Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / aacf6f9741dea0f12fbff5e7696e53f251177280
commitaacf6f9741dea0f12fbff5e7696e53f251177280[log] [tgz]
authorBrian Carlstrom <bdc@google.com>Thu May 20 01:02:17 2010 -0700
committerBrian Carlstrom <bdc@google.com>Thu May 20 10:14:07 2010 -0700
treeafab46641d12b2e828704c60978cadccaef3c64c
parentc76d7a5dcf2170400e49f7870a2733ca58e06569 [diff]
Enable Diffie-Hellman cipher suites

Enable Diffie-Hellman cipher suites in NativeCrypto (and in
StandardNames to match for testing). This means we now have the same
default cipher suite list as RI 5.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
	support/src/test/java/javax/net/ssl/StandardNames.java

Enabling DH made it obvious that the RI check for enable cipher suites
on SSLServerSocket.accept was not as stringent as first
thought. Apparently they don't care if all enabled cipher suites have
certificates/keys, just that at least one of them will work, even if
its anonymous. Factored out the logic to check this into
checkEnabledCipherSuites for clarity along with the supporting
checkForPrivateKey. Also only check if the socket is in server mode,
since its fine to have nothing configured for server acting as a
client for handshake purposes.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java

The real work to enable Diffie-Hellman was to use
SSL_CTX_set_tmp_dh_callback to set a callback to get DH
parameters. There are two ways to create the parameters. The first is
to use DH_generate_parameters_ex which is very slow (minutes) as is
recommended as install time option. The second is to use
DSA_generate_parameters_ex followed by DSA_dup_DH, which is faster for
a single call, but must be done every time, so slower overall. We
currently take the second approach to just have DH working.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Changed ephemeral RSA keys to be stored per SSL in AppData, not in a static global.

	luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp

Fix LS_ to TLS_ typo in commented out constant. Removed easy to miss wrapping in array definition.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java

Renamed CipherSuites defaultPretendant to defaultCipherSuites which
led to renaming the CipherSuites constants to follow the coding style.

	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/CipherSuite.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/DigitalSignature.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/SSLParameters.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerHandshakeImpl.java
	luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ServerKeyExchange.java

Change-Id: Ia38de48cabb699b24fe6e341ba79f34e3da8b543
10 files changed
tree: afab46641d12b2e828704c60978cadccaef3c64c
  1. dalvik/
  2. dom/
  3. expectations/
  4. include/
  5. json/
  6. junit/
  7. luni/
  8. openssl/
  9. sqlite-jdbc/
  10. support/
  11. xml/
  12. Android.mk
  13. AndroidManifest.xml
  14. CleanSpec.mk
  15. JavaLibrary.mk
  16. NativeCode.mk
  17. NOTICE
  18. run-core-tests
  19. run-core-tests-on-ri