Home | History | Annotate | Download | only in patches
      1 android.patch:
      2 
      3 patch against Bouncy Castle:
      4 
      5 The main differences involve removing algorithms not included in the
      6 reference implementation (RI).  The libcore
      7 java.security.StandardNames test support class provides the most
      8 up-do-date documentation of differences between the RI's list of
      9 supported algorithms and Android's. Some notable omissions versus the
     10 RI:
     11 - LDAP
     12 - MD2
     13 - RC2
     14 
     15 Other performance (both speed and memory) and correctness changes:
     16 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
     17 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
     18 - removed use of Boolean constructor
     19 - DERPrintableString interns its internal String values
     20 - DERObjectIdentifier interns its internal String indentifer value
     21 - changed uses of 'new Integer' to 'Integer.valueOf'
     22 - X509CertificateObject.getEncoded caches its result
     23 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
     24 - OpenSSLDigest uses NativeCrypto JNI API
     25 - KeyStoreSpis made more tolerant of non-existant and null aliases
     26 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
     27 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
     28 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain
     29 - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
     30 - Make BouncyCastleProvider.PROVIDER_NAME final
     31 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
     32 - Added DSA support to JDKKeyManager.engineGetKeySpec
     33 
     34 Other security changes:
     35 - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
     36 - Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
     37 
     38 Other changes:
     39 - Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
     40