xref: /external/bouncycastle/patches/bcprov.patch

diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/ASN1Null.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/ASN1Null.java	2012-09-19 21:17:12.000000000 +0000
@@ -8,9 +8,11 @@
 public abstract class ASN1Null
     extends ASN1Primitive
 {
-    public ASN1Null()
+    // BEGIN android-changed
+    /*package*/ ASN1Null()
     {
     }
+    // END android-changed
 
     public static ASN1Null getInstance(Object o)
     {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERBoolean.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERBoolean.java	2012-09-19 21:17:12.000000000 +0000
@@ -10,7 +10,9 @@
     private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
     private static final byte[] FALSE_VALUE = new byte[] { 0 };
 
-    private byte[]         value;
+    // BEGIN android-changed
+    final private byte[]         value;
+    // END android-changed
 
     public static final ASN1Boolean FALSE = new ASN1Boolean(false);
     public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
@@ -46,6 +48,17 @@
         return (value ? TRUE : FALSE);
     }
 
+    // BEGIN android-added
+    /**
+     * return a DERBoolean from the passed in array.
+     */
+    public static DERBoolean getInstance(
+        byte[] octets)
+    {
+        return (octets[0] != 0) ? TRUE : FALSE;
+    }
+
+    // END android-added
     /**
      * return a Boolean from a tagged object.
      *
@@ -71,7 +84,9 @@
         }
     }
     
-    DERBoolean(
+    // BEGIN android-changed
+    protected DERBoolean(
+    // END android-changed
         byte[]       value)
     {
         if (value.length != 1)
@@ -93,8 +108,10 @@
         }
     }
 
-    public DERBoolean(
+    // BEGIN android-changed
+    protected DERBoolean(
         boolean     value)
+    // END android-changed
     {
         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERNull.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERNull.java	2012-09-19 21:17:12.000000000 +0000
@@ -12,7 +12,9 @@
 
     private static final byte[]  zeroBytes = new byte[0];
 
-    public DERNull()
+    // BEGIN android-changed
+    protected DERNull()
+    // END android-changed
     {
     }
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERObjectIdentifier.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERObjectIdentifier.java	2012-09-19 21:17:12.000000000 +0000
@@ -117,7 +117,13 @@
             }
         }
 
-        this.identifier = objId.toString();
+        // BEGIN android-changed
+        /*
+         * Intern the identifier so there aren't hundreds of duplicates
+         * (in practice).
+         */
+        this.identifier = objId.toString().intern();
+        // END android-changed
     }
 
     public DERObjectIdentifier(
@@ -128,7 +134,13 @@
             throw new IllegalArgumentException("string " + identifier + " not an OID");
         }
 
-        this.identifier = identifier;
+        // BEGIN android-changed
+        /*
+         * Intern the identifier so there aren't hundreds of duplicates
+         * (in practice).
+         */
+        this.identifier = identifier.intern();
+        // END android-changed
     }
 
     public String getId()
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/DERPrintableString.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/DERPrintableString.java	2012-09-19 21:17:12.000000000 +0000
@@ -12,7 +12,9 @@
     extends ASN1Primitive
     implements ASN1String
 {
-    private byte[]  string;
+    // BEGIN android-changed
+    private final byte[]  string;
+    // END android-changed
 
     /**
      * return a printable string from the passed in object.
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/cms/ContentInfo.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/cms/ContentInfo.java	2012-09-19 21:17:12.000000000 +0000
@@ -12,7 +12,9 @@
 
 public class ContentInfo
     extends ASN1Object
-    implements CMSObjectIdentifiers
+    // BEGIN android-removed
+    // implements CMSObjectIdentifiers
+    // END android-removed
 {
     private ASN1ObjectIdentifier contentType;
     private ASN1Encodable        content;
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/EncryptedPrivateKeyInfo.java	2012-09-19 21:17:12.000000000 +0000
@@ -37,10 +37,13 @@
     public static EncryptedPrivateKeyInfo getInstance(
         Object  obj)
     {
-        if (obj instanceof EncryptedData)
+        // BEGIN android-changed
+        //     fix copy and paste error in instanceof call
+        if (obj instanceof EncryptedPrivateKeyInfo)
         {
             return (EncryptedPrivateKeyInfo)obj;
         }
+        // END android-changed
         else if (obj != null)
         { 
             return new EncryptedPrivateKeyInfo(ASN1Sequence.getInstance(obj));
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2012-09-19 21:17:12.000000000 +0000
@@ -10,8 +10,10 @@
     //
     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
-    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    // END android-removed
     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
     static final ASN1ObjectIdentifier    sha1WithRSAEncryption     = pkcs_1.branch("5");
     static final ASN1ObjectIdentifier    srsaOAEPEncryptionSET     = pkcs_1.branch("6");
@@ -22,7 +24,9 @@
     static final ASN1ObjectIdentifier    sha256WithRSAEncryption   = pkcs_1.branch("11");
     static final ASN1ObjectIdentifier    sha384WithRSAEncryption   = pkcs_1.branch("12");
     static final ASN1ObjectIdentifier    sha512WithRSAEncryption   = pkcs_1.branch("13");
-    static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
+    // END android-removed
 
     //
     // pkcs-3 OBJECT IDENTIFIER ::= {
@@ -65,13 +69,17 @@
     // md2 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
     //
-    static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
+    // END android-removed
 
     //
     // md4 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
     //
-    static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
+    // END android-removed
 
     //
     // md5 OBJECT IDENTIFIER ::=
@@ -80,7 +88,9 @@
     static final ASN1ObjectIdentifier    md5                     = digestAlgorithm.branch("5");
 
     static final ASN1ObjectIdentifier    id_hmacWithSHA1         = digestAlgorithm.branch("7");
-    static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
+    // END android-removed
     static final ASN1ObjectIdentifier    id_hmacWithSHA256       = digestAlgorithm.branch("9");
     static final ASN1ObjectIdentifier    id_hmacWithSHA384       = digestAlgorithm.branch("10");
     static final ASN1ObjectIdentifier    id_hmacWithSHA512       = digestAlgorithm.branch("11");
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSAESOAEPparams.java	2012-09-19 21:17:12.000000000 +0000
@@ -19,7 +19,9 @@
     private AlgorithmIdentifier maskGenAlgorithm;
     private AlgorithmIdentifier pSourceAlgorithm;
     
-    public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
+    // BEGIN android-changed
+    public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+    // END android-changed
     public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
     public final static AlgorithmIdentifier DEFAULT_P_SOURCE_ALGORITHM = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(new byte[0]));
     
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/pkcs/RSASSAPSSparams.java	2012-09-19 21:17:12.000000000 +0000
@@ -22,7 +22,9 @@
     private ASN1Integer          saltLength;
     private ASN1Integer          trailerField;
     
-    public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
+    // BEGIN android-changed
+    public final static AlgorithmIdentifier DEFAULT_HASH_ALGORITHM = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+    // END android-changed
     public final static AlgorithmIdentifier DEFAULT_MASK_GEN_FUNCTION = new AlgorithmIdentifier(PKCSObjectIdentifiers.id_mgf1, DEFAULT_HASH_ALGORITHM);
     public final static ASN1Integer          DEFAULT_SALT_LENGTH = new ASN1Integer(20);
     public final static ASN1Integer          DEFAULT_TRAILER_FIELD = new ASN1Integer(1);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/util/ASN1Dump.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/util/ASN1Dump.java	2012-09-19 21:17:12.000000000 +0000
@@ -78,7 +78,9 @@
             {
                 Object  o = e.nextElement();
 
-                if (o == null || o.equals(new DERNull()))
+                // BEGIN android-changed
+                if (o == null || o.equals(DERNull.INSTANCE))
+                // END android-changed
                 {
                     buf.append(tab);
                     buf.append("NULL");
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AttCertIssuer.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AttCertIssuer.java	2012-09-19 21:17:12.000000000 +0000
@@ -46,7 +46,7 @@
         ASN1TaggedObject obj,
         boolean          explicit)
     {
-        return getInstance(obj.getObject()); // must be explictly tagged
+        return getInstance(obj.getObject()); // must be explicitly tagged
     }
 
     /**
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2012-09-19 21:17:12.000000000 +0000
@@ -14,7 +14,9 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 
 /**
  * The AuthorityKeyIdentifier object.
@@ -101,7 +103,9 @@
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
     {
-        Digest  digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest  digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
@@ -119,7 +123,9 @@
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        Digest  digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest  digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/BasicConstraints.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/BasicConstraints.java	2012-09-19 21:17:12.000000000 +0000
@@ -14,7 +14,9 @@
 public class BasicConstraints
     extends ASN1Object
 {
-    DERBoolean  cA = new DERBoolean(false);
+    // BEGIN android-changed
+    DERBoolean  cA = DERBoolean.FALSE;
+    // END android-changed
     ASN1Integer  pathLenConstraint = null;
 
     public static BasicConstraints getInstance(
@@ -81,7 +83,9 @@
     {
         if (cA)
         {
-            this.cA = new DERBoolean(true);
+            // BEGIN android-changed
+            this.cA = DERBoolean.TRUE;
+            // END android-changed
         }
         else
         {
@@ -98,7 +102,9 @@
     public BasicConstraints(
         int     pathLenConstraint)
     {
-        this.cA = new DERBoolean(true);
+        // BEGIN android-changed
+        this.cA = DERBoolean.TRUE;
+        // END android-changed
         this.pathLenConstraint = new ASN1Integer(pathLenConstraint);
     }
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/CRLReason.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/CRLReason.java	2012-09-19 21:17:12.000000000 +0000
@@ -138,7 +138,9 @@
 
     public static CRLReason lookup(int value)
     {
-        Integer idx = new Integer(value);
+        // BEGIN android-changed
+        Integer idx = Integer.valueOf(value);
+        // END android-changed
 
         if (!table.containsKey(idx))
         {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/IssuingDistributionPoint.java	2012-09-19 21:17:12.000000000 +0000
@@ -96,11 +96,15 @@
         }
         if (onlyContainsUserCerts)
         {
-            vec.add(new DERTaggedObject(false, 1, new DERBoolean(true)));
+            // BEGIN android-changed
+            vec.add(new DERTaggedObject(false, 1, DERBoolean.TRUE));
+            // END android-changed
         }
         if (onlyContainsCACerts)
         {
-            vec.add(new DERTaggedObject(false, 2, new DERBoolean(true)));
+            // BEGIN android-changed
+            vec.add(new DERTaggedObject(false, 2, DERBoolean.TRUE));
+            // END android-changed
         }
         if (onlySomeReasons != null)
         {
@@ -108,11 +112,15 @@
         }
         if (indirectCRL)
         {
-            vec.add(new DERTaggedObject(false, 4, new DERBoolean(true)));
+            // BEGIN android-changed
+            vec.add(new DERTaggedObject(false, 4, DERBoolean.TRUE));
+            // END android-changed
         }
         if (onlyContainsAttributeCerts)
         {
-            vec.add(new DERTaggedObject(false, 5, new DERBoolean(true)));
+            // BEGIN android-changed
+            vec.add(new DERTaggedObject(false, 5, DERBoolean.TRUE));
+            // END android-changed
         }
 
         seq = new DERSequence(vec);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java	2012-09-19 21:17:12.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 
 /**
  * The SubjectKeyIdentifier object.
@@ -119,7 +121,9 @@
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
-        Digest digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Extensions.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Extensions.java	2012-09-19 21:17:12.000000000 +0000
@@ -408,7 +408,9 @@
 
             if (ext.isCritical())
             {
-                v.add(new DERBoolean(true));
+                // BEGIN android-changed
+                v.add(DERBoolean.TRUE);
+                // END android-changed
             }
 
             v.add(ext.getValue());
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509Name.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509Name.java	2012-09-19 21:17:12.000000000 +0000
@@ -255,8 +255,10 @@
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
-    private static final Boolean FALSE = new Boolean(false);
+    // BEGIN android-changed
+    private static final Boolean TRUE = Boolean.TRUE;
+    private static final Boolean FALSE = Boolean.FALSE;
+    // END android-changed
 
     static
     {
@@ -445,7 +447,9 @@
                            throw new IllegalArgumentException("cannot encode value");
                        }
                    }
-                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
+                   // BEGIN android-changed
+                   added.addElement(Boolean.valueOf(i != 0));
+                   // END android-changed
             }
         }
     }
@@ -702,7 +706,9 @@
 
             if (index == -1)
             {
-                throw new IllegalArgumentException("badly formated directory string");
+                // BEGIN android-changed
+                throw new IllegalArgumentException("badly formatted directory string");
+                // END android-changed
             }
 
             String              name = token.substring(0, index);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2012-09-19 21:17:12.000000000 +0000
@@ -58,6 +58,17 @@
                 }
                 else
                 {
+                    // BEGIN android-added
+                    // copied from a newer version of BouncyCastle
+                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
+                    {
+                        buf.append('\\');
+                    }
+                    else if (c == '+' && seperator != '+')
+                    {
+                        buf.append('\\');
+                    }
+                    // END android-added
                     buf.append(c);
                 }
                 escaped = false;
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/PBEParametersGenerator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/PBEParametersGenerator.java	2012-09-19 21:17:12.000000000 +0000
@@ -136,7 +136,8 @@
     public static byte[] PKCS12PasswordToBytes(
         char[]  password)
     {
-        if (password.length > 0)
+        // BEGIN android-changed
+        if (password != null && password.length > 0)
         {
                                        // +1 for extra 2 pad bytes.
             byte[]  bytes = new byte[(password.length + 1) * 2];
@@ -153,5 +154,6 @@
         {
             return new byte[0];
         }
+        // END android-changed
     }
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+/**
+ * Level of indirection to let us select OpenSSLDigest implementations
+ * for libcore but fallback to BouncyCastle ones on the RI.
+ */
+public final class AndroidDigestFactory {
+    private static final String OpenSSLFactoryClassName
+            = AndroidDigestFactory.class.getName() + "OpenSSL";
+    private static final String BouncyCastleFactoryClassName
+            = AndroidDigestFactory.class.getName() + "BouncyCastle";
+
+    private static final AndroidDigestFactoryInterface FACTORY;
+    static {
+        Class factoryImplementationClass;
+        try {
+            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
+        } catch (ClassNotFoundException e1) {
+            try {
+                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
+            } catch (ClassNotFoundException e2) {
+                throw new AssertionError("Failed to find AndroidDigestFactoryInterface "
+                                         + "implementation. Looked for "
+                                         + OpenSSLFactoryClassName + " and "
+                                         + BouncyCastleFactoryClassName);
+            }
+        }
+        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
+            throw new AssertionError(factoryImplementationClass
+                                     + "does not implement AndroidDigestFactoryInterface");
+        }
+        try {
+            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
+        } catch (InstantiationException e) {
+            throw new AssertionError(e);
+        } catch (IllegalAccessException e) {
+            throw new AssertionError(e);
+        }
+    }
+
+    public static Digest getMD5() {
+        return FACTORY.getMD5();
+    }
+
+    public static Digest getSHA1() {
+        return FACTORY.getSHA1();
+    }
+
+    public static Digest getSHA256() {
+        return FACTORY.getSHA256();
+    }
+
+    public static Digest getSHA384() {
+        return FACTORY.getSHA384();
+    }
+
+    public static Digest getSHA512() {
+        return FACTORY.getSHA512();
+    }
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+public class AndroidDigestFactoryBouncyCastle implements AndroidDigestFactoryInterface {
+    public Digest getMD5() {
+        return new MD5Digest();
+    }
+    public Digest getSHA1() {
+        return new SHA1Digest();
+    }
+    public Digest getSHA256() {
+        return new SHA256Digest();
+    }
+    public Digest getSHA384() {
+        return new SHA384Digest();
+    }
+    public Digest getSHA512() {
+        return new SHA512Digest();
+    }
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+interface AndroidDigestFactoryInterface {
+    public Digest getMD5();
+    public Digest getSHA1();
+    public Digest getSHA256();
+    public Digest getSHA384();
+    public Digest getSHA512();
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+public class AndroidDigestFactoryOpenSSL implements AndroidDigestFactoryInterface {
+    public Digest getMD5() {
+        return new OpenSSLDigest.MD5();
+    }
+    public Digest getSHA1() {
+        return new OpenSSLDigest.SHA1();
+    }
+    public Digest getSHA256() {
+        return new OpenSSLDigest.SHA256();
+    }
+    public Digest getSHA384() {
+        return new OpenSSLDigest.SHA384();
+    }
+    public Digest getSHA512() {
+        return new OpenSSLDigest.SHA512();
+    }
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.apache.harmony.xnet.provider.jsse.NativeCrypto;
+import org.bouncycastle.crypto.ExtendedDigest;
+
+/**
+ * Implements the BouncyCastle Digest interface using OpenSSL's EVP API.
+ */
+public class OpenSSLDigest implements ExtendedDigest {
+
+    /**
+     * Holds the standard name of the hashing algorithm, e.g. "SHA-1";
+     */
+    private final String algorithm;
+
+    /**
+     * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
+     */
+    private final int evp_md;
+
+    /**
+     * Holds the output size of the message digest.
+     */
+    private final int size;
+
+    /**
+     * Holds the block size of the message digest.
+     */
+    private final int blockSize;
+
+    /**
+     * Holds a pointer to the native message digest context. It is
+     * lazily initialized to avoid having to reallocate on reset when
+     * its unlikely to be reused.
+     */
+    private int ctx;
+
+    /**
+     * Holds a dummy buffer for writing single bytes to the digest.
+     */
+    private final byte[] singleByte = new byte[1];
+
+    /**
+     * Creates a new OpenSSLMessageDigest instance for the given algorithm
+     * name.
+     */
+    private OpenSSLDigest(String algorithm, int evp_md, int size, int blockSize) {
+        this.algorithm = algorithm;
+        this.evp_md = evp_md;
+        this.size = size;
+        this.blockSize = blockSize;
+    }
+
+    public String getAlgorithmName() {
+        return algorithm;
+    }
+
+    public int getDigestSize() {
+        return size;
+    }
+
+    public int getByteLength() {
+        return blockSize;
+    }
+
+    public void reset() {
+        free();
+    }
+
+    public void update(byte in) {
+        singleByte[0] = in;
+        update(singleByte, 0, 1);
+    }
+
+    public void update(byte[] in, int inOff, int len) {
+        NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
+    }
+
+    public int doFinal(byte[] out, int outOff) {
+        int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
+        ctx = 0; // EVP_DigestFinal frees the context as a side effect
+        reset();
+        return i;
+    }
+
+    private int getCtx() {
+        if (ctx == 0) {
+            ctx = NativeCrypto.EVP_DigestInit(evp_md);
+        }
+        return ctx;
+    }
+
+    private void free() {
+        if (ctx != 0) {
+            NativeCrypto.EVP_MD_CTX_destroy(ctx);
+            ctx = 0;
+        }
+    }
+
+    @Override
+    protected void finalize() throws Throwable {
+        try {
+            free();
+        } finally {
+            super.finalize();
+        }
+    }
+
+    public static class MD5 extends OpenSSLDigest {
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA1 extends OpenSSLDigest {
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA256 extends OpenSSLDigest {
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA384 extends OpenSSLDigest {
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA512 extends OpenSSLDigest {
+        private static final int EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2012-09-19 21:17:12.000000000 +0000
@@ -4,7 +4,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 
 import java.security.SecureRandom;
@@ -26,7 +28,9 @@
     public OAEPEncoding(
         AsymmetricBlockCipher   cipher)
     {
-        this(cipher, new SHA1Digest(), null);
+        // BEGIN android-changed
+        this(cipher, AndroidDigestFactory.getSHA1(), null);
+        // END android-changed
     }
     
     public OAEPEncoding(
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2012-09-19 21:17:12.000000000 +0000
@@ -206,6 +206,12 @@
         {
             throw new InvalidCipherTextException("unknown block type");
         }
+        // BEGIN android-added
+        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
+        {
+            throw new InvalidCipherTextException("invalid block type " + type);
+        }
+        // END android-added
 
         if (useStrictLength && block.length != engine.getOutputBlockSize())
         {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2012-09-19 21:17:12.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -52,7 +54,9 @@
     //
     // checksum digest
     //
-    Digest  sha1 = new SHA1Digest();
+    // BEGIN android-changed
+    Digest  sha1 = AndroidDigestFactory.getSHA1();
+    // END android-changed
     byte[]  digest = new byte[20];
 
    /**
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DHParametersHelper.java	2012-09-19 21:17:12.000000000 +0000
@@ -3,10 +3,17 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
+// BEGIN android-added
+import java.util.logging.Logger;
+// END android-added
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
+    // BEGIN android-added
+    private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
+    // END android-added
+
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
 
@@ -17,11 +24,19 @@
      */
     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
+        // BEGIN android-added
+        logger.info("Generating safe primes. This may take a long time.");
+        long start = System.currentTimeMillis();
+        int tries = 0;
+        // END android-added
         BigInteger p, q;
         int qLength = size - 1;
 
         for (;;)
         {
+            // BEGIN android-added
+            tries++;
+            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
@@ -32,6 +47,11 @@
                 break;
             }
         }
+        // BEGIN android-added
+        long end = System.currentTimeMillis();
+        long duration = end - start;
+        logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
+        // END android-added
 
         return new BigInteger[] { p, q };
     }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2012-09-19 21:17:12.000000000 +0000
@@ -1,8 +1,9 @@
 package org.bouncycastle.crypto.generators;
 
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAValidationParameters;
 import org.bouncycastle.util.Arrays;
@@ -75,7 +76,9 @@
         byte[]          part1 = new byte[20];
         byte[]          part2 = new byte[20];
         byte[]          u = new byte[20];
-        SHA1Digest      sha1 = new SHA1Digest();
+        // BEGIN android-changed
+        Digest          sha1 = AndroidDigestFactory.getSHA1();
+        // END android-changed
         int             n = (L - 1) / 160;
         byte[]          w = new byte[L / 8];
 
@@ -166,7 +169,9 @@
     {
 // A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function
         // FIXME This should be configurable (digest size in bits must be >= N)
-        Digest d = new SHA256Digest();
+        // BEGIN android-changed
+        Digest d = AndroidDigestFactory.getSHA256();
+        // END android-changed
         int outlen = d.getDigestSize() * 8;
 
 // 1. Check that the (L, N) pair is in the list of acceptable (L, N pairs) (see Section 4.2). If
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2012-09-19 21:17:12.000000000 +0000
@@ -3,7 +3,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD5Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
@@ -17,7 +19,9 @@
 public class OpenSSLPBEParametersGenerator
     extends PBEParametersGenerator
 {
-    private Digest  digest = new MD5Digest();
+    // BEGIN android-changed
+    private Digest  digest = AndroidDigestFactory.getMD5();
+    // END android-changed
 
     /**
      * Construct a OpenSSL Parameters generator. 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2012-09-19 21:17:12.000000000 +0000
@@ -4,7 +4,9 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -27,7 +29,9 @@
      */
     public PKCS5S2ParametersGenerator()
     {
-    	this(new SHA1Digest());
+        // BEGIN android-changed
+    	this(AndroidDigestFactory.getSHA1());
+        // END android-changed
     }
 
     public PKCS5S2ParametersGenerator(Digest digest)
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/macs/HMac.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/macs/HMac.java	2012-09-19 21:17:12.000000000 +0000
@@ -32,23 +32,31 @@
     {
         blockLengths = new Hashtable();
         
-        blockLengths.put("GOST3411", new Integer(32));
-        
-        blockLengths.put("MD2", new Integer(16));
-        blockLengths.put("MD4", new Integer(64));
-        blockLengths.put("MD5", new Integer(64));
-        
-        blockLengths.put("RIPEMD128", new Integer(64));
-        blockLengths.put("RIPEMD160", new Integer(64));
-        
-        blockLengths.put("SHA-1", new Integer(64));
-        blockLengths.put("SHA-224", new Integer(64));
-        blockLengths.put("SHA-256", new Integer(64));
-        blockLengths.put("SHA-384", new Integer(128));
-        blockLengths.put("SHA-512", new Integer(128));
-        
-        blockLengths.put("Tiger", new Integer(64));
-        blockLengths.put("Whirlpool", new Integer(64));
+        // BEGIN android-removed
+        // blockLengths.put("GOST3411", Integer.valueOf(32));
+        //
+        // blockLengths.put("MD2", Integer.valueOf(16));
+        // blockLengths.put("MD4", Integer.valueOf(64));
+        // END android-removed
+        blockLengths.put("MD5", Integer.valueOf(64));
+        
+        // BEGIN android-removed
+        // blockLengths.put("RIPEMD128", Integer.valueOf(64));
+        // blockLengths.put("RIPEMD160", Integer.valueOf(64));
+        // END android-removed
+        
+        blockLengths.put("SHA-1", Integer.valueOf(64));
+        // BEGIN android-removed
+        // blockLengths.put("SHA-224", Integer.valueOf(64));
+        // END android-removed
+        blockLengths.put("SHA-256", Integer.valueOf(64));
+        blockLengths.put("SHA-384", Integer.valueOf(128));
+        blockLengths.put("SHA-512", Integer.valueOf(128));
+        
+        // BEGIN android-removed
+        // blockLengths.put("Tiger", Integer.valueOf(64));
+        // blockLengths.put("Whirlpool", Integer.valueOf(64));
+        // END android-removed
     }
     
     private static int getByteLength(
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/signers/RSADigestSigner.java	2012-09-19 21:17:12.000000000 +0000
@@ -39,18 +39,24 @@
      */
     static
     {
-        oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
-        oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
-        oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
+        // BEGIN android-removed
+        // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
+        // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
+        // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
+        // END android-removed
 
         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
-        oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // BEGIN android-removed
+        // oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // END android-removed
         oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
 
-        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        // BEGIN android-removed
+        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        // END android-removed
         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
     }
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2012-09-19 21:17:12.000000000 +0000
@@ -11,7 +11,9 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -19,7 +21,9 @@
 import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
 import org.bouncycastle.asn1.sec.ECPrivateKey;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
@@ -33,8 +37,10 @@
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
 /**
@@ -100,14 +106,16 @@
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
-            DERInteger derX = (DERInteger)keyInfo.parsePrivateKey();
-
-            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
+        // BEGIN android-removed
+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        // {
+        //     ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+        //     DERInteger derX = (DERInteger)keyInfo.parsePrivateKey();
+        //
+        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
+        // }
+        // END android-removed
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
             DERInteger derX = (DERInteger)keyInfo.parsePrivateKey();
@@ -140,10 +148,12 @@
                     {
                         x9 = NISTNamedCurves.getByOID(oid);
 
-                        if (x9 == null)
-                        {
-                            x9 = TeleTrusTNamedCurves.getByOID(oid);
-                        }
+                        // BEGIN android-removed
+                        // if (x9 == null)
+                        // {
+                        //     x9 = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
                     }
                 }
             }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/crypto/util/PublicKeyFactory.java	2012-09-19 21:17:12.000000000 +0000
@@ -13,13 +13,17 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSAPublicKey;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -40,8 +44,10 @@
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
 /**
@@ -135,14 +141,16 @@
 
             return new DHPublicKeyParameters(derY.getValue(), dhParams);
         }
-        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
-            DERInteger derY = (DERInteger)keyInfo.parsePublicKey();
-
-            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
+        // BEGIN android-removed
+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        // {
+        //     ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+        //     DERInteger derY = (DERInteger)keyInfo.parsePublicKey();
+        //
+        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
+        // }
+        // END android-removed
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {
@@ -177,10 +185,12 @@
                     {
                         x9 = NISTNamedCurves.getByOID(oid);
 
-                        if (x9 == null)
-                        {
-                            x9 = TeleTrusTNamedCurves.getByOID(oid);
-                        }
+                        // BEGIN android-removed
+                        // if (x9 == null)
+                        // {
+                        //     x9 = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
                     }
                 }
             }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2012-09-19 21:17:12.000000000 +0000
@@ -27,26 +27,34 @@
             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
 
-            provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
+            // BEGIN android-changed
+            provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
+            // END android-changed
             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
 
             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
 
-            addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
-            addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-
-            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
+            // addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
+            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
+            // END android-removed
+
+            // BEGIN android-added
+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            // END android-added
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+            // END android-changed
 
             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2012-09-19 21:17:12.000000000 +0000
@@ -1,7 +1,9 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -21,33 +23,43 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
-            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-            provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+            // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
+            // END android-removed
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
             // TODO Should this be an alias for ECDH?
             registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            // TODO Should this be an alias for ECDH?
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+            // BEGIN android-removed
+            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+            // END android-removed
+
+            // BEGIN android-removed
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
+            // // TODO Should this be an alias for ECDH?
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+            // END android-removed
 
             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
-            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
-            provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
+            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
+            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+            // END android-removed
 
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
-            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
+            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
+            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
+            // END android-removed
 
             provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
@@ -59,23 +71,29 @@
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
-            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-
-            addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+            // END android-removed
+
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+            // END android-removed
             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-
-            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-
-            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+            //
+            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
+            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
+            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
+            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
+            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
+            //
+            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2012-11-01 06:02:09.000000000 +0000
@@ -3,7 +3,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -24,41 +26,49 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
-            provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            // END android-removed
 
             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
-            provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding");
-            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
+            // END android-changed
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
+            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
+            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
+            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            // END android-removed
 
             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
@@ -68,101 +78,117 @@
             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
-            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-
-
-            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-
-            provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-            provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-            provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-            provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-
-            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-
-            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-
-
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
-
-            if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            {
-                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            {
-                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "MD2"))
+            // BEGIN android-removed
+            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
+            //
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
+            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
+            //
+            //
+            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            //
+            // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
+            //
+            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
+            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
+            //
+            //
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
+            // {
+            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
+            // }
+            //
+            // // BEGIN android-changed
+            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
+            // // END android-changed
+            // {
+            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
+            // }
+            // END android-removed
+
+            // BEGIN android-changed
+            if (provider.hasAlgorithm("MessageDigest", "MD5"))
+            // END android-changed
             {
                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
-                provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-                provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
+                // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
+                // END android-removed
             }
 
             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
             {
-                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-                provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
+                // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
+                // END android-removed
 
                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
 
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
-                provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
+                // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
+                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
             }
 
-            addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+            // BEGIN android-removed
+            // addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+            // END android-removed
             addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
 
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-            {
-                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-            {
-                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
-            {
-                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
-            }
+            // BEGIN android-removed
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+            //     addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+            // }
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+            //     addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
+            //     provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+            // }
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+            //     addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
+            // }
+            // END android-removed
         }
 
         private void addDigestSignature(
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2012-09-19 21:17:12.000000000 +0000
@@ -18,8 +18,10 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
-            provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
+            // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
+            // END android-removed
 
             //
             // certificate factories.
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -35,10 +35,12 @@
 
     static
     {
-        Integer i64 = new Integer(64);
-        Integer i192 = new Integer(192);
-        Integer i128 = new Integer(128);
-        Integer i256 = new Integer(256);
+        // BEGIN android-changed
+        Integer i64 = Integer.valueOf(64);
+        Integer i192 = Integer.valueOf(192);
+        Integer i128 = Integer.valueOf(128);
+        Integer i256 = Integer.valueOf(256);
+        // END android-changed
 
         algorithms.put("DES", i64);
         algorithms.put("DESEDE", i192);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyPairGeneratorSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -63,7 +63,9 @@
     {
         if (!initialised)
         {
-            Integer paramStrength = new Integer(strength);
+            // BEGIN android-changed
+            Integer paramStrength = Integer.valueOf(strength);
+            // END android-changed
 
             if (params.containsKey(paramStrength))
             {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2012-09-19 21:17:12.000000000 +0000
@@ -23,11 +23,16 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 
 public class DSASigner
@@ -228,45 +233,49 @@
     {
         public stdDSA()
         {
-            super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
+            // END android-changed
         }
     }
 
-    static public class dsa224
-        extends DSASigner
-    {
-        public dsa224()
-        {
-            super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa256
-        extends DSASigner
-    {
-        public dsa256()
-        {
-            super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa384
-        extends DSASigner
-    {
-        public dsa384()
-        {
-            super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa512
-        extends DSASigner
-    {
-        public dsa512()
-        {
-            super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
+    // BEGIN android-removed
+    // static public class dsa224
+    //     extends DSASigner
+    // {
+    //     public dsa224()
+    //     {
+    //         super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa256
+    //     extends DSASigner
+    // {
+    //     public dsa256()
+    //     {
+    //         super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa384
+    //     extends DSASigner
+    // {
+    //     public dsa384()
+    //     {
+    //         super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa512
+    //     extends DSASigner
+    // {
+    //     public dsa512()
+    //     {
+    //         super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    // END android-removed
 
     static public class noneDSA
         extends DSASigner
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -19,8 +19,10 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -222,21 +224,23 @@
             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
 
-            if (ecP == null) // GOST Curve
-            {
-                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-
-                ecSpec = new ECNamedCurveSpec(
-                        ECGOST3410NamedCurves.getName(oid),
-                        ellipticCurve,
-                        new ECPoint(
-                                gParam.getG().getX().toBigInteger(),
-                                gParam.getG().getY().toBigInteger()),
-                        gParam.getN(),
-                        gParam.getH());
-            }
-            else
+            // BEGIN android-removed
+            // if (ecP == null) // GOST Curve
+            // {
+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+            //
+            //     ecSpec = new ECNamedCurveSpec(
+            //             ECGOST3410NamedCurves.getName(oid),
+            //             ellipticCurve,
+            //             new ECPoint(
+            //                     gParam.getG().getX().toBigInteger(),
+            //                     gParam.getG().getY().toBigInteger()),
+            //             gParam.getN(),
+            //             gParam.getH());
+            // }
+            // else
+            // END android-removed
             {
                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
 
@@ -350,11 +354,13 @@
 
         try
         {
-            if (algorithm.equals("ECGOST3410"))
-            {
-                info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-            }
-            else
+            // BEGIN android-removed
+            // if (algorithm.equals("ECGOST3410"))
+            // {
+            //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
+            // }
+            // else
+            // END android-removed
             {
 
                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/ECUtil.java	2012-09-19 21:17:12.000000000 +0000
@@ -5,10 +5,14 @@
 import java.security.PublicKey;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x9.X962NamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
@@ -166,14 +170,16 @@
             {
                 oid = NISTNamedCurves.getOID(name);
             }
-            if (oid == null)
-            {
-                oid = TeleTrusTNamedCurves.getOID(name);
-            }
-            if (oid == null)
-            {
-                oid = ECGOST3410NamedCurves.getOID(name);
-            }
+            // BEGIN android-removed
+            // if (oid == null)
+            // {
+            //     oid = TeleTrusTNamedCurves.getOID(name);
+            // }
+            // if (oid == null)
+            // {
+            //     oid = ECGOST3410NamedCurves.getOID(name);
+            // }
+            // END android-removed
         }
 
         return oid;
@@ -191,10 +197,12 @@
             {
                 params = NISTNamedCurves.getByOID(oid);
             }
-            if (params == null)
-            {
-                params = TeleTrusTNamedCurves.getByOID(oid);
-            }
+            // BEGIN android-removed
+            // if (params == null)
+            // {
+            //     params = TeleTrusTNamedCurves.getByOID(oid);
+            // }
+            // END android-removed
         }
 
         return params;
@@ -212,14 +220,16 @@
             {
                 name = NISTNamedCurves.getName(oid);
             }
-            if (name == null)
-            {
-                name = TeleTrusTNamedCurves.getName(oid);
-            }
-            if (name == null)
-            {
-                name = ECGOST3410NamedCurves.getName(oid);
-            }
+            // BEGIN android-removed
+            // if (name == null)
+            // {
+            //     name = TeleTrusTNamedCurves.getName(oid);
+            // }
+            // if (name == null)
+            // {
+            //     name = ECGOST3410NamedCurves.getName(oid);
+            // }
+            // END android-removed
         }
 
         return name;
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -23,20 +23,26 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// END android-removed
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.MQVPrivateParameters;
-import org.bouncycastle.crypto.params.MQVPublicParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.MQVPrivateParameters;
+// import org.bouncycastle.crypto.params.MQVPublicParameters;
+// END android-removed
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
-import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// BEGIN android-removed
+// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+// import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// END android-removed
 
 /**
  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
@@ -52,9 +58,11 @@
 
     static
     {
-        Integer i128 = new Integer(128);
-        Integer i192 = new Integer(192);
-        Integer i256 = new Integer(256);
+        // BEGIN android-changed
+        Integer i128 = Integer.valueOf(128);
+        Integer i192 = Integer.valueOf(192);
+        Integer i256 = Integer.valueOf(256);
+        // END android-changed
 
         algorithms.put(NISTObjectIdentifiers.id_aes128_CBC.getId(), i128);
         algorithms.put(NISTObjectIdentifiers.id_aes192_CBC.getId(), i192);
@@ -69,7 +77,9 @@
     private BigInteger             result;
     private ECDomainParameters     parameters;
     private BasicAgreement         agreement;
-    private DerivationFunction     kdf;
+    // BEGIN android-removed
+    // private DerivationFunction     kdf;
+    // END android-removed
 
     private byte[] bigIntToBytes(
         BigInteger    r)
@@ -84,7 +94,9 @@
     {
         this.kaAlgorithm = kaAlgorithm;
         this.agreement = agreement;
-        this.kdf = kdf;
+        // BEGIN android-removed
+        // this.kdf = kdf;
+        // END android-removed
     }
 
     protected Key engineDoPhase(
@@ -103,25 +115,27 @@
         }
 
         CipherParameters pubKey;        
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPublicKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPublicKey.class) + " for doPhase");
-            }
-
-            MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-            ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-            ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-
-            pubKey = new MQVPublicParameters(staticKey, ephemKey);
-
-            // TODO Validate that all the keys are using the same parameters?
-        }
-        else
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPublicKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPublicKey.class) + " for doPhase");
+        //     }
+        //
+        //     MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+        //     ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+        //     ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+        //
+        //     pubKey = new MQVPublicParameters(staticKey, ephemKey);
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        // }
+        // else
+        // END android-removed
         {
             if (!(key instanceof ECPublicKey))
             {
@@ -142,11 +156,13 @@
     protected byte[] engineGenerateSecret()
         throws IllegalStateException
     {
-        if (kdf != null)
-        {
-            throw new UnsupportedOperationException(
-                "KDF can only be used when algorithm is known");
-        }
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     throw new UnsupportedOperationException(
+        //         "KDF can only be used when algorithm is known");
+        // }
+        // END android-removed
 
         return bigIntToBytes(result);
     }
@@ -174,23 +190,25 @@
     {
         byte[] secret = bigIntToBytes(result);
 
-        if (kdf != null)
-        {
-            if (!algorithms.containsKey(algorithm))
-            {
-                throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
-            }
-            
-            int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
-
-            DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
-
-            byte[] keyBytes = new byte[keySize / 8];
-            kdf.init(params);
-            kdf.generateBytes(keyBytes, 0, keyBytes.length);
-            secret = keyBytes;
-        }
-        else
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     if (!algorithms.containsKey(algorithm))
+        //     {
+        //         throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+        //     }
+        //  
+        //     int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
+        //
+        //     DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+        //
+        //     byte[] keyBytes = new byte[keySize / 8];
+        //     kdf.init(params);
+        //     kdf.generateBytes(keyBytes, 0, keyBytes.length);
+        //     secret = keyBytes;
+        // }
+        // else
+        // END android-removed
         {
             // TODO Should we be ensuring the key is the right length?
         }
@@ -218,35 +236,37 @@
     private void initFromKey(Key key)
         throws InvalidKeyException
     {
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPrivateKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPrivateKey.class) + " for initialisation");
-            }
-
-            MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-            ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-            ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-
-            ECPublicKeyParameters ephemPubKey = null;
-            if (mqvPrivKey.getEphemeralPublicKey() != null)
-            {
-                ephemPubKey = (ECPublicKeyParameters)
-                    ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-            }
-
-            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-            this.parameters = staticPrivKey.getParameters();
-
-            // TODO Validate that all the keys are using the same parameters?
-
-            agreement.init(localParams);
-        }
-        else
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPrivateKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+        //     }
+        //
+        //     MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+        //     ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+        //     ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+        //
+        //     ECPublicKeyParameters ephemPubKey = null;
+        //     if (mqvPrivKey.getEphemeralPublicKey() != null)
+        //     {
+        //         ephemPubKey = (ECPublicKeyParameters)
+        //             ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+        //     }
+        //
+        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+        //     this.parameters = staticPrivKey.getParameters();
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        //
+        //     agreement.init(localParams);
+        // }
+        // else
+        // END android-removed
         {
             if (!(key instanceof ECPrivateKey))
             {
@@ -277,39 +297,41 @@
         }
     }
 
-    public static class DHC
-        extends KeyAgreementSpi
-    {
-        public DHC()
-        {
-            super("ECDHC", new ECDHCBasicAgreement(), null);
-        }
-    }
-
-    public static class MQV
-        extends KeyAgreementSpi
-    {
-        public MQV()
-        {
-            super("ECMQV", new ECMQVBasicAgreement(), null);
-        }
-    }
-
-    public static class DHwithSHA1KDF
-        extends KeyAgreementSpi
-    {
-        public DHwithSHA1KDF()
-        {
-            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
-
-    public static class MQVwithSHA1KDF
-        extends KeyAgreementSpi
-    {
-        public MQVwithSHA1KDF()
-        {
-            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class DHC
+    //     extends KeyAgreementSpi
+    // {
+    //     public DHC()
+    //     {
+    //         super("ECDHC", new ECDHCBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class MQV
+    //     extends KeyAgreementSpi
+    // {
+    //     public MQV()
+    //     {
+    //         super("ECMQV", new ECMQVBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class DHwithSHA1KDF
+    //     extends KeyAgreementSpi
+    // {
+    //     public DHwithSHA1KDF()
+    //     {
+    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    //
+    // public static class MQVwithSHA1KDF
+    //     extends KeyAgreementSpi
+    // {
+    //     public MQVwithSHA1KDF()
+    //     {
+    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -200,14 +200,16 @@
         }
     }
 
-    public static class ECGOST3410
-        extends KeyFactorySpi
-    {
-        public ECGOST3410()
-        {
-            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-        }
-    }
+    // BEGIN android-removed
+    // public static class ECGOST3410
+    //     extends KeyFactorySpi
+    // {
+    //     public ECGOST3410()
+    //     {
+    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
+    //     }
+    // }
+    // END android-removed
 
     public static class ECDH
         extends KeyFactorySpi
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -12,7 +12,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x9.X962NamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
@@ -55,13 +57,15 @@
         static {
             ecParameters = new Hashtable();
 
-            ecParameters.put(new Integer(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
-            ecParameters.put(new Integer(239), new ECGenParameterSpec("prime239v1"));
-            ecParameters.put(new Integer(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
-
-            ecParameters.put(new Integer(224), new ECGenParameterSpec("P-224"));
-            ecParameters.put(new Integer(384), new ECGenParameterSpec("P-384"));
-            ecParameters.put(new Integer(521), new ECGenParameterSpec("P-521"));
+            // BEGIN android-changed
+            ecParameters.put(Integer.valueOf(192), new ECGenParameterSpec("prime192v1")); // a.k.a P-192
+            ecParameters.put(Integer.valueOf(239), new ECGenParameterSpec("prime239v1"));
+            ecParameters.put(Integer.valueOf(256), new ECGenParameterSpec("prime256v1")); // a.k.a P-256
+
+            ecParameters.put(Integer.valueOf(224), new ECGenParameterSpec("P-224"));
+            ecParameters.put(Integer.valueOf(384), new ECGenParameterSpec("P-384"));
+            ecParameters.put(Integer.valueOf(521), new ECGenParameterSpec("P-521"));
+            // END android-changed
         }
 
         public EC()
@@ -85,8 +89,16 @@
             SecureRandom    random)
         {
             this.strength = strength;
+            // BEGIN android-added
+            if (random != null) {
+            // END android-added
             this.random = random;
-            ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(new Integer(strength));
+            // BEGIN android-added
+            }
+            // END android-added
+            // BEGIN android-changed
+            ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integer.valueOf(strength));
+            // END android-changed
 
             if (ecParams != null)
             {
@@ -110,6 +122,11 @@
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
+            // BEGIN android-added
+            if (random == null) {
+                random = this.random;
+            }
+            // END android-added
             if (params instanceof ECParameterSpec)
             {
                 ECParameterSpec p = (ECParameterSpec)params;
@@ -154,10 +171,12 @@
                     {
                         ecP = NISTNamedCurves.getByName(curveName);
                     }
-                    if (ecP == null)
-                    {
-                        ecP = TeleTrusTNamedCurves.getByName(curveName);
-                    }
+                    // BEGIN android-removed
+                    // if (ecP == null)
+                    // {
+                    //     ecP = TeleTrusTNamedCurves.getByName(curveName);
+                    // }
+                    // END android-removed
                     if (ecP == null)
                     {
                         // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
@@ -173,10 +192,12 @@
                             {
                                 ecP = NISTNamedCurves.getByOID(oid);
                             }
-                            if (ecP == null)
-                            {
-                                ecP = TeleTrusTNamedCurves.getByOID(oid);
-                            }
+                            // BEGIN android-removed
+                            // if (ecP == null)
+                            // {
+                            //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+                            // }
+                            // END android-removed
                             if (ecP == null)
                             {
                                 throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
@@ -231,7 +252,15 @@
         {
             if (!initialised)
             {
-                throw new IllegalStateException("EC Key Pair Generator not initialised");
+                // BEGIN android-removed
+                // throw new IllegalStateException("EC Key Pair Generator not initialised");
+                // END android-removed
+                // BEGIN android-added
+                /*
+                 * KeyPairGenerator documentation says that a default initialization must be provided
+                 */
+                initialize(192, random);
+                // END android-added
             }
 
             AsymmetricCipherKeyPair     pair = engine.generateKeyPair();
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -18,15 +18,22 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-import org.bouncycastle.crypto.signers.ECNRSigner;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.signers.ECNRSigner;
+// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
 import org.bouncycastle.jce.interfaces.ECKey;
@@ -108,7 +115,9 @@
     {
         public ecDSA()
         {
-            super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -121,21 +130,25 @@
         }
     }
 
-    static public class ecDSA224
-        extends SignatureSpi
-    {
-        public ecDSA224()
-        {
-            super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
+    // BEGIN android-removed
+    // static public class ecDSA224
+    //     extends SignatureSpi
+    // {
+    //     public ecDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    // END android-removed
 
     static public class ecDSA256
         extends SignatureSpi
     {
         public ecDSA256()
         {
-            super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -144,7 +157,9 @@
     {
         public ecDSA384()
         {
-            super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -153,90 +168,94 @@
     {
         public ecDSA512()
         {
-            super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSARipeMD160
-        extends SignatureSpi
-    {
-        public ecDSARipeMD160()
-        {
-            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR
-        extends SignatureSpi
-    {
-        public ecNR()
-        {
-            super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR224
-        extends SignatureSpi
-    {
-        public ecNR224()
-        {
-            super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR256
-        extends SignatureSpi
-    {
-        public ecNR256()
-        {
-            super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR384
-        extends SignatureSpi
-    {
-        public ecNR384()
-        {
-            super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR512
-        extends SignatureSpi
-    {
-        public ecNR512()
-        {
-            super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA
-        extends SignatureSpi
-    {
-        public ecCVCDSA()
-        {
-            super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA224
-        extends SignatureSpi
-    {
-        public ecCVCDSA224()
-        {
-            super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA256
-        extends SignatureSpi
-    {
-        public ecCVCDSA256()
-        {
-            super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
+        }
+    }
+
+    // BEGIN android-removed
+    // static public class ecDSARipeMD160
+    //     extends SignatureSpi
+    // {
+    //     public ecDSARipeMD160()
+    //     {
+    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR
+    //     extends SignatureSpi
+    // {
+    //     public ecNR()
+    //     {
+    //         super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR224
+    //     extends SignatureSpi
+    // {
+    //     public ecNR224()
+    //     {
+    //         super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR256
+    //     extends SignatureSpi
+    // {
+    //     public ecNR256()
+    //     {
+    //         super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR384
+    //     extends SignatureSpi
+    // {
+    //     public ecNR384()
+    //     {
+    //         super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR512
+    //     extends SignatureSpi
+    // {
+    //     public ecNR512()
+    //     {
+    //         super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA()
+    //     {
+    //         super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA224
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA256
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA256()
+    //     {
+    //         super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    // END android-removed
 
     private static class StdDSAEncoder
         implements DSAEncoder
@@ -330,4 +349,4 @@
             return sig;
         }
     }
-}
\ No newline at end of file
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/AlgorithmParametersSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -55,11 +55,15 @@
         {
             AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(
                                                             DigestFactory.getOID(currentSpec.getDigestAlgorithm()),
-                                                            new DERNull());
+                                                            // BEGIN android-changed
+                                                            DERNull.INSTANCE);
+                                                            // END android-changed
             MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters();
             AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier(
                                                             PKCSObjectIdentifiers.id_mgf1,
-                                                            new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull()));
+                                                            // BEGIN android-changed
+                                                            new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE));
+                                                            // END android-changed
             PSource.PSpecified      pSource = (PSource.PSpecified)currentSpec.getPSource();
             AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier(
                                                             PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue()));
@@ -170,11 +174,15 @@
             PSSParameterSpec pssSpec = currentSpec;
             AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier(
                                                 DigestFactory.getOID(pssSpec.getDigestAlgorithm()),
-                                                new DERNull());
+                                                // BEGIN android-changed
+                                                DERNull.INSTANCE);
+                                                // END android-changed
             MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)pssSpec.getMGFParameters();
             AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier(
                                                 PKCSObjectIdentifiers.id_mgf1,
-                                                new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), new DERNull()));
+                                                // BEGIN android-changed
+                                                new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE));
+                                                // END android-changed
             RSASSAPSSparams pssP = new RSASSAPSSparams(hashAlgorithm, maskGenAlgorithm, new ASN1Integer(pssSpec.getSaltLength()), new ASN1Integer(pssSpec.getTrailerField()));
             
             return pssP.getEncoded("DER");
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateCrtKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -127,7 +127,9 @@
      */
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()));
+        // END android-changed
     }
 
     /**
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPrivateKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -78,7 +78,9 @@
 
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO));
+        // END android-changed
     }
 
     public boolean equals(Object o)
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/BCRSAPublicKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -89,7 +89,9 @@
 
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent()));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPublicKey(getModulus(), getPublicExponent()));
+        // END android-changed
     }
 
     public int hashCode()
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -26,7 +26,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+// END android-removed
 import org.bouncycastle.crypto.encodings.OAEPEncoding;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
@@ -197,10 +199,12 @@
         {
             cipher = new PKCS1Encoding(new RSABlindedEngine());
         }
-        else if (pad.equals("ISO9796-1PADDING"))
-        {
-            cipher = new ISO9796d1Encoding(new RSABlindedEngine());
-        }
+        // BEGIN android-removed
+        // else if (pad.equals("ISO9796-1PADDING"))
+        // {
+        //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
+        // }
+        // END android-removed
         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
@@ -213,10 +217,12 @@
         {
             initFromSpec(OAEPParameterSpec.DEFAULT);
         }
-        else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING"))
-        {
-            initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT));
-        }
+        // BEGIN android-removed
+        // else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING"))
+        // {
+        //     initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT));
+        // }
+        // END android-removed
         else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
@@ -534,48 +540,50 @@
         }
     }
 
-    static public class PKCS1v1_5Padding
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding()
-        {
-            super(new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PrivateOnly
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding_PrivateOnly()
-        {
-            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PublicOnly
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding_PublicOnly()
-        {
-            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class OAEPPadding
-        extends CipherSpi
-    {
-        public OAEPPadding()
-        {
-            super(OAEPParameterSpec.DEFAULT);
-        }
-    }
-    
-    static public class ISO9796d1Padding
-        extends CipherSpi
-    {
-        public ISO9796d1Padding()
-        {
-            super(new ISO9796d1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class PKCS1v1_5Padding
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding()
+    //     {
+    //         super(new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class PKCS1v1_5Padding_PrivateOnly
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding_PrivateOnly()
+    //     {
+    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class PKCS1v1_5Padding_PublicOnly
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding_PublicOnly()
+    //     {
+    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class OAEPPadding
+    //     extends CipherSpi
+    // {
+    //     public OAEPPadding()
+    //     {
+    //         super(OAEPParameterSpec.DEFAULT);
+    //     }
+    // }
+    //
+    // static public class ISO9796d1Padding
+    //     extends CipherSpi
+    // {
+    //     public ISO9796d1Padding()
+    //     {
+    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -17,24 +17,31 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DigestInfo;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD4Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.NullDigest;
+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD256Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
 
@@ -261,25 +268,31 @@
     {
         public SHA1()
         {
-            super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class SHA224
-        extends DigestSignatureSpi
-    {
-        public SHA224()
-        {
-            super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class SHA224
+    //     extends DigestSignatureSpi
+    // {
+    //     public SHA224()
+    //     {
+    //         super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 
     static public class SHA256
         extends DigestSignatureSpi
     {
         public SHA256()
         {
-            super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
@@ -288,7 +301,9 @@
     {
         public SHA384()
         {
-            super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
@@ -297,70 +312,78 @@
     {
         public SHA512()
         {
-            super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class MD2
-        extends DigestSignatureSpi
-    {
-        public MD2()
-        {
-            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class MD4
-        extends DigestSignatureSpi
-    {
-        public MD4()
-        {
-            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class MD2
+    //     extends DigestSignatureSpi
+    // {
+    //     public MD2()
+    //     {
+    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class MD4
+    //     extends DigestSignatureSpi
+    // {
+    //     public MD4()
+    //     {
+    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 
     static public class MD5
         extends DigestSignatureSpi
     {
         public MD5()
         {
-            super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class RIPEMD160
-        extends DigestSignatureSpi
-    {
-        public RIPEMD160()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD128
-        extends DigestSignatureSpi
-    {
-        public RIPEMD128()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD256
-        extends DigestSignatureSpi
-    {
-        public RIPEMD256()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class noneRSA
-        extends DigestSignatureSpi
-    {
-        public noneRSA()
-        {
-            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class RIPEMD160
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD160()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class RIPEMD128
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD128()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class RIPEMD256
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD256()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class noneRSA
+    //     extends DigestSignatureSpi
+    // {
+    //     public noneRSA()
+    //     {
+    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -18,8 +18,10 @@
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -37,8 +39,10 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class
+                                        // END android-removed
                                     };
 
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/util/BaseKeyFactorySpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -27,7 +27,9 @@
             {
                 return generatePrivate(PrivateKeyInfo.getInstance(((PKCS8EncodedKeySpec)keySpec).getEncoded()));
             }
-            catch (IOException e)
+            // BEGIN android-changed
+            catch (Exception e)
+            // END android-changed
             {
                 throw new InvalidKeySpecException("encoded key spec not recognised");
             }
@@ -48,7 +50,9 @@
             {
                 return generatePublic(SubjectPublicKeyInfo.getInstance(((X509EncodedKeySpec)keySpec).getEncoded()));
             }
-            catch (IOException e)
+            // BEGIN android-changed
+            catch (Exception e)
+            // END android-changed
             {
                 throw new InvalidKeySpecException("encoded key spec not recognised");
             }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2012-09-19 21:17:12.000000000 +0000
@@ -36,7 +36,9 @@
 import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemWriter;
+// BEGIN android-removed
+// import org.bouncycastle.util.io.pem.PemWriter;
+// END android-removed
 
 /**
  * CertPath implementation for X.509 certificates.
@@ -298,27 +300,29 @@
             return toDEREncoded(new ContentInfo(
                     PKCSObjectIdentifiers.signedData, sd));
         }
-        else if (encoding.equalsIgnoreCase("PEM"))
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-
-            try
-            {
-                for (int i = 0; i != certificates.size(); i++)
-                {
-                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-                }
-            
-                pWrt.close();
-            }
-            catch (Exception e)
-            {
-                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-            }
-
-            return bOut.toByteArray();
-        }
+        // BEGIN android-removed
+        // else if (encoding.equalsIgnoreCase("PEM"))
+        // {
+        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
+        //
+        //     try
+        //     {
+        //         for (int i = 0; i != certificates.size(); i++)
+        //         {
+        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
+        //         }
+        //
+        //         pWrt.close();
+        //     }
+        //     catch (Exception e)
+        //     {
+        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
+        //     }
+        //
+        //     return bOut.toByteArray();
+        // }
+        // END android-removed
         else
         {
             throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/AES.java	2012-09-19 21:17:12.000000000 +0000
@@ -1,31 +1,43 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
+// BEGIN android-removed
+// import java.security.AlgorithmParameters;
+// import java.security.InvalidAlgorithmParameterException;
+// END android-removed
 import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import java.security.spec.AlgorithmParameterSpec;
+//
+// import javax.crypto.spec.IvParameterSpec;
+// END android-removed
 
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.AESFastEngine;
 import org.bouncycastle.crypto.engines.AESWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-import org.bouncycastle.crypto.macs.CMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+// BEGIN android-removed
+// import org.bouncycastle.jce.provider.BouncyCastleProvider;
+// END android-removed
 
 public final class AES
 {
@@ -69,15 +81,17 @@
         }
     }
 
-    public static class AESCMAC
-        extends BaseMac
-    {
-        public AESCMAC()
-        {
-            super(new CMac(new AESFastEngine()));
-        }
-    }
-
+    // BEGIN android-removed
+    // public static class AESCMAC
+    //     extends BaseMac
+    // {
+    //     public AESCMAC()
+    //     {
+    //         super(new CMac(new AESFastEngine()));
+    //     }
+    // }
+    // END android-removed
+    
     static public class Wrap
         extends BaseWrapCipher
     {
@@ -86,15 +100,17 @@
             super(new AESWrapEngine());
         }
     }
-
-    public static class RFC3211Wrap
-        extends BaseWrapCipher
-    {
-        public RFC3211Wrap()
-        {
-            super(new RFC3211WrapEngine(new AESFastEngine()), 16);
-        }
-    }
+    
+    // BEGIN android-removed
+    // public static class RFC3211Wrap
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211Wrap()
+    //     {
+    //         super(new RFC3211WrapEngine(new AESFastEngine()), 16);
+    //     }
+    // }
+    // END android-removed
 
     public static class KeyGen
         extends BaseKeyGenerator
@@ -110,70 +126,72 @@
         }
     }
 
-    public static class KeyGen128
-        extends KeyGen
-    {
-        public KeyGen128()
-        {
-            super(128);
-        }
-    }
-
-    public static class KeyGen192
-        extends KeyGen
-    {
-        public KeyGen192()
-        {
-            super(192);
-        }
-    }
-
-    public static class KeyGen256
-        extends KeyGen
-    {
-        public KeyGen256()
-        {
-            super(256);
-        }
-    }
-
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
+    // BEGIN android-removed
+    // public static class KeyGen128
+    //     extends KeyGen
+    // {
+    //     public KeyGen128()
+    //     {
+    //         super(128);
+    //     }
+    // }
+    //
+    // public static class KeyGen192
+    //     extends KeyGen
+    // {
+    //     public KeyGen192()
+    //     {
+    //         super(192);
+    //     }
+    // }
+    //
+    // public static class KeyGen256
+    //     extends KeyGen
+    // {
+    //     public KeyGen256()
+    //     {
+    //         super(256);
+    //     }
+    // }
+    //
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[16];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 
     public static class AlgParams
         extends IvAlgorithmParameters
@@ -212,58 +230,66 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            // END android-removed
 
             provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            // END android-removed
             provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
-            provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            // END android-removed
 
             provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen");
-            provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
-
-            provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
+            //
+            // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2012-09-19 21:17:12.000000000 +0000
@@ -27,7 +27,9 @@
     {
         public KeyGen()
         {
-            super("RC4", 128, new CipherKeyGenerator());
+            // BEGIN android-changed
+            super("ARC4", 128, new CipherKeyGenerator());
+            // END android-changed
         }
     }
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2012-09-19 21:17:12.000000000 +0000
@@ -64,7 +64,9 @@
         {
 
             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
+            // END android-removed
             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DES.java	2012-09-19 21:17:12.000000000 +0000
@@ -16,11 +16,15 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.CMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -48,115 +52,117 @@
         }
     }
 
-    static public class CBC
-        extends BaseBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new DESEngine()), 64);
-        }
-    }
-
-    /**
-     * DES   CFB8
-     */
-    public static class DESCFB8
-        extends BaseMac
-    {
-        public DESCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * DES64
-     */
-    public static class DES64
-        extends BaseMac
-    {
-        public DES64()
-        {
-            super(new CBCBlockCipherMac(new DESEngine(), 64));
-        }
-    }
-
-    /**
-     * DES64with7816-4Padding
-     */
-    public static class DES64with7816d4
-        extends BaseMac
-    {
-        public DES64with7816d4()
-        {
-            super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding()));
-        }
-    }
-    
-    public static class CBCMAC
-        extends BaseMac
-    {
-        public CBCMAC()
-        {
-            super(new CBCBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    static public class CMAC
-        extends BaseMac
-    {
-        public CMAC()
-        {
-            super(new CMac(new DESEngine()));
-        }
-    }
-
-    public static class RFC3211
-        extends BaseWrapCipher
-    {
-        public RFC3211()
-        {
-            super(new RFC3211WrapEngine(new DESEngine()), 8);
-        }
-    }
-
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
+    // BEGIN android-removed
+    // static public class CBC
+    //     extends BaseBlockCipher
+    // {
+    //     public CBC()
+    //     {
+    //         super(new CBCBlockCipher(new DESEngine()), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * DES   CFB8
+    //  */
+    // public static class DESCFB8
+    //     extends BaseMac
+    // {
+    //     public DESCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES64
+    //  */
+    // public static class DES64
+    //     extends BaseMac
+    // {
+    //     public DES64()
+    //     {
+    //         super(new CBCBlockCipherMac(new DESEngine(), 64));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES64with7816-4Padding
+    //  */
+    // public static class DES64with7816d4
+    //     extends BaseMac
+    // {
+    //     public DES64with7816d4()
+    //     {
+    //         super(new CBCBlockCipherMac(new DESEngine(), 64, new ISO7816d4Padding()));
+    //     }
+    // }
+    //
+    // public static class CBCMAC
+    //     extends BaseMac
+    // {
+    //     public CBCMAC()
+    //     {
+    //         super(new CBCBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // static public class CMAC
+    //     extends BaseMac
+    // {
+    //     public CMAC()
+    //     {
+    //         super(new CMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // public static class RFC3211
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211()
+    //     {
+    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
+    //     }
+    // }
+    //
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[8];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 
   /**
      * DES - the default for this is to generate a key in
@@ -263,36 +269,42 @@
         {
 
             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-
-            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-
-            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
+            //
+            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
+            //
+            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            // END android-removed
 
             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
 
             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
 
-            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-
-            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-
-            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-
-            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
+            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
+            //
+            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+            //
+            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
+            //
+            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // END android-removed
 
             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
+            // END android-removed
         }
 
         private void addAlias(ConfigurableProvider provider, ASN1ObjectIdentifier oid, String name)
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2012-09-19 21:17:12.000000000 +0000
@@ -1,30 +1,42 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
+// BEGIN android-removed
+// import java.security.AlgorithmParameters;
+// import java.security.InvalidAlgorithmParameterException;
+// END android-removed
 import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
+// BEGIN android-removed
+// import java.security.spec.AlgorithmParameterSpec;
+// END android-removed
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
-import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.IvParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
 import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.CMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -57,17 +69,19 @@
         }
     }
 
-    /**
-     * DESede   CFB8
-     */
-    public static class DESedeCFB8
-        extends BaseMac
-    {
-        public DESedeCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESedeEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DESede   CFB8
+    //  */
+    // public static class DESedeCFB8
+    //     extends BaseMac
+    // {
+    //     public DESedeCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * DESede64
@@ -102,15 +116,17 @@
         }
     }
 
-    static public class CMAC
-        extends BaseMac
-    {
-        public CMAC()
-        {
-            super(new CMac(new DESedeEngine()));
-        }
-    }
-
+    // BEGIN android-removed
+    // static public class CMAC
+    //     extends BaseMac
+    // {
+    //     public CMAC()
+    //     {
+    //         super(new CMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
+    
     public static class Wrap
         extends BaseWrapCipher
     {
@@ -119,15 +135,17 @@
             super(new DESedeWrapEngine());
         }
     }
-
-    public static class RFC3211
-        extends BaseWrapCipher
-    {
-        public RFC3211()
-        {
-            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-        }
-    }
+    
+    // BEGIN android-removed
+    // public static class RFC3211
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211()
+    //     {
+    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+    //     }
+    // }
+    // END android-removed
 
   /**
      * DESede - the default for this is to generate a key in
@@ -217,43 +235,45 @@
         }
     }
 
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
+    // BEGIN android-removed
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[8];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 
     static public class KeyFactory
         extends BaseSecretKeyFactory
@@ -337,18 +357,28 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
+            // END android-removed
             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap");
-            provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
+            // END android-changed
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
+            // END android-removed
 
             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
-                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
-                provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
+                // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
+                // END android-removed
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
-                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
+                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
@@ -357,31 +387,37 @@
             }
 
             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
-            provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
-            provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
+            // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
+            // END android-removed
 
             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
 
-            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-
-            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-
-            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-
-            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
+            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // END android-removed
 
             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameters.java	2012-09-19 21:17:12.000000000 +0000
@@ -7,13 +7,17 @@
 
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
+// END android-removed
 import org.bouncycastle.util.Arrays;
 
 public abstract class BaseAlgorithmParameters
@@ -39,177 +43,179 @@
     protected abstract AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
         throws InvalidParameterSpecException;
 
-    public static class RC2AlgorithmParameters
-        extends BaseAlgorithmParameters
-    {
-        private static final short[] table = {
-           0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-           0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-           0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-           0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-           0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-           0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-           0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-           0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-           0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-           0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-           0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-           0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-           0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-           0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-           0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-           0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-        };
-
-        private static final short[] ekb = {
-           0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-           0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-           0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-           0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-           0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-           0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-           0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-           0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-           0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-           0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-           0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-           0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-           0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-           0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-           0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-           0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-        };
-
-        private byte[]  iv;
-        private int     parameterVersion = 58;
-
-        protected byte[] engineGetEncoded() 
-        {
-            return Arrays.clone(iv);
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-            throws IOException
-        {
-            if (this.isASN1FormatString(format))
-            {
-                if (parameterVersion == -1)
-                {
-                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-                }
-                else
-                {
-                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-                }
-            }
-
-            if (format.equals("RAW"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == RC2ParameterSpec.class)
-            {
-                if (parameterVersion != -1)
-                {
-                    if (parameterVersion < 256)
-                    {
-                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
-                    }
-                    else
-                    {
-                        return new RC2ParameterSpec(parameterVersion, iv);
-                    }
-                }
-            }
-
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec instanceof IvParameterSpec)
-            {
-                this.iv = ((IvParameterSpec)paramSpec).getIV();
-            }
-            else if (paramSpec instanceof RC2ParameterSpec)
-            {
-                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-                if (effKeyBits != -1)
-                {
-                    if (effKeyBits < 256)
-                    {
-                        parameterVersion = table[effKeyBits];
-                    }
-                    else
-                    {
-                        parameterVersion = effKeyBits;
-                    }
-                }
-
-                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-            }
-            else
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            this.iv = Arrays.clone(params);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (this.isASN1FormatString(format))
-            {
-                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
-
-                if (p.getRC2ParameterVersion() != null)
-                {
-                    parameterVersion = p.getRC2ParameterVersion().intValue();
-                }
-
-                iv = p.getIV();
-
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString() 
-        {
-            return "RC2 Parameters";
-        }
-    }
+    // BEGIN android-removed
+    // public static class RC2AlgorithmParameters
+    //     extends BaseAlgorithmParameters
+    // {
+    //     private static final short[] table = {
+    //        0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+    //        0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+    //        0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+    //        0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+    //        0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+    //        0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+    //        0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+    //        0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+    //        0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+    //        0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+    //        0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+    //        0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+    //        0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+    //        0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+    //        0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+    //        0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
+    //     };
+    //
+    //     private static final short[] ekb = {
+    //        0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+    //        0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+    //        0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+    //        0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+    //        0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+    //        0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+    //        0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+    //        0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+    //        0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+    //        0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+    //        0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+    //        0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+    //        0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+    //        0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+    //        0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+    //        0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
+    //     };
+    //
+    //     private byte[]  iv;
+    //     private int     parameterVersion = 58;
+    //
+    //     protected byte[] engineGetEncoded() 
+    //     {
+    //         return Arrays.clone(iv);
+    //     }
+    //
+    //     protected byte[] engineGetEncoded(
+    //         String format) 
+    //         throws IOException
+    //     {
+    //         if (this.isASN1FormatString(format))
+    //         {
+    //             if (parameterVersion == -1)
+    //             {
+    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
+    //             }
+    //             else
+    //             {
+    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
+    //             }
+    //         }
+    //
+    //         if (format.equals("RAW"))
+    //         {
+    //             return engineGetEncoded();
+    //         }
+    //
+    //         return null;
+    //     }
+    //
+    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
+    //         Class paramSpec) 
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (paramSpec == RC2ParameterSpec.class)
+    //         {
+    //             if (parameterVersion != -1)
+    //             {
+    //                 if (parameterVersion < 256)
+    //                 {
+    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
+    //                 }
+    //                 else
+    //                 {
+    //                     return new RC2ParameterSpec(parameterVersion, iv);
+    //                 }
+    //             }
+    //         }
+    //
+    //         if (paramSpec == IvParameterSpec.class)
+    //         {
+    //             return new IvParameterSpec(iv);
+    //         }
+    //
+    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
+    //     }
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec paramSpec) 
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (paramSpec instanceof IvParameterSpec)
+    //         {
+    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
+    //         }
+    //         else if (paramSpec instanceof RC2ParameterSpec)
+    //         {
+    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
+    //             if (effKeyBits != -1)
+    //             {
+    //                 if (effKeyBits < 256)
+    //                 {
+    //                     parameterVersion = table[effKeyBits];
+    //                 }
+    //                 else
+    //                 {
+    //                     parameterVersion = effKeyBits;
+    //                 }
+    //             }
+    //
+    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
+    //         }
+    //         else
+    //         {
+    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
+    //         }
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params) 
+    //         throws IOException
+    //     {
+    //         this.iv = Arrays.clone(params);
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params,
+    //         String format) 
+    //         throws IOException
+    //     {
+    //         if (this.isASN1FormatString(format))
+    //         {
+    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
+    //
+    //             if (p.getRC2ParameterVersion() != null)
+    //             {
+    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
+    //             }
+    //
+    //             iv = p.getIV();
+    //
+    //             return;
+    //         }
+    //
+    //         if (format.equals("RAW"))
+    //         {
+    //             engineInit(params);
+    //             return;
+    //         }
+    //
+    //         throw new IOException("Unknown parameters format in IV parameters object");
+    //     }
+    //
+    //     protected String engineToString() 
+    //     {
+    //         return "RC2 Parameters";
+    //     }
+    // }
+    // END android-removed
 
     public static class PBKDF2
         extends BaseAlgorithmParameters
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2012-09-19 21:17:12.000000000 +0000
@@ -17,8 +17,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
@@ -29,12 +31,18 @@
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -46,11 +54,17 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ParametersWithSBox;
+// END android-removed
 import org.bouncycastle.crypto.params.RC2Parameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.RC5Parameters;
+// END android-removed
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// END android-removed
 import org.bouncycastle.jce.spec.RepeatedSecretKeySpec;
 import org.bouncycastle.util.Strings;
 
@@ -63,11 +77,15 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        GOST28147ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // GOST28147ParameterSpec.class
+                                        // END android-removed
                                     };
 
     private org.bouncycastle.crypto.BlockCipher baseEngine;
@@ -222,20 +240,22 @@
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        else if (modeName.startsWith("PGP"))
-        {
-            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(
-                new PGPCFBBlockCipher(baseEngine, inlineIV));
-        }
-        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        {
-            ivLength = 0;
-            cipher = new BufferedGenericBlockCipher(
-                new OpenPGPCFBBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("PGP"))
+        // {
+        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
+        // }
+        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        // {
+        //     ivLength = 0;
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new OpenPGPCFBBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("SIC"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -252,12 +272,14 @@
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        else if (modeName.startsWith("GOFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new GOFBBlockCipher(baseEngine)));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("GOFB"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+        //                 new GOFBBlockCipher(baseEngine)));
+        // }
+        // END android-removed
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -268,11 +290,13 @@
             ivLength = baseEngine.getBlockSize();
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        else if (modeName.startsWith("EAX"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("EAX"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -441,63 +465,65 @@
                 param = new KeyParameter(key.getEncoded());
             }
         }
-        else if (params instanceof GOST28147ParameterSpec)
-        {
-            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-
-            param = new ParametersWithSBox(
-                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-
-            if (gost28147Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, gost28147Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-
-            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-
-            if (rc2Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, rc2Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC5ParameterSpec)
-        {
-            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-
-            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-            if (baseEngine.getAlgorithmName().startsWith("RC5"))
-            {
-                if (baseEngine.getAlgorithmName().equals("RC5-32"))
-                {
-                    if (rc5Param.getWordSize() != 32)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-                {
-                    if (rc5Param.getWordSize() != 64)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-            }
-            if ((rc5Param.getIV() != null) && (ivLength != 0))
-            {
-                param = new ParametersWithIV(param, rc5Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
+        // BEGIN android-removed
+        // else if (params instanceof GOST28147ParameterSpec)
+        // {
+        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
+        //
+        //     param = new ParametersWithSBox(
+        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
+        //
+        //     if (gost28147Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, gost28147Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC2ParameterSpec)
+        // {
+        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
+        //
+        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
+        //
+        //     if (rc2Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, rc2Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC5ParameterSpec)
+        // {
+        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
+        //
+        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
+        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
+        //     {
+        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
+        //         {
+        //             if (rc5Param.getWordSize() != 32)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
+        //         {
+        //             if (rc5Param.getWordSize() != 64)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //     }
+        //     else
+        //     {
+        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
+        //     }
+        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
+        //     {
+        //         param = new ParametersWithIV(param, rc5Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // END android-removed
         else
         {
             throw new InvalidAlgorithmParameterException("unknown parameter type.");
@@ -701,10 +727,20 @@
         int     inputLen,
         byte[]  output,
         int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
+        throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
+        // BEGIN android-note
+        // added ShortBufferException to the throws statement
+        // END android-note
         int     len = 0;
 
+        // BEGIN android-added
+        int outputLen = cipher.getOutputSize(inputLen);
+
+        if (outputLen + outputOffset > output.length) {
+            throw new ShortBufferException("need at least " + outputLen + " bytes");
+        }
+        // BEGIN android-added
         if (inputLen != 0)
         {
                 len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseKeyGenerator.java	2012-09-19 21:17:12.000000000 +0000
@@ -56,6 +56,11 @@
     {
         try
         {
+            // BEGIN android-added
+            if (random == null) {
+                random = new SecureRandom();
+            }
+            // END android-added
             engine.init(new KeyGenerationParameters(random, keySize));
             uninitialised = false;
         }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java	2012-09-19 21:17:12.000000000 +0000
@@ -11,25 +11,34 @@
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD4Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// import org.bouncycastle.crypto.digests.TigerDigest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.engines.DESEngine;
 import org.bouncycastle.crypto.engines.RC2Engine;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.GOST28147Mac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.GOST28147Mac;
+// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-import org.bouncycastle.crypto.macs.OldHMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+// import org.bouncycastle.crypto.macs.OldHMac;
+// END android-removed
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -179,91 +188,93 @@
         }
     }
 
-    /**
-     * GOST28147
-     */
-    public static class GOST28147
-        extends BaseMac
-    {
-        public GOST28147()
-        {
-            super(new GOST28147Mac());
-        }
-    }
-
-    
-
-    /**
-     * DES
-     */
-    public static class DESCFB8
-        extends BaseMac
-    {
-        public DESCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * RC2CFB8
-     */
-    public static class RC2CFB8
-        extends BaseMac
-    {
-        public RC2CFB8()
-        {
-            super(new CFBBlockCipherMac(new RC2Engine()));
-        }
-    }
-
-    /**
-     * DES9797Alg3with7816-4Padding
-     */
-    public static class DES9797Alg3with7816d4
-        extends BaseMac
-    {
-        public DES9797Alg3with7816d4()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-        }
-    }
-
-    /**
-     * DES9797Alg3
-     */
-    public static class DES9797Alg3
-        extends BaseMac
-    {
-        public DES9797Alg3()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine()));
-        }
-    }
-
-    /**
-     * MD2 HMac
-     */
-    public static class MD2
-        extends BaseMac
-    {
-        public MD2()
-        {
-            super(new HMac(new MD2Digest()));
-        }
-    }
-
-    /**
-     * MD4 HMac
-     */
-    public static class MD4
-        extends BaseMac
-    {
-        public MD4()
-        {
-            super(new HMac(new MD4Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * GOST28147
+    //  */
+    // public static class GOST28147
+    //     extends BaseMac
+    // {
+    //     public GOST28147()
+    //     {
+    //         super(new GOST28147Mac());
+    //     }
+    // }
+    //
+    //
+    //
+    // /**
+    //  * DES
+    //  */
+    // public static class DESCFB8
+    //     extends BaseMac
+    // {
+    //     public DESCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2CFB8
+    //  */
+    // public static class RC2CFB8
+    //     extends BaseMac
+    // {
+    //     public RC2CFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new RC2Engine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES9797Alg3with7816-4Padding
+    //  */
+    // public static class DES9797Alg3with7816d4
+    //     extends BaseMac
+    // {
+    //     public DES9797Alg3with7816d4()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES9797Alg3
+    //  */
+    // public static class DES9797Alg3
+    //     extends BaseMac
+    // {
+    //     public DES9797Alg3()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * MD2 HMac
+    //  */
+    // public static class MD2
+    //     extends BaseMac
+    // {
+    //     public MD2()
+    //     {
+    //         super(new HMac(new MD2Digest()));
+    //     }
+    // }
+    //
+    // /**
+    //  * MD4 HMac
+    //  */
+    // public static class MD4
+    //     extends BaseMac
+    // {
+    //     public MD4()
+    //     {
+    //         super(new HMac(new MD4Digest()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * MD5 HMac
@@ -273,7 +284,9 @@
     {
         public MD5()
         {
-            super(new HMac(new MD5Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getMD5()));
+            // END android-changed
         }
     }
 
@@ -285,21 +298,25 @@
     {
         public SHA1()
         {
-            super(new HMac(new SHA1Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA1()));
+            // END android-changed
         }
     }
 
-    /**
-     * SHA-224 HMac
-     */
-    public static class SHA224
-        extends BaseMac
-    {
-        public SHA224()
-        {
-            super(new HMac(new SHA224Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * SHA-224 HMac
+    //  */
+    // public static class SHA224
+    //     extends BaseMac
+    // {
+    //     public SHA224()
+    //     {
+    //         super(new HMac(new SHA224Digest()));
+    //     }
+    // }
+    // END android-removed
     
     /**
      * SHA-256 HMac
@@ -309,7 +326,7 @@
     {
         public SHA256()
         {
-            super(new HMac(new SHA256Digest()));
+            super(new HMac(AndroidDigestFactory.getSHA256()));
         }
     }
 
@@ -321,18 +338,20 @@
     {
         public SHA384()
         {
-            super(new HMac(new SHA384Digest()));
+            super(new HMac(AndroidDigestFactory.getSHA384()));
         }
     }
 
-    public static class OldSHA384
-        extends BaseMac
-    {
-        public OldSHA384()
-        {
-            super(new OldHMac(new SHA384Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class OldSHA384
+    //     extends BaseMac
+    // {
+    //     public OldSHA384()
+    //     {
+    //         super(new OldHMac(new SHA384Digest()));
+    //     }
+    // }
+    // END android-removed
     
     /**
      * SHA-512 HMac
@@ -342,75 +361,77 @@
     {
         public SHA512()
         {
-            super(new HMac(new SHA512Digest()));
-        }
-    }
-
-    /**
-     * SHA-512 HMac
-     */
-    public static class OldSHA512
-        extends BaseMac
-    {
-        public OldSHA512()
-        {
-            super(new OldHMac(new SHA512Digest()));
-        }
-    }
-    
-    /**
-     * RIPEMD128 HMac
-     */
-    public static class RIPEMD128
-        extends BaseMac
-    {
-        public RIPEMD128()
-        {
-            super(new HMac(new RIPEMD128Digest()));
-        }
-    }
-
-    /**
-     * RIPEMD160 HMac
-     */
-    public static class RIPEMD160
-        extends BaseMac
-    {
-        public RIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()));
-        }
-    }
-
-    /**
-     * Tiger HMac
-     */
-    public static class Tiger
-        extends BaseMac
-    {
-        public Tiger()
-        {
-            super(new HMac(new TigerDigest()));
+            super(new HMac(AndroidDigestFactory.getSHA512()));
         }
     }
 
+    // BEGIN android-removed
+    // /**
+    //  * SHA-512 HMac
+    //  */
+    // public static class OldSHA512
+    //     extends BaseMac
+    // {
+    //     public OldSHA512()
+    //     {
+    //         super(new OldHMac(new SHA512Digest()));
+    //     }
+    // }
+    //    
+    // /**
+    //  * RIPEMD128 HMac
+    //  */
+    // public static class RIPEMD128
+    //     extends BaseMac
+    // {
+    //     public RIPEMD128()
+    //     {
+    //         super(new HMac(new RIPEMD128Digest()));
+    //     }
+    // }
     //
-    // PKCS12 states that the same algorithm should be used
-    // for the key generation as is used in the HMAC, so that
-    // is what we do here.
+    // /**
+    //  * RIPEMD160 HMac
+    //  */
+    // public static class RIPEMD160
+    //     extends BaseMac
+    // {
+    //     public RIPEMD160()
+    //     {
+    //         super(new HMac(new RIPEMD160Digest()));
+    //     }
+    // }
     //
-
-    /**
-     * PBEWithHmacRIPEMD160
-     */
-    public static class PBEWithRIPEMD160
-        extends BaseMac
-    {
-        public PBEWithRIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160);
-        }
-    }
+    // /**
+    //  * Tiger HMac
+    //  */
+    // public static class Tiger
+    //     extends BaseMac
+    // {
+    //     public Tiger()
+    //     {
+    //         super(new HMac(new TigerDigest()));
+    //     }
+    // }
+    //
+    // //
+    // // PKCS12 states that the same algorithm should be used
+    // // for the key generation as is used in the HMAC, so that
+    // // is what we do here.
+    // //
+    //
+    // /**
+    //  * PBEWithHmacRIPEMD160
+    //  */
+    // public static class PBEWithRIPEMD160
+    //     extends BaseMac
+    // {
+    //     public PBEWithRIPEMD160()
+    //     {
+    //         super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithHmacSHA
@@ -420,19 +441,23 @@
     {
         public PBEWithSHA()
         {
-            super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160);
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160);
+            // END android-changed
         }
     }
 
-    /**
-     * PBEWithHmacTiger
-     */
-    public static class PBEWithTiger
-        extends BaseMac
-    {
-        public PBEWithTiger()
-        {
-            super(new HMac(new TigerDigest()), PKCS12, TIGER, 192);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithHmacTiger
+    //  */
+    // public static class PBEWithTiger
+    //     extends BaseMac
+    // {
+    //     public PBEWithTiger()
+    //     {
+    //         super(new HMac(new TigerDigest()), PKCS12, TIGER, 192);
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2012-09-19 21:17:12.000000000 +0000
@@ -13,8 +13,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
@@ -34,8 +36,10 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2012-09-19 21:17:12.000000000 +0000
@@ -22,8 +22,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -45,8 +47,10 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class
+                                        // END android-removed
                                     };
 
     protected int                     pbeType = PKCS12;
@@ -258,16 +262,19 @@
         return null;
     }
 
+    // BEGIN android-changed
+    // added ShortBufferException to throws statement
     protected int engineDoFinal(
         byte[]  input,
         int     inputOffset,
         int     inputLen,
         byte[]  output,
         int     outputOffset)
-        throws IllegalBlockSizeException, BadPaddingException
+        throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
         return 0;
     }
+    // END android-changed
 
     protected byte[] engineWrap(
         Key     key)
@@ -300,7 +307,12 @@
         byte[]  wrappedKey,
         String  wrappedKeyAlgorithm,
         int     wrappedKeyType)
-    throws InvalidKeyException
+    // BEGIN android-removed
+    // throws InvalidKeyException
+    // END android-removed
+    // BEGIN android-added
+    throws InvalidKeyException, NoSuchAlgorithmException
+    // END android-added
     {
         byte[] encoded;
         try
@@ -376,10 +388,12 @@
             {
                 throw new InvalidKeyException("Unknown key type " + e.getMessage());
             }
-            catch (NoSuchAlgorithmException e)
-            {
-                throw new InvalidKeyException("Unknown key type " + e.getMessage());
-            }
+            // BEGIN android-removed
+            // catch (NoSuchAlgorithmException e)
+            // {
+            //     throw new InvalidKeyException("Unknown key type " + e.getMessage());
+            // }
+            // END android-removed
             catch (InvalidKeySpecException e2)
             {
                 throw new InvalidKeyException("Unknown key type " + e2.getMessage());
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2012-09-19 21:17:12.000000000 +0000
@@ -7,12 +7,17 @@
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.TigerDigest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
@@ -28,10 +33,14 @@
     //
     static final int        MD5         = 0;
     static final int        SHA1        = 1;
-    static final int        RIPEMD160   = 2;
-    static final int        TIGER       = 3;
+    // BEGIN android-removed
+    // static final int        RIPEMD160   = 2;
+    // static final int        TIGER       = 3;
+    // END android-removed
     static final int        SHA256      = 4;
-    static final int        MD2         = 5;
+    // BEGIN android-removed
+    // static final int        MD2         = 5;
+    // END android-removed
 
     static final int        PKCS5S1     = 0;
     static final int        PKCS5S2     = 1;
@@ -53,14 +62,20 @@
             {
                 switch (hash)
                 {
-                case MD2:
-                    generator = new PKCS5S1ParametersGenerator(new MD2Digest());
-                    break;
+                // BEGIN android-removed
+                // case MD2:
+                //     generator = new PKCS5S1ParametersGenerator(new MD2Digest());
+                //     break;
+                // END android-removed
                 case MD5:
-                    generator = new PKCS5S1ParametersGenerator(new MD5Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5());
+                    // END android-changed
                     break;
                 case SHA1:
-                    generator = new PKCS5S1ParametersGenerator(new SHA1Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1());
+                    // END android-changed
                     break;
                 default:
                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
@@ -74,23 +89,33 @@
             {
                 switch (hash)
                 {
-                case MD2:
-                    generator = new PKCS12ParametersGenerator(new MD2Digest());
-                    break;
+                // BEGIN android-removed
+                // case MD2:
+                //     generator = new PKCS12ParametersGenerator(new MD2Digest());
+                //     break;
+                // END android-removed
                 case MD5:
-                    generator = new PKCS12ParametersGenerator(new MD5Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5());
+                    // END android-changed
                     break;
                 case SHA1:
-                    generator = new PKCS12ParametersGenerator(new SHA1Digest());
-                    break;
-                case RIPEMD160:
-                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-                    break;
-                case TIGER:
-                    generator = new PKCS12ParametersGenerator(new TigerDigest());
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
+                    // END android-changed
                     break;
+                // BEGIN android-removed
+                // case RIPEMD160:
+                //     generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
+                //     break;
+                // case TIGER:
+                //     generator = new PKCS12ParametersGenerator(new TigerDigest());
+                //     break;
+                // END android-removed
                 case SHA256:
-                    generator = new PKCS12ParametersGenerator(new SHA256Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
+                    // END android-changed
                     break;
                 default:
                     throw new IllegalStateException("unknown digest scheme for PBE encryption.");
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2012-09-19 21:17:12.000000000 +0000
@@ -10,19 +10,26 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.util.Strings;
 
 public class DigestFactory
 {
     private static Set md5 = new HashSet();
     private static Set sha1 = new HashSet();
-    private static Set sha224 = new HashSet();
+    // BEGIN android-removed
+    // private static Set sha224 = new HashSet();
+    // END android-removed
     private static Set sha256 = new HashSet();
     private static Set sha384 = new HashSet();
     private static Set sha512 = new HashSet();
@@ -38,9 +45,11 @@
         sha1.add("SHA-1");
         sha1.add(OIWObjectIdentifiers.idSHA1.getId());
         
-        sha224.add("SHA224");
-        sha224.add("SHA-224");
-        sha224.add(NISTObjectIdentifiers.id_sha224.getId());
+        // BEGIN android-removed
+        // sha224.add("SHA224");
+        // sha224.add("SHA-224");
+        // sha224.add(NISTObjectIdentifiers.id_sha224.getId());
+        // END android-removed
         
         sha256.add("SHA256");
         sha256.add("SHA-256");
@@ -61,9 +70,11 @@
         oids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
         oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1);
         
-        oids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        oids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-        oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224);
+        // BEGIN android-removed
+        // oids.put("SHA224", NISTObjectIdentifiers.id_sha224);
+        // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224);
+        // END android-removed
         
         oids.put("SHA256", NISTObjectIdentifiers.id_sha256);
         oids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
@@ -85,27 +96,39 @@
         
         if (sha1.contains(digestName))
         {
-            return new SHA1Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA1();
+            // END android-changed
         }
         if (md5.contains(digestName))
         {
-            return new MD5Digest();
-        }
-        if (sha224.contains(digestName))
-        {
-            return new SHA224Digest();
-        }
+            // BEGIN android-changed
+            return AndroidDigestFactory.getMD5();
+            // END android-changed
+        }
+        // BEGIN android-removed
+        // if (sha224.contains(digestName))
+        // {
+        //     return new SHA224Digest();
+        // }
+        // END android-removed
         if (sha256.contains(digestName))
         {
-            return new SHA256Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA256();
+            // END android-changed
         }
         if (sha384.contains(digestName))
         {
-            return new SHA384Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA384();
+            // END android-changed
         }
         if (sha512.contains(digestName))
         {
-            return new SHA512Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA512();
+            // END android-changed
         }
         
         return null;
@@ -116,7 +139,9 @@
         String digest2)
     {
         return (sha1.contains(digest1) && sha1.contains(digest2))
-            || (sha224.contains(digest1) && sha224.contains(digest2))
+            // BEGIN android-removed
+            // || (sha224.contains(digest1) && sha224.contains(digest2))
+            // END android-removed
             || (sha256.contains(digest1) && sha256.contains(digest2))
             || (sha384.contains(digest1) && sha384.contains(digest2))
             || (sha512.contains(digest1) && sha512.contains(digest2))
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/ECNamedCurveTable.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/ECNamedCurveTable.java	2012-09-19 21:17:12.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x9.X962NamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
@@ -55,21 +57,23 @@
             }
         }
 
-        if (ecP == null)
-        {
-            ecP = TeleTrusTNamedCurves.getByName(name);
-            if (ecP == null)
-            {
-                try
-                {
-                    ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name));
-                }
-                catch (IllegalArgumentException e)
-                {
-                    // ignore - not an oid
-                }
-            }
-        }
+        // BEGIN android-removed
+        // if (ecP == null)
+        // {
+        //     ecP = TeleTrusTNamedCurves.getByName(name);
+        //     if (ecP == null)
+        //     {
+        //         try
+        //         {
+        //             ecP = TeleTrusTNamedCurves.getByOID(new ASN1ObjectIdentifier(name));
+        //         }
+        //         catch (IllegalArgumentException e)
+        //         {
+        //             // ignore - not an oid
+        //         }
+        //     }
+        // }
+        // END android-removed
 
         if (ecP == null)
         {
@@ -102,7 +106,9 @@
         addEnumeration(v, X962NamedCurves.getNames());
         addEnumeration(v, SECNamedCurves.getNames());
         addEnumeration(v, NISTNamedCurves.getNames());
-        addEnumeration(v, TeleTrusTNamedCurves.getNames());
+        // BEGIN android-removed
+        // addEnumeration(v, TeleTrusTNamedCurves.getNames());
+        // END android-removed
 
         return v.elements();
     }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/PKCS10CertificationRequest.java	2012-09-19 21:17:12.000000000 +0000
@@ -30,14 +30,18 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.CertificationRequest;
 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
@@ -81,15 +85,20 @@
 
     static
     {
-        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // BEGIN android-removed
+        // Dropping MD2
+        // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // END android-removed
         algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
         algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -97,57 +106,78 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // reverse mappings
         //
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // BEGIN android-removed
+        // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // END android-removed
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // BEGIN android-removed
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // END android-removed
         
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        // BEGIN android-removed
+        // Dropping MD2
+        // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        // END android-removed
         oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // BEGIN android-removed
+        // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // END android-removed
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
         oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
         oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // BEGIN android-removed
+        // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // END android-removed
         oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
         
         //
@@ -161,35 +191,53 @@
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
 
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
         //
         // explicit params
         //
-        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
-        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
+        // BEGIN android-removed
+        // // BEGIN android-changed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // // END android-changed
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
+
+        // BEGIN android-changed
+        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
 
-        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
 
-        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
     }
 
@@ -595,10 +643,12 @@
         {
             return "SHA1";
         }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
+        // BEGIN android-removed
+        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        // {
+        //     return "SHA224";
+        // }
+        // END android-removed
         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
         {
             return "SHA256";
@@ -611,22 +661,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2012-09-19 21:17:12.000000000 +0000
@@ -48,7 +48,10 @@
 {
     private static String info = "BouncyCastle Security Provider v1.47";
 
-    public static String PROVIDER_NAME = "BC";
+    // BEGIN android-changed
+    //     this constant should be final
+    public static final String PROVIDER_NAME = "BC";
+    // END android-changed
 
     public static final ProviderConfiguration CONFIGURATION = new BouncyCastleProviderConfiguration();
 
@@ -61,8 +64,13 @@
     private static final String SYMMETRIC_CIPHER_PACKAGE = "org.bouncycastle.jcajce.provider.symmetric.";
     private static final String[] SYMMETRIC_CIPHERS =
     {
-        "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
-        "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+        // BEGIN android-removed
+        // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+        // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+        // END android-removed
+        // BEGIN android-added
+        "AES", "ARC4", "Blowfish", "DES", "DESede",
+        // END android-added
     };
 
      /*
@@ -79,7 +87,12 @@
 
     private static final String[] ASYMMETRIC_CIPHERS =
     {
-        "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal"
+        // BEGIN android-removed
+        // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal"
+        // END android-removed
+        // BEGIN android-added
+        "DSA", "DH", "EC", "RSA",
+        // END android-added
     };
 
     /*
@@ -88,7 +101,12 @@
     private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
     private static final String[] DIGESTS =
     {
-        "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool"
+        // BEGIN android-removed
+        // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "Tiger", "Whirlpool"
+        // END android-removed
+        // BEGIN android-added
+        "MD5", "SHA1", "SHA256", "SHA384", "SHA512",
+        // END android-added
     };
 
     /**
@@ -120,26 +138,28 @@
 
         loadAlgorithms(ASYMMETRIC_CIPHER_PACKAGE, ASYMMETRIC_CIPHERS);
 
-        //
-        // X509Store
-        //
-        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
-
-        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
-        
-        //
-        // X509StreamParser
-        //
-        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+        // BEGIN android-removed
+        // //
+        // // X509Store
+        // //
+        // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
+        // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
+        // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
+        // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+        //
+        // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
+        // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
+        // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
+        // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+        //
+        // //
+        // // X509StreamParser
+        // //
+        // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
+        // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
+        // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
+        // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+        // END android-removed
 
 
         //
@@ -148,14 +168,24 @@
         put("KeyStore.BKS", "org.bouncycastle.jce.provider.JDKKeyStore");
         put("KeyStore.BouncyCastle", "org.bouncycastle.jce.provider.JDKKeyStore$BouncyCastleStore");
         put("KeyStore.PKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.BCPKCS12", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
-
-        put("KeyStore.PKCS12-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore");
-        put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES");
-
-        put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
-        put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES");
+        // BEGIN android-changed
+        put("Alg.Alias.KeyStore.BCPKCS12", "PKCS12");
+        // END android-changed
+        // BEGIN android-removed
+        // put("KeyStore.PKCS12-DEF", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
+        // END android-removed
+
+        // BEGIN android-changed
+        put("Alg.Alias.KeyStore.PKCS12-3DES-40RC2", "PKCS12");
+        // END android-changed
+        // BEGIN android-removed
+        // put("KeyStore.PKCS12-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore3DES");
+        // END android-removed
+
+        // BEGIN android-removed
+        // put("KeyStore.PKCS12-DEF-3DES-40RC2", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore");
+        // put("KeyStore.PKCS12-DEF-3DES-3DES", "org.bouncycastle.jce.provider.JDKPKCS12KeyStore$DefPKCS12KeyStore3DES");
+        // END android-removed
 
         put("Alg.Alias.KeyStore.UBER", "BouncyCastle");
         put("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
@@ -164,29 +194,41 @@
         //
         // algorithm parameters
         //
-        put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES");
+        // BEGIN android-removed
+        // put("AlgorithmParameters.IES", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$IES");
+        // END android-removed
         put("AlgorithmParameters.PKCS12PBE", "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PKCS12PBE");
 
-        put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2");
+        // BEGIN android-removed
+        // put("AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "org.bouncycastle.jce.provider.JDKAlgorithmParameters$PBKDF2");
+        // END android-removed
 
 
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE");
+        // BEGIN android-removed
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES", "PKCS12PBE");
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES", "PKCS12PBE");
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC2", "PKCS12PBE");
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDRC4", "PKCS12PBE");
+        // END android-removed
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE");
+        // BEGIN android-removed
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHA1ANDRC2-CBC", "PKCS12PBE");
+        // END android-removed
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE");
+        // BEGIN android-removed
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES3KEY-CBC", "PKCS12PBE");
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDDES2KEY-CBC", "PKCS12PBE");
+        // END android-removed
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC2-CBC", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND40BITRC4", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC2-CBC", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAAND128BITRC4", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
-        put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
+        // BEGIN android-removed
+        // put("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
+        // END android-removed
         put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.1", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.2", "PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.12.1.3", "PKCS12PBE");
@@ -217,12 +259,14 @@
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND128BITAES-CBC-BC","PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND192BITAES-CBC-BC","PKCS12PBE");
         put("Alg.Alias.AlgorithmParameters.PBEWITHSHA-256AND256BITAES-CBC-BC","PKCS12PBE");
-
-        put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
-        put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        
+        // BEGIN android-removed
+        // put("AlgorithmParameters.SHA1WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        // put("AlgorithmParameters.SHA224WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        // put("AlgorithmParameters.SHA256WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        // put("AlgorithmParameters.SHA384WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        // put("AlgorithmParameters.SHA512WITHECDSA", "org.bouncycastle.jce.provider.JDKECDSAAlgParameters$SigAlgParameters");
+        // END android-removed
         
         //
         // key agreement
@@ -235,16 +279,22 @@
         put("Alg.Alias.Cipher.PBEWithSHAAnd3KeyTripleDES",  "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
         
 
-        put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
-        put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
-        put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
-        put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES");
+        // BEGIN android-removed
+        // put("Cipher.ECIES", "org.bouncycastle.jce.provider.JCEIESCipher$ECIES");
+        // put("Cipher.BrokenECIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenECIES");
+        // put("Cipher.IES", "org.bouncycastle.jce.provider.JCEIESCipher$IES");
+        // put("Cipher.BrokenIES", "org.bouncycastle.jce.provider.JCEIESCipher$BrokenIES");
+        // END android-removed
 
         put("Cipher.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndDES");
-        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+        // BEGIN android-removed
+        // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+        // END android-removed
         put("Cipher.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithMD5AndRC2");
         put("Cipher.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndDES");
-        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+        // BEGIN android-removed
+        // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+        // END android-removed
         put("Cipher.PBEWITHSHA1ANDRC2", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHA1AndRC2");
 
         put("Cipher.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAnd128BitRC2");
@@ -286,10 +336,12 @@
         put("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithAESCBC");
         
         put("Cipher.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCEBlockCipher$PBEWithSHAAndTwofish");
-        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
-
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // BEGIN android-removed
+        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+        //
+        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // END android-removed
         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
         put("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
@@ -326,16 +378,20 @@
         //
         // secret key factories.
         //
-        put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
-
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // BEGIN android-removed
+        // put("SecretKeyFactory.PBEWITHMD2ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndDES");
+        //
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // END android-removed
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDDES");
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndRC2_CBC, "PBEWITHSHA1ANDRC2");
 
-        put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
+        // BEGIN android-removed
+        // put("SecretKeyFactory.PBEWITHMD2ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD2AndRC2");
+        // END android-removed
         put("SecretKeyFactory.PBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndDES");
         put("SecretKeyFactory.PBEWITHMD5ANDRC2", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5AndRC2");
         put("SecretKeyFactory.PBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA1AndDES");
@@ -347,31 +403,39 @@
         put("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd128BitRC2");
         put("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAnd40BitRC2");
         put("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHAAndTwofish");
-        put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160");
+        // BEGIN android-removed
+        // put("SecretKeyFactory.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithRIPEMD160");
+        // END android-removed
         put("SecretKeyFactory.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithSHA");
-        put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger");
+        // BEGIN android-removed
+        // put("SecretKeyFactory.PBEWITHHMACTIGER", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithTiger");
+        // END android-removed
         
         put("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And128BitAESCBCOpenSSL");
         put("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And192BitAESCBCOpenSSL");
         put("SecretKeyFactory.PBEWITHMD5AND256BITAES-CBC-OPENSSL", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBEWithMD5And256BitAESCBCOpenSSL");
 
-        put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5");
-
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5");
-        put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12");
-        put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12");
-
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+        // BEGIN android-removed
+        // put("Alg.Alias.SecretKeyFactory.PBE", "PBE/PKCS5");
+        //
+        // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHMD5ANDDES", "PBE/PKCS5");
+        // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHA1ANDDES", "PBE/PKCS5");
+        // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
+        // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", "PBE/PKCS12");
+        // put("Alg.Alias.SecretKeyFactory.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", "PBE/PKCS12");
+        // put("Alg.Alias.SecretKeyFactory.OLDPBEWITHSHAANDTWOFISH-CBC", "PBE/PKCS12");
+        //
+        // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+        // END android-removed
         put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
         put("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
         put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
         put("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-        put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // BEGIN android-removed
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+        // put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+        // END android-removed
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
         put("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
@@ -408,20 +472,31 @@
         put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes128_cbc.getId(), "PBEWITHSHA256AND128BITAES-CBC-BC");
         put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PBEWITHSHA256AND192BITAES-CBC-BC");
         put("Alg.Alias.SecretKeyFactory." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PBEWITHSHA256AND256BITAES-CBC-BC");
+        // BEGIN android-added
+
+        put("SecretKeyFactory.PBKDF2WithHmacSHA1", "org.bouncycastle.jce.provider.JCESecretKeyFactory$PBKDF2WithHmacSHA1");
+        // END android-added
 
         addMacAlgorithms();
 
     // Certification Path API
-        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
-        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+        // BEGIN android-removed
+        // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+        // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+        // END android-removed
+        // BEGIN android-changed
+        // Use Alg.Alias so RFC3280 doesn't show up when iterating provider services, only PKIX
+        put("Alg.Alias.CertPathValidator.RFC3280", "PKIX");
+        put("Alg.Alias.CertPathBuilder.RFC3280", "PKIX");
+        // END android-changed
         put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
         put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
         put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
-        put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
-        put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
-        put("Alg.Alias.CertStore.X509LDAP", "LDAP");
+        // BEGIN android-removed
+        // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
+        // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
+        // put("Alg.Alias.CertStore.X509LDAP", "LDAP");
+        // END android-removed
     }
 
     private void loadAlgorithms(String packageName, String[] names)
@@ -469,21 +544,25 @@
     private void addMacAlgorithms()
     {
 
-        put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
-        put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-
-        put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
-        put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-        put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
-        put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-
-        put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
-
-        put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
+        // BEGIN android-removed
+        // put("Mac.DESWITHISO9797", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
+        // put("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+        //
+        // put("Mac.ISO9797ALG3MAC", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3");
+        // put("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+        // put("Mac.ISO9797ALG3WITHISO7816-4PADDING", "org.bouncycastle.jce.provider.JCEMac$DES9797Alg3with7816d4");
+        // put("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+        //
+        // put("Mac.OLDHMACSHA384", "org.bouncycastle.jce.provider.JCEMac$OldSHA384");
+        //
+        // put("Mac.OLDHMACSHA512", "org.bouncycastle.jce.provider.JCEMac$OldSHA512");
+        // END android-removed
 
         put("Mac.PBEWITHHMACSHA", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA");
         put("Mac.PBEWITHHMACSHA1", "org.bouncycastle.jce.provider.JCEMac$PBEWithSHA");
-        put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160");
+        // BEGIN android-removed
+        // put("Mac.PBEWITHHMACRIPEMD160", "org.bouncycastle.jce.provider.JCEMac$PBEWithRIPEMD160");
+        // END android-removed
         put("Alg.Alias.Mac.1.3.14.3.2.26", "PBEWITHHMACSHA");
     }
 
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertBlacklist.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertBlacklist.java	2012-09-19 21:17:12.000000000 +0000
@@ -0,0 +1,216 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.jce.provider;
+
+import java.io.Closeable;
+import java.io.ByteArrayOutputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+import org.bouncycastle.util.encoders.Hex;
+
+public class CertBlacklist {
+
+    private static final String ANDROID_DATA = System.getenv("ANDROID_DATA");
+    private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/";
+    public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt";
+    public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt";
+
+    private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
+
+    // public for testing
+    public final Set<BigInteger> serialBlacklist;
+    public final Set<byte[]> pubkeyBlacklist;
+
+    public CertBlacklist() {
+        this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH);
+    }
+
+    /** Test only interface, not for public use */
+    public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
+        serialBlacklist = readSerialBlackList(serialBlacklistPath);
+        pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
+    }
+
+    private static boolean isHex(String value) {
+        try {
+            new BigInteger(value, 16);
+            return true;
+        } catch (NumberFormatException e) {
+            logger.log(Level.WARNING, "Could not parse hex value " + value, e);
+            return false;
+        }
+    }
+
+    private static boolean isPubkeyHash(String value) {
+        if (value.length() != 40) {
+            logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length());
+            return false;
+        }
+        return isHex(value);
+    }
+
+    private static String readBlacklist(String path) {
+        try {
+            return readFileAsString(path);
+        } catch (FileNotFoundException ignored) {
+        } catch (IOException e) {
+            logger.log(Level.WARNING, "Could not read blacklist", e);
+        }
+        return "";
+    }
+
+    // From IoUtils.readFileAsString
+    private static String readFileAsString(String path) throws IOException {
+        return readFileAsBytes(path).toString("UTF-8");
+    }
+
+    // Based on IoUtils.readFileAsBytes
+    private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException {
+        RandomAccessFile f = null;
+        try {
+            f = new RandomAccessFile(path, "r");
+            ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length());
+            byte[] buffer = new byte[8192];
+            while (true) {
+                int byteCount = f.read(buffer);
+                if (byteCount == -1) {
+                    return bytes;
+                }
+                bytes.write(buffer, 0, byteCount);
+            }
+        } finally {
+            closeQuietly(f);
+        }
+    }
+
+    // Base on IoUtils.closeQuietly
+    private static void closeQuietly(Closeable closeable) {
+        if (closeable != null) {
+            try {
+                closeable.close();
+            } catch (RuntimeException rethrown) {
+                throw rethrown;
+            } catch (Exception ignored) {
+            }
+        }
+    }
+
+    private static final Set<BigInteger> readSerialBlackList(String path) {
+
+        // start out with a base set of known bad values
+        Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList(
+            // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup
+            // Not a real certificate. For testing only.
+            new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16),
+            new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16),
+            new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16),
+            new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16),
+            new BigInteger("9239d5348f40d1695a745470e1f23f43", 16),
+            new BigInteger("e9028b9578e415dc1a710a2b88154447", 16),
+            new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16),
+            new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16),
+            new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16),
+            new BigInteger("3e75ced46b693021218830ae86a82a71", 16)
+        ));
+
+        // attempt to augment it with values taken from gservices
+        String serialBlacklist = readBlacklist(path);
+        if (!serialBlacklist.equals("")) {
+            for(String value : serialBlacklist.split(",")) {
+                try {
+                    bl.add(new BigInteger(value, 16));
+                } catch (NumberFormatException e) {
+                    logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e);
+                }
+            }
+        }
+
+        // whether that succeeds or fails, send it on its merry way
+        return Collections.unmodifiableSet(bl);
+    }
+
+    private static final Set<byte[]> readPublicKeyBlackList(String path) {
+
+        // start out with a base set of known bad values
+        Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList(
+            // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750
+            // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info (a] diginotar.nl
+            "410f36363258f30b347d12ce4863e433437806a8".getBytes(),
+            // Subject: CN=DigiNotar Cyber CA
+            // Issuer: CN=GTE CyberTrust Global Root
+            "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(),
+            // Subject: CN=DigiNotar Services 1024 CA
+            // Issuer: CN=Entrust.net
+            "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(),
+            // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
+            // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
+            "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(),
+            // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
+            // Issuer: CN=Staat der Nederlanden Overheid CA
+            "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(),
+            // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479
+            // Subject: O=Digicert Sdn. Bhd.
+            // Issuer: CN=GTE CyberTrust Global Root
+            "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes()
+        ));
+
+        // attempt to augment it with values taken from gservices
+        String pubkeyBlacklist = readBlacklist(path);
+        if (!pubkeyBlacklist.equals("")) {
+            for (String value : pubkeyBlacklist.split(",")) {
+                value = value.trim();
+                if (isPubkeyHash(value)) {
+                    bl.add(value.getBytes());
+                } else {
+                    logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value);
+                }
+            }
+        }
+
+        return bl;
+    }
+
+    public boolean isPublicKeyBlackListed(PublicKey publicKey) {
+        byte[] encoded = publicKey.getEncoded();
+        Digest digest = AndroidDigestFactory.getSHA1();
+        digest.update(encoded, 0, encoded.length);
+        byte[] out = new byte[digest.getDigestSize()];
+        digest.doFinal(out, 0);
+        for (byte[] blacklisted : pubkeyBlacklist) {
+            if (Arrays.equals(blacklisted, Hex.encode(out))) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public boolean isSerialNumberBlackListed(BigInteger serial) {
+        return serialBlacklist.contains(serial);
+    }
+
+}
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2012-09-19 21:17:12.000000000 +0000
@@ -61,13 +61,17 @@
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Extension;
 import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+// END android-removed
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.util.Selector;
 import org.bouncycastle.util.StoreException;
 import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
 import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
+// BEGIN android-removed
+// import org.bouncycastle.x509.X509AttributeCertStoreSelector;
+// END android-removed
 import org.bouncycastle.x509.X509AttributeCertificate;
 import org.bouncycastle.x509.X509CRLStoreSelector;
 import org.bouncycastle.x509.X509CertStoreSelector;
@@ -247,7 +251,9 @@
             {
                 // look for URI
                 List list = (List)it.next();
-                if (list.get(0).equals(new Integer(GeneralName.uniformResourceIdentifier)))
+                // BEGIN android-changed
+                if (list.get(0).equals(Integer.valueOf(GeneralName.uniformResourceIdentifier)))
+                // END android-changed
                 {
                     // found
                     String temp = (String)list.get(1);
@@ -655,38 +661,40 @@
         {
             try
             {
-                if (location.startsWith("ldap://"))
-                {
-                    // ldap://directory.d-trust.net/CN=D-TRUST
-                    // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
-                    // skip "ldap://"
-                    location = location.substring(7);
-                    // after first / baseDN starts
-                    String base = null;
-                    String url = null;
-                    if (location.indexOf("/") != -1)
-                    {
-                        base = location.substring(location.indexOf("/"));
-                        // URL
-                        url = "ldap://"
-                            + location.substring(0, location.indexOf("/"));
-                    }
-                    else
-                    {
-                        url = "ldap://" + location;
-                    }
-                    // use all purpose parameters
-                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
-                        url, base).build();
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                }
+                // BEGIN android-removed
+                // if (location.startsWith("ldap://"))
+                // {
+                //     // ldap://directory.d-trust.net/CN=D-TRUST
+                //     // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
+                //     // skip "ldap://"
+                //     location = location.substring(7);
+                //     // after first / baseDN starts
+                //     String base = null;
+                //     String url = null;
+                //     if (location.indexOf("/") != -1)
+                //     {
+                //         base = location.substring(location.indexOf("/"));
+                //         // URL
+                //         url = "ldap://"
+                //             + location.substring(0, location.indexOf("/"));
+                //     }
+                //     else
+                //     {
+                //         url = "ldap://" + location;
+                //     }
+                //     // use all purpose parameters
+                //     X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
+                //         url, base).build();
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                // }
+                // END android-removed
             }
             catch (Exception e)
             {
@@ -751,33 +759,35 @@
         return certs;
     }
 
-    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
-                                                 List certStores)
-        throws AnnotatedException
-    {
-        Set certs = new HashSet();
-        Iterator iter = certStores.iterator();
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store certStore = (X509Store)obj;
-                try
-                {
-                    certs.addAll(certStore.getMatches(certSelect));
-                }
-                catch (StoreException e)
-                {
-                    throw new AnnotatedException(
-                            "Problem while picking certificates from X.509 store.", e);
-                }
-            }
-        }
-        return certs;
-    }
+    // BEGIN android-removed
+    // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
+    //                                              List certStores)
+    //     throws AnnotatedException
+    // {
+    //     Set certs = new HashSet();
+    //     Iterator iter = certStores.iterator();
+    //
+    //     while (iter.hasNext())
+    //     {
+    //         Object obj = iter.next();
+    //
+    //         if (obj instanceof X509Store)
+    //         {
+    //             X509Store certStore = (X509Store)obj;
+    //             try
+    //             {
+    //                 certs.addAll(certStore.getMatches(certSelect));
+    //             }
+    //             catch (StoreException e)
+    //             {
+    //                 throw new AnnotatedException(
+    //                         "Problem while picking certificates from X.509 store.", e);
+    //             }
+    //         }
+    //     }
+    //     return certs;
+    // }
+    // END android-removed
 
     protected static void addAdditionalStoresFromCRLDistributionPoint(
         CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEBlockCipher.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEBlockCipher.java	2012-09-19 21:17:12.000000000 +0000
@@ -18,8 +18,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
@@ -28,7 +30,9 @@
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.engines.AESFastEngine;
 import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.GOST28147Engine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.GOST28147Engine;
+// END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
 import org.bouncycastle.crypto.engines.TwofishEngine;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
@@ -36,12 +40,18 @@
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -53,12 +63,16 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
-import org.bouncycastle.crypto.params.RC2Parameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ParametersWithSBox;
+// import org.bouncycastle.crypto.params.RC2Parameters;
+// import org.bouncycastle.crypto.params.RC5Parameters;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBE;
-import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// END android-removed
 import org.bouncycastle.jce.spec.RepeatedSecretKeySpec;
 import org.bouncycastle.util.Strings;
 
@@ -71,11 +85,15 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        GOST28147ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // GOST28147ParameterSpec.class
+                                        // END android-removed
                                     };
  
     private BlockCipher             baseEngine;
@@ -232,20 +250,22 @@
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        else if (modeName.startsWith("PGP"))
-        {
-            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(
-                new PGPCFBBlockCipher(baseEngine, inlineIV));
-        }
-        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        {
-            ivLength = 0;
-            cipher = new BufferedGenericBlockCipher(
-                new OpenPGPCFBBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("PGP"))
+        // {
+        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+        //
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
+        // }
+        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        // {
+        //     ivLength = 0;
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new OpenPGPCFBBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("SIC"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -262,12 +282,14 @@
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        else if (modeName.startsWith("GOFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new GOFBBlockCipher(baseEngine)));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("GOFB"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+        //                 new GOFBBlockCipher(baseEngine)));
+        // }
+        // END android-removed
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -278,11 +300,13 @@
             ivLength = baseEngine.getBlockSize();
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        else if (modeName.startsWith("EAX"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("EAX"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -371,13 +395,15 @@
             throw new InvalidKeyException("Key for algorithm " + key.getAlgorithm() + " not suitable for symmetric enryption.");
         }
         
-        //
-        // for RC5-64 we must have some default parameters
-        //
-        if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64"))
-        {
-            throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in.");
-        }
+        // BEGIN android-removed
+        // //
+        // // for RC5-64 we must have some default parameters
+        // //
+        // if (params == null && baseEngine.getAlgorithmName().startsWith("RC5-64"))
+        // {
+        //     throw new InvalidAlgorithmParameterException("RC5 requires an RC5ParametersSpec to be passed in.");
+        // }
+        // END android-removed
 
         //
         // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
@@ -451,63 +477,65 @@
                 param = new KeyParameter(key.getEncoded());
             }
         }
-        else if (params instanceof GOST28147ParameterSpec)
-        {
-            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-
-            param = new ParametersWithSBox(
-                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-
-            if (gost28147Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, gost28147Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-
-            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-
-            if (rc2Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, rc2Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC5ParameterSpec)
-        {
-            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-
-            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-            if (baseEngine.getAlgorithmName().startsWith("RC5"))
-            {
-                if (baseEngine.getAlgorithmName().equals("RC5-32"))
-                {
-                    if (rc5Param.getWordSize() != 32)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-                {
-                    if (rc5Param.getWordSize() != 64)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-            }
-            if ((rc5Param.getIV() != null) && (ivLength != 0))
-            {
-                param = new ParametersWithIV(param, rc5Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
+        // BEGIN android-removed
+        // else if (params instanceof GOST28147ParameterSpec)
+        // {
+        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
+        //
+        //     param = new ParametersWithSBox(
+        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
+        //
+        //     if (gost28147Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, gost28147Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC2ParameterSpec)
+        // {
+        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
+        //
+        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
+        //
+        //     if (rc2Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, rc2Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC5ParameterSpec)
+        // {
+        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
+        //
+        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
+        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
+        //     {
+        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
+        //         {
+        //             if (rc5Param.getWordSize() != 32)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
+        //         {
+        //             if (rc5Param.getWordSize() != 64)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //     }
+        //     else
+        //     {
+        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
+        //     }
+        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
+        //     {
+        //         param = new ParametersWithIV(param, rc5Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // END android-removed
         else
         {
             throw new InvalidAlgorithmParameterException("unknown parameter type.");
@@ -711,10 +739,21 @@
         int     inputLen,
         byte[]  output,
         int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
+        throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
+        // BEGIN android-note
+        // added ShortBufferException to the throws statement
+        // END android-note
         int     len = 0;
 
+        // BEGIN android-added
+        int outputLen = cipher.getOutputSize(inputLen);
+
+        if (outputLen + outputOffset > output.length) {
+            throw new ShortBufferException("need at least " + outputLen + " bytes");
+        }
+        // BEGIN android-added
+
         if (inputLen != 0)
         {
                 len = cipher.processBytes(input, inputOffset, inputLen, output, outputOffset);
@@ -756,62 +795,64 @@
         }
     }
 
-    /**
-     * DESCBC
-     */
-    static public class DESCBC
-        extends JCEBlockCipher
-    {
-        public DESCBC()
-        {
-            super(new CBCBlockCipher(new DESEngine()), 64);
-        }
-    }
-
-    /**
-     *  GOST28147
-     */
-    static public class GOST28147
-        extends JCEBlockCipher
-    {
-        public GOST28147()
-        {
-            super(new GOST28147Engine());
-        }
-    }
-    
-    static public class GOST28147cbc
-        extends JCEBlockCipher
-    {
-        public GOST28147cbc()
-        {
-            super(new CBCBlockCipher(new GOST28147Engine()), 64);
-        }
-    }
-
-    /**
-     * RC2
-     */
-    static public class RC2
-        extends JCEBlockCipher
-    {
-        public RC2()
-        {
-            super(new RC2Engine());
-        }
-    }
-
-    /**
-     * RC2CBC
-     */
-    static public class RC2CBC
-        extends JCEBlockCipher
-    {
-        public RC2CBC()
-        {
-            super(new CBCBlockCipher(new RC2Engine()), 64);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DESCBC
+    //  */
+    // static public class DESCBC
+    //     extends JCEBlockCipher
+    // {
+    //     public DESCBC()
+    //     {
+    //         super(new CBCBlockCipher(new DESEngine()), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  *  GOST28147
+    //  */
+    // static public class GOST28147
+    //     extends JCEBlockCipher
+    // {
+    //     public GOST28147()
+    //     {
+    //         super(new GOST28147Engine());
+    //     }
+    // }
+    //
+    // static public class GOST28147cbc
+    //     extends JCEBlockCipher
+    // {
+    //     public GOST28147cbc()
+    //     {
+    //         super(new CBCBlockCipher(new GOST28147Engine()), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2
+    //  */
+    // static public class RC2
+    //     extends JCEBlockCipher
+    // {
+    //     public RC2()
+    //     {
+    //         super(new RC2Engine());
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2CBC
+    //  */
+    // static public class RC2CBC
+    //     extends JCEBlockCipher
+    // {
+    //     public RC2CBC()
+    //     {
+    //         super(new CBCBlockCipher(new RC2Engine()), 64);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithMD5AndDES
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -20,8 +20,10 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -203,21 +205,23 @@
             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
 
-            if (ecP == null) // GOST Curve
-            {
-                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-
-                ecSpec = new ECNamedCurveSpec(
-                        ECGOST3410NamedCurves.getName(oid),
-                        ellipticCurve,
-                        new ECPoint(
-                                gParam.getG().getX().toBigInteger(),
-                                gParam.getG().getY().toBigInteger()),
-                        gParam.getN(),
-                        gParam.getH());
-            }
-            else
+            // BEGIN android-removed
+            // if (ecP == null) // GOST Curve
+            // {
+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+            //
+            //     ecSpec = new ECNamedCurveSpec(
+            //             ECGOST3410NamedCurves.getName(oid),
+            //             ellipticCurve,
+            //             new ECPoint(
+            //                     gParam.getG().getX().toBigInteger(),
+            //                     gParam.getG().getY().toBigInteger()),
+            //             gParam.getN(),
+            //             gParam.getH());
+            // }
+            // else
+            // END android-removed
             {
                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
 
@@ -331,11 +335,13 @@
 
         try
         {
-            if (algorithm.equals("ECGOST3410"))
-            {
-                info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-            }
-            else
+            // BEGIN android-removed
+            // if (algorithm.equals("ECGOST3410"))
+            // {
+            //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
+            // }
+            // else
+            // END android-removed
             {
 
                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEECPublicKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -18,9 +18,11 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962Parameters;
@@ -33,9 +35,13 @@
 import org.bouncycastle.jcajce.provider.asymmetric.ec.EC5Util;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// BEGIN android-removed
+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// END android-removed
 import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// END android-removed
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
 
@@ -46,7 +52,9 @@
     private org.bouncycastle.math.ec.ECPoint q;
     private ECParameterSpec         ecSpec;
     private boolean                 withCompression;
-    private GOST3410PublicKeyAlgParameters       gostParams;
+    // BEGIN android-removed
+    // private GOST3410PublicKeyAlgParameters       gostParams;
+    // END android-removed
 
     public JCEECPublicKey(
         String              algorithm,
@@ -56,7 +64,9 @@
         this.q = key.q;
         this.ecSpec = key.ecSpec;
         this.withCompression = key.withCompression;
-        this.gostParams = key.gostParams;
+        // BEGIN android-removed
+        // this.gostParams = key.gostParams;
+        // END android-removed
     }
     
     public JCEECPublicKey(
@@ -179,54 +189,56 @@
 
     private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
     {
-        if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        {
-            DERBitString bits = info.getPublicKeyData();
-            ASN1OctetString key;
-            this.algorithm = "ECGOST3410";
-
-            try
-            {
-                key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
-            }
-            catch (IOException ex)
-            {
-                throw new IllegalArgumentException("error recovering public key");
-            }
-
-            byte[]          keyEnc = key.getOctets();
-            byte[]          x = new byte[32];
-            byte[]          y = new byte[32];
-
-            for (int i = 0; i != x.length; i++)
-            {
-                x[i] = keyEnc[32 - 1 - i];
-            }
-
-            for (int i = 0; i != y.length; i++)
-            {
-                y[i] = keyEnc[64 - 1 - i];
-            }
-
-            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-
-            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
-
-            ECCurve curve = spec.getCurve();
-            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
-
-            this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
-
-            ecSpec = new ECNamedCurveSpec(
-                    ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
-                    ellipticCurve,
-                    new ECPoint(
-                            spec.getG().getX().toBigInteger(),
-                            spec.getG().getY().toBigInteger()),
-                            spec.getN(), spec.getH());
-
-        }
-        else
+        // BEGIN android-removed
+        // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+        // {
+        //     DERBitString bits = info.getPublicKeyData();
+        //     ASN1OctetString key;
+        //     this.algorithm = "ECGOST3410";
+        //
+        //     try
+        //     {
+        //         key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
+        //     }
+        //     catch (IOException ex)
+        //     {
+        //         throw new IllegalArgumentException("error recovering public key");
+        //     }
+        //
+        //     byte[]          keyEnc = key.getOctets();
+        //     byte[]          x = new byte[32];
+        //     byte[]          y = new byte[32];
+        //
+        //     for (int i = 0; i != x.length; i++)
+        //     {
+        //         x[i] = keyEnc[32 - 1 - i];
+        //     }
+        //
+        //     for (int i = 0; i != y.length; i++)
+        //     {
+        //         y[i] = keyEnc[64 - 1 - i];
+        //     }
+        //
+        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+        //
+        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+        //
+        //     ECCurve curve = spec.getCurve();
+        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+        //
+        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+        //
+        //     ecSpec = new ECNamedCurveSpec(
+        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+        //             ellipticCurve,
+        //             new ECPoint(
+        //                     spec.getG().getX().toBigInteger(),
+        //                     spec.getG().getY().toBigInteger()),
+        //                     spec.getN(), spec.getH());
+        //
+        // }
+        // else
+        // END android-removed
         {
             X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters());
             ECCurve                 curve;
@@ -315,45 +327,47 @@
         ASN1Encodable        params;
         SubjectPublicKeyInfo info;
 
-        if (algorithm.equals("ECGOST3410"))
-        {
-            if (gostParams != null)
-            {
-                params = gostParams;
-            }
-            else
-            {
-                if (ecSpec instanceof ECNamedCurveSpec)
-                {
-                    params = new GOST3410PublicKeyAlgParameters(
-                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
-                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
-                }
-                else
-                {   // strictly speaking this may not be applicable...
-                    ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
-
-                    X9ECParameters ecP = new X9ECParameters(
-                        curve,
-                        EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
-                        ecSpec.getOrder(),
-                        BigInteger.valueOf(ecSpec.getCofactor()),
-                        ecSpec.getCurve().getSeed());
-
-                    params = new X962Parameters(ecP);
-                }
-            }
-
-            BigInteger      bX = this.q.getX().toBigInteger();
-            BigInteger      bY = this.q.getY().toBigInteger();
-            byte[]          encKey = new byte[64];
-
-            extractBytes(encKey, 0, bX);
-            extractBytes(encKey, 32, bY);
-
-            info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
-        }
-        else
+        // BEGIN android-removed
+        // if (algorithm.equals("ECGOST3410"))
+        // {
+        //     if (gostParams != null)
+        //     {
+        //         params = gostParams;
+        //     }
+        //     else
+        //     {
+        //         if (ecSpec instanceof ECNamedCurveSpec)
+        //         {
+        //             params = new GOST3410PublicKeyAlgParameters(
+        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+        //         }
+        //         else
+        //         {   // strictly speaking this may not be applicable...
+        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+        //
+        //             X9ECParameters ecP = new X9ECParameters(
+        //                 curve,
+        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+        //                 ecSpec.getOrder(),
+        //                 BigInteger.valueOf(ecSpec.getCofactor()),
+        //                 ecSpec.getCurve().getSeed());
+        //
+        //             params = new X962Parameters(ecP);
+        //         }
+        //     }
+        //
+        //     BigInteger      bX = this.q.getX().toBigInteger();
+        //     BigInteger      bY = this.q.getY().toBigInteger();
+        //     byte[]          encKey = new byte[64];
+        //
+        //     extractBytes(encKey, 0, bX);
+        //     extractBytes(encKey, 32, bY);
+        //
+        //     info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
+        // }
+        // else
+        // END android-removed
         {
             if (ecSpec instanceof ECNamedCurveSpec)
             {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEMac.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEMac.java	2012-09-19 21:17:12.000000000 +0000
@@ -11,24 +11,35 @@
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD4Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// import org.bouncycastle.crypto.digests.TigerDigest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.RC2Engine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RC2Engine;
+// END android-removed
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-import org.bouncycastle.crypto.macs.OldHMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+// import org.bouncycastle.crypto.macs.OldHMac;
+// END android-removed
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -144,109 +155,111 @@
      * the classes that extend directly off us.
      */
 
-    /**
-     * DES
-     */
-    public static class DES
-        extends JCEMac
-    {
-        public DES()
-        {
-            super(new CBCBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * DES 64 bit MAC
-     */
-    public static class DES64
-        extends JCEMac
-    {
-        public DES64()
-        {
-            super(new CBCBlockCipherMac(new DESEngine(), 64));
-        }
-    }
-
-    /**
-     * RC2
-     */
-    public static class RC2
-        extends JCEMac
-    {
-        public RC2()
-        {
-            super(new CBCBlockCipherMac(new RC2Engine()));
-        }
-    }
-
-
-    
-
-    /**
-     * DES
-     */
-    public static class DESCFB8
-        extends JCEMac
-    {
-        public DESCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * RC2CFB8
-     */
-
-
-    /**
-     * DES9797Alg3with7816-4Padding
-     */
-    public static class DES9797Alg3with7816d4
-        extends JCEMac
-    {
-        public DES9797Alg3with7816d4()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-        }
-    }
-
-    /**
-     * DES9797Alg3
-     */
-    public static class DES9797Alg3
-        extends JCEMac
-    {
-        public DES9797Alg3()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine()));
-        }
-    }
-
-    /**
-     * MD2 HMac
-     */
-    public static class MD2
-        extends JCEMac
-    {
-        public MD2()
-        {
-            super(new HMac(new MD2Digest()));
-        }
-    }
-
-    /**
-     * MD4 HMac
-     */
-    public static class MD4
-        extends JCEMac
-    {
-        public MD4()
-        {
-            super(new HMac(new MD4Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DES
+    //  */
+    // public static class DES
+    //     extends JCEMac
+    // {
+    //     public DES()
+    //     {
+    //         super(new CBCBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES 64 bit MAC
+    //  */
+    // public static class DES64
+    //     extends JCEMac
+    // {
+    //     public DES64()
+    //     {
+    //         super(new CBCBlockCipherMac(new DESEngine(), 64));
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2
+    //  */
+    // public static class RC2
+    //     extends JCEMac
+    // {
+    //     public RC2()
+    //     {
+    //         super(new CBCBlockCipherMac(new RC2Engine()));
+    //     }
+    // }
+    //
+    //
+    //
+    //
+    // /**
+    //  * DES
+    //  */
+    // public static class DESCFB8
+    //     extends JCEMac
+    // {
+    //     public DESCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2CFB8
+    //  */
+    //
+    //
+    // /**
+    //  * DES9797Alg3with7816-4Padding
+    //  */
+    // public static class DES9797Alg3with7816d4
+    //     extends JCEMac
+    // {
+    //     public DES9797Alg3with7816d4()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES9797Alg3
+    //  */
+    // public static class DES9797Alg3
+    //     extends JCEMac
+    // {
+    //     public DES9797Alg3()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * MD2 HMac
+    //  */
+    // public static class MD2
+    //     extends JCEMac
+    // {
+    //     public MD2()
+    //     {
+    //         super(new HMac(new MD2Digest()));
+    //     }
+    // }
+    //
+    // /**
+    //  * MD4 HMac
+    //  */
+    // public static class MD4
+    //     extends JCEMac
+    // {
+    //     public MD4()
+    //     {
+    //         super(new HMac(new MD4Digest()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * MD5 HMac
@@ -256,7 +269,9 @@
     {
         public MD5()
         {
-            super(new HMac(new MD5Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getMD5()));
+            // END android-changed
         }
     }
 
@@ -268,21 +283,25 @@
     {
         public SHA1()
         {
-            super(new HMac(new SHA1Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA1()));
+            // END android-changed
         }
     }
 
-    /**
-     * SHA-224 HMac
-     */
-    public static class SHA224
-        extends JCEMac
-    {
-        public SHA224()
-        {
-            super(new HMac(new SHA224Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * SHA-224 HMac
+    //  */
+    // public static class SHA224
+    //     extends JCEMac
+    // {
+    //     public SHA224()
+    //     {
+    //         super(new HMac(new SHA224Digest()));
+    //     }
+    // }
+    // END android-removed
     
     /**
      * SHA-256 HMac
@@ -292,7 +311,9 @@
     {
         public SHA256()
         {
-            super(new HMac(new SHA256Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA256()));
+            // END android-changed
         }
     }
 
@@ -304,18 +325,22 @@
     {
         public SHA384()
         {
-            super(new HMac(new SHA384Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA384()));
+            // END android-changed
         }
     }
 
-    public static class OldSHA384
-        extends JCEMac
-    {
-        public OldSHA384()
-        {
-            super(new OldHMac(new SHA384Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class OldSHA384
+    //     extends JCEMac
+    // {
+    //     public OldSHA384()
+    //     {
+    //         super(new OldHMac(new SHA384Digest()));
+    //     }
+    // }
+    // END android-removed
     
     /**
      * SHA-512 HMac
@@ -325,75 +350,80 @@
     {
         public SHA512()
         {
-            super(new HMac(new SHA512Digest()));
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA512()));
+            // END android-changed
         }
     }
 
-    /**
-     * SHA-512 HMac
-     */
-    public static class OldSHA512
-        extends JCEMac
-    {
-        public OldSHA512()
-        {
-            super(new OldHMac(new SHA512Digest()));
-        }
-    }
     
-    /**
-     * RIPEMD128 HMac
-     */
-    public static class RIPEMD128
-        extends JCEMac
-    {
-        public RIPEMD128()
-        {
-            super(new HMac(new RIPEMD128Digest()));
-        }
-    }
-
-    /**
-     * RIPEMD160 HMac
-     */
-    public static class RIPEMD160
-        extends JCEMac
-    {
-        public RIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()));
-        }
-    }
-
-    /**
-     * Tiger HMac
-     */
-    public static class Tiger
-        extends JCEMac
-    {
-        public Tiger()
-        {
-            super(new HMac(new TigerDigest()));
-        }
-    }
-
+    // BEGIN android-removed
+    // /**
+    //  * SHA-512 HMac
+    //  */
+    // public static class OldSHA512
+    //     extends JCEMac
+    // {
+    //     public OldSHA512()
+    //     {
+    //         super(new OldHMac(new SHA512Digest()));
+    //     }
+    // }
     //
-    // PKCS12 states that the same algorithm should be used
-    // for the key generation as is used in the HMAC, so that
-    // is what we do here.
+    // /**
+    //  * RIPEMD128 HMac
+    //  */
+    // public static class RIPEMD128
+    //     extends JCEMac
+    // {
+    //     public RIPEMD128()
+    //     {
+    //        super(new HMac(new RIPEMD128Digest()));
+    //     }
+    // }
     //
-
-    /**
-     * PBEWithHmacRIPEMD160
-     */
-    public static class PBEWithRIPEMD160
-        extends JCEMac
-    {
-        public PBEWithRIPEMD160()
-        {
-            super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160);
-        }
-    }
+    // /**
+    //  * RIPEMD160 HMac
+    //  */
+    // public static class RIPEMD160
+    //     extends JCEMac
+    // {
+    //     public RIPEMD160()
+    //     {
+    //        super(new HMac(new RIPEMD160Digest()));
+    //     }
+    // }
+    //
+    // /**
+    //  * Tiger HMac
+    //  */
+    // public static class Tiger
+    //     extends JCEMac
+    // {
+    //     public Tiger()
+    //     {
+    //         super(new HMac(new TigerDigest()));
+    //     }
+    // }
+    //
+    // //
+    // // PKCS12 states that the same algorithm should be used
+    // // for the key generation as is used in the HMAC, so that
+    // // is what we do here.
+    // //
+    //
+    // /**
+    //  * PBEWithHmacRIPEMD160
+    //  */
+    // public static class PBEWithRIPEMD160
+    //     extends JCEMac
+    // {
+    //     public PBEWithRIPEMD160()
+    //     {
+    //         super(new HMac(new RIPEMD160Digest()), PKCS12, RIPEMD160, 160);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithHmacSHA
@@ -403,19 +433,23 @@
     {
         public PBEWithSHA()
         {
-            super(new HMac(new SHA1Digest()), PKCS12, SHA1, 160);
+            // BEGIN android-changed
+            super(new HMac(AndroidDigestFactory.getSHA1()), PKCS12, SHA1, 160);
+            // END android-changed
         }
     }
 
-    /**
-     * PBEWithHmacTiger
-     */
-    public static class PBEWithTiger
-        extends JCEMac
-    {
-        public PBEWithTiger()
-        {
-            super(new HMac(new TigerDigest()), PKCS12, TIGER, 192);
-        }
-    }
+    // BEGIN android-removed
+    //  /**
+    //   * PBEWithHmacTiger
+    //   */
+    // public static class PBEWithTiger
+    //     extends JCEMac
+    // {
+    //     public PBEWithTiger()
+    //     {
+    //         super(new HMac(new TigerDigest()), PKCS12, TIGER, 192);
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateCrtKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -127,7 +127,9 @@
      */
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPrivateKey(getModulus(), getPublicExponent(), getPrivateExponent(), getPrimeP(), getPrimeQ(), getPrimeExponentP(), getPrimeExponentQ(), getCrtCoefficient()));
+        // END android-changed
     }
 
     /**
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPrivateKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -78,7 +78,9 @@
 
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedPrivateKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new org.bouncycastle.asn1.pkcs.RSAPrivateKey(getModulus(), ZERO, getPrivateExponent(), ZERO, ZERO, ZERO, ZERO, ZERO));
+        // END android-changed
     }
 
     public boolean equals(Object o)
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCERSAPublicKey.java	2012-09-19 21:17:12.000000000 +0000
@@ -91,7 +91,9 @@
 
     public byte[] getEncoded()
     {
-        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, new DERNull()), new RSAPublicKeyStructure(getModulus(), getPublicExponent()));
+        // BEGIN android-changed
+        return KeyUtil.getEncodedSubjectPublicKeyInfo(new AlgorithmIdentifier(PKCSObjectIdentifiers.rsaEncryption, DERNull.INSTANCE), new RSAPublicKeyStructure(getModulus(), getPublicExponent()));
+        // END android-changed
     }
 
     public int hashCode()
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCESecretKeyFactory.java	2012-09-19 21:17:12.000000000 +0000
@@ -252,29 +252,31 @@
         }
     }
 
-    /**
-     * PBEWithMD2AndDES
-     */
-    static public class PBEWithMD2AndDES
-        extends DESPBEKeyFactory
-    {
-        public PBEWithMD2AndDES()
-        {
-            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
-
-    /**
-     * PBEWithMD2AndRC2
-     */
-    static public class PBEWithMD2AndRC2
-        extends PBEKeyFactory
-    {
-        public PBEWithMD2AndRC2()
-        {
-            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithMD2AndDES
+    //  */
+    // static public class PBEWithMD2AndDES
+    //     extends DESPBEKeyFactory
+    // {
+    //     public PBEWithMD2AndDES()
+    //     {
+    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * PBEWithMD2AndRC2
+    //  */
+    // static public class PBEWithMD2AndRC2
+    //     extends PBEKeyFactory
+    // {
+    //     public PBEWithMD2AndRC2()
+    //     {
+    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
+    //     }
+    // }
+    // END android-removed
 
    /**
     * PBEWithMD5AndDES
@@ -408,17 +410,19 @@
        }
    }
    
-   /**
-    * PBEWithHmacRIPEMD160
-    */
-   public static class PBEWithRIPEMD160
-       extends PBEKeyFactory
-   {
-       public PBEWithRIPEMD160()
-       {
-           super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0);
-       }
-   }
+   // BEGIN android-removed
+   // /**
+   //  * PBEWithHmacRIPEMD160
+   //  */
+   // public static class PBEWithRIPEMD160
+   //     extends PBEKeyFactory
+   // {
+   //     public PBEWithRIPEMD160()
+   //     {
+   //         super("PBEwithHmacRIPEMD160", null, false, PKCS12, RIPEMD160, 160, 0);
+   //     }
+   // }
+   // END android-removed
 
    /**
     * PBEWithHmacSHA
@@ -432,17 +436,19 @@
        }
    }
 
-   /**
-    * PBEWithHmacTiger
-    */
-   public static class PBEWithTiger
-       extends PBEKeyFactory
-   {
-       public PBEWithTiger()
-       {
-           super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0);
-       }
-   }
+   // BEGIN android-removed
+   // /**
+   //  * PBEWithHmacTiger
+   //  */
+   // public static class PBEWithTiger
+   //     extends PBEKeyFactory
+   // {
+   //     public PBEWithTiger()
+   //     {
+   //         super("PBEwithHmacTiger", null, false, PKCS12, TIGER, 192, 0);
+   //     }
+   // }
+   // END android-removed
    
    /**
     * PBEWithSHA1And128BitAES-BC
@@ -551,4 +557,56 @@
            super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
        }
    }
+    // BEGIN android-added
+    static public class PBKDF2WithHmacSHA1
+        extends JCESecretKeyFactory
+    {
+        public PBKDF2WithHmacSHA1()
+        {
+            super("PBKDF2WithHmacSHA1", PKCSObjectIdentifiers.id_PBKDF2);
+        }
+
+        protected SecretKey engineGenerateSecret(
+            KeySpec keySpec)
+            throws InvalidKeySpecException
+        {
+            if (keySpec instanceof PBEKeySpec)
+            {
+                PBEKeySpec          pbeSpec = (PBEKeySpec)keySpec;
+                
+                if (pbeSpec.getSalt() == null)
+                {
+                    throw new InvalidKeySpecException("missing required salt");
+                }
+
+                if (pbeSpec.getIterationCount() <= 0)
+                {
+                    throw new InvalidKeySpecException("positive iteration count required: "
+                                                      + pbeSpec.getIterationCount());
+                }
+                
+                if (pbeSpec.getKeyLength() <= 0)
+                {
+                    throw new InvalidKeySpecException("positive key length required: "
+                                                      + pbeSpec.getKeyLength());
+                }
+                
+                if (pbeSpec.getPassword().length == 0)
+                {
+                    throw new IllegalArgumentException("password empty");
+                }
+
+                int scheme = PKCS5S2;
+                int digest = SHA1;
+                int keySize = pbeSpec.getKeyLength();
+                int ivSize = -1;
+                CipherParameters param = Util.makePBEMacParameters(pbeSpec, scheme, digest, keySize);
+                
+                return new BCPBEKey(this.algName, this.algOid, scheme, digest, keySize, ivSize, pbeSpec, param);
+            }
+            
+            throw new InvalidKeySpecException("Invalid KeySpec");
+        }
+    }
+    // END android-added
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JCEStreamCipher.java	2012-09-19 21:17:12.000000000 +0000
@@ -14,20 +14,26 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.BlowfishEngine;
+// import org.bouncycastle.crypto.engines.DESEngine;
+// import org.bouncycastle.crypto.engines.DESedeEngine;
+// END android-removed
 import org.bouncycastle.crypto.engines.RC4Engine;
-import org.bouncycastle.crypto.engines.SkipjackEngine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.SkipjackEngine;
+// import org.bouncycastle.crypto.engines.TwofishEngine;
+// END android-removed
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
@@ -44,8 +50,10 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };
@@ -376,125 +384,127 @@
      * The ciphers that inherit from us.
      */
 
-    /**
-     * DES
-     */
-    static public class DES_CFB8
-        extends JCEStreamCipher
-    {
-        public DES_CFB8()
-        {
-            super(new CFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_CFB8
-        extends JCEStreamCipher
-    {
-        public DESede_CFB8()
-        {
-            super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_CFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_CFB8()
-        {
-            super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_CFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_CFB8()
-        {
-            super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_CFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_CFB8()
-        {
-            super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-
-    /**
-     * DES
-     */
-    static public class DES_OFB8
-        extends JCEStreamCipher
-    {
-        public DES_OFB8()
-        {
-            super(new OFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_OFB8
-        extends JCEStreamCipher
-    {
-        public DESede_OFB8()
-        {
-            super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_OFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_OFB8()
-        {
-            super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_OFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_OFB8()
-        {
-            super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_OFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_OFB8()
-        {
-            super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DES
+    //  */
+    // static public class DES_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DES_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new DESEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * DESede
+    //  */
+    // static public class DESede_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DESede_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * SKIPJACK
+    //  */
+    // static public class Skipjack_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Skipjack_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Blowfish
+    //  */
+    // static public class Blowfish_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Blowfish_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Twofish
+    //  */
+    // static public class Twofish_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Twofish_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
+    //     }
+    // }
+    //
+    // /**
+    //  * DES
+    //  */
+    // static public class DES_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DES_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new DESEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * DESede
+    //  */
+    // static public class DESede_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DESede_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * SKIPJACK
+    //  */
+    // static public class Skipjack_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Skipjack_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Blowfish
+    //  */
+    // static public class Blowfish_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Blowfish_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Twofish
+    //  */
+    // static public class Twofish_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Twofish_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithSHAAnd128BitRC4
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKAlgorithmParameters.java	2012-09-19 21:17:12.000000000 +0000
@@ -17,7 +17,9 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;
-import org.bouncycastle.jce.spec.IESParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.IESParameterSpec;
+// END android-removed
 
 public abstract class JDKAlgorithmParameters
     extends AlgorithmParametersSpi
@@ -208,109 +210,111 @@
         }
     }
 
-    public static class IES
-        extends JDKAlgorithmParameters
-    {
-        IESParameterSpec     currentSpec;
-
-        /**
-         * in the absence of a standard way of doing it this will do for
-         * now...
-         */
-        protected byte[] engineGetEncoded() 
-        {
-            try
-            {
-                ASN1EncodableVector v = new ASN1EncodableVector();
-
-                v.add(new DEROctetString(currentSpec.getDerivationV()));
-                v.add(new DEROctetString(currentSpec.getEncodingV()));
-                v.add(new DERInteger(currentSpec.getMacKeySize()));
-
-                return new DERSequence(v).getEncoded(ASN1Encoding.DER);
-            }
-            catch (IOException e)
-            {
-                throw new RuntimeException("Error encoding IESParameters");
-            }
-        }
-
-        protected byte[] engineGetEncoded(
-            String format) 
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == IESParameterSpec.class)
-            {
-                return currentSpec;
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec) 
-            throws InvalidParameterSpecException
-        {
-            if (!(paramSpec instanceof IESParameterSpec))
-            {
-                throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object");
-            }
-
-            this.currentSpec = (IESParameterSpec)paramSpec;
-        }
-
-        protected void engineInit(
-            byte[] params) 
-            throws IOException
-        {
-            try
-            {
-                ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params);
-
-                this.currentSpec = new IESParameterSpec(
-                                        ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
-                                        ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
-                                        ((DERInteger)s.getObjectAt(0)).getValue().intValue());
-            }
-            catch (ClassCastException e)
-            {
-                throw new IOException("Not a valid IES Parameter encoding.");
-            }
-            catch (ArrayIndexOutOfBoundsException e)
-            {
-                throw new IOException("Not a valid IES Parameter encoding.");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format) 
-            throws IOException
-        {
-            if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
-            {
-                engineInit(params);
-            }
-            else
-            {
-                throw new IOException("Unknown parameter format " + format);
-            }
-        }
-
-        protected String engineToString() 
-        {
-            return "IES Parameters";
-        }
-    }
+    // BEGIN android-removed
+    // public static class IES
+    //     extends JDKAlgorithmParameters
+    // {
+    //     IESParameterSpec     currentSpec;
+    //
+    //     /**
+    //      * in the absence of a standard way of doing it this will do for
+    //      * now...
+    //      */
+    //     protected byte[] engineGetEncoded() 
+    //     {
+    //         try
+    //         {
+    //             ASN1EncodableVector v = new ASN1EncodableVector();
+    //
+    //             v.add(new DEROctetString(currentSpec.getDerivationV()));
+    //             v.add(new DEROctetString(currentSpec.getEncodingV()));
+    //             v.add(new DERInteger(currentSpec.getMacKeySize()));
+    //
+    //             return new DERSequence(v).getEncoded(ASN1Encoding.DER);
+    //         }
+    //         catch (IOException e)
+    //         {
+    //             throw new RuntimeException("Error encoding IESParameters");
+    //         }
+    //     }
+    //
+    //     protected byte[] engineGetEncoded(
+    //         String format) 
+    //     {
+    //         if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
+    //         {
+    //             return engineGetEncoded();
+    //         }
+    //
+    //         return null;
+    //     }
+    //
+    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
+    //         Class paramSpec) 
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (paramSpec == IESParameterSpec.class)
+    //         {
+    //             return currentSpec;
+    //         }
+    //
+    //         throw new InvalidParameterSpecException("unknown parameter spec passed to ElGamal parameters object.");
+    //     }
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec paramSpec) 
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (!(paramSpec instanceof IESParameterSpec))
+    //         {
+    //             throw new InvalidParameterSpecException("IESParameterSpec required to initialise a IES algorithm parameters object");
+    //         }
+    //
+    //         this.currentSpec = (IESParameterSpec)paramSpec;
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params) 
+    //         throws IOException
+    //     {
+    //         try
+    //         {
+    //             ASN1Sequence s = (ASN1Sequence)ASN1Primitive.fromByteArray(params);
+    //
+    //             this.currentSpec = new IESParameterSpec(
+    //                                     ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
+    //                                     ((ASN1OctetString)s.getObjectAt(0)).getOctets(),
+    //                                     ((DERInteger)s.getObjectAt(0)).getValue().intValue());
+    //         }
+    //         catch (ClassCastException e)
+    //         {
+    //             throw new IOException("Not a valid IES Parameter encoding.");
+    //         }
+    //         catch (ArrayIndexOutOfBoundsException e)
+    //         {
+    //             throw new IOException("Not a valid IES Parameter encoding.");
+    //         }
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params,
+    //         String format) 
+    //         throws IOException
+    //     {
+    //         if (isASN1FormatString(format) || format.equalsIgnoreCase("X.509"))
+    //         {
+    //             engineInit(params);
+    //         }
+    //         else
+    //         {
+    //             throw new IOException("Unknown parameter format " + format);
+    //         }
+    //     }
+    //
+    //     protected String engineToString() 
+    //     {
+    //         return "IES Parameters";
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKKeyStore.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKKeyStore.java	2012-09-19 21:17:12.000000000 +0000
@@ -39,7 +39,12 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// END android-removed
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.io.DigestInputStream;
 import org.bouncycastle.crypto.io.DigestOutputStream;
@@ -498,7 +503,13 @@
 
         if (entry == null)
         {
-            throw new KeyStoreException("no such entry as " + alias);
+            // BEGIN android-removed
+            // Only throw if there is a problem removing, not if missing
+            // throw new KeyStoreException("no such entry as " + alias);
+            // END android-removed
+            // BEGIN android-added
+            return;
+            // END android-added
         }
 
         table.remove(alias);
@@ -817,12 +828,16 @@
         //
         // we only do an integrity check if the password is provided.
         //
-        HMac hMac = new HMac(new SHA1Digest());
+        // BEGIN android-changed
+        HMac hMac = new HMac(AndroidDigestFactory.getSHA1());
+        // END android-changed
         if (password != null && password.length != 0)
         {
             byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
 
-            PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
+            // BEGIN android-changed
+            PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
+            // END android-changed
             pbeGen.init(passKey, salt, iterationCount);
 
             CipherParameters macParams;
@@ -884,9 +899,11 @@
         dOut.write(salt);
         dOut.writeInt(iterationCount);
 
-        HMac                    hMac = new HMac(new SHA1Digest());
+        // BEGIN android-changed
+        HMac                    hMac = new HMac(AndroidDigestFactory.getSHA1());
         MacOutputStream         mOut = new MacOutputStream(hMac);
-        PBEParametersGenerator  pbeGen = new PKCS12ParametersGenerator(new SHA1Digest());
+        PBEParametersGenerator  pbeGen = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
+        // END android-changed
         byte[]                  passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password);
 
         pbeGen.init(passKey, salt, iterationCount);
@@ -974,7 +991,9 @@
             Cipher cipher = this.makePBECipher(cipherAlg, Cipher.DECRYPT_MODE, password, salt, iterationCount);
             CipherInputStream cIn = new CipherInputStream(dIn, cipher);
 
-            Digest dig = new SHA1Digest();
+            // BEGIN android-changed
+            Digest dig = AndroidDigestFactory.getSHA1();
+            // END android-changed
             DigestInputStream  dgIn = new DigestInputStream(cIn, dig);
     
             this.loadStore(dgIn);
@@ -1013,7 +1032,9 @@
             cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount);
     
             CipherOutputStream  cOut = new CipherOutputStream(dOut, cipher);
-            DigestOutputStream  dgOut = new DigestOutputStream(new SHA1Digest());
+            // BEGIN android-changed
+            DigestOutputStream  dgOut = new DigestOutputStream(AndroidDigestFactory.getSHA1());
+            // END android-changed
     
             this.saveStore(new TeeOutputStream(cOut, dgOut));
     
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/JDKPKCS12KeyStore.java	2012-09-19 21:17:12.000000000 +0000
@@ -261,10 +261,13 @@
             }
         }
 
-        if (c == null && k == null)
-        {
-            throw new KeyStoreException("no such entry as " + alias);
-        }
+        // BEGIN android-removed
+        // Only throw if there is a problem removing, not if missing
+        // if (c == null && k == null)
+        // {
+        //     throw new KeyStoreException("no such entry as " + alias);
+        // }
+        // END android-removed
     }
 
     /**
@@ -439,6 +442,14 @@
     
     public Date engineGetCreationDate(String alias) 
     {
+        // BEGIN android-added
+        if (alias == null) {
+            throw new NullPointerException("alias == null");
+        }
+        if (keys.get(alias) == null && certs.get(alias) == null) {
+            return null;
+        }
+        // END android-added
         return new Date();
     }
 
@@ -497,6 +508,11 @@
         Certificate[]   chain) 
         throws KeyStoreException
     {
+        // BEGIN android-added
+        if (!(key instanceof PrivateKey)) {
+            throw new KeyStoreException("PKCS12 does not support non-PrivateKeys");
+        }
+        // END android-added
         if ((key instanceof PrivateKey) && (chain == null))
         {
             throw new KeyStoreException("no certificate chain for private key");
@@ -508,12 +524,18 @@
         }
 
         keys.put(alias, key);
+        // BEGIN android-added
+        if (chain != null) {
+        // END android-added
         certs.put(alias, chain[0]);
 
         for (int i = 0; i != chain.length; i++)
         {
             chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]);
         }
+        // BEGIN android-added
+        }
+        // END android-added
     }
 
     public int engineSize() 
@@ -1489,7 +1511,9 @@
         {
             byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data);
 
-            AlgorithmIdentifier     algId = new AlgorithmIdentifier(id_SHA1, new DERNull());
+            // BEGIN android-changed
+            AlgorithmIdentifier     algId = new AlgorithmIdentifier(id_SHA1, DERNull.INSTANCE);
+            // END android-changed
             DigestInfo              dInfo = new DigestInfo(algId, res);
 
             mData = new MacData(dInfo, mSalt, itCount);
@@ -1546,32 +1570,34 @@
         }
     }
 
-    public static class BCPKCS12KeyStore3DES
-        extends JDKPKCS12KeyStore
-    {
-        public BCPKCS12KeyStore3DES()
-        {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore
-        extends JDKPKCS12KeyStore
-    {
-        public DefPKCS12KeyStore()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore3DES
-        extends JDKPKCS12KeyStore
-    {
-        public DefPKCS12KeyStore3DES()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
+    // BEGIN android-removed
+    // public static class BCPKCS12KeyStore3DES
+    //     extends JDKPKCS12KeyStore
+    // {
+    //     public BCPKCS12KeyStore3DES()
+    //     {
+    //         super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+    //     }
+    // }
+    //
+    // public static class DefPKCS12KeyStore
+    //     extends JDKPKCS12KeyStore
+    // {
+    //     public DefPKCS12KeyStore()
+    //     {
+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+    //     }
+    // }
+    //
+    // public static class DefPKCS12KeyStore3DES
+    //     extends JDKPKCS12KeyStore
+    // {
+    //     public DefPKCS12KeyStore3DES()
+    //     {
+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+    //     }
+    // }
+    // END android-removed
 
     private static class IgnoresCaseHashtable
     {
@@ -1580,7 +1606,9 @@
 
         public void put(String key, Object value)
         {
-            String lower = Strings.toLowerCase(key);
+            // BEGIN android-changed
+            String lower = (key == null) ? null : Strings.toLowerCase(key);
+            // END android-changed
             String k = (String)keys.get(lower);
             if (k != null)
             {
@@ -1598,7 +1626,9 @@
 
         public Object remove(String alias)
         {
-            String k = (String)keys.remove(Strings.toLowerCase(alias));
+            // BEGIN android-changed
+            String k = (String)keys.remove(alias == null ? null : Strings.toLowerCase(alias));
+            // END android-changed
             if (k == null)
             {
                 return null;
@@ -1609,7 +1639,9 @@
 
         public Object get(String alias)
         {
-            String k = (String)keys.get(Strings.toLowerCase(alias));
+            // BEGIN android-changed
+            String k = (String)keys.get(alias == null ? null : Strings.toLowerCase(alias));
+            // END android-changed
             if (k == null)
             {
                 return null;
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2012-09-19 21:17:12.000000000 +0000
@@ -1,5 +1,8 @@
 package org.bouncycastle.jce.provider;
 
+// BEGIN android-added
+import java.math.BigInteger;
+// END android-added
 import java.security.InvalidAlgorithmParameterException;
 import java.security.PublicKey;
 import java.security.cert.CertPath;
@@ -33,6 +36,9 @@
 public class PKIXCertPathValidatorSpi
         extends CertPathValidatorSpi
 {
+    // BEGIN android-added
+    private final static CertBlacklist blacklist = new CertBlacklist();
+    // END android-added
 
     public CertPathValidatorResult engineValidate(
             CertPath certPath,
@@ -75,6 +81,22 @@
         {
             throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
         }
+        // BEGIN android-added
+        {
+            X509Certificate cert = (X509Certificate) certs.get(0);
+
+            if (cert != null) {
+                BigInteger serial = cert.getSerialNumber();
+                if (blacklist.isSerialNumberBlackListed(serial)) {
+                    // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+                    String message = "Certificate revocation of serial 0x" + serial.toString(16);
+                    System.out.println(message);
+                    AnnotatedException e = new AnnotatedException(message);
+                    throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
+                }
+            }
+        }
+        // END android-added
 
         //
         // (b)
@@ -251,6 +273,15 @@
 
         for (index = certs.size() - 1; index >= 0; index--)
         {
+            // BEGIN android-added
+            if (blacklist.isPublicKeyBlackListed(workingPublicKey)) {
+                // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+                String message = "Certificate revocation of public key " + workingPublicKey;
+                System.out.println(message);
+                AnnotatedException e = new AnnotatedException(message);
+                throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
+            }
+            // END android-added
             // try
             // {
             //
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/PKIXNameConstraintValidator.java	2012-09-19 21:17:12.000000000 +0000
@@ -1533,7 +1533,9 @@
         for (Enumeration e = permitted.getObjects(); e.hasMoreElements();)
         {
             GeneralSubtree subtree = GeneralSubtree.getInstance(e.nextElement());
-            Integer tagNo = new Integer(subtree.getBase().getTagNo());
+            // BEGIN android-changed
+            Integer tagNo = Integer.valueOf(subtree.getBase().getTagNo());
+            // END android-changed
             if (subtreesMap.get(tagNo) == null)
             {
                 subtreesMap.put(tagNo, new HashSet());
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509CertificateObject.java	2012-09-19 21:17:12.000000000 +0000
@@ -544,12 +544,20 @@
         }
     }
 
+    // BEGIN android-changed
+    private byte[] encoded;
+    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            return c.getEncoded(ASN1Encoding.DER);
+            // BEGIN android-changed
+            if (encoded == null) {
+                encoded = c.getEncoded(ASN1Encoding.DER);
+            }
+            return encoded;
+            // END android-changed
         }
         catch (IOException e)
         {
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/jce/provider/X509SignatureUtil.java	2012-09-19 21:17:12.000000000 +0000
@@ -14,7 +14,9 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -25,7 +27,9 @@
 
 class X509SignatureUtil
 {
-    private static final ASN1Null       derNull = new DERNull();
+    // BEGIN android-changed
+    private static final ASN1Null       derNull = DERNull.INSTANCE;
+    // END android-changed
     
     static void setSignatureParameters(
         Signature signature,
@@ -66,12 +70,14 @@
         
         if (params != null && !derNull.equals(params))
         {
-            if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
-            }
+            // BEGIN android-removed
+            // if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
+            // {
+            //     RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
+            //
+            //     return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
+            // }
+            // END android-removed
             if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
             {
                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
@@ -98,10 +104,12 @@
         {
             return "SHA1";
         }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
+        // BEGIN android-removed
+        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        // {
+        //     return "SHA224";
+        // }
+        // END android-removed
         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
         {
             return "SHA256";
@@ -114,22 +122,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/x509/X509Util.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/x509/X509Util.java	2012-09-19 21:17:12.000000000 +0000
@@ -25,12 +25,16 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jce.X509Principal;
@@ -44,14 +48,18 @@
     
     static
     {   
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // END android-removed
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
         algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -59,45 +67,59 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
@@ -105,25 +127,39 @@
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // explicit params
         //
-        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, new DERNull());
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
-
-        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, new DERNull());
+        // BEGIN android-removed
+        // // BEGIN android-changed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // // END android-changed
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
+
+        // BEGIN android-changed
+        AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
 
-        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha384AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha384, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA384WITHRSAANDMGF1", creatPSSParams(sha384AlgId, 48));
 
-        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, new DERNull());
+        // BEGIN android-changed
+        AlgorithmIdentifier sha512AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha512, DERNull.INSTANCE);
+        // END android-changed
         params.put("SHA512WITHRSAANDMGF1", creatPSSParams(sha512AlgId, 64));
     }
 
@@ -166,7 +202,9 @@
         }
         else
         {
-            return new AlgorithmIdentifier(sigOid, new DERNull());
+            // BEGIN android-changed
+            return new AlgorithmIdentifier(sigOid, DERNull.INSTANCE);
+            // END android-changed
         }
     }
     
diff -Naur bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java
--- bcprov-jdk15on-147.orig/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2012-03-22 15:11:48.000000000 +0000
+++ bcprov-jdk15on-147/org/bouncycastle/x509/extension/X509ExtensionUtil.java	2012-09-19 21:17:12.000000000 +0000
@@ -62,7 +62,9 @@
             {
                 GeneralName genName = GeneralName.getInstance(it.nextElement());
                 List list = new ArrayList();
-                list.add(new Integer(genName.getTagNo()));
+                // BEGIN android-changed
+                list.add(Integer.valueOf(genName.getTagNo()));
+                // END android-changed
                 switch (genName.getTagNo())
                 {
                 case GeneralName.ediPartyName: