diff --git a/common/src/jni/main/cpp/conscrypt/native_crypto.cc b/common/src/jni/main/cpp/conscrypt/native_crypto.cc index 52b6a9346..cd58d080b 100644 --- a/common/src/jni/main/cpp/conscrypt/native_crypto.cc +++ b/common/src/jni/main/cpp/conscrypt/native_crypto.cc @@ -1548,7 +1548,7 @@ static jlong NativeCrypto_EVP_PKEY_from_private_seed(JNIEnv* env, jclass, jint p return reinterpret_cast(pkey.release()); } -static jbyteArray NativeCrypto_EVP_PKEY_get_private_seed(JNIEnv* env, jclass cls, jobject pkeyRef) { +static jbyteArray NativeCrypto_EVP_PKEY_get_private_seed(JNIEnv* env, jclass, jobject pkeyRef) { CHECK_ERROR_QUEUE_ON_RETURN; JNI_TRACE("EVP_PKEY_get_private_seed(%p)", pkeyRef); @@ -11785,8 +11785,6 @@ static void NativeCrypto_SSL_CTX_set_spake_credential( jbyteArray id_verifier_array, jboolean is_client, jint handshake_limit, jlong ssl_ctx_address, CONSCRYPT_UNUSED jobject holder) { CHECK_ERROR_QUEUE_ON_RETURN; - JNI_TRACE("SSL_CTX_set_spake_credential(%p, %p, %p, %p, %d, %d, %ld)", context, pw_array, - id_prover_array, id_verifier_array, is_client, handshake_limit, ssl_ctx_address); SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true); diff --git a/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java b/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java index 8e7783e09..67390586e 100644 --- a/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java +++ b/common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java @@ -64,57 +64,59 @@ public class KeyPairGeneratorTest { @Test public void test_getInstance() throws Exception { - ServiceTester.test("KeyPairGenerator") - // Do not test AndroidKeyStore Provider. It does not accept vanilla public keys for - // signature verification. It's OKish not to test here because it's tested by - // cts/tests/tests/keystore. - .skipProvider("AndroidKeyStore") - // The SunEC provider tries to pass a sun-only AlgorithmParameterSpec to the default - // AlgorithmParameters:EC when its KeyPairGenerator is initialized. Since Conscrypt - // is the highest-ranked provider when running our tests, its implementation of - // AlgorithmParameters:EC is returned, and it doesn't understand the special - // AlgorithmParameterSpec, so the KeyPairGenerator can't be initialized. - .skipProvider("SunEC") - // The SunPKCS11-NSS provider on OpenJDK 7 attempts to delegate to the SunEC provider, - // which doesn't exist on OpenJDK 7, and thus totally fails. This appears to be a bug - // introduced into later revisions of OpenJDK 7. - .skipProvider("SunPKCS11-NSS") - .run(new ServiceTester.Test() { - @Override - public void test(Provider provider, String algorithm) throws Exception { - AlgorithmParameterSpec params = null; - - if ("DH".equals(algorithm) || "DiffieHellman".equalsIgnoreCase(algorithm)) { - params = getDHParams(); - } - // KeyPairGenerator.getInstance(String) - KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(algorithm); - assertEquals(algorithm, kpg1.getAlgorithm()); - if (params != null) { - kpg1.initialize(params); + ServiceTester + .test("KeyPairGenerator") + // Do not test AndroidKeyStore Provider. It does not accept vanilla public keys for + // signature verification. It's OKish not to test here because it's tested by + // cts/tests/tests/keystore. + .skipProvider("AndroidKeyStore") + // The SunEC provider tries to pass a sun-only AlgorithmParameterSpec to the default + // AlgorithmParameters:EC when its KeyPairGenerator is initialized. Since Conscrypt + // is the highest-ranked provider when running our tests, its implementation of + // AlgorithmParameters:EC is returned, and it doesn't understand the special + // AlgorithmParameterSpec, so the KeyPairGenerator can't be initialized. + .skipProvider("SunEC") + // The SunPKCS11-NSS provider on OpenJDK 7 attempts to delegate to the SunEC + // provider, which doesn't exist on OpenJDK 7, and thus totally fails. This appears + // to be a bug introduced into later revisions of OpenJDK 7. + .skipProvider("SunPKCS11-NSS") + .run(new ServiceTester.Test() { + @Override + // g3-add: @SuppressWarnings("InsecureCryptoUsage") + public void test(Provider provider, String algorithm) throws Exception { + AlgorithmParameterSpec params = null; + + if ("DH".equals(algorithm) || "DiffieHellman".equalsIgnoreCase(algorithm)) { + params = getDHParams(); + } + // KeyPairGenerator.getInstance(String) + KeyPairGenerator kpg1 = KeyPairGenerator.getInstance(algorithm); + assertEquals(algorithm, kpg1.getAlgorithm()); + if (params != null) { + kpg1.initialize(params); + } + test_KeyPairGenerator(kpg1); + + // KeyPairGenerator.getInstance(String, Provider) + KeyPairGenerator kpg2 = KeyPairGenerator.getInstance(algorithm, provider); + assertEquals(algorithm, kpg2.getAlgorithm()); + assertEquals(provider, kpg2.getProvider()); + if (params != null) { + kpg2.initialize(params); + } + test_KeyPairGenerator(kpg2); + + // KeyPairGenerator.getInstance(String, String) + KeyPairGenerator kpg3 = + KeyPairGenerator.getInstance(algorithm, provider.getName()); + assertEquals(algorithm, kpg3.getAlgorithm()); + assertEquals(provider, kpg3.getProvider()); + if (params != null) { + kpg3.initialize(params); + } + test_KeyPairGenerator(kpg3); } - test_KeyPairGenerator(kpg1); - - // KeyPairGenerator.getInstance(String, Provider) - KeyPairGenerator kpg2 = KeyPairGenerator.getInstance(algorithm, provider); - assertEquals(algorithm, kpg2.getAlgorithm()); - assertEquals(provider, kpg2.getProvider()); - if (params != null) { - kpg2.initialize(params); - } - test_KeyPairGenerator(kpg2); - - // KeyPairGenerator.getInstance(String, String) - KeyPairGenerator kpg3 = KeyPairGenerator.getInstance(algorithm, - provider.getName()); - assertEquals(algorithm, kpg3.getAlgorithm()); - assertEquals(provider, kpg3.getProvider()); - if (params != null) { - kpg3.initialize(params); - } - test_KeyPairGenerator(kpg3); - } - }); + }); } private static final Map> KEY_SIZES = new HashMap<>(); @@ -301,6 +303,7 @@ private void test_Key(KeyPairGenerator kpg, Key k) throws Exception { test_KeyWithAllKeyFactories(k); } + // g3-add: @SuppressWarnings("InsecureCryptoUsage") private void test_KeyWithAllKeyFactories(Key k) throws Exception { byte[] encoded = k.getEncoded(); @@ -446,6 +449,7 @@ private static DHParameterSpec getDHParams() { }); @Test + // g3-add: @SuppressWarnings("InsecureCryptoUsage") public void testDSAGeneratorWithParams() throws Exception { final DSAParameterSpec dsaSpec = new DSAParameterSpec(DSA_P, DSA_Q, DSA_G); diff --git a/common/src/test/java/org/conscrypt/javax/net/ssl/HttpsURLConnectionTest.java b/common/src/test/java/org/conscrypt/javax/net/ssl/HttpsURLConnectionTest.java index 7f760ea79..aed3dc9e4 100644 --- a/common/src/test/java/org/conscrypt/javax/net/ssl/HttpsURLConnectionTest.java +++ b/common/src/test/java/org/conscrypt/javax/net/ssl/HttpsURLConnectionTest.java @@ -118,6 +118,7 @@ public void failedUrlConnect() throws Exception { Future future = executor.submit(server.run(op)); HttpsURLConnection connection = server.tlsConnection("/file"); + // g3-add: broken HTTPS hostname verification int response = connection.getResponseCode(); assertEquals(404, response); @@ -151,6 +152,7 @@ public void urlReadTimeout() throws Exception { Future future = executor.submit(server.run(op)); HttpsURLConnection connection = server.tlsConnection("/file"); + // g3-add: broken HTTPS hostname verification connection.setConnectTimeout(0); connection.setReadTimeout(1000); diff --git a/openjdk/src/test/java/org/conscrypt/ConscryptTest.java b/openjdk/src/test/java/org/conscrypt/ConscryptTest.java index 44533ce94..9b58a96ea 100644 --- a/openjdk/src/test/java/org/conscrypt/ConscryptTest.java +++ b/openjdk/src/test/java/org/conscrypt/ConscryptTest.java @@ -22,15 +22,17 @@ import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import java.security.Provider; -import java.security.Security; -import javax.net.ssl.SSLContext; - import org.conscrypt.java.security.StandardNames; +// g3-add: import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; +import java.security.Provider; +import java.security.Security; + +import javax.net.ssl.SSLContext; + @RunWith(JUnit4.class) public class ConscryptTest { @@ -38,6 +40,7 @@ public class ConscryptTest { * This confirms that the version machinery is working. */ @Test + // g3-add: @Ignore("Failing on google3. TODO(b/309186591)") public void testVersionIsSensible() { Conscrypt.Version version = Conscrypt.version(); assertNotNull(version); @@ -71,8 +74,7 @@ public void buildTls13WithoutTrustManager() throws Exception { @Test public void buildInvalid() { try { - Conscrypt.newProviderBuilder() - .defaultTlsProtocol("invalid").build(); + Conscrypt.newProviderBuilder().defaultTlsProtocol("invalid").build(); fail(); } catch (IllegalArgumentException e) { // Expected. @@ -81,10 +83,10 @@ public void buildInvalid() { private void buildProvider(String defaultProtocol, boolean withTrustManager) throws Exception { Provider provider = Conscrypt.newProviderBuilder() - .setName("test name") - .provideTrustManager(withTrustManager) - .defaultTlsProtocol(defaultProtocol) - .build(); + .setName("test name") + .provideTrustManager(withTrustManager) + .defaultTlsProtocol(defaultProtocol) + .build(); assertEquals("test name", provider.getName()); assertEquals(withTrustManager, provider.containsKey("TrustManagerFactory.PKIX"));