1android.patch: 2 3patch against Bouncy Castle: 4 5The main differences involve removing algorithms not included in the 6reference implementation (RI). The libcore 7java.security.StandardNames test support class provides the most 8up-do-date documentation of differences between the RI's list of 9supported algorithms and Android's. Some notable omissions versus the 10RI: 11- LDAP 12- MD2 13- RC2 14 15Other performance (both speed and memory) changes: 16- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure) 17- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE} 18- DERPrintableString interns its internal String values 19- DERObjectIdentifier interns its internal String indentifer value 20- changed uses of 'new Integer' to 'Integer.valueOf' 21- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations 22- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation 23- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation 24- X509CertificateObject.getEncoded caches its result 25- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor 26- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi 27- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation 28- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12 29- OpenSSLDigest uses NativeCrypto JNI API 30- KeyStoreSpis made more tolerant of non-existant and null aliases 31- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases 32- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get 33- Make PKCS12 KeyStore tolerate setting with an empty certificate chain 34- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1 35 36Other security changes: 37- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi 38- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates 39