diff options
author | Adam Vartanian <flooey@google.com> | 2017-11-28 11:25:00 +0000 |
---|---|---|
committer | Adam Vartanian <flooey@google.com> | 2017-11-28 15:52:04 +0000 |
commit | 6b5b8b2f1e184da74aa4b2d083cb3f6a3c227844 (patch) | |
tree | 5a98009437bbdb1e906bd00c94c871ffba530783 /bcprov/src/main/java | |
parent | 7377028a95a04fd7de0a8b4d821cfb2db7e66f3e (diff) | |
download | bouncycastle-6b5b8b2f1e184da74aa4b2d083cb3f6a3c227844.tar.gz |
Have BC use default provider rather than always BC
In cases where BC algorithms need access to other algorithms, switch to
using the default implementation of JCA algorithms rather than always
using the BC version. Some non-deprecated BC algorithms can access
deprecated BC implementations by using this scheme, and in general we want
to use Conscrypt algorithms when available.
Also comment out a class that isn't ever used.
Bug: 68057944
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsKeystoreTestCases
Change-Id: Iec4f395b0c6c59865ff6179a4edd3124d2967da9
Diffstat (limited to 'bcprov/src/main/java')
6 files changed, 32 insertions, 11 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java index 5a3af046..b7966ef2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java @@ -35,14 +35,18 @@ import org.bouncycastle.crypto.params.ParametersWithRandom; import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi; import org.bouncycastle.jcajce.provider.util.BadBlockException; import org.bouncycastle.jcajce.provider.util.DigestFactory; -import org.bouncycastle.jcajce.util.BCJcaJceHelper; +// Android-changed: Use default provider for JCA algorithms instead of BC +// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; import org.bouncycastle.jcajce.util.JcaJceHelper; import org.bouncycastle.util.Strings; public class CipherSpi extends BaseCipherSpi { - private final JcaJceHelper helper = new BCJcaJceHelper(); + // Android-changed: Use default provider for JCA algorithms instead of BC + // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); + private final JcaJceHelper helper = new DefaultJcaJceHelper(); private AsymmetricBlockCipher cipher; private AlgorithmParameterSpec paramSpec; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index de48b81f..efeaa9ae 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -97,7 +97,9 @@ import org.bouncycastle.jcajce.PKCS12StoreParameter; // Android-removed: Unsupported algorithms // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec; import org.bouncycastle.jcajce.spec.PBKDF2KeySpec; -import org.bouncycastle.jcajce.util.BCJcaJceHelper; +// Android-changed: Use default provider for JCA algorithms instead of BC +// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; import org.bouncycastle.jcajce.util.JcaJceHelper; import org.bouncycastle.jce.interfaces.BCKeyStore; import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier; @@ -112,7 +114,9 @@ public class PKCS12KeyStoreSpi extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore { - private final JcaJceHelper helper = new BCJcaJceHelper(); + // Android-changed: Use default provider for JCA algorithms instead of BC + // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); + private final JcaJceHelper helper = new DefaultJcaJceHelper(); private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 1024; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java index c6dcd901..de2e548c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java @@ -159,8 +159,6 @@ public final class DES super(new RFC3211WrapEngine(new DESEngine()), 8); } } - */ - // END Android-removed: Unsupported algorithms public static class AlgParamGen extends BaseAlgorithmParameterGenerator @@ -199,6 +197,8 @@ public final class DES return params; } } + */ + // END Android-removed: Unsupported algorithms /** * DES - the default for this is to generate a key in diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java index 296d6925..2237e26e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java @@ -6,13 +6,17 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; -import org.bouncycastle.jcajce.util.BCJcaJceHelper; +// Android-changed: Use default provider for JCA algorithms instead of BC +// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; import org.bouncycastle.jcajce.util.JcaJceHelper; public abstract class BaseAlgorithmParameterGenerator extends AlgorithmParameterGeneratorSpi { - private final JcaJceHelper helper = new BCJcaJceHelper(); + // Android-changed: Use default provider for JCA algorithms instead of BC + // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); + private final JcaJceHelper helper = new DefaultJcaJceHelper(); protected SecureRandom random; protected int strength = 1024; diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java index 74d22c5d..a735af8b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java @@ -272,7 +272,12 @@ public class BaseBlockCipher try { engineParams = createParametersInstance(name); - engineParams.init(ivParam.getIV()); + // Android-changed: Use IvParameterSpec instead of passing raw bytes. + // The documentation of init() says that a byte array should be decoded + // as ASN.1, and Conscrypt's implementations follow that requirement, + // even though Bouncy Castle's implementations don't. Wrapping it in + // an IvParameterSpec makes the interpretation unambiguous to both. + engineParams.init(new IvParameterSpec(ivParam.getIV())); } catch (Exception e) { diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java index 2d1080f2..58da98e7 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java @@ -34,7 +34,9 @@ import org.bouncycastle.crypto.Wrapper; import org.bouncycastle.crypto.params.KeyParameter; import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.params.ParametersWithRandom; -import org.bouncycastle.jcajce.util.BCJcaJceHelper; +// Android-changed: Use default provider for JCA algorithms instead of BC +// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper; +import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; import org.bouncycastle.jcajce.util.JcaJceHelper; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.Arrays; @@ -67,7 +69,9 @@ public abstract class BaseWrapCipher private int ivSize; private byte[] iv; - private final JcaJceHelper helper = new BCJcaJceHelper(); + // Android-changed: Use default provider for JCA algorithms instead of BC + // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); + private final JcaJceHelper helper = new DefaultJcaJceHelper(); protected BaseWrapCipher() { |