staging

*   commit 23e859dfd2e095bd71be0290b7c99f0016c6bf4e (HEAD, tag: android-o-mr1-iot-preview-8, m/master, aosp/o-mr1-iot-preview-8, aosp/master)
|\  Merge: 70d9b6a 9432381
| | Author: Treehugger Robot <treehugger-gerrit@google.com>
| | Date:   Wed Mar 28 13:02:01 2018 +0000
| |
| |     Merge "Throw ShortBufferException in RSA CipherSpi."
| |
| * commit 943238191685c85367fb0c51fb0a5f124b361876
|/  Author: Adam Vartanian <flooey@google.com>
|   Date:   Tue Mar 27 14:16:53 2018 +0100
|
|       Throw ShortBufferException in RSA CipherSpi.
|
|       The Javadoc for javax.crypto.Cipher.doFinal() and friends states that
|       Ciphers should throw ShortBufferException when given an output buffer
|       that's too small to hold the output.  BC does this in its other
|       classes, but the RSA implementation doesn't check the output buffer
|       size and just throws ArrayIndexOutOfBoundsException when it tries to
|       fill the output buffer.
|
|       This is bad not only because it's the wrong exception, but because it
|       modifies the Cipher object's internal buffers when it does it, which
|       means that passing a too-short buffer and then calling doFinal() again
|       with a properly-sized buffer will result in incorrect output.
|
|       This fixes tests that have been added for this case in Conscrypt
|       upstream.
|
|       Test: cts -m CtsLibcoreTestCases -t com.android.org.conscrypt.javax.crypto
|       Change-Id: Ieac98be5b9574006f1409911103487b8b55bb94e

bouncycastle/Android.bp

@@ -0,0 +1,150 @@
+//
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+java_defaults {
+    name: "bouncycastle-errorprone-defaults",
+    errorprone: {
+        javacflags: [
+            "-Xep:MissingOverride:OFF",  // Ignore missing @Override.
+        ],
+    },
+}
+
+// These cannot build in the PDK, because the PDK requires all libraries
+// compile against SDK versions.
+java_defaults {
+    name: "bouncycastle-defaults",
+    defaults: [
+        "bouncycastle-errorprone-defaults",
+    ],
+    host_supported: true,
+    hostdex: true,
+    target: {
+        android: {
+            product_variables: {
+                pdk: {
+                    enabled: false,
+                },
+            },
+        },
+    },
+}
+
+// non-jarjar version to build okhttp-tests
+java_library_static {
+    name: "bouncycastle-unbundled",
+    defaults: ["bouncycastle-defaults"],
+
+    srcs: ["bcprov/src/main/java/**/*.java"],
+    exclude_srcs: [
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+
+    sdk_version: "9",
+    java_version: "1.7",
+}
+
+java_library {
+    name: "bouncycastle",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+// A guaranteed unstripped version of bouncycastle.
+// The build system may or may not strip the bouncycastle jar, but this one will
+// not be stripped. See b/24535627.
+java_library {
+    name: "bouncycastle-testdex",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+}
+
+// PKIX classes used for testing
+java_library_static {
+    name: "bouncycastle-bcpkix",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-bcpkix-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+java_library_static {
+    name: "bouncycastle-bcpkix-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled" ],
+    sdk_version: "9",
+    srcs: ["bcpkix/src/main/java/**/*.java"],
+    exclude_srcs: ["bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java"],
+}
+
+
+// OCSP classes used for testing
+java_library_static {
+    name: "bouncycastle-ocsp",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-ocsp-unbundled"],
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+    no_framework_libs: true,
+}
+
+java_library_static {
+    name: "bouncycastle-ocsp-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled",
+            "bouncycastle-bcpkix-unbundled" ],
+    sdk_version: "9",
+    srcs: [
+        "bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java",
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+}
+
+// For compatibilityy with old bouncycastle-host and bouncycastle-bcpkix-host names
+java_library_host {
+    name: "bouncycastle-host",
+    static_libs: ["bouncycastle"],
+}
+
+java_library_host {
+    name: "bouncycastle-bcpkix-host",
+    static_libs: ["bouncycastle-bcpkix"],
+}

bouncycastle/CleanSpec.mk

@@ -0,0 +1,49 @@
+# Copyright (C) 2007 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# If you don't need to do a full clean build but would like to touch
+# a file or delete some intermediate files, add a clean step to the end
+# of the list.  These steps will only be run once, if they haven't been
+# run before.
+#
+# E.g.:
+#     $(call add-clean-step, touch -c external/sqlite/sqlite3.h)
+#     $(call add-clean-step, rm -rf $(PRODUCT_OUT)/obj/STATIC_LIBRARIES/libz_intermediates)
+#
+# Always use "touch -c" and "rm -f" or "rm -rf" to gracefully deal with
+# files that are missing or have been moved.
+#
+# Use $(PRODUCT_OUT) to get to the "out/target/product/blah/" directory.
+# Use $(OUT_DIR) to refer to the "out" directory.
+#
+# If you need to re-do something that's already mentioned, just copy
+# the command and add it to the bottom of the list.  E.g., if a change
+# that you made last week required touching a file and a change you
+# made today requires touching the same file, just copy the old
+# touch step and add it to the end of the list.
+#
+# ************************************************
+# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
+# ************************************************
+
+# For example:
+#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/APPS/AndroidTests_intermediates)
+#$(call add-clean-step, rm -rf $(OUT_DIR)/target/common/obj/JAVA_LIBRARIES/core_intermediates)
+#$(call add-clean-step, find $(OUT_DIR) -type f -name "IGTalkSession*" -print0 | xargs -0 rm -f)
+#$(call add-clean-step, rm -rf $(PRODUCT_OUT)/data/*)
+
+# ************************************************
+# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
+# ************************************************

bouncycastle/NOTICE

@@ -0,0 +1,16 @@
+Copyright (c) 2000-2015 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

bouncycastle/OWNERS

@@ -0,0 +1,2 @@
+flooey@google.com
+kroot@google.com

bouncycastle/README.android

@@ -0,0 +1,82 @@
+Bouncy Castle on the Android platform.
+---
+
+The code in this directory is based on $BOUNCYCASTLE_VERSION in the
+file bouncycastle.version. See the in-file change markers for more information
+on how the code differs from $BOUNCYCASTLE_VERSION.
+
+Porting New Versions of Bouncy Castle.
+--
+
+The following steps are recommended for porting new Bouncy Castle versions.
+
+1) Retrieve the appropriate version of the Bouncy Castle source from
+   www.bouncycastle.org/latest_releases.html (both bcprov-jdk*-*.tar.gz
+   and bcpkix-jdk*-*.tar.gz files).
+
+   Check the checksum (found at http://bouncycastle.org/checksums.html) with:
+
+     md5sum bcprov-jdk*-*.tar.gz
+     sha1sum bcprov-jdk*-*.tar.gz
+     md5sum bcpkix-jdk*-*.tar.gz
+     sha1sum bcpkix-jdk*-*.tar.gz
+
+2) Submit the code to the upstream-master branch:
+
+  a) Create a new branch tracking upstream-master
+
+      git checkout -b upgrade-to-xxx --track aosp/upstream-master
+
+  b) Update the variables in bouncycastle.version.
+
+  c) Expand the source from the .tar.gz files
+
+  d) Replace bc{prov,pkix}/src/main/java/org with the equivalent source
+     directory
+
+  e) Ensure any new files are added
+
+      git add bc{prov,pkix}
+
+  f) Commit the change
+
+      git commit -a -m 'bouncycastle: Android tree with upstream code for version X.XX'
+
+  g) Get the change reviewed
+
+      repo upload . -D upstream-master
+
+3) Merge the code into the master branch
+
+  a) Create a new branch
+
+      repo start merge-xxx
+
+  b) Merge the changes in
+
+      git fetch aosp upstream-master
+      git merge aosp/upstream-master
+
+  c) Resolve any conflicts.  Some common cases:
+
+     * If upstream changed a file that's deleted locally, we probably don't
+       need it
+     * If upstream added a file to a directory we deleted, we probably don't
+       need it
+
+  d) Confirm all changes
+
+      git diff aosp/master
+
+  e) Run the tests, commonly at least
+
+      cts -m CtsLibcoreTestCases
+      cts -m CtsLibcoreFileIOTestCases
+      cts -m CtsLibcoreJsr166TestCases
+      cts -m CtsLibcoreOjTestCases
+      cts -m CtsLibcoreOkHttpTestCases
+      cts -m CtsLibcoreWycheproofBCTestCases
+
+  e) Get the change reviewed
+
+      repo upload .

bouncycastle/bcpkix/build.gradle

@@ -1,14 +1,13 @@
-version '1.0-SNAPSHOT'
+version '1.0'
 
 apply plugin: 'java'
 
-sourceCompatibility = 1.7
+sourceCompatibility = 1.8
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-    testCompile group: 'junit', name: 'junit', version: '4.11'
     compile project(':bouncycastle:bcprov')
 }

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java

@@ -320,20 +320,22 @@ public class CMSSignedData
         return HELPER.getAttributeCertificates(signedData.getCertificates());
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
-    // /**
+    /*
-    //  * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
+    /**
-    //  * this SignedData structure.
+     * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
-    //  *
+     * this SignedData structure.
-    //  * @param otherRevocationInfoFormat OID of the format type been looked for.
+     *
-    //  *
+     * @param otherRevocationInfoFormat OID of the format type been looked for.
-    //  * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
+     *
-    //  */
+     * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
-    // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
+     *
-    // {
+    public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
-    //     return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
+    {
-    // }
+        return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
-    // END android-removed
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Return the digest algorithm identifiers for the SignedData object
@@ -385,92 +387,94 @@ public class CMSSignedData
         return contentInfo.getEncoded();
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unknown reason
-    // /**
+    /*
-    //  * Verify all the SignerInformation objects and their associated counter signatures attached
+    /**
-    //  * to this CMS SignedData object.
+     * Verify all the SignerInformation objects and their associated counter signatures attached
-    //  *
+     * to this CMS SignedData object.
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     *
-    //  * @return true if all verify, false otherwise.
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @throws CMSException  if an exception occurs during the verification process.
+     * @return true if all verify, false otherwise.
-    //  */
+     * @throws CMSException  if an exception occurs during the verification process.
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
+     *
-    //     throws CMSException
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
-    // {
+        throws CMSException
-    //     return verifySignatures(verifierProvider, false);
+    {
-    // }
+        return verifySignatures(verifierProvider, false);
-    // 
+    }
-    // /**
+
-    //  * Verify all the SignerInformation objects and optionally their associated counter signatures attached
+    /**
-    //  * to this CMS SignedData object.
+     * Verify all the SignerInformation objects and optionally their associated counter signatures attached
-    //  *
+     * to this CMS SignedData object.
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     *
-    //  * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @return true if all verify, false otherwise.
+     * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
-    //  * @throws CMSException  if an exception occurs during the verification process.
+     * @return true if all verify, false otherwise.
-    //  */
+     * @throws CMSException  if an exception occurs during the verification process.
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
+     *
-    //     throws CMSException
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
-    // {
+        throws CMSException
-    //     Collection signers = this.getSignerInfos().getSigners();
+    {
-    // 
+        Collection signers = this.getSignerInfos().getSigners();
-    //     for (Iterator it = signers.iterator(); it.hasNext();)
+
-    //     {
+        for (Iterator it = signers.iterator(); it.hasNext();)
-    //         SignerInformation signer = (SignerInformation)it.next();
+        {
-    // 
+            SignerInformation signer = (SignerInformation)it.next();
-    //         try
+
-    //         {
+            try
-    //             SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
+            {
-    // 
+                SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
-    //             if (!signer.verify(verifier))
+
-    //             {
+                if (!signer.verify(verifier))
-    //                 return false;
+                {
-    //             }
+                    return false;
-    // 
+                }
-    //             if (!ignoreCounterSignatures)
+
-    //             {
+                if (!ignoreCounterSignatures)
-    //                 Collection counterSigners = signer.getCounterSignatures().getSigners();
+                {
-    // 
+                    Collection counterSigners = signer.getCounterSignatures().getSigners();
-    //                 for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+
-    //                 {
+                    for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //                     if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+                    {
-    //                     {
+                        if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //                         return false;
+                        {
-    //                     }
+                            return false;
-    //                 }
+                        }
-    //             }
+                    }
-    //         }
+                }
-    //         catch (OperatorCreationException e)
+            }
-    //         {
+            catch (OperatorCreationException e)
-    //             throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
+            {
-    //         }
+                throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
-    //     }
+            }
-    // 
+        }
-    //     return true;
+
-    // }
+        return true;
-    // 
+    }
-    // private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
+
-    //     throws OperatorCreationException, CMSException
+    private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
-    // {
+        throws OperatorCreationException, CMSException
-    //     SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
+    {
-    // 
+        SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
-    //     if (!counterSigner.verify(counterVerifier))
+
-    //     {
+        if (!counterSigner.verify(counterVerifier))
-    //         return false;
+        {
-    //     }
+            return false;
-    // 
+        }
-    //     Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
+
-    //     for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+        Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
-    //     {
+        for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //         if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+        {
-    //         {
+            if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //             return false;
+            {
-    //         }
+                return false;
-    //     }
+            }
-    // 
+        }
-    //     return true;
+
-    // }
+        return true;
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unknown reason
 
     /**
      * Replace the SignerInformation store associated with this

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java

@@ -12,10 +12,9 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -41,21 +40,21 @@ public class CMSSignedGenerator
     public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
     public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
     public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
     // public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
     // public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
     // public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
     public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
     public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
     // public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     private static final String  ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     private static final String  ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId();
@@ -180,33 +179,35 @@ public class CMSSignedGenerator
         certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore));
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
-    // /**
+    /*
-    //  * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
+    /**
-    //  *
+     * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     *
-    //  * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  */
+     * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
-    // public void addOtherRevocationInfo(
+     *
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
+    public void addOtherRevocationInfo(
-    //     ASN1Encodable          otherRevocationInfo)
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    // {
+        ASN1Encodable          otherRevocationInfo)
-    //     crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
+    {
-    // }
+        crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
-    //
+    }
-    // /**
+
-    //  * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
+    /**
-    //  *
+     * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     *
-    //  * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  */
+     * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
-    // public void addOtherRevocationInfo(
+     *
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
+    public void addOtherRevocationInfo(
-    //     Store                  otherRevocationInfos)
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    // {
+        Store                  otherRevocationInfos)
-    //     crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
+    {
-    // }
+        crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
-    // END android-removed
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Add a store of pre-calculated signers to the generator.

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java

@@ -13,10 +13,9 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -55,16 +54,16 @@ class CMSSignedHelper
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -91,31 +90,33 @@ class CMSSignedHelper
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
+        /*
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
+        encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
-        //
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
-        // digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
+
-        // digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
+        digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
-        // END android-removed
+        digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
+        */
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
         // digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestAliases.put("SHA1", new String[] { "SHA-1" });
         digestAliases.put("SHA224", new String[] { "SHA-224" });
@@ -229,35 +230,39 @@ class CMSSignedHelper
         return new CollectionStore(new ArrayList());
     }
 
-    // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
-    // {
+    /*
-    //     if (crlSet != null)
+    Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
-    //     {
+    {
-    //         List    crlList = new ArrayList(crlSet.size());
+        if (crlSet != null)
-    //
+        {
-    //         for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
+            List    crlList = new ArrayList(crlSet.size());
-    //         {
+
-    //             ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
+            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-    //
+            {
-    //             if (obj instanceof ASN1TaggedObject)
+                ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
-    //             {
+
-    //                 ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
+                if (obj instanceof ASN1TaggedObject)
-    //
+                {
-    //                 if (tObj.getTagNo() == 1)
+                    ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
-    //                 {
+
-    //                     OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
+                    if (tObj.getTagNo() == 1)
-    //
+                    {
-    //                     if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
+                        OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
-    //                     {
+
-    //                         crlList.add(other.getInfo());
+                        if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
-    //                     }
+                        {
-    //                 }
+                            crlList.add(other.getInfo());
-    //             }
+                        }
-    //         }
+                    }
-    //
+                }
-    //         return new CollectionStore(crlList);
+            }
-    //     }
+
-    //
+            return new CollectionStore(crlList);
-    //     return new CollectionStore(new ArrayList());
+        }
-    // }
+
+        return new CollectionStore(new ArrayList());
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 }

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java

@@ -23,13 +23,12 @@ import org.bouncycastle.asn1.DERSet;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.ocsp.OCSPResponse;
 // import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
 // import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 // import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
 import org.bouncycastle.cert.X509CRLHolder;
@@ -49,12 +48,12 @@ class CMSUtils
     {
         des.add("DES");
         des.add("DESEDE");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // des.add(OIWObjectIdentifiers.desCBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId());
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     static boolean isDES(String algorithmID)
@@ -164,7 +163,7 @@ class CMSUtils
 
                     crls.add(c.toASN1Structure());
                 }
-                // BEGIN android-removed
+                // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
                 // else if (rev instanceof OtherRevocationInfoFormat)
                 // {
                 //     OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
@@ -173,7 +172,7 @@ class CMSUtils
                 //
                 //     crls.add(new DERTaggedObject(false, 1, infoFormat));
                 // }
-                // END android-removed
+                // END Android-removed: OtherRevocationInfoFormat isn't supported
                 else if (rev instanceof ASN1TaggedObject)
                 {
                     crls.add(rev);
@@ -188,36 +187,39 @@ class CMSUtils
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
-    // private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
+    /*
-    // {
+    private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
-    //     if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
+    {
-    //     {
+        if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
-    //         OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
+        {
-    //
+            OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
-    //         if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
+
-    //         {
+            if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
-    //             throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
+            {
-    //         }
+                throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
-    //     }
+            }
-    // }
+        }
-    //
+    }
-    // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
+
-    // {
+    static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
-    //     List others = new ArrayList();
+    {
-    //
+        List others = new ArrayList();
-    //     for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
+
-    //     {
+        for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
-    //         ASN1Encodable info = (ASN1Encodable)it.next();
+        {
-    //         OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
+            ASN1Encodable info = (ASN1Encodable)it.next();
-    //         validateInfoFormat(infoFormat);
+            OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
-    //
+
-    //         others.add(new DERTaggedObject(false, 1, infoFormat));
+            validateInfoFormat(infoFormat);
-    //     }
+
-    //
+            others.add(new DERTaggedObject(false, 1, infoFormat));
-    //     return others;
+        }
-    // }
+
-    // END android-removed
+        return others;
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     static ASN1Set createBerSetFromList(List derObjects)
     {

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java

@@ -4,10 +4,9 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -36,16 +35,16 @@ public class DefaultCMSSignatureAlgorithmNameGenerator
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -72,21 +71,21 @@ public class DefaultCMSSignatureAlgorithmNameGenerator
         addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa, "RSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.id_RSASSA_PSS, "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
         // encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410");
@@ -96,20 +95,20 @@ public class DefaultCMSSignatureAlgorithmNameGenerator
         //
         // digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2");
         // digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5, "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1, "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224, "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256, "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384, "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512, "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411,  "GOST3411");
         // digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"),  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     /**

bouncycastle/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java

@@ -16,27 +16,29 @@ public class DefaultCMSSignatureEncryptionAlgorithmFinder
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
+        // BEGIN Android-added: Add support for SHA-2 family signatures
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // END Android-added: Add support for SHA-2 family signatures
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA);
         RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm)

bouncycastle/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java

@@ -5,11 +5,10 @@ import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -29,20 +28,20 @@ public class DefaultDigestAlgorithmIdentifierFinder
         //
         // digests
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
         // digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(OIWObjectIdentifiers.sha1WithRSA, OIWObjectIdentifiers.idSHA1);
 
         digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
 
@@ -53,49 +52,45 @@ public class DefaultDigestAlgorithmIdentifierFinder
         digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.id_sha512);
         digestOids.put(X9ObjectIdentifiers.id_dsa_with_sha1, OIWObjectIdentifiers.idSHA1);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, OIWObjectIdentifiers.idSHA1);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, NISTObjectIdentifiers.id_sha224);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, NISTObjectIdentifiers.id_sha256);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, NISTObjectIdentifiers.id_sha384);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha224, NISTObjectIdentifiers.id_sha224);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha256, NISTObjectIdentifiers.id_sha256);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.id_sha384);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha512, NISTObjectIdentifiers.id_sha512);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
+        /*
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        //
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+
-        //
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
+
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
-        //
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
+        */
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
+        // END Android-removed: Unsupported algorithms
-        //
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
 
 
         digestNameToOids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
@@ -103,38 +98,40 @@ public class DefaultDigestAlgorithmIdentifierFinder
         digestNameToOids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         digestNameToOids.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         digestNameToOids.put("SHA-512", NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
+        /*
-        // digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
+        digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
-        //
+        digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
-        // digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
+
-        // digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
+        digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
-        // digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
+        digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        // digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
+        digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
-        // digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
+        digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
-        // digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
+        digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
-        // digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
+        digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
-
+        digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
-        // digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+
-        // digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
-        // digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
-        // digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+        digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
-        //
+        digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
-        // digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
+
-        // digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
+        digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
-        //
+        digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
-        // digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
+
-        //
+        digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
-        // digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
+
-        // digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
+        digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
-        // END android-removed
+        digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         digestNameToOids.put("MD5", PKCSObjectIdentifiers.md5);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestNameToOids.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // digestNameToOids.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // digestNameToOids.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)

bouncycastle/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java

@@ -9,13 +9,12 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -38,17 +37,17 @@ public class DefaultSignatureAlgorithmIdentifierFinder
     private static final ASN1ObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1;
     private static final ASN1ObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1;
     private static final ASN1ObjectIdentifier ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS;
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
     // private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
         // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
@@ -66,14 +65,14 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -87,27 +86,29 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        /*
-        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+        algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-        // algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+        algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-        // algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+        algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-        // algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+        algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-        // algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+        algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-        // algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+        algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-        // algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+        algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-        // algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+        algorithms.put("SHA224WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-        // algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+        algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-        // algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+        algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-        // algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-        // algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
+        algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
-        // algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
+        algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
-        // END android-removed
+        algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
@@ -124,23 +125,26 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
 
-        // BEGIN Android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
         //
         // RFC 4491
         //
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+
         //
         // SPHINCS-256
         //
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
 
         //
         // SM2
         //
-        // noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
+        noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
-        // END android-removed
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // PKCS 1.5 encrypted  algorithms
@@ -150,11 +154,11 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // explicit params
@@ -181,19 +185,19 @@ public class DefaultSignatureAlgorithmIdentifierFinder
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     private static AlgorithmIdentifier generate(String signatureAlgorithm)

bouncycastle/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java

@@ -4,33 +4,29 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.ExtendedDigest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.GOST3411Digest;
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.MD5Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.SHA224Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA3Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.operator.OperatorCreationException;
 
@@ -78,85 +74,87 @@ public class BcDefaultDigestProvider
                 return new SHA512Digest();
             }
         });
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
+        /*
-        // {
+        table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new SHA3Digest(224);
+            {
-        //     }
+                return new SHA3Digest(224);
-        // });
+            }
-        // table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
+        });
-        // {
+        table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new SHA3Digest(256);
+            {
-        //     }
+                return new SHA3Digest(256);
-        // });
+            }
-        // table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
+        });
-        // {
+        table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new SHA3Digest(384);
+            {
-        //     }
+                return new SHA3Digest(384);
-        // });
+            }
-        // table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
+        });
-        // {
+        table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new SHA3Digest(512);
+            {
-        //     }
+                return new SHA3Digest(512);
-        // });
+            }
-        // table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
+        });
-        // {
+        table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new MD5Digest();
+            {
-        //     }
+                return new MD5Digest();
-        // });
+            }
-        // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
+        });
-        // {
+        table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new MD4Digest();
+            {
-        //     }
+                return new MD4Digest();
-        // });
+            }
-        // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
+        });
-        // {
+        table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new MD2Digest();
+            {
-        //     }
+                return new MD2Digest();
-        // });
+            }
-        // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
+        });
-        // {
+        table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new GOST3411Digest();
+            {
-        //     }
+                return new GOST3411Digest();
-        // });
+            }
-        // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
+        });
-        // {
+        table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new RIPEMD128Digest();
+            {
-        //     }
+                return new RIPEMD128Digest();
-        // });
+            }
-        // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
+        });
-        // {
+        table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new RIPEMD160Digest();
+            {
-        //     }
+                return new RIPEMD160Digest();
-        // });
+            }
-        // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
+        });
-        // {
+        table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+        {
-        //     {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //         return new RIPEMD256Digest();
+            {
-        //     }
+                return new RIPEMD256Digest();
-        // });
+            }
-        // END android-removed
+        });
+        */
+        // END Android-removed: Unsupported algorithms
 
         return Collections.unmodifiableMap(table);
     }

bouncycastle/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java

@@ -25,11 +25,10 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
@@ -65,7 +64,7 @@ class OperatorHelper
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
         // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
@@ -79,12 +78,12 @@ class OperatorHelper
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");

bouncycastle/bcprov/build.gradle

@@ -1,13 +1,12 @@
-version '1.0-SNAPSHOT'
+version '1.0'
 
 apply plugin: 'java'
 
-//sourceCompatibility = 1.7
+sourceCompatibility = 1.8
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-    testCompile group: 'junit', name: 'junit', version: '4.11'
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java

@@ -80,7 +80,7 @@ public class ASN1Boolean
         return (value != 0 ? TRUE : FALSE);
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Unknown reason
     /**
      * return a ASN1Boolean from the passed in array.
      */
@@ -90,7 +90,7 @@ public class ASN1Boolean
         return (octets[0] != 0) ? TRUE : FALSE;
     }
 
-    // END android-added
+    // END Android-added: Unknown reason
     /**
      * return a Boolean from a tagged object.
      *
@@ -117,9 +117,7 @@ public class ASN1Boolean
         }
     }
 
-    // BEGIN android-changed
+    ASN1Boolean(
-    protected ASN1Boolean(
-    // END android-changed
         byte[] value)
     {
         if (value.length != 1)
@@ -145,10 +143,9 @@ public class ASN1Boolean
      * @deprecated use getInstance(boolean) method.
      * @param value true or false.
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected
     protected ASN1Boolean(
         boolean     value)
-    // END android-changed
     {
         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java

@@ -3,6 +3,7 @@ package org.bouncycastle.asn1;
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -110,10 +111,9 @@ public class ASN1GeneralizedTime
     public ASN1GeneralizedTime(
         Date time)
     {
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -131,11 +131,11 @@ public class ASN1GeneralizedTime
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
+        // BEGIN Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(Locale.US));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -260,17 +260,15 @@ public class ASN1GeneralizedTime
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -280,17 +278,15 @@ public class ASN1GeneralizedTime
             d = this.getTime();
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -299,17 +295,15 @@ public class ASN1GeneralizedTime
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
                 // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java

@@ -8,12 +8,6 @@ import java.io.IOException;
 public abstract class ASN1Null
     extends ASN1Primitive
 {
-    // BEGIN android-added
-    /*package*/ ASN1Null()
-    {
-    }
-
-    // END android-added
     /**
      * Return an instance of ASN.1 NULL from the passed in object.
      * <p>

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java

@@ -155,13 +155,8 @@ public class ASN1ObjectIdentifier
             }
         }
 
-        // BEGIN android-changed
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
         this.identifier = objId.toString().intern();
-        // END android-changed
         this.body = Arrays.clone(bytes);
     }
 
@@ -182,13 +177,8 @@ public class ASN1ObjectIdentifier
             throw new IllegalArgumentException("string " + identifier + " not an OID");
         }
 
-        // BEGIN android-changed
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
         this.identifier = identifier.intern();
-        // END android-changed
     }
 
     /**

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java

@@ -3,6 +3,7 @@ package org.bouncycastle.asn1;
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -124,10 +125,9 @@ public class ASN1UTCTime
     public ASN1UTCTime(
         Date time)
     {
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -145,11 +145,11 @@ public class ASN1UTCTime
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
+        // BEGIN Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -172,10 +172,9 @@ public class ASN1UTCTime
     public Date getDate()
         throws ParseException
     {
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         return dateF.parse(getTime());
     }
@@ -190,10 +189,9 @@ public class ASN1UTCTime
     public Date getAdjustedDate()
         throws ParseException
     {
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java

@@ -15,9 +15,8 @@ public class DERNull
     /**
      * @deprecated use DERNull.INSTANCE
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected.
     protected DERNull()
-    // END android-changed
     {
     }
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java

@@ -8,9 +8,8 @@ import java.nio.channels.FileChannel;
 
 class StreamUtil
 {
-    // BEGIN android-removed
+    // Android-removed: Check max memory at runtime
     // private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-    // END android-removed
 
     /**
      * Find out possible longest length...
@@ -50,7 +49,7 @@ class StreamUtil
             }
         }
 
-        // BEGIN android-changed
+        // BEGIN Android-changed: Check max memory at runtime
         long maxMemory = Runtime.getRuntime().maxMemory();
         if (maxMemory > Integer.MAX_VALUE)
         {
@@ -58,7 +57,7 @@ class StreamUtil
         }
 
         return (int) maxMemory;
-        // END android-changed
+        // END Android-changed: Check max memory at runtime
     }
 
     static int calculateBodyLength(

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java

@@ -72,23 +72,25 @@ public interface BCObjectIdentifiers
      */
     public static final ASN1ObjectIdentifier bc_sig        = bc.branch("2");
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * Sphincs-256
+    /**
-    //  */
+     * Sphincs-256
-    // public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
+     *
-    // public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
+    public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
+    public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
 
-    // /**
+    /**
-    //  * key_exchange(3) algorithms
+     * key_exchange(3) algorithms
-    //  */
+     *
-    // public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
+    public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
 
-    // /**
+    /**
-    //  * NewHope
+     * NewHope
-    //  */
+     *
-    // public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
+    public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
-    // END android-removed
+    */
+    // END Android-removed: Unsupported algorithms
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java

@@ -28,9 +28,7 @@ import org.bouncycastle.asn1.BERTaggedObject;
  */
 public class ContentInfo
     extends ASN1Object
-    // BEGIN android-removed
+    implements CMSObjectIdentifiers
-    // implements CMSObjectIdentifiers
-    // END android-removed
 {
     private ASN1ObjectIdentifier contentType;
     private ASN1Encodable        content;

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java

@@ -2,6 +2,7 @@ package org.bouncycastle.asn1.cms;
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -71,10 +72,9 @@ public class Time
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -105,11 +105,11 @@ public class Time
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
+        // BEGIN Android-changed: Use localized version
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(tz);
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java

@@ -13,12 +13,14 @@ public interface PKCSObjectIdentifiers
     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
     /** PKCS#1: 1.2.840.113549.1.1.1 */
     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
-    // BEGIN android-removed
+    // BEGIN Android-removed: MD2 and MD4 are unsupported
-    // /** PKCS#1: 1.2.840.113549.1.1.2 */
+    /*
-    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    /** PKCS#1: 1.2.840.113549.1.1.2 *
-    // /** PKCS#1: 1.2.840.113549.1.1.3 */
+    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    /** PKCS#1: 1.2.840.113549.1.1.3 *
-    // END android-removed
+    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    */
+    // END Android-removed: MD2 and MD4 are unsupported
     /** PKCS#1: 1.2.840.113549.1.1.4 */
     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
     /** PKCS#1: 1.2.840.113549.1.1.5 */

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java

@@ -14,9 +14,9 @@ import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 
 /**
  * The AuthorityKeyIdentifier object.
@@ -108,9 +108,9 @@ public class AuthorityKeyIdentifier
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
@@ -129,9 +129,9 @@ public class AuthorityKeyIdentifier
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java

@@ -2,6 +2,7 @@ package org.bouncycastle.asn1.x509;
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -52,10 +53,9 @@ public class Time
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
+        // Android-changed: Use localized version
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -86,8 +86,8 @@ public class Time
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
+        // BEGIN Android-changed: Use localized version
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
         // END android-changed

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java

@@ -255,10 +255,10 @@ public class X509Name
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    // BEGIN android-changed
+    // BEGIN Android-changed: Use Boolean class constants instead of Boolean constructor
     private static final Boolean TRUE = Boolean.TRUE;
     private static final Boolean FALSE = Boolean.FALSE;
-    // END android-changed
+    // END Android-changed: Use Boolean class constants instead of Boolean constructor
 
     static
     {
@@ -448,9 +448,7 @@ public class X509Name
                            throw new IllegalArgumentException("cannot encode value");
                        }
                    }
-                   // BEGIN android-changed
+                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
-                   added.addElement(Boolean.valueOf(i != 0));
-                   // END android-changed
             }
         }
     }

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java

@@ -78,8 +78,10 @@ public class X509NameTokenizer
                 }
                 else
                 {
-                    // BEGIN android-added
+                    // BEGIN Android-added: Unknown reason
-                    // copied from a newer version of BouncyCastle
+                    // This was previously marked with the comment "copied from a newer version
+                    // of BouncyCastle", but I couldn't find any evidence that it ever was included
+                    // in any version of BC
                     if (c == '#' && buf.charAt(buf.length() - 1) == '=')
                     {
                         buf.append('\\');
@@ -88,7 +90,7 @@ public class X509NameTokenizer
                     {
                         buf.append('\\');
                     }
-                    // END android-added
+                    // END Android-added: Unknown reason
                     buf.append(c);
                 }
             }

bouncycastle/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java

@@ -4,15 +4,13 @@ import java.util.Enumeration;
 import java.util.Vector;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 
 /**
  * A general class that reads all X9.62 style EC curve tables.
@@ -41,17 +39,19 @@ public class ECNamedCurveTable
             ecP = NISTNamedCurves.getByName(name);
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // if (ecP == null)
+        /*
-        // {
+        if (ecP == null)
-        //     ecP = TeleTrusTNamedCurves.getByName(name);
+        {
-        // }
+            ecP = TeleTrusTNamedCurves.getByName(name);
-        //
+        }
-        // if (ecP == null)
+
-        // {
+        if (ecP == null)
-        //     ecP = ANSSINamedCurves.getByName(name);
+        {
-        // }
+            ecP = ANSSINamedCurves.getByName(name);
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -77,17 +77,19 @@ public class ECNamedCurveTable
             oid = NISTNamedCurves.getOID(name);
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // if (oid == null)
+        /*
-        // {
+        if (oid == null)
-        //     oid = TeleTrusTNamedCurves.getOID(name);
+        {
-        // }
+            oid = TeleTrusTNamedCurves.getOID(name);
-        //
+        }
-        // if (oid == null)
+
-        // {
+        if (oid == null)
-        //     oid = ANSSINamedCurves.getOID(name);
+        {
-        // }
+            oid = ANSSINamedCurves.getOID(name);
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return oid;
     }
@@ -109,24 +111,28 @@ public class ECNamedCurveTable
             name = SECNamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // if (name == null)
+        /*
-        // {
+        if (name == null)
-        //     name = TeleTrusTNamedCurves.getName(oid);
+        {
-        // }
+            name = TeleTrusTNamedCurves.getName(oid);
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         if (name == null)
         {
             name = X962NamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // if (name == null)
+        /*
-        // {
+        if (name == null)
-        //    name = ECGOST3410NamedCurves.getName(oid);
+        {
-        // }
+            name = ECGOST3410NamedCurves.getName(oid);
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return name;
     }
@@ -150,17 +156,19 @@ public class ECNamedCurveTable
 
         // NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // if (ecP == null)
+        /*
-        // {
+        if (ecP == null)
-        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+        {
-        // }
+            ecP = TeleTrusTNamedCurves.getByOID(oid);
-        //
+        }
-        // if (ecP == null)
+
-        // {
+        if (ecP == null)
-        //     ecP = ANSSINamedCurves.getByOID(oid);
+        {
-        // }
+            ecP = ANSSINamedCurves.getByOID(oid);
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -177,10 +185,10 @@ public class ECNamedCurveTable
         addEnumeration(v, X962NamedCurves.getNames());
         addEnumeration(v, SECNamedCurves.getNames());
         addEnumeration(v, NISTNamedCurves.getNames());
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // addEnumeration(v, TeleTrusTNamedCurves.getNames());
         // addEnumeration(v, ANSSINamedCurves.getNames());
-        // END android-removed
+        // END Android-removed: Unsupported curves
 
         return v.elements();
     }

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java

@@ -16,6 +16,9 @@
 
 package org.bouncycastle.crypto.digests;
 
+import java.security.Security;
+import java.util.Locale;
+
 import org.bouncycastle.crypto.Digest;
 
 /**
@@ -23,65 +26,84 @@ import org.bouncycastle.crypto.Digest;
  * for libcore but fallback to BouncyCastle ones on the RI.
  */
 public final class AndroidDigestFactory {
-    private static final String OpenSSLFactoryClassName
+    private static final AndroidDigestFactoryInterface CONSCRYPT;
-            = AndroidDigestFactory.class.getName() + "OpenSSL";
+    private static final AndroidDigestFactoryInterface BC;
-    private static final String BouncyCastleFactoryClassName
-            = AndroidDigestFactory.class.getName() + "BouncyCastle";
 
-    private static final AndroidDigestFactoryInterface FACTORY;
     static {
-        Class factoryImplementationClass;
+        BC = new AndroidDigestFactoryBouncyCastle();
-        try {
+        if (Security.getProvider("AndroidOpenSSL") != null) {
-            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
+            CONSCRYPT = new AndroidDigestFactoryOpenSSL();
-            // Double check for NativeCrypto in case we are running on RI for testing
+        } else {
-            Class.forName("com.android.org.conscrypt.NativeCrypto");
+            if (System.getProperty("java.vendor", "").toLowerCase(Locale.US).contains("android")) {
-        } catch (ClassNotFoundException e1) {
+                throw new AssertionError("Provider AndroidOpenSSL must exist");
-            try {
-                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
-            } catch (ClassNotFoundException e2) {
-                AssertionError e = new AssertionError("Failed to load "
-                                         + "AndroidDigestFactoryInterface "
-                                         + "implementation. Looked for "
-                                         + OpenSSLFactoryClassName + " and "
-                                         + BouncyCastleFactoryClassName);
-                e.initCause(e1);
-                throw e;
             }
+            CONSCRYPT = null;
         }
-        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
-            throw new AssertionError(factoryImplementationClass
-                                     + "does not implement AndroidDigestFactoryInterface");
     }
+
+    public static Digest getMD5() {
+        if (CONSCRYPT != null) {
             try {
-            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
+                return CONSCRYPT.getMD5();
-        } catch (InstantiationException e) {
+            } catch (Exception ignored) {
-            throw new AssertionError(e);
-        } catch (IllegalAccessException e) {
-            throw new AssertionError(e);
             }
         }
 
-    public static Digest getMD5() {
+        return BC.getMD5();
-        return FACTORY.getMD5();
     }
 
     public static Digest getSHA1() {
-        return FACTORY.getSHA1();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA1();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA1();
     }
 
     public static Digest getSHA224() {
-        return FACTORY.getSHA224();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA224();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA224();
     }
 
     public static Digest getSHA256() {
-        return FACTORY.getSHA256();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA256();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA256();
     }
 
     public static Digest getSHA384() {
-        return FACTORY.getSHA384();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA384();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA384();
     }
 
     public static Digest getSHA512() {
-        return FACTORY.getSHA512();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA512();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA512();
     }
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java

@@ -64,110 +64,112 @@ public class CustomNamedCurves
         return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported curves
-    // /*
+    /*
-    //  * curve25519
+    /*
-    //  */
+     * curve25519
-    // static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
-    //    protected X9ECParameters createParameters()
+    {
-    //    {
+        protected X9ECParameters createParameters()
-    //        byte[] S = null;
+        {
-    //        ECCurve curve = configureCurve(new Curve25519());
+            byte[] S = null;
-    //
+            ECCurve curve = configureCurve(new Curve25519());
-    //        /*
+
-    //         * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
+            /*
-    //         * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
+             * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
-    //         * 
+             * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
-    //         * The Curve25519 paper doesn't say which of the two possible y values the base
+             * 
-    //         * point has. The choice here is guided by language in the Ed25519 paper.
+             * The Curve25519 paper doesn't say which of the two possible y values the base
-    //         * 
+             * point has. The choice here is guided by language in the Ed25519 paper.
-    //         * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
+             * 
-    //         */
+             * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
-    //        X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+             *
-    //            + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //            + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
+                + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
-    //
+                + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
-    //        return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+
-    //    }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    //
+    };
-    // /*
+
-    //  * secp128r1
+    /*
-    //  */
+     * secp128r1
-    // static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
+        {
-    //         ECCurve curve = configureCurve(new SecP128R1Curve());
+            byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecP128R1Curve());
-    //             + "161FF7528B899B2D0C28607CA52C5B86"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "CF5AC8395BAFEB13C02DA292DDED7A83"));
+                + "161FF7528B899B2D0C28607CA52C5B86"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "CF5AC8395BAFEB13C02DA292DDED7A83"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    //
+    };
-    // /*
+
-    //  * secp160k1
+    /*
-    //  */
+     * secp160k1
-    // static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         GLVTypeBParameters glv = new GLVTypeBParameters(
+            byte[] S = null;
-    //             new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
+            GLVTypeBParameters glv = new GLVTypeBParameters(
-    //             new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
+                new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
-    //             new BigInteger[]{
+                new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
-    //                 new BigInteger("9162fbe73984472a0a9e", 16),
+                new BigInteger[]{
-    //                 new BigInteger("-96341f1138933bc2f505", 16) },
+                    new BigInteger("9162fbe73984472a0a9e", 16),
-    //             new BigInteger[]{
+                    new BigInteger("-96341f1138933bc2f505", 16) },
-    //                 new BigInteger("127971af8721782ecffa3", 16),
+                new BigInteger[]{
-    //                 new BigInteger("9162fbe73984472a0a9e", 16) },
+                    new BigInteger("127971af8721782ecffa3", 16),
-    //             new BigInteger("9162fbe73984472a0a9d0590", 16),
+                    new BigInteger("9162fbe73984472a0a9e", 16) },
-    //             new BigInteger("96341f1138933bc2f503fd44", 16),
+                new BigInteger("9162fbe73984472a0a9d0590", 16),
-    //             176);
+                new BigInteger("96341f1138933bc2f503fd44", 16),
-    //         ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
+                176);
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
-    //             + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
+                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    //
+    };
-    // /*
+
-    //  * secp160r1
+    /*
-    //  */
+     * secp160r1
-    // static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
+        {
-    //         ECCurve curve = configureCurve(new SecP160R1Curve());
+            byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecP160R1Curve());
-    //             + "4A96B5688EF573284664698968C38BB913CBFC82"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "23A628553168947D59DCC912042351377AC5FB32"));
+                + "4A96B5688EF573284664698968C38BB913CBFC82"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "23A628553168947D59DCC912042351377AC5FB32"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    //
+    };
-    // /*
+
-    //  * secp160r2
+    /*
-    //  */
+     * secp160r2
-    // static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
+        {
-    //         ECCurve curve = configureCurve(new SecP160R2Curve());
+            byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecP160R2Curve());
-    //             + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
+                + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    // END android-removed
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     /*
      * secp192k1
@@ -333,295 +335,297 @@ public class CustomNamedCurves
         }
     };
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported curves
-    // /*
+    /*
-    //  * sect113r1
+    /*
-    //  */
+     * sect113r1
-    // static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
+        {
-    //         ECCurve curve = configureCurve(new SecT113R1Curve());
+            byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT113R1Curve());
-    //             + "009D73616F35F4AB1407D73562C10F"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00A52830277958EE84D1315ED31886"));
+                + "009D73616F35F4AB1407D73562C10F"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "00A52830277958EE84D1315ED31886"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect113r2
+    /*
-    //  */
+     * sect113r2
-    // static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
+        {
-    //         ECCurve curve = configureCurve(new SecT113R2Curve());
+            byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT113R2Curve());
-    //             + "01A57A6A7B26CA5EF52FCDB8164797"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00B3ADC94ED1FE674C06E695BABA1D"));
+                + "01A57A6A7B26CA5EF52FCDB8164797"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "00B3ADC94ED1FE674C06E695BABA1D"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect131r1
+    /*
-    //  */
+     * sect131r1
-    // static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
+        {
-    //         ECCurve curve = configureCurve(new SecT131R1Curve());
+            byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT131R1Curve());
-    //             + "0081BAF91FDF9833C40F9C181343638399"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "078C6E7EA38C001F73C8134B1B4EF9E150"));
+                + "0081BAF91FDF9833C40F9C181343638399"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "078C6E7EA38C001F73C8134B1B4EF9E150"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect131r2
+    /*
-    //  */
+     * sect131r2
-    // static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
+        {
-    //         ECCurve curve = configureCurve(new SecT131R2Curve());
+            byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT131R2Curve());
-    //             + "0356DCD8F2F95031AD652D23951BB366A8"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0648F06D867940A5366D9E265DE9EB240F"));
+                + "0356DCD8F2F95031AD652D23951BB366A8"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "0648F06D867940A5366D9E265DE9EB240F"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect163k1
+    /*
-    //  */
+     * sect163k1
-    // static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT163K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT163K1Curve());
-    //             + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
+                + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect163r1
+    /*
-    //  */
+     * sect163r1
-    // static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
+        {
-    //         ECCurve curve = configureCurve(new SecT163R1Curve());
+            byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT163R1Curve());
-    //             + "0369979697AB43897789566789567F787A7876A654"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
+                + "0369979697AB43897789566789567F787A7876A654"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect163r2
+    /*
-    //  */
+     * sect163r2
-    // static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
+        {
-    //         ECCurve curve = configureCurve(new SecT163R2Curve());
+            byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT163R2Curve());
-    //             + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
+                + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect193r1
+    /*
-    //  */
+     * sect193r1
-    // static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
+        {
-    //         ECCurve curve = configureCurve(new SecT193R1Curve());
+            byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT193R1Curve());
-    //             + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
+                + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect193r2
+    /*
-    //  */
+     * sect193r2
-    // static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
+        {
-    //         ECCurve curve = configureCurve(new SecT193R2Curve());
+            byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT193R2Curve());
-    //             + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
+                + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect233k1
+    /*
-    //  */
+     * sect233k1
-    // static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT233K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT233K1Curve());
-    //             + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
+                + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect233r1
+    /*
-    //  */
+     * sect233r1
-    // static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
+        {
-    //         ECCurve curve = configureCurve(new SecT233R1Curve());
+            byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT233R1Curve());
-    //             + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
+                + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect239k1
+    /*
-    //  */
+     * sect239k1
-    // static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT239K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT239K1Curve());
-    //             + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
+                + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect283k1
+    /*
-    //  */
+     * sect283k1
-    // static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT283K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT283K1Curve());
-    //             + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
+                + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect283r1
+    /*
-    //  */
+     * sect283r1
-    // static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
+        {
-    //         ECCurve curve = configureCurve(new SecT283R1Curve());
+            byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT283R1Curve());
-    //             + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
+                + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect409k1
+    /*
-    //  */
+     * sect409k1
-    // static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT409K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT409K1Curve());
-    //             + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
+                + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect409r1
+    /*
-    //  */
+     * sect409r1
-    // static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
+        {
-    //         ECCurve curve = configureCurve(new SecT409R1Curve());
+            byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT409R1Curve());
-    //             + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
+                + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect571k1
+    /*
-    //  */
+     * sect571k1
-    // static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = null;
+        {
-    //         ECCurve curve = configureCurve(new SecT571K1Curve());
+            byte[] S = null;
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT571K1Curve());
-    //             + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
+                + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-
+    };
-    // /*
+
-    //  * sect571r1
+    /*
-    //  */
+     * sect571r1
-    // static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
+     *
-    // {
+    static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
-    //     protected X9ECParameters createParameters()
+    {
-    //     {
+        protected X9ECParameters createParameters()
-    //         byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
+        {
-    //         ECCurve curve = configureCurve(new SecT571R1Curve());
+            byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+            ECCurve curve = configureCurve(new SecT571R1Curve());
-    //             + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
+                + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+                + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
-    //     }
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    // };
+        }
-    // END android-removed
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     
     static final Hashtable nameToCurve = new Hashtable();
@@ -662,21 +666,19 @@ public class CustomNamedCurves
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // defineCurve("curve25519", curve25519);
+        /*
-        // END android-removed
+        defineCurve("curve25519", curve25519);
 
 //        defineCurveWithOID("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1);
 //        defineCurveWithOID("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2);
-        // BEGIN android-removed
+        defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
-        // defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
-        // END android-removed
 //        defineCurveWithOID("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2);
-        // BEGIN android-removed
+        defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
-        // defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
+        defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
-        // defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
+        defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
-        // defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
+        */
-        // END android-removed
+        // END Android-removed: Unsupported curves
         defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
         defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
         defineCurveWithOID("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
@@ -686,38 +688,40 @@ public class CustomNamedCurves
         defineCurveWithOID("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1);
         defineCurveWithOID("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
-        // defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
+        /*
-        // defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
+        defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
-        // defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
+        defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
-        // defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
+        defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
-        // defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
+        defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
-        // defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
+        defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
-        // defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
+        defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
-        // defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
+        defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
-        // defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
+        defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
-        // defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
+        defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
-        // defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
+        defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
-        // defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
+        defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
-        // defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
+        defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
-        // defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
+        defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
-        // defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
+        defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
-        // defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
+        defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
-        // defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
+        defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
-        // defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
+        defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
-
+        defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
-        // defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
+
-        // defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
+        defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
-        // defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
+        defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
-        // defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
+        defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
-        // defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
+        defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
-
+        defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
-        // defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
+
-        // defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
+        defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
-        // defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
+        defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
-        // defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
+        defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
-        // defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
+        defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
-        // END android-removed
+        defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
+        */
+        // END Android-removed: Unsupported curves
 
         defineCurveAlias("P-192", SECObjectIdentifiers.secp192r1);
         defineCurveAlias("P-224", SECObjectIdentifiers.secp224r1);

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java

@@ -7,13 +7,10 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-remnoved
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -32,10 +29,9 @@ public class OAEPEncoding
     public OAEPEncoding(
         AsymmetricBlockCipher   cipher)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
-        // Was: this(cipher, DigestFactory.createSHA1(), null);
+        // this(cipher, DigestFactory.createSHA1(), null);
         this(cipher, AndroidDigestFactory.getSHA1(), null);
-        // END android-changed
     }
     
     public OAEPEncoding(

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java

@@ -390,12 +390,6 @@ public class PKCS1Encoding
         {
             badType = (type != 1);
         }
-        // BEGIN android-added
-        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
-        {
-            throw new InvalidCipherTextException("invalid block type " + type);
-        }
-        // END android-added
 
         //
         // find and extract the message block.

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java

@@ -6,16 +6,13 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -56,9 +53,9 @@ public class DESedeWrapEngine
     //
     // checksum digest
     //
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // Digest  sha1 = DigestFactory.createSHA1();
     Digest  sha1 = AndroidDigestFactory.getSHA1();
-    // END android-changed
     byte[]  digest = new byte[20];
 
    /**

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java

@@ -3,17 +3,15 @@ package org.bouncycastle.crypto.generators;
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
-// BEGIN android-added
+// Android-added: Log long-running operation
 import java.util.logging.Logger;
-// END android-added
 import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
-    // BEGIN android-added
+    // Android-added: Log long-running operation
     private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
-    // END android-added
 
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
@@ -25,20 +23,19 @@ class DHParametersHelper
      */
     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         logger.info("Generating safe primes. This may take a long time.");
         long start = System.currentTimeMillis();
         int tries = 0;
-        // END android-added
+        // END Android-added: Log long-running operation
         BigInteger p, q;
         int qLength = size - 1;
         int minWeight = size >>> 2;
 
         for (;;)
         {
-            // BEGIN android-added
+            // Android-added: Log long-running operation
             tries++;
-            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
@@ -67,11 +64,11 @@ class DHParametersHelper
 
             break;
         }
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         long end = System.currentTimeMillis();
         long duration = end - start;
         logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
-        // END android-added
+        // END Android-added: Log long-running operation
 
         return new BigInteger[] { p, q };
     }

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java

@@ -7,10 +7,9 @@ import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAValidationParameters;
-// BEGIN android-changed
+// Android-changed: Use Android digests
-// Was: import org.bouncycastle.crypto.util.DigestFactory;
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.encoders.Hex;
@@ -34,9 +33,9 @@ public class DSAParametersGenerator
 
     public DSAParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public DSAParametersGenerator(Digest digest)
@@ -131,9 +130,9 @@ public class DSAParametersGenerator
         int             n = (L - 1) / 160;
         byte[]          w = new byte[L / 8];
 
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // if (!(digest instanceof SHA1Digest))
         if (!(digest.getAlgorithmName().equals("SHA-1")))
-        // END android-changed
         {
             throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters");
         }

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java

@@ -3,13 +3,11 @@ package org.bouncycastle.crypto.generators;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 
 /**
  * Generator for PBE derived keys and ivs as usd by OpenSSL.
@@ -21,9 +19,9 @@ import org.bouncycastle.crypto.params.ParametersWithIV;
 public class OpenSSLPBEParametersGenerator
     extends PBEParametersGenerator
 {
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // private Digest  digest = DigestFactory.createMD5();
     private Digest  digest = AndroidDigestFactory.getMD5();
-    // END android-changed
 
     /**
      * Construct a OpenSSL Parameters generator. 

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java

@@ -4,15 +4,12 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -34,9 +31,9 @@ public class PKCS5S2ParametersGenerator
      */
     public PKCS5S2ParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public PKCS5S2ParametersGenerator(Digest digest)

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java

@@ -36,18 +36,18 @@ public class HMac
     {
         blockLengths = new Hashtable();
         
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("GOST3411", Integers.valueOf(32));
         //
         // blockLengths.put("MD2", Integers.valueOf(16));
         // blockLengths.put("MD4", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         blockLengths.put("MD5", Integers.valueOf(64));
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("RIPEMD128", Integers.valueOf(64));
         // blockLengths.put("RIPEMD160", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         
         blockLengths.put("SHA-1", Integers.valueOf(64));
         blockLengths.put("SHA-224", Integers.valueOf(64));
@@ -55,10 +55,10 @@ public class HMac
         blockLengths.put("SHA-384", Integers.valueOf(128));
         blockLengths.put("SHA-512", Integers.valueOf(128));
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("Tiger", Integers.valueOf(64));
         // blockLengths.put("Whirlpool", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
     
     private static int getByteLength(

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java

@@ -24,11 +24,11 @@ public class GCMBlockCipher
     implements AEADBlockCipher
 {
     private static final int BLOCK_SIZE = 16;
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     // 2^36-32 : limitation imposed by NIST GCM as otherwise the counter is wrapped and it can leak
     // plaintext and authentication key
     private static final long MAX_INPUT_SIZE = 68719476704L;
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     // not final due to a compiler bug
     private BlockCipher   cipher;
@@ -238,13 +238,13 @@ public class GCMBlockCipher
         return totalData < macSize ? 0 : totalData - macSize;
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     /** Helper used to ensure that {@link #MAX_INPUT_SIZE} is not exceeded. */
     private long getTotalInputSizeAfterNewInput(int newInputLen)
     {
         return totalLength + newInputLen + bufOff;
     }
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     public int getUpdateOutputSize(int len)
     {
@@ -263,11 +263,11 @@ public class GCMBlockCipher
     public void processAADByte(byte in)
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         atBlock[atBlockPos] = in;
         if (++atBlockPos == BLOCK_SIZE)
         {
@@ -280,11 +280,11 @@ public class GCMBlockCipher
 
     public void processAADBytes(byte[] in, int inOff, int len)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         for (int i = 0; i < len; ++i)
         {
             atBlock[atBlockPos] = in[inOff + i];
@@ -323,11 +323,11 @@ public class GCMBlockCipher
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         
         bufBlock[bufOff] = in;
         if (++bufOff == bufBlock.length)
@@ -342,11 +342,11 @@ public class GCMBlockCipher
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
 
         if (in.length < (inOff + len))
         {

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java

@@ -39,11 +39,11 @@ public class RSADigestSigner
      */
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
         oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
@@ -53,10 +53,17 @@ public class RSADigestSigner
         oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224);
         oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        /*
-        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        oidMap.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
-        // END android-removed
+        oidMap.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        oidMap.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        oidMap.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+
+        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
     }
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java

@@ -9,9 +9,8 @@ import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -33,10 +32,9 @@ import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
 /**
@@ -102,16 +100,18 @@ public class PrivateKeyFactory
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        /*
-        // {
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+        {
-        //     ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //
+            ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+
-        //         params.getP(), params.getG()));
+            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-        // }
+                params.getP(), params.getG()));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();

bouncycastle/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java

@@ -11,9 +11,8 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DEROctetString;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -40,10 +39,9 @@ import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
 /**
@@ -137,16 +135,18 @@ public class PublicKeyFactory
 
             return new DHPublicKeyParameters(derY.getValue(), dhParams);
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        /*
-        // {
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+        {
-        //     ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //
+            ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
-        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+
-        //         params.getP(), params.getG()));
+            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-        // }
+                params.getP(), params.getG()));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithm
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java

@@ -36,10 +36,10 @@ public class DH
             provider.addAttributes("KeyAgreement.DH", generalDhAttributes);
             provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi");
             provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_ESDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_SSDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.DH", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH");
@@ -51,22 +51,19 @@ public class DH
 
             provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
+            /*
-            // provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
+            provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
+            provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
-            // provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
+            provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
-            //
+            provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
-            // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
+
-            // provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
+            provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
+            provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
-            // provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
+            provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
-            //
+            provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
-            // provider.addAlgorithm("Cipher.OLDDHIES", PREFIX + "IESCipher$OldIES");
+            */
-            // provider.addAlgorithm("Cipher.OLDDHIESwithAES", PREFIX + "IESCipher$OldIESwithAES");
+            // END Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHAES", PREFIX + "IESCipher$OldIESwithAES");
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHDESEDE", PREFIX + "IESCipher$OldIESwithDESede");
-            // END android-removed
 
             registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
             registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java

@@ -27,52 +27,52 @@ public class DSA
             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
 
-            // BEGIN android-changed
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
+            // provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
             provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
-            // END android-changed
+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
 
             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
+            /*
-            // provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
+            provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
-
+            provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
-            // provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
+
-            // provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
+            provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
-            // provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
+            provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
-            // provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
+            provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
-            // END android-removed
+            provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
             addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+            /*
-            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
+            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-            // END android-removed
+            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-
+
-            // BEGIN android-added
+            addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
-            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
-            // END android-added
+            addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
-
+            addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
-            // BEGIN android-removed
+            */
-            // addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
+            // END Android-removed: Unsupported algorithms
-            // addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
+
-            // addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
-            // addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
-            // END android-removed
-
-            // BEGIN android-changed
             provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
@@ -82,19 +82,19 @@ public class DSA
             provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-            // END android-changed
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
 
             for (int i = 0; i != DSAUtil.dsaOids.length; i++)
             {
-                // BEGIN android-changed
+                // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
                 provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA");
-                // END android-changed
+                // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
                 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
                 registerOidAlgorithmParameterGenerator(provider, DSAUtil.dsaOids[i], "DSA");

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java

@@ -3,20 +3,20 @@ package org.bouncycastle.jcajce.provider.asymmetric;
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 // import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.Properties;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 public class EC
 {
@@ -43,146 +43,144 @@ public class EC
 
             provider.addAttributes("KeyAgreement.ECDH", generalEcAttributes);
             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
+            /*
-            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+            provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
-            // provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
+            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-            // provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
+            provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
-            //
+            provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
+
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
-            //
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
+
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
-            //
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
+
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
-            //
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
+
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
-            //
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
+
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
-            //
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
+
-            //
+            provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
+
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
-            // END android-removed
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
+            */
+            // END Android-removed: Unsupported algorithms
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
-            // BEGIN android-added
+
-            // We were having this one in 1.52. As of 1.54 this one is under
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
+            /*
-            // below
+            registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
+
+            if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
+            {
+                provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
+
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
+
+                provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
+
+            */
+            // END Android-removed: Unsupported algorithms
                 registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // END android-added
+            // BEGIN Android-removed: Unsupported algorithms
-
+            /*
-            // BEGIN android-removed
+                registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-            // registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+
-            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+                provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-            //
+                provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-            // END android-removed
+            }
-            // BEGIN android-removed
+            */
-            // // Android comment: the registrations in this block are causing CTS tests to fail
+            // END Android-removed: Unsupported algorithms
-            // // and don't seem to be implemented by bouncycastle (so looks like an bug in
-            // // bouncycastle).
-            // // TODO(20447540): check if this occurs in upstream bouncycastle and report accordingly
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            // END android-removed
-            // BEGIN android-removed
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
-            //
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
-            // {
-            //     provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-            //
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
-            //
-            //     provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
-            //
-            //     registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //     registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
-            //
-            //     provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-            //     provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-            // }
-            // END android-removed
 
             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
+            /*
-            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
+            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-            // END android-removed
+            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
+            /*
-            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
+            provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-            //
+            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
+
-            //
+            provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
-            // provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+
-            // provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+            provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            //
+            provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            // provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
+
-            // END android-removed
+            provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
-
+            */
-            // BEGIN android-changed
+            // END Android-removed: Unsupported algorithms
+
+            // BEGIN Android-changed: Change primary ID from ECDSA to SHA1withECDSA
             provider.addAlgorithm("Signature.SHA1withECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
 
@@ -193,60 +191,64 @@ public class EC
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
-            // END android-changed
+            // END Android-changed: Change primary ID from ECDSA to SHA1withECDSA
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+            /*
-            //
+            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-            // provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+
-            // provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+            provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
+            provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
+            provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
-            // provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
+            provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
-            // provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
+            provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
-            // provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
+            provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
-            // provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
+            provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
-
+            provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
-            // provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
+
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
-            // END android-removed
+            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
+            /*
-            // addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
+            addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
-            // addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
+            addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
-            // addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
+            addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
-            //
+            addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
-            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+
-            //
+            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
+
-            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
+            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
+            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
+            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
+            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-            //
+            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+
-            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-            // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+            addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-            //
+            addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-            // addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+
-            // addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+            addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-            // addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+            addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-            // addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+            addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-            // addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+            addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-            // addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+            addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-            // END android-removed
+            addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java

@@ -7,9 +7,8 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -40,48 +39,58 @@ public class RSA
             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
             provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
+            /*
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-            //
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
+
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-            //
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
+
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-224WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-256WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-384WITHRSAANDMGF1", "PSS");
-            // END android-removed
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-512WITHRSAANDMGF1", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.RSA", generalRsaAttributes);
             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
-            // BEGIN android-changed
+            // Android-changed: Use an alias for RSA/RAW instead of a concrete implementation
             provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
-            // END android-changed
+            // BEGIN Android-removed: Unsupported algorithms
-            // BEGIN android-removed
+            /*
-            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
+            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
+            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
-            // END android-removed
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+            /*
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-            // END android-removed
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
@@ -91,128 +100,145 @@ public class RSA
             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
+            /*
-            //
+            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
+
-            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
+            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-            //
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
+
-            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            //
+            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
+
-            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
+            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-            //
+            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
+
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-            //
+            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-            // addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+
-            // addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-            // addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-            // addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
+            addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-            // addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
+            addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-            // addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
+            addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
-            //
+            addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
-            // addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
+
-            // addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
+            addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
-            // addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
+            addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
-            // addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
+            addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
-            //
+            addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
-            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
+
-            // {
+            if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
+            {
-            // }
+                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-            //
+            }
-            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
+
-            // {
+            if (provider.hasAlgorithm("MessageDigest", "MD4"))
-            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
+            {
-            // }
+                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
 
             if (provider.hasAlgorithm("MessageDigest", "MD5"))
             {
                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "MD5", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-                // END android-removed
             }
 
             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
             {
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
+                /*
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-                //
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-                // addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+
-                // END android-removed
+                addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+                */
+                // END Android-removed: Unsupported algorithms
                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "SHA1", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
 
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
 
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // addX931Signature(provider, "SHA1", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
             }
 
             addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
             addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
+            /*
-            // addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
+            addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
-            //
+            addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
-            // addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
+
-            // addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
+            addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
-            // addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
+            addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
-            // addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
+            addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
-            //
+            addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
-            // addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
+
-            // addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
+            addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
+            addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
+            addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
-            //
+            addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
-            // addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
+
-            // addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
+            addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
-            // addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
+            addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
-            // addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
+            addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
+            addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
+            addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
-            //
+            addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
+
-            // {
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-            //    addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+            {
-            //    addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-            //
+                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-            //    addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+
-            //    addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+                addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            // }
+                addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            //
+            }
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
+
-            // {
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-            //    addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+            {
-            //    addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
+                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-            //    provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
+                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-            //    provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-            //
+                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-            //    addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+
-            //    addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+                addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            // }
+                addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            // END android-removed
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
+            {
+                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
+            {
+                addISO9796Signature(provider, "Whirlpool", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addISO9796Signature(provider, "WHIRLPOOL", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "Whirlpool", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "WHIRLPOOL", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         private void addDigestSignature(

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java

@@ -18,10 +18,10 @@ public class X509
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
             // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             //
             // certificate factories.

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java

@@ -16,10 +16,9 @@ import javax.crypto.spec.DHParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 
@@ -234,14 +233,16 @@ public class KeyAgreementSpi
         return bigIntToBytes(result);
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // public static class DHwithRFC2631KDF
+    /*
-    //    extends KeyAgreementSpi
+    public static class DHwithRFC2631KDF
-    // {
+        extends KeyAgreementSpi
-    //    public DHwithRFC2631KDF()
+    {
-    //     {
+        public DHwithRFC2631KDF()
-    //         super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java

@@ -21,27 +21,15 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
+// Android-added: Check DSA keys when generated
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.digests.SHA224Digest;
-// import org.bouncycastle.crypto.digests.SHA256Digest;
-// import org.bouncycastle.crypto.digests.SHA384Digest;
-// import org.bouncycastle.crypto.digests.SHA512Digest;
-// END android-removed
-// BEGIN android-added
 import org.bouncycastle.crypto.params.DSAKeyParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
-// END android-added
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.params.ParametersWithRandom;
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DSASigner
@@ -83,13 +71,11 @@ public class DSASigner
         PrivateKey  privateKey)
         throws InvalidKeyException
     {
-        CipherParameters    param;
+        CipherParameters    param = DSAUtil.generatePrivateKeyParameter(privateKey);
 
-        param = DSAUtil.generatePrivateKeyParameter(privateKey);
+        // Android-added: Check DSA keys when generated
-        // BEGIN android-added
         DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters();
         checkKey(dsaParam);
-        // END android-added
 
         if (random != null)
         {
@@ -163,7 +149,7 @@ public class DSASigner
         throw new UnsupportedOperationException("engineSetParameter unsupported");
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Check DSA keys when generated
     protected void checkKey(DSAParameters params) throws InvalidKeyException {
         int valueL = params.getP().bitLength();
         int valueN = params.getQ().bitLength();
@@ -184,7 +170,7 @@ public class DSASigner
         }
     }
 
-    // END android-added
+    // END Android-added: Check DSA keys when generated
     /**
      * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
      */
@@ -238,171 +224,180 @@ public class DSASigner
     {
         public stdDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class detDSA
+    /*
-    //     extends DSASigner
+    static public class detDSA
-    // {
+        extends DSASigner
-    //     public detDSA()
+    {
-    //     {
+        public detDSA()
-    //         super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
+        {
-    //     }
+            super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
-    // }
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa224
         extends DSASigner
     {
         public dsa224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class detDSA224
+    /*
-    //     extends DSASigner
+    static public class detDSA224
-    // {
+        extends DSASigner
-    //     public detDSA224()
+    {
-    //     {
+        public detDSA224()
-    //         super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
+        {
-    //     }
+            super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
-    // }
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa256
         extends DSASigner
     {
         public dsa256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
+        }
-        }
+    }
-    }
+
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // static public class detDSA256
+    /*
-    //     extends DSASigner
+    static public class detDSA256
-    // {
+        extends DSASigner
-    //     public detDSA256()
+    {
-    //     {
+        public detDSA256()
-    //         super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
+        {
-    //     }
+            super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
-    // }
+        }
-    //
+    }
-    // static public class dsa384
+
-    //     extends DSASigner
+    static public class dsa384
-    // {
+        extends DSASigner
-    //     public dsa384()
+    {
-    //     {
+        public dsa384()
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSA384
+
-    //     extends DSASigner
+    static public class detDSA384
-    // {
+        extends DSASigner
-    //     public detDSA384()
+    {
-    //     {
+        public detDSA384()
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
+        {
-    //     }
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
-    // }
+        }
-    //
+    }
-    // static public class dsa512
+
-    //     extends DSASigner
+    static public class dsa512
-    // {
+        extends DSASigner
-    //     public dsa512()
+    {
-    //     {
+        public dsa512()
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSA512
+
-    //     extends DSASigner
+    static public class detDSA512
-    // {
+        extends DSASigner
-    //     public detDSA512()
+    {
-    //     {
+        public detDSA512()
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
+        {
-    //     }
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
-    // }
+        }
-    //
+    }
-    // static public class dsaSha3_224
+
-    //     extends DSASigner
+    static public class dsaSha3_224
-    // {
+        extends DSASigner
-    //     public dsaSha3_224()
+    {
-    //     {
+        public dsaSha3_224()
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSASha3_224
+
-    //     extends DSASigner
+    static public class detDSASha3_224
-    // {
+        extends DSASigner
-    //     public detDSASha3_224()
+    {
-    //     {
+        public detDSASha3_224()
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
+        {
-    //     }
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
-    // }
+        }
-    //
+    }
-    // static public class dsaSha3_256
+
-    //     extends DSASigner
+    static public class dsaSha3_256
-    // {
+        extends DSASigner
-    //     public dsaSha3_256()
+    {
-    //     {
+        public dsaSha3_256()
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSASha3_256
+
-    //     extends DSASigner
+    static public class detDSASha3_256
-    // {
+        extends DSASigner
-    //     public detDSASha3_256()
+    {
-    //     {
+        public detDSASha3_256()
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
+        {
-    //     }
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
-    // }
+        }
-    //
+    }
-    // static public class dsaSha3_384
+
-    //     extends DSASigner
+    static public class dsaSha3_384
-    // {
+        extends DSASigner
-    //     public dsaSha3_384()
+    {
-    //     {
+        public dsaSha3_384()
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSASha3_384
+
-    //     extends DSASigner
+    static public class detDSASha3_384
-    // {
+        extends DSASigner
-    //     public detDSASha3_384()
+    {
-    //     {
+        public detDSASha3_384()
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
+        {
-    //     }
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
-    // }
+        }
-    //
+    }
-    // static public class dsaSha3_512
+
-    //     extends DSASigner
+    static public class dsaSha3_512
-    // {
+        extends DSASigner
-    //     public dsaSha3_512()
+    {
-    //     {
+        public dsaSha3_512()
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
+        {
-    //     }
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
-    // }
+        }
-    //
+    }
-    // static public class detDSASha3_512
+
-    //     extends DSASigner
+    static public class detDSASha3_512
-    // {
+        extends DSASigner
-    //     public detDSASha3_512()
+    {
-    //     {
+        public detDSASha3_512()
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
+        {
-    //     }
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class noneDSA
         extends DSASigner

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java

@@ -26,9 +26,8 @@ public class DSAUtil
     public static final ASN1ObjectIdentifier[] dsaOids =
     {
         X9ObjectIdentifiers.id_dsa,
-        // BEGIN android-added
+        // Android-added: Add missing OID for DSA-with-SHA1
         X9ObjectIdentifiers.id_dsa_with_sha1,
-        // END android-added
         OIWObjectIdentifiers.dsaWithSHA1
     };
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java

@@ -14,32 +14,32 @@ import org.bouncycastle.crypto.BasicAgreement;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
 // import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
 // import org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator;
 // import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.MQVPrivateParameters;
 // import org.bouncycastle.crypto.params.MQVPublicParameters;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.MQVParameterSpec;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jce.interfaces.MQVPrivateKey;
 // import org.bouncycastle.jce.interfaces.MQVPublicKey;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 /**
  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
@@ -57,9 +57,8 @@ public class KeyAgreementSpi
     private ECDomainParameters     parameters;
     private BasicAgreement         agreement;
 
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // private MQVParameterSpec       mqvParameters;
-    // END android-removed
     private BigInteger             result;
 
     protected KeyAgreementSpi(
@@ -95,31 +94,33 @@ public class KeyAgreementSpi
         }
 
         CipherParameters pubKey;        
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // if (agreement instanceof ECMQVBasicAgreement)
+        /*
-        // {
+        if (agreement instanceof ECMQVBasicAgreement)
-        //     if (!(key instanceof MQVPublicKey))
+        {
-        //     {
+            if (!(key instanceof MQVPublicKey))
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+            {
-        //             ECUtils.generatePublicKeyParameter((PublicKey)key);
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter((PublicKey)key);
-        //             ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //
+                    ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
+
-        //     }
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        //     else
+            }
-        //     {
+            else
-        //         MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+            {
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+                MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
+
-        //     }
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        // }
+            }
-        // else
+        }
-        // END android-removed
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PublicKey))
             {
@@ -133,7 +134,9 @@ public class KeyAgreementSpi
         try
         {
             result = agreement.calculateAgreement(pubKey);
-        } catch (final Exception e) {
+        }
+        catch (final Exception e)
+        {
             throw new InvalidKeyException("calculation failed: " + e.getMessage())
             {
                 public Throwable getCause()
@@ -142,6 +145,7 @@ public class KeyAgreementSpi
                             }
             };
         }
+
         return null;
     }
 
@@ -151,9 +155,9 @@ public class KeyAgreementSpi
         SecureRandom            random) 
         throws InvalidKeyException, InvalidAlgorithmParameterException
     {
-        // BEGIN android-changed
+        // Android-removed: Unsupported algorithms
+        // if (params != null && !(params instanceof MQVParameterSpec || params instanceof UserKeyingMaterialSpec))
         if (params != null && !(params instanceof UserKeyingMaterialSpec))
-        // END android-changed
         {
             throw new InvalidAlgorithmParameterException("No algorithm parameters supported");
         }
@@ -172,62 +176,64 @@ public class KeyAgreementSpi
     private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec)
         throws InvalidKeyException
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // if (agreement instanceof ECMQVBasicAgreement)
+        /*
-        // {
+        if (agreement instanceof ECMQVBasicAgreement)
-        //     mqvParameters = null;
+        {
-        //     if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
+            mqvParameters = null;
-        //     {
+            if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
-        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+            {
-        //             + getSimpleName(MQVParameterSpec.class) + " for initialisation");
+                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-        //     }
+                    + getSimpleName(MQVParameterSpec.class) + " for initialisation");
-        //
+            }
-        //     ECPrivateKeyParameters staticPrivKey;
+
-        //     ECPrivateKeyParameters ephemPrivKey;
+            ECPrivateKeyParameters staticPrivKey;
-        //     ECPublicKeyParameters ephemPubKey;
+            ECPrivateKeyParameters ephemPrivKey;
-        //     if (key instanceof MQVPrivateKey)
+            ECPublicKeyParameters ephemPubKey;
-        //     {
+            if (key instanceof MQVPrivateKey)
-        //         MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+            {
-        //         staticPrivKey = (ECPrivateKeyParameters)
+                MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+                staticPrivKey = (ECPrivateKeyParameters)
-        //         ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+                ephemPrivKey = (ECPrivateKeyParameters)
-        //
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-        //         ephemPubKey = null;
+
-        //         if (mqvPrivKey.getEphemeralPublicKey() != null)
+                ephemPubKey = null;
-        //         {
+                if (mqvPrivKey.getEphemeralPublicKey() != null)
-        //             ephemPubKey = (ECPublicKeyParameters)
+                {
-        //                 ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+                    ephemPubKey = (ECPublicKeyParameters)
-        //         }
+                        ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-        //     }
+                }
-        //     else
+            }
-        //     {
+            else
-        //         MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
+            {
-        //
+                MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
-        //         staticPrivKey = (ECPrivateKeyParameters)
+
-        //             ECUtil.generatePrivateKeyParameter((PrivateKey)key);
+                staticPrivKey = (ECPrivateKeyParameters)
-        //         ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter((PrivateKey)key);
-        //             ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
+                ephemPrivKey = (ECPrivateKeyParameters)
-        //
+                    ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
-        //         ephemPubKey = null;
+
-        //         if (mqvParameterSpec.getEphemeralPublicKey() != null)
+                ephemPubKey = null;
-        //         {
+                if (mqvParameterSpec.getEphemeralPublicKey() != null)
-        //             ephemPubKey = (ECPublicKeyParameters)
+                {
-        //                 ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
+                    ephemPubKey = (ECPublicKeyParameters)
-        //         }
+                        ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
-        //         mqvParameters = mqvParameterSpec;
+                }
-        //         ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
+                mqvParameters = mqvParameterSpec;
-        //     }
+                ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
-        //
+            }
-        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+
-        //     this.parameters = staticPrivKey.getParameters();
+            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-        //
+            this.parameters = staticPrivKey.getParameters();
-        //     // TODO Validate that all the keys are using the same parameters?
+
-        //
+            // TODO Validate that all the keys are using the same parameters?
-        //     agreement.init(localParams);
+
-        // }
+            agreement.init(localParams);
-        // else
+        }
-        // END android-removed
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PrivateKey))
             {
@@ -264,248 +270,250 @@ public class KeyAgreementSpi
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class DHC
+    /*
-    //     extends KeyAgreementSpi
+    public static class DHC
-    // {
+        extends KeyAgreementSpi
-    //     public DHC()
+    {
-    //     {
+        public DHC()
-    //         super("ECDHC", new ECDHCBasicAgreement(), null);
+        {
-    //     }
+            super("ECDHC", new ECDHCBasicAgreement(), null);
-    // }
+        }
-
+    }
-    // public static class MQV
+
-    //     extends KeyAgreementSpi
+    public static class MQV
-    // {
+        extends KeyAgreementSpi
-    //     public MQV()
+    {
-    //     {
+        public MQV()
-    //         super("ECMQV", new ECMQVBasicAgreement(), null);
+        {
-    //     }
+            super("ECMQV", new ECMQVBasicAgreement(), null);
-    // }
+        }
-
+    }
-    // public static class DHwithSHA1KDF
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA1KDF
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA1KDF()
+    {
-    //     {
+        public DHwithSHA1KDF()
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA1KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA1KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA1KDFAndSharedInfo()
+    {
-    //     {
+        public DHwithSHA1KDFAndSharedInfo()
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class CDHwithSHA1KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class CDHwithSHA1KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public CDHwithSHA1KDFAndSharedInfo()
+    {
-    //     {
+        public CDHwithSHA1KDFAndSharedInfo()
-    //         super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA224KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA224KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA224KDFAndSharedInfo()
+    {
-    //     {
+        public DHwithSHA224KDFAndSharedInfo()
-    //         super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        {
-    //     }
+            super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    // }
+        }
-
+    }
-    // public static class CDHwithSHA224KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class CDHwithSHA224KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public CDHwithSHA224KDFAndSharedInfo()
+    {
-    //     {
+        public CDHwithSHA224KDFAndSharedInfo()
-    //         super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        {
-    //     }
+            super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA256KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA256KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA256KDFAndSharedInfo()
+    {
-    //     {
+        public DHwithSHA256KDFAndSharedInfo()
-    //         super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        {
-    //     }
+            super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    // }
+        }
-
+    }
-    // public static class CDHwithSHA256KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class CDHwithSHA256KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public CDHwithSHA256KDFAndSharedInfo()
+    {
-    //     {
+        public CDHwithSHA256KDFAndSharedInfo()
-    //         super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        {
-    //     }
+            super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA384KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA384KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA384KDFAndSharedInfo()
+    {
-    //     {
+        public DHwithSHA384KDFAndSharedInfo()
-    //         super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        {
-    //     }
+            super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    // }
+        }
-
+    }
-    // public static class CDHwithSHA384KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class CDHwithSHA384KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public CDHwithSHA384KDFAndSharedInfo()
+    {
-    //     {
+        public CDHwithSHA384KDFAndSharedInfo()
-    //         super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        {
-    //     }
+            super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA512KDFAndSharedInfo
+
-    //      extends KeyAgreementSpi
+    public static class DHwithSHA512KDFAndSharedInfo
-    //  {
+         extends KeyAgreementSpi
-    //      public DHwithSHA512KDFAndSharedInfo()
+     {
-    //      {
+         public DHwithSHA512KDFAndSharedInfo()
-    //          super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         {
-    //      }
+             super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //  }
+         }
-
+     }
-    //  public static class CDHwithSHA512KDFAndSharedInfo
+
-    //      extends KeyAgreementSpi
+     public static class CDHwithSHA512KDFAndSharedInfo
-    //  {
+         extends KeyAgreementSpi
-    //      public CDHwithSHA512KDFAndSharedInfo()
+     {
-    //      {
+         public CDHwithSHA512KDFAndSharedInfo()
-    //          super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         {
-    //      }
+             super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //  }
+         }
-
+     }
-    // public static class MQVwithSHA1KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA1KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA1KDFAndSharedInfo()
+    {
-    //     {
+        public MQVwithSHA1KDFAndSharedInfo()
-    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA224KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA224KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA224KDFAndSharedInfo()
+    {
-    //     {
+        public MQVwithSHA224KDFAndSharedInfo()
-    //         super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        {
-    //     }
+            super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA256KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA256KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA256KDFAndSharedInfo()
+    {
-    //     {
+        public MQVwithSHA256KDFAndSharedInfo()
-    //         super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        {
-    //     }
+            super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA384KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA384KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA384KDFAndSharedInfo()
+    {
-    //     {
+        public MQVwithSHA384KDFAndSharedInfo()
-    //         super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        {
-    //     }
+            super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA512KDFAndSharedInfo
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA512KDFAndSharedInfo
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA512KDFAndSharedInfo()
+    {
-    //     {
+        public MQVwithSHA512KDFAndSharedInfo()
-    //         super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+        {
-    //     }
+            super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA1CKDF
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA1CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA1CKDF()
+    {
-    //     {
+        public DHwithSHA1CKDF()
-    //         super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA256CKDF
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA256CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA256CKDF()
+    {
-    //     {
+        public DHwithSHA256CKDF()
-    //         super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        {
-    //     }
+            super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA384CKDF
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA384CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA384CKDF()
+    {
-    //     {
+        public DHwithSHA384CKDF()
-    //         super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        {
-    //     }
+            super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    // }
+        }
-
+    }
-    // public static class DHwithSHA512CKDF
+
-    //     extends KeyAgreementSpi
+    public static class DHwithSHA512CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public DHwithSHA512CKDF()
+    {
-    //     {
+        public DHwithSHA512CKDF()
-    //         super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        {
-    //     }
+            super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA1CKDF
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA1CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA1CKDF()
+    {
-    //     {
+        public MQVwithSHA1CKDF()
-    //         super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        {
-    //     }
+            super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA224CKDF
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA224CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA224CKDF()
+    {
-    //     {
+        public MQVwithSHA224CKDF()
-    //         super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
+        {
-    //     }
+            super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA256CKDF
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA256CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA256CKDF()
+    {
-    //     {
+        public MQVwithSHA256CKDF()
-    //         super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        {
-    //     }
+            super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA384CKDF
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA384CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA384CKDF()
+    {
-    //     {
+        public MQVwithSHA384CKDF()
-    //         super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        {
-    //     }
+            super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    // }
+        }
-
+    }
-    // public static class MQVwithSHA512CKDF
+
-    //     extends KeyAgreementSpi
+    public static class MQVwithSHA512CKDF
-    // {
+        extends KeyAgreementSpi
-    //     public MQVwithSHA512CKDF()
+    {
-    //     {
+        public MQVwithSHA512CKDF()
-    //         super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        {
-    //     }
+            super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java

@@ -208,16 +208,18 @@ public class KeyFactorySpi
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // public static class ECGOST3410
+    /*
-    //     extends KeyFactorySpi
+    public static class ECGOST3410
-    // {
+        extends KeyFactorySpi
-    //     public ECGOST3410()
+    {
-    //     {
+        public ECGOST3410()
-    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
+        {
-    //     }
+            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     public static class ECDH
         extends KeyFactorySpi

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java

@@ -43,9 +43,10 @@ public abstract class KeyPairGeneratorSpi
         ECKeyGenerationParameters   param;
         ECKeyPairGenerator          engine = new ECKeyPairGenerator();
         Object                      ecParams = null;
-        // BEGIN android-changed
+        // Android-changed: Use 256-bit keys by default.
+        // 239-bit keys (the Bouncy Castle default) are less widely-supported than 256-bit ones,
+        // so we've changed the default strength to 256 for increased compatibility
         int                         strength = 256;
-        // BEGIN android-changed
         int                         certainty = 50;
         SecureRandom                random = new SecureRandom();
         boolean                     initialised = false;
@@ -87,13 +88,13 @@ public abstract class KeyPairGeneratorSpi
             SecureRandom    random)
         {
             this.strength = strength;
-            // BEGIN android-added
+            // BEGIN Android-changed: Don't override this.random with null.
+            // Passing null just means to use a default random, which this.random is already
+            // initialized to, so just use that
             if (random != null) {
-            // END android-added
                 this.random = random;
-            // BEGIN android-added
             }
-            // END android-added
+            // END Android-changed: Don't override this.random with null.
 
             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
             if (ecParams == null)
@@ -116,11 +117,11 @@ public abstract class KeyPairGeneratorSpi
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
-            // BEGIN android-added
+            // BEGIN Android-added: Use existing SecureRandom if none is provided.
             if (random == null) {
                 random = this.random;
             }
-            // END android-added
+            // END Android-added: Use existing SecureRandom if none is provided.
             if (params == null)
             {
                 ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java

@@ -16,19 +16,18 @@ import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
+// BEGIN Android-removed: Unsupported algorithms
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.signers.ECNRSigner;
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// END Android-removed: Unsupported algorithms
+// BEGIN Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
@@ -74,22 +73,24 @@ public class SignatureSpi
     {
         public ecDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class ecDetDSA
+    /*
-    //     extends SignatureSpi
+    static public class ecDetDSA
-    // {
+        extends SignatureSpi
-    //     public ecDetDSA()
+    {
-    //     {
+        public ecDetDSA()
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
+        {
-    //     }
+            super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSAnone
         extends SignatureSpi
@@ -105,267 +106,276 @@ public class SignatureSpi
     {
         public ecDSA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA224(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class ecDetDSA224
+    /*
-    //     extends SignatureSpi
+    static public class ecDetDSA224
-    // {
+        extends SignatureSpi
-    //     public ecDetDSA224()
+    {
-    //     {
+        public ecDetDSA224()
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
+        {
-    //     }
+            super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA256
         extends SignatureSpi
     {
         public ecDSA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class ecDetDSA256
+    /*
-    //     extends SignatureSpi
+    static public class ecDetDSA256
-    // {
+        extends SignatureSpi
-    //     public ecDetDSA256()
+    {
-    //     {
+        public ecDetDSA256()
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
+        {
-    //     }
+            super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA384
         extends SignatureSpi
     {
         public ecDSA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA384(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithm
-    // static public class ecDetDSA384
+    /*
-    //     extends SignatureSpi
+    static public class ecDetDSA384
-    // {
+        extends SignatureSpi
-    //     public ecDetDSA384()
+    {
-    //     {
+        public ecDetDSA384()
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
+        {
-    //     }
+            super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+
     static public class ecDSA512
         extends SignatureSpi
     {
         public ecDSA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA512(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
+        }
-        }
+    }
-    }
+
-
+    // BEGIN Android-removed: Unsupported algorithms
-    // BEGIN android-removed
+    /*
-    // static public class ecDetDSA512
+    static public class ecDetDSA512
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDetDSA512()
+        public ecDetDSA512()
-    //     {
+        {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
+            super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDSASha3_224
+    static public class ecDSASha3_224
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDSASha3_224()
+        public ecDSASha3_224()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDetDSASha3_224
+    static public class ecDetDSASha3_224
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDetDSASha3_224()
+        public ecDetDSASha3_224()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDSASha3_256
+    static public class ecDSASha3_256
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDSASha3_256()
+        public ecDSASha3_256()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDetDSASha3_256
+    static public class ecDetDSASha3_256
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDetDSASha3_256()
+        public ecDetDSASha3_256()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDSASha3_384
+    static public class ecDSASha3_384
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDSASha3_384()
+        public ecDSASha3_384()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDetDSASha3_384
+    static public class ecDetDSASha3_384
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDetDSASha3_384()
+        public ecDetDSASha3_384()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDSASha3_512
+    static public class ecDSASha3_512
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDSASha3_512()
+        public ecDSASha3_512()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDetDSASha3_512
+    static public class ecDetDSASha3_512
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDetDSASha3_512()
+        public ecDetDSASha3_512()
-    //     {
+        {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecDSARipeMD160
+    static public class ecDSARipeMD160
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecDSARipeMD160()
+        public ecDSARipeMD160()
-    //     {
+        {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecNR
+    static public class ecNR
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecNR()
+        public ecNR()
-    //     {
+        {
-    //         super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecNR224
+    static public class ecNR224
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecNR224()
+        public ecNR224()
-    //     {
+        {
-    //         super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecNR256
+    static public class ecNR256
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecNR256()
+        public ecNR256()
-    //     {
+        {
-    //         super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecNR384
+    static public class ecNR384
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecNR384()
+        public ecNR384()
-    //     {
+        {
-    //         super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecNR512
+    static public class ecNR512
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecNR512()
+        public ecNR512()
-    //     {
+        {
-    //         super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
+            super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecCVCDSA
+    static public class ecCVCDSA
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecCVCDSA()
+        public ecCVCDSA()
-    //     {
+        {
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
+            super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecCVCDSA224
+    static public class ecCVCDSA224
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecCVCDSA224()
+        public ecCVCDSA224()
-    //     {
+        {
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
+            super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecCVCDSA256
+    static public class ecCVCDSA256
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecCVCDSA256()
+        public ecCVCDSA256()
-    //     {
+        {
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
+            super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecCVCDSA384
+    static public class ecCVCDSA384
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecCVCDSA384()
+        public ecCVCDSA384()
-    //     {
+        {
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
+            super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecCVCDSA512
+    static public class ecCVCDSA512
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecCVCDSA512()
+        public ecCVCDSA512()
-    //     {
+        {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
+            super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class ecPlainDSARP160
+    static public class ecPlainDSARP160
-    //     extends SignatureSpi
+        extends SignatureSpi
-    // {
+    {
-    //     public ecPlainDSARP160()
+        public ecPlainDSARP160()
-    //     {
+        {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
+            super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
+        }
-    // }
+    }
-    // END android-removed
+    */
+    // END Android-removed: Unsupported algorithms
 
     private static class StdDSAEncoder
         implements DSAEncoder
@@ -406,68 +416,70 @@ public class SignatureSpi
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // private static class PlainDSAEncoder
+    /*
-    //     implements DSAEncoder
+    private static class PlainDSAEncoder
-    // {
+        implements DSAEncoder
-    //     public byte[] encode(
+    {
-    //         BigInteger r,
+        public byte[] encode(
-    //         BigInteger s)
+            BigInteger r,
-    //         throws IOException
+            BigInteger s)
-    //     {
+            throws IOException
-    //         byte[] first = makeUnsigned(r);
+        {
-    //         byte[] second = makeUnsigned(s);
+            byte[] first = makeUnsigned(r);
-    //         byte[] res;
+            byte[] second = makeUnsigned(s);
-    //
+            byte[] res;
-    //         if (first.length > second.length)
+
-    //         {
+            if (first.length > second.length)
-    //             res = new byte[first.length * 2];
+            {
-    //         }
+                res = new byte[first.length * 2];
-    //         else
+            }
-    //         {
+            else
-    //             res = new byte[second.length * 2];
+            {
-    //         }
+                res = new byte[second.length * 2];
-    //
+            }
-    //         System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+
-    //         System.arraycopy(second, 0, res, res.length - second.length, second.length);
+            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
-    //
+            System.arraycopy(second, 0, res, res.length - second.length, second.length);
-    //         return res;
+
-    //     }
+            return res;
-    //
+        }
-    //
+
-    //     private byte[] makeUnsigned(BigInteger val)
+
-    //     {
+        private byte[] makeUnsigned(BigInteger val)
-    //         byte[] res = val.toByteArray();
+        {
-    //
+            byte[] res = val.toByteArray();
-    //         if (res[0] == 0)
+
-    //         {
+            if (res[0] == 0)
-    //             byte[] tmp = new byte[res.length - 1];
+            {
-    //
+                byte[] tmp = new byte[res.length - 1];
-    //             System.arraycopy(res, 1, tmp, 0, tmp.length);
+
-    //
+                System.arraycopy(res, 1, tmp, 0, tmp.length);
-    //             return tmp;
+
-    //         }
+                return tmp;
-    //
+            }
-    //         return res;
+
-    //     }
+            return res;
-    //
+        }
-    //     public BigInteger[] decode(
+
-    //         byte[] encoding)
+        public BigInteger[] decode(
-    //         throws IOException
+            byte[] encoding)
-    //     {
+            throws IOException
-    //         BigInteger[] sig = new BigInteger[2];
+        {
-    //
+            BigInteger[] sig = new BigInteger[2];
-    //         byte[] first = new byte[encoding.length / 2];
+
-    //         byte[] second = new byte[encoding.length / 2];
+            byte[] first = new byte[encoding.length / 2];
-    //
+            byte[] second = new byte[encoding.length / 2];
-    //         System.arraycopy(encoding, 0, first, 0, first.length);
+
-    //         System.arraycopy(encoding, first.length, second, 0, second.length);
+            System.arraycopy(encoding, 0, first, 0, first.length);
-    //
+            System.arraycopy(encoding, first.length, second, 0, second.length);
-    //         sig[0] = new BigInteger(1, first);
+
-    //         sig[1] = new BigInteger(1, second);
+            sig[0] = new BigInteger(1, first);
-    //
+            sig[1] = new BigInteger(1, second);
-    //         return sig;
+
-    //     }
+            return sig;
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java

@@ -18,6 +18,7 @@ import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
+import javax.crypto.ShortBufferException;
 import javax.crypto.spec.OAEPParameterSpec;
 import javax.crypto.spec.PSource;
 
@@ -26,9 +27,8 @@ import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-// END android-removed
 import org.bouncycastle.crypto.encodings.OAEPEncoding;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
@@ -36,14 +36,18 @@ import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi;
 import org.bouncycastle.jcajce.provider.util.BadBlockException;
 import org.bouncycastle.jcajce.provider.util.DigestFactory;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.Strings;
 
 public class CipherSpi
     extends BaseCipherSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private AsymmetricBlockCipher cipher;
     private AlgorithmParameterSpec paramSpec;
@@ -203,12 +207,12 @@ public class CipherSpi
         {
             cipher = new PKCS1Encoding(new RSABlindedEngine());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // else if (pad.equals("ISO9796-1PADDING"))
         // {
         //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithm
         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
@@ -237,24 +241,26 @@ public class CipherSpi
         {
             initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT));
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
+        /*
-        // {
+        else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
-        //     initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
+        {
-        // }
+            initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
-        // else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
+        }
-        // {
+        else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
-        //     initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
+        {
-        // }
+            initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
-        // else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
+        }
-        // {
+        else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
-        //     initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
+        {
-        // }
+            initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
-        // else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
+        }
-        // {
+        else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
-        //     initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
+        {
-        // }
+            initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             throw new NoSuchPaddingException(padding + " unavailable with RSA.");
@@ -494,8 +500,14 @@ public class CipherSpi
         int     inputLen,
         byte[]  output,
         int     outputOffset) 
-        throws IllegalBlockSizeException, BadPaddingException
+        throws IllegalBlockSizeException, BadPaddingException, ShortBufferException
     {
+        // BEGIN Android-added: Throw ShortBufferException when given a short buffer.
+        if (engineGetOutputSize(inputLen) > output.length - outputOffset)
+        {
+            throw new ShortBufferException("output buffer too short for input.");
+        }
+        // END Android-added: Throw ShortBufferException when given a short buffer.
         if (input != null)
         {
             bOut.write(input, inputOffset, inputLen);
@@ -562,50 +574,52 @@ public class CipherSpi
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // static public class PKCS1v1_5Padding
+    /*
-    //     extends CipherSpi
+    static public class PKCS1v1_5Padding
-    // {
+        extends CipherSpi
-    //     public PKCS1v1_5Padding()
+    {
-    //     {
+        public PKCS1v1_5Padding()
-    //         super(new PKCS1Encoding(new RSABlindedEngine()));
+        {
-    //     }
+            super(new PKCS1Encoding(new RSABlindedEngine()));
-    // }
+        }
-    //
+    }
-    // static public class PKCS1v1_5Padding_PrivateOnly
+
-    //     extends CipherSpi
+    static public class PKCS1v1_5Padding_PrivateOnly
-    // {
+        extends CipherSpi
-    //     public PKCS1v1_5Padding_PrivateOnly()
+    {
-    //     {
+        public PKCS1v1_5Padding_PrivateOnly()
-    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
+        {
-    //     }
+            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-    // }
+        }
-    //
+    }
-    // static public class PKCS1v1_5Padding_PublicOnly
+
-    //     extends CipherSpi
+    static public class PKCS1v1_5Padding_PublicOnly
-    // {
+        extends CipherSpi
-    //     public PKCS1v1_5Padding_PublicOnly()
+    {
-    //     {
+        public PKCS1v1_5Padding_PublicOnly()
-    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
+        {
-    //     }
+            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-    // }
+        }
-    //
+    }
-    // static public class OAEPPadding
+
-    //     extends CipherSpi
+    static public class OAEPPadding
-    // {
+        extends CipherSpi
-    //     public OAEPPadding()
+    {
-    //     {
+        public OAEPPadding()
-    //         super(OAEPParameterSpec.DEFAULT);
+        {
-    //     }
+            super(OAEPParameterSpec.DEFAULT);
-    // }
+        }
-    //
+    }
-    // static public class ISO9796d1Padding
+    
-    //     extends CipherSpi
+    static public class ISO9796d1Padding
-    // {
+        extends CipherSpi
-    //     public ISO9796d1Padding()
+    {
-    //     {
+        public ISO9796d1Padding()
-    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
+        {
-    //     }
+            super(new ISO9796d1Encoding(new RSABlindedEngine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java

@@ -17,30 +17,25 @@ import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DigestInfo;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-added
+// Android-removed: Unsupported algorithms
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
 // import org.bouncycastle.crypto.digests.NullDigest;
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DigestSignatureSpi
@@ -258,9 +253,9 @@ public class DigestSignatureSpi
     {
         public SHA1()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(OIWObjectIdentifiers.idSHA1, DigestFactory.createSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
             super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -269,9 +264,9 @@ public class DigestSignatureSpi
     {
         public SHA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha224, DigestFactory.createSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha224, AndroidDigestFactory.getSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -280,9 +275,9 @@ public class DigestSignatureSpi
     {
         public SHA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha256, DigestFactory.createSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -291,9 +286,9 @@ public class DigestSignatureSpi
     {
         public SHA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha384, DigestFactory.createSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -302,132 +297,136 @@ public class DigestSignatureSpi
     {
         public SHA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha512, DigestFactory.createSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
+        }
-        }
+    }
-    }
+
-
+    // BEGIN Android-removed: Unsupported algorithms
-    // BEGIN android-removed
+    /*
-    // static public class SHA512_224
+    static public class SHA512_224
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA512_224()
+        public SHA512_224()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class SHA512_256
+    static public class SHA512_256
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA512_256()
+        public SHA512_256()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class SHA3_224
+    static public class SHA3_224
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA3_224()
+        public SHA3_224()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class SHA3_256
+    static public class SHA3_256
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA3_256()
+        public SHA3_256()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class SHA3_384
+    static public class SHA3_384
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA3_384()
+        public SHA3_384()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class SHA3_512
+    static public class SHA3_512
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public SHA3_512()
+        public SHA3_512()
-    //     {
+        {
-    //         super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class MD2
+    static public class MD2
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public MD2()
+        public MD2()
-    //     {
+        {
-    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-
+
-    // static public class MD4
+    static public class MD4
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public MD4()
+        public MD4()
-    //     {
+        {
-    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-    // END android-removed
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class MD5
         extends DigestSignatureSpi
     {
         public MD5()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(PKCSObjectIdentifiers.md5, DigestFactory.createMD5(), new PKCS1Encoding(new RSABlindedEngine()));
             super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
+        }
-        }
+    }
-    }
+
-
+    // BEGIN Android-removed: Unsupported algorithms
-    // BEGIN android-removed
+    /*
-    // static public class RIPEMD160
+    static public class RIPEMD160
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public RIPEMD160()
+        public RIPEMD160()
-    //     {
+        {
-    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-    //
+
-    // static public class RIPEMD128
+    static public class RIPEMD128
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public RIPEMD128()
+        public RIPEMD128()
-    //     {
+        {
-    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-    //
+
-    // static public class RIPEMD256
+    static public class RIPEMD256
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public RIPEMD256()
+        public RIPEMD256()
-    //     {
+        {
-    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-    //
+
-    // static public class noneRSA
+    static public class noneRSA
-    //     extends DigestSignatureSpi
+        extends DigestSignatureSpi
-    // {
+    {
-    //     public noneRSA()
+        public noneRSA()
-    //     {
+        {
-    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
+            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
+        }
-    // }
+    }
-    // END android-removed
+    */
+    // END Android-removed: Unsupported algorithms
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java

@@ -43,10 +43,9 @@ public class KeyPairGeneratorSpi
         SecureRandom random)
     {
         param = new RSAKeyGenerationParameters(defaultPublicExponent,
-            // BEGIN android-changed
+            // Android-changed: Replace null random with default implementation.
-            // Was: random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
+            // random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
             (random != null) ? random : new SecureRandom(), strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
-            // END android-changed
 
         engine.init(param);
     }
@@ -64,10 +63,9 @@ public class KeyPairGeneratorSpi
 
         param = new RSAKeyGenerationParameters(
             rsaParams.getPublicExponent(),
-            // BEGIN android-changed
+            // Android-changed: Replace null random with default implementation.
-            // Was: random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
+            // random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
             (random != null) ? random : new SecureRandom(), rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
-            // END android-changed
 
         engine.init(param);
     }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java

@@ -11,10 +11,9 @@ import javax.crypto.ShortBufferException;
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -22,10 +21,9 @@ import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
-// END android-removed
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
 import org.bouncycastle.util.Integers;
@@ -122,9 +120,8 @@ public abstract class BaseAgreementSpi
         nameTable.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedCBC.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedMAC.getId(), "SEED");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithm
         // nameTable.put(CryptoProObjectIdentifiers.gostR28147_gcfb.getId(), "GOST28147");
-        // END android-removed
 
         nameTable.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), "AES");
         nameTable.put(NISTObjectIdentifiers.id_aes128_CCM.getId(), "AES");
@@ -163,12 +160,12 @@ public abstract class BaseAgreementSpi
         {
             return "AES";
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // if (algDetails.startsWith(GNUObjectIdentifiers.Serpent.getId()))
         // {
         //     return "Serpent";
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         String name = (String)nameTable.get(Strings.toUpperCase(algDetails));
 
@@ -261,6 +258,7 @@ public abstract class BaseAgreementSpi
         }
 
         int    keySize = getKeySize(oidAlgorithm);
+
         if (kdf != null)
         {
             if (keySize < 0)
@@ -269,24 +267,26 @@ public abstract class BaseAgreementSpi
             }
             byte[] keyBytes = new byte[keySize / 8];
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithm
-            // if (kdf instanceof DHKEKGenerator)
+            /*
-            // {
+            if (kdf instanceof DHKEKGenerator)
-            //     ASN1ObjectIdentifier oid;
+            {
-            //     try
+                ASN1ObjectIdentifier oid;
-            //     {
+                try
-            //         oid = new ASN1ObjectIdentifier(oidAlgorithm);
+                {
-            //     }
+                    oid = new ASN1ObjectIdentifier(oidAlgorithm);
-            //     catch (IllegalArgumentException e)
+                }
-            //     {
+                catch (IllegalArgumentException e)
-            //         throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
+                {
-            //     }
+                    throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
-            //     DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
+                }
+                DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
 
-            //     kdf.init(params);
+                kdf.init(params);
-            // }
+            }
-            // else
+            else
-            // END android-removed
+            */
+            // END Android-removed: Unsupported algorithm
             {
                 KDFParameters params = new KDFParameters(secret, ukmParameters);
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java

@@ -18,10 +18,9 @@ import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -41,10 +40,9 @@ public abstract class BaseCipherSpi
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private final JcaJceHelper helper = new BCJcaJceHelper();

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java

@@ -47,14 +47,14 @@ public class EC5Util
             }
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // X9ECParameters c25519 = CustomNamedCurves.getByName("Curve25519");
 
         // customCurves.put(new ECCurve.Fp(
         //     c25519.getCurve().getField().getCharacteristic(),
         //     c25519.getCurve().getA().toBigInteger(),
         //     c25519.getCurve().getB().toBigInteger()), c25519.getCurve());
-        // END android-removed
+        // END Android-removed: Unsupported curves
     }
 
     public static ECCurve getCurve(

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java

@@ -8,17 +8,15 @@ import java.util.Enumeration;
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
 // import org.bouncycastle.asn1.gm.GMNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
@@ -338,24 +336,26 @@ public class ECUtil
             {
                 oid = NISTNamedCurves.getOID(name);
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (oid == null)
+            /*
-            // {
+            if (oid == null)
-            //     oid = TeleTrusTNamedCurves.getOID(name);
+            {
-            // }
+                oid = TeleTrusTNamedCurves.getOID(name);
-            // if (oid == null)
+            }
-            // {
+            if (oid == null)
-            //     oid = ECGOST3410NamedCurves.getOID(name);
+            {
-            // }
+                oid = ECGOST3410NamedCurves.getOID(name);
-            // if (oid == null)
+            }
-            // {
+            if (oid == null)
-            //     oid = ANSSINamedCurves.getOID(name);
+            {
-            // }
+                oid = ANSSINamedCurves.getOID(name);
-            // if (oid == null)
+            }
-            // {
+            if (oid == null)
-            //     oid = GMNamedCurves.getOID(name);
+            {
-            // }
+                oid = GMNamedCurves.getOID(name);
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return oid;
@@ -398,16 +398,18 @@ public class ECUtil
             {
                 params = NISTNamedCurves.getByOID(oid);
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (params == null)
+            /*
-            // {
+            if (params == null)
-            //     params = TeleTrusTNamedCurves.getByOID(oid);
+            {
-            // }
+                params = TeleTrusTNamedCurves.getByOID(oid);
-            // if (params == null)
+            }
-            // {
+            if (params == null)
-            //     params = GMNamedCurves.getByOID(oid);
+            {
-            // }
+                params = GMNamedCurves.getByOID(oid);
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -429,16 +431,18 @@ public class ECUtil
             {
                 params = NISTNamedCurves.getByName(curveName);
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (params == null)
+            /*
-            // {
+            if (params == null)
-            //     params = TeleTrusTNamedCurves.getByName(curveName);
+            {
-            // }
+                params = TeleTrusTNamedCurves.getByName(curveName);
-            // if (params == null)
+            }
-            // {
+            if (params == null)
-            //     params = GMNamedCurves.getByName(curveName);
+            {
-            // }
+                params = GMNamedCurves.getByName(curveName);
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -456,16 +460,18 @@ public class ECUtil
             {
                 name = NISTNamedCurves.getName(oid);
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (name == null)
+            /*
-            // {
+            if (name == null)
-            //     name = TeleTrusTNamedCurves.getName(oid);
+            {
-            // }
+                name = TeleTrusTNamedCurves.getName(oid);
-            // if (name == null)
+            }
-            // {
+            if (name == null)
-            //     name = ECGOST3410NamedCurves.getName(oid);
+            {
-            // }
+                name = ECGOST3410NamedCurves.getName(oid);
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return name;

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java

@@ -4,9 +4,8 @@ import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-// BEGIN Android-added
+// Android-added: Use PushbackInputStream
 import java.io.PushbackInputStream;
-// END Android-added
 import java.security.cert.CRL;
 import java.security.cert.CRLException;
 import java.security.cert.CertPath;
@@ -217,22 +216,21 @@ public class CertificateFactory
             }
             else
             {
-                // BEGIN android-changed
+                // Android-changed: Use PushbackInputStream instead of ByteArrayInputStream.
-                // Was: pis = new ByteArrayInputStream(Streams.readAll(in));
+                // we want {@code in.available()} to return the number of available bytes if
-                // Reason: we want {@code in.available()} to return the number of available bytes if
                 // there is trailing data (otherwise it breaks
                 // libcore.java.security.cert.X509CertificateTest#test_Provider
                 // ). Which is not possible if we read the whole stream at this point.
+                // // pis = new ByteArrayInputStream(Streams.readAll(in));
                 pis = new PushbackInputStream(in);
-                // END android-changed
             }
 
-            // BEGIN android-changed
+            // BEGIN Android-changed: Use PushbackInputStream
-            // Was: pis.mark(1);
+            // pis.mark(1);
             if (in.markSupported()) {
                 pis.mark(1);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             int tag = pis.read();
 
@@ -241,8 +239,8 @@ public class CertificateFactory
                 return null;
             }
 
-            // BEGIN android-changdd
+            // BEGIN Android-changed: Use PushbackInputStream
-            // Was: pis.reset
+            // pis.reset
             if (in.markSupported()) {
                 pis.reset();
             }
@@ -250,7 +248,7 @@ public class CertificateFactory
             {
                 ((PushbackInputStream) pis).unread(tag);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             if (tag != 0x30)  // assume ascii PEM encoded.
             {
@@ -276,19 +274,17 @@ public class CertificateFactory
         throws CertificateException
     {
         java.security.cert.Certificate     cert;
-        // BEGIN android-removed
+        // Android-removed: Don't read entire stream immediately.
-        // BufferedInputStream in = new BufferedInputStream(inStream);
+        // we want {@code in.available()} to return the number of available bytes if
-        // Reason: we want {@code in.available()} to return the number of available bytes if
         // there is trailing data (otherwise it breaks
         // libcore.java.security.cert.X509CertificateTest#test_Provider
         // ). Which is not possible if we read the whole stream at this point.
-        // END android-removed
+        // BufferedInputStream in = new BufferedInputStream(inStream);
         List certs = new ArrayList();
 
-        // BEGIN android-changed
+        // Android-changed: Read from original stream
-        // Was: while ((cert = engineGenerateCertificate(in)) != null)
+        // while ((cert = engineGenerateCertificate(in)) != null)
         while ((cert = engineGenerateCertificate(inStream)) != null)
-        // END android-changed
         {
             certs.add(cert);
         }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java

@@ -37,9 +37,8 @@ import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.io.pem.PemObject;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.io.pem.PemWriter;
-// END android-removed
 
 /**
  * CertPath implementation for X.509 certificates.
@@ -56,9 +55,8 @@ public  class PKIXCertPath
     {
         List encodings = new ArrayList();
         encodings.add("PkiPath");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // encodings.add("PEM");
-        // END android-removed
         encodings.add("PKCS7");
         certPathEncodings = Collections.unmodifiableList(encodings);
     }
@@ -305,29 +303,31 @@ public  class PKIXCertPath
             return toDEREncoded(new ContentInfo(
                     PKCSObjectIdentifiers.signedData, sd));
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (encoding.equalsIgnoreCase("PEM"))
+        /*
-        // {
+        else if (encoding.equalsIgnoreCase("PEM"))
-        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        {
-        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
+            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        //
+            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-        //     try
+
-        //     {
+            try
-        //         for (int i = 0; i != certificates.size(); i++)
+            {
-        //         {
+                for (int i = 0; i != certificates.size(); i++)
-        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
+                {
-        //         }
+                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-        //
+                }
-        //         pWrt.close();
+            
-        //     }
+                pWrt.close();
-        //     catch (Exception e)
+            }
-        //     {
+            catch (Exception e)
-        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
+            {
-        //     }
+                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-        //
+            }
-        //     return bOut.toByteArray();
+
-        // }
+            return bOut.toByteArray();
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             throw new CertificateEncodingException("unsupported encoding: " + encoding);

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java

@@ -56,9 +56,9 @@ import org.bouncycastle.asn1.x509.Extension;
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
-// BEGIN android-added
+// BEGIN Android-added: Unknown reason
 import org.bouncycastle.asn1.x509.X509Name;
-// END android-added
+// END Android-added: Unknown reason
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.X509Principal;
@@ -542,20 +542,19 @@ class X509CertificateObject
         }
     }
 
-    // BEGIN android-changed
+    // Android-added: Cache the encoded certificate
     private byte[] encoded;
-    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            // BEGIN android-changed
+            // BEGIN Android-changed: Cache the encoded certificate
             if (encoded == null) {
                 encoded = c.getEncoded(ASN1Encoding.DER);
             }
             return encoded;
-            // END android-changed
+            // END Android-changed: Cache the encoded certificate
         }
         catch (IOException e)
         {
@@ -879,9 +878,9 @@ class X509CertificateObject
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    // BEGIN android-changed
+                    // Android-changed: Unknown reason
+                    // list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
                     list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-                    // END android-changed
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java

@@ -5,12 +5,6 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA1Digest;
-// BEGIN ANDROID-ADDED
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-// END ANDROID-ADDED
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java

@@ -45,19 +45,21 @@ public class SHA256
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * PBEWithHmacSHA
+    /**
-    //  */
+     * PBEWithHmacSHA
-    // public static class PBEWithMacKeyFactory
+     *
-    //     extends PBESecretKeyFactory
+    public static class PBEWithMacKeyFactory
-    // {
+        extends PBESecretKeyFactory
-    //     public PBEWithMacKeyFactory()
+    {
-    //     {
+        public PBEWithMacKeyFactory()
-    //         super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
+        {
-    //     }
+            super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA256
@@ -86,11 +88,11 @@ public class SHA256
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA256", PREFIX + "$HashMac");
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java

@@ -5,9 +5,8 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -59,16 +58,18 @@ public class SHA384
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class OldSHA384
+    /*
-    //     extends BaseMac
+    public static class OldSHA384
-    // {
+        extends BaseMac
-    //     public OldSHA384()
+    {
-    //     {
+        public OldSHA384()
-    //         super(new OldHMac(new SHA384Digest()));
+        {
-    //     }
+            super(new OldHMac(new SHA384Digest()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -84,9 +85,8 @@ public class SHA384
             provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest");
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
-            // END android-removed
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA384", PREFIX + "$HashMac");
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java

@@ -4,13 +4,11 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA512Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA512tDigest;
-// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -41,44 +39,46 @@ public class SHA512
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // static public class DigestT
+    /*
-    //     extends BCMessageDigest
+    static public class DigestT
-    //     implements Cloneable
+        extends BCMessageDigest
-    // {
+        implements Cloneable
-    //     public DigestT(int bitLength)
+    {
-    //     {
+        public DigestT(int bitLength)
-    //         super(new SHA512tDigest(bitLength));
+        {
-    //     }
+            super(new SHA512tDigest(bitLength));
-    //
+        }
-    //     public Object clone()
+
-    //         throws CloneNotSupportedException
+        public Object clone()
-    //     {
+            throws CloneNotSupportedException
-    //         DigestT d = (DigestT)super.clone();
+        {
-    //         d.digest = new SHA512tDigest((SHA512tDigest)digest);
+            DigestT d = (DigestT)super.clone();
-    //
+            d.digest = new SHA512tDigest((SHA512tDigest)digest);
-    //         return d;
+
-    //     }
+            return d;
-    // }
+        }
-    //
+    }
-    // static public class DigestT224
+
-    //     extends DigestT
+    static public class DigestT224
-    // {
+        extends DigestT
-    //     public DigestT224()
+    {
-    //     {
+        public DigestT224()
-    //         super(224);
+        {
-    //     }
+            super(224);
-    // }
+        }
-    //
+    }
-    // static public class DigestT256
+
-    //     extends DigestT
+    static public class DigestT256
-    // {
+        extends DigestT
-    //     public DigestT256()
+    {
-    //     {
+        public DigestT256()
-    //         super(256);
+        {
-    //     }
+            super(256);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class HashMac
         extends BaseMac
@@ -89,37 +89,39 @@ public class SHA512
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class HashMacT224
+    /*
-    //     extends BaseMac
+    public static class HashMacT224
-    // {
+        extends BaseMac
-    //     public HashMacT224()
+    {
-    //     {
+        public HashMacT224()
-    //         super(new HMac(new SHA512tDigest(224)));
+        {
-    //     }
+            super(new HMac(new SHA512tDigest(224)));
-    // }
+        }
-    //
+    }
-    // public static class HashMacT256
+
-    //     extends BaseMac
+    public static class HashMacT256
-    // {
+        extends BaseMac
-    //     public HashMacT256()
+    {
-    //     {
+        public HashMacT256()
-    //         super(new HMac(new SHA512tDigest(256)));
+        {
-    //     }
+            super(new HMac(new SHA512tDigest(256)));
-    // }
+        }
-    //
+    }
-    // /**
+
-    //  * SHA-512 HMac
+    /**
-    //  */
+     * SHA-512 HMac
-    // public static class OldSHA512
+     *
-    //     extends BaseMac
+    public static class OldSHA512
-    // {
+        extends BaseMac
-    //     public OldSHA512()
+    {
-    //     {
+        public OldSHA512()
-    //         super(new OldHMac(new SHA512Digest()));
+        {
-    //     }
+            super(new OldHMac(new SHA512Digest()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA512
@@ -133,25 +135,27 @@ public class SHA512
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class KeyGeneratorT224
+    /*
-    //     extends BaseKeyGenerator
+    public static class KeyGeneratorT224
-    // {
+        extends BaseKeyGenerator
-    //     public KeyGeneratorT224()
+    {
-    //     {
+        public KeyGeneratorT224()
-    //         super("HMACSHA512/224", 224, new CipherKeyGenerator());
+        {
-    //     }
+            super("HMACSHA512/224", 224, new CipherKeyGenerator());
-    // }
+        }
-    //
+    }
-    // public static class KeyGeneratorT256
+
-    //     extends BaseKeyGenerator
+    public static class KeyGeneratorT256
-    // {
+        extends BaseKeyGenerator
-    //     public KeyGeneratorT256()
+    {
-    //     {
+        public KeyGeneratorT256()
-    //         super("HMACSHA512/256", 256, new CipherKeyGenerator());
+        {
-    //     }
+            super("HMACSHA512/256", 256, new CipherKeyGenerator());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -168,27 +172,29 @@ public class SHA512
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
+            /*
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
+            provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
-            //
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
-            // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
+
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
+            provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
-            //
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
-            // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+
-            // END android-removed
+            provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA512", PREFIX + "$HashMac");
 
             addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
             // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java

@@ -17,9 +17,8 @@ public class BC
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
-            // END android-removed
             provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore");
             provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle");
             provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java

@@ -17,16 +17,18 @@ public class PKCS12
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            /*
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            //
+            provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            //
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+    
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            // END android-removed
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java

@@ -48,7 +48,9 @@ import org.bouncycastle.crypto.io.DigestOutputStream;
 import org.bouncycastle.crypto.io.MacInputStream;
 import org.bouncycastle.crypto.io.MacOutputStream;
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -92,7 +94,9 @@ public class BcKeyStoreSpi
 
     protected int              version;
 
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     public BcKeyStoreSpi(int version)
     {

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java

@@ -64,10 +64,9 @@ import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
@@ -90,17 +89,17 @@ import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
+// Android-changed: Use Android digests
-// Was: import org.bouncycastle.crypto.digests.SHA1Digest
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12StoreParameter;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-// END android-removed
 import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -115,7 +114,9 @@ public class PKCS12KeyStoreSpi
     extends KeyStoreSpi
     implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private static final int SALT_SIZE = 20;
     private static final int MIN_ITERATIONS = 1024;
@@ -233,6 +234,8 @@ public class PKCS12KeyStoreSpi
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
+        // Android-changed: Use Android digests
+        // Digest digest = DigestFactory.createSHA1();
         Digest digest = AndroidDigestFactory.getSHA1();
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
@@ -758,15 +761,17 @@ public class PKCS12KeyStoreSpi
         {
             cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else
+        /*
-        // {
+        else
-        //     // TODO: at the moment it's just GOST, but...
+        {
-        //     GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
+            // TODO: at the moment it's just GOST, but...
-        //
+            GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
-        //     cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
+
-        // }
+            cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         return cipher;
     }
 
@@ -1718,33 +1723,36 @@ public class PKCS12KeyStoreSpi
             super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
         }
     }
-    // BEGIN android-removed
+
-    // public static class BCPKCS12KeyStore3DES
+    // BEGIN Android-removed: Unsupported algorithms
-    //     extends PKCS12KeyStoreSpi
+    /*
-    // {
+    public static class BCPKCS12KeyStore3DES
-    //     public BCPKCS12KeyStore3DES()
+        extends PKCS12KeyStoreSpi
-    //     {
+    {
-    //         super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        public BCPKCS12KeyStore3DES()
-    //     }
+        {
-    // }
+            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-    // 
+        }
-    // public static class DefPKCS12KeyStore
+    }
-    //     extends PKCS12KeyStoreSpi
+
-    // {
+    public static class DefPKCS12KeyStore
-    //     public DefPKCS12KeyStore()
+        extends PKCS12KeyStoreSpi
-    //     {
+    {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+        public DefPKCS12KeyStore()
-    //     }
+        {
-    // }
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-    // 
+        }
-    // public static class DefPKCS12KeyStore3DES
+    }
-    //     extends PKCS12KeyStoreSpi
+
-    // {
+    public static class DefPKCS12KeyStore3DES
-    //     public DefPKCS12KeyStore3DES()
+        extends PKCS12KeyStoreSpi
-    //     {
+    {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        public DefPKCS12KeyStore3DES()
-    //     }
+        {
-    // }
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        }
+    }
+    */
     // END android-removed
 
     private static class IgnoresCaseHashtable
@@ -1818,9 +1826,8 @@ public class PKCS12KeyStoreSpi
             keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192));
             keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256));
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256));
-            // END android-removed
 
             KEY_SIZES = Collections.unmodifiableMap(keySizes);
         }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java

@@ -29,9 +29,9 @@ public final class ARC4
     {
         public KeyGen()
         {
-            // BEGIN android-changed
+            // Android-changed: Use ARC4 for algorithm name to match name used in provider
+            // super("RC4", 128, new CipherKeyGenerator());
             super("ARC4", 128, new CipherKeyGenerator());
-            // END android-changed
         }
     }
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java

@@ -3,16 +3,14 @@ package org.bouncycastle.jcajce.provider.symmetric;
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.BlowfishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 
@@ -40,16 +38,18 @@ public final class Blowfish
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class CMAC
+    /*
-    //     extends BaseMac
+    public static class CMAC
-    // {
+        extends BaseMac
-    //     public CMAC()
+    {
-    //     {
+        public CMAC()
-    //         super(new CMac(new BlowfishEngine()));
+        {
-    //     }
+            super(new CMac(new BlowfishEngine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class KeyGen
         extends BaseKeyGenerator
@@ -80,13 +80,11 @@ public final class Blowfish
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.BLOWFISHCMAC", PREFIX + "$CMAC");
-            // END android-removed
             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
             provider.addAlgorithm("Alg.Alias.KeyGenerator", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, "BLOWFISH");
             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java

@@ -19,16 +19,14 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
 // import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.DESParameters;
@@ -69,19 +67,21 @@ public final class DES
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * DES   CFB8
+    /**
-    //  */
+     * DES   CFB8
-    // public static class DESCFB8
+     *
-    //     extends BaseMac
+    public static class DESCFB8
-    // {
+        extends BaseMac
-    //     public DESCFB8()
+    {
-    //     {
+        public DESCFB8()
-    //         super(new CFBBlockCipherMac(new DESEngine()));
+        {
-    //     }
+            super(new CFBBlockCipherMac(new DESEngine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DES64
@@ -116,49 +116,49 @@ public final class DES
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // static public class CMAC
+    /*
-    //     extends BaseMac
+    static public class CMAC
-    // {
+        extends BaseMac
-    //     public CMAC()
+    {
-    //     {
+        public CMAC()
-    //         super(new CMac(new DESEngine()));
+        {
-    //     }
+            super(new CMac(new DESEngine()));
-    // }
+        }
-    //
+    }
-    // /**
+
-    //  * DES9797Alg3with7816-4Padding
+    /**
-    //  */
+     * DES9797Alg3with7816-4Padding
-    // public static class DES9797Alg3with7816d4
+     *
-    //     extends BaseMac
+    public static class DES9797Alg3with7816d4
-    // {
+        extends BaseMac
-    //     public DES9797Alg3with7816d4()
+    {
-    //     {
+        public DES9797Alg3with7816d4()
-    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+        {
-    //     }
+            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-    // }
+        }
-    //
+    }
-    // /**
+
-    //  * DES9797Alg3
+    /**
-    //  */
+     * DES9797Alg3
-    // public static class DES9797Alg3
+     *
-    //     extends BaseMac
+    public static class DES9797Alg3
-    // {
+        extends BaseMac
-    //     public DES9797Alg3()
+    {
-    //     {
+        public DES9797Alg3()
-    //         super(new ISO9797Alg3Mac(new DESEngine()));
+        {
-    //     }
+            super(new ISO9797Alg3Mac(new DESEngine()));
-    // }
+        }
-    //
+    }
-    // public static class RFC3211
+
-    //     extends BaseWrapCipher
+    public static class RFC3211
-    // {
+        extends BaseWrapCipher
-    //     public RFC3211()
+    {
-    //     {
+        public RFC3211()
-    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
+        {
-    //     }
+            super(new RFC3211WrapEngine(new DESEngine()), 8);
-    // }
+        }
-    // END android-removed
+    }
 
     public static class AlgParamGen
         extends BaseAlgorithmParameterGenerator
@@ -197,6 +197,8 @@ public final class DES
             return params;
         }
     }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DES - the default for this is to generate a key in
@@ -358,19 +360,21 @@ public final class DES
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * PBEWithMD2AndDES
+    /**
-    //  */
+     * PBEWithMD2AndDES
-    // static public class PBEWithMD2KeyFactory
+     *
-    //     extends DESPBEKeyFactory
+    static public class PBEWithMD2KeyFactory
-    // {
+        extends DESPBEKeyFactory
-    //     public PBEWithMD2KeyFactory()
+    {
-    //     {
+        public PBEWithMD2KeyFactory()
-    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
+        {
-    //     }
+            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -396,19 +400,21 @@ public final class DES
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * PBEWithMD2AndDES
+    /**
-    //  */
+     * PBEWithMD2AndDES
-    // static public class PBEWithMD2
+     *
-    //     extends BaseBlockCipher
+    static public class PBEWithMD2
-    // {
+        extends BaseBlockCipher
-    //     public PBEWithMD2()
+    {
-    //     {
+        public PBEWithMD2()
-    //         super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
+        {
-    //     }
+            super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -448,81 +454,80 @@ public final class DES
         {
 
             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
+            /*
-            //
+            provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
+
-            //
+            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+
-            // END android-removed
+            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
 
             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
+            /*
-            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
+            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-            //
+            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
+
-            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-            //
+            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
+
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
+            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-            //
+            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
+
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            //
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
+
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+            provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
-            //
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-            // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
+
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+            provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
-            // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
-            // END android-removed
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters", OIWObjectIdentifiers.desCBC, "DES");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
             //
             // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
             provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5");
             provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1");
             
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // BEGIN android-removed
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
-            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
         }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java

@@ -1,21 +1,18 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.AlgorithmParameters;
 // import java.security.InvalidAlgorithmParameterException;
-// END android-removed
 import java.security.SecureRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.spec.AlgorithmParameterSpec;
-// END android-removed
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.IvParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -23,21 +20,18 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -69,19 +63,21 @@ public final class DESede
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * DESede   CFB8
+    /**
-    //  */
+     * DESede   CFB8
-    // public static class DESedeCFB8
+     *
-    //     extends BaseMac
+    public static class DESedeCFB8
-    // {
+        extends BaseMac
-    //     public DESedeCFB8()
+    {
-    //     {
+        public DESedeCFB8()
-    //         super(new CFBBlockCipherMac(new DESedeEngine()));
+        {
-    //     }
+            super(new CFBBlockCipherMac(new DESedeEngine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DESede64
@@ -116,16 +112,18 @@ public final class DESede
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // static public class CMAC
+    /*
-    //     extends BaseMac
+    static public class CMAC
-    // {
+        extends BaseMac
-    //     public CMAC()
+    {
-    //     {
+        public CMAC()
-    //         super(new CMac(new DESedeEngine()));
+        {
-    //     }
+            super(new CMac(new DESedeEngine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Wrap
         extends BaseWrapCipher
@@ -136,16 +134,18 @@ public final class DESede
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class RFC3211
+    /*
-    //     extends BaseWrapCipher
+    public static class RFC3211
-    // {
+        extends BaseWrapCipher
-    //     public RFC3211()
+    {
-    //     {
+        public RFC3211()
-    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+        {
-    //     }
+            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DESede - the default for this is to generate a key in
@@ -259,45 +259,47 @@ public final class DESede
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class AlgParamGen
+    /*
-    //     extends BaseAlgorithmParameterGenerator
+    public static class AlgParamGen
-    // {
+        extends BaseAlgorithmParameterGenerator
-    //     protected void engineInit(
+    {
-    //         AlgorithmParameterSpec genParamSpec,
+        protected void engineInit(
-    //         SecureRandom            random)
+            AlgorithmParameterSpec genParamSpec,
-    //         throws InvalidAlgorithmParameterException
+            SecureRandom            random)
-    //     {
+            throws InvalidAlgorithmParameterException
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+        {
-    //     }
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+        }
 
-    //     protected AlgorithmParameters engineGenerateParameters()
+        protected AlgorithmParameters engineGenerateParameters()
-    //     {
+        {
-    //         byte[]  iv = new byte[8];
+            byte[]  iv = new byte[8];
 
-    //         if (random == null)
+            if (random == null)
-    //         {
+            {
-    //             random = new SecureRandom();
+                random = new SecureRandom();
-    //         }
+            }
 
-    //         random.nextBytes(iv);
+            random.nextBytes(iv);
 
-    //         AlgorithmParameters params;
+            AlgorithmParameters params;
 
-    //         try
+            try
-    //         {
+            {
-    //             params = createParametersInstance("DES");
+                params = createParametersInstance("DES");
-    //             params.init(new IvParameterSpec(iv));
+                params.init(new IvParameterSpec(iv));
-    //         }
+            }
-    //         catch (Exception e)
+            catch (Exception e)
-    //         {
+            {
-    //             throw new RuntimeException(e.getMessage());
+                throw new RuntimeException(e.getMessage());
-    //         }
+            }
 
-    //         return params;
+            return params;
-    //     }
+        }
-    // }
+    }
-    // END android-removed
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class KeyFactory
         extends BaseSecretKeyFactory
@@ -381,38 +383,35 @@ public final class DESede
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
-            // BEGIN android-changed
+            // BEGIN Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-            // END android-changed
+            // END Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
             // provider.addAlgorithm("Alg.Alias.Cipher.DESEDERFC3217WRAP", "DESEDEWRAP");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
 
             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
                 // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
-                // END android-removed
+                // END Android-removed: Unsupported algorithms
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
-                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
@@ -426,39 +425,41 @@ public final class DESede
             }
 
             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
             // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
+            /*
+            provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
 
-            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
+            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
+            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
+            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
+            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // END android-removed
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory");

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java

@@ -13,9 +13,8 @@ import javax.crypto.spec.PBEParameterSpec;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherParameters;
@@ -34,99 +33,101 @@ public class PBEPBKDF2
 
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class AlgParams
+    /*
-    //     extends BaseAlgorithmParameters
+    public static class AlgParams
-    // {
+        extends BaseAlgorithmParameters
-    //     PBKDF2Params params;
+    {
-    //
+        PBKDF2Params params;
-    //     protected byte[] engineGetEncoded()
+
-    //     {
+        protected byte[] engineGetEncoded()
-    //         try
+        {
-    //         {
+            try
-    //             return params.getEncoded(ASN1Encoding.DER);
+            {
-    //         }
+                return params.getEncoded(ASN1Encoding.DER);
-    //         catch (IOException e)
+            }
-    //         {
+            catch (IOException e)
-    //             throw new RuntimeException("Oooops! " + e.toString());
+            {
-    //         }
+                throw new RuntimeException("Oooops! " + e.toString());
-    //     }
+            }
-
+        }
-    //     protected byte[] engineGetEncoded(
+
-    //         String format)
+        protected byte[] engineGetEncoded(
-    //     {
+            String format)
-    //         if (this.isASN1FormatString(format))
+        {
-    //         {
+            if (this.isASN1FormatString(format))
-    //             return engineGetEncoded();
+            {
-    //         }
+                return engineGetEncoded();
-    //
+            }
-    //         return null;
+
-    //     }
+            return null;
-    //
+        }
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
+
-    //         Class paramSpec)
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         throws InvalidParameterSpecException
+            Class paramSpec)
-    //     {
+            throws InvalidParameterSpecException
-    //         if (paramSpec == PBEParameterSpec.class)
+        {
-    //         {
+            if (paramSpec == PBEParameterSpec.class)
-    //             return new PBEParameterSpec(params.getSalt(),
+            {
-    //                             params.getIterationCount().intValue());
+                return new PBEParameterSpec(params.getSalt(),
-    //         }
+                                params.getIterationCount().intValue());
-    //
+            }
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
+
-    //     }
+            throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
-    //
+        }
-    //     protected void engineInit(
+
-    //         AlgorithmParameterSpec paramSpec)
+        protected void engineInit(
-    //         throws InvalidParameterSpecException
+            AlgorithmParameterSpec paramSpec)
-    //     {
+            throws InvalidParameterSpecException
-    //         if (!(paramSpec instanceof PBEParameterSpec))
+        {
-    //         {
+            if (!(paramSpec instanceof PBEParameterSpec))
-    //             throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
+            {
-    //         }
+                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
-    //
+            }
-    //         PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
+
-    //
+            PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
-    //         this.params = new PBKDF2Params(pbeSpec.getSalt(),
+
-    //                             pbeSpec.getIterationCount());
+            this.params = new PBKDF2Params(pbeSpec.getSalt(),
-    //     }
+                                pbeSpec.getIterationCount());
-    //
+        }
-    //     protected void engineInit(
+
-    //         byte[] params)
+        protected void engineInit(
-    //         throws IOException
+            byte[] params)
-    //     {
+            throws IOException
-    //         this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
+        {
-    //     }
+            this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
-    //
+        }
-    //     protected void engineInit(
+
-    //         byte[] params,
+        protected void engineInit(
-    //         String format)
+            byte[] params,
-    //         throws IOException
+            String format)
-    //     {
+            throws IOException
-    //         if (this.isASN1FormatString(format))
+        {
-    //         {
+            if (this.isASN1FormatString(format))
-    //             engineInit(params);
+            {
-    //             return;
+                engineInit(params);
-    //         }
+                return;
-    //
+            }
-    //         throw new IOException("Unknown parameters format in PBKDF2 parameters object");
+
-    //     }
+            throw new IOException("Unknown parameters format in PBKDF2 parameters object");
-    //
+        }
-    //     protected String engineToString()
+
-    //     {
+        protected String engineToString()
-    //         return "PBKDF2 Parameters";
+        {
-    //     }
+            return "PBKDF2 Parameters";
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class BasePBKDF2
         extends BaseSecretKeyFactory
     {
         private int scheme;
-        // BEGIN ANDROID-ADDED
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private int keySizeInBits;
         private int ivSizeInBits;
-        // END ANDROID-ADDED
+        // END Android-added: Allow to specify a key using only the password.
         private int defaultDigest;
 
         public BasePBKDF2(String name, int scheme)
@@ -134,27 +135,27 @@ public class PBEPBKDF2
             this(name, scheme, SHA1);
         }
 
-        // BEGIN ANDROID-CHANGED
+        // BEGIN Android-changed: Allow to specify a key using only the password.
-        // Was: public BasePBKDF2(String name, int scheme, int defaultDigest)
+        // public BasePBKDF2(String name, int scheme, int defaultDigest)
         private BasePBKDF2(
                 String name, int scheme, int digest, int keySizeInBits, int ivSizeInBits)
-        // END ANDROID-CHANGED
+        // END Android-changed: Allow to specify a key using only the password.
         {
             super(name, PKCSObjectIdentifiers.id_PBKDF2);
 
             this.scheme = scheme;
-            // BEGIN ANDROID-ADDED
+            // BEGIN Android-added: Support key-restricted versions.
             this.keySizeInBits = keySizeInBits;
             this.ivSizeInBits = ivSizeInBits;
-            // END ANDROID-ADDED
+            // END Android-added: Support key-restricted versions.
             this.defaultDigest = digest;
         }
 
-        // BEGIN android-added
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private BasePBKDF2(String name, int scheme, int digest) {
             this(name, scheme, digest, 0, 0);
         }
-        // END android-added
+        // END Android-added: Allow to specify a key using only the password.
 
         protected SecretKey engineGenerateSecret(
             KeySpec keySpec)
@@ -164,9 +165,8 @@ public class PBEPBKDF2
             {
                 PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;
 
-                // BEGIN ANDROID-ADDED
+                // BEGIN Android-added: Allow to specify a key using only the password.
-                // Allow to specify a key using only the password. The key will be generated later
+                // The key will be generated later when other parameters are known.
-                // when other parameters are known.
                 if (pbeSpec.getSalt() == null
                         && pbeSpec.getIterationCount() == 0
                         && pbeSpec.getKeyLength() == 0
@@ -178,7 +178,7 @@ public class PBEPBKDF2
                             // cipherParameters, to be generated when the PBE parameters are known.
                             null);
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow to specify a key using only the password.
 
                 if (pbeSpec.getSalt() == null)
                 {
@@ -231,13 +231,15 @@ public class PBEPBKDF2
         private int getDigestCode(ASN1ObjectIdentifier algorithm)
             throws InvalidKeySpecException
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
+            /*
-            // {
+            if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
-            //     return GOST3411;
+            {
-            // }
+                return GOST3411;
-            // else
+            }
-            // END android-removed
+            else
+            */
+            // END Android-removed: Unsupported algorithms
             if (algorithm.equals(PKCSObjectIdentifiers.id_hmacWithSHA1))
             {
                 return SHA1;
@@ -263,62 +265,65 @@ public class PBEPBKDF2
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class PBKDF2withUTF8
+    /*
-    //     extends BasePBKDF2
+    public static class PBKDF2withUTF8
-    // {
+        extends BasePBKDF2
-    //     public PBKDF2withUTF8()
+    {
-    //     {
+        public PBKDF2withUTF8()
-    //         super("PBKDF2", PKCS5S2_UTF8);
+        {
-    //     }
+            super("PBKDF2", PKCS5S2_UTF8);
-    // }
+        }
-    //
+    }
-    // public static class PBKDF2withSHA224
+
-    //     extends BasePBKDF2
+    public static class PBKDF2withSHA224
-    // {
+        extends BasePBKDF2
-    //     public PBKDF2withSHA224()
+    {
-    //     {
+        public PBKDF2withSHA224()
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA224);
+        {
-    //     }
+            super("PBKDF2", PKCS5S2_UTF8, SHA224);
-    // }
+        }
-    //
+    }
-    // public static class PBKDF2withSHA256
+
-    //     extends BasePBKDF2
+    public static class PBKDF2withSHA256
-    // {
+        extends BasePBKDF2
-    //     public PBKDF2withSHA256()
+    {
-    //     {
+        public PBKDF2withSHA256()
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA256);
+        {
-    //     }
+            super("PBKDF2", PKCS5S2_UTF8, SHA256);
-    // }
+        }
-    //
+    }
-    // public static class PBKDF2withSHA384
+
-    //     extends BasePBKDF2
+    public static class PBKDF2withSHA384
-    // {
+        extends BasePBKDF2
-    //     public PBKDF2withSHA384()
+    {
-    //     {
+        public PBKDF2withSHA384()
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA384);
+        {
-    //     }
+            super("PBKDF2", PKCS5S2_UTF8, SHA384);
-    // }
+        }
-    //
+    }
-    // public static class PBKDF2withSHA512
+    public static class PBKDF2withSHA512
-    //     extends BasePBKDF2
+        extends BasePBKDF2
-    // {
+    {
-    //     public PBKDF2withSHA512()
+        public PBKDF2withSHA512()
-    //     {
+        {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA512);
+            super("PBKDF2", PKCS5S2_UTF8, SHA512);
-    //     }
+        }
-    // }
+    }
-    //
+
-    // public static class PBKDF2with8BIT
+    public static class PBKDF2with8BIT
-    //     extends BasePBKDF2
+        extends BasePBKDF2
-    // {
+    {
-    //     public PBKDF2with8BIT()
+        public PBKDF2with8BIT()
-    //     {
+        {
-    //         super("PBKDF2", PKCS5S2);
+            super("PBKDF2", PKCS5S2);
-    //     }
+        }
-    // }
+    }
-
+    */
-    // BEGIN android-added
+    // END Android-removed: Unsupported algorithms
+
+    // BEGIN Android-added: Android implementations of PBKDF2 algorithms.
+    // See note in Mappings below.
     public static class BasePBKDF2WithHmacSHA1 extends BasePBKDF2 {
         public BasePBKDF2WithHmacSHA1(String name, int scheme)
         {
@@ -479,7 +484,7 @@ public class PBEPBKDF2
             super("PBEWithHmacSHA512AndAES_256", PKCS5S2_UTF8, SHA512, 256, 128);
         }
     }
-    // END android-added
+    // END Android-added: Android implementations of PBKDF2 algorithms.
 
     public static class Mappings
         extends AlgorithmProvider
@@ -492,45 +497,34 @@ public class PBEPBKDF2
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-comment
+            // Android-note: Provided classes differ significantly from upstream.
-            // Context: many of these services used to be in
+            // Before BC 1.56, this class was omitted in Android and the algorithms we desired
-            // com.android.org.bouncycastle.jcajce.provider.digest,SHA1, duplicated with respect to here. This
+            // were provided in org.bouncycastle.jcajce.provider.digest.SHA1.  During that
-            // class (PBEPBKDF2) wasn't present in Android until the upgrade to 1.56. Android added
+            // time, Android added some additional versions of these algorithms for fixed key sizes.
-            // some other of these services in SHA1 (for fixed key sizes). Then the duplicate
+            // BC eventually consolidated the algorithms into this class.  As a result, when
-            // algorithms were removed upstream from SHA1 in
+            // upgrading to BC 1.56, we added this class but replaced its contents with
-            // b5634e3155e7fd8688599d3eef8e4f3c8a1db078
+            // our versions.
-            // . As a result, when adapting BouncyCastle 1.56 from upstream, the Android code that
+            // BEGIN Android-removed: Bouncy Castle versions of algorithms.
-            // had been added to SHA1 was moved here, and the rest of the services provided by this
+            /*
-            // class were commented.
+            provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
-            // BEGIN android-removed
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // END android-removed
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
-            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
-            // Was: provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
+            */
+            // END Android-removed: Bouncy Castle versions of algorithms.
+            // BEGIN Android-added: Android versions of algorithms.
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1");
-            // END android-changed
-            // BEGin android-removed
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
-            // END android-removed
-            // BEGIN android-changed
-            // Was:
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2with8BIT", "PBKDF2WithHmacSHA1And8BIT");
-            // END android-changed
-            // BEGIN android-added
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2withASCII", "PBKDF2WithHmacSHA1And8BIT");
-            // BEGIN android-removed
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
-            // END android-removed
-            // BEGIN android-added
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA224", PREFIX + "$PBKDF2WithHmacSHA224UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA256", PREFIX + "$PBKDF2WithHmacSHA256UTF8");
@@ -547,7 +541,7 @@ public class PBEPBKDF2
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", PREFIX + "$PBEWithHmacSHA384AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
-            // END android-added
+            // END Android-added: Android versions of algorithms.
         }
     }
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java

@@ -12,28 +12,24 @@ import javax.crypto.spec.RC2ParameterSpec;
 
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RC2WrapEngine;
 // import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 import org.bouncycastle.util.Arrays;
@@ -44,61 +40,63 @@ public final class RC2
     {
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * RC2
+    /**
-    //  */
+     * RC2
-    // static public class ECB
+     *
-    //     extends BaseBlockCipher
+    static public class ECB
-    // {
+        extends BaseBlockCipher
-    //     public ECB()
+    {
-    //     {
+        public ECB()
-    //         super(new RC2Engine());
+        {
-    //     }
+            super(new RC2Engine());
-    // }
+        }
-    //
+    }
-    // /**
+
-    //  * RC2CBC
+    /**
-    //  */
+     * RC2CBC
-    // static public class CBC
+     *
-    //     extends BaseBlockCipher
+    static public class CBC
-    // {
+        extends BaseBlockCipher
-    //     public CBC()
+    {
-    //     {
+        public CBC()
-    //         super(new CBCBlockCipher(new RC2Engine()), 64);
+        {
-    //     }
+            super(new CBCBlockCipher(new RC2Engine()), 64);
-    // }
+        }
-    //
+    }
-    // public static class Wrap
+
-    //     extends BaseWrapCipher
+    public static class Wrap
-    // {
+        extends BaseWrapCipher
-    //     public Wrap()
+    {
-    //     {
+        public Wrap()
-    //         super(new RC2WrapEngine());
+        {
-    //     }
+            super(new RC2WrapEngine());
-    // }
+        }
-    //
+    }
-    // /**
+
-    //  * RC2
+    /**
-    //  */
+     * RC2
-    // public static class CBCMAC
+     *
-    //     extends BaseMac
+    public static class CBCMAC
-    // {
+        extends BaseMac
-    //     public CBCMAC()
+    {
-    //     {
+        public CBCMAC()
-    //         super(new CBCBlockCipherMac(new RC2Engine()));
+        {
-    //     }
+            super(new CBCBlockCipherMac(new RC2Engine()));
-    // }
+        }
-    //
+    }
-    // public static class CFB8MAC
+
-    //     extends BaseMac
+    public static class CFB8MAC
-    // {
+        extends BaseMac
-    //     public CFB8MAC()
+    {
-    //     {
+        public CFB8MAC()
-    //         super(new CFBBlockCipherMac(new RC2Engine()));
+        {
-    //     }
+            super(new CFBBlockCipherMac(new RC2Engine()));
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHA1AndRC2
@@ -184,19 +182,21 @@ public final class RC2
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // /**
+    /*
-    //  * PBEWithMD2AndRC2
+    /**
-    //  */
+     * PBEWithMD2AndRC2
-    // static public class PBEWithMD2KeyFactory
+     *
-    //     extends PBESecretKeyFactory
+    static public class PBEWithMD2KeyFactory
-    // {
+        extends PBESecretKeyFactory
-    //     public PBEWithMD2KeyFactory()
+    {
-    //     {
+        public PBEWithMD2KeyFactory()
-    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
+        {
-    //     }
+            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
    /**
     * PBEWithMD5AndRC2
@@ -210,249 +210,251 @@ public final class RC2
        }
    }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class AlgParamGen
+    /*
-    //     extends BaseAlgorithmParameterGenerator
+    public static class AlgParamGen
-    // {
+        extends BaseAlgorithmParameterGenerator
-    //     RC2ParameterSpec spec = null;
+    {
-
+        RC2ParameterSpec spec = null;
-    //     protected void engineInit(
+
-    //         AlgorithmParameterSpec genParamSpec,
+        protected void engineInit(
-    //         SecureRandom random)
+            AlgorithmParameterSpec genParamSpec,
-    //         throws InvalidAlgorithmParameterException
+            SecureRandom random)
-    //     {
+            throws InvalidAlgorithmParameterException
-    //         if (genParamSpec instanceof RC2ParameterSpec)
+        {
-    //         {
+            if (genParamSpec instanceof RC2ParameterSpec)
-    //             spec = (RC2ParameterSpec)genParamSpec;
+            {
-    //             return;
+                spec = (RC2ParameterSpec)genParamSpec;
-    //         }
+                return;
-
+            }
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+
-    //     }
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-
+        }
-    //     protected AlgorithmParameters engineGenerateParameters()
+
-    //     {
+        protected AlgorithmParameters engineGenerateParameters()
-    //         AlgorithmParameters params;
+        {
-
+            AlgorithmParameters params;
-    //         if (spec == null)
+
-    //         {
+            if (spec == null)
-    //             byte[] iv = new byte[8];
+            {
-
+                byte[] iv = new byte[8];
-    //             if (random == null)
+
-    //             {
+                if (random == null)
-    //                 random = new SecureRandom();
+                {
-    //             }
+                    random = new SecureRandom();
-
+                }
-    //             random.nextBytes(iv);
+
-
+                random.nextBytes(iv);
-    //             try
+
-    //             {
+                try
-    //                 params = createParametersInstance("RC2");
+                {
-    //                 params.init(new IvParameterSpec(iv));
+                    params = createParametersInstance("RC2");
-    //             }
+                    params.init(new IvParameterSpec(iv));
-    //             catch (Exception e)
+                }
-    //             {
+                catch (Exception e)
-    //                 throw new RuntimeException(e.getMessage());
+                {
-    //             }
+                    throw new RuntimeException(e.getMessage());
-    //         }
+                }
-    //         else
+            }
-    //         {
+            else
-    //             try
+            {
-    //             {
+                try
-    //                 params = createParametersInstance("RC2");
+                {
-    //                 params.init(spec);
+                    params = createParametersInstance("RC2");
-    //             }
+                    params.init(spec);
-    //             catch (Exception e)
+                }
-    //             {
+                catch (Exception e)
-    //                 throw new RuntimeException(e.getMessage());
+                {
-    //             }
+                    throw new RuntimeException(e.getMessage());
-    //         }
+                }
-
+            }
-    //         return params;
+
-    //     }
+            return params;
-    // }
+        }
-
+    }
-    // public static class KeyGenerator
+
-    //     extends BaseKeyGenerator
+    public static class KeyGenerator
-    // {
+        extends BaseKeyGenerator
-    //     public KeyGenerator()
+    {
-    //     {
+        public KeyGenerator()
-    //         super("RC2", 128, new CipherKeyGenerator());
+        {
-    //     }
+            super("RC2", 128, new CipherKeyGenerator());
-    // }
+        }
-
+    }
-    // public static class AlgParams
+
-    //     extends BaseAlgorithmParameters
+    public static class AlgParams
-    // {
+        extends BaseAlgorithmParameters
-    //     private static final short[] table = {
+    {
-    //         0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+        private static final short[] table = {
-    //         0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+            0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-    //         0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+            0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-    //         0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+            0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-    //         0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+            0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-    //         0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+            0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-    //         0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+            0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-    //         0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+            0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-    //         0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+            0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-    //         0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+            0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-    //         0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+            0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-    //         0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+            0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-    //         0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+            0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-    //         0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+            0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-    //         0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+            0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-    //         0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
+            0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-    //     };
+            0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-
+        };
-    //     private static final short[] ekb = {
+
-    //         0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+        private static final short[] ekb = {
-    //         0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+            0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-    //         0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+            0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-    //         0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+            0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-    //         0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+            0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-    //         0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+            0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-    //         0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+            0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-    //         0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+            0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-    //         0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+            0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-    //         0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+            0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-    //         0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+            0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-    //         0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+            0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-    //         0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+            0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-    //         0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+            0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-    //         0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+            0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-    //         0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
+            0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-    //     };
+            0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-
+        };
-    //     private byte[] iv;
+
-    //     private int parameterVersion = 58;
+        private byte[] iv;
-
+        private int parameterVersion = 58;
-    //     protected byte[] engineGetEncoded()
+
-    //     {
+        protected byte[] engineGetEncoded()
-    //         return Arrays.clone(iv);
+        {
-    //     }
+            return Arrays.clone(iv);
-
+        }
-    //     protected byte[] engineGetEncoded(
+
-    //         String format)
+        protected byte[] engineGetEncoded(
-    //         throws IOException
+            String format)
-    //     {
+            throws IOException
-    //         if (this.isASN1FormatString(format))
+        {
-    //         {
+            if (this.isASN1FormatString(format))
-    //             if (parameterVersion == -1)
+            {
-    //             {
+                if (parameterVersion == -1)
-    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
+                {
-    //             }
+                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-    //             else
+                }
-    //             {
+                else
-    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
+                {
-    //             }
+                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-    //         }
+                }
-
+            }
-    //         if (format.equals("RAW"))
+
-    //         {
+            if (format.equals("RAW"))
-    //             return engineGetEncoded();
+            {
-    //         }
+                return engineGetEncoded();
-
+            }
-    //         return null;
+
-    //     }
+            return null;
-
+        }
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
+
-    //         Class paramSpec)
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         throws InvalidParameterSpecException
+            Class paramSpec)
-    //     {
+            throws InvalidParameterSpecException
-    //         if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+        {
-    //         {
+            if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //             if (parameterVersion != -1)
+            {
-    //             {
+                if (parameterVersion != -1)
-    //                 if (parameterVersion < 256)
+                {
-    //                 {
+                    if (parameterVersion < 256)
-    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
+                    {
-    //                 }
+                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
-    //                 else
+                    }
-    //                 {
+                    else
-    //                     return new RC2ParameterSpec(parameterVersion, iv);
+                    {
-    //                 }
+                        return new RC2ParameterSpec(parameterVersion, iv);
-    //             }
+                    }
-    //         }
+                }
-
+            }
-    //         if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+
-    //         {
+            if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //             return new IvParameterSpec(iv);
+            {
-    //         }
+                return new IvParameterSpec(iv);
-
+            }
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
+
-    //     }
+            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-
+        }
-    //     protected void engineInit(
+
-    //         AlgorithmParameterSpec paramSpec)
+        protected void engineInit(
-    //         throws InvalidParameterSpecException
+            AlgorithmParameterSpec paramSpec)
-    //     {
+            throws InvalidParameterSpecException
-    //         if (paramSpec instanceof IvParameterSpec)
+        {
-    //         {
+            if (paramSpec instanceof IvParameterSpec)
-    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
+            {
-    //         }
+                this.iv = ((IvParameterSpec)paramSpec).getIV();
-    //         else if (paramSpec instanceof RC2ParameterSpec)
+            }
-    //         {
+            else if (paramSpec instanceof RC2ParameterSpec)
-    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
+            {
-    //             if (effKeyBits != -1)
+                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-    //             {
+                if (effKeyBits != -1)
-    //                 if (effKeyBits < 256)
+                {
-    //                 {
+                    if (effKeyBits < 256)
-    //                     parameterVersion = table[effKeyBits];
+                    {
-    //                 }
+                        parameterVersion = table[effKeyBits];
-    //                 else
+                    }
-    //                 {
+                    else
-    //                     parameterVersion = effKeyBits;
+                    {
-    //                 }
+                        parameterVersion = effKeyBits;
-    //             }
+                    }
-
+                }
-    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
+
-    //         }
+                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-    //         else
+            }
-    //         {
+            else
-    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
+            {
-    //         }
+                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-    //     }
+            }
-
+        }
-    //     protected void engineInit(
+
-    //         byte[] params)
+        protected void engineInit(
-    //         throws IOException
+            byte[] params)
-    //     {
+            throws IOException
-    //         this.iv = Arrays.clone(params);
+        {
-    //     }
+            this.iv = Arrays.clone(params);
-
+        }
-    //     protected void engineInit(
+
-    //         byte[] params,
+        protected void engineInit(
-    //         String format)
+            byte[] params,
-    //         throws IOException
+            String format)
-    //     {
+            throws IOException
-    //         if (this.isASN1FormatString(format))
+        {
-    //         {
+            if (this.isASN1FormatString(format))
-    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
+            {
-
+                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
-    //             if (p.getRC2ParameterVersion() != null)
+
-    //             {
+                if (p.getRC2ParameterVersion() != null)
-    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
+                {
-    //             }
+                    parameterVersion = p.getRC2ParameterVersion().intValue();
-
+                }
-    //             iv = p.getIV();
+
-
+                iv = p.getIV();
-    //             return;
+
-    //         }
+                return;
-
+            }
-    //         if (format.equals("RAW"))
+
-    //         {
+            if (format.equals("RAW"))
-    //             engineInit(params);
+            {
-    //             return;
+                engineInit(params);
-    //         }
+                return;
-
+            }
-    //         throw new IOException("Unknown parameters format in IV parameters object");
+
-    //     }
+            throw new IOException("Unknown parameters format in IV parameters object");
-
+        }
-    //     protected String engineToString()
+
-    //     {
+        protected String engineToString()
-    //         return "RC2 Parameters";
+        {
-    //     }
+            return "RC2 Parameters";
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends AlgorithmProvider
@@ -465,36 +467,40 @@ public final class RC2
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
-            // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
-            //
-            // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
-            // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
-            //
-            // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
-            // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
-            //
-            // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
-            // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
-            //
-            // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
-            // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-            //
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-            // END android-removed
 
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
+            provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
+
+            provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
+            provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
+
+            provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
+
+            provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
+            provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
+
+            provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
+            provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
+
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // Android-note: All of the non-disabled algorithms in this class are necessary
+            // for KeyStore.PKCS12
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
@@ -502,18 +508,16 @@ public final class RC2
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
-            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory");
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java

@@ -6,44 +6,46 @@ import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 abstract class SymmetricAlgorithmProvider
     extends AlgorithmProvider
 {
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // protected void addCMacAlgorithm(
+    /*
-    //     ConfigurableProvider provider,
+    protected void addCMacAlgorithm(
-    //     String algorithm,
+        ConfigurableProvider provider,
-    //     String algorithmClassName,
+        String algorithm,
-    //     String keyGeneratorClassName)
+        String algorithmClassName,
-    // {
+        String keyGeneratorClassName)
-    //     provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
+    {
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
+        provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
-    //
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
+
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
-    // }
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
-    //
+    }
-    // protected void addGMacAlgorithm(
+
-    //     ConfigurableProvider provider,
+    protected void addGMacAlgorithm(
-    //     String algorithm,
+        ConfigurableProvider provider,
-    //     String algorithmClassName,
+        String algorithm,
-    //     String keyGeneratorClassName)
+        String algorithmClassName,
-    // {
+        String keyGeneratorClassName)
-    //     provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
+    {
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
+        provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
-    //
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
+
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
-    // }
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
-    //
+    }
-    // protected void addPoly1305Algorithm(ConfigurableProvider provider,
+
-    //                                     String algorithm,
+    protected void addPoly1305Algorithm(ConfigurableProvider provider,
-    //                                     String algorithmClassName,
+                                        String algorithm,
-    //                                     String keyGeneratorClassName)
+                                        String algorithmClassName,
-    // {
+                                        String keyGeneratorClassName)
-    //     provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
+    {
-    //     provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
+        provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
-    //
+        provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    //     provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
+
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
+        provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
-    // }
+        provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java

@@ -1,26 +1,22 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.BlockCipher;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.TwofishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 // import org.bouncycastle.crypto.macs.GMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 // import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public final class Twofish
@@ -29,58 +25,60 @@ public final class Twofish
     {
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class ECB
+    /*
-    //     extends BaseBlockCipher
+    public static class ECB
-    // {
+        extends BaseBlockCipher
-    //     public ECB()
+    {
-    //     {
+        public ECB()
-    //         super(new BlockCipherProvider()
+        {
-    //         {
+            super(new BlockCipherProvider()
-    //             public BlockCipher get()
+            {
-    //             {
+                public BlockCipher get()
-    //                 return new TwofishEngine();
+                {
-    //             }
+                    return new TwofishEngine();
-    //         });
+                }
-    //     }
+            });
-    // }
+        }
-    //
+    }
-    // public static class KeyGen
+
-    //     extends BaseKeyGenerator
+    public static class KeyGen
-    // {
+        extends BaseKeyGenerator
-    //     public KeyGen()
+    {
-    //     {
+        public KeyGen()
-    //         super("Twofish", 256, new CipherKeyGenerator());
+        {
-    //     }
+            super("Twofish", 256, new CipherKeyGenerator());
-    // }
+        }
-    //
+    }
-    // public static class GMAC
+
-    //     extends BaseMac
+    public static class GMAC
-    // {
+        extends BaseMac
-    //     public GMAC()
+    {
-    //     {
+        public GMAC()
-    //         super(new GMac(new GCMBlockCipher(new TwofishEngine())));
+        {
-    //     }
+            super(new GMac(new GCMBlockCipher(new TwofishEngine())));
-    // }
+        }
-    //
+    }
-    // public static class Poly1305
+
-    //     extends BaseMac
+    public static class Poly1305
-    // {
+        extends BaseMac
-    //     public Poly1305()
+    {
-    //     {
+        public Poly1305()
-    //         super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
+        {
-    //     }
+            super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
-    // }
+        }
-    //
+    }
-    // public static class Poly1305KeyGen
+
-    //     extends BaseKeyGenerator
+    public static class Poly1305KeyGen
-    // {
+        extends BaseKeyGenerator
-    //     public Poly1305KeyGen()
+    {
-    //     {
+        public Poly1305KeyGen()
-    //         super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
+        {
-    //     }
+            super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHAAndTwofish-CBC
@@ -106,16 +104,18 @@ public final class Twofish
         }
     }
 
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // public static class AlgParams
+    /*
-    //     extends IvAlgorithmParameters
+    public static class AlgParams
-    // {
+        extends IvAlgorithmParameters
-    //     protected String engineToString()
+    {
-    //     {
+        protected String engineToString()
-    //         return "Twofish IV";
+        {
-    //     }
+            return "Twofish IV";
-    // }
+        }
-    // END android-removed
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -128,21 +128,22 @@ public final class Twofish
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
             // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
             // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
+            // Android-note: These algorithms are necessary for KeyStore.BouncyCastle
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
             provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC",  PREFIX + "$PBEWithSHA");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
             // addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java

@@ -152,10 +152,4 @@ public class BCPBEKey
     {
         return tryWrong;
     }
-
-    // BEGIN android-added
-    public PBEKeySpec getPbeKeySpec() {
-        return pbeKeySpec;
-    }
-    // END android-added
 }

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java

@@ -6,13 +6,17 @@ import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 
 public abstract class BaseAlgorithmParameterGenerator
     extends AlgorithmParameterGeneratorSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     protected SecureRandom  random;
     protected int           strength = 1024;

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java

@@ -20,14 +20,13 @@ import javax.crypto.SecretKey;
 import javax.crypto.ShortBufferException;
 import javax.crypto.interfaces.PBEKey;
 import javax.crypto.spec.IvParameterSpec;
-// BEGIN android-added
+// BEGIN Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEKeySpec;
-// END android-added
+// END Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.crypto.BlockCipher;
@@ -41,20 +40,17 @@ import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.EAXBlockCipher;
 // import org.bouncycastle.crypto.modes.GCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GOFBBlockCipher;
 // import org.bouncycastle.crypto.modes.OCBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
 // import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -67,22 +63,19 @@ import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ParametersWithSBox;
-// END android-removed
 import org.bouncycastle.crypto.params.RC2Parameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.RC5Parameters;
 // import org.bouncycastle.jcajce.PBKDF1Key;
 // import org.bouncycastle.jcajce.PBKDF1KeyWithParameters;
-// END android-removed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12KeyWithParameters;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
 // import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec;
-// END android-removed
 import org.bouncycastle.util.Strings;
 
 public class BaseBlockCipher
@@ -96,16 +89,14 @@ public class BaseBlockCipher
     //
     private Class[]                 availableSpecs =
                                     {
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class,
-                                        // END android-removed
                                         gcmSpecClass,
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // GOST28147ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private BlockCipher             baseEngine;
@@ -281,7 +272,12 @@ public class BaseBlockCipher
                 try
                 {
                     engineParams = createParametersInstance(name);
-                    engineParams.init(ivParam.getIV());
+                    // Android-changed: Use IvParameterSpec instead of passing raw bytes.
+                    // The documentation of init() says that a byte array should be decoded
+                    // as ASN.1, and Conscrypt's implementations follow that requirement,
+                    // even though Bouncy Castle's implementations don't.  Wrapping it in
+                    // an IvParameterSpec makes the interpretation unambiguous to both.
+                    engineParams.init(new IvParameterSpec(ivParam.getIV()));
                 }
                 catch (Exception e)
                 {
@@ -342,33 +338,35 @@ public class BaseBlockCipher
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported modes
-        // else if (modeName.startsWith("PGP"))
+        /*
-        // {
+        else if (modeName.startsWith("PGP"))
-        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+        {
-        //
+            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-        //     ivLength = baseEngine.getBlockSize();
+
-        //     cipher = new BufferedGenericBlockCipher(
+            ivLength = baseEngine.getBlockSize();
-        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
+            cipher = new BufferedGenericBlockCipher(
-        // }
+                new PGPCFBBlockCipher(baseEngine, inlineIV));
-        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        }
-        // {
+        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        //     ivLength = 0;
+        {
-        //     cipher = new BufferedGenericBlockCipher(
+            ivLength = 0;
-        //         new OpenPGPCFBBlockCipher(baseEngine));
+            cipher = new BufferedGenericBlockCipher(
-        // }
+                new OpenPGPCFBBlockCipher(baseEngine));
-        // else if (modeName.startsWith("SIC"))
+        }
-        // {
+        else if (modeName.startsWith("SIC"))
-        //     ivLength = baseEngine.getBlockSize();
+        {
-        //     if (ivLength < 16)
+            ivLength = baseEngine.getBlockSize();
-        //     {
+            if (ivLength < 16)
-        //         throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
+            {
-        //     }
+                throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
-        //     fixedIv = false;
+            }
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+            fixedIv = false;
-        //                 new SICBlockCipher(baseEngine)));
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        // }
+                        new SICBlockCipher(baseEngine)));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTR"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -376,20 +374,22 @@ public class BaseBlockCipher
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported modes
-        // else if (modeName.startsWith("GOFB"))
+        /*
-        // {
+        else if (modeName.startsWith("GOFB"))
-        //     ivLength = baseEngine.getBlockSize();
+        {
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+            ivLength = baseEngine.getBlockSize();
-        //                 new GOFBBlockCipher(baseEngine)));
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        // }
+                        new GOFBBlockCipher(baseEngine)));
-        // else if (modeName.startsWith("GCFB"))
+        }
-        // {
+        else if (modeName.startsWith("GCFB"))
-        //     ivLength = baseEngine.getBlockSize();
+        {
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+            ivLength = baseEngine.getBlockSize();
-        //                 new GCFBBlockCipher(baseEngine)));
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        // }
+                        new GCFBBlockCipher(baseEngine)));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -400,28 +400,30 @@ public class BaseBlockCipher
             ivLength = 13; // CCM nonce 7..13 bytes
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported modes
-        // else if (modeName.startsWith("OCB"))
+        /*
-        // {
+        else if (modeName.startsWith("OCB"))
-        //     if (engineProvider != null)
+        {
-        //     {
+            if (engineProvider != null)
-        //         /*
+            {
-        //          * RFC 7253 4.2. Nonce is a string of no more than 120 bits
+                /*
-        //          */
+                 * RFC 7253 4.2. Nonce is a string of no more than 120 bits
-        //         ivLength = 15;
+                 *
-        //         cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
+                ivLength = 15;
-        //     }
+                cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
-        //     else
+            }
-        //     {
+            else
-        //         throw new NoSuchAlgorithmException("can't support mode " + mode);
+            {
-        //     }
+                throw new NoSuchAlgorithmException("can't support mode " + mode);
-        // }
+            }
-        // else if (modeName.startsWith("EAX"))
+        }
-        // {
+        else if (modeName.startsWith("EAX"))
-        //     ivLength = baseEngine.getBlockSize();
+        {
-        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+            ivLength = baseEngine.getBlockSize();
-        // }
+            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -489,13 +491,11 @@ public class BaseBlockCipher
         }
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Handling missing IVs
-    // TODO(27995180): This might need to be removed if we drop support for BCPBE keys without IV
-    // in PKCS12
     private boolean isBCPBEKeyWithoutIV(Key key) {
         return (key instanceof BCPBEKey) && !(((BCPBEKey)key).getParam() instanceof ParametersWithIV);
     }
-    // END android-added
+    // END Android-added: Handling missing IVs
 
     protected void engineInit(
         int                     opmode,
@@ -530,12 +530,11 @@ public class BaseBlockCipher
         //
         // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
         //
-        // BEGIN android-changed
+        // BEGIN Android-changed: Don't use PKCS12 with missing IV.
-        // Was: if (scheme == PKCS12 || key instanceof PKCS12Key)
         // If the key is a BCPBE one without an IV, ignore the fact that the scheme is PKCS12.
-        // TODO(27995180): consider whether we want to keep support for these keys and PKCS12.
+        // if (scheme == PKCS12 || key instanceof PKCS12Key)
         if ((scheme == PKCS12 || key instanceof PKCS12Key) && !isBCPBEKeyWithoutIV(key))
-        // END android-changed
+        // END Android-changed: Don't use PKCS12 with missing IV.
         {
             SecretKey k;
             try
@@ -578,13 +577,11 @@ public class BaseBlockCipher
                 }
                 else if (pbeKeyParam == null)
                 {
-                    // BEGIN android-changed
+                    // BEGIN Android-changed: Unreachable code
-                    // Was: param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+                    // See above for the Android change that makes this code unreachable.
-                    // TODO(27995180): consider rejecting such keys for PKCS12
+                    // param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
-                    // See above for the android-changed with a TODO for the same bug that makes
+                    throw new AssertionError("Unreachable code");
-                    // this code unreachable.
+                    // END Android-changed: Unreachable code
-                    // END android-changed
-                    throw new IllegalStateException("Unreachable code");
                 }
                 else
                 {
@@ -600,27 +597,29 @@ public class BaseBlockCipher
                 ivParam = (ParametersWithIV)param;
             }
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (key instanceof PBKDF1Key)
+        /*
-        // {
+        else if (key instanceof PBKDF1Key)
-        //     PBKDF1Key k = (PBKDF1Key)key;
+        {
+            PBKDF1Key k = (PBKDF1Key)key;
 
-        //     if (params instanceof PBEParameterSpec)
+            if (params instanceof PBEParameterSpec)
-        //     {
+            {
-        //         pbeSpec = (PBEParameterSpec)params;
+                pbeSpec = (PBEParameterSpec)params;
-        //     }
+            }
-        //     if (k instanceof PBKDF1KeyWithParameters && pbeSpec == null)
+            if (k instanceof PBKDF1KeyWithParameters && pbeSpec == null)
-        //     {
+            {
-        //         pbeSpec = new PBEParameterSpec(((PBKDF1KeyWithParameters)k).getSalt(), ((PBKDF1KeyWithParameters)k).getIterationCount());
+                pbeSpec = new PBEParameterSpec(((PBKDF1KeyWithParameters)k).getSalt(), ((PBKDF1KeyWithParameters)k).getIterationCount());
-        //     }
+            }
 
-        //     param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS5S1, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+            param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS5S1, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
-        //     if (param instanceof ParametersWithIV)
+            if (param instanceof ParametersWithIV)
-        //     {
+            {
-        //         ivParam = (ParametersWithIV)param;
+                ivParam = (ParametersWithIV)param;
-        //     }
+            }
-        // }
+        }
-        // END android-removed
+        */
+        // END Android-removed: Unsupported algorithms
         else if (key instanceof BCPBEKey)
         {
             BCPBEKey k = (BCPBEKey)key;
@@ -641,7 +640,7 @@ public class BaseBlockCipher
             else if (params instanceof PBEParameterSpec)
             {
                 pbeSpec = (PBEParameterSpec)params;
-                // BEGIN android-added
+                // BEGIN Android-added: Allow PBE keys with only passwords.
                 // At this point, k.getParam() == null, so the key hasn't been generated.  If
                 // the parameters have non-default values, recreate the BCPBEKey from algorithm
                 // parameters as to generate the key.
@@ -653,7 +652,7 @@ public class BaseBlockCipher
                                     k.getKeySize()),
                             null /* CipherParameters */);
                 }
-                // END android-added
+                // END Android-added: Allow PBE keys with only passwords.
                 param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName());
             }
             else
@@ -681,10 +680,10 @@ public class BaseBlockCipher
                 ivParam = (ParametersWithIV)param;
             }
         }
-        // BEGIN android-changed
+        // BEGIN Android-changed: Unsupported algorithm
-        // Was: else if (!(key instanceof RepeatedSecretKeySpec))
+        // else if (!(key instanceof RepeatedSecretKeySpec))
         else
-        // END android-changed
+        // END Android-changed: Unsupported algorithms
         {
             if (scheme == PKCS5S1 || scheme == PKCS5S1_UTF8 || scheme == PKCS5S2 || scheme == PKCS5S2_UTF8)
             {
@@ -692,12 +691,12 @@ public class BaseBlockCipher
             }
             param = new KeyParameter(key.getEncoded());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unreachable
         // else
         // {
         //    param = null;
         // }
-        // END android-removed
+        // END Android-removed: Unreachable
 
         if (params instanceof AEADParameterSpec)
         {
@@ -748,86 +747,88 @@ public class BaseBlockCipher
                 }
             }
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (params instanceof GOST28147ParameterSpec)
+        /*
-        // {
+        else if (params instanceof GOST28147ParameterSpec)
-        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
+        {
-        //
+            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-        //     param = new ParametersWithSBox(
+
-        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
+            param = new ParametersWithSBox(
-        //
+                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-        //     if (gost28147Param.getIV() != null && ivLength != 0)
+
-        //     {
+            if (gost28147Param.getIV() != null && ivLength != 0)
-        //         if (param instanceof ParametersWithIV)
+            {
-        //         {
+                if (param instanceof ParametersWithIV)
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), gost28147Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), gost28147Param.getIV());
-        //         else
+                }
-        //         {
+                else
-        //             param = new ParametersWithIV(param, gost28147Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(param, gost28147Param.getIV());
-        //         ivParam = (ParametersWithIV)param;
+                }
-        //     }
+                ivParam = (ParametersWithIV)param;
-        // }
+            }
-        // else if (params instanceof RC2ParameterSpec)
+        }
-        // {
+        else if (params instanceof RC2ParameterSpec)
-        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
+        {
-        //
+            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
+
-        //
+            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-        //     if (rc2Param.getIV() != null && ivLength != 0)
+
-        //     {
+            if (rc2Param.getIV() != null && ivLength != 0)
-        //         if (param instanceof ParametersWithIV)
+            {
-        //         {
+                if (param instanceof ParametersWithIV)
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc2Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc2Param.getIV());
-        //         else
+                }
-        //         {
+                else
-        //             param = new ParametersWithIV(param, rc2Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(param, rc2Param.getIV());
-        //         ivParam = (ParametersWithIV)param;
+                }
-        //     }
+                ivParam = (ParametersWithIV)param;
-        // }
+            }
-        // else if (params instanceof RC5ParameterSpec)
+        }
-        // {
+        else if (params instanceof RC5ParameterSpec)
-        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
+        {
-        //
+            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
+
-        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
+            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-        //     {
+            if (baseEngine.getAlgorithmName().startsWith("RC5"))
-        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
+            {
-        //         {
+                if (baseEngine.getAlgorithmName().equals("RC5-32"))
-        //             if (rc5Param.getWordSize() != 32)
+                {
-        //             {
+                    if (rc5Param.getWordSize() != 32)
-        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
+                    {
-        //             }
+                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-        //         }
+                    }
-        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
+                }
-        //         {
+                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-        //             if (rc5Param.getWordSize() != 64)
+                {
-        //             {
+                    if (rc5Param.getWordSize() != 64)
-        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
+                    {
-        //             }
+                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-        //         }
+                    }
-        //     }
+                }
-        //     else
+            }
-        //     {
+            else
-        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
+            {
-        //     }
+                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
+            }
-        //     {
+            if ((rc5Param.getIV() != null) && (ivLength != 0))
-        //         if (param instanceof ParametersWithIV)
+            {
-        //         {
+                if (param instanceof ParametersWithIV)
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc5Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc5Param.getIV());
-        //         else
+                }
-        //         {
+                else
-        //             param = new ParametersWithIV(param, rc5Param.getIV());
+                {
-        //         }
+                    param = new ParametersWithIV(param, rc5Param.getIV());
-        //         ivParam = (ParametersWithIV)param;
+                }
-        //     }
+                ivParam = (ParametersWithIV)param;
-        // }
+            }
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (gcmSpecClass != null && gcmSpecClass.isInstance(params))
         {
             if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher))
@@ -869,35 +870,61 @@ public class BaseBlockCipher
             {
                 ivRandom = new SecureRandom();
             }
+
             if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
             {
                 byte[]  iv = new byte[ivLength];
 
-                // BEGIN android-changed
+                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
-                // Was: ivRandom.nextBytes(iv);
+                // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
-                // TODO(27995180): for such keys, consider whether we want to reject them or
+                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
-                // allow them if the IV is passed in the parameters
+                // want the eventual state to be that an IV can be passed in params, but the key
+                // is rejected otherwise.  For now, log that these will be rejected in a future
+                // release.  See b/27995180 for historical details.
+                // ivRandom.nextBytes(iv);
                 if (!isBCPBEKeyWithoutIV(key)) {
                     ivRandom.nextBytes(iv);
-                }
+                } else {
-                // END android-changed
+                    // TODO(b/70275132): Change to rejecting these keys
+                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
+                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
+                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
+                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
+                    System.err.println(" * with an all-zero IV, but in a future release this call will");
+                    System.err.println(" * throw an exception.");
+                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
+                            .printStackTrace(System.err);
+                }
+                // END Android-changed: For PBE keys with no IV, log and use IV of 0
                 param = new ParametersWithIV(param, iv);
                 ivParam = (ParametersWithIV)param;
             }
             else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
             {
-                // BEGIN android-changed
+                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
-                // Was: throw new InvalidAlgorithmParameterException("no IV set when one expected");
+                // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
-                // TODO(27995180): for such keys, consider whether we want to reject them or
+                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
-                // allow them if the IV is passed in the parameters
+                // want the eventual state to be that an IV can be passed in params, but the key
+                // is rejected otherwise.  For now, log that these will be rejected in a future
+                // release.  See b/27995180 for historical details.
+                // throw new InvalidAlgorithmParameterException("no IV set when one expected");
                 if (!isBCPBEKeyWithoutIV(key)) {
                     throw new InvalidAlgorithmParameterException("no IV set when one expected");
                 } else {
+                    // TODO(b/70275132): Change to rejecting these keys
+                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
+                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
+                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
+                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
+                    System.err.println(" * with an all-zero IV, but in a future release this call will");
+                    System.err.println(" * throw an exception.");
+                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
+                            .printStackTrace(System.err);
                     // Mimic behaviour in 1.52 by using an IV of 0's
                     param = new ParametersWithIV(param, new byte[ivLength]);
                     ivParam = (ParametersWithIV)param;
                 }
-                // END android-changed
+                // END Android-changed: For PBE keys with no IV, log and use IV of 0
             }
         }
 
@@ -951,21 +978,23 @@ public class BaseBlockCipher
                 ivParam = new ParametersWithIV(key, iv.getIV());
                 param = ivParam;
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // else if (params instanceof GOST28147ParameterSpec)
+            /*
-            // {
+            else if (params instanceof GOST28147ParameterSpec)
-            //     // need to pick up IV and SBox.
+            {
-            //     GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
+                // need to pick up IV and SBox.
-            //
+                GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
-            //     param = new ParametersWithSBox(param, gost28147Param.getSbox());
+
-            //
+                param = new ParametersWithSBox(param, gost28147Param.getSbox());
-            //     if (gost28147Param.getIV() != null && ivLength != 0)
+
-            //     {
+                if (gost28147Param.getIV() != null && ivLength != 0)
-            //         ivParam = new ParametersWithIV(key, gost28147Param.getIV());
+                {
-            //         param = ivParam;
+                    ivParam = new ParametersWithIV(key, gost28147Param.getIV());
-            //     }
+                    param = ivParam;
-            // }
+                }
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
         else
         {
@@ -976,20 +1005,22 @@ public class BaseBlockCipher
                 ivParam = new ParametersWithIV(param, iv.getIV());
                 param = ivParam;
             }
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // else if (params instanceof GOST28147ParameterSpec)
+            /*
-            // {
+            else if (params instanceof GOST28147ParameterSpec)
-            //     // need to pick up IV and SBox.
+            {
-            //     GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
+                // need to pick up IV and SBox.
-            //
+                GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
-            //     param = new ParametersWithSBox(param, gost28147Param.getSbox());
+
-            //
+                param = new ParametersWithSBox(param, gost28147Param.getSbox());
-            //     if (gost28147Param.getIV() != null && ivLength != 0)
+
-            //     {
+                if (gost28147Param.getIV() != null && ivLength != 0)
-            //         param = new ParametersWithIV(param, gost28147Param.getIV());
+                {
-            //     }
+                    param = new ParametersWithIV(param, gost28147Param.getIV());
-            // }
+                }
-            // END android-removed
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
         return param;
     }
@@ -1192,9 +1223,9 @@ public class BaseBlockCipher
     private boolean isAEADModeName(
         String modeName)
     {
-        // BEGIN android-changed
+        // Android-changed: Unsupported modes
+        // return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName);
         return "CCM".equals(modeName) || "GCM".equals(modeName);
-        // END android-changed
     }
 
     /*

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java

@@ -22,15 +22,13 @@ import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.RC2Parameters;
 // import org.bouncycastle.crypto.params.SkeinParameters;
-// END android-removed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
-// END android-removed
 
 public class BaseMac
     extends MacSpi implements PBE
@@ -103,16 +101,16 @@ public class BaseMac
 
             int digest = SHA1;
             int keySize = 160;
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // if (macEngine.getAlgorithmName().startsWith("GOST"))
             // {
             //     digest = GOST3411;
             //     keySize = 256;
             // }
-            // BEGIN android-changed
+            // END Android-removed: Unsupported algorithms
-            // Was: else if (macEngine instanceof HMac)
+            // Android-changed: Adjust for missing if
+            // else if (macEngine instanceof HMac)
             if (macEngine instanceof HMac)
-            // END android-changed
             {
                 if (!macEngine.getAlgorithmName().startsWith("SHA-1"))
                 {
@@ -136,13 +134,13 @@ public class BaseMac
                         digest = SHA512;
                         keySize = 512;
                     }
-                    // BEGIN android-removed
+                    // BEGIN Android-removed: Unsupported algorithms
                     // else if (macEngine.getAlgorithmName().startsWith("RIPEMD160"))
                     // {
                     //     digest = RIPEMD160;
                     //     keySize = 160;
                     // }
-                    // END android-removed
+                    // END Android-removed: Unsupported algorithms
                     else
                     {
                         throw new InvalidAlgorithmParameterException("no PKCS12 mapping for HMAC: " + macEngine.getAlgorithmName());
@@ -198,17 +196,18 @@ public class BaseMac
         {
             param = new ParametersWithIV(keyParam, ((IvParameterSpec)params).getIV());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (params instanceof RC2ParameterSpec)
+        /*
-        // {
+        else if (params instanceof RC2ParameterSpec)
-        //     param = new ParametersWithIV(new RC2Parameters(keyParam.getKey(), ((RC2ParameterSpec)params).getEffectiveKeyBits()), ((RC2ParameterSpec)params).getIV());
+        {
-        // }
+            param = new ParametersWithIV(new RC2Parameters(keyParam.getKey(), ((RC2ParameterSpec)params).getEffectiveKeyBits()), ((RC2ParameterSpec)params).getIV());
-
+        }
-        // else if (params instanceof SkeinParameterSpec)
+        else if (params instanceof SkeinParameterSpec)
-        // {
+        {
-        //     param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(keyParam.getKey()).build();
+            param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(keyParam.getKey()).build();
-        // }
+        }
-        // END android-removed
+        */
+        // END Android-removed: Unsupported algorithms
         else if (params == null)
         {
             param = new KeyParameter(key.getEncoded());

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java

@@ -15,10 +15,9 @@ import javax.crypto.SecretKey;
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
@@ -37,10 +36,9 @@ public class BaseStreamCipher
     //
     private Class[]                 availableSpecs =
                                     {
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class,
-                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java

@@ -22,10 +22,9 @@ import javax.crypto.NoSuchPaddingException;
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -35,7 +34,9 @@ import org.bouncycastle.crypto.Wrapper;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Arrays;
@@ -51,10 +52,9 @@ public abstract class BaseWrapCipher
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class
-                                        // END android-removed
                                     };
 
     protected int                     pbeType = PKCS12;
@@ -69,7 +69,9 @@ public abstract class BaseWrapCipher
     private int                       ivSize;
     private byte[]                    iv;
 
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     protected BaseWrapCipher()
     {
@@ -279,8 +281,6 @@ public abstract class BaseWrapCipher
         return null;
     }
 
-    // BEGIN android-changed
-    // added ShortBufferException to throws statement
     protected int engineDoFinal(
         byte[]  input,
         int     inputOffset,
@@ -291,7 +291,6 @@ public abstract class BaseWrapCipher
     {
         return 0;
     }
-    // END android-changed
 
     protected byte[] engineWrap(
         Key     key)

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java

@@ -1,27 +1,25 @@
 package org.bouncycastle.jcajce.provider.symmetric.util;
 
+// BEGIN Android-added: Needed for compatibility helper
 import java.lang.reflect.Method;
+// END Android-added: Needed for compatibility helper
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.SecretKey;
-// BEGIN android-added
+// BEGIN Android-added: Allow IVs specified in parameters.
 import javax.crypto.spec.IvParameterSpec;
-// END android-added
+// END Android-added: Allow IVs specified in parameters.
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.PBEParameterSpec;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-added
+// Android-removed: Unsupported algorithms
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
 // import org.bouncycastle.crypto.digests.GOST3411Digest;
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.TigerDigest;
-// END android-removed
 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
@@ -29,9 +27,10 @@ import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// BEGIN Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END Android-changed: Use Android digests
 
 public interface PBE
 {
@@ -40,15 +39,13 @@ public interface PBE
     //
     static final int        MD5          = 0;
     static final int        SHA1         = 1;
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // static final int        RIPEMD160    = 2;
     // static final int        TIGER        = 3;
-    // END android-removed
     static final int        SHA256       = 4;
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // static final int        MD2          = 5;
     // static final int        GOST3411     = 6;
-    // END android-removed
     static final int        SHA224       = 7;
     static final int        SHA384       = 8;
     static final int        SHA512       = 9;
@@ -60,7 +57,6 @@ public interface PBE
     static final int        PKCS5S1_UTF8 = 4;
     static final int        PKCS5S2_UTF8 = 5;
 
-
     /**
      * uses the appropriate mixer to generate the key and IV if necessary.
      */
@@ -76,20 +72,19 @@ public interface PBE
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS5S1ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S1ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S1ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
                 default:
                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
@@ -99,48 +94,54 @@ public interface PBE
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS5S2ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
-
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
-                // case RIPEMD160:
+                /*
-                //     generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
+                case RIPEMD160:
-                //     break;
+                    generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
-                // case TIGER:
+                    break;
-                //     generator = new PKCS5S2ParametersGenerator(new TigerDigest());
+                case TIGER:
-                //     break;
+                    generator = new PKCS5S2ParametersGenerator(new TigerDigest());
-                // END android-removed
-                // BEGIN android-added
-                case SHA224:
-                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA224());
                     break;
-                // END android-added
+                */
+                // END Android-removed: Unsupported algorithms
                 case SHA256:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA256());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA256());
-                    // END android-changed
                     break;
-                // BEGIN android-added
+                // Android-removed: Unsupported algorithms
+                // case GOST3411:
+                //     generator = new PKCS5S2ParametersGenerator(new GOST3411Digest());
+                //     break;
+                case SHA224:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA224());
+                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA224());
+                    break;
                 case SHA384:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA384());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA384());
                     break;
                 case SHA512:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA512());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA512());
                     break;
-                // END android-added
                 default:
                     throw new IllegalStateException("unknown digest scheme for PBE PKCS5S2 encryption.");
                 }
@@ -149,44 +150,52 @@ public interface PBE
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS12ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
-                // case RIPEMD160:
+                /*
-                //     generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
+                case RIPEMD160:
-                //     break;
+                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-                // case TIGER:
-                //     generator = new PKCS12ParametersGenerator(new TigerDigest());
-                //     break;
-                // END android-removed
-                // BEGIN android-added
-                case SHA224:
-                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA224());
                     break;
-                // END android-added
+                case TIGER:
+                    generator = new PKCS12ParametersGenerator(new TigerDigest());
+                    break;
+                */
+                // END Android-removed: Unsupported algorithms
                 case SHA256:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA256());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
-                    // END android-changed
                     break;
-                // BEGIN android-added
+                // Android-removed: Unsupported algorithms
+                // case GOST3411:
+                //     generator = new PKCS12ParametersGenerator(new GOST3411Digest());
+                //     break;
+                case SHA224:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA224());
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA224());
+                    break;
                 case SHA384:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA384());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA384());
                     break;
                 case SHA512:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA512());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA512());
                     break;
                 default:
@@ -235,7 +244,7 @@ public interface PBE
             if (ivSize != 0)
             {
                 param = generator.generateDerivedParameters(keySize, ivSize);
-                // BEGIN ANDROID-ADDED
+                // BEGIN Android-added: Allow IVs specified in parameters.
                 // PKCS5S2 doesn't specify that the IV must be generated from the password. If the
                 // IV is passed as a parameter, use it.
                 AlgorithmParameterSpec parameterSpecFromPBEParameterSpec =
@@ -249,7 +258,7 @@ public interface PBE
                             (KeyParameter) parametersWithIV.getParameters(),
                             ivParameterSpec.getIV());
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow IVs specified in parameters.
             }
             else
             {
@@ -304,7 +313,7 @@ public interface PBE
             if (pbeKey.getIvSize() != 0)
             {
                 param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize());
-                // BEGIN ANDROID-ADDED
+                // BEGIN Android-added: Allow IVs specified in parameters.
                 // PKCS5S2 doesn't specify that the IV must be generated from the password. If the
                 // IV is passed as a parameter, use it.
                 AlgorithmParameterSpec parameterSpecFromPBEParameterSpec =
@@ -318,7 +327,7 @@ public interface PBE
                             (KeyParameter) parametersWithIV.getParameters(),
                             ivParameterSpec.getIV());
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow IVs specified in parameters.
             }
             else
             {
@@ -464,7 +473,7 @@ public interface PBE
             return param;
         }
 
-        // BEGIN android-added
+        // BEGIN Android-added: Add helper for 1.8 compatibility.
         /**
          * Invokes the method {@link PBEParameterSpec#getParameterSpec()} via reflection.
          *
@@ -483,7 +492,7 @@ public interface PBE
                 return null;
             }
         }
-        // END android-added
+        // END Android-added: Add helper for 1.8 compatibility.
 
 
         private static byte[] convertPassword(int type, PBEKeySpec keySpec)

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java

@@ -10,9 +10,9 @@ import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-added
+// BEGIN Android-added: Use Android digests
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
+// END Android-added: Use Android digests
 import org.bouncycastle.util.Strings;
 
 public class DigestFactory
@@ -23,14 +23,16 @@ public class DigestFactory
     private static Set sha256 = new HashSet();
     private static Set sha384 = new HashSet();
     private static Set sha512 = new HashSet();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
-    // private static Set sha512_224 = new HashSet();
+    /*
-    // private static Set sha512_256 = new HashSet();
+    private static Set sha512_224 = new HashSet();
-    // private static Set sha3_224 = new HashSet();
+    private static Set sha512_256 = new HashSet();
-    // private static Set sha3_256 = new HashSet();
+    private static Set sha3_224 = new HashSet();
-    // private static Set sha3_384 = new HashSet();
+    private static Set sha3_256 = new HashSet();
-    // private static Set sha3_512 = new HashSet();
+    private static Set sha3_384 = new HashSet();
-    // END android-removed
+    private static Set sha3_512 = new HashSet();
+    */
+    // END Android-removed: Unsupported algorithms
 
     private static Map oids = new HashMap();
     
@@ -59,27 +61,29 @@ public class DigestFactory
         sha512.add("SHA-512");
         sha512.add(NISTObjectIdentifiers.id_sha512.getId()); 
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // sha512_224.add("SHA512(224)");
+        /*
-        // sha512_224.add("SHA-512(224)");
+        sha512_224.add("SHA512(224)");
-        // sha512_224.add(NISTObjectIdentifiers.id_sha512_224.getId());
+        sha512_224.add("SHA-512(224)");
+        sha512_224.add(NISTObjectIdentifiers.id_sha512_224.getId());
 
-        // sha512_256.add("SHA512(256)");
+        sha512_256.add("SHA512(256)");
-        // sha512_256.add("SHA-512(256)");
+        sha512_256.add("SHA-512(256)");
-        // sha512_256.add(NISTObjectIdentifiers.id_sha512_256.getId());
+        sha512_256.add(NISTObjectIdentifiers.id_sha512_256.getId());
 
-        // sha3_224.add("SHA3-224");
+        sha3_224.add("SHA3-224");
-        // sha3_224.add(NISTObjectIdentifiers.id_sha3_224.getId());
+        sha3_224.add(NISTObjectIdentifiers.id_sha3_224.getId());
 
-        // sha3_256.add("SHA3-256");
+        sha3_256.add("SHA3-256");
-        // sha3_256.add(NISTObjectIdentifiers.id_sha3_256.getId());
+        sha3_256.add(NISTObjectIdentifiers.id_sha3_256.getId());
 
-        // sha3_384.add("SHA3-384");
+        sha3_384.add("SHA3-384");
-        // sha3_384.add(NISTObjectIdentifiers.id_sha3_384.getId());
+        sha3_384.add(NISTObjectIdentifiers.id_sha3_384.getId());
 
-        // sha3_512.add("SHA3-512");
+        sha3_512.add("SHA3-512");
-        // sha3_512.add(NISTObjectIdentifiers.id_sha3_512.getId());
+        sha3_512.add(NISTObjectIdentifiers.id_sha3_512.getId());
-        // END android-removed
+        */
+        // END Android-removed: Unsupported algorithms
 
 
         oids.put("MD5", PKCSObjectIdentifiers.md5);
@@ -133,65 +137,69 @@ public class DigestFactory
         
         if (sha1.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA1();
             return AndroidDigestFactory.getSHA1();
-            // END android-changed
         }
         if (md5.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createMD5();
             return AndroidDigestFactory.getMD5();
-            // END android-changed
         }
         if (sha224.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA224();
             return AndroidDigestFactory.getSHA224();
-            // END android-changed
         }
         if (sha256.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA256();
             return AndroidDigestFactory.getSHA256();
-            // END android-changed
         }
         if (sha384.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA384();
             return AndroidDigestFactory.getSHA384();
-            // END android-changed
         }
-        if (sha512.contains(digestName)) {
+        if (sha512.contains(digestName))
-            // BEGIN android-changed
+        {
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA512();
             return AndroidDigestFactory.getSHA512();
-            // END android-changed
+        }
-        }
+        // BEGIN Android-removed: Unsupported algorithms
-        // BEGIN android-removed
+        /*
-        // if (sha512_224.contains(digestName))
+        if (sha512_224.contains(digestName))
-        // {
+        {
-        //    return org.bouncycastle.crypto.util.DigestFactory.createSHA512_224();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA512_224();
-        // }
+        }
-        // if (sha512_256.contains(digestName))
+        if (sha512_256.contains(digestName))
-        // {
+        {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA512_256();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA512_256();
-        // }
+        }
-        //
+
-        // if (sha3_224.contains(digestName))
+        if (sha3_224.contains(digestName))
-        // {
+        {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_224();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_224();
-        // }
+        }
-        // if (sha3_256.contains(digestName))
+        if (sha3_256.contains(digestName))
-        // {
+        {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_256();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_256();
-        // }
+        }
-        // if (sha3_384.contains(digestName))
+        if (sha3_384.contains(digestName))
-        // {
+        {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_384();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_384();
-        // }
+        }
-        // if (sha3_512.contains(digestName))
+        if (sha3_512.contains(digestName))
-        // {
+        {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_512();
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_512();
-        // }
+        }
+        */
+        // END Android-removed: Unsupported algorithms
 
         return null;
     }
@@ -205,14 +213,16 @@ public class DigestFactory
             || (sha256.contains(digest1) && sha256.contains(digest2))
             || (sha384.contains(digest1) && sha384.contains(digest2))
             || (sha512.contains(digest1) && sha512.contains(digest2))
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
-            // || (sha512_224.contains(digest1) && sha512_224.contains(digest2))
+            /*
-            // || (sha512_256.contains(digest1) && sha512_256.contains(digest2))
+            || (sha512_224.contains(digest1) && sha512_224.contains(digest2))
-            // || (sha3_224.contains(digest1) && sha3_224.contains(digest2))
+            || (sha512_256.contains(digest1) && sha512_256.contains(digest2))
-            // || (sha3_256.contains(digest1) && sha3_256.contains(digest2))
+            || (sha3_224.contains(digest1) && sha3_224.contains(digest2))
-            // || (sha3_384.contains(digest1) && sha3_384.contains(digest2))
+            || (sha3_256.contains(digest1) && sha3_256.contains(digest2))
-            // || (sha3_512.contains(digest1) && sha3_512.contains(digest2))
+            || (sha3_384.contains(digest1) && sha3_384.contains(digest2))
-            // END android-removed
+            || (sha3_512.contains(digest1) && sha3_512.contains(digest2))
+            */
+            // END Android-removed: Unsupported algorithms
             || (md5.contains(digest1) && md5.contains(digest2));
     }
     

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java

@@ -6,15 +6,13 @@ import java.security.AlgorithmParameters;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 
 /**
  * General JCA/JCE utility methods.
@@ -107,24 +105,26 @@ public class JcaJceUtils
         {
             return "SHA512";
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        /*
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        //     return "RIPEMD128";
+        {
-        // }
+            return "RIPEMD128";
-        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        }
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        //     return "RIPEMD160";
+        {
-        // }
+            return "RIPEMD160";
-        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        }
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        //     return "RIPEMD256";
+        {
-        // }
+            return "RIPEMD256";
-        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        }
-        // {
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        //     return "GOST3411";
+        {
-        // }
+            return "GOST3411";
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             return digestAlgOID.getId();

bouncycastle/bcprov/src/main/java/org/bouncycastle/jcajce/util/MessageDigestUtils.java

@@ -4,17 +4,15 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
 // import org.bouncycastle.asn1.iso.ISOIECObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 
 public class MessageDigestUtils
 {
@@ -22,30 +20,32 @@ public class MessageDigestUtils
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOidMap.put(PKCSObjectIdentifiers.md2, "MD2");
         // digestOidMap.put(PKCSObjectIdentifiers.md4, "MD4");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOidMap.put(PKCSObjectIdentifiers.md5, "MD5");
         digestOidMap.put(OIWObjectIdentifiers.idSHA1, "SHA-1");
         digestOidMap.put(NISTObjectIdentifiers.id_sha224, "SHA-224");
         digestOidMap.put(NISTObjectIdentifiers.id_sha256, "SHA-256");
         digestOidMap.put(NISTObjectIdentifiers.id_sha384, "SHA-384");
         digestOidMap.put(NISTObjectIdentifiers.id_sha512, "SHA-512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128");
+        /*
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160");
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128");
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-128");
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160");
-        // digestOidMap.put(ISOIECObjectIdentifiers.ripemd128, "RIPEMD-128");
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-128");
-        // digestOidMap.put(ISOIECObjectIdentifiers.ripemd160, "RIPEMD-160");
+        digestOidMap.put(ISOIECObjectIdentifiers.ripemd128, "RIPEMD-128");
-        // digestOidMap.put(CryptoProObjectIdentifiers.gostR3411, "GOST3411");
+        digestOidMap.put(ISOIECObjectIdentifiers.ripemd160, "RIPEMD-160");
-        // digestOidMap.put(GNUObjectIdentifiers.Tiger_192, "Tiger");
+        digestOidMap.put(CryptoProObjectIdentifiers.gostR3411, "GOST3411");
-        // digestOidMap.put(ISOIECObjectIdentifiers.whirlpool, "Whirlpool");
+        digestOidMap.put(GNUObjectIdentifiers.Tiger_192, "Tiger");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_224, "SHA3-224");
+        digestOidMap.put(ISOIECObjectIdentifiers.whirlpool, "Whirlpool");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_256, "SHA3-256");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_224, "SHA3-224");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_384, "SHA3-384");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_256, "SHA3-256");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_512, "SHA3-512");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_384, "SHA3-384");
-        // END android-removed
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_512, "SHA3-512");
+        */
+        // END Android-removed: Unsupported algorithms
     }
 
     /**

bouncycastle/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java

@@ -30,18 +30,16 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.CertificationRequest;
 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
@@ -85,11 +83,10 @@ public class PKCS10CertificationRequest
 
     static
     {
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
-        // Dropping MD2
         // algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
         // algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
@@ -109,14 +106,14 @@ public class PKCS10CertificationRequest
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -129,13 +126,13 @@ public class PKCS10CertificationRequest
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // reverse mappings
@@ -145,15 +142,15 @@ public class PKCS10CertificationRequest
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         
         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
@@ -187,10 +184,10 @@ public class PKCS10CertificationRequest
         //
         // RFC 4491
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         //
         // explicit params
         //
@@ -633,24 +630,26 @@ public class PKCS10CertificationRequest
         {
             return "SHA512";
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
-        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        /*
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        //     return "RIPEMD128";
+        {
-        // }
+            return "RIPEMD128";
-        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        }
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        //     return "RIPEMD160";
+        {
-        // }
+            return "RIPEMD160";
-        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        }
-        // {
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        //     return "RIPEMD256";
+        {
-        // }
+            return "RIPEMD256";
-        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        }
-        // {
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        //     return "GOST3411";
+        {
-        // }
+            return "GOST3411";
-        // END android-removed
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             return digestAlgOID.getId();            

bouncycastle/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java

@@ -60,29 +60,25 @@ public final class BouncyCastleProvider extends Provider
 
     private static final String[] SYMMETRIC_GENERIC =
     {
-        // BEGIN android-changed
+        // Android-changed: Remove unsupported algorithms, add our own version of PBEv2 AlgParams
-        // Was: "PBEPBKDF2", "TLSKDF"
+        // "PBEPBKDF2", "TLSKDF"
         "PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters"
     };
 
     private static final String[] SYMMETRIC_MACS =
     {
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // "SipHash", "Poly1305"
-        // END android-removed
     };
 
     private static final String[] SYMMETRIC_CIPHERS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "AES", "ARC4", "ARIA", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede",
         // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5",
         // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "SM4", "TEA", "Twofish", "Threefish",
         // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20", "OpenSSLPBKDF"
-        // END android-removed
-        // BEGIN android-added
         "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish",
-        // END android-added
     };
 
      /*
@@ -94,22 +90,16 @@ public final class BouncyCastleProvider extends Provider
     // later ones configure it.
     private static final String[] ASYMMETRIC_GENERIC =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "X509", "IES"
-        // END android-removed
-        // BEGIN android-added
         "X509"
-        // END android-added
     };
 
     private static final String[] ASYMMETRIC_CIPHERS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145", "GM"
-        // END android-removed
-        // BEGIN android-added
         "DSA", "DH", "EC", "RSA",
-        // END android-added
     };
 
     /*
@@ -118,13 +108,10 @@ public final class BouncyCastleProvider extends Provider
     private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
     private static final String[] DIGESTS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "GOST3411", "Keccak", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224",
         // "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool", "Blake2b"
-        // END android-removed
-        // BEGIN android-added
         "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512",
-        // END android-added
     };
 
     /*
@@ -136,7 +123,7 @@ public final class BouncyCastleProvider extends Provider
         "BC", "BCFKS", "PKCS12"
     };
 
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // /*
     //  * Configurable secure random
     //  */
@@ -181,54 +168,56 @@ public final class BouncyCastleProvider extends Provider
 
         loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
 
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
-        // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
+        /*
-        //
+        loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
-        // //
+
-        // // X509Store
-        // //
-        // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
-        //
-        // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-        // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-        // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-        // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
         //
-        // //
+        // X509Store
-        // // X509StreamParser
-        // //
-        // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-        // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-        // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-        // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
         //
-        // //
+        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        // // cipher engines
+        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        // //
+        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+
+        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
+        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
+        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
+        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+        
         //
-        // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+        // X509StreamParser
         //
+        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
+        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
+        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
+        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+
         //
-        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+        // cipher engines
         //
-        // // Certification Path API
+        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
-        // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+
-        // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
-        // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
+
-        // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+
-        // END android-removed
+        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+
+        // Certification Path API
+        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
+        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+        */
+        // END Android-removed: Unsupported algorithms
         put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
         put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
         put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
         // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
         // put("Alg.Alias.CertStore.X509LDAP", "LDAP");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     private void loadAlgorithms(String packageName, String[] names)

bouncycastle/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java

@@ -75,9 +75,7 @@ import org.bouncycastle.util.Selector;
 import org.bouncycastle.util.Store;
 import org.bouncycastle.util.StoreException;
 import org.bouncycastle.x509.X509AttributeCertificate;
-// BEGIN android-removed
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
-// import org.bouncycastle.x509.extension.X509ExtensionUtil;
-// END android-removed
 
 class CertPathValidatorUtilities
 {
@@ -657,22 +655,24 @@ class CertPathValidatorUtilities
         {
             Object obj = iter.next();
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unknown reason
-            // if (obj instanceof X509Store)
+            /*
-            // {
+            if (obj instanceof Store)
-            //     X509Store certStore = (X509Store)obj;
+            {
-            //     try
+                Store certStore = (Store)obj;
-            //     {
+                try
-            //         certs.addAll(certStore.getMatches(certSelect));
+                {
-            //     }
+                    certs.addAll(certStore.getMatches(certSelect));
-            //     catch (StoreException e)
+                }
-            //     {
+                catch (StoreException e)
-            //         throw new AnnotatedException(
+                {
-            //                 "Problem while picking certificates from X.509 store.", e);
+                    throw new AnnotatedException(
-            //     }
+                            "Problem while picking certificates from X.509 store.", e);
-            // }
+                }
-            // else
+            }
-            // END android-removed
+            else
+            */
+            // END Android-removed: Unknown reason
             {
                 CertStore certStore = (CertStore)obj;
 
@@ -894,7 +894,9 @@ class CertPathValidatorUtilities
             {
                 return;
             }
+
             X500Principal certificateIssuer = crl_entry.getCertificateIssuer();
+
             X500Name certIssuer;
             if (certificateIssuer == null)
             {