• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..--

READMED22-Nov-20231.7 KiB4333

bcpkix.patchD22-Nov-202362.9 KiB1,1571,123

bcprov.patchD22-Nov-2023383.6 KiB8,8578,557

README

1bcprov.patch:
2
3patch against Bouncy Castle's bcprov:
4
5The main differences involve removing algorithms not included in the
6reference implementation (RI).  The libcore
7java.security.StandardNames test support class provides the most
8up-do-date documentation of differences between the RI's list of
9supported algorithms and Android's. Some notable omissions versus the
10RI:
11- LDAP
12- MD2
13- RC2
14
15Other performance (both speed and memory) and correctness changes:
16- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
17- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
18- removed use of Boolean constructor (not-upstreamable due to J2ME requirement upstream)
19- DERObjectIdentifier interns its internal String indentifer value
20- changed uses of 'new Integer' to 'Integers.valueOf'
21- X509CertificateObject.getEncoded caches its result
22- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
23- OpenSSLDigest uses NativeCrypto JNI API
24- JDKKeyStore made more tolerant of non-existant aliases
25- Make BouncyCastleProvider.PROVIDER_NAME final
26- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
27
28Other security changes:
29- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
30- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
31
32Other changes:
33- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
34
35
36bcpkix.patch:
37
38patch against Bouncy Castle's bcpkix:
39
40The main differences involve:
41- removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST)
42- using the singleton DERNull.INSTANCE
43