• Home
Name Date Size #Lines LOC

..--

READMED03-May-20242.1 KiB3934

android.patchD03-May-2024478.6 KiB13,11112,747

README

1android.patch:
2
3patch against Bouncy Castle:
4
5The main differences involve removing algorithms not included in the
6reference implementation (RI).  The libcore
7java.security.StandardNames test support class provides the most
8up-do-date documentation of differences between the RI's list of
9supported algorithms and Android's. Some notable omissions versus the
10RI:
11- LDAP
12- MD2
13- RC2
14
15Other performance (both speed and memory) changes:
16- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
17- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
18- DERPrintableString interns its internal String values
19- DERObjectIdentifier interns its internal String indentifer value
20- changed uses of 'new Integer' to 'Integer.valueOf'
21- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
22- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
23- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
24- X509CertificateObject.getEncoded caches its result
25- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
26- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
27- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
28- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
29- OpenSSLDigest uses NativeCrypto JNI API
30- KeyStoreSpis made more tolerant of non-existant and null aliases
31- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
32- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
33- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
34- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
35
36Other security changes:
37- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
38- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
39