Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / cts / ede448e16d6f1abcc20211134fd661d0e61f8bae
commitede448e16d6f1abcc20211134fd661d0e61f8bae[log] [tgz]
authorAlex Klyubin <klyubin@google.com>Mon Apr 14 18:15:36 2014 -0700
committerAlex Klyubin <klyubin@google.com>Tue Apr 15 11:51:43 2014 -0700
treec960e384bf2d22e839cadfea28a17e8819a0933f
parenta43e0a655a21e7ecc4e983eecd7e432e6c3c90b5 [diff]
CTS test for Heartbleed vulnerability in SSLSocket.

This tests for the Heartbleed vulnerability (CVE-2014-0160) in
OpenSSL by testing client- and server-mode SSLSocket which is
supposed to be backed by OpenSSL by default.

This test spawns an SSLSocket client, SSLServerSocket server, and a
Man-in-The-Middle (MiTM). The client connects to the MiTM which then
connects to the server, and starts forwarding all TLS records between
the client and the server, injecting a malformed HeartbeatRequest
when appropriate. The test passes only if no HeartbeatResponse is
emitted and the TLS handshake either succeeds (heartbeats supported)
or fails with fatal alert unexpected_message (heartbeats not
supported).

Bug: 13906893

(cherry picked from commit db119d1d2ca219091860c68fe7f1892484cb29b2)

Change-Id: Ied9050e299c6725c08bca73703803735393c4324
3 files changed
tree: c960e384bf2d22e839cadfea28a17e8819a0933f
  1. apps/
  2. build/
  3. common/
  4. development/
  5. hostsidetests/
  6. libs/
  7. suite/
  8. tests/
  9. tools/
  10. .gitignore
  11. Android.mk
  12. CleanSpec.mk
  13. CtsBuild.mk
  14. CtsCoverage.mk
  15. CtsTestCaseList.mk