| Up to higher level directory | |||
| Name | Date | Size | |
|---|---|---|---|
| bcpkix.patch | 13-Nov-2012 | 57.4K | |
| bcprov.patch | 13-Nov-2012 | 413.3K | |
| README | 13-Nov-2012 | 2K | |
README
1 bcprov.patch: 2 3 patch against Bouncy Castle's bcprov: 4 5 The main differences involve removing algorithms not included in the 6 reference implementation (RI). The libcore 7 java.security.StandardNames test support class provides the most 8 up-do-date documentation of differences between the RI's list of 9 supported algorithms and Android's. Some notable omissions versus the 10 RI: 11 - LDAP 12 - MD2 13 - RC2 14 15 Other performance (both speed and memory) and correctness changes: 16 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure) 17 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE} 18 - removed use of Boolean constructor 19 - DERObjectIdentifier interns its internal String indentifer value 20 - changed uses of 'new Integer' to 'Integer.valueOf' 21 - X509CertificateObject.getEncoded caches its result 22 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12 23 - OpenSSLDigest uses NativeCrypto JNI API 24 - KeyStoreSpis made more tolerant of non-existant and null aliases 25 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases 26 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get 27 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain 28 - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo 29 - Make BouncyCastleProvider.PROVIDER_NAME final 30 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1 31 - Fixed BaseKeyFactorySpi to convert all Exceptions to InvalidKeySpecException for KeyRepTest 32 33 Other security changes: 34 - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi 35 - Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates 36 37 Other changes: 38 - Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime 39 40 41 bcpkix.patch: 42 43 patch against Bouncy Castle's bcpkix: 44 45 The main differences involve: 46 - removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST) 47 - using the singleton DERNull.INSTANCE 48
