Home | History | Annotate | only in /external/bouncycastle/patches
Up to higher level directory
NameDateSize
bcpkix.patch13-Nov-201257.4K
bcprov.patch13-Nov-2012413.3K
README13-Nov-20122K

README

      1 bcprov.patch:
      2 
      3 patch against Bouncy Castle's bcprov:
      4 
      5 The main differences involve removing algorithms not included in the
      6 reference implementation (RI).  The libcore
      7 java.security.StandardNames test support class provides the most
      8 up-do-date documentation of differences between the RI's list of
      9 supported algorithms and Android's. Some notable omissions versus the
     10 RI:
     11 - LDAP
     12 - MD2
     13 - RC2
     14 
     15 Other performance (both speed and memory) and correctness changes:
     16 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
     17 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
     18 - removed use of Boolean constructor
     19 - DERObjectIdentifier interns its internal String indentifer value
     20 - changed uses of 'new Integer' to 'Integer.valueOf'
     21 - X509CertificateObject.getEncoded caches its result
     22 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
     23 - OpenSSLDigest uses NativeCrypto JNI API
     24 - KeyStoreSpis made more tolerant of non-existant and null aliases
     25 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
     26 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
     27 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain
     28 - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
     29 - Make BouncyCastleProvider.PROVIDER_NAME final
     30 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
     31 - Fixed BaseKeyFactorySpi to convert all Exceptions to InvalidKeySpecException for KeyRepTest
     32 
     33 Other security changes:
     34 - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
     35 - Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
     36 
     37 Other changes:
     38 - Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
     39 
     40 
     41 bcpkix.patch:
     42 
     43 patch against Bouncy Castle's bcpkix:
     44 
     45 The main differences involve:
     46 - removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST)
     47 - using the singleton DERNull.INSTANCE
     48