projects
/
gpl
/
argeo-tp.git
/ commitdiff
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cac1397
)
Introduce Bouncy Castle FIPS
author
Mathieu Baudier <mbaudier@argeo.org>
Wed, 22 Mar 2023 12:36:12 +0000
(13:36 +0100)
committer
Mathieu Baudier <mbaudier@argeo.org>
Wed, 22 Mar 2023 12:36:12 +0000
(13:36 +0100)
21 files changed:
repackage/Makefile
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
[deleted file]
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
[deleted file]
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
[deleted file]
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
[deleted file]
patch
|
blob
|
history
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
[deleted file]
patch
|
blob
|
history
repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
[new file with mode: 0644]
patch
|
blob
repackage/org.argeo.tp.fips/bouncycastle/common.bnd
[new file with mode: 0644]
patch
|
blob
sdk/argeo-build
patch
|
blob
|
history
diff --git
a/repackage/Makefile
b/repackage/Makefile
index 62f1c04e940f71c1b6f37fa706062efbd0bee078..799cbfda7df635a49a99091ba57e52b4341695c8 100644
(file)
--- a/
repackage/Makefile
+++ b/
repackage/Makefile
@@
-22,5
+22,9
@@
org.argeo.tp.utils \
org.argeo.tp.jcr \
org.argeo.tp.poi \
org.argeo.tp.gis \
org.argeo.tp.jcr \
org.argeo.tp.poi \
org.argeo.tp.gis \
+org.argeo.tp.fips \
+
+# NOTE: FIPS support is experimental, in order to preapre for the 2.0.0 stream
+# see https://www.bouncycastle.org/fips_java_roadmap.html
include $(SDK_SRC_BASE)/sdk/argeo-build/repackage.mk
\ No newline at end of file
include $(SDK_SRC_BASE)/sdk/argeo-build/repackage.mk
\ No newline at end of file
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
new file mode 100644
(file)
index 0000000..
ec30584
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bcmail.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
new file mode 100644
(file)
index 0000000..
86d4e74
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bcpg.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
new file mode 100644
(file)
index 0000000..
1634680
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bcpkix.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
new file mode 100644
(file)
index 0000000..
2941b4e
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bcprov.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
new file mode 100644
(file)
index 0000000..
5ac9fb2
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bctls.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bctls-jdk18on
diff --git a/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
new file mode 100644
(file)
index 0000000..
0a71f96
--- /dev/null
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/bcutil.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
index aad8cdff1262eaf2765f0bad514fc241977972ec..0c2cd379f3ce268a6a3d2aaaf61cc7b16b8b04d9 100644
(file)
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
+++ b/
repackage/org.argeo.tp.crypto/bouncycastle/common.bnd
@@
-1,2
+1,3
@@
SPDX-License-Identifier: MIT
Argeo-Origin-M2: :1.72
SPDX-License-Identifier: MIT
Argeo-Origin-M2: :1.72
+Argeo-Origin-NoMetadataGeneration: true
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
deleted file mode 100644
(file)
index
55de32d
..0000000
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.mail.bnd
+++ /dev/null
@@
-1,2
+0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcmail-jdk18on
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
deleted file mode 100644
(file)
index
70b7352
..0000000
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pg.bnd
+++ /dev/null
@@
-1,2
+0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpg-jdk18on:1.72.2
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
deleted file mode 100644
(file)
index
78ba1b3
..0000000
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.pkix.bnd
+++ /dev/null
@@
-1,2
+0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcpkix-jdk18on
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
deleted file mode 100644
(file)
index
bbe70be
..0000000
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.provider.bnd
+++ /dev/null
@@
-1,2
+0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcprov-jdk18on
diff --git
a/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
b/repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
deleted file mode 100644
(file)
index
ad1134b
..0000000
--- a/
repackage/org.argeo.tp.crypto/bouncycastle/org.bouncycastle.util.bnd
+++ /dev/null
@@
-1,2
+0,0 @@
-Argeo-Origin-NoMetadataGeneration: true
-Argeo-Origin-M2: org.bouncycastle:bcutil-jdk18on
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
b/repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
new file mode 100644
(file)
index 0000000..
b3384ca
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bc-fips.bnd.disabled
@@ -0,0
+1,3
@@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-fips
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
new file mode 100644
(file)
index 0000000..
4788299
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bc-noncert.bnd
@@ -0,0
+1,5
@@
+# !! The current version is unsafe, see:
+# https://github.com/bcgit/bc-java/wiki/CVE-2022-45146
+Argeo-Origin-M2: org.bouncycastle:bc-noncert:1.0.2.4
+Argeo-Origin-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4.jar
+Argeo-Origin-Sources-URI: https://downloads.bouncycastle.org/fips-java/bc-noncert-1.0.2.4-sources.jar
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
new file mode 100644
(file)
index 0000000..
34dc61f
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bcmail-fips.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcmail-fips:1.0.4
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
new file mode 100644
(file)
index 0000000..
be773b7
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bcpg-fips.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcpg-fips:1.0.7.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
new file mode 100644
(file)
index 0000000..
f2f46d6
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bcpkix-fips.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bcpkix-fips:1.0.7
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
new file mode 100644
(file)
index 0000000..
7de0139
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/bctls-fips.bnd
@@ -0,0
+1
@@
+Argeo-Origin-M2: org.bouncycastle:bctls-fips:1.0.14.1
diff --git a/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
b/repackage/org.argeo.tp.fips/bouncycastle/common.bnd
new file mode 100644
(file)
index 0000000..
3658686
--- /dev/null
+++ b/
repackage/org.argeo.tp.fips/bouncycastle/common.bnd
@@ -0,0
+1,4
@@
+SPDX-License-Identifier: MIT
+Argeo-Origin-NoMetadataGeneration: true
+Argeo-Origin-Do-Not-Modify: true
+Argeo-Origin-M2: :1.0.2.3
\ No newline at end of file
diff --git
a/sdk/argeo-build
b/sdk/argeo-build
index 884c8b0c0b76b4d60fcb4a65d48a898f3ba27f0e..948d50f9792c1984eb055e58b8199f5778df901f 160000
(submodule)
--- a/
sdk/argeo-build
+++ b/
sdk/argeo-build
@@
-1
+1
@@
-Subproject commit
884c8b0c0b76b4d60fcb4a65d48a898f3ba27f0e
+Subproject commit
948d50f9792c1984eb055e58b8199f5778df901f