diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/ASN1Null.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/ASN1Null.java	2013-01-31 02:26:40.000000000 +0000
@@ -11,9 +11,11 @@
     /**
      * @deprecated use DERNull.INSTANCE
      */
-    public ASN1Null()
+    // BEGIN android-changed
+    /*package*/ ASN1Null()
     {
     }
+    // END android-changed
 
     public static ASN1Null getInstance(Object o)
     {
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERBoolean.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERBoolean.java	2013-05-25 02:14:15.000000000 +0000
@@ -10,7 +10,9 @@
     private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
     private static final byte[] FALSE_VALUE = new byte[] { 0 };
 
-    private byte[]         value;
+    // BEGIN android-changed
+    final private byte[]         value;
+    // END android-changed
 
     public static final ASN1Boolean FALSE = new ASN1Boolean(false);
     public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
@@ -55,6 +57,17 @@
         return (value != 0 ? TRUE : FALSE);
     }
 
+    // BEGIN android-added
+    /**
+     * return a DERBoolean from the passed in array.
+     */
+    public static DERBoolean getInstance(
+        byte[] octets)
+    {
+        return (octets[0] != 0) ? TRUE : FALSE;
+    }
+
+    // END android-added
     /**
      * return a Boolean from a tagged object.
      *
@@ -80,7 +93,9 @@
         }
     }
     
-    DERBoolean(
+    // BEGIN android-changed
+    protected DERBoolean(
+    // END android-changed
         byte[]       value)
     {
         if (value.length != 1)
@@ -106,8 +121,10 @@
      * @deprecated use getInstance(boolean) method.
      * @param value
      */
-    public DERBoolean(
+    // BEGIN android-changed
+    protected DERBoolean(
         boolean     value)
+    // END android-changed
     {
         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERNull.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERNull.java	2013-01-31 02:26:40.000000000 +0000
@@ -15,7 +15,9 @@
     /**
      * @deprecated use DERNull.INSTANCE
      */
-    public DERNull()
+    // BEGIN android-changed
+    protected DERNull()
+    // END android-changed
     {
     }
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERObjectIdentifier.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERObjectIdentifier.java	2013-05-25 02:14:15.000000000 +0000
@@ -144,7 +144,13 @@
             }
         }
 
-        this.identifier = objId.toString();
+        // BEGIN android-changed
+        /*
+         * Intern the identifier so there aren't hundreds of duplicates
+         * (in practice).
+         */
+        this.identifier = objId.toString().intern();
+        // END android-changed
         this.body = Arrays.clone(bytes);
     }
 
@@ -160,7 +166,13 @@
             throw new IllegalArgumentException("string " + identifier + " not an OID");
         }
 
-        this.identifier = identifier;
+        // BEGIN android-changed
+        /*
+         * Intern the identifier so there aren't hundreds of duplicates
+         * (in practice).
+         */
+        this.identifier = identifier.intern();
+        // END android-changed
     }
 
     DERObjectIdentifier(DERObjectIdentifier oid, String branchID)
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/DERPrintableString.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/DERPrintableString.java	2013-01-31 02:26:40.000000000 +0000
@@ -12,7 +12,9 @@
     extends ASN1Primitive
     implements ASN1String
 {
-    private byte[]  string;
+    // BEGIN android-changed
+    private final byte[]  string;
+    // END android-changed
 
     /**
      * return a printable string from the passed in object.
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/cms/ContentInfo.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/cms/ContentInfo.java	2013-05-25 02:14:15.000000000 +0000
@@ -12,7 +12,9 @@
 
 public class ContentInfo
     extends ASN1Object
-    implements CMSObjectIdentifiers
+    // BEGIN android-removed
+    // implements CMSObjectIdentifiers
+    // END android-removed
 {
     private ASN1ObjectIdentifier contentType;
     private ASN1Encodable        content;
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2013-01-31 02:26:40.000000000 +0000
@@ -10,8 +10,10 @@
     //
     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
-    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    // END android-removed
     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
     static final ASN1ObjectIdentifier    sha1WithRSAEncryption     = pkcs_1.branch("5");
     static final ASN1ObjectIdentifier    srsaOAEPEncryptionSET     = pkcs_1.branch("6");
@@ -22,7 +24,9 @@
     static final ASN1ObjectIdentifier    sha256WithRSAEncryption   = pkcs_1.branch("11");
     static final ASN1ObjectIdentifier    sha384WithRSAEncryption   = pkcs_1.branch("12");
     static final ASN1ObjectIdentifier    sha512WithRSAEncryption   = pkcs_1.branch("13");
-    static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    sha224WithRSAEncryption   = pkcs_1.branch("14");
+    // END android-removed
 
     //
     // pkcs-3 OBJECT IDENTIFIER ::= {
@@ -66,13 +70,17 @@
     // md2 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
     //
-    static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
+    // END android-removed
 
     //
     // md4 OBJECT IDENTIFIER ::=
     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
     //
-    static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    md4 = digestAlgorithm.branch("4");
+    // END android-removed
 
     //
     // md5 OBJECT IDENTIFIER ::=
@@ -81,7 +89,9 @@
     static final ASN1ObjectIdentifier    md5                     = digestAlgorithm.branch("5");
 
     static final ASN1ObjectIdentifier    id_hmacWithSHA1         = digestAlgorithm.branch("7");
-    static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
+    // BEGIN android-removed
+    // static final ASN1ObjectIdentifier    id_hmacWithSHA224       = digestAlgorithm.branch("8");
+    // END android-removed
     static final ASN1ObjectIdentifier    id_hmacWithSHA256       = digestAlgorithm.branch("9");
     static final ASN1ObjectIdentifier    id_hmacWithSHA384       = digestAlgorithm.branch("10");
     static final ASN1ObjectIdentifier    id_hmacWithSHA512       = digestAlgorithm.branch("11");
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2013-05-25 02:14:15.000000000 +0000
@@ -14,7 +14,9 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 
 /**
  * The AuthorityKeyIdentifier object.
@@ -106,7 +108,9 @@
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
     {
-        Digest  digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest  digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
@@ -124,7 +128,9 @@
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        Digest  digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest  digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/SubjectKeyIdentifier.java	2013-01-31 02:26:40.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 
 /**
  * The SubjectKeyIdentifier object.
@@ -124,7 +126,9 @@
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
-        Digest digest = new SHA1Digest();
+        // BEGIN android-changed
+        Digest digest = AndroidDigestFactory.getSHA1();
+        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509Name.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509Name.java	2013-05-25 02:14:15.000000000 +0000
@@ -255,8 +255,10 @@
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
-    private static final Boolean FALSE = new Boolean(false);
+    // BEGIN android-changed
+    private static final Boolean TRUE = Boolean.TRUE;
+    private static final Boolean FALSE = Boolean.FALSE;
+    // END android-changed
 
     static
     {
@@ -446,7 +448,9 @@
                            throw new IllegalArgumentException("cannot encode value");
                        }
                    }
-                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
+                   // BEGIN android-changed
+                   added.addElement(Boolean.valueOf(i != 0));
+                   // END android-changed
             }
         }
     }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2013-05-25 02:14:15.000000000 +0000
@@ -78,6 +78,17 @@
                 }
                 else
                 {
+                    // BEGIN android-added
+                    // copied from a newer version of BouncyCastle
+                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
+                    {
+                        buf.append('\\');
+                    }
+                    else if (c == '+' && separator != '+')
+                    {
+                        buf.append('\\');
+                    }
+                    // END android-added
                     buf.append(c);
                 }
             }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	2013-05-01 01:48:41.000000000 +0000
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+/**
+ * Level of indirection to let us select OpenSSLDigest implementations
+ * for libcore but fallback to BouncyCastle ones on the RI.
+ */
+public final class AndroidDigestFactory {
+    private static final String OpenSSLFactoryClassName
+            = AndroidDigestFactory.class.getName() + "OpenSSL";
+    private static final String BouncyCastleFactoryClassName
+            = AndroidDigestFactory.class.getName() + "BouncyCastle";
+
+    private static final AndroidDigestFactoryInterface FACTORY;
+    static {
+        Class factoryImplementationClass;
+        try {
+            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
+            // Double check for NativeCrypto in case we are running on RI for testing
+            Class.forName("com.android.org.conscrypt.NativeCrypto");
+        } catch (ClassNotFoundException e1) {
+            try {
+                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
+            } catch (ClassNotFoundException e2) {
+                AssertionError e = new AssertionError("Failed to load "
+                                         + "AndroidDigestFactoryInterface "
+                                         + "implementation. Looked for "
+                                         + OpenSSLFactoryClassName + " and "
+                                         + BouncyCastleFactoryClassName);
+                e.initCause(e1);
+                throw e;
+            }
+        }
+        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
+            throw new AssertionError(factoryImplementationClass
+                                     + "does not implement AndroidDigestFactoryInterface");
+        }
+        try {
+            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
+        } catch (InstantiationException e) {
+            throw new AssertionError(e);
+        } catch (IllegalAccessException e) {
+            throw new AssertionError(e);
+        }
+    }
+
+    public static Digest getMD5() {
+        return FACTORY.getMD5();
+    }
+
+    public static Digest getSHA1() {
+        return FACTORY.getSHA1();
+    }
+
+    public static Digest getSHA256() {
+        return FACTORY.getSHA256();
+    }
+
+    public static Digest getSHA384() {
+        return FACTORY.getSHA384();
+    }
+
+    public static Digest getSHA512() {
+        return FACTORY.getSHA512();
+    }
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	2012-09-17 23:04:47.000000000 +0000
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+public class AndroidDigestFactoryBouncyCastle implements AndroidDigestFactoryInterface {
+    public Digest getMD5() {
+        return new MD5Digest();
+    }
+    public Digest getSHA1() {
+        return new SHA1Digest();
+    }
+    public Digest getSHA256() {
+        return new SHA256Digest();
+    }
+    public Digest getSHA384() {
+        return new SHA384Digest();
+    }
+    public Digest getSHA512() {
+        return new SHA512Digest();
+    }
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	2012-09-17 23:04:47.000000000 +0000
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+interface AndroidDigestFactoryInterface {
+    public Digest getMD5();
+    public Digest getSHA1();
+    public Digest getSHA256();
+    public Digest getSHA384();
+    public Digest getSHA512();
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	2012-09-17 23:04:47.000000000 +0000
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import org.bouncycastle.crypto.Digest;
+
+public class AndroidDigestFactoryOpenSSL implements AndroidDigestFactoryInterface {
+    public Digest getMD5() {
+        return new OpenSSLDigest.MD5();
+    }
+    public Digest getSHA1() {
+        return new OpenSSLDigest.SHA1();
+    }
+    public Digest getSHA256() {
+        return new OpenSSLDigest.SHA256();
+    }
+    public Digest getSHA384() {
+        return new OpenSSLDigest.SHA384();
+    }
+    public Digest getSHA512() {
+        return new OpenSSLDigest.SHA512();
+    }
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2013-04-24 05:37:59.000000000 +0000
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.crypto.digests;
+
+import com.android.org.conscrypt.NativeCrypto;
+import org.bouncycastle.crypto.ExtendedDigest;
+
+/**
+ * Implements the BouncyCastle Digest interface using OpenSSL's EVP API.
+ */
+public class OpenSSLDigest implements ExtendedDigest {
+
+    /**
+     * Holds the standard name of the hashing algorithm, e.g. "SHA-1";
+     */
+    private final String algorithm;
+
+    /**
+     * Holds the EVP_MD for the hashing algorithm, e.g. EVP_get_digestbyname("sha1");
+     */
+    private final long evp_md;
+
+    /**
+     * Holds the output size of the message digest.
+     */
+    private final int size;
+
+    /**
+     * Holds the block size of the message digest.
+     */
+    private final int blockSize;
+
+    /**
+     * Holds a pointer to the native message digest context. It is
+     * lazily initialized to avoid having to reallocate on reset when
+     * its unlikely to be reused.
+     */
+    private long ctx;
+
+    /**
+     * Holds a dummy buffer for writing single bytes to the digest.
+     */
+    private final byte[] singleByte = new byte[1];
+
+    /**
+     * Creates a new OpenSSLMessageDigest instance for the given algorithm
+     * name.
+     */
+    private OpenSSLDigest(String algorithm, long evp_md, int size, int blockSize) {
+        this.algorithm = algorithm;
+        this.evp_md = evp_md;
+        this.size = size;
+        this.blockSize = blockSize;
+    }
+
+    public String getAlgorithmName() {
+        return algorithm;
+    }
+
+    public int getDigestSize() {
+        return size;
+    }
+
+    public int getByteLength() {
+        return blockSize;
+    }
+
+    public void reset() {
+        free();
+    }
+
+    public void update(byte in) {
+        singleByte[0] = in;
+        update(singleByte, 0, 1);
+    }
+
+    public void update(byte[] in, int inOff, int len) {
+        NativeCrypto.EVP_DigestUpdate(getCtx(), in, inOff, len);
+    }
+
+    public int doFinal(byte[] out, int outOff) {
+        int i = NativeCrypto.EVP_DigestFinal(getCtx(), out, outOff);
+        ctx = 0; // EVP_DigestFinal frees the context as a side effect
+        reset();
+        return i;
+    }
+
+    private long getCtx() {
+        if (ctx == 0) {
+            ctx = NativeCrypto.EVP_DigestInit(evp_md);
+        }
+        return ctx;
+    }
+
+    private void free() {
+        if (ctx != 0) {
+            NativeCrypto.EVP_MD_CTX_destroy(ctx);
+            ctx = 0;
+        }
+    }
+
+    @Override
+    protected void finalize() throws Throwable {
+        try {
+            free();
+        } finally {
+            super.finalize();
+        }
+    }
+
+    public static class MD5 extends OpenSSLDigest {
+        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("md5");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public MD5() { super("MD5", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA1 extends OpenSSLDigest {
+        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha1");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA1() { super("SHA-1", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA256 extends OpenSSLDigest {
+        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha256");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA256() { super("SHA-256", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA384 extends OpenSSLDigest {
+        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha384");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA384() { super("SHA-384", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+
+    public static class SHA512 extends OpenSSLDigest {
+        private static final long EVP_MD = NativeCrypto.EVP_get_digestbyname("sha512");
+        private static final int SIZE = NativeCrypto.EVP_MD_size(EVP_MD);
+        private static final int BLOCK_SIZE = NativeCrypto.EVP_MD_block_size(EVP_MD);
+        public SHA512() { super("SHA-512", EVP_MD, SIZE, BLOCK_SIZE); }
+    }
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2013-05-25 02:14:15.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 
 /**
@@ -25,7 +27,9 @@
     public OAEPEncoding(
         AsymmetricBlockCipher   cipher)
     {
-        this(cipher, new SHA1Digest(), null);
+        // BEGIN android-changed
+        this(cipher, AndroidDigestFactory.getSHA1(), null);
+        // END android-changed
     }
     
     public OAEPEncoding(
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2013-01-31 02:26:40.000000000 +0000
@@ -216,6 +216,12 @@
                 throw new InvalidCipherTextException("unknown block type");
             }
         }
+        // BEGIN android-added
+        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
+        {
+            throw new InvalidCipherTextException("invalid block type " + type);
+        }
+        // END android-added
 
         if (useStrictLength && block.length != engine.getOutputBlockSize())
         {
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2012-09-17 23:04:47.000000000 +0000
@@ -6,7 +6,9 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -52,7 +54,9 @@
     //
     // checksum digest
     //
-    Digest  sha1 = new SHA1Digest();
+    // BEGIN android-changed
+    Digest  sha1 = AndroidDigestFactory.getSHA1();
+    // END android-changed
     byte[]  digest = new byte[20];
 
    /**
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DHParametersHelper.java	2012-09-17 23:04:47.000000000 +0000
@@ -3,10 +3,17 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
+// BEGIN android-added
+import java.util.logging.Logger;
+// END android-added
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
+    // BEGIN android-added
+    private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
+    // END android-added
+
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
 
@@ -17,11 +24,19 @@
      */
     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
+        // BEGIN android-added
+        logger.info("Generating safe primes. This may take a long time.");
+        long start = System.currentTimeMillis();
+        int tries = 0;
+        // END android-added
         BigInteger p, q;
         int qLength = size - 1;
 
         for (;;)
         {
+            // BEGIN android-added
+            tries++;
+            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
@@ -32,6 +47,11 @@
                 break;
             }
         }
+        // BEGIN android-added
+        long end = System.currentTimeMillis();
+        long duration = end - start;
+        logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
+        // END android-added
 
         return new BigInteger[] { p, q };
     }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2013-05-25 02:14:15.000000000 +0000
@@ -4,7 +4,9 @@
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAValidationParameters;
@@ -31,7 +33,9 @@
 
     public DSAParametersGenerator()
     {
-        this(new SHA1Digest());
+        // BEGIN android-changed
+        this(AndroidDigestFactory.getSHA1());
+        // END android-changed
     }
 
     public DSAParametersGenerator(Digest digest)
@@ -122,7 +126,9 @@
         int             n = (L - 1) / 160;
         byte[]          w = new byte[L / 8];
 
-        if (!(digest instanceof SHA1Digest))
+        // BEGIN android-changed
+        if (!(digest.getAlgorithmName().equals("SHA-1")))
+        // END android-changed
         {
             throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters");
         }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2012-09-17 23:04:47.000000000 +0000
@@ -3,7 +3,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.MD5Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
@@ -17,7 +19,9 @@
 public class OpenSSLPBEParametersGenerator
     extends PBEParametersGenerator
 {
-    private Digest  digest = new MD5Digest();
+    // BEGIN android-changed
+    private Digest  digest = AndroidDigestFactory.getMD5();
+    // END android-changed
 
     /**
      * Construct a OpenSSL Parameters generator. 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2013-05-25 02:14:15.000000000 +0000
@@ -4,7 +4,9 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.SHA1Digest;
+// BEGIN android-changed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-changed
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -28,7 +30,9 @@
      */
     public PKCS5S2ParametersGenerator()
     {
-        this(new SHA1Digest());
+        // BEGIN android-changed
+        this(AndroidDigestFactory.getSHA1());
+        // END android-changed
     }
 
     public PKCS5S2ParametersGenerator(Digest digest)
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/macs/HMac.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/macs/HMac.java	2013-05-25 02:14:15.000000000 +0000
@@ -36,23 +36,31 @@
     {
         blockLengths = new Hashtable();
         
-        blockLengths.put("GOST3411", Integers.valueOf(32));
-        
-        blockLengths.put("MD2", Integers.valueOf(16));
-        blockLengths.put("MD4", Integers.valueOf(64));
+        // BEGIN android-removed
+        // blockLengths.put("GOST3411", Integers.valueOf(32));
+        //
+        // blockLengths.put("MD2", Integers.valueOf(16));
+        // blockLengths.put("MD4", Integers.valueOf(64));
+        // END android-removed
         blockLengths.put("MD5", Integers.valueOf(64));
         
-        blockLengths.put("RIPEMD128", Integers.valueOf(64));
-        blockLengths.put("RIPEMD160", Integers.valueOf(64));
+        // BEGIN android-removed
+        // blockLengths.put("RIPEMD128", Integers.valueOf(64));
+        // blockLengths.put("RIPEMD160", Integers.valueOf(64));
+        // END android-removed
         
         blockLengths.put("SHA-1", Integers.valueOf(64));
-        blockLengths.put("SHA-224", Integers.valueOf(64));
+        // BEGIN android-removed
+        // blockLengths.put("SHA-224", Integers.valueOf(64));
+        // END android-removed
         blockLengths.put("SHA-256", Integers.valueOf(64));
         blockLengths.put("SHA-384", Integers.valueOf(128));
         blockLengths.put("SHA-512", Integers.valueOf(128));
         
-        blockLengths.put("Tiger", Integers.valueOf(64));
-        blockLengths.put("Whirlpool", Integers.valueOf(64));
+        // BEGIN android-removed
+        // blockLengths.put("Tiger", Integers.valueOf(64));
+        // blockLengths.put("Whirlpool", Integers.valueOf(64));
+        // END android-removed
     }
     
     private static int getByteLength(
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/signers/RSADigestSigner.java	2012-09-17 23:04:47.000000000 +0000
@@ -39,18 +39,24 @@
      */
     static
     {
-        oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
-        oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
-        oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
+        // BEGIN android-removed
+        // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
+        // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
+        // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
+        // END android-removed
 
         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
-        oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // BEGIN android-removed
+        // oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // END android-removed
         oidMap.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         oidMap.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         oidMap.put("SHA-512", NISTObjectIdentifiers.id_sha512);
 
-        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        // BEGIN android-removed
+        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        // END android-removed
         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
     }
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2013-01-31 02:26:40.000000000 +0000
@@ -11,7 +11,9 @@
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -19,7 +21,9 @@
 import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
 import org.bouncycastle.asn1.sec.ECPrivateKey;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
@@ -33,8 +37,10 @@
 import org.bouncycastle.crypto.params.DSAPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
+// END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
 /**
@@ -100,14 +106,16 @@
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
-            ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-
-            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
+        // BEGIN android-removed
+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        // {
+        //     ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+        //     ASN1Integer = (ASN1Integer)keyInfo.parsePrivateKey();
+        //
+        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
+        // }
+        // END android-removed
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
@@ -140,10 +148,12 @@
                     {
                         x9 = NISTNamedCurves.getByOID(oid);
 
-                        if (x9 == null)
-                        {
-                            x9 = TeleTrusTNamedCurves.getByOID(oid);
-                        }
+                        // BEGIN android-removed
+                        // if (x9 == null)
+                        // {
+                        //     x9 = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
                     }
                 }
             }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/crypto/util/PublicKeyFactory.java	2013-01-31 02:26:40.000000000 +0000
@@ -13,13 +13,17 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
+// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSAPublicKey;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DSAParameter;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -40,8 +44,10 @@
 import org.bouncycastle.crypto.params.DSAPublicKeyParameters;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.ElGamalParameters;
-import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ElGamalParameters;
+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
+// END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
 /**
@@ -135,14 +141,16 @@
 
             return new DHPublicKeyParameters(derY.getValue(), dhParams);
         }
-        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
-            ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
-
-            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-                params.getP(), params.getG()));
-        }
+        // BEGIN android-removed
+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        // {
+        //     ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+        //     ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
+        //
+        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+        //         params.getP(), params.getG()));
+        // }
+        // END android-removed
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {
@@ -177,10 +185,12 @@
                     {
                         x9 = NISTNamedCurves.getByOID(oid);
 
-                        if (x9 == null)
-                        {
-                            x9 = TeleTrusTNamedCurves.getByOID(oid);
-                        }
+                        // BEGIN android-removed
+                        // if (x9 == null)
+                        // {
+                        //     x9 = TeleTrusTNamedCurves.getByOID(oid);
+                        // }
+                        // END android-removed
                     }
                 }
             }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DH.java	2013-05-25 02:14:15.000000000 +0000
@@ -32,10 +32,12 @@
 
             provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi");
             
-            provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
-            provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES");
-            provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES");
-            provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
+            // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES");
+            // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES");
+            // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2013-01-31 02:26:40.000000000 +0000
@@ -27,33 +27,43 @@
             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
 
-            provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
+            // BEGIN android-changed
+            provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
+            // END android-changed
             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
 
             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
 
-            addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
-            addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-
-            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA");
-            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA");
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
+            // addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
+            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
+            // END android-removed
+
+            // BEGIN android-added
+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            // END android-added
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
 
-            provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
+            provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
+            // END android-changed
 
             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
 
             for (int i = 0; i != DSAUtil.dsaOids.length; i++)
             {
-                provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA");
+                // BEGIN android-changed
+                provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA");
+                // END android-changed
 
                 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
                 registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA");
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2013-05-25 02:14:15.000000000 +0000
@@ -1,7 +1,9 @@
 package org.bouncycastle.jcajce.provider.asymmetric;
 
-import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -21,39 +23,49 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
-            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-            provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+            // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
+            // END android-removed
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
             // TODO Should this be an alias for ECDH?
             registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            // TODO Should this be an alias for ECDH?
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+            // BEGIN android-removed
+            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+            // END android-removed
+
+            // BEGIN android-removed
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
+            // // TODO Should this be an alias for ECDH?
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+            // END android-removed
 
             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
-            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
-            provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
+            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
+            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+            // END android-removed
 
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
-            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-            
-            provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
-            provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES");
-            provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES");
-            provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
-            provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
+            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
+            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
+            //
+            // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
+            // provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES");
+            // provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES");
+            // provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
+            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
+            // END android-removed
 
             provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
@@ -65,25 +77,31 @@
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
-            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-
-            addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
+            // END android-removed
+
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
+            // END android-removed
             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-
-            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-
-            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-            addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-            addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+            // BEGIN android-removed
+            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+            //
+            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
+            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
+            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
+            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
+            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
+            //
+            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+            // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2013-01-31 02:26:40.000000000 +0000
@@ -3,7 +3,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -24,41 +26,49 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
-            provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            // END android-removed
 
             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
-            provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding");
-            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
+            // END android-changed
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
+            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
+            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
+            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            // END android-removed
 
             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
@@ -68,101 +78,113 @@
             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
-            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-
-
-            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-
-            provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-            provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-            provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-            provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-
-            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-
-            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-
-
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
-
-            if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            {
-                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "MD4"))
-            {
-                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-            }
+            // BEGIN android-removed
+            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
+            //
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
+            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
+            //
+            //
+            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            //
+            // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
+            //
+            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
+            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
+            //
+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
+            //
+            //
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
+            // {
+            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
+            // }
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
+            // {
+            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
+            // }
+            // END android-removed
 
             if (provider.hasAlgorithm("MessageDigest", "MD5"))
             {
                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
-                provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-                provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
+                // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
+                // END android-removed
             }
 
             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
             {
-                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-                provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
+                // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
+                // END android-removed
 
                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
 
-                provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
-                provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
+                // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
+                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
             }
 
-            addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+            // BEGIN android-removed
+            // addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+            // END android-removed
             addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
 
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-            {
-                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-            {
-                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-            }
-
-            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
-            {
-                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
-            }
+            // BEGIN android-removed
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+            //     addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+            // }
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+            //     addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
+            //     provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+            // }
+            //
+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
+            // {
+            //     addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+            //     addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
+            // }
+            // END android-removed
         }
 
         private void addDigestSignature(
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2012-09-17 23:04:47.000000000 +0000
@@ -18,8 +18,10 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
-            provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
+            // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
+            // END android-removed
 
             //
             // certificate factories.
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2013-05-25 02:14:15.000000000 +0000
@@ -23,11 +23,16 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 
 public class DSASigner
@@ -216,45 +221,49 @@
     {
         public stdDSA()
         {
-            super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
+            // END android-changed
         }
     }
 
-    static public class dsa224
-        extends DSASigner
-    {
-        public dsa224()
-        {
-            super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa256
-        extends DSASigner
-    {
-        public dsa256()
-        {
-            super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa384
-        extends DSASigner
-    {
-        public dsa384()
-        {
-            super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
-    
-    static public class dsa512
-        extends DSASigner
-    {
-        public dsa512()
-        {
-            super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-        }
-    }
+    // BEGIN android-removed
+    // static public class dsa224
+    //     extends DSASigner
+    // {
+    //     public dsa224()
+    //     {
+    //         super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa256
+    //     extends DSASigner
+    // {
+    //     public dsa256()
+    //     {
+    //         super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa384
+    //     extends DSASigner
+    // {
+    //     public dsa384()
+    //     {
+    //         super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    //
+    // static public class dsa512
+    //     extends DSASigner
+    // {
+    //     public dsa512()
+    //     {
+    //         super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
+    //     }
+    // }
+    // END android-removed
 
     static public class noneDSA
         extends DSASigner
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/BCECPrivateKey.java	2013-05-25 02:14:15.000000000 +0000
@@ -19,8 +19,10 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
@@ -224,21 +226,23 @@
             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
 
-            if (ecP == null) // GOST Curve
-            {
-                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-
-                ecSpec = new ECNamedCurveSpec(
-                        ECGOST3410NamedCurves.getName(oid),
-                        ellipticCurve,
-                        new ECPoint(
-                                gParam.getG().getX().toBigInteger(),
-                                gParam.getG().getY().toBigInteger()),
-                        gParam.getN(),
-                        gParam.getH());
-            }
-            else
+            // BEGIN android-removed
+            // if (ecP == null) // GOST Curve
+            // {
+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+            //
+            //     ecSpec = new ECNamedCurveSpec(
+            //             ECGOST3410NamedCurves.getName(oid),
+            //             ellipticCurve,
+            //             new ECPoint(
+            //                     gParam.getG().getX().toBigInteger(),
+            //                     gParam.getG().getY().toBigInteger()),
+            //             gParam.getN(),
+            //             gParam.getH());
+            // }
+            // else
+            // END android-removed
             {
                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
 
@@ -352,11 +356,13 @@
 
         try
         {
-            if (algorithm.equals("ECGOST3410"))
-            {
-                info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-            }
-            else
+            // BEGIN android-removed
+            // if (algorithm.equals("ECGOST3410"))
+            // {
+            //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
+            // }
+            // else
+            // END android-removed
             {
 
                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2013-05-25 02:14:15.000000000 +0000
@@ -23,21 +23,27 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
-import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
-import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
-import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
+// END android-removed
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-import org.bouncycastle.crypto.params.MQVPrivateParameters;
-import org.bouncycastle.crypto.params.MQVPublicParameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.MQVPrivateParameters;
+// import org.bouncycastle.crypto.params.MQVPublicParameters;
+// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
-import org.bouncycastle.jce.interfaces.MQVPrivateKey;
-import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// BEGIN android-removed
+// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
+// import org.bouncycastle.jce.interfaces.MQVPublicKey;
+// END android-removed
 import org.bouncycastle.util.Integers;
 
 /**
@@ -71,7 +77,9 @@
     private BigInteger             result;
     private ECDomainParameters     parameters;
     private BasicAgreement         agreement;
-    private DerivationFunction     kdf;
+    // BEGIN android-removed
+    // private DerivationFunction     kdf;
+    // END android-removed
 
     private byte[] bigIntToBytes(
         BigInteger    r)
@@ -86,7 +94,9 @@
     {
         this.kaAlgorithm = kaAlgorithm;
         this.agreement = agreement;
-        this.kdf = kdf;
+        // BEGIN android-removed
+        // this.kdf = kdf;
+        // END android-removed
     }
 
     protected Key engineDoPhase(
@@ -105,25 +115,27 @@
         }
 
         CipherParameters pubKey;        
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPublicKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPublicKey.class) + " for doPhase");
-            }
-
-            MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-            ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-            ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-                ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-
-            pubKey = new MQVPublicParameters(staticKey, ephemKey);
-
-            // TODO Validate that all the keys are using the same parameters?
-        }
-        else
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPublicKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPublicKey.class) + " for doPhase");
+        //     }
+        //
+        //     MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+        //     ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+        //     ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+        //
+        //     pubKey = new MQVPublicParameters(staticKey, ephemKey);
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        // }
+        // else
+        // END android-removed
         {
             if (!(key instanceof PublicKey))
             {
@@ -144,11 +156,13 @@
     protected byte[] engineGenerateSecret()
         throws IllegalStateException
     {
-        if (kdf != null)
-        {
-            throw new UnsupportedOperationException(
-                "KDF can only be used when algorithm is known");
-        }
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     throw new UnsupportedOperationException(
+        //         "KDF can only be used when algorithm is known");
+        // }
+        // END android-removed
 
         return bigIntToBytes(result);
     }
@@ -176,23 +190,25 @@
     {
         byte[] secret = bigIntToBytes(result);
 
-        if (kdf != null)
-        {
-            if (!algorithms.containsKey(algorithm))
-            {
-                throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
-            }
-            
-            int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
-
-            DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
-
-            byte[] keyBytes = new byte[keySize / 8];
-            kdf.init(params);
-            kdf.generateBytes(keyBytes, 0, keyBytes.length);
-            secret = keyBytes;
-        }
-        else
+        // BEGIN android-removed
+        // if (kdf != null)
+        // {
+        //     if (!algorithms.containsKey(algorithm))
+        //     {
+        //         throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
+        //     }
+        //  
+        //     int    keySize = ((Integer)algorithms.get(algorithm)).intValue();
+        //
+        //     DHKDFParameters params = new DHKDFParameters(new DERObjectIdentifier(algorithm), keySize, secret);
+        //
+        //     byte[] keyBytes = new byte[keySize / 8];
+        //     kdf.init(params);
+        //     kdf.generateBytes(keyBytes, 0, keyBytes.length);
+        //     secret = keyBytes;
+        // }
+        // else
+        // END android-removed
         {
             // TODO Should we be ensuring the key is the right length?
         }
@@ -206,6 +222,12 @@
         SecureRandom            random) 
         throws InvalidKeyException, InvalidAlgorithmParameterException
     {
+        // BEGIN android-added
+        if (params != null)
+        {
+            throw new InvalidAlgorithmParameterException("No algorithm parameters supported");
+        }
+        // END android-added
         initFromKey(key);
     }
 
@@ -220,35 +242,37 @@
     private void initFromKey(Key key)
         throws InvalidKeyException
     {
-        if (agreement instanceof ECMQVBasicAgreement)
-        {
-            if (!(key instanceof MQVPrivateKey))
-            {
-                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-                    + getSimpleName(MQVPrivateKey.class) + " for initialisation");
-            }
-
-            MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-            ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-            ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
-                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-
-            ECPublicKeyParameters ephemPubKey = null;
-            if (mqvPrivKey.getEphemeralPublicKey() != null)
-            {
-                ephemPubKey = (ECPublicKeyParameters)
-                    ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-            }
-
-            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-            this.parameters = staticPrivKey.getParameters();
-
-            // TODO Validate that all the keys are using the same parameters?
-
-            agreement.init(localParams);
-        }
-        else
+        // BEGIN android-removed
+        // if (agreement instanceof ECMQVBasicAgreement)
+        // {
+        //     if (!(key instanceof MQVPrivateKey))
+        //     {
+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+        //             + getSimpleName(MQVPrivateKey.class) + " for initialisation");
+        //     }
+        //
+        //     MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+        //     ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+        //     ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+        //
+        //     ECPublicKeyParameters ephemPubKey = null;
+        //     if (mqvPrivKey.getEphemeralPublicKey() != null)
+        //     {
+        //         ephemPubKey = (ECPublicKeyParameters)
+        //             ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+        //     }
+        //
+        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+        //     this.parameters = staticPrivKey.getParameters();
+        //
+        //     // TODO Validate that all the keys are using the same parameters?
+        //
+        //     agreement.init(localParams);
+        // }
+        // else
+        // END android-removed
         {
             if (!(key instanceof PrivateKey))
             {
@@ -279,39 +303,41 @@
         }
     }
 
-    public static class DHC
-        extends KeyAgreementSpi
-    {
-        public DHC()
-        {
-            super("ECDHC", new ECDHCBasicAgreement(), null);
-        }
-    }
-
-    public static class MQV
-        extends KeyAgreementSpi
-    {
-        public MQV()
-        {
-            super("ECMQV", new ECMQVBasicAgreement(), null);
-        }
-    }
-
-    public static class DHwithSHA1KDF
-        extends KeyAgreementSpi
-    {
-        public DHwithSHA1KDF()
-        {
-            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
-
-    public static class MQVwithSHA1KDF
-        extends KeyAgreementSpi
-    {
-        public MQVwithSHA1KDF()
-        {
-            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class DHC
+    //     extends KeyAgreementSpi
+    // {
+    //     public DHC()
+    //     {
+    //         super("ECDHC", new ECDHCBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class MQV
+    //     extends KeyAgreementSpi
+    // {
+    //     public MQV()
+    //     {
+    //         super("ECMQV", new ECMQVBasicAgreement(), null);
+    //     }
+    // }
+    //
+    // public static class DHwithSHA1KDF
+    //     extends KeyAgreementSpi
+    // {
+    //     public DHwithSHA1KDF()
+    //     {
+    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    //
+    // public static class MQVwithSHA1KDF
+    //     extends KeyAgreementSpi
+    // {
+    //     public MQVwithSHA1KDF()
+    //     {
+    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2013-05-25 02:14:15.000000000 +0000
@@ -201,14 +201,16 @@
         }
     }
 
-    public static class ECGOST3410
-        extends KeyFactorySpi
-    {
-        public ECGOST3410()
-        {
-            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-        }
-    }
+    // BEGIN android-removed
+    // public static class ECGOST3410
+    //     extends KeyFactorySpi
+    // {
+    //     public ECGOST3410()
+    //     {
+    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
+    //     }
+    // }
+    // END android-removed
 
     public static class ECDH
         extends KeyFactorySpi
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2013-05-25 02:14:15.000000000 +0000
@@ -12,7 +12,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x9.X962NamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
@@ -87,7 +89,13 @@
             SecureRandom    random)
         {
             this.strength = strength;
+            // BEGIN android-added
+            if (random != null) {
+            // END android-added
             this.random = random;
+            // BEGIN android-added
+            }
+            // END android-added
             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
 
             if (ecParams != null)
@@ -112,6 +120,11 @@
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
+            // BEGIN android-added
+            if (random == null) {
+                random = this.random;
+            }
+            // END android-added
             if (params instanceof ECParameterSpec)
             {
                 ECParameterSpec p = (ECParameterSpec)params;
@@ -156,10 +169,12 @@
                     {
                         ecP = NISTNamedCurves.getByName(curveName);
                     }
-                    if (ecP == null)
-                    {
-                        ecP = TeleTrusTNamedCurves.getByName(curveName);
-                    }
+                    // BEGIN android-removed
+                    // if (ecP == null)
+                    // {
+                    //     ecP = TeleTrusTNamedCurves.getByName(curveName);
+                    // }
+                    // END android-removed
                     if (ecP == null)
                     {
                         // See if it's actually an OID string (SunJSSE ServerHandshaker setupEphemeralECDHKeys bug)
@@ -175,10 +190,12 @@
                             {
                                 ecP = NISTNamedCurves.getByOID(oid);
                             }
-                            if (ecP == null)
-                            {
-                                ecP = TeleTrusTNamedCurves.getByOID(oid);
-                            }
+                            // BEGIN android-removed
+                            // if (ecP == null)
+                            // {
+                            //     ecP = TeleTrusTNamedCurves.getByOID(oid);
+                            // }
+                            // END android-removed
                             if (ecP == null)
                             {
                                 throw new InvalidAlgorithmParameterException("unknown curve OID: " + curveName);
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2013-05-25 02:14:15.000000000 +0000
@@ -16,15 +16,22 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-import org.bouncycastle.crypto.signers.ECNRSigner;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.signers.ECNRSigner;
+// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
@@ -69,7 +76,9 @@
     {
         public ecDSA()
         {
-            super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -82,21 +91,25 @@
         }
     }
 
-    static public class ecDSA224
-        extends SignatureSpi
-    {
-        public ecDSA224()
-        {
-            super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
+    // BEGIN android-removed
+    // static public class ecDSA224
+    //     extends SignatureSpi
+    // {
+    //     public ecDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    // END android-removed
 
     static public class ecDSA256
         extends SignatureSpi
     {
         public ecDSA256()
         {
-            super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -105,7 +118,9 @@
     {
         public ecDSA384()
         {
-            super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
         }
     }
 
@@ -114,108 +129,112 @@
     {
         public ecDSA512()
         {
-            super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecDSARipeMD160
-        extends SignatureSpi
-    {
-        public ecDSARipeMD160()
-        {
-            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR
-        extends SignatureSpi
-    {
-        public ecNR()
-        {
-            super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR224
-        extends SignatureSpi
-    {
-        public ecNR224()
-        {
-            super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR256
-        extends SignatureSpi
-    {
-        public ecNR256()
-        {
-            super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR384
-        extends SignatureSpi
-    {
-        public ecNR384()
-        {
-            super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecNR512
-        extends SignatureSpi
-    {
-        public ecNR512()
-        {
-            super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA
-        extends SignatureSpi
-    {
-        public ecCVCDSA()
-        {
-            super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA224
-        extends SignatureSpi
-    {
-        public ecCVCDSA224()
-        {
-            super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA256
-        extends SignatureSpi
-    {
-        public ecCVCDSA256()
-        {
-            super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA384
-        extends SignatureSpi
-    {
-        public ecCVCDSA384()
-        {
-            super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
-
-    static public class ecCVCDSA512
-        extends SignatureSpi
-    {
-        public ecCVCDSA512()
-        {
-            super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder());
-        }
-    }
+            // BEGIN android-changed
+            super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
+            // END android-changed
+        }
+    }
+
+    // BEGIN android-removed
+    // static public class ecDSARipeMD160
+    //     extends SignatureSpi
+    // {
+    //     public ecDSARipeMD160()
+    //     {
+    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR
+    //     extends SignatureSpi
+    // {
+    //     public ecNR()
+    //     {
+    //         super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR224
+    //     extends SignatureSpi
+    // {
+    //     public ecNR224()
+    //     {
+    //         super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR256
+    //     extends SignatureSpi
+    // {
+    //     public ecNR256()
+    //     {
+    //         super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR384
+    //     extends SignatureSpi
+    // {
+    //     public ecNR384()
+    //     {
+    //         super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecNR512
+    //     extends SignatureSpi
+    // {
+    //     public ecNR512()
+    //     {
+    //         super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA()
+    //     {
+    //         super(new SHA1Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA224
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA224()
+    //     {
+    //         super(new SHA224Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA256
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA256()
+    //     {
+    //         super(new SHA256Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA384
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA384()
+    //     {
+    //         super(new SHA384Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    //
+    // static public class ecCVCDSA512
+    //     extends SignatureSpi
+    // {
+    //     public ecCVCDSA512()
+    //     {
+    //         super(new SHA512Digest(), new ECDSASigner(), new CVCDSAEncoder());
+    //     }
+    // }
+    // END android-removed
 
     private static class StdDSAEncoder
         implements DSAEncoder
@@ -309,4 +328,4 @@
             return sig;
         }
     }
-}
\ No newline at end of file
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2013-01-31 02:26:40.000000000 +0000
@@ -26,7 +26,9 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
+// END android-removed
 import org.bouncycastle.crypto.encodings.OAEPEncoding;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
@@ -197,10 +199,12 @@
         {
             cipher = new PKCS1Encoding(new RSABlindedEngine());
         }
-        else if (pad.equals("ISO9796-1PADDING"))
-        {
-            cipher = new ISO9796d1Encoding(new RSABlindedEngine());
-        }
+        // BEGIN android-removed
+        // else if (pad.equals("ISO9796-1PADDING"))
+        // {
+        //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
+        // }
+        // END android-removed
         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
@@ -213,10 +217,12 @@
         {
             initFromSpec(OAEPParameterSpec.DEFAULT);
         }
-        else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING"))
-        {
-            initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT));
-        }
+        // BEGIN android-removed
+        // else if (pad.equals("OAEPWITHSHA224ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-224ANDMGF1PADDING"))
+        // {
+        //     initFromSpec(new OAEPParameterSpec("SHA-224", "MGF1", new MGF1ParameterSpec("SHA-224"), PSource.PSpecified.DEFAULT));
+        // }
+        // END android-removed
         else if (pad.equals("OAEPWITHSHA256ANDMGF1PADDING") || pad.equals("OAEPWITHSHA-256ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
@@ -539,48 +545,50 @@
         }
     }
 
-    static public class PKCS1v1_5Padding
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding()
-        {
-            super(new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PrivateOnly
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding_PrivateOnly()
-        {
-            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class PKCS1v1_5Padding_PublicOnly
-        extends CipherSpi
-    {
-        public PKCS1v1_5Padding_PublicOnly()
-        {
-            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class OAEPPadding
-        extends CipherSpi
-    {
-        public OAEPPadding()
-        {
-            super(OAEPParameterSpec.DEFAULT);
-        }
-    }
-    
-    static public class ISO9796d1Padding
-        extends CipherSpi
-    {
-        public ISO9796d1Padding()
-        {
-            super(new ISO9796d1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class PKCS1v1_5Padding
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding()
+    //     {
+    //         super(new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class PKCS1v1_5Padding_PrivateOnly
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding_PrivateOnly()
+    //     {
+    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class PKCS1v1_5Padding_PublicOnly
+    //     extends CipherSpi
+    // {
+    //     public PKCS1v1_5Padding_PublicOnly()
+    //     {
+    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class OAEPPadding
+    //     extends CipherSpi
+    // {
+    //     public OAEPPadding()
+    //     {
+    //         super(OAEPParameterSpec.DEFAULT);
+    //     }
+    // }
+    //
+    // static public class ISO9796d1Padding
+    //     extends CipherSpi
+    // {
+    //     public ISO9796d1Padding()
+    //     {
+    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2012-09-17 23:04:47.000000000 +0000
@@ -17,24 +17,31 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DigestInfo;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD4Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.NullDigest;
-import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD4Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.NullDigest;
+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD256Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
 
@@ -261,25 +268,31 @@
     {
         public SHA1()
         {
-            super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class SHA224
-        extends DigestSignatureSpi
-    {
-        public SHA224()
-        {
-            super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class SHA224
+    //     extends DigestSignatureSpi
+    // {
+    //     public SHA224()
+    //     {
+    //         super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 
     static public class SHA256
         extends DigestSignatureSpi
     {
         public SHA256()
         {
-            super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
@@ -288,7 +301,9 @@
     {
         public SHA384()
         {
-            super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
@@ -297,70 +312,78 @@
     {
         public SHA512()
         {
-            super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class MD2
-        extends DigestSignatureSpi
-    {
-        public MD2()
-        {
-            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class MD4
-        extends DigestSignatureSpi
-    {
-        public MD4()
-        {
-            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class MD2
+    //     extends DigestSignatureSpi
+    // {
+    //     public MD2()
+    //     {
+    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class MD4
+    //     extends DigestSignatureSpi
+    // {
+    //     public MD4()
+    //     {
+    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 
     static public class MD5
         extends DigestSignatureSpi
     {
         public MD5()
         {
-            super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+            // BEGIN android-changed
+            super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
+            // END android-changed
         }
     }
 
-    static public class RIPEMD160
-        extends DigestSignatureSpi
-    {
-        public RIPEMD160()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD128
-        extends DigestSignatureSpi
-    {
-        public RIPEMD128()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class RIPEMD256
-        extends DigestSignatureSpi
-    {
-        public RIPEMD256()
-        {
-            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
-
-    static public class noneRSA
-        extends DigestSignatureSpi
-    {
-        public noneRSA()
-        {
-            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // static public class RIPEMD160
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD160()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class RIPEMD128
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD128()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class RIPEMD256
+    //     extends DigestSignatureSpi
+    // {
+    //     public RIPEMD256()
+    //     {
+    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    //
+    // static public class noneRSA
+    //     extends DigestSignatureSpi
+    // {
+    //     public noneRSA()
+    //     {
+    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2012-09-17 23:04:47.000000000 +0000
@@ -18,8 +18,10 @@
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -37,8 +39,10 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class
+                                        // END android-removed
                                     };
 
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java	2013-05-25 02:14:15.000000000 +0000
@@ -5,11 +5,15 @@
 import java.security.PublicKey;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
 import org.bouncycastle.asn1.x9.X9ECParameters;
@@ -225,14 +229,16 @@
             {
                 oid = NISTNamedCurves.getOID(name);
             }
-            if (oid == null)
-            {
-                oid = TeleTrusTNamedCurves.getOID(name);
-            }
-            if (oid == null)
-            {
-                oid = ECGOST3410NamedCurves.getOID(name);
-            }
+            // BEGIN android-removed
+            // if (oid == null)
+            // {
+            //     oid = TeleTrusTNamedCurves.getOID(name);
+            // }
+            // if (oid == null)
+            // {
+            //     oid = ECGOST3410NamedCurves.getOID(name);
+            // }
+            // END android-removed
         }
 
         return oid;
@@ -250,10 +256,12 @@
             {
                 params = NISTNamedCurves.getByOID(oid);
             }
-            if (params == null)
-            {
-                params = TeleTrusTNamedCurves.getByOID(oid);
-            }
+            // BEGIN android-removed
+            // if (params == null)
+            // {
+            //     params = TeleTrusTNamedCurves.getByOID(oid);
+            // }
+            // END android-removed
         }
 
         return params;
@@ -271,14 +279,16 @@
             {
                 name = NISTNamedCurves.getName(oid);
             }
-            if (name == null)
-            {
-                name = TeleTrusTNamedCurves.getName(oid);
-            }
-            if (name == null)
-            {
-                name = ECGOST3410NamedCurves.getName(oid);
-            }
+            // BEGIN android-removed
+            // if (name == null)
+            // {
+            //     name = TeleTrusTNamedCurves.getName(oid);
+            // }
+            // if (name == null)
+            // {
+            //     name = ECGOST3410NamedCurves.getName(oid);
+            // }
+            // END android-removed
         }
 
         return name;
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2013-02-21 00:01:31.000000000 +0000
@@ -36,7 +36,9 @@
 import org.bouncycastle.asn1.pkcs.SignedData;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.io.pem.PemObject;
-import org.bouncycastle.util.io.pem.PemWriter;
+// BEGIN android-removed
+// import org.bouncycastle.util.io.pem.PemWriter;
+// END android-removed
 
 /**
  * CertPath implementation for X.509 certificates.
@@ -51,7 +53,9 @@
     {
         List encodings = new ArrayList();
         encodings.add("PkiPath");
-        encodings.add("PEM");
+        // BEGIN android-removed
+        // encodings.add("PEM");
+        // END android-removed
         encodings.add("PKCS7");
         certPathEncodings = Collections.unmodifiableList(encodings);
     }
@@ -298,27 +302,29 @@
             return toDEREncoded(new ContentInfo(
                     PKCSObjectIdentifiers.signedData, sd));
         }
-        else if (encoding.equalsIgnoreCase("PEM"))
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-
-            try
-            {
-                for (int i = 0; i != certificates.size(); i++)
-                {
-                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-                }
-            
-                pWrt.close();
-            }
-            catch (Exception e)
-            {
-                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-            }
-
-            return bOut.toByteArray();
-        }
+        // BEGIN android-removed
+        // else if (encoding.equalsIgnoreCase("PEM"))
+        // {
+        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
+        //
+        //     try
+        //     {
+        //         for (int i = 0; i != certificates.size(); i++)
+        //         {
+        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
+        //         }
+        //
+        //         pWrt.close();
+        //     }
+        //     catch (Exception e)
+        //     {
+        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
+        //     }
+        //
+        //     return bOut.toByteArray();
+        // }
+        // END android-removed
         else
         {
             throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java	2013-05-25 02:14:15.000000000 +0000
@@ -57,6 +57,9 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
+// BEGIN android-added
+import org.bouncycastle.asn1.x509.X509Name;
+// END android-added
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -564,12 +567,20 @@
         }
     }
 
+    // BEGIN android-changed
+    private byte[] encoded;
+    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            return c.getEncoded(ASN1Encoding.DER);
+            // BEGIN android-changed
+            if (encoded == null) {
+                encoded = c.getEncoded(ASN1Encoding.DER);
+            }
+            return encoded;
+            // END android-changed
         }
         catch (IOException e)
         {
@@ -860,7 +871,9 @@
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
+                    // BEGIN android-changed
+                    list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
+                    // END android-changed
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java	2013-05-25 02:14:15.000000000 +0000
@@ -14,12 +14,16 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 
@@ -114,22 +118,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA256.java	2013-05-25 02:14:15.000000000 +0000
@@ -45,17 +45,19 @@
         }
     }
 
-    /**
-     * PBEWithHmacSHA
-     */
-    public static class PBEWithMacKeyFactory
-        extends PBESecretKeyFactory
-    {
-        public PBEWithMacKeyFactory()
-        {
-            super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithHmacSHA
+    //  */
+    // public static class PBEWithMacKeyFactory
+    //     extends PBESecretKeyFactory
+    // {
+    //     public PBEWithMacKeyFactory()
+    //     {
+    //         super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * HMACSHA256
@@ -84,9 +86,11 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
 
-            provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
+            // BEGIN android-removed
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
+            // END android-removed
 
             addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA384.java	2013-05-25 02:14:15.000000000 +0000
@@ -5,7 +5,9 @@
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.OldHMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.OldHMac;
+// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -57,14 +59,16 @@
         }
     }
 
-    public static class OldSHA384
-        extends BaseMac
-    {
-        public OldSHA384()
-        {
-            super(new OldHMac(new SHA384Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class OldSHA384
+    //     extends BaseMac
+    // {
+    //     public OldSHA384()
+    //     {
+    //         super(new OldHMac(new SHA384Digest()));
+    //     }
+    // }
+    // END android-removed
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -80,7 +84,9 @@
             provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest");
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
-            provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
+            // END android-removed
 
             addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/digest/SHA512.java	2013-05-25 02:14:15.000000000 +0000
@@ -4,9 +4,13 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA512Digest;
-import org.bouncycastle.crypto.digests.SHA512tDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.SHA512tDigest;
+// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.crypto.macs.OldHMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.OldHMac;
+// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -37,42 +41,44 @@
         }
     }
 
-    static public class DigestT
-        extends BCMessageDigest
-        implements Cloneable
-    {
-        public DigestT(int bitLength)
-        {
-            super(new SHA512tDigest(bitLength));
-        }
-
-        public Object clone()
-            throws CloneNotSupportedException
-        {
-            DigestT d = (DigestT)super.clone();
-            d.digest = new SHA512tDigest((SHA512tDigest)digest);
-
-            return d;
-        }
-    }
-
-    static public class DigestT224
-        extends DigestT
-    {
-        public DigestT224()
-        {
-            super(224);
-        }
-    }
-
-    static public class DigestT256
-        extends DigestT
-    {
-        public DigestT256()
-        {
-            super(256);
-        }
-    }
+    // BEGIN android-removed
+    // static public class DigestT
+    //     extends BCMessageDigest
+    //     implements Cloneable
+    // {
+    //     public DigestT(int bitLength)
+    //     {
+    //         super(new SHA512tDigest(bitLength));
+    //     }
+    //
+    //     public Object clone()
+    //         throws CloneNotSupportedException
+    //     {
+    //         DigestT d = (DigestT)super.clone();
+    //         d.digest = new SHA512tDigest((SHA512tDigest)digest);
+    //
+    //         return d;
+    //     }
+    // }
+    //
+    // static public class DigestT224
+    //     extends DigestT
+    // {
+    //     public DigestT224()
+    //     {
+    //         super(224);
+    //     }
+    // }
+    //
+    // static public class DigestT256
+    //     extends DigestT
+    // {
+    //     public DigestT256()
+    //     {
+    //         super(256);
+    //     }
+    // }
+    // END android-removed
 
     public static class HashMac
         extends BaseMac
@@ -83,35 +89,37 @@
         }
     }
 
-    public static class HashMacT224
-        extends BaseMac
-    {
-        public HashMacT224()
-        {
-            super(new HMac(new SHA512tDigest(224)));
-        }
-    }
-
-    public static class HashMacT256
-        extends BaseMac
-    {
-        public HashMacT256()
-        {
-            super(new HMac(new SHA512tDigest(256)));
-        }
-    }
-
-    /**
-     * SHA-512 HMac
-     */
-    public static class OldSHA512
-        extends BaseMac
-    {
-        public OldSHA512()
-        {
-            super(new OldHMac(new SHA512Digest()));
-        }
-    }
+    // BEGIN android-removed
+    // public static class HashMacT224
+    //     extends BaseMac
+    // {
+    //     public HashMacT224()
+    //     {
+    //         super(new HMac(new SHA512tDigest(224)));
+    //     }
+    // }
+    //
+    // public static class HashMacT256
+    //     extends BaseMac
+    // {
+    //     public HashMacT256()
+    //     {
+    //         super(new HMac(new SHA512tDigest(256)));
+    //     }
+    // }
+    //
+    // /**
+    //  * SHA-512 HMac
+    //  */
+    // public static class OldSHA512
+    //     extends BaseMac
+    // {
+    //     public OldSHA512()
+    //     {
+    //         super(new OldHMac(new SHA512Digest()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * HMACSHA512
@@ -125,23 +133,25 @@
         }
     }
 
-    public static class KeyGeneratorT224
-        extends BaseKeyGenerator
-    {
-        public KeyGeneratorT224()
-        {
-            super("HMACSHA512/224", 224, new CipherKeyGenerator());
-        }
-    }
-
-    public static class KeyGeneratorT256
-        extends BaseKeyGenerator
-    {
-        public KeyGeneratorT256()
-        {
-            super("HMACSHA512/256", 256, new CipherKeyGenerator());
-        }
-    }
+    // BEGIN android-removed
+    // public static class KeyGeneratorT224
+    //     extends BaseKeyGenerator
+    // {
+    //     public KeyGeneratorT224()
+    //     {
+    //         super("HMACSHA512/224", 224, new CipherKeyGenerator());
+    //     }
+    // }
+    //
+    // public static class KeyGeneratorT256
+    //     extends BaseKeyGenerator
+    // {
+    //     public KeyGeneratorT256()
+    //     {
+    //         super("HMACSHA512/256", 256, new CipherKeyGenerator());
+    //     }
+    // }
+    // END android-removed
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -158,21 +168,25 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
 
-            provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
-            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
-            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
-
-            provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
-            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
-            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
-
-            provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+            // BEGIN android-removed
+            // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
+            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
+            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
+            //
+            // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
+            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
+            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
+            //
+            // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+            // END android-removed
 
             addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
 
-            addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
-            addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
+            // BEGIN android-removed
+            // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
+            // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
+            // END android-removed
         }
     }
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/BC.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/BC.java	2013-05-25 02:14:15.000000000 +0000
@@ -17,7 +17,9 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std");
-            provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
+            // END android-removed
             provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore");
             provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle");
             provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/PKCS12.java	2013-05-25 02:14:15.000000000 +0000
@@ -17,14 +17,16 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-
-            provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
-    
-            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+            //
+            // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
+            //
+            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java	2013-05-25 02:14:15.000000000 +0000
@@ -1594,32 +1594,34 @@
         }
     }
 
-    public static class BCPKCS12KeyStore3DES
-        extends PKCS12KeyStoreSpi
-    {
-        public BCPKCS12KeyStore3DES()
-        {
-            super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore
-        extends PKCS12KeyStoreSpi
-    {
-        public DefPKCS12KeyStore()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-        }
-    }
-
-    public static class DefPKCS12KeyStore3DES
-        extends PKCS12KeyStoreSpi
-    {
-        public DefPKCS12KeyStore3DES()
-        {
-            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-        }
-    }
+    // BEGIN android-removed
+    // public static class BCPKCS12KeyStore3DES
+    //     extends PKCS12KeyStoreSpi
+    // {
+    //     public BCPKCS12KeyStore3DES()
+    //     {
+    //         super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+    //     }
+    // }
+    //
+    // public static class DefPKCS12KeyStore
+    //     extends PKCS12KeyStoreSpi
+    // {
+    //     public DefPKCS12KeyStore()
+    //     {
+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+    //     }
+    // }
+    //
+    // public static class DefPKCS12KeyStore3DES
+    //     extends PKCS12KeyStoreSpi
+    // {
+    //     public DefPKCS12KeyStore3DES()
+    //     {
+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+    //     }
+    // }
+    // END android-removed
 
     private static class IgnoresCaseHashtable
     {
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/AES.java	2013-05-25 02:14:15.000000000 +0000
@@ -1,11 +1,15 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
+// BEGIN android-removed
+// import java.security.AlgorithmParameters;
+// import java.security.InvalidAlgorithmParameterException;
+// END android-removed
 import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import java.security.spec.AlgorithmParameterSpec;
+//
+// import javax.crypto.spec.IvParameterSpec;
+// END android-removed
 
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -14,23 +18,31 @@
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.AESFastEngine;
 import org.bouncycastle.crypto.engines.AESWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.macs.GMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// import org.bouncycastle.crypto.macs.CMac;
+// import org.bouncycastle.crypto.macs.GMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
+// BEGIN android-removed
+// import org.bouncycastle.jce.provider.BouncyCastleProvider;
+// END android-removed
 
 public final class AES
 {
@@ -80,23 +92,25 @@
         }
     }
 
-    public static class AESCMAC
-        extends BaseMac
-    {
-        public AESCMAC()
-        {
-            super(new CMac(new AESFastEngine()));
-        }
-    }
-
-    public static class AESGMAC
-        extends BaseMac
-    {
-        public AESGMAC()
-        {
-            super(new GMac(new GCMBlockCipher(new AESFastEngine())));
-        }
-    }
+    // BEGIN android-removed
+    // public static class AESCMAC
+    //     extends BaseMac
+    // {
+    //     public AESCMAC()
+    //     {
+    //         super(new CMac(new AESFastEngine()));
+    //     }
+    // }
+    //
+    // public static class AESGMAC
+    //     extends BaseMac
+    // {
+    //     public AESGMAC()
+    //     {
+    //         super(new GMac(new GCMBlockCipher(new AESFastEngine())));
+    //     }
+    // }
+    // END android-removed
 
     static public class Wrap
         extends BaseWrapCipher
@@ -106,15 +120,17 @@
             super(new AESWrapEngine());
         }
     }
-
-    public static class RFC3211Wrap
-        extends BaseWrapCipher
-    {
-        public RFC3211Wrap()
-        {
-            super(new RFC3211WrapEngine(new AESFastEngine()), 16);
-        }
-    }
+    
+    // BEGIN android-removed
+    // public static class RFC3211Wrap
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211Wrap()
+    //     {
+    //         super(new RFC3211WrapEngine(new AESFastEngine()), 16);
+    //     }
+    // }
+    // END android-removed
 
     
     /**
@@ -143,32 +159,34 @@
         }
     }
 
-    public static class KeyGen128
-        extends KeyGen
-    {
-        public KeyGen128()
-        {
-            super(128);
-        }
-    }
-
-    public static class KeyGen192
-        extends KeyGen
-    {
-        public KeyGen192()
-        {
-            super(192);
-        }
-    }
-
-    public static class KeyGen256
-        extends KeyGen
-    {
-        public KeyGen256()
-        {
-            super(256);
-        }
-    }
+    // BEGIN android-removed
+    // public static class KeyGen128
+    //     extends KeyGen
+    // {
+    //     public KeyGen128()
+    //     {
+    //         super(128);
+    //     }
+    // }
+    //
+    // public static class KeyGen192
+    //     extends KeyGen
+    // {
+    //     public KeyGen192()
+    //     {
+    //         super(192);
+    //     }
+    // }
+    //
+    // public static class KeyGen256
+    //     extends KeyGen
+    // {
+    //     public KeyGen256()
+    //     {
+    //         super(256);
+    //     }
+    // }
+    // END android-removed
     
     /**
      * PBEWithSHA1And128BitAES-BC
@@ -278,43 +296,45 @@
         }
     }
     
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[16];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
+    // BEGIN android-removed
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[16];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("AES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 
     public static class AlgParams
         extends IvAlgorithmParameters
@@ -353,58 +373,66 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            // END android-removed
 
             provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
-            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            // END android-removed
             provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
-            provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            // END android-removed
 
             provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen");
-            provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
-            provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
-            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
-
-            provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
+            // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
+            //
+            // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            // END android-removed
             
             provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
             provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
@@ -483,7 +511,9 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
 
-            addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
+            // BEGIN android-removed
+            // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2013-05-25 02:14:15.000000000 +0000
@@ -29,7 +29,9 @@
     {
         public KeyGen()
         {
-            super("RC4", 128, new CipherKeyGenerator());
+            // BEGIN android-changed
+            super("ARC4", 128, new CipherKeyGenerator());
+            // END android-changed
         }
     }
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2012-09-17 23:04:47.000000000 +0000
@@ -64,7 +64,9 @@
         {
 
             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
+            // END android-removed
             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DES.java	2013-05-25 02:14:15.000000000 +0000
@@ -19,12 +19,16 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.CMac;
-import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.DESParameters;
@@ -66,17 +70,19 @@
         }
     }
 
-    /**
-     * DES   CFB8
-     */
-    public static class DESCFB8
-        extends BaseMac
-    {
-        public DESCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DES   CFB8
+    //  */
+    // public static class DESCFB8
+    //     extends BaseMac
+    // {
+    //     public DESCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESEngine()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * DES64
@@ -111,47 +117,49 @@
         }
     }
 
-    static public class CMAC
-        extends BaseMac
-    {
-        public CMAC()
-        {
-            super(new CMac(new DESEngine()));
-        }
-    }
-
-    /**
-     * DES9797Alg3with7816-4Padding
-     */
-    public static class DES9797Alg3with7816d4
-        extends BaseMac
-    {
-        public DES9797Alg3with7816d4()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-        }
-    }
-
-    /**
-     * DES9797Alg3
-     */
-    public static class DES9797Alg3
-        extends BaseMac
-    {
-        public DES9797Alg3()
-        {
-            super(new ISO9797Alg3Mac(new DESEngine()));
-        }
-    }
-
-    public static class RFC3211
-        extends BaseWrapCipher
-    {
-        public RFC3211()
-        {
-            super(new RFC3211WrapEngine(new DESEngine()), 8);
-        }
-    }
+    // BEGIN android-removed
+    // static public class CMAC
+    //     extends BaseMac
+    // {
+    //     public CMAC()
+    //     {
+    //         super(new CMac(new DESEngine()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES9797Alg3with7816-4Padding
+    //  */
+    // public static class DES9797Alg3with7816d4
+    //     extends BaseMac
+    // {
+    //     public DES9797Alg3with7816d4()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+    //     }
+    // }
+    //
+    // /**
+    //  * DES9797Alg3
+    //  */
+    // public static class DES9797Alg3
+    //     extends BaseMac
+    // {
+    //     public DES9797Alg3()
+    //     {
+    //         super(new ISO9797Alg3Mac(new DESEngine()));
+    //     }
+    // }
+    //
+    // public static class RFC3211
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211()
+    //     {
+    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
+    //     }
+    // }
+    // END android-removed
 
     public static class AlgParamGen
         extends BaseAlgorithmParameterGenerator
@@ -351,17 +359,19 @@
         }
     }
 
-    /**
-     * PBEWithMD2AndDES
-     */
-    static public class PBEWithMD2KeyFactory
-        extends DESPBEKeyFactory
-    {
-        public PBEWithMD2KeyFactory()
-        {
-            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithMD2AndDES
+    //  */
+    // static public class PBEWithMD2KeyFactory
+    //     extends DESPBEKeyFactory
+    // {
+    //     public PBEWithMD2KeyFactory()
+    //     {
+    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithMD5AndDES
@@ -387,17 +397,19 @@
         }
     }
 
-    /**
-     * PBEWithMD2AndDES
-     */
-    static public class PBEWithMD2
-        extends BaseBlockCipher
-    {
-        public PBEWithMD2()
-        {
-            super(new CBCBlockCipher(new DESEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithMD2AndDES
+    //  */
+    // static public class PBEWithMD2
+    //     extends BaseBlockCipher
+    // {
+    //     public PBEWithMD2()
+    //     {
+    //         super(new CBCBlockCipher(new DESEngine()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithMD5AndDES
@@ -437,61 +449,75 @@
         {
 
             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-
-            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-
-            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
+            //
+            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
+            //
+            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            // END android-removed
 
             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
 
             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
 
-            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-
-            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-
-            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-
-            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-
-            provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
-            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-
-            provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
-            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-            provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
-            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
+            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
+            //
+            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+            //
+            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
+            //
+            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
+            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            //
+            // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+            //
+            // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
+            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+            // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
+            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            // END android-removed
 
             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
-
-            provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
+            //
+            // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
+            // END android-removed
             provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5");
             provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1");
             
-            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+            // END android-removed
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
             
-            provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
+            // BEGIN android-removed
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
+            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory");
 
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
+            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
+            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
         }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2013-05-25 02:14:15.000000000 +0000
@@ -1,30 +1,42 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-import java.security.AlgorithmParameters;
-import java.security.InvalidAlgorithmParameterException;
+// BEGIN android-removed
+// import java.security.AlgorithmParameters;
+// import java.security.InvalidAlgorithmParameterException;
+// END android-removed
 import java.security.SecureRandom;
-import java.security.spec.AlgorithmParameterSpec;
+// BEGIN android-removed
+// import java.security.spec.AlgorithmParameterSpec;
+// END android-removed
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
-import javax.crypto.spec.IvParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.IvParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
+// END android-removed
 import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-import org.bouncycastle.crypto.macs.CMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -57,17 +69,19 @@
         }
     }
 
-    /**
-     * DESede   CFB8
-     */
-    public static class DESedeCFB8
-        extends BaseMac
-    {
-        public DESedeCFB8()
-        {
-            super(new CFBBlockCipherMac(new DESedeEngine()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DESede   CFB8
+    //  */
+    // public static class DESedeCFB8
+    //     extends BaseMac
+    // {
+    //     public DESedeCFB8()
+    //     {
+    //         super(new CFBBlockCipherMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * DESede64
@@ -102,15 +116,17 @@
         }
     }
 
-    static public class CMAC
-        extends BaseMac
-    {
-        public CMAC()
-        {
-            super(new CMac(new DESedeEngine()));
-        }
-    }
-
+    // BEGIN android-removed
+    // static public class CMAC
+    //     extends BaseMac
+    // {
+    //     public CMAC()
+    //     {
+    //         super(new CMac(new DESedeEngine()));
+    //     }
+    // }
+    // END android-removed
+    
     public static class Wrap
         extends BaseWrapCipher
     {
@@ -119,15 +135,17 @@
             super(new DESedeWrapEngine());
         }
     }
-
-    public static class RFC3211
-        extends BaseWrapCipher
-    {
-        public RFC3211()
-        {
-            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-        }
-    }
+    
+    // BEGIN android-removed
+    // public static class RFC3211
+    //     extends BaseWrapCipher
+    // {
+    //     public RFC3211()
+    //     {
+    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+    //     }
+    // }
+    // END android-removed
 
   /**
      * DESede - the default for this is to generate a key in
@@ -241,43 +259,45 @@
         }
     }
 
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom            random)
-            throws InvalidAlgorithmParameterException
-        {
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            byte[]  iv = new byte[8];
-
-            if (random == null)
-            {
-                random = new SecureRandom();
-            }
-
-            random.nextBytes(iv);
-
-            AlgorithmParameters params;
-
-            try
-            {
-                params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
-                params.init(new IvParameterSpec(iv));
-            }
-            catch (Exception e)
-            {
-                throw new RuntimeException(e.getMessage());
-            }
-
-            return params;
-        }
-    }
+    // BEGIN android-removed
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom            random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         byte[]  iv = new byte[8];
+    //
+    //         if (random == null)
+    //         {
+    //             random = new SecureRandom();
+    //         }
+    //
+    //         random.nextBytes(iv);
+    //
+    //         AlgorithmParameters params;
+    //
+    //         try
+    //         {
+    //             params = AlgorithmParameters.getInstance("DES", BouncyCastleProvider.PROVIDER_NAME);
+    //             params.init(new IvParameterSpec(iv));
+    //         }
+    //         catch (Exception e)
+    //         {
+    //             throw new RuntimeException(e.getMessage());
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    // END android-removed
 
     static public class KeyFactory
         extends BaseSecretKeyFactory
@@ -361,25 +381,37 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
+            // END android-removed
             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
-            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap");
-            provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
+            // BEGIN android-changed
+            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
+            // END android-changed
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
+            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
 
             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
-                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
-                provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
+                // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
+                // END android-removed
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
-                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
+                // BEGIN android-removed
+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
+                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
@@ -388,31 +420,37 @@
             }
 
             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
-            provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
-            provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
+            // BEGIN android-removed
+            // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
+            // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
+            // END android-removed
 
             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
 
-            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-
-            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-
-            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-
-            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
+            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            //
+            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            // END android-removed
 
             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
+            // END android-removed
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory");
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/RC2.java	2013-05-25 02:14:15.000000000 +0000
@@ -12,24 +12,34 @@
 
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
-import org.bouncycastle.crypto.CipherKeyGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
+// import org.bouncycastle.crypto.CipherKeyGenerator;
+// END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
-import org.bouncycastle.crypto.engines.RC2WrapEngine;
-import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
+// import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.util.Arrays;
+// BEGIN android-removed
+// import org.bouncycastle.util.Arrays;
+// END android-removed
 
 public final class RC2
 {
@@ -37,59 +47,61 @@
     {
     }
 
-    /**
-     * RC2
-     */
-    static public class ECB
-        extends BaseBlockCipher
-    {
-        public ECB()
-        {
-            super(new RC2Engine());
-        }
-    }
-
-    /**
-     * RC2CBC
-     */
-    static public class CBC
-        extends BaseBlockCipher
-    {
-        public CBC()
-        {
-            super(new CBCBlockCipher(new RC2Engine()), 64);
-        }
-    }
-
-    public static class Wrap
-        extends BaseWrapCipher
-    {
-        public Wrap()
-        {
-            super(new RC2WrapEngine());
-        }
-    }
-
-    /**
-     * RC2
-     */
-    public static class CBCMAC
-        extends BaseMac
-    {
-        public CBCMAC()
-        {
-            super(new CBCBlockCipherMac(new RC2Engine()));
-        }
-    }
-
-    public static class CFB8MAC
-        extends BaseMac
-    {
-        public CFB8MAC()
-        {
-            super(new CFBBlockCipherMac(new RC2Engine()));
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * RC2
+    //  */
+    // static public class ECB
+    //     extends BaseBlockCipher
+    // {
+    //     public ECB()
+    //     {
+    //         super(new RC2Engine());
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2CBC
+    //  */
+    // static public class CBC
+    //     extends BaseBlockCipher
+    // {
+    //     public CBC()
+    //     {
+    //         super(new CBCBlockCipher(new RC2Engine()), 64);
+    //     }
+    // }
+    //
+    // public static class Wrap
+    //     extends BaseWrapCipher
+    // {
+    //     public Wrap()
+    //     {
+    //         super(new RC2WrapEngine());
+    //     }
+    // }
+    //
+    // /**
+    //  * RC2
+    //  */
+    // public static class CBCMAC
+    //     extends BaseMac
+    // {
+    //     public CBCMAC()
+    //     {
+    //         super(new CBCBlockCipherMac(new RC2Engine()));
+    //     }
+    // }
+    //
+    // public static class CFB8MAC
+    //     extends BaseMac
+    // {
+    //     public CFB8MAC()
+    //     {
+    //         super(new CFBBlockCipherMac(new RC2Engine()));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithSHA1AndRC2
@@ -175,17 +187,19 @@
         }
     }
 
-    /**
-     * PBEWithMD2AndRC2
-     */
-    static public class PBEWithMD2KeyFactory
-        extends PBESecretKeyFactory
-    {
-        public PBEWithMD2KeyFactory()
-        {
-            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * PBEWithMD2AndRC2
+    //  */
+    // static public class PBEWithMD2KeyFactory
+    //     extends PBESecretKeyFactory
+    // {
+    //     public PBEWithMD2KeyFactory()
+    //     {
+    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
+    //     }
+    // }
+    // END android-removed
 
    /**
     * PBEWithMD5AndRC2
@@ -199,247 +213,249 @@
        }
    }
 
-    public static class AlgParamGen
-        extends BaseAlgorithmParameterGenerator
-    {
-        RC2ParameterSpec spec = null;
-
-        protected void engineInit(
-            AlgorithmParameterSpec genParamSpec,
-            SecureRandom random)
-            throws InvalidAlgorithmParameterException
-        {
-            if (genParamSpec instanceof RC2ParameterSpec)
-            {
-                spec = (RC2ParameterSpec)genParamSpec;
-                return;
-            }
-
-            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-        }
-
-        protected AlgorithmParameters engineGenerateParameters()
-        {
-            AlgorithmParameters params;
-
-            if (spec == null)
-            {
-                byte[] iv = new byte[8];
-
-                if (random == null)
-                {
-                    random = new SecureRandom();
-                }
-
-                random.nextBytes(iv);
-
-                try
-                {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
-                    params.init(new IvParameterSpec(iv));
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.getMessage());
-                }
-            }
-            else
-            {
-                try
-                {
-                    params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
-                    params.init(spec);
-                }
-                catch (Exception e)
-                {
-                    throw new RuntimeException(e.getMessage());
-                }
-            }
-
-            return params;
-        }
-    }
-
-    public static class KeyGenerator
-        extends BaseKeyGenerator
-    {
-        public KeyGenerator()
-        {
-            super("RC2", 128, new CipherKeyGenerator());
-        }
-    }
-
-    public static class AlgParams
-        extends BaseAlgorithmParameters
-    {
-        private static final short[] table = {
-            0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-            0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-            0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-            0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-            0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-            0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-            0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-            0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-            0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-            0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-            0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-            0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-            0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-            0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-            0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-            0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-        };
-
-        private static final short[] ekb = {
-            0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-            0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-            0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-            0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-            0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-            0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-            0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-            0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-            0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-            0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-            0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-            0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-            0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-            0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-            0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-            0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-        };
-
-        private byte[] iv;
-        private int parameterVersion = 58;
-
-        protected byte[] engineGetEncoded()
-        {
-            return Arrays.clone(iv);
-        }
-
-        protected byte[] engineGetEncoded(
-            String format)
-            throws IOException
-        {
-            if (this.isASN1FormatString(format))
-            {
-                if (parameterVersion == -1)
-                {
-                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-                }
-                else
-                {
-                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-                }
-            }
-
-            if (format.equals("RAW"))
-            {
-                return engineGetEncoded();
-            }
-
-            return null;
-        }
-
-        protected AlgorithmParameterSpec localEngineGetParameterSpec(
-            Class paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec == RC2ParameterSpec.class)
-            {
-                if (parameterVersion != -1)
-                {
-                    if (parameterVersion < 256)
-                    {
-                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
-                    }
-                    else
-                    {
-                        return new RC2ParameterSpec(parameterVersion, iv);
-                    }
-                }
-            }
-
-            if (paramSpec == IvParameterSpec.class)
-            {
-                return new IvParameterSpec(iv);
-            }
-
-            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-        }
-
-        protected void engineInit(
-            AlgorithmParameterSpec paramSpec)
-            throws InvalidParameterSpecException
-        {
-            if (paramSpec instanceof IvParameterSpec)
-            {
-                this.iv = ((IvParameterSpec)paramSpec).getIV();
-            }
-            else if (paramSpec instanceof RC2ParameterSpec)
-            {
-                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-                if (effKeyBits != -1)
-                {
-                    if (effKeyBits < 256)
-                    {
-                        parameterVersion = table[effKeyBits];
-                    }
-                    else
-                    {
-                        parameterVersion = effKeyBits;
-                    }
-                }
-
-                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-            }
-            else
-            {
-                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-            }
-        }
-
-        protected void engineInit(
-            byte[] params)
-            throws IOException
-        {
-            this.iv = Arrays.clone(params);
-        }
-
-        protected void engineInit(
-            byte[] params,
-            String format)
-            throws IOException
-        {
-            if (this.isASN1FormatString(format))
-            {
-                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
-
-                if (p.getRC2ParameterVersion() != null)
-                {
-                    parameterVersion = p.getRC2ParameterVersion().intValue();
-                }
-
-                iv = p.getIV();
-
-                return;
-            }
-
-            if (format.equals("RAW"))
-            {
-                engineInit(params);
-                return;
-            }
-
-            throw new IOException("Unknown parameters format in IV parameters object");
-        }
-
-        protected String engineToString()
-        {
-            return "RC2 Parameters";
-        }
-    }
+    // BEGIN android-removed
+    // public static class AlgParamGen
+    //     extends BaseAlgorithmParameterGenerator
+    // {
+    //     RC2ParameterSpec spec = null;
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec genParamSpec,
+    //         SecureRandom random)
+    //         throws InvalidAlgorithmParameterException
+    //     {
+    //         if (genParamSpec instanceof RC2ParameterSpec)
+    //         {
+    //             spec = (RC2ParameterSpec)genParamSpec;
+    //             return;
+    //         }
+    //
+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+    //     }
+    //
+    //     protected AlgorithmParameters engineGenerateParameters()
+    //     {
+    //         AlgorithmParameters params;
+    //
+    //         if (spec == null)
+    //         {
+    //             byte[] iv = new byte[8];
+    //
+    //             if (random == null)
+    //             {
+    //                 random = new SecureRandom();
+    //             }
+    //
+    //             random.nextBytes(iv);
+    //
+    //             try
+    //             {
+    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+    //                 params.init(new IvParameterSpec(iv));
+    //             }
+    //             catch (Exception e)
+    //             {
+    //                 throw new RuntimeException(e.getMessage());
+    //             }
+    //         }
+    //         else
+    //         {
+    //             try
+    //             {
+    //                 params = AlgorithmParameters.getInstance("RC2", BouncyCastleProvider.PROVIDER_NAME);
+    //                 params.init(spec);
+    //             }
+    //             catch (Exception e)
+    //             {
+    //                 throw new RuntimeException(e.getMessage());
+    //             }
+    //         }
+    //
+    //         return params;
+    //     }
+    // }
+    //
+    // public static class KeyGenerator
+    //     extends BaseKeyGenerator
+    // {
+    //     public KeyGenerator()
+    //     {
+    //         super("RC2", 128, new CipherKeyGenerator());
+    //     }
+    // }
+    //
+    // public static class AlgParams
+    //     extends BaseAlgorithmParameters
+    // {
+    //     private static final short[] table = {
+    //         0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+    //         0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+    //         0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+    //         0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+    //         0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+    //         0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+    //         0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+    //         0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+    //         0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+    //         0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+    //         0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+    //         0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+    //         0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+    //         0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+    //         0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+    //         0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
+    //     };
+    //
+    //     private static final short[] ekb = {
+    //         0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+    //         0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+    //         0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+    //         0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+    //         0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+    //         0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+    //         0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+    //         0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+    //         0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+    //         0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+    //         0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+    //         0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+    //         0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+    //         0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+    //         0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+    //         0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
+    //     };
+    //
+    //     private byte[] iv;
+    //     private int parameterVersion = 58;
+    //
+    //     protected byte[] engineGetEncoded()
+    //     {
+    //         return Arrays.clone(iv);
+    //     }
+    //
+    //     protected byte[] engineGetEncoded(
+    //         String format)
+    //         throws IOException
+    //     {
+    //         if (this.isASN1FormatString(format))
+    //         {
+    //             if (parameterVersion == -1)
+    //             {
+    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
+    //             }
+    //             else
+    //             {
+    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
+    //             }
+    //         }
+    //
+    //         if (format.equals("RAW"))
+    //         {
+    //             return engineGetEncoded();
+    //         }
+    //
+    //         return null;
+    //     }
+    //
+    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
+    //         Class paramSpec)
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (paramSpec == RC2ParameterSpec.class)
+    //         {
+    //             if (parameterVersion != -1)
+    //             {
+    //                 if (parameterVersion < 256)
+    //                 {
+    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
+    //                 }
+    //                 else
+    //                 {
+    //                     return new RC2ParameterSpec(parameterVersion, iv);
+    //                 }
+    //             }
+    //         }
+    //
+    //         if (paramSpec == IvParameterSpec.class)
+    //         {
+    //             return new IvParameterSpec(iv);
+    //         }
+    //
+    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
+    //     }
+    //
+    //     protected void engineInit(
+    //         AlgorithmParameterSpec paramSpec)
+    //         throws InvalidParameterSpecException
+    //     {
+    //         if (paramSpec instanceof IvParameterSpec)
+    //         {
+    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
+    //         }
+    //         else if (paramSpec instanceof RC2ParameterSpec)
+    //         {
+    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
+    //             if (effKeyBits != -1)
+    //             {
+    //                 if (effKeyBits < 256)
+    //                 {
+    //                     parameterVersion = table[effKeyBits];
+    //                 }
+    //                 else
+    //                 {
+    //                     parameterVersion = effKeyBits;
+    //                 }
+    //             }
+    //
+    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
+    //         }
+    //         else
+    //         {
+    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
+    //         }
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params)
+    //         throws IOException
+    //     {
+    //         this.iv = Arrays.clone(params);
+    //     }
+    //
+    //     protected void engineInit(
+    //         byte[] params,
+    //         String format)
+    //         throws IOException
+    //     {
+    //         if (this.isASN1FormatString(format))
+    //         {
+    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
+    //
+    //             if (p.getRC2ParameterVersion() != null)
+    //             {
+    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
+    //             }
+    //
+    //             iv = p.getIV();
+    //
+    //             return;
+    //         }
+    //
+    //         if (format.equals("RAW"))
+    //         {
+    //             engineInit(params);
+    //             return;
+    //         }
+    //
+    //         throw new IOException("Unknown parameters format in IV parameters object");
+    //     }
+    //
+    //     protected String engineToString()
+    //     {
+    //         return "RC2 Parameters";
+    //     }
+    // }
+    // END android-removed
 
     public static class Mappings
         extends AlgorithmProvider
@@ -453,32 +469,36 @@
         public void configure(ConfigurableProvider provider)
         {
 
-            provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
-            provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
-
-            provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
-            provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
-
-            provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
-            provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
-
-            provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
-            provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
-            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
-            provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC");
-
-            provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
-            provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
-            provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
-            provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+            // BEGIN android-removed
+            // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
+            // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
+            //
+            // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
+            // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
+            //
+            // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
+            // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
+            //
+            // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
+            // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
+            // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC");
+            //
+            // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
+            // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
+            // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
+            //
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
 
-            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
@@ -486,14 +506,18 @@
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
 
-            provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
+            // BEGIN android-removed
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
+            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory");
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory");
             
-            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java	2013-05-25 02:14:15.000000000 +0000
@@ -6,16 +6,18 @@
 abstract class SymmetricAlgorithmProvider
     extends AlgorithmProvider
 {
-    protected void addGMacAlgorithm(
-        ConfigurableProvider provider,
-        String algorithm,
-        String algorithmClassName,
-        String keyGeneratorClassName)
-    {
-        provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
-        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
-
-        provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
-        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
-    }
+    // BEGIN android-removed
+    // protected void addGMacAlgorithm(
+    //     ConfigurableProvider provider,
+    //     String algorithm,
+    //     String algorithmClassName,
+    //     String keyGeneratorClassName)
+    // {
+    //     provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
+    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
+    //
+    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
+    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/Twofish.java	2013-05-25 02:14:15.000000000 +0000
@@ -1,17 +1,25 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-import org.bouncycastle.crypto.BlockCipher;
-import org.bouncycastle.crypto.CipherKeyGenerator;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.BlockCipher;
+// import org.bouncycastle.crypto.CipherKeyGenerator;
+// END android-removed
 import org.bouncycastle.crypto.engines.TwofishEngine;
-import org.bouncycastle.crypto.macs.GMac;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.macs.GMac;
+// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-import org.bouncycastle.crypto.modes.GCMBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.GCMBlockCipher;
+// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
-import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
+// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
+// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
+// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public final class Twofish
@@ -20,38 +28,40 @@
     {
     }
 
-    public static class ECB
-        extends BaseBlockCipher
-    {
-        public ECB()
-        {
-            super(new BlockCipherProvider()
-            {
-                public BlockCipher get()
-                {
-                    return new TwofishEngine();
-                }
-            });
-        }
-    }
-
-    public static class KeyGen
-        extends BaseKeyGenerator
-    {
-        public KeyGen()
-        {
-            super("Twofish", 256, new CipherKeyGenerator());
-        }
-    }
-
-    public static class GMAC
-        extends BaseMac
-    {
-        public GMAC()
-        {
-            super(new GMac(new GCMBlockCipher(new TwofishEngine())));
-        }
-    }
+    // BEGIN android-removed
+    // public static class ECB
+    //     extends BaseBlockCipher
+    // {
+    //     public ECB()
+    //     {
+    //         super(new BlockCipherProvider()
+    //         {
+    //             public BlockCipher get()
+    //             {
+    //                 return new TwofishEngine();
+    //             }
+    //         });
+    //     }
+    // }
+    //
+    // public static class KeyGen
+    //     extends BaseKeyGenerator
+    // {
+    //     public KeyGen()
+    //     {
+    //         super("Twofish", 256, new CipherKeyGenerator());
+    //     }
+    // }
+    //
+    // public static class GMAC
+    //     extends BaseMac
+    // {
+    //     public GMAC()
+    //     {
+    //         super(new GMac(new GCMBlockCipher(new TwofishEngine())));
+    //     }
+    // }
+    // END android-removed
 
     /**
      * PBEWithSHAAndTwofish-CBC
@@ -77,14 +87,16 @@
         }
     }
 
-    public static class AlgParams
-        extends IvAlgorithmParameters
-    {
-        protected String engineToString()
-        {
-            return "Twofish IV";
-        }
-    }
+    // BEGIN android-removed
+    // public static class AlgParams
+    //     extends IvAlgorithmParameters
+    // {
+    //     protected String engineToString()
+    //     {
+    //         return "Twofish IV";
+    //     }
+    // }
+    // END android-removed
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -97,16 +109,20 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
-            provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
-            provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
+            // BEGIN android-removed
+            // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
+            // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
+            // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
+            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
             provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC",  PREFIX + "$PBEWithSHA");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory");
 
-            addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
+            // BEGIN android-removed
+            // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
+            // END android-removed
         }
     }
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2013-05-25 02:14:15.000000000 +0000
@@ -17,8 +17,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
@@ -31,13 +33,19 @@
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-import org.bouncycastle.crypto.modes.GOFBBlockCipher;
-import org.bouncycastle.crypto.modes.OCBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.GOFBBlockCipher;
+// import org.bouncycastle.crypto.modes.OCBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
-import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
+// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -49,11 +57,17 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.crypto.params.ParametersWithSBox;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.ParametersWithSBox;
+// END android-removed
 import org.bouncycastle.crypto.params.RC2Parameters;
-import org.bouncycastle.crypto.params.RC5Parameters;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.params.RC5Parameters;
+// END android-removed
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.GOST28147ParameterSpec;
+// END android-removed
 import org.bouncycastle.jce.spec.RepeatedSecretKeySpec;
 import org.bouncycastle.util.Strings;
 
@@ -66,11 +80,15 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        GOST28147ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // GOST28147ParameterSpec.class
+                                        // END android-removed
                                     };
 
     private BlockCipher             baseEngine;
@@ -235,20 +253,22 @@
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        else if (modeName.startsWith("PGP"))
-        {
-            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(
-                new PGPCFBBlockCipher(baseEngine, inlineIV));
-        }
-        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        {
-            ivLength = 0;
-            cipher = new BufferedGenericBlockCipher(
-                new OpenPGPCFBBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("PGP"))
+        // {
+        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
+        // }
+        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        // {
+        //     ivLength = 0;
+        //     cipher = new BufferedGenericBlockCipher(
+        //         new OpenPGPCFBBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("SIC"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -265,12 +285,14 @@
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        else if (modeName.startsWith("GOFB"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                        new GOFBBlockCipher(baseEngine)));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("GOFB"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+        //                 new GOFBBlockCipher(baseEngine)));
+        // }
+        // END android-removed
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -281,23 +303,25 @@
             ivLength = baseEngine.getBlockSize();
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        else if (modeName.startsWith("OCB"))
-        {
-            if (engineProvider != null)
-            {
-                ivLength = baseEngine.getBlockSize();
-                cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
-            }
-            else
-            {
-                throw new NoSuchAlgorithmException("can't support mode " + mode);
-            }
-        }
-        else if (modeName.startsWith("EAX"))
-        {
-            ivLength = baseEngine.getBlockSize();
-            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        }
+        // BEGIN android-removed
+        // else if (modeName.startsWith("OCB"))
+        // {
+        //     if (engineProvider != null)
+        //     {
+        //         ivLength = baseEngine.getBlockSize();
+        //         cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
+        //     }
+        //     else
+        //     {
+        //         throw new NoSuchAlgorithmException("can't support mode " + mode);
+        //     }
+        // }
+        // else if (modeName.startsWith("EAX"))
+        // {
+        //     ivLength = baseEngine.getBlockSize();
+        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+        // }
+        // END android-removed
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -471,63 +495,65 @@
                 param = new KeyParameter(key.getEncoded());
             }
         }
-        else if (params instanceof GOST28147ParameterSpec)
-        {
-            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-
-            param = new ParametersWithSBox(
-                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-
-            if (gost28147Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, gost28147Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC2ParameterSpec)
-        {
-            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-
-            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-
-            if (rc2Param.getIV() != null && ivLength != 0)
-            {
-                param = new ParametersWithIV(param, rc2Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
-        else if (params instanceof RC5ParameterSpec)
-        {
-            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-
-            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-            if (baseEngine.getAlgorithmName().startsWith("RC5"))
-            {
-                if (baseEngine.getAlgorithmName().equals("RC5-32"))
-                {
-                    if (rc5Param.getWordSize() != 32)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-                {
-                    if (rc5Param.getWordSize() != 64)
-                    {
-                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-                    }
-                }
-            }
-            else
-            {
-                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-            }
-            if ((rc5Param.getIV() != null) && (ivLength != 0))
-            {
-                param = new ParametersWithIV(param, rc5Param.getIV());
-                ivParam = (ParametersWithIV)param;
-            }
-        }
+        // BEGIN android-removed
+        // else if (params instanceof GOST28147ParameterSpec)
+        // {
+        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
+        //
+        //     param = new ParametersWithSBox(
+        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
+        //
+        //     if (gost28147Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, gost28147Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC2ParameterSpec)
+        // {
+        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
+        //
+        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
+        //
+        //     if (rc2Param.getIV() != null && ivLength != 0)
+        //     {
+        //         param = new ParametersWithIV(param, rc2Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // else if (params instanceof RC5ParameterSpec)
+        // {
+        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
+        //
+        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
+        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
+        //     {
+        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
+        //         {
+        //             if (rc5Param.getWordSize() != 32)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
+        //         {
+        //             if (rc5Param.getWordSize() != 64)
+        //             {
+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
+        //             }
+        //         }
+        //     }
+        //     else
+        //     {
+        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
+        //     }
+        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
+        //     {
+        //         param = new ParametersWithIV(param, rc5Param.getIV());
+        //         ivParam = (ParametersWithIV)param;
+        //     }
+        // }
+        // END android-removed
         else
         {
             throw new InvalidAlgorithmParameterException("unknown parameter type.");
@@ -761,7 +787,9 @@
     private boolean isAEADModeName(
         String modeName)
     {
-        return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName);
+        // BEGIN android-changed
+        return "CCM".equals(modeName) || "GCM".equals(modeName);
+        // END android-changed
     }
 
     /*
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2012-09-17 23:04:47.000000000 +0000
@@ -13,8 +13,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
@@ -34,8 +36,10 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2013-01-31 02:26:40.000000000 +0000
@@ -22,8 +22,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -45,8 +47,10 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class
+                                        // END android-removed
                                     };
 
     protected int                     pbeType = PKCS12;
@@ -258,6 +262,8 @@
         return null;
     }
 
+    // BEGIN android-changed
+    // added ShortBufferException to throws statement
     protected int engineDoFinal(
         byte[]  input,
         int     inputOffset,
@@ -268,6 +274,7 @@
     {
         return 0;
     }
+    // END android-changed
 
     protected byte[] engineWrap(
         Key     key)
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2013-05-25 02:14:15.000000000 +0000
@@ -7,13 +7,18 @@
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-import org.bouncycastle.crypto.digests.GOST3411Digest;
-import org.bouncycastle.crypto.digests.MD2Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.TigerDigest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.GOST3411Digest;
+// import org.bouncycastle.crypto.digests.MD2Digest;
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.TigerDigest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
@@ -29,11 +34,15 @@
     //
     static final int        MD5          = 0;
     static final int        SHA1         = 1;
-    static final int        RIPEMD160    = 2;
-    static final int        TIGER        = 3;
+    // BEGIN android-removed
+    // static final int        RIPEMD160    = 2;
+    // static final int        TIGER        = 3;
+    // END android-removed
     static final int        SHA256       = 4;
-    static final int        MD2          = 5;
-    static final int        GOST3411     = 6;
+    // BEGIN android-removed
+    // static final int        MD2          = 5;
+    // static final int        GOST3411     = 6;
+    // END android-removed
 
     static final int        PKCS5S1      = 0;
     static final int        PKCS5S2      = 1;
@@ -57,14 +66,20 @@
             {
                 switch (hash)
                 {
-                case MD2:
-                    generator = new PKCS5S1ParametersGenerator(new MD2Digest());
-                    break;
+                // BEGIN android-removed
+                // case MD2:
+                //     generator = new PKCS5S1ParametersGenerator(new MD2Digest());
+                //     break;
+                // END android-removed
                 case MD5:
-                    generator = new PKCS5S1ParametersGenerator(new MD5Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5());
+                    // END android-changed
                     break;
                 case SHA1:
-                    generator = new PKCS5S1ParametersGenerator(new SHA1Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1());
+                    // END android-changed
                     break;
                 default:
                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
@@ -78,27 +93,39 @@
             {
                 switch (hash)
                 {
-                case MD2:
-                    generator = new PKCS12ParametersGenerator(new MD2Digest());
-                    break;
+                // BEGIN android-removed
+                // case MD2:
+                //     generator = new PKCS12ParametersGenerator(new MD2Digest());
+                //     break;
+                // END android-removed
                 case MD5:
-                    generator = new PKCS12ParametersGenerator(new MD5Digest());
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5());
+                    // END android-changed
                     break;
                 case SHA1:
-                    generator = new PKCS12ParametersGenerator(new SHA1Digest());
-                    break;
-                case RIPEMD160:
-                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-                    break;
-                case TIGER:
-                    generator = new PKCS12ParametersGenerator(new TigerDigest());
-                    break;
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
+                    // END android-changed
+                    break;
+                // BEGIN android-removed
+                // case RIPEMD160:
+                //     generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
+                //     break;
+                // case TIGER:
+                //     generator = new PKCS12ParametersGenerator(new TigerDigest());
+                //     break;
+                // END android-removed
                 case SHA256:
-                    generator = new PKCS12ParametersGenerator(new SHA256Digest());
-                    break;
-                case GOST3411:
-                    generator = new PKCS12ParametersGenerator(new GOST3411Digest());
-                    break;
+                    // BEGIN android-changed
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
+                    // END android-changed
+                    break;
+                // BEGIN android-removed
+                // case GOST3411:
+                //     generator = new PKCS12ParametersGenerator(new GOST3411Digest());
+                //     break;
+                // END android-removed
                 default:
                     throw new IllegalStateException("unknown digest scheme for PBE encryption.");
                 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2012-09-17 23:04:47.000000000 +0000
@@ -10,19 +10,26 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-import org.bouncycastle.crypto.digests.MD5Digest;
-import org.bouncycastle.crypto.digests.SHA1Digest;
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.digests.MD5Digest;
+// import org.bouncycastle.crypto.digests.SHA1Digest;
+// import org.bouncycastle.crypto.digests.SHA224Digest;
+// import org.bouncycastle.crypto.digests.SHA256Digest;
+// import org.bouncycastle.crypto.digests.SHA384Digest;
+// import org.bouncycastle.crypto.digests.SHA512Digest;
+// END android-removed
+// BEGIN android-added
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END android-added
 import org.bouncycastle.util.Strings;
 
 public class DigestFactory
 {
     private static Set md5 = new HashSet();
     private static Set sha1 = new HashSet();
-    private static Set sha224 = new HashSet();
+    // BEGIN android-removed
+    // private static Set sha224 = new HashSet();
+    // END android-removed
     private static Set sha256 = new HashSet();
     private static Set sha384 = new HashSet();
     private static Set sha512 = new HashSet();
@@ -38,9 +45,11 @@
         sha1.add("SHA-1");
         sha1.add(OIWObjectIdentifiers.idSHA1.getId());
         
-        sha224.add("SHA224");
-        sha224.add("SHA-224");
-        sha224.add(NISTObjectIdentifiers.id_sha224.getId());
+        // BEGIN android-removed
+        // sha224.add("SHA224");
+        // sha224.add("SHA-224");
+        // sha224.add(NISTObjectIdentifiers.id_sha224.getId());
+        // END android-removed
         
         sha256.add("SHA256");
         sha256.add("SHA-256");
@@ -61,9 +70,11 @@
         oids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
         oids.put(OIWObjectIdentifiers.idSHA1.getId(), OIWObjectIdentifiers.idSHA1);
         
-        oids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        oids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-        oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224);
+        // BEGIN android-removed
+        // oids.put("SHA224", NISTObjectIdentifiers.id_sha224);
+        // oids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
+        // oids.put(NISTObjectIdentifiers.id_sha224.getId(), NISTObjectIdentifiers.id_sha224);
+        // END android-removed
         
         oids.put("SHA256", NISTObjectIdentifiers.id_sha256);
         oids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
@@ -85,27 +96,39 @@
         
         if (sha1.contains(digestName))
         {
-            return new SHA1Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA1();
+            // END android-changed
         }
         if (md5.contains(digestName))
         {
-            return new MD5Digest();
-        }
-        if (sha224.contains(digestName))
-        {
-            return new SHA224Digest();
-        }
+            // BEGIN android-changed
+            return AndroidDigestFactory.getMD5();
+            // END android-changed
+        }
+        // BEGIN android-removed
+        // if (sha224.contains(digestName))
+        // {
+        //     return new SHA224Digest();
+        // }
+        // END android-removed
         if (sha256.contains(digestName))
         {
-            return new SHA256Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA256();
+            // END android-changed
         }
         if (sha384.contains(digestName))
         {
-            return new SHA384Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA384();
+            // END android-changed
         }
         if (sha512.contains(digestName))
         {
-            return new SHA512Digest();
+            // BEGIN android-changed
+            return AndroidDigestFactory.getSHA512();
+            // END android-changed
         }
         
         return null;
@@ -116,7 +139,9 @@
         String digest2)
     {
         return (sha1.contains(digest1) && sha1.contains(digest2))
-            || (sha224.contains(digest1) && sha224.contains(digest2))
+            // BEGIN android-removed
+            // || (sha224.contains(digest1) && sha224.contains(digest2))
+            // END android-removed
             || (sha256.contains(digest1) && sha256.contains(digest2))
             || (sha384.contains(digest1) && sha384.contains(digest2))
             || (sha512.contains(digest1) && sha512.contains(digest2))
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/PKCS10CertificationRequest.java	2013-01-31 02:26:40.000000000 +0000
@@ -30,14 +30,18 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.CertificationRequest;
 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
@@ -81,15 +85,20 @@
 
     static
     {
-        algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
-        algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // BEGIN android-removed
+        // Dropping MD2
+        // algorithms.put("MD2WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // algorithms.put("MD2WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.2"));
+        // END android-removed
         algorithms.put("MD5WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("MD5WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("RSAWITHMD5", new DERObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("SHA1WITHRSAENCRYPTION", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
         algorithms.put("SHA1WITHRSA", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -97,57 +106,78 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("RSAWITHSHA1", new DERObjectIdentifier("1.2.840.113549.1.1.5"));
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", new DERObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("DSAWITHSHA1", new DERObjectIdentifier("1.2.840.10040.4.3"));
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // reverse mappings
         //
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.5"), "SHA1WITHRSA");
-        oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // BEGIN android-removed
+        // oids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224WITHRSA");
+        // END android-removed
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // BEGIN android-removed
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
+        // END android-removed
         
         oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        // BEGIN android-removed
+        // Dropping MD2
+        // oids.put(new DERObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
+        // END android-removed
         oids.put(new DERObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-        oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // BEGIN android-removed
+        // oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
+        // END android-removed
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA256, "SHA256WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA384, "SHA384WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, "SHA512WITHECDSA");
         oids.put(OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
         oids.put(OIWObjectIdentifiers.dsaWithSHA1, "SHA1WITHDSA");
-        oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // BEGIN android-removed
+        // oids.put(NISTObjectIdentifiers.dsa_with_sha224, "SHA224WITHDSA");
+        // END android-removed
         oids.put(NISTObjectIdentifiers.dsa_with_sha256, "SHA256WITHDSA");
         
         //
@@ -161,27 +191,35 @@
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
 
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
         //
         // explicit params
         //
         AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // BEGIN android-removed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
 
         AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
         params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));
@@ -600,10 +638,12 @@
         {
             return "SHA1";
         }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
+        // BEGIN android-removed
+        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        // {
+        //     return "SHA224";
+        // }
+        // END android-removed
         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
         {
             return "SHA256";
@@ -616,22 +656,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2013-05-25 02:14:15.000000000 +0000
@@ -64,13 +64,20 @@
 
     private static final String[] SYMMETRIC_MACS =
     {
-        "SipHash"
+        // BEGIN android-removed
+        // "SipHash"
+        // END android-removed
     };
 
     private static final String[] SYMMETRIC_CIPHERS =
     {
-        "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
-        "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+        // BEGIN android-removed
+        // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "DES", "DESede", "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA",
+        // "Noekeon", "RC2", "RC5", "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Skipjack", "TEA", "Twofish", "VMPC", "VMPCKSA3", "XTEA"
+        // END android-removed
+        // BEGIN android-added
+        "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish"
+        // END android-added
     };
 
      /*
@@ -82,12 +89,22 @@
     // later ones configure it.
     private static final String[] ASYMMETRIC_GENERIC =
     {
-        "X509", "IES"
+        // BEGIN android-removed
+        // "X509", "IES"
+        // END android-removed
+        // BEGIN android-added
+        "X509"
+        // END android-added
     };
 
     private static final String[] ASYMMETRIC_CIPHERS =
     {
-        "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145"
+        // BEGIN android-removed
+        // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145"
+        // END android-removed
+        // BEGIN android-added
+        "DSA", "DH", "EC", "RSA",
+        // END android-added
     };
 
     /*
@@ -96,7 +113,12 @@
     private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
     private static final String[] DIGESTS =
     {
-        "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool"
+        // BEGIN android-removed
+        // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Tiger", "Whirlpool"
+        // END android-removed
+        // BEGIN android-added
+        "MD5", "SHA1", "SHA256", "SHA384", "SHA512",
+        // END android-added
     };
 
     /*
@@ -143,48 +165,52 @@
 
         loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
 
-        //
-        // X509Store
-        //
-        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
-
-        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
-        
-        //
-        // X509StreamParser
-        //
-        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
-
-        //
-        // cipher engines
-        //
-        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
-
-        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
-
-
-        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
-
-        // Certification Path API
-        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
-        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+        // BEGIN android-removed
+        // //
+        // // X509Store
+        // //
+        // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
+        // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
+        // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
+        // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+        //
+        // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
+        // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
+        // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
+        // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+        //
+        // //
+        // // X509StreamParser
+        // //
+        // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
+        // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
+        // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
+        // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+        //
+        // //
+        // // cipher engines
+        // //
+        // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+        //
+        // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+        //
+        //
+        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+        //
+        // // Certification Path API
+        // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+        // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+        // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
+        // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+        // END android-removed
         put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
         put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
         put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
-        put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
-        put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
-        put("Alg.Alias.CertStore.X509LDAP", "LDAP");
+        // BEGIN android-removed
+        // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
+        // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
+        // put("Alg.Alias.CertStore.X509LDAP", "LDAP");
+        // END android-removed
     }
 
     private void loadAlgorithms(String packageName, String[] names)
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertBlacklist.java	1970-01-01 00:00:00.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertBlacklist.java	2013-12-10 21:31:49.000000000 +0000
@@ -0,0 +1,228 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.bouncycastle.jce.provider;
+
+import java.io.Closeable;
+import java.io.ByteArrayOutputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.bouncycastle.crypto.Digest;
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+import org.bouncycastle.util.encoders.Hex;
+
+public class CertBlacklist {
+
+    private static final String ANDROID_DATA = System.getenv("ANDROID_DATA");
+    private static final String BLACKLIST_ROOT = ANDROID_DATA + "/misc/keychain/";
+    public static final String DEFAULT_PUBKEY_BLACKLIST_PATH = BLACKLIST_ROOT + "pubkey_blacklist.txt";
+    public static final String DEFAULT_SERIAL_BLACKLIST_PATH = BLACKLIST_ROOT + "serial_blacklist.txt";
+
+    private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
+
+    // public for testing
+    public final Set<BigInteger> serialBlacklist;
+    public final Set<byte[]> pubkeyBlacklist;
+
+    public CertBlacklist() {
+        this(DEFAULT_PUBKEY_BLACKLIST_PATH, DEFAULT_SERIAL_BLACKLIST_PATH);
+    }
+
+    /** Test only interface, not for public use */
+    public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
+        serialBlacklist = readSerialBlackList(serialBlacklistPath);
+        pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
+    }
+
+    private static boolean isHex(String value) {
+        try {
+            new BigInteger(value, 16);
+            return true;
+        } catch (NumberFormatException e) {
+            logger.log(Level.WARNING, "Could not parse hex value " + value, e);
+            return false;
+        }
+    }
+
+    private static boolean isPubkeyHash(String value) {
+        if (value.length() != 40) {
+            logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length());
+            return false;
+        }
+        return isHex(value);
+    }
+
+    private static String readBlacklist(String path) {
+        try {
+            return readFileAsString(path);
+        } catch (FileNotFoundException ignored) {
+        } catch (IOException e) {
+            logger.log(Level.WARNING, "Could not read blacklist", e);
+        }
+        return "";
+    }
+
+    // From IoUtils.readFileAsString
+    private static String readFileAsString(String path) throws IOException {
+        return readFileAsBytes(path).toString("UTF-8");
+    }
+
+    // Based on IoUtils.readFileAsBytes
+    private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException {
+        RandomAccessFile f = null;
+        try {
+            f = new RandomAccessFile(path, "r");
+            ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length());
+            byte[] buffer = new byte[8192];
+            while (true) {
+                int byteCount = f.read(buffer);
+                if (byteCount == -1) {
+                    return bytes;
+                }
+                bytes.write(buffer, 0, byteCount);
+            }
+        } finally {
+            closeQuietly(f);
+        }
+    }
+
+    // Base on IoUtils.closeQuietly
+    private static void closeQuietly(Closeable closeable) {
+        if (closeable != null) {
+            try {
+                closeable.close();
+            } catch (RuntimeException rethrown) {
+                throw rethrown;
+            } catch (Exception ignored) {
+            }
+        }
+    }
+
+    private static final Set<BigInteger> readSerialBlackList(String path) {
+
+        // start out with a base set of known bad values
+        Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList(
+            // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup
+            // Not a real certificate. For testing only.
+            new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16),
+            new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16),
+            new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16),
+            new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16),
+            new BigInteger("9239d5348f40d1695a745470e1f23f43", 16),
+            new BigInteger("e9028b9578e415dc1a710a2b88154447", 16),
+            new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16),
+            new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16),
+            new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16),
+            new BigInteger("3e75ced46b693021218830ae86a82a71", 16),
+            new BigInteger("864", 16),
+            new BigInteger("827", 16),
+            new BigInteger("31da7", 16)
+        ));
+
+        // attempt to augment it with values taken from gservices
+        String serialBlacklist = readBlacklist(path);
+        if (!serialBlacklist.equals("")) {
+            for(String value : serialBlacklist.split(",")) {
+                try {
+                    bl.add(new BigInteger(value, 16));
+                } catch (NumberFormatException e) {
+                    logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e);
+                }
+            }
+        }
+
+        // whether that succeeds or fails, send it on its merry way
+        return Collections.unmodifiableSet(bl);
+    }
+
+    private static final Set<byte[]> readPublicKeyBlackList(String path) {
+
+        // start out with a base set of known bad values
+        Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList(
+            // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750
+            // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl
+            "410f36363258f30b347d12ce4863e433437806a8".getBytes(),
+            // Subject: CN=DigiNotar Cyber CA
+            // Issuer: CN=GTE CyberTrust Global Root
+            "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(),
+            // Subject: CN=DigiNotar Services 1024 CA
+            // Issuer: CN=Entrust.net
+            "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(),
+            // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
+            // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
+            "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(),
+            // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
+            // Issuer: CN=Staat der Nederlanden Overheid CA
+            "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(),
+            // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479
+            // Subject: O=Digicert Sdn. Bhd.
+            // Issuer: CN=GTE CyberTrust Global Root
+            "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(),
+            // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org
+            // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri
+            "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(),
+            // Subject: CN=*.EGO.GOV.TR 93
+            // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri
+            "783333c9687df63377efceddd82efa9101913e8e".getBytes(),
+            // Subject: Subject: C=FR, O=DG Tr\xC3\xA9sor, CN=AC DG Tr\xC3\xA9sor SSL
+            // Issuer: C=FR, O=DGTPE, CN=AC DGTPE Signature Authentification
+            "3ecf4bbbe46096d514bb539bb913d77aa4ef31bf".getBytes()
+        ));
+
+        // attempt to augment it with values taken from gservices
+        String pubkeyBlacklist = readBlacklist(path);
+        if (!pubkeyBlacklist.equals("")) {
+            for (String value : pubkeyBlacklist.split(",")) {
+                value = value.trim();
+                if (isPubkeyHash(value)) {
+                    bl.add(value.getBytes());
+                } else {
+                    logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value);
+                }
+            }
+        }
+
+        return bl;
+    }
+
+    public boolean isPublicKeyBlackListed(PublicKey publicKey) {
+        byte[] encoded = publicKey.getEncoded();
+        Digest digest = AndroidDigestFactory.getSHA1();
+        digest.update(encoded, 0, encoded.length);
+        byte[] out = new byte[digest.getDigestSize()];
+        digest.doFinal(out, 0);
+        for (byte[] blacklisted : pubkeyBlacklist) {
+            if (Arrays.equals(blacklisted, Hex.encode(out))) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public boolean isSerialNumberBlackListed(BigInteger serial) {
+        return serialBlacklist.contains(serial);
+    }
+
+}
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2013-01-31 02:26:40.000000000 +0000
@@ -61,14 +61,18 @@
 import org.bouncycastle.asn1.x509.PolicyInformation;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Extension;
-import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+// BEGIN android-removed
+// import org.bouncycastle.jce.X509LDAPCertStoreParameters;
+// END android-removed
 import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Selector;
 import org.bouncycastle.util.StoreException;
 import org.bouncycastle.x509.ExtendedPKIXBuilderParameters;
 import org.bouncycastle.x509.ExtendedPKIXParameters;
-import org.bouncycastle.x509.X509AttributeCertStoreSelector;
+// BEGIN android-removed
+// import org.bouncycastle.x509.X509AttributeCertStoreSelector;
+// END android-removed
 import org.bouncycastle.x509.X509AttributeCertificate;
 import org.bouncycastle.x509.X509CRLStoreSelector;
 import org.bouncycastle.x509.X509CertStoreSelector;
@@ -656,38 +660,40 @@
         {
             try
             {
-                if (location.startsWith("ldap://"))
-                {
-                    // ldap://directory.d-trust.net/CN=D-TRUST
-                    // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
-                    // skip "ldap://"
-                    location = location.substring(7);
-                    // after first / baseDN starts
-                    String base = null;
-                    String url = null;
-                    if (location.indexOf("/") != -1)
-                    {
-                        base = location.substring(location.indexOf("/"));
-                        // URL
-                        url = "ldap://"
-                            + location.substring(0, location.indexOf("/"));
-                    }
-                    else
-                    {
-                        url = "ldap://" + location;
-                    }
-                    // use all purpose parameters
-                    X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
-                        url, base).build();
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                    pkixParams.addAdditionalStore(X509Store.getInstance(
-                        "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
-                }
+                // BEGIN android-removed
+                // if (location.startsWith("ldap://"))
+                // {
+                //     // ldap://directory.d-trust.net/CN=D-TRUST
+                //     // Qualified CA 2003 1:PN,O=D-Trust GmbH,C=DE
+                //     // skip "ldap://"
+                //     location = location.substring(7);
+                //     // after first / baseDN starts
+                //     String base = null;
+                //     String url = null;
+                //     if (location.indexOf("/") != -1)
+                //     {
+                //         base = location.substring(location.indexOf("/"));
+                //         // URL
+                //         url = "ldap://"
+                //             + location.substring(0, location.indexOf("/"));
+                //     }
+                //     else
+                //     {
+                //         url = "ldap://" + location;
+                //     }
+                //     // use all purpose parameters
+                //     X509LDAPCertStoreParameters params = new X509LDAPCertStoreParameters.Builder(
+                //         url, base).build();
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CRL/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "ATTRIBUTECERTIFICATE/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                //     pkixParams.addAdditionalStore(X509Store.getInstance(
+                //         "CERTIFICATEPAIR/LDAP", params, BouncyCastleProvider.PROVIDER_NAME));
+                // }
+                // END android-removed
             }
             catch (Exception e)
             {
@@ -752,33 +758,35 @@
         return certs;
     }
 
-    protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
-                                                 List certStores)
-        throws AnnotatedException
-    {
-        Set certs = new HashSet();
-        Iterator iter = certStores.iterator();
-
-        while (iter.hasNext())
-        {
-            Object obj = iter.next();
-
-            if (obj instanceof X509Store)
-            {
-                X509Store certStore = (X509Store)obj;
-                try
-                {
-                    certs.addAll(certStore.getMatches(certSelect));
-                }
-                catch (StoreException e)
-                {
-                    throw new AnnotatedException(
-                            "Problem while picking certificates from X.509 store.", e);
-                }
-            }
-        }
-        return certs;
-    }
+    // BEGIN android-removed
+    // protected static Collection findCertificates(X509AttributeCertStoreSelector certSelect,
+    //                                              List certStores)
+    //     throws AnnotatedException
+    // {
+    //     Set certs = new HashSet();
+    //     Iterator iter = certStores.iterator();
+    //
+    //     while (iter.hasNext())
+    //     {
+    //         Object obj = iter.next();
+    //
+    //         if (obj instanceof X509Store)
+    //         {
+    //             X509Store certStore = (X509Store)obj;
+    //             try
+    //             {
+    //                 certs.addAll(certStore.getMatches(certSelect));
+    //             }
+    //             catch (StoreException e)
+    //             {
+    //                 throw new AnnotatedException(
+    //                         "Problem while picking certificates from X.509 store.", e);
+    //             }
+    //         }
+    //     }
+    //     return certs;
+    // }
+    // END android-removed
 
     protected static void addAdditionalStoresFromCRLDistributionPoint(
         CRLDistPoint crldp, ExtendedPKIXParameters pkixParams)
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2013-05-25 02:14:15.000000000 +0000
@@ -20,8 +20,10 @@
 import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// END android-removed
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -203,21 +205,23 @@
             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
 
-            if (ecP == null) // GOST Curve
-            {
-                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-
-                ecSpec = new ECNamedCurveSpec(
-                        ECGOST3410NamedCurves.getName(oid),
-                        ellipticCurve,
-                        new ECPoint(
-                                gParam.getG().getX().toBigInteger(),
-                                gParam.getG().getY().toBigInteger()),
-                        gParam.getN(),
-                        gParam.getH());
-            }
-            else
+            // BEGIN android-removed
+            // if (ecP == null) // GOST Curve
+            // {
+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+            //
+            //     ecSpec = new ECNamedCurveSpec(
+            //             ECGOST3410NamedCurves.getName(oid),
+            //             ellipticCurve,
+            //             new ECPoint(
+            //                     gParam.getG().getX().toBigInteger(),
+            //                     gParam.getG().getY().toBigInteger()),
+            //             gParam.getN(),
+            //             gParam.getH());
+            // }
+            // else
+            // END android-removed
             {
                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
 
@@ -331,11 +335,13 @@
 
         try
         {
-            if (algorithm.equals("ECGOST3410"))
-            {
-                info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-            }
-            else
+            // BEGIN android-removed
+            // if (algorithm.equals("ECGOST3410"))
+            // {
+            //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
+            // }
+            // else
+            // END android-removed
             {
 
                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEECPublicKey.java	2013-05-25 02:14:15.000000000 +0000
@@ -18,9 +18,11 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DEROctetString;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962Parameters;
@@ -33,9 +35,13 @@
 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
-import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// BEGIN android-removed
+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
+// END android-removed
 import org.bouncycastle.jce.interfaces.ECPointEncoder;
-import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// BEGIN android-removed
+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
+// END android-removed
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
 
@@ -46,7 +52,9 @@
     private org.bouncycastle.math.ec.ECPoint q;
     private ECParameterSpec         ecSpec;
     private boolean                 withCompression;
-    private GOST3410PublicKeyAlgParameters       gostParams;
+    // BEGIN android-removed
+    // private GOST3410PublicKeyAlgParameters       gostParams;
+    // END android-removed
 
     public JCEECPublicKey(
         String              algorithm,
@@ -56,7 +64,9 @@
         this.q = key.q;
         this.ecSpec = key.ecSpec;
         this.withCompression = key.withCompression;
-        this.gostParams = key.gostParams;
+        // BEGIN android-removed
+        // this.gostParams = key.gostParams;
+        // END android-removed
     }
     
     public JCEECPublicKey(
@@ -179,54 +189,56 @@
 
     private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
     {
-        if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        {
-            DERBitString bits = info.getPublicKeyData();
-            ASN1OctetString key;
-            this.algorithm = "ECGOST3410";
-
-            try
-            {
-                key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
-            }
-            catch (IOException ex)
-            {
-                throw new IllegalArgumentException("error recovering public key");
-            }
-
-            byte[]          keyEnc = key.getOctets();
-            byte[]          x = new byte[32];
-            byte[]          y = new byte[32];
-
-            for (int i = 0; i != x.length; i++)
-            {
-                x[i] = keyEnc[32 - 1 - i];
-            }
-
-            for (int i = 0; i != y.length; i++)
-            {
-                y[i] = keyEnc[64 - 1 - i];
-            }
-
-            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-
-            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
-
-            ECCurve curve = spec.getCurve();
-            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
-
-            this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
-
-            ecSpec = new ECNamedCurveSpec(
-                    ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
-                    ellipticCurve,
-                    new ECPoint(
-                            spec.getG().getX().toBigInteger(),
-                            spec.getG().getY().toBigInteger()),
-                            spec.getN(), spec.getH());
-
-        }
-        else
+        // BEGIN android-removed
+        // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+        // {
+        //     DERBitString bits = info.getPublicKeyData();
+        //     ASN1OctetString key;
+        //     this.algorithm = "ECGOST3410";
+        //
+        //     try
+        //     {
+        //         key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
+        //     }
+        //     catch (IOException ex)
+        //     {
+        //         throw new IllegalArgumentException("error recovering public key");
+        //     }
+        //
+        //     byte[]          keyEnc = key.getOctets();
+        //     byte[]          x = new byte[32];
+        //     byte[]          y = new byte[32];
+        //
+        //     for (int i = 0; i != x.length; i++)
+        //     {
+        //         x[i] = keyEnc[32 - 1 - i];
+        //     }
+        //
+        //     for (int i = 0; i != y.length; i++)
+        //     {
+        //         y[i] = keyEnc[64 - 1 - i];
+        //     }
+        //
+        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+        //
+        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+        //
+        //     ECCurve curve = spec.getCurve();
+        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+        //
+        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+        //
+        //     ecSpec = new ECNamedCurveSpec(
+        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+        //             ellipticCurve,
+        //             new ECPoint(
+        //                     spec.getG().getX().toBigInteger(),
+        //                     spec.getG().getY().toBigInteger()),
+        //                     spec.getN(), spec.getH());
+        //
+        // }
+        // else
+        // END android-removed
         {
             X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters());
             ECCurve                 curve;
@@ -315,52 +327,54 @@
         ASN1Encodable        params;
         SubjectPublicKeyInfo info;
 
-        if (algorithm.equals("ECGOST3410"))
-        {
-            if (gostParams != null)
-            {
-                params = gostParams;
-            }
-            else
-            {
-                if (ecSpec instanceof ECNamedCurveSpec)
-                {
-                    params = new GOST3410PublicKeyAlgParameters(
-                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
-                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
-                }
-                else
-                {   // strictly speaking this may not be applicable...
-                    ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
-
-                    X9ECParameters ecP = new X9ECParameters(
-                        curve,
-                        EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
-                        ecSpec.getOrder(),
-                        BigInteger.valueOf(ecSpec.getCofactor()),
-                        ecSpec.getCurve().getSeed());
-
-                    params = new X962Parameters(ecP);
-                }
-            }
-
-            BigInteger      bX = this.q.getX().toBigInteger();
-            BigInteger      bY = this.q.getY().toBigInteger();
-            byte[]          encKey = new byte[64];
-
-            extractBytes(encKey, 0, bX);
-            extractBytes(encKey, 32, bY);
-
-            try
-            {
-                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
-            }
-            catch (IOException e)
-            {
-                return null;
-            }
-        }
-        else
+        // BEGIN android-removed
+        // if (algorithm.equals("ECGOST3410"))
+        // {
+        //     if (gostParams != null)
+        //     {
+        //         params = gostParams;
+        //     }
+        //     else
+        //     {
+        //         if (ecSpec instanceof ECNamedCurveSpec)
+        //         {
+        //             params = new GOST3410PublicKeyAlgParameters(
+        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+        //         }
+        //         else
+        //         {   // strictly speaking this may not be applicable...
+        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+        //
+        //             X9ECParameters ecP = new X9ECParameters(
+        //                 curve,
+        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+        //                 ecSpec.getOrder(),
+        //                 BigInteger.valueOf(ecSpec.getCofactor()),
+        //                 ecSpec.getCurve().getSeed());
+        //
+        //             params = new X962Parameters(ecP);
+        //         }
+        //     }
+        //
+        //     BigInteger      bX = this.q.getX().toBigInteger();
+        //     BigInteger      bY = this.q.getY().toBigInteger();
+        //     byte[]          encKey = new byte[64];
+        //
+        //     extractBytes(encKey, 0, bX);
+        //     extractBytes(encKey, 32, bY);
+        //
+        //     try
+        //     {
+        //         info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
+        //     }
+        //     catch (IOException e)
+        //     {
+        //         return null;
+        //     }
+        // }
+        // else
+        // END android-removed
         {
             if (ecSpec instanceof ECNamedCurveSpec)
             {
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/JCEStreamCipher.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/JCEStreamCipher.java	2013-05-25 02:14:15.000000000 +0000
@@ -23,8 +23,10 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-import javax.crypto.spec.RC2ParameterSpec;
-import javax.crypto.spec.RC5ParameterSpec;
+// BEGIN android-removed
+// import javax.crypto.spec.RC2ParameterSpec;
+// import javax.crypto.spec.RC5ParameterSpec;
+// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -33,12 +35,16 @@
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.StreamBlockCipher;
 import org.bouncycastle.crypto.StreamCipher;
-import org.bouncycastle.crypto.engines.BlowfishEngine;
-import org.bouncycastle.crypto.engines.DESEngine;
-import org.bouncycastle.crypto.engines.DESedeEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.BlowfishEngine;
+// import org.bouncycastle.crypto.engines.DESEngine;
+// import org.bouncycastle.crypto.engines.DESedeEngine;
+// END android-removed
 import org.bouncycastle.crypto.engines.RC4Engine;
-import org.bouncycastle.crypto.engines.SkipjackEngine;
-import org.bouncycastle.crypto.engines.TwofishEngine;
+// BEGIN android-removed
+// import org.bouncycastle.crypto.engines.SkipjackEngine;
+// import org.bouncycastle.crypto.engines.TwofishEngine;
+// END android-removed
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
@@ -55,8 +61,10 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        RC2ParameterSpec.class,
-                                        RC5ParameterSpec.class,
+                                        // BEGIN android-removed
+                                        // RC2ParameterSpec.class,
+                                        // RC5ParameterSpec.class,
+                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };
@@ -491,123 +499,125 @@
      * The ciphers that inherit from us.
      */
 
-    /**
-     * DES
-     */
-    static public class DES_CFB8
-        extends JCEStreamCipher
-    {
-        public DES_CFB8()
-        {
-            super(new CFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_CFB8
-        extends JCEStreamCipher
-    {
-        public DESede_CFB8()
-        {
-            super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_CFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_CFB8()
-        {
-            super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_CFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_CFB8()
-        {
-            super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_CFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_CFB8()
-        {
-            super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
-
-    /**
-     * DES
-     */
-    static public class DES_OFB8
-        extends JCEStreamCipher
-    {
-        public DES_OFB8()
-        {
-            super(new OFBBlockCipher(new DESEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * DESede
-     */
-    static public class DESede_OFB8
-        extends JCEStreamCipher
-    {
-        public DESede_OFB8()
-        {
-            super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * SKIPJACK
-     */
-    static public class Skipjack_OFB8
-        extends JCEStreamCipher
-    {
-        public Skipjack_OFB8()
-        {
-            super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Blowfish
-     */
-    static public class Blowfish_OFB8
-        extends JCEStreamCipher
-    {
-        public Blowfish_OFB8()
-        {
-            super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
-        }
-    }
-
-    /**
-     * Twofish
-     */
-    static public class Twofish_OFB8
-        extends JCEStreamCipher
-    {
-        public Twofish_OFB8()
-        {
-            super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
-        }
-    }
+    // BEGIN android-removed
+    // /**
+    //  * DES
+    //  */
+    // static public class DES_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DES_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new DESEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * DESede
+    //  */
+    // static public class DESede_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DESede_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new DESedeEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * SKIPJACK
+    //  */
+    // static public class Skipjack_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Skipjack_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new SkipjackEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Blowfish
+    //  */
+    // static public class Blowfish_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Blowfish_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new BlowfishEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Twofish
+    //  */
+    // static public class Twofish_CFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Twofish_CFB8()
+    //     {
+    //         super(new CFBBlockCipher(new TwofishEngine(), 8), 128);
+    //     }
+    // }
+    //
+    // /**
+    //  * DES
+    //  */
+    // static public class DES_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DES_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new DESEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * DESede
+    //  */
+    // static public class DESede_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public DESede_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new DESedeEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * SKIPJACK
+    //  */
+    // static public class Skipjack_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Skipjack_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new SkipjackEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Blowfish
+    //  */
+    // static public class Blowfish_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Blowfish_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new BlowfishEngine(), 8), 64);
+    //     }
+    // }
+    //
+    // /**
+    //  * Twofish
+    //  */
+    // static public class Twofish_OFB8
+    //     extends JCEStreamCipher
+    // {
+    //     public Twofish_OFB8()
+    //     {
+    //         super(new OFBBlockCipher(new TwofishEngine(), 8), 128);
+    //     }
+    // }
+    // END android-removed
 }
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2012-09-17 23:04:47.000000000 +0000
@@ -1,5 +1,8 @@
 package org.bouncycastle.jce.provider;
 
+// BEGIN android-added
+import java.math.BigInteger;
+// END android-added
 import java.security.InvalidAlgorithmParameterException;
 import java.security.PublicKey;
 import java.security.cert.CertPath;
@@ -33,6 +36,9 @@
 public class PKIXCertPathValidatorSpi
         extends CertPathValidatorSpi
 {
+    // BEGIN android-added
+    private final static CertBlacklist blacklist = new CertBlacklist();
+    // END android-added
 
     public CertPathValidatorResult engineValidate(
             CertPath certPath,
@@ -75,6 +81,22 @@
         {
             throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
         }
+        // BEGIN android-added
+        {
+            X509Certificate cert = (X509Certificate) certs.get(0);
+
+            if (cert != null) {
+                BigInteger serial = cert.getSerialNumber();
+                if (blacklist.isSerialNumberBlackListed(serial)) {
+                    // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+                    String message = "Certificate revocation of serial 0x" + serial.toString(16);
+                    System.out.println(message);
+                    AnnotatedException e = new AnnotatedException(message);
+                    throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
+                }
+            }
+        }
+        // END android-added
 
         //
         // (b)
@@ -251,6 +273,15 @@
 
         for (index = certs.size() - 1; index >= 0; index--)
         {
+            // BEGIN android-added
+            if (blacklist.isPublicKeyBlackListed(workingPublicKey)) {
+                // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
+                String message = "Certificate revocation of public key " + workingPublicKey;
+                System.out.println(message);
+                AnnotatedException e = new AnnotatedException(message);
+                throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
+            }
+            // END android-added
             // try
             // {
             //
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509CertificateObject.java	2013-01-31 02:26:40.000000000 +0000
@@ -57,6 +57,9 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
+// BEGIN android-added
+import org.bouncycastle.asn1.x509.X509Name;
+// END android-added
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -562,12 +565,20 @@
         }
     }
 
+    // BEGIN android-changed
+    private byte[] encoded;
+    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            return c.getEncoded(ASN1Encoding.DER);
+            // BEGIN android-changed
+            if (encoded == null) {
+                encoded = c.getEncoded(ASN1Encoding.DER);
+            }
+            return encoded;
+            // END android-changed
         }
         catch (IOException e)
         {
@@ -858,7 +869,9 @@
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
+                    // BEGIN android-changed
+                    list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
+                    // END android-changed
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/jce/provider/X509SignatureUtil.java	2013-01-31 02:26:40.000000000 +0000
@@ -14,7 +14,9 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -66,12 +68,14 @@
         
         if (params != null && !derNull.equals(params))
         {
-            if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            {
-                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-                
-                return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
-            }
+            // BEGIN android-removed
+            // if (sigAlgId.getObjectId().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
+            // {
+            //     RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
+            //
+            //     return getDigestAlgName(rsaParams.getHashAlgorithm().getObjectId()) + "withRSAandMGF1";
+            // }
+            // END android-removed
             if (sigAlgId.getObjectId().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
             {
                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
@@ -98,10 +102,12 @@
         {
             return "SHA1";
         }
-        else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
-        {
-            return "SHA224";
-        }
+        // BEGIN android-removed
+        // else if (NISTObjectIdentifiers.id_sha224.equals(digestAlgOID))
+        // {
+        //     return "SHA224";
+        // }
+        // END android-removed
         else if (NISTObjectIdentifiers.id_sha256.equals(digestAlgOID))
         {
             return "SHA256";
@@ -114,22 +120,24 @@
         {
             return "SHA512";
         }
-        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        {
-            return "RIPEMD128";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        {
-            return "RIPEMD160";
-        }
-        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        {
-            return "RIPEMD256";
-        }
-        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        {
-            return "GOST3411";
-        }
+        // BEGIN android-removed
+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD128";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD160";
+        // }
+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        // {
+        //     return "RIPEMD256";
+        // }
+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        // {
+        //     return "GOST3411";
+        // }
+        // END android-removed
         else
         {
             return digestAlgOID.getId();            
diff -Naur bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java
--- bcprov-jdk15on-149.orig/org/bouncycastle/x509/X509Util.java	2013-05-31 21:16:46.000000000 +0000
+++ bcprov-jdk15on-149/org/bouncycastle/x509/X509Util.java	2013-01-31 02:26:40.000000000 +0000
@@ -25,12 +25,16 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DERObjectIdentifier;
-import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// BEGIN android-removed
+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
+// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jce.X509Principal;
@@ -44,14 +48,18 @@
     
     static
     {   
-        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
+        // END android-removed
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
         algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-        algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-        algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
+        // END android-removed
         algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
         algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
@@ -59,45 +67,59 @@
         algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
         algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
+        // END android-removed
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // BEGIN android-removed
+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+        // END android-removed
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-        algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
         algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
         algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
         algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
         // The parameters field SHALL be NULL for RSA based signature algorithms.
         //
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA1);
-        noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // BEGIN android-removed
+        // noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA224);
+        // END android-removed
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA256);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA384);
         noParams.add(X9ObjectIdentifiers.ecdsa_with_SHA512);
         noParams.add(X9ObjectIdentifiers.id_dsa_with_sha1);
-        noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // BEGIN android-removed
+        // noParams.add(NISTObjectIdentifiers.dsa_with_sha224);
+        // END android-removed
         noParams.add(NISTObjectIdentifiers.dsa_with_sha256);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
@@ -105,8 +127,10 @@
         //
         // RFC 4491
         //
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // BEGIN android-removed
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        // END android-removed
 
         //
         // explicit params
@@ -114,8 +138,10 @@
         AlgorithmIdentifier sha1AlgId = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
         params.put("SHA1WITHRSAANDMGF1", creatPSSParams(sha1AlgId, 20));
 
-        AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
-        params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // BEGIN android-removed
+        // AlgorithmIdentifier sha224AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha224, DERNull.INSTANCE);
+        // params.put("SHA224WITHRSAANDMGF1", creatPSSParams(sha224AlgId, 28));
+        // END android-removed
 
         AlgorithmIdentifier sha256AlgId = new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256, DERNull.INSTANCE);
         params.put("SHA256WITHRSAANDMGF1", creatPSSParams(sha256AlgId, 32));