README
1 bcprov.patch:
2
3 patch against Bouncy Castle's bcprov:
4
5 The main differences involve removing algorithms not included in the
6 reference implementation (RI). The libcore
7 java.security.StandardNames test support class provides the most
8 up-do-date documentation of differences between the RI's list of
9 supported algorithms and Android's. Some notable omissions versus the
10 RI:
11 - LDAP
12 - MD2
13 - RC2
14
15 Other performance (both speed and memory) and correctness changes:
16 - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
17 - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
18 - removed use of Boolean constructor
19 - DERObjectIdentifier interns its internal String indentifer value
20 - changed uses of 'new Integer' to 'Integer.valueOf'
21 - X509CertificateObject.getEncoded caches its result
22 - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
23 - OpenSSLDigest uses NativeCrypto JNI API
24 - KeyStoreSpis made more tolerant of non-existant and null aliases
25 - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
26 - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
27 - Make PKCS12 KeyStore tolerate setting with an empty certificate chain
28 - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo
29 - Make BouncyCastleProvider.PROVIDER_NAME final
30 - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
31 - Fixed BaseKeyFactorySpi to convert all Exceptions to InvalidKeySpecException for KeyRepTest
32
33 Other security changes:
34 - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
35 - Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
36
37 Other changes:
38 - Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
39
40
41 bcpkix.patch:
42
43 patch against Bouncy Castle's bcpkix:
44
45 The main differences involve:
46 - removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST)
47 - using the singleton DERNull.INSTANCE
48