CTS test for Heartbleed vulnerability in SSLSocket.

This tests for the Heartbleed vulnerability (CVE-2014-0160) in
OpenSSL by testing client- and server-mode SSLSocket which is
supposed to be backed by OpenSSL by default.

This test spawns an SSLSocket client, SSLServerSocket server, and a
Man-in-The-Middle (MiTM). The client connects to the MiTM which then
connects to the server, and starts forwarding all TLS records between
the client and the server, injecting a malformed HeartbeatRequest
when appropriate. The test passes only if no HeartbeatResponse is
emitted and the TLS handshake either succeeds (heartbeats supported)
or fails with fatal alert unexpected_message (heartbeats not

Bug: 13906893

(cherry picked from commit db119d1d2ca219091860c68fe7f1892484cb29b2)

Change-Id: Ied9050e299c6725c08bca73703803735393c4324
3 files changed