bouncycastle: upgrade to version 1.56

Merge remote-tracking branch 'aosp/upstream-master' into merge-to-156 Test: ran the following cts modules: CtsLibcoreFileIOTestCases CtsLibcoreJavaUtilCollectionsTestCases CtsLibcoreJsr166TestCases CtsLibcoreLegacy22TestCases CtsLibcoreOjTestCases CtsLibcoreOkHttpTestCases CtsLibcoreTestCases Bug: 31076342 Change-Id: Iceb926dc5a312b2047bf19d1c82fb16e42bc1461
author: Sergio Giro <sgiro@google.com> 2017-01-04 18:16:22 +0000
committer: Sergio Giro <sgiro@google.com> 2017-01-19 19:49:45 +0000
commit: 7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4 (patch)
tree: 8ebc72ead6f9a80938fdba92e217da96ee451037 /bcprov/src/main/java/org/bouncycastle/jce
parent: fba1a1dba277746d3be0667de9eb4b98494a1963 (diff)
parent: eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff)
download: bouncycastle-7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4.tar.gz
4 files changed, 74 insertions, 8 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index e5463aa0..6a7c9e62 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -44,7 +44,7 @@ import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
 public final class BouncyCastleProvider extends Provider
     implements ConfigurableProvider
 {
-    private static String info = "BouncyCastle Security Provider v1.54";
+    private static String info = "BouncyCastle Security Provider v1.56";
 
     public static final String PROVIDER_NAME = "BC";
 
@@ -60,14 +60,14 @@ public final class BouncyCastleProvider extends Provider
     private static final String[] SYMMETRIC_GENERIC =
     {
         // BEGIN android-changed
-        // Was: "PBEPBKDF2", "PBEPKCS12"
+        // Was: "PBEPBKDF2", "TLSKDF"
         "PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters"
     };
 
     private static final String[] SYMMETRIC_MACS =
     {
         // BEGIN android-removed
-        // "SipHash"
+        // "SipHash", "Poly1305"
         // END android-removed
     };
 
@@ -132,9 +132,19 @@ public final class BouncyCastleProvider extends Provider
     private static final String KEYSTORE_PACKAGE = "org.bouncycastle.jcajce.provider.keystore.";
     private static final String[] KEYSTORES =
     {
-        "BC", "PKCS12"
+        "BC", "BCFKS", "PKCS12"
     };
 
+    // BEGIN android-removed
+    // /*
+    //  * Configurable secure random
+    //  */
+    // private static final String SECURE_RANDOM_PACKAGE = "org.bouncycastle.jcajce.provider.drbg.";
+    // private static final String[] SECURE_RANDOMS =
+    // {
+    //     "DRBG"
+    // };
+
     /**
      * Construct a new provider.  This should only be required when
      * using runtime registration of the provider using the
@@ -142,7 +152,7 @@ public final class BouncyCastleProvider extends Provider
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.54, info);
+        super(PROVIDER_NAME, 1.56, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {
@@ -171,6 +181,8 @@ public final class BouncyCastleProvider extends Provider
         loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
 
         // BEGIN android-removed
+        // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
+        //
         // //
         // // X509Store
         // //
@@ -287,13 +299,24 @@ public final class BouncyCastleProvider extends Provider
 
     public void addKeyInfoConverter(ASN1ObjectIdentifier oid, AsymmetricKeyInfoConverter keyInfoConverter)
     {
-        keyInfoConverters.put(oid, keyInfoConverter);
+        synchronized (keyInfoConverters)
+        {
+            keyInfoConverters.put(oid, keyInfoConverter);
+        }
+    }
+
+    private static AsymmetricKeyInfoConverter getAsymmetricKeyInfoConverter(ASN1ObjectIdentifier algorithm)
+    {
+        synchronized (keyInfoConverters)
+        {
+            return (AsymmetricKeyInfoConverter)keyInfoConverters.get(algorithm);
+        }
     }
 
     public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo)
         throws IOException
     {
-        AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(publicKeyInfo.getAlgorithm().getAlgorithm());
+        AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(publicKeyInfo.getAlgorithm().getAlgorithm());
 
         if (converter == null)
         {
@@ -306,7 +329,7 @@ public final class BouncyCastleProvider extends Provider
     public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo)
         throws IOException
     {
-        AsymmetricKeyInfoConverter converter = (AsymmetricKeyInfoConverter)keyInfoConverters.get(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm());
+        AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm());
 
         if (converter == null)
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java
index cda05e83..f89b9fd7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProviderConfiguration.java
@@ -1,6 +1,11 @@
 package org.bouncycastle.jce.provider;
 
 import java.security.Permission;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 import javax.crypto.spec.DHParameterSpec;
 
@@ -21,12 +26,18 @@ class BouncyCastleProviderConfiguration
         BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.THREAD_LOCAL_DH_DEFAULT_PARAMS);
     private static Permission BC_DH_PERMISSION = new ProviderConfigurationPermission(
         BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.DH_DEFAULT_PARAMS);
+    private static Permission BC_EC_CURVE_PERMISSION = new ProviderConfigurationPermission(
+        BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.ACCEPTABLE_EC_CURVES);
+    private static Permission BC_ADDITIONAL_EC_CURVE_PERMISSION = new ProviderConfigurationPermission(
+        BouncyCastleProvider.PROVIDER_NAME, ConfigurableProvider.ADDITIONAL_EC_PARAMETERS);
 
     private ThreadLocal ecThreadSpec = new ThreadLocal();
     private ThreadLocal dhThreadSpec = new ThreadLocal();
 
     private volatile ECParameterSpec ecImplicitCaParams;
     private volatile Object dhDefaultParams;
+    private volatile Set acceptableNamedCurves = new HashSet();
+    private volatile Map additionalECParameters = new HashMap();
 
     void setParameter(String parameterName, Object parameter)
     {
@@ -118,6 +129,24 @@ class BouncyCastleProviderConfiguration
                 throw new IllegalArgumentException("not a valid DHParameterSpec or DHParameterSpec[]");
             }
         }
+        else if (parameterName.equals(ConfigurableProvider.ACCEPTABLE_EC_CURVES))
+        {
+            if (securityManager != null)
+            {
+                securityManager.checkPermission(BC_EC_CURVE_PERMISSION);
+            }
+
+            this.acceptableNamedCurves = (Set)parameter;
+        }
+        else if (parameterName.equals(ConfigurableProvider.ADDITIONAL_EC_PARAMETERS))
+        {
+            if (securityManager != null)
+            {
+                securityManager.checkPermission(BC_ADDITIONAL_EC_CURVE_PERMISSION);
+            }
+
+            this.additionalECParameters = (Map)parameter;
+        }
     }
 
     public ECParameterSpec getEcImplicitlyCa()
@@ -164,4 +193,14 @@ class BouncyCastleProviderConfiguration
 
         return null;
     }
+
+    public Set getAcceptableNamedCurves()
+    {
+        return Collections.unmodifiableSet(acceptableNamedCurves);
+    }
+
+    public Map getAdditionalECParameters()
+    {
+        return Collections.unmodifiableMap(additionalECParameters);
+    }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
index b6885ace..b8308207 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CRLObject.java
@@ -53,6 +53,7 @@ import org.bouncycastle.util.encoders.Hex;
  * CRL Number
  * Delta CRL Indicator (critical)
  * Issuing Distribution Point (critical)
+ * @deprecated Do not use this class directly - either use org.bouncycastle.cert (bcpkix) or CertificateFactory.
  */
 public class X509CRLObject
     extends X509CRL
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
index 09703f4c..4a0166b2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
@@ -69,6 +69,9 @@ import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.encoders.Hex;
 
+/**
+ * @deprecated Do not use this class directly - either use org.bouncycastle.cert (bcpkix) or CertificateFactory.
+ */
 public class X509CertificateObject
     extends X509Certificate
     implements PKCS12BagAttributeCarrier
author	Sergio Giro <sgiro@google.com>	2017-01-04 18:16:22 +0000
committer	Sergio Giro <sgiro@google.com>	2017-01-19 19:49:45 +0000
commit	7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4 (patch)
tree	8ebc72ead6f9a80938fdba92e217da96ee451037 /bcprov/src/main/java/org/bouncycastle/jce
parent	fba1a1dba277746d3be0667de9eb4b98494a1963 (diff)
parent	eaf604a467ff401cd0e0f74051ff5afa9e07359d (diff)
download	bouncycastle-7dad97b63c47edea4e3afb374dcd00c7b7a1bdd4.tar.gz