Skip to content

Migrate to official BouncyCastle.Cryptography #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 7, 2025
Merged

Migrate to official BouncyCastle.Cryptography #64

merged 2 commits into from
Sep 7, 2025

Conversation

skibitsky
Copy link
Contributor

⚠️ NOTE: Use notes like this to emphasize something important about the PR.

This could include other PRs this PR is built on top of; API breaking changes; reasons for why the PR is on hold; or anything else you would like to draw attention to.

Status Type ⚠️ Core Change Issue
Draft Refactor ? Link

Problem

Solana.Unity-Core relies on a deprecated unofficial fork of the BouncyCastle cryptography library, Portable.BouncyCastle, which hasn't been updated for ~5 years.

There're 3 vulnerability found in the original version of the old BouncyCastle library:
Screenshot 2025-09-02 - QkjrjxtO@2x

In addition to the potential security risk, it introduces a dependency conflict in Unity with third-party packages that use the official BouncyCastle library.
Screenshot 2025-09-02 - cqYiHwVH@2x

Solution

Upgrade to the official library, BouncyCastle.Cryptography, which is now compatible with .NET Standard, meaning it works in Unity.

Other changes (e.g. bug fixes, small refactors)

  • Minor culture conversion fixes in unit tests

Deploy Notes

Notes regarding deployment of the contained body of work. These should note any
new dependencies, new scripts, etc.

New dependencies:

  • BouncyCastle.Cryptography

@skibitsky skibitsky marked this pull request as ready for review September 5, 2025 07:31
@GabrielePicco GabrielePicco merged commit b9d84ea into magicblock-labs:master Sep 7, 2025
1 check failed
@skibitsky skibitsky mentioned this pull request Sep 8, 2025
Closed
@GabrielePicco GabrielePicco mentioned this pull request Sep 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@skibitsky @GabrielePicco