1bcprov.patch: 2 3patch against Bouncy Castle's bcprov: 4 5The main differences involve removing algorithms not included in the 6reference implementation (RI). The libcore 7java.security.StandardNames test support class provides the most 8up-do-date documentation of differences between the RI's list of 9supported algorithms and Android's. Some notable omissions versus the 10RI: 11- LDAP 12- MD2 13- RC2 14 15Other performance (both speed and memory) and correctness changes: 16- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure) 17- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE} 18- removed use of Boolean constructor 19- DERObjectIdentifier interns its internal String indentifer value 20- changed uses of 'new Integer' to 'Integer.valueOf' 21- X509CertificateObject.getEncoded caches its result 22- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12 23- OpenSSLDigest uses NativeCrypto JNI API 24- KeyStoreSpis made more tolerant of non-existant and null aliases 25- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases 26- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get 27- Make PKCS12 KeyStore tolerate setting with an empty certificate chain 28- Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo 29- Make BouncyCastleProvider.PROVIDER_NAME final 30- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1 31- Fixed BaseKeyFactorySpi to convert all Exceptions to InvalidKeySpecException for KeyRepTest 32 33Other security changes: 34- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi 35- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates 36 37Other changes: 38- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime 39 40 41bcpkix.patch: 42 43patch against Bouncy Castle's bcpkix: 44 45The main differences involve: 46- removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST) 47- using the singleton DERNull.INSTANCE 48