72e44404c32a98e7675a6e7cfbf856adb499a434 |
|
09-Oct-2012 |
Brian Carlstrom <bdc@google.com> |
Change OpenSSLCipherRSA.{engineGetBlockSize,engineGetOutputSize} to return result based on key size Includes cherry-pick of 847f22adbd0e829b84491d7202dcbed5bf67a98c Bug: 7192453 Change-Id: Ib5fa1e313d942d2c1034e8e7831af285ad24d71d
|
f3862a786823c304a0f36f11266c66a55a68a5cf |
|
06-Oct-2012 |
Kenny Root <kroot@google.com> |
NativeCrypto: clear errors for key verification It appears that OpenSSL has a bug where any DSA key verification operation that fails will push an error on the OpenSSL error stack. This change will clear the error state whenever a key verification is performed. (cherry picked from commit 912d5102b2986e3cdedb311784a43c7fe68db790) Bug: 7302619 Change-Id: I16d1afad20f2d3934a01963ab62eea45b6caa6a1
|
51de62cf77a070e2a45ae397c391832b9a781d91 |
|
30-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Fix flaky NativeCryptoTest.test_SSL_do_handshake_client_timeout Fix similar issue in test_SSL_do_handshake_server_timeout Bug: 6229479 Change-Id: If2cf7d7dfe468843285a531f4b8b42941996a3ed
|
db611c5813f623ee0403aedd156bb15780ed6e69 |
|
30-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
NativeCryptoTest#test_SSL_do_handshake_clientCertificateRequested_throws_after_renegotiate failure Bug: 6964910 Change-Id: I13bed4e5ed104241025fbb1d5e28427ec16d7a80
|
615225a35dbd838210270b282d1196deff643b51 |
|
22-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Add OpenSSLSocketImpl.setSoWriteTimeout to allow SO_SNDTIMEO to be specified Bug: 6693087 Change-Id: Ie6903168ca0ada4516c55dfab5f7194baf965b4c
|
0a156e0126e8015f2791e9a7dd48bbdaeae0c335 |
|
12-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Summary: - Add OpenSSLProvider support for Cipher.RSA/None/PKCS1Padding Added NativeCrypto.RSA_private_decrypt and NativeCrypto.RSA_public_encrypt - Changed OpenSSLSignatureRawRSA to use new Cipher.RSA/None/PKCS1Padding Removed now obsoleted NativeCrypto APIs for RSA_padding_add_PKCS1_type_1 and RSA_padding_check_PKCS1_type_1 - added wrap/unwrap support OpenSSLCipherRSA Needed for SSLEngine (and fallback SSLSocket implementation) which are now picking up the new Cipher.RSA/None/PKCS1Padding - expanded CipherTest to sanity test all algorithms and PKCS1 padding Change-Id: I03566cc86ffce07d44d5e0094fa82c9c24587c26
|
c44b3f5d857d0d3f4d3668de905cdac5080ede3b |
|
01-Sep-2012 |
Kenny Root <kroot@google.com> |
Better OpenSSL key comparison Use native code to compare OpenSSL keys instead of converting them to Java BigIntegers first. Change-Id: If795c9c26e41174755cdab34ff70e01c7487c9bd
|
8b43d6de8df989711dd0779d689e1a1c1f9df68e |
|
31-Aug-2012 |
Brian Carlstrom <bdc@google.com> |
Fix NativeCrypto.d2i_SSL_SESSION to initialize SSL_SESSION's cipher field Bug: 7091840 Change-Id: I9dee0e39bae6aba28c7ea768242e64c9443d9e49
|
7695a9b3261bfee3a810e0829bd8082fe1fcb6a4 |
|
30-Aug-2012 |
Brian Carlstrom <bdc@google.com> |
Disable SSL compression Bug: 7079965 Change-Id: I8e060a827613e212bbcced66507fbf124bb04543
|
882ff343913f54cd02478fed2e9c41dfccd78a45 |
|
11-Jun-2012 |
Edwin Vane <edwin.vane@intel.com> |
Avoid variable-length non-POD element array Clang doesn't like variable-length arrays of non-POD types. Added new X509Vector to hold the OpenSSL X509* references and preserve the RAII style. Change-Id: I85d61d6c26ff06fb7da8091376394b8438fb1fea Reviewed-by: Kevin P Schoedel <kevin.p.schoedel@intel.com> Author: Edwin Vane <edwin.vane@intel.com>
|
4efbf2b6dfcbdacbc580ebbf35d39883bd7ec562 |
|
17-Aug-2012 |
Kenny Root <kroot@google.com> |
Clear errors after failed ENGINE_add Change-Id: I2f9c39717db9419c7924031fc30b7cc069c19d2e
|
106a8928fb4249f2f3d4dba1dddbe73ca5cb3d61 |
|
16-Aug-2012 |
Kenny Root <kroot@google.com> |
Call ENGINE_add to prevent ENGINEs from unloading The only user of the OpenSSLEngine interface is a dynamic engine (loaded from eng_dyn.c), so it will unload the .so when references to it decrease to zero. Calling ENGINE_add will add the loaded engine to the list of loaded engines. The next time ENGINE_by_id is called, it will just use the one from the list instead of loading the .so again. You can still control whether the engine is ref-counted or copied with ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) in the engine initialization method. Change-Id: Ic005e9ea22a3c6027e3a5aab2adf41fb7995c1f0
|
694677f69b14ed61ca62473a04d52ac1659b8dd2 |
|
08-Aug-2012 |
Kenny Root <kroot@google.com> |
Exit early from client_cert_cb when appropriate Under error conditions, return -1 from client_cert_cb to cause the SSL connection to exit early. If there is a pending Java exception that needs to percolate up to the JVM, this should be brought up as soon as possible. (cherry-picked from 914e7c1a4c7fd45d7398f43cf28e5689d1422936) Change-Id: Ie7b7865a8025e90b54ee16525e5856a6ca598d6d
|
914e7c1a4c7fd45d7398f43cf28e5689d1422936 |
|
08-Aug-2012 |
Kenny Root <kroot@google.com> |
Exit early from client_cert_cb when appropriate Under error conditions, return -1 from client_cert_cb to cause the SSL connection to exit early. If there is a pending Java exception that needs to percolate up to the JVM, this should be brought up as soon as possible. Change-Id: Ifb3f908b027f80507ba549757f0cd6e1891d8bdd
|
7501e29e0182accf28cc317870a3bbe1e25f4bfa |
|
31-Jul-2012 |
Kenny Root <kroot@google.com> |
Add raw RSA signature support With the new Keystore changes, this is the only way you can get raw RSA signatures which a lot of native code expects to be able to do. (cherry-picked from c531f5f402b4cedcc35a0b7f0b540dc84c545106) Bug: 6787078 Change-Id: I1c5ddd5287be1ab71347eedc864a41c24e156cb4
|
c531f5f402b4cedcc35a0b7f0b540dc84c545106 |
|
31-Jul-2012 |
Kenny Root <kroot@google.com> |
Add raw RSA signature support With the new Keystore changes, this is the only way you can get raw RSA signatures which a lot of native code expects to be able to do. Bug: 6787078 Change-Id: I1c5ddd5287be1ab71347eedc864a41c24e156cb4
|
a40fcc07b281313cb0ad125d8a1a2d6adec8e867 |
|
19-Jul-2012 |
Narayan Kamath <narayan@google.com> |
Add NPN related logging to native crypto Also fixes a compilation error when logging macros are expanded. (cherry-picked from 8a545afcbad15fdd805b9b7790d3d1aa6323fd9e) Change-Id: I1e422917cdb6fec56398344ee096eb50ab519668
|
46aabcb28b0e3b807f6db8c33173962d6f2cb71f |
|
12-Jun-2012 |
Kenny Root <kroot@google.com> |
Add OpenSSL provider for SHA1PRNG (cherry-pick of 4718b07e482ccb083ce3dfff228d0615b96a8dd2 and 84fb77d814b0ad04d70addb04847797925acf805.) Change-Id: Ib45c646a8596bf5ea0629408d6057d3828a1ac94
|
f4439e56aa3c88da66d2c6c969f9cb6b73cfa0ec |
|
01-Aug-2012 |
Brian Carlstrom <bdc@google.com> |
Increment OpenSSLKey EVP_PKEY reference when it is selected for use with SSL_use_PrivateKey Bug: 6866852 Bug: http://code.google.com/p/android/issues/detail?id=35326 (cherry-picked from 1f9fe21b93f1d1ee44a325629a05ee4f476e5f6a) Change-Id: I4e995de38414a7841bca0e0bba7d15b01c3bffd9
|
1f9fe21b93f1d1ee44a325629a05ee4f476e5f6a |
|
01-Aug-2012 |
Brian Carlstrom <bdc@google.com> |
Increment OpenSSLKey EVP_PKEY reference when it is selected for use with SSL_use_PrivateKey Bug: 6866852 Bug: http://code.google.com/p/android/issues/detail?id=35326 Change-Id: If14b9866dc15fe284130393534ae3ed66977d72f
|
df9f5967a3b8dc2f61183d155791393b67980511 |
|
24-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Fix OpenSSLSocketImpl.close race Move the NativeCrypto.SSL_interrupt call within the close synchronization. Otherwise there can be problems if NativeCrypto_SSL_interrupt tries to use the SSL* and another thread has called NativeCrypto_SSL_free. Bug: 6707288 Change-Id: Id8b0311b10124f2a08f8e0f24595a6ee46805c33
|
8a545afcbad15fdd805b9b7790d3d1aa6323fd9e |
|
19-Jul-2012 |
Narayan Kamath <narayan@google.com> |
Add NPN related logging to native crypto Also fixes a compilation error when logging macros are expanded. Change-Id: I1e422917cdb6fec56398344ee096eb50ab519668
|
4718b07e482ccb083ce3dfff228d0615b96a8dd2 |
|
12-Jun-2012 |
Kenny Root <kroot@google.com> |
Add OpenSSL provider for SHA1PRNG Change-Id: I45a3c1c0089aa439629e4645f15b16bd35aa6f55
|
679ac55c3c037887edfc6ce6f42a23cd7c11cd12 |
|
12-May-2012 |
Jesse Wilson <jessewilson@google.com> |
Only use SSL CUTTHROUGH (False Start) if the server supports NPN. We enable cutthrough on the client if the server supports NPN. We never enable cutthrough on the server because most relevant protocols (ie. HTTP) are client-speaks-first and those don't benefit from cutthrough on the server. I verified this by enabling NPN on both client and server and checking that the client's Application Data was sent before the server's Change Cipher Spec. To increase the likelihood of this otherwise racy situation I put the server in SSL debug mode after it receiving next_protos_advertised_callback. OpenSSL's debug mode adds a 1-second sleep before each read and write. Bug: http://b/6331035 Change-Id: I879b5fb26dc237392a36fe0585c8a6519c0e5220
|
7cd6760f7045d771faae8080a8c6150bf678f679 |
|
04-May-2012 |
Elliott Hughes <enh@google.com> |
Make libjavacore independent of libnativehelper for the PDK. Bug: 6369821 Change-Id: Ie038571a5dac1f301c0c3c6fb84df432e67b62c0
|
88f3ec9ebfd60998eb321f8c182009dace9bf983 |
|
01-May-2012 |
Brian Carlstrom <bdc@google.com> |
NativeCrypto should honor timeout less than one second Bug: http://code.google.com/p/android/issues/detail?id=29680 Change-Id: I4507a1e9fe37b1c095f7bb4d3e3a55d6d738f7ad
|
ebe87d125b8cc83238914f84f5f7aa799c0d83bd |
|
15-Apr-2012 |
Brian Carlstrom <bdc@google.com> |
Use SSL_CTX_set_session_id_context in ServerSessionContext Without this, OpenSSL with fail when SSLSessions are reused on an SSLServerSocket when client certificates are requested. Bug: 6329719 Change-Id: I9b14b32cccee1e5aba1215cebf81eb05a788d63b
|
beac31ef5949d994a7096f20f12fcf929b06884d |
|
26-Mar-2012 |
Kenny Root <kroot@google.com> |
More support for ENGINE-based keys Tweak some of the parameters for RSA and DSA keys to allow ENGINE-based keys to exist without needing to define private key material. Change-Id: Ide2884d6d97636ae2178f8e789eaeec1babd9650
|
600dc4949de6bf5608e5f5a5214cde59299b683a |
|
26-Mar-2012 |
Jesse Wilson <jessewilson@google.com> |
Don't use the SSL_CTX prefix for a method that takes an SSL. The implementation is asymmetric: enabling NPN is per-context, but actually looking up the negotiated protocol is per-SSL. This caused me to screw up in following the SSL_CTX naming scheme; I applied it in too many places. Change-Id: I5bd1be334d513f220086c901527d0b8416f2ba3f
|
0348f58cf3bd2c3cbac65f785df1197fc626f6fa |
|
26-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Fix phone boot (cherry picked from commit a8ef467e8e6be1681d63fe692ecce3b301801faa) Change-Id: I650d1fc98277b64f127204cae408acb69db354e9
|
25977e422febea04dac9fb9c35d7271d55d3b6b8 |
|
23-Mar-2012 |
Jesse Wilson <jessewilson@google.com> |
Expose NPN in OpenSSL. This is derived from costin's change Ib18da136cb628515d6909c438cd0809452d7058a. It moves the protocols data to the AppData's callbacks so the memory can be released when the handshake completes. Change-Id: Id61feaa6f28250e393f5c8093688b099e92dce9c
|
3e6dd45baa0d7f9b4fa06f4ade76e088b59cc7bf |
|
16-Mar-2012 |
Brian Carlstrom <bdc@google.com> |
Tracking openssl-1.0.1 Bug: 6168278 Change-Id: I240d2cbc91f616fd486efc5203e2221c9896d90f
|
41e34229c07e8d05090560ff80558fa222623769 |
|
09-Mar-2012 |
Kenny Root <kroot@google.com> |
Add support for OpenSSL engines This allows OpenSSL ENGINE to be used for RSA and DSA private key operations. Also add in support for directly passing an OpenSSLKey to the OpenSSLSocketImpl in case we are using ENGINEs. Change-Id: Ia31735109052a13e421900b69ba5de13bbce0f6f
|
5313aaf64335ca4e9768c66de697f0ce8f7e2227 |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Fix JNI yet again to have same return types Newer compiler complains on return type mismatch. Change the error return from NULL -> 0 to please the compiler. Change-Id: Ib3e5f4a0e3e2507009cb309bb7965efbb968b7cb
|
68dc9c0f9ea2913a627aa3df81f4956efa48a980 |
|
06-Feb-2012 |
Kenny Root <kroot@google.com> |
OpenSSL block ciphers, part 1 This implements the NativeCrypto piece necessary to do basic block cipher operations. More work will need to be done to enable useful modes. This gives us the ability to replace BouncyCastle's ECB mode that it bases the higher level CBC, CTR, etc modes on. However, calling through JNI to OpenSSL for 16-byte blocks for AES ends up being the same speed as the Java implementation. Further enhancements to use large blocks during the JNI call should show marked improvements in speed. Change-Id: I594a6d13ce5101a1ef2877b84edaa5e5b65e1e71
|
82ad6d54c7c1ccc03aed976cbf3ad19fa208564f |
|
04-Feb-2012 |
Kenny Root <kroot@google.com> |
Change return type to match function Change-Id: Ie4edc0ecc45cef924743e6c1b2f66832a2cf71c7
|
e50519aa549f6032b61e7d5b03f26510b10a8350 |
|
03-Feb-2012 |
Kenny Root <kroot@google.com> |
Fix up some JNI nits Some of the existing JNI functions were implicitly casting jint to pointers. Explicitly do this. Also make sure we're checking for errors when we should. Unique_... classes don't throw a NPE, so we have to throw exceptions when they end up being NULL when we don't expect them to. Change-Id: I12044446777eb02e407a03b0f0ecad5189c17602
|
0e1edea41b8747edd1a3e3237e82d1e48c31ae58 |
|
03-Feb-2012 |
Kenny Root <kroot@google.com> |
Fix return types so the compiler is happy The newer compiler is throwing errors of the type: error: converting to non-pointer type 'int' from NULL [-Werror=conversion-null] Change-Id: I5bea50f760a1a9d747b39f9459dab2fbe7fdf7a7
|
746a236e2be5dee62c482e27f4c682496d071d8b |
|
01-Feb-2012 |
Kenny Root <kroot@google.com> |
Add OpenSSL KeyPairGenerator and KeyFactory Refactor the way OpenSSL keys are handled so we can generate OpenSSL keys with the KeyPairGenerator and KeyFactory and pass them around without keeping the context in the OpenSSLSignature where it originated. Change-Id: Ib66bd1914e241a240cd97b1ea37e8526998107d9
|
1dfb8aa653d52268087f450e9b5a865e08b56d98 |
|
31-Jan-2012 |
Kenny Root <kroot@google.com> |
Add signature generation to OpenSSLSignature Change-Id: I1203516d95a937edb48959146bbec64b338e4f1e
|
679cf68b607e9b4a3beb8bcdee06868ae583386f |
|
08-Jan-2012 |
Steve Block <steveblock@google.com> |
Rename (IF_)LOGE(_IF) to (IF_)ALOGE(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/#/c/157220 Bug: 5449033 Change-Id: I3deb0b1b71cf4ec6d82921a2e0015c3a7b397cbf
|
ce1396eb6e63e3dd785f5052dd77aab1a2d4af7c |
|
20-Dec-2011 |
Steve Block <steveblock@google.com> |
Rename (IF_)LOGD(_IF) to (IF_)ALOGD(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/156016 Bug: 5449033 Change-Id: If68c0a933417163908aa05cebffd2863b581d7c8
|
f3c9acbc3ebd72090221f1781f7f48c0390c1c44 |
|
20-Oct-2011 |
Steve Block <steveblock@google.com> |
Rename LOGV(_IF) to ALOGV(_IF) DO NOT MERGE See https://android-git.corp.google.com/g/#/c/143865 Bug: 5449033 Change-Id: Ifc8ada20e2b316bb24aa4ba3483e2fcbb9439669
|
487c58a9ff0cb4c6e074b2f5d99a0c3efa54fa37 |
|
16-Jul-2011 |
Brian Carlstrom <bdc@google.com> |
Replace NativeCrypto.verifySignature with OpenSSLSignature Bug: http://code.google.com/p/android/issues/detail?id=18458 Bug: 5037994 Change-Id: Ie9521df80b3b50e69b5cf9e6f8eb861845b4d30e
|
638000042da777f6d628d88dadde957c52597710 |
|
29-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Add ExceptionCheck after all places we setCallbackState Also remove byte versions of SSL_read and SSL_write matching rest of libcore to avoid making the change in even more places. Note that testing this change required improving SSL_renegotiate which is only used for testing. Change-Id: If425764da3a36508a6c65d90eb3d36c5a018fd18
|
f08498e4998c3b7197cb31a9fc44910bfd4eeecc |
|
25-Jun-2011 |
Doug Kwan <dougkwan@google.com> |
Fix gcc-4.6 compiler warnings about conversion between pointer and integer. Change-Id: I2b8827d5110144a972eb9f3bf1e1f4621afef683
|
1a577c958a277329ab2eeb23903d9f8b08e1d35e |
|
07-Jun-2011 |
Elliott Hughes <enh@google.com> |
Check that the result of UniquePtr::release is always used. (And silence the warnings in those cases where it isn't because we're working around OpenSSL API lossage.) Change-Id: Ibc7958373e7a899a6cd03a0177f97bf3a73c0e15
|
5c42f5792a0ad4159d30e7fd18958a21bf8b327f |
|
01-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Cleanup diagnosing HandshakeCompletedEventTest.testClientAuth Change-Id: I9f71a2578c6e9d01e1b8cffcfc344f5116ad5db5
|
57d0a10f4fa6cae6d5c63b4f799e048e83c5d11e |
|
03-Mar-2011 |
Elliott Hughes <enh@google.com> |
Make all filenames match their classes. Change-Id: I2c9f95a27ee3881fc609e3e4f1468205c701215d
|
12cd1f00c2fa1a7f37bf644cecdf7588bdc0b0a9 |
|
23-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Remove libcore's dependency on bouncycastle external/bouncycastle - Change to be the primary build for bouncycastle sources (as opposed to part of libcore) - Moved OpenSSLMessageDigest from libcore to OpenSSLDigest It uses NativeCrypto API from core, but implements a bouncycastle specific interface - restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5 OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice - enabled native versions of SHA-384 and SHA-512 - pruned MD4 implementation frameworks/base - frameworks and CoreTests modules now depend on bouncycastle - update preloades classes for NativeBN package change - moved CryptoTest to libcore libcore - core now builds without bouncycastle sources - core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle - removed libcore/openssl directory, moving NativeBN to java/math - minor cleanup of Provider, Security, Services style while working on ProviderTest - added new OpenSSLProvider registered as first provider to have priority over the others to ensure our native implementations are used - moved BouncyCastle to have priority as a provider over Harmony - JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest - Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider - To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys This is more efficient as well avoiding the base64 decode/encode of the binary data - removed SHA-224 to match the RI packages/apps/CertInstaller - CertificateInstaller module now depends on bouncycastle this is the only app to depend on bouncycastle system/core - updated BOOTCLASSPATH Change-Id: I6205366b12baec4331b4a76e2c85d8324bf64b2c
|
a9f5c16a864ff63ba63f810410f8a27c086d5d52 |
|
17-Jun-2010 |
Elliott Hughes <enh@google.com> |
Remove dynamic calls to FindClass. Initially, I was just fixing a threading bug in NativeDecimalFormat.cpp where we were bypassing GCC's built-in static initializer thread safety. This led me to the question of how expensive FindClass is, which led me to creating a new canonical cache of jclasses. Here's the motivating benchmark, showing the cost of calling an empty regular (non-native) method, an empty native method, a native method that calls FindClass, a native method that calls FindClass and GetFieldID, and a native method that calls FindClass and GetMethodID: benchmark ns logarithmic runtime NoArgsRegular 74 |||||||||||||| NoArgsNative 428 XX||||||||||||||||||| FindClass 3064 XXXXXXXXXXXXXXXX||||||||||| FindClassGetField 3654 XXXXXXXXXXXXXXXXXXX||||||||| FindClassGetMethod 5634 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Change-Id: I41ab2b347895f043a7e21d8fa19e4541e198c3fc
|
05960876dff6a5b686821eed8f7ae7cef5af4f50 |
|
27-May-2010 |
Elliott Hughes <enh@google.com> |
Enhance ScopedUtfChars to include the null check most callers were missing. Also switch most non-users over to ScopedUtfChars. Also ensure all users check that ScopedUtfChars was successful in getting the chars. Also rewrite ObjectInputStream and ObjectOutputStream without duplication. Change-Id: I929d00fe3ff50b303cba4a2cf2269355e9fef5f9
|
0c131a2ca38465b7d1df4eaee63ac73ce4d5986d |
|
21-May-2010 |
Brian Carlstrom <bdc@google.com> |
RI 6 support for javax.net.ssl Summary: - RI 6 support for javax.net.ssl - SSLEngine fixes based on new SSLEngineTest - fix Cipher.checkMode bug recently introduced in dalvik-dev Details: Fix Cipher.checkMode that was preventing most javax.net.ssl tests from working luni/src/main/java/javax/crypto/Cipher.java RI 6 has introduced the concept of a "Default" SSLContext. This is accessed via SSLContext.getDefault() and also SSLContext.getInstance("Default"). Harmony had its own DefaultSSLContext but it was not created via an SSLContextSpi. It also was a single shared instance whereas the new RI6 Default SSLContext shares internal SSLSessionContext instances between different Default SSLContexts. Refactored the old code into an SSLContextImpl subclass that allows it to be created via SSLContext.getInstance. SSLContextImpl ensures that we only ever create one set of SSLSessionContext instances for the Default context. luni/src/main/java/javax/net/ssl/DefaultSSLContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DefaultSSLContextImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added SSLContext.getDefault and SSLContext.setDefault luni/src/main/java/javax/net/ssl/SSLContext.java Replace dependencies of old DefaultSSLContext with use of SSLContext.getDefault luni/src/main/java/javax/net/ssl/SSLServerSocketFactory.java luni/src/main/java/javax/net/ssl/SSLSocketFactory.java Register "SSLContext.Default" as DefaultSSLContextImpl class for SSLContext.getInstance() luni/src/main/java/org/apache/harmony/xnet/provider/jsse/JSSEProvider.java Added constant for new "Default" standard name and added it to SSL_CONTEXT_PROTOCOLS. New tests based on SSL_CONTEXT_PROTOCOLS made it clear that neither Android or RI support SSLv2 so removed it from SSL_CONTEXT_PROTOCOLS and SSL_SOCKET_PROTOCOLS. Added constant for TLS as well which was previously scattered all over tests. Remove SSLv2Hello from SSL_SOCKET_PROTOCOLS for Android since with OpenSSL disablign SSLv2 means you can not use SSLv2Hello either. support/src/test/java/javax/net/ssl/StandardNames.java Added tests for SSLContext.getDefault and SSLContext.setDefault. Changed existing tests to work on all protocols including new "Default". luni/src/test/java/javax/net/ssl/SSLContextTest.java RI 6 has introduced the notion of SSLParameters which encapsulate SSL the handshake parameters of desired cipher suites, protocols, and client authentication requirements. The main new class SSLParameters is basically just a bag of fields with accessors and a couple simple constructors. The only things of note are that it clones all String arrays on input and output and the setters for the two boolean fields ensure that only one is true at a time. luni/src/main/java/javax/net/ssl/SSLParameters.java Added SSLContext.getDefaultSSLParameters and SSLContext.getSupportedSSLParameters which simply delegate to the SSLContextSpi. luni/src/main/java/javax/net/ssl/SSLContext.java Added abstract SSLContextSpi.engineGetDefaultSSLParameters and SSLContext.engineGetSupportedSSLParameters. luni/src/main/java/javax/net/ssl/SSLContextSpi.java Added engineGetDefaultSSLParameters and engineGetSupportedSSLParameters implementation. The RI documents in SSLContextSpi that these are implemented by default by creating a socket via the SSLContext's SocketFactory and asking for the enabled/supported cipher suites and protocols respectively, so that is what is done. The doc mentions throwing UnsupportedOperationException if there is a problem, so we do that as well. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Added {SSLEngine,SSLSocket}.{getSSLParameters,setSSLParameters} which are analogous. luni/src/main/java/javax/net/ssl/SSLEngine.java luni/src/main/java/javax/net/ssl/SSLSocket.java Added SSLParametersTest luni/src/test/java/javax/net/ssl/SSLParametersTest.java luni/src/test/java/javax/net/ssl/AllTests.java Added SSLContext.get{Default,Supported}SSLParameters tests luni/src/test/java/javax/net/ssl/SSLContextTest.java Added SSLSocket.{getSSLParameters,setSSLParameters} tests and added some extra asserts to test_SSLSocketPair_create based on experience with test_SSLEnginePair_create. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Dummy implementation of new SSLContextSpi for test classes. support/src/test/java/org/apache/harmony/security/tests/support/MySSLContextSpi.java support/src/test/java/org/apache/harmony/xnet/tests/support/MySSLContextSpi.java Other minor RI 6 API changes: RI 6 removed Serializable from HandshakeCompletedEvent and SSLSessionBindingEvent luni/src/main/java/javax/net/ssl/HandshakeCompletedEvent.java luni/src/main/java/javax/net/ssl/SSLSessionBindingEvent.java RI 6 added generic types to the KeyStoreBuilderParameters List constructor and accessor as well as to SSLSessionContext.getIds. Fixed tests to compile with generic types. luni/src/main/java/javax/net/ssl/KeyStoreBuilderParameters.java luni/src/main/java/javax/net/ssl/SSLSessionContext.java luni/src/test/java/tests/api/javax/net/ssl/KeyStoreBuilderParametersTest.java SSLEngine improvements. Since I was changing SSLEngine, I wrote an SSLEngineTest based on my SSLSocketTest to do some simply sanity checking. It expose a number of issues. I've fixed the small ones, marked the rest as known failures. Renamed some TLS_ cipher suites to SSL_ to match JSSE standard names. These were all old suites no longer supported by RI or OpenSSL which is why they were missed in an earlier cleanup of this type in this class. Also fixed SSLEngine supported cipher suites list not to include SSL_NULL_WITH_NULL_NULL which is not a valid suite to negotiate. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java SSLEngine instances can have null host values, which caused a NullPointerException in the ClientSessionContext implementation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java SSLEngine tests were failing because SSLParameters was throwing NullPointerException instead of IllegalArgument exception on null element values. Fixed null pointer message style while I was here. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java Fixed SSLEngine instances to default to server mode like RI luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLContextImpl.java Fixed KEY_TYPES based on SSLEngine implementation. Removed dead code NativeCrypto.getEnabledProtocols which was recently made obsolete. Cleaned up null exception messages to follow our convention. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added SSLEngineTest which parallels SSLSocketTest in its coverage. Similarly added TestSSLEnginePair which loosely parallels TestSSLSocketPair. luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/AllTests.java support/src/test/java/javax/net/ssl/TestSSLEnginePair.java SSLEngineTest betters exposed the differences between SSLSocket and SSLEngine supported cipher suites. StandardNames now has an CIPHER_SUITES_SSLENGINE definition which denotes what is missing and what is extra and why in the SSLEngine implementation. support/src/test/java/javax/net/ssl/StandardNames.java Created StandardNames.assert{Valid,Supported}{CipherSuites,Protocols} to factor out some code test code that is also used by new tests. support/src/test/java/javax/net/ssl/StandardNames.java luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt SSL_OP_NO_TICKET change was recently merged from master which required some fixes. For the moment, sslServerSocketSupportsSessionTickets always returns false. support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed flakey test_SSLSocket_HandshakeCompletedListener which had a race because the client thread look in the server session context for an session by id potentially before the server thread had a chance to store its session. Made noticable because of SSL_OP_NO_TICKET recently merged from master (before this code path was host only, not device) luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fix checkjni issue where we need to check for pending exception in OpenSSL callback. Possibly introduced by recent merge of SSL_OP_NO_TICKET from master. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Expectation updates Remove SSLSocketTest known failure and add new SSLEngineTest known failures expectations/knownfailures.txt Tag test_SSLSocket_getSupportedCipherSuites_connect as large expectations/taggedtests.txt Misc changes: opening brace on wrong line luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Long line cleanup while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/HandshakeProtocol.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketFactoryImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketFactoryImpl.java support/src/test/java/javax/net/ssl/TestKeyStore.java Removed bogus import luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Comment clarify while debugging luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Ctor -> Constructor in comment luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLEngineImpl.java Fixed naming of SocketTest_Test_create to TestSocketPair_Create to match renamed classes luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I99505e97d6047eeabe4a0b93202075a0b2d486ec
|
f7b8b35bcc93523ef224039b009608b1ea3b81f3 |
|
22-May-2010 |
Brian Carlstrom <bdc@google.com> |
Manual recreation of dalvik change 720d1e962e248a30f81c1493081ff4c01e35c839 in libcore Disable SSL Session Ticket extension for OpenSSLSocket Due to compatability issues with some sites, disable this SSL extension which wasn't present in Eclair. See also: b/2682876 Some ssl sites cause "A secure connection could not be established" error Change-Id: Ife94f65a063011f09553877a9fb71f42ecc76f5e
|
ebca53a204302c5e559b5c2c9014b48048faf4d4 |
|
21-May-2010 |
Elliott Hughes <enh@google.com> |
Add write-back ScopedPrimitiveArrays (and use them). I've left the remaining Get/Release Critical calls in "NativeConverter.cpp" for the next patch, even though getting into position to fix them is part of the point of this patch. Change-Id: I99e15a3cf3919008343ae4dc856c86ced233e07a
|
aacf6f9741dea0f12fbff5e7696e53f251177280 |
|
20-May-2010 |
Brian Carlstrom <bdc@google.com> |
Enable Diffie-Hellman cipher suites Enable Diffie-Hellman cipher suites in NativeCrypto (and in StandardNames to match for testing). This means we now have the same default cipher suite list as RI 5. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java support/src/test/java/javax/net/ssl/StandardNames.java Enabling DH made it obvious that the RI check for enable cipher suites on SSLServerSocket.accept was not as stringent as first thought. Apparently they don't care if all enabled cipher suites have certificates/keys, just that at least one of them will work, even if its anonymous. Factored out the logic to check this into checkEnabledCipherSuites for clarity along with the supporting checkForPrivateKey. Also only check if the socket is in server mode, since its fine to have nothing configured for server acting as a client for handshake purposes. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java The real work to enable Diffie-Hellman was to use SSL_CTX_set_tmp_dh_callback to set a callback to get DH parameters. There are two ways to create the parameters. The first is to use DH_generate_parameters_ex which is very slow (minutes) as is recommended as install time option. The second is to use DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for a single call, but must be done every time, so slower overall. We currently take the second approach to just have DH working. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java Renamed CipherSuites defaultPretendant to defaultCipherSuites which led to renaming the CipherSuites constants to follow the coding style. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543
|
b5b39e448a80d3bfacbc56afd769855e77f0fb7f |
|
20-May-2010 |
Brian Carlstrom <bdc@google.com> |
Add RSA ephemeral callback for SSL_RSA_EXPORT_WITH_RC4_40_MD5 support (and move to UniquePtr) Summary: Used SSL_CTX_set_tmp_rsa_callback to provide a callback for supplying ephemeral RSA key for export cipher SSL_RSA_EXPORT_WITH_RC4_40_MD5 (aka EXP-RC4-MD5) As part of this added rsaGenerateKey and while doing that started adding UniquePtr deleters for BN and RSA and then just decided to do the rest of the file. Details: Added tmp_rsa_callback to provide emphemeral RSA keys luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Removed last KnownFailure in my JSSE tests. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Switching to UniquePtr to manage SSL types. Found a couple places not error checking along the way. Removed LOGE from throw* methods since jniThrowException does that. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I27413c0073cd2cc405c83d35a0772c7901ce25c6
|
f3f7cc7cb8650bed3b3e6c94104c79e20ef565dd |
|
19-May-2010 |
Brian Carlstrom <bdc@google.com> |
SSLSocket.startHandshake should throw SSLProtocolException on handshake protocol error Added throwSSLProtocolExceptionStr and used it in the SSL_ERROR_SSL case. Also replaced 0 with SSL_ERROR_NONE in throwSSLExceptionWithSslErrors calls for clarity. Improved throwSSLExceptionWithSslErrors to show ERR_get_error information in SSL_ERROR_NONE case. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Removed penultimate KnownFailure. Updated comment to use more official Kerberos reference URL. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: I2fb847ba92a3464029d1103fadf05ec16126bda9
|
6df6339ecd4662d351c622a59533cbbe9f275ffd |
|
18-May-2010 |
Brian Carlstrom <bdc@google.com> |
Client certificates should only be set on request from server Client certificates should only be set into the SSL* when requested by the server so that after the handshake is completed the client can inspect its SSLSession to see what certificate if any was requested. Previously the value was always non-null even if the server didn't request the certificate. - Created RAND_seed and RAND_load_file out of the NativeCrypto.SSL_new - NativeCrypto.SSL_new now simply performs SSL_new and does not deal with certificates, private keys, or random seeds. - Removed helper version of NativeCrypto.SSL_new Moved code to OpenSSLSocketImpl.setCertificate - Created SSL_use_certificate, SSL_use_PrivateKey, SSL_check_private_key from SSL_new. These are used not just on server handshake but also via clientCertificateRequested callback. - Merged CertificateChainVerifier and HandshakeCompletedCallback into new SSLHandshakeCallbacks while adding new clientCertificateRequested callback from OpenSSL C code to Java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp In addition to supporting NativeCrypto.java changes, also changed to_SSL_CTX and to_SSL_SESSION to allow null checking and throwing NullPointerException. Changed these and to_SSL to log exception on JNITrace, taking these logs out of individual functions. There were a lot of null checks missing previously, mostly in to_SSL_SESSION cases. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp All KnownFailures now fixed. luni/src/test/java/javax/net/ssl/SSLSessionTest.java Three more KnownFailures now fixed. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Change-Id: Iddcd5512e8395d947d3b894f03e3a059e63afe8a
|
8044bf6b446c93cd29c5753544246316f269064f |
|
18-May-2010 |
Elliott Hughes <enh@google.com> |
Make ScopedLocalRef more convenient, and use it more widely. Even though every reference type is a jobject, it's useful to be able to use more specific types. Change-Id: Id8056d0e18380675c90f08c4173a8b34b4d5d983
|
99c59bfa432e36933a7a5033fba8b89209f737bc |
|
18-May-2010 |
Elliott Hughes <enh@google.com> |
Expand upon the old ScopedByteArray, and start removing some of the Get/ReleaseCritical calls. This adds Scoped*Array classes for all primitive types, and switches all read-only users of arrays over. At the same time, all read-only users of Get/ReleaseCritical get switched to non-critical access. Bug: 2663177 Change-Id: I5542cea3e24faa987ced463fcb695b9598da94af
|
204cab3c22b4d75c866c95e2d2eec42e14cbd924 |
|
18-May-2010 |
Brian Carlstrom <bdc@google.com> |
Supported cipher suites improvements Added new test_SSLSocket_getSupportedCipherSuites_connect to make sure all cipher suites we claim work actually do. It clearly exposed that although a large number of cipher suites are supported by libssl.so, they are not properly wired up into the OpenSSL JSSE implementation. In particular Elliptic Curve has been disabled in our version Bouncy Castle does not work. In addition Diffie-Hellman does not work because we need to further integration work with OpenSSL via SSL_set_tmp_dh_callback or SSL_set_tmp_dh. Finally, SSL_RSA_EXPORT_WITH_RC4_40_MD5 doesn't work but that is being left as KnownFailure for more immediate cleanup based on ServerHandshakeImpl's handling of KeyExchange_RSA_EXPORT as part of having OpenSSL call us back for certificates dynamically. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Refactored TestSSLContext.createKeyStore to create TestKeyStore which now factors out TestSSLContext.createKeys from the old createKeyStore method, which allows createKeys to be called multiple times for different key algorithms (for example DSA in addition to RSA). Also added a reusable singleton instance to cut down on test execution time. support/src/test/java/javax/net/ssl/TestKeyStore.java Removed publicAlias/privateAlias from TestSSLContext since we now include both RSA and DSA key pairs in they KeyStore by default. Added TestSSLContext.assertCertificateInKeyStore methods to help tests the previously used the alias fields fields. TestSSLContext.create API changed as well since the alias names are no longer required. TestSSLContext.createClient now needs to iterate over all server certificates when setting up its TrustManager instead of just grabbing one by alias name. support/src/test/java/javax/net/ssl/TestSSLContext.java luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java TestSSLSocketPair.connect now allows optional inclusion of server cipher suite list. support/src/test/java/javax/net/ssl/TestSSLSocketPair.java luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Turning off Elliptic Curve and Diffie-Hellman which are not currently working. Updating test expectations to match. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java support/src/test/java/javax/net/ssl/StandardNames.java Turn on registration of ECDSA and DSA since this part is currently functional (and excercised by TestKeyStore.create()) luni/src/main/java/org/bouncycastle/x509/X509Util.java Improve logging by including SSL pointer in error messages, which makes it easier to relate these errors to JNI_TRACE messages. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I014d001a6a21a46c360678a346d3a3c8232f4d53
|
3534c7cb3d4c67e3a4f2925fc7ecec43aeed879a |
|
15-May-2010 |
Brian Carlstrom <bdc@google.com> |
Remove ScopedGlobalRef (and other cleanups) ScopedGlobalRef caused more trouble that it was worth. Rather than trying to fix it to require updating of the JNIEnv, remove it to remove the temptation for others to use it. Also update SSL_set_ciphers_lists to use ScopedLocalRef and add HTML anchors to Standard names javadoc JSEE references. Change-Id: Ic3ed1bae3f29ee971d4461de31395b78c4949090
|
9acacc36bafda869c6e9cc63786cdddd995ca96a |
|
14-May-2010 |
Brian Carlstrom <bdc@google.com> |
Use JSSE cipher suite names and restore JSSE SSLSessionContext semantics Summary: - Switch to using JSSE cipher suite names - SSLSessionContext implementation cleanup - Updated tests Details: Switch to using JSSE cipher suite names - We maintain backward compatability for enabling cipher suites using OpenSSL names for old code that did so without checking for the presence of the names in the supported list. - We now have a well defined list of the supported cipher suites which are sorted in priority order as specified in JSSE documentation so that callers doing: s.setEnabledCipherSuites(s.getSupportedCipherSuites()) will get something reasonable. - We now have a default cipher suite list that is chose to match RI behavior and priority, not based on OpenSSLs default and priorities. Details: - Added NativeCrypto OPENSSL_TO_STANDARD and STANDARD_TO_OPENSSL mapping between naming conventions. STANDARD_TO_OPENSSL is a LinkedHashMap so enumerating it gives the proper order for SUPPORTED_CIPHER_SUITES. - SSL_get_ciphers and SSL_set_cipher_list are removed, we now use our own SSL_set_cipher_lists (defined seperately in external/openssl/patches/jsse.patch) to set the set and order of cipher suites. SSL_CTX_get_ciphers is also removed because we no longer rely on the OpenSSL for the default cipher suites behavior. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Add cipherSuite and protocol field caches for native values, mapping the cipherSuite to a JSSE name from the OpenSSL name returned by SSL_SESSION_cipher. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java Fixed a long standing bug where we reused sessions found in the client host/port cache even if the old protocol and cipher suite where no longer compatible with what was specified by setEnabledCipherSuites and setProtocols. Also fixed a recently introduced bug where lastAccessedTime was being set on a cached session even if it was not reused, found by fixed the above. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Move most of SSLSessionContext implementation from subclasses to AbstractSessionContext. This was primarily to align the implementations of how different sessions id for the same host and port were handled for RI compatability. client subclasses now focuses on handling its host/port based cache and both deal with their own persistent cache details. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/AbstractSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientSessionContext.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerSessionContext.java Tests Added some variants of assertSSLSessionContextSize to simplify tests code. Broke test_SSLSessionContext_setSessionCacheSize_oneConnect out of test_SSLSessionContext_setSessionCacheSize_dynamic. Renamed test_SSLSessionContext_setSessionCacheSize_basic to test_SSLSessionContext_setSessionCacheSize_noConnect to match name of _oneConnect. _dynamic was cleaned up a bit as getting it working was the only goal of this change list. Fixed to filter SSL_RSA_EXPORT_ ciphers since our test certificate key length is too long for those. Lower test requirement to 3 unique cipher suites. luni/src/test/java/javax/net/ssl/SSLSessionContextTest.java Added checks that cipher suites and protocols have standard names. luni/src/test/java/javax/net/ssl/SSLSessionTest.java Removing known failures related to cipher suite naming. Fixed bug of using assertNotNull instead of assertTrue. Added extra size/length check which would have found the assertNotNull/assertTrue issue. luni/src/test/java/javax/net/ssl/SSLSocketFactoryTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java Fixing test the explicitly worked around broken cipher suite naming. luni/src/test/java/tests/api/javax/net/ssl/SSLSessionTest.java Updated standard cipher suites to RI 6 list, which also now specifies ordering, which we now align with. support/src/test/java/javax/net/ssl/StandardNames.java Unrelated Remove more now obsolete jars from the test classpath run-core-tests Change-Id: I45c274a9327c9a1aeeccb39ecaf5a3fbe2903c8f
|
44e0e560c92338110953ce806df475fedcdf926e |
|
07-May-2010 |
Brian Carlstrom <bdc@google.com> |
Enable -Wall -Wextra for libcore and cleanup all but one warning Change-Id: Ied76662c470ba878cec61189acf29f5cbbd4ccd4
|
3e24c53ecc31b840e51869c295785d5a2f8b31eb |
|
06-May-2010 |
Brian Carlstrom <bdc@google.com> |
Moving OpenSSLSocketImpl native code to NativeCrypto (and other clearnup) Summary: - Finished consolidating OpenSSL native code into NativeCrypto - fixing local vs global ref bug with AppData Added new ScopedGlobalRef as part of this fix - fixed many historical memory leaks identified during code review - fixed lack of error checking on allcoation with OpenSSL *_new routines - Added to_SSL_CTX and to_SSL_SESSION to match to_SSL (renamed from getSslPointer) - Replaced most uses of GetByteArrayElements with ScopedByteArray (including cases where we we using ReleaseByteArrayElements(..,...,0) instead of JNI_ABORT) - Replaced uses of GetStringUTFChars with ScopedUtfChars Details: Finished consolidating OpenSSL native code into NativeCrypto OpenSSLSocketImpl NativeCrypto --------------------------------------- nativeread SSL_read_byte nativeread SSL_read nativewrite SSL_write_byte nativewrite SSL_write nativeinterrupt SSL_interrupt nativeclose SSL_shutdown nativeverifysignature verifysignature Also removed dead code that was wrapping SSL_get1_session luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Fixed NativeCrypto_SSL_write and NativeCrypto_d2i_SSL_SESSION to use JNI_ABORT on release to avoid copy back of unchanged data (via ScopedByteArray). luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp While running the usual tests: adb shell run-core-tests tests.xnet.AllTests javax.net.ssl.AllTests there was an abort from the JNI checking because in the recent handshaking change, local refs were kept in AppData and then reused in later calls. Added new ScopedGlobalRef to handle the book keeping of this. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java include/ScopedGlobalRef.h Fixed various leaks on old error paths spotted by reviewer. luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Tracking move of verifySignature, a non-SSL bit of code that was lurking in OpenSSLSocketImpl luni/src/main/java/org/apache/harmony/security/provider/cert/X509CertImpl.java Change-Id: If1e409782bc99dc684039cfe3f53f8244e29346e
|
f002bdddce924e2145a4a2b60592b7a40f4112f6 |
|
05-May-2010 |
Brian Carlstrom <bdc@google.com> |
Moving OpenSSLSessionImpl native code to NativeCrypto OpenSSLSessionImpl NativeCrypto ------------------------------------------------------- getId SSL_SESSION_session_id getPeerCertificatesImpl SSL_SESSION_get_peer_cert_chain getCreationTime SSL_SESSION_get_time getProtocol SSL_SESSION_get_version getCipherSuite SSL_SESSION_cipher freeImpl SSL_SESSION_free getEncoded i2d_SSL_SESSION initializeNativeImpl d2i_SSL_SESSION Change-Id: I4538df52280266711986a577b14868af3ea0ed62
|
02d23a69dfd7d425153293d7d3ac64b5a611ba72 |
|
05-May-2010 |
Brian Carlstrom <bdc@google.com> |
Remove unnecessary NativeCrypto "OpenSSL error" warning The following errors were noticed running tests.AllTests: D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib D/NativeCrypto( 507): OpenSSL error 168235011: error:0A071003:dsa routines:DSA_do_verify:BN lib I tracked these down to the following tests respectively: org.apache.harmony.archive.tests.java.util.jar.JarFileTest.test_JarFile_Modified_SF_EntryAttributes org.apache.harmony.archive.tests.java.util.jar.JarFileTest.test_JarFile_Modified_SF_EntryAttributes org.apache.harmony.archive.tests.java.util.jar.JarFileTest.test_JarFile_Modified_SF_EntryAttributes org.apache.harmony.archive.tests.java.util.jar.JarFileTest.test_JarFile_Modified_SF_EntryAttributes org.apache.harmony.archive.tests.java.util.jar.JarFileTest.test_JarFile_Modified_SF_EntryAttributes org.apache.harmony.archive.tests.java.util.jar.JarInputStreamTest.test_JarInputStream_Modified_SF_EntryAttributes_getNextEntry org.apache.harmony.archive.tests.java.util.jar.JarInputStreamTest.test_JarInputStream_Modified_SF_EntryAttributes_read However, these errors are just because of expected SecurityException because jar files are being modified and the signatures are no longer valid. Commented out the warning, leaving it for future debugging if needed. In addition passed context in for use in message for disambiguating source of error. libcore/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I3e41994a30c19a859a1eaed4ef80eb25b9670f52
|
e688a4123f165ed2905878e312b074b8c825d119 |
|
05-May-2010 |
Brian Carlstrom <bdc@google.com> |
Addressing post-submit comments regarding OpenSSL handhake changes Following up on feedback from earlier change https://android-git.corp.google.com/g/50435 Added new test_SSLSocket_startHandshake_noClientCertificate to make sure handshaking works when no client certificates are present after issues raised by hwu during code review. luni/src/test/java/javax/net/ssl/SSLSocketTest.java Improve TestSSLContext.create* options - added javadoc comments to help distinguish different versions - fixed bug of not passing in keyStorePassword in create() - added new createClient(server) method to create a TestSSLContext that trusts the provided server TestSSLContext's certificate for use by test_SSLSocket_startHandshake_noClientCertificate - made createKeyStore optionally create a more minimal keystore if aliases are not present support/src/test/java/javax/net/ssl/TestSSLContext.java Fixed argument names in SSL_*_mode methods names as pointed out by hwu luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java Added comment to explain purpose of OpenSSLSessionImpl.resetId. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java Two changes to OpenSocketImpl - Added logging on runtime exception catch around HandshakeCompletedListener execution to closely mirror RI behavior. - Cleaned up peerCertificate check to not just be on the client path. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java Addressed enh's comments about using clearEnv and when to delete AppData luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp Change-Id: I34f54e3e41a5d53d81fdc22aa34ca4de4ee9826f
|
6b811c5daec1b28e6f63b57f98a032236f2c3cf7 |
|
03-May-2010 |
Peter Hallam <peterhal@google.com> |
Merge awt-kernel, icu, luni-kernel, prefs, security-kernel, x-net into luni Merge xml except xmlpull and kxml into luni
|