[automerger] Fix probable prime confidence calculations. am: 91719e3c1b am: b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab am: 87804b8da9 am: 883aa9d8f8
am: 8221e0766e

Change-Id: I65459162d9af9e07fa7a5de294d7bd54375c5d0b
diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..8f1a364
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1,150 @@
+//
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+java_defaults {
+    name: "bouncycastle-errorprone-defaults",
+    errorprone: {
+        javacflags: [
+            "-Xep:MissingOverride:OFF",  // Ignore missing @Override.
+        ],
+    },
+}
+
+// These cannot build in the PDK, because the PDK requires all libraries
+// compile against SDK versions.
+java_defaults {
+    name: "bouncycastle-defaults",
+    defaults: [
+        "bouncycastle-errorprone-defaults",
+    ],
+    host_supported: true,
+    hostdex: true,
+    target: {
+        android: {
+            product_variables: {
+                pdk: {
+                    enabled: false,
+                },
+            },
+        },
+    },
+}
+
+// non-jarjar version to build okhttp-tests
+java_library_static {
+    name: "bouncycastle-unbundled",
+    defaults: ["bouncycastle-defaults"],
+
+    srcs: ["bcprov/src/main/java/**/*.java"],
+    exclude_srcs: [
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+
+    sdk_version: "9",
+    java_version: "1.7",
+}
+
+java_library {
+    name: "bouncycastle",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+// A guaranteed unstripped version of bouncycastle.
+// The build system may or may not strip the bouncycastle jar, but this one will
+// not be stripped. See b/24535627.
+java_library {
+    name: "bouncycastle-testdex",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+}
+
+// PKIX classes used for testing
+java_library_static {
+    name: "bouncycastle-bcpkix",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-bcpkix-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+java_library_static {
+    name: "bouncycastle-bcpkix-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled" ],
+    sdk_version: "9",
+    srcs: ["bcpkix/src/main/java/**/*.java"],
+    exclude_srcs: ["bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java"],
+}
+
+
+// OCSP classes used for testing
+java_library_static {
+    name: "bouncycastle-ocsp",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-ocsp-unbundled"],
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+    no_framework_libs: true,
+}
+
+java_library_static {
+    name: "bouncycastle-ocsp-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled",
+            "bouncycastle-bcpkix-unbundled" ],
+    sdk_version: "9",
+    srcs: [
+        "bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java",
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+}
+
+// For compatibilityy with old bouncycastle-host and bouncycastle-bcpkix-host names
+java_library_host {
+    name: "bouncycastle-host",
+    static_libs: ["bouncycastle"],
+}
+
+java_library_host {
+    name: "bouncycastle-bcpkix-host",
+    static_libs: ["bouncycastle-bcpkix"],
+}
diff --git a/Android.mk b/Android.mk
deleted file mode 100644
index d8b6763..0000000
--- a/Android.mk
+++ /dev/null
@@ -1,233 +0,0 @@
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-LOCAL_PATH := $(call my-dir)
-
-# All the files needed for OCSP testing
-all_bc_ocsp_files := $(call all-java-files-under,bcpkix/src/main/java/org/bouncycastle/cert/ocsp) \
- $(call all-java-files-under,bcprov/src/main/java/org/bouncycastle/asn1/ocsp)
-
-# used for bouncycastle-hostdex where we want everything for testing
-all_bcprov_src_files := $(filter-out \
- $(all_bc_ocsp_files), \
- $(call all-java-files-under,bcprov/src/main/java))
-
-# used for bouncycastle for target where we want to be sure to use OpenSSLDigest
-android_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java, \
- $(all_bcprov_src_files))
-
-# used for bouncycastle-host where we can't use OpenSSLDigest
-ri_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java, \
- $(all_bcprov_src_files))
-
-# used for host tools, but OCSP is only for testing
-all_bcpkix_src_files := $(filter-out \
- $(all_bc_ocsp_files), \
- $(call all-java-files-under,bcpkix/src/main/java))
-
-# These cannot build in the PDK, because the PDK requires all libraries
-# compile against SDK versions. LOCAL_NO_STANDARD_LIBRARIES conflicts with
-# this requirement.
-ifneq ($(TARGET_BUILD_PDK),true)
-
-    # non-jarjar version to build okhttp-tests
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(android_bcprov_src_files)
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_JAVA_LIBRARY)
-
-    # A guaranteed unstripped version of bouncycastle.
-    # The build system may or may not strip the bouncycastle jar, but this one will
-    # not be stripped. See b/24535627.
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-testdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_JAVA_LIBRARY)
-
-    # unbundled bouncycastle jar
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-unbundled
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SDK_VERSION := 9
-    LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    # PKIX classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JAVA_LIBRARIES := bouncycastle-nojarjar core-oj core-libart conscrypt
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-bcpkix-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    # OCSP classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-ocsp
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-    LOCAL_JAVA_LIBRARIES := bouncycastle-nojarjar bouncycastle-bcpkix-nojarjar core-oj core-libart conscrypt
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-endif # TARGET_BUILD_PDK != true
-
-# This is used to generate a list of what is unused so it can be removed when bouncycastle is updated.
-# Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/
-.PHONY: bouncycastle-proguard-deadcode
-bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs)
-	$(PROGUARD) \
-		-injars $(full_classes_compiled_jar) \
-		-libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \
-		-dontoptimize \
-		-dontobfuscate \
-		-dontpreverify \
-		-ignorewarnings \
-		-printusage \
-		-keep class org.bouncycastle.jce.provider.BouncyCastleProvider "{ public protected *; }" \
-		-keep class org.bouncycastle.jce.provider.symmetric.AESMappings "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.ASN1TaggedObject "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.x509.CertificateList "{ public protected *; }" \
-		-keep class org.bouncycastle.crypto.AsymmetricBlockCipher "{ public protected *; }" \
-		-keep class org.bouncycastle.x509.ExtendedPKIXBuilderParameters "{ public protected *; }" \
-		`(find $(LOCAL_PATH) -name '*.java' | xargs grep '"org.bouncycastle' | egrep '  (put|add)' | sed -e 's/");//' -e 's/.*"//'; \
-		  find $(LOCAL_PATH) -name '*.java' | xargs grep '  addHMACAlgorithm' | sed 's/"org.bouncycastle/\norg.bouncycastle/g' | grep ^org.bouncycastle | sed 's/".*//'; \
-                  find . -name '*.java' | xargs grep 'import org.bouncycastle' | grep -v /bouncycastle/ | sed -e 's/.*:import //' -e 's/;//') \
-		  | sed -e 's/^/-keep class /' -e 's/$$/ { public protected \*; } /' | sort | uniq` \
-		-keepclassmembers "class * { \
-		    static final %                *; \
-		    static final java.lang.String *; \
-		}" \
-		-keepclassmembers "class * implements java.io.Serializable { \
-		    private static final java.io.ObjectStreamField[] serialPersistentFields; \
-		    private void writeObject(java.io.ObjectOutputStream); \
-		    private void readObject(java.io.ObjectInputStream); \
-		    java.lang.Object writeReplace(); \
-		    java.lang.Object readResolve(); \
-		}" \
-		-keepclassmembers "interface org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    abstract public java.lang.String getPaddingName(); \
-		}" \
-		-keepclassmembers "class * implements org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    public java.lang.String getPaddingName(); \
-		}"
-
-# Conscrypt isn't built in the PDK or on non-linux OSes, so this cannot be built
-# because it has a dependency on conscrypt-hostdex.
-ifneq ($(TARGET_BUILD_PDK),true)
-  ifeq ($(HOST_OS),linux)
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-hostdex-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcprov_src_files)
-    LOCAL_JAVA_LIBRARIES := conscrypt-hostdex
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    LOCAL_JAVA_LIBRARIES := conscrypt-hostdex
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_HOST_DALVIK_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    # OCSP classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-ocsp-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-  endif  # ($(HOST_OS),linux)
-endif
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-bcpkix-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-LOCAL_JAVA_LIBRARIES := bouncycastle-host
-LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-# OCSP classes used for testing
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-ocsp-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-LOCAL_JAVA_LIBRARIES := bouncycastle-host bouncycastle-bcpkix-host
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-# Unset these so they don't linger in the next makefile
-all_bcprov_src_files :=
-android_bcprov_src_files :=
-ri_bcprov_src_files :=
-all_bcpkix_src_files :=
-all_bc_ocsp_files :=
diff --git a/README.android b/README.android
index 5a3e9b5..2b6c07f 100644
--- a/README.android
+++ b/README.android
@@ -2,8 +2,8 @@
 ---
 
 The code in this directory is based on $BOUNCYCASTLE_VERSION in the
-file bouncycastle.version. See patches/README for more information on
-how the code differs from $BOUNCYCASTLE_VERSION.
+file bouncycastle.version. See the in-file change markers for more information
+on how the code differs from $BOUNCYCASTLE_VERSION.
 
 Porting New Versions of Bouncy Castle.
 --
@@ -21,257 +21,62 @@
      md5sum bcpkix-jdk*-*.tar.gz
      sha1sum bcpkix-jdk*-*.tar.gz
 
-2) Update the variables in bouncycastle.config and bouncycastle.version as appropriate.
-   At the very least you will need to update the bouncycastle.version.
+2) Submit the code to the upstream-master branch:
 
-3) Run:
+  a) Create a new branch tracking upstream-master
 
-     ./import_bouncycastle.sh import bcprov-jdk*-*.tar.gz
+      git checkout -b upgrade-to-xxx --track aosp/upstream-master
 
-   Note the script expects to find the bcpkix-jdk*-*.tar.gz alongside the bcprov file.
+  b) Update the variables in bouncycastle.version.
 
-4) If there are any errors, then modify bouncycastle.config, bouncycastle.version
-   and patches in patches/ as appropriate.  You might want to use:
+  c) Expand the source from the .tar.gz files
 
-     ./import_bouncycastle.sh regenerate patches/*.patch
+  d) Replace bc{prov,pkix}/src/main/java/org with the equivalent source
+     directory
 
-   Repeat step 3.
+  e) Ensure any new files are added
 
-5) Cleanup before building with:
+      git add bc{prov,pkix}
 
-     m -j16 clean-bouncycastle
+  f) Commit the change
 
-6) Build the bouncycastle target from the external/bouncycastle directory with:
+      git commit -a -m 'bouncycastle: Android tree with upstream code for version X.XX'
 
-     mm -j16 snod && adb sync system
+  g) Get the change reviewed
 
-   If there are build errors, then patches/*.mk or bouncycastle.config
-   may need updating.
+      repo upload . -D upstream-master
 
-7) Run tests to make sure things are working:
+3) Merge the code into the master branch
 
-     Some suggested tests by area:
-     - java.security.AlgorithmParameterGenerator
-       libcore/luni/src/test/java/libcore/java/security/OldAlgorithmParameterGeneratorTest.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDSA.java
-     - java.security.AlgorithmParameters
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestAES.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDESede.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDES.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestOAEP.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParameterGenerator1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParameterGenerator2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersSpiTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersTest.java
-     - java.security.cert.CertPathBuilder
-       libcore/luni/src/test/java/tests/targets/security/cert/CertPathBuilderTestPKIX.java
-     - java.security.cert.CertPathValidator
-       libcore/luni/src/test/java/tests/targets/security/cert/CertPathValidatorTestPKIX.java
-     - java.security.cert.CertStore
-       libcore/luni/src/test/java/tests/security/cert/CertStoreSpiTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertStore2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertStore1Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertStoreExceptionTest.java
-     - java.security.cert.Certificate
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateCertificateRepTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509Certificate2Test.java
-       libcore/luni/src/test/java/tests/targets/security/cert/CertificateTest.java
-     - java.security.cert.CertificateFactory
-       libcore/luni/src/test/java/libcore/java/security/cert/CertificateFactoryTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory1Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory3Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory4Test.java
-       libcore/luni/src/test/java/tests/targets/security/cert/CertificateFactoryTestX509.java
-     - java.security.cert.CertificateFactorySpi
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactorySpiTest.java
-     - java.security.cert.CRL
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java
-       libcore/luni/src/test/java/tests/security/cert/CRLTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRL2Test.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLEntryTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLSelector2Test.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLSelectorTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLTest.java
-     - javax.security.cert.Certificate
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateTest.java
-     - java.security.CodeSigner
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/CodeSignerTest.java
-     - javax.crypto.Cipher
-       libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/CipherTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/NullCipherTest.java
-     - java.security.DigestInputStream
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStream2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStreamTest.java
-     - java.security.DigestOutputStream
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestOutputStreamTest.java
-     - javax.crypto.spec.GCMParameterSpec
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/spec/GCMParameterSpecTest.java
-     - java.security.GuardedObject
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GuardedObjectTest.java
-     - java.security.Identity
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Identity2Test.java
-     - java.security.IdentityScope
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/IdentityScope2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/IdentityScopeTest.java
-     - javax.crypto.Key
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyTest.java
-     - javax.crypto.KeyAgreement
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyAgreementTest.java
-     - java.security.KeyFactory
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestRSA.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactory2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactoryTest.java
-     - java.security.KeyFactorySpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactorySpiTest.java
-     - javax.crypto.KeyGenerator
-       libcore/luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyGeneratorTest.java
-     - javax.net.ssl.KeyManagerFactory
-       libcore/luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
-     - java.security.KeyPair
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairTest.java
-     - java.security.KeyPairGenerator
-       libcore/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java
-       libcore/luni/src/test/java/libcore/java/security/OldKeyPairGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestRSA.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator3Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator4Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGeneratorSpiTest.java
-       libcore/luni/src/test/java/tests/security/interfaces/DSAKeyPairGeneratorTest.java
-     - java.security.KeyRep
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyRepTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyRepTypeTest.java
-     - java.security.KeyStore
-       libcore/luni/src/test/java/libcore/java/security/KeyStoreTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSCallbackHandlerProtectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSPasswordProtectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSPrivateKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSSecretKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSTrustedCertificateEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore3Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore4Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreBuilderTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStorePrivateKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreTest.java
-     - java.security.KeyStoreSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreSpiTest.java
-     - javax.crypto.Mac
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/MacTest.java
-     - java.security.MessageDigest
-       libcore/luni/src/test/java/libcore/java/security/MessageDigestTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD2.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD5.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA1.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA256.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA384.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA512.java
-     - java.security.MessageDigestSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigestSpiTest.java
-     - java.security.PrivateKey
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PrivateKeyTest.java
-     - java.security.PrivilegedAction
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PrivilegedActionTest.java
-     - java.security.Provider
-       libcore/luni/src/test/java/libcore/java/security/ProviderTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Provider2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderServiceTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java
-     - java.security.PublicKey
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PublicKeyTest.java
-     - java.security.Security
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Security2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecurityTest.java
-     - javax.net.ssl.SSLContext
-       libcore/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java
-     - javax.crypto.SecretKeyFactory
-       libcore/luni/src/test/java/libcore/javax/crypto/SecretKeyFactoryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/SecretKeyFactoryTest.java
-     - java.security.SecureRandom
-       libcore/luni/src/test/java/libcore/java/security/SecureRandomTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandom2Test.java
-       libcore/luni/src/test/java/tests/java/security/SecureRandomTest.java
-       libcore/luni/src/test/java/tests/targets/security/SecureRandomTestSHA1PRNG.java
-     - java.security.SecureRandomSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandomSpiTest.java
-     - java.security.Signature
-       libcore/crypto/src/test/java/org/conscrypt/OpenSSLSignatureTest.java
-       libcore/luni/src/test/java/libcore/java/security/SignatureTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Signature2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureTest.java
-       libcore/luni/src/test/java/tests/targets/security/SignatureTestMD2withRSA.java
-     - java.security.SignatureSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureSpiTest.java
-     - java.security.SignedObject
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignedObjectTest.java
-     - java.security.Signer
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignerTest.java
-     - java.security.Timestamp
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/TimestampTest.java
-     - java.security.cert.TrustAnchor
-       libcore/luni/src/test/java/tests/security/cert/TrustAnchorTest.java
-     - javax.net.ssl.TrustManagerFactory
-       libcore/luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
-     - java.net.URLConnection
-       libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java
-     - javax.security.auth.x500.X500Principal
-       libcore/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java
-       libcore/luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/auth/X500PrincipalTest.java
-     - javax.net.ssl.SSLSocket and javax.net.ssl.SSLEngine (which touch on Cipher, MessageDigest, Signature)
-       libcore/luni/src/test/java/libcore/javax/net/ssl/
-     - Test Android additions to bouncycastle such as org.bouncycastle.crypto.digests.OpenSSLDigest and org.bouncycastle.jce.provider.CertBlacklist
-       libcore/luni/src/test/java/com/android/org/bouncycastle/
-     - Exception "tests"
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GeneralSecurityExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidAlgorithmParameterExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidKeyExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidParameterExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyManagementExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/NoSuchAlgorithmExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/NoSuchProviderExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/UnrecoverableEntryExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/UnrecoverableKeyExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateEncodingExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateExpiredExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateNotYetValidExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateParsingExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CRLExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateEncodingException2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateEncodingExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateException2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateExpiredExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateNotYetValidExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateParsingExceptionTest.java
+  a) Create a new branch
 
+      repo start merge-xxx
 
-8) Do a full build before checking in:
+  b) Merge the changes in
 
-     m -j16
+      git fetch aosp upstream-master
+      git merge aosp/upstream-master
+
+  c) Resolve any conflicts.  Some common cases:
+
+     * If upstream changed a file that's deleted locally, we probably don't
+       need it
+     * If upstream added a file to a directory we deleted, we probably don't
+       need it
+
+  d) Confirm all changes
+
+      git diff aosp/master
+
+  e) Run the tests, commonly at least
+
+      cts -m CtsLibcoreTestCases
+      cts -m CtsLibcoreFileIOTestCases
+      cts -m CtsLibcoreJsr166TestCases
+      cts -m CtsLibcoreOjTestCases
+      cts -m CtsLibcoreOkHttpTestCases
+      cts -m CtsLibcoreWycheproofBCTestCases
+
+  e) Get the change reviewed
+
+      repo upload .
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
index 3119715..b3a39a9 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
@@ -320,20 +320,22 @@
         return HELPER.getAttributeCertificates(signedData.getCertificates());
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
-    //  * this SignedData structure.
-    //  *
-    //  * @param otherRevocationInfoFormat OID of the format type been looked for.
-    //  *
-    //  * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
-    //  */
-    // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
-    // {
-    //     return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    /**
+     * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
+     * this SignedData structure.
+     *
+     * @param otherRevocationInfoFormat OID of the format type been looked for.
+     *
+     * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
+     *
+    public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
+    {
+        return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Return the digest algorithm identifiers for the SignedData object
@@ -385,92 +387,94 @@
         return contentInfo.getEncoded();
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Verify all the SignerInformation objects and their associated counter signatures attached
-    //  * to this CMS SignedData object.
-    //  *
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @return true if all verify, false otherwise.
-    //  * @throws CMSException  if an exception occurs during the verification process.
-    //  */
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
-    //     throws CMSException
-    // {
-    //     return verifySignatures(verifierProvider, false);
-    // }
-    // 
-    // /**
-    //  * Verify all the SignerInformation objects and optionally their associated counter signatures attached
-    //  * to this CMS SignedData object.
-    //  *
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
-    //  * @return true if all verify, false otherwise.
-    //  * @throws CMSException  if an exception occurs during the verification process.
-    //  */
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
-    //     throws CMSException
-    // {
-    //     Collection signers = this.getSignerInfos().getSigners();
-    // 
-    //     for (Iterator it = signers.iterator(); it.hasNext();)
-    //     {
-    //         SignerInformation signer = (SignerInformation)it.next();
-    // 
-    //         try
-    //         {
-    //             SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
-    // 
-    //             if (!signer.verify(verifier))
-    //             {
-    //                 return false;
-    //             }
-    // 
-    //             if (!ignoreCounterSignatures)
-    //             {
-    //                 Collection counterSigners = signer.getCounterSignatures().getSigners();
-    // 
-    //                 for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //                 {
-    //                     if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //                     {
-    //                         return false;
-    //                     }
-    //                 }
-    //             }
-    //         }
-    //         catch (OperatorCreationException e)
-    //         {
-    //             throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
-    //         }
-    //     }
-    // 
-    //     return true;
-    // }
-    // 
-    // private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
-    //     throws OperatorCreationException, CMSException
-    // {
-    //     SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
-    // 
-    //     if (!counterSigner.verify(counterVerifier))
-    //     {
-    //         return false;
-    //     }
-    // 
-    //     Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
-    //     for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //     {
-    //         if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //         {
-    //             return false;
-    //         }
-    //     }
-    // 
-    //     return true;
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unknown reason
+    /*
+    /**
+     * Verify all the SignerInformation objects and their associated counter signatures attached
+     * to this CMS SignedData object.
+     *
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     * @return true if all verify, false otherwise.
+     * @throws CMSException  if an exception occurs during the verification process.
+     *
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
+        throws CMSException
+    {
+        return verifySignatures(verifierProvider, false);
+    }
+
+    /**
+     * Verify all the SignerInformation objects and optionally their associated counter signatures attached
+     * to this CMS SignedData object.
+     *
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
+     * @return true if all verify, false otherwise.
+     * @throws CMSException  if an exception occurs during the verification process.
+     *
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
+        throws CMSException
+    {
+        Collection signers = this.getSignerInfos().getSigners();
+
+        for (Iterator it = signers.iterator(); it.hasNext();)
+        {
+            SignerInformation signer = (SignerInformation)it.next();
+
+            try
+            {
+                SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
+
+                if (!signer.verify(verifier))
+                {
+                    return false;
+                }
+
+                if (!ignoreCounterSignatures)
+                {
+                    Collection counterSigners = signer.getCounterSignatures().getSigners();
+
+                    for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+                    {
+                        if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+                        {
+                            return false;
+                        }
+                    }
+                }
+            }
+            catch (OperatorCreationException e)
+            {
+                throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
+            }
+        }
+
+        return true;
+    }
+
+    private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
+        throws OperatorCreationException, CMSException
+    {
+        SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
+
+        if (!counterSigner.verify(counterVerifier))
+        {
+            return false;
+        }
+
+        Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
+        for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+        {
+            if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+    */
+    // END Android-removed: Unknown reason
 
     /**
      * Replace the SignerInformation store associated with this
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
index f180c09..86d4321 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
@@ -12,10 +12,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -41,21 +40,21 @@
     public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
     public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
     public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
     // public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
     // public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
     // public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
     public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
     public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
     // public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     private static final String  ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     private static final String  ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId();
@@ -180,33 +179,35 @@
         certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore));
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  *
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
-    //  */
-    // public void addOtherRevocationInfo(
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    //     ASN1Encodable          otherRevocationInfo)
-    // {
-    //     crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
-    // }
-    //
-    // /**
-    //  * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  *
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
-    //  */
-    // public void addOtherRevocationInfo(
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    //     Store                  otherRevocationInfos)
-    // {
-    //     crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    /**
+     * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
+     *
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
+     *
+    public void addOtherRevocationInfo(
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
+        ASN1Encodable          otherRevocationInfo)
+    {
+        crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
+    }
+
+    /**
+     * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
+     *
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
+     *
+    public void addOtherRevocationInfo(
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
+        Store                  otherRevocationInfos)
+    {
+        crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Add a store of pre-calculated signers to the generator.
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
index 11a927c..34a5e5b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
@@ -13,10 +13,9 @@
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -55,16 +54,16 @@
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -91,31 +90,33 @@
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA");
-        // BEGIN android-removed
-        // encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
-        //
-        // digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
-        // digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
+
+        digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
+        digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
+        */
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
         // digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestAliases.put("SHA1", new String[] { "SHA-1" });
         digestAliases.put("SHA224", new String[] { "SHA-224" });
@@ -229,35 +230,39 @@
         return new CollectionStore(new ArrayList());
     }
 
-    // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
-    // {
-    //     if (crlSet != null)
-    //     {
-    //         List    crlList = new ArrayList(crlSet.size());
-    //
-    //         for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-    //         {
-    //             ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
-    //
-    //             if (obj instanceof ASN1TaggedObject)
-    //             {
-    //                 ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
-    //
-    //                 if (tObj.getTagNo() == 1)
-    //                 {
-    //                     OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
-    //
-    //                     if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
-    //                     {
-    //                         crlList.add(other.getInfo());
-    //                     }
-    //                 }
-    //             }
-    //         }
-    //
-    //         return new CollectionStore(crlList);
-    //     }
-    //
-    //     return new CollectionStore(new ArrayList());
-    // }
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
+    {
+        if (crlSet != null)
+        {
+            List    crlList = new ArrayList(crlSet.size());
+
+            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
+            {
+                ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
+
+                if (obj instanceof ASN1TaggedObject)
+                {
+                    ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
+
+                    if (tObj.getTagNo() == 1)
+                    {
+                        OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
+
+                        if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
+                        {
+                            crlList.add(other.getInfo());
+                        }
+                    }
+                }
+            }
+
+            return new CollectionStore(crlList);
+        }
+
+        return new CollectionStore(new ArrayList());
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 }
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
index 0cd1f5f..11c58b7 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
@@ -23,13 +23,12 @@
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.ocsp.OCSPResponse;
 // import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
 // import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 // import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
 import org.bouncycastle.cert.X509CRLHolder;
@@ -49,12 +48,12 @@
     {
         des.add("DES");
         des.add("DESEDE");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // des.add(OIWObjectIdentifiers.desCBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId());
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     static boolean isDES(String algorithmID)
@@ -164,7 +163,7 @@
 
                     crls.add(c.toASN1Structure());
                 }
-                // BEGIN android-removed
+                // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
                 // else if (rev instanceof OtherRevocationInfoFormat)
                 // {
                 //     OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
@@ -173,7 +172,7 @@
                 //
                 //     crls.add(new DERTaggedObject(false, 1, infoFormat));
                 // }
-                // END android-removed
+                // END Android-removed: OtherRevocationInfoFormat isn't supported
                 else if (rev instanceof ASN1TaggedObject)
                 {
                     crls.add(rev);
@@ -188,36 +187,39 @@
         }
     }
 
-    // BEGIN android-removed
-    // private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
-    // {
-    //     if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
-    //     {
-    //         OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
-    //
-    //         if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
-    //         {
-    //             throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
-    //         }
-    //     }
-    // }
-    //
-    // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
-    // {
-    //     List others = new ArrayList();
-    //
-    //     for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
-    //     {
-    //         ASN1Encodable info = (ASN1Encodable)it.next();
-    //         OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
-    //         validateInfoFormat(infoFormat);
-    //
-    //         others.add(new DERTaggedObject(false, 1, infoFormat));
-    //     }
-    //
-    //     return others;
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
+    {
+        if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
+        {
+            OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
+
+            if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
+            {
+                throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
+            }
+        }
+    }
+
+    static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
+    {
+        List others = new ArrayList();
+
+        for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
+        {
+            ASN1Encodable info = (ASN1Encodable)it.next();
+            OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
+
+            validateInfoFormat(infoFormat);
+
+            others.add(new DERTaggedObject(false, 1, infoFormat));
+        }
+
+        return others;
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     static ASN1Set createBerSetFromList(List derObjects)
     {
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
index 2230c78..255efa5 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
@@ -4,10 +4,9 @@
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -36,16 +35,16 @@
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -72,21 +71,21 @@
         addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa, "RSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.id_RSASSA_PSS, "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
         // encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410");
@@ -96,20 +95,20 @@
         //
         // digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2");
         // digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5, "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1, "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224, "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256, "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384, "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512, "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411,  "GOST3411");
         // digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"),  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     /**
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
index 780d466..fb53743 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
@@ -16,27 +16,29 @@
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
+        // BEGIN Android-added: Add support for SHA-2 family signatures
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // END Android-added: Add support for SHA-2 family signatures
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA);
         RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm)
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
index e369185..3607c9b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
@@ -5,11 +5,10 @@
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -29,20 +28,20 @@
         //
         // digests
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
         // digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(OIWObjectIdentifiers.sha1WithRSA, OIWObjectIdentifiers.idSHA1);
 
         digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
 
@@ -53,49 +52,45 @@
         digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.id_sha512);
         digestOids.put(X9ObjectIdentifiers.id_dsa_with_sha1, OIWObjectIdentifiers.idSHA1);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, OIWObjectIdentifiers.idSHA1);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, NISTObjectIdentifiers.id_sha224);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, NISTObjectIdentifiers.id_sha256);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, NISTObjectIdentifiers.id_sha384);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha224, NISTObjectIdentifiers.id_sha224);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha256, NISTObjectIdentifiers.id_sha256);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.id_sha384);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha512, NISTObjectIdentifiers.id_sha512);
 
-        // BEGIN android-removed
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        //
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        //
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        //
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        //
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
+
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
+
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
+        */
+        // END Android-removed: Unsupported algorithms
 
 
         digestNameToOids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
@@ -103,38 +98,40 @@
         digestNameToOids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         digestNameToOids.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         digestNameToOids.put("SHA-512", NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
-        // digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
-        // digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
-        //
-        // digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
-        // digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        // digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
-        // digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
-        // digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
-        // digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
-        // digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
+        digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
 
-        // digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
-        // digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
-        // digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
-        // digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
-        //
-        // digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
-        // digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
-        //
-        // digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
-        //
-        // digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
-        // digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
-        // END android-removed
+        digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
+        digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
+        digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
+        digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
+        digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
+        digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
+        digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
+
+        digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+        digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+
+        digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
+        digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
+
+        digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
+
+        digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
+        digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         digestNameToOids.put("MD5", PKCSObjectIdentifiers.md5);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestNameToOids.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // digestNameToOids.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // digestNameToOids.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
@@ -157,4 +154,4 @@
     {
         return new AlgorithmIdentifier((ASN1ObjectIdentifier)digestNameToOids.get(digAlgName), DERNull.INSTANCE);
     }
-}
+}
\ No newline at end of file
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
index d1976af..1c80fb4 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
@@ -9,13 +9,12 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -38,17 +37,17 @@
     private static final ASN1ObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1;
     private static final ASN1ObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1;
     private static final ASN1ObjectIdentifier ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS;
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
     // private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
         // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
@@ -66,14 +65,14 @@
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -87,27 +86,29 @@
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
 
-        // BEGIN android-removed
-        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-        // algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-        // algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-        // algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-        // algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-        // algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-        // algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-        // algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-        // algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-        // algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-        // algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-        // algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
-        // algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
-        // algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+        algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+        algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+        algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+        algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+        algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+        algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+        algorithms.put("SHA224WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+        algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+        algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+        algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+        algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
+        algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
@@ -124,23 +125,26 @@
         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
 
-        // BEGIN Android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
         //
         // RFC 4491
         //
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+
         //
         // SPHINCS-256
         //
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
 
         //
         // SM2
         //
-        // noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
-        // END android-removed
+        noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // PKCS 1.5 encrypted  algorithms
@@ -150,11 +154,11 @@
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // explicit params
@@ -181,19 +185,19 @@
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     private static AlgorithmIdentifier generate(String signatureAlgorithm)
@@ -256,4 +260,4 @@
     {
         return generate(sigAlgName);
     }
-}
+}
\ No newline at end of file
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
index 74c0aa2..30d6e6f 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
@@ -4,33 +4,29 @@
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.ExtendedDigest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.GOST3411Digest;
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.MD5Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.SHA224Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA3Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.operator.OperatorCreationException;
 
@@ -78,85 +74,87 @@
                 return new SHA512Digest();
             }
         });
-        // BEGIN android-removed
-        // table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(224);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(256);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(384);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(512);
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD5Digest();
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD4Digest();
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD2Digest();
-        //     }
-        // });
-        // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new GOST3411Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD128Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD160Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD256Digest();
-        //     }
-        // });
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(224);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(256);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(384);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(512);
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD5Digest();
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD4Digest();
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD2Digest();
+            }
+        });
+        table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new GOST3411Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD128Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD160Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD256Digest();
+            }
+        });
+        */
+        // END Android-removed: Unsupported algorithms
 
         return Collections.unmodifiableMap(table);
     }
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
index 8ac72ea..a06792b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
@@ -25,11 +25,10 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
@@ -65,7 +64,7 @@
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
         // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
@@ -79,12 +78,12 @@
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
index d883a73..0225e6e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
@@ -80,7 +80,7 @@
         return (value != 0 ? TRUE : FALSE);
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Unknown reason
     /**
      * return a ASN1Boolean from the passed in array.
      */
@@ -90,7 +90,7 @@
         return (octets[0] != 0) ? TRUE : FALSE;
     }
 
-    // END android-added
+    // END Android-added: Unknown reason
     /**
      * return a Boolean from a tagged object.
      *
@@ -117,9 +117,7 @@
         }
     }
 
-    // BEGIN android-changed
-    protected ASN1Boolean(
-    // END android-changed
+    ASN1Boolean(
         byte[] value)
     {
         if (value.length != 1)
@@ -145,10 +143,9 @@
      * @deprecated use getInstance(boolean) method.
      * @param value true or false.
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected
     protected ASN1Boolean(
         boolean     value)
-    // END android-changed
     {
         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
index 0e2be64..6040676 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
@@ -3,6 +3,7 @@
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -110,10 +111,9 @@
     public ASN1GeneralizedTime(
         Date time)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -131,11 +131,11 @@
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(Locale.US));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -260,17 +260,15 @@
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -280,17 +278,15 @@
             d = this.getTime();
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -299,17 +295,15 @@
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
                 // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
index f1098e7..f39d120 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
@@ -8,12 +8,6 @@
 public abstract class ASN1Null
     extends ASN1Primitive
 {
-    // BEGIN android-added
-    /*package*/ ASN1Null()
-    {
-    }
-
-    // END android-added
     /**
      * Return an instance of ASN.1 NULL from the passed in object.
      * <p>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
index 50b8a49..bdfec4f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -155,13 +155,8 @@
             }
         }
 
-        // BEGIN android-changed
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
         this.identifier = objId.toString().intern();
-        // END android-changed
         this.body = Arrays.clone(bytes);
     }
 
@@ -182,13 +177,8 @@
             throw new IllegalArgumentException("string " + identifier + " not an OID");
         }
 
-        // BEGIN android-changed
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
         this.identifier = identifier.intern();
-        // END android-changed
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
index 41ce817..446af77 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
@@ -3,6 +3,7 @@
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -124,10 +125,9 @@
     public ASN1UTCTime(
         Date time)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -145,11 +145,11 @@
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -172,10 +172,9 @@
     public Date getDate()
         throws ParseException
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         return dateF.parse(getTime());
     }
@@ -190,10 +189,9 @@
     public Date getAdjustedDate()
         throws ParseException
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
index 7df2acf..3a86b1d 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
@@ -15,9 +15,8 @@
     /**
      * @deprecated use DERNull.INSTANCE
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected.
     protected DERNull()
-    // END android-changed
     {
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
index 59e96e8..1fc8ab0 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
@@ -8,9 +8,8 @@
 
 class StreamUtil
 {
-    // BEGIN android-removed
+    // Android-removed: Check max memory at runtime
     // private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-    // END android-removed
 
     /**
      * Find out possible longest length...
@@ -50,7 +49,7 @@
             }
         }
 
-        // BEGIN android-changed
+        // BEGIN Android-changed: Check max memory at runtime
         long maxMemory = Runtime.getRuntime().maxMemory();
         if (maxMemory > Integer.MAX_VALUE)
         {
@@ -58,7 +57,7 @@
         }
 
         return (int) maxMemory;
-        // END android-changed
+        // END Android-changed: Check max memory at runtime
     }
 
     static int calculateBodyLength(
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
index a4f3f3b..f43f9fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
@@ -72,23 +72,25 @@
      */
     public static final ASN1ObjectIdentifier bc_sig        = bc.branch("2");
 
-    // BEGIN android-removed
-    // /**
-    //  * Sphincs-256
-    //  */
-    // public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * Sphincs-256
+     *
+    public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
+    public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
 
-    // /**
-    //  * key_exchange(3) algorithms
-    //  */
-    // public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
+    /**
+     * key_exchange(3) algorithms
+     *
+    public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
 
-    // /**
-    //  * NewHope
-    //  */
-    // public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
-    // END android-removed
+    /**
+     * NewHope
+     *
+    public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
index 1592c75..2e8e039 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
@@ -28,9 +28,7 @@
  */
 public class ContentInfo
     extends ASN1Object
-    // BEGIN android-removed
-    // implements CMSObjectIdentifiers
-    // END android-removed
+    implements CMSObjectIdentifiers
 {
     private ASN1ObjectIdentifier contentType;
     private ASN1Encodable        content;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
index ed9a6c0..a6f8d8f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
@@ -2,6 +2,7 @@
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -71,10 +72,9 @@
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -105,11 +105,11 @@
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(tz);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
index 75df2aa..48d0320 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
@@ -13,12 +13,14 @@
     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
     /** PKCS#1: 1.2.840.113549.1.1.1 */
     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
-    // BEGIN android-removed
-    // /** PKCS#1: 1.2.840.113549.1.1.2 */
-    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-    // /** PKCS#1: 1.2.840.113549.1.1.3 */
-    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
-    // END android-removed
+    // BEGIN Android-removed: MD2 and MD4 are unsupported
+    /*
+    /** PKCS#1: 1.2.840.113549.1.1.2 *
+    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    /** PKCS#1: 1.2.840.113549.1.1.3 *
+    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    */
+    // END Android-removed: MD2 and MD4 are unsupported
     /** PKCS#1: 1.2.840.113549.1.1.4 */
     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
     /** PKCS#1: 1.2.840.113549.1.1.5 */
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
index 20f6ea3..dcde303 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
@@ -14,9 +14,9 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 
 /**
  * The AuthorityKeyIdentifier object.
@@ -108,9 +108,9 @@
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
@@ -129,9 +129,9 @@
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
index 989de4c..a99dddf 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
@@ -2,6 +2,7 @@
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -52,10 +53,9 @@
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -86,8 +86,8 @@
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
         // END android-changed
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
index 0c372f7..fafb68f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
@@ -255,10 +255,10 @@
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    // BEGIN android-changed
+    // BEGIN Android-changed: Use Boolean class constants instead of Boolean constructor
     private static final Boolean TRUE = Boolean.TRUE;
     private static final Boolean FALSE = Boolean.FALSE;
-    // END android-changed
+    // END Android-changed: Use Boolean class constants instead of Boolean constructor
 
     static
     {
@@ -448,9 +448,7 @@
                            throw new IllegalArgumentException("cannot encode value");
                        }
                    }
-                   // BEGIN android-changed
-                   added.addElement(Boolean.valueOf(i != 0));
-                   // END android-changed
+                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
             }
         }
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
index 454f322..b1b1416 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
@@ -78,8 +78,10 @@
                 }
                 else
                 {
-                    // BEGIN android-added
-                    // copied from a newer version of BouncyCastle
+                    // BEGIN Android-added: Unknown reason
+                    // This was previously marked with the comment "copied from a newer version
+                    // of BouncyCastle", but I couldn't find any evidence that it ever was included
+                    // in any version of BC
                     if (c == '#' && buf.charAt(buf.length() - 1) == '=')
                     {
                         buf.append('\\');
@@ -88,7 +90,7 @@
                     {
                         buf.append('\\');
                     }
-                    // END android-added
+                    // END Android-added: Unknown reason
                     buf.append(c);
                 }
             }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
index 5abcca9..0fc8737 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
@@ -4,15 +4,13 @@
 import java.util.Vector;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 
 /**
  * A general class that reads all X9.62 style EC curve tables.
@@ -41,17 +39,19 @@
             ecP = NISTNamedCurves.getByName(name);
         }
 
-        // BEGIN android-removed
-        // if (ecP == null)
-        // {
-        //     ecP = TeleTrusTNamedCurves.getByName(name);
-        // }
-        //
-        // if (ecP == null)
-        // {
-        //     ecP = ANSSINamedCurves.getByName(name);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (ecP == null)
+        {
+            ecP = TeleTrusTNamedCurves.getByName(name);
+        }
+
+        if (ecP == null)
+        {
+            ecP = ANSSINamedCurves.getByName(name);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -77,17 +77,19 @@
             oid = NISTNamedCurves.getOID(name);
         }
 
-        // BEGIN android-removed
-        // if (oid == null)
-        // {
-        //     oid = TeleTrusTNamedCurves.getOID(name);
-        // }
-        //
-        // if (oid == null)
-        // {
-        //     oid = ANSSINamedCurves.getOID(name);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (oid == null)
+        {
+            oid = TeleTrusTNamedCurves.getOID(name);
+        }
+
+        if (oid == null)
+        {
+            oid = ANSSINamedCurves.getOID(name);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return oid;
     }
@@ -109,24 +111,28 @@
             name = SECNamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
-        // if (name == null)
-        // {
-        //     name = TeleTrusTNamedCurves.getName(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (name == null)
+        {
+            name = TeleTrusTNamedCurves.getName(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         if (name == null)
         {
             name = X962NamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
-        // if (name == null)
-        // {
-        //    name = ECGOST3410NamedCurves.getName(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (name == null)
+        {
+            name = ECGOST3410NamedCurves.getName(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return name;
     }
@@ -150,17 +156,19 @@
 
         // NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup
 
-        // BEGIN android-removed
-        // if (ecP == null)
-        // {
-        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
-        // }
-        //
-        // if (ecP == null)
-        // {
-        //     ecP = ANSSINamedCurves.getByOID(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (ecP == null)
+        {
+            ecP = TeleTrusTNamedCurves.getByOID(oid);
+        }
+
+        if (ecP == null)
+        {
+            ecP = ANSSINamedCurves.getByOID(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -177,10 +185,10 @@
         addEnumeration(v, X962NamedCurves.getNames());
         addEnumeration(v, SECNamedCurves.getNames());
         addEnumeration(v, NISTNamedCurves.getNames());
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // addEnumeration(v, TeleTrusTNamedCurves.getNames());
         // addEnumeration(v, ANSSINamedCurves.getNames());
-        // END android-removed
+        // END Android-removed: Unsupported curves
 
         return v.elements();
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
index cab9ca6..c8f0775 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
@@ -16,6 +16,9 @@
 
 package org.bouncycastle.crypto.digests;
 
+import java.security.Security;
+import java.util.Locale;
+
 import org.bouncycastle.crypto.Digest;
 
 /**
@@ -23,65 +26,84 @@
  * for libcore but fallback to BouncyCastle ones on the RI.
  */
 public final class AndroidDigestFactory {
-    private static final String OpenSSLFactoryClassName
-            = AndroidDigestFactory.class.getName() + "OpenSSL";
-    private static final String BouncyCastleFactoryClassName
-            = AndroidDigestFactory.class.getName() + "BouncyCastle";
+    private static final AndroidDigestFactoryInterface CONSCRYPT;
+    private static final AndroidDigestFactoryInterface BC;
 
-    private static final AndroidDigestFactoryInterface FACTORY;
     static {
-        Class factoryImplementationClass;
-        try {
-            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
-            // Double check for NativeCrypto in case we are running on RI for testing
-            Class.forName("com.android.org.conscrypt.NativeCrypto");
-        } catch (ClassNotFoundException e1) {
-            try {
-                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
-            } catch (ClassNotFoundException e2) {
-                AssertionError e = new AssertionError("Failed to load "
-                                         + "AndroidDigestFactoryInterface "
-                                         + "implementation. Looked for "
-                                         + OpenSSLFactoryClassName + " and "
-                                         + BouncyCastleFactoryClassName);
-                e.initCause(e1);
-                throw e;
+        BC = new AndroidDigestFactoryBouncyCastle();
+        if (Security.getProvider("AndroidOpenSSL") != null) {
+            CONSCRYPT = new AndroidDigestFactoryOpenSSL();
+        } else {
+            if (System.getProperty("java.vendor", "").toLowerCase(Locale.US).contains("android")) {
+                throw new AssertionError("Provider AndroidOpenSSL must exist");
             }
-        }
-        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
-            throw new AssertionError(factoryImplementationClass
-                                     + "does not implement AndroidDigestFactoryInterface");
-        }
-        try {
-            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
-        } catch (InstantiationException e) {
-            throw new AssertionError(e);
-        } catch (IllegalAccessException e) {
-            throw new AssertionError(e);
+            CONSCRYPT = null;
         }
     }
 
     public static Digest getMD5() {
-        return FACTORY.getMD5();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getMD5();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getMD5();
     }
 
     public static Digest getSHA1() {
-        return FACTORY.getSHA1();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA1();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA1();
     }
 
     public static Digest getSHA224() {
-        return FACTORY.getSHA224();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA224();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA224();
     }
 
     public static Digest getSHA256() {
-        return FACTORY.getSHA256();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA256();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA256();
     }
 
     public static Digest getSHA384() {
-        return FACTORY.getSHA384();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA384();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA384();
     }
 
     public static Digest getSHA512() {
-        return FACTORY.getSHA512();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA512();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA512();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
index e3c596d..2c23bed 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
@@ -64,110 +64,112 @@
         return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
     }
 
-    // BEGIN android-removed
-    // /*
-    //  * curve25519
-    //  */
-    // static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
-    // {
-    //    protected X9ECParameters createParameters()
-    //    {
-    //        byte[] S = null;
-    //        ECCurve curve = configureCurve(new Curve25519());
-    //
-    //        /*
-    //         * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
-    //         * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
-    //         * 
-    //         * The Curve25519 paper doesn't say which of the two possible y values the base
-    //         * point has. The choice here is guided by language in the Ed25519 paper.
-    //         * 
-    //         * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
-    //         */
-    //        X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //            + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
-    //            + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
-    //
-    //        return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //    }
-    // };
-    //
-    // /*
-    //  * secp128r1
-    //  */
-    // static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
-    //         ECCurve curve = configureCurve(new SecP128R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "161FF7528B899B2D0C28607CA52C5B86"
-    //             + "CF5AC8395BAFEB13C02DA292DDED7A83"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160k1
-    //  */
-    // static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         GLVTypeBParameters glv = new GLVTypeBParameters(
-    //             new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
-    //             new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
-    //             new BigInteger[]{
-    //                 new BigInteger("9162fbe73984472a0a9e", 16),
-    //                 new BigInteger("-96341f1138933bc2f505", 16) },
-    //             new BigInteger[]{
-    //                 new BigInteger("127971af8721782ecffa3", 16),
-    //                 new BigInteger("9162fbe73984472a0a9e", 16) },
-    //             new BigInteger("9162fbe73984472a0a9d0590", 16),
-    //             new BigInteger("96341f1138933bc2f503fd44", 16),
-    //             176);
-    //         ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
-    //             + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160r1
-    //  */
-    // static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
-    //         ECCurve curve = configureCurve(new SecP160R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "4A96B5688EF573284664698968C38BB913CBFC82"
-    //             + "23A628553168947D59DCC912042351377AC5FB32"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160r2
-    //  */
-    // static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
-    //         ECCurve curve = configureCurve(new SecP160R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
-    //             + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    // END android-removed
+    // BEGIN Android-removed: Unsupported curves
+    /*
+    /*
+     * curve25519
+     *
+    static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new Curve25519());
+
+            /*
+             * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
+             * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
+             * 
+             * The Curve25519 paper doesn't say which of the two possible y values the base
+             * point has. The choice here is guided by language in the Ed25519 paper.
+             * 
+             * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
+             *
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
+                + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
+
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp128r1
+     *
+    static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
+            ECCurve curve = configureCurve(new SecP128R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "161FF7528B899B2D0C28607CA52C5B86"
+                + "CF5AC8395BAFEB13C02DA292DDED7A83"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160k1
+     *
+    static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
+                new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
+                new BigInteger[]{
+                    new BigInteger("9162fbe73984472a0a9e", 16),
+                    new BigInteger("-96341f1138933bc2f505", 16) },
+                new BigInteger[]{
+                    new BigInteger("127971af8721782ecffa3", 16),
+                    new BigInteger("9162fbe73984472a0a9e", 16) },
+                new BigInteger("9162fbe73984472a0a9d0590", 16),
+                new BigInteger("96341f1138933bc2f503fd44", 16),
+                176);
+            ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
+                + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160r1
+     *
+    static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
+            ECCurve curve = configureCurve(new SecP160R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "4A96B5688EF573284664698968C38BB913CBFC82"
+                + "23A628553168947D59DCC912042351377AC5FB32"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160r2
+     *
+    static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
+            ECCurve curve = configureCurve(new SecP160R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
+                + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     /*
      * secp192k1
@@ -333,295 +335,297 @@
         }
     };
 
-    // BEGIN android-removed
-    // /*
-    //  * sect113r1
-    //  */
-    // static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
-    //         ECCurve curve = configureCurve(new SecT113R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "009D73616F35F4AB1407D73562C10F"
-    //             + "00A52830277958EE84D1315ED31886"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    // BEGIN Android-removed: Unsupported curves
+    /*
+    /*
+     * sect113r1
+     *
+    static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
+            ECCurve curve = configureCurve(new SecT113R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "009D73616F35F4AB1407D73562C10F"
+                + "00A52830277958EE84D1315ED31886"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect113r2
-    //  */
-    // static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
-    //         ECCurve curve = configureCurve(new SecT113R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01A57A6A7B26CA5EF52FCDB8164797"
-    //             + "00B3ADC94ED1FE674C06E695BABA1D"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect113r2
+     *
+    static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
+            ECCurve curve = configureCurve(new SecT113R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "01A57A6A7B26CA5EF52FCDB8164797"
+                + "00B3ADC94ED1FE674C06E695BABA1D"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect131r1
-    //  */
-    // static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
-    //         ECCurve curve = configureCurve(new SecT131R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0081BAF91FDF9833C40F9C181343638399"
-    //             + "078C6E7EA38C001F73C8134B1B4EF9E150"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect131r1
+     *
+    static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
+            ECCurve curve = configureCurve(new SecT131R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0081BAF91FDF9833C40F9C181343638399"
+                + "078C6E7EA38C001F73C8134B1B4EF9E150"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect131r2
-    //  */
-    // static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
-    //         ECCurve curve = configureCurve(new SecT131R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0356DCD8F2F95031AD652D23951BB366A8"
-    //             + "0648F06D867940A5366D9E265DE9EB240F"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect131r2
+     *
+    static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
+            ECCurve curve = configureCurve(new SecT131R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0356DCD8F2F95031AD652D23951BB366A8"
+                + "0648F06D867940A5366D9E265DE9EB240F"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163k1
-    //  */
-    // static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT163K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
-    //             + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163k1
+     *
+    static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT163K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
+                + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163r1
-    //  */
-    // static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
-    //         ECCurve curve = configureCurve(new SecT163R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0369979697AB43897789566789567F787A7876A654"
-    //             + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163r1
+     *
+    static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
+            ECCurve curve = configureCurve(new SecT163R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0369979697AB43897789566789567F787A7876A654"
+                + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163r2
-    //  */
-    // static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
-    //         ECCurve curve = configureCurve(new SecT163R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
-    //             + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163r2
+     *
+    static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
+            ECCurve curve = configureCurve(new SecT163R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
+                + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect193r1
-    //  */
-    // static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
-    //         ECCurve curve = configureCurve(new SecT193R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
-    //             + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect193r1
+     *
+    static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
+            ECCurve curve = configureCurve(new SecT193R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
+                + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect193r2
-    //  */
-    // static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
-    //         ECCurve curve = configureCurve(new SecT193R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
-    //             + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect193r2
+     *
+    static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
+            ECCurve curve = configureCurve(new SecT193R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
+                + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect233k1
-    //  */
-    // static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT233K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
-    //             + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect233k1
+     *
+    static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT233K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
+                + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect233r1
-    //  */
-    // static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
-    //         ECCurve curve = configureCurve(new SecT233R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
-    //             + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect233r1
+     *
+    static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
+            ECCurve curve = configureCurve(new SecT233R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
+                + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect239k1
-    //  */
-    // static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT239K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
-    //             + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect239k1
+     *
+    static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT239K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
+                + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect283k1
-    //  */
-    // static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT283K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
-    //             + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect283k1
+     *
+    static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT283K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
+                + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect283r1
-    //  */
-    // static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
-    //         ECCurve curve = configureCurve(new SecT283R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
-    //             + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect283r1
+     *
+    static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
+            ECCurve curve = configureCurve(new SecT283R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
+                + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect409k1
-    //  */
-    // static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT409K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
-    //             + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect409k1
+     *
+    static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT409K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
+                + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect409r1
-    //  */
-    // static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
-    //         ECCurve curve = configureCurve(new SecT409R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
-    //             + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect409r1
+     *
+    static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
+            ECCurve curve = configureCurve(new SecT409R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
+                + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect571k1
-    //  */
-    // static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT571K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
-    //             + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect571k1
+     *
+    static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT571K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
+                + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect571r1
-    //  */
-    // static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
-    //         ECCurve curve = configureCurve(new SecT571R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
-    //             + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    // END android-removed
+    /*
+     * sect571r1
+     *
+    static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
+            ECCurve curve = configureCurve(new SecT571R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
+                + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     
     static final Hashtable nameToCurve = new Hashtable();
@@ -662,21 +666,19 @@
 
     static
     {
-        // BEGIN android-removed
-        // defineCurve("curve25519", curve25519);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        defineCurve("curve25519", curve25519);
 
 //        defineCurveWithOID("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1);
 //        defineCurveWithOID("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2);
-        // BEGIN android-removed
-        // defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
-        // END android-removed
+        defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
 //        defineCurveWithOID("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2);
-        // BEGIN android-removed
-        // defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
-        // defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
-        // defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
-        // END android-removed
+        defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
+        defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
+        defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
+        */
+        // END Android-removed: Unsupported curves
         defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
         defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
         defineCurveWithOID("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
@@ -686,38 +688,40 @@
         defineCurveWithOID("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1);
         defineCurveWithOID("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1);
 
-        // BEGIN android-removed
-        // defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
-        // defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
-        // defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
-        // defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
-        // defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
-        // defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
-        // defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
-        // defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
-        // defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
-        // defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
-        // defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
-        // defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
-        // defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
-        // defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
-        // defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
-        // defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
-        // defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
-        // defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
+        defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
+        defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
+        defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
+        defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
+        defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
+        defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
+        defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
+        defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
+        defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
+        defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
+        defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
+        defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
+        defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
+        defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
+        defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
+        defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
+        defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
 
-        // defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
-        // defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
-        // defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
-        // defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
-        // defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
+        defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
+        defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
+        defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
+        defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
+        defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
 
-        // defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
-        // defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
-        // defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
-        // defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
-        // defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
-        // END android-removed
+        defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
+        defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
+        defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
+        defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
+        defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
+        */
+        // END Android-removed: Unsupported curves
 
         defineCurveAlias("P-192", SECObjectIdentifiers.secp192r1);
         defineCurveAlias("P-224", SECObjectIdentifiers.secp224r1);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
index b5505f4..8df1069 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
@@ -7,13 +7,10 @@
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-remnoved
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -32,10 +29,9 @@
     public OAEPEncoding(
         AsymmetricBlockCipher   cipher)
     {
-        // BEGIN android-changed
-        // Was: this(cipher, DigestFactory.createSHA1(), null);
+        // Android-changed: Use Android digests
+        // this(cipher, DigestFactory.createSHA1(), null);
         this(cipher, AndroidDigestFactory.getSHA1(), null);
-        // END android-changed
     }
     
     public OAEPEncoding(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
index b36ae58..e79557f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
@@ -390,12 +390,6 @@
         {
             badType = (type != 1);
         }
-        // BEGIN android-added
-        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
-        {
-            throw new InvalidCipherTextException("invalid block type " + type);
-        }
-        // END android-added
 
         //
         // find and extract the message block.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
index 7274bf9..652d8ac 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
@@ -6,16 +6,13 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -56,9 +53,9 @@
     //
     // checksum digest
     //
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // Digest  sha1 = DigestFactory.createSHA1();
     Digest  sha1 = AndroidDigestFactory.getSHA1();
-    // END android-changed
     byte[]  digest = new byte[20];
 
    /**
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
index a0728b2..1075f22 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
@@ -3,17 +3,15 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
-// BEGIN android-added
+// Android-added: Log long-running operation
 import java.util.logging.Logger;
-// END android-added
 import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
-    // BEGIN android-added
+    // Android-added: Log long-running operation
     private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
-    // END android-added
 
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
@@ -25,20 +23,19 @@
      */
     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         logger.info("Generating safe primes. This may take a long time.");
         long start = System.currentTimeMillis();
         int tries = 0;
-        // END android-added
+        // END Android-added: Log long-running operation
         BigInteger p, q;
         int qLength = size - 1;
         int minWeight = size >>> 2;
 
         for (;;)
         {
-            // BEGIN android-added
+            // Android-added: Log long-running operation
             tries++;
-            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
@@ -67,11 +64,11 @@
 
             break;
         }
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         long end = System.currentTimeMillis();
         long duration = end - start;
         logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
-        // END android-added
+        // END Android-added: Log long-running operation
 
         return new BigInteger[] { p, q };
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index cec79e0..961b367 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -7,10 +7,9 @@
 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAValidationParameters;
-// BEGIN android-changed
-// Was: import org.bouncycastle.crypto.util.DigestFactory;
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.encoders.Hex;
@@ -34,9 +33,9 @@
 
     public DSAParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public DSAParametersGenerator(Digest digest)
@@ -131,9 +130,9 @@
         int             n = (L - 1) / 160;
         byte[]          w = new byte[L / 8];
 
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // if (!(digest instanceof SHA1Digest))
         if (!(digest.getAlgorithmName().equals("SHA-1")))
-        // END android-changed
         {
             throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
index e6ec53a..3e850c1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
@@ -3,13 +3,11 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 
 /**
  * Generator for PBE derived keys and ivs as usd by OpenSSL.
@@ -21,9 +19,9 @@
 public class OpenSSLPBEParametersGenerator
     extends PBEParametersGenerator
 {
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // private Digest  digest = DigestFactory.createMD5();
     private Digest  digest = AndroidDigestFactory.getMD5();
-    // END android-changed
 
     /**
      * Construct a OpenSSL Parameters generator. 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
index 3089f8c..c45c84f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
@@ -4,15 +4,12 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -34,9 +31,9 @@
      */
     public PKCS5S2ParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public PKCS5S2ParametersGenerator(Digest digest)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
index 600a317..5868262 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
@@ -36,29 +36,29 @@
     {
         blockLengths = new Hashtable();
         
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("GOST3411", Integers.valueOf(32));
         //
         // blockLengths.put("MD2", Integers.valueOf(16));
         // blockLengths.put("MD4", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         blockLengths.put("MD5", Integers.valueOf(64));
-        
-        // BEGIN android-removed
+
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("RIPEMD128", Integers.valueOf(64));
         // blockLengths.put("RIPEMD160", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         
         blockLengths.put("SHA-1", Integers.valueOf(64));
         blockLengths.put("SHA-224", Integers.valueOf(64));
         blockLengths.put("SHA-256", Integers.valueOf(64));
         blockLengths.put("SHA-384", Integers.valueOf(128));
         blockLengths.put("SHA-512", Integers.valueOf(128));
-        
-        // BEGIN android-removed
+
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("Tiger", Integers.valueOf(64));
         // blockLengths.put("Whirlpool", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
     
     private static int getByteLength(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
index 1ba5ebb..c6453a3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
@@ -24,11 +24,11 @@
     implements AEADBlockCipher
 {
     private static final int BLOCK_SIZE = 16;
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     // 2^36-32 : limitation imposed by NIST GCM as otherwise the counter is wrapped and it can leak
     // plaintext and authentication key
     private static final long MAX_INPUT_SIZE = 68719476704L;
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     // not final due to a compiler bug
     private BlockCipher   cipher;
@@ -238,13 +238,13 @@
         return totalData < macSize ? 0 : totalData - macSize;
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     /** Helper used to ensure that {@link #MAX_INPUT_SIZE} is not exceeded. */
     private long getTotalInputSizeAfterNewInput(int newInputLen)
     {
         return totalLength + newInputLen + bufOff;
     }
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     public int getUpdateOutputSize(int len)
     {
@@ -263,11 +263,11 @@
     public void processAADByte(byte in)
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         atBlock[atBlockPos] = in;
         if (++atBlockPos == BLOCK_SIZE)
         {
@@ -280,11 +280,11 @@
 
     public void processAADBytes(byte[] in, int inOff, int len)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         for (int i = 0; i < len; ++i)
         {
             atBlock[atBlockPos] = in[inOff + i];
@@ -323,12 +323,12 @@
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
-
+        // END Android-added: Max input size limitation from NIST.
+        
         bufBlock[bufOff] = in;
         if (++bufOff == bufBlock.length)
         {
@@ -342,11 +342,11 @@
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
 
         if (in.length < (inOff + len))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
index a8ef959..45c8b57 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
@@ -39,11 +39,11 @@
      */
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
         oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
@@ -53,10 +53,17 @@
         oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224);
         oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256);
 
-        // BEGIN android-removed
-        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        oidMap.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+        oidMap.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        oidMap.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        oidMap.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+
+        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 0175aa1..911f1da 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -9,9 +9,8 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -33,10 +32,9 @@
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
 /**
@@ -102,16 +100,18 @@
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        // BEGIN android-removed
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        // {
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //     ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-        //
-        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-        //         params.getP(), params.getG()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        {
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+            ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
+
+            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+                params.getP(), params.getG()));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index 042c68e..8602887 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -11,9 +11,8 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DEROctetString;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -40,10 +39,9 @@
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
 /**
@@ -137,16 +135,18 @@
 
             return new DHPublicKeyParameters(derY.getValue(), dhParams);
         }
-        // BEGIN android-removed
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        // {
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //     ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
-        //
-        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-        //         params.getP(), params.getG()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithm
+        /*
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        {
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+            ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
+
+            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+                params.getP(), params.getG()));
+        }
+        */
+        // END Android-removed: Unsupported algorithm
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
index 579b973..dcc963c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
@@ -36,10 +36,10 @@
             provider.addAttributes("KeyAgreement.DH", generalDhAttributes);
             provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi");
             provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_ESDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_SSDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.DH", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH");
@@ -51,22 +51,19 @@
 
             provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
-            //
-            // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
-            //
-            // provider.addAlgorithm("Cipher.OLDDHIES", PREFIX + "IESCipher$OldIES");
-            // provider.addAlgorithm("Cipher.OLDDHIESwithAES", PREFIX + "IESCipher$OldIESwithAES");
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHAES", PREFIX + "IESCipher$OldIESwithAES");
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHDESEDE", PREFIX + "IESCipher$OldIESwithDESede");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
+            provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
+
+            provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
+            provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
             registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
index 70ae120..44bf12e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
@@ -27,52 +27,52 @@
             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
 
-            // BEGIN android-changed
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
+            // provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
             provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
-            // END android-changed
+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
 
             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
 
-            // provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
-            // provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
-            // provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
-            // END android-removed
+            provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
+            provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
+            provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
             addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
 
-            // BEGIN android-added
-            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
-            // END android-added
+            addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
+            addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
+            addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
+            addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
+            */
+            // END Android-removed: Unsupported algorithms
 
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
-            // addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
-            // addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
-            // addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
-            // END android-removed
-
-            // BEGIN android-changed
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
             provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
@@ -82,19 +82,19 @@
             provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-            // END android-changed
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
 
             for (int i = 0; i != DSAUtil.dsaOids.length; i++)
             {
-                // BEGIN android-changed
+                // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
                 provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA");
-                // END android-changed
+                // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
                 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
                 registerOidAlgorithmParameterGenerator(provider, DSAUtil.dsaOids[i], "DSA");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
index 1c49da9..016b465 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
@@ -3,20 +3,20 @@
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 // import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.Properties;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 public class EC
 {
@@ -43,146 +43,144 @@
 
             provider.addAttributes("KeyAgreement.ECDH", generalEcAttributes);
             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
-            // BEGIN android-removed
-            // provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
-            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-            // provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
-            // provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
-            //
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-            //
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
+            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+            provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
+            provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
+
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
+
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
+            */
+            // END Android-removed: Unsupported algorithms
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
-            // BEGIN android-added
-            // We were having this one in 1.52. As of 1.54 this one is under
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
-            // below
-            registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // END android-added
 
-            // BEGIN android-removed
-            // registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // END android-removed
-            // BEGIN android-removed
-            // // Android comment: the registrations in this block are causing CTS tests to fail
-            // // and don't seem to be implemented by bouncycastle (so looks like an bug in
-            // // bouncycastle).
-            // // TODO(20447540): check if this occurs in upstream bouncycastle and report accordingly
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            // END android-removed
-            // BEGIN android-removed
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
-            //
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
-            // {
-            //     provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-            //
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
-            //
-            //     provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
-            //
-            //     registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //     registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
-            //
-            //     provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-            //     provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
+
+            if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
+            {
+                provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
+
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
+
+                provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
+
+            */
+            // END Android-removed: Unsupported algorithms
+                registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+                registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
+
+                provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+                provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
+            }
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
+            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
+            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            //
-            // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
-            //
-            // provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            //
-            // provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
+            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
+            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
 
-            // BEGIN android-changed
+            provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
+
+            provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+
+            provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // BEGIN Android-changed: Change primary ID from ECDSA to SHA1withECDSA
             provider.addAlgorithm("Signature.SHA1withECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
 
@@ -193,60 +191,64 @@
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
-            // END android-changed
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-            //
-            // provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
-            // provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
-            // provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
+            // END Android-changed: Change primary ID from ECDSA to SHA1withECDSA
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
 
-            // provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
-            // END android-removed
+            provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+            provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+            provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
+            provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
+            provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
+
+            provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
-            // addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
-            // addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
-            // addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
-            //
-            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-            //
-            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-            //
-            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-            // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-            // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-            //
-            // addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-            // addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-            // addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-            // addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-            // addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-            // addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
+            addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
+            addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
+            addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
+
+            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+
+            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
+            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
+            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
+            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
+            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
+
+            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+            addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+
+            addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+            addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+            addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+            addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+            addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+            addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
index 86026cc..4eb01a3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
@@ -7,9 +7,8 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -40,48 +39,58 @@
             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
             provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-224WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-256WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-384WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-512WITHRSAANDMGF1", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.RSA", generalRsaAttributes);
             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
-            // BEGIN android-changed
+            // Android-changed: Use an alias for RSA/RAW instead of a concrete implementation
             provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
-            // END android-changed
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
+            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
+            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
@@ -91,128 +100,145 @@
             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
-            // BEGIN android-removed
-            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-            //
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-            //
-            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            //
-            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-            //
-            // addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-            // addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-            // addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-            // addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-            // addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
-            // addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
-            //
-            // addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
-            // addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
-            // addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
-            // addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            // {
-            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-            // }
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
-            // {
-            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
+
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
+            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
+
+            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+
+            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
+            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
+
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
+
+            addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
+            addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
+            addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
+
+            addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
+            addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
+            addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
+            addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
+
+            if (provider.hasAlgorithm("MessageDigest", "MD2"))
+            {
+                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "MD4"))
+            {
+                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
 
             if (provider.hasAlgorithm("MessageDigest", "MD5"))
             {
                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "MD5", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-                // END android-removed
             }
 
             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
             {
-                // BEGIN android-removed
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-                //
-                // addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
-                // END android-removed
+                // BEGIN Android-removed: Unsupported algorithms
+                /*
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
+
+                addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+                */
+                // END Android-removed: Unsupported algorithms
                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "SHA1", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
 
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
 
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // addX931Signature(provider, "SHA1", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
             }
 
             addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
             addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-            // BEGIN android-removed
-            // addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
-            // addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
-            //
-            // addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
-            // addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
-            // addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
-            // addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
-            //
-            // addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
-            //
-            // addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
-            // addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
-            // addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
-            // addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-            // {
-            //    addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-            //    addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-            //
-            //    addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            //    addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            // }
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-            // {
-            //    addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-            //    addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-            //    provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-            //    provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-            //
-            //    addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            //    addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
+            addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
+
+            addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
+            addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
+            addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
+            addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
+
+            addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
+            addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
+            addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
+
+            addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
+            addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
+            addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
+            addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
+            addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
+            addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
+            {
+                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+
+                addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+                addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
+            {
+                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
+                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+
+                addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+                addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
+            {
+                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
+            {
+                addISO9796Signature(provider, "Whirlpool", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addISO9796Signature(provider, "WHIRLPOOL", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "Whirlpool", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "WHIRLPOOL", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         private void addDigestSignature(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
index a9fb6b2..12a9f6f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
@@ -18,10 +18,10 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
             // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             //
             // certificate factories.
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
index f5e8d0e..890674e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
@@ -16,10 +16,9 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 
@@ -234,14 +233,16 @@
         return bigIntToBytes(result);
     }
 
-    // BEGIN android-removed
-    // public static class DHwithRFC2631KDF
-    //    extends KeyAgreementSpi
-    // {
-    //    public DHwithRFC2631KDF()
-    //     {
-    //         super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    public static class DHwithRFC2631KDF
+        extends KeyAgreementSpi
+    {
+        public DHwithRFC2631KDF()
+        {
+            super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
index 6374419..0384b1c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
@@ -21,27 +21,15 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.digests.SHA224Digest;
-// import org.bouncycastle.crypto.digests.SHA256Digest;
-// import org.bouncycastle.crypto.digests.SHA384Digest;
-// import org.bouncycastle.crypto.digests.SHA512Digest;
-// END android-removed
-// BEGIN android-added
+// Android-added: Check DSA keys when generated
 import org.bouncycastle.crypto.params.DSAKeyParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
-// END android-added
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.params.ParametersWithRandom;
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DSASigner
@@ -83,13 +71,11 @@
         PrivateKey  privateKey)
         throws InvalidKeyException
     {
-        CipherParameters    param;
+        CipherParameters    param = DSAUtil.generatePrivateKeyParameter(privateKey);
 
-        param = DSAUtil.generatePrivateKeyParameter(privateKey);
-        // BEGIN android-added
+        // Android-added: Check DSA keys when generated
         DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters();
         checkKey(dsaParam);
-        // END android-added
 
         if (random != null)
         {
@@ -163,7 +149,7 @@
         throw new UnsupportedOperationException("engineSetParameter unsupported");
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Check DSA keys when generated
     protected void checkKey(DSAParameters params) throws InvalidKeyException {
         int valueL = params.getP().bitLength();
         int valueN = params.getQ().bitLength();
@@ -184,7 +170,7 @@
         }
     }
 
-    // END android-added
+    // END Android-added: Check DSA keys when generated
     /**
      * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
      */
@@ -238,171 +224,180 @@
     {
         public stdDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class detDSA
-    //     extends DSASigner
-    // {
-    //     public detDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class detDSA
+        extends DSASigner
+    {
+        public detDSA()
+        {
+            super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa224
         extends DSASigner
     {
         public dsa224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class detDSA224
-    //     extends DSASigner
-    // {
-    //     public detDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class detDSA224
+        extends DSASigner
+    {
+        public detDSA224()
+        {
+            super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa256
         extends DSASigner
     {
         public dsa256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
-    // BEGIN android-removed
-    // static public class detDSA256
-    //     extends DSASigner
-    // {
-    //     public detDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
-    //     }
-    // }
-    //
-    // static public class dsa384
-    //     extends DSASigner
-    // {
-    //     public dsa384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSA384
-    //     extends DSASigner
-    // {
-    //     public detDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
-    //     }
-    // }
-    //
-    // static public class dsa512
-    //     extends DSASigner
-    // {
-    //     public dsa512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSA512
-    //     extends DSASigner
-    // {
-    //     public detDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_224
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_224
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_256
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_256
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_384
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_384
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_512
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_512
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
-    //     }
-    // }
-    // END android-removed
+
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class detDSA256
+        extends DSASigner
+    {
+        public detDSA256()
+        {
+            super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
+        }
+    }
+
+    static public class dsa384
+        extends DSASigner
+    {
+        public dsa384()
+        {
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSA384
+        extends DSASigner
+    {
+        public detDSA384()
+        {
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
+        }
+    }
+
+    static public class dsa512
+        extends DSASigner
+    {
+        public dsa512()
+        {
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSA512
+        extends DSASigner
+    {
+        public detDSA512()
+        {
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
+        }
+    }
+
+    static public class dsaSha3_224
+        extends DSASigner
+    {
+        public dsaSha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_224
+        extends DSASigner
+    {
+        public detDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
+        }
+    }
+
+    static public class dsaSha3_256
+        extends DSASigner
+    {
+        public dsaSha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_256
+        extends DSASigner
+    {
+        public detDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
+        }
+    }
+
+    static public class dsaSha3_384
+        extends DSASigner
+    {
+        public dsaSha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_384
+        extends DSASigner
+    {
+        public detDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
+        }
+    }
+
+    static public class dsaSha3_512
+        extends DSASigner
+    {
+        public dsaSha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_512
+        extends DSASigner
+    {
+        public detDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class noneDSA
         extends DSASigner
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
index 10bac46..d768ae6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
@@ -26,9 +26,8 @@
     public static final ASN1ObjectIdentifier[] dsaOids =
     {
         X9ObjectIdentifiers.id_dsa,
-        // BEGIN android-added
+        // Android-added: Add missing OID for DSA-with-SHA1
         X9ObjectIdentifiers.id_dsa_with_sha1,
-        // END android-added
         OIWObjectIdentifiers.dsaWithSHA1
     };
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
index 6e1eda2..dd28631 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
@@ -14,32 +14,32 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
 // import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
 // import org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator;
 // import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.MQVPrivateParameters;
 // import org.bouncycastle.crypto.params.MQVPublicParameters;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.MQVParameterSpec;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jce.interfaces.MQVPrivateKey;
 // import org.bouncycastle.jce.interfaces.MQVPublicKey;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 /**
  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
@@ -57,9 +57,8 @@
     private ECDomainParameters     parameters;
     private BasicAgreement         agreement;
 
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // private MQVParameterSpec       mqvParameters;
-    // END android-removed
     private BigInteger             result;
 
     protected KeyAgreementSpi(
@@ -95,31 +94,33 @@
         }
 
         CipherParameters pubKey;        
-        // BEGIN android-removed
-        // if (agreement instanceof ECMQVBasicAgreement)
-        // {
-        //     if (!(key instanceof MQVPublicKey))
-        //     {
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter((PublicKey)key);
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
-        //
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        //     }
-        //     else
-        //     {
-        //         MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-        //
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        //     }
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (agreement instanceof ECMQVBasicAgreement)
+        {
+            if (!(key instanceof MQVPublicKey))
+            {
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter((PublicKey)key);
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
+
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
+            }
+            else
+            {
+                MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
+            }
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PublicKey))
             {
@@ -133,7 +134,9 @@
         try
         {
             result = agreement.calculateAgreement(pubKey);
-        } catch (final Exception e) {
+        }
+        catch (final Exception e)
+        {
             throw new InvalidKeyException("calculation failed: " + e.getMessage())
             {
                 public Throwable getCause()
@@ -142,6 +145,7 @@
                             }
             };
         }
+
         return null;
     }
 
@@ -151,9 +155,9 @@
         SecureRandom            random) 
         throws InvalidKeyException, InvalidAlgorithmParameterException
     {
-        // BEGIN android-changed
+        // Android-removed: Unsupported algorithms
+        // if (params != null && !(params instanceof MQVParameterSpec || params instanceof UserKeyingMaterialSpec))
         if (params != null && !(params instanceof UserKeyingMaterialSpec))
-        // END android-changed
         {
             throw new InvalidAlgorithmParameterException("No algorithm parameters supported");
         }
@@ -163,7 +167,7 @@
 
     protected void engineInit(
         Key             key,
-        SecureRandom    random)
+        SecureRandom    random) 
         throws InvalidKeyException
     {
         initFromKey(key, null);
@@ -172,62 +176,64 @@
     private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec)
         throws InvalidKeyException
     {
-        // BEGIN android-removed
-        // if (agreement instanceof ECMQVBasicAgreement)
-        // {
-        //     mqvParameters = null;
-        //     if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
-        //     {
-        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-        //             + getSimpleName(MQVParameterSpec.class) + " for initialisation");
-        //     }
-        //
-        //     ECPrivateKeyParameters staticPrivKey;
-        //     ECPrivateKeyParameters ephemPrivKey;
-        //     ECPublicKeyParameters ephemPubKey;
-        //     if (key instanceof MQVPrivateKey)
-        //     {
-        //         MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-        //         staticPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-        //         ephemPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-        //
-        //         ephemPubKey = null;
-        //         if (mqvPrivKey.getEphemeralPublicKey() != null)
-        //         {
-        //             ephemPubKey = (ECPublicKeyParameters)
-        //                 ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-        //         }
-        //     }
-        //     else
-        //     {
-        //         MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
-        //
-        //         staticPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter((PrivateKey)key);
-        //         ephemPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
-        //
-        //         ephemPubKey = null;
-        //         if (mqvParameterSpec.getEphemeralPublicKey() != null)
-        //         {
-        //             ephemPubKey = (ECPublicKeyParameters)
-        //                 ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
-        //         }
-        //         mqvParameters = mqvParameterSpec;
-        //         ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
-        //     }
-        //
-        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-        //     this.parameters = staticPrivKey.getParameters();
-        //
-        //     // TODO Validate that all the keys are using the same parameters?
-        //
-        //     agreement.init(localParams);
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (agreement instanceof ECMQVBasicAgreement)
+        {
+            mqvParameters = null;
+            if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
+            {
+                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+                    + getSimpleName(MQVParameterSpec.class) + " for initialisation");
+            }
+
+            ECPrivateKeyParameters staticPrivKey;
+            ECPrivateKeyParameters ephemPrivKey;
+            ECPublicKeyParameters ephemPubKey;
+            if (key instanceof MQVPrivateKey)
+            {
+                MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+                staticPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+                ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+
+                ephemPubKey = null;
+                if (mqvPrivKey.getEphemeralPublicKey() != null)
+                {
+                    ephemPubKey = (ECPublicKeyParameters)
+                        ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+                }
+            }
+            else
+            {
+                MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
+
+                staticPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter((PrivateKey)key);
+                ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
+
+                ephemPubKey = null;
+                if (mqvParameterSpec.getEphemeralPublicKey() != null)
+                {
+                    ephemPubKey = (ECPublicKeyParameters)
+                        ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
+                }
+                mqvParameters = mqvParameterSpec;
+                ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
+            }
+
+            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+            this.parameters = staticPrivKey.getParameters();
+
+            // TODO Validate that all the keys are using the same parameters?
+
+            agreement.init(localParams);
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PrivateKey))
             {
@@ -264,248 +270,250 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class DHC
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHC()
-    //     {
-    //         super("ECDHC", new ECDHCBasicAgreement(), null);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class DHC
+        extends KeyAgreementSpi
+    {
+        public DHC()
+        {
+            super("ECDHC", new ECDHCBasicAgreement(), null);
+        }
+    }
 
-    // public static class MQV
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQV()
-    //     {
-    //         super("ECMQV", new ECMQVBasicAgreement(), null);
-    //     }
-    // }
+    public static class MQV
+        extends KeyAgreementSpi
+    {
+        public MQV()
+        {
+            super("ECMQV", new ECMQVBasicAgreement(), null);
+        }
+    }
 
-    // public static class DHwithSHA1KDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1KDF()
-    //     {
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1KDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1KDF()
+        {
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class CDHwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class CDHwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA1KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class DHwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA224KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class CDHwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class CDHwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA224KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class DHwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class DHwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA256KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class CDHwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class CDHwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA256KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class DHwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class DHwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA384KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class CDHwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class CDHwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA384KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class DHwithSHA512KDFAndSharedInfo
-    //      extends KeyAgreementSpi
-    //  {
-    //      public DHwithSHA512KDFAndSharedInfo()
-    //      {
-    //          super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //      }
-    //  }
+    public static class DHwithSHA512KDFAndSharedInfo
+         extends KeyAgreementSpi
+     {
+         public DHwithSHA512KDFAndSharedInfo()
+         {
+             super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         }
+     }
 
-    //  public static class CDHwithSHA512KDFAndSharedInfo
-    //      extends KeyAgreementSpi
-    //  {
-    //      public CDHwithSHA512KDFAndSharedInfo()
-    //      {
-    //          super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //      }
-    //  }
+     public static class CDHwithSHA512KDFAndSharedInfo
+         extends KeyAgreementSpi
+     {
+         public CDHwithSHA512KDFAndSharedInfo()
+         {
+             super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         }
+     }
 
-    // public static class MQVwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class MQVwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA1KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class MQVwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class MQVwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA224KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class MQVwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class MQVwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA256KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class MQVwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class MQVwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA384KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class MQVwithSHA512KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA512KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
+    public static class MQVwithSHA512KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA512KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+        }
+    }
 
-    // public static class DHwithSHA1CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1CKDF()
-    //     {
-    //         super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1CKDF()
+        {
+            super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA256CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA256CKDF()
-    //     {
-    //         super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class DHwithSHA256CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA256CKDF()
+        {
+            super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class DHwithSHA384CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA384CKDF()
-    //     {
-    //         super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class DHwithSHA384CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA384CKDF()
+        {
+            super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class DHwithSHA512CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA512CKDF()
-    //     {
-    //         super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
+    public static class DHwithSHA512CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA512CKDF()
+        {
+            super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        }
+    }
 
-    // public static class MQVwithSHA1CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA1CKDF()
-    //     {
-    //         super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class MQVwithSHA1CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA1CKDF()
+        {
+            super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class MQVwithSHA224CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA224CKDF()
-    //     {
-    //         super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class MQVwithSHA224CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA224CKDF()
+        {
+            super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class MQVwithSHA256CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA256CKDF()
-    //     {
-    //         super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class MQVwithSHA256CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA256CKDF()
+        {
+            super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class MQVwithSHA384CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA384CKDF()
-    //     {
-    //         super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class MQVwithSHA384CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA384CKDF()
+        {
+            super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class MQVwithSHA512CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA512CKDF()
-    //     {
-    //         super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
-    // END android-removed
+    public static class MQVwithSHA512CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA512CKDF()
+        {
+            super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
index a749f11..431b6bd 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
@@ -208,16 +208,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class ECGOST3410
-    //     extends KeyFactorySpi
-    // {
-    //     public ECGOST3410()
-    //     {
-    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    public static class ECGOST3410
+        extends KeyFactorySpi
+    {
+        public ECGOST3410()
+        {
+            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     public static class ECDH
         extends KeyFactorySpi
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
index 5f8a901..794ca97 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
@@ -43,9 +43,10 @@
         ECKeyGenerationParameters   param;
         ECKeyPairGenerator          engine = new ECKeyPairGenerator();
         Object                      ecParams = null;
-        // BEGIN android-changed
+        // Android-changed: Use 256-bit keys by default.
+        // 239-bit keys (the Bouncy Castle default) are less widely-supported than 256-bit ones,
+        // so we've changed the default strength to 256 for increased compatibility
         int                         strength = 256;
-        // BEGIN android-changed
         int                         certainty = 50;
         SecureRandom                random = new SecureRandom();
         boolean                     initialised = false;
@@ -87,13 +88,13 @@
             SecureRandom    random)
         {
             this.strength = strength;
-            // BEGIN android-added
+            // BEGIN Android-changed: Don't override this.random with null.
+            // Passing null just means to use a default random, which this.random is already
+            // initialized to, so just use that
             if (random != null) {
-            // END android-added
-            this.random = random;
-            // BEGIN android-added
+                this.random = random;
             }
-            // END android-added
+            // END Android-changed: Don't override this.random with null.
 
             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
             if (ecParams == null)
@@ -116,11 +117,11 @@
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
-            // BEGIN android-added
+            // BEGIN Android-added: Use existing SecureRandom if none is provided.
             if (random == null) {
                 random = this.random;
             }
-            // END android-added
+            // END Android-added: Use existing SecureRandom if none is provided.
             if (params == null)
             {
                 ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();
@@ -288,4 +289,4 @@
             super("ECMQV", BouncyCastleProvider.CONFIGURATION);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
index 46aeec7..93f9d16 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
@@ -16,19 +16,18 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.signers.ECNRSigner;
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// END Android-removed: Unsupported algorithms
+// BEGIN Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
@@ -74,22 +73,24 @@
     {
         public ecDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA
+        extends SignatureSpi
+    {
+        public ecDetDSA()
+        {
+            super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSAnone
         extends SignatureSpi
@@ -105,267 +106,276 @@
     {
         public ecDSA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA224(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA224
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA224
+        extends SignatureSpi
+    {
+        public ecDetDSA224()
+        {
+            super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA256
         extends SignatureSpi
     {
         public ecDSA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA256
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA256
+        extends SignatureSpi
+    {
+        public ecDetDSA256()
+        {
+            super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA384
         extends SignatureSpi
     {
         public ecDSA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA384(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA384
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA384
+        extends SignatureSpi
+    {
+        public ecDetDSA384()
+        {
+            super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+
     static public class ecDSA512
         extends SignatureSpi
     {
         public ecDSA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA512(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA512
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class ecDetDSA512
+        extends SignatureSpi
+    {
+        public ecDetDSA512()
+        {
+            super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_224
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_224
+        extends SignatureSpi
+    {
+        public ecDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_224
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_224
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_256
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_256
+        extends SignatureSpi
+    {
+        public ecDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_256
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_256
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_384
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_384
+        extends SignatureSpi
+    {
+        public ecDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_384
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_384
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_512
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_512
+        extends SignatureSpi
+    {
+        public ecDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_512
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_512
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSARipeMD160
-    //     extends SignatureSpi
-    // {
-    //     public ecDSARipeMD160()
-    //     {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSARipeMD160
+        extends SignatureSpi
+    {
+        public ecDSARipeMD160()
+        {
+            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR
-    //     extends SignatureSpi
-    // {
-    //     public ecNR()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR
+        extends SignatureSpi
+    {
+        public ecNR()
+        {
+            super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR224
-    //     extends SignatureSpi
-    // {
-    //     public ecNR224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR224
+        extends SignatureSpi
+    {
+        public ecNR224()
+        {
+            super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR256
-    //     extends SignatureSpi
-    // {
-    //     public ecNR256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR256
+        extends SignatureSpi
+    {
+        public ecNR256()
+        {
+            super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR384
-    //     extends SignatureSpi
-    // {
-    //     public ecNR384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR384
+        extends SignatureSpi
+    {
+        public ecNR384()
+        {
+            super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR512
-    //     extends SignatureSpi
-    // {
-    //     public ecNR512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR512
+        extends SignatureSpi
+    {
+        public ecNR512()
+        {
+            super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA
+        extends SignatureSpi
+    {
+        public ecCVCDSA()
+        {
+            super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA224
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA224
+        extends SignatureSpi
+    {
+        public ecCVCDSA224()
+        {
+            super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA256
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA256
+        extends SignatureSpi
+    {
+        public ecCVCDSA256()
+        {
+            super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA384
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA384
+        extends SignatureSpi
+    {
+        public ecCVCDSA384()
+        {
+            super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA512
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA512
+        extends SignatureSpi
+    {
+        public ecCVCDSA512()
+        {
+            super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecPlainDSARP160
-    //     extends SignatureSpi
-    // {
-    //     public ecPlainDSARP160()
-    //     {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    static public class ecPlainDSARP160
+        extends SignatureSpi
+    {
+        public ecPlainDSARP160()
+        {
+            super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     private static class StdDSAEncoder
         implements DSAEncoder
@@ -406,68 +416,70 @@
         }
     }
 
-    // BEGIN android-removed
-    // private static class PlainDSAEncoder
-    //     implements DSAEncoder
-    // {
-    //     public byte[] encode(
-    //         BigInteger r,
-    //         BigInteger s)
-    //         throws IOException
-    //     {
-    //         byte[] first = makeUnsigned(r);
-    //         byte[] second = makeUnsigned(s);
-    //         byte[] res;
-    //
-    //         if (first.length > second.length)
-    //         {
-    //             res = new byte[first.length * 2];
-    //         }
-    //         else
-    //         {
-    //             res = new byte[second.length * 2];
-    //         }
-    //
-    //         System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
-    //         System.arraycopy(second, 0, res, res.length - second.length, second.length);
-    //
-    //         return res;
-    //     }
-    //
-    //
-    //     private byte[] makeUnsigned(BigInteger val)
-    //     {
-    //         byte[] res = val.toByteArray();
-    //
-    //         if (res[0] == 0)
-    //         {
-    //             byte[] tmp = new byte[res.length - 1];
-    //
-    //             System.arraycopy(res, 1, tmp, 0, tmp.length);
-    //
-    //             return tmp;
-    //         }
-    //
-    //         return res;
-    //     }
-    //
-    //     public BigInteger[] decode(
-    //         byte[] encoding)
-    //         throws IOException
-    //     {
-    //         BigInteger[] sig = new BigInteger[2];
-    //
-    //         byte[] first = new byte[encoding.length / 2];
-    //         byte[] second = new byte[encoding.length / 2];
-    //
-    //         System.arraycopy(encoding, 0, first, 0, first.length);
-    //         System.arraycopy(encoding, first.length, second, 0, second.length);
-    //
-    //         sig[0] = new BigInteger(1, first);
-    //         sig[1] = new BigInteger(1, second);
-    //
-    //         return sig;
-    //     }
-    // }
-    // END android-removed
-}
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    private static class PlainDSAEncoder
+        implements DSAEncoder
+    {
+        public byte[] encode(
+            BigInteger r,
+            BigInteger s)
+            throws IOException
+        {
+            byte[] first = makeUnsigned(r);
+            byte[] second = makeUnsigned(s);
+            byte[] res;
+
+            if (first.length > second.length)
+            {
+                res = new byte[first.length * 2];
+            }
+            else
+            {
+                res = new byte[second.length * 2];
+            }
+
+            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+            System.arraycopy(second, 0, res, res.length - second.length, second.length);
+
+            return res;
+        }
+
+
+        private byte[] makeUnsigned(BigInteger val)
+        {
+            byte[] res = val.toByteArray();
+
+            if (res[0] == 0)
+            {
+                byte[] tmp = new byte[res.length - 1];
+
+                System.arraycopy(res, 1, tmp, 0, tmp.length);
+
+                return tmp;
+            }
+
+            return res;
+        }
+
+        public BigInteger[] decode(
+            byte[] encoding)
+            throws IOException
+        {
+            BigInteger[] sig = new BigInteger[2];
+
+            byte[] first = new byte[encoding.length / 2];
+            byte[] second = new byte[encoding.length / 2];
+
+            System.arraycopy(encoding, 0, first, 0, first.length);
+            System.arraycopy(encoding, first.length, second, 0, second.length);
+
+            sig[0] = new BigInteger(1, first);
+            sig[1] = new BigInteger(1, second);
+
+            return sig;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+}
\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
index c98b764..b7966ef 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
@@ -26,9 +26,8 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-// END android-removed
 import org.bouncycastle.crypto.encodings.OAEPEncoding;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
@@ -36,14 +35,18 @@
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi;
 import org.bouncycastle.jcajce.provider.util.BadBlockException;
 import org.bouncycastle.jcajce.provider.util.DigestFactory;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.Strings;
 
 public class CipherSpi
     extends BaseCipherSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private AsymmetricBlockCipher cipher;
     private AlgorithmParameterSpec paramSpec;
@@ -203,12 +206,12 @@
         {
             cipher = new PKCS1Encoding(new RSABlindedEngine());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // else if (pad.equals("ISO9796-1PADDING"))
         // {
         //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithm
         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
@@ -237,27 +240,29 @@
         {
             initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT));
         }
-        // BEGIN android-removed
-        // else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
-             throw new NoSuchPaddingException(padding + " unavailable with RSA.");
+            throw new NoSuchPaddingException(padding + " unavailable with RSA.");
         }
     }
 
@@ -562,50 +567,52 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class PKCS1v1_5Padding
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding()
-    //     {
-    //         super(new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class PKCS1v1_5Padding_PrivateOnly
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding_PrivateOnly()
-    //     {
-    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class PKCS1v1_5Padding_PublicOnly
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding_PublicOnly()
-    //     {
-    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class OAEPPadding
-    //     extends CipherSpi
-    // {
-    //     public OAEPPadding()
-    //     {
-    //         super(OAEPParameterSpec.DEFAULT);
-    //     }
-    // }
-    //
-    // static public class ISO9796d1Padding
-    //     extends CipherSpi
-    // {
-    //     public ISO9796d1Padding()
-    //     {
-    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class PKCS1v1_5Padding
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding()
+        {
+            super(new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class PKCS1v1_5Padding_PrivateOnly
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding_PrivateOnly()
+        {
+            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class PKCS1v1_5Padding_PublicOnly
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding_PublicOnly()
+        {
+            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class OAEPPadding
+        extends CipherSpi
+    {
+        public OAEPPadding()
+        {
+            super(OAEPParameterSpec.DEFAULT);
+        }
+    }
+    
+    static public class ISO9796d1Padding
+        extends CipherSpi
+    {
+        public ISO9796d1Padding()
+        {
+            super(new ISO9796d1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
index 1e4d854..5c2f1df 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
@@ -17,30 +17,25 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DigestInfo;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
 // import org.bouncycastle.crypto.digests.NullDigest;
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DigestSignatureSpi
@@ -258,9 +253,9 @@
     {
         public SHA1()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(OIWObjectIdentifiers.idSHA1, DigestFactory.createSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
             super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -269,9 +264,9 @@
     {
         public SHA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha224, DigestFactory.createSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha224, AndroidDigestFactory.getSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -280,9 +275,9 @@
     {
         public SHA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha256, DigestFactory.createSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -291,9 +286,9 @@
     {
         public SHA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha384, DigestFactory.createSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -302,132 +297,136 @@
     {
         public SHA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha512, DigestFactory.createSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class SHA512_224
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA512_224()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class SHA512_224
+        extends DigestSignatureSpi
+    {
+        public SHA512_224()
+        {
+            super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA512_256
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA512_256()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA512_256
+        extends DigestSignatureSpi
+    {
+        public SHA512_256()
+        {
+            super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_224
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_224()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_224
+        extends DigestSignatureSpi
+    {
+        public SHA3_224()
+        {
+            super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_256
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_256()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_256
+        extends DigestSignatureSpi
+    {
+        public SHA3_256()
+        {
+            super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_384
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_384()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_384
+        extends DigestSignatureSpi
+    {
+        public SHA3_384()
+        {
+            super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_512
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_512()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_512
+        extends DigestSignatureSpi
+    {
+        public SHA3_512()
+        {
+            super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class MD2
-    //     extends DigestSignatureSpi
-    // {
-    //     public MD2()
-    //     {
-    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class MD2
+        extends DigestSignatureSpi
+    {
+        public MD2()
+        {
+            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class MD4
-    //     extends DigestSignatureSpi
-    // {
-    //     public MD4()
-    //     {
-    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    static public class MD4
+        extends DigestSignatureSpi
+    {
+        public MD4()
+        {
+            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class MD5
         extends DigestSignatureSpi
     {
         public MD5()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(PKCSObjectIdentifiers.md5, DigestFactory.createMD5(), new PKCS1Encoding(new RSABlindedEngine()));
             super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class RIPEMD160
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD160()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class RIPEMD128
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD128()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class RIPEMD256
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD256()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class noneRSA
-    //     extends DigestSignatureSpi
-    // {
-    //     public noneRSA()
-    //     {
-    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class RIPEMD160
+        extends DigestSignatureSpi
+    {
+        public RIPEMD160()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class RIPEMD128
+        extends DigestSignatureSpi
+    {
+        public RIPEMD128()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class RIPEMD256
+        extends DigestSignatureSpi
+    {
+        public RIPEMD256()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class noneRSA
+        extends DigestSignatureSpi
+    {
+        public noneRSA()
+        {
+            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
index 4c3089a..a2c9666 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
@@ -43,10 +43,9 @@
         SecureRandom random)
     {
         param = new RSAKeyGenerationParameters(defaultPublicExponent,
-            // BEGIN android-changed
-            // Was: random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
+            // Android-changed: Replace null random with default implementation.
+            // random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
             (random != null) ? random : new SecureRandom(), strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
-            // END android-changed
 
         engine.init(param);
     }
@@ -64,10 +63,9 @@
 
         param = new RSAKeyGenerationParameters(
             rsaParams.getPublicExponent(),
-            // BEGIN android-changed
-            // Was: random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
+            // Android-changed: Replace null random with default implementation.
+            // random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
             (random != null) ? random : new SecureRandom(), rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
-            // END android-changed
 
         engine.init(param);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
index 2994e73..f285ac5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
@@ -11,10 +11,9 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -22,10 +21,9 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
-// END android-removed
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
 import org.bouncycastle.util.Integers;
@@ -122,9 +120,8 @@
         nameTable.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedCBC.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedMAC.getId(), "SEED");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithm
         // nameTable.put(CryptoProObjectIdentifiers.gostR28147_gcfb.getId(), "GOST28147");
-        // END android-removed
 
         nameTable.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), "AES");
         nameTable.put(NISTObjectIdentifiers.id_aes128_CCM.getId(), "AES");
@@ -163,12 +160,12 @@
         {
             return "AES";
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // if (algDetails.startsWith(GNUObjectIdentifiers.Serpent.getId()))
         // {
         //     return "Serpent";
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         String name = (String)nameTable.get(Strings.toUpperCase(algDetails));
 
@@ -261,6 +258,7 @@
         }
 
         int    keySize = getKeySize(oidAlgorithm);
+
         if (kdf != null)
         {
             if (keySize < 0)
@@ -269,24 +267,26 @@
             }
             byte[] keyBytes = new byte[keySize / 8];
 
-            // BEGIN android-removed
-            // if (kdf instanceof DHKEKGenerator)
-            // {
-            //     ASN1ObjectIdentifier oid;
-            //     try
-            //     {
-            //         oid = new ASN1ObjectIdentifier(oidAlgorithm);
-            //     }
-            //     catch (IllegalArgumentException e)
-            //     {
-            //         throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
-            //     }
-            //     DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
+            // BEGIN Android-removed: Unsupported algorithm
+            /*
+            if (kdf instanceof DHKEKGenerator)
+            {
+                ASN1ObjectIdentifier oid;
+                try
+                {
+                    oid = new ASN1ObjectIdentifier(oidAlgorithm);
+                }
+                catch (IllegalArgumentException e)
+                {
+                    throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
+                }
+                DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
 
-            //     kdf.init(params);
-            // }
-            // else
-            // END android-removed
+                kdf.init(params);
+            }
+            else
+            */
+            // END Android-removed: Unsupported algorithm
             {
                 KDFParameters params = new KDFParameters(secret, ukmParameters);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
index 602ca74..961e263 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
@@ -18,10 +18,9 @@
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -41,10 +40,9 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private final JcaJceHelper helper = new BCJcaJceHelper();
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
index 3b8a0a6..d67974b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
@@ -47,14 +47,14 @@
             }
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // X9ECParameters c25519 = CustomNamedCurves.getByName("Curve25519");
 
         // customCurves.put(new ECCurve.Fp(
         //     c25519.getCurve().getField().getCharacteristic(),
         //     c25519.getCurve().getA().toBigInteger(),
-        //    c25519.getCurve().getB().toBigInteger()), c25519.getCurve());
-        // END android-removed
+        //     c25519.getCurve().getB().toBigInteger()), c25519.getCurve());
+        // END Android-removed: Unsupported curves
     }
 
     public static ECCurve getCurve(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
index cba154a..39ff397 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
@@ -8,17 +8,15 @@
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
 // import org.bouncycastle.asn1.gm.GMNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
@@ -338,24 +336,26 @@
             {
                 oid = NISTNamedCurves.getOID(name);
             }
-            // BEGIN android-removed
-            // if (oid == null)
-            // {
-            //     oid = TeleTrusTNamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = ECGOST3410NamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = ANSSINamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = GMNamedCurves.getOID(name);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (oid == null)
+            {
+                oid = TeleTrusTNamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = ECGOST3410NamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = ANSSINamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = GMNamedCurves.getOID(name);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return oid;
@@ -398,16 +398,18 @@
             {
                 params = NISTNamedCurves.getByOID(oid);
             }
-            // BEGIN android-removed
-            // if (params == null)
-            // {
-            //     params = TeleTrusTNamedCurves.getByOID(oid);
-            // }
-            // if (params == null)
-            // {
-            //     params = GMNamedCurves.getByOID(oid);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (params == null)
+            {
+                params = TeleTrusTNamedCurves.getByOID(oid);
+            }
+            if (params == null)
+            {
+                params = GMNamedCurves.getByOID(oid);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -429,16 +431,18 @@
             {
                 params = NISTNamedCurves.getByName(curveName);
             }
-            // BEGIN android-removed
-            // if (params == null)
-            // {
-            //     params = TeleTrusTNamedCurves.getByName(curveName);
-            // }
-            // if (params == null)
-            // {
-            //     params = GMNamedCurves.getByName(curveName);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (params == null)
+            {
+                params = TeleTrusTNamedCurves.getByName(curveName);
+            }
+            if (params == null)
+            {
+                params = GMNamedCurves.getByName(curveName);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -456,16 +460,18 @@
             {
                 name = NISTNamedCurves.getName(oid);
             }
-            // BEGIN android-removed
-            // if (name == null)
-            // {
-            //     name = TeleTrusTNamedCurves.getName(oid);
-            // }
-            // if (name == null)
-            // {
-            //     name = ECGOST3410NamedCurves.getName(oid);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (name == null)
+            {
+                name = TeleTrusTNamedCurves.getName(oid);
+            }
+            if (name == null)
+            {
+                name = ECGOST3410NamedCurves.getName(oid);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return name;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
index 58310c7..d5608b9 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
@@ -4,9 +4,8 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-// BEGIN Android-added
+// Android-added: Use PushbackInputStream
 import java.io.PushbackInputStream;
-// END Android-added
 import java.security.cert.CRL;
 import java.security.cert.CRLException;
 import java.security.cert.CertPath;
@@ -217,22 +216,21 @@
             }
             else
             {
-                // BEGIN android-changed
-                // Was: pis = new ByteArrayInputStream(Streams.readAll(in));
-                // Reason: we want {@code in.available()} to return the number of available bytes if
+                // Android-changed: Use PushbackInputStream instead of ByteArrayInputStream.
+                // we want {@code in.available()} to return the number of available bytes if
                 // there is trailing data (otherwise it breaks
                 // libcore.java.security.cert.X509CertificateTest#test_Provider
                 // ). Which is not possible if we read the whole stream at this point.
+                // // pis = new ByteArrayInputStream(Streams.readAll(in));
                 pis = new PushbackInputStream(in);
-                // END android-changed
             }
 
-            // BEGIN android-changed
-            // Was: pis.mark(1);
+            // BEGIN Android-changed: Use PushbackInputStream
+            // pis.mark(1);
             if (in.markSupported()) {
                 pis.mark(1);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             int tag = pis.read();
 
@@ -241,8 +239,8 @@
                 return null;
             }
 
-            // BEGIN android-changdd
-            // Was: pis.reset
+            // BEGIN Android-changed: Use PushbackInputStream
+            // pis.reset
             if (in.markSupported()) {
                 pis.reset();
             }
@@ -250,7 +248,7 @@
             {
                 ((PushbackInputStream) pis).unread(tag);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             if (tag != 0x30)  // assume ascii PEM encoded.
             {
@@ -276,19 +274,17 @@
         throws CertificateException
     {
         java.security.cert.Certificate     cert;
-        // BEGIN android-removed
-        // BufferedInputStream in = new BufferedInputStream(inStream);
-        // Reason: we want {@code in.available()} to return the number of available bytes if
+        // Android-removed: Don't read entire stream immediately.
+        // we want {@code in.available()} to return the number of available bytes if
         // there is trailing data (otherwise it breaks
         // libcore.java.security.cert.X509CertificateTest#test_Provider
         // ). Which is not possible if we read the whole stream at this point.
-        // END android-removed
+        // BufferedInputStream in = new BufferedInputStream(inStream);
         List certs = new ArrayList();
 
-        // BEGIN android-changed
-        // Was: while ((cert = engineGenerateCertificate(in)) != null)
+        // Android-changed: Read from original stream
+        // while ((cert = engineGenerateCertificate(in)) != null)
         while ((cert = engineGenerateCertificate(inStream)) != null)
-        // END android-changed
         {
             certs.add(cert);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
index 8bb4c3a..b72de4c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
@@ -37,9 +37,8 @@
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.io.pem.PemObject;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.io.pem.PemWriter;
-// END android-removed
 
 /**
  * CertPath implementation for X.509 certificates.
@@ -56,9 +55,8 @@
     {
         List encodings = new ArrayList();
         encodings.add("PkiPath");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // encodings.add("PEM");
-        // END android-removed
         encodings.add("PKCS7");
         certPathEncodings = Collections.unmodifiableList(encodings);
     }
@@ -305,29 +303,31 @@
             return toDEREncoded(new ContentInfo(
                     PKCSObjectIdentifiers.signedData, sd));
         }
-        // BEGIN android-removed
-        // else if (encoding.equalsIgnoreCase("PEM"))
-        // {
-        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-        //
-        //     try
-        //     {
-        //         for (int i = 0; i != certificates.size(); i++)
-        //         {
-        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-        //         }
-        //
-        //         pWrt.close();
-        //     }
-        //     catch (Exception e)
-        //     {
-        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-        //     }
-        //
-        //     return bOut.toByteArray();
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (encoding.equalsIgnoreCase("PEM"))
+        {
+            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
+
+            try
+            {
+                for (int i = 0; i != certificates.size(); i++)
+                {
+                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
+                }
+            
+                pWrt.close();
+            }
+            catch (Exception e)
+            {
+                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
+            }
+
+            return bOut.toByteArray();
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
index 51213d4..bfd7c25 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
@@ -56,9 +56,9 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
-// BEGIN android-added
+// BEGIN Android-added: Unknown reason
 import org.bouncycastle.asn1.x509.X509Name;
-// END android-added
+// END Android-added: Unknown reason
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.X509Principal;
@@ -542,20 +542,19 @@
         }
     }
 
-    // BEGIN android-changed
+    // Android-added: Cache the encoded certificate
     private byte[] encoded;
-    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            // BEGIN android-changed
+            // BEGIN Android-changed: Cache the encoded certificate
             if (encoded == null) {
                 encoded = c.getEncoded(ASN1Encoding.DER);
             }
             return encoded;
-            // END android-changed
+            // END Android-changed: Cache the encoded certificate
         }
         catch (IOException e)
         {
@@ -879,9 +878,9 @@
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    // BEGIN android-changed
+                    // Android-changed: Unknown reason
+                    // list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
                     list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-                    // END android-changed
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
index 35e0318..17a5462 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
@@ -5,12 +5,6 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA1Digest;
-// BEGIN ANDROID-ADDED
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-// END ANDROID-ADDED
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
index e129db4..af375c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -45,19 +45,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithHmacSHA
-    //  */
-    // public static class PBEWithMacKeyFactory
-    //     extends PBESecretKeyFactory
-    // {
-    //     public PBEWithMacKeyFactory()
-    //     {
-    //         super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithHmacSHA
+     *
+    public static class PBEWithMacKeyFactory
+        extends PBESecretKeyFactory
+    {
+        public PBEWithMacKeyFactory()
+        {
+            super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA256
@@ -86,11 +88,11 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA256", PREFIX + "$HashMac");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
index f2fb6d3..8bddcb2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -5,9 +5,8 @@
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -59,16 +58,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class OldSHA384
-    //     extends BaseMac
-    // {
-    //     public OldSHA384()
-    //     {
-    //         super(new OldHMac(new SHA384Digest()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class OldSHA384
+        extends BaseMac
+    {
+        public OldSHA384()
+        {
+            super(new OldHMac(new SHA384Digest()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -84,9 +85,8 @@
             provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest");
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
-            // END android-removed
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA384", PREFIX + "$HashMac");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
index 9433a81..589e26a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -4,13 +4,11 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA512Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA512tDigest;
-// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -41,44 +39,46 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class DigestT
-    //     extends BCMessageDigest
-    //     implements Cloneable
-    // {
-    //     public DigestT(int bitLength)
-    //     {
-    //         super(new SHA512tDigest(bitLength));
-    //     }
-    //
-    //     public Object clone()
-    //         throws CloneNotSupportedException
-    //     {
-    //         DigestT d = (DigestT)super.clone();
-    //         d.digest = new SHA512tDigest((SHA512tDigest)digest);
-    //
-    //         return d;
-    //     }
-    // }
-    //
-    // static public class DigestT224
-    //     extends DigestT
-    // {
-    //     public DigestT224()
-    //     {
-    //         super(224);
-    //     }
-    // }
-    //
-    // static public class DigestT256
-    //     extends DigestT
-    // {
-    //     public DigestT256()
-    //     {
-    //         super(256);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class DigestT
+        extends BCMessageDigest
+        implements Cloneable
+    {
+        public DigestT(int bitLength)
+        {
+            super(new SHA512tDigest(bitLength));
+        }
+
+        public Object clone()
+            throws CloneNotSupportedException
+        {
+            DigestT d = (DigestT)super.clone();
+            d.digest = new SHA512tDigest((SHA512tDigest)digest);
+
+            return d;
+        }
+    }
+
+    static public class DigestT224
+        extends DigestT
+    {
+        public DigestT224()
+        {
+            super(224);
+        }
+    }
+
+    static public class DigestT256
+        extends DigestT
+    {
+        public DigestT256()
+        {
+            super(256);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class HashMac
         extends BaseMac
@@ -89,37 +89,39 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class HashMacT224
-    //     extends BaseMac
-    // {
-    //     public HashMacT224()
-    //     {
-    //         super(new HMac(new SHA512tDigest(224)));
-    //     }
-    // }
-    //
-    // public static class HashMacT256
-    //     extends BaseMac
-    // {
-    //     public HashMacT256()
-    //     {
-    //         super(new HMac(new SHA512tDigest(256)));
-    //     }
-    // }
-    //
-    // /**
-    //  * SHA-512 HMac
-    //  */
-    // public static class OldSHA512
-    //     extends BaseMac
-    // {
-    //     public OldSHA512()
-    //     {
-    //         super(new OldHMac(new SHA512Digest()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class HashMacT224
+        extends BaseMac
+    {
+        public HashMacT224()
+        {
+            super(new HMac(new SHA512tDigest(224)));
+        }
+    }
+
+    public static class HashMacT256
+        extends BaseMac
+    {
+        public HashMacT256()
+        {
+            super(new HMac(new SHA512tDigest(256)));
+        }
+    }
+
+    /**
+     * SHA-512 HMac
+     *
+    public static class OldSHA512
+        extends BaseMac
+    {
+        public OldSHA512()
+        {
+            super(new OldHMac(new SHA512Digest()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA512
@@ -133,25 +135,27 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class KeyGeneratorT224
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGeneratorT224()
-    //     {
-    //         super("HMACSHA512/224", 224, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // public static class KeyGeneratorT256
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGeneratorT256()
-    //     {
-    //         super("HMACSHA512/256", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class KeyGeneratorT224
+        extends BaseKeyGenerator
+    {
+        public KeyGeneratorT224()
+        {
+            super("HMACSHA512/224", 224, new CipherKeyGenerator());
+        }
+    }
+
+    public static class KeyGeneratorT256
+        extends BaseKeyGenerator
+    {
+        public KeyGeneratorT256()
+        {
+            super("HMACSHA512/256", 256, new CipherKeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -168,27 +172,29 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
-            //
-            // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
-            //
-            // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
+
+            provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
+
+            provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA512", PREFIX + "$HashMac");
 
             addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
             // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
index 9711426..5bc0aa8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
@@ -17,9 +17,8 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
-            // END android-removed
             provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore");
             provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle");
             provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
index 1d4e146..4dc856d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
@@ -17,16 +17,18 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            //
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
-            //
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
+    
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
index 0640669..85365b7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
@@ -48,7 +48,9 @@
 import org.bouncycastle.crypto.io.MacInputStream;
 import org.bouncycastle.crypto.io.MacOutputStream;
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -92,7 +94,9 @@
 
     protected int              version;
 
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     public BcKeyStoreSpi(int version)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 106f75b..efeaa9a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -64,10 +64,9 @@
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
@@ -90,17 +89,17 @@
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
-// Was: import org.bouncycastle.crypto.digests.SHA1Digest
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12StoreParameter;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-// END android-removed
 import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -115,7 +114,9 @@
     extends KeyStoreSpi
     implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private static final int SALT_SIZE = 20;
     private static final int MIN_ITERATIONS = 1024;
@@ -233,6 +234,8 @@
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
+        // Android-changed: Use Android digests
+        // Digest digest = DigestFactory.createSHA1();
         Digest digest = AndroidDigestFactory.getSHA1();
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
@@ -758,15 +761,17 @@
         {
             cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
         }
-        // BEGIN android-removed
-        // else
-        // {
-        //     // TODO: at the moment it's just GOST, but...
-        //     GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
-        //
-        //     cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else
+        {
+            // TODO: at the moment it's just GOST, but...
+            GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
+
+            cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         return cipher;
     }
 
@@ -1718,33 +1723,36 @@
             super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
         }
     }
-    // BEGIN android-removed
-    // public static class BCPKCS12KeyStore3DES
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public BCPKCS12KeyStore3DES()
-    //     {
-    //         super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-    //     }
-    // }
-    // 
-    // public static class DefPKCS12KeyStore
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public DefPKCS12KeyStore()
-    //     {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-    //     }
-    // }
-    // 
-    // public static class DefPKCS12KeyStore3DES
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public DefPKCS12KeyStore3DES()
-    //     {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-    //     }
-    // }
+
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class BCPKCS12KeyStore3DES
+        extends PKCS12KeyStoreSpi
+    {
+        public BCPKCS12KeyStore3DES()
+        {
+            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        }
+    }
+
+    public static class DefPKCS12KeyStore
+        extends PKCS12KeyStoreSpi
+    {
+        public DefPKCS12KeyStore()
+        {
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+        }
+    }
+
+    public static class DefPKCS12KeyStore3DES
+        extends PKCS12KeyStoreSpi
+    {
+        public DefPKCS12KeyStore3DES()
+        {
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        }
+    }
+    */
     // END android-removed
 
     private static class IgnoresCaseHashtable
@@ -1818,9 +1826,8 @@
             keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192));
             keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256));
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256));
-            // END android-removed
 
             KEY_SIZES = Collections.unmodifiableMap(keySizes);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
index f118e5c..e0669d2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -1,13 +1,11 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
 import java.io.IOException;
-// BEGIN android-added
+// BEGIN Android-added: Needed for setting mode with GCM
 import java.security.NoSuchAlgorithmException;
-// END android-added
-// BEGIN android-removed
-// import java.security.AlgorithmParameters;
-// import java.security.InvalidAlgorithmParameterException;
-// END android-removed
+// END Android-added: Needed for setting mode with GCM
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
@@ -16,13 +14,12 @@
 
 import javax.crypto.spec.IvParameterSpec;
 
-// BEGIN android-added
+// BEGIN Android-added: Needed for setting padding with GCM
 import javax.crypto.NoSuchPaddingException;
-// END android-added
+// END Android-added: Needed for setting padding with GCM
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.CCMParameters;
-// END android-removed
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.crypto.BlockCipher;
@@ -34,32 +31,28 @@
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.engines.AESWrapEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.AESWrapPadEngine;
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
 // import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
 // import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 // import org.bouncycastle.crypto.macs.CMac;
 // import org.bouncycastle.crypto.macs.GMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.CCMBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
@@ -130,7 +123,7 @@
         public GCM()
         {
             super(new GCMBlockCipher(new AESEngine()));
-            // BEGIN android-added
+            // BEGIN Android-added: Set mode and padding due to name change (see note in Mappings)
             try {
                 engineSetMode("GCM");
                 engineSetPadding("NoPadding");
@@ -138,130 +131,132 @@
                 // this should not be possible
                 throw new RuntimeException("Could not set mode or padding for GCM mode", e);
             }
-            // END android-added
+            // END Android-added: Set mode and padding due to name change (see note in Mappings)
         }
     }
 
-    // BEGIN android-removed
-    // static public class CCM
-    //     extends BaseBlockCipher
-    // {
-    //     public CCM()
-    //     {
-    //         super(new CCMBlockCipher(new AESEngine()), false, 16);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CCM
+        extends BaseBlockCipher
+    {
+        public CCM()
+        {
+            super(new CCMBlockCipher(new AESEngine()), false, 16);
+        }
+    }
 
-    // public static class AESCMAC
-    //     extends BaseMac
-    // {
-    //     public AESCMAC()
-    //     {
-    //         super(new CMac(new AESEngine()));
-    //     }
-    // }
+    public static class AESCMAC
+        extends BaseMac
+    {
+        public AESCMAC()
+        {
+            super(new CMac(new AESEngine()));
+        }
+    }
 
-    // public static class AESGMAC
-    //     extends BaseMac
-    // {
-    //     public AESGMAC()
-    //     {
-    //         super(new GMac(new GCMBlockCipher(new AESEngine())));
-    //     }
-    // }
+    public static class AESGMAC
+        extends BaseMac
+    {
+        public AESGMAC()
+        {
+            super(new GMac(new GCMBlockCipher(new AESEngine())));
+        }
+    }
 
-    // public static class AESCCMMAC
-    //     extends BaseMac
-    // {
-    //     public AESCCMMAC()
-    //     {
-    //         super(new CCMMac());
-    //     }
+    public static class AESCCMMAC
+        extends BaseMac
+    {
+        public AESCCMMAC()
+        {
+            super(new CCMMac());
+        }
 
-    //     private static class CCMMac
-    //         implements Mac
-    //     {
-    //         private final CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
+        private static class CCMMac
+            implements Mac
+        {
+            private final CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
 
-    //         private int macLength = 8;
+            private int macLength = 8;
 
-    //         public void init(CipherParameters params)
-    //             throws IllegalArgumentException
-    //         {
-    //             ccm.init(true, params);
+            public void init(CipherParameters params)
+                throws IllegalArgumentException
+            {
+                ccm.init(true, params);
 
-    //             this.macLength = ccm.getMac().length;
-    //         }
+                this.macLength = ccm.getMac().length;
+            }
 
-    //         public String getAlgorithmName()
-    //         {
-    //             return ccm.getAlgorithmName() + "Mac";
-    //         }
+            public String getAlgorithmName()
+            {
+                return ccm.getAlgorithmName() + "Mac";
+            }
 
-    //         public int getMacSize()
-    //         {
-    //             return macLength;
-    //         }
+            public int getMacSize()
+            {
+                return macLength;
+            }
 
-    //         public void update(byte in)
-    //             throws IllegalStateException
-    //         {
-    //             ccm.processAADByte(in);
-    //         }
+            public void update(byte in)
+                throws IllegalStateException
+            {
+                ccm.processAADByte(in);
+            }
 
-    //         public void update(byte[] in, int inOff, int len)
-    //             throws DataLengthException, IllegalStateException
-    //         {
-    //             ccm.processAADBytes(in, inOff, len);
-    //         }
+            public void update(byte[] in, int inOff, int len)
+                throws DataLengthException, IllegalStateException
+            {
+                ccm.processAADBytes(in, inOff, len);
+            }
 
-    //         public int doFinal(byte[] out, int outOff)
-    //             throws DataLengthException, IllegalStateException
-    //         {
-    //             try
-    //             {
-    //                 return ccm.doFinal(out, 0);
-    //             }
-    //             catch (InvalidCipherTextException e)
-    //             {
-    //                 throw new IllegalStateException("exception on doFinal(): " + e.toString());
-    //             }
-    //         }
+            public int doFinal(byte[] out, int outOff)
+                throws DataLengthException, IllegalStateException
+            {
+                try
+                {
+                    return ccm.doFinal(out, 0);
+                }
+                catch (InvalidCipherTextException e)
+                {
+                    throw new IllegalStateException("exception on doFinal(): " + e.toString());
+                }
+            }
 
-    //         public void reset()
-    //         {
-    //             ccm.reset();
-    //         }
-    //     }
-    // }
+            public void reset()
+            {
+                ccm.reset();
+            }
+        }
+    }
 
-    // static public class KeyFactory
-    //      extends BaseSecretKeyFactory
-    // {
-    //     public KeyFactory()
-    //     {
-    //         super("AES", null);
-    //     }
-    // }
+    static public class KeyFactory
+         extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("AES", null);
+        }
+    }
 
-    // public static class Poly1305
-    //     extends BaseMac
-    // {
-    //     public Poly1305()
-    //     {
-    //         super(new org.bouncycastle.crypto.macs.Poly1305(new AESEngine()));
-    //     }
-    // }
+    public static class Poly1305
+        extends BaseMac
+    {
+        public Poly1305()
+        {
+            super(new org.bouncycastle.crypto.macs.Poly1305(new AESEngine()));
+        }
+    }
 
-    // public static class Poly1305KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public Poly1305KeyGen()
-    //     {
-    //         super("Poly1305-AES", 256, new Poly1305KeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    public static class Poly1305KeyGen
+        extends BaseKeyGenerator
+    {
+        public Poly1305KeyGen()
+        {
+            super("Poly1305-AES", 256, new Poly1305KeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class Wrap
         extends BaseWrapCipher
@@ -272,34 +267,36 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class WrapPad
-    //         extends BaseWrapCipher
-    // {
-    //     public WrapPad()
-    //     {
-    //         super(new AESWrapPadEngine());
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class WrapPad
+        extends BaseWrapCipher
+    {
+        public WrapPad()
+        {
+            super(new AESWrapPadEngine());
+        }
+    }
 
-    // public static class RFC3211Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211Wrap()
-    //     {
-    //         super(new RFC3211WrapEngine(new AESEngine()), 16);
-    //     }
-    // }
+    public static class RFC3211Wrap
+        extends BaseWrapCipher
+    {
+        public RFC3211Wrap()
+        {
+            super(new RFC3211WrapEngine(new AESEngine()), 16);
+        }
+    }
 
-    // public static class RFC5649Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC5649Wrap()
-    //     {
-    //         super(new RFC5649WrapEngine(new AESEngine()));
-    //     }
-    // }
-    // END android-removed
+    public static class RFC5649Wrap
+        extends BaseWrapCipher
+    {
+        public RFC5649Wrap()
+        {
+            super(new RFC5649WrapEngine(new AESEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithAES-CBC
@@ -378,9 +375,12 @@
     {
         public KeyGen()
         {
-            // BEGIN android-changed
+            // Android-changed: Use 128-bit keys by default.
+            // Bouncy Castle defaults to 192-bit keys, which is the worst choice: worse security
+            // than 256-bit keys, slower than 128-bit keys, narrower support than either.
+            // Use 128-bit keys by default since they're faster and should still be plenty secure.
+            // this(192);
             this(128);
-            // END android-changed
         }
 
         public KeyGen(int keySize)
@@ -389,34 +389,36 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class KeyGen128
-    //     extends KeyGen
-    // {
-    //     public KeyGen128()
-    //     {
-    //         super(128);
-    //     }
-    // }
-    //
-    // public static class KeyGen192
-    //     extends KeyGen
-    // {
-    //     public KeyGen192()
-    //     {
-    //         super(192);
-    //     }
-    // }
-    //
-    // public static class KeyGen256
-    //     extends KeyGen
-    // {
-    //     public KeyGen256()
-    //     {
-    //         super(256);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class KeyGen128
+        extends KeyGen
+    {
+        public KeyGen128()
+        {
+            super(128);
+        }
+    }
+
+    public static class KeyGen192
+        extends KeyGen
+    {
+        public KeyGen192()
+        {
+            super(192);
+        }
+    }
+
+    public static class KeyGen256
+        extends KeyGen
+    {
+        public KeyGen256()
+        {
+            super(256);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
     
     /**
      * PBEWithSHA1And128BitAES-BC
@@ -525,124 +527,126 @@
             super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
         }
     }
+    
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[16];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[16];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(iv);
 
-    //         random.nextBytes(iv);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("AES");
+                params.init(new IvParameterSpec(iv));
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("AES");
-    //             params.init(new IvParameterSpec(iv));
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            return params;
+        }
+    }
 
-    //         return params;
-    //     }
-    // }
+    public static class AlgParamGenCCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            // TODO: add support for GCMParameterSpec as a template.
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // public static class AlgParamGenCCM
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         // TODO: add support for GCMParameterSpec as a template.
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[12];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[12];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(iv);
 
-    //         random.nextBytes(iv);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("CCM");
+                params.init(new CCMParameters(iv, 12).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("CCM");
-    //             params.init(new CCMParameters(iv, 12).getEncoded());
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            return params;
+        }
+    }
 
-    //         return params;
-    //     }
-    // }
+    public static class AlgParamGenGCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            // TODO: add support for GCMParameterSpec as a template.
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // public static class AlgParamGenGCM
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         // TODO: add support for GCMParameterSpec as a template.
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  nonce = new byte[12];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  nonce = new byte[12];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(nonce);
 
-    //         random.nextBytes(nonce);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("GCM");
+                params.init(new GCMParameters(nonce, 16).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("GCM");
-    //             params.init(new GCMParameters(nonce, 16).getEncoded());
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
-
-    //         return params;
-    //     }
-    // }
-    // END android-removed
+            return params;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class AlgParams
         extends IvAlgorithmParameters
@@ -738,92 +742,94 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParamsCCM
-    //     extends BaseAlgorithmParameters
-    // {
-    //     private CCMParameters ccmParams;
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamsCCM
+        extends BaseAlgorithmParameters
+    {
+        private CCMParameters ccmParams;
 
-    //     protected void engineInit(AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (GcmSpecUtil.isGcmSpec(paramSpec))
-    //         {
-    //             ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec));
-    //         }
-    //         else if (paramSpec instanceof AEADParameterSpec)
-    //         {
-    //             ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
-    //         }
-    //         else
-    //         {
-    //             throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
-    //         }
-    //     }
+        protected void engineInit(AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (GcmSpecUtil.isGcmSpec(paramSpec))
+            {
+                ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec));
+            }
+            else if (paramSpec instanceof AEADParameterSpec)
+            {
+                ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
+            }
+            else
+            {
+                throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
+            }
+        }
 
-    //     protected void engineInit(byte[] params)
-    //         throws IOException
-    //     {
-    //         ccmParams = CCMParameters.getInstance(params);
-    //     }
+        protected void engineInit(byte[] params)
+            throws IOException
+        {
+            ccmParams = CCMParameters.getInstance(params);
+        }
 
-    //     protected void engineInit(byte[] params, String format)
-    //         throws IOException
-    //     {
-    //         if (!isASN1FormatString(format))
-    //         {
-    //             throw new IOException("unknown format specified");
-    //         }
+        protected void engineInit(byte[] params, String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
 
-    //         ccmParams = CCMParameters.getInstance(params);
-    //     }
+            ccmParams = CCMParameters.getInstance(params);
+        }
 
-    //     protected byte[] engineGetEncoded()
-    //         throws IOException
-    //     {
-    //         return ccmParams.getEncoded();
-    //     }
+        protected byte[] engineGetEncoded()
+            throws IOException
+        {
+            return ccmParams.getEncoded();
+        }
 
-    //     protected byte[] engineGetEncoded(String format)
-    //         throws IOException
-    //     {
-    //         if (!isASN1FormatString(format))
-    //         {
-    //             throw new IOException("unknown format specified");
-    //         }
+        protected byte[] engineGetEncoded(String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
 
-    //         return ccmParams.getEncoded();
-    //     }
+            return ccmParams.getEncoded();
+        }
 
-    //     protected String engineToString()
-    //     {
-    //         return "CCM";
-    //     }
+        protected String engineToString()
+        {
+            return "CCM";
+        }
 
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
-    //         {
-    //             if (GcmSpecUtil.gcmSpecExists())
-    //             {
-    //                 return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive());
-    //             }
-    //             return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
-    //         }
-    //         if (paramSpec == AEADParameterSpec.class)
-    //         {
-    //             return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
-    //         }
-    //         if (paramSpec == IvParameterSpec.class)
-    //         {
-    //             return new IvParameterSpec(ccmParams.getNonce());
-    //         }
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
+            {
+                if (GcmSpecUtil.gcmSpecExists())
+                {
+                    return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive());
+                }
+                return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+            }
+            if (paramSpec == AEADParameterSpec.class)
+            {
+                return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+            }
+            if (paramSpec == IvParameterSpec.class)
+            {
+                return new IvParameterSpec(ccmParams.getNonce());
+            }
 
-    //         throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
-    //     }
-    // }
-    // END android-removed
+            throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -857,40 +863,45 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-            // END android-removed
+
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.AES", generalAesAttributes);
             provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.AESWRAP", generalAesAttributes);
             provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
@@ -899,81 +910,85 @@
             provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher.AESKW", "AESWRAP");
 
-            // BEGIN android-removed
-            // provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes);
-            // provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD");
-            //
-            // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
-            // provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAttributes("Cipher.CCM", generalAesAttributes);
-            // provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes);
+            provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD");
 
-            // BEGIN android-changed
+            provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAttributes("Cipher.CCM", generalAesAttributes);
+            provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // BEGIN Android-changed: Use standard name for AES/GCM/NOPADDING instead of "GCM"
             provider.addAttributes("Cipher.AES/GCM/NOPADDING", generalAesAttributes);
             provider.addAlgorithm("Cipher.AES/GCM/NOPADDING", PREFIX + "$GCM");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "AES/GCM/NOPADDING");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "AES/GCM/NOPADDING");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "AES/GCM/NOPADDING");
-            // END android-changed
+            // END Android-changed: Use standard name for AES/GCM/NOPADDING instead of "GCM"
 
             provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256");
 
-            // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
 
-            // provider.addAlgorithm("Mac.AESCCMMAC", PREFIX + "$AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes128_CCM.getId(), "AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes192_CCM.getId(), "AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes256_CCM.getId(), "AESCCMMAC");
-            // END android-removed
+            provider.addAlgorithm("Mac.AESCCMMAC", PREFIX + "$AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes128_CCM.getId(), "AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes192_CCM.getId(), "AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes256_CCM.getId(), "AESCCMMAC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher", BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc, "PBEWITHSHAAND128BITAES-CBC-BC");
             provider.addAlgorithm("Alg.Alias.Cipher", BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc, "PBEWITHSHAAND192BITAES-CBC-BC");
@@ -1018,10 +1033,10 @@
             provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC");
             provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.AES", PREFIX + "$KeyFactory");
             // provider.addAlgorithm("SecretKeyFactory", NISTObjectIdentifiers.aes, PREFIX + "$KeyFactory");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL");
@@ -1075,10 +1090,10 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
             // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
index c780d12..d1305cb 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
@@ -29,9 +29,9 @@
     {
         public KeyGen()
         {
-            // BEGIN android-changed
+            // Android-changed: Use ARC4 for algorithm name to match name used in provider
+            // super("RC4", 128, new CipherKeyGenerator());
             super("ARC4", 128, new CipherKeyGenerator());
-            // END android-changed
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
index c0a0949..ebaa5c5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
@@ -3,16 +3,14 @@
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.BlowfishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 
@@ -40,16 +38,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new BlowfishEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new BlowfishEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class KeyGen
         extends BaseKeyGenerator
@@ -80,13 +80,11 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.BLOWFISHCMAC", PREFIX + "$CMAC");
-            // END android-removed
             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
             provider.addAlgorithm("Alg.Alias.KeyGenerator", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, "BLOWFISH");
             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
index 5a4f8cd..de2e548 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
@@ -19,16 +19,14 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
 // import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.DESParameters;
@@ -69,19 +67,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * DES   CFB8
-    //  */
-    // public static class DESCFB8
-    //     extends BaseMac
-    // {
-    //     public DESCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new DESEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * DES   CFB8
+     *
+    public static class DESCFB8
+        extends BaseMac
+    {
+        public DESCFB8()
+        {
+            super(new CFBBlockCipherMac(new DESEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DES64
@@ -116,49 +116,49 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new DESEngine()));
-    //     }
-    // }
-    //
-    // /**
-    //  * DES9797Alg3with7816-4Padding
-    //  */
-    // public static class DES9797Alg3with7816d4
-    //     extends BaseMac
-    // {
-    //     public DES9797Alg3with7816d4()
-    //     {
-    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-    //     }
-    // }
-    //
-    // /**
-    //  * DES9797Alg3
-    //  */
-    // public static class DES9797Alg3
-    //     extends BaseMac
-    // {
-    //     public DES9797Alg3()
-    //     {
-    //         super(new ISO9797Alg3Mac(new DESEngine()));
-    //     }
-    // }
-    //
-    // public static class RFC3211
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211()
-    //     {
-    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new DESEngine()));
+        }
+    }
+
+    /**
+     * DES9797Alg3with7816-4Padding
+     *
+    public static class DES9797Alg3with7816d4
+        extends BaseMac
+    {
+        public DES9797Alg3with7816d4()
+        {
+            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+        }
+    }
+
+    /**
+     * DES9797Alg3
+     *
+    public static class DES9797Alg3
+        extends BaseMac
+    {
+        public DES9797Alg3()
+        {
+            super(new ISO9797Alg3Mac(new DESEngine()));
+        }
+    }
+
+    public static class RFC3211
+        extends BaseWrapCipher
+    {
+        public RFC3211()
+        {
+            super(new RFC3211WrapEngine(new DESEngine()), 8);
+        }
+    }
 
     public static class AlgParamGen
         extends BaseAlgorithmParameterGenerator
@@ -197,6 +197,8 @@
             return params;
         }
     }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DES - the default for this is to generate a key in
@@ -358,19 +360,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndDES
-    //  */
-    // static public class PBEWithMD2KeyFactory
-    //     extends DESPBEKeyFactory
-    // {
-    //     public PBEWithMD2KeyFactory()
-    //     {
-    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndDES
+     *
+    static public class PBEWithMD2KeyFactory
+        extends DESPBEKeyFactory
+    {
+        public PBEWithMD2KeyFactory()
+        {
+            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -396,19 +400,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndDES
-    //  */
-    // static public class PBEWithMD2
-    //     extends BaseBlockCipher
-    // {
-    //     public PBEWithMD2()
-    //     {
-    //         super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndDES
+     *
+    static public class PBEWithMD2
+        extends BaseBlockCipher
+    {
+        public PBEWithMD2()
+        {
+            super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -448,81 +454,80 @@
         {
 
             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-            //
-            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-            //
-            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
+
+            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
+
+            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
 
             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-            //
-            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-            //
-            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-            //
-            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            //
-            // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-            //
-            // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-            // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
+            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
+
+            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
+            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+
+            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
+            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
+
+            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+
+            provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+
+            provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+            provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters", OIWObjectIdentifiers.desCBC, "DES");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
             //
             // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
             provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5");
             provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1");
             
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // BEGIN android-removed
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // END android-removed
+            // Android-removed: Unsupported algorithms
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
index c89fe34..9b2e57b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
@@ -1,21 +1,18 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.AlgorithmParameters;
 // import java.security.InvalidAlgorithmParameterException;
-// END android-removed
 import java.security.SecureRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.spec.AlgorithmParameterSpec;
-// END android-removed
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.IvParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -23,21 +20,18 @@
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -69,19 +63,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * DESede   CFB8
-    //  */
-    // public static class DESedeCFB8
-    //     extends BaseMac
-    // {
-    //     public DESedeCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new DESedeEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * DESede   CFB8
+     *
+    public static class DESedeCFB8
+        extends BaseMac
+    {
+        public DESedeCFB8()
+        {
+            super(new CFBBlockCipherMac(new DESedeEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DESede64
@@ -106,7 +102,7 @@
             super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
         }
     }
-
+    
     public static class CBCMAC
         extends BaseMac
     {
@@ -116,16 +112,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new DESedeEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new DESedeEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Wrap
         extends BaseWrapCipher
@@ -136,16 +134,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class RFC3211
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211()
-    //     {
-    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class RFC3211
+        extends BaseWrapCipher
+    {
+        public RFC3211()
+        {
+            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DESede - the default for this is to generate a key in
@@ -259,45 +259,47 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom            random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-    //     }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom            random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+        }
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[8];
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[8];
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         random.nextBytes(iv);
+            random.nextBytes(iv);
 
-    //         AlgorithmParameters params;
+            AlgorithmParameters params;
 
-    //         try
-    //         {
-    //             params = createParametersInstance("DES");
-    //             params.init(new IvParameterSpec(iv));
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            try
+            {
+                params = createParametersInstance("DES");
+                params.init(new IvParameterSpec(iv));
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         return params;
-    //     }
-    // }
-    // END android-removed
+            return params;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class KeyFactory
         extends BaseSecretKeyFactory
@@ -381,38 +383,35 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
-            // BEGIN android-changed
+            // BEGIN Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-            // END android-changed
-            // BEGIN android-removed
+            // END Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
             // provider.addAlgorithm("Alg.Alias.Cipher.DESEDERFC3217WRAP", "DESEDEWRAP");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
 
             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
                 // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
-                // END android-removed
+                // END Android-removed: Unsupported algorithms
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
-                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
@@ -426,39 +425,41 @@
             }
 
             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
             // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
 
-            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
+            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // END android-removed
+            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
index b19a4d4..31c9bda 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
@@ -13,9 +13,8 @@
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherParameters;
@@ -34,99 +33,101 @@
 
     }
 
-    // BEGIN android-removed
-    // public static class AlgParams
-    //     extends BaseAlgorithmParameters
-    // {
-    //     PBKDF2Params params;
-    //
-    //     protected byte[] engineGetEncoded()
-    //     {
-    //         try
-    //         {
-    //             return params.getEncoded(ASN1Encoding.DER);
-    //         }
-    //         catch (IOException e)
-    //         {
-    //             throw new RuntimeException("Oooops! " + e.toString());
-    //         }
-    //     }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParams
+        extends BaseAlgorithmParameters
+    {
+        PBKDF2Params params;
 
-    //     protected byte[] engineGetEncoded(
-    //         String format)
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             return engineGetEncoded();
-    //         }
-    //
-    //         return null;
-    //     }
-    //
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == PBEParameterSpec.class)
-    //         {
-    //             return new PBEParameterSpec(params.getSalt(),
-    //                             params.getIterationCount().intValue());
-    //         }
-    //
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
-    //     }
-    //
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (!(paramSpec instanceof PBEParameterSpec))
-    //         {
-    //             throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
-    //         }
-    //
-    //         PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
-    //
-    //         this.params = new PBKDF2Params(pbeSpec.getSalt(),
-    //                             pbeSpec.getIterationCount());
-    //     }
-    //
-    //     protected void engineInit(
-    //         byte[] params)
-    //         throws IOException
-    //     {
-    //         this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
-    //     }
-    //
-    //     protected void engineInit(
-    //         byte[] params,
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             engineInit(params);
-    //             return;
-    //         }
-    //
-    //         throw new IOException("Unknown parameters format in PBKDF2 parameters object");
-    //     }
-    //
-    //     protected String engineToString()
-    //     {
-    //         return "PBKDF2 Parameters";
-    //     }
-    // }
-    // END android-removed
+        protected byte[] engineGetEncoded()
+        {
+            try
+            {
+                return params.getEncoded(ASN1Encoding.DER);
+            }
+            catch (IOException e)
+            {
+                throw new RuntimeException("Oooops! " + e.toString());
+            }
+        }
+
+        protected byte[] engineGetEncoded(
+            String format)
+        {
+            if (this.isASN1FormatString(format))
+            {
+                return engineGetEncoded();
+            }
+
+            return null;
+        }
+
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
+            Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == PBEParameterSpec.class)
+            {
+                return new PBEParameterSpec(params.getSalt(),
+                                params.getIterationCount().intValue());
+            }
+
+            throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
+        }
+
+        protected void engineInit(
+            AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (!(paramSpec instanceof PBEParameterSpec))
+            {
+                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
+            }
+
+            PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
+
+            this.params = new PBKDF2Params(pbeSpec.getSalt(),
+                                pbeSpec.getIterationCount());
+        }
+
+        protected void engineInit(
+            byte[] params)
+            throws IOException
+        {
+            this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
+        }
+
+        protected void engineInit(
+            byte[] params,
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                engineInit(params);
+                return;
+            }
+
+            throw new IOException("Unknown parameters format in PBKDF2 parameters object");
+        }
+
+        protected String engineToString()
+        {
+            return "PBKDF2 Parameters";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class BasePBKDF2
         extends BaseSecretKeyFactory
     {
         private int scheme;
-        // BEGIN ANDROID-ADDED
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private int keySizeInBits;
         private int ivSizeInBits;
-        // END ANDROID-ADDED
+        // END Android-added: Allow to specify a key using only the password.
         private int defaultDigest;
 
         public BasePBKDF2(String name, int scheme)
@@ -134,27 +135,27 @@
             this(name, scheme, SHA1);
         }
 
-        // BEGIN ANDROID-CHANGED
-        // Was: public BasePBKDF2(String name, int scheme, int defaultDigest)
+        // BEGIN Android-changed: Allow to specify a key using only the password.
+        // public BasePBKDF2(String name, int scheme, int defaultDigest)
         private BasePBKDF2(
                 String name, int scheme, int digest, int keySizeInBits, int ivSizeInBits)
-        // END ANDROID-CHANGED
+        // END Android-changed: Allow to specify a key using only the password.
         {
             super(name, PKCSObjectIdentifiers.id_PBKDF2);
 
             this.scheme = scheme;
-            // BEGIN ANDROID-ADDED
+            // BEGIN Android-added: Support key-restricted versions.
             this.keySizeInBits = keySizeInBits;
             this.ivSizeInBits = ivSizeInBits;
-            // END ANDROID-ADDED
+            // END Android-added: Support key-restricted versions.
             this.defaultDigest = digest;
         }
 
-        // BEGIN android-added
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private BasePBKDF2(String name, int scheme, int digest) {
             this(name, scheme, digest, 0, 0);
         }
-        // END android-added
+        // END Android-added: Allow to specify a key using only the password.
 
         protected SecretKey engineGenerateSecret(
             KeySpec keySpec)
@@ -164,9 +165,8 @@
             {
                 PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;
 
-                // BEGIN ANDROID-ADDED
-                // Allow to specify a key using only the password. The key will be generated later
-                // when other parameters are known.
+                // BEGIN Android-added: Allow to specify a key using only the password.
+                // The key will be generated later when other parameters are known.
                 if (pbeSpec.getSalt() == null
                         && pbeSpec.getIterationCount() == 0
                         && pbeSpec.getKeyLength() == 0
@@ -178,7 +178,7 @@
                             // cipherParameters, to be generated when the PBE parameters are known.
                             null);
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow to specify a key using only the password.
 
                 if (pbeSpec.getSalt() == null)
                 {
@@ -231,13 +231,15 @@
         private int getDigestCode(ASN1ObjectIdentifier algorithm)
             throws InvalidKeySpecException
         {
-            // BEGIN android-removed
-            // if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
-            // {
-            //     return GOST3411;
-            // }
-            // else
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
+            {
+                return GOST3411;
+            }
+            else
+            */
+            // END Android-removed: Unsupported algorithms
             if (algorithm.equals(PKCSObjectIdentifiers.id_hmacWithSHA1))
             {
                 return SHA1;
@@ -263,62 +265,65 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class PBKDF2withUTF8
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withUTF8()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA224
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA224()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA224);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA256
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA256()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA256);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA384
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA384()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA384);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA512
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA512()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA512);
-    //     }
-    // }
-    //
-    // public static class PBKDF2with8BIT
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2with8BIT()
-    //     {
-    //         super("PBKDF2", PKCS5S2);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class PBKDF2withUTF8
+        extends BasePBKDF2
+    {
+        public PBKDF2withUTF8()
+        {
+            super("PBKDF2", PKCS5S2_UTF8);
+        }
+    }
 
-    // BEGIN android-added
+    public static class PBKDF2withSHA224
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA224()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA224);
+        }
+    }
+
+    public static class PBKDF2withSHA256
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA256()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA256);
+        }
+    }
+
+    public static class PBKDF2withSHA384
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA384()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA384);
+        }
+    }
+    public static class PBKDF2withSHA512
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA512()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA512);
+        }
+    }
+
+    public static class PBKDF2with8BIT
+        extends BasePBKDF2
+    {
+        public PBKDF2with8BIT()
+        {
+            super("PBKDF2", PKCS5S2);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+
+    // BEGIN Android-added: Android implementations of PBKDF2 algorithms.
+    // See note in Mappings below.
     public static class BasePBKDF2WithHmacSHA1 extends BasePBKDF2 {
         public BasePBKDF2WithHmacSHA1(String name, int scheme)
         {
@@ -479,7 +484,7 @@
             super("PBEWithHmacSHA512AndAES_256", PKCS5S2_UTF8, SHA512, 256, 128);
         }
     }
-    // END android-added
+    // END Android-added: Android implementations of PBKDF2 algorithms.
 
     public static class Mappings
         extends AlgorithmProvider
@@ -492,45 +497,34 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-comment
-            // Context: many of these services used to be in
-            // com.android.org.bouncycastle.jcajce.provider.digest,SHA1, duplicated with respect to here. This
-            // class (PBEPBKDF2) wasn't present in Android until the upgrade to 1.56. Android added
-            // some other of these services in SHA1 (for fixed key sizes). Then the duplicate
-            // algorithms were removed upstream from SHA1 in
-            // b5634e3155e7fd8688599d3eef8e4f3c8a1db078
-            // . As a result, when adapting BouncyCastle 1.56 from upstream, the Android code that
-            // had been added to SHA1 was moved here, and the rest of the services provided by this
-            // class were commented.
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
-            // END android-removed
-            // BEGIN android-changed
-            // Was: provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            // Android-note: Provided classes differ significantly from upstream.
+            // Before BC 1.56, this class was omitted in Android and the algorithms we desired
+            // were provided in org.bouncycastle.jcajce.provider.digest.SHA1.  During that
+            // time, Android added some additional versions of these algorithms for fixed key sizes.
+            // BC eventually consolidated the algorithms into this class.  As a result, when
+            // upgrading to BC 1.56, we added this class but replaced its contents with
+            // our versions.
+            // BEGIN Android-removed: Bouncy Castle versions of algorithms.
+            /*
+            provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
+            */
+            // END Android-removed: Bouncy Castle versions of algorithms.
+            // BEGIN Android-added: Android versions of algorithms.
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1");
-            // END android-changed
-            // BEGin android-removed
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
-            // END android-removed
-            // BEGIN android-changed
-            // Was:
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2with8BIT", "PBKDF2WithHmacSHA1And8BIT");
-            // END android-changed
-            // BEGIN android-added
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2withASCII", "PBKDF2WithHmacSHA1And8BIT");
-            // BEGIN android-removed
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
-            // END android-removed
-            // BEGIN android-added
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA224", PREFIX + "$PBKDF2WithHmacSHA224UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA256", PREFIX + "$PBKDF2WithHmacSHA256UTF8");
@@ -547,7 +541,7 @@
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", PREFIX + "$PBEWithHmacSHA384AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
-            // END android-added
+            // END Android-added: Android versions of algorithms.
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
index 7bc1e71..06693a2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
@@ -12,28 +12,24 @@
 
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RC2WrapEngine;
 // import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 import org.bouncycastle.util.Arrays;
@@ -44,61 +40,63 @@
     {
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * RC2
-    //  */
-    // static public class ECB
-    //     extends BaseBlockCipher
-    // {
-    //     public ECB()
-    //     {
-    //         super(new RC2Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC2CBC
-    //  */
-    // static public class CBC
-    //     extends BaseBlockCipher
-    // {
-    //     public CBC()
-    //     {
-    //         super(new CBCBlockCipher(new RC2Engine()), 64);
-    //     }
-    // }
-    //
-    // public static class Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public Wrap()
-    //     {
-    //         super(new RC2WrapEngine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC2
-    //  */
-    // public static class CBCMAC
-    //     extends BaseMac
-    // {
-    //     public CBCMAC()
-    //     {
-    //         super(new CBCBlockCipherMac(new RC2Engine()));
-    //     }
-    // }
-    //
-    // public static class CFB8MAC
-    //     extends BaseMac
-    // {
-    //     public CFB8MAC()
-    //     {
-    //         super(new CFBBlockCipherMac(new RC2Engine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * RC2
+     *
+    static public class ECB
+        extends BaseBlockCipher
+    {
+        public ECB()
+        {
+            super(new RC2Engine());
+        }
+    }
+
+    /**
+     * RC2CBC
+     *
+    static public class CBC
+        extends BaseBlockCipher
+    {
+        public CBC()
+        {
+            super(new CBCBlockCipher(new RC2Engine()), 64);
+        }
+    }
+
+    public static class Wrap
+        extends BaseWrapCipher
+    {
+        public Wrap()
+        {
+            super(new RC2WrapEngine());
+        }
+    }
+
+    /**
+     * RC2
+     *
+    public static class CBCMAC
+        extends BaseMac
+    {
+        public CBCMAC()
+        {
+            super(new CBCBlockCipherMac(new RC2Engine()));
+        }
+    }
+
+    public static class CFB8MAC
+        extends BaseMac
+    {
+        public CFB8MAC()
+        {
+            super(new CFBBlockCipherMac(new RC2Engine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHA1AndRC2
@@ -184,19 +182,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndRC2
-    //  */
-    // static public class PBEWithMD2KeyFactory
-    //     extends PBESecretKeyFactory
-    // {
-    //     public PBEWithMD2KeyFactory()
-    //     {
-    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndRC2
+     *
+    static public class PBEWithMD2KeyFactory
+        extends PBESecretKeyFactory
+    {
+        public PBEWithMD2KeyFactory()
+        {
+            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
    /**
     * PBEWithMD5AndRC2
@@ -210,249 +210,251 @@
        }
    }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     RC2ParameterSpec spec = null;
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        RC2ParameterSpec spec = null;
 
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         if (genParamSpec instanceof RC2ParameterSpec)
-    //         {
-    //             spec = (RC2ParameterSpec)genParamSpec;
-    //             return;
-    //         }
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            if (genParamSpec instanceof RC2ParameterSpec)
+            {
+                spec = (RC2ParameterSpec)genParamSpec;
+                return;
+            }
 
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-    //     }
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+        }
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         AlgorithmParameters params;
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            AlgorithmParameters params;
 
-    //         if (spec == null)
-    //         {
-    //             byte[] iv = new byte[8];
+            if (spec == null)
+            {
+                byte[] iv = new byte[8];
 
-    //             if (random == null)
-    //             {
-    //                 random = new SecureRandom();
-    //             }
+                if (random == null)
+                {
+                    random = new SecureRandom();
+                }
 
-    //             random.nextBytes(iv);
+                random.nextBytes(iv);
 
-    //             try
-    //             {
-    //                 params = createParametersInstance("RC2");
-    //                 params.init(new IvParameterSpec(iv));
-    //             }
-    //             catch (Exception e)
-    //             {
-    //                 throw new RuntimeException(e.getMessage());
-    //             }
-    //         }
-    //         else
-    //         {
-    //             try
-    //             {
-    //                 params = createParametersInstance("RC2");
-    //                 params.init(spec);
-    //             }
-    //             catch (Exception e)
-    //             {
-    //                 throw new RuntimeException(e.getMessage());
-    //             }
-    //         }
+                try
+                {
+                    params = createParametersInstance("RC2");
+                    params.init(new IvParameterSpec(iv));
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException(e.getMessage());
+                }
+            }
+            else
+            {
+                try
+                {
+                    params = createParametersInstance("RC2");
+                    params.init(spec);
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException(e.getMessage());
+                }
+            }
 
-    //         return params;
-    //     }
-    // }
+            return params;
+        }
+    }
 
-    // public static class KeyGenerator
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGenerator()
-    //     {
-    //         super("RC2", 128, new CipherKeyGenerator());
-    //     }
-    // }
+    public static class KeyGenerator
+        extends BaseKeyGenerator
+    {
+        public KeyGenerator()
+        {
+            super("RC2", 128, new CipherKeyGenerator());
+        }
+    }
 
-    // public static class AlgParams
-    //     extends BaseAlgorithmParameters
-    // {
-    //     private static final short[] table = {
-    //         0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-    //         0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-    //         0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-    //         0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-    //         0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-    //         0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-    //         0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-    //         0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-    //         0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-    //         0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-    //         0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-    //         0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-    //         0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-    //         0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-    //         0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-    //         0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-    //     };
+    public static class AlgParams
+        extends BaseAlgorithmParameters
+    {
+        private static final short[] table = {
+            0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+            0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+            0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+            0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+            0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+            0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+            0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+            0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+            0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+            0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+            0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+            0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+            0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+            0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+            0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+            0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
+        };
 
-    //     private static final short[] ekb = {
-    //         0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-    //         0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-    //         0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-    //         0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-    //         0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-    //         0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-    //         0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-    //         0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-    //         0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-    //         0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-    //         0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-    //         0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-    //         0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-    //         0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-    //         0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-    //         0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-    //     };
+        private static final short[] ekb = {
+            0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+            0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+            0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+            0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+            0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+            0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+            0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+            0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+            0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+            0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+            0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+            0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+            0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+            0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+            0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+            0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
+        };
 
-    //     private byte[] iv;
-    //     private int parameterVersion = 58;
+        private byte[] iv;
+        private int parameterVersion = 58;
 
-    //     protected byte[] engineGetEncoded()
-    //     {
-    //         return Arrays.clone(iv);
-    //     }
+        protected byte[] engineGetEncoded()
+        {
+            return Arrays.clone(iv);
+        }
 
-    //     protected byte[] engineGetEncoded(
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             if (parameterVersion == -1)
-    //             {
-    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-    //             }
-    //             else
-    //             {
-    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-    //             }
-    //         }
+        protected byte[] engineGetEncoded(
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                if (parameterVersion == -1)
+                {
+                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
+                }
+                else
+                {
+                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
+                }
+            }
 
-    //         if (format.equals("RAW"))
-    //         {
-    //             return engineGetEncoded();
-    //         }
+            if (format.equals("RAW"))
+            {
+                return engineGetEncoded();
+            }
 
-    //         return null;
-    //     }
+            return null;
+        }
 
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //         {
-    //             if (parameterVersion != -1)
-    //             {
-    //                 if (parameterVersion < 256)
-    //                 {
-    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
-    //                 }
-    //                 else
-    //                 {
-    //                     return new RC2ParameterSpec(parameterVersion, iv);
-    //                 }
-    //             }
-    //         }
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
+            Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+            {
+                if (parameterVersion != -1)
+                {
+                    if (parameterVersion < 256)
+                    {
+                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
+                    }
+                    else
+                    {
+                        return new RC2ParameterSpec(parameterVersion, iv);
+                    }
+                }
+            }
 
-    //         if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //         {
-    //             return new IvParameterSpec(iv);
-    //         }
+            if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+            {
+                return new IvParameterSpec(iv);
+            }
 
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-    //     }
+            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
+        }
 
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec instanceof IvParameterSpec)
-    //         {
-    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
-    //         }
-    //         else if (paramSpec instanceof RC2ParameterSpec)
-    //         {
-    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-    //             if (effKeyBits != -1)
-    //             {
-    //                 if (effKeyBits < 256)
-    //                 {
-    //                     parameterVersion = table[effKeyBits];
-    //                 }
-    //                 else
-    //                 {
-    //                     parameterVersion = effKeyBits;
-    //                 }
-    //             }
+        protected void engineInit(
+            AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec instanceof IvParameterSpec)
+            {
+                this.iv = ((IvParameterSpec)paramSpec).getIV();
+            }
+            else if (paramSpec instanceof RC2ParameterSpec)
+            {
+                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
+                if (effKeyBits != -1)
+                {
+                    if (effKeyBits < 256)
+                    {
+                        parameterVersion = table[effKeyBits];
+                    }
+                    else
+                    {
+                        parameterVersion = effKeyBits;
+                    }
+                }
 
-    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-    //         }
-    //         else
-    //         {
-    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-    //         }
-    //     }
+                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
+            }
+            else
+            {
+                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
+            }
+        }
 
-    //     protected void engineInit(
-    //         byte[] params)
-    //         throws IOException
-    //     {
-    //         this.iv = Arrays.clone(params);
-    //     }
+        protected void engineInit(
+            byte[] params)
+            throws IOException
+        {
+            this.iv = Arrays.clone(params);
+        }
 
-    //     protected void engineInit(
-    //         byte[] params,
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
+        protected void engineInit(
+            byte[] params,
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
 
-    //             if (p.getRC2ParameterVersion() != null)
-    //             {
-    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
-    //             }
+                if (p.getRC2ParameterVersion() != null)
+                {
+                    parameterVersion = p.getRC2ParameterVersion().intValue();
+                }
 
-    //             iv = p.getIV();
+                iv = p.getIV();
 
-    //             return;
-    //         }
+                return;
+            }
 
-    //         if (format.equals("RAW"))
-    //         {
-    //             engineInit(params);
-    //             return;
-    //         }
+            if (format.equals("RAW"))
+            {
+                engineInit(params);
+                return;
+            }
 
-    //         throw new IOException("Unknown parameters format in IV parameters object");
-    //     }
+            throw new IOException("Unknown parameters format in IV parameters object");
+        }
 
-    //     protected String engineToString()
-    //     {
-    //         return "RC2 Parameters";
-    //     }
-    // }
-    // END android-removed
+        protected String engineToString()
+        {
+            return "RC2 Parameters";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends AlgorithmProvider
@@ -465,36 +467,40 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
-            // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
-            //
-            // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
-            // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
-            //
-            // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
-            // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
-            //
-            // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
-            // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
-            //
-            // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
-            // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-            //
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-            // END android-removed
 
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
+            provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
+
+            provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
+            provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
+
+            provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
+
+            provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
+            provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
+
+            provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
+            provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
+
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // Android-note: All of the non-disabled algorithms in this class are necessary
+            // for KeyStore.PKCS12
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
@@ -502,18 +508,16 @@
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
-            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory");
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
index 7ac79e7..e955e9d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
@@ -6,44 +6,46 @@
 abstract class SymmetricAlgorithmProvider
     extends AlgorithmProvider
 {
-    // BEGIN android-removed
-    // protected void addCMacAlgorithm(
-    //     ConfigurableProvider provider,
-    //     String algorithm,
-    //     String algorithmClassName,
-    //     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
-    //
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
-    // }
-    //
-    // protected void addGMacAlgorithm(
-    //     ConfigurableProvider provider,
-    //     String algorithm,
-    //     String algorithmClassName,
-    //     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
-    //
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
-    // }
-    //
-    // protected void addPoly1305Algorithm(ConfigurableProvider provider,
-    //                                     String algorithm,
-    //                                     String algorithmClassName,
-    //                                     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    //
-    //     provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    protected void addCMacAlgorithm(
+        ConfigurableProvider provider,
+        String algorithm,
+        String algorithmClassName,
+        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
+
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
+    }
+
+    protected void addGMacAlgorithm(
+        ConfigurableProvider provider,
+        String algorithm,
+        String algorithmClassName,
+        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
+
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
+    }
+
+    protected void addPoly1305Algorithm(ConfigurableProvider provider,
+                                        String algorithm,
+                                        String algorithmClassName,
+                                        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
+
+        provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
index c666ac1..62988e0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
@@ -1,26 +1,22 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.BlockCipher;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.TwofishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 // import org.bouncycastle.crypto.macs.GMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 // import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public final class Twofish
@@ -29,58 +25,60 @@
     {
     }
 
-    // BEGIN android-removed
-    // public static class ECB
-    //     extends BaseBlockCipher
-    // {
-    //     public ECB()
-    //     {
-    //         super(new BlockCipherProvider()
-    //         {
-    //             public BlockCipher get()
-    //             {
-    //                 return new TwofishEngine();
-    //             }
-    //         });
-    //     }
-    // }
-    //
-    // public static class KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGen()
-    //     {
-    //         super("Twofish", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // public static class GMAC
-    //     extends BaseMac
-    // {
-    //     public GMAC()
-    //     {
-    //         super(new GMac(new GCMBlockCipher(new TwofishEngine())));
-    //     }
-    // }
-    //
-    // public static class Poly1305
-    //     extends BaseMac
-    // {
-    //     public Poly1305()
-    //     {
-    //         super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
-    //     }
-    // }
-    //
-    // public static class Poly1305KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public Poly1305KeyGen()
-    //     {
-    //         super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class ECB
+        extends BaseBlockCipher
+    {
+        public ECB()
+        {
+            super(new BlockCipherProvider()
+            {
+                public BlockCipher get()
+                {
+                    return new TwofishEngine();
+                }
+            });
+        }
+    }
+
+    public static class KeyGen
+        extends BaseKeyGenerator
+    {
+        public KeyGen()
+        {
+            super("Twofish", 256, new CipherKeyGenerator());
+        }
+    }
+
+    public static class GMAC
+        extends BaseMac
+    {
+        public GMAC()
+        {
+            super(new GMac(new GCMBlockCipher(new TwofishEngine())));
+        }
+    }
+
+    public static class Poly1305
+        extends BaseMac
+    {
+        public Poly1305()
+        {
+            super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
+        }
+    }
+
+    public static class Poly1305KeyGen
+        extends BaseKeyGenerator
+    {
+        public Poly1305KeyGen()
+        {
+            super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHAAndTwofish-CBC
@@ -106,16 +104,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParams
-    //     extends IvAlgorithmParameters
-    // {
-    //     protected String engineToString()
-    //     {
-    //         return "Twofish IV";
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParams
+        extends IvAlgorithmParameters
+    {
+        protected String engineToString()
+        {
+            return "Twofish IV";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -128,21 +128,22 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
             // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
             // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
+            // Android-note: These algorithms are necessary for KeyStore.BouncyCastle
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
             provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC",  PREFIX + "$PBEWithSHA");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
             // addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
index 1486d71..a471972 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
@@ -152,10 +152,4 @@
     {
         return tryWrong;
     }
-
-    // BEGIN android-added
-    public PBEKeySpec getPbeKeySpec() {
-        return pbeKeySpec;
-    }
-    // END android-added
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
index 296d692..2237e26 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
@@ -6,13 +6,17 @@
 import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 
 public abstract class BaseAlgorithmParameterGenerator
     extends AlgorithmParameterGeneratorSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     protected SecureRandom  random;
     protected int           strength = 1024;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 63d7b35..9e3dafa 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -20,14 +20,13 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.interfaces.PBEKey;
 import javax.crypto.spec.IvParameterSpec;
-// BEGIN android-added
+// BEGIN Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEKeySpec;
-// END android-added
+// END Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.crypto.BlockCipher;
@@ -41,20 +40,17 @@
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.EAXBlockCipher;
 // import org.bouncycastle.crypto.modes.GCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GOFBBlockCipher;
 // import org.bouncycastle.crypto.modes.OCBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
 // import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -67,22 +63,19 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ParametersWithSBox;
-// END android-removed
 import org.bouncycastle.crypto.params.RC2Parameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.RC5Parameters;
 // import org.bouncycastle.jcajce.PBKDF1Key;
 // import org.bouncycastle.jcajce.PBKDF1KeyWithParameters;
-// END android-removed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12KeyWithParameters;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
 // import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec;
-// END android-removed
 import org.bouncycastle.util.Strings;
 
 public class BaseBlockCipher
@@ -96,16 +89,14 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class,
-                                        // END android-removed
                                         gcmSpecClass,
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // GOST28147ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private BlockCipher             baseEngine;
@@ -281,7 +272,12 @@
                 try
                 {
                     engineParams = createParametersInstance(name);
-                    engineParams.init(ivParam.getIV());
+                    // Android-changed: Use IvParameterSpec instead of passing raw bytes.
+                    // The documentation of init() says that a byte array should be decoded
+                    // as ASN.1, and Conscrypt's implementations follow that requirement,
+                    // even though Bouncy Castle's implementations don't.  Wrapping it in
+                    // an IvParameterSpec makes the interpretation unambiguous to both.
+                    engineParams.init(new IvParameterSpec(ivParam.getIV()));
                 }
                 catch (Exception e)
                 {
@@ -342,33 +338,35 @@
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("PGP"))
-        // {
-        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-        //
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(
-        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
-        // }
-        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        // {
-        //     ivLength = 0;
-        //     cipher = new BufferedGenericBlockCipher(
-        //         new OpenPGPCFBBlockCipher(baseEngine));
-        // }
-        // else if (modeName.startsWith("SIC"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     if (ivLength < 16)
-        //     {
-        //         throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
-        //     }
-        //     fixedIv = false;
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new SICBlockCipher(baseEngine)));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported modes
+        /*
+        else if (modeName.startsWith("PGP"))
+        {
+            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(
+                new PGPCFBBlockCipher(baseEngine, inlineIV));
+        }
+        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        {
+            ivLength = 0;
+            cipher = new BufferedGenericBlockCipher(
+                new OpenPGPCFBBlockCipher(baseEngine));
+        }
+        else if (modeName.startsWith("SIC"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            if (ivLength < 16)
+            {
+                throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
+            }
+            fixedIv = false;
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new SICBlockCipher(baseEngine)));
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTR"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -376,20 +374,22 @@
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("GOFB"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new GOFBBlockCipher(baseEngine)));
-        // }
-        // else if (modeName.startsWith("GCFB"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new GCFBBlockCipher(baseEngine)));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported modes
+        /*
+        else if (modeName.startsWith("GOFB"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new GOFBBlockCipher(baseEngine)));
+        }
+        else if (modeName.startsWith("GCFB"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new GCFBBlockCipher(baseEngine)));
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -400,28 +400,30 @@
             ivLength = 13; // CCM nonce 7..13 bytes
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("OCB"))
-        // {
-        //     if (engineProvider != null)
-        //     {
-        //         /*
-        //          * RFC 7253 4.2. Nonce is a string of no more than 120 bits
-        //          */