DO NOT MERGE
Disable SSL compression
Bug: 7079965
Change-Id: I8e060a827613e212bbcced66507fbf124bb04543
modified: luni/src/main/java/libcore/net/http/HttpConnection.java
modified: luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
modified: luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
modified: luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
modified: luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
modified: luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
modified: luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
diff --git a/luni/src/main/java/libcore/net/http/HttpConnection.java b/luni/src/main/java/libcore/net/http/HttpConnection.java
index 2f92706..4a6e65d 100644
--- a/luni/src/main/java/libcore/net/http/HttpConnection.java
+++ b/luni/src/main/java/libcore/net/http/HttpConnection.java
@@ -199,7 +199,6 @@
// tlsTolerant mimics Chrome's behavior
if (tlsTolerant && unverifiedSocket instanceof OpenSSLSocketImpl) {
OpenSSLSocketImpl openSslSocket = (OpenSSLSocketImpl) unverifiedSocket;
- openSslSocket.setEnabledCompressionMethods(new String[] { "ZLIB"});
openSslSocket.setUseSessionTickets(true);
openSslSocket.setHostname(address.uriHost);
// use SSLSocketFactory default enabled protocols
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
index 759fc85..8f071f0 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
@@ -339,7 +339,6 @@
// SSL options from ssl.h
public static final long SSL_OP_NO_TICKET = 0x00004000L;
public static final long SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION = 0x00010000L;
- public static final long SSL_OP_NO_COMPRESSION = 0x00020000L;
public static final long SSL_OP_NO_SSLv3 = 0x02000000L;
public static final long SSL_OP_NO_TLSv1 = 0x04000000L;
public static final long SSL_OP_NO_TLSv1_1 = 0x10000000L;
@@ -544,66 +543,6 @@
return cipherSuites;
}
- public static final String SUPPORTED_COMPRESSION_METHOD_ZLIB = "ZLIB";
- public static final String SUPPORTED_COMPRESSION_METHOD_NULL = "NULL";
-
- private static final String[] SUPPORTED_COMPRESSION_METHODS
- = { SUPPORTED_COMPRESSION_METHOD_ZLIB, SUPPORTED_COMPRESSION_METHOD_NULL };
-
- public static String[] getSupportedCompressionMethods() {
- return SUPPORTED_COMPRESSION_METHODS.clone();
- }
-
- public static final String[] getDefaultCompressionMethods() {
- return new String[] { SUPPORTED_COMPRESSION_METHOD_NULL };
- }
-
- public static String[] checkEnabledCompressionMethods(String[] methods) {
- if (methods == null) {
- throw new IllegalArgumentException("methods == null");
- }
- if (methods.length < 1
- && !methods[methods.length-1].equals(SUPPORTED_COMPRESSION_METHOD_NULL)) {
- throw new IllegalArgumentException("last method must be NULL");
- }
- for (int i = 0; i < methods.length; i++) {
- String method = methods[i];
- if (method == null) {
- throw new IllegalArgumentException("methods[" + i + "] == null");
- }
- if (!method.equals(SUPPORTED_COMPRESSION_METHOD_ZLIB)
- && !method.equals(SUPPORTED_COMPRESSION_METHOD_NULL)) {
- throw new IllegalArgumentException("method " + method
- + " is not supported");
- }
- }
- return methods;
- }
-
- public static void setEnabledCompressionMethods(int ssl, String[] methods) {
- checkEnabledCompressionMethods(methods);
- // openssl uses negative logic letting you disable compression.
- // so first, assume we need to set all (disable all) and clear none (enable none).
- // in the loop, selectively move bits from set to clear (from disable to enable)
- long optionsToSet = (SSL_OP_NO_COMPRESSION);
- long optionsToClear = 0;
- for (int i = 0; i < methods.length; i++) {
- String method = methods[i];
- if (method.equals(SUPPORTED_COMPRESSION_METHOD_NULL)) {
- // nothing to do to support NULL
- } else if (method.equals(SUPPORTED_COMPRESSION_METHOD_ZLIB)) {
- optionsToSet &= ~SSL_OP_NO_COMPRESSION;
- optionsToClear |= SSL_OP_NO_COMPRESSION;
- } else {
- // error checked by checkEnabledCompressionMethods
- throw new IllegalStateException();
- }
- }
-
- SSL_set_options(ssl, optionsToSet);
- SSL_clear_options(ssl, optionsToClear);
- }
-
/*
* See the OpenSSL ssl.h header file for more information.
*/
@@ -707,9 +646,6 @@
public static native String SSL_SESSION_cipher(int sslSessionNativePointer);
- public static native String SSL_SESSION_compress_meth(int sslCtxNativePointer,
- int sslSessionNativePointer);
-
public static native void SSL_SESSION_free(int sslSessionNativePointer);
public static native byte[] i2d_SSL_SESSION(int sslSessionNativePointer);
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
index 841c31c..2f5fe59 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLServerSocketImpl.java
@@ -32,7 +32,6 @@
private final SSLParametersImpl sslParameters;
private String[] enabledProtocols = NativeCrypto.getSupportedProtocols();
private String[] enabledCipherSuites = NativeCrypto.getDefaultCipherSuites();
- private String[] enabledCompressionMethods = NativeCrypto.getDefaultCompressionMethods();
protected OpenSSLServerSocketImpl(SSLParametersImpl sslParameters) throws IOException {
this.sslParameters = sslParameters;
@@ -126,26 +125,6 @@
enabledCipherSuites = NativeCrypto.checkEnabledCipherSuites(suites);
}
- public String[] getSupportedCompressionMethods() {
- return NativeCrypto.getSupportedCompressionMethods();
- }
-
- public String[] getEnabledCompressionMethods() {
- return enabledCompressionMethods.clone();
- }
-
- /**
- * This method enables the compression methods listed by
- * getSupportedCompressionMethods().
- *
- * @param suites the names of all the compression methods to enable
- * @throws IllegalArgumentException when one or more of the ciphers in array
- * suites are not supported, or when the array is null.
- */
- public void setEnabledCompressionMethods(String[] methods) {
- enabledCompressionMethods = NativeCrypto.checkEnabledCompressionMethods(methods);
- }
-
@Override
public boolean getWantClientAuth() {
return sslParameters.getWantClientAuth();
@@ -185,8 +164,7 @@
OpenSSLSocketImpl socket = new OpenSSLSocketImpl(sslParameters,
enabledProtocols.clone(),
- enabledCipherSuites.clone(),
- enabledCompressionMethods.clone());
+ enabledCipherSuites.clone());
implAccept(socket);
return socket;
}
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
index e194a38..35603df 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSessionImpl.java
@@ -49,7 +49,6 @@
private int peerPort = -1;
private String cipherSuite;
private String protocol;
- private String compressionMethod;
private AbstractSessionContext sessionContext;
private byte[] id;
@@ -328,19 +327,6 @@
}
/**
- * Returns the compression method name used in all connections
- * pertaining to this SSL session.
- */
- public String getCompressionMethod() {
- if (compressionMethod == null) {
- compressionMethod
- = NativeCrypto.SSL_SESSION_compress_meth(sessionContext.sslCtxNativePointer,
- sslSessionNativePointer);
- }
- return compressionMethod;
- }
-
- /**
* Returns the context to which the actual SSL session is bound. A SSL
* context consists of (1) a possible delegate, (2) a provider and (3) a
* protocol.
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
index 4c92952..3933540 100644
--- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
+++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
@@ -51,7 +51,6 @@
* Extensions to SSLSocket include:
* <ul>
* <li>handshake timeout
- * <li>compression methods
* <li>session tickets
* <li>Server Name Indication
* </ul>
@@ -70,7 +69,6 @@
private byte[] npnProtocols;
private String[] enabledProtocols;
private String[] enabledCipherSuites;
- private String[] enabledCompressionMethods;
private boolean useSessionTickets;
private String hostname;
private OpenSSLSessionImpl sslSession;
@@ -108,10 +106,9 @@
protected OpenSSLSocketImpl(SSLParametersImpl sslParameters,
String[] enabledProtocols,
- String[] enabledCipherSuites,
- String[] enabledCompressionMethods) throws IOException {
+ String[] enabledCipherSuites) throws IOException {
this.socket = this;
- init(sslParameters, enabledProtocols, enabledCipherSuites, enabledCompressionMethods);
+ init(sslParameters, enabledProtocols, enabledCipherSuites);
}
protected OpenSSLSocketImpl(String host, int port, SSLParametersImpl sslParameters)
@@ -169,8 +166,7 @@
private void init(SSLParametersImpl sslParameters) throws IOException {
init(sslParameters,
NativeCrypto.getDefaultProtocols(),
- NativeCrypto.getDefaultCipherSuites(),
- NativeCrypto.getDefaultCompressionMethods());
+ NativeCrypto.getDefaultCipherSuites());
}
/**
@@ -179,12 +175,10 @@
*/
private void init(SSLParametersImpl sslParameters,
String[] enabledProtocols,
- String[] enabledCipherSuites,
- String[] enabledCompressionMethods) throws IOException {
+ String[] enabledCipherSuites) throws IOException {
this.sslParameters = sslParameters;
this.enabledProtocols = enabledProtocols;
this.enabledCipherSuites = enabledCipherSuites;
- this.enabledCompressionMethods = enabledCompressionMethods;
}
/**
@@ -225,20 +219,6 @@
return null;
}
- String compressionMethod = session.getCompressionMethod();
- if (!compressionMethod.equals(NativeCrypto.SUPPORTED_COMPRESSION_METHOD_NULL)) {
- boolean compressionMethodFound = false;
- for (String enabledCompressionMethod : enabledCompressionMethods) {
- if (compressionMethod.equals(enabledCompressionMethod)) {
- compressionMethodFound = true;
- break;
- }
- }
- if (!compressionMethodFound) {
- return null;
- }
- }
-
return session;
}
@@ -316,10 +296,6 @@
NativeCrypto.setEnabledProtocols(sslNativePointer, enabledProtocols);
NativeCrypto.setEnabledCipherSuites(sslNativePointer, enabledCipherSuites);
- if (enabledCompressionMethods.length != 0) {
- NativeCrypto.setEnabledCompressionMethods(sslNativePointer,
- enabledCompressionMethods);
- }
if (useSessionTickets) {
NativeCrypto.SSL_clear_options(sslNativePointer, NativeCrypto.SSL_OP_NO_TICKET);
}
@@ -793,35 +769,6 @@
}
/**
- * The names of the compression methods that may be used on this SSL
- * connection.
- * @return an array of compression methods
- */
- public String[] getSupportedCompressionMethods() {
- return NativeCrypto.getSupportedCompressionMethods();
- }
-
- /**
- * The names of the compression methods versions that are in use
- * on this SSL connection.
- *
- * @return an array of compression methods
- */
- public String[] getEnabledCompressionMethods() {
- return enabledCompressionMethods.clone();
- }
-
- /**
- * Enables compression methods listed by getSupportedCompressionMethods().
- *
- * @throws IllegalArgumentException when one or more of the names in the
- * array are not supported, or when the array is null.
- */
- public void setEnabledCompressionMethods(String[] methods) {
- enabledCompressionMethods = NativeCrypto.checkEnabledCompressionMethods(methods);
- }
-
- /**
* This method enables session ticket support.
*
* @param useSessionTickets True to enable session tickets
diff --git a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
index b11e30a..b9cfd19 100644
--- a/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
+++ b/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
@@ -4126,43 +4126,6 @@
}
/**
- * Gets and returns in a string the compression method negotiated for the SSL session.
- */
-static jstring NativeCrypto_SSL_SESSION_compress_meth(JNIEnv* env, jclass,
- jint ssl_ctx_address,
- jint ssl_session_address) {
- SSL_CTX* ssl_ctx = to_SSL_CTX(env, ssl_ctx_address, true);
- SSL_SESSION* ssl_session = to_SSL_SESSION(env, ssl_session_address, true);
- JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_compress_meth ssl_ctx=%p",
- ssl_session, ssl_ctx);
- if (ssl_ctx == NULL || ssl_session == NULL) {
- return NULL;
- }
-
- int compress_meth = ssl_session->compress_meth;
- if (compress_meth == 0) {
- const char* name = "NULL";
- JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_compress_meth => %s", ssl_session, name);
- return env->NewStringUTF(name);
- }
-
- int num_comp_methods = sk_SSL_COMP_num(ssl_ctx->comp_methods);
- for (int i = 0; i < num_comp_methods; i++) {
- SSL_COMP* comp = sk_SSL_COMP_value(ssl_ctx->comp_methods, i);
- if (comp->id != compress_meth) {
- continue;
- }
- const char* name = ((comp->method && comp->method->type == NID_zlib_compression)
- ? SN_zlib_compression
- : (comp->name ? comp->name : "UNKNOWN"));
- JNI_TRACE("ssl_session=%p NativeCrypto_SSL_SESSION_compress_meth => %s", ssl_session, name);
- return env->NewStringUTF(name);
- }
- throwSSLExceptionStr(env, "Unknown compression method");
- return NULL;
-}
-
-/**
* Frees the SSL session.
*/
static void NativeCrypto_SSL_SESSION_free(JNIEnv* env, jclass, jint ssl_session_address) {
@@ -4307,7 +4270,6 @@
NATIVE_METHOD(NativeCrypto, SSL_SESSION_get_time, "(I)J"),
NATIVE_METHOD(NativeCrypto, SSL_SESSION_get_version, "(I)Ljava/lang/String;"),
NATIVE_METHOD(NativeCrypto, SSL_SESSION_cipher, "(I)Ljava/lang/String;"),
- NATIVE_METHOD(NativeCrypto, SSL_SESSION_compress_meth, "(II)Ljava/lang/String;"),
NATIVE_METHOD(NativeCrypto, SSL_SESSION_free, "(I)V"),
NATIVE_METHOD(NativeCrypto, i2d_SSL_SESSION, "(I)[B"),
NATIVE_METHOD(NativeCrypto, d2i_SSL_SESSION, "([B)I"),
diff --git a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
index c8df4ab..2d78238 100644
--- a/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
+++ b/luni/src/test/java/org/apache/harmony/xnet/provider/jsse/NativeCryptoTest.java
@@ -1628,76 +1628,6 @@
server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
}
- public void test_SSL_SESSION_compress_meth_null() throws Exception {
- try {
- NativeCrypto.SSL_SESSION_compress_meth(NULL, NULL);
- fail();
- } catch (NullPointerException expected) {
- }
-
- {
- int c = NativeCrypto.SSL_CTX_new();
- try {
- NativeCrypto.SSL_SESSION_compress_meth(c, NULL);
- } catch (NullPointerException expected) {
- }
- NativeCrypto.SSL_CTX_free(c);
- }
- }
-
- public void test_SSL_SESSION_compress_meth_NULL() throws Exception {
- final ServerSocket listener = new ServerSocket(0);
-
- Hooks cHooks = new Hooks() {
- @Override
- public void afterHandshake(int session, int s, int c,
- Socket sock, FileDescriptor fd,
- SSLHandshakeCallbacks callback)
- throws Exception {
- assertEquals("NULL", NativeCrypto.SSL_SESSION_compress_meth(c, session));
- super.afterHandshake(session, s, c, sock, fd, callback);
- }
- };
- Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates());
- Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null);
- Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null);
- client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
- server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
- }
-
- public void test_SSL_SESSION_compress_meth_ZLIB() throws Exception {
- final ServerSocket listener = new ServerSocket(0);
-
- Hooks cHooks = new Hooks() {
- @Override
- public int beforeHandshake(int c) throws SSLException {
- int s = super.beforeHandshake(c);
- NativeCrypto.SSL_clear_options(s, NativeCrypto.SSL_OP_NO_COMPRESSION);
- return s;
- }
- @Override
- public void afterHandshake(int session, int s, int c,
- Socket sock, FileDescriptor fd,
- SSLHandshakeCallbacks callback)
- throws Exception {
- assertEquals("ZLIB", NativeCrypto.SSL_SESSION_compress_meth(c, session));
- super.afterHandshake(session, s, c, sock, fd, callback);
- }
- };
- Hooks sHooks = new ServerHooks(getServerPrivateKey(), getServerCertificates()) {
- @Override
- public int beforeHandshake(int c) throws SSLException {
- int s = super.beforeHandshake(c);
- NativeCrypto.SSL_clear_options(s, NativeCrypto.SSL_OP_NO_COMPRESSION);
- return s;
- }
- };
- Future<TestSSLHandshakeCallbacks> client = handshake(listener, 0, true, cHooks, null);
- Future<TestSSLHandshakeCallbacks> server = handshake(listener, 0, false, sHooks, null);
- client.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
- server.get(TIMEOUT_SECONDS, TimeUnit.SECONDS);
- }
-
public void test_SSL_SESSION_free() throws Exception {
try {
NativeCrypto.SSL_SESSION_free(NULL);
