Age | Commit message (Collapse) | Author |
|
Test: m
Bug: 70275132
Change-Id: I07d40c9235ca9532cec7e8b608863441be8ee2d0
|
|
I originally thought this was fine, but it could cause confusion
for developers encountering a PKCS#12 file using an unknown
algorithm. Instead, throw the original NoSuchAlgorithmException
from the BC Provider.
Bug: 230750823
Test: atest CtsLibcoreTestCases:tests.targets.security.KeyStorePkcs7FormatTest
Change-Id: I8a6d44d0e59bf0fb029ced4b8aa47908194bc161
|
|
Adds a private sub-Provider to BouncyCastleProvider which allows BC's
PKCS12 implementation to conintue using its own implementations of some
Macs and Ciphers which support PBES2.
These implementions are not exposed to apps and are only used
from BC internals.
Bug: 230750823
Test: atest
CtsLibcoreTestCases:tests.targets.security.KeyStorePkcs7FormatTest
Change-Id: Ic505d0259d16cdc66f9776e818efa20ed97aa32b
|
|
Test: atest CtsLibcoreOjTestCases:test.java.security.KeyStore.ProbeKeystores
Change-Id: I461a06b1edd53105e478ebb6a6fe3259219bca7f
|
|
android.keystore.cts.KeyStoreTest verifies that NPE is thrown on
null password. Android followed that behaviour historically, but
during upgrade to 1.68 upstream version was applied.
Bug: 179780002
Bug: 181339859
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I47c4d25ae3237e6580d5d1afcd731a87962028d0
|
|
BC 1.68 does not allow non-empty password for a keystore that does
not require one.
Upstream change: https://github.com/bcgit/bc-java/commit/a2e6598949ee83c8c23b98a372749ca378342706
Bug: 181188659
Bug: 179780002
Test: checked manually logcat for NPE entries on toggling WiFi ON/OFF
Change-Id: Ia9ee55dd99453af359babf4f23d0c5b8e4843878
|
|
There is a commented catch-block in BaseBlockCipher. We believe it was
added by mistake in
https://github.com/bcgit/bc-java/commit/8a7c4bbefd743b5f716aecbbc5001838576a2d6c.
For now we decided to skip it, but it needs follow-up with BC
maintainers.
Removed:
bcprov/src/main/java/org/bouncycastle/pqc
bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Zuc.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Blake2xsDigest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Haraka256Digest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/Haraka512Digest.java
bcprov/src/main/java/org/bouncycastle/crypto/digests/HarakaBase.java
crypto/modes/ChaCha20Poly1305.java
EthereumIESEngine.java
NHSecretKeyProcessor
OscpCache
ProvRevocationChecker
PKIXCertPathValidatorSpi_8
JournaledAlgorithm
jcajce/interfaces
bcpkix/mime/test
bcpkix/cms/test
Bug: 179780002
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I69c493f9355b3775567148d9b7b1e7f4a71d03cf
|
|
This change is simply deleting srcgen/core-platform-api.txt. All .java changes are autogenerated with srcgen/generate_android_src.sh
Bug: 154796679
Fixes: 119751549
Test: Treehugger
Change-Id: Ic61516e9dae2b11561298ad89172c2e779aec2f0
|
|
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to remove
from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: Ib56e3248adec7b29a52d4d2e755dfa2eab122bb1
|
|
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Test: atest CtsLibcoreTestCases:tests.com.android.org.bouncycastle.jce.provider.CertBlocklistTest
Change-Id: I22ba5a18182267d914cb4205128175518b7750cc
|
|
See https://source.android.com/setup/contribute/respectful-code for reference
Bug: 161896447
Test: m
Change-Id: I392c51975ad161eb8aabfff847edd339a20fea46
|
|
|
|
Manually identified and commented out all deprecated BC functionality,
with exception of KeyFactory.RSA, which is still used by verity.
Since this process is error prone, added complementing tests to verify that none
of the removed methods can actually retrieved from BouncyCastle security
provider.
Additionally, BouncyCastle has a shortcut for getting its own KeyFactory
implementations. Since some of them are removed, we
need to load other available implementations the standard way, i.e.
KeyFactory.getInstance().
Bug: 67761667
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I4db04367f7564a99e2fa34db535cc60063ddaf16
|
|
The only remaining user doesn't really need it.
Test: Treehugger
Bug: 154796679
Change-Id: Ia99d9c6aec0374ce388d43792acea14d8f23917e
|
|
Revert submission 1299358-remove_bc_algos
Reason for revert: broke higkey-userdebug
Bug: 155693016
Reverted Changes:
I98adb4d2f:Load default KeyFactory instead of BC's implementa...
I5256fe1c7:Remove deprecated BouncyCastle algorithms
I0437de742:Remove deprecated BouncyCastle algorithms
Ie9e0cfa02:Remove deprecated BouncyCastle algorithms
Change-Id: I28a9335361c8f30485ab2f47862ceebb79a456f5
|
|
Revert submission 1299358-remove_bc_algos
Reason for revert: broke higkey-userdebug
Bug: 155693016
Reverted Changes:
I98adb4d2f:Load default KeyFactory instead of BC's implementa...
I5256fe1c7:Remove deprecated BouncyCastle algorithms
I0437de742:Remove deprecated BouncyCastle algorithms
Ie9e0cfa02:Remove deprecated BouncyCastle algorithms
Change-Id: I477e84bd3009bfdcbc7207e744f590295dbda64b
|
|
|
|
BouncyCastle has a shortcut for getting its own KeyFactory implementations. Since some of them are removed, e.g. KeyFactory.RSA, we need to load other available implementations.In particular BKS KeyStore, that is only available in BouncyCastle, uses KeyFactory.RSA, so this Android modifications are necessary for the KeyStore to keep functioning.
Test: cts -m CtsLibcoreOkHttpTestCases
Bug: 67761667
Change-Id: I98adb4d2f475e8b600a44b655ade83cd94c1efbd
|
|
Manually identified and commented out all deprecated BC functionality.
Since this is error prone, added complementing tests to verify that none
of the removed methods can actually retrieved from BouncyCastle security
provider.
Bug: 67761667
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I0437de74282ed8e5c5cbd0e2adb9bce2f73382c4
|
|
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: Icb2e9e0aa267125a80de93678fec7b639e91d29a
|
|
EAP MSCHAPv2 requires the MD4 hash algorithm for peer authentication.
This commit provides the BouncyCastle MD4Digest implementation as
core-platform-api so the EAP library can use it.
Bug: 140928282
Test: Build succeeds. EAP using this, tests passing.
Change-Id: Ibf98930cd92298e79f355313f54cfeca98baee71
|
|
These are simple package-to-package mappings.
Test: treehugger
Bug: 130283485
Change-Id: I21ba9e9915ce9f258282009047ae49aef25809db
|
|
|
|
The core-platform-api.txt file contained "Sha1Digest" while the class
was named "SHA1Digest", so it wouldn't actually apply the appropriate
annotations.
Also, two of the resulting files had been manually edited to remove
whitespace. Return them to the autogenerated output to eliminate the
diff.
Test: Run srcgen, manual inspection of results
Change-Id: I64c57775b069720d01da565b245c0d0723686035
|
|
In Conscrypt, we're adding AES/GCM-SIV/NoPadding as a cipher, which is
a different cipher than AES/GCM/NoPadding. Bouncy Castle previously
treated any mode that started with "GCM" as being GCM, which now means
it will supply the (incorrectly functioning) GCM mode when GCM-SIV is
requested. Make the match more strict to keep that from happening.
We could consider doing the same for other modes that aren't defined
to take a block size suffix, like CCM and CTR, but for now we might as
well avoid too much diff from upstream.
Test: cts -m CtsLibcoreTestCases
Change-Id: I1430fd7678679b1ed23d9c511bc8a1211a7f8c91
|
|
Contains performance fixes to this class made between
BC version 1.61 (latest in AOSP) and 1.62 (latest public release)
in response to https://github.com/bcgit/bc-java/issues/484
Combines 3 BC commits which together apply cleanly to AOSP:-
https://github.com/bcgit/bc-java/commit/f72dd46
https://github.com/bcgit/bc-java/commit/522f6de
https://github.com/bcgit/bc-java/commit/a34ea0e
Does not contain the regression test added as part of those commits
as AOSP does not use or contain the relevant test framework.
Patch applies cleanly, and so should not cause any problems
when AOSP is updated to the rest of BC 1.62, or later.
Looking at the numbers logged by DHParametersHelper:-
$ adb logcat -d -e 'Generated safe primes'
07-01 15:57:09.417 3694 3726 I DHParametersHelper: Generated safe primes: 2248 tries took 896694ms
07-01 16:03:06.522 4518 4539 I DHParametersHelper: Generated safe primes: 922 tries took 346307ms
07-01 16:06:28.482 4832 4854 I DHParametersHelper: Generated safe primes: 507 tries took 191524ms
07-01 16:06:58.632 5082 5103 I DHParametersHelper: Generated safe primes: 50 tries took 19845ms
07-01 16:10:04.858 5273 5294 I DHParametersHelper: Generated safe primes: 433 tries took 176079ms
07-01 16:16:47.069 5519 5540 I DHParametersHelper: Generated safe primes: 953 tries took 391526ms
=> 5113 tries took 2021975ms, or 395ms per try.
From a taimen-eng build without the patch:-
07-01 13:41:55.800 14783 14804 I DHParametersHelper: Generated safe primes: 375 tries took 452465ms
07-01 13:57:51.450 15234 15255 I DHParametersHelper: Generated safe primes: 698 tries took 886154ms
07-01 14:13:59.091 15891 15912 I DHParametersHelper: Generated safe primes: 308 tries took 410750ms
07-01 14:33:30.084 16531 16552 I DHParametersHelper: Generated safe primes: 513 tries took 671493ms
=> 1894 tries took 2420862ms, or 1276ms per try.
Bug: 136447095
Test: atest CtsLibcoreTestCases
Change-Id: Iacd883187cc8249d287c8e5ef92ce7811d4cd540
|
|
The FIPS 186-2 PRF required by EAP-SIM and EAP-AKA (used in telephony)
require a hashing function extremely similar to SHA1, with the exception
of the padding bytes added. This commit exposes the BouncyCastle
SHA1Digest implementation as core-platform-api to allow platform
internals to implement FIPS 186-2 PRF without re-implementing SHA1.
Bug: 136175302
Test: Build succeeds, IKE using this, tests passing.
Change-Id: I2d61e2c331f3f80c8a1ebcb85209f9a49968ade5
|
|
This change adds methods and a field inadvertently missed in
http://r.android.com/954559
Bug: 129665886
Bug: 129440746
Test: m && flashall
Change-Id: Ia31cb34b09a6759da739b821deba7f0e82a57041
|
|
Bug: 129665886
Bug: 129440746
Test: m && flashall
Change-Id: Ia4b081f7f240ccc52177c1b7fea29cf48261da75
|
|
BC added an optimization for a BC-specific key generation params class
that ultimately causes Wycheproof's DhTest to fail. While I believe
it would be safe to include that optimization, in the interest of
being conservative, I'm going to disable it to maintain the behavior of
previous versions.
Bug: 124926190
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Change-Id: I6aa9945d1e0f55cc4789d35edd41cc47fe61a3d6
|
|
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Change-Id: Ifcd182a8537439b945aedf80741bd51cbce37e49
|
|
This fixed the warning that is being printed by metalava:
external/bouncycastle/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/ReasonsMask.java:69: warning: Replaced teh with the in the documentation for method com.android.org.bouncycastle.jce.provider.ReasonsMask.intersect(com.android.org.bouncycastle.jce.provider.ReasonsMask) [Typo]
This has been fixed upstream already in:
https://github.com/bcgit/bc-java/pull/454
Test: None
Change-Id: Ide5df1089f173d1e23e2bfa144a47ebb95b060ca
|
|
This is needed to provide consistency between bouncycastle and other
users of RepackagingTransform to allow them to switch to using a common
script.
The previous change to switch from jarjar to currysrc did not correctly
update the build exclusion of the repackaged version of
org/bouncycastle/asn1/ocsp which is not required on Android. That meant
it was incorrectly being included in the bouncycastle library. This
updates the build script to remove the repackaged versions of those
files altogether and removes the unnecessary build exclusion.
Tested by running the script and verifying that apart from the now
deleted files the repackaged files only differed by location and not
content.
Bug: 117818301
Test: see above
Change-Id: I88eef5583071156c277ac82bb89ec76a91603df9
|