Cross Reference: /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java

History log of /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
efe5c66651fcd9b342d781cdfc02a1069a86e210	16-Jun-2015	Kenny Root <kroot@google.com>	Update NativeCryptoTest Test both client and server. Also we expect a SSLHandshakeException instead of an SSLProtocolException in one case. Bug: 21207627 (cherry picked from commit 5429f72d9c1e7bc6379e917e9b9116f1b0292b28) Change-Id: If895b03e2cece3a1a8d2f074a557c68f55a7021e /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
f7ab43f5e5861ddcc2549eae1fcb38c4a7eed54f	22-Jun-2015	Sergio Giro <sgiro@google.com>	Merge "external/conscrypt: remove assertion SSL_OP_NO_SSLv2 is set" into mnc-dev
f940fc2d9e7d5af16734f442be5235f65c866668	19-Jun-2015	Sergio Giro <sgiro@google.com>	external/conscrypt: remove assertion SSL_OP_NO_SSLv2 is set SSL_OP_NO_SSLv2 is not a flag anymore (defined as 0 in ssh.h) Bug: 21875962 (cherry picked from commit 97e54bdde00eae7ffe4eb382e3f2702af4a2197b) Change-Id: I52004b893768b087577c078dcd1ba0ae1bdea911 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
1d7e7b3c1d81c1d73451e20be8937da9e842ce6b	16-Jun-2015	Sergio Giro <sgiro@google.com>	conscrypt: change test of SSL_set_cipher_lists NativeCrypto.SSL_set_cipher_lists can accept the empty list as per c/154191 Bug: 21816861 (cherry picked from commit c0010ca585f9cdc1f09846e2d75a0a8f82420476) Change-Id: I6cf7563417d8b6fb9edbeade0947726275a76c18 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
d82dc06faee760a737da6f2755a9063637c206e3	19-May-2015	Adam Langley <agl@google.com>	Add isFinite flag to OpenSSLBIOInputStream. The BIO created by OpenSSLBIOInputStream currently returns -1 and sets the retry flag when read() returns zero on the underlying InputStream. This is correct for “infinite” streams (like a socket), but isn't correct for streams that have a definitive EOF. This change adds a flag to OpenSSLBIOInputStream so that cases where the input is finite (i.e. when parsing a PKCS#7 or X.509 block) can correctly return 0 at EOF from \|BIO_read\|. (cherry picked from commit 66537ee0121bdd14737191d14927da223f0809ee) Bug: 21396526 Bug: 21209493 Change-Id: Iaad5845621ab8b89b42d5d3ca8e67e297278ca55 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
f79c90d56464e254ce8645f886ec0ca47573ced1	24-Apr-2015	Adam Langley <agl@google.com>	external/conscrypt: add NativeConstants. NativeConstants.java is generated by a C program and thus the values will automatically be kept in sync with the contents of the OpenSSL headers. Bug: 20521989 Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
ddcacec3f4f08759f3652a2efebd8b696a87fc4d	24-Apr-2015	Kenny Root <kroot@google.com>	ECKeyPairGenerator: switch default curve to 256 bits Also add a test to make sure that we have only valid curves in our list. Change-Id: I3f63014c11e92c94bf6c9a20ea5fb8050581978c /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
796ed069bc90d1de9f45ea1f746edaeec8081ed3	18-Mar-2015	Sergio Giro <sgiro@google.com>	conscrypt: throw exception for null references in NativeCrypto Adapted tests to use "null" instead of an Object with a null context, as null contexts are now rejected by constructors. bug: 19657430 Change-Id: I47ebfde7170e1818afd64a75a8e4bc1e1d588aea /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
7dc06b9e323ba7f227709b5941324f9c3a46fe4f	26-Nov-2014	Kenny Root <kroot@google.com>	Convert EC_GROUP and EC_POINT to new style Bug: 16656908 Change-Id: Ie912f376f69327ce634cac50763bf86b418049f5 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
4757cdbe3c9e06f243a8cb07086ced5537d69af2	26-Nov-2014	Kenny Root <kroot@google.com>	Switch EVP_CIPHER_CTX to new style Bug: 16656908 Change-Id: Id519c20474a02c70e72d362bc84d26855a74fa33 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
37e58bbef60b18389074d8ef8a8c470e47f3d7ee	25-Nov-2014	Kenny Root <kroot@google.com>	Convert EVP_PKEY to new style To avoid conflicts in the language spec and how Conscrypt does native calls, we need to wrap all native references in a Java object reference. Calling NativeCrypto's static native methods with a raw pointer doesn't guarantee that the calling object won't be finalized during the method running. This pass fixes EVP_PKEY references, but more passes are needed. Bug: 16656908 Change-Id: I5925da40cb37cd328b3a126404944f771732a43e /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
4bff0a15ae03c8a3e1ae95590cc8c4240837bff6	25-Nov-2014	Kenny Root <kroot@google.com>	Convert EVP_MD_CTX to new style To avoid conflicts in the language spec and how Conscrypt does native calls, we need to wrap all native references in a Java object reference. Calling NativeCrypto's static native methods with a raw pointer doesn't guarantee that the calling object won't be finalized during the method running. Bug: 16656908 Change-Id: I165e041a8fe056770d6ce6d6cd064c411575b7c4 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
e84805ba493b27958637b4d079751f10a4d0fc6f	25-Nov-2014	Kenny Root <kroot@google.com>	Remove Conscrypt support for DSA BoringSSL removes support for DSA, so there's no point in maintaining this now. There have been virtually zero SSL certificates issued using DSA for many years as well. Change-Id: Id940643b85ba39b03038aabc6da9ec0285db66c4 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
de5225d1ebe7b3a5f3565539685fcd95348ae815	07-Oct-2014	Adam Langley <agl@google.com>	Allow conscrypt to work with BoringSSL. This is quite a substantial change because of the changes to ENGINEs in BoringSSL. For the most part, #ifs are used to allow the code to work with either OpenSSL or BoringSSL. However, in several places, support for things that BoringSSL is dropping have been removed, even when OpenSSL is used. This includes DSA keys and tests for the ENGINE bits that are going away because it's unclear how to skip compiling those tests. Change-Id: I941a5ed232391f84b45e070c19d2ffb7ad162b7b /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
e53baea9221be7f9828d0f338ede284e22f55722	13-Nov-2014	Alex Klyubin <klyubin@google.com>	Remove support for DSS TLS/SSL cipher suites. This is in preparation for migration from OpenSSL to BoringSSL. BoringSSL does not support DSS. DSS cipher suites are used by a vanishingly tiny fraction of the Android ecosystem. In all cases, the server's SSL certificate is self-signed (rather than CA issued), making it easy to switch to a new self-signed certificate which is based on RSA or ECDSA. Bug: 17409664 Change-Id: I91067ca9df764edd2b7820e5dec995f24f3910a1 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
b9bfe69f1c205ab67a03e10a01e2cc90871a0879	18-Nov-2014	Alex Klyubin <klyubin@google.com>	Fix null elements in X509KeyManager.chooseClientAlias keyTypes. This fixes an issue where client certificate types requested by the server from the client, but not known by the client, manifest themselves as null elements in X509KeyManager.chooseClientAlias keyTypes argument. The root cause was that for each element in the CertificateRequest.certificate_types array an element was output into the keyTypes array. For unknown values of certificate_type, a null was output. This CL fixes the issue by ignoring unknown values in certificate_types array. Bug: 18414726 Change-Id: I8565e19a610c0ecfb7cab1b7707c335e0eeb8d89 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
9a4f1dfbeea80ec52c0d551afceb68435798c1a8	10-Sep-2014	Kenny Root <kroot@google.com>	Fix the ENGINE_finish/ENGINE_free mixup The tests were calling finish when it meant free. This caused tests to segmentation fault next time the ENGINE was looked up in the dynamic engine list. (cherry picked from commit 984b7ec6f5aab314117949a48e448ff4f6b65f16) Bug: 14994037 Change-Id: If7379fee26f7e79fa0b43104ac9d13b4ffb62ba8 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
978e2e1e44570bdbac7b3538c5e198d8ff645202	17-Jun-2014	Alex Klyubin <klyubin@google.com>	Assert that the padding extension is enabled by default. Change-Id: I1c8aa589e3274bfd3a5fc66c3e948828903c1966 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
ea7cf2a1bacb8293947ad5168bc41bdb39e6a3f0	13-Jun-2014	Alex Klyubin <klyubin@google.com>	Make TLS Channel ID tests use ECDHE_RSA key exchange. TLS Channel ID requires ECDHE-based key exchange. Change-Id: I722135c96a3ce700dcdf1646d2a71654923bb85c /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
01cce891dd313a0fb9d4694283f2a13fb5c43afe	09-May-2014	Alex Klyubin <klyubin@google.com>	Expose support for TLS-PSK. TLS-PSK (Pre-Shared Key) is a set of TLS/SSL cipher suites that use symmetric (pre-shared) keys for mutual authentication of peers. These cipher suites are in some scenarios more suitable than those based on public key cryptography and X.509. See RFC 4279 (Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)) for more information. OpenSSL currently supports only the following PSK cipher suites: * TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 * TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 * TLS_PSK_WITH_3DES_EDE_CBC_SHA * TLS_PSK_WITH_AES_128_CBC_SHA * TLS_PSK_WITH_AES_256_CBC_SHA * TLS_PSK_WITH_RC4_128_SHA The last four cipher suites mutually authenticate the peers and secure the connection using a pre-shared symmetric key. These cipher suites do not provide Forward Secrecy -- once the pre-shared key is compromised, all previous communications secured with that key can be decrypted. The first two cipher suites combine the pre-shared symmetric key with an ephemeral key obtained from an ECDH key exchange performed during the TLS/SSL handshake, thus providing Forward Secrecy. Users of TLS-PSK are expected to provide an implementation of PSKKeyManager to SSLContext.init and then enable at least one PSK cipher suite in SSLSocket/SSLEngine. Bug: 15073623 Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
81c666781f8e24242e997e2666b656b240c5a145	19-May-2014	Kenny Root <kroot@google.com>	NativeCryptoTest: fix shutdown test These weren't actually testing that the exceptions were thrown before. Since we actually throw now, make sure we're throwing the expected exception type. Change-Id: I57b11492118dd7c04faa57c58de7b023294b179c /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
767fda1ec66f2e2bf8a8f5fe17841906338b9471	13-May-2014	Alex Klyubin <klyubin@google.com>	Get rid of some warnings. Change-Id: I87f3ad5374d89e8acfdd78fe5af4b02be483cd3d /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
68a3f229cd71c1367173ebc31e5363293b9b5dbc	13-May-2014	Kenny Root <kroot@google.com>	SSL: also allow calls to read/write after cutthrough Also add test to make sure this works. Bug: 14832989 Change-Id: I046111cdcc4086a7104d462696078a767e86b12c /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
a132fc92896da9372f9a34ab1d6dca52c467d2f6	12-May-2014	Kenny Root <kroot@google.com>	Turn off verify peer for servers with no client auth Since the default is now SSL_VERIFY_PEER, as a server we need to explicitly set that we don't want a client certificate by setting SSL_VERIFY_NONE. Change-Id: I740389cc59ef8cb444a0e504838a1c0591df2bf9 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
f878e438660d93f8689b864165230492e7a412d4	08-Nov-2013	Kenny Root <kroot@google.com>	Add OpenSSLEngineImpl Add support for SSLEngine via OpenSSL APIs. Currently this supports just the basic SSLEngine functionality. It can be improved in efficiency and performance, but it appears not to leak anything and be correct according to our test suites. Change-Id: Iea2dc3922e7c30e26daca38361877bd2f88ae668 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
3c072fb087eaa1a363fc673c60f5ef65390e356f	07-Nov-2013	Kenny Root <kroot@google.com>	Refactor OpenSSLSocketImpl Move functionality that will be shared with OpenSSL's SSLEngine implementation out of OpenSSLSocketImpl and into the (soon-to-be) shared SSLParametersImpl. The functionality should stay the same. Change-Id: If8faa3ad2c9c73c0a0cd4b9716639b362b2b26a1 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
ad73400e9d5c7048fcf2980b75ea45e2aac8fb39	07-Apr-2014	Kenny Root <kroot@google.com>	NativeCryptoTest: use correct digest name Change-Id: Ib216b04f302d6bfaf72f8e4aae42de8cccd89384 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
19fdf1af6bada9ebf4820839780d8713ac3824fa	10-Apr-2014	Kenny Root <kroot@google.com>	Convert calls to BIO_free to BIO_free_all If we have a chain of BIO, we want to free the entire chain. Otherwise, we might accidentally leave references sitting around. This shouldn't matter for our current use-case, but might help in the future. Change-Id: I586937629e1e4f2e80b5feefe2f49a85e8a31d31 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
f8a9b546d57c4731805e73e1e96ff2fb3e77d6e0	31-Mar-2014	Kenny Root <kroot@google.com>	ALPN: change socket calls to SSL_set_alpn_protos Calling SSL_CTX_set_alpn_protos appears to be detrimental to thread safety since the implementation of it resets the values. It's not idempotent to call it multiple times like SSL_CTX_enable_npn. Bug: https://code.google.com/p/android/issues/detail?id=67940 Change-Id: I09ed9e75d08528300b86201c3e847b26702d4284 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
d2cced8b10f5e4f600a5eb9464eba0da7c8f09de	20-Mar-2014	Kenny Root <kroot@google.com>	Use the new endpointVerificationAlgorithm API Use the new X509ExtendedTrustManager and use the new getEndpointVerificationAlgorithm to check the hostname during the handshake. Bug: 13103812 Change-Id: Id0a74d4ef21a7d7c90357a111f99b09971e535d0 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
652ff53bd48ed61389337a42d8e50cdb7ace0fec	24-Feb-2014	Kenny Root <kroot@google.com>	Fix up concurrent use of APIs Code that is incorrectly using MessageDigest, Signature, or Mac in multiple threads simultaneously could cause a SEGV if OpenSSL is clearing out the MD_CTX at the same time another thread is trying to write to it. Make sure we initialize a new MD_CTX after each run to avoid crashing. The program using the instances concurrently is still wrong and will most likely get inconsistent results. Switch to using a context object instance to make sure we can hold a reference to the object during the native call. Bug: 8787753 Change-Id: I2518613a47cf03c811a29d17040804fc708394dd /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
60f83802801e224b51afac6c27c19e7c3d65ddc3	04-Feb-2014	Alex Klyubin <klyubin@google.com>	Harden (EC)DSA signatures against weak nonces. Private key information is leaked by (EC)DSA signatures when nonces are produced by a weak RNG. This CL enables a mitigation provided by OpenSSL: mix in private key and message being signed into randomly generated nonce. Provided private key was generated by strong RNG, this should mitigate the weakness. NOTE: This mitigation is not implemented for signatures which use hardware-backed private keys (AndroidKeyStore). Change-Id: I60dbf57bff3cfcdcbbeb18be5d9dfba523cc6bb8 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
7c2b4ae9455185974ffe5ec1804c8980fe429635	13-Feb-2014	Alex Klyubin <klyubin@google.com>	Throw instead of segfaulting when NULL EVP_PKEY encountered. Change-Id: Idba6702dd43e541b51c990fc3440a17351e6def9 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
5b1934c717914323ddb0395f549ae11075a587da	01-Feb-2014	Kenny Root <kroot@google.com>	NativeCrypto: Handle 0-byte bignum arrays Some DSA tests were calling with bignum arrays that had the high bit set indicating a negative number. Also an empty array was being passed as another part of the test. This was working, but it was reading one byte past the end of the buffer. Change-Id: Ibd5a0dce61703ea569fd483f8acf66fd149703f8 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
2d089e18deae231149737cad6ce00f1e137a7199	21-Nov-2013	Alex Klyubin <klyubin@google.com>	Stop depending on CipherSuite in OpenSSL-backed sockets. This is in preparation for removing Harmony-backed TLS/SSL implementations. Change-Id: Ic108e16d086fb99b69f0a4e4faeb816dc50a7643 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
f087968310bb5233b76ad42841eb07e3c327f40f	05-Nov-2013	Alex Klyubin <klyubin@google.com>	BEAST attack mitigation for OpenSSL-backed SSLSockets. This enables 1/n-1 record splitting for SSLSocket instances backed by OpenSSL. OpenSSL change: https://android-review.googlesource.com/#/c/69253/ Bug: 11514124 Change-Id: I3fef273edd417c51c5723d290656d2e03331d68a /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
0e9746b7b132058651155b33f219c7789997985b	13-Sep-2013	Kenny Root <kroot@google.com>	Conscrypt: use certificate references in SSL code Instead of marshalling and unmarshalling to ASN.1 DER, just use references to OpenSSL X509 objects everywhere applicable. Change-Id: I1a28ae9232091ee199a9d4c7cd3c7bbd1efa1ca4 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
97d151b258d226b3afc1b3588171b283ec3f8046	06-Sep-2013	Kenny Root <kroot@google.com>	Make sure ChannelID key is initialized This test used the test ChannelID key, but it didn't make sure it was initialized first. This made it appear sometimes depending on the order the tests were executed. (cherry picked from commit debfff83084b79b65c092cfe72ebea9d9a9548d6) Bug: 10210673 Change-Id: I5212e265611208ecb641a7d6b403985df603cb03 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
6fcf0cbeec79d1f2491d8d0774fdb314fc419ba3	25-Jun-2013	Kenny Root <kroot@google.com>	NativeCrypto: Add ALPN support This adds the ability to use Application-Layer Protocol Negotiation (ALPN) as both a client and a server. ALPN is essentially like Next Protocol Negotiation (NPN) but negotiation is done in the clear. This allows the use of other protocols on the same port (e.g., SPDY instead of HTTP on port 80). Although previously clients using NPN were able to use cut-through, the new ALPN API does not provide for a way for a client to enable that during a callback. So the only difference is that NPN clients can enable SSL False Start while ALPN clients cannot currently. Change-Id: I42ff70f3711e9cccaf754d189f76eeaa9db5f981 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
1ecc0481f90d32b89b3b051cad70efe07468acd0	03-May-2013	Kenny Root <kroot@google.com>	NativeCrypto: move key conversion to Java Key type conversion in native code is from the legacy period before the OpenSSLKey class existed. Use that to hold PKEY reference instead of converting it in native code. Change-Id: I84e9a6e1f2e0f95d2f44c18fa9f65cd15e039d63 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java
860d2707ce126ef8f66e3eac7ceeab6d24218cd8	24-Apr-2013	Kenny Root <kroot@google.com>	Move JSSE to new package To help with shipping the JSSE with apps that want to bundle it, move it to a new package so that the tangles in other parts of the library can be untangled. Change-Id: I810b6861388635301e28aee5b9b47b8e6b35b430 /external/conscrypt/src/test/java/org/conscrypt/NativeCryptoTest.java