| 6e736056d64d0e33b26cf9f7c4e351b496241fde |
|
26-Feb-2011 |
Brian Carlstrom <bdc@google.com> |
bouncycastle 1.46 upgrade
Change-Id: I01be307de0a79b3058215d76e67f39f77243a619
/external/bouncycastle/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
|
| 8e551503a8d09fb57fd4efe9a2aa0392e7ba56e9 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Fix PKCS12 and BKS KeyStore as well as SSL renegotiation
Summary:
- Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional
- KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior
- SSL Renegotiation fix for new implementation
Details:
external/bouncycastle
TwoFish added back for BKS KeyStore. Like RC2, it not supported as
a general cipher, but instead used internally for KeyStore
implementation.
src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java
bouncycastle.config
Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC,
PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support
PKCS12 and BKS KeyStore implementations (as determined by new
KeyStoreTest)
src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
src/main/java/org/bouncycastle/jce/provider/JCEMac.java
src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
Don't throw an error when deleting a non-existing KeyStore entry. The
RI documentation (and behavior) says it throws an error when it fails
to remove an entry, not when the entry does not exist.
src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore failfast on setting non-supported key,
instead of failing later on get.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Add more general avoidance of NullPointerExceptions on null aliases
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Added notes about changes improvements
patches/README
Regenerated patch with above changes
patches/android.patch
libcore
KeyStore improvements based on KeyStoreTest
- Fix UnrecoverableKeyException to be a subclass of
UnrecoverableEntryException, which was keeping the new
KeyStoreTest from compiling.
luni/src/main/java/java/security/UnrecoverableKeyException.java
- Fix to not convert UnrecoverableKeyException to KeyStoreException,
which was only being done because of the UnrecoverableKeyException
superclass bug.
luni/src/main/java/java/security/KeyStoreSpi.java
- Harmony KeyStore was being overly aggresive about throwing on null
alias arguments in cases where the RI was happy to pass them to the
KeyStoreSpi.
luni/src/main/java/java/security/KeyStore.java
- New test after PKCS12 regresion. It enumerates and excercises
all methods on all available KeyStore
implementations. Unfortunately, the main varieties of KeyStores
made this a lot more complicated than I was originally
expecting. It does clarifiy the differences between the RI and
BC KeyStore implementations, especially for PKCS12, where in
some ways the RI is more feature complete (setting key via
byte[]), but in other ways BC goes beyond some RI limitations
(allowing storage of certificates).
luni/src/test/java/java/security/KeyStoreTest.java
TestKeyStore improvements while writing KeyStoreTest
- Renamed "keyStorePassword" working usages to clarify if it really
means the "storePassword" on the whole KeyStore, or if it is a
"keyPassword" on individual keys.
- Moved TestKeyStore from javax.net.ssl to java.security
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/java/security/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Fixing up SSL renegotiation support. Now that we are not trying to
prevent renegotiation, make sure it is working correctly.
- Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of
re-requesting client certificate on renegotiation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
- Updated comments to reflect renegotiation. Bug fix to not clear
out callback reference on handshake complete, since we need it for
renegotiation.
luni/src/main/native/NativeCrypto.cpp
Updated for PKCS12 KeyStore support
support/src/test/java/java/security/StandardNames.java
Added javadoc when writint KeyStoreTest
luni/src/test/java/java/security/ProviderTest.java
frameworks/base
Tracking changes to UnrecoverableKeyException superclass
api/8.xml
api/current.xml
Change-Id: Idd09289b7ec510a2d981769e7bf077b101c26f88
/external/bouncycastle/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
|
| 10261d9785b26fbcfe273b7b8119907fda09a999 |
|
23-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Remove libcore's dependency on bouncycastle
external/bouncycastle
- Change to be the primary build for bouncycastle sources (as opposed to part of libcore)
- Moved OpenSSLMessageDigest from libcore to OpenSSLDigest
It uses NativeCrypto API from core, but implements a bouncycastle specific interface
- restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5
OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice
- enabled native versions of SHA-384 and SHA-512
- pruned MD4 implementation
frameworks/base
- frameworks and CoreTests modules now depend on bouncycastle
- update preloades classes for NativeBN package change
- moved CryptoTest to libcore
libcore
- core now builds without bouncycastle sources
- core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle
- removed libcore/openssl directory, moving NativeBN to java/math
- minor cleanup of Provider, Security, Services style while working on ProviderTest
- added new OpenSSLProvider registered as first provider to have
priority over the others to ensure our native implementations are used
- moved BouncyCastle to have priority as a provider over Harmony
- JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest
- Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider
- To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys
This is more efficient as well avoiding the base64 decode/encode of the binary data
- removed SHA-224 to match the RI
packages/apps/CertInstaller
- CertificateInstaller module now depends on bouncycastle
this is the only app to depend on bouncycastle
system/core
- updated BOOTCLASSPATH
Change-Id: I42ac63a1669b03d0243f9714c89312227e48241d
/external/bouncycastle/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
|
| c37f4a04ef89e73a39a59f3c5a179af8c8ab5974 |
|
21-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Upgrade bouncycastle from 1.34 to 1.45
This maintains the same set of provided algorithms as tested with
libcore's javax.security.PreparerTest. A further checkin will try to
bring the supported list in line with the RI.
Details:
Upgraded to JDK 1.6 version of 1.45 release
bouncycastle.version
First pass of triming unneeded files
bouncycastle.config
Compile with UTF-8 to avoid warnings
Android.mk
The updated patch
patches/android.patch
The rest of the files are generated from the release tar ball and the patch
./import_bouncycastle.sh import .../bcprov-jdk16-145.tar.gz
src/main/java/...
Change-Id: I1df5ad8a7161ec578415ae23f01c3b550e381927
/external/bouncycastle/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
|
| b61a96e7ef1a78acf013bbf08fe537e5b5f129ca |
|
26-Apr-2010 |
Peter Hallam <peterhal@google.com> |
merge more modules into luni
/external/bouncycastle/src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
|