have a specific exception type for the SCSV inappropriate fallback cipher being used, we relied on scanning the cause message. BoringSSL has the error message of "INAPPROPRIATE_FALLBACK" which doesn't match the OpenSSL error message of "inappropriate fallback" so we need to relax the test a bit to accept both. This should be fine as we're just using the message as a proxy to determine whether the correct thing is done and not really trying to enforce a specific exception message. (cherry picked from commit 43e063b43daab0962554639dda272428a59f3c24) Bug: 21211765 Change-Id: I4e7cd5486c0eb8ab3e3f9b64b4e7234436ec4ee0 --- luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 8e4519d..89b05f3 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -1798,6 +1798,11 @@ public class SSLSocketTest extends TestCase { context.close(); } + private static void assertInappropriateFallbackIsCause(Throwable cause) { + assertTrue(cause.getMessage(), cause.getMessage().contains("inappropriate fallback") + || cause.getMessage().contains("INAPPROPRIATE_FALLBACK")); + } + public void test_SSLSocket_sendsTlsFallbackScsv_InappropriateFallback_Failure() throws Exception { TestSSLContext context = TestSSLContext.create(); @@ -1823,8 +1828,7 @@ public class SSLSocketTest extends TestCase { } catch (SSLHandshakeException expected) { Throwable cause = expected.getCause(); assertEquals(SSLProtocolException.class, cause.getClass()); - assertTrue(cause.getMessage(), - cause.getMessage().contains("inappropriate fallback")); + assertInappropriateFallbackIsCause(cause); } return null; } @@ -1839,8 +1843,7 @@ public class SSLSocketTest extends TestCase { } catch (SSLHandshakeException expected) { Throwable cause = expected.getCause(); assertEquals(SSLProtocolException.class, cause.getClass()); - assertTrue(cause.getMessage(), - cause.getMessage().contains("inappropriate fallback")); + assertInappropriateFallbackIsCause(cause); } return null; } -- cgit v1.1 From f192521c7e788a1f2443e976ca9cdfecba0913fe Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Wed, 10 Jun 2015 09:12:53 -0700 Subject: Fix X509CertificateTest.testVerifyPublicKeyString failure. The test was failing because it was making the wrong assumption that JCA's Signature implementation will select the implementation from the highest priority provider which offers the matching signature algorithm. This assumption is wrong because it does not take into consideration that JCA also filters providers using SupportedKeyClasses and SupportedKeyFormats attributes. In this particular case, AndroidKeyStore Provider happens to be the highest priority Provider which offers Signature.MD5withRSA. However, according to its declaration, it offers that only for public keys which are instances of AndroidKeyStorePublicKey. The fix is to rely on JCA's Signature implementation selection mechanism to find the highest priority provider which supports the desired public key. Bug: 21735869 Change-Id: Ie40f8a1cbf898966614a290c2d6cfe8350a1e99f --- .../tests/javax/security/cert/X509CertificateTest.java | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java index 26403f5..093e2e1 100644 --- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java +++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/security/cert/X509CertificateTest.java @@ -39,6 +39,7 @@ import java.security.Principal; import java.security.Provider; import java.security.PublicKey; import java.security.Security; +import java.security.Signature; import java.security.SignatureException; import java.security.Provider.Service; import java.security.cert.CertificateFactory; @@ -763,16 +764,16 @@ public class X509CertificateTest extends TestCase { } Security.addProvider(myProvider); - Provider[] providers = Security.getProviders("Signature.MD5withRSA"); - if (providers == null || providers.length == 0) { - fail("no Provider for Signature.MD5withRSA"); - return; - } + // Find the Provider which offers MD5withRSA for the certificate's + // public key. + Signature signature = Signature.getInstance("MD5withRSA"); + signature.initVerify(javaxSSCert.getPublicKey()); + Provider provider = signature.getProvider(); // self signed cert: should verify with provider try { javaxSSCert.verify(javaxSSCert.getPublicKey(), - providers[0].getName()); + provider.getName()); } catch (SignatureException e) { fail("blu"); } -- cgit v1.1 From e135be338e123469ad32cb1e383509e53103e3aa Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Wed, 10 Jun 2015 09:50:31 -0700 Subject: SSLSocketTest: add test with no ciphers If there are no ciphers set, there should just be a handshake failure. However, Conscrypt was throwing InvalidArgumentException in this configuration. (cherry picked from commit def50a267d0100fa560cf7bbcd0b9a9d5f5e068f) Bug: 21195269 Change-Id: I73cfc4927041ca9b1331b58859382573e7de6f63 --- .../java/libcore/javax/net/ssl/SSLSocketTest.java | 31 ++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 89b05f3..7e05054 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -420,6 +420,37 @@ public class SSLSocketTest extends TestCase { c.close(); } + public void test_SSLSocket_NoEnabledCipherSuites_Failure() throws Exception { + TestSSLContext c = TestSSLContext.create(null, null, null, null, null, null, null, null, + SSLContext.getDefault(), SSLContext.getDefault()); + SSLSocket client = (SSLSocket) c.clientContext.getSocketFactory().createSocket(c.host, + c.port); + client.setEnabledCipherSuites(new String[0]); + final SSLSocket server = (SSLSocket) c.serverSocket.accept(); + ExecutorService executor = Executors.newSingleThreadExecutor(); + Future future = executor.submit(new Callable() { + @Override + public Void call() throws Exception { + try { + server.startHandshake(); + fail(); + } catch (SSLHandshakeException expected) { + } + return null; + } + }); + executor.shutdown(); + try { + client.startHandshake(); + fail(); + } catch (SSLHandshakeException expected) { + } + future.get(); + server.close(); + client.close(); + c.close(); + } + public void test_SSLSocket_startHandshake_noKeyStore() throws Exception { TestSSLContext c = TestSSLContext.create(null, null, null, null, null, null, null, null, SSLContext.getDefault(), SSLContext.getDefault()); -- cgit v1.1 From 8442a3b2add64ef0246d6f046e40a63c25ce18ea Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Wed, 10 Jun 2015 10:20:30 -0700 Subject: SSLEngineTest: set up server instead of using anon This test was relying on "anon" cipher suites so that it didn't have to do any complicated setup of the server certificate store. Fortunately we already have a utility class we can use that does this setup for us so there is no need to rely on anonymous cipher suites that do no authentication. (cherry picked from commit 5be4c97a83895b7e1385445db6a1717eb8df3e9b) Bug: 21195269 Change-Id: I30bf4cd3b99bf946887cca293d616021cfce1bd7 --- .../harmony/tests/javax/net/ssl/SSLEngineTest.java | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/SSLEngineTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/SSLEngineTest.java index 8f68d6e..9360c00 100644 --- a/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/SSLEngineTest.java +++ b/harmony-tests/src/test/java/org/apache/harmony/tests/javax/net/ssl/SSLEngineTest.java @@ -36,6 +36,7 @@ import javax.net.ssl.SSLException; import javax.net.ssl.SSLEngineResult.HandshakeStatus; import junit.framework.TestCase; import libcore.java.security.StandardNames; +import libcore.javax.net.ssl.TestSSLContext; /** * Tests for SSLEngine class @@ -1042,21 +1043,12 @@ public class SSLEngineTest extends TestCase { private ByteBuffer writeBuffer; - HandshakeHandler(boolean clientMode, SourceChannel in, SinkChannel out) throws Exception { + HandshakeHandler(SSLContext context, boolean clientMode, SourceChannel in, SinkChannel out) + throws Exception { this.in = in; this.out = out; - engine = getEngine(); + engine = context.createSSLEngine(); engine.setUseClientMode(clientMode); - String[] cipherSuites = engine.getSupportedCipherSuites(); - Set enabledSuites = new HashSet(); - for (String cipherSuite : cipherSuites) { - if (cipherSuite.contains("anon")) { - enabledSuites.add(cipherSuite); - } - } - engine.setEnabledCipherSuites((String[]) enabledSuites.toArray( - new String[enabledSuites.size()])); - engine.beginHandshake(); status = engine.getHandshakeStatus(); @@ -1179,8 +1171,9 @@ public class SSLEngineTest extends TestCase { SinkChannel serverSink = serverSendPipe.sink(); SourceChannel clientSource = serverSendPipe.source(); - clientEngine = new HandshakeHandler(true, clientSource, clientSink); - serverEngine = new HandshakeHandler(false, serverSource, serverSink); + TestSSLContext context = TestSSLContext.create(); + clientEngine = new HandshakeHandler(context.clientContext, true, clientSource, clientSink); + serverEngine = new HandshakeHandler(context.serverContext, false, serverSource, serverSink); } boolean doHandshake() throws InterruptedException { -- cgit v1.1 From 39768a2e1c9c4fc8db1ea5b24ae601d10c923ece Mon Sep 17 00:00:00 2001 From: Mathieu Chartier Date: Thu, 11 Jun 2015 15:09:16 -0700 Subject: Send SIGQUIT when finalizer times out The motivation is to get a native stack trace of the thread if it is stuck in native code when runing a finalizer. Idea from agampe. Bug: 21060358 Change-Id: I370988e6a0067e1d407c21881c82e49b6adec050 --- libart/src/main/java/java/lang/Daemons.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libart/src/main/java/java/lang/Daemons.java b/libart/src/main/java/java/lang/Daemons.java index 43066e1..a6ac449 100644 --- a/libart/src/main/java/java/lang/Daemons.java +++ b/libart/src/main/java/java/lang/Daemons.java @@ -16,6 +16,8 @@ package java.lang; +import android.system.Os; +import android.system.OsConstants; import dalvik.system.VMRuntime; import java.lang.ref.FinalizerReference; import java.lang.ref.Reference; @@ -295,6 +297,14 @@ public final class Daemons { // We use the stack from where finalize() was running to show where it was stuck. syntheticException.setStackTrace(FinalizerDaemon.INSTANCE.getStackTrace()); Thread.UncaughtExceptionHandler h = Thread.getDefaultUncaughtExceptionHandler(); + // Send SIGQUIT to get native stack traces. + try { + Os.kill(Os.getpid(), OsConstants.SIGQUIT); + // Sleep a few seconds to let the stack traces print. + Thread.sleep(5000); + } catch (Exception e) { + System.logE("failed to send SIGQUIT", e); + } if (h == null) { // If we have no handler, log and exit. System.logE(message, syntheticException); -- cgit v1.1 From 290537194bb023a79336ee95cfb4daa88b8d56a3 Mon Sep 17 00:00:00 2001 From: Sergio Giro Date: Tue, 16 Jun 2015 17:43:07 +0100 Subject: libcore: removed unnecessary code in SSLSocketTest Was possibly causing a race condition (see b/21776011), for instance, in case readFirstReceivedChunkFuture was still executing IoUtils#closeQuietly while the thread was cancelled. Bug: 21776011 (cherry picked from commit c22dd77f727262ed8105b8b638aeb817997914fd) Change-Id: Ibb20a98102d5bdc9ac3eaa0b875801ab218356f1 --- luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java index 7e05054..bf2d0f8 100644 --- a/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java +++ b/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java @@ -1709,13 +1709,6 @@ public class SSLSocketTest extends TestCase { return null; } finally { IoUtils.closeQuietly(client); - - // Cancel the reading task. If this task succeeded, then the reading task - // is done and this will have no effect. If this task failed prematurely, - // then the reading task might get unblocked (we're interrupting the thread - // it's running on), will fail early, and we'll thus save some time in this - // test. - readFirstReceivedChunkFuture.cancel(true); } } }); -- cgit v1.1 From 43c137b25b7f69694983de494f4e9f217730d16a Mon Sep 17 00:00:00 2001 From: Narayan Kamath Date: Wed, 17 Jun 2015 14:23:33 +0100 Subject: ProviderTest: Add provider name to failure message. bug: 21870226 Change-Id: I1d91661599276394343b36a6601026ad46fc6b30 --- luni/src/test/java/libcore/java/security/ProviderTest.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/luni/src/test/java/libcore/java/security/ProviderTest.java b/luni/src/test/java/libcore/java/security/ProviderTest.java index 9cb780a..fafedd3 100644 --- a/luni/src/test/java/libcore/java/security/ProviderTest.java +++ b/luni/src/test/java/libcore/java/security/ProviderTest.java @@ -218,7 +218,8 @@ public class ProviderTest extends TestCase { } catch (ClassNotFoundException e) { // Sun forgot their own class if (!className.equals("sun.security.pkcs11.P11MAC")) { - fail("Could not find class " + className + " for " + typeAndAlgorithm); + fail("Could not find class " + className + " for " + typeAndAlgorithm + + " [provider=" + provider.getName() + "]"); } } } @@ -227,8 +228,9 @@ public class ProviderTest extends TestCase { for (Entry entry : aliases.entrySet()) { String alias = entry.getKey(); String actual = entry.getValue(); - assertTrue("Could not find implementation " + actual + " for alias " + alias, - implementations.containsKey(actual)); + assertTrue("Could not find implementation " + actual + " for alias " + alias + + " [provider=" + provider.getName() + "]", + implementations.containsKey(actual)); } } } -- cgit v1.1