Skip to content


Subversion checkout URL

You can clone with
Download ZIP

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.



patch against Bouncy Castle:

The main differences involve removing algorithms not included in the
reference implementation (RI).  The libcore test support class provides the most
up-do-date documentation of differences between the RI's list of
supported algorithms and Android's. Some notable omissions versus the
- MD2
- RC2

Other performance (both speed and memory) changes:
- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
- DERPrintableString interns its internal String values
- DERObjectIdentifier interns its internal String indentifer value
- changed uses of 'new Integer' to 'Integer.valueOf'
- Added X509NameElementList to reduce small Vector allocation for X509Name key/value operations
- Replaced X509Extensions hash/vector with new OrderedTable instance to cut down on memory allocation
- PKCS12BagAttributeCarrier also uses OrderedTable to cut down on memory allocation
- X509CertificateObject.getEncoded caches its result
- Added IndexedPKIXParameters for faster cert lookup in CertPathValidatorUtilities.findTrustAnchor
- CertPathValidatorUtilities.findTrustAnchor fast path compares encoded certs similar to PKIXCertPathValidatorSpi
- Added ASN1Collection for use as new parent for ASN1Collection and ASN1Set to reduce small Vector allocation
- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
- OpenSSLDigest uses NativeCrypto JNI API
- KeyStoreSpis made more tolerant of non-existant and null aliases
- PKCS12 KeyStore.getCreationDate tries to mimic RI behavior on null and missing aliases
- Make PKCS12 KeyStore throw error when setting non-PrivateKey, instead of on get
- Make PKCS12 KeyStore tolerate setting with an empty certificate chain
- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1

Other security changes:
- blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
- blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
Something went wrong with that request. Please try again.