Added patch to the README and android.patches.
(cherry picked from commit 089355c44e80af84267f0ab3e5369416bfd2d4cf)
(cherry picked from commit ffa48740407cf1c2dc0e114da954130247f4149d)
Bug: http://code.google.com/p/android/issues/detail?id=35547
Change-Id: I461dd74259e79c6215e9092f670334403d36c367
diff --git a/patches/README b/patches/README
index d56a5d8..c0f5697 100644
--- a/patches/README
+++ b/patches/README
@@ -30,6 +30,7 @@
- Make BouncyCastleProvider.PROVIDER_NAME final
- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
- Added DSA support to JDKKeyManager.engineGetKeySpec
+- Fixed CertBlacklist to do a by-value comparison of public keys
Other security changes:
- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
diff --git a/patches/android.patch b/patches/android.patch
index 20ed108..40a24f8 100644
--- a/patches/android.patch
+++ b/patches/android.patch
@@ -1,6 +1,6 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1InputStream.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1InputStream.java 2012-07-27 18:48:00.011478563 +0000
@@ -363,7 +363,9 @@
case BMP_STRING:
return new DERBMPString(bytes);
@@ -14,7 +14,7 @@
case GENERALIZED_TIME:
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/ASN1Null.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/ASN1Null.java 2012-07-27 18:47:59.981477999 +0000
@@ -8,9 +8,11 @@
public abstract class ASN1Null
extends ASN1Object
@@ -30,7 +30,7 @@
{
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERBoolean.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERBoolean.java 2012-07-27 18:47:59.981477999 +0000
@@ -5,7 +5,9 @@
public class DERBoolean
extends ASN1Object
@@ -104,7 +104,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERNull.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERNull.java 2012-07-27 18:47:59.981477999 +0000
@@ -10,9 +10,13 @@
{
public static final DERNull INSTANCE = new DERNull();
@@ -123,7 +123,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERObjectIdentifier.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERObjectIdentifier.java 2012-07-27 18:48:00.011478563 +0000
@@ -110,7 +110,13 @@
}
}
@@ -156,7 +156,7 @@
public String getId()
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/DERPrintableString.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/DERPrintableString.java 2012-07-27 18:48:00.011478563 +0000
@@ -9,7 +9,9 @@
extends ASN1Object
implements DERString
@@ -192,7 +192,7 @@
public String getString()
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/cms/ContentInfo.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/cms/ContentInfo.java 2012-07-27 18:48:00.011478563 +0000
@@ -12,7 +12,9 @@
public class ContentInfo
@@ -206,7 +206,7 @@
private DEREncodable content;
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java 2012-07-27 18:48:00.011478563 +0000
@@ -37,10 +37,13 @@
public static EncryptedPrivateKeyInfo getInstance(
Object obj)
@@ -224,7 +224,7 @@
return new EncryptedPrivateKeyInfo((ASN1Sequence)obj);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java 2012-07-27 18:47:59.981477999 +0000
@@ -10,8 +10,10 @@
//
static final ASN1ObjectIdentifier pkcs_1 = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
@@ -282,7 +282,7 @@
static final ASN1ObjectIdentifier id_hmacWithSHA512 = digestAlgorithm.branch("11");
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java 2012-07-27 18:47:59.981477999 +0000
@@ -19,7 +19,9 @@
private AlgorithmIdentifier maskGenAlgorithm;
private AlgorithmIdentifier pSourceAlgorithm;
@@ -296,7 +296,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java 2012-07-27 18:47:59.981477999 +0000
@@ -20,7 +20,9 @@
private DERInteger saltLength;
private DERInteger trailerField;
@@ -310,7 +310,7 @@
public final static DERInteger DEFAULT_TRAILER_FIELD = new DERInteger(1);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/util/ASN1Dump.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/util/ASN1Dump.java 2012-07-27 18:48:00.011478563 +0000
@@ -79,7 +79,9 @@
{
Object o = e.nextElement();
@@ -324,7 +324,7 @@
buf.append("NULL");
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/AttCertIssuer.java 2012-07-27 18:48:00.011478563 +0000
@@ -45,7 +45,7 @@
ASN1TaggedObject obj,
boolean explicit)
@@ -336,7 +336,7 @@
/**
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/BasicConstraints.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/BasicConstraints.java 2012-07-27 18:48:00.011478563 +0000
@@ -14,7 +14,9 @@
public class BasicConstraints
extends ASN1Encodable
@@ -383,7 +383,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java 2012-07-27 18:48:00.011478563 +0000
@@ -96,11 +96,15 @@
}
if (onlyContainsUserCerts)
@@ -422,7 +422,7 @@
seq = new DERSequence(vec);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Extensions.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Extensions.java 2012-07-27 18:48:00.011478563 +0000
@@ -400,7 +400,9 @@
if (ext.isCritical())
@@ -436,7 +436,7 @@
v.add(ext.getValue());
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509Name.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509Name.java 2012-07-27 18:48:00.011478563 +0000
@@ -249,8 +249,10 @@
*/
public static final Hashtable SymbolLookUp = DefaultLookUp;
@@ -474,7 +474,7 @@
String name = token.substring(0, index);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java
--- bcprov-jdk16-146.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-05-11 05:31:26.610725423 +0000
++++ bcprov-jdk16-146/org/bouncycastle/asn1/x509/X509NameTokenizer.java 2012-07-27 18:48:00.011478563 +0000
@@ -58,6 +58,17 @@
}
else
@@ -502,7 +502,7 @@
\ No newline at end of file
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/PBEParametersGenerator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/PBEParametersGenerator.java 2012-07-27 18:48:00.021478751 +0000
@@ -136,7 +136,8 @@
public static byte[] PKCS12PasswordToBytes(
char[] password)
@@ -522,7 +522,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/digests/OpenSSLDigest.java 2012-07-27 18:48:00.021478751 +0000
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
@@ -685,7 +685,7 @@
+}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/engines/RC2Engine.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/engines/RC2Engine.java 2012-07-27 18:48:00.011478563 +0000
@@ -313,4 +313,4 @@
out[outOff + 6] = (byte)x76;
out[outOff + 7] = (byte)(x76 >> 8);
@@ -695,7 +695,7 @@
\ No newline at end of file
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/generators/DHParametersHelper.java 2012-07-27 18:48:00.021478751 +0000
@@ -3,10 +3,17 @@
import java.math.BigInteger;
import java.security.SecureRandom;
@@ -748,7 +748,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/macs/HMac.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/macs/HMac.java 2012-07-27 18:48:00.021478751 +0000
@@ -32,23 +32,23 @@
{
blockLengths = new Hashtable();
@@ -790,7 +790,7 @@
private static int getByteLength(
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/signers/RSADigestSigner.java 2012-07-27 18:48:00.021478751 +0000
@@ -46,8 +46,10 @@
oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
@@ -806,7 +806,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PrivateKeyFactory.java 2012-07-27 18:48:00.031478939 +0000
@@ -12,7 +12,9 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -888,7 +888,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java
--- bcprov-jdk16-146.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/crypto/util/PublicKeyFactory.java 2012-07-27 18:48:00.031478939 +0000
@@ -15,12 +15,16 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -967,7 +967,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/ECNamedCurveTable.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/ECNamedCurveTable.java 2012-07-27 18:48:00.031478939 +0000
@@ -3,7 +3,9 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
@@ -1031,7 +1031,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/PKCS10CertificationRequest.java 2012-07-27 18:48:00.041479127 +0000
@@ -80,15 +80,20 @@
static
@@ -1281,7 +1281,7 @@
return digestAlgOID.getId();
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/BouncyCastleProvider.java 2012-07-27 18:48:00.031478939 +0000
@@ -45,7 +45,10 @@
{
private static String info = "BouncyCastle Security Provider v1.46";
@@ -2445,8 +2445,8 @@
{
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertBlacklist.java 1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java 2012-05-11 05:31:26.630725775 +0000
-@@ -0,0 +1,171 @@
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertBlacklist.java 2012-07-27 18:48:00.031478939 +0000
+@@ -0,0 +1,177 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
@@ -2593,8 +2593,9 @@
+ String pubkeyBlacklist = readBlacklist(path);
+ if (!pubkeyBlacklist.equals("")) {
+ for (String value : pubkeyBlacklist.split(",")) {
++ value = value.trim();
+ if (isPubkeyHash(value)) {
-+ bl.add(Hex.decode(value));
++ bl.add(value.getBytes());
+ } else {
+ System.logW("Tried to blacklist invalid pubkey " + value);
+ }
@@ -2610,7 +2611,12 @@
+ digest.update(encoded, 0, encoded.length);
+ byte[] out = new byte[digest.getDigestSize()];
+ digest.doFinal(out, 0);
-+ return pubkeyBlacklist.contains(out);
++ for (byte[] blacklisted : pubkeyBlacklist) {
++ if (Arrays.equals(blacklisted, Hex.encode(out))) {
++ return true;
++ }
++ }
++ return false;
+ }
+
+ public boolean isSerialNumberBlackListed(BigInteger serial) {
@@ -2620,7 +2626,7 @@
+}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java 2012-07-27 18:48:00.031478939 +0000
@@ -24,6 +24,7 @@
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
@@ -2802,7 +2808,7 @@
CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEBlockCipher.java 2012-07-27 18:48:00.031478939 +0000
@@ -17,8 +17,10 @@
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
@@ -3267,7 +3273,7 @@
*/
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDHKeyAgreement.java 2012-07-27 18:48:00.031478939 +0000
@@ -36,10 +36,12 @@
static
@@ -3287,7 +3293,7 @@
algorithms.put("DESEDE", i192);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEDigestUtil.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEDigestUtil.java 2012-07-27 18:48:00.031478939 +0000
@@ -12,7 +12,9 @@
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
@@ -3370,7 +3376,7 @@
|| (sha512.contains(digest1) && sha512.contains(digest2))
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPrivateKey.java 2012-07-27 18:48:00.031478939 +0000
@@ -20,7 +20,9 @@
import org.bouncycastle.asn1.DERObject;
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -3442,7 +3448,7 @@
info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.getDERObject()), keyStructure.getDERObject());
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEECPublicKey.java 2012-07-27 18:48:00.031478939 +0000
@@ -20,8 +20,10 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -3690,7 +3696,7 @@
{
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEKeyGenerator.java 2012-07-27 18:48:00.031478939 +0000
@@ -57,6 +57,11 @@
{
try
@@ -3926,7 +3932,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEMac.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEMac.java 2012-07-27 18:48:00.031478939 +0000
@@ -11,25 +11,39 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -4456,7 +4462,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSACipher.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSACipher.java 2012-07-27 18:48:00.031478939 +0000
@@ -535,48 +535,50 @@
}
}
@@ -4554,7 +4560,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java 2012-07-27 18:48:00.031478939 +0000
@@ -125,7 +125,9 @@
*/
public byte[] getEncoded()
@@ -4568,7 +4574,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPrivateKey.java 2012-07-27 18:48:00.031478939 +0000
@@ -77,7 +77,9 @@
public byte[] getEncoded()
@@ -4582,7 +4588,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCERSAPublicKey.java 2012-07-27 18:48:00.031478939 +0000
@@ -90,7 +90,9 @@
public byte[] getEncoded()
@@ -4596,7 +4602,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCESecretKeyFactory.java 2012-07-27 18:48:00.031478939 +0000
@@ -250,29 +250,31 @@
}
}
@@ -4773,7 +4779,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JCEStreamCipher.java 2012-07-27 18:48:00.041479127 +0000
@@ -13,20 +13,26 @@
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
@@ -5079,7 +5085,7 @@
*/
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameterGenerator.java 2012-07-27 18:48:00.031478939 +0000
@@ -11,18 +11,24 @@
import javax.crypto.spec.DHGenParameterSpec;
import javax.crypto.spec.DHParameterSpec;
@@ -5505,7 +5511,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java 2012-07-27 18:48:00.031478939 +0000
@@ -10,21 +10,27 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
@@ -7005,7 +7011,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDSASigner.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDSASigner.java 2012-07-27 18:48:00.031478939 +0000
@@ -23,13 +23,17 @@
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.NullDigest;
@@ -7156,7 +7162,7 @@
extends JDKDSASigner
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKDigestSignature.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKDigestSignature.java 2012-07-27 18:48:00.031478939 +0000
@@ -23,15 +23,21 @@
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
@@ -7332,7 +7338,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyFactory.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyFactory.java 2012-07-27 18:48:00.031478939 +0000
@@ -36,17 +36,21 @@
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -7718,7 +7724,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyPairGenerator.java 2012-07-27 18:48:00.031478939 +0000
@@ -6,9 +6,11 @@
import org.bouncycastle.crypto.generators.DHParametersGenerator;
import org.bouncycastle.crypto.generators.DSAKeyPairGenerator;
@@ -8062,7 +8068,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKKeyStore.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKKeyStore.java 2012-07-27 18:48:00.031478939 +0000
@@ -39,7 +39,12 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Digest;
@@ -8165,7 +8171,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKMessageDigest.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKMessageDigest.java 2012-07-27 18:48:00.031478939 +0000
@@ -57,36 +57,38 @@
{
super(new SHA1Digest());
@@ -8612,7 +8618,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java 2012-07-27 18:48:00.031478939 +0000
@@ -260,10 +260,13 @@
}
}
@@ -8782,7 +8788,7 @@
return null;
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PBE.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PBE.java 2012-07-27 18:48:00.031478939 +0000
@@ -7,12 +7,18 @@
import org.bouncycastle.crypto.CipherParameters;
@@ -8857,7 +8863,7 @@
break;
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPath.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPath.java 2012-07-27 18:48:00.041479127 +0000
@@ -33,7 +33,9 @@
import org.bouncycastle.asn1.pkcs.ContentInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -8922,7 +8928,7 @@
throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java 2012-07-27 18:48:00.031478939 +0000
@@ -1,5 +1,8 @@
package org.bouncycastle.jce.provider;
@@ -8991,7 +8997,7 @@
//
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java 2012-07-27 18:48:00.031478939 +0000
@@ -1533,7 +1533,9 @@
for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
{
@@ -9005,7 +9011,7 @@
subtreesMap.put(tagNo, new HashSet());
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/WrapCipherSpi.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/WrapCipherSpi.java 2012-07-27 18:48:00.031478939 +0000
@@ -22,8 +22,10 @@
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
@@ -9137,7 +9143,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509CertificateObject.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509CertificateObject.java 2012-07-27 18:48:00.031478939 +0000
@@ -520,12 +520,20 @@
return JDKKeyFactory.createPublicKeyFromPublicKeyInfo(c.getSubjectPublicKeyInfo());
}
@@ -9171,7 +9177,7 @@
signature = Signature.getInstance(sigName, BouncyCastleProvider.PROVIDER_NAME);
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/X509SignatureUtil.java 2012-07-27 18:48:00.031478939 +0000
@@ -25,7 +25,9 @@
class X509SignatureUtil
@@ -9264,7 +9270,7 @@
return digestAlgOID.getId();
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/EC.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/EC.java 2012-07-27 18:48:00.031478939 +0000
@@ -4,8 +4,10 @@
import org.bouncycastle.asn1.DERObjectIdentifier;
@@ -9396,7 +9402,7 @@
private void addSignatureAlgorithm(
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/ECUtil.java 2012-07-27 18:48:00.031478939 +0000
@@ -1,10 +1,14 @@
package org.bouncycastle.jce.provider.asymmetric.ec;
@@ -9483,7 +9489,7 @@
return name;
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyAgreement.java 2012-07-27 18:48:00.031478939 +0000
@@ -24,20 +24,26 @@
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DerivationFunction;
@@ -9811,7 +9817,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/KeyPairGenerator.java 2012-07-27 18:48:00.031478939 +0000
@@ -10,10 +10,14 @@
import java.util.Hashtable;
@@ -10010,7 +10016,7 @@
+}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/asymmetric/ec/Signature.java 2012-07-27 18:48:00.031478939 +0000
@@ -18,15 +18,21 @@
import org.bouncycastle.crypto.DSA;
import org.bouncycastle.crypto.Digest;
@@ -10239,7 +10245,7 @@
+}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/AES.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/AES.java 2012-07-27 18:48:00.031478939 +0000
@@ -13,8 +13,10 @@
import org.bouncycastle.crypto.CipherKeyGenerator;
import org.bouncycastle.crypto.engines.AESFastEngine;
@@ -10604,7 +10610,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/ARC4.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/ARC4.java 2012-07-27 18:48:00.031478939 +0000
@@ -27,7 +27,9 @@
{
public KeyGen()
@@ -10618,7 +10624,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/Blowfish.java 2012-07-27 18:48:00.031478939 +0000
@@ -57,7 +57,9 @@
public Mappings()
{
@@ -10632,7 +10638,7 @@
put("AlgorithmParameters.BLOWFISH", "org.bouncycastle.jce.provider.symmetric.Blowfish$AlgParams");
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java
--- bcprov-jdk16-146.orig/org/bouncycastle/jce/provider/symmetric/DESede.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/jce/provider/symmetric/DESede.java 2012-07-27 18:48:00.031478939 +0000
@@ -14,11 +14,15 @@
import org.bouncycastle.crypto.KeyGenerationParameters;
import org.bouncycastle.crypto.engines.DESedeEngine;
@@ -10798,7 +10804,7 @@
}
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java
--- bcprov-jdk16-146.orig/org/bouncycastle/openssl/PEMUtilities.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java 2012-05-11 05:31:26.630725775 +0000
++++ bcprov-jdk16-146/org/bouncycastle/openssl/PEMUtilities.java 2012-07-27 18:48:00.031478939 +0000
@@ -45,10 +45,12 @@
PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes192_CBC);
PKCS5_SCHEME_2.add(NISTObjectIdentifiers.id_aes256_CBC);
@@ -10818,7 +10824,7 @@
static int getKeySize(String algorithm)
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java
--- bcprov-jdk16-146.orig/org/bouncycastle/x509/X509Util.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/X509Util.java 2012-07-27 18:48:00.011478563 +0000
@@ -44,14 +44,18 @@
static
@@ -10980,7 +10986,7 @@
diff -Naur bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java
--- bcprov-jdk16-146.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2011-02-23 20:08:56.000000000 +0000
-+++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-05-11 05:31:26.620725599 +0000
++++ bcprov-jdk16-146/org/bouncycastle/x509/extension/X509ExtensionUtil.java 2012-07-27 18:48:00.011478563 +0000
@@ -62,7 +62,9 @@
{
GeneralName genName = GeneralName.getInstance(it.nextElement());
@@ -10992,3 +10998,34 @@
switch (genName.getTagNo())
{
case GeneralName.ediPartyName:
+diff -Naur bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej
+--- bcprov-jdk16-146.orig/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej 1970-01-01 00:00:00.000000000 +0000
++++ bcprov-jdk16-146/src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java.rej 2012-07-27 18:47:59.931477059 +0000
+@@ -0,0 +1,27 @@
++--- src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
+++++ src/main/java/org/bouncycastle/jce/provider/CertBlacklist.java
++@@ -144,8 +144,9 @@
++ String pubkeyBlacklist = readBlacklist(path);
++ if (!pubkeyBlacklist.equals("")) {
++ for (String value : pubkeyBlacklist.split(",")) {
+++ value = value.trim();
++ if (isPubkeyHash(value)) {
++- bl.add(Hex.decode(value));
+++ bl.add(value.getBytes());
++ } else {
++ System.logW("Tried to blacklist invalid pubkey " + value);
++ }
++@@ -161,7 +162,12 @@
++ digest.update(encoded, 0, encoded.length);
++ byte[] out = new byte[digest.getDigestSize()];
++ digest.doFinal(out, 0);
++- return pubkeyBlacklist.contains(out);
+++ for (byte[] blacklisted : pubkeyBlacklist) {
+++ if (Arrays.equals(blacklisted, Hex.encode(out))) {
+++ return true;
+++ }
+++ }
+++ return false;
++ }
++
++ public boolean isSerialNumberBlackListed(BigInteger serial) {