| Brian Carlstrom | e6bf3e8 | 2012-09-17 16:04:47 -0700 | [diff] [blame] | 1 | bcprov.patch: |
| Brian Carlstrom | 8113f6d | 2010-06-17 16:46:35 -0700 | [diff] [blame] | 2 | |
| Brian Carlstrom | e6bf3e8 | 2012-09-17 16:04:47 -0700 | [diff] [blame] | 3 | patch against Bouncy Castle's bcprov: |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 4 | |
| 5 | The main differences involve removing algorithms not included in the |
| 6 | reference implementation (RI). The libcore |
| 7 | java.security.StandardNames test support class provides the most |
| 8 | up-do-date documentation of differences between the RI's list of |
| 9 | supported algorithms and Android's. Some notable omissions versus the |
| 10 | RI: |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 11 | - LDAP |
| 12 | - MD2 |
| 13 | - RC2 |
| 14 | |
| Brian Carlstrom | db9f6e2 | 2011-05-21 22:07:40 -0700 | [diff] [blame] | 15 | Other performance (both speed and memory) and correctness changes: |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 16 | - singleton DERNull (BouncyCastle now does this but we make constructor private to be sure) |
| 17 | - similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE} |
| Brian Carlstrom | db9f6e2 | 2011-05-21 22:07:40 -0700 | [diff] [blame] | 18 | - removed use of Boolean constructor |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 19 | - DERObjectIdentifier interns its internal String indentifer value |
| 20 | - changed uses of 'new Integer' to 'Integer.valueOf' |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 21 | - X509CertificateObject.getEncoded caches its result |
| Brian Carlstrom | 7a6b43b | 2010-06-21 11:26:46 -0700 | [diff] [blame] | 22 | - removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12 |
| Brian Carlstrom | 10261d9 | 2010-06-23 00:14:16 -0700 | [diff] [blame] | 23 | - OpenSSLDigest uses NativeCrypto JNI API |
| Brian Carlstrom | 8e55150 | 2010-07-13 14:50:52 -0700 | [diff] [blame] | 24 | - KeyStoreSpis made more tolerant of non-existant and null aliases |
| 25 | - PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases |
| 26 | - Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get |
| 27 | - Make PKCS12 KeyStore tolerate setting with an empty certificate chain |
| Jesse Wilson | 1db2c79 | 2010-09-02 10:30:27 -0700 | [diff] [blame] | 28 | - Fixed cut & paste instanceof error in EncryptedPrivateKeyInfo |
| Brian Carlstrom | 83ebf91 | 2010-10-05 15:57:48 -0700 | [diff] [blame] | 29 | - Make BouncyCastleProvider.PROVIDER_NAME final |
| Brian Carlstrom | 5faee29 | 2010-10-04 14:56:33 -0700 | [diff] [blame] | 30 | - Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1 |
| Brian Carlstrom | 517da5b | 2012-09-14 00:21:37 -0700 | [diff] [blame] | 31 | - Fixed BaseKeyFactorySpi to convert all Exceptions to InvalidKeySpecException for KeyRepTest |
| Kenny Root | 4402151 | 2013-01-07 10:41:42 -0800 | [diff] [blame] | 32 | - Added support for getSubjectAlternativeNames and getIssuerAlternativeNames to the JCE interface |
| 33 | - Changed subjectAlternativeNames to match X509Certificate documentation's specified output |
| 34 | - T61String are decoded as UTF-8 to match RI |
| Jesse Wilson | 253ce5e | 2011-02-23 17:42:23 -0800 | [diff] [blame] | 35 | |
| Brian Carlstrom | 34c261b | 2011-03-23 16:43:51 -0700 | [diff] [blame] | 36 | Other security changes: |
| Brian Carlstrom | 092d153 | 2011-03-23 22:30:53 -0700 | [diff] [blame] | 37 | - Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi |
| Brian Carlstrom | 6fe522a | 2011-09-01 14:57:08 -0700 | [diff] [blame] | 38 | - Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates |
| Brian Carlstrom | 092d153 | 2011-03-23 22:30:53 -0700 | [diff] [blame] | 39 | |
| 40 | Other changes: |
| Jesse Wilson | 253ce5e | 2011-02-23 17:42:23 -0800 | [diff] [blame] | 41 | - Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime |
| Brian Carlstrom | e6bf3e8 | 2012-09-17 16:04:47 -0700 | [diff] [blame] | 42 | |
| 43 | |
| 44 | bcpkix.patch: |
| 45 | |
| 46 | patch against Bouncy Castle's bcpkix: |
| 47 | |
| 48 | The main differences involve: |
| 49 | - removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST) |
| 50 | - using the singleton DERNull.INSTANCE |
| Brian Carlstrom | aea1f12 | 2013-01-28 18:13:59 -0800 | [diff] [blame^] | 51 | |
| 52 | |
| 53 | CipherSpi-engineWrap.patch: |
| 54 | |
| 55 | Fixes from upstream BouncyCastle repository for: |
| 56 | https://code.google.com/p/android/issues/detail?id=41405 |
| 57 | |
| 58 | "added wrap/unwrap support back in." |
| 59 | http://www.bouncycastle.org/viewcvs/viewcvs.cgi/java/crypto/src/org/bouncycastle/jce/provider/JCEBlockCipher.java?r1=1.31&r2=1.32&view=patch |
| 60 | "fix for JCEStreamCipher PBE wrapping" |
| 61 | http://www.bouncycastle.org/viewcvs/viewcvs.cgi/java/crypto/src/org/bouncycastle/jce/provider/JCEStreamCipher.java?r1=1.15&r2=1.16&view=patch |
