Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Fetching latest commit…

Cannot retrieve the latest commit at this time

..
Failed to load latest commit information.
README
android.patch

README

android.patch:

patch against Bouncy Castle:

The main differences involve removing algorithms not included in the
reference implementation (RI).  The libcore
java.security.StandardNames test support class provides the most
up-do-date documentation of differences between the RI's list of
supported algorithms and Android's. Some notable omissions versus the
RI:
- LDAP
- MD2
- RC2

Other performance (both speed and memory) changes:
- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
- DERPrintableString interns its internal String values
- DERObjectIdentifier interns its internal String indentifer value
- changed uses of 'new Integer' to 'Integer.valueOf'
- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
- X509CertificateObject.getEncoded caches its result
- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
- OpenSSLDigest uses NativeCrypto JNI API
- KeyStoreSpis made more tolerant of non-existant and null aliases
- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1

Other security changes:
- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
Something went wrong with that request. Please try again.