Age | Commit message (Collapse) | Author |
|
Test: m
Bug: 70275132
Change-Id: I07d40c9235ca9532cec7e8b608863441be8ee2d0
|
|
I originally thought this was fine, but it could cause confusion
for developers encountering a PKCS#12 file using an unknown
algorithm. Instead, throw the original NoSuchAlgorithmException
from the BC Provider.
Bug: 230750823
Test: atest CtsLibcoreTestCases:tests.targets.security.KeyStorePkcs7FormatTest
Change-Id: I8a6d44d0e59bf0fb029ced4b8aa47908194bc161
|
|
Adds a private sub-Provider to BouncyCastleProvider which allows BC's
PKCS12 implementation to conintue using its own implementations of some
Macs and Ciphers which support PBES2.
These implementions are not exposed to apps and are only used
from BC internals.
Bug: 230750823
Test: atest
CtsLibcoreTestCases:tests.targets.security.KeyStorePkcs7FormatTest
Change-Id: Ic505d0259d16cdc66f9776e818efa20ed97aa32b
|
|
Test: atest CtsLibcoreOjTestCases:test.java.security.KeyStore.ProbeKeystores
Change-Id: I461a06b1edd53105e478ebb6a6fe3259219bca7f
|
|
android.keystore.cts.KeyStoreTest verifies that NPE is thrown on
null password. Android followed that behaviour historically, but
during upgrade to 1.68 upstream version was applied.
Bug: 179780002
Bug: 181339859
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I47c4d25ae3237e6580d5d1afcd731a87962028d0
|
|
BC 1.68 does not allow non-empty password for a keystore that does
not require one.
Upstream change: https://github.com/bcgit/bc-java/commit/a2e6598949ee83c8c23b98a372749ca378342706
Bug: 181188659
Bug: 179780002
Test: checked manually logcat for NPE entries on toggling WiFi ON/OFF
Change-Id: Ia9ee55dd99453af359babf4f23d0c5b8e4843878
|
|
There is a commented catch-block in BaseBlockCipher. We believe it was
added by mistake in
https://github.com/bcgit/bc-java/commit/8a7c4bbefd743b5f716aecbbc5001838576a2d6c.
For now we decided to skip it, but it needs follow-up with BC
maintainers.
Removed:
bcprov/src/main/java/org/bouncycastle/pqc
bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Zuc.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Blake2xsDigest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Haraka256Digest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Haraka512Digest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/HarakaBase.java
crypto/modes/ChaCha20Poly1305.java
EthereumIESEngine.java
NHSecretKeyProcessor
OscpCache
ProvRevocationChecker
PKIXCertPathValidatorSpi_8
JournaledAlgorithm
jcajce/interfaces
bcpkix/mime/test
bcpkix/cms/test
Bug: 179780002
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I69c493f9355b3775567148d9b7b1e7f4a71d03cf
|
|
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Test: atest CtsLibcoreTestCases:tests.com.android.org.bouncycastle.jce.provider.CertBlocklistTest
Change-Id: I22ba5a18182267d914cb4205128175518b7750cc
|
|
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Test: m
Change-Id: I392c51975ad161eb8aabfff847edd339a20fea46
|
|
Manually identified and commented out all deprecated BC functionality,
with exception of KeyFactory.RSA, which is still used by verity.
Since this process is error prone, added complementing tests to verify that none
of the removed methods can actually retrieved from BouncyCastle security
provider.
Additionally, BouncyCastle has a shortcut for getting its own KeyFactory
implementations. Since some of them are removed, we
need to load other available implementations the standard way, i.e.
KeyFactory.getInstance().
Bug: 67761667
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I4db04367f7564a99e2fa34db535cc60063ddaf16
|
|
Revert submission 1299358-remove_bc_algos
Reason for revert: broke higkey-userdebug
Bug: 155693016
Reverted Changes:
I98adb4d2f:Load default KeyFactory instead of BC's implementa...
I5256fe1c7:Remove deprecated BouncyCastle algorithms
I0437de742:Remove deprecated BouncyCastle algorithms
Ie9e0cfa02:Remove deprecated BouncyCastle algorithms
Change-Id: I28a9335361c8f30485ab2f47862ceebb79a456f5
|
|
Revert submission 1299358-remove_bc_algos
Reason for revert: broke higkey-userdebug
Bug: 155693016
Reverted Changes:
I98adb4d2f:Load default KeyFactory instead of BC's implementa...
I5256fe1c7:Remove deprecated BouncyCastle algorithms
I0437de742:Remove deprecated BouncyCastle algorithms
Ie9e0cfa02:Remove deprecated BouncyCastle algorithms
Change-Id: I477e84bd3009bfdcbc7207e744f590295dbda64b
|
|
|
|
BouncyCastle has a shortcut for getting its own KeyFactory implementations. Since some of them are removed, e.g. KeyFactory.RSA, we need to load other available implementations.In particular BKS KeyStore, that is only available in BouncyCastle, uses KeyFactory.RSA, so this Android modifications are necessary for the KeyStore to keep functioning.
Test: cts -m CtsLibcoreOkHttpTestCases
Bug: 67761667
Change-Id: I98adb4d2f475e8b600a44b655ade83cd94c1efbd
|
|
Manually identified and commented out all deprecated BC functionality.
Since this is error prone, added complementing tests to verify that none
of the removed methods can actually retrieved from BouncyCastle security
provider.
Bug: 67761667
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I0437de74282ed8e5c5cbd0e2adb9bce2f73382c4
|
|
This reverts commit d8b28eb10bb59d1a538d0a91b7a2a08aa4cf3819.
Reason for revert: This actually fails the following tests. This hasn't been noticed because srcgen wasn't run so these changes haven't taken effect yet:
org.apache.harmony.crypto.tests.javax.crypto.func.CipherAesTest#test_AesISO
org.apache.harmony.crypto.tests.javax.crypto.func.CipherAesTest#test_AesNoISO
org.apache.harmony.crypto.tests.javax.crypto.func.CipherDESedeTest#test_DESedeISO
org.apache.harmony.crypto.tests.javax.crypto.func.CipherDESedeTest#test_DESedeNoISO
org.apache.harmony.crypto.tests.javax.crypto.func.CipherDesTest#test_DesISO
org.apache.harmony.crypto.tests.javax.crypto.func.CipherDesTest#test_DesNoISO
Change-Id: Iade95646bb6ad499610e63ceb2d42cc4821ad208
|
|
Ensure that ciphers are picked by exact mode name match instead of by
prefix. Also the mode names are case insensitive [1], hence use
equalsIgnoreCase
[1]
https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html
Bug: 148376475
Test: atest CtsLibcoreTestCases
Change-Id: I23d25d072f7b1f53f2697a3c8a1fb8444ff87cab
|
|
EAP MSCHAPv2 requires the MD4 hash algorithm for peer authentication.
This commit provides the BouncyCastle MD4Digest implementation as
core-platform-api so the EAP library can use it.
Bug: 140928282
Test: Build succeeds. EAP using this, tests passing.
Change-Id: Ibf98930cd92298e79f355313f54cfeca98baee71
|
|
In Conscrypt, we're adding AES/GCM-SIV/NoPadding as a cipher, which is
a different cipher than AES/GCM/NoPadding. Bouncy Castle previously
treated any mode that started with "GCM" as being GCM, which now means
it will supply the (incorrectly functioning) GCM mode when GCM-SIV is
requested. Make the match more strict to keep that from happening.
We could consider doing the same for other modes that aren't defined
to take a block size suffix, like CCM and CTR, but for now we might as
well avoid too much diff from upstream.
Test: cts -m CtsLibcoreTestCases
Change-Id: I1430fd7678679b1ed23d9c511bc8a1211a7f8c91
|
|
Contains performance fixes to this class made between
BC version 1.61 (latest in AOSP) and 1.62 (latest public release)
in response to https://github.com/bcgit/bc-java/issues/484
Combines 3 BC commits which together apply cleanly to AOSP:-
https://github.com/bcgit/bc-java/commit/f72dd46
https://github.com/bcgit/bc-java/commit/522f6de
https://github.com/bcgit/bc-java/commit/a34ea0e
Does not contain the regression test added as part of those commits
as AOSP does not use or contain the relevant test framework.
Patch applies cleanly, and so should not cause any problems
when AOSP is updated to the rest of BC 1.62, or later.
Looking at the numbers logged by DHParametersHelper:-
$ adb logcat -d -e 'Generated safe primes'
07-01 15:57:09.417 3694 3726 I DHParametersHelper: Generated safe primes: 2248 tries took 896694ms
07-01 16:03:06.522 4518 4539 I DHParametersHelper: Generated safe primes: 922 tries took 346307ms
07-01 16:06:28.482 4832 4854 I DHParametersHelper: Generated safe primes: 507 tries took 191524ms
07-01 16:06:58.632 5082 5103 I DHParametersHelper: Generated safe primes: 50 tries took 19845ms
07-01 16:10:04.858 5273 5294 I DHParametersHelper: Generated safe primes: 433 tries took 176079ms
07-01 16:16:47.069 5519 5540 I DHParametersHelper: Generated safe primes: 953 tries took 391526ms
=> 5113 tries took 2021975ms, or 395ms per try.
From a taimen-eng build without the patch:-
07-01 13:41:55.800 14783 14804 I DHParametersHelper: Generated safe primes: 375 tries took 452465ms
07-01 13:57:51.450 15234 15255 I DHParametersHelper: Generated safe primes: 698 tries took 886154ms
07-01 14:13:59.091 15891 15912 I DHParametersHelper: Generated safe primes: 308 tries took 410750ms
07-01 14:33:30.084 16531 16552 I DHParametersHelper: Generated safe primes: 513 tries took 671493ms
=> 1894 tries took 2420862ms, or 1276ms per try.
Bug: 136447095
Test: atest CtsLibcoreTestCases
Change-Id: Iacd883187cc8249d287c8e5ef92ce7811d4cd540
|
|
BC added an optimization for a BC-specific key generation params class
that ultimately causes Wycheproof's DhTest to fail. While I believe
it would be safe to include that optimization, in the interest of
being conservative, I'm going to disable it to maintain the behavior of
previous versions.
Bug: 124926190
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Change-Id: I6aa9945d1e0f55cc4789d35edd41cc47fe61a3d6
|
|
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Change-Id: Ifcd182a8537439b945aedf80741bd51cbce37e49
|
|
This fixed the warning that is being printed by metalava:
external/bouncycastle/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/ReasonsMask.java:69: warning: Replaced teh with the in the documentation for method com.android.org.bouncycastle.jce.provider.ReasonsMask.intersect(com.android.org.bouncycastle.jce.provider.ReasonsMask) [Typo]
This has been fixed upstream already in:
https://github.com/bcgit/bc-java/pull/454
Test: None
Change-Id: Ide5df1089f173d1e23e2bfa144a47ebb95b060ca
|
|
Test: no tests needed, this branch is only for diffing against upstream
Change-Id: I229752afcbb6c113248155b5dd969bd73b697e42
|
|
b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab am: 87804b8da9 am: 883aa9d8f8 am: 8221e0766e
am: 1dd6ff9211
Change-Id: Icdcda163ef35afc1c9e2bdcc39f082b1b82b3522
|
|
b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab am: 87804b8da9 am: 883aa9d8f8
am: 8221e0766e
Change-Id: I65459162d9af9e07fa7a5de294d7bd54375c5d0b
|
|
b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab am: 87804b8da9
am: 883aa9d8f8
Change-Id: I845c8716a1f37a5d6a74ff4779d98704313a41bd
|
|
b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab
am: 87804b8da9
Change-Id: I71dcde16b772afb4d12aaca388b636193c6c58cf
|
|
b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab
Change-Id: I6c4990456568483d2718cfe7597aa3a56cbd1836
|
|
This fix from upstream fixes a problem where the number of iterations
used to confirm that a number is prime was based off the length of the
key rather than the length of the factors p and q. Fewer iterations
are called for for a longer number, so this resulted in a
lower-than-expected confidence in the primality of the key factors.
This only affects apps that use RSAKeyPairGenerator directly (which is
not a public API), rather than those that use
java.security.KeyPairGenerator.
Upstream commits:
https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
Bug: 79148652
Test: make
Change-Id: I759a226afc9dbd948611eed99ad89ab7f59b09f8
|
|
The Javadoc for javax.crypto.Cipher.doFinal() and friends states that
Ciphers should throw ShortBufferException when given an output buffer
that's too small to hold the output. BC does this in its other
classes, but the RSA implementation doesn't check the output buffer
size and just throws ArrayIndexOutOfBoundsException when it tries to
fill the output buffer.
This is bad not only because it's the wrong exception, but because it
modifies the Cipher object's internal buffers when it does it, which
means that passing a too-short buffer and then calling doFinal() again
with a properly-sized buffer will result in incorrect output.
This fixes tests that have been added for this case in Conscrypt
upstream.
Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt.javax.crypto
Change-Id: Ieac98be5b9574006f1409911103487b8b55bb94e
|
|
Helps simplify build rules and reasoning about unbundled versions
of BC etc. We now unconditionally compile both implementations of
the factory interface into all variants of the library but always
select the conscrypt version at runtime.
Test: make
Test: CtsLibcoreTestCases
Change-Id: I246520005921606ab76a16ed9c2046632a4fb91d
|
|
When a BC cipher is initialized with a BC PBE key that has no IV and
an IV isn't passed in the parameters, BC 1.52 initialized the cipher
with an all-zero IV, and we've been carrying that behavior as a
compatibility patch. We want to move to a world where that situation
is rejected, so start out with an error log warning developers that
the behavior will change in the future.
Bug: 27995180
Bug: 70275132
Test: cts -m CtsLibcoreTestCases
Change-Id: I2d73fb2f97f21cdf4c48f70b8dbc93a2a074f48d
|
|
In cases where BC algorithms need access to other algorithms, switch to
using the default implementation of JCA algorithms rather than always
using the BC version. Some non-deprecated BC algorithms can access
deprecated BC implementations by using this scheme, and in general we want
to use Conscrypt algorithms when available.
Also comment out a class that isn't ever used.
Bug: 68057944
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsKeystoreTestCases
Change-Id: Iec4f395b0c6c59865ff6179a4edd3124d2967da9
|
|
The default implementation of the BKS KeyStore always requests the Bouncy
Castle implementation of JCA algorithms, which will fail when those
algorithms are deprecated. Have it use the default provider instead, which
will result in it using Conscrypt versions instead when available.
Bug: 67626877
Test: cts -m CtsLibcoreTestCases
Change-Id: I0e8bef840581169dec210fa804554ac1d46fa65e
|
|
We intended to remove some lingering ciphers that weren't particularly useful,
but it turns out that some KeyStore implementations require them to be
present. Add a note for the enlightenment of future generations.
Test: make bouncycastle
Change-Id: I158bb047ce5253e468afad2bfcea6b38b333dc35
|
|
For the most part, this is just changing markers that had no explanatory
text and adding an explanation. Some more detail on two of the common
explanations:
"Unsupported algorithms": We choose not to ship a whole lot of the
various crypto algorithms that Bouncy Castle supports. Justfying each
individual choice to disable a given algorithm is out of place in the
code and also doesn't have a natural home (since each algorithm is
disabled in upwards of a dozen places), so just mark where algorithms
are disabled due to being unsupported.
"Unknown reason": I looked in the history and couldn't find any
justification for the change. Generally these changes were made in
commits with descriptions like "bouncycastle 1.49 upgrade" from multiple
years ago. I don't want to change behavior in this change, so I left
these changes as they were; these can be revisited in the future if
desired.
This change also reverts some diffs from upstream, both inside disabled
blocks of code (which is irrelevant) and ones that are active but have
no behavioral change (for example, an added package-visible constructor
that isn't called by any class in the package). There're also a number
of whitespace-only changes that revert diffs from upstream.
Bug: 63092064
Test: cts -m CtsLibcoreTestCases
Change-Id: I27c61063eda849455bc93edaf180acefb5eed217
|
|
Merge remote-tracking branch 'aosp/upstream-master' into merge-157
Notable changes or modifications beyond a simple merge:
* Omitted a lot of new code that's unnecessary for us
* Commented out new algorithm support, mostly ARIA and GM
* Default DSA key size returned to 1024
* Restored org.bouncycastle.asn1.pkcs.Attribute, it was removed
previously but modifications to code we use need it
This change integrates a change from Bouncy Castle that increases the
default key size for DH from 1024 to 2048, which seems like a good
idea because 1024-bit keys are at the end of acceptable security at this
point. This shouldn't be a problem for apps, because this only affects
the default (so anyone who cares can specify a key size) and only
affects creating new keys.
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreFileIOTestCases
Test: cts -m CtsLibcoreJsr166TestCases
Test: cts -m CtsLibcoreOjTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Bug: 38331562
Bug: 31801320
Change-Id: I56d1945b565f568c699edc36881e502cab855ddf
|
|
Test: no tests needed, this branch is only for diffing against upstream
Change-Id: I0bfc36b8c07bf4698383ee28ab771907fc1fa7fc
|
|
The PBEKeySpec constructor doesn't allow an empty salt or iteration count,
and throws an exception if it sees one.
Bug: 38161557
Test: cts -m CtsLibcoreTestCases
(cherry picked from commit 65832e311cb5fda062d79599b149232b47294fea)
Change-Id: I69d05471af364f69793e83268c826d24ac82052e
Merged-In: I23fa5d10003637584f856738940f54bddb0657dc
Merged-In: I585d00f30e8848563d74d3f244f073d91d5db268
|
|
The PBEKeySpec constructor doesn't allow an empty salt or iteration count,
and throws an exception if it sees one.
Bug: 38161557
Test: cts -m CtsLibcoreTestCases
Change-Id: Ib03360275e3a820efddc8de472dd4044070fdaba
|
|
We have a patch in KeyAgreementSpi that changes the set of exceptions that
are caught from within Bouncy Castle from Exception to only
IllegalStateException.
This patch was introduced in the upgrade to BC 1.56, and there's no
explanation why it was introduced. Prior to that upgrade, upstream caught
no exceptions and we caught IllegalStateException. (See aosp/318406.)
This shouldn't cause any problems for users, as the set of exceptions that
is thrown by the internal key agreement class is an implementation detail
and InvalidKeyException and IllegalStateException are the only documented
exceptions thrown from KeyAgreement#doPhase() (which is the public API this
backs), so any other exception type would be unexpected anyway.
Bug: 36712087
Test: cts -m CtsLibcoreTestCases
Change-Id: Idb18fe0cf7bcf5a86e8805c362941528249aad2a
|
|
|
|
Bug: 29631070
Test: run cts -m CtsLibcoreTestCases
Change-Id: I649a89e8f7a6bf9b72da61114cb7c42510777140
|
|
There's no way to reach these files since they are package permissions
and nothing within the package references them.
Test: cts-tradefed run cts -m CtsLibcoreTestCases
Change-Id: I9d8ed1b2d58afb6ace617fe937dab42d6738b9ac
|
|
Merge remote-tracking branch 'aosp/upstream-master' into merge-to-156
Test: ran the following cts modules: CtsLibcoreFileIOTestCases CtsLibcoreJavaUtilCollectionsTestCases CtsLibcoreJsr166TestCases CtsLibcoreLegacy22TestCases CtsLibcoreOjTestCases CtsLibcoreOkHttpTestCases CtsLibcoreTestCases
Bug: 31076342
Change-Id: Iceb926dc5a312b2047bf19d1c82fb16e42bc1461
|
|
Test: no tests needed, this branch is for easy diffing against upstream
Change-Id: Ib75613e1211e7f02f225b9020ba31f2b45acc8d8
|
|
Java 8 allows to specify a PBE key using only the password (as opposed
to password + salt + iteration count) and generate the encryption key
later by specifying the rest of the parameters in an AlgorithmParameters
object.
Adding these AlgorithmParameters in BouncyCastle together with support
in ciphers.
Bug: 29631070
Test: run CtsLibcoreTestCases
Change-Id: I0edb36e51374e3e60d8beb10d6178a304f022520
|
|
Bug: 29631070
Test: run CtsLibcoreTestCases
Change-Id: I5fd344c1de7c687585bc65a582e468501ee9154d
|
|
different package"
|