Age | Commit message (Collapse) | Author |
|
This fix from upstream fixes a problem where the number of iterations
used to confirm that a number is prime was based off the length of the
key rather than the length of the factors p and q. Fewer iterations
are called for for a longer number, so this resulted in a
lower-than-expected confidence in the primality of the key factors.
This only affects apps that use RSAKeyPairGenerator directly (which is
not a public API), rather than those that use
java.security.KeyPairGenerator.
Upstream commits:
https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
Bug: 79148652
Test: make
Change-Id: I759a226afc9dbd948611eed99ad89ab7f59b09f8
(cherry picked from commit 91719e3c1be2eb206a50a49a5d172884d65eba1c)
|
|
Merge remote-tracking branch 'aosp/upstream-master' into merge-157
Notable changes or modifications beyond a simple merge:
* Omitted a lot of new code that's unnecessary for us
* Commented out new algorithm support, mostly ARIA and GM
* Default DSA key size returned to 1024
* Restored org.bouncycastle.asn1.pkcs.Attribute, it was removed
previously but modifications to code we use need it
This change integrates a change from Bouncy Castle that increases the
default key size for DH from 1024 to 2048, which seems like a good
idea because 1024-bit keys are at the end of acceptable security at this
point. This shouldn't be a problem for apps, because this only affects
the default (so anyone who cares can specify a key size) and only
affects creating new keys.
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreFileIOTestCases
Test: cts -m CtsLibcoreJsr166TestCases
Test: cts -m CtsLibcoreOjTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Bug: 38331562
Bug: 31801320
Change-Id: I56d1945b565f568c699edc36881e502cab855ddf
|
|
Test: no tests needed, this branch is only for diffing against upstream
Change-Id: I0bfc36b8c07bf4698383ee28ab771907fc1fa7fc
|
|
The PBEKeySpec constructor doesn't allow an empty salt or iteration count,
and throws an exception if it sees one.
Bug: 38161557
Test: cts -m CtsLibcoreTestCases
Change-Id: Ib03360275e3a820efddc8de472dd4044070fdaba
|
|
We have a patch in KeyAgreementSpi that changes the set of exceptions that
are caught from within Bouncy Castle from Exception to only
IllegalStateException.
This patch was introduced in the upgrade to BC 1.56, and there's no
explanation why it was introduced. Prior to that upgrade, upstream caught
no exceptions and we caught IllegalStateException. (See aosp/318406.)
This shouldn't cause any problems for users, as the set of exceptions that
is thrown by the internal key agreement class is an implementation detail
and InvalidKeyException and IllegalStateException are the only documented
exceptions thrown from KeyAgreement#doPhase() (which is the public API this
backs), so any other exception type would be unexpected anyway.
Bug: 36712087
Test: cts -m CtsLibcoreTestCases
Change-Id: Idb18fe0cf7bcf5a86e8805c362941528249aad2a
|
|
|
|
Bug: 29631070
Test: run cts -m CtsLibcoreTestCases
Change-Id: I649a89e8f7a6bf9b72da61114cb7c42510777140
|
|
There's no way to reach these files since they are package permissions
and nothing within the package references them.
Test: cts-tradefed run cts -m CtsLibcoreTestCases
Change-Id: I9d8ed1b2d58afb6ace617fe937dab42d6738b9ac
|
|
Merge remote-tracking branch 'aosp/upstream-master' into merge-to-156
Test: ran the following cts modules: CtsLibcoreFileIOTestCases CtsLibcoreJavaUtilCollectionsTestCases CtsLibcoreJsr166TestCases CtsLibcoreLegacy22TestCases CtsLibcoreOjTestCases CtsLibcoreOkHttpTestCases CtsLibcoreTestCases
Bug: 31076342
Change-Id: Iceb926dc5a312b2047bf19d1c82fb16e42bc1461
|
|
Test: no tests needed, this branch is for easy diffing against upstream
Change-Id: Ib75613e1211e7f02f225b9020ba31f2b45acc8d8
|
|
Java 8 allows to specify a PBE key using only the password (as opposed
to password + salt + iteration count) and generate the encryption key
later by specifying the rest of the parameters in an AlgorithmParameters
object.
Adding these AlgorithmParameters in BouncyCastle together with support
in ciphers.
Bug: 29631070
Test: run CtsLibcoreTestCases
Change-Id: I0edb36e51374e3e60d8beb10d6178a304f022520
|
|
Bug: 29631070
Test: run CtsLibcoreTestCases
Change-Id: I5fd344c1de7c687585bc65a582e468501ee9154d
|
|
different package"
|
|
Use org.bouncycastle.jcajce.provider.asymmetric.x509.X509CertificateObject
instead of org.bouncycastle.jce.provider.X509CertificateObject.
These classes serve the same purpose, the latter is kept by BouncyCastle
only in case developers have serialized instances. The former is better as
it uses the more up-to-date hash equivalent to that of Java 8.
In Java 8, the hash code in the abstract class Certificate was changed.
This led TrustedCertificateStore#testMultipleIssuers to fail as it uses
HashSets for comparison and org.bouncycastle.jce.provider.X509CertificateObject
was still using the old definition (while conscrypt generated ones use the
ones in the abstract class). After this commit the certificate generator
uses a more up-to-date version of the class, in which the hash coincides
with the one in Java 8 and the test now passes and everything's great.
Bug: 31287348
Test: old-cts run cts --class com.android.org.conscrypt.TrustedCertificateStoreTest
Change-Id: I4e373380f8a3e669cfcdf8ce7386f58e559c0c16
|
|
This reverts commit 4d0e19131da68053fe1a73d43052bedadb107c70
(cherry picked from commit 48c093f131532fc163625304c60d0a8d07689327)
Bug: 26231099
Bug: 26234568
Bug: 29876633
Change-Id: I7d194de82506cf3da4dbb0b2cc67b72f3623abe7
|
|
Using the default locale can result in bad behaviour, for example
when the locales numberformat doesn't use arabic numerals.
bug: 28384942
Change-Id: I4e240d9710c0427d809410df3a762c80125a821c
|
|
This reverts commit 7ddf37c01b68ff9d2de3a9dcb637d2b962b442ef.
Not needed anymore because of:
d4fa9f4ddc1c1f193b623c8da80384b4c510a1b4
Bug: 27265238
Bug: 28108158
Bug: 28174137
Change-Id: Icce1fd747459f07fbe5a4991897083315f78153d
|
|
nyc-dev
|
|
Bug: 20447540
Bug: 26929227
Change-Id: I390fb8f70aa5ce982e54cdc7068d47af2c5f7a0a
|
|
For android, it's already hardcoded in System.java
It was trying to use
System.getProperty("line.separator");
causing the class not to be compile-time initializable, causing
performance problems, see bug.
Bug: 28108158
Change-Id: I2a2549ce477d94e95e8239d97307eaaf50c05d6b
|
|
|
|
|
|
Also, for such keys, do not create a random IV nor throw an exception
when decrypting, just assume the IV is 0.
Bug: 27224566
Bug: 27994930
Bug: 27995180
Change-Id: I4d8dd44e7390199fc60797f9bd2c56174d8dfcba
|
|
This is a follow-up to 867b6e16a13ab7a83cdf9b6f83249ccbf80b552c
which modified JCA DSA Signature implementation to reject keys
which don't use sensible parameters. Unfortunately, that commit was
too strict and rejected keys not just when signing, but also when
verifying.
For backwards compatibility reasons this commit removes the checks
from signature verification logic. Keys that don't use sensible
parameters are still rejected during attempts to produce new
signatures.
Bug: 24082558
Bug: 27947262
Change-Id: I2e1f76dc56c15c25000b70063428d460854e7b57
|
|
Testing OCSP support needs some ASN.1 creation utilities. Bouncycastle
has them, but we don't want to bloat up the built-in libraries. Add some
new targets that will allow us to enable OCSP testing in the core-tests
module without spreading it elsewhere.
(cherry picked from commit 4eb438010b8024cfa97cdad1906a8e6963a16f5b)
Bug: 27812109
Change-Id: I4a75fc0d5186c70a764baa751ceab75d1a44539d
|
|
nyc-dev
|
|
Seems the right thing to do, there's nothing else to check
(cherry picked from commit 352a2b5ce27f9b73d9a1a920eb7223e7c0b6c730)
Bug: 27063703
Change-Id: I51c961feae9bf99ee961d5a80d3db83d6177ad48
|
|
|
|
Fix was now agreed with BC maintainer
(cherry picked from commit c50bf623dd894b82d48379baacb8b74de52a9087)
Bug: 27061541
Change-Id: Idac385bc5101d1b744b70ee4a1d26682df348003
|
|
present" into nyc-dev
|
|
(cherry picked from commit 74e960449ba0a4633c2164d9b7708dcfb558030d)
Bug: 27269590
Change-Id: Ief933e31875aec69cb96c1691a9a6480e6719dac
|
|
Bug: 27224566
Change-Id: I41ffba9a23770c1c0deea6969c0a4d8c551d8ab3
|
|
Since the digest specified was a NullDigest, its effective length during
initialization is 0 bytes, so there is no way to tell if the key
strength is appropriate at that time.
Bug: 21630204
Bug: 27247313
Change-Id: I0f60ac5d62ae54119fd432cf828a2282418e8f39
|
|
bc2920a011
am: abff585398
* commit 'abff585398e17ca95561cb7e0612f865077d9c01':
GCMParameters: fix insecure tag size
|
|
am: bc2920a011
* commit 'bc2920a01178e113adae55c9c49883395a554448':
GCMParameters: fix insecure tag size
|
|
am: 9ca2dfa49b
* commit '9ca2dfa49bd6ea3a9731d1349fe0191e018bf909':
GCMParameters: fix insecure tag size
|
|
am: 4d0e19131d
* commit '4d0e19131da68053fe1a73d43052bedadb107c70':
GCMParameters: fix insecure tag size
|
|
Note: port of cr/110497945
Bug: 26231099
Bug: 26234568
Change-Id: I3eef233b15ded9553c3cdfd1c51ffef306276f7d
|
|
Merge remote-tracking branch 'aosp/upstream-master'
(cherry picked from commit 4a2d5c40ffefaaa02c656a091f33fecdf8592607)
Change-Id: Icd734732677bc8ed04d8cd78bbb686efa152ed58
|
|
Adding missing files
Change-Id: Ife77e8b1df7ec05555b29fb48a984f4c0da2e562
|
|
Change-Id: I3958e32dd005cfb37985a6f13e2464a872290658
|
|
Diff after this chnage shows no difference with respect to
99cbec7970df89800c3592544c47fbd19430b764
(last commit before merging from bouncycastle upstream).
Change-Id: I58f35ee4fa01e3a78305c5ebba9b8d125b49a838
|
|
am: 4c951c2970
* commit '4c951c2970bbfcf318d58cde213ccbee935545a9':
Restoring the contents of aosp after
|
|
Change-Id: I98b0db452ed915b9589dbc7164ea4800eadb9d1e
|
|
am: 3e75bd6b40
* commit '3e75bd6b407dd472c834a50f16aae54cca67ea9c':
Restoring the contents of aosp after
|
|
merge-152-from-upstream"
am: 9218edabd1
* commit '9218edabd1ef9852bc2f13115dcadc81b442dd6c':
Update elements in android tree as in aosp and goog ToT
bouncycastle: Android tree with upstream code for version 1.52
Update elements in android tree as in mnc-dev
bouncycastle: Android tree with upstream code for version 1.50
Update elements in android tree as in lmp-dev
bouncycastle: Android tree with upstream code for version 1.49
|
|
https://android-review.git.corp.google.com/#/c/199871
git diff 9b30eb05e5be69d51881a0d1b31e503e97acd784
(ToT before submitting the patch above)
doesn't show any differences
Change-Id: I9f424a67094839f1893a23cd46ec7d6f0992ac26
|
|
As to set a common ancestor for future merges from aosp/upstream-master
(when updating to new versions of bouncycastle).
We'll override all the changes of this commit with patch
https://android-review.googlesource.com/#/c/199872
Change-Id: I53a7f797b520a6e119878dbae53246cdcc585ddf
|
|
Android tree as of
1af9aad12fedf1d93333e19f5ed0ab86f1cc4e2a
Change-Id: I714fa0954a5d000cd88d1fb78b0b7fe28246d404
|
|
Android tree as of c0d8909a6c6a4ac075a9dee7ac1fe6baff34acc0
Change-Id: I8d381554d6edec32aae8ff5bab5d5314f0954440
|