summaryrefslogtreecommitdiffstats
path: root/patches
Commit message (Collapse)AuthorAgeFilesLines
* DO NOT MERGE bouncycastle: limit input length as specified by the NIST specSergio Giro2015-12-011-6/+84
| | | | | | | | Bug: 24106146 Adapted from commit 9462245630b2913830b63310aa0d40a0901ccae5 Change-Id: Ic3cb8d87ac86700cab15c553e9cc638b55d92df4
* GCM: fix mode and padding setKenny Root2015-07-231-11/+30
| | | | | | | | | | | | Since "GCM" was renamed to "AES/GCM/NoPadding" to correspond to the StandardNames document, the mode and padding weren't being set via the Cipher#init call since it assumed the CipherSpi already knew its mode and padding. (cherry picked from commit 65581d2bbf27de395c221f5f7f4fd93cbab091ff) Bug: 22611918 Change-Id: Ib85438a1c95ffda526dbbac8793b04ff02d40fcc
* Do not blacklist serial numbers that are too shortKenny Root2015-06-101-7/+12
| | | | | | | | | | | Baseline Requirements say the serial number must have 20-bits of entropy, but some certificates are issued not in compliance. This causes issues where they are falsely marked as blacklisted. Until there is issuer + serial number matching, we can just use the pubkey matching for the certificates that are blacklisted with non-compliant serial numbers. Bug: 21736046 Change-Id: I66b1e94f2c67ddd3b6fe690331f8fb12e16a8bc0
* Register DSA OID for KeyFactory not just SignatureKenny Root2015-06-011-16/+32
| | | | | | | | | | | | | | X.509 certificates made with DSA signatures have the X9 DSA with SHA1 OID typically, so we need Bouncycastle to register this OID as an alias for the DSA KeyFactory. We also need to remove a manual OID alias added for Signatures which probably indicates how this slipped through the cracks. (cherry picked from commit 75fc34101f063fe3534de7340beb13c87786e6e1) Bug: 21209493 Change-Id: I12a88ead61c626343d96a9c335bdf40e615894bd
* Revert "Register DSAwithSHA1 OID for KeyFactory"Kenny Root2015-06-011-14/+1
| | | | | | This reverts commit f2ca73c07d072282905ed43d2b866278caabe12f. Change-Id: If6c261b71521f79582ca0a742a1aa02be31c70fe
* Register DSAwithSHA1 OID for KeyFactoryKenny Root2015-06-011-1/+14
| | | | | | | | | | | X.509 certificates made with DSA signatures have the X9 DSA with SHA1 OID typically, so we need Bouncycastle to register this OID as an alias for the DSA KeyFactory. (cherry picked from commit 36995a1668ccfc521253ffae6f705d0af028ca3e) Bug: 21209493 Change-Id: I1c2fe6d7f638974ab54589bf757e66ff452ad395
* Set default EC key size to 256-bitsKenny Root2015-05-131-4/+15
| | | | | | | | | | | | | NIST SP800 131A recommends 112-bits as the lowest security level acceptable after December 31, 2013. Although the 239-bit EC group meets that bar, the P-256, P-384, and P-521 are the more widely supported options. Change the default to increase interoperability while maintaining the security level recommended. (cherry picked from commit c5a7ff00b9c78ce5e15de5b99dc78a7e8c83ecd3) Bug: 21085656 Change-Id: Idb71fdc801bafc5ad38f0b87dc3847f48854563f
* Change default GCM name to AES/GCM/NOPADDINGKenny Root2015-05-131-9/+16
| | | | | | | | | | This matches the RI and doesn't get late binding confused when you call Cipher.getInstance (cherry picked from commit 4046cd0249e7ffa820dcd4318f4e81f737d8634c) Bug: 21085702 Change-Id: I8f69e7b342fde4881f20e103240f0b289322ef4e
* Change Bouncycastle default AES key size to 128Kenny Root2015-05-131-6/+17
| | | | | | | | | | The default of 192 bit keys was the worst of all choices. 128-bit runs faster on mobile devices. (cherry picked from commit ac2a5751dc9578b1f2a8d99906e435993d36c8d6) Bug: 21085656 Change-Id: Ie4d15ea35e46a157f8c0d43a91e699135e2c58d1
* bouncycastle: throw exception in failure expecting PKIX parametersSergio Giro2015-05-061-4/+24
| | | | | | | | bug: 20545284 (cherry picked from commit fa0ac9cf9f44a17bb77070574674f2ef0ecc3498) Change-Id: Ie640314c35a5a98fac32e15144eaf776e4f861cb
* bouncycastle: upgrade to version 1.52Sergio Giro2015-04-202-902/+978
| | | | Change-Id: I227db8e458e67af46ccb1c07bfca77a733f25979
* Avoid things that cause CertBlacklist to be preinitializedKenny Root2014-10-171-15/+17
| | | | | | | | | Move the CertBlacklist instance to a NoPreloadHolder, then move the System.getenv call in CertBlacklist to a constructor so it's not called during class initialization. Bug: 18013422 Change-Id: I39d0f43f948dec243d2d7cb79726d0642638b77a
* Upgrade to 1.51Kenny Root2014-08-062-628/+991
| | | | | | | | f98b02ab394044a3c237d2c7a2ee5ef65793e8e9 bcpkix-jdk15on-151.tar.gz 95e59ad2492598d729cfc559b480c3f172de5dc3 bcprov-jdk15on-151.tar.gz Bug: 16578237 Change-Id: Ie4a3cd01b52b504a1098b00b413f1418273a6ef2
* Add OID for Diffie-Hellman keysKenny Root2014-05-071-2/+28
| | | | | | | Without this, decoding X.509 certificates doesn't get a valid DH public key since this OID is not registered by any other provider. Change-Id: I82a5e4cfc3b63c3928299523725d24b838ca939c
* Remove static initializer from StreamUtilKenny Root2014-05-051-0/+32
| | | | | | This causes class preinitialization to fail unnecessarily. Change-Id: I48d55fd2ef4864fb02768ca804c1f2f3c9a84b12
* OpenSSLDigest: length to length-offsetKenny Root2014-02-271-2/+2
| | | | | | | doFinal(...) length was being passed in incorrectly. Bug: 13224655 Change-Id: Ie738446910532a67940fbcd06c5cc961cf7ef9cc
* OpenSSLDigest needs to be ExtendedDigestKenny Root2014-02-251-12/+21
| | | | | | | BcKeyStoreSpi requires an ExtendedDigest to be able to see what byte length the output is before calling it. Change-Id: Ibcade36a96d222d48b933883f9f1d653aca627f0
* OpenSSLDigest: use delegate modelKenny Root2014-02-251-105/+27
| | | | | | | Instead of invoking NativeCrypto directly, delegate to the JCE subsystem to select the AndroidOpenSSL provider. Change-Id: I91c01fc5c21c6d674203226a89a9f4fb2f30426f
* Remove Signature.SHA{384,512}withDSAKenny Root2013-12-161-14/+19
| | | | | | Accidentally added during the upgrade to Bouncycastle 1.50. Change-Id: I91439c1a53f7d46e56d966b551f06b120003a2a8
* Add support for Cipher#getIV with GCMKenny Root2013-12-131-8/+20
| | | | Change-Id: I80cb9e09d75fdb690721c07f54701e6d043cf7b1
* Upgrade to Bouncycastle 1.50Kenny Root2013-12-122-1061/+1170
| | | | | | | | SHA256 sums of source packages: 0be5bb948ec481b3d1f30ee80ef593b298b3782697f9eeee5c74cf270689b520 bcpkix-jdk15on-150.tar.gz 468259c9166fbcf87ad284ae46fae45408cb7cfc9c406862ea75d5b8696f4f2a bcprov-jdk15on-150.tar.gz Change-Id: Id566e9137f85d8328e9f0cb0472ff2f6ae7a71d3
* Add ANSSI intermediate to the on-device blacklist.Geremy Condra2013-12-101-4/+8
| | | | Change-Id: I0ab409f39d0ca5712c75bd5b2ffed041bba3521d
* Restore SHA-224Kenny Root2013-09-262-765/+195
| | | | | | In the StandardNames 8 document, SHA-224 has made a comeback. Change-Id: I2cfd04df026502efa3ccbae17eb509588f43292f
* Track changes to JSSEKenny Root2013-06-031-4/+7
| | | | | | | | Bug: 8769295 (cherry picked from commit 0f9937b494fc6dd31fd04956963a3e258aece11b) Change-Id: I8c8f1572c79adc48b0dbd44e5c889c4432dce56a
* Allow CipherTest to run on RIBrian Carlstrom2013-06-031-2/+4
| | | | | | (cherry picked from commit ee1cdde4bcea1635a6af99c2ada1e155cf1b7a3b) Change-Id: Idc2bbd24722f6f2ca046f8dff197c63cf9dfa03b
* bouncycastle 1.49 upgradeBrian Carlstrom2013-06-032-3212/+2946
| | | | Change-Id: Icbf5a147409c810060a5acc884834fb2a778e860
* Fix PBKDF2WithHmacSHA1 to use high bitsWilliam Luh2013-05-281-21/+105
| | | | | | | | | Bug: 8312059 Bug: https://code.google.com/p/android/issues/detail?id=40578 Cherry picked from commit a2ab0a62bc1ca3978e3ab3a3c1f8288f29a30e7e Change-Id: I749380979671709d63cc87f798b77ed5d8eaef6e
* Merge "Track change to JSSE provider"Kenny Root2013-04-301-2/+2
|\
| * Track change to JSSE providerKenny Root2013-04-291-2/+2
| | | | | | | | Change-Id: Iaef3e3f325e43736fa19c701f6609e5ffd1535fa
* | Revert of DERT61String change from 44021512997b337e6079e46fd4230ce979c20b6fBrian Carlstrom2013-04-221-0/+22
|/ | | | | Bug: 8685209 Change-Id: I72865d6db1ff567da4b24566fa3878053819f826
* Make ECDH KeyAgreement reject AlgorithmParameterSpec.Alex Klyubin2013-03-191-3/+16
| | | | | | | This makes the BouncyCastle JCA Provider pass libcore.javax.crypto.ECDHKeyAgreementTest. Change-Id: I462c93a19c5dfc00733deb76351631ab4b4601da
* Tracking libcore change to use longs instead of ints to store pointers in ↵Brian Carlstrom2013-02-271-10/+10
| | | | | | OpenSSL binding Change-Id: Ibe48a3e6a5356dad5832eac90d23418d89ad7486
* Fix CertPath APIsKenny Root2013-02-201-2/+27
| | | | | | | There was a missing getCertPathEncodings() implementation and the "PEM" encoding wasn't fully removed. Change-Id: I514910eec34ad39e0a2d56677ffdd400b38c6bc9
* bouncycastle 1.48 upgradeBrian Carlstrom2013-02-124-1910/+579
| | | | Change-Id: Idb04baf42de07b18ddb162e5cd1f98cdadf366f4
* resolved conflicts for merge of e0c8f221 to jb-mr1-dev-plus-aospBrian Carlstrom2013-02-011-6/+14
|\ | | | | | | Change-Id: I9988ca591a8632df0f67008a79942c8a8e4174ba
| * Add certs to blacklist.Geremy Condra2013-01-221-118/+124
| | | | | | | | Change-Id: I34040b2fe12f81dc0e40653c635f061c499f815b
* | Restore PBE Cipher wrap and unwrap support from upstreamBrian Carlstrom2013-01-292-0/+314
| | | | | | | | | | Bug: https://code.google.com/p/android/issues/detail?id=41405 Change-Id: I9bf90613c510f753032110724b074d31ae76a1fb
* | Add getIssuerAlternativeNames() to JCE APIKenny Root2013-01-161-6/+13
| | | | | | | | | | | | Also make sure the Collection returned is an unmodifiableCollection Change-Id: I9b91a36bd9f5c6264519510c1ac6ac86d4043e34
* | Fix patch generation timestampsKenny Root2013-01-161-118/+116
| | | | | | | | Change-Id: Ibb096f239e0e4a6c0dda05e249786432babfcc8a
* | Add getSubjectAlternativeNames() to certificate JCEKenny Root2013-01-072-4/+138
| | | | | | | | Change-Id: I4a486878447111fa53d0d78ae9c2bf9365e154ed
* | am 036093e8: Fix registration of MD5withRSA SignaturesBrian Carlstrom2012-11-011-15/+18
|\| | | | | | | | | * commit '036093e8793923cf6b6bd920d7a2254ab0afa8a1': Fix registration of MD5withRSA Signatures
| * Fix registration of MD5withRSA SignaturesBrian Carlstrom2012-11-011-15/+18
| | | | | | | | | | Bug: 7453821 Change-Id: Ibcd0f02376bd7a56761597e20096d75ced9c56a5
* | Fix non-BC EC private key usageKenny Root2012-10-121-7/+60
|/ | | | | | This is a port of the previous patch to BC 1.47 Change-Id: I67d95635e05379fdbd09560c5be622de08f6018f
* Make existing bouncycastle bcprov build on host and add host-only bcpkix buildBrian Carlstrom2012-09-193-191/+1494
| | | | | | | | | | | | - Move existing provider source to bcprov - Added bcpkix host build to support built/tooks/signapk sha1sum of sources: - 10bfea344842fe8e065c80e399c93f8651dc87d8 bcprov-jdk15on-147.tar.gz - 913828c7ae36e030508e97e07b3c213fb1db1e9c bcpkix-jdk15on-147.tar.gz Bug: 7056297 Change-Id: Id4f957f300a39aa34b4c3c679b2312631d3f1639
* BaseKeyFactorySpi should throw InvalidKeySpecException, not RuntimeExceptionsBrian Carlstrom2012-09-142-91/+116
| | | | Change-Id: I54d724c11840444c08c2e584700245e41d6ef948
* bouncycastle 1.47 upgradeBrian Carlstrom2012-09-102-6947/+5454
| | | | Change-Id: I601cc0dd434897d48c79abb67e9f833159135cce
* Added patch to the README and android.patches.Geremy Condra2012-07-272-75/+113
| | | | | | | (cherry picked from commit 089355c44e80af84267f0ab3e5369416bfd2d4cf) Bug: http://code.google.com/p/android/issues/detail?id=35547 Change-Id: I58b9e8c258256194ab848c52a29fd270f8f9ad97
* Added CertBlacklister.Geremy Condra2012-05-101-148/+252
| | | | | | This allows us to augment the blacklists with data from other sources. Change-Id: I05e4f1f65b12346847d7064d2be311c5dc6c0ec2
* Blacklist Digicert Malaysia intermediate CABrian Carlstrom2011-11-071-75/+81
| | | | | | | | | Based on Chrome CL: http://src.chromium.org/viewvc/chrome?view=rev&revision=108479 Bug: 5566566 Change-Id: I1b8bd10221eda14fcf15fd2f1a5a23087dab0c50
* resolved conflicts for merge of e903eaf4 to masterBrian Carlstrom2011-09-081-74/+82
|\ | | | | | | Change-Id: I5e37b50e0f6ed6cd61fa1310c15799442d702b61
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 07:30:12 +0000