e6bf3e8dfa2804891a82075cb469b736321b4827 |
|
18-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Make existing bouncycastle bcprov build on host and add host-only bcpkix build - Move existing provider source to bcprov - Added bcpkix host build to support built/tooks/signapk sha1sum of sources: - 10bfea344842fe8e065c80e399c93f8651dc87d8 bcprov-jdk15on-147.tar.gz - 913828c7ae36e030508e97e07b3c213fb1db1e9c bcpkix-jdk15on-147.tar.gz Bug: 7056297 Change-Id: Id4f957f300a39aa34b4c3c679b2312631d3f1639
/external/bouncycastle/patches/README
|
517da5b1cf8927b100e5e1d9df870854b09aa2ce |
|
14-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
BaseKeyFactorySpi should throw InvalidKeySpecException, not RuntimeExceptions Change-Id: I54d724c11840444c08c2e584700245e41d6ef948
/external/bouncycastle/patches/README
|
4c111300c39cb2e27f07fc2ae3b00e23ed4443b2 |
|
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
bouncycastle 1.47 upgrade Change-Id: I601cc0dd434897d48c79abb67e9f833159135cce
/external/bouncycastle/patches/README
|
ffa48740407cf1c2dc0e114da954130247f4149d |
|
27-Jul-2012 |
Geremy Condra <gcondra@google.com> |
Added patch to the README and android.patches. (cherry picked from commit 089355c44e80af84267f0ab3e5369416bfd2d4cf) Bug: http://code.google.com/p/android/issues/detail?id=35547 Change-Id: I58b9e8c258256194ab848c52a29fd270f8f9ad97
/external/bouncycastle/patches/README
|
6fe522ad2daa8168fe9345f32f7bfc677fa86fd2 |
|
01-Sep-2011 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of fd163e51 to master Change-Id: I14f5d5b1f75c876dec7c74d8682a738e62d4352b
|
541e309823a8c4f7746c05cc670e192166217a3a |
|
31-Aug-2011 |
Brian Carlstrom <bdc@google.com> |
Add Chrome-style public key blacklist to CertPathValidator Based on Chrome's CLs to blacklist the DigiNotar Root CA. http://src.chromium.org/viewvc/chrome?view=rev&revision=98750 Bug: 5232736 (cherry picked from commit b44f0edcf5164b260a2c11207928984f2d84c079) Change-Id: I15454c9ed676b59d8d001b0a18d68fb69e41d828
/external/bouncycastle/patches/README
|
db9f6e2562dff550a3c62aeb7c96e72fc40d1a06 |
|
22-May-2011 |
Brian Carlstrom <bdc@google.com> |
Now that we aren't using BC's CertFactory for in memory CAs, revert alloc patches Change-Id: I4b504b16c5c4f5ce0b066d7698fd2013994e4d7d
/external/bouncycastle/patches/README
|
092d153de4792ecfbdb28c6b4910a9e46ee848be |
|
24-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of 34c261b1 to dalvik-dev Change-Id: I23286ba69075c22028b229f611364e293db22860
|
34c261b1a00029744cfb7de1a69dca4b3ffb51a1 |
|
24-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
Add Chrome-style certificate blacklist to CertPathValidator Based on Chrome's CLs to blacklist the malformed certificates from Comodo's recent fraud incident. http://src.chromium.org/viewvc/chrome?view=rev&revision=78478 http://src.chromium.org/viewvc/chrome?view=rev&revision=78748 http://src.chromium.org/viewvc/chrome?view=rev&revision=78869 Bug: 4165439 Change-Id: I51c79f1cb425b887d4fd11c5a33e230fee795668
/external/bouncycastle/patches/README
|
253ce5e6c172a18248469ffc62748a31c64e825c |
|
24-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Log entry/exit into a troublesome slow method. Change-Id: I6bde4b8b8c819f94052cf9bb948424747c3fd175 http://b/3474446
/external/bouncycastle/patches/README
|
75a8d848585487963c9cf5d5a65a947eceb37d77 |
|
24-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Add DSA support to JDKKeyManager.engineGetKeySpec Bug: 3286592 Change-Id: Ic1f47baf791ea8c46b192731ec1b159a07ab5ff8
/external/bouncycastle/patches/README
|
60f1dce097d78928597a5d057577596162e825fd |
|
02-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
CertPathValidator changes tracking libcore TrustManager improvements Revert checks for TrustAnchors in the cert chain, which is not part of PKIX behavior. This is now done as part of cleaning in the cert chain in libcore's TrustManagerImpl. patches/README src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java Preserve IndexedPKIXParameters in local to keep our O(1) indexed lookup of TrustAnchors by X500Principal, instead of falling back to O(n) lookup in the common case. src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java Updated patch patches/android.patch Bug: 2530852 Change-Id: Iecb671797496c3bc6a4e1a22c848b28af4bc756e
/external/bouncycastle/patches/README
|
83ebf91dca9720cd1575bbb8f19fe976ab99f77c |
|
06-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of 5faee297 to master Change-Id: Ie91354430d7a81a1fe800e968bbcc959d43231a1
|
5faee297baafbc31667954a404d0451916ef5c59 |
|
04-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Adding SecretKeyFactory.PBKDF2WithHmacSHA1 support wrapper Bug: 3059950 Change-Id: I9de5e0ebed773818aeeb6831d48db308b09a4246
/external/bouncycastle/patches/README
|
b3a9a89b23849a25f69192e943c8ffa2cee7adf0 |
|
02-Sep-2010 |
Jesse Wilson <jessewilson@google.com> |
Make BouncyCastleProvider.PROVIDER_NAME final. See http://b/issue?id=2099637 Change-Id: I503e34e565a401f0f8b263ef1971ab847d015926
/external/bouncycastle/patches/README
|
1db2c7981937d5dbd739d1b6dd0199b6f0dd1ed6 |
|
02-Sep-2010 |
Jesse Wilson <jessewilson@google.com> |
Fix a copy and paste error in EncryptedPrivateKeyInfo. See bug 2100030. Change-Id: I617d289a11b88d4e7251ef98d9ec28ae07243c38
/external/bouncycastle/patches/README
|
0d31ca0f54efe12f12049174bfa9403961654a92 |
|
20-Aug-2010 |
Brian Carlstrom <bdc@google.com> |
Remove RC5 references from bouncycastle The RI doesn't include RC5 and we didn't either in the provider definition, but I noticed we still had a few implementation support classes so remove these unneeded files. Also cleaned up a few RC2 mentions that are unneeded. RC2 implementation does remain for PKCS12 support. Change-Id: I4ef304e11a0cba677b3977c54a2afb2330ca5565
/external/bouncycastle/patches/README
|
f7433bf801526ab2a93e1cadb7a25ded87f43ed4 |
|
21-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Restore BouncyCastle's RC4 implementation Change-Id: I99c9d547039679b093bf6da15c6dcdede42d2570
/external/bouncycastle/patches/README
|
8e551503a8d09fb57fd4efe9a2aa0392e7ba56e9 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Fix PKCS12 and BKS KeyStore as well as SSL renegotiation Summary: - Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional - KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior - SSL Renegotiation fix for new implementation Details: external/bouncycastle TwoFish added back for BKS KeyStore. Like RC2, it not supported as a general cipher, but instead used internally for KeyStore implementation. src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java bouncycastle.config Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC, PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support PKCS12 and BKS KeyStore implementations (as determined by new KeyStoreTest) src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java src/main/java/org/bouncycastle/jce/provider/JCEMac.java src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java Don't throw an error when deleting a non-existing KeyStore entry. The RI documentation (and behavior) says it throws an error when it fails to remove an entry, not when the entry does not exist. src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore failfast on setting non-supported key, instead of failing later on get. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain. src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Add more general avoidance of NullPointerExceptions on null aliases src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java Added notes about changes improvements patches/README Regenerated patch with above changes patches/android.patch libcore KeyStore improvements based on KeyStoreTest - Fix UnrecoverableKeyException to be a subclass of UnrecoverableEntryException, which was keeping the new KeyStoreTest from compiling. luni/src/main/java/java/security/UnrecoverableKeyException.java - Fix to not convert UnrecoverableKeyException to KeyStoreException, which was only being done because of the UnrecoverableKeyException superclass bug. luni/src/main/java/java/security/KeyStoreSpi.java - Harmony KeyStore was being overly aggresive about throwing on null alias arguments in cases where the RI was happy to pass them to the KeyStoreSpi. luni/src/main/java/java/security/KeyStore.java - New test after PKCS12 regresion. It enumerates and excercises all methods on all available KeyStore implementations. Unfortunately, the main varieties of KeyStores made this a lot more complicated than I was originally expecting. It does clarifiy the differences between the RI and BC KeyStore implementations, especially for PKCS12, where in some ways the RI is more feature complete (setting key via byte[]), but in other ways BC goes beyond some RI limitations (allowing storage of certificates). luni/src/test/java/java/security/KeyStoreTest.java TestKeyStore improvements while writing KeyStoreTest - Renamed "keyStorePassword" working usages to clarify if it really means the "storePassword" on the whole KeyStore, or if it is a "keyPassword" on individual keys. - Moved TestKeyStore from javax.net.ssl to java.security luni/src/test/java/javax/net/ssl/SSLContextTest.java luni/src/test/java/javax/net/ssl/SSLEngineTest.java luni/src/test/java/javax/net/ssl/SSLSessionTest.java luni/src/test/java/javax/net/ssl/SSLSocketTest.java support/src/test/java/java/security/StandardNames.java support/src/test/java/java/security/TestKeyStore.java support/src/test/java/javax/net/ssl/TestKeyStore.java support/src/test/java/javax/net/ssl/TestSSLContext.java Fixing up SSL renegotiation support. Now that we are not trying to prevent renegotiation, make sure it is working correctly. - Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of re-requesting client certificate on renegotiation. luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java - Updated comments to reflect renegotiation. Bug fix to not clear out callback reference on handshake complete, since we need it for renegotiation. luni/src/main/native/NativeCrypto.cpp Updated for PKCS12 KeyStore support support/src/test/java/java/security/StandardNames.java Added javadoc when writint KeyStoreTest luni/src/test/java/java/security/ProviderTest.java frameworks/base Tracking changes to UnrecoverableKeyException superclass api/8.xml api/current.xml Change-Id: Idd09289b7ec510a2d981769e7bf077b101c26f88
/external/bouncycastle/patches/README
|
10261d9785b26fbcfe273b7b8119907fda09a999 |
|
23-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Remove libcore's dependency on bouncycastle external/bouncycastle - Change to be the primary build for bouncycastle sources (as opposed to part of libcore) - Moved OpenSSLMessageDigest from libcore to OpenSSLDigest It uses NativeCrypto API from core, but implements a bouncycastle specific interface - restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5 OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice - enabled native versions of SHA-384 and SHA-512 - pruned MD4 implementation frameworks/base - frameworks and CoreTests modules now depend on bouncycastle - update preloades classes for NativeBN package change - moved CryptoTest to libcore libcore - core now builds without bouncycastle sources - core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle - removed libcore/openssl directory, moving NativeBN to java/math - minor cleanup of Provider, Security, Services style while working on ProviderTest - added new OpenSSLProvider registered as first provider to have priority over the others to ensure our native implementations are used - moved BouncyCastle to have priority as a provider over Harmony - JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest - Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider - To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys This is more efficient as well avoiding the base64 decode/encode of the binary data - removed SHA-224 to match the RI packages/apps/CertInstaller - CertificateInstaller module now depends on bouncycastle this is the only app to depend on bouncycastle system/core - updated BOOTCLASSPATH Change-Id: I42ac63a1669b03d0243f9714c89312227e48241d
/external/bouncycastle/patches/README
|
7a6b43b187fb942402daa61e0b92496746f5bc1c |
|
21-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Aligning bouncycastle with RI supported algorithms Change-Id: I81156564372ac60d009e62fa9f8ef0ff2239dda5
/external/bouncycastle/patches/README
|
8113f6dc3780916a5f7f2a681b1829e591bd1bcb |
|
18-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Move external/bouncycastle to be based of patches from upstream No code change here intentionally. Running ./import_bouncycastle.sh import .../bcprov-jdk15-134.tar.gz gives us exactly what we had before. This is based on how we mange external/openssl Change-Id: I8485780557f5cc0aa857450d4c27b98c26535710
/external/bouncycastle/patches/README
|