README
1android.patch:
2
3patch against Bouncy Castle:
4
5The main differences involve removing algorithms not included in the
6reference implementation (RI). The libcore
7java.security.StandardNames test support class provides the most
8up-do-date documentation of differences between the RI's list of
9supported algorithms and Android's. Some notable omissions versus the
10RI:
11- LDAP
12- MD2
13- RC2
14
15Other performance (both speed and memory) and correctness changes:
16- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
17- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
18- removed use of Boolean constructor
19- DERPrintableString interns its internal String values
20- DERObjectIdentifier interns its internal String indentifer value
21- changed uses of 'new Integer' to 'Integer.valueOf'
22- X509CertificateObject.getEncoded caches its result
23- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
24- OpenSSLDigest uses NativeCrypto JNI API
25- KeyStoreSpis made more tolerant of non-existant and null aliases
26- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
27- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
28- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
29- Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
30- Make BouncyCastleProvider.PROVIDER_NAME final
31- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
32- Added DSA support to JDKKeyManager.engineGetKeySpec
33- Fixed CertBlacklist to do a by-value comparison of public keys
34
35Other security changes:
36- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
37- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
38
39Other changes:
40- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
41