Age | Commit message (Collapse) | Author |
|
am: bc2920a011
* commit 'bc2920a01178e113adae55c9c49883395a554448':
GCMParameters: fix insecure tag size
|
|
am: 9ca2dfa49b
* commit '9ca2dfa49bd6ea3a9731d1349fe0191e018bf909':
GCMParameters: fix insecure tag size
|
|
am: 4d0e19131d
* commit '4d0e19131da68053fe1a73d43052bedadb107c70':
GCMParameters: fix insecure tag size
|
|
Note: port of cr/110497945
Bug: 26231099
Bug: 26234568
Change-Id: I3eef233b15ded9553c3cdfd1c51ffef306276f7d
|
|
Merge remote-tracking branch 'aosp/upstream-master'
(cherry picked from commit 4a2d5c40ffefaaa02c656a091f33fecdf8592607)
Change-Id: Icd734732677bc8ed04d8cd78bbb686efa152ed58
|
|
Adding missing files
Change-Id: Ife77e8b1df7ec05555b29fb48a984f4c0da2e562
|
|
Change-Id: I3958e32dd005cfb37985a6f13e2464a872290658
|
|
Diff after this chnage shows no difference with respect to
99cbec7970df89800c3592544c47fbd19430b764
(last commit before merging from bouncycastle upstream).
Change-Id: I58f35ee4fa01e3a78305c5ebba9b8d125b49a838
|
|
am: 4c951c2970
* commit '4c951c2970bbfcf318d58cde213ccbee935545a9':
Restoring the contents of aosp after
|
|
Change-Id: I98b0db452ed915b9589dbc7164ea4800eadb9d1e
|
|
am: 3e75bd6b40
* commit '3e75bd6b407dd472c834a50f16aae54cca67ea9c':
Restoring the contents of aosp after
|
|
merge-152-from-upstream"
am: 9218edabd1
* commit '9218edabd1ef9852bc2f13115dcadc81b442dd6c':
Update elements in android tree as in aosp and goog ToT
bouncycastle: Android tree with upstream code for version 1.52
Update elements in android tree as in mnc-dev
bouncycastle: Android tree with upstream code for version 1.50
Update elements in android tree as in lmp-dev
bouncycastle: Android tree with upstream code for version 1.49
|
|
https://android-review.git.corp.google.com/#/c/199871
git diff 9b30eb05e5be69d51881a0d1b31e503e97acd784
(ToT before submitting the patch above)
doesn't show any differences
Change-Id: I9f424a67094839f1893a23cd46ec7d6f0992ac26
|
|
As to set a common ancestor for future merges from aosp/upstream-master
(when updating to new versions of bouncycastle).
We'll override all the changes of this commit with patch
https://android-review.googlesource.com/#/c/199872
Change-Id: I53a7f797b520a6e119878dbae53246cdcc585ddf
|
|
Android tree as of
1af9aad12fedf1d93333e19f5ed0ab86f1cc4e2a
Change-Id: I714fa0954a5d000cd88d1fb78b0b7fe28246d404
|
|
Android tree as of c0d8909a6c6a4ac075a9dee7ac1fe6baff34acc0
Change-Id: I8d381554d6edec32aae8ff5bab5d5314f0954440
|
|
Android tree as of 08e455bd61ddaa02255383e85480b0d9cde6e954
Change-Id: I99dab80b49707f0fdefb67ccd1bcfe765363b5e5
|
|
Bug: 24106146
Change-Id: Ic3cb8d87ac86700cab15c553e9cc638b55d92df4
|
|
The key check was placed in the wrong position when a random source was
specified. Move it above the wrapping of the parameters when random is
specified to avoid casting error.
Bug: 24082558
Bug: 25789194
Change-Id: Id5c46ba060cbdd2537e6215661a25d232bed50b2
|
|
am: 50540595ae
* commit '50540595aea200a7aeda15393daa15396973f462':
Expose PSS AlgorithmParameters to JCA.
|
|
am: 81cafc9f97
* commit '81cafc9f97b8e277c1f2faa0f2930d1c8481cbeb':
Expose PSS AlgorithmParameters to JCA.
|
|
Bug: 25794302
Change-Id: I341ab1e0c295a05d6edf6a2237be93a86d517ec1
|
|
Bug: 24106146
Adapted from commit 9462245630b2913830b63310aa0d40a0901ccae5
Change-Id: Ic3cb8d87ac86700cab15c553e9cc638b55d92df4
|
|
Bug: 24106146
Adapted from commit 9462245630b2913830b63310aa0d40a0901ccae5
Change-Id: Ic3cb8d87ac86700cab15c553e9cc638b55d92df4
|
|
Bug: 24106146
Adapted from commit 9462245630b2913830b63310aa0d40a0901ccae5
Change-Id: Ic3cb8d87ac86700cab15c553e9cc638b55d92df4
|
|
Verify that the public key is in the curve defined by the private key
and explicitly construct public key using the private key's curve.
Bug: 24082558
Change-Id: I146c58ba543d829565e1b199879003a662e57f19
|
|
I.e. the used to failed test which uses large q (e.g. 224-bits) for
SHA1withDSA passes after the fix. The fix is to check DSA parameters
in initSign() and initVerify() in DSASigner.java.
Bug: 24082558
Change-Id: Ic45507e7888ca242d473849e6612a8bed7135c1c
|
|
* commit 'ab6fbde31a14919f5e0ff8792ace53be30230a15':
GCM: fix mode and padding set
|
|
Since "GCM" was renamed to "AES/GCM/NoPadding" to correspond to the
StandardNames document, the mode and padding weren't being set via the
Cipher#init call since it assumed the CipherSpi already knew its mode
and padding.
(cherry picked from commit 65581d2bbf27de395c221f5f7f4fd93cbab091ff)
Bug: 22611918
Change-Id: Ib85438a1c95ffda526dbbac8793b04ff02d40fcc
|
|
Since "GCM" was renamed to "AES/GCM/NoPadding" to correspond to the
StandardNames document, the mode and padding weren't being set via the
Cipher#init call since it assumed the CipherSpi already knew its mode
and padding.
Bug: 22611918
Change-Id: Ib85438a1c95ffda526dbbac8793b04ff02d40fcc
|
|
Baseline Requirements say the serial number must have 20-bits of
entropy, but some certificates are issued not in compliance. This causes
issues where they are falsely marked as blacklisted. Until there is
issuer + serial number matching, we can just use the pubkey matching for
the certificates that are blacklisted with non-compliant serial numbers.
Bug: 21736046
Change-Id: I66b1e94f2c67ddd3b6fe690331f8fb12e16a8bc0
|
|
X.509 certificates made with DSA signatures have the X9 DSA with SHA1
OID typically, so we need Bouncycastle to register this OID as an alias
for the DSA KeyFactory.
We also need to remove a manual OID alias added for Signatures which
probably indicates how this slipped through the cracks.
(cherry picked from commit 75fc34101f063fe3534de7340beb13c87786e6e1)
Bug: 21209493
Change-Id: I12a88ead61c626343d96a9c335bdf40e615894bd
|
|
X.509 certificates made with DSA signatures have the X9 DSA with SHA1
OID typically, so we need Bouncycastle to register this OID as an alias
for the DSA KeyFactory.
We also need to remove a manual OID alias added for Signatures which
probably indicates how this slipped through the cracks.
Bug: 21209493
Change-Id: I12a88ead61c626343d96a9c335bdf40e615894bd
|
|
This reverts commit 36995a1668ccfc521253ffae6f705d0af028ca3e.
Change-Id: Idf059fc9804838bed8f623421d342f43f5284b03
|
|
This reverts commit f2ca73c07d072282905ed43d2b866278caabe12f.
Change-Id: If6c261b71521f79582ca0a742a1aa02be31c70fe
|
|
X.509 certificates made with DSA signatures have the X9 DSA with SHA1
OID typically, so we need Bouncycastle to register this OID as an alias
for the DSA KeyFactory.
(cherry picked from commit 36995a1668ccfc521253ffae6f705d0af028ca3e)
Bug: 21209493
Change-Id: I1c2fe6d7f638974ab54589bf757e66ff452ad395
|
|
X.509 certificates made with DSA signatures have the X9 DSA with SHA1
OID typically, so we need Bouncycastle to register this OID as an alias
for the DSA KeyFactory.
Bug: 21209493
Change-Id: I1c2fe6d7f638974ab54589bf757e66ff452ad395
|
|
NIST SP800 131A recommends 112-bits as the lowest security level
acceptable after December 31, 2013. Although the 239-bit EC group
meets that bar, the P-256, P-384, and P-521 are the more widely
supported options. Change the default to increase interoperability
while maintaining the security level recommended.
(cherry picked from commit c5a7ff00b9c78ce5e15de5b99dc78a7e8c83ecd3)
Bug: 21085656
Change-Id: Idb71fdc801bafc5ad38f0b87dc3847f48854563f
|
|
This matches the RI and doesn't get late binding confused when you call
Cipher.getInstance
(cherry picked from commit 4046cd0249e7ffa820dcd4318f4e81f737d8634c)
Bug: 21085702
Change-Id: I8f69e7b342fde4881f20e103240f0b289322ef4e
|
|
The default of 192 bit keys was the worst of all choices. 128-bit
runs faster on mobile devices.
(cherry picked from commit ac2a5751dc9578b1f2a8d99906e435993d36c8d6)
Bug: 21085656
Change-Id: Ie4d15ea35e46a157f8c0d43a91e699135e2c58d1
|
|
NIST SP800 131A recommends 112-bits as the lowest security level
acceptable after December 31, 2013. Although the 239-bit EC group
meets that bar, the P-256, P-384, and P-521 are the more widely
supported options. Change the default to increase interoperability
while maintaining the security level recommended.
Change-Id: Idb71fdc801bafc5ad38f0b87dc3847f48854563f
|
|
This matches the RI and doesn't get late binding confused when you call
Cipher.getInstance
Change-Id: I8f69e7b342fde4881f20e103240f0b289322ef4e
|
|
The default of 192 bit keys was the worst of all choices. 128-bit
runs faster on mobile devices.
Change-Id: Ie4d15ea35e46a157f8c0d43a91e699135e2c58d1
|
|
bug: 20545284
(cherry picked from commit fa0ac9cf9f44a17bb77070574674f2ef0ecc3498)
Change-Id: Ie640314c35a5a98fac32e15144eaf776e4f861cb
|
|
bug: 20545284
Change-Id: I0e075904b21e8f36e27126d646d86068b6f3dac7
|
|
Change-Id: I227db8e458e67af46ccb1c07bfca77a733f25979
|
|
Move the CertBlacklist instance to a NoPreloadHolder, then move the
System.getenv call in CertBlacklist to a constructor so it's not called
during class initialization.
(cherry picked from commit 7a21b9a68f2c90bdde986a98a55816d0cf3ea73e)
Bug: 18013422
Change-Id: I39d0f43f948dec243d2d7cb79726d0642638b77a
|
|
Move the CertBlacklist instance to a NoPreloadHolder, then move the
System.getenv call in CertBlacklist to a constructor so it's not called
during class initialization.
Bug: 18013422
Change-Id: I39d0f43f948dec243d2d7cb79726d0642638b77a
|
|
f98b02ab394044a3c237d2c7a2ee5ef65793e8e9 bcpkix-jdk15on-151.tar.gz
95e59ad2492598d729cfc559b480c3f172de5dc3 bcprov-jdk15on-151.tar.gz
Bug: 16578237
Change-Id: Ie4a3cd01b52b504a1098b00b413f1418273a6ef2
|
|
Without this, decoding X.509 certificates doesn't get a valid DH public
key since this OID is not registered by any other provider.
Change-Id: I82a5e4cfc3b63c3928299523725d24b838ca939c
|