| 491d88834d8af35b9701f92d972212d873dbb6a0 |
|
10-Oct-2017 |
Adam Vartanian <flooey@google.com> |
Deprecate BC implementations of duplicated algorithms
The first step in deprecating the BC implementations of algorithms that
are also provided by Conscrypt. This checks whether the app's target
API level is greater than a given threshold (currently O, but subject
to change later) and disallows access to those algorithms when true.
This limit only applies to requests from the system-created BC provider.
Apps can install their own provider, in which case they get the
implementations they requested.
This doesn't yet implement the deprecation for Cipher instances, since
the transformation scheme makes that more complicated.
The ultimate removal of these algorithms, once a sufficient deprecation
period has elapsed, is tracked in b/67761667.
Bug: 67626877
Test: cts -m CtsLibcoreTestCases
Test: cts -m CtsLibcoreOkHttpTestCases
Test: cts -m CtsLibcoreWycheproofBCTestCases
Test: cts -m CtsLibcoreWycheproofConscryptTestCases
Change-Id: I48f07226e66873a65859121af32028c1547952ac
|
| 4155a2498a57fb09e92815f8993a70c216ddc5ec |
|
02-Feb-2011 |
Brian Carlstrom <bdc@google.com> |
Performance improvements to NativeCrypto based MessageDigest API
NativeCrypto API improvements:
- Move to using EVP_MD related native methods, some of which are derived
from the EVP_MD_CTX versions with similar name. The new
EVP_get_digestbyname allows one time lookup of the EVP_MD from the
string name, avoiding doing it on every call to EVP_DigestInit.
- EVP_MD_CTX_create is now removed, it is just done as part of
EVP_DigestInit and EVP_VerifyInit to an extra JNI call.
- EVP_DigestFinal now destroys the EVP_MD_CTX to avoid needing to make
another call JNI call to EVP_MD_CTX_destroy. EVP_MD_CTX_destroy is
kept for cases when EVP_DigestFinal is never called.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/NativeCrypto.java
In addition to the improved NativeCrypto API to allow better
performance for callers, the implementations use of
throwExceptionIfNecessary was made conditional based on the status
code from various operations, which had a noticeable impact on
performance compared to android.security.MessageDigest
luni/src/main/native/NativeCrypto.cpp
Updated MessageDigest.getInstance default implementation to use new
NativeCrypto API. An EVP_MD instance is looked up at class load time
for a specific digest type and then used to call
NativeCrypto.EVP_DigestInit as needed, avoiding a lookup of EVP_MD for
each new digest. The EVP_MD is also for a one-time lookup the digest
output size in bytes, to avoid native calls for
engineGetDigestLength. Finally, the creation of the EVP_MD_CTX is now
lazy, only created when needed, avoiding unnecessarily create/free in
reset cases such as engineDigest. See also external/bouncycastle's
OpenSSLDigest implementation which had similar optimizations.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLMessageDigestJDK.java
OpenSSLSignature also used EVP_MD_CTX_create, and its EVP_VerifyInit
was changed similar to EVP_DigestInit to internally allocate the
EVP_MD_CTX on the call to init.
luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLSignature.java
Fix test to work with arbitrary provider order
luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java
Fix CloseGuard warnings
luni/src/test/java/tests/security/MessageDigestTest.java
Bug: 3392028
Change-Id: Idb266ebc0918ffd5550e0f457784256400cd2ff0
|
| f33eae7e84eb6d3b0f4e86b59605bb3de73009f3 |
|
13-May-2010 |
Elliott Hughes <enh@google.com> |
Remove all trailing whitespace from the dalvik team-maintained parts of libcore.
Gentlemen, you may now set your editors to "strip trailing whitespace"...
Change-Id: I85b2f6c80e5fbef1af6cab11789790b078c11b1b
|
| cec4dd4b1d33f78997603d0f89c0d0e56e64dbcd |
|
26-Apr-2010 |
Peter Hallam <peterhal@google.com> |
merge more modules into luni
|