| e6bf3e8dfa2804891a82075cb469b736321b4827 |
|
18-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
Make existing bouncycastle bcprov build on host and add host-only bcpkix build
- Move existing provider source to bcprov
- Added bcpkix host build to support built/tooks/signapk
sha1sum of sources:
- 10bfea344842fe8e065c80e399c93f8651dc87d8 bcprov-jdk15on-147.tar.gz
- 913828c7ae36e030508e97e07b3c213fb1db1e9c bcpkix-jdk15on-147.tar.gz
Bug: 7056297
Change-Id: Id4f957f300a39aa34b4c3c679b2312631d3f1639
/external/bouncycastle/patches/README
|
| 517da5b1cf8927b100e5e1d9df870854b09aa2ce |
|
14-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
BaseKeyFactorySpi should throw InvalidKeySpecException, not RuntimeExceptions
Change-Id: I54d724c11840444c08c2e584700245e41d6ef948
/external/bouncycastle/patches/README
|
| 4c111300c39cb2e27f07fc2ae3b00e23ed4443b2 |
|
05-Sep-2012 |
Brian Carlstrom <bdc@google.com> |
bouncycastle 1.47 upgrade
Change-Id: I601cc0dd434897d48c79abb67e9f833159135cce
/external/bouncycastle/patches/README
|
| ffa48740407cf1c2dc0e114da954130247f4149d |
|
27-Jul-2012 |
Geremy Condra <gcondra@google.com> |
Added patch to the README and android.patches.
(cherry picked from commit 089355c44e80af84267f0ab3e5369416bfd2d4cf)
Bug: http://code.google.com/p/android/issues/detail?id=35547
Change-Id: I58b9e8c258256194ab848c52a29fd270f8f9ad97
/external/bouncycastle/patches/README
|
| 6fe522ad2daa8168fe9345f32f7bfc677fa86fd2 |
|
01-Sep-2011 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of fd163e51 to master
Change-Id: I14f5d5b1f75c876dec7c74d8682a738e62d4352b
|
| 541e309823a8c4f7746c05cc670e192166217a3a |
|
31-Aug-2011 |
Brian Carlstrom <bdc@google.com> |
Add Chrome-style public key blacklist to CertPathValidator
Based on Chrome's CLs to blacklist the DigiNotar Root CA.
http://src.chromium.org/viewvc/chrome?view=rev&revision=98750
Bug: 5232736
(cherry picked from commit b44f0edcf5164b260a2c11207928984f2d84c079)
Change-Id: I15454c9ed676b59d8d001b0a18d68fb69e41d828
/external/bouncycastle/patches/README
|
| db9f6e2562dff550a3c62aeb7c96e72fc40d1a06 |
|
22-May-2011 |
Brian Carlstrom <bdc@google.com> |
Now that we aren't using BC's CertFactory for in memory CAs, revert alloc patches
Change-Id: I4b504b16c5c4f5ce0b066d7698fd2013994e4d7d
/external/bouncycastle/patches/README
|
| 092d153de4792ecfbdb28c6b4910a9e46ee848be |
|
24-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of 34c261b1 to dalvik-dev
Change-Id: I23286ba69075c22028b229f611364e293db22860
|
| 34c261b1a00029744cfb7de1a69dca4b3ffb51a1 |
|
24-Mar-2011 |
Brian Carlstrom <bdc@google.com> |
Add Chrome-style certificate blacklist to CertPathValidator
Based on Chrome's CLs to blacklist the malformed certificates from
Comodo's recent fraud incident.
http://src.chromium.org/viewvc/chrome?view=rev&revision=78478
http://src.chromium.org/viewvc/chrome?view=rev&revision=78748
http://src.chromium.org/viewvc/chrome?view=rev&revision=78869
Bug: 4165439
Change-Id: I51c79f1cb425b887d4fd11c5a33e230fee795668
/external/bouncycastle/patches/README
|
| 253ce5e6c172a18248469ffc62748a31c64e825c |
|
24-Feb-2011 |
Jesse Wilson <jessewilson@google.com> |
Log entry/exit into a troublesome slow method.
Change-Id: I6bde4b8b8c819f94052cf9bb948424747c3fd175
http://b/3474446
/external/bouncycastle/patches/README
|
| 75a8d848585487963c9cf5d5a65a947eceb37d77 |
|
24-Jan-2011 |
Brian Carlstrom <bdc@google.com> |
Add DSA support to JDKKeyManager.engineGetKeySpec
Bug: 3286592
Change-Id: Ic1f47baf791ea8c46b192731ec1b159a07ab5ff8
/external/bouncycastle/patches/README
|
| 60f1dce097d78928597a5d057577596162e825fd |
|
02-Nov-2010 |
Brian Carlstrom <bdc@google.com> |
CertPathValidator changes tracking libcore TrustManager improvements
Revert checks for TrustAnchors in the cert chain, which is not part of
PKIX behavior. This is now done as part of cleaning in the cert chain
in libcore's TrustManagerImpl.
patches/README
src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
src/main/java/org/bouncycastle/jce/provider/RFC3280CertPathUtilities.java
Preserve IndexedPKIXParameters in local to keep our O(1) indexed
lookup of TrustAnchors by X500Principal, instead of falling back to
O(n) lookup in the common case.
src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
Updated patch
patches/android.patch
Bug: 2530852
Change-Id: Iecb671797496c3bc6a4e1a22c848b28af4bc756e
/external/bouncycastle/patches/README
|
| 83ebf91dca9720cd1575bbb8f19fe976ab99f77c |
|
06-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
resolved conflicts for merge of 5faee297 to master
Change-Id: Ie91354430d7a81a1fe800e968bbcc959d43231a1
|
| 5faee297baafbc31667954a404d0451916ef5c59 |
|
04-Oct-2010 |
Brian Carlstrom <bdc@google.com> |
Adding SecretKeyFactory.PBKDF2WithHmacSHA1 support wrapper
Bug: 3059950
Change-Id: I9de5e0ebed773818aeeb6831d48db308b09a4246
/external/bouncycastle/patches/README
|
| b3a9a89b23849a25f69192e943c8ffa2cee7adf0 |
|
02-Sep-2010 |
Jesse Wilson <jessewilson@google.com> |
Make BouncyCastleProvider.PROVIDER_NAME final.
See http://b/issue?id=2099637
Change-Id: I503e34e565a401f0f8b263ef1971ab847d015926
/external/bouncycastle/patches/README
|
| 1db2c7981937d5dbd739d1b6dd0199b6f0dd1ed6 |
|
02-Sep-2010 |
Jesse Wilson <jessewilson@google.com> |
Fix a copy and paste error in EncryptedPrivateKeyInfo.
See bug 2100030.
Change-Id: I617d289a11b88d4e7251ef98d9ec28ae07243c38
/external/bouncycastle/patches/README
|
| 0d31ca0f54efe12f12049174bfa9403961654a92 |
|
20-Aug-2010 |
Brian Carlstrom <bdc@google.com> |
Remove RC5 references from bouncycastle
The RI doesn't include RC5 and we didn't either in the provider
definition, but I noticed we still had a few implementation support
classes so remove these unneeded files.
Also cleaned up a few RC2 mentions that are unneeded.
RC2 implementation does remain for PKCS12 support.
Change-Id: I4ef304e11a0cba677b3977c54a2afb2330ca5565
/external/bouncycastle/patches/README
|
| f7433bf801526ab2a93e1cadb7a25ded87f43ed4 |
|
21-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Restore BouncyCastle's RC4 implementation
Change-Id: I99c9d547039679b093bf6da15c6dcdede42d2570
/external/bouncycastle/patches/README
|
| 8e551503a8d09fb57fd4efe9a2aa0392e7ba56e9 |
|
13-Jul-2010 |
Brian Carlstrom <bdc@google.com> |
Fix PKCS12 and BKS KeyStore as well as SSL renegotiation
Summary:
- Added KeyStoreTest and fixed PKCS and BKS keystores to be fully functional
- KeyStore and KeyStoreImpl improvements in libcore and bouncycastle for more RI-like behavior
- SSL Renegotiation fix for new implementation
Details:
external/bouncycastle
TwoFish added back for BKS KeyStore. Like RC2, it not supported as
a general cipher, but instead used internally for KeyStore
implementation.
src/main/java/org/bouncycastle/crypto/engines/TwofishEngine.java
bouncycastle.config
Added back PBEWITHSHAANDTWOFISH, PBEWITHSHAANDTWOFISH-CBC,
PBEWITHSHA1ANDRC2-CBC, PBEWITHHMACSHA, PBEWITHHMACSHA1 to support
PKCS12 and BKS KeyStore implementations (as determined by new
KeyStoreTest)
src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
src/main/java/org/bouncycastle/jce/provider/JCEBlockCipher.java
src/main/java/org/bouncycastle/jce/provider/JCEMac.java
src/main/java/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
Don't throw an error when deleting a non-existing KeyStore entry. The
RI documentation (and behavior) says it throws an error when it fails
to remove an entry, not when the entry does not exist.
src/main/java/org/bouncycastle/jce/provider/JDKKeyStore.java
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Try to make BC's PKCS KeyStore have a more RI-like getCreationDate behavior
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore failfast on setting non-supported key,
instead of failing later on get.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Make BC's PKCS KeyStore handle setting a PrivateKey with an emtpy chain.
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Add more general avoidance of NullPointerExceptions on null aliases
src/main/java/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
Added notes about changes improvements
patches/README
Regenerated patch with above changes
patches/android.patch
libcore
KeyStore improvements based on KeyStoreTest
- Fix UnrecoverableKeyException to be a subclass of
UnrecoverableEntryException, which was keeping the new
KeyStoreTest from compiling.
luni/src/main/java/java/security/UnrecoverableKeyException.java
- Fix to not convert UnrecoverableKeyException to KeyStoreException,
which was only being done because of the UnrecoverableKeyException
superclass bug.
luni/src/main/java/java/security/KeyStoreSpi.java
- Harmony KeyStore was being overly aggresive about throwing on null
alias arguments in cases where the RI was happy to pass them to the
KeyStoreSpi.
luni/src/main/java/java/security/KeyStore.java
- New test after PKCS12 regresion. It enumerates and excercises
all methods on all available KeyStore
implementations. Unfortunately, the main varieties of KeyStores
made this a lot more complicated than I was originally
expecting. It does clarifiy the differences between the RI and
BC KeyStore implementations, especially for PKCS12, where in
some ways the RI is more feature complete (setting key via
byte[]), but in other ways BC goes beyond some RI limitations
(allowing storage of certificates).
luni/src/test/java/java/security/KeyStoreTest.java
TestKeyStore improvements while writing KeyStoreTest
- Renamed "keyStorePassword" working usages to clarify if it really
means the "storePassword" on the whole KeyStore, or if it is a
"keyPassword" on individual keys.
- Moved TestKeyStore from javax.net.ssl to java.security
luni/src/test/java/javax/net/ssl/SSLContextTest.java
luni/src/test/java/javax/net/ssl/SSLEngineTest.java
luni/src/test/java/javax/net/ssl/SSLSessionTest.java
luni/src/test/java/javax/net/ssl/SSLSocketTest.java
support/src/test/java/java/security/StandardNames.java
support/src/test/java/java/security/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestKeyStore.java
support/src/test/java/javax/net/ssl/TestSSLContext.java
Fixing up SSL renegotiation support. Now that we are not trying to
prevent renegotiation, make sure it is working correctly.
- Remove SSL_VERIFY_CLIENT_ONCE to take the default behavior of
re-requesting client certificate on renegotiation.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSocketImpl.java
- Updated comments to reflect renegotiation. Bug fix to not clear
out callback reference on handshake complete, since we need it for
renegotiation.
luni/src/main/native/NativeCrypto.cpp
Updated for PKCS12 KeyStore support
support/src/test/java/java/security/StandardNames.java
Added javadoc when writint KeyStoreTest
luni/src/test/java/java/security/ProviderTest.java
frameworks/base
Tracking changes to UnrecoverableKeyException superclass
api/8.xml
api/current.xml
Change-Id: Idd09289b7ec510a2d981769e7bf077b101c26f88
/external/bouncycastle/patches/README
|
| 10261d9785b26fbcfe273b7b8119907fda09a999 |
|
23-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Remove libcore's dependency on bouncycastle
external/bouncycastle
- Change to be the primary build for bouncycastle sources (as opposed to part of libcore)
- Moved OpenSSLMessageDigest from libcore to OpenSSLDigest
It uses NativeCrypto API from core, but implements a bouncycastle specific interface
- restored registration of bouncycastle MessageDigests for SHA-1, SHA-256, MD5
OpenSSLProvider versions take precedence, but explicit provider of "BC" allows choice
- enabled native versions of SHA-384 and SHA-512
- pruned MD4 implementation
frameworks/base
- frameworks and CoreTests modules now depend on bouncycastle
- update preloades classes for NativeBN package change
- moved CryptoTest to libcore
libcore
- core now builds without bouncycastle sources
- core-tests, core-tests-support, core-tests-supportlib now depend on bouncycastle
- removed libcore/openssl directory, moving NativeBN to java/math
- minor cleanup of Provider, Security, Services style while working on ProviderTest
- added new OpenSSLProvider registered as first provider to have
priority over the others to ensure our native implementations are used
- moved BouncyCastle to have priority as a provider over Harmony
- JarVerifier and JarUtils now implicitly use OpenSSLMessageDigest
- Cleanedup OpenSSLSignature, implementation needs to be finished to move to OpenSSLProvider
- To avoid using PEMWriter from BouncyCastle, NativeCrypto now takes binary encoded certs and keys
This is more efficient as well avoiding the base64 decode/encode of the binary data
- removed SHA-224 to match the RI
packages/apps/CertInstaller
- CertificateInstaller module now depends on bouncycastle
this is the only app to depend on bouncycastle
system/core
- updated BOOTCLASSPATH
Change-Id: I42ac63a1669b03d0243f9714c89312227e48241d
/external/bouncycastle/patches/README
|
| 7a6b43b187fb942402daa61e0b92496746f5bc1c |
|
21-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Aligning bouncycastle with RI supported algorithms
Change-Id: I81156564372ac60d009e62fa9f8ef0ff2239dda5
/external/bouncycastle/patches/README
|
| 8113f6dc3780916a5f7f2a681b1829e591bd1bcb |
|
18-Jun-2010 |
Brian Carlstrom <bdc@google.com> |
Move external/bouncycastle to be based of patches from upstream
No code change here intentionally.
Running
./import_bouncycastle.sh import .../bcprov-jdk15-134.tar.gz
gives us exactly what we had before.
This is based on how we mange external/openssl
Change-Id: I8485780557f5cc0aa857450d4c27b98c26535710
/external/bouncycastle/patches/README
|