Home | History | Annotate | only in /external/bouncycastle/patches
Up to higher level directory
NameDateSize
android.patch15-Nov-2011478.6K
README15-Nov-20112.1K

README

      1 android.patch:
      2 
      3 patch against Bouncy Castle:
      4 
      5 The main differences involve removing algorithms not included in the
      6 reference implementation (RI).  The libcore
      7 java.security.StandardNames test support class provides the most
      8 up-do-date documentation of differences between the RI's list of
      9 supported algorithms and Android's. Some notable omissions versus the
     10 RI:
     11 - LDAP
     12 - MD2
     13 - RC2
     14 
     15 Other performance (both speed and memory) changes:
     16 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
     17 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
     18 - DERPrintableString interns its internal String values
     19 - DERObjectIdentifier interns its internal String indentifer value
     20 - changed uses of 'new Integer' to 'Integer.valueOf'
     21 - Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
     22 - Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
     23 - PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
     24 - X509CertificateObject.getEncoded caches its result
     25 - Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
     26 - CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
     27 - Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
     28 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
     29 - OpenSSLDigest uses NativeCrypto JNI API
     30 - KeyStoreSpis made more tolerant of non-existant and null aliases
     31 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
     32 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
     33 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain
     34 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
     35 
     36 Other security changes:
     37 - blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
     38 - blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
     39