[automerger] Fix probable prime confidence calculations. am: 91719e3c1b am: b2a687151e am: b56197f5fd am: 630facd786 am: 77321115ab am: 87804b8da9 am: 883aa9d8f8
am: 8221e0766e

Change-Id: I65459162d9af9e07fa7a5de294d7bd54375c5d0b
diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..8f1a364
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1,150 @@
+//
+// Copyright (C) 2010 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+java_defaults {
+    name: "bouncycastle-errorprone-defaults",
+    errorprone: {
+        javacflags: [
+            "-Xep:MissingOverride:OFF",  // Ignore missing @Override.
+        ],
+    },
+}
+
+// These cannot build in the PDK, because the PDK requires all libraries
+// compile against SDK versions.
+java_defaults {
+    name: "bouncycastle-defaults",
+    defaults: [
+        "bouncycastle-errorprone-defaults",
+    ],
+    host_supported: true,
+    hostdex: true,
+    target: {
+        android: {
+            product_variables: {
+                pdk: {
+                    enabled: false,
+                },
+            },
+        },
+    },
+}
+
+// non-jarjar version to build okhttp-tests
+java_library_static {
+    name: "bouncycastle-unbundled",
+    defaults: ["bouncycastle-defaults"],
+
+    srcs: ["bcprov/src/main/java/**/*.java"],
+    exclude_srcs: [
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+
+    sdk_version: "9",
+    java_version: "1.7",
+}
+
+java_library {
+    name: "bouncycastle",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+// A guaranteed unstripped version of bouncycastle.
+// The build system may or may not strip the bouncycastle jar, but this one will
+// not be stripped. See b/24535627.
+java_library {
+    name: "bouncycastle-testdex",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-unbundled"],
+    no_framework_libs: true,
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+}
+
+// PKIX classes used for testing
+java_library_static {
+    name: "bouncycastle-bcpkix",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-bcpkix-unbundled"],
+    no_framework_libs: true,
+    java_version: "1.7",
+
+    target: {
+        android: {
+            jarjar_rules: "jarjar-rules.txt",
+        },
+    },
+}
+
+java_library_static {
+    name: "bouncycastle-bcpkix-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled" ],
+    sdk_version: "9",
+    srcs: ["bcpkix/src/main/java/**/*.java"],
+    exclude_srcs: ["bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java"],
+}
+
+
+// OCSP classes used for testing
+java_library_static {
+    name: "bouncycastle-ocsp",
+    defaults: ["bouncycastle-defaults"],
+
+    static_libs: ["bouncycastle-ocsp-unbundled"],
+    jarjar_rules: "jarjar-rules.txt",
+    java_version: "1.7",
+    no_framework_libs: true,
+}
+
+java_library_static {
+    name: "bouncycastle-ocsp-unbundled",
+    defaults: [
+        "bouncycastle-defaults",
+    ],
+    libs: [ "bouncycastle-unbundled",
+            "bouncycastle-bcpkix-unbundled" ],
+    sdk_version: "9",
+    srcs: [
+        "bcpkix/src/main/java/org/bouncycastle/cert/ocsp/**/*.java",
+        "bcprov/src/main/java/org/bouncycastle/asn1/ocsp/**/*.java",
+    ],
+}
+
+// For compatibilityy with old bouncycastle-host and bouncycastle-bcpkix-host names
+java_library_host {
+    name: "bouncycastle-host",
+    static_libs: ["bouncycastle"],
+}
+
+java_library_host {
+    name: "bouncycastle-bcpkix-host",
+    static_libs: ["bouncycastle-bcpkix"],
+}
diff --git a/Android.mk b/Android.mk
deleted file mode 100644
index d8b6763..0000000
--- a/Android.mk
+++ /dev/null
@@ -1,233 +0,0 @@
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-LOCAL_PATH := $(call my-dir)
-
-# All the files needed for OCSP testing
-all_bc_ocsp_files := $(call all-java-files-under,bcpkix/src/main/java/org/bouncycastle/cert/ocsp) \
- $(call all-java-files-under,bcprov/src/main/java/org/bouncycastle/asn1/ocsp)
-
-# used for bouncycastle-hostdex where we want everything for testing
-all_bcprov_src_files := $(filter-out \
- $(all_bc_ocsp_files), \
- $(call all-java-files-under,bcprov/src/main/java))
-
-# used for bouncycastle for target where we want to be sure to use OpenSSLDigest
-android_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java, \
- $(all_bcprov_src_files))
-
-# used for bouncycastle-host where we can't use OpenSSLDigest
-ri_bcprov_src_files := $(filter-out \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java \
- bcprov/src/main/java/org/bouncycastle/crypto/digests/OpenSSLDigest.java, \
- $(all_bcprov_src_files))
-
-# used for host tools, but OCSP is only for testing
-all_bcpkix_src_files := $(filter-out \
- $(all_bc_ocsp_files), \
- $(call all-java-files-under,bcpkix/src/main/java))
-
-# These cannot build in the PDK, because the PDK requires all libraries
-# compile against SDK versions. LOCAL_NO_STANDARD_LIBRARIES conflicts with
-# this requirement.
-ifneq ($(TARGET_BUILD_PDK),true)
-
-    # non-jarjar version to build okhttp-tests
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(android_bcprov_src_files)
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_JAVA_LIBRARY)
-
-    # A guaranteed unstripped version of bouncycastle.
-    # The build system may or may not strip the bouncycastle jar, but this one will
-    # not be stripped. See b/24535627.
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-testdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_JAVA_LIBRARY)
-
-    # unbundled bouncycastle jar
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-unbundled
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SDK_VERSION := 9
-    LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    # PKIX classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JAVA_LIBRARIES := bouncycastle-nojarjar core-oj core-libart conscrypt
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-bcpkix-nojarjar
-    LOCAL_JAVA_LIBRARIES := core-oj core-libart conscrypt
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-
-    # OCSP classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-ocsp
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-    LOCAL_JAVA_LIBRARIES := bouncycastle-nojarjar bouncycastle-bcpkix-nojarjar core-oj core-libart conscrypt
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    LOCAL_NO_STANDARD_LIBRARIES := true
-    include $(BUILD_STATIC_JAVA_LIBRARY)
-endif # TARGET_BUILD_PDK != true
-
-# This is used to generate a list of what is unused so it can be removed when bouncycastle is updated.
-# Based on "Finding dead code" example in ProGuard manual at http://proguard.sourceforge.net/
-.PHONY: bouncycastle-proguard-deadcode
-bouncycastle-proguard-deadcode: $(full_classes_compiled_jar) $(full_java_libs)
-	$(PROGUARD) \
-		-injars $(full_classes_compiled_jar) \
-		-libraryjars "$(call normalize-path-list,$(addsuffix (!org/bouncycastle/**.class,!com/android/org/conscrypt/OpenSSLMessageDigest.class),$(full_java_libs)))" \
-		-dontoptimize \
-		-dontobfuscate \
-		-dontpreverify \
-		-ignorewarnings \
-		-printusage \
-		-keep class org.bouncycastle.jce.provider.BouncyCastleProvider "{ public protected *; }" \
-		-keep class org.bouncycastle.jce.provider.symmetric.AESMappings "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.ASN1TaggedObject "{ public protected *; }" \
-		-keep class org.bouncycastle.asn1.x509.CertificateList "{ public protected *; }" \
-		-keep class org.bouncycastle.crypto.AsymmetricBlockCipher "{ public protected *; }" \
-		-keep class org.bouncycastle.x509.ExtendedPKIXBuilderParameters "{ public protected *; }" \
-		`(find $(LOCAL_PATH) -name '*.java' | xargs grep '"org.bouncycastle' | egrep '  (put|add)' | sed -e 's/");//' -e 's/.*"//'; \
-		  find $(LOCAL_PATH) -name '*.java' | xargs grep '  addHMACAlgorithm' | sed 's/"org.bouncycastle/\norg.bouncycastle/g' | grep ^org.bouncycastle | sed 's/".*//'; \
-                  find . -name '*.java' | xargs grep 'import org.bouncycastle' | grep -v /bouncycastle/ | sed -e 's/.*:import //' -e 's/;//') \
-		  | sed -e 's/^/-keep class /' -e 's/$$/ { public protected \*; } /' | sort | uniq` \
-		-keepclassmembers "class * { \
-		    static final %                *; \
-		    static final java.lang.String *; \
-		}" \
-		-keepclassmembers "class * implements java.io.Serializable { \
-		    private static final java.io.ObjectStreamField[] serialPersistentFields; \
-		    private void writeObject(java.io.ObjectOutputStream); \
-		    private void readObject(java.io.ObjectInputStream); \
-		    java.lang.Object writeReplace(); \
-		    java.lang.Object readResolve(); \
-		}" \
-		-keepclassmembers "interface org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    abstract public java.lang.String getPaddingName(); \
-		}" \
-		-keepclassmembers "class * implements org.bouncycastle.crypto.paddings.BlockCipherPadding { \
-		    public java.lang.String getPaddingName(); \
-		}"
-
-# Conscrypt isn't built in the PDK or on non-linux OSes, so this cannot be built
-# because it has a dependency on conscrypt-hostdex.
-ifneq ($(TARGET_BUILD_PDK),true)
-  ifeq ($(HOST_OS),linux)
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-hostdex-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcprov_src_files)
-    LOCAL_JAVA_LIBRARIES := conscrypt-hostdex
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    LOCAL_JAVA_LIBRARIES := conscrypt-hostdex
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-    include $(BUILD_HOST_DALVIK_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-bcpkix-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-
-    # OCSP classes used for testing
-    include $(CLEAR_VARS)
-    LOCAL_MODULE := bouncycastle-ocsp-hostdex
-    LOCAL_MODULE_TAGS := optional
-    LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-    LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-hostdex-nojarjar bouncycastle-bcpkix-hostdex-nojarjar
-    LOCAL_JARJAR_RULES := $(LOCAL_PATH)/jarjar-rules.txt
-    include $(BUILD_HOST_DALVIK_STATIC_JAVA_LIBRARY)
-  endif  # ($(HOST_OS),linux)
-endif
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(ri_bcprov_src_files)
-LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-bcpkix-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(all_bcpkix_src_files)
-LOCAL_JAVA_LIBRARIES := bouncycastle-host
-LOCAL_JAVA_LANGUAGE_VERSION := 1.7
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-# OCSP classes used for testing
-include $(CLEAR_VARS)
-LOCAL_MODULE := bouncycastle-ocsp-host
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := $(all_bc_ocsp_files)
-LOCAL_JAVA_LIBRARIES := bouncycastle-host bouncycastle-bcpkix-host
-include $(BUILD_HOST_JAVA_LIBRARY)
-
-# Unset these so they don't linger in the next makefile
-all_bcprov_src_files :=
-android_bcprov_src_files :=
-ri_bcprov_src_files :=
-all_bcpkix_src_files :=
-all_bc_ocsp_files :=
diff --git a/README.android b/README.android
index 5a3e9b5..2b6c07f 100644
--- a/README.android
+++ b/README.android
@@ -2,8 +2,8 @@
 ---
 
 The code in this directory is based on $BOUNCYCASTLE_VERSION in the
-file bouncycastle.version. See patches/README for more information on
-how the code differs from $BOUNCYCASTLE_VERSION.
+file bouncycastle.version. See the in-file change markers for more information
+on how the code differs from $BOUNCYCASTLE_VERSION.
 
 Porting New Versions of Bouncy Castle.
 --
@@ -21,257 +21,62 @@
      md5sum bcpkix-jdk*-*.tar.gz
      sha1sum bcpkix-jdk*-*.tar.gz
 
-2) Update the variables in bouncycastle.config and bouncycastle.version as appropriate.
-   At the very least you will need to update the bouncycastle.version.
+2) Submit the code to the upstream-master branch:
 
-3) Run:
+  a) Create a new branch tracking upstream-master
 
-     ./import_bouncycastle.sh import bcprov-jdk*-*.tar.gz
+      git checkout -b upgrade-to-xxx --track aosp/upstream-master
 
-   Note the script expects to find the bcpkix-jdk*-*.tar.gz alongside the bcprov file.
+  b) Update the variables in bouncycastle.version.
 
-4) If there are any errors, then modify bouncycastle.config, bouncycastle.version
-   and patches in patches/ as appropriate.  You might want to use:
+  c) Expand the source from the .tar.gz files
 
-     ./import_bouncycastle.sh regenerate patches/*.patch
+  d) Replace bc{prov,pkix}/src/main/java/org with the equivalent source
+     directory
 
-   Repeat step 3.
+  e) Ensure any new files are added
 
-5) Cleanup before building with:
+      git add bc{prov,pkix}
 
-     m -j16 clean-bouncycastle
+  f) Commit the change
 
-6) Build the bouncycastle target from the external/bouncycastle directory with:
+      git commit -a -m 'bouncycastle: Android tree with upstream code for version X.XX'
 
-     mm -j16 snod && adb sync system
+  g) Get the change reviewed
 
-   If there are build errors, then patches/*.mk or bouncycastle.config
-   may need updating.
+      repo upload . -D upstream-master
 
-7) Run tests to make sure things are working:
+3) Merge the code into the master branch
 
-     Some suggested tests by area:
-     - java.security.AlgorithmParameterGenerator
-       libcore/luni/src/test/java/libcore/java/security/OldAlgorithmParameterGeneratorTest.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParameterGeneratorTestDSA.java
-     - java.security.AlgorithmParameters
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestAES.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDESede.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestDES.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/AlgorithmParametersTestOAEP.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParameterGenerator1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParameterGenerator2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersSpiTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/AlgorithmParametersTest.java
-     - java.security.cert.CertPathBuilder
-       libcore/luni/src/test/java/tests/targets/security/cert/CertPathBuilderTestPKIX.java
-     - java.security.cert.CertPathValidator
-       libcore/luni/src/test/java/tests/targets/security/cert/CertPathValidatorTestPKIX.java
-     - java.security.cert.CertStore
-       libcore/luni/src/test/java/tests/security/cert/CertStoreSpiTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertStore2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertStore1Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertStoreExceptionTest.java
-     - java.security.cert.Certificate
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CertificateTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/X509CertificateTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateCertificateRepTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509Certificate2Test.java
-       libcore/luni/src/test/java/tests/targets/security/cert/CertificateTest.java
-     - java.security.cert.CertificateFactory
-       libcore/luni/src/test/java/libcore/java/security/cert/CertificateFactoryTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory1Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory3Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactory4Test.java
-       libcore/luni/src/test/java/tests/targets/security/cert/CertificateFactoryTestX509.java
-     - java.security.cert.CertificateFactorySpi
-       libcore/luni/src/test/java/tests/security/cert/CertificateFactorySpiTest.java
-     - java.security.cert.CRL
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CRLSelectorTest.java
-       libcore/luni/src/test/java/libcore/java/security/cert/X509CRLTest.java
-       libcore/luni/src/test/java/tests/security/cert/CRLTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRL2Test.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLEntryTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLSelector2Test.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLSelectorTest.java
-       libcore/luni/src/test/java/tests/security/cert/X509CRLTest.java
-     - javax.security.cert.Certificate
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateTest.java
-     - java.security.CodeSigner
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/CodeSignerTest.java
-     - javax.crypto.Cipher
-       libcore/luni/src/test/java/libcore/javax/crypto/CipherTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/CipherTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/NullCipherTest.java
-     - java.security.DigestInputStream
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStream2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestInputStreamTest.java
-     - java.security.DigestOutputStream
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestOutputStreamTest.java
-     - javax.crypto.spec.GCMParameterSpec
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/spec/GCMParameterSpecTest.java
-     - java.security.GuardedObject
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GuardedObjectTest.java
-     - java.security.Identity
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Identity2Test.java
-     - java.security.IdentityScope
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/IdentityScope2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/IdentityScopeTest.java
-     - javax.crypto.Key
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyTest.java
-     - javax.crypto.KeyAgreement
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyAgreementTest.java
-     - java.security.KeyFactory
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyFactoryTestRSA.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactory2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactoryTest.java
-     - java.security.KeyFactorySpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyFactorySpiTest.java
-     - javax.crypto.KeyGenerator
-       libcore/luni/src/test/java/libcore/javax/crypto/KeyGeneratorTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/KeyGeneratorTest.java
-     - javax.net.ssl.KeyManagerFactory
-       libcore/luni/src/test/java/libcore/javax/net/ssl/KeyManagerFactoryTest.java
-     - java.security.KeyPair
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairTest.java
-     - java.security.KeyPairGenerator
-       libcore/luni/src/test/java/libcore/java/security/KeyPairGeneratorTest.java
-       libcore/luni/src/test/java/libcore/java/security/OldKeyPairGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDH.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestDSA.java
-       libcore/luni/src/test/java/libcore/javax/crypto/spec/KeyPairGeneratorTestRSA.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator3Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGenerator4Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyPairGeneratorSpiTest.java
-       libcore/luni/src/test/java/tests/security/interfaces/DSAKeyPairGeneratorTest.java
-     - java.security.KeyRep
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyRepTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyRepTypeTest.java
-     - java.security.KeyStore
-       libcore/luni/src/test/java/libcore/java/security/KeyStoreTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSCallbackHandlerProtectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSPasswordProtectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSPrivateKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSSecretKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KSTrustedCertificateEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore3Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStore4Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreBuilderTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStorePrivateKeyEntryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreTest.java
-     - java.security.KeyStoreSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreSpiTest.java
-     - javax.crypto.Mac
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/MacTest.java
-     - java.security.MessageDigest
-       libcore/luni/src/test/java/libcore/java/security/MessageDigestTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest1Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigest2Test.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD2.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestMD5.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA1.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA256.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA384.java
-       libcore/luni/src/test/java/tests/targets/security/MessageDigestTestSHA512.java
-     - java.security.MessageDigestSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/MessageDigestSpiTest.java
-     - java.security.PrivateKey
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PrivateKeyTest.java
-     - java.security.PrivilegedAction
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PrivilegedActionTest.java
-     - java.security.Provider
-       libcore/luni/src/test/java/libcore/java/security/ProviderTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Provider2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderServiceTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderTest.java
-     - java.security.PublicKey
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/PublicKeyTest.java
-     - java.security.Security
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Security2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecurityTest.java
-     - javax.net.ssl.SSLContext
-       libcore/luni/src/test/java/libcore/javax/net/ssl/SSLContextTest.java
-     - javax.crypto.SecretKeyFactory
-       libcore/luni/src/test/java/libcore/javax/crypto/SecretKeyFactoryTest.java
-       libcore/luni/src/test/java/org/apache/harmony/crypto/tests/javax/crypto/SecretKeyFactoryTest.java
-     - java.security.SecureRandom
-       libcore/luni/src/test/java/libcore/java/security/SecureRandomTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandom2Test.java
-       libcore/luni/src/test/java/tests/java/security/SecureRandomTest.java
-       libcore/luni/src/test/java/tests/targets/security/SecureRandomTestSHA1PRNG.java
-     - java.security.SecureRandomSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SecureRandomSpiTest.java
-     - java.security.Signature
-       libcore/crypto/src/test/java/org/conscrypt/OpenSSLSignatureTest.java
-       libcore/luni/src/test/java/libcore/java/security/SignatureTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/Signature2Test.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureTest.java
-       libcore/luni/src/test/java/tests/targets/security/SignatureTestMD2withRSA.java
-     - java.security.SignatureSpi
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureSpiTest.java
-     - java.security.SignedObject
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignedObjectTest.java
-     - java.security.Signer
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignerTest.java
-     - java.security.Timestamp
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/TimestampTest.java
-     - java.security.cert.TrustAnchor
-       libcore/luni/src/test/java/tests/security/cert/TrustAnchorTest.java
-     - javax.net.ssl.TrustManagerFactory
-       libcore/luni/src/test/java/libcore/javax/net/ssl/TrustManagerFactoryTest.java
-     - java.net.URLConnection
-       libcore/luni/src/test/java/libcore/java/net/URLConnectionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/luni/tests/java/net/URLConnectionTest.java
-     - javax.security.auth.x500.X500Principal
-       libcore/luni/src/test/java/libcore/javax/net/ssl/DistinguishedNameParserTest.java
-       libcore/luni/src/test/java/libcore/javax/security/auth/x500/X500PrincipalTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/auth/X500PrincipalTest.java
-     - javax.net.ssl.SSLSocket and javax.net.ssl.SSLEngine (which touch on Cipher, MessageDigest, Signature)
-       libcore/luni/src/test/java/libcore/javax/net/ssl/
-     - Test Android additions to bouncycastle such as org.bouncycastle.crypto.digests.OpenSSLDigest and org.bouncycastle.jce.provider.CertBlacklist
-       libcore/luni/src/test/java/com/android/org/bouncycastle/
-     - Exception "tests"
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/DigestExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/GeneralSecurityExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidAlgorithmParameterExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidKeyExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/InvalidParameterExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyManagementExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/KeyStoreExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/NoSuchAlgorithmExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/NoSuchProviderExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/ProviderExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/SignatureExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/UnrecoverableEntryExceptionTest.java
-       libcore/luni/src/test/java/org/apache/harmony/security/tests/java/security/UnrecoverableKeyExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateEncodingExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateExpiredExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateNotYetValidExceptionTest.java
-       libcore/luni/src/test/java/tests/api/javax/security/cert/CertificateParsingExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CRLExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateEncodingException2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateEncodingExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateException2Test.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateExpiredExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateNotYetValidExceptionTest.java
-       libcore/luni/src/test/java/tests/security/cert/CertificateParsingExceptionTest.java
+  a) Create a new branch
 
+      repo start merge-xxx
 
-8) Do a full build before checking in:
+  b) Merge the changes in
 
-     m -j16
+      git fetch aosp upstream-master
+      git merge aosp/upstream-master
+
+  c) Resolve any conflicts.  Some common cases:
+
+     * If upstream changed a file that's deleted locally, we probably don't
+       need it
+     * If upstream added a file to a directory we deleted, we probably don't
+       need it
+
+  d) Confirm all changes
+
+      git diff aosp/master
+
+  e) Run the tests, commonly at least
+
+      cts -m CtsLibcoreTestCases
+      cts -m CtsLibcoreFileIOTestCases
+      cts -m CtsLibcoreJsr166TestCases
+      cts -m CtsLibcoreOjTestCases
+      cts -m CtsLibcoreOkHttpTestCases
+      cts -m CtsLibcoreWycheproofBCTestCases
+
+  e) Get the change reviewed
+
+      repo upload .
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
index 3119715..b3a39a9 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedData.java
@@ -320,20 +320,22 @@
         return HELPER.getAttributeCertificates(signedData.getCertificates());
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
-    //  * this SignedData structure.
-    //  *
-    //  * @param otherRevocationInfoFormat OID of the format type been looked for.
-    //  *
-    //  * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
-    //  */
-    // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
-    // {
-    //     return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    /**
+     * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
+     * this SignedData structure.
+     *
+     * @param otherRevocationInfoFormat OID of the format type been looked for.
+     *
+     * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
+     *
+    public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
+    {
+        return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Return the digest algorithm identifiers for the SignedData object
@@ -385,92 +387,94 @@
         return contentInfo.getEncoded();
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Verify all the SignerInformation objects and their associated counter signatures attached
-    //  * to this CMS SignedData object.
-    //  *
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @return true if all verify, false otherwise.
-    //  * @throws CMSException  if an exception occurs during the verification process.
-    //  */
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
-    //     throws CMSException
-    // {
-    //     return verifySignatures(verifierProvider, false);
-    // }
-    // 
-    // /**
-    //  * Verify all the SignerInformation objects and optionally their associated counter signatures attached
-    //  * to this CMS SignedData object.
-    //  *
-    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-    //  * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
-    //  * @return true if all verify, false otherwise.
-    //  * @throws CMSException  if an exception occurs during the verification process.
-    //  */
-    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
-    //     throws CMSException
-    // {
-    //     Collection signers = this.getSignerInfos().getSigners();
-    // 
-    //     for (Iterator it = signers.iterator(); it.hasNext();)
-    //     {
-    //         SignerInformation signer = (SignerInformation)it.next();
-    // 
-    //         try
-    //         {
-    //             SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
-    // 
-    //             if (!signer.verify(verifier))
-    //             {
-    //                 return false;
-    //             }
-    // 
-    //             if (!ignoreCounterSignatures)
-    //             {
-    //                 Collection counterSigners = signer.getCounterSignatures().getSigners();
-    // 
-    //                 for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //                 {
-    //                     if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //                     {
-    //                         return false;
-    //                     }
-    //                 }
-    //             }
-    //         }
-    //         catch (OperatorCreationException e)
-    //         {
-    //             throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
-    //         }
-    //     }
-    // 
-    //     return true;
-    // }
-    // 
-    // private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
-    //     throws OperatorCreationException, CMSException
-    // {
-    //     SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
-    // 
-    //     if (!counterSigner.verify(counterVerifier))
-    //     {
-    //         return false;
-    //     }
-    // 
-    //     Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
-    //     for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-    //     {
-    //         if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-    //         {
-    //             return false;
-    //         }
-    //     }
-    // 
-    //     return true;
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unknown reason
+    /*
+    /**
+     * Verify all the SignerInformation objects and their associated counter signatures attached
+     * to this CMS SignedData object.
+     *
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     * @return true if all verify, false otherwise.
+     * @throws CMSException  if an exception occurs during the verification process.
+     *
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
+        throws CMSException
+    {
+        return verifySignatures(verifierProvider, false);
+    }
+
+    /**
+     * Verify all the SignerInformation objects and optionally their associated counter signatures attached
+     * to this CMS SignedData object.
+     *
+     * @param verifierProvider  a provider of SignerInformationVerifier objects.
+     * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
+     * @return true if all verify, false otherwise.
+     * @throws CMSException  if an exception occurs during the verification process.
+     *
+    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
+        throws CMSException
+    {
+        Collection signers = this.getSignerInfos().getSigners();
+
+        for (Iterator it = signers.iterator(); it.hasNext();)
+        {
+            SignerInformation signer = (SignerInformation)it.next();
+
+            try
+            {
+                SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
+
+                if (!signer.verify(verifier))
+                {
+                    return false;
+                }
+
+                if (!ignoreCounterSignatures)
+                {
+                    Collection counterSigners = signer.getCounterSignatures().getSigners();
+
+                    for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+                    {
+                        if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+                        {
+                            return false;
+                        }
+                    }
+                }
+            }
+            catch (OperatorCreationException e)
+            {
+                throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
+            }
+        }
+
+        return true;
+    }
+
+    private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
+        throws OperatorCreationException, CMSException
+    {
+        SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
+
+        if (!counterSigner.verify(counterVerifier))
+        {
+            return false;
+        }
+
+        Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
+        for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
+        {
+            if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
+            {
+                return false;
+            }
+        }
+
+        return true;
+    }
+    */
+    // END Android-removed: Unknown reason
 
     /**
      * Replace the SignerInformation store associated with this
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
index f180c09..86d4321 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedGenerator.java
@@ -12,10 +12,9 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -41,21 +40,21 @@
     public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
     public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
     public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
     // public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
     // public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
     // public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
     public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
     public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
     // public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     private static final String  ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
     private static final String  ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId();
@@ -180,33 +179,35 @@
         certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore));
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  *
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
-    //  */
-    // public void addOtherRevocationInfo(
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    //     ASN1Encodable          otherRevocationInfo)
-    // {
-    //     crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
-    // }
-    //
-    // /**
-    //  * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
-    //  *
-    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-    //  * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
-    //  */
-    // public void addOtherRevocationInfo(
-    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-    //     Store                  otherRevocationInfos)
-    // {
-    //     crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    /**
+     * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
+     *
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
+     *
+    public void addOtherRevocationInfo(
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
+        ASN1Encodable          otherRevocationInfo)
+    {
+        crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
+    }
+
+    /**
+     * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
+     *
+     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
+     * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
+     *
+    public void addOtherRevocationInfo(
+        ASN1ObjectIdentifier   otherRevocationInfoFormat,
+        Store                  otherRevocationInfos)
+    {
+        crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     /**
      * Add a store of pre-calculated signers to the generator.
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
index 11a927c..34a5e5b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSSignedHelper.java
@@ -13,10 +13,9 @@
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -55,16 +54,16 @@
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -91,31 +90,33 @@
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA");
-        // BEGIN android-removed
-        // encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
-        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
-        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
-        //
-        // digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
-        // digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
+        encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
+        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
+
+        digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
+        digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
+        */
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
         // digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestAliases.put("SHA1", new String[] { "SHA-1" });
         digestAliases.put("SHA224", new String[] { "SHA-224" });
@@ -229,35 +230,39 @@
         return new CollectionStore(new ArrayList());
     }
 
-    // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
-    // {
-    //     if (crlSet != null)
-    //     {
-    //         List    crlList = new ArrayList(crlSet.size());
-    //
-    //         for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-    //         {
-    //             ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
-    //
-    //             if (obj instanceof ASN1TaggedObject)
-    //             {
-    //                 ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
-    //
-    //                 if (tObj.getTagNo() == 1)
-    //                 {
-    //                     OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
-    //
-    //                     if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
-    //                     {
-    //                         crlList.add(other.getInfo());
-    //                     }
-    //                 }
-    //             }
-    //         }
-    //
-    //         return new CollectionStore(crlList);
-    //     }
-    //
-    //     return new CollectionStore(new ArrayList());
-    // }
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
+    {
+        if (crlSet != null)
+        {
+            List    crlList = new ArrayList(crlSet.size());
+
+            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
+            {
+                ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
+
+                if (obj instanceof ASN1TaggedObject)
+                {
+                    ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
+
+                    if (tObj.getTagNo() == 1)
+                    {
+                        OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
+
+                        if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
+                        {
+                            crlList.add(other.getInfo());
+                        }
+                    }
+                }
+            }
+
+            return new CollectionStore(crlList);
+        }
+
+        return new CollectionStore(new ArrayList());
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 }
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
index 0cd1f5f..11c58b7 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/CMSUtils.java
@@ -23,13 +23,12 @@
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
 import org.bouncycastle.asn1.cms.ContentInfo;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
 // import org.bouncycastle.asn1.ocsp.OCSPResponse;
 // import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
 // import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 // import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.cert.X509AttributeCertificateHolder;
 import org.bouncycastle.cert.X509CRLHolder;
@@ -49,12 +48,12 @@
     {
         des.add("DES");
         des.add("DESEDE");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // des.add(OIWObjectIdentifiers.desCBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.des_EDE3_CBC.getId());
         // des.add(PKCSObjectIdentifiers.id_alg_CMS3DESwrap.getId());
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     static boolean isDES(String algorithmID)
@@ -164,7 +163,7 @@
 
                     crls.add(c.toASN1Structure());
                 }
-                // BEGIN android-removed
+                // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
                 // else if (rev instanceof OtherRevocationInfoFormat)
                 // {
                 //     OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
@@ -173,7 +172,7 @@
                 //
                 //     crls.add(new DERTaggedObject(false, 1, infoFormat));
                 // }
-                // END android-removed
+                // END Android-removed: OtherRevocationInfoFormat isn't supported
                 else if (rev instanceof ASN1TaggedObject)
                 {
                     crls.add(rev);
@@ -188,36 +187,39 @@
         }
     }
 
-    // BEGIN android-removed
-    // private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
-    // {
-    //     if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
-    //     {
-    //         OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
-    //
-    //         if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
-    //         {
-    //             throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
-    //         }
-    //     }
-    // }
-    //
-    // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
-    // {
-    //     List others = new ArrayList();
-    //
-    //     for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
-    //     {
-    //         ASN1Encodable info = (ASN1Encodable)it.next();
-    //         OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
-    //         validateInfoFormat(infoFormat);
-    //
-    //         others.add(new DERTaggedObject(false, 1, infoFormat));
-    //     }
-    //
-    //     return others;
-    // }
-    // END android-removed
+    // BEGIN Android-removed: OtherRevocationInfoFormat isn't supported
+    /*
+    private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
+    {
+        if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
+        {
+            OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
+
+            if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
+            {
+                throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
+            }
+        }
+    }
+
+    static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
+    {
+        List others = new ArrayList();
+
+        for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
+        {
+            ASN1Encodable info = (ASN1Encodable)it.next();
+            OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
+
+            validateInfoFormat(infoFormat);
+
+            others.add(new DERTaggedObject(false, 1, infoFormat));
+        }
+
+        return others;
+    }
+    */
+    // END Android-removed: OtherRevocationInfoFormat isn't supported
 
     static ASN1Set createBerSetFromList(List derObjects)
     {
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
index 2230c78..255efa5 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
@@ -4,10 +4,9 @@
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -36,16 +35,16 @@
         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
         // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
         // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
@@ -72,21 +71,21 @@
         addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1");
         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA");
         // addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa, "RSA");
         encryptionAlgs.put(PKCSObjectIdentifiers.id_RSASSA_PSS, "RSAandMGF1");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
         // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
         // encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410");
@@ -96,20 +95,20 @@
         //
         // digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2");
         // digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestAlgs.put(PKCSObjectIdentifiers.md5, "MD5");
         digestAlgs.put(OIWObjectIdentifiers.idSHA1, "SHA1");
         digestAlgs.put(NISTObjectIdentifiers.id_sha224, "SHA224");
         digestAlgs.put(NISTObjectIdentifiers.id_sha256, "SHA256");
         digestAlgs.put(NISTObjectIdentifiers.id_sha384, "SHA384");
         digestAlgs.put(NISTObjectIdentifiers.id_sha512, "SHA512");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
         // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
         // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411,  "GOST3411");
         // digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"),  "GOST3411");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     /**
diff --git a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
index 780d466..fb53743 100644
--- a/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
@@ -16,27 +16,29 @@
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
         // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
+        // BEGIN Android-added: Add support for SHA-2 family signatures
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // END Android-added: Add support for SHA-2 family signatures
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
         // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA);
         RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm)
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
index e369185..3607c9b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
@@ -5,11 +5,10 @@
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -29,20 +28,20 @@
         //
         // digests
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
         // digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(OIWObjectIdentifiers.sha1WithRSA, OIWObjectIdentifiers.idSHA1);
 
         digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
 
@@ -53,49 +52,45 @@
         digestOids.put(X9ObjectIdentifiers.ecdsa_with_SHA512, NISTObjectIdentifiers.id_sha512);
         digestOids.put(X9ObjectIdentifiers.id_dsa_with_sha1, OIWObjectIdentifiers.idSHA1);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, OIWObjectIdentifiers.idSHA1);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, NISTObjectIdentifiers.id_sha224);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, NISTObjectIdentifiers.id_sha256);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, NISTObjectIdentifiers.id_sha384);
         // digestOids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha224, NISTObjectIdentifiers.id_sha224);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha256, NISTObjectIdentifiers.id_sha256);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.id_sha384);
         digestOids.put(NISTObjectIdentifiers.dsa_with_sha512, NISTObjectIdentifiers.id_sha512);
 
-        // BEGIN android-removed
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        //
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
-        // digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
-        //
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-        //
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        //
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
-        // digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_dsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_224, NISTObjectIdentifiers.id_sha3_224);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_256, NISTObjectIdentifiers.id_sha3_256);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_384, NISTObjectIdentifiers.id_sha3_384);
+        digestOids.put(NISTObjectIdentifiers.id_ecdsa_with_sha3_512, NISTObjectIdentifiers.id_sha3_512);
+
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
+        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
+
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
+        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
+
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA3_512, NISTObjectIdentifiers.id_sha3_512);
+        digestOids.put(BCObjectIdentifiers.sphincs256_with_SHA512, NISTObjectIdentifiers.id_sha512);
+        */
+        // END Android-removed: Unsupported algorithms
 
 
         digestNameToOids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
@@ -103,38 +98,40 @@
         digestNameToOids.put("SHA-256", NISTObjectIdentifiers.id_sha256);
         digestNameToOids.put("SHA-384", NISTObjectIdentifiers.id_sha384);
         digestNameToOids.put("SHA-512", NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
-        // digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
-        // digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
-        //
-        // digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
-        // digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
-        // digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
-        // digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
-        // digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
-        // digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
-        // digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        digestNameToOids.put("SHA-512-224", NISTObjectIdentifiers.id_sha512_224);
+        digestNameToOids.put("SHA-512-256", NISTObjectIdentifiers.id_sha512_256);
 
-        // digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
-        // digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
-        // digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
-        // digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
-        //
-        // digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
-        // digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
-        //
-        // digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
-        //
-        // digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
-        // digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
-        // END android-removed
+        digestNameToOids.put("SHA1", OIWObjectIdentifiers.idSHA1);
+        digestNameToOids.put("SHA224", NISTObjectIdentifiers.id_sha224);
+        digestNameToOids.put("SHA256", NISTObjectIdentifiers.id_sha256);
+        digestNameToOids.put("SHA384", NISTObjectIdentifiers.id_sha384);
+        digestNameToOids.put("SHA512", NISTObjectIdentifiers.id_sha512);
+        digestNameToOids.put("SHA512-224", NISTObjectIdentifiers.id_sha512_224);
+        digestNameToOids.put("SHA512-256", NISTObjectIdentifiers.id_sha512_256);
+
+        digestNameToOids.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+        digestNameToOids.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        digestNameToOids.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        digestNameToOids.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+
+        digestNameToOids.put("SHAKE-128", NISTObjectIdentifiers.id_shake128);
+        digestNameToOids.put("SHAKE-256", NISTObjectIdentifiers.id_shake256);
+
+        digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
+
+        digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
+        digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         digestNameToOids.put("MD5", PKCSObjectIdentifiers.md5);
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestNameToOids.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // digestNameToOids.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // digestNameToOids.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
@@ -157,4 +154,4 @@
     {
         return new AlgorithmIdentifier((ASN1ObjectIdentifier)digestNameToOids.get(digAlgName), DERNull.INSTANCE);
     }
-}
+}
\ No newline at end of file
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
index d1976af..1c80fb4 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
@@ -9,13 +9,12 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -38,17 +37,17 @@
     private static final ASN1ObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1;
     private static final ASN1ObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1;
     private static final ASN1ObjectIdentifier ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS;
-    // BEGIN android-removed
+    // BEGIN Android-removed: Unsupported algorithms
     // private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
     // private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-    // END android-removed
+    // END Android-removed: Unsupported algorithms
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
         // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
@@ -66,14 +65,14 @@
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -87,27 +86,29 @@
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
 
-        // BEGIN android-removed
-        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-        // algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-        // algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-        // algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-        // algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-        // algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-        // algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-        // algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-        // algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-        // algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-        // algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-        // algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
-        // algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
-        // algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+        algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+        algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+        algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+        algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+        algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+        algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+        algorithms.put("SHA224WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+        algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+        algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+        algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+        algorithms.put("SHA3-512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        algorithms.put("SHA512WITHSPHINCS256", BCObjectIdentifiers.sphincs256_with_SHA512);
+        algorithms.put("SM3WITHSM2", GMObjectIdentifiers.sm2sign_with_sm3);
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
@@ -124,23 +125,26 @@
         noParams.add(NISTObjectIdentifiers.dsa_with_sha384);
         noParams.add(NISTObjectIdentifiers.dsa_with_sha512);
 
-        // BEGIN Android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
         //
         // RFC 4491
         //
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
+        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
+
         //
         // SPHINCS-256
         //
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
-        // noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA512);
+        noParams.add(BCObjectIdentifiers.sphincs256_with_SHA3_512);
 
         //
         // SM2
         //
-        // noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
-        // END android-removed
+        noParams.add(GMObjectIdentifiers.sm2sign_with_sm3);
+        */
+        // END Android-removed: Unsupported algorithms
 
         //
         // PKCS 1.5 encrypted  algorithms
@@ -150,11 +154,11 @@
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // explicit params
@@ -181,19 +185,19 @@
         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
         // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
         // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
         // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     private static AlgorithmIdentifier generate(String signatureAlgorithm)
@@ -256,4 +260,4 @@
     {
         return generate(sigAlgName);
     }
-}
+}
\ No newline at end of file
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
index 74c0aa2..30d6e6f 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
@@ -4,33 +4,29 @@
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.ExtendedDigest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.GOST3411Digest;
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.MD5Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.SHA224Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA3Digest;
-// END android-removed
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.operator.OperatorCreationException;
 
@@ -78,85 +74,87 @@
                 return new SHA512Digest();
             }
         });
-        // BEGIN android-removed
-        // table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(224);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(256);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(384);
-        //     }
-        // });
-        // table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new SHA3Digest(512);
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD5Digest();
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD4Digest();
-        //     }
-        // });
-        // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new MD2Digest();
-        //     }
-        // });
-        // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new GOST3411Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD128Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD160Digest();
-        //     }
-        // });
-        // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
-        // {
-        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-        //     {
-        //         return new RIPEMD256Digest();
-        //     }
-        // });
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        table.put(NISTObjectIdentifiers.id_sha3_224, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(224);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_256, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(256);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_384, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(384);
+            }
+        });
+        table.put(NISTObjectIdentifiers.id_sha3_512, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new SHA3Digest(512);
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md5, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD5Digest();
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD4Digest();
+            }
+        });
+        table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new MD2Digest();
+            }
+        });
+        table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new GOST3411Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD128Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD160Digest();
+            }
+        });
+        table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
+        {
+            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
+            {
+                return new RIPEMD256Digest();
+            }
+        });
+        */
+        // END Android-removed: Unsupported algorithms
 
         return Collections.unmodifiableMap(table);
     }
diff --git a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
index 8ac72ea..a06792b 100644
--- a/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
+++ b/bcpkix/src/main/java/org/bouncycastle/operator/jcajce/OperatorHelper.java
@@ -25,11 +25,10 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
@@ -65,7 +64,7 @@
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
         // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
@@ -79,12 +78,12 @@
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
         // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
index d883a73..0225e6e 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
@@ -80,7 +80,7 @@
         return (value != 0 ? TRUE : FALSE);
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Unknown reason
     /**
      * return a ASN1Boolean from the passed in array.
      */
@@ -90,7 +90,7 @@
         return (octets[0] != 0) ? TRUE : FALSE;
     }
 
-    // END android-added
+    // END Android-added: Unknown reason
     /**
      * return a Boolean from a tagged object.
      *
@@ -117,9 +117,7 @@
         }
     }
 
-    // BEGIN android-changed
-    protected ASN1Boolean(
-    // END android-changed
+    ASN1Boolean(
         byte[] value)
     {
         if (value.length != 1)
@@ -145,10 +143,9 @@
      * @deprecated use getInstance(boolean) method.
      * @param value true or false.
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected
     protected ASN1Boolean(
         boolean     value)
-    // END android-changed
     {
         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
index 0e2be64..6040676 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java
@@ -3,6 +3,7 @@
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -110,10 +111,9 @@
     public ASN1GeneralizedTime(
         Date time)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -131,11 +131,11 @@
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(Locale.US));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -260,17 +260,15 @@
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS'Z'", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -280,17 +278,15 @@
             d = this.getTime();
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSSz", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
@@ -299,17 +295,15 @@
         {
             if (hasFractionalSeconds())
             {
-                // BEGIN android-changed
+                // Android-changed: Use localized version
                 // dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss.SSS", Locale.US);
-                // END android-changed
             }
             else
             {
-                // BEGIN android-changed
-                // Was: dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+                // Android-changed: Use localized version
+                // dateF = new SimpleDateFormat("yyyyMMddHHmmss");
                 dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-                // END android-changed
             }
 
             dateF.setTimeZone(new SimpleTimeZone(0, TimeZone.getDefault().getID()));
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
index f1098e7..f39d120 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1Null.java
@@ -8,12 +8,6 @@
 public abstract class ASN1Null
     extends ASN1Primitive
 {
-    // BEGIN android-added
-    /*package*/ ASN1Null()
-    {
-    }
-
-    // END android-added
     /**
      * Return an instance of ASN.1 NULL from the passed in object.
      * <p>
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
index 50b8a49..bdfec4f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -155,13 +155,8 @@
             }
         }
 
-        // BEGIN android-changed
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
         this.identifier = objId.toString().intern();
-        // END android-changed
         this.body = Arrays.clone(bytes);
     }
 
@@ -182,13 +177,8 @@
             throw new IllegalArgumentException("string " + identifier + " not an OID");
         }
 
-        // BEGIN android-changed
-        /*
-         * Intern the identifier so there aren't hundreds of duplicates
-         * (in practice).
-         */
+        // Android-changed: Intern the identifier so there aren't hundreds of duplicates in practice.
         this.identifier = identifier.intern();
-        // END android-changed
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
index 41ce817..446af77 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/ASN1UTCTime.java
@@ -3,6 +3,7 @@
 import java.io.IOException;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -124,10 +125,9 @@
     public ASN1UTCTime(
         Date time)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -145,11 +145,11 @@
         Date time,
         Locale locale)
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", locale);
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmss'Z'", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(new SimpleTimeZone(0,"Z"));
 
@@ -172,10 +172,9 @@
     public Date getDate()
         throws ParseException
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         return dateF.parse(getTime());
     }
@@ -190,10 +189,9 @@
     public Date getAdjustedDate()
         throws ParseException
     {
-        // BEGIN android-changed
-        // Was: SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
+        // Android-changed: Use localized version
+        // SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz");
         SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmssz", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java b/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
index 7df2acf..3a86b1d 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/DERNull.java
@@ -15,9 +15,8 @@
     /**
      * @deprecated use DERNull.INSTANCE
      */
-    // BEGIN android-changed
+    // Android-changed: Reduce visibility to protected.
     protected DERNull()
-    // END android-changed
     {
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
index 59e96e8..1fc8ab0 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/StreamUtil.java
@@ -8,9 +8,8 @@
 
 class StreamUtil
 {
-    // BEGIN android-removed
+    // Android-removed: Check max memory at runtime
     // private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-    // END android-removed
 
     /**
      * Find out possible longest length...
@@ -50,7 +49,7 @@
             }
         }
 
-        // BEGIN android-changed
+        // BEGIN Android-changed: Check max memory at runtime
         long maxMemory = Runtime.getRuntime().maxMemory();
         if (maxMemory > Integer.MAX_VALUE)
         {
@@ -58,7 +57,7 @@
         }
 
         return (int) maxMemory;
-        // END android-changed
+        // END Android-changed: Check max memory at runtime
     }
 
     static int calculateBodyLength(
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
index a4f3f3b..f43f9fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/bc/BCObjectIdentifiers.java
@@ -72,23 +72,25 @@
      */
     public static final ASN1ObjectIdentifier bc_sig        = bc.branch("2");
 
-    // BEGIN android-removed
-    // /**
-    //  * Sphincs-256
-    //  */
-    // public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
-    // public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * Sphincs-256
+     *
+    public static final ASN1ObjectIdentifier sphincs256                      = bc_sig.branch("1");
+    public static final ASN1ObjectIdentifier sphincs256_with_BLAKE512        = sphincs256.branch("1");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA512          = sphincs256.branch("2");
+    public static final ASN1ObjectIdentifier sphincs256_with_SHA3_512        = sphincs256.branch("3");
 
-    // /**
-    //  * key_exchange(3) algorithms
-    //  */
-    // public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
+    /**
+     * key_exchange(3) algorithms
+     *
+    public static final ASN1ObjectIdentifier bc_exch = bc.branch("3");
 
-    // /**
-    //  * NewHope
-    //  */
-    // public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
-    // END android-removed
+    /**
+     * NewHope
+     *
+    public static final ASN1ObjectIdentifier newHope = bc_exch.branch("1");
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
index 1592c75..2e8e039 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/ContentInfo.java
@@ -28,9 +28,7 @@
  */
 public class ContentInfo
     extends ASN1Object
-    // BEGIN android-removed
-    // implements CMSObjectIdentifiers
-    // END android-removed
+    implements CMSObjectIdentifiers
 {
     private ASN1ObjectIdentifier contentType;
     private ASN1Encodable        content;
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
index ed9a6c0..a6f8d8f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/cms/Time.java
@@ -2,6 +2,7 @@
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -71,10 +72,9 @@
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -105,11 +105,11 @@
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
-        // END android-changed
+        // END Android-changed: Use localized version
 
         dateF.setTimeZone(tz);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
index 75df2aa..48d0320 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
@@ -13,12 +13,14 @@
     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
     /** PKCS#1: 1.2.840.113549.1.1.1 */
     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
-    // BEGIN android-removed
-    // /** PKCS#1: 1.2.840.113549.1.1.2 */
-    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-    // /** PKCS#1: 1.2.840.113549.1.1.3 */
-    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
-    // END android-removed
+    // BEGIN Android-removed: MD2 and MD4 are unsupported
+    /*
+    /** PKCS#1: 1.2.840.113549.1.1.2 *
+    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
+    /** PKCS#1: 1.2.840.113549.1.1.3 *
+    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
+    */
+    // END Android-removed: MD2 and MD4 are unsupported
     /** PKCS#1: 1.2.840.113549.1.1.4 */
     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
     /** PKCS#1: 1.2.840.113549.1.1.5 */
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
index 20f6ea3..dcde303 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
@@ -14,9 +14,9 @@
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.digests.SHA1Digest;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 
 /**
  * The AuthorityKeyIdentifier object.
@@ -108,9 +108,9 @@
     public AuthorityKeyIdentifier(
         SubjectPublicKeyInfo    spki)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
@@ -129,9 +129,9 @@
         GeneralNames            name,
         BigInteger              serialNumber)
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // Digest  digest = new SHA1Digest();
         Digest  digest = AndroidDigestFactory.getSHA1();
-        // END android-changed
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
         byte[] bytes = spki.getPublicKeyData().getBytes();
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
index 989de4c..a99dddf 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/Time.java
@@ -2,6 +2,7 @@
 
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
+// Android-added: Localization support
 import java.util.Calendar;
 import java.util.Date;
 import java.util.Locale;
@@ -52,10 +53,9 @@
         Date    time)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
+        // Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss");
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
-        // END android-changed
 
         dateF.setTimeZone(tz);
 
@@ -86,8 +86,8 @@
         Locale locale)
     {
         SimpleTimeZone      tz = new SimpleTimeZone(0, "Z");
-        // BEGIN android-changed
-        // Was: SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
+        // BEGIN Android-changed: Use localized version
+        // SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", locale);
         SimpleDateFormat    dateF = new SimpleDateFormat("yyyyMMddHHmmss", Locale.US);
         dateF.setCalendar(Calendar.getInstance(locale));
         // END android-changed
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
index 0c372f7..fafb68f 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509Name.java
@@ -255,10 +255,10 @@
      */
     public static final Hashtable SymbolLookUp = DefaultLookUp;
 
-    // BEGIN android-changed
+    // BEGIN Android-changed: Use Boolean class constants instead of Boolean constructor
     private static final Boolean TRUE = Boolean.TRUE;
     private static final Boolean FALSE = Boolean.FALSE;
-    // END android-changed
+    // END Android-changed: Use Boolean class constants instead of Boolean constructor
 
     static
     {
@@ -448,9 +448,7 @@
                            throw new IllegalArgumentException("cannot encode value");
                        }
                    }
-                   // BEGIN android-changed
-                   added.addElement(Boolean.valueOf(i != 0));
-                   // END android-changed
+                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
             }
         }
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
index 454f322..b1b1416 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x509/X509NameTokenizer.java
@@ -78,8 +78,10 @@
                 }
                 else
                 {
-                    // BEGIN android-added
-                    // copied from a newer version of BouncyCastle
+                    // BEGIN Android-added: Unknown reason
+                    // This was previously marked with the comment "copied from a newer version
+                    // of BouncyCastle", but I couldn't find any evidence that it ever was included
+                    // in any version of BC
                     if (c == '#' && buf.charAt(buf.length() - 1) == '=')
                     {
                         buf.append('\\');
@@ -88,7 +90,7 @@
                     {
                         buf.append('\\');
                     }
-                    // END android-added
+                    // END Android-added: Unknown reason
                     buf.append(c);
                 }
             }
diff --git a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
index 5abcca9..0fc8737 100644
--- a/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
+++ b/bcprov/src/main/java/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
@@ -4,15 +4,13 @@
 import java.util.Vector;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported curves
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 
 /**
  * A general class that reads all X9.62 style EC curve tables.
@@ -41,17 +39,19 @@
             ecP = NISTNamedCurves.getByName(name);
         }
 
-        // BEGIN android-removed
-        // if (ecP == null)
-        // {
-        //     ecP = TeleTrusTNamedCurves.getByName(name);
-        // }
-        //
-        // if (ecP == null)
-        // {
-        //     ecP = ANSSINamedCurves.getByName(name);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (ecP == null)
+        {
+            ecP = TeleTrusTNamedCurves.getByName(name);
+        }
+
+        if (ecP == null)
+        {
+            ecP = ANSSINamedCurves.getByName(name);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -77,17 +77,19 @@
             oid = NISTNamedCurves.getOID(name);
         }
 
-        // BEGIN android-removed
-        // if (oid == null)
-        // {
-        //     oid = TeleTrusTNamedCurves.getOID(name);
-        // }
-        //
-        // if (oid == null)
-        // {
-        //     oid = ANSSINamedCurves.getOID(name);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (oid == null)
+        {
+            oid = TeleTrusTNamedCurves.getOID(name);
+        }
+
+        if (oid == null)
+        {
+            oid = ANSSINamedCurves.getOID(name);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return oid;
     }
@@ -109,24 +111,28 @@
             name = SECNamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
-        // if (name == null)
-        // {
-        //     name = TeleTrusTNamedCurves.getName(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (name == null)
+        {
+            name = TeleTrusTNamedCurves.getName(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         if (name == null)
         {
             name = X962NamedCurves.getName(oid);
         }
 
-        // BEGIN android-removed
-        // if (name == null)
-        // {
-        //    name = ECGOST3410NamedCurves.getName(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (name == null)
+        {
+            name = ECGOST3410NamedCurves.getName(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return name;
     }
@@ -150,17 +156,19 @@
 
         // NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup
 
-        // BEGIN android-removed
-        // if (ecP == null)
-        // {
-        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
-        // }
-        //
-        // if (ecP == null)
-        // {
-        //     ecP = ANSSINamedCurves.getByOID(oid);
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        if (ecP == null)
+        {
+            ecP = TeleTrusTNamedCurves.getByOID(oid);
+        }
+
+        if (ecP == null)
+        {
+            ecP = ANSSINamedCurves.getByOID(oid);
+        }
+        */
+        // END Android-removed: Unsupported curves
 
         return ecP;
     }
@@ -177,10 +185,10 @@
         addEnumeration(v, X962NamedCurves.getNames());
         addEnumeration(v, SECNamedCurves.getNames());
         addEnumeration(v, NISTNamedCurves.getNames());
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // addEnumeration(v, TeleTrusTNamedCurves.getNames());
         // addEnumeration(v, ANSSINamedCurves.getNames());
-        // END android-removed
+        // END Android-removed: Unsupported curves
 
         return v.elements();
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
index cab9ca6..c8f0775 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
@@ -16,6 +16,9 @@
 
 package org.bouncycastle.crypto.digests;
 
+import java.security.Security;
+import java.util.Locale;
+
 import org.bouncycastle.crypto.Digest;
 
 /**
@@ -23,65 +26,84 @@
  * for libcore but fallback to BouncyCastle ones on the RI.
  */
 public final class AndroidDigestFactory {
-    private static final String OpenSSLFactoryClassName
-            = AndroidDigestFactory.class.getName() + "OpenSSL";
-    private static final String BouncyCastleFactoryClassName
-            = AndroidDigestFactory.class.getName() + "BouncyCastle";
+    private static final AndroidDigestFactoryInterface CONSCRYPT;
+    private static final AndroidDigestFactoryInterface BC;
 
-    private static final AndroidDigestFactoryInterface FACTORY;
     static {
-        Class factoryImplementationClass;
-        try {
-            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
-            // Double check for NativeCrypto in case we are running on RI for testing
-            Class.forName("com.android.org.conscrypt.NativeCrypto");
-        } catch (ClassNotFoundException e1) {
-            try {
-                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
-            } catch (ClassNotFoundException e2) {
-                AssertionError e = new AssertionError("Failed to load "
-                                         + "AndroidDigestFactoryInterface "
-                                         + "implementation. Looked for "
-                                         + OpenSSLFactoryClassName + " and "
-                                         + BouncyCastleFactoryClassName);
-                e.initCause(e1);
-                throw e;
+        BC = new AndroidDigestFactoryBouncyCastle();
+        if (Security.getProvider("AndroidOpenSSL") != null) {
+            CONSCRYPT = new AndroidDigestFactoryOpenSSL();
+        } else {
+            if (System.getProperty("java.vendor", "").toLowerCase(Locale.US).contains("android")) {
+                throw new AssertionError("Provider AndroidOpenSSL must exist");
             }
-        }
-        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
-            throw new AssertionError(factoryImplementationClass
-                                     + "does not implement AndroidDigestFactoryInterface");
-        }
-        try {
-            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
-        } catch (InstantiationException e) {
-            throw new AssertionError(e);
-        } catch (IllegalAccessException e) {
-            throw new AssertionError(e);
+            CONSCRYPT = null;
         }
     }
 
     public static Digest getMD5() {
-        return FACTORY.getMD5();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getMD5();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getMD5();
     }
 
     public static Digest getSHA1() {
-        return FACTORY.getSHA1();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA1();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA1();
     }
 
     public static Digest getSHA224() {
-        return FACTORY.getSHA224();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA224();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA224();
     }
 
     public static Digest getSHA256() {
-        return FACTORY.getSHA256();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA256();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA256();
     }
 
     public static Digest getSHA384() {
-        return FACTORY.getSHA384();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA384();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA384();
     }
 
     public static Digest getSHA512() {
-        return FACTORY.getSHA512();
+        if (CONSCRYPT != null) {
+            try {
+                return CONSCRYPT.getSHA512();
+            } catch (Exception ignored) {
+            }
+        }
+
+        return BC.getSHA512();
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
index e3c596d..2c23bed 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/ec/CustomNamedCurves.java
@@ -64,110 +64,112 @@
         return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
     }
 
-    // BEGIN android-removed
-    // /*
-    //  * curve25519
-    //  */
-    // static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
-    // {
-    //    protected X9ECParameters createParameters()
-    //    {
-    //        byte[] S = null;
-    //        ECCurve curve = configureCurve(new Curve25519());
-    //
-    //        /*
-    //         * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
-    //         * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
-    //         * 
-    //         * The Curve25519 paper doesn't say which of the two possible y values the base
-    //         * point has. The choice here is guided by language in the Ed25519 paper.
-    //         * 
-    //         * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
-    //         */
-    //        X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //            + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
-    //            + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
-    //
-    //        return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //    }
-    // };
-    //
-    // /*
-    //  * secp128r1
-    //  */
-    // static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
-    //         ECCurve curve = configureCurve(new SecP128R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "161FF7528B899B2D0C28607CA52C5B86"
-    //             + "CF5AC8395BAFEB13C02DA292DDED7A83"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160k1
-    //  */
-    // static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         GLVTypeBParameters glv = new GLVTypeBParameters(
-    //             new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
-    //             new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
-    //             new BigInteger[]{
-    //                 new BigInteger("9162fbe73984472a0a9e", 16),
-    //                 new BigInteger("-96341f1138933bc2f505", 16) },
-    //             new BigInteger[]{
-    //                 new BigInteger("127971af8721782ecffa3", 16),
-    //                 new BigInteger("9162fbe73984472a0a9e", 16) },
-    //             new BigInteger("9162fbe73984472a0a9d0590", 16),
-    //             new BigInteger("96341f1138933bc2f503fd44", 16),
-    //             176);
-    //         ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
-    //             + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160r1
-    //  */
-    // static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
-    //         ECCurve curve = configureCurve(new SecP160R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "4A96B5688EF573284664698968C38BB913CBFC82"
-    //             + "23A628553168947D59DCC912042351377AC5FB32"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    //
-    // /*
-    //  * secp160r2
-    //  */
-    // static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
-    //         ECCurve curve = configureCurve(new SecP160R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
-    //             + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    // END android-removed
+    // BEGIN Android-removed: Unsupported curves
+    /*
+    /*
+     * curve25519
+     *
+    static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new Curve25519());
+
+            /*
+             * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
+             * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
+             * 
+             * The Curve25519 paper doesn't say which of the two possible y values the base
+             * point has. The choice here is guided by language in the Ed25519 paper.
+             * 
+             * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
+             *
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
+                + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
+
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp128r1
+     *
+    static X9ECParametersHolder secp128r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("000E0D4D696E6768756151750CC03A4473D03679");
+            ECCurve curve = configureCurve(new SecP128R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "161FF7528B899B2D0C28607CA52C5B86"
+                + "CF5AC8395BAFEB13C02DA292DDED7A83"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160k1
+     *
+    static X9ECParametersHolder secp160k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            GLVTypeBParameters glv = new GLVTypeBParameters(
+                new BigInteger("9ba48cba5ebcb9b6bd33b92830b2a2e0e192f10a", 16),
+                new BigInteger("c39c6c3b3a36d7701b9c71a1f5804ae5d0003f4", 16),
+                new BigInteger[]{
+                    new BigInteger("9162fbe73984472a0a9e", 16),
+                    new BigInteger("-96341f1138933bc2f505", 16) },
+                new BigInteger[]{
+                    new BigInteger("127971af8721782ecffa3", 16),
+                    new BigInteger("9162fbe73984472a0a9e", 16) },
+                new BigInteger("9162fbe73984472a0a9d0590", 16),
+                new BigInteger("96341f1138933bc2f503fd44", 16),
+                176);
+            ECCurve curve = configureCurveGLV(new SecP160K1Curve(), glv);
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB"
+                + "938CF935318FDCED6BC28286531733C3F03C4FEE"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160r1
+     *
+    static X9ECParametersHolder secp160r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("1053CDE42C14D696E67687561517533BF3F83345");
+            ECCurve curve = configureCurve(new SecP160R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "4A96B5688EF573284664698968C38BB913CBFC82"
+                + "23A628553168947D59DCC912042351377AC5FB32"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+
+    /*
+     * secp160r2
+     *
+    static X9ECParametersHolder secp160r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("B99B99B099B323E02709A4D696E6768756151751");
+            ECCurve curve = configureCurve(new SecP160R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "52DCB034293A117E1F4FF11B30F7199D3144CE6D"
+                + "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     /*
      * secp192k1
@@ -333,295 +335,297 @@
         }
     };
 
-    // BEGIN android-removed
-    // /*
-    //  * sect113r1
-    //  */
-    // static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
-    //         ECCurve curve = configureCurve(new SecT113R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "009D73616F35F4AB1407D73562C10F"
-    //             + "00A52830277958EE84D1315ED31886"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    // BEGIN Android-removed: Unsupported curves
+    /*
+    /*
+     * sect113r1
+     *
+    static X9ECParametersHolder sect113r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10E723AB14D696E6768756151756FEBF8FCB49A9");
+            ECCurve curve = configureCurve(new SecT113R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "009D73616F35F4AB1407D73562C10F"
+                + "00A52830277958EE84D1315ED31886"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect113r2
-    //  */
-    // static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
-    //         ECCurve curve = configureCurve(new SecT113R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01A57A6A7B26CA5EF52FCDB8164797"
-    //             + "00B3ADC94ED1FE674C06E695BABA1D"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect113r2
+     *
+    static X9ECParametersHolder sect113r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10C0FB15760860DEF1EEF4D696E676875615175D");
+            ECCurve curve = configureCurve(new SecT113R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "01A57A6A7B26CA5EF52FCDB8164797"
+                + "00B3ADC94ED1FE674C06E695BABA1D"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect131r1
-    //  */
-    // static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
-    //         ECCurve curve = configureCurve(new SecT131R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0081BAF91FDF9833C40F9C181343638399"
-    //             + "078C6E7EA38C001F73C8134B1B4EF9E150"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect131r1
+     *
+    static X9ECParametersHolder sect131r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("4D696E676875615175985BD3ADBADA21B43A97E2");
+            ECCurve curve = configureCurve(new SecT131R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0081BAF91FDF9833C40F9C181343638399"
+                + "078C6E7EA38C001F73C8134B1B4EF9E150"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect131r2
-    //  */
-    // static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
-    //         ECCurve curve = configureCurve(new SecT131R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0356DCD8F2F95031AD652D23951BB366A8"
-    //             + "0648F06D867940A5366D9E265DE9EB240F"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect131r2
+     *
+    static X9ECParametersHolder sect131r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("985BD3ADBAD4D696E676875615175A21B43A97E3");
+            ECCurve curve = configureCurve(new SecT131R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0356DCD8F2F95031AD652D23951BB366A8"
+                + "0648F06D867940A5366D9E265DE9EB240F"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163k1
-    //  */
-    // static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT163K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
-    //             + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163k1
+     *
+    static X9ECParametersHolder sect163k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT163K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8"
+                + "0289070FB05D38FF58321F2E800536D538CCDAA3D9"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163r1
-    //  */
-    // static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
-    //         ECCurve curve = configureCurve(new SecT163R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0369979697AB43897789566789567F787A7876A654"
-    //             + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163r1
+     *
+    static X9ECParametersHolder sect163r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("24B7B137C8A14D696E6768756151756FD0DA2E5C");
+            ECCurve curve = configureCurve(new SecT163R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0369979697AB43897789566789567F787A7876A654"
+                + "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect163r2
-    //  */
-    // static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
-    //         ECCurve curve = configureCurve(new SecT163R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
-    //             + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect163r2
+     *
+    static X9ECParametersHolder sect163r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("85E25BFE5C86226CDB12016F7553F9D0E693A268");
+            ECCurve curve = configureCurve(new SecT163R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "03F0EBA16286A2D57EA0991168D4994637E8343E36"
+                + "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect193r1
-    //  */
-    // static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
-    //         ECCurve curve = configureCurve(new SecT193R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
-    //             + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect193r1
+     *
+    static X9ECParametersHolder sect193r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("103FAEC74D696E676875615175777FC5B191EF30");
+            ECCurve curve = configureCurve(new SecT193R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1"
+                + "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect193r2
-    //  */
-    // static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
-    //         ECCurve curve = configureCurve(new SecT193R2Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
-    //             + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect193r2
+     *
+    static X9ECParametersHolder sect193r2 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("10B7B4D696E676875615175137C8A16FD0DA2211");
+            ECCurve curve = configureCurve(new SecT193R2Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F"
+                + "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect233k1
-    //  */
-    // static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT233K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
-    //             + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect233k1
+     *
+    static X9ECParametersHolder sect233k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT233K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126"
+                + "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect233r1
-    //  */
-    // static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
-    //         ECCurve curve = configureCurve(new SecT233R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
-    //             + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect233r1
+     *
+    static X9ECParametersHolder sect233r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("74D59FF07F6B413D0EA14B344B20A2DB049B50C3");
+            ECCurve curve = configureCurve(new SecT233R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B"
+                + "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect239k1
-    //  */
-    // static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT239K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
-    //             + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect239k1
+     *
+    static X9ECParametersHolder sect239k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT239K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC"
+                + "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect283k1
-    //  */
-    // static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT283K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
-    //             + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect283k1
+     *
+    static X9ECParametersHolder sect283k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT283K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836"
+                + "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect283r1
-    //  */
-    // static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
-    //         ECCurve curve = configureCurve(new SecT283R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
-    //             + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect283r1
+     *
+    static X9ECParametersHolder sect283r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("77E2B07370EB0F832A6DD5B62DFC88CD06BB84BE");
+            ECCurve curve = configureCurve(new SecT283R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053"
+                + "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect409k1
-    //  */
-    // static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT409K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
-    //             + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect409k1
+     *
+    static X9ECParametersHolder sect409k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT409K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746"
+                + "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect409r1
-    //  */
-    // static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
-    //         ECCurve curve = configureCurve(new SecT409R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
-    //             + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect409r1
+     *
+    static X9ECParametersHolder sect409r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("4099B5A457F9D69F79213D094C4BCD4D4262210B");
+            ECCurve curve = configureCurve(new SecT409R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7"
+                + "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect571k1
-    //  */
-    // static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = null;
-    //         ECCurve curve = configureCurve(new SecT571K1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
-    //             + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
+    /*
+     * sect571k1
+     *
+    static X9ECParametersHolder sect571k1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = null;
+            ECCurve curve = configureCurve(new SecT571K1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972"
+                + "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
 
-    // /*
-    //  * sect571r1
-    //  */
-    // static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
-    // {
-    //     protected X9ECParameters createParameters()
-    //     {
-    //         byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
-    //         ECCurve curve = configureCurve(new SecT571R1Curve());
-    //         X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
-    //             + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
-    //             + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
-    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-    //     }
-    // };
-    // END android-removed
+    /*
+     * sect571r1
+     *
+    static X9ECParametersHolder sect571r1 = new X9ECParametersHolder()
+    {
+        protected X9ECParameters createParameters()
+        {
+            byte[] S = Hex.decode("2AA058F73A0E33AB486B0F610410C53A7F132310");
+            ECCurve curve = configureCurve(new SecT571R1Curve());
+            X9ECPoint G = new X9ECPoint(curve, Hex.decode("04"
+                + "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19"
+                + "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B"));
+            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
+        }
+    };
+    */
+    // END Android-removed: Unsupported curves
 
     
     static final Hashtable nameToCurve = new Hashtable();
@@ -662,21 +666,19 @@
 
     static
     {
-        // BEGIN android-removed
-        // defineCurve("curve25519", curve25519);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        defineCurve("curve25519", curve25519);
 
 //        defineCurveWithOID("secp112r1", SECObjectIdentifiers.secp112r1, secp112r1);
 //        defineCurveWithOID("secp112r2", SECObjectIdentifiers.secp112r2, secp112r2);
-        // BEGIN android-removed
-        // defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
-        // END android-removed
+        defineCurveWithOID("secp128r1", SECObjectIdentifiers.secp128r1, secp128r1);
 //        defineCurveWithOID("secp128r2", SECObjectIdentifiers.secp128r2, secp128r2);
-        // BEGIN android-removed
-        // defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
-        // defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
-        // defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
-        // END android-removed
+        defineCurveWithOID("secp160k1", SECObjectIdentifiers.secp160k1, secp160k1);
+        defineCurveWithOID("secp160r1", SECObjectIdentifiers.secp160r1, secp160r1);
+        defineCurveWithOID("secp160r2", SECObjectIdentifiers.secp160r2, secp160r2);
+        */
+        // END Android-removed: Unsupported curves
         defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
         defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
         defineCurveWithOID("secp224k1", SECObjectIdentifiers.secp224k1, secp224k1);
@@ -686,38 +688,40 @@
         defineCurveWithOID("secp384r1", SECObjectIdentifiers.secp384r1, secp384r1);
         defineCurveWithOID("secp521r1", SECObjectIdentifiers.secp521r1, secp521r1);
 
-        // BEGIN android-removed
-        // defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
-        // defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
-        // defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
-        // defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
-        // defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
-        // defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
-        // defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
-        // defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
-        // defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
-        // defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
-        // defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
-        // defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
-        // defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
-        // defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
-        // defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
-        // defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
-        // defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
-        // defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
+        // BEGIN Android-removed: Unsupported curves
+        /*
+        defineCurveWithOID("sect113r1", SECObjectIdentifiers.sect113r1, sect113r1);
+        defineCurveWithOID("sect113r2", SECObjectIdentifiers.sect113r2, sect113r2);
+        defineCurveWithOID("sect131r1", SECObjectIdentifiers.sect131r1, sect131r1);
+        defineCurveWithOID("sect131r2", SECObjectIdentifiers.sect131r2, sect131r2);
+        defineCurveWithOID("sect163k1", SECObjectIdentifiers.sect163k1, sect163k1);
+        defineCurveWithOID("sect163r1", SECObjectIdentifiers.sect163r1, sect163r1);
+        defineCurveWithOID("sect163r2", SECObjectIdentifiers.sect163r2, sect163r2);
+        defineCurveWithOID("sect193r1", SECObjectIdentifiers.sect193r1, sect193r1);
+        defineCurveWithOID("sect193r2", SECObjectIdentifiers.sect193r2, sect193r2);
+        defineCurveWithOID("sect233k1", SECObjectIdentifiers.sect233k1, sect233k1);
+        defineCurveWithOID("sect233r1", SECObjectIdentifiers.sect233r1, sect233r1);
+        defineCurveWithOID("sect239k1", SECObjectIdentifiers.sect239k1, sect239k1);
+        defineCurveWithOID("sect283k1", SECObjectIdentifiers.sect283k1, sect283k1);
+        defineCurveWithOID("sect283r1", SECObjectIdentifiers.sect283r1, sect283r1);
+        defineCurveWithOID("sect409k1", SECObjectIdentifiers.sect409k1, sect409k1);
+        defineCurveWithOID("sect409r1", SECObjectIdentifiers.sect409r1, sect409r1);
+        defineCurveWithOID("sect571k1", SECObjectIdentifiers.sect571k1, sect571k1);
+        defineCurveWithOID("sect571r1", SECObjectIdentifiers.sect571r1, sect571r1);
 
-        // defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
-        // defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
-        // defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
-        // defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
-        // defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
+        defineCurveAlias("B-163", SECObjectIdentifiers.sect163r2);
+        defineCurveAlias("B-233", SECObjectIdentifiers.sect233r1);
+        defineCurveAlias("B-283", SECObjectIdentifiers.sect283r1);
+        defineCurveAlias("B-409", SECObjectIdentifiers.sect409r1);
+        defineCurveAlias("B-571", SECObjectIdentifiers.sect571r1);
 
-        // defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
-        // defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
-        // defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
-        // defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
-        // defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
-        // END android-removed
+        defineCurveAlias("K-163", SECObjectIdentifiers.sect163k1);
+        defineCurveAlias("K-233", SECObjectIdentifiers.sect233k1);
+        defineCurveAlias("K-283", SECObjectIdentifiers.sect283k1);
+        defineCurveAlias("K-409", SECObjectIdentifiers.sect409k1);
+        defineCurveAlias("K-571", SECObjectIdentifiers.sect571k1);
+        */
+        // END Android-removed: Unsupported curves
 
         defineCurveAlias("P-192", SECObjectIdentifiers.secp192r1);
         defineCurveAlias("P-224", SECObjectIdentifiers.secp224r1);
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
index b5505f4..8df1069 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/OAEPEncoding.java
@@ -7,13 +7,10 @@
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-remnoved
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -32,10 +29,9 @@
     public OAEPEncoding(
         AsymmetricBlockCipher   cipher)
     {
-        // BEGIN android-changed
-        // Was: this(cipher, DigestFactory.createSHA1(), null);
+        // Android-changed: Use Android digests
+        // this(cipher, DigestFactory.createSHA1(), null);
         this(cipher, AndroidDigestFactory.getSHA1(), null);
-        // END android-changed
     }
     
     public OAEPEncoding(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
index b36ae58..e79557f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
@@ -390,12 +390,6 @@
         {
             badType = (type != 1);
         }
-        // BEGIN android-added
-        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
-        {
-            throw new InvalidCipherTextException("invalid block type " + type);
-        }
-        // END android-added
 
         //
         // find and extract the message block.
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
index 7274bf9..652d8ac 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
@@ -6,16 +6,13 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.Wrapper;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -56,9 +53,9 @@
     //
     // checksum digest
     //
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // Digest  sha1 = DigestFactory.createSHA1();
     Digest  sha1 = AndroidDigestFactory.getSHA1();
-    // END android-changed
     byte[]  digest = new byte[20];
 
    /**
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
index a0728b2..1075f22 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DHParametersHelper.java
@@ -3,17 +3,15 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
-// BEGIN android-added
+// Android-added: Log long-running operation
 import java.util.logging.Logger;
-// END android-added
 import org.bouncycastle.math.ec.WNafUtil;
 import org.bouncycastle.util.BigIntegers;
 
 class DHParametersHelper
 {
-    // BEGIN android-added
+    // Android-added: Log long-running operation
     private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
-    // END android-added
 
     private static final BigInteger ONE = BigInteger.valueOf(1);
     private static final BigInteger TWO = BigInteger.valueOf(2);
@@ -25,20 +23,19 @@
      */
     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         logger.info("Generating safe primes. This may take a long time.");
         long start = System.currentTimeMillis();
         int tries = 0;
-        // END android-added
+        // END Android-added: Log long-running operation
         BigInteger p, q;
         int qLength = size - 1;
         int minWeight = size >>> 2;
 
         for (;;)
         {
-            // BEGIN android-added
+            // Android-added: Log long-running operation
             tries++;
-            // END android-added
             q = new BigInteger(qLength, 2, random);
 
             // p <- 2q + 1
@@ -67,11 +64,11 @@
 
             break;
         }
-        // BEGIN android-added
+        // BEGIN Android-added: Log long-running operation
         long end = System.currentTimeMillis();
         long duration = end - start;
         logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
-        // END android-added
+        // END Android-added: Log long-running operation
 
         return new BigInteger[] { p, q };
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index cec79e0..961b367 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -7,10 +7,9 @@
 import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
 import org.bouncycastle.crypto.params.DSAValidationParameters;
-// BEGIN android-changed
-// Was: import org.bouncycastle.crypto.util.DigestFactory;
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.BigIntegers;
 import org.bouncycastle.util.encoders.Hex;
@@ -34,9 +33,9 @@
 
     public DSAParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public DSAParametersGenerator(Digest digest)
@@ -131,9 +130,9 @@
         int             n = (L - 1) / 160;
         byte[]          w = new byte[L / 8];
 
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // if (!(digest instanceof SHA1Digest))
         if (!(digest.getAlgorithmName().equals("SHA-1")))
-        // END android-changed
         {
             throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
index e6ec53a..3e850c1 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
@@ -3,13 +3,11 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 
 /**
  * Generator for PBE derived keys and ivs as usd by OpenSSL.
@@ -21,9 +19,9 @@
 public class OpenSSLPBEParametersGenerator
     extends PBEParametersGenerator
 {
-    // BEGIN android-changed
+    // Android-changed: Use Android digests
+    // private Digest  digest = DigestFactory.createMD5();
     private Digest  digest = AndroidDigestFactory.getMD5();
-    // END android-changed
 
     /**
      * Construct a OpenSSL Parameters generator. 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
index 3089f8c..c45c84f 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
@@ -4,15 +4,12 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-changed
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 /**
@@ -34,9 +31,9 @@
      */
     public PKCS5S2ParametersGenerator()
     {
-        // BEGIN android-changed
+        // Android-changed: Use Android digests
+        // this(DigestFactory.createSHA1());
         this(AndroidDigestFactory.getSHA1());
-        // END android-changed
     }
 
     public PKCS5S2ParametersGenerator(Digest digest)
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
index 600a317..5868262 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/macs/HMac.java
@@ -36,29 +36,29 @@
     {
         blockLengths = new Hashtable();
         
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("GOST3411", Integers.valueOf(32));
         //
         // blockLengths.put("MD2", Integers.valueOf(16));
         // blockLengths.put("MD4", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         blockLengths.put("MD5", Integers.valueOf(64));
-        
-        // BEGIN android-removed
+
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("RIPEMD128", Integers.valueOf(64));
         // blockLengths.put("RIPEMD160", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         
         blockLengths.put("SHA-1", Integers.valueOf(64));
         blockLengths.put("SHA-224", Integers.valueOf(64));
         blockLengths.put("SHA-256", Integers.valueOf(64));
         blockLengths.put("SHA-384", Integers.valueOf(128));
         blockLengths.put("SHA-512", Integers.valueOf(128));
-        
-        // BEGIN android-removed
+
+        // BEGIN Android-removed: Unsupported algorithms
         // blockLengths.put("Tiger", Integers.valueOf(64));
         // blockLengths.put("Whirlpool", Integers.valueOf(64));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
     
     private static int getByteLength(
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
index 1ba5ebb..c6453a3 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
@@ -24,11 +24,11 @@
     implements AEADBlockCipher
 {
     private static final int BLOCK_SIZE = 16;
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     // 2^36-32 : limitation imposed by NIST GCM as otherwise the counter is wrapped and it can leak
     // plaintext and authentication key
     private static final long MAX_INPUT_SIZE = 68719476704L;
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     // not final due to a compiler bug
     private BlockCipher   cipher;
@@ -238,13 +238,13 @@
         return totalData < macSize ? 0 : totalData - macSize;
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Max input size limitation from NIST.
     /** Helper used to ensure that {@link #MAX_INPUT_SIZE} is not exceeded. */
     private long getTotalInputSizeAfterNewInput(int newInputLen)
     {
         return totalLength + newInputLen + bufOff;
     }
-    // END android-added
+    // END Android-added: Max input size limitation from NIST.
 
     public int getUpdateOutputSize(int len)
     {
@@ -263,11 +263,11 @@
     public void processAADByte(byte in)
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         atBlock[atBlockPos] = in;
         if (++atBlockPos == BLOCK_SIZE)
         {
@@ -280,11 +280,11 @@
 
     public void processAADBytes(byte[] in, int inOff, int len)
     {
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
         for (int i = 0; i < len; ++i)
         {
             atBlock[atBlockPos] = in[inOff + i];
@@ -323,12 +323,12 @@
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
-
+        // END Android-added: Max input size limitation from NIST.
+        
         bufBlock[bufOff] = in;
         if (++bufOff == bufBlock.length)
         {
@@ -342,11 +342,11 @@
         throws DataLengthException
     {
         checkStatus();
-        // BEGIN android-added
+        // BEGIN Android-added: Max input size limitation from NIST.
         if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
             throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
         }
-        // END android-added
+        // END Android-added: Max input size limitation from NIST.
 
         if (in.length < (inOff + len))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
index a8ef959..45c8b57 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/RSADigestSigner.java
@@ -39,11 +39,11 @@
      */
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
         // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
         // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
         oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
@@ -53,10 +53,17 @@
         oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224);
         oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256);
 
-        // BEGIN android-removed
-        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        oidMap.put("SHA3-224", NISTObjectIdentifiers.id_sha3_224);
+        oidMap.put("SHA3-256", NISTObjectIdentifiers.id_sha3_256);
+        oidMap.put("SHA3-384", NISTObjectIdentifiers.id_sha3_384);
+        oidMap.put("SHA3-512", NISTObjectIdentifiers.id_sha3_512);
+
+        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
+        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
+        */
+        // END Android-removed: Unsupported algorithms
         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 0175aa1..911f1da 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -9,9 +9,8 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -33,10 +32,9 @@
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
 
 /**
@@ -102,16 +100,18 @@
 
             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
         }
-        // BEGIN android-removed
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        // {
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //     ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-        //
-        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-        //         params.getP(), params.getG()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        {
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+            ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
+
+            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
+                params.getP(), params.getG()));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
         {
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index 042c68e..8602887 100644
--- a/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -11,9 +11,8 @@
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DEROctetString;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.asn1.oiw.ElGamalParameter;
-// END android-removed
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -40,10 +39,9 @@
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECNamedDomainParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.params.ElGamalParameters;
 // import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-// END android-removed
 import org.bouncycastle.crypto.params.RSAKeyParameters;
 
 /**
@@ -137,16 +135,18 @@
 
             return new DHPublicKeyParameters(derY.getValue(), dhParams);
         }
-        // BEGIN android-removed
-        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-        // {
-        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-        //     ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
-        //
-        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-        //         params.getP(), params.getG()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithm
+        /*
+        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
+        {
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
+            ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
+
+            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
+                params.getP(), params.getG()));
+        }
+        */
+        // END Android-removed: Unsupported algorithm
         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
         {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
index 579b973..dcc963c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DH.java
@@ -36,10 +36,10 @@
             provider.addAttributes("KeyAgreement.DH", generalDhAttributes);
             provider.addAlgorithm("KeyAgreement.DH", PREFIX + "KeyAgreementSpi");
             provider.addAlgorithm("Alg.Alias.KeyAgreement.DIFFIEHELLMAN", "DH");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_ESDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
             // provider.addAlgorithm("KeyAgreement", PKCSObjectIdentifiers.id_alg_SSDH, PREFIX + "KeyAgreementSpi$DHwithRFC2631KDF");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.DH", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("Alg.Alias.KeyFactory.DIFFIEHELLMAN", "DH");
@@ -51,22 +51,19 @@
 
             provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
-            //
-            // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
-            // provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAES");
-            // provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESede");
-            //
-            // provider.addAlgorithm("Cipher.OLDDHIES", PREFIX + "IESCipher$OldIES");
-            // provider.addAlgorithm("Cipher.OLDDHIESwithAES", PREFIX + "IESCipher$OldIESwithAES");
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHAES", PREFIX + "IESCipher$OldIESwithAES");
-            // provider.addAlgorithm("Cipher.OLDDHIESWITHDESEDE", PREFIX + "IESCipher$OldIESwithDESede");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher.IES", PREFIX + "IESCipher$IES");
+            provider.addAlgorithm("Cipher.IESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.IESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.IESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
+
+            provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
+            provider.addAlgorithm("Cipher.DHIESwithAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.DHIESWITHAES-CBC", PREFIX + "IESCipher$IESwithAESCBC");
+            provider.addAlgorithm("Cipher.DHIESWITHDESEDE-CBC", PREFIX + "IESCipher$IESwithDESedeCBC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
             registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
index 70ae120..44bf12e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
@@ -27,52 +27,52 @@
             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
 
-            // BEGIN android-changed
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
+            // provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
             provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
-            // END android-changed
+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
 
             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
 
-            // provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
-            // provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
-            // provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
-            // END android-removed
+            provider.addAlgorithm("Signature.DDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA1WITHDDSA", PREFIX + "DSASigner$detDSA");
+            provider.addAlgorithm("Signature.SHA224WITHDDSA", PREFIX + "DSASigner$detDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHDDSA", PREFIX + "DSASigner$detDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHDDSA", PREFIX + "DSASigner$detDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHDDSA", PREFIX + "DSASigner$detDSA512");
+            provider.addAlgorithm("Signature.SHA3-224WITHDDSA", PREFIX + "DSASigner$detDSASha3_224");
+            provider.addAlgorithm("Signature.SHA3-256WITHDDSA", PREFIX + "DSASigner$detDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-384WITHDDSA", PREFIX + "DSASigner$detDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-512WITHDDSA", PREFIX + "DSASigner$detDSASha3_512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
             addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
+            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
 
-            // BEGIN android-added
-            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
-            // END android-added
+            addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
+            addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
+            addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
+            addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
+            */
+            // END Android-removed: Unsupported algorithms
 
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA3-224", "DSA", PREFIX + "DSASigner$dsaSha3_224", NISTObjectIdentifiers.id_dsa_with_sha3_224);
-            // addSignatureAlgorithm(provider, "SHA3-256", "DSA", PREFIX + "DSASigner$dsaSha3_256", NISTObjectIdentifiers.id_dsa_with_sha3_256);
-            // addSignatureAlgorithm(provider, "SHA3-384", "DSA", PREFIX + "DSASigner$dsaSha3_384", NISTObjectIdentifiers.id_dsa_with_sha3_384);
-            // addSignatureAlgorithm(provider, "SHA3-512", "DSA", PREFIX + "DSASigner$dsaSha3_512", NISTObjectIdentifiers.id_dsa_with_sha3_512);
-            // END android-removed
-
-            // BEGIN android-changed
+            // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
             provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
@@ -82,19 +82,19 @@
             provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
             provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-            // END android-changed
+            // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
 
             for (int i = 0; i != DSAUtil.dsaOids.length; i++)
             {
-                // BEGIN android-changed
+                // BEGIN Android-changed: Change primary ID from DSA to SHA1withDSA
                 provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA");
-                // END android-changed
+                // END Android-changed: Change primary ID from DSA to SHA1withDSA
 
                 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
                 registerOidAlgorithmParameterGenerator(provider, DSAUtil.dsaOids[i], "DSA");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
index 1c49da9..016b465 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/EC.java
@@ -3,20 +3,20 @@
 import java.util.HashMap;
 import java.util.Map;
 
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
 // import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
 // import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 // import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.Properties;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 public class EC
 {
@@ -43,146 +43,144 @@
 
             provider.addAttributes("KeyAgreement.ECDH", generalEcAttributes);
             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
-            // BEGIN android-removed
-            // provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
-            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-            // provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
-            // provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
-            //
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
-            // provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
-            //
-            // provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-            //
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
-            // provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAttributes("KeyAgreement.ECDHC", generalEcAttributes);
+            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
+            provider.addAttributes("KeyAgreement.ECCDH", generalEcAttributes);
+            provider.addAlgorithm("KeyAgreement.ECCDH", PREFIX + "KeyAgreementSpi$DHC");
+
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA1KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA224KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA224KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA256KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA256KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA384KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA384KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA512KDFAndSharedInfo");
+            provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$CDHwithSHA512KDFAndSharedInfo");
+
+            provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
+
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA1CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA256CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA384CKDF");
+            provider.addAlgorithm("KeyAgreement.ECCDHWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$DHwithSHA512CKDF");
+            */
+            // END Android-removed: Unsupported algorithms
 
             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
-            // BEGIN android-added
-            // We were having this one in 1.52. As of 1.54 this one is under
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
-            // below
-            registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // END android-added
 
-            // BEGIN android-removed
-            // registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
-            // registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //
-            // END android-removed
-            // BEGIN android-removed
-            // // Android comment: the registrations in this block are causing CTS tests to fail
-            // // and don't seem to be implemented by bouncycastle (so looks like an bug in
-            // // bouncycastle).
-            // // TODO(20447540): check if this occurs in upstream bouncycastle and report accordingly
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-            // END android-removed
-            // BEGIN android-removed
-            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
-            //
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
-            // registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
-            //
-            // if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
-            // {
-            //     provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-            //
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
-            //     provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
-            //
-            //     provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
-            //     provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
-            //
-            //     registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
-            //     registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
-            //
-            //     registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-            //     registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
-            //
-            //     provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-            //     provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            registerOid(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+            registerOid(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC", new KeyFactorySpi.EC());
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
+
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_cofactorDH_sha1kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha224kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha224kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha256kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha256kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha384kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha384kdf_scheme, "EC");
+
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_stdDH_sha512kdf_scheme, "EC");
+            registerOidAlgorithmParameters(provider, SECObjectIdentifiers.dhSinglePass_cofactorDH_sha512kdf_scheme, "EC");
+
+            if (!Properties.isOverrideSet("org.bouncycastle.ec.disable_mqv"))
+            {
+                provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
+
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA1CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA1CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA224CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA224CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA256CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA256CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA384CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA384CKDF");
+                provider.addAlgorithm("KeyAgreement.ECMQVWITHSHA512CKDF", PREFIX + "KeyAgreementSpi$MQVwithSHA512CKDF");
+
+                provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA224KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA256KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA384KDFAndSharedInfo");
+                provider.addAlgorithm("KeyAgreement." + SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA512KDFAndSharedInfo");
+
+            */
+            // END Android-removed: Unsupported algorithms
+                registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+                registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha256kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha224kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha384kdf_scheme, "EC");
+
+                registerOid(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
+                registerOidAlgorithmParameters(provider, SECObjectIdentifiers.mqvSinglePass_sha512kdf_scheme, "EC");
+
+                provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
+                provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
+            }
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
+            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
+            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-            //
-            // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
-            //
-            // provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-            // provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-            //
-            // provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
+            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
+            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
+            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
 
-            // BEGIN android-changed
+            provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
+
+            provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
+            provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+            provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
+
+            provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // BEGIN Android-changed: Change primary ID from ECDSA to SHA1withECDSA
             provider.addAlgorithm("Signature.SHA1withECDSA", PREFIX + "SignatureSpi$ecDSA");
             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
 
@@ -193,60 +191,64 @@
             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "SHA1withECDSA");
             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
-            // END android-changed
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-            //
-            // provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
-            // provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
-            // provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
-            // provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
-            // provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
-            // provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
-            // provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
-            // provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
-            // provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
+            // END Android-changed: Change primary ID from ECDSA to SHA1withECDSA
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
 
-            // provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
-            // END android-removed
+            provider.addAlgorithm("Signature.ECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+            provider.addAlgorithm("Signature.SHA1WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA");
+            provider.addAlgorithm("Signature.SHA224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA224");
+            provider.addAlgorithm("Signature.SHA256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA256");
+            provider.addAlgorithm("Signature.SHA384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA384");
+            provider.addAlgorithm("Signature.SHA512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSA512");
+            provider.addAlgorithm("Signature.SHA3-224WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_224");
+            provider.addAlgorithm("Signature.SHA3-256WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_256");
+            provider.addAlgorithm("Signature.SHA3-384WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_384");
+            provider.addAlgorithm("Signature.SHA3-512WITHECDDSA", PREFIX + "SignatureSpi$ecDetDSASha3_512");
+
+            provider.addAlgorithm("Alg.Alias.Signature.DETECDSA", "ECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDETECDSA", "SHA1WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHDETECDSA", "SHA224WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHDETECDSA", "SHA256WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHDETECDSA", "SHA384WITHECDDSA");
+            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHDETECDSA", "SHA512WITHECDDSA");
+            */
+            // END Android-removed: Unsupported algorithms
 
             addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
-            // BEGIN android-removed
-            // addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
-            // addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
-            // addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
-            // addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
-            //
-            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-            //
-            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-            //
-            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-            // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-            // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-            //
-            // addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-            // addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-            // addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-            // addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-            // addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-            // addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addSignatureAlgorithm(provider, "SHA3-224", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_224", NISTObjectIdentifiers.id_ecdsa_with_sha3_224);
+            addSignatureAlgorithm(provider, "SHA3-256", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_256", NISTObjectIdentifiers.id_ecdsa_with_sha3_256);
+            addSignatureAlgorithm(provider, "SHA3-384", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_384", NISTObjectIdentifiers.id_ecdsa_with_sha3_384);
+            addSignatureAlgorithm(provider, "SHA3-512", "ECDSA", PREFIX + "SignatureSpi$ecDSASha3_512", NISTObjectIdentifiers.id_ecdsa_with_sha3_512);
+
+            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
+
+            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
+            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
+            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
+            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
+            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
+
+            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
+            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
+            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
+            addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
+            addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
+
+            addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
+            addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
+            addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
+            addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
+            addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
+            addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
index 86026cc..4eb01a3 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
@@ -7,9 +7,8 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
@@ -40,48 +39,58 @@
             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
             provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-224WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-256WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-384WITHRSAANDMGF1", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA3-512WITHRSAANDMGF1", "PSS");
+
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.RSA", generalRsaAttributes);
             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
-            // BEGIN android-changed
+            // Android-changed: Use an alias for RSA/RAW instead of a concrete implementation
             provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
-            // END android-changed
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
-            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.rsaEncryption, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher", X509ObjectIdentifiers.id_ea_rsa, PREFIX + "CipherSpi$PKCS1v1_5Padding");
+            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
+            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
+            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
+            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
+            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
@@ -91,128 +100,145 @@
             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
-            // BEGIN android-removed
-            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-            //
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-            //
-            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-            //
-            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-            //
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-            //
-            // addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-            // addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-            // addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-            // addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-            // addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
-            // addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
-            //
-            // addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
-            // addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
-            // addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
-            // addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
-            // {
-            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-            // }
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
-            // {
-            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
+
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
+            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
+            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
+
+            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
+
+            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
+            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
+
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
+            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
+            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
+
+            addPSSSignature(provider, "SHA224", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            addPSSSignature(provider, "SHA256", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            addPSSSignature(provider, "SHA384", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            addPSSSignature(provider, "SHA512", PREFIX + "PSSSignatureSpi$SHA512withRSA");
+            addPSSSignature(provider, "SHA512(224)", PREFIX + "PSSSignatureSpi$SHA512_224withRSA");
+            addPSSSignature(provider, "SHA512(256)", PREFIX + "PSSSignatureSpi$SHA512_256withRSA");
+
+            addPSSSignature(provider, "SHA3-224", PREFIX + "PSSSignatureSpi$SHA3_224withRSA");
+            addPSSSignature(provider, "SHA3-256", PREFIX + "PSSSignatureSpi$SHA3_256withRSA");
+            addPSSSignature(provider, "SHA3-384", PREFIX + "PSSSignatureSpi$SHA3_384withRSA");
+            addPSSSignature(provider, "SHA3-512", PREFIX + "PSSSignatureSpi$SHA3_512withRSA");
+
+            if (provider.hasAlgorithm("MessageDigest", "MD2"))
+            {
+                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "MD4"))
+            {
+                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
 
             if (provider.hasAlgorithm("MessageDigest", "MD5"))
             {
                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "MD5", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-                // END android-removed
             }
 
             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
             {
-                // BEGIN android-removed
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-                //
-                // addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
-                // END android-removed
+                // BEGIN Android-removed: Unsupported algorithms
+                /*
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
+                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
+
+                addPSSSignature(provider, "SHA1", PREFIX + "PSSSignatureSpi$SHA1withRSA");
+                */
+                // END Android-removed: Unsupported algorithms
                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // addISO9796Signature(provider, "SHA1", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
 
                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
 
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // addX931Signature(provider, "SHA1", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
-                // END android-removed
             }
 
             addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
             addDigestSignature(provider, "SHA256", PREFIX + "DigestSignatureSpi$SHA256", PKCSObjectIdentifiers.sha256WithRSAEncryption);
             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
-            // BEGIN android-removed
-            // addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
-            // addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
-            //
-            // addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
-            // addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
-            // addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
-            // addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
-            //
-            // addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
-            // addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
-            //
-            // addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
-            // addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
-            // addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
-            // addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
-            // addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-            // {
-            //    addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-            //    addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-            //
-            //    addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            //    addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-            // }
-            //
-            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-            // {
-            //    addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-            //    addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-            //    provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-            //    provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-            //
-            //    addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            //    addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            addDigestSignature(provider, "SHA512(224)", PREFIX + "DigestSignatureSpi$SHA512_224", PKCSObjectIdentifiers.sha512_224WithRSAEncryption);
+            addDigestSignature(provider, "SHA512(256)", PREFIX + "DigestSignatureSpi$SHA512_256", PKCSObjectIdentifiers.sha512_256WithRSAEncryption);
+
+            addDigestSignature(provider, "SHA3-224", PREFIX + "DigestSignatureSpi$SHA3_224", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224);
+            addDigestSignature(provider, "SHA3-256", PREFIX + "DigestSignatureSpi$SHA3_256", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256);
+            addDigestSignature(provider, "SHA3-384", PREFIX + "DigestSignatureSpi$SHA3_384", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384);
+            addDigestSignature(provider, "SHA3-512", PREFIX + "DigestSignatureSpi$SHA3_512", NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512);
+
+            addISO9796Signature(provider, "SHA224", PREFIX + "ISOSignatureSpi$SHA224WithRSAEncryption");
+            addISO9796Signature(provider, "SHA256", PREFIX + "ISOSignatureSpi$SHA256WithRSAEncryption");
+            addISO9796Signature(provider, "SHA384", PREFIX + "ISOSignatureSpi$SHA384WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512", PREFIX + "ISOSignatureSpi$SHA512WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512(224)", PREFIX + "ISOSignatureSpi$SHA512_224WithRSAEncryption");
+            addISO9796Signature(provider, "SHA512(256)", PREFIX + "ISOSignatureSpi$SHA512_256WithRSAEncryption");
+
+            addX931Signature(provider, "SHA224", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
+            addX931Signature(provider, "SHA256", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
+            addX931Signature(provider, "SHA384", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
+            addX931Signature(provider, "SHA512", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
+            addX931Signature(provider, "SHA512(224)", PREFIX + "X931SignatureSpi$SHA512_224WithRSAEncryption");
+            addX931Signature(provider, "SHA512(256)", PREFIX + "X931SignatureSpi$SHA512_256WithRSAEncryption");
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
+            {
+                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
+                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
+
+                addX931Signature(provider, "RMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+                addX931Signature(provider, "RIPEMD128", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
+            {
+                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
+                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
+                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
+                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
+
+                addX931Signature(provider, "RMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+                addX931Signature(provider, "RIPEMD160", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
+            {
+                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
+                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
+            }
+
+            if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
+            {
+                addISO9796Signature(provider, "Whirlpool", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addISO9796Signature(provider, "WHIRLPOOL", PREFIX + "ISOSignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "Whirlpool", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+                addX931Signature(provider, "WHIRLPOOL", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         private void addDigestSignature(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
index a9fb6b2..12a9f6f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/X509.java
@@ -18,10 +18,10 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
             // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             //
             // certificate factories.
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
index f5e8d0e..890674e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyAgreementSpi.java
@@ -16,10 +16,9 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 
@@ -234,14 +233,16 @@
         return bigIntToBytes(result);
     }
 
-    // BEGIN android-removed
-    // public static class DHwithRFC2631KDF
-    //    extends KeyAgreementSpi
-    // {
-    //    public DHwithRFC2631KDF()
-    //     {
-    //         super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    public static class DHwithRFC2631KDF
+        extends KeyAgreementSpi
+    {
+        public DHwithRFC2631KDF()
+        {
+            super("DHwithRFC2631KDF", new DHKEKGenerator(DigestFactory.createSHA1()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
index 6374419..0384b1c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
@@ -21,27 +21,15 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.digests.SHA224Digest;
-// import org.bouncycastle.crypto.digests.SHA256Digest;
-// import org.bouncycastle.crypto.digests.SHA384Digest;
-// import org.bouncycastle.crypto.digests.SHA512Digest;
-// END android-removed
-// BEGIN android-added
+// Android-added: Check DSA keys when generated
 import org.bouncycastle.crypto.params.DSAKeyParameters;
 import org.bouncycastle.crypto.params.DSAParameters;
-// END android-added
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
-// import org.bouncycastle.crypto.digests.SHA1Digest;
-// import org.bouncycastle.crypto.params.ParametersWithRandom;
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DSASigner
@@ -83,13 +71,11 @@
         PrivateKey  privateKey)
         throws InvalidKeyException
     {
-        CipherParameters    param;
+        CipherParameters    param = DSAUtil.generatePrivateKeyParameter(privateKey);
 
-        param = DSAUtil.generatePrivateKeyParameter(privateKey);
-        // BEGIN android-added
+        // Android-added: Check DSA keys when generated
         DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters();
         checkKey(dsaParam);
-        // END android-added
 
         if (random != null)
         {
@@ -163,7 +149,7 @@
         throw new UnsupportedOperationException("engineSetParameter unsupported");
     }
 
-    // BEGIN android-added
+    // BEGIN Android-added: Check DSA keys when generated
     protected void checkKey(DSAParameters params) throws InvalidKeyException {
         int valueL = params.getP().bitLength();
         int valueN = params.getQ().bitLength();
@@ -184,7 +170,7 @@
         }
     }
 
-    // END android-added
+    // END Android-added: Check DSA keys when generated
     /**
      * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
      */
@@ -238,171 +224,180 @@
     {
         public stdDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class detDSA
-    //     extends DSASigner
-    // {
-    //     public detDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class detDSA
+        extends DSASigner
+    {
+        public detDSA()
+        {
+            super(DigestFactory.createSHA1(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa224
         extends DSASigner
     {
         public dsa224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class detDSA224
-    //     extends DSASigner
-    // {
-    //     public detDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class detDSA224
+        extends DSASigner
+    {
+        public detDSA224()
+        {
+            super(DigestFactory.createSHA224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class dsa256
         extends DSASigner
     {
         public dsa256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
             super(AndroidDigestFactory.getSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
-            // END android-changed
         }
     }
-    // BEGIN android-removed
-    // static public class detDSA256
-    //     extends DSASigner
-    // {
-    //     public detDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
-    //     }
-    // }
-    //
-    // static public class dsa384
-    //     extends DSASigner
-    // {
-    //     public dsa384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSA384
-    //     extends DSASigner
-    // {
-    //     public detDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
-    //     }
-    // }
-    //
-    // static public class dsa512
-    //     extends DSASigner
-    // {
-    //     public dsa512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSA512
-    //     extends DSASigner
-    // {
-    //     public detDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_224
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_224
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_256
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_256
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_384
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_384
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
-    //     }
-    // }
-    //
-    // static public class dsaSha3_512
-    //     extends DSASigner
-    // {
-    //     public dsaSha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
-    //     }
-    // }
-    //
-    // static public class detDSASha3_512
-    //     extends DSASigner
-    // {
-    //     public detDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
-    //     }
-    // }
-    // END android-removed
+
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class detDSA256
+        extends DSASigner
+    {
+        public detDSA256()
+        {
+            super(DigestFactory.createSHA256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())));
+        }
+    }
+
+    static public class dsa384
+        extends DSASigner
+    {
+        public dsa384()
+        {
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSA384
+        extends DSASigner
+    {
+        public detDSA384()
+        {
+            super(DigestFactory.createSHA384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())));
+        }
+    }
+
+    static public class dsa512
+        extends DSASigner
+    {
+        public dsa512()
+        {
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSA512
+        extends DSASigner
+    {
+        public detDSA512()
+        {
+            super(DigestFactory.createSHA512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())));
+        }
+    }
+
+    static public class dsaSha3_224
+        extends DSASigner
+    {
+        public dsaSha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_224
+        extends DSASigner
+    {
+        public detDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())));
+        }
+    }
+
+    static public class dsaSha3_256
+        extends DSASigner
+    {
+        public dsaSha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_256
+        extends DSASigner
+    {
+        public detDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())));
+        }
+    }
+
+    static public class dsaSha3_384
+        extends DSASigner
+    {
+        public dsaSha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_384
+        extends DSASigner
+    {
+        public detDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())));
+        }
+    }
+
+    static public class dsaSha3_512
+        extends DSASigner
+    {
+        public dsaSha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner());
+        }
+    }
+
+    static public class detDSASha3_512
+        extends DSASigner
+    {
+        public detDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class noneDSA
         extends DSASigner
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
index 10bac46..d768ae6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
@@ -26,9 +26,8 @@
     public static final ASN1ObjectIdentifier[] dsaOids =
     {
         X9ObjectIdentifiers.id_dsa,
-        // BEGIN android-added
+        // Android-added: Add missing OID for DSA-with-SHA1
         X9ObjectIdentifiers.id_dsa_with_sha1,
-        // END android-added
         OIWObjectIdentifiers.dsaWithSHA1
     };
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
index 6e1eda2..dd28631 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
@@ -14,32 +14,32 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
 // import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
 // import org.bouncycastle.crypto.agreement.kdf.ConcatenationKDFGenerator;
 // import org.bouncycastle.crypto.generators.KDF2BytesGenerator;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ECDomainParameters;
 import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
 import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.MQVPrivateParameters;
 // import org.bouncycastle.crypto.params.MQVPublicParameters;
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseAgreementSpi;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.MQVParameterSpec;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.jcajce.spec.UserKeyingMaterialSpec;
 import org.bouncycastle.jce.interfaces.ECPrivateKey;
 import org.bouncycastle.jce.interfaces.ECPublicKey;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.jce.interfaces.MQVPrivateKey;
 // import org.bouncycastle.jce.interfaces.MQVPublicKey;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 
 /**
  * Diffie-Hellman key agreement using elliptic curve keys, ala IEEE P1363
@@ -57,9 +57,8 @@
     private ECDomainParameters     parameters;
     private BasicAgreement         agreement;
 
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // private MQVParameterSpec       mqvParameters;
-    // END android-removed
     private BigInteger             result;
 
     protected KeyAgreementSpi(
@@ -95,31 +94,33 @@
         }
 
         CipherParameters pubKey;        
-        // BEGIN android-removed
-        // if (agreement instanceof ECMQVBasicAgreement)
-        // {
-        //     if (!(key instanceof MQVPublicKey))
-        //     {
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter((PublicKey)key);
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
-        //
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        //     }
-        //     else
-        //     {
-        //         MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-        //         ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-        //         ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-        //             ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-        //
-        //         pubKey = new MQVPublicParameters(staticKey, ephemKey);
-        //     }
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (agreement instanceof ECMQVBasicAgreement)
+        {
+            if (!(key instanceof MQVPublicKey))
+            {
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter((PublicKey)key);
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvParameters.getOtherPartyEphemeralKey());
+
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
+            }
+            else
+            {
+                MQVPublicKey mqvPubKey = (MQVPublicKey)key;
+                ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getStaticKey());
+                ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
+                    ECUtils.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
+
+                pubKey = new MQVPublicParameters(staticKey, ephemKey);
+            }
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PublicKey))
             {
@@ -133,7 +134,9 @@
         try
         {
             result = agreement.calculateAgreement(pubKey);
-        } catch (final Exception e) {
+        }
+        catch (final Exception e)
+        {
             throw new InvalidKeyException("calculation failed: " + e.getMessage())
             {
                 public Throwable getCause()
@@ -142,6 +145,7 @@
                             }
             };
         }
+
         return null;
     }
 
@@ -151,9 +155,9 @@
         SecureRandom            random) 
         throws InvalidKeyException, InvalidAlgorithmParameterException
     {
-        // BEGIN android-changed
+        // Android-removed: Unsupported algorithms
+        // if (params != null && !(params instanceof MQVParameterSpec || params instanceof UserKeyingMaterialSpec))
         if (params != null && !(params instanceof UserKeyingMaterialSpec))
-        // END android-changed
         {
             throw new InvalidAlgorithmParameterException("No algorithm parameters supported");
         }
@@ -163,7 +167,7 @@
 
     protected void engineInit(
         Key             key,
-        SecureRandom    random)
+        SecureRandom    random) 
         throws InvalidKeyException
     {
         initFromKey(key, null);
@@ -172,62 +176,64 @@
     private void initFromKey(Key key, AlgorithmParameterSpec parameterSpec)
         throws InvalidKeyException
     {
-        // BEGIN android-removed
-        // if (agreement instanceof ECMQVBasicAgreement)
-        // {
-        //     mqvParameters = null;
-        //     if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
-        //     {
-        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-        //             + getSimpleName(MQVParameterSpec.class) + " for initialisation");
-        //     }
-        //
-        //     ECPrivateKeyParameters staticPrivKey;
-        //     ECPrivateKeyParameters ephemPrivKey;
-        //     ECPublicKeyParameters ephemPubKey;
-        //     if (key instanceof MQVPrivateKey)
-        //     {
-        //         MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-        //         staticPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-        //         ephemPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-        //
-        //         ephemPubKey = null;
-        //         if (mqvPrivKey.getEphemeralPublicKey() != null)
-        //         {
-        //             ephemPubKey = (ECPublicKeyParameters)
-        //                 ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-        //         }
-        //     }
-        //     else
-        //     {
-        //         MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
-        //
-        //         staticPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter((PrivateKey)key);
-        //         ephemPrivKey = (ECPrivateKeyParameters)
-        //             ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
-        //
-        //         ephemPubKey = null;
-        //         if (mqvParameterSpec.getEphemeralPublicKey() != null)
-        //         {
-        //             ephemPubKey = (ECPublicKeyParameters)
-        //                 ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
-        //         }
-        //         mqvParameters = mqvParameterSpec;
-        //         ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
-        //     }
-        //
-        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-        //     this.parameters = staticPrivKey.getParameters();
-        //
-        //     // TODO Validate that all the keys are using the same parameters?
-        //
-        //     agreement.init(localParams);
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (agreement instanceof ECMQVBasicAgreement)
+        {
+            mqvParameters = null;
+            if (!(key instanceof MQVPrivateKey) && !(parameterSpec instanceof MQVParameterSpec))
+            {
+                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
+                    + getSimpleName(MQVParameterSpec.class) + " for initialisation");
+            }
+
+            ECPrivateKeyParameters staticPrivKey;
+            ECPrivateKeyParameters ephemPrivKey;
+            ECPublicKeyParameters ephemPubKey;
+            if (key instanceof MQVPrivateKey)
+            {
+                MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
+                staticPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
+                ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
+
+                ephemPubKey = null;
+                if (mqvPrivKey.getEphemeralPublicKey() != null)
+                {
+                    ephemPubKey = (ECPublicKeyParameters)
+                        ECUtils.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
+                }
+            }
+            else
+            {
+                MQVParameterSpec mqvParameterSpec = (MQVParameterSpec)parameterSpec;
+
+                staticPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter((PrivateKey)key);
+                ephemPrivKey = (ECPrivateKeyParameters)
+                    ECUtil.generatePrivateKeyParameter(mqvParameterSpec.getEphemeralPrivateKey());
+
+                ephemPubKey = null;
+                if (mqvParameterSpec.getEphemeralPublicKey() != null)
+                {
+                    ephemPubKey = (ECPublicKeyParameters)
+                        ECUtils.generatePublicKeyParameter(mqvParameterSpec.getEphemeralPublicKey());
+                }
+                mqvParameters = mqvParameterSpec;
+                ukmParameters = mqvParameterSpec.getUserKeyingMaterial();
+            }
+
+            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
+            this.parameters = staticPrivKey.getParameters();
+
+            // TODO Validate that all the keys are using the same parameters?
+
+            agreement.init(localParams);
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (!(key instanceof PrivateKey))
             {
@@ -264,248 +270,250 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class DHC
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHC()
-    //     {
-    //         super("ECDHC", new ECDHCBasicAgreement(), null);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class DHC
+        extends KeyAgreementSpi
+    {
+        public DHC()
+        {
+            super("ECDHC", new ECDHCBasicAgreement(), null);
+        }
+    }
 
-    // public static class MQV
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQV()
-    //     {
-    //         super("ECMQV", new ECMQVBasicAgreement(), null);
-    //     }
-    // }
+    public static class MQV
+        extends KeyAgreementSpi
+    {
+        public MQV()
+        {
+            super("ECMQV", new ECMQVBasicAgreement(), null);
+        }
+    }
 
-    // public static class DHwithSHA1KDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1KDF()
-    //     {
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1KDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1KDF()
+        {
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class CDHwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class CDHwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA1KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA1KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class DHwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA224KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA224KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class CDHwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class CDHwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA224KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA224KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class DHwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class DHwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA256KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA256KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class CDHwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class CDHwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA256KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA256KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class DHwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class DHwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA384KDFAndSharedInfo()
+        {
+            super("ECDHwithSHA384KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class CDHwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public CDHwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class CDHwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public CDHwithSHA384KDFAndSharedInfo()
+        {
+            super("ECCDHwithSHA384KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class DHwithSHA512KDFAndSharedInfo
-    //      extends KeyAgreementSpi
-    //  {
-    //      public DHwithSHA512KDFAndSharedInfo()
-    //      {
-    //          super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //      }
-    //  }
+    public static class DHwithSHA512KDFAndSharedInfo
+         extends KeyAgreementSpi
+     {
+         public DHwithSHA512KDFAndSharedInfo()
+         {
+             super("ECDHwithSHA512KDF", new ECDHBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         }
+     }
 
-    //  public static class CDHwithSHA512KDFAndSharedInfo
-    //      extends KeyAgreementSpi
-    //  {
-    //      public CDHwithSHA512KDFAndSharedInfo()
-    //      {
-    //          super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //      }
-    //  }
+     public static class CDHwithSHA512KDFAndSharedInfo
+         extends KeyAgreementSpi
+     {
+         public CDHwithSHA512KDFAndSharedInfo()
+         {
+             super("ECCDHwithSHA512KDF", new ECDHCBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+         }
+     }
 
-    // public static class MQVwithSHA1KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA1KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class MQVwithSHA1KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA1KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class MQVwithSHA224KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA224KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class MQVwithSHA224KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA224KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA224KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class MQVwithSHA256KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA256KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class MQVwithSHA256KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA256KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA256KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class MQVwithSHA384KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA384KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class MQVwithSHA384KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA384KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA384KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class MQVwithSHA512KDFAndSharedInfo
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA512KDFAndSharedInfo()
-    //     {
-    //         super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
+    public static class MQVwithSHA512KDFAndSharedInfo
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA512KDFAndSharedInfo()
+        {
+            super("ECMQVwithSHA512KDF", new ECMQVBasicAgreement(), new KDF2BytesGenerator(DigestFactory.createSHA512()));
+        }
+    }
 
-    // public static class DHwithSHA1CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA1CKDF()
-    //     {
-    //         super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class DHwithSHA1CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA1CKDF()
+        {
+            super("ECDHwithSHA1CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class DHwithSHA256CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA256CKDF()
-    //     {
-    //         super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class DHwithSHA256CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA256CKDF()
+        {
+            super("ECDHwithSHA256CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class DHwithSHA384CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA384CKDF()
-    //     {
-    //         super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class DHwithSHA384CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA384CKDF()
+        {
+            super("ECDHwithSHA384CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class DHwithSHA512CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public DHwithSHA512CKDF()
-    //     {
-    //         super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
+    public static class DHwithSHA512CKDF
+        extends KeyAgreementSpi
+    {
+        public DHwithSHA512CKDF()
+        {
+            super("ECDHwithSHA512CKDF", new ECDHCBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        }
+    }
 
-    // public static class MQVwithSHA1CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA1CKDF()
-    //     {
-    //         super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
-    //     }
-    // }
+    public static class MQVwithSHA1CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA1CKDF()
+        {
+            super("ECMQVwithSHA1CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA1()));
+        }
+    }
 
-    // public static class MQVwithSHA224CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA224CKDF()
-    //     {
-    //         super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
-    //     }
-    // }
+    public static class MQVwithSHA224CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA224CKDF()
+        {
+            super("ECMQVwithSHA224CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA224()));
+        }
+    }
 
-    // public static class MQVwithSHA256CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA256CKDF()
-    //     {
-    //         super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
-    //     }
-    // }
+    public static class MQVwithSHA256CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA256CKDF()
+        {
+            super("ECMQVwithSHA256CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA256()));
+        }
+    }
 
-    // public static class MQVwithSHA384CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA384CKDF()
-    //     {
-    //         super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
-    //     }
-    // }
+    public static class MQVwithSHA384CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA384CKDF()
+        {
+            super("ECMQVwithSHA384CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA384()));
+        }
+    }
 
-    // public static class MQVwithSHA512CKDF
-    //     extends KeyAgreementSpi
-    // {
-    //     public MQVwithSHA512CKDF()
-    //     {
-    //         super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
-    //     }
-    // }
-    // END android-removed
+    public static class MQVwithSHA512CKDF
+        extends KeyAgreementSpi
+    {
+        public MQVwithSHA512CKDF()
+        {
+            super("ECMQVwithSHA512CKDF", new ECMQVBasicAgreement(), new ConcatenationKDFGenerator(DigestFactory.createSHA512()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
index a749f11..431b6bd 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
@@ -208,16 +208,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class ECGOST3410
-    //     extends KeyFactorySpi
-    // {
-    //     public ECGOST3410()
-    //     {
-    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    public static class ECGOST3410
+        extends KeyFactorySpi
+    {
+        public ECGOST3410()
+        {
+            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     public static class ECDH
         extends KeyFactorySpi
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
index 5f8a901..794ca97 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
@@ -43,9 +43,10 @@
         ECKeyGenerationParameters   param;
         ECKeyPairGenerator          engine = new ECKeyPairGenerator();
         Object                      ecParams = null;
-        // BEGIN android-changed
+        // Android-changed: Use 256-bit keys by default.
+        // 239-bit keys (the Bouncy Castle default) are less widely-supported than 256-bit ones,
+        // so we've changed the default strength to 256 for increased compatibility
         int                         strength = 256;
-        // BEGIN android-changed
         int                         certainty = 50;
         SecureRandom                random = new SecureRandom();
         boolean                     initialised = false;
@@ -87,13 +88,13 @@
             SecureRandom    random)
         {
             this.strength = strength;
-            // BEGIN android-added
+            // BEGIN Android-changed: Don't override this.random with null.
+            // Passing null just means to use a default random, which this.random is already
+            // initialized to, so just use that
             if (random != null) {
-            // END android-added
-            this.random = random;
-            // BEGIN android-added
+                this.random = random;
             }
-            // END android-added
+            // END Android-changed: Don't override this.random with null.
 
             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
             if (ecParams == null)
@@ -116,11 +117,11 @@
             SecureRandom            random)
             throws InvalidAlgorithmParameterException
         {
-            // BEGIN android-added
+            // BEGIN Android-added: Use existing SecureRandom if none is provided.
             if (random == null) {
                 random = this.random;
             }
-            // END android-added
+            // END Android-added: Use existing SecureRandom if none is provided.
             if (params == null)
             {
                 ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();
@@ -288,4 +289,4 @@
             super("ECMQV", BouncyCastleProvider.CONFIGURATION);
         }
     }
-}
+}
\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
index 46aeec7..93f9d16 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
@@ -16,19 +16,18 @@
 import org.bouncycastle.crypto.DSA;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.NullDigest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-// END android-removed
+// END Android-removed: Unsupported algorithms
 import org.bouncycastle.crypto.params.ParametersWithRandom;
 import org.bouncycastle.crypto.signers.ECDSASigner;
-// BEGIN android-removed
+// BEGIN Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.signers.ECNRSigner;
 // import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
+// END Android-removed: Unsupported algorithms
+// BEGIN Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
 import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
@@ -74,22 +73,24 @@
     {
         public ecDSA()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA1(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA
+        extends SignatureSpi
+    {
+        public ecDetDSA()
+        {
+            super(DigestFactory.createSHA1(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA1())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSAnone
         extends SignatureSpi
@@ -105,267 +106,276 @@
     {
         public ecDSA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA224(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA224(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA224
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA224
+        extends SignatureSpi
+    {
+        public ecDetDSA224()
+        {
+            super(DigestFactory.createSHA224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA224())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA256
         extends SignatureSpi
     {
         public ecDSA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA256(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA256
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA256
+        extends SignatureSpi
+    {
+        public ecDetDSA256()
+        {
+            super(DigestFactory.createSHA256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA256())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithm
 
     static public class ecDSA384
         extends SignatureSpi
     {
         public ecDSA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA384(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA384
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithm
+    /*
+    static public class ecDetDSA384
+        extends SignatureSpi
+    {
+        public ecDetDSA384()
+        {
+            super(DigestFactory.createSHA384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA384())), new StdDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+
     static public class ecDSA512
         extends SignatureSpi
     {
         public ecDSA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(DigestFactory.createSHA512(), new ECDSASigner(), new StdDSAEncoder());
             super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class ecDetDSA512
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class ecDetDSA512
+        extends SignatureSpi
+    {
+        public ecDetDSA512()
+        {
+            super(DigestFactory.createSHA512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA512())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_224
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_224
+        extends SignatureSpi
+    {
+        public ecDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_224
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_224()
-    //     {
-    //         super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_224
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_224()
+        {
+            super(DigestFactory.createSHA3_224(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_224())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_256
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_256
+        extends SignatureSpi
+    {
+        public ecDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_256
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_256()
-    //     {
-    //         super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_256
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_256()
+        {
+            super(DigestFactory.createSHA3_256(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_256())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_384
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_384
+        extends SignatureSpi
+    {
+        public ecDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_384
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_384()
-    //     {
-    //         super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_384
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_384()
+        {
+            super(DigestFactory.createSHA3_384(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_384())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSASha3_512
-    //     extends SignatureSpi
-    // {
-    //     public ecDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSASha3_512
+        extends SignatureSpi
+    {
+        public ecDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDetDSASha3_512
-    //     extends SignatureSpi
-    // {
-    //     public ecDetDSASha3_512()
-    //     {
-    //         super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDetDSASha3_512
+        extends SignatureSpi
+    {
+        public ecDetDSASha3_512()
+        {
+            super(DigestFactory.createSHA3_512(), new ECDSASigner(new HMacDSAKCalculator(DigestFactory.createSHA3_512())), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecDSARipeMD160
-    //     extends SignatureSpi
-    // {
-    //     public ecDSARipeMD160()
-    //     {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecDSARipeMD160
+        extends SignatureSpi
+    {
+        public ecDSARipeMD160()
+        {
+            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR
-    //     extends SignatureSpi
-    // {
-    //     public ecNR()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR
+        extends SignatureSpi
+    {
+        public ecNR()
+        {
+            super(DigestFactory.createSHA1(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR224
-    //     extends SignatureSpi
-    // {
-    //     public ecNR224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR224
+        extends SignatureSpi
+    {
+        public ecNR224()
+        {
+            super(DigestFactory.createSHA224(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR256
-    //     extends SignatureSpi
-    // {
-    //     public ecNR256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR256
+        extends SignatureSpi
+    {
+        public ecNR256()
+        {
+            super(DigestFactory.createSHA256(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR384
-    //     extends SignatureSpi
-    // {
-    //     public ecNR384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR384
+        extends SignatureSpi
+    {
+        public ecNR384()
+        {
+            super(DigestFactory.createSHA384(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecNR512
-    //     extends SignatureSpi
-    // {
-    //     public ecNR512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
-    //     }
-    // }
+    static public class ecNR512
+        extends SignatureSpi
+    {
+        public ecNR512()
+        {
+            super(DigestFactory.createSHA512(), new ECNRSigner(), new StdDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA()
-    //     {
-    //         super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA
+        extends SignatureSpi
+    {
+        public ecCVCDSA()
+        {
+            super(DigestFactory.createSHA1(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA224
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA224()
-    //     {
-    //         super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA224
+        extends SignatureSpi
+    {
+        public ecCVCDSA224()
+        {
+            super(DigestFactory.createSHA224(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA256
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA256()
-    //     {
-    //         super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA256
+        extends SignatureSpi
+    {
+        public ecCVCDSA256()
+        {
+            super(DigestFactory.createSHA256(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA384
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA384()
-    //     {
-    //         super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA384
+        extends SignatureSpi
+    {
+        public ecCVCDSA384()
+        {
+            super(DigestFactory.createSHA384(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecCVCDSA512
-    //     extends SignatureSpi
-    // {
-    //     public ecCVCDSA512()
-    //     {
-    //         super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
+    static public class ecCVCDSA512
+        extends SignatureSpi
+    {
+        public ecCVCDSA512()
+        {
+            super(DigestFactory.createSHA512(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
 
-    // static public class ecPlainDSARP160
-    //     extends SignatureSpi
-    // {
-    //     public ecPlainDSARP160()
-    //     {
-    //         super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
-    //     }
-    // }
-    // END android-removed
+    static public class ecPlainDSARP160
+        extends SignatureSpi
+    {
+        public ecPlainDSARP160()
+        {
+            super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     private static class StdDSAEncoder
         implements DSAEncoder
@@ -406,68 +416,70 @@
         }
     }
 
-    // BEGIN android-removed
-    // private static class PlainDSAEncoder
-    //     implements DSAEncoder
-    // {
-    //     public byte[] encode(
-    //         BigInteger r,
-    //         BigInteger s)
-    //         throws IOException
-    //     {
-    //         byte[] first = makeUnsigned(r);
-    //         byte[] second = makeUnsigned(s);
-    //         byte[] res;
-    //
-    //         if (first.length > second.length)
-    //         {
-    //             res = new byte[first.length * 2];
-    //         }
-    //         else
-    //         {
-    //             res = new byte[second.length * 2];
-    //         }
-    //
-    //         System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
-    //         System.arraycopy(second, 0, res, res.length - second.length, second.length);
-    //
-    //         return res;
-    //     }
-    //
-    //
-    //     private byte[] makeUnsigned(BigInteger val)
-    //     {
-    //         byte[] res = val.toByteArray();
-    //
-    //         if (res[0] == 0)
-    //         {
-    //             byte[] tmp = new byte[res.length - 1];
-    //
-    //             System.arraycopy(res, 1, tmp, 0, tmp.length);
-    //
-    //             return tmp;
-    //         }
-    //
-    //         return res;
-    //     }
-    //
-    //     public BigInteger[] decode(
-    //         byte[] encoding)
-    //         throws IOException
-    //     {
-    //         BigInteger[] sig = new BigInteger[2];
-    //
-    //         byte[] first = new byte[encoding.length / 2];
-    //         byte[] second = new byte[encoding.length / 2];
-    //
-    //         System.arraycopy(encoding, 0, first, 0, first.length);
-    //         System.arraycopy(encoding, first.length, second, 0, second.length);
-    //
-    //         sig[0] = new BigInteger(1, first);
-    //         sig[1] = new BigInteger(1, second);
-    //
-    //         return sig;
-    //     }
-    // }
-    // END android-removed
-}
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    private static class PlainDSAEncoder
+        implements DSAEncoder
+    {
+        public byte[] encode(
+            BigInteger r,
+            BigInteger s)
+            throws IOException
+        {
+            byte[] first = makeUnsigned(r);
+            byte[] second = makeUnsigned(s);
+            byte[] res;
+
+            if (first.length > second.length)
+            {
+                res = new byte[first.length * 2];
+            }
+            else
+            {
+                res = new byte[second.length * 2];
+            }
+
+            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
+            System.arraycopy(second, 0, res, res.length - second.length, second.length);
+
+            return res;
+        }
+
+
+        private byte[] makeUnsigned(BigInteger val)
+        {
+            byte[] res = val.toByteArray();
+
+            if (res[0] == 0)
+            {
+                byte[] tmp = new byte[res.length - 1];
+
+                System.arraycopy(res, 1, tmp, 0, tmp.length);
+
+                return tmp;
+            }
+
+            return res;
+        }
+
+        public BigInteger[] decode(
+            byte[] encoding)
+            throws IOException
+        {
+            BigInteger[] sig = new BigInteger[2];
+
+            byte[] first = new byte[encoding.length / 2];
+            byte[] second = new byte[encoding.length / 2];
+
+            System.arraycopy(encoding, 0, first, 0, first.length);
+            System.arraycopy(encoding, first.length, second, 0, second.length);
+
+            sig[0] = new BigInteger(1, first);
+            sig[1] = new BigInteger(1, second);
+
+            return sig;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+}
\ No newline at end of file
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
index c98b764..b7966ef 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
@@ -26,9 +26,8 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithm
 // import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-// END android-removed
 import org.bouncycastle.crypto.encodings.OAEPEncoding;
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
@@ -36,14 +35,18 @@
 import org.bouncycastle.jcajce.provider.asymmetric.util.BaseCipherSpi;
 import org.bouncycastle.jcajce.provider.util.BadBlockException;
 import org.bouncycastle.jcajce.provider.util.DigestFactory;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.Strings;
 
 public class CipherSpi
     extends BaseCipherSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private AsymmetricBlockCipher cipher;
     private AlgorithmParameterSpec paramSpec;
@@ -203,12 +206,12 @@
         {
             cipher = new PKCS1Encoding(new RSABlindedEngine());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // else if (pad.equals("ISO9796-1PADDING"))
         // {
         //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithm
         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
         {
             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
@@ -237,27 +240,29 @@
         {
             initFromSpec(new OAEPParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, PSource.PSpecified.DEFAULT));
         }
-        // BEGIN android-removed
-        // else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
-        // }
-        // else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
-        // {
-        //     initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (pad.equals("OAEPWITHSHA3-224ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-224", "MGF1", new MGF1ParameterSpec("SHA3-224"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-256ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-256", "MGF1", new MGF1ParameterSpec("SHA3-256"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-384ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-384", "MGF1", new MGF1ParameterSpec("SHA3-384"), PSource.PSpecified.DEFAULT));
+        }
+        else if (pad.equals("OAEPWITHSHA3-512ANDMGF1PADDING"))
+        {
+            initFromSpec(new OAEPParameterSpec("SHA3-512", "MGF1", new MGF1ParameterSpec("SHA3-512"), PSource.PSpecified.DEFAULT));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
-             throw new NoSuchPaddingException(padding + " unavailable with RSA.");
+            throw new NoSuchPaddingException(padding + " unavailable with RSA.");
         }
     }
 
@@ -562,50 +567,52 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class PKCS1v1_5Padding
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding()
-    //     {
-    //         super(new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class PKCS1v1_5Padding_PrivateOnly
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding_PrivateOnly()
-    //     {
-    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class PKCS1v1_5Padding_PublicOnly
-    //     extends CipherSpi
-    // {
-    //     public PKCS1v1_5Padding_PublicOnly()
-    //     {
-    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class OAEPPadding
-    //     extends CipherSpi
-    // {
-    //     public OAEPPadding()
-    //     {
-    //         super(OAEPParameterSpec.DEFAULT);
-    //     }
-    // }
-    //
-    // static public class ISO9796d1Padding
-    //     extends CipherSpi
-    // {
-    //     public ISO9796d1Padding()
-    //     {
-    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class PKCS1v1_5Padding
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding()
+        {
+            super(new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class PKCS1v1_5Padding_PrivateOnly
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding_PrivateOnly()
+        {
+            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class PKCS1v1_5Padding_PublicOnly
+        extends CipherSpi
+    {
+        public PKCS1v1_5Padding_PublicOnly()
+        {
+            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class OAEPPadding
+        extends CipherSpi
+    {
+        public OAEPPadding()
+        {
+            super(OAEPParameterSpec.DEFAULT);
+        }
+    }
+    
+    static public class ISO9796d1Padding
+        extends CipherSpi
+    {
+        public ISO9796d1Padding()
+        {
+            super(new ISO9796d1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
index 1e4d854..5c2f1df 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
@@ -17,30 +17,25 @@
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.DigestInfo;
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.MD4Digest;
 // import org.bouncycastle.crypto.digests.NullDigest;
 // import org.bouncycastle.crypto.digests.RIPEMD128Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-// END android-removed
 import org.bouncycastle.crypto.encodings.PKCS1Encoding;
 import org.bouncycastle.crypto.engines.RSABlindedEngine;
-// BEGIN android-removed
+// Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
 import org.bouncycastle.util.Arrays;
 
 public class DigestSignatureSpi
@@ -258,9 +253,9 @@
     {
         public SHA1()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(OIWObjectIdentifiers.idSHA1, DigestFactory.createSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
             super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -269,9 +264,9 @@
     {
         public SHA224()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha224, DigestFactory.createSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha224, AndroidDigestFactory.getSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -280,9 +275,9 @@
     {
         public SHA256()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha256, DigestFactory.createSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -291,9 +286,9 @@
     {
         public SHA384()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha384, DigestFactory.createSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
@@ -302,132 +297,136 @@
     {
         public SHA512()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(NISTObjectIdentifiers.id_sha512, DigestFactory.createSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
             super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class SHA512_224
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA512_224()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class SHA512_224
+        extends DigestSignatureSpi
+    {
+        public SHA512_224()
+        {
+            super(NISTObjectIdentifiers.id_sha512_224, DigestFactory.createSHA512_224(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA512_256
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA512_256()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA512_256
+        extends DigestSignatureSpi
+    {
+        public SHA512_256()
+        {
+            super(NISTObjectIdentifiers.id_sha512_256, DigestFactory.createSHA512_256(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_224
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_224()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_224
+        extends DigestSignatureSpi
+    {
+        public SHA3_224()
+        {
+            super(NISTObjectIdentifiers.id_sha3_224, DigestFactory.createSHA3_224(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_256
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_256()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_256
+        extends DigestSignatureSpi
+    {
+        public SHA3_256()
+        {
+            super(NISTObjectIdentifiers.id_sha3_256, DigestFactory.createSHA3_256(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_384
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_384()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_384
+        extends DigestSignatureSpi
+    {
+        public SHA3_384()
+        {
+            super(NISTObjectIdentifiers.id_sha3_384, DigestFactory.createSHA3_384(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class SHA3_512
-    //     extends DigestSignatureSpi
-    // {
-    //     public SHA3_512()
-    //     {
-    //         super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class SHA3_512
+        extends DigestSignatureSpi
+    {
+        public SHA3_512()
+        {
+            super(NISTObjectIdentifiers.id_sha3_512, DigestFactory.createSHA3_512(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class MD2
-    //     extends DigestSignatureSpi
-    // {
-    //     public MD2()
-    //     {
-    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
+    static public class MD2
+        extends DigestSignatureSpi
+    {
+        public MD2()
+        {
+            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
 
-    // static public class MD4
-    //     extends DigestSignatureSpi
-    // {
-    //     public MD4()
-    //     {
-    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    static public class MD4
+        extends DigestSignatureSpi
+    {
+        public MD4()
+        {
+            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class MD5
         extends DigestSignatureSpi
     {
         public MD5()
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // super(PKCSObjectIdentifiers.md5, DigestFactory.createMD5(), new PKCS1Encoding(new RSABlindedEngine()));
             super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
-            // END android-changed
         }
     }
 
-    // BEGIN android-removed
-    // static public class RIPEMD160
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD160()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class RIPEMD128
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD128()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class RIPEMD256
-    //     extends DigestSignatureSpi
-    // {
-    //     public RIPEMD256()
-    //     {
-    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    //
-    // static public class noneRSA
-    //     extends DigestSignatureSpi
-    // {
-    //     public noneRSA()
-    //     {
-    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class RIPEMD160
+        extends DigestSignatureSpi
+    {
+        public RIPEMD160()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class RIPEMD128
+        extends DigestSignatureSpi
+    {
+        public RIPEMD128()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class RIPEMD256
+        extends DigestSignatureSpi
+    {
+        public RIPEMD256()
+        {
+            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+
+    static public class noneRSA
+        extends DigestSignatureSpi
+    {
+        public noneRSA()
+        {
+            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
index 4c3089a..a2c9666 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/KeyPairGeneratorSpi.java
@@ -43,10 +43,9 @@
         SecureRandom random)
     {
         param = new RSAKeyGenerationParameters(defaultPublicExponent,
-            // BEGIN android-changed
-            // Was: random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
+            // Android-changed: Replace null random with default implementation.
+            // random, strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
             (random != null) ? random : new SecureRandom(), strength, PrimeCertaintyCalculator.getDefaultCertainty(strength));
-            // END android-changed
 
         engine.init(param);
     }
@@ -64,10 +63,9 @@
 
         param = new RSAKeyGenerationParameters(
             rsaParams.getPublicExponent(),
-            // BEGIN android-changed
-            // Was: random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
+            // Android-changed: Replace null random with default implementation.
+            // random, rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
             (random != null) ? random : new SecureRandom(), rsaParams.getKeysize(), PrimeCertaintyCalculator.getDefaultCertainty(2048));
-            // END android-changed
 
         engine.init(param);
     }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
index 2994e73..f285ac5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseAgreementSpi.java
@@ -11,10 +11,9 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -22,10 +21,9 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.DerivationFunction;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
 // import org.bouncycastle.crypto.agreement.kdf.DHKEKGenerator;
-// END android-removed
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KDFParameters;
 import org.bouncycastle.util.Integers;
@@ -122,9 +120,8 @@
         nameTable.put(KISAObjectIdentifiers.id_npki_app_cmsSeed_wrap.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedCBC.getId(), "SEED");
         nameTable.put(KISAObjectIdentifiers.id_seedMAC.getId(), "SEED");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithm
         // nameTable.put(CryptoProObjectIdentifiers.gostR28147_gcfb.getId(), "GOST28147");
-        // END android-removed
 
         nameTable.put(NISTObjectIdentifiers.id_aes128_wrap.getId(), "AES");
         nameTable.put(NISTObjectIdentifiers.id_aes128_CCM.getId(), "AES");
@@ -163,12 +160,12 @@
         {
             return "AES";
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithm
         // if (algDetails.startsWith(GNUObjectIdentifiers.Serpent.getId()))
         // {
         //     return "Serpent";
         // }
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         String name = (String)nameTable.get(Strings.toUpperCase(algDetails));
 
@@ -261,6 +258,7 @@
         }
 
         int    keySize = getKeySize(oidAlgorithm);
+
         if (kdf != null)
         {
             if (keySize < 0)
@@ -269,24 +267,26 @@
             }
             byte[] keyBytes = new byte[keySize / 8];
 
-            // BEGIN android-removed
-            // if (kdf instanceof DHKEKGenerator)
-            // {
-            //     ASN1ObjectIdentifier oid;
-            //     try
-            //     {
-            //         oid = new ASN1ObjectIdentifier(oidAlgorithm);
-            //     }
-            //     catch (IllegalArgumentException e)
-            //     {
-            //         throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
-            //     }
-            //     DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
+            // BEGIN Android-removed: Unsupported algorithm
+            /*
+            if (kdf instanceof DHKEKGenerator)
+            {
+                ASN1ObjectIdentifier oid;
+                try
+                {
+                    oid = new ASN1ObjectIdentifier(oidAlgorithm);
+                }
+                catch (IllegalArgumentException e)
+                {
+                    throw new NoSuchAlgorithmException("no OID for algorithm: " + oidAlgorithm);
+                }
+                DHKDFParameters params = new DHKDFParameters(oid, keySize, secret, ukmParameters);
 
-            //     kdf.init(params);
-            // }
-            // else
-            // END android-removed
+                kdf.init(params);
+            }
+            else
+            */
+            // END Android-removed: Unsupported algorithm
             {
                 KDFParameters params = new KDFParameters(secret, ukmParameters);
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
index 602ca74..961e263 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
@@ -18,10 +18,9 @@
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -41,10 +40,9 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private final JcaJceHelper helper = new BCJcaJceHelper();
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
index 3b8a0a6..d67974b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/EC5Util.java
@@ -47,14 +47,14 @@
             }
         }
 
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported curves
         // X9ECParameters c25519 = CustomNamedCurves.getByName("Curve25519");
 
         // customCurves.put(new ECCurve.Fp(
         //     c25519.getCurve().getField().getCharacteristic(),
         //     c25519.getCurve().getA().toBigInteger(),
-        //    c25519.getCurve().getB().toBigInteger()), c25519.getCurve());
-        // END android-removed
+        //     c25519.getCurve().getB().toBigInteger()), c25519.getCurve());
+        // END Android-removed: Unsupported curves
     }
 
     public static ECCurve getCurve(
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
index cba154a..39ff397 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
@@ -8,17 +8,15 @@
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.anssi.ANSSINamedCurves;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
 // import org.bouncycastle.asn1.gm.GMNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTNamedCurves;
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.SECNamedCurves;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X962NamedCurves;
@@ -338,24 +336,26 @@
             {
                 oid = NISTNamedCurves.getOID(name);
             }
-            // BEGIN android-removed
-            // if (oid == null)
-            // {
-            //     oid = TeleTrusTNamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = ECGOST3410NamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = ANSSINamedCurves.getOID(name);
-            // }
-            // if (oid == null)
-            // {
-            //     oid = GMNamedCurves.getOID(name);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (oid == null)
+            {
+                oid = TeleTrusTNamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = ECGOST3410NamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = ANSSINamedCurves.getOID(name);
+            }
+            if (oid == null)
+            {
+                oid = GMNamedCurves.getOID(name);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return oid;
@@ -398,16 +398,18 @@
             {
                 params = NISTNamedCurves.getByOID(oid);
             }
-            // BEGIN android-removed
-            // if (params == null)
-            // {
-            //     params = TeleTrusTNamedCurves.getByOID(oid);
-            // }
-            // if (params == null)
-            // {
-            //     params = GMNamedCurves.getByOID(oid);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (params == null)
+            {
+                params = TeleTrusTNamedCurves.getByOID(oid);
+            }
+            if (params == null)
+            {
+                params = GMNamedCurves.getByOID(oid);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -429,16 +431,18 @@
             {
                 params = NISTNamedCurves.getByName(curveName);
             }
-            // BEGIN android-removed
-            // if (params == null)
-            // {
-            //     params = TeleTrusTNamedCurves.getByName(curveName);
-            // }
-            // if (params == null)
-            // {
-            //     params = GMNamedCurves.getByName(curveName);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (params == null)
+            {
+                params = TeleTrusTNamedCurves.getByName(curveName);
+            }
+            if (params == null)
+            {
+                params = GMNamedCurves.getByName(curveName);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return params;
@@ -456,16 +460,18 @@
             {
                 name = NISTNamedCurves.getName(oid);
             }
-            // BEGIN android-removed
-            // if (name == null)
-            // {
-            //     name = TeleTrusTNamedCurves.getName(oid);
-            // }
-            // if (name == null)
-            // {
-            //     name = ECGOST3410NamedCurves.getName(oid);
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (name == null)
+            {
+                name = TeleTrusTNamedCurves.getName(oid);
+            }
+            if (name == null)
+            {
+                name = ECGOST3410NamedCurves.getName(oid);
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
 
         return name;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
index 58310c7..d5608b9 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/CertificateFactory.java
@@ -4,9 +4,8 @@
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-// BEGIN Android-added
+// Android-added: Use PushbackInputStream
 import java.io.PushbackInputStream;
-// END Android-added
 import java.security.cert.CRL;
 import java.security.cert.CRLException;
 import java.security.cert.CertPath;
@@ -217,22 +216,21 @@
             }
             else
             {
-                // BEGIN android-changed
-                // Was: pis = new ByteArrayInputStream(Streams.readAll(in));
-                // Reason: we want {@code in.available()} to return the number of available bytes if
+                // Android-changed: Use PushbackInputStream instead of ByteArrayInputStream.
+                // we want {@code in.available()} to return the number of available bytes if
                 // there is trailing data (otherwise it breaks
                 // libcore.java.security.cert.X509CertificateTest#test_Provider
                 // ). Which is not possible if we read the whole stream at this point.
+                // // pis = new ByteArrayInputStream(Streams.readAll(in));
                 pis = new PushbackInputStream(in);
-                // END android-changed
             }
 
-            // BEGIN android-changed
-            // Was: pis.mark(1);
+            // BEGIN Android-changed: Use PushbackInputStream
+            // pis.mark(1);
             if (in.markSupported()) {
                 pis.mark(1);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             int tag = pis.read();
 
@@ -241,8 +239,8 @@
                 return null;
             }
 
-            // BEGIN android-changdd
-            // Was: pis.reset
+            // BEGIN Android-changed: Use PushbackInputStream
+            // pis.reset
             if (in.markSupported()) {
                 pis.reset();
             }
@@ -250,7 +248,7 @@
             {
                 ((PushbackInputStream) pis).unread(tag);
             }
-            // END android-changed
+            // END Android-changed: Use PushbackInputStream
 
             if (tag != 0x30)  // assume ascii PEM encoded.
             {
@@ -276,19 +274,17 @@
         throws CertificateException
     {
         java.security.cert.Certificate     cert;
-        // BEGIN android-removed
-        // BufferedInputStream in = new BufferedInputStream(inStream);
-        // Reason: we want {@code in.available()} to return the number of available bytes if
+        // Android-removed: Don't read entire stream immediately.
+        // we want {@code in.available()} to return the number of available bytes if
         // there is trailing data (otherwise it breaks
         // libcore.java.security.cert.X509CertificateTest#test_Provider
         // ). Which is not possible if we read the whole stream at this point.
-        // END android-removed
+        // BufferedInputStream in = new BufferedInputStream(inStream);
         List certs = new ArrayList();
 
-        // BEGIN android-changed
-        // Was: while ((cert = engineGenerateCertificate(in)) != null)
+        // Android-changed: Read from original stream
+        // while ((cert = engineGenerateCertificate(in)) != null)
         while ((cert = engineGenerateCertificate(inStream)) != null)
-        // END android-changed
         {
             certs.add(cert);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
index 8bb4c3a..b72de4c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
@@ -37,9 +37,8 @@
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.util.io.pem.PemObject;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.util.io.pem.PemWriter;
-// END android-removed
 
 /**
  * CertPath implementation for X.509 certificates.
@@ -56,9 +55,8 @@
     {
         List encodings = new ArrayList();
         encodings.add("PkiPath");
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // encodings.add("PEM");
-        // END android-removed
         encodings.add("PKCS7");
         certPathEncodings = Collections.unmodifiableList(encodings);
     }
@@ -305,29 +303,31 @@
             return toDEREncoded(new ContentInfo(
                     PKCSObjectIdentifiers.signedData, sd));
         }
-        // BEGIN android-removed
-        // else if (encoding.equalsIgnoreCase("PEM"))
-        // {
-        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-        //
-        //     try
-        //     {
-        //         for (int i = 0; i != certificates.size(); i++)
-        //         {
-        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-        //         }
-        //
-        //         pWrt.close();
-        //     }
-        //     catch (Exception e)
-        //     {
-        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-        //     }
-        //
-        //     return bOut.toByteArray();
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (encoding.equalsIgnoreCase("PEM"))
+        {
+            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
+
+            try
+            {
+                for (int i = 0; i != certificates.size(); i++)
+                {
+                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
+                }
+            
+                pWrt.close();
+            }
+            catch (Exception e)
+            {
+                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
+            }
+
+            return bOut.toByteArray();
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             throw new CertificateEncodingException("unsupported encoding: " + encoding);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
index 51213d4..bfd7c25 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
@@ -56,9 +56,9 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
-// BEGIN android-added
+// BEGIN Android-added: Unknown reason
 import org.bouncycastle.asn1.x509.X509Name;
-// END android-added
+// END Android-added: Unknown reason
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.X509Principal;
@@ -542,20 +542,19 @@
         }
     }
 
-    // BEGIN android-changed
+    // Android-added: Cache the encoded certificate
     private byte[] encoded;
-    // END android-changed
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            // BEGIN android-changed
+            // BEGIN Android-changed: Cache the encoded certificate
             if (encoded == null) {
                 encoded = c.getEncoded(ASN1Encoding.DER);
             }
             return encoded;
-            // END android-changed
+            // END Android-changed: Cache the encoded certificate
         }
         catch (IOException e)
         {
@@ -879,9 +878,9 @@
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    // BEGIN android-changed
+                    // Android-changed: Unknown reason
+                    // list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
                     list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-                    // END android-changed
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
index 35e0318..17a5462 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA1.java
@@ -5,12 +5,6 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA1Digest;
-// BEGIN ANDROID-ADDED
-import org.bouncycastle.crypto.digests.SHA224Digest;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.digests.SHA384Digest;
-import org.bouncycastle.crypto.digests.SHA512Digest;
-// END ANDROID-ADDED
 import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
index e129db4..af375c2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -45,19 +45,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithHmacSHA
-    //  */
-    // public static class PBEWithMacKeyFactory
-    //     extends PBESecretKeyFactory
-    // {
-    //     public PBEWithMacKeyFactory()
-    //     {
-    //         super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithHmacSHA
+     *
+    public static class PBEWithMacKeyFactory
+        extends PBESecretKeyFactory
+    {
+        public PBEWithMacKeyFactory()
+        {
+            super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA256
@@ -86,11 +88,11 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA256", PREFIX + "$HashMac");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
index f2fb6d3..8bddcb2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -5,9 +5,8 @@
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -59,16 +58,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class OldSHA384
-    //     extends BaseMac
-    // {
-    //     public OldSHA384()
-    //     {
-    //         super(new OldHMac(new SHA384Digest()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class OldSHA384
+        extends BaseMac
+    {
+        public OldSHA384()
+        {
+            super(new OldHMac(new SHA384Digest()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -84,9 +85,8 @@
             provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest");
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
-            // END android-removed
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA384", PREFIX + "$HashMac");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
index 9433a81..589e26a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -4,13 +4,11 @@
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.digests.SHA512Digest;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.SHA512tDigest;
-// END android-removed
 import org.bouncycastle.crypto.macs.HMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.OldHMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -41,44 +39,46 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class DigestT
-    //     extends BCMessageDigest
-    //     implements Cloneable
-    // {
-    //     public DigestT(int bitLength)
-    //     {
-    //         super(new SHA512tDigest(bitLength));
-    //     }
-    //
-    //     public Object clone()
-    //         throws CloneNotSupportedException
-    //     {
-    //         DigestT d = (DigestT)super.clone();
-    //         d.digest = new SHA512tDigest((SHA512tDigest)digest);
-    //
-    //         return d;
-    //     }
-    // }
-    //
-    // static public class DigestT224
-    //     extends DigestT
-    // {
-    //     public DigestT224()
-    //     {
-    //         super(224);
-    //     }
-    // }
-    //
-    // static public class DigestT256
-    //     extends DigestT
-    // {
-    //     public DigestT256()
-    //     {
-    //         super(256);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class DigestT
+        extends BCMessageDigest
+        implements Cloneable
+    {
+        public DigestT(int bitLength)
+        {
+            super(new SHA512tDigest(bitLength));
+        }
+
+        public Object clone()
+            throws CloneNotSupportedException
+        {
+            DigestT d = (DigestT)super.clone();
+            d.digest = new SHA512tDigest((SHA512tDigest)digest);
+
+            return d;
+        }
+    }
+
+    static public class DigestT224
+        extends DigestT
+    {
+        public DigestT224()
+        {
+            super(224);
+        }
+    }
+
+    static public class DigestT256
+        extends DigestT
+    {
+        public DigestT256()
+        {
+            super(256);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class HashMac
         extends BaseMac
@@ -89,37 +89,39 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class HashMacT224
-    //     extends BaseMac
-    // {
-    //     public HashMacT224()
-    //     {
-    //         super(new HMac(new SHA512tDigest(224)));
-    //     }
-    // }
-    //
-    // public static class HashMacT256
-    //     extends BaseMac
-    // {
-    //     public HashMacT256()
-    //     {
-    //         super(new HMac(new SHA512tDigest(256)));
-    //     }
-    // }
-    //
-    // /**
-    //  * SHA-512 HMac
-    //  */
-    // public static class OldSHA512
-    //     extends BaseMac
-    // {
-    //     public OldSHA512()
-    //     {
-    //         super(new OldHMac(new SHA512Digest()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class HashMacT224
+        extends BaseMac
+    {
+        public HashMacT224()
+        {
+            super(new HMac(new SHA512tDigest(224)));
+        }
+    }
+
+    public static class HashMacT256
+        extends BaseMac
+    {
+        public HashMacT256()
+        {
+            super(new HMac(new SHA512tDigest(256)));
+        }
+    }
+
+    /**
+     * SHA-512 HMac
+     *
+    public static class OldSHA512
+        extends BaseMac
+    {
+        public OldSHA512()
+        {
+            super(new OldHMac(new SHA512Digest()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * HMACSHA512
@@ -133,25 +135,27 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class KeyGeneratorT224
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGeneratorT224()
-    //     {
-    //         super("HMACSHA512/224", 224, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // public static class KeyGeneratorT256
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGeneratorT256()
-    //     {
-    //         super("HMACSHA512/256", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class KeyGeneratorT224
+        extends BaseKeyGenerator
+    {
+        public KeyGeneratorT224()
+        {
+            super("HMACSHA512/224", 224, new CipherKeyGenerator());
+        }
+    }
+
+    public static class KeyGeneratorT256
+        extends BaseKeyGenerator
+    {
+        public KeyGeneratorT256()
+        {
+            super("HMACSHA512/256", 256, new CipherKeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends DigestAlgorithmProvider
@@ -168,27 +172,29 @@
             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512");
             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
-            //
-            // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
-            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
-            //
-            // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
+
+            provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
+            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
+            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
+
+            provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Mac.PBEWITHHMACSHA512", PREFIX + "$HashMac");
 
             addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
             addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
             // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
index 9711426..5bc0aa8 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java
@@ -17,9 +17,8 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
-            // END android-removed
             provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore");
             provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle");
             provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
index 1d4e146..4dc856d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
@@ -17,16 +17,18 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            //
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
-            //
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
+    
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
+            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
+            */
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
index 0640669..85365b7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/bc/BcKeyStoreSpi.java
@@ -48,7 +48,9 @@
 import org.bouncycastle.crypto.io.MacInputStream;
 import org.bouncycastle.crypto.io.MacOutputStream;
 import org.bouncycastle.crypto.macs.HMac;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -92,7 +94,9 @@
 
     protected int              version;
 
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     public BcKeyStoreSpi(int version)
     {
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 106f75b..efeaa9a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -64,10 +64,9 @@
 import org.bouncycastle.asn1.DEROutputStream;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERSet;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
@@ -90,17 +89,17 @@
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-changed
-// Was: import org.bouncycastle.crypto.digests.SHA1Digest
+// Android-changed: Use Android digests
+// import org.bouncycastle.crypto.util.DigestFactory;
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-changed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12StoreParameter;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-// END android-removed
 import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.interfaces.BCKeyStore;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -115,7 +114,9 @@
     extends KeyStoreSpi
     implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     private static final int SALT_SIZE = 20;
     private static final int MIN_ITERATIONS = 1024;
@@ -233,6 +234,8 @@
 
     private static byte[] getDigest(SubjectPublicKeyInfo spki)
     {
+        // Android-changed: Use Android digests
+        // Digest digest = DigestFactory.createSHA1();
         Digest digest = AndroidDigestFactory.getSHA1();
         byte[]  resBuf = new byte[digest.getDigestSize()];
 
@@ -758,15 +761,17 @@
         {
             cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
         }
-        // BEGIN android-removed
-        // else
-        // {
-        //     // TODO: at the moment it's just GOST, but...
-        //     GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
-        //
-        //     cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else
+        {
+            // TODO: at the moment it's just GOST, but...
+            GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
+
+            cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         return cipher;
     }
 
@@ -1718,33 +1723,36 @@
             super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
         }
     }
-    // BEGIN android-removed
-    // public static class BCPKCS12KeyStore3DES
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public BCPKCS12KeyStore3DES()
-    //     {
-    //         super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-    //     }
-    // }
-    // 
-    // public static class DefPKCS12KeyStore
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public DefPKCS12KeyStore()
-    //     {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-    //     }
-    // }
-    // 
-    // public static class DefPKCS12KeyStore3DES
-    //     extends PKCS12KeyStoreSpi
-    // {
-    //     public DefPKCS12KeyStore3DES()
-    //     {
-    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-    //     }
-    // }
+
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class BCPKCS12KeyStore3DES
+        extends PKCS12KeyStoreSpi
+    {
+        public BCPKCS12KeyStore3DES()
+        {
+            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        }
+    }
+
+    public static class DefPKCS12KeyStore
+        extends PKCS12KeyStoreSpi
+    {
+        public DefPKCS12KeyStore()
+        {
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
+        }
+    }
+
+    public static class DefPKCS12KeyStore3DES
+        extends PKCS12KeyStoreSpi
+    {
+        public DefPKCS12KeyStore3DES()
+        {
+            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
+        }
+    }
+    */
     // END android-removed
 
     private static class IgnoresCaseHashtable
@@ -1818,9 +1826,8 @@
             keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192));
             keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256));
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256));
-            // END android-removed
 
             KEY_SIZES = Collections.unmodifiableMap(keySizes);
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
index f118e5c..e0669d2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -1,13 +1,11 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
 import java.io.IOException;
-// BEGIN android-added
+// BEGIN Android-added: Needed for setting mode with GCM
 import java.security.NoSuchAlgorithmException;
-// END android-added
-// BEGIN android-removed
-// import java.security.AlgorithmParameters;
-// import java.security.InvalidAlgorithmParameterException;
-// END android-removed
+// END Android-added: Needed for setting mode with GCM
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
 import java.security.SecureRandom;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
@@ -16,13 +14,12 @@
 
 import javax.crypto.spec.IvParameterSpec;
 
-// BEGIN android-added
+// BEGIN Android-added: Needed for setting padding with GCM
 import javax.crypto.NoSuchPaddingException;
-// END android-added
+// END Android-added: Needed for setting padding with GCM
 import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cms.CCMParameters;
-// END android-removed
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.crypto.BlockCipher;
@@ -34,32 +31,28 @@
 import org.bouncycastle.crypto.Mac;
 import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.engines.AESWrapEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.AESWrapPadEngine;
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
 // import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
 // import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 // import org.bouncycastle.crypto.macs.CMac;
 // import org.bouncycastle.crypto.macs.GMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.CCMBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
@@ -130,7 +123,7 @@
         public GCM()
         {
             super(new GCMBlockCipher(new AESEngine()));
-            // BEGIN android-added
+            // BEGIN Android-added: Set mode and padding due to name change (see note in Mappings)
             try {
                 engineSetMode("GCM");
                 engineSetPadding("NoPadding");
@@ -138,130 +131,132 @@
                 // this should not be possible
                 throw new RuntimeException("Could not set mode or padding for GCM mode", e);
             }
-            // END android-added
+            // END Android-added: Set mode and padding due to name change (see note in Mappings)
         }
     }
 
-    // BEGIN android-removed
-    // static public class CCM
-    //     extends BaseBlockCipher
-    // {
-    //     public CCM()
-    //     {
-    //         super(new CCMBlockCipher(new AESEngine()), false, 16);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CCM
+        extends BaseBlockCipher
+    {
+        public CCM()
+        {
+            super(new CCMBlockCipher(new AESEngine()), false, 16);
+        }
+    }
 
-    // public static class AESCMAC
-    //     extends BaseMac
-    // {
-    //     public AESCMAC()
-    //     {
-    //         super(new CMac(new AESEngine()));
-    //     }
-    // }
+    public static class AESCMAC
+        extends BaseMac
+    {
+        public AESCMAC()
+        {
+            super(new CMac(new AESEngine()));
+        }
+    }
 
-    // public static class AESGMAC
-    //     extends BaseMac
-    // {
-    //     public AESGMAC()
-    //     {
-    //         super(new GMac(new GCMBlockCipher(new AESEngine())));
-    //     }
-    // }
+    public static class AESGMAC
+        extends BaseMac
+    {
+        public AESGMAC()
+        {
+            super(new GMac(new GCMBlockCipher(new AESEngine())));
+        }
+    }
 
-    // public static class AESCCMMAC
-    //     extends BaseMac
-    // {
-    //     public AESCCMMAC()
-    //     {
-    //         super(new CCMMac());
-    //     }
+    public static class AESCCMMAC
+        extends BaseMac
+    {
+        public AESCCMMAC()
+        {
+            super(new CCMMac());
+        }
 
-    //     private static class CCMMac
-    //         implements Mac
-    //     {
-    //         private final CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
+        private static class CCMMac
+            implements Mac
+        {
+            private final CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
 
-    //         private int macLength = 8;
+            private int macLength = 8;
 
-    //         public void init(CipherParameters params)
-    //             throws IllegalArgumentException
-    //         {
-    //             ccm.init(true, params);
+            public void init(CipherParameters params)
+                throws IllegalArgumentException
+            {
+                ccm.init(true, params);
 
-    //             this.macLength = ccm.getMac().length;
-    //         }
+                this.macLength = ccm.getMac().length;
+            }
 
-    //         public String getAlgorithmName()
-    //         {
-    //             return ccm.getAlgorithmName() + "Mac";
-    //         }
+            public String getAlgorithmName()
+            {
+                return ccm.getAlgorithmName() + "Mac";
+            }
 
-    //         public int getMacSize()
-    //         {
-    //             return macLength;
-    //         }
+            public int getMacSize()
+            {
+                return macLength;
+            }
 
-    //         public void update(byte in)
-    //             throws IllegalStateException
-    //         {
-    //             ccm.processAADByte(in);
-    //         }
+            public void update(byte in)
+                throws IllegalStateException
+            {
+                ccm.processAADByte(in);
+            }
 
-    //         public void update(byte[] in, int inOff, int len)
-    //             throws DataLengthException, IllegalStateException
-    //         {
-    //             ccm.processAADBytes(in, inOff, len);
-    //         }
+            public void update(byte[] in, int inOff, int len)
+                throws DataLengthException, IllegalStateException
+            {
+                ccm.processAADBytes(in, inOff, len);
+            }
 
-    //         public int doFinal(byte[] out, int outOff)
-    //             throws DataLengthException, IllegalStateException
-    //         {
-    //             try
-    //             {
-    //                 return ccm.doFinal(out, 0);
-    //             }
-    //             catch (InvalidCipherTextException e)
-    //             {
-    //                 throw new IllegalStateException("exception on doFinal(): " + e.toString());
-    //             }
-    //         }
+            public int doFinal(byte[] out, int outOff)
+                throws DataLengthException, IllegalStateException
+            {
+                try
+                {
+                    return ccm.doFinal(out, 0);
+                }
+                catch (InvalidCipherTextException e)
+                {
+                    throw new IllegalStateException("exception on doFinal(): " + e.toString());
+                }
+            }
 
-    //         public void reset()
-    //         {
-    //             ccm.reset();
-    //         }
-    //     }
-    // }
+            public void reset()
+            {
+                ccm.reset();
+            }
+        }
+    }
 
-    // static public class KeyFactory
-    //      extends BaseSecretKeyFactory
-    // {
-    //     public KeyFactory()
-    //     {
-    //         super("AES", null);
-    //     }
-    // }
+    static public class KeyFactory
+         extends BaseSecretKeyFactory
+    {
+        public KeyFactory()
+        {
+            super("AES", null);
+        }
+    }
 
-    // public static class Poly1305
-    //     extends BaseMac
-    // {
-    //     public Poly1305()
-    //     {
-    //         super(new org.bouncycastle.crypto.macs.Poly1305(new AESEngine()));
-    //     }
-    // }
+    public static class Poly1305
+        extends BaseMac
+    {
+        public Poly1305()
+        {
+            super(new org.bouncycastle.crypto.macs.Poly1305(new AESEngine()));
+        }
+    }
 
-    // public static class Poly1305KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public Poly1305KeyGen()
-    //     {
-    //         super("Poly1305-AES", 256, new Poly1305KeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    public static class Poly1305KeyGen
+        extends BaseKeyGenerator
+    {
+        public Poly1305KeyGen()
+        {
+            super("Poly1305-AES", 256, new Poly1305KeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class Wrap
         extends BaseWrapCipher
@@ -272,34 +267,36 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class WrapPad
-    //         extends BaseWrapCipher
-    // {
-    //     public WrapPad()
-    //     {
-    //         super(new AESWrapPadEngine());
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class WrapPad
+        extends BaseWrapCipher
+    {
+        public WrapPad()
+        {
+            super(new AESWrapPadEngine());
+        }
+    }
 
-    // public static class RFC3211Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211Wrap()
-    //     {
-    //         super(new RFC3211WrapEngine(new AESEngine()), 16);
-    //     }
-    // }
+    public static class RFC3211Wrap
+        extends BaseWrapCipher
+    {
+        public RFC3211Wrap()
+        {
+            super(new RFC3211WrapEngine(new AESEngine()), 16);
+        }
+    }
 
-    // public static class RFC5649Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC5649Wrap()
-    //     {
-    //         super(new RFC5649WrapEngine(new AESEngine()));
-    //     }
-    // }
-    // END android-removed
+    public static class RFC5649Wrap
+        extends BaseWrapCipher
+    {
+        public RFC5649Wrap()
+        {
+            super(new RFC5649WrapEngine(new AESEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithAES-CBC
@@ -378,9 +375,12 @@
     {
         public KeyGen()
         {
-            // BEGIN android-changed
+            // Android-changed: Use 128-bit keys by default.
+            // Bouncy Castle defaults to 192-bit keys, which is the worst choice: worse security
+            // than 256-bit keys, slower than 128-bit keys, narrower support than either.
+            // Use 128-bit keys by default since they're faster and should still be plenty secure.
+            // this(192);
             this(128);
-            // END android-changed
         }
 
         public KeyGen(int keySize)
@@ -389,34 +389,36 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class KeyGen128
-    //     extends KeyGen
-    // {
-    //     public KeyGen128()
-    //     {
-    //         super(128);
-    //     }
-    // }
-    //
-    // public static class KeyGen192
-    //     extends KeyGen
-    // {
-    //     public KeyGen192()
-    //     {
-    //         super(192);
-    //     }
-    // }
-    //
-    // public static class KeyGen256
-    //     extends KeyGen
-    // {
-    //     public KeyGen256()
-    //     {
-    //         super(256);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class KeyGen128
+        extends KeyGen
+    {
+        public KeyGen128()
+        {
+            super(128);
+        }
+    }
+
+    public static class KeyGen192
+        extends KeyGen
+    {
+        public KeyGen192()
+        {
+            super(192);
+        }
+    }
+
+    public static class KeyGen256
+        extends KeyGen
+    {
+        public KeyGen256()
+        {
+            super(256);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
     
     /**
      * PBEWithSHA1And128BitAES-BC
@@ -525,124 +527,126 @@
             super("PBEWithMD5And256BitAES-CBC-OpenSSL", null, true, OPENSSL, MD5, 256, 128);
         }
     }
+    
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[16];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[16];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(iv);
 
-    //         random.nextBytes(iv);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("AES");
+                params.init(new IvParameterSpec(iv));
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("AES");
-    //             params.init(new IvParameterSpec(iv));
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            return params;
+        }
+    }
 
-    //         return params;
-    //     }
-    // }
+    public static class AlgParamGenCCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            // TODO: add support for GCMParameterSpec as a template.
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // public static class AlgParamGenCCM
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         // TODO: add support for GCMParameterSpec as a template.
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[12];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[12];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(iv);
 
-    //         random.nextBytes(iv);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("CCM");
+                params.init(new CCMParameters(iv, 12).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("CCM");
-    //             params.init(new CCMParameters(iv, 12).getEncoded());
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            return params;
+        }
+    }
 
-    //         return params;
-    //     }
-    // }
+    public static class AlgParamGenGCM
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            // TODO: add support for GCMParameterSpec as a template.
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
+        }
 
-    // public static class AlgParamGenGCM
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         // TODO: add support for GCMParameterSpec as a template.
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-    //     }
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  nonce = new byte[12];
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  nonce = new byte[12];
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            random.nextBytes(nonce);
 
-    //         random.nextBytes(nonce);
+            AlgorithmParameters params;
 
-    //         AlgorithmParameters params;
+            try
+            {
+                params = createParametersInstance("GCM");
+                params.init(new GCMParameters(nonce, 16).getEncoded());
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         try
-    //         {
-    //             params = createParametersInstance("GCM");
-    //             params.init(new GCMParameters(nonce, 16).getEncoded());
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
-
-    //         return params;
-    //     }
-    // }
-    // END android-removed
+            return params;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class AlgParams
         extends IvAlgorithmParameters
@@ -738,92 +742,94 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParamsCCM
-    //     extends BaseAlgorithmParameters
-    // {
-    //     private CCMParameters ccmParams;
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamsCCM
+        extends BaseAlgorithmParameters
+    {
+        private CCMParameters ccmParams;
 
-    //     protected void engineInit(AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (GcmSpecUtil.isGcmSpec(paramSpec))
-    //         {
-    //             ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec));
-    //         }
-    //         else if (paramSpec instanceof AEADParameterSpec)
-    //         {
-    //             ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
-    //         }
-    //         else
-    //         {
-    //             throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
-    //         }
-    //     }
+        protected void engineInit(AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (GcmSpecUtil.isGcmSpec(paramSpec))
+            {
+                ccmParams = CCMParameters.getInstance(GcmSpecUtil.extractGcmParameters(paramSpec));
+            }
+            else if (paramSpec instanceof AEADParameterSpec)
+            {
+                ccmParams = new CCMParameters(((AEADParameterSpec)paramSpec).getNonce(), ((AEADParameterSpec)paramSpec).getMacSizeInBits() / 8);
+            }
+            else
+            {
+                throw new InvalidParameterSpecException("AlgorithmParameterSpec class not recognized: " + paramSpec.getClass().getName());
+            }
+        }
 
-    //     protected void engineInit(byte[] params)
-    //         throws IOException
-    //     {
-    //         ccmParams = CCMParameters.getInstance(params);
-    //     }
+        protected void engineInit(byte[] params)
+            throws IOException
+        {
+            ccmParams = CCMParameters.getInstance(params);
+        }
 
-    //     protected void engineInit(byte[] params, String format)
-    //         throws IOException
-    //     {
-    //         if (!isASN1FormatString(format))
-    //         {
-    //             throw new IOException("unknown format specified");
-    //         }
+        protected void engineInit(byte[] params, String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
 
-    //         ccmParams = CCMParameters.getInstance(params);
-    //     }
+            ccmParams = CCMParameters.getInstance(params);
+        }
 
-    //     protected byte[] engineGetEncoded()
-    //         throws IOException
-    //     {
-    //         return ccmParams.getEncoded();
-    //     }
+        protected byte[] engineGetEncoded()
+            throws IOException
+        {
+            return ccmParams.getEncoded();
+        }
 
-    //     protected byte[] engineGetEncoded(String format)
-    //         throws IOException
-    //     {
-    //         if (!isASN1FormatString(format))
-    //         {
-    //             throw new IOException("unknown format specified");
-    //         }
+        protected byte[] engineGetEncoded(String format)
+            throws IOException
+        {
+            if (!isASN1FormatString(format))
+            {
+                throw new IOException("unknown format specified");
+            }
 
-    //         return ccmParams.getEncoded();
-    //     }
+            return ccmParams.getEncoded();
+        }
 
-    //     protected String engineToString()
-    //     {
-    //         return "CCM";
-    //     }
+        protected String engineToString()
+        {
+            return "CCM";
+        }
 
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
-    //         {
-    //             if (GcmSpecUtil.gcmSpecExists())
-    //             {
-    //                 return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive());
-    //             }
-    //             return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
-    //         }
-    //         if (paramSpec == AEADParameterSpec.class)
-    //         {
-    //             return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
-    //         }
-    //         if (paramSpec == IvParameterSpec.class)
-    //         {
-    //             return new IvParameterSpec(ccmParams.getNonce());
-    //         }
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == AlgorithmParameterSpec.class || GcmSpecUtil.isGcmSpec(paramSpec))
+            {
+                if (GcmSpecUtil.gcmSpecExists())
+                {
+                    return GcmSpecUtil.extractGcmSpec(ccmParams.toASN1Primitive());
+                }
+                return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+            }
+            if (paramSpec == AEADParameterSpec.class)
+            {
+                return new AEADParameterSpec(ccmParams.getNonce(), ccmParams.getIcvLen() * 8);
+            }
+            if (paramSpec == IvParameterSpec.class)
+            {
+                return new IvParameterSpec(ccmParams.getNonce());
+            }
 
-    //         throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
-    //     }
-    // }
-    // END android-removed
+            throw new InvalidParameterSpecException("AlgorithmParameterSpec not recognized: " + paramSpec.getName());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -857,40 +863,45 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-            // END android-removed
+
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.AES", generalAesAttributes);
             provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
-            // provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
+            provider.addAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAttributes("Cipher.AESWRAP", generalAesAttributes);
             provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
@@ -899,81 +910,85 @@
             provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
             provider.addAlgorithm("Alg.Alias.Cipher.AESKW", "AESWRAP");
 
-            // BEGIN android-removed
-            // provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes);
-            // provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD");
-            // provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD");
-            //
-            // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
-            // provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAttributes("Cipher.CCM", generalAesAttributes);
-            // provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-            // provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-            //
-            // provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAttributes("Cipher.AESWRAPPAD", generalAesAttributes);
+            provider.addAlgorithm("Cipher.AESWRAPPAD", PREFIX + "$WrapPad");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_wrap_pad, "AESWRAPPAD");
+            provider.addAlgorithm("Alg.Alias.Cipher.AESKWP", "AESWRAPPAD");
 
-            // BEGIN android-changed
+            provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
+            provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAttributes("Cipher.CCM", generalAesAttributes);
+            provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes128_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes192_CCM, "CCM");
+            provider.addAlgorithm("Alg.Alias.Cipher", NISTObjectIdentifiers.id_aes256_CCM, "CCM");
+
+            provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // BEGIN Android-changed: Use standard name for AES/GCM/NOPADDING instead of "GCM"
             provider.addAttributes("Cipher.AES/GCM/NOPADDING", generalAesAttributes);
             provider.addAlgorithm("Cipher.AES/GCM/NOPADDING", PREFIX + "$GCM");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "AES/GCM/NOPADDING");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "AES/GCM/NOPADDING");
             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "AES/GCM/NOPADDING");
-            // END android-changed
+            // END Android-changed: Use standard name for AES/GCM/NOPADDING instead of "GCM"
 
             provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen");
-            // BEGIN android-removed
-            // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
-            // provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192");
-            // provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
+            provider.addAlgorithm("KeyGenerator.AESWRAPPAD", PREFIX + "$KeyGen");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes128_wrap_pad, PREFIX + "$KeyGen128");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes192_wrap_pad, PREFIX + "$KeyGen192");
+            provider.addAlgorithm("KeyGenerator", NISTObjectIdentifiers.id_aes256_wrap_pad, PREFIX + "$KeyGen256");
 
-            // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
+            provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
 
-            // provider.addAlgorithm("Mac.AESCCMMAC", PREFIX + "$AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes128_CCM.getId(), "AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes192_CCM.getId(), "AESCCMMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes256_CCM.getId(), "AESCCMMAC");
-            // END android-removed
+            provider.addAlgorithm("Mac.AESCCMMAC", PREFIX + "$AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes128_CCM.getId(), "AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes192_CCM.getId(), "AESCCMMAC");
+            provider.addAlgorithm("Alg.Alias.Mac." + NISTObjectIdentifiers.id_aes256_CCM.getId(), "AESCCMMAC");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher", BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc, "PBEWITHSHAAND128BITAES-CBC-BC");
             provider.addAlgorithm("Alg.Alias.Cipher", BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc, "PBEWITHSHAAND192BITAES-CBC-BC");
@@ -1018,10 +1033,10 @@
             provider.addAlgorithm("Cipher.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC");
             provider.addAlgorithm("Cipher.PBEWITHMD5AND256BITAES-CBC-OPENSSL", PREFIX + "$PBEWithAESCBC");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.AES", PREFIX + "$KeyFactory");
             // provider.addAlgorithm("SecretKeyFactory", NISTObjectIdentifiers.aes, PREFIX + "$KeyFactory");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND128BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And128BitAESCBCOpenSSL");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5AND192BITAES-CBC-OPENSSL", PREFIX + "$PBEWithMD5And192BitAESCBCOpenSSL");
@@ -1075,10 +1090,10 @@
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
             // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
index c780d12..d1305cb 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
@@ -29,9 +29,9 @@
     {
         public KeyGen()
         {
-            // BEGIN android-changed
+            // Android-changed: Use ARC4 for algorithm name to match name used in provider
+            // super("RC4", 128, new CipherKeyGenerator());
             super("ARC4", 128, new CipherKeyGenerator());
-            // END android-changed
         }
     }
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
index c0a0949..ebaa5c5 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
@@ -3,16 +3,14 @@
 import org.bouncycastle.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.engines.BlowfishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 
@@ -40,16 +38,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new BlowfishEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new BlowfishEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class KeyGen
         extends BaseKeyGenerator
@@ -80,13 +80,11 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Mac.BLOWFISHCMAC", PREFIX + "$CMAC");
-            // END android-removed
             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
             provider.addAlgorithm("Alg.Alias.KeyGenerator", MiscObjectIdentifiers.cryptlib_algorithm_blowfish_CBC, "BLOWFISH");
             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
index 5a4f8cd..de2e548 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DES.java
@@ -19,16 +19,14 @@
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
 // import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.crypto.params.DESParameters;
@@ -69,19 +67,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * DES   CFB8
-    //  */
-    // public static class DESCFB8
-    //     extends BaseMac
-    // {
-    //     public DESCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new DESEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * DES   CFB8
+     *
+    public static class DESCFB8
+        extends BaseMac
+    {
+        public DESCFB8()
+        {
+            super(new CFBBlockCipherMac(new DESEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DES64
@@ -116,49 +116,49 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new DESEngine()));
-    //     }
-    // }
-    //
-    // /**
-    //  * DES9797Alg3with7816-4Padding
-    //  */
-    // public static class DES9797Alg3with7816d4
-    //     extends BaseMac
-    // {
-    //     public DES9797Alg3with7816d4()
-    //     {
-    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-    //     }
-    // }
-    //
-    // /**
-    //  * DES9797Alg3
-    //  */
-    // public static class DES9797Alg3
-    //     extends BaseMac
-    // {
-    //     public DES9797Alg3()
-    //     {
-    //         super(new ISO9797Alg3Mac(new DESEngine()));
-    //     }
-    // }
-    //
-    // public static class RFC3211
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211()
-    //     {
-    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new DESEngine()));
+        }
+    }
+
+    /**
+     * DES9797Alg3with7816-4Padding
+     *
+    public static class DES9797Alg3with7816d4
+        extends BaseMac
+    {
+        public DES9797Alg3with7816d4()
+        {
+            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
+        }
+    }
+
+    /**
+     * DES9797Alg3
+     *
+    public static class DES9797Alg3
+        extends BaseMac
+    {
+        public DES9797Alg3()
+        {
+            super(new ISO9797Alg3Mac(new DESEngine()));
+        }
+    }
+
+    public static class RFC3211
+        extends BaseWrapCipher
+    {
+        public RFC3211()
+        {
+            super(new RFC3211WrapEngine(new DESEngine()), 8);
+        }
+    }
 
     public static class AlgParamGen
         extends BaseAlgorithmParameterGenerator
@@ -197,6 +197,8 @@
             return params;
         }
     }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DES - the default for this is to generate a key in
@@ -358,19 +360,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndDES
-    //  */
-    // static public class PBEWithMD2KeyFactory
-    //     extends DESPBEKeyFactory
-    // {
-    //     public PBEWithMD2KeyFactory()
-    //     {
-    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndDES
+     *
+    static public class PBEWithMD2KeyFactory
+        extends DESPBEKeyFactory
+    {
+        public PBEWithMD2KeyFactory()
+        {
+            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -396,19 +400,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndDES
-    //  */
-    // static public class PBEWithMD2
-    //     extends BaseBlockCipher
-    // {
-    //     public PBEWithMD2()
-    //     {
-    //         super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndDES
+     *
+    static public class PBEWithMD2
+        extends BaseBlockCipher
+    {
+        public PBEWithMD2()
+        {
+            super(new CBCBlockCipher(new DESEngine()), PKCS5S1, MD2, 64, 8);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithMD5AndDES
@@ -448,81 +454,80 @@
         {
 
             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
-            // BEGIN android-removed
-            // provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-            //
-            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-            //
-            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Cipher", OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
+
+            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
+
+            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
 
             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-            //
-            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-            //
-            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-            //
-            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-            //
-            // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-            //
-            // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-            // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
+            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
+
+            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
+            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
+
+            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
+            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
+
+            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
+
+            provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
+            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
+
+            provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
+            provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters", OIWObjectIdentifiers.desCBC, "DES");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
             //
             // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
             provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5");
             provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1");
             
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // BEGIN android-removed
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // END android-removed
+            // Android-removed: Unsupported algorithms
+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
         }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
index c89fe34..9b2e57b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/DESede.java
@@ -1,21 +1,18 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.AlgorithmParameters;
 // import java.security.InvalidAlgorithmParameterException;
-// END android-removed
 import java.security.SecureRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import java.security.spec.AlgorithmParameterSpec;
-// END android-removed
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.IvParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -23,21 +20,18 @@
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.DESedeWrapEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-// END android-removed
 import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
 import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
@@ -69,19 +63,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * DESede   CFB8
-    //  */
-    // public static class DESedeCFB8
-    //     extends BaseMac
-    // {
-    //     public DESedeCFB8()
-    //     {
-    //         super(new CFBBlockCipherMac(new DESedeEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * DESede   CFB8
+     *
+    public static class DESedeCFB8
+        extends BaseMac
+    {
+        public DESedeCFB8()
+        {
+            super(new CFBBlockCipherMac(new DESedeEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * DESede64
@@ -106,7 +102,7 @@
             super(new CBCBlockCipherMac(new DESedeEngine(), 64, new ISO7816d4Padding()));
         }
     }
-
+    
     public static class CBCMAC
         extends BaseMac
     {
@@ -116,16 +112,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // static public class CMAC
-    //     extends BaseMac
-    // {
-    //     public CMAC()
-    //     {
-    //         super(new CMac(new DESedeEngine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    static public class CMAC
+        extends BaseMac
+    {
+        public CMAC()
+        {
+            super(new CMac(new DESedeEngine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Wrap
         extends BaseWrapCipher
@@ -136,16 +134,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class RFC3211
-    //     extends BaseWrapCipher
-    // {
-    //     public RFC3211()
-    //     {
-    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class RFC3211
+        extends BaseWrapCipher
+    {
+        public RFC3211()
+        {
+            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
   /**
      * DESede - the default for this is to generate a key in
@@ -259,45 +259,47 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom            random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-    //     }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom            random)
+            throws InvalidAlgorithmParameterException
+        {
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
+        }
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         byte[]  iv = new byte[8];
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            byte[]  iv = new byte[8];
 
-    //         if (random == null)
-    //         {
-    //             random = new SecureRandom();
-    //         }
+            if (random == null)
+            {
+                random = new SecureRandom();
+            }
 
-    //         random.nextBytes(iv);
+            random.nextBytes(iv);
 
-    //         AlgorithmParameters params;
+            AlgorithmParameters params;
 
-    //         try
-    //         {
-    //             params = createParametersInstance("DES");
-    //             params.init(new IvParameterSpec(iv));
-    //         }
-    //         catch (Exception e)
-    //         {
-    //             throw new RuntimeException(e.getMessage());
-    //         }
+            try
+            {
+                params = createParametersInstance("DES");
+                params.init(new IvParameterSpec(iv));
+            }
+            catch (Exception e)
+            {
+                throw new RuntimeException(e.getMessage());
+            }
 
-    //         return params;
-    //     }
-    // }
-    // END android-removed
+            return params;
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     static public class KeyFactory
         extends BaseSecretKeyFactory
@@ -381,38 +383,35 @@
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
-            // END android-removed
             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
-            // BEGIN android-changed
+            // BEGIN Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-            // END android-changed
-            // BEGIN android-removed
+            // END Android-changed: Make alias of DESEDEWRAP rather than separate algorithm
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
             // provider.addAlgorithm("Alg.Alias.Cipher.DESEDERFC3217WRAP", "DESEDEWRAP");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP");
             provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE");
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
-            // END android-removed
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
 
             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
-                // BEGIN android-removed
+                // BEGIN Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
                 // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
-                // END android-removed
+                // END Android-removed: Unsupported algorithms
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
-                // END android-removed
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
@@ -426,39 +425,41 @@
             }
 
             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
             // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
 
-            // BEGIN android-removed
-            // provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("SecretKeyFactory", OIWObjectIdentifiers.desEDE, PREFIX + "$KeyFactory");
 
-            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
+            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
+            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
+            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
+            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
 
-            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-            // END android-removed
+            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
+            */
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory");
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
index b19a4d4..31c9bda 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
@@ -13,9 +13,8 @@
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.pkcs.PBKDF2Params;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherParameters;
@@ -34,99 +33,101 @@
 
     }
 
-    // BEGIN android-removed
-    // public static class AlgParams
-    //     extends BaseAlgorithmParameters
-    // {
-    //     PBKDF2Params params;
-    //
-    //     protected byte[] engineGetEncoded()
-    //     {
-    //         try
-    //         {
-    //             return params.getEncoded(ASN1Encoding.DER);
-    //         }
-    //         catch (IOException e)
-    //         {
-    //             throw new RuntimeException("Oooops! " + e.toString());
-    //         }
-    //     }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParams
+        extends BaseAlgorithmParameters
+    {
+        PBKDF2Params params;
 
-    //     protected byte[] engineGetEncoded(
-    //         String format)
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             return engineGetEncoded();
-    //         }
-    //
-    //         return null;
-    //     }
-    //
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == PBEParameterSpec.class)
-    //         {
-    //             return new PBEParameterSpec(params.getSalt(),
-    //                             params.getIterationCount().intValue());
-    //         }
-    //
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
-    //     }
-    //
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (!(paramSpec instanceof PBEParameterSpec))
-    //         {
-    //             throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
-    //         }
-    //
-    //         PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
-    //
-    //         this.params = new PBKDF2Params(pbeSpec.getSalt(),
-    //                             pbeSpec.getIterationCount());
-    //     }
-    //
-    //     protected void engineInit(
-    //         byte[] params)
-    //         throws IOException
-    //     {
-    //         this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
-    //     }
-    //
-    //     protected void engineInit(
-    //         byte[] params,
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             engineInit(params);
-    //             return;
-    //         }
-    //
-    //         throw new IOException("Unknown parameters format in PBKDF2 parameters object");
-    //     }
-    //
-    //     protected String engineToString()
-    //     {
-    //         return "PBKDF2 Parameters";
-    //     }
-    // }
-    // END android-removed
+        protected byte[] engineGetEncoded()
+        {
+            try
+            {
+                return params.getEncoded(ASN1Encoding.DER);
+            }
+            catch (IOException e)
+            {
+                throw new RuntimeException("Oooops! " + e.toString());
+            }
+        }
+
+        protected byte[] engineGetEncoded(
+            String format)
+        {
+            if (this.isASN1FormatString(format))
+            {
+                return engineGetEncoded();
+            }
+
+            return null;
+        }
+
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
+            Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == PBEParameterSpec.class)
+            {
+                return new PBEParameterSpec(params.getSalt(),
+                                params.getIterationCount().intValue());
+            }
+
+            throw new InvalidParameterSpecException("unknown parameter spec passed to PBKDF2 PBE parameters object.");
+        }
+
+        protected void engineInit(
+            AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (!(paramSpec instanceof PBEParameterSpec))
+            {
+                throw new InvalidParameterSpecException("PBEParameterSpec required to initialise a PBKDF2 PBE parameters algorithm parameters object");
+            }
+
+            PBEParameterSpec    pbeSpec = (PBEParameterSpec)paramSpec;
+
+            this.params = new PBKDF2Params(pbeSpec.getSalt(),
+                                pbeSpec.getIterationCount());
+        }
+
+        protected void engineInit(
+            byte[] params)
+            throws IOException
+        {
+            this.params = PBKDF2Params.getInstance(ASN1Primitive.fromByteArray(params));
+        }
+
+        protected void engineInit(
+            byte[] params,
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                engineInit(params);
+                return;
+            }
+
+            throw new IOException("Unknown parameters format in PBKDF2 parameters object");
+        }
+
+        protected String engineToString()
+        {
+            return "PBKDF2 Parameters";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class BasePBKDF2
         extends BaseSecretKeyFactory
     {
         private int scheme;
-        // BEGIN ANDROID-ADDED
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private int keySizeInBits;
         private int ivSizeInBits;
-        // END ANDROID-ADDED
+        // END Android-added: Allow to specify a key using only the password.
         private int defaultDigest;
 
         public BasePBKDF2(String name, int scheme)
@@ -134,27 +135,27 @@
             this(name, scheme, SHA1);
         }
 
-        // BEGIN ANDROID-CHANGED
-        // Was: public BasePBKDF2(String name, int scheme, int defaultDigest)
+        // BEGIN Android-changed: Allow to specify a key using only the password.
+        // public BasePBKDF2(String name, int scheme, int defaultDigest)
         private BasePBKDF2(
                 String name, int scheme, int digest, int keySizeInBits, int ivSizeInBits)
-        // END ANDROID-CHANGED
+        // END Android-changed: Allow to specify a key using only the password.
         {
             super(name, PKCSObjectIdentifiers.id_PBKDF2);
 
             this.scheme = scheme;
-            // BEGIN ANDROID-ADDED
+            // BEGIN Android-added: Support key-restricted versions.
             this.keySizeInBits = keySizeInBits;
             this.ivSizeInBits = ivSizeInBits;
-            // END ANDROID-ADDED
+            // END Android-added: Support key-restricted versions.
             this.defaultDigest = digest;
         }
 
-        // BEGIN android-added
+        // BEGIN Android-added: Allow to specify a key using only the password.
         private BasePBKDF2(String name, int scheme, int digest) {
             this(name, scheme, digest, 0, 0);
         }
-        // END android-added
+        // END Android-added: Allow to specify a key using only the password.
 
         protected SecretKey engineGenerateSecret(
             KeySpec keySpec)
@@ -164,9 +165,8 @@
             {
                 PBEKeySpec pbeSpec = (PBEKeySpec)keySpec;
 
-                // BEGIN ANDROID-ADDED
-                // Allow to specify a key using only the password. The key will be generated later
-                // when other parameters are known.
+                // BEGIN Android-added: Allow to specify a key using only the password.
+                // The key will be generated later when other parameters are known.
                 if (pbeSpec.getSalt() == null
                         && pbeSpec.getIterationCount() == 0
                         && pbeSpec.getKeyLength() == 0
@@ -178,7 +178,7 @@
                             // cipherParameters, to be generated when the PBE parameters are known.
                             null);
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow to specify a key using only the password.
 
                 if (pbeSpec.getSalt() == null)
                 {
@@ -231,13 +231,15 @@
         private int getDigestCode(ASN1ObjectIdentifier algorithm)
             throws InvalidKeySpecException
         {
-            // BEGIN android-removed
-            // if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
-            // {
-            //     return GOST3411;
-            // }
-            // else
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (algorithm.equals(CryptoProObjectIdentifiers.gostR3411Hmac))
+            {
+                return GOST3411;
+            }
+            else
+            */
+            // END Android-removed: Unsupported algorithms
             if (algorithm.equals(PKCSObjectIdentifiers.id_hmacWithSHA1))
             {
                 return SHA1;
@@ -263,62 +265,65 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class PBKDF2withUTF8
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withUTF8()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA224
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA224()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA224);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA256
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA256()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA256);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA384
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA384()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA384);
-    //     }
-    // }
-    //
-    // public static class PBKDF2withSHA512
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2withSHA512()
-    //     {
-    //         super("PBKDF2", PKCS5S2_UTF8, SHA512);
-    //     }
-    // }
-    //
-    // public static class PBKDF2with8BIT
-    //     extends BasePBKDF2
-    // {
-    //     public PBKDF2with8BIT()
-    //     {
-    //         super("PBKDF2", PKCS5S2);
-    //     }
-    // }
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class PBKDF2withUTF8
+        extends BasePBKDF2
+    {
+        public PBKDF2withUTF8()
+        {
+            super("PBKDF2", PKCS5S2_UTF8);
+        }
+    }
 
-    // BEGIN android-added
+    public static class PBKDF2withSHA224
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA224()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA224);
+        }
+    }
+
+    public static class PBKDF2withSHA256
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA256()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA256);
+        }
+    }
+
+    public static class PBKDF2withSHA384
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA384()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA384);
+        }
+    }
+    public static class PBKDF2withSHA512
+        extends BasePBKDF2
+    {
+        public PBKDF2withSHA512()
+        {
+            super("PBKDF2", PKCS5S2_UTF8, SHA512);
+        }
+    }
+
+    public static class PBKDF2with8BIT
+        extends BasePBKDF2
+    {
+        public PBKDF2with8BIT()
+        {
+            super("PBKDF2", PKCS5S2);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
+
+    // BEGIN Android-added: Android implementations of PBKDF2 algorithms.
+    // See note in Mappings below.
     public static class BasePBKDF2WithHmacSHA1 extends BasePBKDF2 {
         public BasePBKDF2WithHmacSHA1(String name, int scheme)
         {
@@ -479,7 +484,7 @@
             super("PBEWithHmacSHA512AndAES_256", PKCS5S2_UTF8, SHA512, 256, 128);
         }
     }
-    // END android-added
+    // END Android-added: Android implementations of PBKDF2 algorithms.
 
     public static class Mappings
         extends AlgorithmProvider
@@ -492,45 +497,34 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-comment
-            // Context: many of these services used to be in
-            // com.android.org.bouncycastle.jcajce.provider.digest,SHA1, duplicated with respect to here. This
-            // class (PBEPBKDF2) wasn't present in Android until the upgrade to 1.56. Android added
-            // some other of these services in SHA1 (for fixed key sizes). Then the duplicate
-            // algorithms were removed upstream from SHA1 in
-            // b5634e3155e7fd8688599d3eef8e4f3c8a1db078
-            // . As a result, when adapting BouncyCastle 1.56 from upstream, the Android code that
-            // had been added to SHA1 was moved here, and the rest of the services provided by this
-            // class were commented.
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
-            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
-            // END android-removed
-            // BEGIN android-changed
-            // Was: provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            // Android-note: Provided classes differ significantly from upstream.
+            // Before BC 1.56, this class was omitted in Android and the algorithms we desired
+            // were provided in org.bouncycastle.jcajce.provider.digest.SHA1.  During that
+            // time, Android added some additional versions of these algorithms for fixed key sizes.
+            // BC eventually consolidated the algorithms into this class.  As a result, when
+            // upgrading to BC 1.56, we added this class but replaced its contents with
+            // our versions.
+            // BEGIN Android-removed: Bouncy Castle versions of algorithms.
+            /*
+            provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
+            provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
+            */
+            // END Android-removed: Bouncy Castle versions of algorithms.
+            // BEGIN Android-added: Android versions of algorithms.
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WithHmacSHA1AndUTF8", "PBKDF2WithHmacSHA1");
-            // END android-changed
-            // BEGin android-removed
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHASCII", PREFIX + "$PBKDF2with8BIT");
-            // END android-removed
-            // BEGIN android-changed
-            // Was:
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITH8BIT", "PBKDF2WITHASCII");
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2WITHHMACSHA1AND8BIT", "PBKDF2WITHASCII");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2with8BIT", "PBKDF2WithHmacSHA1And8BIT");
-            // END android-changed
-            // BEGIN android-added
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBKDF2withASCII", "PBKDF2WithHmacSHA1And8BIT");
-            // BEGIN android-removed
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA224", PREFIX + "$PBKDF2withSHA224");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA256", PREFIX + "$PBKDF2withSHA256");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA384", PREFIX + "$PBKDF2withSHA384");
-            // provider.addAlgorithm("SecretKeyFactory.PBKDF2WITHHMACSHA512", PREFIX + "$PBKDF2withSHA512");
-            // END android-removed
-            // BEGIN android-added
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1", PREFIX + "$PBKDF2WithHmacSHA1UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA224", PREFIX + "$PBKDF2WithHmacSHA224UTF8");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA256", PREFIX + "$PBKDF2WithHmacSHA256UTF8");
@@ -547,7 +541,7 @@
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", PREFIX + "$PBEWithHmacSHA384AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
             provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
-            // END android-added
+            // END Android-added: Android versions of algorithms.
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
index 7bc1e71..06693a2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/RC2.java
@@ -12,28 +12,24 @@
 
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.RC2Engine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.engines.RC2WrapEngine;
 // import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
 // import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
 import org.bouncycastle.util.Arrays;
@@ -44,61 +40,63 @@
     {
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * RC2
-    //  */
-    // static public class ECB
-    //     extends BaseBlockCipher
-    // {
-    //     public ECB()
-    //     {
-    //         super(new RC2Engine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC2CBC
-    //  */
-    // static public class CBC
-    //     extends BaseBlockCipher
-    // {
-    //     public CBC()
-    //     {
-    //         super(new CBCBlockCipher(new RC2Engine()), 64);
-    //     }
-    // }
-    //
-    // public static class Wrap
-    //     extends BaseWrapCipher
-    // {
-    //     public Wrap()
-    //     {
-    //         super(new RC2WrapEngine());
-    //     }
-    // }
-    //
-    // /**
-    //  * RC2
-    //  */
-    // public static class CBCMAC
-    //     extends BaseMac
-    // {
-    //     public CBCMAC()
-    //     {
-    //         super(new CBCBlockCipherMac(new RC2Engine()));
-    //     }
-    // }
-    //
-    // public static class CFB8MAC
-    //     extends BaseMac
-    // {
-    //     public CFB8MAC()
-    //     {
-    //         super(new CFBBlockCipherMac(new RC2Engine()));
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * RC2
+     *
+    static public class ECB
+        extends BaseBlockCipher
+    {
+        public ECB()
+        {
+            super(new RC2Engine());
+        }
+    }
+
+    /**
+     * RC2CBC
+     *
+    static public class CBC
+        extends BaseBlockCipher
+    {
+        public CBC()
+        {
+            super(new CBCBlockCipher(new RC2Engine()), 64);
+        }
+    }
+
+    public static class Wrap
+        extends BaseWrapCipher
+    {
+        public Wrap()
+        {
+            super(new RC2WrapEngine());
+        }
+    }
+
+    /**
+     * RC2
+     *
+    public static class CBCMAC
+        extends BaseMac
+    {
+        public CBCMAC()
+        {
+            super(new CBCBlockCipherMac(new RC2Engine()));
+        }
+    }
+
+    public static class CFB8MAC
+        extends BaseMac
+    {
+        public CFB8MAC()
+        {
+            super(new CFBBlockCipherMac(new RC2Engine()));
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHA1AndRC2
@@ -184,19 +182,21 @@
         }
     }
 
-    // BEGIN android-removed
-    // /**
-    //  * PBEWithMD2AndRC2
-    //  */
-    // static public class PBEWithMD2KeyFactory
-    //     extends PBESecretKeyFactory
-    // {
-    //     public PBEWithMD2KeyFactory()
-    //     {
-    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    /**
+     * PBEWithMD2AndRC2
+     *
+    static public class PBEWithMD2KeyFactory
+        extends PBESecretKeyFactory
+    {
+        public PBEWithMD2KeyFactory()
+        {
+            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
    /**
     * PBEWithMD5AndRC2
@@ -210,249 +210,251 @@
        }
    }
 
-    // BEGIN android-removed
-    // public static class AlgParamGen
-    //     extends BaseAlgorithmParameterGenerator
-    // {
-    //     RC2ParameterSpec spec = null;
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParamGen
+        extends BaseAlgorithmParameterGenerator
+    {
+        RC2ParameterSpec spec = null;
 
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec genParamSpec,
-    //         SecureRandom random)
-    //         throws InvalidAlgorithmParameterException
-    //     {
-    //         if (genParamSpec instanceof RC2ParameterSpec)
-    //         {
-    //             spec = (RC2ParameterSpec)genParamSpec;
-    //             return;
-    //         }
+        protected void engineInit(
+            AlgorithmParameterSpec genParamSpec,
+            SecureRandom random)
+            throws InvalidAlgorithmParameterException
+        {
+            if (genParamSpec instanceof RC2ParameterSpec)
+            {
+                spec = (RC2ParameterSpec)genParamSpec;
+                return;
+            }
 
-    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-    //     }
+            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
+        }
 
-    //     protected AlgorithmParameters engineGenerateParameters()
-    //     {
-    //         AlgorithmParameters params;
+        protected AlgorithmParameters engineGenerateParameters()
+        {
+            AlgorithmParameters params;
 
-    //         if (spec == null)
-    //         {
-    //             byte[] iv = new byte[8];
+            if (spec == null)
+            {
+                byte[] iv = new byte[8];
 
-    //             if (random == null)
-    //             {
-    //                 random = new SecureRandom();
-    //             }
+                if (random == null)
+                {
+                    random = new SecureRandom();
+                }
 
-    //             random.nextBytes(iv);
+                random.nextBytes(iv);
 
-    //             try
-    //             {
-    //                 params = createParametersInstance("RC2");
-    //                 params.init(new IvParameterSpec(iv));
-    //             }
-    //             catch (Exception e)
-    //             {
-    //                 throw new RuntimeException(e.getMessage());
-    //             }
-    //         }
-    //         else
-    //         {
-    //             try
-    //             {
-    //                 params = createParametersInstance("RC2");
-    //                 params.init(spec);
-    //             }
-    //             catch (Exception e)
-    //             {
-    //                 throw new RuntimeException(e.getMessage());
-    //             }
-    //         }
+                try
+                {
+                    params = createParametersInstance("RC2");
+                    params.init(new IvParameterSpec(iv));
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException(e.getMessage());
+                }
+            }
+            else
+            {
+                try
+                {
+                    params = createParametersInstance("RC2");
+                    params.init(spec);
+                }
+                catch (Exception e)
+                {
+                    throw new RuntimeException(e.getMessage());
+                }
+            }
 
-    //         return params;
-    //     }
-    // }
+            return params;
+        }
+    }
 
-    // public static class KeyGenerator
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGenerator()
-    //     {
-    //         super("RC2", 128, new CipherKeyGenerator());
-    //     }
-    // }
+    public static class KeyGenerator
+        extends BaseKeyGenerator
+    {
+        public KeyGenerator()
+        {
+            super("RC2", 128, new CipherKeyGenerator());
+        }
+    }
 
-    // public static class AlgParams
-    //     extends BaseAlgorithmParameters
-    // {
-    //     private static final short[] table = {
-    //         0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-    //         0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-    //         0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-    //         0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-    //         0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-    //         0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-    //         0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-    //         0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-    //         0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-    //         0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-    //         0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-    //         0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-    //         0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-    //         0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-    //         0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-    //         0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-    //     };
+    public static class AlgParams
+        extends BaseAlgorithmParameters
+    {
+        private static final short[] table = {
+            0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
+            0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
+            0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
+            0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
+            0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
+            0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
+            0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
+            0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
+            0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
+            0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
+            0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
+            0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
+            0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
+            0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
+            0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
+            0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
+        };
 
-    //     private static final short[] ekb = {
-    //         0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-    //         0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-    //         0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-    //         0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-    //         0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-    //         0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-    //         0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-    //         0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-    //         0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-    //         0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-    //         0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-    //         0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-    //         0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-    //         0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-    //         0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-    //         0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-    //     };
+        private static final short[] ekb = {
+            0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
+            0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
+            0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
+            0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
+            0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
+            0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
+            0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
+            0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
+            0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
+            0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
+            0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
+            0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
+            0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
+            0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
+            0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
+            0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
+        };
 
-    //     private byte[] iv;
-    //     private int parameterVersion = 58;
+        private byte[] iv;
+        private int parameterVersion = 58;
 
-    //     protected byte[] engineGetEncoded()
-    //     {
-    //         return Arrays.clone(iv);
-    //     }
+        protected byte[] engineGetEncoded()
+        {
+            return Arrays.clone(iv);
+        }
 
-    //     protected byte[] engineGetEncoded(
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             if (parameterVersion == -1)
-    //             {
-    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-    //             }
-    //             else
-    //             {
-    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-    //             }
-    //         }
+        protected byte[] engineGetEncoded(
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                if (parameterVersion == -1)
+                {
+                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
+                }
+                else
+                {
+                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
+                }
+            }
 
-    //         if (format.equals("RAW"))
-    //         {
-    //             return engineGetEncoded();
-    //         }
+            if (format.equals("RAW"))
+            {
+                return engineGetEncoded();
+            }
 
-    //         return null;
-    //     }
+            return null;
+        }
 
-    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
-    //         Class paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //         {
-    //             if (parameterVersion != -1)
-    //             {
-    //                 if (parameterVersion < 256)
-    //                 {
-    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
-    //                 }
-    //                 else
-    //                 {
-    //                     return new RC2ParameterSpec(parameterVersion, iv);
-    //                 }
-    //             }
-    //         }
+        protected AlgorithmParameterSpec localEngineGetParameterSpec(
+            Class paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec == RC2ParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+            {
+                if (parameterVersion != -1)
+                {
+                    if (parameterVersion < 256)
+                    {
+                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
+                    }
+                    else
+                    {
+                        return new RC2ParameterSpec(parameterVersion, iv);
+                    }
+                }
+            }
 
-    //         if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
-    //         {
-    //             return new IvParameterSpec(iv);
-    //         }
+            if (paramSpec == IvParameterSpec.class || paramSpec == AlgorithmParameterSpec.class)
+            {
+                return new IvParameterSpec(iv);
+            }
 
-    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-    //     }
+            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
+        }
 
-    //     protected void engineInit(
-    //         AlgorithmParameterSpec paramSpec)
-    //         throws InvalidParameterSpecException
-    //     {
-    //         if (paramSpec instanceof IvParameterSpec)
-    //         {
-    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
-    //         }
-    //         else if (paramSpec instanceof RC2ParameterSpec)
-    //         {
-    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-    //             if (effKeyBits != -1)
-    //             {
-    //                 if (effKeyBits < 256)
-    //                 {
-    //                     parameterVersion = table[effKeyBits];
-    //                 }
-    //                 else
-    //                 {
-    //                     parameterVersion = effKeyBits;
-    //                 }
-    //             }
+        protected void engineInit(
+            AlgorithmParameterSpec paramSpec)
+            throws InvalidParameterSpecException
+        {
+            if (paramSpec instanceof IvParameterSpec)
+            {
+                this.iv = ((IvParameterSpec)paramSpec).getIV();
+            }
+            else if (paramSpec instanceof RC2ParameterSpec)
+            {
+                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
+                if (effKeyBits != -1)
+                {
+                    if (effKeyBits < 256)
+                    {
+                        parameterVersion = table[effKeyBits];
+                    }
+                    else
+                    {
+                        parameterVersion = effKeyBits;
+                    }
+                }
 
-    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-    //         }
-    //         else
-    //         {
-    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-    //         }
-    //     }
+                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
+            }
+            else
+            {
+                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
+            }
+        }
 
-    //     protected void engineInit(
-    //         byte[] params)
-    //         throws IOException
-    //     {
-    //         this.iv = Arrays.clone(params);
-    //     }
+        protected void engineInit(
+            byte[] params)
+            throws IOException
+        {
+            this.iv = Arrays.clone(params);
+        }
 
-    //     protected void engineInit(
-    //         byte[] params,
-    //         String format)
-    //         throws IOException
-    //     {
-    //         if (this.isASN1FormatString(format))
-    //         {
-    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
+        protected void engineInit(
+            byte[] params,
+            String format)
+            throws IOException
+        {
+            if (this.isASN1FormatString(format))
+            {
+                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
 
-    //             if (p.getRC2ParameterVersion() != null)
-    //             {
-    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
-    //             }
+                if (p.getRC2ParameterVersion() != null)
+                {
+                    parameterVersion = p.getRC2ParameterVersion().intValue();
+                }
 
-    //             iv = p.getIV();
+                iv = p.getIV();
 
-    //             return;
-    //         }
+                return;
+            }
 
-    //         if (format.equals("RAW"))
-    //         {
-    //             engineInit(params);
-    //             return;
-    //         }
+            if (format.equals("RAW"))
+            {
+                engineInit(params);
+                return;
+            }
 
-    //         throw new IOException("Unknown parameters format in IV parameters object");
-    //     }
+            throw new IOException("Unknown parameters format in IV parameters object");
+        }
 
-    //     protected String engineToString()
-    //     {
-    //         return "RC2 Parameters";
-    //     }
-    // }
-    // END android-removed
+        protected String engineToString()
+        {
+            return "RC2 Parameters";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends AlgorithmProvider
@@ -465,36 +467,40 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
-            // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
-            // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
-            //
-            // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
-            // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
-            //
-            // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
-            // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
-            //
-            // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
-            // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
-            // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
-            // provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
-            //
-            // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
-            // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
-            // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-            //
-            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-            // END android-removed
 
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
+            provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
+
+            provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
+            provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
+
+            provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
+            provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
+
+            provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
+            provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
+            provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
+            provider.addAlgorithm("Cipher", PKCSObjectIdentifiers.RC2_CBC, PREFIX + "$CBC");
+
+            provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
+            provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
+            provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
+
+            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
+            */
+            // END Android-removed: Unsupported algorithms
+
+            // Android-note: All of the non-disabled algorithms in this class are necessary
+            // for KeyStore.PKCS12
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
@@ -502,18 +508,16 @@
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
-            // END android-removed
             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory");
 
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory");
 
-            // BEGIN android-removed
+            // Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-            // END android-removed
 
             provider.addAlgorithm("Alg.Alias.Cipher", PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
index 7ac79e7..e955e9d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
@@ -6,44 +6,46 @@
 abstract class SymmetricAlgorithmProvider
     extends AlgorithmProvider
 {
-    // BEGIN android-removed
-    // protected void addCMacAlgorithm(
-    //     ConfigurableProvider provider,
-    //     String algorithm,
-    //     String algorithmClassName,
-    //     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
-    //
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
-    // }
-    //
-    // protected void addGMacAlgorithm(
-    //     ConfigurableProvider provider,
-    //     String algorithm,
-    //     String algorithmClassName,
-    //     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
-    //
-    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
-    // }
-    //
-    // protected void addPoly1305Algorithm(ConfigurableProvider provider,
-    //                                     String algorithm,
-    //                                     String algorithmClassName,
-    //                                     String keyGeneratorClassName)
-    // {
-    //     provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
-    //     provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    //
-    //     provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
-    //     provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    protected void addCMacAlgorithm(
+        ConfigurableProvider provider,
+        String algorithm,
+        String algorithmClassName,
+        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac." + algorithm + "-CMAC", algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "CMAC", algorithm + "-CMAC");
+
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-CMAC", keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "CMAC",  algorithm + "-CMAC");
+    }
+
+    protected void addGMacAlgorithm(
+        ConfigurableProvider provider,
+        String algorithm,
+        String algorithmClassName,
+        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
+
+        provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
+    }
+
+    protected void addPoly1305Algorithm(ConfigurableProvider provider,
+                                        String algorithm,
+                                        String algorithmClassName,
+                                        String keyGeneratorClassName)
+    {
+        provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
+        provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
+
+        provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
+        provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
index c666ac1..62988e0 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
@@ -1,26 +1,22 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.BlockCipher;
 // import org.bouncycastle.crypto.CipherKeyGenerator;
-// END android-removed
 import org.bouncycastle.crypto.engines.TwofishEngine;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
 // import org.bouncycastle.crypto.macs.GMac;
-// END android-removed
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// END android-removed
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
 // import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
 // import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-// END android-removed
 import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
 
 public final class Twofish
@@ -29,58 +25,60 @@
     {
     }
 
-    // BEGIN android-removed
-    // public static class ECB
-    //     extends BaseBlockCipher
-    // {
-    //     public ECB()
-    //     {
-    //         super(new BlockCipherProvider()
-    //         {
-    //             public BlockCipher get()
-    //             {
-    //                 return new TwofishEngine();
-    //             }
-    //         });
-    //     }
-    // }
-    //
-    // public static class KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public KeyGen()
-    //     {
-    //         super("Twofish", 256, new CipherKeyGenerator());
-    //     }
-    // }
-    //
-    // public static class GMAC
-    //     extends BaseMac
-    // {
-    //     public GMAC()
-    //     {
-    //         super(new GMac(new GCMBlockCipher(new TwofishEngine())));
-    //     }
-    // }
-    //
-    // public static class Poly1305
-    //     extends BaseMac
-    // {
-    //     public Poly1305()
-    //     {
-    //         super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
-    //     }
-    // }
-    //
-    // public static class Poly1305KeyGen
-    //     extends BaseKeyGenerator
-    // {
-    //     public Poly1305KeyGen()
-    //     {
-    //         super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class ECB
+        extends BaseBlockCipher
+    {
+        public ECB()
+        {
+            super(new BlockCipherProvider()
+            {
+                public BlockCipher get()
+                {
+                    return new TwofishEngine();
+                }
+            });
+        }
+    }
+
+    public static class KeyGen
+        extends BaseKeyGenerator
+    {
+        public KeyGen()
+        {
+            super("Twofish", 256, new CipherKeyGenerator());
+        }
+    }
+
+    public static class GMAC
+        extends BaseMac
+    {
+        public GMAC()
+        {
+            super(new GMac(new GCMBlockCipher(new TwofishEngine())));
+        }
+    }
+
+    public static class Poly1305
+        extends BaseMac
+    {
+        public Poly1305()
+        {
+            super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
+        }
+    }
+
+    public static class Poly1305KeyGen
+        extends BaseKeyGenerator
+    {
+        public Poly1305KeyGen()
+        {
+            super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     /**
      * PBEWithSHAAndTwofish-CBC
@@ -106,16 +104,18 @@
         }
     }
 
-    // BEGIN android-removed
-    // public static class AlgParams
-    //     extends IvAlgorithmParameters
-    // {
-    //     protected String engineToString()
-    //     {
-    //         return "Twofish IV";
-    //     }
-    // }
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    public static class AlgParams
+        extends IvAlgorithmParameters
+    {
+        protected String engineToString()
+        {
+            return "Twofish IV";
+        }
+    }
+    */
+    // END Android-removed: Unsupported algorithms
 
     public static class Mappings
         extends SymmetricAlgorithmProvider
@@ -128,21 +128,22 @@
 
         public void configure(ConfigurableProvider provider)
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
             // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
             // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
 
+            // Android-note: These algorithms are necessary for KeyStore.BouncyCastle
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
             provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC",  PREFIX + "$PBEWithSHA");
             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory");
 
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
             // addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
         }
     }
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
index 1486d71..a471972 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BCPBEKey.java
@@ -152,10 +152,4 @@
     {
         return tryWrong;
     }
-
-    // BEGIN android-added
-    public PBEKeySpec getPbeKeySpec() {
-        return pbeKeySpec;
-    }
-    // END android-added
 }
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
index 296d692..2237e26 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseAlgorithmParameterGenerator.java
@@ -6,13 +6,17 @@
 import java.security.NoSuchProviderException;
 import java.security.SecureRandom;
 
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 
 public abstract class BaseAlgorithmParameterGenerator
     extends AlgorithmParameterGeneratorSpi
 {
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     protected SecureRandom  random;
     protected int           strength = 1024;
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 63d7b35..9e3dafa 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -20,14 +20,13 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.interfaces.PBEKey;
 import javax.crypto.spec.IvParameterSpec;
-// BEGIN android-added
+// BEGIN Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEKeySpec;
-// END android-added
+// END Android-added: Various key-handling modifications
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 
 import org.bouncycastle.asn1.cms.GCMParameters;
 import org.bouncycastle.crypto.BlockCipher;
@@ -41,20 +40,17 @@
 import org.bouncycastle.crypto.modes.CCMBlockCipher;
 import org.bouncycastle.crypto.modes.CFBBlockCipher;
 import org.bouncycastle.crypto.modes.CTSBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.EAXBlockCipher;
 // import org.bouncycastle.crypto.modes.GCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.GCMBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.GOFBBlockCipher;
 // import org.bouncycastle.crypto.modes.OCBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.OFBBlockCipher;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
 // import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-// END android-removed
 import org.bouncycastle.crypto.modes.SICBlockCipher;
 import org.bouncycastle.crypto.paddings.BlockCipherPadding;
 import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
@@ -67,22 +63,19 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.ParametersWithSBox;
-// END android-removed
 import org.bouncycastle.crypto.params.RC2Parameters;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.RC5Parameters;
 // import org.bouncycastle.jcajce.PBKDF1Key;
 // import org.bouncycastle.jcajce.PBKDF1KeyWithParameters;
-// END android-removed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.PKCS12KeyWithParameters;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
 // import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec;
-// END android-removed
 import org.bouncycastle.util.Strings;
 
 public class BaseBlockCipher
@@ -96,16 +89,14 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class,
-                                        // END android-removed
                                         gcmSpecClass,
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // GOST28147ParameterSpec.class
-                                        // END android-removed
                                     };
 
     private BlockCipher             baseEngine;
@@ -281,7 +272,12 @@
                 try
                 {
                     engineParams = createParametersInstance(name);
-                    engineParams.init(ivParam.getIV());
+                    // Android-changed: Use IvParameterSpec instead of passing raw bytes.
+                    // The documentation of init() says that a byte array should be decoded
+                    // as ASN.1, and Conscrypt's implementations follow that requirement,
+                    // even though Bouncy Castle's implementations don't.  Wrapping it in
+                    // an IvParameterSpec makes the interpretation unambiguous to both.
+                    engineParams.init(new IvParameterSpec(ivParam.getIV()));
                 }
                 catch (Exception e)
                 {
@@ -342,33 +338,35 @@
                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
             }
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("PGP"))
-        // {
-        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-        //
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(
-        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
-        // }
-        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-        // {
-        //     ivLength = 0;
-        //     cipher = new BufferedGenericBlockCipher(
-        //         new OpenPGPCFBBlockCipher(baseEngine));
-        // }
-        // else if (modeName.startsWith("SIC"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     if (ivLength < 16)
-        //     {
-        //         throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
-        //     }
-        //     fixedIv = false;
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new SICBlockCipher(baseEngine)));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported modes
+        /*
+        else if (modeName.startsWith("PGP"))
+        {
+            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
+
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(
+                new PGPCFBBlockCipher(baseEngine, inlineIV));
+        }
+        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
+        {
+            ivLength = 0;
+            cipher = new BufferedGenericBlockCipher(
+                new OpenPGPCFBBlockCipher(baseEngine));
+        }
+        else if (modeName.startsWith("SIC"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            if (ivLength < 16)
+            {
+                throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
+            }
+            fixedIv = false;
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new SICBlockCipher(baseEngine)));
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTR"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -376,20 +374,22 @@
             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
                         new SICBlockCipher(baseEngine)));
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("GOFB"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new GOFBBlockCipher(baseEngine)));
-        // }
-        // else if (modeName.startsWith("GCFB"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-        //                 new GCFBBlockCipher(baseEngine)));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported modes
+        /*
+        else if (modeName.startsWith("GOFB"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new GOFBBlockCipher(baseEngine)));
+        }
+        else if (modeName.startsWith("GCFB"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
+                        new GCFBBlockCipher(baseEngine)));
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("CTS"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -400,28 +400,30 @@
             ivLength = 13; // CCM nonce 7..13 bytes
             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
         }
-        // BEGIN android-removed
-        // else if (modeName.startsWith("OCB"))
-        // {
-        //     if (engineProvider != null)
-        //     {
-        //         /*
-        //          * RFC 7253 4.2. Nonce is a string of no more than 120 bits
-        //          */
-        //         ivLength = 15;
-        //         cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
-        //     }
-        //     else
-        //     {
-        //         throw new NoSuchAlgorithmException("can't support mode " + mode);
-        //     }
-        // }
-        // else if (modeName.startsWith("EAX"))
-        // {
-        //     ivLength = baseEngine.getBlockSize();
-        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported modes
+        /*
+        else if (modeName.startsWith("OCB"))
+        {
+            if (engineProvider != null)
+            {
+                /*
+                 * RFC 7253 4.2. Nonce is a string of no more than 120 bits
+                 *
+                ivLength = 15;
+                cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
+            }
+            else
+            {
+                throw new NoSuchAlgorithmException("can't support mode " + mode);
+            }
+        }
+        else if (modeName.startsWith("EAX"))
+        {
+            ivLength = baseEngine.getBlockSize();
+            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
+        }
+        */
+        // END Android-removed: Unsupported modes
         else if (modeName.startsWith("GCM"))
         {
             ivLength = baseEngine.getBlockSize();
@@ -489,13 +491,11 @@
         }
     }
 
-    // BEGIN android-added
-    // TODO(27995180): This might need to be removed if we drop support for BCPBE keys without IV
-    // in PKCS12
+    // BEGIN Android-added: Handling missing IVs
     private boolean isBCPBEKeyWithoutIV(Key key) {
         return (key instanceof BCPBEKey) && !(((BCPBEKey)key).getParam() instanceof ParametersWithIV);
     }
-    // END android-added
+    // END Android-added: Handling missing IVs
 
     protected void engineInit(
         int                     opmode,
@@ -530,12 +530,11 @@
         //
         // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
         //
-        // BEGIN android-changed
-        // Was: if (scheme == PKCS12 || key instanceof PKCS12Key)
+        // BEGIN Android-changed: Don't use PKCS12 with missing IV.
         // If the key is a BCPBE one without an IV, ignore the fact that the scheme is PKCS12.
-        // TODO(27995180): consider whether we want to keep support for these keys and PKCS12.
+        // if (scheme == PKCS12 || key instanceof PKCS12Key)
         if ((scheme == PKCS12 || key instanceof PKCS12Key) && !isBCPBEKeyWithoutIV(key))
-        // END android-changed
+        // END Android-changed: Don't use PKCS12 with missing IV.
         {
             SecretKey k;
             try
@@ -578,13 +577,11 @@
                 }
                 else if (pbeKeyParam == null)
                 {
-                    // BEGIN android-changed
-                    // Was: param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
-                    // TODO(27995180): consider rejecting such keys for PKCS12
-                    // See above for the android-changed with a TODO for the same bug that makes
-                    // this code unreachable.
-                    // END android-changed
-                    throw new IllegalStateException("Unreachable code");
+                    // BEGIN Android-changed: Unreachable code
+                    // See above for the Android change that makes this code unreachable.
+                    // param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+                    throw new AssertionError("Unreachable code");
+                    // END Android-changed: Unreachable code
                 }
                 else
                 {
@@ -600,27 +597,29 @@
                 ivParam = (ParametersWithIV)param;
             }
         }
-        // BEGIN android-removed
-        // else if (key instanceof PBKDF1Key)
-        // {
-        //     PBKDF1Key k = (PBKDF1Key)key;
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (key instanceof PBKDF1Key)
+        {
+            PBKDF1Key k = (PBKDF1Key)key;
 
-        //     if (params instanceof PBEParameterSpec)
-        //     {
-        //         pbeSpec = (PBEParameterSpec)params;
-        //     }
-        //     if (k instanceof PBKDF1KeyWithParameters && pbeSpec == null)
-        //     {
-        //         pbeSpec = new PBEParameterSpec(((PBKDF1KeyWithParameters)k).getSalt(), ((PBKDF1KeyWithParameters)k).getIterationCount());
-        //     }
+            if (params instanceof PBEParameterSpec)
+            {
+                pbeSpec = (PBEParameterSpec)params;
+            }
+            if (k instanceof PBKDF1KeyWithParameters && pbeSpec == null)
+            {
+                pbeSpec = new PBEParameterSpec(((PBKDF1KeyWithParameters)k).getSalt(), ((PBKDF1KeyWithParameters)k).getIterationCount());
+            }
 
-        //     param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS5S1, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
-        //     if (param instanceof ParametersWithIV)
-        //     {
-        //         ivParam = (ParametersWithIV)param;
-        //     }
-        // }
-        // END android-removed
+            param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS5S1, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+            if (param instanceof ParametersWithIV)
+            {
+                ivParam = (ParametersWithIV)param;
+            }
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (key instanceof BCPBEKey)
         {
             BCPBEKey k = (BCPBEKey)key;
@@ -641,7 +640,7 @@
             else if (params instanceof PBEParameterSpec)
             {
                 pbeSpec = (PBEParameterSpec)params;
-                // BEGIN android-added
+                // BEGIN Android-added: Allow PBE keys with only passwords.
                 // At this point, k.getParam() == null, so the key hasn't been generated.  If
                 // the parameters have non-default values, recreate the BCPBEKey from algorithm
                 // parameters as to generate the key.
@@ -653,7 +652,7 @@
                                     k.getKeySize()),
                             null /* CipherParameters */);
                 }
-                // END android-added
+                // END Android-added: Allow PBE keys with only passwords.
                 param = PBE.Util.makePBEParameters(k, params, cipher.getUnderlyingCipher().getAlgorithmName());
             }
             else
@@ -681,10 +680,10 @@
                 ivParam = (ParametersWithIV)param;
             }
         }
-        // BEGIN android-changed
-        // Was: else if (!(key instanceof RepeatedSecretKeySpec))
+        // BEGIN Android-changed: Unsupported algorithm
+        // else if (!(key instanceof RepeatedSecretKeySpec))
         else
-        // END android-changed
+        // END Android-changed: Unsupported algorithms
         {
             if (scheme == PKCS5S1 || scheme == PKCS5S1_UTF8 || scheme == PKCS5S2 || scheme == PKCS5S2_UTF8)
             {
@@ -692,12 +691,12 @@
             }
             param = new KeyParameter(key.getEncoded());
         }
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unreachable
         // else
         // {
         //    param = null;
         // }
-        // END android-removed
+        // END Android-removed: Unreachable
 
         if (params instanceof AEADParameterSpec)
         {
@@ -748,86 +747,88 @@
                 }
             }
         }
-        // BEGIN android-removed
-        // else if (params instanceof GOST28147ParameterSpec)
-        // {
-        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-        //
-        //     param = new ParametersWithSBox(
-        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-        //
-        //     if (gost28147Param.getIV() != null && ivLength != 0)
-        //     {
-        //         if (param instanceof ParametersWithIV)
-        //         {
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), gost28147Param.getIV());
-        //         }
-        //         else
-        //         {
-        //             param = new ParametersWithIV(param, gost28147Param.getIV());
-        //         }
-        //         ivParam = (ParametersWithIV)param;
-        //     }
-        // }
-        // else if (params instanceof RC2ParameterSpec)
-        // {
-        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-        //
-        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-        //
-        //     if (rc2Param.getIV() != null && ivLength != 0)
-        //     {
-        //         if (param instanceof ParametersWithIV)
-        //         {
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc2Param.getIV());
-        //         }
-        //         else
-        //         {
-        //             param = new ParametersWithIV(param, rc2Param.getIV());
-        //         }
-        //         ivParam = (ParametersWithIV)param;
-        //     }
-        // }
-        // else if (params instanceof RC5ParameterSpec)
-        // {
-        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-        //
-        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
-        //     {
-        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
-        //         {
-        //             if (rc5Param.getWordSize() != 32)
-        //             {
-        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-        //             }
-        //         }
-        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-        //         {
-        //             if (rc5Param.getWordSize() != 64)
-        //             {
-        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-        //             }
-        //         }
-        //     }
-        //     else
-        //     {
-        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-        //     }
-        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
-        //     {
-        //         if (param instanceof ParametersWithIV)
-        //         {
-        //             param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc5Param.getIV());
-        //         }
-        //         else
-        //         {
-        //             param = new ParametersWithIV(param, rc5Param.getIV());
-        //         }
-        //         ivParam = (ParametersWithIV)param;
-        //     }
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (params instanceof GOST28147ParameterSpec)
+        {
+            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
+
+            param = new ParametersWithSBox(
+                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
+
+            if (gost28147Param.getIV() != null && ivLength != 0)
+            {
+                if (param instanceof ParametersWithIV)
+                {
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), gost28147Param.getIV());
+                }
+                else
+                {
+                    param = new ParametersWithIV(param, gost28147Param.getIV());
+                }
+                ivParam = (ParametersWithIV)param;
+            }
+        }
+        else if (params instanceof RC2ParameterSpec)
+        {
+            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
+
+            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
+
+            if (rc2Param.getIV() != null && ivLength != 0)
+            {
+                if (param instanceof ParametersWithIV)
+                {
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc2Param.getIV());
+                }
+                else
+                {
+                    param = new ParametersWithIV(param, rc2Param.getIV());
+                }
+                ivParam = (ParametersWithIV)param;
+            }
+        }
+        else if (params instanceof RC5ParameterSpec)
+        {
+            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
+
+            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
+            if (baseEngine.getAlgorithmName().startsWith("RC5"))
+            {
+                if (baseEngine.getAlgorithmName().equals("RC5-32"))
+                {
+                    if (rc5Param.getWordSize() != 32)
+                    {
+                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
+                    }
+                }
+                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
+                {
+                    if (rc5Param.getWordSize() != 64)
+                    {
+                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
+                    }
+                }
+            }
+            else
+            {
+                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
+            }
+            if ((rc5Param.getIV() != null) && (ivLength != 0))
+            {
+                if (param instanceof ParametersWithIV)
+                {
+                    param = new ParametersWithIV(((ParametersWithIV)param).getParameters(), rc5Param.getIV());
+                }
+                else
+                {
+                    param = new ParametersWithIV(param, rc5Param.getIV());
+                }
+                ivParam = (ParametersWithIV)param;
+            }
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (gcmSpecClass != null && gcmSpecClass.isInstance(params))
         {
             if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher))
@@ -869,35 +870,61 @@
             {
                 ivRandom = new SecureRandom();
             }
+
             if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
             {
                 byte[]  iv = new byte[ivLength];
 
-                // BEGIN android-changed
-                // Was: ivRandom.nextBytes(iv);
-                // TODO(27995180): for such keys, consider whether we want to reject them or
-                // allow them if the IV is passed in the parameters
+                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+                // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
+                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
+                // want the eventual state to be that an IV can be passed in params, but the key
+                // is rejected otherwise.  For now, log that these will be rejected in a future
+                // release.  See b/27995180 for historical details.
+                // ivRandom.nextBytes(iv);
                 if (!isBCPBEKeyWithoutIV(key)) {
                     ivRandom.nextBytes(iv);
+                } else {
+                    // TODO(b/70275132): Change to rejecting these keys
+                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
+                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
+                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
+                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
+                    System.err.println(" * with an all-zero IV, but in a future release this call will");
+                    System.err.println(" * throw an exception.");
+                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
+                            .printStackTrace(System.err);
                 }
-                // END android-changed
+                // END Android-changed: For PBE keys with no IV, log and use IV of 0
                 param = new ParametersWithIV(param, iv);
                 ivParam = (ParametersWithIV)param;
             }
             else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
             {
-                // BEGIN android-changed
-                // Was: throw new InvalidAlgorithmParameterException("no IV set when one expected");
-                // TODO(27995180): for such keys, consider whether we want to reject them or
-                // allow them if the IV is passed in the parameters
+                // BEGIN Android-changed: For PBE keys with no IV, log and use IV of 0
+                // These keys were accepted in BC 1.52 (and treated as having an IV of 0) but
+                // rejected outright in BC 1.54 (even if an IV was passed in params).  We
+                // want the eventual state to be that an IV can be passed in params, but the key
+                // is rejected otherwise.  For now, log that these will be rejected in a future
+                // release.  See b/27995180 for historical details.
+                // throw new InvalidAlgorithmParameterException("no IV set when one expected");
                 if (!isBCPBEKeyWithoutIV(key)) {
                     throw new InvalidAlgorithmParameterException("no IV set when one expected");
                 } else {
+                    // TODO(b/70275132): Change to rejecting these keys
+                    System.err.println(" ******** DEPRECATED FUNCTIONALITY ********");
+                    System.err.println(" * You have initialized a cipher with a PBE key with no IV and");
+                    System.err.println(" * have not provided an IV in the AlgorithmParameterSpec.  This");
+                    System.err.println(" * configuration is deprecated.  The cipher will be initialized");
+                    System.err.println(" * with an all-zero IV, but in a future release this call will");
+                    System.err.println(" * throw an exception.");
+                    new InvalidAlgorithmParameterException("No IV set when using PBE key")
+                            .printStackTrace(System.err);
                     // Mimic behaviour in 1.52 by using an IV of 0's
                     param = new ParametersWithIV(param, new byte[ivLength]);
                     ivParam = (ParametersWithIV)param;
                 }
-                // END android-changed
+                // END Android-changed: For PBE keys with no IV, log and use IV of 0
             }
         }
 
@@ -951,21 +978,23 @@
                 ivParam = new ParametersWithIV(key, iv.getIV());
                 param = ivParam;
             }
-            // BEGIN android-removed
-            // else if (params instanceof GOST28147ParameterSpec)
-            // {
-            //     // need to pick up IV and SBox.
-            //     GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
-            //
-            //     param = new ParametersWithSBox(param, gost28147Param.getSbox());
-            //
-            //     if (gost28147Param.getIV() != null && ivLength != 0)
-            //     {
-            //         ivParam = new ParametersWithIV(key, gost28147Param.getIV());
-            //         param = ivParam;
-            //     }
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            else if (params instanceof GOST28147ParameterSpec)
+            {
+                // need to pick up IV and SBox.
+                GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
+
+                param = new ParametersWithSBox(param, gost28147Param.getSbox());
+
+                if (gost28147Param.getIV() != null && ivLength != 0)
+                {
+                    ivParam = new ParametersWithIV(key, gost28147Param.getIV());
+                    param = ivParam;
+                }
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
         else
         {
@@ -976,20 +1005,22 @@
                 ivParam = new ParametersWithIV(param, iv.getIV());
                 param = ivParam;
             }
-            // BEGIN android-removed
-            // else if (params instanceof GOST28147ParameterSpec)
-            // {
-            //     // need to pick up IV and SBox.
-            //     GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
-            //
-            //     param = new ParametersWithSBox(param, gost28147Param.getSbox());
-            //
-            //     if (gost28147Param.getIV() != null && ivLength != 0)
-            //     {
-            //         param = new ParametersWithIV(param, gost28147Param.getIV());
-            //     }
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            else if (params instanceof GOST28147ParameterSpec)
+            {
+                // need to pick up IV and SBox.
+                GOST28147ParameterSpec gost28147Param = (GOST28147ParameterSpec)params;
+
+                param = new ParametersWithSBox(param, gost28147Param.getSbox());
+
+                if (gost28147Param.getIV() != null && ivLength != 0)
+                {
+                    param = new ParametersWithIV(param, gost28147Param.getIV());
+                }
+            }
+            */
+            // END Android-removed: Unsupported algorithms
         }
         return param;
     }
@@ -1192,9 +1223,9 @@
     private boolean isAEADModeName(
         String modeName)
     {
-        // BEGIN android-changed
+        // Android-changed: Unsupported modes
+        // return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName);
         return "CCM".equals(modeName) || "GCM".equals(modeName);
-        // END android-changed
     }
 
     /*
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
index 7102db5..45b24bf 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
@@ -22,15 +22,13 @@
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.params.RC2Parameters;
 // import org.bouncycastle.crypto.params.SkeinParameters;
-// END android-removed
 import org.bouncycastle.jcajce.PKCS12Key;
 import org.bouncycastle.jcajce.spec.AEADParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
-// END android-removed
 
 public class BaseMac
     extends MacSpi implements PBE
@@ -103,16 +101,16 @@
 
             int digest = SHA1;
             int keySize = 160;
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // if (macEngine.getAlgorithmName().startsWith("GOST"))
             // {
-            //      digest = GOST3411;
-            //      keySize = 256;
+            //     digest = GOST3411;
+            //     keySize = 256;
             // }
-            // BEGIN android-changed
-            // Was: else if (macEngine instanceof HMac)
+            // END Android-removed: Unsupported algorithms
+            // Android-changed: Adjust for missing if
+            // else if (macEngine instanceof HMac)
             if (macEngine instanceof HMac)
-            // END android-changed
             {
                 if (!macEngine.getAlgorithmName().startsWith("SHA-1"))
                 {
@@ -136,13 +134,13 @@
                         digest = SHA512;
                         keySize = 512;
                     }
-                    // BEGIN android-removed
+                    // BEGIN Android-removed: Unsupported algorithms
                     // else if (macEngine.getAlgorithmName().startsWith("RIPEMD160"))
                     // {
                     //     digest = RIPEMD160;
                     //     keySize = 160;
                     // }
-                    // END android-removed
+                    // END Android-removed: Unsupported algorithms
                     else
                     {
                         throw new InvalidAlgorithmParameterException("no PKCS12 mapping for HMAC: " + macEngine.getAlgorithmName());
@@ -198,17 +196,18 @@
         {
             param = new ParametersWithIV(keyParam, ((IvParameterSpec)params).getIV());
         }
-        // BEGIN android-removed
-        // else if (params instanceof RC2ParameterSpec)
-        // {
-        //     param = new ParametersWithIV(new RC2Parameters(keyParam.getKey(), ((RC2ParameterSpec)params).getEffectiveKeyBits()), ((RC2ParameterSpec)params).getIV());
-        // }
-
-        // else if (params instanceof SkeinParameterSpec)
-        // {
-        //     param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(keyParam.getKey()).build();
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (params instanceof RC2ParameterSpec)
+        {
+            param = new ParametersWithIV(new RC2Parameters(keyParam.getKey(), ((RC2ParameterSpec)params).getEffectiveKeyBits()), ((RC2ParameterSpec)params).getIV());
+        }
+        else if (params instanceof SkeinParameterSpec)
+        {
+            param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(keyParam.getKey()).build();
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else if (params == null)
         {
             param = new KeyParameter(key.getEncoded());
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
index f289308..9795e2d 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
@@ -15,10 +15,9 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DataLengthException;
@@ -37,10 +36,9 @@
     //
     private Class[]                 availableSpecs =
                                     {
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class,
-                                        // END android-removed
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class
                                     };
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
index e2c8676..58da98e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
@@ -22,10 +22,9 @@
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.PBEParameterSpec;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import javax.crypto.spec.RC2ParameterSpec;
 // import javax.crypto.spec.RC5ParameterSpec;
-// END android-removed
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
@@ -35,7 +34,9 @@
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.crypto.params.ParametersWithRandom;
-import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+// Android-changed: Use default provider for JCA algorithms instead of BC
+// Was: import org.bouncycastle.jcajce.util.BCJcaJceHelper;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.util.Arrays;
@@ -51,10 +52,9 @@
                                     {
                                         IvParameterSpec.class,
                                         PBEParameterSpec.class,
-                                        // BEGIN android-removed
+                                        // Android-removed: Unsupported algorithms
                                         // RC2ParameterSpec.class,
                                         // RC5ParameterSpec.class
-                                        // END android-removed
                                     };
 
     protected int                     pbeType = PKCS12;
@@ -69,7 +69,9 @@
     private int                       ivSize;
     private byte[]                    iv;
 
-    private final JcaJceHelper helper = new BCJcaJceHelper();
+    // Android-changed: Use default provider for JCA algorithms instead of BC
+    // Was: private final JcaJceHelper helper = new BCJcaJceHelper();
+    private final JcaJceHelper helper = new DefaultJcaJceHelper();
 
     protected BaseWrapCipher()
     {
@@ -279,8 +281,6 @@
         return null;
     }
 
-    // BEGIN android-changed
-    // added ShortBufferException to throws statement
     protected int engineDoFinal(
         byte[]  input,
         int     inputOffset,
@@ -291,7 +291,6 @@
     {
         return 0;
     }
-    // END android-changed
 
     protected byte[] engineWrap(
         Key     key)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
index 2e4f96b..89c2173 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
@@ -1,27 +1,25 @@
 package org.bouncycastle.jcajce.provider.symmetric.util;
 
+// BEGIN Android-added: Needed for compatibility helper
 import java.lang.reflect.Method;
+// END Android-added: Needed for compatibility helper
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.SecretKey;
-// BEGIN android-added
+// BEGIN Android-added: Allow IVs specified in parameters.
 import javax.crypto.spec.IvParameterSpec;
-// END android-added
+// END Android-added: Allow IVs specified in parameters.
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.PBEParameterSpec;
 
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.PBEParametersGenerator;
-// BEGIN android-added
-import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.crypto.digests.GOST3411Digest;
 // import org.bouncycastle.crypto.digests.MD2Digest;
 // import org.bouncycastle.crypto.digests.RIPEMD160Digest;
 // import org.bouncycastle.crypto.digests.TigerDigest;
-// END android-removed
 import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
 import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
@@ -29,9 +27,10 @@
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
-// BEGIN android-removed
+// BEGIN Android-changed: Use Android digests
 // import org.bouncycastle.crypto.util.DigestFactory;
-// END android-removed
+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
+// END Android-changed: Use Android digests
 
 public interface PBE
 {
@@ -40,15 +39,13 @@
     //
     static final int        MD5          = 0;
     static final int        SHA1         = 1;
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // static final int        RIPEMD160    = 2;
     // static final int        TIGER        = 3;
-    // END android-removed
     static final int        SHA256       = 4;
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // static final int        MD2          = 5;
     // static final int        GOST3411     = 6;
-    // END android-removed
     static final int        SHA224       = 7;
     static final int        SHA384       = 8;
     static final int        SHA512       = 9;
@@ -60,7 +57,6 @@
     static final int        PKCS5S1_UTF8 = 4;
     static final int        PKCS5S2_UTF8 = 5;
 
-
     /**
      * uses the appropriate mixer to generate the key and IV if necessary.
      */
@@ -76,20 +72,19 @@
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS5S1ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S1ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S1ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
                 default:
                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
@@ -99,48 +94,54 @@
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS5S2ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
-
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
-                // BEGIN android-removed
-                // case RIPEMD160:
-                //     generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
+                // BEGIN Android-removed: Unsupported algorithms
+                /*
+                case RIPEMD160:
+                    generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
+                    break;
+                case TIGER:
+                    generator = new PKCS5S2ParametersGenerator(new TigerDigest());
+                    break;
+                */
+                // END Android-removed: Unsupported algorithms
+                case SHA256:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA256());
+                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA256());
+                    break;
+                // Android-removed: Unsupported algorithms
+                // case GOST3411:
+                //     generator = new PKCS5S2ParametersGenerator(new GOST3411Digest());
                 //     break;
-                // case TIGER:
-                //     generator = new PKCS5S2ParametersGenerator(new TigerDigest());
-                //     break;
-                // END android-removed
-                // BEGIN android-added
                 case SHA224:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA224());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA224());
                     break;
-                // END android-added
-                case SHA256:
-                    // BEGIN android-changed
-                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA256());
-                    // END android-changed
-                    break;
-                // BEGIN android-added
                 case SHA384:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA384());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA384());
                     break;
                 case SHA512:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS5S2ParametersGenerator(DigestFactory.createSHA512());
                     generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA512());
                     break;
-                // END android-added
                 default:
                     throw new IllegalStateException("unknown digest scheme for PBE PKCS5S2 encryption.");
                 }
@@ -149,44 +150,52 @@
             {
                 switch (hash)
                 {
-                // BEGIN android-removed
+                // Android-removed: Unsupported algorithms
                 // case MD2:
                 //     generator = new PKCS12ParametersGenerator(new MD2Digest());
                 //     break;
-                // END android-removed
                 case MD5:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createMD5());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5());
-                    // END android-changed
                     break;
                 case SHA1:
-                    // BEGIN android-changed
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA1());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
-                    // END android-changed
                     break;
-                // BEGIN android-removed
-                // case RIPEMD160:
-                //     generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
+                // BEGIN Android-removed: Unsupported algorithms
+                /*
+                case RIPEMD160:
+                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
+                    break;
+                case TIGER:
+                    generator = new PKCS12ParametersGenerator(new TigerDigest());
+                    break;
+                */
+                // END Android-removed: Unsupported algorithms
+                case SHA256:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA256());
+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
+                    break;
+                // Android-removed: Unsupported algorithms
+                // case GOST3411:
+                //     generator = new PKCS12ParametersGenerator(new GOST3411Digest());
                 //     break;
-                // case TIGER:
-                //     generator = new PKCS12ParametersGenerator(new TigerDigest());
-                //     break;
-                // END android-removed
-                // BEGIN android-added
                 case SHA224:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA224());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA224());
                     break;
-                // END android-added
-                case SHA256:
-                    // BEGIN android-changed
-                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
-                    // END android-changed
-                    break;
-                // BEGIN android-added
                 case SHA384:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA384());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA384());
                     break;
                 case SHA512:
+                    // Android-changed: Use Android digests
+                    // generator = new PKCS12ParametersGenerator(DigestFactory.createSHA512());
                     generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA512());
                     break;
                 default:
@@ -235,7 +244,7 @@
             if (ivSize != 0)
             {
                 param = generator.generateDerivedParameters(keySize, ivSize);
-                // BEGIN ANDROID-ADDED
+                // BEGIN Android-added: Allow IVs specified in parameters.
                 // PKCS5S2 doesn't specify that the IV must be generated from the password. If the
                 // IV is passed as a parameter, use it.
                 AlgorithmParameterSpec parameterSpecFromPBEParameterSpec =
@@ -249,7 +258,7 @@
                             (KeyParameter) parametersWithIV.getParameters(),
                             ivParameterSpec.getIV());
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow IVs specified in parameters.
             }
             else
             {
@@ -304,7 +313,7 @@
             if (pbeKey.getIvSize() != 0)
             {
                 param = generator.generateDerivedParameters(pbeKey.getKeySize(), pbeKey.getIvSize());
-                // BEGIN ANDROID-ADDED
+                // BEGIN Android-added: Allow IVs specified in parameters.
                 // PKCS5S2 doesn't specify that the IV must be generated from the password. If the
                 // IV is passed as a parameter, use it.
                 AlgorithmParameterSpec parameterSpecFromPBEParameterSpec =
@@ -318,7 +327,7 @@
                             (KeyParameter) parametersWithIV.getParameters(),
                             ivParameterSpec.getIV());
                 }
-                // END ANDROID-ADDED
+                // END Android-added: Allow IVs specified in parameters.
             }
             else
             {
@@ -464,7 +473,7 @@
             return param;
         }
 
-        // BEGIN android-added
+        // BEGIN Android-added: Add helper for 1.8 compatibility.
         /**
          * Invokes the method {@link PBEParameterSpec#getParameterSpec()} via reflection.
          *
@@ -483,7 +492,7 @@
                 return null;
             }
         }
-        // END android-added
+        // END Android-added: Add helper for 1.8 compatibility.
 
 
         private static byte[] convertPassword(int type, PBEKeySpec keySpec)
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java
index 9869b1c..552a6e6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/util/DigestFactory.java
@@ -10,9 +10,9 @@
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.Digest;
-// BEGIN android-added
+// BEGIN Android-added: Use Android digests
 import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-// END android-added
+// END Android-added: Use Android digests
 import org.bouncycastle.util.Strings;
 
 public class DigestFactory
@@ -23,14 +23,16 @@
     private static Set sha256 = new HashSet();
     private static Set sha384 = new HashSet();
     private static Set sha512 = new HashSet();
-    // BEGIN android-removed
-    // private static Set sha512_224 = new HashSet();
-    // private static Set sha512_256 = new HashSet();
-    // private static Set sha3_224 = new HashSet();
-    // private static Set sha3_256 = new HashSet();
-    // private static Set sha3_384 = new HashSet();
-    // private static Set sha3_512 = new HashSet();
-    // END android-removed
+    // BEGIN Android-removed: Unsupported algorithms
+    /*
+    private static Set sha512_224 = new HashSet();
+    private static Set sha512_256 = new HashSet();
+    private static Set sha3_224 = new HashSet();
+    private static Set sha3_256 = new HashSet();
+    private static Set sha3_384 = new HashSet();
+    private static Set sha3_512 = new HashSet();
+    */
+    // END Android-removed: Unsupported algorithms
 
     private static Map oids = new HashMap();
     
@@ -59,27 +61,29 @@
         sha512.add("SHA-512");
         sha512.add(NISTObjectIdentifiers.id_sha512.getId()); 
 
-        // BEGIN android-removed
-        // sha512_224.add("SHA512(224)");
-        // sha512_224.add("SHA-512(224)");
-        // sha512_224.add(NISTObjectIdentifiers.id_sha512_224.getId());
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        sha512_224.add("SHA512(224)");
+        sha512_224.add("SHA-512(224)");
+        sha512_224.add(NISTObjectIdentifiers.id_sha512_224.getId());
 
-        // sha512_256.add("SHA512(256)");
-        // sha512_256.add("SHA-512(256)");
-        // sha512_256.add(NISTObjectIdentifiers.id_sha512_256.getId());
+        sha512_256.add("SHA512(256)");
+        sha512_256.add("SHA-512(256)");
+        sha512_256.add(NISTObjectIdentifiers.id_sha512_256.getId());
 
-        // sha3_224.add("SHA3-224");
-        // sha3_224.add(NISTObjectIdentifiers.id_sha3_224.getId());
+        sha3_224.add("SHA3-224");
+        sha3_224.add(NISTObjectIdentifiers.id_sha3_224.getId());
 
-        // sha3_256.add("SHA3-256");
-        // sha3_256.add(NISTObjectIdentifiers.id_sha3_256.getId());
+        sha3_256.add("SHA3-256");
+        sha3_256.add(NISTObjectIdentifiers.id_sha3_256.getId());
 
-        // sha3_384.add("SHA3-384");
-        // sha3_384.add(NISTObjectIdentifiers.id_sha3_384.getId());
+        sha3_384.add("SHA3-384");
+        sha3_384.add(NISTObjectIdentifiers.id_sha3_384.getId());
 
-        // sha3_512.add("SHA3-512");
-        // sha3_512.add(NISTObjectIdentifiers.id_sha3_512.getId());
-        // END android-removed
+        sha3_512.add("SHA3-512");
+        sha3_512.add(NISTObjectIdentifiers.id_sha3_512.getId());
+        */
+        // END Android-removed: Unsupported algorithms
 
 
         oids.put("MD5", PKCSObjectIdentifiers.md5);
@@ -133,65 +137,69 @@
         
         if (sha1.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA1();
             return AndroidDigestFactory.getSHA1();
-            // END android-changed
         }
         if (md5.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createMD5();
             return AndroidDigestFactory.getMD5();
-            // END android-changed
         }
         if (sha224.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA224();
             return AndroidDigestFactory.getSHA224();
-            // END android-changed
         }
         if (sha256.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA256();
             return AndroidDigestFactory.getSHA256();
-            // END android-changed
         }
         if (sha384.contains(digestName))
         {
-            // BEGIN android-changed
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA384();
             return AndroidDigestFactory.getSHA384();
-            // END android-changed
         }
-        if (sha512.contains(digestName)) {
-            // BEGIN android-changed
+        if (sha512.contains(digestName))
+        {
+            // Android-changed: Use Android digests
+            // return org.bouncycastle.crypto.util.DigestFactory.createSHA512();
             return AndroidDigestFactory.getSHA512();
-            // END android-changed
         }
-        // BEGIN android-removed
-        // if (sha512_224.contains(digestName))
-        // {
-        //    return org.bouncycastle.crypto.util.DigestFactory.createSHA512_224();
-        // }
-        // if (sha512_256.contains(digestName))
-        // {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA512_256();
-        // }
-        //
-        // if (sha3_224.contains(digestName))
-        // {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_224();
-        // }
-        // if (sha3_256.contains(digestName))
-        // {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_256();
-        // }
-        // if (sha3_384.contains(digestName))
-        // {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_384();
-        // }
-        // if (sha3_512.contains(digestName))
-        // {
-        //     return org.bouncycastle.crypto.util.DigestFactory.createSHA3_512();
-        // }
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (sha512_224.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA512_224();
+        }
+        if (sha512_256.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA512_256();
+        }
+
+        if (sha3_224.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_224();
+        }
+        if (sha3_256.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_256();
+        }
+        if (sha3_384.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_384();
+        }
+        if (sha3_512.contains(digestName))
+        {
+            return org.bouncycastle.crypto.util.DigestFactory.createSHA3_512();
+        }
+        */
+        // END Android-removed: Unsupported algorithms
 
         return null;
     }
@@ -205,14 +213,16 @@
             || (sha256.contains(digest1) && sha256.contains(digest2))
             || (sha384.contains(digest1) && sha384.contains(digest2))
             || (sha512.contains(digest1) && sha512.contains(digest2))
-            // BEGIN android-removed
-            // || (sha512_224.contains(digest1) && sha512_224.contains(digest2))
-            // || (sha512_256.contains(digest1) && sha512_256.contains(digest2))
-            // || (sha3_224.contains(digest1) && sha3_224.contains(digest2))
-            // || (sha3_256.contains(digest1) && sha3_256.contains(digest2))
-            // || (sha3_384.contains(digest1) && sha3_384.contains(digest2))
-            // || (sha3_512.contains(digest1) && sha3_512.contains(digest2))
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            || (sha512_224.contains(digest1) && sha512_224.contains(digest2))
+            || (sha512_256.contains(digest1) && sha512_256.contains(digest2))
+            || (sha3_224.contains(digest1) && sha3_224.contains(digest2))
+            || (sha3_256.contains(digest1) && sha3_256.contains(digest2))
+            || (sha3_384.contains(digest1) && sha3_384.contains(digest2))
+            || (sha3_512.contains(digest1) && sha3_512.contains(digest2))
+            */
+            // END Android-removed: Unsupported algorithms
             || (md5.contains(digest1) && md5.contains(digest2));
     }
     
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java
index 5148601..4237ac6 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/JcaJceUtils.java
@@ -6,15 +6,13 @@
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 
 /**
  * General JCA/JCE utility methods.
@@ -107,24 +105,26 @@
         {
             return "SHA512";
         }
-        // BEGIN android-removed
-        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD128";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD160";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD256";
-        // }
-        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        // {
-        //     return "GOST3411";
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        {
+            return "RIPEMD128";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        {
+            return "RIPEMD160";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        {
+            return "RIPEMD256";
+        }
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        {
+            return "GOST3411";
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             return digestAlgOID.getId();
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/MessageDigestUtils.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/MessageDigestUtils.java
index 1125a4b..119d8eb 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/util/MessageDigestUtils.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/MessageDigestUtils.java
@@ -4,17 +4,15 @@
 import java.util.Map;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.gnu.GNUObjectIdentifiers;
 // import org.bouncycastle.asn1.iso.ISOIECObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 
 public class MessageDigestUtils
 {
@@ -22,30 +20,32 @@
 
     static
     {
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // digestOidMap.put(PKCSObjectIdentifiers.md2, "MD2");
         // digestOidMap.put(PKCSObjectIdentifiers.md4, "MD4");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         digestOidMap.put(PKCSObjectIdentifiers.md5, "MD5");
         digestOidMap.put(OIWObjectIdentifiers.idSHA1, "SHA-1");
         digestOidMap.put(NISTObjectIdentifiers.id_sha224, "SHA-224");
         digestOidMap.put(NISTObjectIdentifiers.id_sha256, "SHA-256");
         digestOidMap.put(NISTObjectIdentifiers.id_sha384, "SHA-384");
         digestOidMap.put(NISTObjectIdentifiers.id_sha512, "SHA-512");
-        // BEGIN android-removed
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128");
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160");
-        // digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-128");
-        // digestOidMap.put(ISOIECObjectIdentifiers.ripemd128, "RIPEMD-128");
-        // digestOidMap.put(ISOIECObjectIdentifiers.ripemd160, "RIPEMD-160");
-        // digestOidMap.put(CryptoProObjectIdentifiers.gostR3411, "GOST3411");
-        // digestOidMap.put(GNUObjectIdentifiers.Tiger_192, "Tiger");
-        // digestOidMap.put(ISOIECObjectIdentifiers.whirlpool, "Whirlpool");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_224, "SHA3-224");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_256, "SHA3-256");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_384, "SHA3-384");
-        // digestOidMap.put(NISTObjectIdentifiers.id_sha3_512, "SHA3-512");
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD-128");
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD-160");
+        digestOidMap.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD-128");
+        digestOidMap.put(ISOIECObjectIdentifiers.ripemd128, "RIPEMD-128");
+        digestOidMap.put(ISOIECObjectIdentifiers.ripemd160, "RIPEMD-160");
+        digestOidMap.put(CryptoProObjectIdentifiers.gostR3411, "GOST3411");
+        digestOidMap.put(GNUObjectIdentifiers.Tiger_192, "Tiger");
+        digestOidMap.put(ISOIECObjectIdentifiers.whirlpool, "Whirlpool");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_224, "SHA3-224");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_256, "SHA3-256");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_384, "SHA3-384");
+        digestOidMap.put(NISTObjectIdentifiers.id_sha3_512, "SHA3-512");
+        */
+        // END Android-removed: Unsupported algorithms
     }
 
     /**
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
index 0c41c88..2237348 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/PKCS10CertificationRequest.java
@@ -30,18 +30,16 @@
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.CertificationRequest;
 import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x509.X509Name;
@@ -85,11 +83,10 @@
 
     static
     {
-        // BEGIN android-removed
-        // Dropping MD2
+        // Android-removed: Unsupported algorithms
         // algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
         // algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
         algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
@@ -109,14 +106,14 @@
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -129,13 +126,13 @@
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // reverse mappings
@@ -145,15 +142,15 @@
         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
         // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         
         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
@@ -187,10 +184,10 @@
         //
         // RFC 4491
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         //
         // explicit params
         //
@@ -633,24 +630,26 @@
         {
             return "SHA512";
         }
-        // BEGIN android-removed
-        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD128";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD160";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD256";
-        // }
-        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        // {
-        //     return "GOST3411";
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        {
+            return "RIPEMD128";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        {
+            return "RIPEMD160";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        {
+            return "RIPEMD256";
+        }
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        {
+            return "GOST3411";
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             return digestAlgOID.getId();            
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 5cb5d52..dfc56d7 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -60,29 +60,25 @@
 
     private static final String[] SYMMETRIC_GENERIC =
     {
-        // BEGIN android-changed
-        // Was: "PBEPBKDF2", "TLSKDF"
+        // Android-changed: Remove unsupported algorithms, add our own version of PBEv2 AlgParams
+        // "PBEPBKDF2", "TLSKDF"
         "PBEPBKDF2", "PBEPKCS12", "PBES2AlgorithmParameters"
     };
 
     private static final String[] SYMMETRIC_MACS =
     {
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // "SipHash", "Poly1305"
-        // END android-removed
     };
 
     private static final String[] SYMMETRIC_CIPHERS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "AES", "ARC4", "ARIA", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede",
         // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5",
         // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "SM4", "TEA", "Twofish", "Threefish",
         // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20", "OpenSSLPBKDF"
-        // END android-removed
-        // BEGIN android-added
         "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish",
-        // END android-added
     };
 
      /*
@@ -94,22 +90,16 @@
     // later ones configure it.
     private static final String[] ASYMMETRIC_GENERIC =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "X509", "IES"
-        // END android-removed
-        // BEGIN android-added
         "X509"
-        // END android-added
     };
 
     private static final String[] ASYMMETRIC_CIPHERS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145", "GM"
-        // END android-removed
-        // BEGIN android-added
         "DSA", "DH", "EC", "RSA",
-        // END android-added
     };
 
     /*
@@ -118,13 +108,10 @@
     private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
     private static final String[] DIGESTS =
     {
-        // BEGIN android-removed
+        // Android-changed: Unsupported algorithms
         // "GOST3411", "Keccak", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224",
         // "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool", "Blake2b"
-        // END android-removed
-        // BEGIN android-added
         "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512",
-        // END android-added
     };
 
     /*
@@ -136,7 +123,7 @@
         "BC", "BCFKS", "PKCS12"
     };
 
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // /*
     //  * Configurable secure random
     //  */
@@ -181,54 +168,56 @@
 
         loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
 
-        // BEGIN android-removed
-        // loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
+        // Android-removed: Unsupported algorithms
+        /*
+        loadAlgorithms(SECURE_RANDOM_PACKAGE, SECURE_RANDOMS);
+
         //
-        // //
-        // // X509Store
-        // //
-        // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-        // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-        // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-        // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+        // X509Store
         //
-        // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-        // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-        // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-        // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
+        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
+        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
+        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
+
+        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
+        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
+        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
+        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
+        
         //
-        // //
-        // // X509StreamParser
-        // //
-        // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-        // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-        // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-        // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+        // X509StreamParser
         //
-        // //
-        // // cipher engines
-        // //
-        // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
+        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
+        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
+        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
+
         //
-        // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+        // cipher engines
         //
-        //
-        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
-        //
-        // // Certification Path API
-        // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
-        // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
-        // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-        // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-        // END android-removed
+        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
+
+        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
+
+
+        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
+
+        // Certification Path API
+        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
+        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
+        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
+        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
+        */
+        // END Android-removed: Unsupported algorithms
         put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
         put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
         put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
         // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
         // put("Alg.Alias.CertStore.X509LDAP", "LDAP");
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
     }
 
     private void loadAlgorithms(String packageName, String[] names)
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
index b6a9d6a..b72a6f4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
@@ -75,9 +75,7 @@
 import org.bouncycastle.util.Store;
 import org.bouncycastle.util.StoreException;
 import org.bouncycastle.x509.X509AttributeCertificate;
-// BEGIN android-removed
-// import org.bouncycastle.x509.extension.X509ExtensionUtil;
-// END android-removed
+import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
 class CertPathValidatorUtilities
 {
@@ -657,22 +655,24 @@
         {
             Object obj = iter.next();
 
-            // BEGIN android-removed
-            // if (obj instanceof X509Store)
-            // {
-            //     X509Store certStore = (X509Store)obj;
-            //     try
-            //     {
-            //         certs.addAll(certStore.getMatches(certSelect));
-            //     }
-            //     catch (StoreException e)
-            //     {
-            //         throw new AnnotatedException(
-            //                 "Problem while picking certificates from X.509 store.", e);
-            //     }
-            // }
-            // else
-            // END android-removed
+            // BEGIN Android-removed: Unknown reason
+            /*
+            if (obj instanceof Store)
+            {
+                Store certStore = (Store)obj;
+                try
+                {
+                    certs.addAll(certStore.getMatches(certSelect));
+                }
+                catch (StoreException e)
+                {
+                    throw new AnnotatedException(
+                            "Problem while picking certificates from X.509 store.", e);
+                }
+            }
+            else
+            */
+            // END Android-removed: Unknown reason
             {
                 CertStore certStore = (CertStore)obj;
 
@@ -894,7 +894,9 @@
             {
                 return;
             }
+
             X500Principal certificateIssuer = crl_entry.getCertificateIssuer();
+
             X500Name certIssuer;
             if (certificateIssuer == null)
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
index 20ca6f2..7d6a50c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPrivateKey.java
@@ -19,10 +19,9 @@
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-// END android-removed
 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
 import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
@@ -205,23 +204,25 @@
             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
 
-            // BEGIN android-removed
-            // if (ecP == null) // GOST Curve
-            // {
-            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-            //
-            //     ecSpec = new ECNamedCurveSpec(
-            //             ECGOST3410NamedCurves.getName(oid),
-            //             ellipticCurve,
-            //             new ECPoint(
-            //                     gParam.getG().getAffineXCoord().toBigInteger(),
-            //                     gParam.getG().getAffineYCoord().toBigInteger()),
-            //             gParam.getN(),
-            //             gParam.getH());
-            // }
-            // else
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (ecP == null) // GOST Curve
+            {
+                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
+                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
+
+                ecSpec = new ECNamedCurveSpec(
+                        ECGOST3410NamedCurves.getName(oid),
+                        ellipticCurve,
+                        new ECPoint(
+                                gParam.getG().getAffineXCoord().toBigInteger(),
+                                gParam.getG().getAffineYCoord().toBigInteger()),
+                        gParam.getN(),
+                        gParam.getH());
+            }
+            else
+            */
+            // END Android-removed: Unsupported algorithms
             {
                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
 
@@ -335,13 +336,13 @@
 
         try
         {
-            // BEGIN android-removed
+            // BEGIN Android-removed: Unsupported algorithms
             // if (algorithm.equals("ECGOST3410"))
             // {
             //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
             // }
             // else
-            // END android-removed
+            // END Android-removed: Unsupported algorithms
             {
 
                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
index 94fb728..654b5e1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/JCEECPublicKey.java
@@ -18,11 +18,10 @@
 import org.bouncycastle.asn1.DERBitString;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DEROctetString;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
 // import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
 // import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
 import org.bouncycastle.asn1.x9.X962Parameters;
@@ -35,13 +34,11 @@
 import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
 import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
 import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-// END android-removed
 import org.bouncycastle.jce.interfaces.ECPointEncoder;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-// END android-removed
 import org.bouncycastle.jce.spec.ECNamedCurveSpec;
 import org.bouncycastle.math.ec.ECCurve;
 import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
@@ -55,9 +52,8 @@
     private org.bouncycastle.math.ec.ECPoint q;
     private ECParameterSpec         ecSpec;
     private boolean                 withCompression;
-    // BEGIN android-removed
+    // Android-removed: Unsupported algorithms
     // private GOST3410PublicKeyAlgParameters       gostParams;
-    // END android-removed
 
     public JCEECPublicKey(
         String              algorithm,
@@ -67,9 +63,8 @@
         this.q = key.q;
         this.ecSpec = key.ecSpec;
         this.withCompression = key.withCompression;
-        // BEGIN android-removed
+        // Android-removed: Unsupported algorithms
         // this.gostParams = key.gostParams;
-        // END android-removed
     }
     
     public JCEECPublicKey(
@@ -192,56 +187,58 @@
 
     private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
     {
-        // BEGIN android-removed
-        // if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-        // {
-        //     DERBitString bits = info.getPublicKeyData();
-        //     ASN1OctetString key;
-        //     this.algorithm = "ECGOST3410";
-        //
-        //     try
-        //     {
-        //         key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
-        //     }
-        //     catch (IOException ex)
-        //     {
-        //         throw new IllegalArgumentException("error recovering public key");
-        //     }
-        //
-        //     byte[]          keyEnc = key.getOctets();
-        //     byte[]          x = new byte[32];
-        //     byte[]          y = new byte[32];
-        //
-        //     for (int i = 0; i != x.length; i++)
-        //     {
-        //         x[i] = keyEnc[32 - 1 - i];
-        //     }
-        //
-        //     for (int i = 0; i != y.length; i++)
-        //     {
-        //         y[i] = keyEnc[64 - 1 - i];
-        //     }
-        //
-        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-        //
-        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
-        //
-        //     ECCurve curve = spec.getCurve();
-        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
-        //
-        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
-        //
-        //     ecSpec = new ECNamedCurveSpec(
-        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
-        //             ellipticCurve,
-        //             new ECPoint(
-        //                     spec.getG().getAffineXCoord().toBigInteger(),
-        //                     spec.getG().getAffineYCoord().toBigInteger()),
-        //                     spec.getN(), spec.getH());
-        //
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (info.getAlgorithmId().getAlgorithm().equals(CryptoProObjectIdentifiers.gostR3410_2001))
+        {
+            DERBitString bits = info.getPublicKeyData();
+            ASN1OctetString key;
+            this.algorithm = "ECGOST3410";
+
+            try
+            {
+                key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
+            }
+            catch (IOException ex)
+            {
+                throw new IllegalArgumentException("error recovering public key");
+            }
+
+            byte[]          keyEnc = key.getOctets();
+            byte[]          x = new byte[32];
+            byte[]          y = new byte[32];
+
+            for (int i = 0; i != x.length; i++)
+            {
+                x[i] = keyEnc[32 - 1 - i];
+            }
+
+            for (int i = 0; i != y.length; i++)
+            {
+                y[i] = keyEnc[64 - 1 - i];
+            }
+
+            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
+
+            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
+
+            ECCurve curve = spec.getCurve();
+            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
+
+            this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
+
+            ecSpec = new ECNamedCurveSpec(
+                    ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
+                    ellipticCurve,
+                    new ECPoint(
+                            spec.getG().getAffineXCoord().toBigInteger(),
+                            spec.getG().getAffineYCoord().toBigInteger()),
+                            spec.getN(), spec.getH());
+
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters());
             ECCurve                 curve;
@@ -330,54 +327,56 @@
         ASN1Encodable        params;
         SubjectPublicKeyInfo info;
 
-        // BEGIN android-removed
-        // if (algorithm.equals("ECGOST3410"))
-        // {
-        //     if (gostParams != null)
-        //     {
-        //         params = gostParams;
-        //     }
-        //     else
-        //     {
-        //         if (ecSpec instanceof ECNamedCurveSpec)
-        //         {
-        //             params = new GOST3410PublicKeyAlgParameters(
-        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
-        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
-        //         }
-        //         else
-        //         {   // strictly speaking this may not be applicable...
-        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
-        //
-        //             X9ECParameters ecP = new X9ECParameters(
-        //                 curve,
-        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
-        //                 ecSpec.getOrder(),
-        //                 BigInteger.valueOf(ecSpec.getCofactor()),
-        //                 ecSpec.getCurve().getSeed());
-        //
-        //             params = new X962Parameters(ecP);
-        //         }
-        //     }
-        //
-        //     BigInteger      bX = this.q.getAffineXCoord().toBigInteger();
-        //     BigInteger      bY = this.q.getAffineYCoord().toBigInteger();
-        //     byte[]          encKey = new byte[64];
-        //
-        //     extractBytes(encKey, 0, bX);
-        //     extractBytes(encKey, 32, bY);
-        //
-        //     try
-        //     {
-        //         info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
-        //     }
-        //     catch (IOException e)
-        //     {
-        //         return null;
-        //     }
-        // }
-        // else
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        if (algorithm.equals("ECGOST3410"))
+        {
+            if (gostParams != null)
+            {
+                params = gostParams;
+            }
+            else
+            {
+                if (ecSpec instanceof ECNamedCurveSpec)
+                {
+                    params = new GOST3410PublicKeyAlgParameters(
+                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
+                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
+                }
+                else
+                {   // strictly speaking this may not be applicable...
+                    ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
+
+                    X9ECParameters ecP = new X9ECParameters(
+                        curve,
+                        EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
+                        ecSpec.getOrder(),
+                        BigInteger.valueOf(ecSpec.getCofactor()),
+                        ecSpec.getCurve().getSeed());
+
+                    params = new X962Parameters(ecP);
+                }
+            }
+
+            BigInteger      bX = this.q.getAffineXCoord().toBigInteger();
+            BigInteger      bY = this.q.getAffineYCoord().toBigInteger();
+            byte[]          encKey = new byte[64];
+
+            extractBytes(encKey, 0, bX);
+            extractBytes(encKey, 32, bY);
+
+            try
+            {
+                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
+            }
+            catch (IOException e)
+            {
+                return null;
+            }
+        }
+        else
+        */
+        // END Android-removed: Unsupported algorithms
         {
             if (ecSpec instanceof ECNamedCurveSpec)
             {
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
index b53b7aa..97a38ac 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCRLUtil.java
@@ -88,24 +88,26 @@
         {
             Object obj = iter.next();
 
-            // BEGIN android-removed
-	    // if (obj instanceof Store)
-            // {
-            //     Store store = (Store)obj;
+            // BEGIN Android-removed: Unknown reason
+            /*
+            if (obj instanceof Store)
+            {
+                Store store = (Store)obj;
 
-            //     try
-            //     {
-            //         crls.addAll(store.getMatches(crlSelect));
-            //         foundValidStore = true;
-            //     }
-            //     catch (StoreException e)
-            //     {
-            //         lastException = new AnnotatedException(
-            //             "Exception searching in X.509 CRL store.", e);
-            //     }
-            // }
-            // else
-            // END android-removed
+                try
+                {
+                    crls.addAll(store.getMatches(crlSelect));
+                    foundValidStore = true;
+                }
+                catch (StoreException e)
+                {
+                    lastException = new AnnotatedException(
+                        "Exception searching in X.509 CRL store.", e);
+                }
+            }
+            else
+            */
+            // END Android-removed: Unknown reason
             {
                 CertStore store = (CertStore)obj;
 
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
index 5d49d88..bd2331a 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
@@ -1,8 +1,8 @@
 package org.bouncycastle.jce.provider;
 
-// BEGIN android-added
+// BEGIN Android-added: Blacklist support
 import java.math.BigInteger;
-// END android-added
+// END Android-added: Blacklist support
 import java.security.InvalidAlgorithmParameterException;
 import java.security.PublicKey;
 import java.security.cert.CertPath;
@@ -45,11 +45,11 @@
     public PKIXCertPathValidatorSpi()
     {
     }
-    // BEGIN android-added
+    // BEGIN Android-added: Avoid loading blacklist during class init
     private static class NoPreloadHolder {
         private final static CertBlacklist blacklist = new CertBlacklist();
     }
-    // END android-added
+    // END Android-added: Avoid loading blacklist during class init
 
     public CertPathValidatorResult engineValidate(
             CertPath certPath,
@@ -105,7 +105,7 @@
         {
             throw new CertPathValidatorException("Certification path is empty.", null, certPath, -1);
         }
-        // BEGIN android-added
+        // BEGIN Android-added: Support blacklisting known-bad certs
         {
             X509Certificate cert = (X509Certificate) certs.get(0);
 
@@ -120,7 +120,7 @@
                 }
             }
         }
-        // END android-added
+        // END Android-added: Support blacklisting known-bad certs
 
         //
         // (b)
@@ -300,7 +300,7 @@
 
         for (index = certs.size() - 1; index >= 0; index--)
         {
-            // BEGIN android-added
+            // BEGIN Android-added: Support blacklisting known-bad certs
             if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
                 // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
                 String message = "Certificate revocation of public key " + workingPublicKey;
@@ -308,7 +308,7 @@
                 AnnotatedException e = new AnnotatedException(message);
                 throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
             }
-            // END android-added
+            // END Android-added: Support blacklisting known-bad certs
             // try
             // {
             //
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
index 4a0166b..a35fa65 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509CertificateObject.java
@@ -58,9 +58,9 @@
 import org.bouncycastle.asn1.x509.Extensions;
 import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.asn1.x509.KeyUsage;
-// BEGIN android-added
+// BEGIN Android-added: Unknown reason
 import org.bouncycastle.asn1.x509.X509Name;
-// END android-added
+// END Android-added: Unknown reason
 import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
 import org.bouncycastle.jce.X509Principal;
 import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
@@ -570,20 +570,20 @@
         }
     }
 
-    // BEGIN android-changed
+    // BEGIN Android-added: Cache encoded certificates
     private byte[] encoded;
-    // END android-changed
+    // END Android-added: Cache encoded certificates
     public byte[] getEncoded()
         throws CertificateEncodingException
     {
         try
         {
-            // BEGIN android-changed
+            // BEGIN Android-changed: Cache encoded certificates
             if (encoded == null) {
                 encoded = c.getEncoded(ASN1Encoding.DER);
             }
             return encoded;
-            // END android-changed
+            // END Android-changed: Cache encoded certificates
         }
         catch (IOException e)
         {
@@ -904,9 +904,9 @@
                     list.add(genName.getEncoded());
                     break;
                 case GeneralName.directoryName:
-                    // BEGIN android-changed
+                    // BEGIN Android-changed: Unknown reason
                     list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-                    // END android-changed
+                    // END Android-changed: Unknown reason
                     break;
                 case GeneralName.dNSName:
                 case GeneralName.rfc822Name:
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
index b12b1df..a2ac86f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/X509SignatureUtil.java
@@ -14,9 +14,8 @@
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
@@ -68,14 +67,16 @@
         
         if (params != null && !derNull.equals(params))
         {
-            // BEGIN android-removed
-            // if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-            // {
-            //     RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-            //     
-            //     return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
-            // }
-            // END android-removed
+            // BEGIN Android-removed: Unsupported algorithms
+            /*
+            if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
+            {
+                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
+                
+                return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
+            }
+            */
+            // END Android-removed: Unsupported algorithms
             if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
             {
                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
@@ -118,24 +119,26 @@
         {
             return "SHA512";
         }
-        // BEGIN android-removed
-        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD128";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD160";
-        // }
-        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-        // {
-        //     return "RIPEMD256";
-        // }
-        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-        // {
-        //     return "GOST3411";
-        // }
-        // END android-removed
+        // BEGIN Android-removed: Unsupported algorithms
+        /*
+        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
+        {
+            return "RIPEMD128";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
+        {
+            return "RIPEMD160";
+        }
+        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
+        {
+            return "RIPEMD256";
+        }
+        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
+        {
+            return "GOST3411";
+        }
+        */
+        // END Android-removed: Unsupported algorithms
         else
         {
             return digestAlgOID.getId();            
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java b/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
index ecf910f..4762ec5 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509Util.java
@@ -25,16 +25,14 @@
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DERNull;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
-// BEGIN android-removed
+// Android-removed: Unsupported algorithms
 // import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-// END android-removed
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.jce.X509Principal;
@@ -48,10 +46,10 @@
     
     static
     {   
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
         // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
@@ -69,14 +67,14 @@
         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
         // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
         // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
         // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
@@ -89,13 +87,13 @@
         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
         // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
@@ -115,10 +113,10 @@
         //
         // RFC 4491
         //
-        // BEGIN android-removed
+        // BEGIN Android-removed: Unsupported algorithms
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
         // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-        // END android-removed
+        // END Android-removed: Unsupported algorithms
 
         //
         // explicit params
diff --git a/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java b/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
index 28bf550..325b8fb 100644
--- a/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
+++ b/bcprov/src/main/java/org/bouncycastle/x509/X509V3CertificateGenerator.java
@@ -38,7 +38,6 @@
 import org.bouncycastle.jcajce.util.BCJcaJceHelper;
 import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.jce.X509Principal;
-
 import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
 /**
diff --git a/bouncycastle.config b/bouncycastle.config
deleted file mode 100644
index 12ccaaa..0000000
--- a/bouncycastle.config
+++ /dev/null
@@ -1,691 +0,0 @@
-# directories
-UNNEEDED_BCPROV_SOURCES=" \
-org/bouncycastle/asn1/bsi \
-org/bouncycastle/asn1/cmp \
-org/bouncycastle/asn1/cms/ecc \
-org/bouncycastle/asn1/crmf \
-org/bouncycastle/asn1/cryptopro \
-org/bouncycastle/asn1/dvcs \
-org/bouncycastle/asn1/esf \
-org/bouncycastle/asn1/ess \
-org/bouncycastle/asn1/gnu \
-org/bouncycastle/asn1/icao \
-org/bouncycastle/asn1/microsoft \
-org/bouncycastle/asn1/mozilla \
-org/bouncycastle/asn1/ocsp \
-org/bouncycastle/asn1/smime \
-org/bouncycastle/asn1/test \
-org/bouncycastle/asn1/tsp \
-org/bouncycastle/asn1/ua \
-org/bouncycastle/asn1/x509/qualified \
-org/bouncycastle/asn1/x509/sigi \
-org/bouncycastle/crypto/agreement/jpake \
-org/bouncycastle/crypto/agreement/kdf \
-org/bouncycastle/crypto/agreement/srp \
-org/bouncycastle/crypto/agreement/test \
-org/bouncycastle/crypto/commitments \
-org/bouncycastle/crypto/ec/test \
-org/bouncycastle/crypto/examples \
-org/bouncycastle/crypto/kems \
-org/bouncycastle/crypto/parsers \
-org/bouncycastle/crypto/prng \
-org/bouncycastle/crypto/test/ \
-org/bouncycastle/crypto/tls/ \
-org/bouncycastle/i18n/ \
-org/bouncycastle/jcajce/io \
-org/bouncycastle/jcajce/provider/asymmetric/dstu \
-org/bouncycastle/jcajce/provider/asymmetric/ecgost \
-org/bouncycastle/jcajce/provider/asymmetric/elgamal \
-org/bouncycastle/jcajce/provider/asymmetric/gost \
-org/bouncycastle/jcajce/provider/asymmetric/ies \
-org/bouncycastle/jce/examples \
-org/bouncycastle/jce/provider/test \
-org/bouncycastle/math/ec/custom/djb \
-org/bouncycastle/math/ec/tools \
-org/bouncycastle/ocsp \
-org/bouncycastle/pqc \
-org/bouncycastle/util/test \
-org/bouncycastle/x509/examples \
-"
-
-# files
-UNNEEDED_BCPROV_SOURCES+=" \
-org/bouncycastle/LICENSE.java \
-org/bouncycastle/asn1/BERSequenceGenerator.java \
-org/bouncycastle/asn1/DERGenerator.java \
-org/bouncycastle/asn1/DERSequenceGenerator.java \
-org/bouncycastle/asn1/DERT61UTF8String.java \
-org/bouncycastle/asn1/cms/AuthEnvelopedData.java \
-org/bouncycastle/asn1/cms/AuthEnvelopedDataParser.java \
-org/bouncycastle/asn1/cms/AuthenticatedData.java \
-org/bouncycastle/asn1/cms/AuthenticatedDataParser.java \
-org/bouncycastle/asn1/cms/CCMParameters.java \
-org/bouncycastle/asn1/cms/CompressedData.java \
-org/bouncycastle/asn1/cms/CompressedDataParser.java \
-org/bouncycastle/asn1/cms/ContentInfoParser.java \
-org/bouncycastle/asn1/cms/DigestedData.java \
-org/bouncycastle/asn1/cms/EncryptedContentInfo.java \
-org/bouncycastle/asn1/cms/EncryptedContentInfoParser.java \
-org/bouncycastle/asn1/cms/EncryptedData.java \
-org/bouncycastle/asn1/cms/EnvelopedData.java \
-org/bouncycastle/asn1/cms/EnvelopedDataParser.java \
-org/bouncycastle/asn1/cms/Evidence.java \
-org/bouncycastle/asn1/cms/KEKIdentifier.java \
-org/bouncycastle/asn1/cms/KEKRecipientInfo.java \
-org/bouncycastle/asn1/cms/KeyAgreeRecipientIdentifier.java \
-org/bouncycastle/asn1/cms/KeyAgreeRecipientInfo.java \
-org/bouncycastle/asn1/cms/KeyTransRecipientInfo.java \
-org/bouncycastle/asn1/cms/MetaData.java \
-org/bouncycastle/asn1/cms/OriginatorIdentifierOrKey.java \
-org/bouncycastle/asn1/cms/OriginatorInfo.java \
-org/bouncycastle/asn1/cms/OriginatorPublicKey.java \
-org/bouncycastle/asn1/cms/OtherKeyAttribute.java \
-org/bouncycastle/asn1/cms/OtherRecipientInfo.java \
-org/bouncycastle/asn1/cms/OtherRevocationInfoFormat.java \
-org/bouncycastle/asn1/cms/PasswordRecipientInfo.java \
-org/bouncycastle/asn1/cms/RecipientEncryptedKey.java \
-org/bouncycastle/asn1/cms/RecipientIdentifier.java \
-org/bouncycastle/asn1/cms/RecipientInfo.java \
-org/bouncycastle/asn1/cms/RecipientKeyIdentifier.java \
-org/bouncycastle/asn1/cms/SCVPReqRes.java \
-org/bouncycastle/asn1/cms/SignedDataParser.java \
-org/bouncycastle/asn1/cms/TimeStampAndCRL.java \
-org/bouncycastle/asn1/cms/TimeStampTokenEvidence.java \
-org/bouncycastle/asn1/cms/TimeStampedData.java \
-org/bouncycastle/asn1/cms/TimeStampedDataParser.java \
-org/bouncycastle/asn1/eac/BidirectionalMap.java \
-org/bouncycastle/asn1/eac/CVCertificate.java \
-org/bouncycastle/asn1/eac/CVCertificateRequest.java \
-org/bouncycastle/asn1/eac/CertificateBody.java \
-org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java \
-org/bouncycastle/asn1/eac/CertificateHolderReference.java \
-org/bouncycastle/asn1/eac/CertificationAuthorityReference.java \
-org/bouncycastle/asn1/eac/EACTags.java \
-org/bouncycastle/asn1/eac/ECDSAPublicKey.java \
-org/bouncycastle/asn1/eac/Flags.java \
-org/bouncycastle/asn1/eac/PackedDate.java \
-org/bouncycastle/asn1/eac/PublicKeyDataObject.java \
-org/bouncycastle/asn1/eac/RSAPublicKey.java \
-org/bouncycastle/asn1/eac/UnsignedInteger.java \
-org/bouncycastle/asn1/isismtt/ocsp/CertHash.java \
-org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java \
-org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java \
-org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java \
-org/bouncycastle/asn1/isismtt/x509/Admissions.java \
-org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java \
-org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java \
-org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java \
-org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java \
-org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java \
-org/bouncycastle/asn1/isismtt/x509/Restriction.java \
-org/bouncycastle/asn1/misc/CAST5CBCParameters.java \
-org/bouncycastle/asn1/misc/IDEACBCPar.java \
-org/bouncycastle/asn1/oiw/ElGamalParameter.java \
-org/bouncycastle/asn1/pkcs/Attribute.java \
-org/bouncycastle/asn1/pkcs/RC2CBCParameter.java \
-org/bouncycastle/asn1/pkcs/SignerInfo.java \
-org/bouncycastle/asn1/teletrust/TeleTrusTNamedCurves.java \
-org/bouncycastle/asn1/util/DERDump.java \
-org/bouncycastle/asn1/util/Dump.java \
-org/bouncycastle/asn1/x509/AccessDescription.java \
-org/bouncycastle/asn1/x509/AuthorityInformationAccess.java \
-org/bouncycastle/asn1/x509/CertPolicyId.java \
-org/bouncycastle/asn1/x509/CertificatePair.java \
-org/bouncycastle/asn1/x509/CertificatePolicies.java \
-org/bouncycastle/asn1/x509/DisplayText.java \
-org/bouncycastle/asn1/x509/GeneralNamesBuilder.java \
-org/bouncycastle/asn1/x509/IetfAttrSyntax.java \
-org/bouncycastle/asn1/x509/NoticeReference.java \
-org/bouncycastle/asn1/x509/PolicyMappings.java \
-org/bouncycastle/asn1/x509/PolicyQualifierId.java \
-org/bouncycastle/asn1/x509/PolicyQualifierInfo.java \
-org/bouncycastle/asn1/x509/PrivateKeyUsagePeriod.java \
-org/bouncycastle/asn1/x509/RoleSyntax.java \
-org/bouncycastle/asn1/x509/SubjectDirectoryAttributes.java \
-org/bouncycastle/asn1/x509/Target.java \
-org/bouncycastle/asn1/x509/TargetInformation.java \
-org/bouncycastle/asn1/x509/Targets.java \
-org/bouncycastle/asn1/x509/UserNotice.java \
-org/bouncycastle/asn1/x509/V2AttributeCertificateInfoGenerator.java \
-org/bouncycastle/asn1/x509/V2TBSCertListGenerator.java \
-org/bouncycastle/asn1/x509/X509AttributeIdentifiers.java \
-org/bouncycastle/asn1/x9/KeySpecificInfo.java \
-org/bouncycastle/asn1/x9/OtherInfo.java \
-org/bouncycastle/crypto/BufferedAsymmetricBlockCipher.java \
-org/bouncycastle/crypto/Commitment.java \
-org/bouncycastle/crypto/Committer.java \
-org/bouncycastle/crypto/DigestDerivationFunction.java \
-org/bouncycastle/crypto/EphemeralKeyPair.java \
-org/bouncycastle/crypto/KeyEncapsulation.java \
-org/bouncycastle/crypto/KeyEncoder.java \
-org/bouncycastle/crypto/KeyParser.java \
-org/bouncycastle/crypto/MacDerivationFunction.java \
-org/bouncycastle/crypto/MaxBytesExceededException.java \
-org/bouncycastle/crypto/agreement/DHAgreement.java \
-org/bouncycastle/crypto/agreement/DHStandardGroups.java \
-org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java \
-org/bouncycastle/crypto/agreement/ECMQVBasicAgreement.java \
-org/bouncycastle/crypto/generators/BCrypt.java \
-org/bouncycastle/crypto/generators/OpenBSDBCrypt.java \
-org/bouncycastle/crypto/digests/GOST3411Digest.java \
-org/bouncycastle/crypto/digests/MD2Digest.java \
-org/bouncycastle/crypto/digests/MD4Digest.java \
-org/bouncycastle/crypto/digests/NonMemoableDigest.java \
-org/bouncycastle/crypto/digests/RIPEMD128Digest.java \
-org/bouncycastle/crypto/digests/RIPEMD160Digest.java \
-org/bouncycastle/crypto/digests/RIPEMD256Digest.java \
-org/bouncycastle/crypto/digests/RIPEMD320Digest.java \
-org/bouncycastle/crypto/digests/SHA3Digest.java \
-org/bouncycastle/crypto/digests/SHA512tDigest.java \
-org/bouncycastle/crypto/digests/SM3Digest.java \
-org/bouncycastle/crypto/digests/ShortenedDigest.java \
-org/bouncycastle/crypto/digests/SkeinDigest.java \
-org/bouncycastle/crypto/digests/SkeinEngine.java \
-org/bouncycastle/crypto/digests/TigerDigest.java \
-org/bouncycastle/crypto/digests/WhirlpoolDigest.java \
-org/bouncycastle/crypto/ec/ECDecryptor.java \
-org/bouncycastle/crypto/ec/ECElGamalDecryptor.java \
-org/bouncycastle/crypto/ec/ECElGamalEncryptor.java \
-org/bouncycastle/crypto/ec/ECEncryptor.java \
-org/bouncycastle/crypto/ec/ECFixedTransform.java \
-org/bouncycastle/crypto/ec/ECNewPublicKeyTransform.java \
-org/bouncycastle/crypto/ec/ECNewRandomnessTransform.java \
-org/bouncycastle/crypto/ec/ECPair.java \
-org/bouncycastle/crypto/ec/ECPairFactorTransform.java \
-org/bouncycastle/crypto/ec/ECPairTransform.java \
-org/bouncycastle/crypto/ec/ECUtil.java \
-org/bouncycastle/crypto/encodings/ISO9796d1Encoding.java \
-org/bouncycastle/crypto/engines/AESLightEngine.java \
-org/bouncycastle/crypto/engines/AESWrapPadEngine.java \
-org/bouncycastle/crypto/engines/CAST5Engine.java \
-org/bouncycastle/crypto/engines/CAST6Engine.java \
-org/bouncycastle/crypto/engines/CamelliaEngine.java \
-org/bouncycastle/crypto/engines/CamelliaLightEngine.java \
-org/bouncycastle/crypto/engines/CamelliaWrapEngine.java \
-org/bouncycastle/crypto/engines/ChaChaEngine.java \
-org/bouncycastle/crypto/engines/CramerShoupCiphertext.java \
-org/bouncycastle/crypto/engines/CramerShoupCoreEngine.java \
-org/bouncycastle/crypto/engines/ElGamalEngine.java \
-org/bouncycastle/crypto/engines/GOST28147Engine.java \
-org/bouncycastle/crypto/engines/Grain128Engine.java \
-org/bouncycastle/crypto/engines/Grainv1Engine.java \
-org/bouncycastle/crypto/engines/HC128Engine.java \
-org/bouncycastle/crypto/engines/HC256Engine.java \
-org/bouncycastle/crypto/engines/IDEAEngine.java \
-org/bouncycastle/crypto/engines/IESEngine.java \
-org/bouncycastle/crypto/engines/ISAACEngine.java \
-org/bouncycastle/crypto/engines/NaccacheSternEngine.java \
-org/bouncycastle/crypto/engines/NoekeonEngine.java \
-org/bouncycastle/crypto/engines/NullEngine.java \
-org/bouncycastle/crypto/engines/RC2WrapEngine.java \
-org/bouncycastle/crypto/engines/RC532Engine.java \
-org/bouncycastle/crypto/engines/RC564Engine.java \
-org/bouncycastle/crypto/engines/RC6Engine.java \
-org/bouncycastle/crypto/engines/RFC3211WrapEngine.java \
-org/bouncycastle/crypto/engines/RFC5649WrapEngine.java \
-org/bouncycastle/crypto/engines/RSABlindingEngine.java \
-org/bouncycastle/crypto/engines/RSAEngine.java \
-org/bouncycastle/crypto/engines/RijndaelEngine.java \
-org/bouncycastle/crypto/engines/SEEDEngine.java \
-org/bouncycastle/crypto/engines/SEEDWrapEngine.java \
-org/bouncycastle/crypto/engines/Salsa20Engine.java \
-org/bouncycastle/crypto/engines/SerpentEngine.java \
-org/bouncycastle/crypto/engines/Shacal2Engine.java \
-org/bouncycastle/crypto/engines/SkipjackEngine.java \
-org/bouncycastle/crypto/engines/TEAEngine.java \
-org/bouncycastle/crypto/engines/ThreefishEngine.java \
-org/bouncycastle/crypto/engines/VMPCEngine.java \
-org/bouncycastle/crypto/engines/VMPCKSA3Engine.java \
-org/bouncycastle/crypto/engines/XSalsa20Engine.java \
-org/bouncycastle/crypto/engines/XTEAEngine.java \
-org/bouncycastle/crypto/generators/BaseKDFBytesGenerator.java \
-org/bouncycastle/crypto/generators/CramerShoupKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/CramerShoupParametersGenerator.java \
-org/bouncycastle/crypto/generators/DHKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/DSTU4145KeyPairGenerator.java \
-org/bouncycastle/crypto/generators/ElGamalKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/ElGamalParametersGenerator.java \
-org/bouncycastle/crypto/generators/EphemeralKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/GOST3410KeyPairGenerator.java \
-org/bouncycastle/crypto/generators/GOST3410ParametersGenerator.java \
-org/bouncycastle/crypto/generators/HKDFBytesGenerator.java \
-org/bouncycastle/crypto/generators/KDF1BytesGenerator.java \
-org/bouncycastle/crypto/generators/KDF2BytesGenerator.java \
-org/bouncycastle/crypto/generators/KDFCounterBytesGenerator.java \
-org/bouncycastle/crypto/generators/KDFDoublePipelineIterationBytesGenerator.java \
-org/bouncycastle/crypto/generators/KDFFeedbackBytesGenerator.java \
-org/bouncycastle/crypto/generators/MGF1BytesGenerator.java \
-org/bouncycastle/crypto/generators/NaccacheSternKeyPairGenerator.java \
-org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java \
-org/bouncycastle/crypto/generators/RSABlindingFactorGenerator.java \
-org/bouncycastle/crypto/generators/SCrypt.java \
-org/bouncycastle/crypto/io/CipherIOException.java \
-org/bouncycastle/crypto/io/CipherInputStream.java \
-org/bouncycastle/crypto/io/CipherOutputStream.java \
-org/bouncycastle/crypto/io/InvalidCipherTextIOException.java \
-org/bouncycastle/crypto/io/SignerInputStream.java \
-org/bouncycastle/crypto/io/SignerOutputStream.java \
-org/bouncycastle/crypto/macs/BlockCipherMac.java \
-org/bouncycastle/crypto/macs/CFBBlockCipherMac.java \
-org/bouncycastle/crypto/macs/CMac.java \
-org/bouncycastle/crypto/macs/CMacWithIV.java \
-org/bouncycastle/crypto/macs/GMac.java \
-org/bouncycastle/crypto/macs/GOST28147Mac.java \
-org/bouncycastle/crypto/macs/ISO9797Alg3Mac.java \
-org/bouncycastle/crypto/macs/OldHMac.java \
-org/bouncycastle/crypto/macs/Poly1305.java \
-org/bouncycastle/crypto/macs/SipHash.java \
-org/bouncycastle/crypto/macs/SkeinMac.java \
-org/bouncycastle/crypto/macs/VMPCMac.java \
-org/bouncycastle/crypto/modes/EAXBlockCipher.java \
-org/bouncycastle/crypto/modes/GCFBBlockCipher.java \
-org/bouncycastle/crypto/modes/GOFBBlockCipher.java \
-org/bouncycastle/crypto/modes/OCBBlockCipher.java \
-org/bouncycastle/crypto/modes/OldCTSBlockCipher.java \
-org/bouncycastle/crypto/modes/OpenPGPCFBBlockCipher.java \
-org/bouncycastle/crypto/modes/NISTCTSBlockCipher.java \
-org/bouncycastle/crypto/modes/PGPCFBBlockCipher.java \
-org/bouncycastle/crypto/modes/PaddedBlockCipher.java \
-org/bouncycastle/crypto/modes/gcm/BasicGCMExponentiator.java \
-org/bouncycastle/crypto/modes/gcm/BasicGCMMultiplier.java \
-org/bouncycastle/crypto/modes/gcm/Tables64kGCMMultiplier.java \
-org/bouncycastle/crypto/params/CCMParameters.java \
-org/bouncycastle/crypto/params/CramerShoupKeyGenerationParameters.java \
-org/bouncycastle/crypto/params/CramerShoupKeyParameters.java \
-org/bouncycastle/crypto/params/CramerShoupParameters.java \
-org/bouncycastle/crypto/params/CramerShoupPrivateKeyParameters.java \
-org/bouncycastle/crypto/params/CramerShoupPublicKeyParameters.java \
-org/bouncycastle/crypto/params/ElGamalKeyGenerationParameters.java \
-org/bouncycastle/crypto/params/ElGamalKeyParameters.java \
-org/bouncycastle/crypto/params/ElGamalParameters.java \
-org/bouncycastle/crypto/params/ElGamalPrivateKeyParameters.java \
-org/bouncycastle/crypto/params/ElGamalPublicKeyParameters.java \
-org/bouncycastle/crypto/params/GOST3410KeyGenerationParameters.java \
-org/bouncycastle/crypto/params/GOST3410KeyParameters.java \
-org/bouncycastle/crypto/params/GOST3410Parameters.java \
-org/bouncycastle/crypto/params/GOST3410PrivateKeyParameters.java \
-org/bouncycastle/crypto/params/GOST3410PublicKeyParameters.java \
-org/bouncycastle/crypto/params/GOST3410ValidationParameters.java \
-org/bouncycastle/crypto/params/HKDFParameters.java \
-org/bouncycastle/crypto/params/IESParameters.java \
-org/bouncycastle/crypto/params/IESWithCipherParameters.java \
-org/bouncycastle/crypto/params/ISO18033KDFParameters.java \
-org/bouncycastle/crypto/params/KDFCounterParameters.java \
-org/bouncycastle/crypto/params/KDFDoublePipelineIterationParameters.java \
-org/bouncycastle/crypto/params/KDFFeedbackParameters.java \
-org/bouncycastle/crypto/params/KDFParameters.java \
-org/bouncycastle/crypto/params/MGFParameters.java \
-org/bouncycastle/crypto/params/MQVPrivateParameters.java \
-org/bouncycastle/crypto/params/MQVPublicParameters.java \
-org/bouncycastle/crypto/params/NaccacheSternKeyGenerationParameters.java \
-org/bouncycastle/crypto/params/NaccacheSternKeyParameters.java \
-org/bouncycastle/crypto/params/NaccacheSternPrivateKeyParameters.java \
-org/bouncycastle/crypto/params/ParametersWithSBox.java \
-org/bouncycastle/crypto/params/ParametersWithSalt.java \
-org/bouncycastle/crypto/params/RC5Parameters.java \
-org/bouncycastle/crypto/params/RSABlindingParameters.java \
-org/bouncycastle/crypto/params/SRP6GroupParameters.java \
-org/bouncycastle/crypto/params/SkeinParameters.java \
-org/bouncycastle/crypto/params/TweakableBlockCipherParameters.java \
-org/bouncycastle/crypto/signers/DSADigestSigner.java \
-org/bouncycastle/crypto/signers/DSTU4145Signer.java \
-org/bouncycastle/crypto/signers/ECGOST3410Signer.java \
-org/bouncycastle/crypto/signers/ECNRSigner.java \
-org/bouncycastle/crypto/signers/GOST3410Signer.java \
-org/bouncycastle/crypto/signers/GenericSigner.java \
-org/bouncycastle/crypto/signers/HMacDSAKCalculator.java \
-org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java \
-org/bouncycastle/crypto/signers/ISO9796d2Signer.java \
-org/bouncycastle/crypto/signers/PSSSigner.java \
-org/bouncycastle/crypto/signers/X931Signer.java \
-org/bouncycastle/crypto/util/PrivateKeyInfoFactory.java \
-org/bouncycastle/crypto/util/SubjectPublicKeyInfoFactory.java \
-org/bouncycastle/jcajce/PKCS12Key.java \
-org/bouncycastle/jcajce/PKCS12KeyWithParameters.java \
-org/bouncycastle/jcajce/provider/asymmetric/DSTU4145.java \
-org/bouncycastle/jcajce/provider/asymmetric/ECGOST.java \
-org/bouncycastle/jcajce/provider/asymmetric/ElGamal.java \
-org/bouncycastle/jcajce/provider/asymmetric/GOST.java \
-org/bouncycastle/jcajce/provider/asymmetric/IES.java \
-org/bouncycastle/jcajce/provider/asymmetric/dh/IESCipher.java \
-org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java \
-org/bouncycastle/jcajce/provider/asymmetric/rsa/ISOSignatureSpi.java \
-org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java \
-org/bouncycastle/jcajce/provider/asymmetric/rsa/X931SignatureSpi.java \
-org/bouncycastle/jcajce/provider/asymmetric/util/GOST3410Util.java \
-org/bouncycastle/jcajce/provider/asymmetric/util/IESUtil.java \
-org/bouncycastle/jcajce/provider/digest/GOST3411.java \
-org/bouncycastle/jcajce/provider/digest/MD2.java \
-org/bouncycastle/jcajce/provider/digest/MD4.java \
-org/bouncycastle/jcajce/provider/digest/RIPEMD128.java \
-org/bouncycastle/jcajce/provider/digest/RIPEMD160.java \
-org/bouncycastle/jcajce/provider/digest/RIPEMD256.java \
-org/bouncycastle/jcajce/provider/digest/RIPEMD320.java \
-org/bouncycastle/jcajce/provider/digest/SHA3.java \
-org/bouncycastle/jcajce/provider/digest/SM3.java \
-org/bouncycastle/jcajce/provider/digest/Skein.java \
-org/bouncycastle/jcajce/provider/digest/Tiger.java \
-org/bouncycastle/jcajce/provider/digest/Whirlpool.java \
-org/bouncycastle/jcajce/provider/symmetric/CAST5.java \
-org/bouncycastle/jcajce/provider/symmetric/CAST6.java \
-org/bouncycastle/jcajce/provider/symmetric/Camellia.java \
-org/bouncycastle/jcajce/provider/symmetric/ChaCha.java \
-org/bouncycastle/jcajce/provider/symmetric/GOST28147.java \
-org/bouncycastle/jcajce/provider/symmetric/Grain128.java \
-org/bouncycastle/jcajce/provider/symmetric/Grainv1.java \
-org/bouncycastle/jcajce/provider/symmetric/HC128.java \
-org/bouncycastle/jcajce/provider/symmetric/HC256.java \
-org/bouncycastle/jcajce/provider/symmetric/IDEA.java \
-org/bouncycastle/jcajce/provider/symmetric/Noekeon.java \
-org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java \
-org/bouncycastle/jcajce/provider/symmetric/RC5.java \
-org/bouncycastle/jcajce/provider/symmetric/RC6.java \
-org/bouncycastle/jcajce/provider/symmetric/Rijndael.java \
-org/bouncycastle/jcajce/provider/symmetric/SEED.java \
-org/bouncycastle/jcajce/provider/symmetric/Salsa20.java \
-org/bouncycastle/jcajce/provider/symmetric/Serpent.java \
-org/bouncycastle/jcajce/provider/symmetric/Shacal2.java \
-org/bouncycastle/jcajce/provider/symmetric/SipHash.java \
-org/bouncycastle/jcajce/provider/symmetric/Skipjack.java \
-org/bouncycastle/jcajce/provider/symmetric/TEA.java \
-org/bouncycastle/jcajce/provider/symmetric/Threefish.java \
-org/bouncycastle/jcajce/provider/symmetric/VMPC.java \
-org/bouncycastle/jcajce/provider/symmetric/VMPCKSA3.java \
-org/bouncycastle/jcajce/provider/symmetric/XSalsa20.java \
-org/bouncycastle/jcajce/provider/symmetric/XTEA.java \
-org/bouncycastle/jcajce/spec/GOST28147ParameterSpec.java \
-org/bouncycastle/jcajce/spec/RepeatedSecretKeySpec.java \
-org/bouncycastle/jcajce/spec/SkeinParameterSpec.java \
-org/bouncycastle/jce/ECGOST3410NamedCurveTable.java \
-org/bouncycastle/jce/ECKeyUtil.java \
-org/bouncycastle/jce/ECPointUtil.java \
-org/bouncycastle/jce/MultiCertStoreParameters.java \
-org/bouncycastle/jce/PKCS12Util.java \
-org/bouncycastle/jce/X509KeyUsage.java \
-org/bouncycastle/jce/X509LDAPCertStoreParameters.java \
-org/bouncycastle/jce/exception/ExtCertificateEncodingException.java \
-org/bouncycastle/jce/exception/ExtIOException.java \
-org/bouncycastle/jce/interfaces/ElGamalKey.java \
-org/bouncycastle/jce/interfaces/ElGamalPrivateKey.java \
-org/bouncycastle/jce/interfaces/ElGamalPublicKey.java \
-org/bouncycastle/jce/interfaces/GOST3410Key.java \
-org/bouncycastle/jce/interfaces/GOST3410Params.java \
-org/bouncycastle/jce/interfaces/GOST3410PrivateKey.java \
-org/bouncycastle/jce/interfaces/GOST3410PublicKey.java \
-org/bouncycastle/jce/interfaces/IESKey.java \
-org/bouncycastle/jce/interfaces/MQVPrivateKey.java \
-org/bouncycastle/jce/interfaces/MQVPublicKey.java \
-org/bouncycastle/jce/provider/BrokenJCEBlockCipher.java \
-org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java \
-org/bouncycastle/jce/provider/BrokenPBE.java \
-org/bouncycastle/jce/provider/JCEElGamalPrivateKey.java \
-org/bouncycastle/jce/provider/JCEElGamalPublicKey.java \
-org/bouncycastle/jce/provider/MultiCertStoreSpi.java \
-org/bouncycastle/jce/provider/PKIXAttrCertPathBuilderSpi.java \
-org/bouncycastle/jce/provider/PKIXAttrCertPathValidatorSpi.java \
-org/bouncycastle/jce/provider/RFC3281CertPathUtilities.java \
-org/bouncycastle/jce/provider/X509AttrCertParser.java \
-org/bouncycastle/jce/provider/X509CRLParser.java \
-org/bouncycastle/jce/provider/X509CertPairParser.java \
-org/bouncycastle/jce/provider/X509CertParser.java \
-org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java \
-org/bouncycastle/jce/provider/X509StoreAttrCertCollection.java \
-org/bouncycastle/jce/provider/X509StoreCRLCollection.java \
-org/bouncycastle/jce/provider/X509StoreCertCollection.java \
-org/bouncycastle/jce/provider/X509StoreCertPairCollection.java \
-org/bouncycastle/jce/provider/X509StoreLDAPAttrCerts.java \
-org/bouncycastle/jce/provider/X509StoreLDAPCRLs.java \
-org/bouncycastle/jce/provider/X509StoreLDAPCertPairs.java \
-org/bouncycastle/jce/provider/X509StoreLDAPCerts.java \
-org/bouncycastle/jce/spec/ElGamalGenParameterSpec.java \
-org/bouncycastle/jce/spec/ElGamalKeySpec.java \
-org/bouncycastle/jce/spec/ElGamalParameterSpec.java \
-org/bouncycastle/jce/spec/ElGamalPrivateKeySpec.java \
-org/bouncycastle/jce/spec/ElGamalPublicKeySpec.java \
-org/bouncycastle/jce/spec/GOST28147ParameterSpec.java \
-org/bouncycastle/jce/spec/GOST3410ParameterSpec.java \
-org/bouncycastle/jce/spec/GOST3410PrivateKeySpec.java \
-org/bouncycastle/jce/spec/GOST3410PublicKeyParameterSetSpec.java \
-org/bouncycastle/jce/spec/GOST3410PublicKeySpec.java \
-org/bouncycastle/jce/spec/IEKeySpec.java \
-org/bouncycastle/jce/spec/IESParameterSpec.java \
-org/bouncycastle/jce/spec/MQVPrivateKeySpec.java \
-org/bouncycastle/jce/spec/MQVPublicKeySpec.java \
-org/bouncycastle/jce/spec/RepeatedSecretKeySpec.java \
-org/bouncycastle/math/ec/DoubleAddMultiplier.java \
-org/bouncycastle/math/ec/MixedNafR2LMultiplier.java \
-org/bouncycastle/math/ec/MontgomeryLadderMultiplier.java \
-org/bouncycastle/math/ec/NafL2RMultiplier.java \
-org/bouncycastle/math/ec/NafR2LMultiplier.java \
-org/bouncycastle/math/ec/ReferenceMultiplier.java \
-org/bouncycastle/math/ec/ScaleYPointMap.java \
-org/bouncycastle/math/ec/ZSignedDigitL2RMultiplier.java \
-org/bouncycastle/math/ec/ZSignedDigitR2LMultiplier.java \
-org/bouncycastle/math/raw/Mont256.java \
-org/bouncycastle/util/MemoableResetException.java \
-org/bouncycastle/util/Shorts.java \
-org/bouncycastle/util/StreamParser.java \
-org/bouncycastle/util/StreamParsingException.java \
-org/bouncycastle/util/Times.java \
-org/bouncycastle/util/encoders/BufferedDecoder.java \
-org/bouncycastle/util/encoders/BufferedEncoder.java \
-org/bouncycastle/util/encoders/HexTranslator.java \
-org/bouncycastle/util/encoders/Translator.java \
-org/bouncycastle/util/encoders/UrlBase64.java \
-org/bouncycastle/util/encoders/UrlBase64Encoder.java \
-org/bouncycastle/util/io/BufferingOutputStream.java \
-org/bouncycastle/x509/CertPathReviewerException.java \
-org/bouncycastle/x509/CertPathReviewerMessages_de.properties \
-org/bouncycastle/x509/NoSuchParserException.java \
-org/bouncycastle/x509/PKIXCRLUtil.java \
-org/bouncycastle/x509/PKIXCertPathReviewer.java \
-org/bouncycastle/x509/CertPathValidatorUtilities.java \
-org/bouncycastle/x509/CertStatus.java \
-org/bouncycastle/x509/X509AttributeCertStoreSelector.java \
-org/bouncycastle/x509/X509CertPairStoreSelector.java \
-org/bouncycastle/x509/X509CertificatePair.java \
-org/bouncycastle/x509/X509Store.java \
-org/bouncycastle/x509/X509StreamParser.java \
-org/bouncycastle/x509/X509StreamParserSpi.java \
-org/bouncycastle/x509/X509V2CRLGenerator.java \
-org/bouncycastle/x509/util/LDAPStoreHelper.java \
-org/bouncycastle/x509/util/StreamParser.java \
-org/bouncycastle/x509/util/StreamParsingException.java \
-"
-
-# directories
-UNNEEDED_BCPKIX_SOURCES=" \
-docs \
-org/bouncycastle/cert/bc \
-org/bouncycastle/cert/cmp \
-org/bouncycastle/cert/crmf \
-org/bouncycastle/cert/dane \
-org/bouncycastle/cert/ocsp \
-org/bouncycastle/cert/path \
-org/bouncycastle/cert/selector/jcajce \
-org/bouncycastle/cert/test \
-org/bouncycastle/cms/bc \
-org/bouncycastle/cms/test \
-org/bouncycastle/dvcs \
-org/bouncycastle/eac \
-org/bouncycastle/mozilla \
-org/bouncycastle/openssl \
-org/bouncycastle/operator/test \
-org/bouncycastle/pkcs \
-org/bouncycastle/pkix \
-org/bouncycastle/tsp \
-org/bouncycastle/voms \
-"
-
-# files
-UNNEEDED_BCPKIX_SOURCES+=" \
-org/bouncycastle/cert/CertRuntimeException.java \
-org/bouncycastle/cert/X509ContentVerifierProviderBuilder.java \
-org/bouncycastle/cert/X509ExtensionUtils.java \
-org/bouncycastle/cert/X509v1CertificateBuilder.java \
-org/bouncycastle/cert/X509v2AttributeCertificateBuilder.java \
-org/bouncycastle/cert/X509v2CRLBuilder.java \
-org/bouncycastle/cert/X509v3CertificateBuilder.java \
-org/bouncycastle/cert/jcajce/CertHelper.java \
-org/bouncycastle/cert/jcajce/DefaultCertHelper.java \
-org/bouncycastle/cert/jcajce/JcaAttrCertStore.java \
-org/bouncycastle/cert/jcajce/JcaAttributeCertificateIssuer.java \
-org/bouncycastle/cert/jcajce/JcaCRLStore.java \
-org/bouncycastle/cert/jcajce/JcaCertStoreBuilder.java \
-org/bouncycastle/cert/jcajce/JcaX500NameUtil.java \
-org/bouncycastle/cert/jcajce/JcaX509AttributeCertificateHolder.java \
-org/bouncycastle/cert/jcajce/JcaX509CRLConverter.java \
-org/bouncycastle/cert/jcajce/JcaX509CRLHolder.java \
-org/bouncycastle/cert/jcajce/JcaX509CertificateConverter.java \
-org/bouncycastle/cert/jcajce/JcaX509ContentVerifierProviderBuilder.java \
-org/bouncycastle/cert/jcajce/JcaX509ExtensionUtils.java \
-org/bouncycastle/cert/jcajce/JcaX509v1CertificateBuilder.java \
-org/bouncycastle/cert/jcajce/JcaX509v2CRLBuilder.java \
-org/bouncycastle/cert/jcajce/JcaX509v3CertificateBuilder.java \
-org/bouncycastle/cert/jcajce/NamedCertHelper.java \
-org/bouncycastle/cert/jcajce/ProviderCertHelper.java \
-org/bouncycastle/cert/selector/X509AttributeCertificateHolderSelector.java \
-org/bouncycastle/cert/selector/X509AttributeCertificateHolderSelectorBuilder.java \
-org/bouncycastle/cms/AuthAttributesProvider.java \
-org/bouncycastle/cms/CMSAlgorithm.java \
-org/bouncycastle/cms/CMSAuthEnvelopedData.java \
-org/bouncycastle/cms/CMSAuthEnvelopedGenerator.java \
-org/bouncycastle/cms/CMSAuthenticatedData.java \
-org/bouncycastle/cms/CMSAuthenticatedDataGenerator.java \
-org/bouncycastle/cms/CMSAuthenticatedDataParser.java \
-org/bouncycastle/cms/CMSAuthenticatedDataStreamGenerator.java \
-org/bouncycastle/cms/CMSAuthenticatedGenerator.java \
-org/bouncycastle/cms/CMSCompressedData.java \
-org/bouncycastle/cms/CMSCompressedDataGenerator.java \
-org/bouncycastle/cms/CMSCompressedDataParser.java \
-org/bouncycastle/cms/CMSCompressedDataStreamGenerator.java \
-org/bouncycastle/cms/CMSConfig.java \
-org/bouncycastle/cms/CMSContentInfoParser.java \
-org/bouncycastle/cms/CMSDigestedData.java \
-org/bouncycastle/cms/CMSEncryptedData.java \
-org/bouncycastle/cms/CMSEncryptedDataGenerator.java \
-org/bouncycastle/cms/CMSEncryptedGenerator.java \
-org/bouncycastle/cms/CMSEnvelopedData.java \
-org/bouncycastle/cms/CMSEnvelopedDataGenerator.java \
-org/bouncycastle/cms/CMSEnvelopedDataParser.java \
-org/bouncycastle/cms/CMSEnvelopedDataStreamGenerator.java \
-org/bouncycastle/cms/CMSEnvelopedGenerator.java \
-org/bouncycastle/cms/CMSEnvelopedHelper.java \
-org/bouncycastle/cms/CMSProcessableFile.java \
-org/bouncycastle/cms/CMSProcessableInputStream.java \
-org/bouncycastle/cms/CMSSecureReadable.java \
-org/bouncycastle/cms/CMSSignedDataParser.java \
-org/bouncycastle/cms/CMSSignedDataStreamGenerator.java \
-org/bouncycastle/cms/CMSStreamException.java \
-org/bouncycastle/cms/CMSTypedStream.java \
-org/bouncycastle/cms/DefaultAuthenticatedAttributeTableGenerator.java \
-org/bouncycastle/cms/KEKRecipient.java \
-org/bouncycastle/cms/KEKRecipientId.java \
-org/bouncycastle/cms/KEKRecipientInfoGenerator.java \
-org/bouncycastle/cms/KEKRecipientInformation.java \
-org/bouncycastle/cms/KeyAgreeRecipient.java \
-org/bouncycastle/cms/KeyAgreeRecipientId.java \
-org/bouncycastle/cms/KeyAgreeRecipientInfoGenerator.java \
-org/bouncycastle/cms/KeyAgreeRecipientInformation.java \
-org/bouncycastle/cms/KeyTransRecipient.java \
-org/bouncycastle/cms/KeyTransRecipientId.java \
-org/bouncycastle/cms/KeyTransRecipientInfoGenerator.java \
-org/bouncycastle/cms/KeyTransRecipientInformation.java \
-org/bouncycastle/cms/OriginatorId.java \
-org/bouncycastle/cms/OriginatorInfoGenerator.java \
-org/bouncycastle/cms/OriginatorInformation.java \
-org/bouncycastle/cms/PasswordRecipientId.java \
-org/bouncycastle/cms/PasswordRecipientInfoGenerator.java \
-org/bouncycastle/cms/PasswordRecipientInformation.java \
-org/bouncycastle/cms/RecipientId.java \
-org/bouncycastle/cms/RecipientInfoGenerator.java \
-org/bouncycastle/cms/RecipientInformation.java \
-org/bouncycastle/cms/RecipientInformationStore.java \
-org/bouncycastle/cms/SignerInformationVerifierProvider.java \
-org/bouncycastle/cms/jcajce/CMSUtils.java \
-org/bouncycastle/cms/jcajce/DefaultJcaJceExtHelper.java \
-org/bouncycastle/cms/jcajce/EnvelopedDataHelper.java \
-org/bouncycastle/cms/jcajce/JcaJceExtHelper.java \
-org/bouncycastle/cms/jcajce/JcaSelectorConverter.java \
-org/bouncycastle/cms/jcajce/JcaSignerId.java \
-org/bouncycastle/cms/jcajce/JcaSimpleSignerInfoGeneratorBuilder.java \
-org/bouncycastle/cms/jcajce/JcaX509CertSelectorConverter.java \
-org/bouncycastle/cms/jcajce/JceAlgorithmIdentifierConverter.java \
-org/bouncycastle/cms/jcajce/JceCMSContentEncryptorBuilder.java \
-org/bouncycastle/cms/jcajce/JceCMSMacCalculatorBuilder.java \
-org/bouncycastle/cms/jcajce/JceKEKAuthenticatedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKEKEnvelopedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKEKRecipient.java \
-org/bouncycastle/cms/jcajce/JceKEKRecipientInfoGenerator.java \
-org/bouncycastle/cms/jcajce/JceKeyAgreeAuthenticatedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyAgreeEnvelopedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyAgreeRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientId.java \
-org/bouncycastle/cms/jcajce/JceKeyAgreeRecipientInfoGenerator.java \
-org/bouncycastle/cms/jcajce/JceKeyTransAuthenticatedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyTransEnvelopedRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyTransRecipient.java \
-org/bouncycastle/cms/jcajce/JceKeyTransRecipientId.java \
-org/bouncycastle/cms/jcajce/JceKeyTransRecipientInfoGenerator.java \
-org/bouncycastle/cms/jcajce/JcePasswordAuthenticatedRecipient.java \
-org/bouncycastle/cms/jcajce/JcePasswordEnvelopedRecipient.java \
-org/bouncycastle/cms/jcajce/JcePasswordRecipient.java \
-org/bouncycastle/cms/jcajce/JcePasswordRecipientInfoGenerator.java \
-org/bouncycastle/cms/jcajce/NamedJcaJceExtHelper.java \
-org/bouncycastle/cms/jcajce/ProviderJcaJceExtHelper.java \
-org/bouncycastle/cms/jcajce/ZlibCompressor.java \
-org/bouncycastle/cms/jcajce/ZlibExpanderProvider.java \
-org/bouncycastle/operator/AlgorithmNameFinder.java \
-org/bouncycastle/operator/AsymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/AsymmetricKeyWrapper.java \
-org/bouncycastle/operator/BufferingContentSigner.java \
-org/bouncycastle/operator/DefaultAlgorithmNameFinder.java \
-org/bouncycastle/operator/DefaultSecretKeySizeProvider.java \
-org/bouncycastle/operator/InputDecryptorProvider.java \
-org/bouncycastle/operator/InputExpander.java \
-org/bouncycastle/operator/InputExpanderProvider.java \
-org/bouncycastle/operator/KeyUnwrapper.java \
-org/bouncycastle/operator/KeyWrapper.java \
-org/bouncycastle/operator/MacCalculatorProvider.java \
-org/bouncycastle/operator/OutputCompressor.java \
-org/bouncycastle/operator/OutputEncryptor.java \
-org/bouncycastle/operator/SecretKeySizeProvider.java \
-org/bouncycastle/operator/SymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/SymmetricKeyWrapper.java \
-org/bouncycastle/operator/bc/AESUtil.java \
-org/bouncycastle/operator/bc/BcAESSymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/bc/BcAESSymmetricKeyWrapper.java \
-org/bouncycastle/operator/bc/BcAsymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/bc/BcAsymmetricKeyWrapper.java \
-org/bouncycastle/operator/bc/BcContentSignerBuilder.java \
-org/bouncycastle/operator/bc/BcContentVerifierProviderBuilder.java \
-org/bouncycastle/operator/bc/BcDSAContentSignerBuilder.java \
-org/bouncycastle/operator/bc/BcDSAContentVerifierProviderBuilder.java \
-org/bouncycastle/operator/bc/BcRSAAsymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/bc/BcRSAAsymmetricKeyWrapper.java \
-org/bouncycastle/operator/bc/BcRSAContentSignerBuilder.java \
-org/bouncycastle/operator/bc/BcRSAContentVerifierProviderBuilder.java \
-org/bouncycastle/operator/bc/BcSignerOutputStream.java \
-org/bouncycastle/operator/bc/BcSymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/bc/BcSymmetricKeyWrapper.java \
-org/bouncycastle/operator/bc/CamelliaUtil.java \
-org/bouncycastle/operator/bc/OperatorUtils.java \
-org/bouncycastle/operator/bc/SEEDUtil.java \
-org/bouncycastle/operator/jcajce/JcaAlgorithmParametersConverter.java \
-org/bouncycastle/operator/jcajce/JceAsymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/jcajce/JceAsymmetricKeyWrapper.java \
-org/bouncycastle/operator/jcajce/JceGenericKey.java \
-org/bouncycastle/operator/jcajce/JceSymmetricKeyUnwrapper.java \
-org/bouncycastle/operator/jcajce/JceSymmetricKeyWrapper.java \
-org/bouncycastle/operator/jcajce/OperatorUtils.java \
-"
-
-# needed sources to copy in
-NEEDED_BCPROV_SOURCES="org"
-
-# needed sources to copy in
-NEEDED_BCPKIX_SOURCES="org"
-
-# list of patch files to apply in the given order
-BOUNCYCASTLE_BCPROV_PATCHES="patches/bcprov.patch"
-BOUNCYCASTLE_BCPKIX_PATCHES="patches/bcpkix.patch"
diff --git a/import_bouncycastle.sh b/import_bouncycastle.sh
deleted file mode 100755
index 45cdae8..0000000
--- a/import_bouncycastle.sh
+++ /dev/null
@@ -1,284 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2010 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-#
-# This script imports new versions of Bouncy Castle
-# (http://bouncycastle.org) into the Android source tree.  To run, (1)
-# fetch the appropriate tarballs (bcprov and bcpkix) from the Bouncy
-# Castle repository, (2) check the checksum, and then (3) run:
-#   ./import_bouncycastle.sh import bcprov-jdk*-*.tar.gz
-#
-# IMPORTANT: See README.android for additional details.
-
-# turn on exit on error as well as a warning when it happens
-set -e
-trap  "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
-
-cd $(dirname $0)
-
-function die() {
-  declare -r message=$1
-
-  echo $message
-  exit 1
-}
-
-function usage() {
-  declare -r message=$1
-
-  if [ ! "$message" = "" ]; then
-    echo $message
-  fi
-  echo "Usage:"
-  echo "  ./import_bouncycastle.sh import </path/to/bcprov-jdk*-*.tar.gz>"
-  echo "  ./import_bouncycastle.sh regenerate <patch/*.patch>"
-  echo "  ./import_bouncycastle.sh generate <patch/*.patch> </path/to/bcprov-jdk*-*.tar.gz>"
-  exit 1
-}
-
-function main() {
-  if [ ! -d patches ]; then
-    die "Bouncy Castle patch directory patches/ not found"
-  fi
-
-  if [ ! -f bouncycastle.version ]; then
-    die "bouncycastle.version not found"
-  fi
-
-  source ./bouncycastle.version
-  if [ "$BOUNCYCASTLE_JDK" == "" -o "$BOUNCYCASTLE_VERSION" == "" ]; then
-    die "Invalid bouncycastle.version; see README.android for more information"
-  fi
-
-  BOUNCYCASTLE_BCPROV_DIR=bcprov-jdk$BOUNCYCASTLE_JDK-$BOUNCYCASTLE_VERSION
-  BOUNCYCASTLE_BCPROV_DIR_ORIG=$BOUNCYCASTLE_BCPROV_DIR.orig
-
-  BOUNCYCASTLE_BCPKIX_DIR=bcpkix-jdk$BOUNCYCASTLE_JDK-$BOUNCYCASTLE_VERSION
-  BOUNCYCASTLE_BCPKIX_DIR_ORIG=$BOUNCYCASTLE_BCPKIX_DIR.orig
-
-  if [ ! -f bouncycastle.config ]; then
-    die "bouncycastle.config not found"
-  fi
-
-  source ./bouncycastle.config
-  if [ "$UNNEEDED_BCPROV_SOURCES" == "" -o "$NEEDED_BCPROV_SOURCES" == "" \
-    -o "$UNNEEDED_BCPKIX_SOURCES" == "" -o "$NEEDED_BCPKIX_SOURCES" == "" ]; then
-    die "Invalid bouncycastle.config; see README.android for more information"
-  fi
-
-  declare -r command=$1
-  shift || usage "No command specified. Try import, regenerate, or generate."
-  if [ "$command" = "import" ]; then
-    declare -r bcprov_tar=$1
-    shift || usage "No tar file specified."
-    declare -r bcpkix_tar=`echo $bcprov_tar | sed s/bcprov/bcpkix/`
-    import $bcprov_tar $BOUNCYCASTLE_BCPROV_DIR $BOUNCYCASTLE_BCPROV_DIR_ORIG bcprov "$BOUNCYCASTLE_BCPROV_PATCHES" "$NEEDED_BCPROV_SOURCES" "$UNNEEDED_BCPROV_SOURCES"
-    import $bcpkix_tar $BOUNCYCASTLE_BCPKIX_DIR $BOUNCYCASTLE_BCPKIX_DIR_ORIG bcpkix "$BOUNCYCASTLE_BCPKIX_PATCHES" "$NEEDED_BCPKIX_SOURCES" "$UNNEEDED_BCPKIX_SOURCES"
-  elif [ "$command" = "regenerate" ]; then
-    declare -r patch=$1
-    shift || usage "No patch file specified."
-    if [[ $BOUNCYCASTLE_BCPROV_PATCHES == *$patch* ]]; then
-      [ -d $BOUNCYCASTLE_BCPROV_DIR ] || usage "$BOUNCYCASTLE_BCPROV_DIR not found, did you mean to use generate?"
-      [ -d $BOUNCYCASTLE_BCPROV_DIR_ORIG ] || usage "$BOUNCYCASTLE_BCPROV_DIR_ORIG not found, did you mean to use generate?"
-      regenerate $patch $BOUNCYCASTLE_BCPROV_DIR $BOUNCYCASTLE_BCPROV_DIR_ORIG
-    elif [[ $BOUNCYCASTLE_BCPKIX_PATCHES == *$patch* ]]; then
-      [ -d $BOUNCYCASTLE_BCPKIX_DIR ] || usage "$BOUNCYCASTLE_BCPROV_DIR not found, did you mean to use generate?"
-      [ -d $BOUNCYCASTLE_BCPKIX_DIR_ORIG ] || usage "$BOUNCYCASTLE_BCPKIX_DIR_ORIG not found, did you mean to use generate?"
-      regenerate $patch $BOUNCYCASTLE_BCPKIX_DIR $BOUNCYCASTLE_BCPKIX_DIR_ORIG
-    else
-      usage "Unknown patch file $patch specified"
-    fi
-  elif [ "$command" = "generate" ]; then
-    declare -r patch=$1
-    shift || usage "No patch file specified."
-    declare -r bcprov_tar=$1
-    shift || usage "No tar file specified."
-    declare -r bcpkix_tar=`echo $bcprov_tar | sed s/bcprov/bcpkix/`
-    if [[ $BOUNCYCASTLE_BCPROV_PATCHES == *$patch* ]]; then
-      generate $patch $bcprov_tar $BOUNCYCASTLE_BCPROV_DIR $BOUNCYCASTLE_BCPROV_DIR_ORIG bcprov "$BOUNCYCASTLE_BCPROV_PATCHES" "$NEEDED_BCPROV_SOURCES" "$UNNEEDED_BCPROV_SOURCES"
-    elif [[ $BOUNCYCASTLE_BCPKIX_PATCHES == *$patch* ]]; then
-      generate $patch $bcpkix_tar $BOUNCYCASTLE_BCPKIX_DIR $BOUNCYCASTLE_BCPKIX_DIR_ORIG bcpkix "$BOUNCYCASTLE_BCPKIX_PATCHES" "$NEEDED_BCPKIX_SOURCES" "$UNNEEDED_BCPKIX_SOURCES"
-    else
-      usage "Unknown patch file $patch specified"
-    fi
-  else
-    usage "Unknown command specified $command. Try import, regenerate, or generate."
-  fi
-}
-
-function import() {
-  declare -r bouncycastle_source=$1
-  declare -r bouncycastle_dir=$2
-  declare -r bouncycastle_dir_orig=$3
-  declare -r bouncycastle_out_dir=$4
-  declare -r bouncycastle_patches=$5
-  declare -r needed_sources=$6
-  declare -r unneeded_sources=$7
-
-  untar $bouncycastle_source $bouncycastle_dir $bouncycastle_dir_orig "$unneeded_sources"
-  applypatches $bouncycastle_dir "$bouncycastle_patches" "$unneeded_sources"
-
-  cd $bouncycastle_dir
-
-  sed 's/<p>/& <BR>/g' LICENSE.html | html2text -width 102 -nobs -ascii > ../NOTICE
-  touch ../MODULE_LICENSE_BSD_LIKE
-
-  cd ..
-
-  rm -r $bouncycastle_out_dir/src
-  mkdir -p $bouncycastle_out_dir/src/main/java/
-  for i in $needed_sources; do
-    echo "Updating $i"
-    mv $bouncycastle_dir/$i $bouncycastle_out_dir/src/main/java/
-  done
-
-  cleantar $bouncycastle_dir $bouncycastle_dir_orig
-}
-
-function regenerate() {
-  declare -r patch=$1
-  declare -r bouncycastle_dir=$2
-  declare -r bouncycastle_dir_orig=$3
-
-  generatepatch $patch $bouncycastle_dir $bouncycastle_dir_orig
-}
-
-function update_timestamps() {
-  declare -r git_dir="$1"
-  declare -r target_dir="$2"
-
-  echo -n "Restoring timestamps for ${target_dir}... "
-
-  find "$git_dir" -type f -print0 | while IFS= read -r -d $'\0' file; do
-    file_rev="$(git rev-list -n 1 HEAD "$file")"
-    if [ "$file_rev" == "" ]; then
-      echo
-      echo -n "WARNING: No file revision for file $file..."
-      continue
-    fi
-    file_time="$(git show --pretty=format:%ai --abbrev-commit "$file_rev" | head -n 1)"
-    touch -d "$file_time" "${target_dir}${file#$git_dir}"
-  done
-
-  echo "done."
-}
-
-function generate() {
-  declare -r patch=$1
-  declare -r bouncycastle_source=$2
-  declare -r bouncycastle_dir=$3
-  declare -r bouncycastle_dir_orig=$4
-  declare -r bouncycastle_out_dir=$5
-  declare -r bouncycastle_patches=$6
-  declare -r needed_sources=$7
-  declare -r unneeded_sources=$8
-
-  untar $bouncycastle_source $bouncycastle_dir $bouncycastle_dir_orig "$unneeded_sources"
-  applypatches $bouncycastle_dir "$bouncycastle_patches" "$unneeded_sources"
-
-  for i in $needed_sources; do
-    echo "Restoring $i"
-    rm -r $bouncycastle_dir/$i
-    cp -rf $bouncycastle_out_dir/src/main/java/$i $bouncycastle_dir/$i
-    update_timestamps $bouncycastle_out_dir/src/main/java/$i $bouncycastle_dir/$i
-  done
-
-  generatepatch $patch $bouncycastle_dir $bouncycastle_dir_orig
-  cleantar $bouncycastle_dir $bouncycastle_dir_orig
-}
-
-function untar() {
-  declare -r bouncycastle_source=$1
-  declare -r bouncycastle_dir=$2
-  declare -r bouncycastle_dir_orig=$3
-  declare -r unneeded_sources=$4
-
-  # Remove old source
-  cleantar $bouncycastle_dir $bouncycastle_dir_orig
-
-  # Process new source
-  tar -zxf $bouncycastle_source
-  mv $bouncycastle_dir $bouncycastle_dir_orig
-  find $bouncycastle_dir_orig -type f -print0 | xargs -0 chmod a-w
-  (cd $bouncycastle_dir_orig && unzip -q src.zip)
-  tar -zxf $bouncycastle_source
-  (cd $bouncycastle_dir && unzip -q src.zip)
-
-  # Prune unnecessary sources
-  echo "Removing $unneeded_sources"
-  (cd $bouncycastle_dir_orig && rm -rf $unneeded_sources)
-  (cd $bouncycastle_dir      && rm -r  $unneeded_sources)
-
-  echo "Removing package.html files"
-  find $bouncycastle_dir_orig -name package.html -print0 | xargs -0 rm
-  find $bouncycastle_dir -name package.html -print0 | xargs -0 rm
-}
-
-function cleantar() {
-  declare -r bouncycastle_dir=$1
-  declare -r bouncycastle_dir_orig=$2
-
-  rm -rf $bouncycastle_dir_orig
-  rm -rf $bouncycastle_dir
-}
-
-function applypatches () {
-  declare -r bouncycastle_dir=$1
-  declare -r bouncycastle_patches=$2
-  declare -r unneeded_sources=$3
-
-  cd $bouncycastle_dir
-
-  # Apply appropriate patches
-  for i in $bouncycastle_patches; do
-    echo "Applying patch $i"
-    patch -p1 --merge < ../$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate $i"
-
-    # make sure no unneeded sources got into the patch
-    problem=0
-    for s in $unneeded_sources; do
-      if [ -e $s ]; then
-        echo Unneeded source $s restored by patch $i
-        problem=1
-      fi
-    done
-    if [ $problem = 1 ]; then
-      exit 1
-    fi
-  done
-
-  # Cleanup patch output
-  find . -type f -name "*.orig" -print0 | xargs -0 rm -f
-
-  cd ..
-}
-
-function generatepatch() {
-  declare -r patch=$1
-  declare -r bouncycastle_dir=$2
-  declare -r bouncycastle_dir_orig=$3
-
-  # Cleanup stray files before generating patch
-  find $bouncycastle_dir -type f -name "*.orig" -print0 | xargs -0 rm -f
-  find $bouncycastle_dir -type f -name "*~" -print0 | xargs -0 rm -f
-
-  rm -f $patch
-  LC_ALL=C TZ=UTC0 diff -Naur $bouncycastle_dir_orig $bouncycastle_dir >> $patch && die "ERROR: No diff for patch $path in file $i"
-  echo "Generated patch $patch"
-}
-
-main $@
diff --git a/patches/README b/patches/README
deleted file mode 100644
index 522ff97..0000000
--- a/patches/README
+++ /dev/null
@@ -1,42 +0,0 @@
-bcprov.patch:
-
-patch against Bouncy Castle's bcprov:
-
-The main differences involve removing algorithms not included in the
-reference implementation (RI).  The libcore
-java.security.StandardNames test support class provides the most
-up-do-date documentation of differences between the RI's list of
-supported algorithms and Android's. Some notable omissions versus the
-RI:
-- LDAP
-- MD2
-- RC2
-
-Other performance (both speed and memory) and correctness changes:
-- singleton DERNull (BouncyCastle now does this but we make constructor private to be sure)
-- similarly made DERBoolean constructor private and moved to DERBoolean.{getInstance,TRUE,FALSE}
-- removed use of Boolean constructor (not-upstreamable due to J2ME requirement upstream)
-- DERObjectIdentifier interns its internal String indentifer value
-- changed uses of 'new Integer' to 'Integers.valueOf'
-- X509CertificateObject.getEncoded caches its result
-- removed references to SecretKeyFactory.PBE/PKCS5 SecretKeyFactory.PBE/PKCS12
-- OpenSSLDigest uses NativeCrypto JNI API
-- JDKKeyStore made more tolerant of non-existant aliases
-- Make BouncyCastleProvider.PROVIDER_NAME final
-- Added wrapper for SecretKeyFactory.PBKDF2WithHmacSHA1
-
-Other security changes:
-- Blacklist fraudulent Comodo certificates in PKIXCertPathValidatorSpi
-- Blacklist compromised DigiNotar Root CA by public key to block cross-signed intermediates
-
-Other changes:
-- Log entry and exit to DHParametersHelper.generateSafePrimes which has long, unpredictable runtime
-
-
-bcpkix.patch:
-
-patch against Bouncy Castle's bcpkix:
-
-The main differences involve:
-- removing algorithms not in our bcprov (MD2, MD4, SHA224, RIPEMD, GOST)
-- using the singleton DERNull.INSTANCE
diff --git a/patches/bcpkix.patch b/patches/bcpkix.patch
deleted file mode 100644
index f871201..0000000
--- a/patches/bcpkix.patch
+++ /dev/null
@@ -1,1156 +0,0 @@
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedData.java bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedData.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedData.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedData.java	2015-04-09 13:10:16.000000000 +0000
-@@ -287,18 +287,20 @@
-         return HELPER.getAttributeCertificates(signedData.getCertificates());
-     }
- 
--    /**
--     * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
--     * this SignedData structure.
--     *
--     * @param otherRevocationInfoFormat OID of the format type been looked for.
--     *
--     * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
--     */
--    public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
--    {
--        return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * Return any OtherRevocationInfo OtherRevInfo objects of the type indicated by otherRevocationInfoFormat in
-+    //  * this SignedData structure.
-+    //  *
-+    //  * @param otherRevocationInfoFormat OID of the format type been looked for.
-+    //  *
-+    //  * @return a Store of ASN1Encodable objects representing any objects of otherRevocationInfoFormat found.
-+    //  */
-+    // public Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat)
-+    // {
-+    //     return HELPER.getOtherRevocationInfo(otherRevocationInfoFormat, signedData.getCRLs());
-+    // }
-+    // END android-removed
- 
-     /**
-      * Return the a string representation of the OID associated with the
-@@ -333,90 +335,92 @@
-         return contentInfo.getEncoded();
-     }
- 
--    /**
--     * Verify all the SignerInformation objects and their associated counter signatures attached
--     * to this CMS SignedData object.
--     *
--     * @param verifierProvider  a provider of SignerInformationVerifier objects.
--     * @return true if all verify, false otherwise.
--     * @throws CMSException  if an exception occurs during the verification process.
--     */
--    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
--        throws CMSException
--    {
--        return verifySignatures(verifierProvider, false);
--    }
--
--    /**
--     * Verify all the SignerInformation objects and optionally their associated counter signatures attached
--     * to this CMS SignedData object.
--     *
--     * @param verifierProvider  a provider of SignerInformationVerifier objects.
--     * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
--     * @return true if all verify, false otherwise.
--     * @throws CMSException  if an exception occurs during the verification process.
--     */
--    public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
--        throws CMSException
--    {
--        Collection signers = this.getSignerInfos().getSigners();
--
--        for (Iterator it = signers.iterator(); it.hasNext();)
--        {
--            SignerInformation signer = (SignerInformation)it.next();
--
--            try
--            {
--                SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
--
--                if (!signer.verify(verifier))
--                {
--                    return false;
--                }
--
--                if (!ignoreCounterSignatures)
--                {
--                    Collection counterSigners = signer.getCounterSignatures().getSigners();
--
--                    for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
--                    {
--                        if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
--                        {
--                            return false;
--                        }
--                    }
--                }
--            }
--            catch (OperatorCreationException e)
--            {
--                throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
--            }
--        }
--
--        return true;
--    }
--
--    private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
--        throws OperatorCreationException, CMSException
--    {
--        SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
--
--        if (!counterSigner.verify(counterVerifier))
--        {
--            return false;
--        }
--
--        Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
--        for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
--        {
--            if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
--            {
--                return false;
--            }
--        }
--
--        return true;
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * Verify all the SignerInformation objects and their associated counter signatures attached
-+    //  * to this CMS SignedData object.
-+    //  *
-+    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-+    //  * @return true if all verify, false otherwise.
-+    //  * @throws CMSException  if an exception occurs during the verification process.
-+    //  */
-+    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider)
-+    //     throws CMSException
-+    // {
-+    //     return verifySignatures(verifierProvider, false);
-+    // }
-+    // 
-+    // /**
-+    //  * Verify all the SignerInformation objects and optionally their associated counter signatures attached
-+    //  * to this CMS SignedData object.
-+    //  *
-+    //  * @param verifierProvider  a provider of SignerInformationVerifier objects.
-+    //  * @param ignoreCounterSignatures if true don't check counter signatures. If false check counter signatures as well.
-+    //  * @return true if all verify, false otherwise.
-+    //  * @throws CMSException  if an exception occurs during the verification process.
-+    //  */
-+    // public boolean verifySignatures(SignerInformationVerifierProvider verifierProvider, boolean ignoreCounterSignatures)
-+    //     throws CMSException
-+    // {
-+    //     Collection signers = this.getSignerInfos().getSigners();
-+    // 
-+    //     for (Iterator it = signers.iterator(); it.hasNext();)
-+    //     {
-+    //         SignerInformation signer = (SignerInformation)it.next();
-+    // 
-+    //         try
-+    //         {
-+    //             SignerInformationVerifier verifier = verifierProvider.get(signer.getSID());
-+    // 
-+    //             if (!signer.verify(verifier))
-+    //             {
-+    //                 return false;
-+    //             }
-+    // 
-+    //             if (!ignoreCounterSignatures)
-+    //             {
-+    //                 Collection counterSigners = signer.getCounterSignatures().getSigners();
-+    // 
-+    //                 for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-+    //                 {
-+    //                     if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-+    //                     {
-+    //                         return false;
-+    //                     }
-+    //                 }
-+    //             }
-+    //         }
-+    //         catch (OperatorCreationException e)
-+    //         {
-+    //             throw new CMSException("failure in verifier provider: " + e.getMessage(), e);
-+    //         }
-+    //     }
-+    // 
-+    //     return true;
-+    // }
-+    // 
-+    // private boolean verifyCounterSignature(SignerInformation counterSigner, SignerInformationVerifierProvider verifierProvider)
-+    //     throws OperatorCreationException, CMSException
-+    // {
-+    //     SignerInformationVerifier counterVerifier = verifierProvider.get(counterSigner.getSID());
-+    // 
-+    //     if (!counterSigner.verify(counterVerifier))
-+    //     {
-+    //         return false;
-+    //     }
-+    // 
-+    //     Collection counterSigners = counterSigner.getCounterSignatures().getSigners();
-+    //     for  (Iterator cIt = counterSigners.iterator(); cIt.hasNext();)
-+    //     {
-+    //         if (!verifyCounterSignature((SignerInformation)cIt.next(), verifierProvider))
-+    //         {
-+    //             return false;
-+    //         }
-+    //     }
-+    // 
-+    //     return true;
-+    // }
-+    // END android-removed
- 
-     /**
-      * Replace the SignerInformation store associated with this
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedGenerator.java bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedGenerator.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedGenerator.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedGenerator.java	2013-12-12 00:35:05.000000000 +0000
-@@ -12,8 +12,10 @@
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.DERTaggedObject;
- import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
--import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -39,17 +41,21 @@
-     public static final String  DIGEST_SHA384 = NISTObjectIdentifiers.id_sha384.getId();
-     public static final String  DIGEST_SHA512 = NISTObjectIdentifiers.id_sha512.getId();
-     public static final String  DIGEST_MD5 = PKCSObjectIdentifiers.md5.getId();
--    public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
--    public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
--    public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
--    public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-+    // BEGIN android-removed
-+    // public static final String  DIGEST_GOST3411 = CryptoProObjectIdentifiers.gostR3411.getId();
-+    // public static final String  DIGEST_RIPEMD128 = TeleTrusTObjectIdentifiers.ripemd128.getId();
-+    // public static final String  DIGEST_RIPEMD160 = TeleTrusTObjectIdentifiers.ripemd160.getId();
-+    // public static final String  DIGEST_RIPEMD256 = TeleTrusTObjectIdentifiers.ripemd256.getId();
-+    // END android-removed
- 
-     public static final String  ENCRYPTION_RSA = PKCSObjectIdentifiers.rsaEncryption.getId();
-     public static final String  ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1.getId();
-     public static final String  ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
-     public static final String  ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS.getId();
--    public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
--    public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-+    // BEGIN android-removed
-+    // public static final String  ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94.getId();
-+    // public static final String  ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001.getId();
-+    // END android-removed
- 
-     private static final String  ENCRYPTION_ECDSA_WITH_SHA1 = X9ObjectIdentifiers.ecdsa_with_SHA1.getId();
-     private static final String  ENCRYPTION_ECDSA_WITH_SHA224 = X9ObjectIdentifiers.ecdsa_with_SHA224.getId();
-@@ -174,31 +180,33 @@
-         certs.addAll(CMSUtils.getAttributeCertificatesFromStore(attrStore));
-     }
- 
--    /**
--     * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
--     *
--     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
--     * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
--     */
--    public void addOtherRevocationInfo(
--        ASN1ObjectIdentifier   otherRevocationInfoFormat,
--        ASN1Encodable          otherRevocationInfo)
--    {
--        crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
--    }
--
--    /**
--     * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
--     *
--     * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
--     * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
--     */
--    public void addOtherRevocationInfo(
--        ASN1ObjectIdentifier   otherRevocationInfoFormat,
--        Store                  otherRevocationInfos)
--    {
--        crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * Add a single instance of otherRevocationData to the CRL set to be included with the generated SignedData message.
-+    //  *
-+    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-+    //  * @param otherRevocationInfo the otherRevocationInfo ASN.1 structure.
-+    //  */
-+    // public void addOtherRevocationInfo(
-+    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-+    //     ASN1Encodable          otherRevocationInfo)
-+    // {
-+    //     crls.add(new DERTaggedObject(false, 1, new OtherRevocationInfoFormat(otherRevocationInfoFormat, otherRevocationInfo)));
-+    // }
-+    //
-+    // /**
-+    //  * Add a Store of otherRevocationData to the CRL set to be included with the generated SignedData message.
-+    //  *
-+    //  * @param otherRevocationInfoFormat the OID specifying the format of the otherRevocationInfo data.
-+    //  * @param otherRevocationInfos a Store of otherRevocationInfo data to add.
-+    //  */
-+    // public void addOtherRevocationInfo(
-+    //     ASN1ObjectIdentifier   otherRevocationInfoFormat,
-+    //     Store                  otherRevocationInfos)
-+    // {
-+    //     crls.addAll(CMSUtils.getOthersFromStore(otherRevocationInfoFormat, otherRevocationInfos));
-+    // }
-+    // END android-removed
- 
-     /**
-      * Add a store of pre-calculated signers to the generator.
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedHelper.java bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedHelper.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSSignedHelper.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/CMSSignedHelper.java	2013-12-12 00:35:05.000000000 +0000
-@@ -13,8 +13,10 @@
- import org.bouncycastle.asn1.ASN1Set;
- import org.bouncycastle.asn1.ASN1TaggedObject;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-@@ -53,12 +55,16 @@
-         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
-         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
-         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
--        addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
--        addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // BEGIN android-removed
-+        // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
-+        // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // END android-removed
-         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
-         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
--        addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
--        addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // BEGIN android-removed
-+        // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
-+        // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // END android-removed
-         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
-         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
-         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
-@@ -85,27 +91,31 @@
-         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption.getId(), "RSA");
-         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
-         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa.getId(), "RSA");
--        encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
--        encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
--        encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
--
--        digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
--        digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
-+        // BEGIN android-removed
-+        // encryptionAlgs.put(CMSSignedDataGenerator.ENCRYPTION_RSA_PSS, "RSAandMGF1");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94.getId(), "GOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001.getId(), "ECGOST3410");
-+        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.6.2", "ECGOST3410");
-+        // encryptionAlgs.put("1.3.6.1.4.1.5849.1.1.5", "GOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001.getId(), "ECGOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94.getId(), "GOST3410");
-+        //
-+        // digestAlgs.put(PKCSObjectIdentifiers.md2.getId(), "MD2");
-+        // digestAlgs.put(PKCSObjectIdentifiers.md4.getId(), "MD4");
-+        // END android-removed
-         digestAlgs.put(PKCSObjectIdentifiers.md5.getId(), "MD5");
-         digestAlgs.put(OIWObjectIdentifiers.idSHA1.getId(), "SHA1");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha224.getId(), "SHA224");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha256.getId(), "SHA256");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha384.getId(), "SHA384");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha512.getId(), "SHA512");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
--        digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
--        digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-+        // BEGIN android-removed
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128.getId(), "RIPEMD128");
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160.getId(), "RIPEMD160");
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256.getId(), "RIPEMD256");
-+        // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411.getId(),  "GOST3411");
-+        // digestAlgs.put("1.3.6.1.4.1.5849.1.2.1",  "GOST3411");
-+        // END android-removed
- 
-         digestAliases.put("SHA1", new String[] { "SHA-1" });
-         digestAliases.put("SHA224", new String[] { "SHA-224" });
-@@ -219,35 +229,35 @@
-         return new CollectionStore(new ArrayList());
-     }
- 
--    Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
--    {
--        if (crlSet != null)
--        {
--            List    crlList = new ArrayList(crlSet.size());
--
--            for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
--            {
--                ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
--
--                if (obj instanceof ASN1TaggedObject)
--                {
--                    ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
--
--                    if (tObj.getTagNo() == 1)
--                    {
--                        OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
--
--                        if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
--                        {
--                            crlList.add(other.getInfo());
--                        }
--                    }
--                }
--            }
--
--            return new CollectionStore(crlList);
--        }
--
--        return new CollectionStore(new ArrayList());
--    }
-+    // Store getOtherRevocationInfo(ASN1ObjectIdentifier otherRevocationInfoFormat, ASN1Set crlSet)
-+    // {
-+    //     if (crlSet != null)
-+    //     {
-+    //         List    crlList = new ArrayList(crlSet.size());
-+    //
-+    //         for (Enumeration en = crlSet.getObjects(); en.hasMoreElements();)
-+    //         {
-+    //             ASN1Primitive obj = ((ASN1Encodable)en.nextElement()).toASN1Primitive();
-+    //
-+    //             if (obj instanceof ASN1TaggedObject)
-+    //             {
-+    //                 ASN1TaggedObject tObj = ASN1TaggedObject.getInstance(obj);
-+    //
-+    //                 if (tObj.getTagNo() == 1)
-+    //                 {
-+    //                     OtherRevocationInfoFormat other = OtherRevocationInfoFormat.getInstance(tObj, false);
-+    //
-+    //                     if (otherRevocationInfoFormat.equals(other.getInfoFormat()))
-+    //                     {
-+    //                         crlList.add(other.getInfo());
-+    //                     }
-+    //                 }
-+    //             }
-+    //         }
-+    //
-+    //         return new CollectionStore(crlList);
-+    //     }
-+    //
-+    //     return new CollectionStore(new ArrayList());
-+    // }
- }
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSUtils.java bcpkix-jdk15on-152/org/bouncycastle/cms/CMSUtils.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/CMSUtils.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/CMSUtils.java	2014-07-28 19:51:54.000000000 +0000
-@@ -20,9 +20,11 @@
- import org.bouncycastle.asn1.DERTaggedObject;
- import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
- import org.bouncycastle.asn1.cms.ContentInfo;
--import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
--import org.bouncycastle.asn1.ocsp.OCSPResponse;
--import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cms.OtherRevocationInfoFormat;
-+// import org.bouncycastle.asn1.ocsp.OCSPResponse;
-+// import org.bouncycastle.asn1.ocsp.OCSPResponseStatus;
-+// END android-removed
- import org.bouncycastle.cert.X509AttributeCertificateHolder;
- import org.bouncycastle.cert.X509CRLHolder;
- import org.bouncycastle.cert.X509CertificateHolder;
-@@ -113,14 +115,16 @@
- 
-                     crls.add(c.toASN1Structure());
-                 }
--                else if (rev instanceof OtherRevocationInfoFormat)
--                {
--                    OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
--
--                    validateInfoFormat(infoFormat);
--
--                    crls.add(new DERTaggedObject(false, 1, infoFormat));
--                }
-+                // BEGIN android-removed
-+                // else if (rev instanceof OtherRevocationInfoFormat)
-+                // {
-+                //     OtherRevocationInfoFormat infoFormat = OtherRevocationInfoFormat.getInstance(rev);
-+                //
-+                //     validateInfoFormat(infoFormat);
-+                //
-+                //     crls.add(new DERTaggedObject(false, 1, infoFormat));
-+                // }
-+                // END android-removed
-                 else if (rev instanceof ASN1TaggedObject)
-                 {
-                     crls.add(rev);
-@@ -135,35 +139,36 @@
-         }
-     }
- 
--    private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
--    {
--        if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
--        {
--            OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
--
--            if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
--            {
--                throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
--            }
--        }
--    }
--
--    static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
--    {
--        List others = new ArrayList();
--
--        for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
--        {
--            ASN1Encodable info = (ASN1Encodable)it.next();
--            OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
--
--            validateInfoFormat(infoFormat);
--
--            others.add(new DERTaggedObject(false, 1, infoFormat));
--        }
--
--        return others;
--    }
-+    // BEGIN android-removed
-+    // private static void validateInfoFormat(OtherRevocationInfoFormat infoFormat)
-+    // {
-+    //     if (CMSObjectIdentifiers.id_ri_ocsp_response.equals(infoFormat.getInfoFormat()))
-+    //     {
-+    //         OCSPResponse resp = OCSPResponse.getInstance(infoFormat.getInfo());
-+    //
-+    //         if (resp.getResponseStatus().getValue().intValue() != OCSPResponseStatus.SUCCESSFUL)
-+    //         {
-+    //             throw new IllegalArgumentException("cannot add unsuccessful OCSP response to CMS SignedData");
-+    //         }
-+    //     }
-+    // }
-+    //
-+    // static Collection getOthersFromStore(ASN1ObjectIdentifier otherRevocationInfoFormat, Store otherRevocationInfos)
-+    // {
-+    //     List others = new ArrayList();
-+    //
-+    //     for (Iterator it = otherRevocationInfos.getMatches(null).iterator(); it.hasNext();)
-+    //     {
-+    //         ASN1Encodable info = (ASN1Encodable)it.next();
-+    //         OtherRevocationInfoFormat infoFormat = new OtherRevocationInfoFormat(otherRevocationInfoFormat, info);
-+    //         validateInfoFormat(infoFormat);
-+    //
-+    //         others.add(new DERTaggedObject(false, 1, infoFormat));
-+    //     }
-+    //
-+    //     return others;
-+    // }
-+    // END android-removed
- 
-     static ASN1Set createBerSetFromList(List derObjects)
-     {
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java bcpkix-jdk15on-152/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/DefaultCMSSignatureAlgorithmNameGenerator.java	2015-04-09 13:10:16.000000000 +0000
-@@ -4,8 +4,10 @@
- import java.util.Map;
- 
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
--import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
-@@ -34,12 +36,16 @@
-         addEntries(NISTObjectIdentifiers.dsa_with_sha384, "SHA384", "DSA");
-         addEntries(NISTObjectIdentifiers.dsa_with_sha512, "SHA512", "DSA");
-         addEntries(OIWObjectIdentifiers.dsaWithSHA1, "SHA1", "DSA");
--        addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
--        addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // BEGIN android-removed
-+        // addEntries(OIWObjectIdentifiers.md4WithRSA, "MD4", "RSA");
-+        // addEntries(OIWObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // END android-removed
-         addEntries(OIWObjectIdentifiers.md5WithRSA, "MD5", "RSA");
-         addEntries(OIWObjectIdentifiers.sha1WithRSA, "SHA1", "RSA");
--        addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
--        addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // BEGIN android-removed
-+        // addEntries(PKCSObjectIdentifiers.md2WithRSAEncryption, "MD2", "RSA");
-+        // addEntries(PKCSObjectIdentifiers.md4WithRSAEncryption, "MD4", "RSA");
-+        // END android-removed
-         addEntries(PKCSObjectIdentifiers.md5WithRSAEncryption, "MD5", "RSA");
-         addEntries(PKCSObjectIdentifiers.sha1WithRSAEncryption, "SHA1", "RSA");
-         addEntries(PKCSObjectIdentifiers.sha224WithRSAEncryption, "SHA224", "RSA");
-@@ -66,38 +72,44 @@
-         addEntries(EACObjectIdentifiers.id_TA_RSA_v1_5_SHA_256, "SHA256", "RSA");
-         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_1, "SHA1", "RSAandMGF1");
-         addEntries(EACObjectIdentifiers.id_TA_RSA_PSS_SHA_256, "SHA256", "RSAandMGF1");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA");
--        addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA");
-+        // BEGIN android-removed
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1", "PLAIN-ECDSA");
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224", "PLAIN-ECDSA");
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256", "PLAIN-ECDSA");
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384", "PLAIN-ECDSA");
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512", "PLAIN-ECDSA");
-+        // addEntries(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160", "PLAIN-ECDSA");
-+        // END android-removed
- 
-         encryptionAlgs.put(X9ObjectIdentifiers.id_dsa, "DSA");
-         encryptionAlgs.put(PKCSObjectIdentifiers.rsaEncryption, "RSA");
-         encryptionAlgs.put(TeleTrusTObjectIdentifiers.teleTrusTRSAsignatureAlgorithm, "RSA");
-         encryptionAlgs.put(X509ObjectIdentifiers.id_ea_rsa, "RSA");
-         encryptionAlgs.put(PKCSObjectIdentifiers.id_RSASSA_PSS, "RSAandMGF1");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
--        encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410");
--        encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.1.5"), "GOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410");
--        encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
--
--        digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2");
--        digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4");
-+        // BEGIN android-removed
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_94, "GOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3410_2001, "ECGOST3410");
-+        // encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.6.2"), "ECGOST3410");
-+        // encryptionAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.1.5"), "GOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "ECGOST3410");
-+        // encryptionAlgs.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3410");
-+        //
-+        // digestAlgs.put(PKCSObjectIdentifiers.md2, "MD2");
-+        // digestAlgs.put(PKCSObjectIdentifiers.md4, "MD4");
-+        // END android-removed
-         digestAlgs.put(PKCSObjectIdentifiers.md5, "MD5");
-         digestAlgs.put(OIWObjectIdentifiers.idSHA1, "SHA1");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha224, "SHA224");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha256, "SHA256");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha384, "SHA384");
-         digestAlgs.put(NISTObjectIdentifiers.id_sha512, "SHA512");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
--        digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
--        digestAlgs.put(CryptoProObjectIdentifiers.gostR3411,  "GOST3411");
--        digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"),  "GOST3411");
-+        // BEGIN android-removed
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd128, "RIPEMD128");
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd160, "RIPEMD160");
-+        // digestAlgs.put(TeleTrusTObjectIdentifiers.ripemd256, "RIPEMD256");
-+        // digestAlgs.put(CryptoProObjectIdentifiers.gostR3411,  "GOST3411");
-+        // digestAlgs.put(new ASN1ObjectIdentifier("1.3.6.1.4.1.5849.1.2.1"),  "GOST3411");
-+        // END android-removed
-     }
- 
-     /**
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java bcpkix-jdk15on-152/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/cms/DefaultCMSSignatureEncryptionAlgorithmFinder.java	2013-09-26 18:06:21.000000000 +0000
-@@ -16,21 +16,27 @@
- 
-     static
-     {
--        RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
--        RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-+        // BEGIN android-removed
-+        // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // RSA_PKCS1d5.add(PKCSObjectIdentifiers.md4WithRSAEncryption);
-+        // END android-removed
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.md5WithRSAEncryption);
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha1WithRSAEncryption);
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha224WithRSAEncryption);
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
-         RSA_PKCS1d5.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
--        RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
--        RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-+        // BEGIN android-removed
-+        // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSAEncryption);
-+        // RSA_PKCS1d5.add(OIWObjectIdentifiers.md4WithRSA);
-+        // END android-removed
-         RSA_PKCS1d5.add(OIWObjectIdentifiers.md5WithRSA);
-         RSA_PKCS1d5.add(OIWObjectIdentifiers.sha1WithRSA);
--        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // BEGIN android-removed
-+        // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // RSA_PKCS1d5.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // END android-removed
-     }
- 
-     public AlgorithmIdentifier findEncryptionAlgorithm(AlgorithmIdentifier signatureAlgorithm)
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java bcpkix-jdk15on-152/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/operator/DefaultDigestAlgorithmIdentifierFinder.java	2013-09-26 18:06:21.000000000 +0000
-@@ -5,7 +5,9 @@
- 
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -25,16 +27,20 @@
-         //
-         // digests
-         //
--        digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
--        digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-+        // BEGIN android-removed
-+        // digestOids.put(OIWObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-+        // digestOids.put(OIWObjectIdentifiers.md4WithRSA, PKCSObjectIdentifiers.md4);
-+        // END android-removed
-         digestOids.put(OIWObjectIdentifiers.sha1WithRSA, OIWObjectIdentifiers.idSHA1);
- 
-         digestOids.put(PKCSObjectIdentifiers.sha224WithRSAEncryption, NISTObjectIdentifiers.id_sha224);
-         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
-         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
-         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
--        digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
--        digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-+        // BEGIN android-removed
-+        // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
-+        // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-+        // END android-removed
-         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
-         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
- 
-@@ -50,12 +56,14 @@
-         digestOids.put(NISTObjectIdentifiers.dsa_with_sha384, NISTObjectIdentifiers.id_sha384);
-         digestOids.put(NISTObjectIdentifiers.dsa_with_sha512, NISTObjectIdentifiers.id_sha512);
- 
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
--
--        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
--        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-+        // BEGIN android-removed
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-+        //
-+        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-+        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-+        // END android-removed
- 
-         digestNameToOids.put("SHA-1", OIWObjectIdentifiers.idSHA1);
-         digestNameToOids.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-@@ -63,15 +71,19 @@
-         digestNameToOids.put("SHA-384", NISTObjectIdentifiers.id_sha384);
-         digestNameToOids.put("SHA-512", NISTObjectIdentifiers.id_sha512);
- 
--        digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
--
--        digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
--        digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
-+        // BEGIN android-removed
-+        // digestNameToOids.put("GOST3411", CryptoProObjectIdentifiers.gostR3411);
-+        //
-+        // digestNameToOids.put("MD2", PKCSObjectIdentifiers.md2);
-+        // digestNameToOids.put("MD4", PKCSObjectIdentifiers.md4);
-+        // END android-removed
-         digestNameToOids.put("MD5", PKCSObjectIdentifiers.md5);
- 
--        digestNameToOids.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
--        digestNameToOids.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
--        digestNameToOids.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-+        // BEGIN android-removed
-+        // digestNameToOids.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
-+        // digestNameToOids.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
-+        // digestNameToOids.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-+        // END android-removed
-     }
- 
-     public AlgorithmIdentifier find(AlgorithmIdentifier sigAlgId)
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java bcpkix-jdk15on-152/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/operator/DefaultSignatureAlgorithmIdentifierFinder.java	2014-07-28 19:51:54.000000000 +0000
-@@ -9,9 +9,11 @@
- import org.bouncycastle.asn1.ASN1Integer;
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
--import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -34,13 +36,17 @@
-     private static final ASN1ObjectIdentifier ENCRYPTION_DSA = X9ObjectIdentifiers.id_dsa_with_sha1;
-     private static final ASN1ObjectIdentifier ENCRYPTION_ECDSA = X9ObjectIdentifiers.ecdsa_with_SHA1;
-     private static final ASN1ObjectIdentifier ENCRYPTION_RSA_PSS = PKCSObjectIdentifiers.id_RSASSA_PSS;
--    private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
--    private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-+    // BEGIN android-removed
-+    // private static final ASN1ObjectIdentifier ENCRYPTION_GOST3410 = CryptoProObjectIdentifiers.gostR3410_94;
-+    // private static final ASN1ObjectIdentifier ENCRYPTION_ECGOST3410 = CryptoProObjectIdentifiers.gostR3410_2001;
-+    // END android-removed
- 
-     static
-     {
--        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
--        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // BEGIN android-removed
-+        // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // END android-removed
-         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-@@ -58,12 +64,14 @@
-         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
--        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
--        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // BEGIN android-removed
-+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // END android-removed
-         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-@@ -76,22 +84,24 @@
-         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
--        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
--        algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
--        algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
--        algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
--        algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
--        algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
--        algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
--        algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
--        algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
--        algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
--        algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-+        // BEGIN android-removed
-+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("SHA1WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-+        // algorithms.put("SHA224WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-+        // algorithms.put("SHA256WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-+        // algorithms.put("SHA384WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-+        // algorithms.put("SHA512WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-+        // algorithms.put("RIPEMD160WITHPLAIN-ECDSA", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-+        // algorithms.put("SHA1WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-+        // algorithms.put("SHA224WITHPCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-+        // algorithms.put("SHA256WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-+        // algorithms.put("SHA384WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-+        // algorithms.put("SHA512WITHCVC-ECDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-+        // END android-removed
-         //
-         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field.
-         // The parameters field SHALL be NULL for RSA based signature algorithms.
-@@ -110,8 +120,10 @@
-         //
-         // RFC 4491
-         //
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // BEGIN android-removed
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // END android-removed
- 
-         //
-         // PKCS 1.5 encrypted  algorithms
-@@ -121,9 +133,11 @@
-         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha256WithRSAEncryption);
-         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha384WithRSAEncryption);
-         pkcs15RsaEncryption.add(PKCSObjectIdentifiers.sha512WithRSAEncryption);
--        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // BEGIN android-removed
-+        // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // pkcs15RsaEncryption.add(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // END android-removed
- 
-         //
-         // explicit params
-@@ -150,15 +164,19 @@
-         digestOids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, NISTObjectIdentifiers.id_sha256);
-         digestOids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, NISTObjectIdentifiers.id_sha384);
-         digestOids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, NISTObjectIdentifiers.id_sha512);
--        digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
--        digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-+        // BEGIN android-removed
-+        // digestOids.put(PKCSObjectIdentifiers.md2WithRSAEncryption, PKCSObjectIdentifiers.md2);
-+        // digestOids.put(PKCSObjectIdentifiers.md4WithRSAEncryption, PKCSObjectIdentifiers.md4);
-+        // END android-removed
-         digestOids.put(PKCSObjectIdentifiers.md5WithRSAEncryption, PKCSObjectIdentifiers.md5);
-         digestOids.put(PKCSObjectIdentifiers.sha1WithRSAEncryption, OIWObjectIdentifiers.idSHA1);
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
--        digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
--        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
--        digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-+        // BEGIN android-removed
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128, TeleTrusTObjectIdentifiers.ripemd128);
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160, TeleTrusTObjectIdentifiers.ripemd160);
-+        // digestOids.put(TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256, TeleTrusTObjectIdentifiers.ripemd256);
-+        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, CryptoProObjectIdentifiers.gostR3411);
-+        // digestOids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, CryptoProObjectIdentifiers.gostR3411);
-+        // END android-removed
-     }
- 
-     private static AlgorithmIdentifier generate(String signatureAlgorithm)
-@@ -221,4 +239,4 @@
-     {
-         return generate(sigAlgName);
-     }
--}
-\ No newline at end of file
-+}
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java bcpkix-jdk15on-152/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/operator/bc/BcDefaultDigestProvider.java	2013-09-26 18:06:21.000000000 +0000
-@@ -4,20 +4,26 @@
- import java.util.HashMap;
- import java.util.Map;
- 
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.crypto.ExtendedDigest;
--import org.bouncycastle.crypto.digests.GOST3411Digest;
--import org.bouncycastle.crypto.digests.MD2Digest;
--import org.bouncycastle.crypto.digests.MD4Digest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.GOST3411Digest;
-+// import org.bouncycastle.crypto.digests.MD2Digest;
-+// import org.bouncycastle.crypto.digests.MD4Digest;
-+// END android-removed
- import org.bouncycastle.crypto.digests.MD5Digest;
--import org.bouncycastle.crypto.digests.RIPEMD128Digest;
--import org.bouncycastle.crypto.digests.RIPEMD160Digest;
--import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-+// import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-+// END android-removed
- import org.bouncycastle.crypto.digests.SHA1Digest;
- import org.bouncycastle.crypto.digests.SHA224Digest;
- import org.bouncycastle.crypto.digests.SHA256Digest;
-@@ -76,48 +82,50 @@
-                 return new MD5Digest();
-             }
-         });
--        table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new MD4Digest();
--            }
--        });
--        table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new MD2Digest();
--            }
--        });
--        table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new GOST3411Digest();
--            }
--        });
--        table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new RIPEMD128Digest();
--            }
--        });
--        table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new RIPEMD160Digest();
--            }
--        });
--        table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
--        {
--            public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
--            {
--                return new RIPEMD256Digest();
--            }
--        });
-+        // BEGIN android-removed
-+        // table.put(PKCSObjectIdentifiers.md4, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new MD4Digest();
-+        //     }
-+        // });
-+        // table.put(PKCSObjectIdentifiers.md2, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new MD2Digest();
-+        //     }
-+        // });
-+        // table.put(CryptoProObjectIdentifiers.gostR3411, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new GOST3411Digest();
-+        //     }
-+        // });
-+        // table.put(TeleTrusTObjectIdentifiers.ripemd128, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new RIPEMD128Digest();
-+        //     }
-+        // });
-+        // table.put(TeleTrusTObjectIdentifiers.ripemd160, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new RIPEMD160Digest();
-+        //     }
-+        // });
-+        // table.put(TeleTrusTObjectIdentifiers.ripemd256, new BcDigestProvider()
-+        // {
-+        //     public ExtendedDigest get(AlgorithmIdentifier digestAlgorithmIdentifier)
-+        //     {
-+        //         return new RIPEMD256Digest();
-+        //     }
-+        // });
-+        // END android-removed
- 
-         return Collections.unmodifiableMap(table);
-     }
-diff -Naur bcpkix-jdk15on-152.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java bcpkix-jdk15on-152/org/bouncycastle/operator/jcajce/OperatorHelper.java
---- bcpkix-jdk15on-152.orig/org/bouncycastle/operator/jcajce/OperatorHelper.java	2015-03-01 12:03:46.000000000 +0000
-+++ bcpkix-jdk15on-152/org/bouncycastle/operator/jcajce/OperatorHelper.java	2015-04-09 13:10:16.000000000 +0000
-@@ -24,9 +24,11 @@
- import org.bouncycastle.asn1.ASN1Encodable;
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
--import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.kisa.KISAObjectIdentifiers;
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
-@@ -59,22 +61,26 @@
-         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
--        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
--        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224WITHPLAIN-ECDSA");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256WITHPLAIN-ECDSA");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384WITHPLAIN-ECDSA");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512WITHPLAIN-ECDSA");
--        oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160WITHPLAIN-ECDSA");
--        oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1WITHCVC-ECDSA");
--        oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224WITHCVC-ECDSA");
--        oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
--        oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
--        oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
-+        // BEGIN android-removed
-+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA1, "SHA1WITHPLAIN-ECDSA");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA224, "SHA224WITHPLAIN-ECDSA");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA256, "SHA256WITHPLAIN-ECDSA");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA384, "SHA384WITHPLAIN-ECDSA");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_SHA512, "SHA512WITHPLAIN-ECDSA");
-+        // oids.put(BSIObjectIdentifiers.ecdsa_plain_RIPEMD160, "RIPEMD160WITHPLAIN-ECDSA");
-+        // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_1, "SHA1WITHCVC-ECDSA");
-+        // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_224, "SHA224WITHCVC-ECDSA");
-+        // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_256, "SHA256WITHCVC-ECDSA");
-+        // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_384, "SHA384WITHCVC-ECDSA");
-+        // oids.put(EACObjectIdentifiers.id_TA_ECDSA_SHA_512, "SHA512WITHCVC-ECDSA");
-+        // END android-removed
- 
-         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
--        oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-+        // BEGIN android-removed
-+        // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-+        // END android-removed
-         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
-         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
diff --git a/patches/bcprov.patch b/patches/bcprov.patch
deleted file mode 100644
index ec0a653..0000000
--- a/patches/bcprov.patch
+++ /dev/null
@@ -1,9040 +0,0 @@
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Boolean.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Boolean.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Boolean.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Boolean.java	2014-07-28 19:51:54.000000000 +0000
-@@ -23,7 +23,9 @@
-     private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
-     private static final byte[] FALSE_VALUE = new byte[] { 0 };
- 
--    private byte[]         value;
-+    // BEGIN android-changed
-+    final private byte[]         value;
-+    // END android-changed
- 
-     public static final ASN1Boolean FALSE = new ASN1Boolean(false);
-     public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
-@@ -79,6 +81,17 @@
-         return (value != 0 ? TRUE : FALSE);
-     }
- 
-+    // BEGIN android-added
-+    /**
-+     * return a ASN1Boolean from the passed in array.
-+     */
-+    public static ASN1Boolean getInstance(
-+        byte[] octets)
-+    {
-+        return (octets[0] != 0) ? TRUE : FALSE;
-+    }
-+
-+    // END android-added
-     /**
-      * return a Boolean from a tagged object.
-      *
-@@ -105,7 +118,9 @@
-         }
-     }
- 
--    ASN1Boolean(
-+    // BEGIN android-changed
-+    protected ASN1Boolean(
-+    // END android-changed
-         byte[] value)
-     {
-         if (value.length != 1)
-@@ -131,8 +146,10 @@
-      * @deprecated use getInstance(boolean) method.
-      * @param value true or false.
-      */
--    public ASN1Boolean(
-+    // BEGIN android-changed
-+    protected ASN1Boolean(
-         boolean     value)
-+    // END android-changed
-     {
-         this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
-     }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Null.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Null.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1Null.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1Null.java	2014-07-28 19:51:54.000000000 +0000
-@@ -8,6 +8,12 @@
- public abstract class ASN1Null
-     extends ASN1Primitive
- {
-+    // BEGIN android-added
-+    /*package*/ ASN1Null()
-+    {
-+    }
-+
-+    // END android-added
-     /**
-      * Return an instance of ASN.1 NULL from the passed in object.
-      * <p>
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1ObjectIdentifier.java bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/ASN1ObjectIdentifier.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/ASN1ObjectIdentifier.java	2014-07-28 19:51:54.000000000 +0000
-@@ -152,7 +152,13 @@
-             }
-         }
- 
--        this.identifier = objId.toString();
-+        // BEGIN android-changed
-+        /*
-+         * Intern the identifier so there aren't hundreds of duplicates
-+         * (in practice).
-+         */
-+        this.identifier = objId.toString().intern();
-+        // END android-changed
-         this.body = Arrays.clone(bytes);
-     }
- 
-@@ -173,7 +179,13 @@
-             throw new IllegalArgumentException("string " + identifier + " not an OID");
-         }
- 
--        this.identifier = identifier;
-+        // BEGIN android-changed
-+        /*
-+         * Intern the identifier so there aren't hundreds of duplicates
-+         * (in practice).
-+         */
-+        this.identifier = identifier.intern();
-+        // END android-changed
-     }
- 
-      /**
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERNull.java bcprov-jdk15on-152/org/bouncycastle/asn1/DERNull.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERNull.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/DERNull.java	2013-01-31 02:26:40.000000000 +0000
-@@ -15,7 +15,9 @@
-     /**
-      * @deprecated use DERNull.INSTANCE
-      */
--    public DERNull()
-+    // BEGIN android-changed
-+    protected DERNull()
-+    // END android-changed
-     {
-     }
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERPrintableString.java bcprov-jdk15on-152/org/bouncycastle/asn1/DERPrintableString.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/DERPrintableString.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/DERPrintableString.java	2014-07-28 19:51:54.000000000 +0000
-@@ -12,7 +12,9 @@
-     extends ASN1Primitive
-     implements ASN1String
- {
--    private byte[]  string;
-+    // BEGIN android-changed
-+    private final byte[]  string;
-+    // END android-changed
- 
-     /**
-      * return a printable string from the passed in object.
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/StreamUtil.java bcprov-jdk15on-152/org/bouncycastle/asn1/StreamUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/StreamUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/StreamUtil.java	2014-05-05 17:17:14.000000000 +0000
-@@ -8,7 +8,9 @@
- 
- class StreamUtil
- {
--    private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-+    // BEGIN android-removed
-+    // private static final long  MAX_MEMORY = Runtime.getRuntime().maxMemory();
-+    // END android-removed
- 
-     /**
-      * Find out possible longest length...
-@@ -48,12 +50,15 @@
-             }
-         }
- 
--        if (MAX_MEMORY > Integer.MAX_VALUE)
-+        // BEGIN android-changed
-+        long maxMemory = Runtime.getRuntime().maxMemory();
-+        if (maxMemory > Integer.MAX_VALUE)
-         {
-             return Integer.MAX_VALUE;
-         }
- 
--        return (int)MAX_MEMORY;
-+        return (int) maxMemory;
-+        // END android-changed
-     }
- 
-     static int calculateBodyLength(
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/cms/ContentInfo.java bcprov-jdk15on-152/org/bouncycastle/asn1/cms/ContentInfo.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/cms/ContentInfo.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/cms/ContentInfo.java	2013-12-12 00:35:05.000000000 +0000
-@@ -28,7 +28,9 @@
-  */
- public class ContentInfo
-     extends ASN1Object
--    implements CMSObjectIdentifiers
-+    // BEGIN android-removed
-+    // implements CMSObjectIdentifiers
-+    // END android-removed
- {
-     private ASN1ObjectIdentifier contentType;
-     private ASN1Encodable        content;
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java bcprov-jdk15on-152/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/pkcs/PKCSObjectIdentifiers.java	2013-12-12 00:35:05.000000000 +0000
-@@ -13,10 +13,12 @@
-     static final ASN1ObjectIdentifier    pkcs_1                    = new ASN1ObjectIdentifier("1.2.840.113549.1.1");
-     /** PKCS#1: 1.2.840.113549.1.1.1 */
-     static final ASN1ObjectIdentifier    rsaEncryption             = pkcs_1.branch("1");
--    /** PKCS#1: 1.2.840.113549.1.1.2 */
--    static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
--    /** PKCS#1: 1.2.840.113549.1.1.3 */
--    static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
-+    // BEGIN android-removed
-+    // /** PKCS#1: 1.2.840.113549.1.1.2 */
-+    // static final ASN1ObjectIdentifier    md2WithRSAEncryption      = pkcs_1.branch("2");
-+    // /** PKCS#1: 1.2.840.113549.1.1.3 */
-+    // static final ASN1ObjectIdentifier    md4WithRSAEncryption      = pkcs_1.branch("3");
-+    // END android-removed
-     /** PKCS#1: 1.2.840.113549.1.1.4 */
-     static final ASN1ObjectIdentifier    md5WithRSAEncryption      = pkcs_1.branch("4");
-     /** PKCS#1: 1.2.840.113549.1.1.5 */
-@@ -96,15 +98,19 @@
-     // md2 OBJECT IDENTIFIER ::=
-     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 2}
-     //
--    /**  1.2.840.113549.2.2 */
--    static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
-+    // BEGIN android-removed
-+    // /**  1.2.840.113549.2.2 */
-+    // static final ASN1ObjectIdentifier    md2                    = digestAlgorithm.branch("2");
-+    // END android-removed
- 
-     //
-     // md4 OBJECT IDENTIFIER ::=
-     //      {iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}
-     //
--    /**  1.2.840.113549.2.4 */
--    static final ASN1ObjectIdentifier    md4                    = digestAlgorithm.branch("4");
-+    // BEGIN android-removed
-+    // /**  1.2.840.113549.2.4 */
-+    // static final ASN1ObjectIdentifier    md4                    = digestAlgorithm.branch("4");
-+    // END android-removed
- 
-     //
-     // md5 OBJECT IDENTIFIER ::=
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/AuthorityKeyIdentifier.java	2014-07-28 19:51:54.000000000 +0000
-@@ -14,7 +14,9 @@
- import org.bouncycastle.asn1.DERSequence;
- import org.bouncycastle.asn1.DERTaggedObject;
- import org.bouncycastle.crypto.Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- 
- /**
-  * The AuthorityKeyIdentifier object.
-@@ -106,7 +108,9 @@
-     public AuthorityKeyIdentifier(
-         SubjectPublicKeyInfo    spki)
-     {
--        Digest  digest = new SHA1Digest();
-+        // BEGIN android-changed
-+        Digest  digest = AndroidDigestFactory.getSHA1();
-+        // END android-changed
-         byte[]  resBuf = new byte[digest.getDigestSize()];
- 
-         byte[] bytes = spki.getPublicKeyData().getBytes();
-@@ -125,7 +129,9 @@
-         GeneralNames            name,
-         BigInteger              serialNumber)
-     {
--        Digest  digest = new SHA1Digest();
-+        // BEGIN android-changed
-+        Digest  digest = AndroidDigestFactory.getSHA1();
-+        // END android-changed
-         byte[]  resBuf = new byte[digest.getDigestSize()];
- 
-         byte[] bytes = spki.getPublicKeyData().getBytes();
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509Name.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509Name.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509Name.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509Name.java	2013-12-12 00:35:05.000000000 +0000
-@@ -255,8 +255,10 @@
-      */
-     public static final Hashtable SymbolLookUp = DefaultLookUp;
- 
--    private static final Boolean TRUE = new Boolean(true); // for J2ME compatibility
--    private static final Boolean FALSE = new Boolean(false);
-+    // BEGIN android-changed
-+    private static final Boolean TRUE = Boolean.TRUE;
-+    private static final Boolean FALSE = Boolean.FALSE;
-+    // END android-changed
- 
-     static
-     {
-@@ -446,7 +448,9 @@
-                            throw new IllegalArgumentException("cannot encode value");
-                        }
-                    }
--                   added.addElement((i != 0) ? TRUE : FALSE);  // to allow earlier JDK compatibility
-+                   // BEGIN android-changed
-+                   added.addElement(Boolean.valueOf(i != 0));
-+                   // END android-changed
-             }
-         }
-     }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509NameTokenizer.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x509/X509NameTokenizer.java	2013-05-25 02:14:15.000000000 +0000
-@@ -78,6 +78,17 @@
-                 }
-                 else
-                 {
-+                    // BEGIN android-added
-+                    // copied from a newer version of BouncyCastle
-+                    if (c == '#' && buf.charAt(buf.length() - 1) == '=')
-+                    {
-+                        buf.append('\\');
-+                    }
-+                    else if (c == '+' && separator != '+')
-+                    {
-+                        buf.append('\\');
-+                    }
-+                    // END android-added
-                     buf.append(c);
-                 }
-             }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x9/ECNamedCurveTable.java bcprov-jdk15on-152/org/bouncycastle/asn1/x9/ECNamedCurveTable.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/asn1/x9/ECNamedCurveTable.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/asn1/x9/ECNamedCurveTable.java	2014-07-28 19:51:54.000000000 +0000
-@@ -6,7 +6,9 @@
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.nist.NISTNamedCurves;
- import org.bouncycastle.asn1.sec.SECNamedCurves;
--import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-+// END android-removed
- 
- /**
-  * A general class that reads all X9.62 style EC curve tables.
-@@ -30,10 +32,12 @@
-             ecP = SECNamedCurves.getByName(name);
-         }
- 
--        if (ecP == null)
--        {
--            ecP = TeleTrusTNamedCurves.getByName(name);
--        }
-+        // BEGIN android-removed
-+        // if (ecP == null)
-+        // {
-+        //     ecP = TeleTrusTNamedCurves.getByName(name);
-+        // }
-+        // END android-removed
- 
-         if (ecP == null)
-         {
-@@ -59,10 +63,12 @@
-             oid = SECNamedCurves.getOID(name);
-         }
- 
--        if (oid == null)
--        {
--            oid = TeleTrusTNamedCurves.getOID(name);
--        }
-+        // BEGIN android-removed
-+        // if (oid == null)
-+        // {
-+        //     oid = TeleTrusTNamedCurves.getOID(name);
-+        // }
-+        // END android-removed
- 
-         if (oid == null)
-         {
-@@ -89,10 +95,12 @@
-             ecP = SECNamedCurves.getByOID(oid);
-         }
- 
--        if (ecP == null)
--        {
--            ecP = TeleTrusTNamedCurves.getByOID(oid);
--        }
-+        // BEGIN android-removed
-+        // if (ecP == null)
-+        // {
-+        //     ecP = TeleTrusTNamedCurves.getByOID(oid);
-+        // }
-+        // END android-removed
- 
-         // NOTE: All the NIST curves are currently from SEC, so no point in redundant OID lookup
- 
-@@ -111,7 +119,9 @@
-         addEnumeration(v, X962NamedCurves.getNames());
-         addEnumeration(v, SECNamedCurves.getNames());
-         addEnumeration(v, NISTNamedCurves.getNames());
--        addEnumeration(v, TeleTrusTNamedCurves.getNames());
-+        // BEGIN android-removed
-+        // addEnumeration(v, TeleTrusTNamedCurves.getNames());
-+        // END android-removed
- 
-         return v.elements();
-     }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java bcprov-jdk15on-152/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java	2015-07-07 18:14:00.000000000 +0000
-@@ -6,6 +6,9 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
-+// BEGIN android-added
-+import org.bouncycastle.math.ec.ECCurve;
-+// END android-added
- import org.bouncycastle.math.ec.ECPoint;
- 
- /**
-@@ -41,8 +44,23 @@
-     public BigInteger calculateAgreement(
-         CipherParameters pubKey)
-     {
--        ECPublicKeyParameters pub = (ECPublicKeyParameters)pubKey;
--        ECPoint P = pub.getQ().multiply(key.getD()).normalize();
-+        // BEGIN android-changed
-+        ECPoint peerPoint = ((ECPublicKeyParameters) pubKey).getQ();
-+        ECCurve myCurve = key.getParameters().getCurve();
-+        if (peerPoint.isInfinity()) {
-+          throw new IllegalStateException("Infinity is not a valid public key for ECDH");
-+        }
-+        try {
-+          myCurve.validatePoint(peerPoint.getXCoord().toBigInteger(),
-+              peerPoint.getYCoord().toBigInteger());
-+        } catch (IllegalArgumentException ex) {
-+          throw new IllegalStateException("The peer public key must be on the curve for ECDH");
-+        }
-+        // Explicitly construct a public key using the private key's curve.
-+        ECPoint pubPoint = myCurve.createPoint(peerPoint.getXCoord().toBigInteger(),
-+            peerPoint.getYCoord().toBigInteger());
-+        ECPoint P = pubPoint.multiply(key.getD()).normalize();
-+        // END android-changed
- 
-         if (P.isInfinity())
-         {
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactory.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactory.java	2013-09-26 18:06:21.000000000 +0000
-@@ -0,0 +1,87 @@
-+/*
-+ * Copyright (C) 2012 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.crypto.digests;
-+
-+import org.bouncycastle.crypto.Digest;
-+
-+/**
-+ * Level of indirection to let us select OpenSSLDigest implementations
-+ * for libcore but fallback to BouncyCastle ones on the RI.
-+ */
-+public final class AndroidDigestFactory {
-+    private static final String OpenSSLFactoryClassName
-+            = AndroidDigestFactory.class.getName() + "OpenSSL";
-+    private static final String BouncyCastleFactoryClassName
-+            = AndroidDigestFactory.class.getName() + "BouncyCastle";
-+
-+    private static final AndroidDigestFactoryInterface FACTORY;
-+    static {
-+        Class factoryImplementationClass;
-+        try {
-+            factoryImplementationClass = Class.forName(OpenSSLFactoryClassName);
-+            // Double check for NativeCrypto in case we are running on RI for testing
-+            Class.forName("com.android.org.conscrypt.NativeCrypto");
-+        } catch (ClassNotFoundException e1) {
-+            try {
-+                factoryImplementationClass = Class.forName(BouncyCastleFactoryClassName);
-+            } catch (ClassNotFoundException e2) {
-+                AssertionError e = new AssertionError("Failed to load "
-+                                         + "AndroidDigestFactoryInterface "
-+                                         + "implementation. Looked for "
-+                                         + OpenSSLFactoryClassName + " and "
-+                                         + BouncyCastleFactoryClassName);
-+                e.initCause(e1);
-+                throw e;
-+            }
-+        }
-+        if (!AndroidDigestFactoryInterface.class.isAssignableFrom(factoryImplementationClass)) {
-+            throw new AssertionError(factoryImplementationClass
-+                                     + "does not implement AndroidDigestFactoryInterface");
-+        }
-+        try {
-+            FACTORY = (AndroidDigestFactoryInterface) factoryImplementationClass.newInstance();
-+        } catch (InstantiationException e) {
-+            throw new AssertionError(e);
-+        } catch (IllegalAccessException e) {
-+            throw new AssertionError(e);
-+        }
-+    }
-+
-+    public static Digest getMD5() {
-+        return FACTORY.getMD5();
-+    }
-+
-+    public static Digest getSHA1() {
-+        return FACTORY.getSHA1();
-+    }
-+
-+    public static Digest getSHA224() {
-+        return FACTORY.getSHA224();
-+    }
-+
-+    public static Digest getSHA256() {
-+        return FACTORY.getSHA256();
-+    }
-+
-+    public static Digest getSHA384() {
-+        return FACTORY.getSHA384();
-+    }
-+
-+    public static Digest getSHA512() {
-+        return FACTORY.getSHA512();
-+    }
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryBouncyCastle.java	2013-09-26 18:06:21.000000000 +0000
-@@ -0,0 +1,40 @@
-+/*
-+ * Copyright (C) 2012 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.crypto.digests;
-+
-+import org.bouncycastle.crypto.Digest;
-+
-+public class AndroidDigestFactoryBouncyCastle implements AndroidDigestFactoryInterface {
-+    public Digest getMD5() {
-+        return new MD5Digest();
-+    }
-+    public Digest getSHA1() {
-+        return new SHA1Digest();
-+    }
-+    public Digest getSHA224() {
-+        return new SHA224Digest();
-+    }
-+    public Digest getSHA256() {
-+        return new SHA256Digest();
-+    }
-+    public Digest getSHA384() {
-+        return new SHA384Digest();
-+    }
-+    public Digest getSHA512() {
-+        return new SHA512Digest();
-+    }
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryInterface.java	2013-09-26 18:06:21.000000000 +0000
-@@ -0,0 +1,28 @@
-+/*
-+ * Copyright (C) 2012 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.crypto.digests;
-+
-+import org.bouncycastle.crypto.Digest;
-+
-+interface AndroidDigestFactoryInterface {
-+    public Digest getMD5();
-+    public Digest getSHA1();
-+    public Digest getSHA224();
-+    public Digest getSHA256();
-+    public Digest getSHA384();
-+    public Digest getSHA512();
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/AndroidDigestFactoryOpenSSL.java	2013-09-26 18:06:21.000000000 +0000
-@@ -0,0 +1,40 @@
-+/*
-+ * Copyright (C) 2012 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.crypto.digests;
-+
-+import org.bouncycastle.crypto.Digest;
-+
-+public class AndroidDigestFactoryOpenSSL implements AndroidDigestFactoryInterface {
-+    public Digest getMD5() {
-+        return new OpenSSLDigest.MD5();
-+    }
-+    public Digest getSHA1() {
-+        return new OpenSSLDigest.SHA1();
-+    }
-+    public Digest getSHA224() {
-+        return new OpenSSLDigest.SHA224();
-+    }
-+    public Digest getSHA256() {
-+        return new OpenSSLDigest.SHA256();
-+    }
-+    public Digest getSHA384() {
-+        return new OpenSSLDigest.SHA384();
-+    }
-+    public Digest getSHA512() {
-+        return new OpenSSLDigest.SHA512();
-+    }
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java bcprov-jdk15on-152/org/bouncycastle/crypto/digests/OpenSSLDigest.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/digests/OpenSSLDigest.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/digests/OpenSSLDigest.java	2014-02-27 18:09:19.000000000 +0000
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (C) 2008 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.crypto.digests;
-+
-+import org.bouncycastle.crypto.ExtendedDigest;
-+import org.bouncycastle.jcajce.provider.keystore.bc.BcKeyStoreSpi;
-+import java.security.DigestException;
-+import java.security.MessageDigest;
-+
-+/**
-+ * Implements the BouncyCastle Digest interface using OpenSSL's EVP API. This
-+ * must be an ExtendedDigest for {@link BcKeyStoreSpi} to be able to use it.
-+ */
-+public class OpenSSLDigest implements ExtendedDigest {
-+    private final MessageDigest delegate;
-+
-+    private final int byteSize;
-+
-+    public OpenSSLDigest(String algorithm, int byteSize) {
-+        try {
-+            delegate = MessageDigest.getInstance(algorithm, "AndroidOpenSSL");
-+            this.byteSize = byteSize;
-+        } catch (Exception e) {
-+            throw new RuntimeException(e);
-+        }
-+    }
-+
-+    public String getAlgorithmName() {
-+        return delegate.getAlgorithm();
-+    }
-+
-+    public int getDigestSize() {
-+        return delegate.getDigestLength();
-+    }
-+
-+    public int getByteLength() {
-+        return byteSize;
-+    }
-+
-+    public void reset() {
-+        delegate.reset();
-+    }
-+
-+    public void update(byte in) {
-+        delegate.update(in);
-+    }
-+
-+    public void update(byte[] in, int inOff, int len) {
-+        delegate.update(in, inOff, len);
-+    }
-+
-+    public int doFinal(byte[] out, int outOff) {
-+        try {
-+            return delegate.digest(out, outOff, out.length - outOff);
-+        } catch (DigestException e) {
-+            throw new RuntimeException(e);
-+        }
-+    }
-+
-+    public static class MD5 extends OpenSSLDigest {
-+        public MD5() { super("MD5", 64); }
-+    }
-+
-+    public static class SHA1 extends OpenSSLDigest {
-+        public SHA1() { super("SHA-1", 64); }
-+    }
-+
-+    public static class SHA224 extends OpenSSLDigest {
-+        public SHA224() { super("SHA-224", 64); }
-+    }
-+
-+    public static class SHA256 extends OpenSSLDigest {
-+        public SHA256() { super("SHA-256", 64); }
-+    }
-+
-+    public static class SHA384 extends OpenSSLDigest {
-+        public SHA384() { super("SHA-384", 128); }
-+    }
-+
-+    public static class SHA512 extends OpenSSLDigest {
-+        public SHA512() { super("SHA-512", 128); }
-+    }
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/ec/CustomNamedCurves.java bcprov-jdk15on-152/org/bouncycastle/crypto/ec/CustomNamedCurves.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/ec/CustomNamedCurves.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/ec/CustomNamedCurves.java	2014-07-28 19:51:54.000000000 +0000
-@@ -10,7 +10,9 @@
- import org.bouncycastle.asn1.x9.X9ECParametersHolder;
- import org.bouncycastle.math.ec.ECCurve;
- import org.bouncycastle.math.ec.ECPoint;
--import org.bouncycastle.math.ec.custom.djb.Curve25519;
-+// BEGIN android-removed
-+// import org.bouncycastle.math.ec.custom.djb.Curve25519;
-+// END android-removed
- import org.bouncycastle.math.ec.custom.sec.SecP192K1Curve;
- import org.bouncycastle.math.ec.custom.sec.SecP192R1Curve;
- import org.bouncycastle.math.ec.custom.sec.SecP224K1Curve;
-@@ -36,32 +38,34 @@
-         return c.configure().setEndomorphism(new GLVTypeBEndomorphism(c, p)).create();
-     }
- 
--    /*
--     * curve25519
--     */
--    static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
--    {
--        protected X9ECParameters createParameters()
--        {
--            byte[] S = null;
--            ECCurve curve = configureCurve(new Curve25519());
--
--            /*
--             * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
--             * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
--             * 
--             * The Curve25519 paper doesn't say which of the two possible y values the base
--             * point has. The choice here is guided by language in the Ed25519 paper.
--             * 
--             * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
--             */
--            ECPoint G = curve.decodePoint(Hex.decode("04"
--                + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
--                + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
--
--            return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
--        }
--    };
-+    // BEGIN android-removed
-+    // /*
-+    //  * curve25519
-+    //  */
-+    // static X9ECParametersHolder curve25519 = new X9ECParametersHolder()
-+    // {
-+    //     protected X9ECParameters createParameters()
-+    //     {
-+    //         byte[] S = null;
-+    //         ECCurve curve = configureCurve(new Curve25519());
-+    //
-+    //         /*
-+    //          * NOTE: Curve25519 was specified in Montgomery form. Rewriting in Weierstrass form
-+    //          * involves substitution of variables, so the base-point x coordinate is 9 + (486662 / 3).
-+    //          * 
-+    //          * The Curve25519 paper doesn't say which of the two possible y values the base
-+    //          * point has. The choice here is guided by language in the Ed25519 paper.
-+    //          * 
-+    //          * (The other possible y value is 5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14) 
-+    //          */
-+    //         ECPoint G = curve.decodePoint(Hex.decode("04"
-+    //             + "2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A"
-+    //             + "20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9"));
-+    //
-+    //         return new X9ECParameters(curve, G, curve.getOrder(), curve.getCofactor(), S);
-+    //     }
-+    // };
-+    // END android-removed
- 
-     /*
-      * secp192k1
-@@ -254,7 +258,9 @@
- 
-     static
-     {
--        defineCurve("curve25519", curve25519);
-+        // BEGIN android-removed
-+        // defineCurve("curve25519", curve25519);
-+        // END android-removed
- 
-         defineCurveWithOID("secp192k1", SECObjectIdentifiers.secp192k1, secp192k1);
-         defineCurveWithOID("secp192r1", SECObjectIdentifiers.secp192r1, secp192r1);
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/OAEPEncoding.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/OAEPEncoding.java	2013-05-25 02:14:15.000000000 +0000
-@@ -6,7 +6,9 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.InvalidCipherTextException;
--import org.bouncycastle.crypto.digests.SHA1Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- import org.bouncycastle.crypto.params.ParametersWithRandom;
- 
- /**
-@@ -25,7 +27,9 @@
-     public OAEPEncoding(
-         AsymmetricBlockCipher   cipher)
-     {
--        this(cipher, new SHA1Digest(), null);
-+        // BEGIN android-changed
-+        this(cipher, AndroidDigestFactory.getSHA1(), null);
-+        // END android-changed
-     }
-     
-     public OAEPEncoding(
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/PKCS1Encoding.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/encodings/PKCS1Encoding.java	2015-04-09 13:10:16.000000000 +0000
-@@ -378,6 +378,12 @@
-                 throw new InvalidCipherTextException("unknown block type");
-             }
-         }
-+        // BEGIN android-added
-+        if ((type == 1 && forPrivateKey) || (type == 2 && !forPrivateKey))
-+        {
-+            throw new InvalidCipherTextException("invalid block type " + type);
-+        }
-+        // END android-added
- 
-         if (useStrictLength && block.length != engine.getOutputBlockSize())
-         {
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java bcprov-jdk15on-152/org/bouncycastle/crypto/engines/DESedeWrapEngine.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/engines/DESedeWrapEngine.java	2014-07-28 19:51:54.000000000 +0000
-@@ -6,7 +6,9 @@
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.InvalidCipherTextException;
- import org.bouncycastle.crypto.Wrapper;
--import org.bouncycastle.crypto.digests.SHA1Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
-@@ -52,7 +54,9 @@
-     //
-     // checksum digest
-     //
--    Digest  sha1 = new SHA1Digest();
-+    // BEGIN android-changed
-+    Digest  sha1 = AndroidDigestFactory.getSHA1();
-+    // END android-changed
-     byte[]  digest = new byte[20];
- 
-    /**
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DHParametersHelper.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DHParametersHelper.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DHParametersHelper.java	2014-07-28 19:51:54.000000000 +0000
-@@ -3,11 +3,18 @@
- import java.math.BigInteger;
- import java.security.SecureRandom;
- 
-+// BEGIN android-added
-+import java.util.logging.Logger;
-+// END android-added
- import org.bouncycastle.math.ec.WNafUtil;
- import org.bouncycastle.util.BigIntegers;
- 
- class DHParametersHelper
- {
-+    // BEGIN android-added
-+    private static final Logger logger = Logger.getLogger(DHParametersHelper.class.getName());
-+    // END android-added
-+
-     private static final BigInteger ONE = BigInteger.valueOf(1);
-     private static final BigInteger TWO = BigInteger.valueOf(2);
- 
-@@ -18,12 +25,20 @@
-      */
-     static BigInteger[] generateSafePrimes(int size, int certainty, SecureRandom random)
-     {
-+        // BEGIN android-added
-+        logger.info("Generating safe primes. This may take a long time.");
-+        long start = System.currentTimeMillis();
-+        int tries = 0;
-+        // END android-added
-         BigInteger p, q;
-         int qLength = size - 1;
-         int minWeight = size >>> 2;
- 
-         for (;;)
-         {
-+            // BEGIN android-added
-+            tries++;
-+            // END android-added
-             q = new BigInteger(qLength, 2, random);
- 
-             // p <- 2q + 1
-@@ -52,6 +67,11 @@
- 
-             break;
-         }
-+        // BEGIN android-added
-+        long end = System.currentTimeMillis();
-+        long duration = end - start;
-+        logger.info("Generated safe primes: " + tries + " tries took " + duration + "ms");
-+        // END android-added
- 
-         return new BigInteger[] { p, q };
-     }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/DSAParametersGenerator.java	2014-07-28 19:51:54.000000000 +0000
-@@ -4,7 +4,9 @@
- import java.security.SecureRandom;
- 
- import org.bouncycastle.crypto.Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- import org.bouncycastle.crypto.params.DSAParameterGenerationParameters;
- import org.bouncycastle.crypto.params.DSAParameters;
- import org.bouncycastle.crypto.params.DSAValidationParameters;
-@@ -31,7 +33,9 @@
- 
-     public DSAParametersGenerator()
-     {
--        this(new SHA1Digest());
-+        // BEGIN android-changed
-+        this(AndroidDigestFactory.getSHA1());
-+        // END android-changed
-     }
- 
-     public DSAParametersGenerator(Digest digest)
-@@ -122,7 +126,9 @@
-         int             n = (L - 1) / 160;
-         byte[]          w = new byte[L / 8];
- 
--        if (!(digest instanceof SHA1Digest))
-+        // BEGIN android-changed
-+        if (!(digest.getAlgorithmName().equals("SHA-1")))
-+        // END android-changed
-         {
-             throw new IllegalStateException("can only use SHA-1 for generating FIPS 186-2 parameters");
-         }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/OpenSSLPBEParametersGenerator.java	2012-09-17 23:04:47.000000000 +0000
-@@ -3,7 +3,9 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.PBEParametersGenerator;
--import org.bouncycastle.crypto.digests.MD5Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
- 
-@@ -17,7 +19,9 @@
- public class OpenSSLPBEParametersGenerator
-     extends PBEParametersGenerator
- {
--    private Digest  digest = new MD5Digest();
-+    // BEGIN android-changed
-+    private Digest  digest = AndroidDigestFactory.getMD5();
-+    // END android-changed
- 
-     /**
-      * Construct a OpenSSL Parameters generator. 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java bcprov-jdk15on-152/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/generators/PKCS5S2ParametersGenerator.java	2013-12-12 00:35:05.000000000 +0000
-@@ -4,7 +4,9 @@
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.Mac;
- import org.bouncycastle.crypto.PBEParametersGenerator;
--import org.bouncycastle.crypto.digests.SHA1Digest;
-+// BEGIN android-changed
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-changed
- import org.bouncycastle.crypto.macs.HMac;
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
-@@ -28,7 +30,9 @@
-      */
-     public PKCS5S2ParametersGenerator()
-     {
--        this(new SHA1Digest());
-+        // BEGIN android-changed
-+        this(AndroidDigestFactory.getSHA1());
-+        // END android-changed
-     }
- 
-     public PKCS5S2ParametersGenerator(Digest digest)
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/macs/HMac.java bcprov-jdk15on-152/org/bouncycastle/crypto/macs/HMac.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/macs/HMac.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/macs/HMac.java	2013-09-26 18:06:21.000000000 +0000
-@@ -36,14 +36,18 @@
-     {
-         blockLengths = new Hashtable();
-         
--        blockLengths.put("GOST3411", Integers.valueOf(32));
--        
--        blockLengths.put("MD2", Integers.valueOf(16));
--        blockLengths.put("MD4", Integers.valueOf(64));
-+        // BEGIN android-removed
-+        // blockLengths.put("GOST3411", Integers.valueOf(32));
-+        //
-+        // blockLengths.put("MD2", Integers.valueOf(16));
-+        // blockLengths.put("MD4", Integers.valueOf(64));
-+        // END android-removed
-         blockLengths.put("MD5", Integers.valueOf(64));
-         
--        blockLengths.put("RIPEMD128", Integers.valueOf(64));
--        blockLengths.put("RIPEMD160", Integers.valueOf(64));
-+        // BEGIN android-removed
-+        // blockLengths.put("RIPEMD128", Integers.valueOf(64));
-+        // blockLengths.put("RIPEMD160", Integers.valueOf(64));
-+        // END android-removed
-         
-         blockLengths.put("SHA-1", Integers.valueOf(64));
-         blockLengths.put("SHA-224", Integers.valueOf(64));
-@@ -51,8 +55,10 @@
-         blockLengths.put("SHA-384", Integers.valueOf(128));
-         blockLengths.put("SHA-512", Integers.valueOf(128));
-         
--        blockLengths.put("Tiger", Integers.valueOf(64));
--        blockLengths.put("Whirlpool", Integers.valueOf(64));
-+        // BEGIN android-removed
-+        // blockLengths.put("Tiger", Integers.valueOf(64));
-+        // blockLengths.put("Whirlpool", Integers.valueOf(64));
-+        // END android-removed
-     }
-     
-     private static int getByteLength(
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/modes/GCMBlockCipher.java bcprov-jdk15on-152/org/bouncycastle/crypto/modes/GCMBlockCipher.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/modes/GCMBlockCipher.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/modes/GCMBlockCipher.java	2015-11-12 22:10:47.000000000 +0000
-@@ -24,6 +24,11 @@
-     implements AEADBlockCipher
- {
-     private static final int BLOCK_SIZE = 16;
-+    // BEGIN android-added
-+    // 2^36-32 : limitation imposed by NIST GCM as otherwise the counter is wrapped and it can leak
-+    // plaintext and authentication key
-+    private static final long MAX_INPUT_SIZE = 68719476704L;
-+    // END android-added
- 
-     // not final due to a compiler bug
-     private BlockCipher   cipher;
-@@ -202,6 +207,14 @@
-         return totalData < macSize ? 0 : totalData - macSize;
-     }
- 
-+    // BEGIN android-added
-+    /** Helper used to ensure that {@link #MAX_INPUT_SIZE} is not exceeded. */
-+    private long getTotalInputSizeAfterNewInput(int newInputLen)
-+    {
-+        return totalLength + newInputLen + bufOff;
-+    }
-+    // END android-added
-+
-     public int getUpdateOutputSize(int len)
-     {
-         int totalData = len + bufOff;
-@@ -218,6 +231,11 @@
- 
-     public void processAADByte(byte in)
-     {
-+        // BEGIN android-added
-+        if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
-+            throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
-+        }
-+        // END android-added
-         atBlock[atBlockPos] = in;
-         if (++atBlockPos == BLOCK_SIZE)
-         {
-@@ -230,6 +248,11 @@
- 
-     public void processAADBytes(byte[] in, int inOff, int len)
-     {
-+        // BEGIN android-added
-+        if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
-+            throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
-+        }
-+        // END android-added
-         for (int i = 0; i < len; ++i)
-         {
-             atBlock[atBlockPos] = in[inOff + i];
-@@ -267,6 +290,11 @@
-     public int processByte(byte in, byte[] out, int outOff)
-         throws DataLengthException
-     {
-+        // BEGIN android-added
-+        if (getTotalInputSizeAfterNewInput(1) > MAX_INPUT_SIZE) {
-+            throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
-+        }
-+        // END android-added
-         bufBlock[bufOff] = in;
-         if (++bufOff == bufBlock.length)
-         {
-@@ -279,6 +307,11 @@
-     public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
-         throws DataLengthException
-     {
-+        // BEGIN android-added
-+        if (getTotalInputSizeAfterNewInput(len) > MAX_INPUT_SIZE) {
-+            throw new DataLengthException("Input exceeded " + MAX_INPUT_SIZE + " bytes");
-+        }
-+        // END android-added
-         if (in.length < (inOff + len))
-         {
-             throw new DataLengthException("Input buffer too short");
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java bcprov-jdk15on-152/org/bouncycastle/crypto/signers/RSADigestSigner.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/signers/RSADigestSigner.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/signers/RSADigestSigner.java	2015-04-09 13:10:16.000000000 +0000
-@@ -39,9 +39,11 @@
-      */
-     static
-     {
--        oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
--        oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
--        oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-+        // BEGIN android-removed
-+        // oidMap.put("RIPEMD128", TeleTrusTObjectIdentifiers.ripemd128);
-+        // oidMap.put("RIPEMD160", TeleTrusTObjectIdentifiers.ripemd160);
-+        // oidMap.put("RIPEMD256", TeleTrusTObjectIdentifiers.ripemd256);
-+        // END android-removed
- 
-         oidMap.put("SHA-1", X509ObjectIdentifiers.id_SHA1);
-         oidMap.put("SHA-224", NISTObjectIdentifiers.id_sha224);
-@@ -51,8 +53,10 @@
-         oidMap.put("SHA-512/224", NISTObjectIdentifiers.id_sha512_224);
-         oidMap.put("SHA-512/256", NISTObjectIdentifiers.id_sha512_256);
- 
--        oidMap.put("MD2", PKCSObjectIdentifiers.md2);
--        oidMap.put("MD4", PKCSObjectIdentifiers.md4);
-+        // BEGIN android-removed
-+        // oidMap.put("MD2", PKCSObjectIdentifiers.md2);
-+        // oidMap.put("MD4", PKCSObjectIdentifiers.md4);
-+        // END android-removed
-         oidMap.put("MD5", PKCSObjectIdentifiers.md5);
-     }
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/util/PrivateKeyFactory.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/util/PrivateKeyFactory.java	2014-07-28 19:51:54.000000000 +0000
-@@ -9,7 +9,9 @@
- import org.bouncycastle.asn1.ASN1Integer;
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.ASN1Primitive;
--import org.bouncycastle.asn1.oiw.ElGamalParameter;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
-+// END android-removed
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.DHParameter;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -31,8 +33,10 @@
- import org.bouncycastle.crypto.params.ECDomainParameters;
- import org.bouncycastle.crypto.params.ECNamedDomainParameters;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
--import org.bouncycastle.crypto.params.ElGamalParameters;
--import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ElGamalParameters;
-+// import org.bouncycastle.crypto.params.ElGamalPrivateKeyParameters;
-+// END android-removed
- import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
- 
- /**
-@@ -98,14 +102,16 @@
- 
-             return new DHPrivateKeyParameters(derX.getValue(), dhParams);
-         }
--        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
--        {
--            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
--            ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
--
--            return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
--                params.getP(), params.getG()));
--        }
-+        // BEGIN android-removed
-+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-+        // {
-+        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-+        //     ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-+        //
-+        //     return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
-+        //         params.getP(), params.getG()));
-+        // }
-+        // END android-removed
-         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa))
-         {
-             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java bcprov-jdk15on-152/org/bouncycastle/crypto/util/PublicKeyFactory.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/crypto/util/PublicKeyFactory.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/crypto/util/PublicKeyFactory.java	2014-07-28 19:51:54.000000000 +0000
-@@ -11,7 +11,9 @@
- import org.bouncycastle.asn1.ASN1OctetString;
- import org.bouncycastle.asn1.ASN1Primitive;
- import org.bouncycastle.asn1.DEROctetString;
--import org.bouncycastle.asn1.oiw.ElGamalParameter;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.oiw.ElGamalParameter;
-+// END android-removed
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.DHParameter;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -38,8 +40,10 @@
- import org.bouncycastle.crypto.params.ECDomainParameters;
- import org.bouncycastle.crypto.params.ECNamedDomainParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
--import org.bouncycastle.crypto.params.ElGamalParameters;
--import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ElGamalParameters;
-+// import org.bouncycastle.crypto.params.ElGamalPublicKeyParameters;
-+// END android-removed
- import org.bouncycastle.crypto.params.RSAKeyParameters;
- 
- /**
-@@ -133,14 +137,16 @@
- 
-             return new DHPublicKeyParameters(derY.getValue(), dhParams);
-         }
--        else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
--        {
--            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
--            ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
--
--            return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
--                params.getP(), params.getG()));
--        }
-+        // BEGIN android-removed
-+        // else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
-+        // {
-+        //     ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
-+        //     ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
-+        //
-+        //     return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-+        //         params.getP(), params.getG()));
-+        // }
-+        // END android-removed
-         else if (algId.getAlgorithm().equals(X9ObjectIdentifiers.id_dsa)
-             || algId.getAlgorithm().equals(OIWObjectIdentifiers.dsaWithSHA1))
-         {
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DH.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DH.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DH.java	2014-07-28 19:51:54.000000000 +0000
-@@ -35,10 +35,12 @@
- 
-             provider.addAlgorithm("AlgorithmParameterGenerator.DH", PREFIX + "AlgorithmParameterGeneratorSpi");
-             
--            provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
--            provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES");
--            provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES");
--            provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.DHIES", PREFIX + "IESCipher$IES");
-+            // provider.addAlgorithm("Cipher.DHIESwithAES", PREFIX + "IESCipher$IESwithAES");
-+            // provider.addAlgorithm("Cipher.DHIESWITHAES", PREFIX + "IESCipher$IESwithAES");
-+            // provider.addAlgorithm("Cipher.DHIESWITHDESEDE", PREFIX + "IESCipher$IESwithDESede");
-+            // END android-removed
- 
-             registerOid(provider, PKCSObjectIdentifiers.dhKeyAgreement, "DH", new KeyFactorySpi());
-             registerOid(provider, X9ObjectIdentifiers.dhpublicnumber, "DH", new KeyFactorySpi());
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/DSA.java	2015-06-01 19:10:55.000000000 +0000
-@@ -27,40 +27,55 @@
-             provider.addAlgorithm("KeyPairGenerator.DSA", PREFIX + "KeyPairGeneratorSpi");
-             provider.addAlgorithm("KeyFactory.DSA", PREFIX + "KeyFactorySpi");
- 
--            provider.addAlgorithm("Signature.DSA", PREFIX + "DSASigner$stdDSA");
-+            // BEGIN android-changed
-+            provider.addAlgorithm("Signature.SHA1withDSA", PREFIX + "DSASigner$stdDSA");
-+            // END android-changed
-             provider.addAlgorithm("Signature.NONEWITHDSA", PREFIX + "DSASigner$noneDSA");
- 
-             provider.addAlgorithm("Alg.Alias.Signature.RAWDSA", "NONEWITHDSA");
- 
--            provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
--            provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
--            provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
--            provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
--            provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
--            provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Signature.DETDSA", PREFIX + "DSASigner$detDSA");
-+            // provider.addAlgorithm("Signature.SHA1WITHDETDSA", PREFIX + "DSASigner$detDSA");
-+            // provider.addAlgorithm("Signature.SHA224WITHDETDSA", PREFIX + "DSASigner$detDSA224");
-+            // provider.addAlgorithm("Signature.SHA256WITHDETDSA", PREFIX + "DSASigner$detDSA256");
-+            // provider.addAlgorithm("Signature.SHA384WITHDETDSA", PREFIX + "DSASigner$detDSA384");
-+            // provider.addAlgorithm("Signature.SHA512WITHDETDSA", PREFIX + "DSASigner$detDSA512");
-+            // END android-removed
- 
-             addSignatureAlgorithm(provider, "SHA224", "DSA", PREFIX + "DSASigner$dsa224", NISTObjectIdentifiers.dsa_with_sha224);
-             addSignatureAlgorithm(provider, "SHA256", "DSA", PREFIX + "DSASigner$dsa256", NISTObjectIdentifiers.dsa_with_sha256);
--            addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
--            addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
--
--            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "DSA");
--            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "DSA");
--
--            provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-+            // BEGIN android-removed
-+            // addSignatureAlgorithm(provider, "SHA384", "DSA", PREFIX + "DSASigner$dsa384", NISTObjectIdentifiers.dsa_with_sha384);
-+            // addSignatureAlgorithm(provider, "SHA512", "DSA", PREFIX + "DSASigner$dsa512", NISTObjectIdentifiers.dsa_with_sha512);
-+            // END android-removed
-+
-+            // BEGIN android-added
-+            provider.addAlgorithm("Alg.Alias.Signature.DSA", "SHA1withDSA");
-+            // END android-added
-+            // BEGIN android-changed
-+            provider.addAlgorithm("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.SHA1withDSA", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHDSA", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.DSAwithSHA1", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.DSAWITHSHA1", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.SHA1WithDSA", "SHA1withDSA");
-+            provider.addAlgorithm("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
-+            // END android-changed
-+
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10040.4.3", "DSA");
-+            // END android-removed
- 
-             AsymmetricKeyInfoConverter keyFact = new KeyFactorySpi();
- 
-             for (int i = 0; i != DSAUtil.dsaOids.length; i++)
-             {
--                provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "DSA");
-+                // BEGIN android-changed
-+                provider.addAlgorithm("Alg.Alias.Signature." + DSAUtil.dsaOids[i], "SHA1withDSA");
-+                // END android-changed
- 
-                 registerOid(provider, DSAUtil.dsaOids[i], "DSA", keyFact);
-                 registerOidAlgorithmParameters(provider, DSAUtil.dsaOids[i], "DSA");
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/EC.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/EC.java	2015-04-09 13:10:16.000000000 +0000
-@@ -1,8 +1,10 @@
- package org.bouncycastle.jcajce.provider.asymmetric;
- 
--import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
--import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.bsi.BSIObjectIdentifiers;
-+// import org.bouncycastle.asn1.eac.EACObjectIdentifiers;
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
- import org.bouncycastle.jcajce.provider.asymmetric.ec.KeyFactorySpi;
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-@@ -22,45 +24,59 @@
-         public void configure(ConfigurableProvider provider)
-         {
-             provider.addAlgorithm("KeyAgreement.ECDH", PREFIX + "KeyAgreementSpi$DH");
--            provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
--            provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
--            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
--            provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
--            provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyAgreement.ECDHC", PREFIX + "KeyAgreementSpi$DHC");
-+            // provider.addAlgorithm("KeyAgreement.ECMQV", PREFIX + "KeyAgreementSpi$MQV");
-+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-+            // provider.addAlgorithm("KeyAgreement." + X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, PREFIX + "KeyAgreementSpi$MQVwithSHA1KDF");
-+            // provider.addAlgorithm("KeyAgreement.ECDHWITHSHA1KDF", PREFIX + "KeyAgreementSpi$DHwithSHA1KDF");
-+            // END android-removed
- 
-             registerOid(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC", new KeyFactorySpi.EC());
-             // TODO Should this be an alias for ECDH?
-             registerOid(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC", new KeyFactorySpi.EC());
--            registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
--
--            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-+            // BEGIN android-removed
-+            // registerOid(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "ECMQV", new KeyFactorySpi.ECMQV());
-+            //
-+            // // Android comment: the registration below is causing CTS tests to fail and doesn't seem
-+            // // to be implemented by bouncycastle (so looks like an bug in bouncycastle).
-+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.id_ecPublicKey, "EC");
-+            // END android-removed
-             // TODO Should this be an alias for ECDH?
--            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
--            registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-+            // BEGIN android-removed
-+            // // Android comment: the registration below is causing CTS tests to fail and doesn't seem
-+            // // to be implemented by bouncycastle (so looks like an bug in bouncycastle).
-+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.dhSinglePass_stdDH_sha1kdf_scheme, "EC");
-+            // registerOidAlgorithmParameters(provider, X9ObjectIdentifiers.mqvSinglePass_sha1kdf_scheme, "EC");
-+            // END android-removed
- 
-             provider.addAlgorithm("KeyFactory.EC", PREFIX + "KeyFactorySpi$EC");
--            provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
--            provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
--            provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
--            provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyFactory.ECDSA", PREFIX + "KeyFactorySpi$ECDSA");
-+            // provider.addAlgorithm("KeyFactory.ECDH", PREFIX + "KeyFactorySpi$ECDH");
-+            // provider.addAlgorithm("KeyFactory.ECDHC", PREFIX + "KeyFactorySpi$ECDHC");
-+            // provider.addAlgorithm("KeyFactory.ECMQV", PREFIX + "KeyFactorySpi$ECMQV");
-+            // END android-removed
- 
-             provider.addAlgorithm("KeyPairGenerator.EC", PREFIX + "KeyPairGeneratorSpi$EC");
--            provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
--            provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
--            provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
--            provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
--            provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
--            provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
--            
--            provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
--            provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES");
--            provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES");
--            provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
--            provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
--            provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
--            provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
--            provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
--            provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyPairGenerator.ECDSA", PREFIX + "KeyPairGeneratorSpi$ECDSA");
-+            // provider.addAlgorithm("KeyPairGenerator.ECDH", PREFIX + "KeyPairGeneratorSpi$ECDH");
-+            // provider.addAlgorithm("KeyPairGenerator.ECDHWITHSHA1KDF", PREFIX + "KeyPairGeneratorSpi$ECDH");
-+            // provider.addAlgorithm("KeyPairGenerator.ECDHC", PREFIX + "KeyPairGeneratorSpi$ECDHC");
-+            // provider.addAlgorithm("KeyPairGenerator.ECIES", PREFIX + "KeyPairGeneratorSpi$ECDH");
-+            // provider.addAlgorithm("KeyPairGenerator.ECMQV", PREFIX + "KeyPairGeneratorSpi$ECMQV");
-+            //
-+            // provider.addAlgorithm("Cipher.ECIES", PREFIX + "IESCipher$ECIES");
-+            // provider.addAlgorithm("Cipher.ECIESwithAES", PREFIX + "IESCipher$ECIESwithAES");
-+            // provider.addAlgorithm("Cipher.ECIESWITHAES", PREFIX + "IESCipher$ECIESwithAES");
-+            // provider.addAlgorithm("Cipher.ECIESwithDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
-+            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE", PREFIX + "IESCipher$ECIESwithDESede");
-+            // provider.addAlgorithm("Cipher.ECIESwithAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-+            // provider.addAlgorithm("Cipher.ECIESWITHAES-CBC", PREFIX + "IESCipher$ECIESwithAESCBC");
-+            // provider.addAlgorithm("Cipher.ECIESwithDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-+            // provider.addAlgorithm("Cipher.ECIESWITHDESEDE-CBC", PREFIX + "IESCipher$ECIESwithDESedeCBC");
-+            // END android-removed
- 
-             provider.addAlgorithm("Signature.ECDSA", PREFIX + "SignatureSpi$ecDSA");
-             provider.addAlgorithm("Signature.NONEwithECDSA", PREFIX + "SignatureSpi$ecDSAnone");
-@@ -72,39 +88,43 @@
-             provider.addAlgorithm("Alg.Alias.Signature.SHA1WithECDSA", "ECDSA");
-             provider.addAlgorithm("Alg.Alias.Signature.ECDSAWithSHA1", "ECDSA");
-             provider.addAlgorithm("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
--            provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
--
--            provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA");
--            provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA");
--            provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224");
--            provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256");
--            provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384");
--            provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Signature." + TeleTrusTObjectIdentifiers.ecSignWithSha1, "ECDSA");
-+            //
-+            // provider.addAlgorithm("Signature.DETECDSA", PREFIX + "SignatureSpi$ecDetDSA");
-+            // provider.addAlgorithm("Signature.SHA1WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA");
-+            // provider.addAlgorithm("Signature.SHA224WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA224");
-+            // provider.addAlgorithm("Signature.SHA256WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA256");
-+            // provider.addAlgorithm("Signature.SHA384WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA384");
-+            // provider.addAlgorithm("Signature.SHA512WITHDETECDSA", PREFIX + "SignatureSpi$ecDetDSA512");
-+            // END android-removed
- 
-             addSignatureAlgorithm(provider, "SHA224", "ECDSA", PREFIX + "SignatureSpi$ecDSA224", X9ObjectIdentifiers.ecdsa_with_SHA224);
-             addSignatureAlgorithm(provider, "SHA256", "ECDSA", PREFIX + "SignatureSpi$ecDSA256", X9ObjectIdentifiers.ecdsa_with_SHA256);
-             addSignatureAlgorithm(provider, "SHA384", "ECDSA", PREFIX + "SignatureSpi$ecDSA384", X9ObjectIdentifiers.ecdsa_with_SHA384);
-             addSignatureAlgorithm(provider, "SHA512", "ECDSA", PREFIX + "SignatureSpi$ecDSA512", X9ObjectIdentifiers.ecdsa_with_SHA512);
--            addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
--
--            provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
--            provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
--            provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
--            provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
--            provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
--
--            addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
--            addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
--            addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
--            addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
--            addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
--
--            addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
--            addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
--            addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
--            addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
--            addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
--            addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-+            // BEGIN android-removed
-+            // addSignatureAlgorithm(provider, "RIPEMD160", "ECDSA", PREFIX + "SignatureSpi$ecDSARipeMD160",TeleTrusTObjectIdentifiers.ecSignWithRipemd160);
-+            //
-+            // provider.addAlgorithm("Signature.SHA1WITHECNR", PREFIX + "SignatureSpi$ecNR");
-+            // provider.addAlgorithm("Signature.SHA224WITHECNR", PREFIX + "SignatureSpi$ecNR224");
-+            // provider.addAlgorithm("Signature.SHA256WITHECNR", PREFIX + "SignatureSpi$ecNR256");
-+            // provider.addAlgorithm("Signature.SHA384WITHECNR", PREFIX + "SignatureSpi$ecNR384");
-+            // provider.addAlgorithm("Signature.SHA512WITHECNR", PREFIX + "SignatureSpi$ecNR512");
-+            //
-+            // addSignatureAlgorithm(provider, "SHA1", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", EACObjectIdentifiers.id_TA_ECDSA_SHA_1);
-+            // addSignatureAlgorithm(provider, "SHA224", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", EACObjectIdentifiers.id_TA_ECDSA_SHA_224);
-+            // addSignatureAlgorithm(provider, "SHA256", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", EACObjectIdentifiers.id_TA_ECDSA_SHA_256);
-+            // addSignatureAlgorithm(provider, "SHA384", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", EACObjectIdentifiers.id_TA_ECDSA_SHA_384);
-+            // addSignatureAlgorithm(provider, "SHA512", "CVC-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", EACObjectIdentifiers.id_TA_ECDSA_SHA_512);
-+            //
-+            // addSignatureAlgorithm(provider, "SHA1", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA", BSIObjectIdentifiers.ecdsa_plain_SHA1);
-+            // addSignatureAlgorithm(provider, "SHA224", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA224", BSIObjectIdentifiers.ecdsa_plain_SHA224);
-+            // addSignatureAlgorithm(provider, "SHA256", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA256", BSIObjectIdentifiers.ecdsa_plain_SHA256);
-+            // addSignatureAlgorithm(provider, "SHA384", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA384", BSIObjectIdentifiers.ecdsa_plain_SHA384);
-+            // addSignatureAlgorithm(provider, "SHA512", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecCVCDSA512", BSIObjectIdentifiers.ecdsa_plain_SHA512);
-+            // addSignatureAlgorithm(provider, "RIPEMD160", "PLAIN-ECDSA", PREFIX + "SignatureSpi$ecPlainDSARP160", BSIObjectIdentifiers.ecdsa_plain_RIPEMD160);
-+            // END android-removed
-         }
-     }
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/RSA.java	2015-04-09 13:10:16.000000000 +0000
-@@ -3,7 +3,9 @@
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
- import org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi;
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
-@@ -26,39 +28,47 @@
-             provider.addAlgorithm("AlgorithmParameters.OAEP", PREFIX + "AlgorithmParametersSpi$OAEP");
-             provider.addAlgorithm("AlgorithmParameters.PSS", PREFIX + "AlgorithmParametersSpi$PSS");
- 
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
--
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
--
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSAPSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RSASSA-PSS", "PSS");
-+            //
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224withRSA/PSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256withRSA/PSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384withRSA/PSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512withRSA/PSS", "PSS");
-+            //
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA224WITHRSAANDMGF1", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA256WITHRSAANDMGF1", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA384WITHRSAANDMGF1", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA512WITHRSAANDMGF1", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.RAWRSAPSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAPSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSASSA-PSS", "PSS");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.NONEWITHRSAANDMGF1", "PSS");
-+            // END android-removed
- 
-             provider.addAlgorithm("Cipher.RSA", PREFIX + "CipherSpi$NoPadding");
--            provider.addAlgorithm("Cipher.RSA/RAW", PREFIX + "CipherSpi$NoPadding");
--            provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
--            provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
--            provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
--            provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
--            provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
--            provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
--            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
--            provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
-+            // BEGIN android-changed
-+            provider.addAlgorithm("Alg.Alias.Cipher.RSA/RAW", "RSA");
-+            // END android-changed
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.RSA/PKCS1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-+            // provider.addAlgorithm("Cipher.1.2.840.113549.1.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-+            // provider.addAlgorithm("Cipher.2.5.8.1.1", PREFIX + "CipherSpi$PKCS1v1_5Padding");
-+            // provider.addAlgorithm("Cipher.RSA/1", PREFIX + "CipherSpi$PKCS1v1_5Padding_PrivateOnly");
-+            // provider.addAlgorithm("Cipher.RSA/2", PREFIX + "CipherSpi$PKCS1v1_5Padding_PublicOnly");
-+            // provider.addAlgorithm("Cipher.RSA/OAEP", PREFIX + "CipherSpi$OAEPPadding");
-+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_RSAES_OAEP, PREFIX + "CipherSpi$OAEPPadding");
-+            // provider.addAlgorithm("Cipher.RSA/ISO9796-1", PREFIX + "CipherSpi$ISO9796d1Padding");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.Cipher.RSA//RAW", "RSA");
-             provider.addAlgorithm("Alg.Alias.Cipher.RSA//NOPADDING", "RSA");
--            provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
--            provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
--            provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//PKCS1PADDING", "RSA/PKCS1");
-+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//OAEPPADDING", "RSA/OAEP");
-+            // provider.addAlgorithm("Alg.Alias.Cipher.RSA//ISO9796-1PADDING", "RSA/ISO9796-1");
-+            // END android-removed
- 
-             provider.addAlgorithm("KeyFactory.RSA", PREFIX + "KeyFactorySpi");
-             provider.addAlgorithm("KeyPairGenerator.RSA", PREFIX + "KeyPairGeneratorSpi");
-@@ -68,79 +78,89 @@
-             registerOid(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA", keyFact);
-             registerOid(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA", keyFact);
-             registerOid(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "RSA", keyFact);
--            registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
--
--            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
--            registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
--            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
--            registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
--
--
--            provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
--            provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
--            provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
--
--            provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA");
--            provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA");
--            provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA");
--            provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA");
--            provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
--            provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
--            provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
--            provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
--
--            provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
--            provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
--
--            provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
--            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
--            provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
--
--
--            provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
--
--            if (provider.hasAlgorithm("MessageDigest", "MD2"))
--            {
--                addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
--            }
--
--            if (provider.hasAlgorithm("MessageDigest", "MD4"))
--            {
--                addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
--            }
-+            // BEGIN android-removed
-+            // registerOid(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "RSA", keyFact);
-+            //
-+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.rsaEncryption, "RSA");
-+            // registerOidAlgorithmParameters(provider, X509ObjectIdentifiers.id_ea_rsa, "RSA");
-+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSAES_OAEP, "OAEP");
-+            // registerOidAlgorithmParameters(provider, PKCSObjectIdentifiers.id_RSASSA_PSS, "PSS");
-+            //
-+            //
-+            // provider.addAlgorithm("Signature.RSASSA-PSS", PREFIX + "PSSSignatureSpi$PSSwithRSA");
-+            // provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-+            // provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
-+            //
-+            // provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-+            // provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-+            // provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-+            // provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-+            // provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
-+            // provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
-+            // provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
-+            // provider.addAlgorithm("Signature.SHA512withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA512withRSA");
-+            //
-+            // provider.addAlgorithm("Signature.RSA", PREFIX + "DigestSignatureSpi$noneRSA");
-+            // provider.addAlgorithm("Signature.RAWRSASSA-PSS", PREFIX + "PSSSignatureSpi$nonePSS");
-+            //
-+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSA", "RSA");
-+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSA", "RSA");
-+            // provider.addAlgorithm("Alg.Alias.Signature.RAWRSAPSS", "RAWRSASSA-PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAPSS", "RAWRSASSA-PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSASSA-PSS", "RAWRSASSA-PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.NONEWITHRSAANDMGF1", "RAWRSASSA-PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.RSAPSS", "RSASSA-PSS");
-+            //
-+            //
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSAandMGF1", "SHA224withRSA/PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-+            //
-+            // if (provider.hasAlgorithm("MessageDigest", "MD2"))
-+            // {
-+            //     addDigestSignature(provider, "MD2", PREFIX + "DigestSignatureSpi$MD2", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+            // }
-+            //
-+            // if (provider.hasAlgorithm("MessageDigest", "MD4"))
-+            // {
-+            //     addDigestSignature(provider, "MD4", PREFIX + "DigestSignatureSpi$MD4", PKCSObjectIdentifiers.md4WithRSAEncryption);
-+            // }
-+            // END android-removed
- 
-             if (provider.hasAlgorithm("MessageDigest", "MD5"))
-             {
-                 addDigestSignature(provider, "MD5", PREFIX + "DigestSignatureSpi$MD5", PKCSObjectIdentifiers.md5WithRSAEncryption);
--                provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
--                provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
-+                // END android-removed
-+                // provider.addAlgorithm("Signature.MD5withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$MD5WithRSAEncryption");
-+                // provider.addAlgorithm("Alg.Alias.Signature.MD5WithRSA/ISO9796-2", "MD5withRSA/ISO9796-2");
-+                // END android-removed
-             }
- 
-             if (provider.hasAlgorithm("MessageDigest", "SHA1"))
-             {
--                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
--                provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
--                provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
--                provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
--                provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
-+                // BEGIN android-removed
-+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1withRSA/PSS", "PSS");
-+                // provider.addAlgorithm("Alg.Alias.AlgorithmParameters.SHA1WITHRSAANDMGF1", "PSS");
-+                // provider.addAlgorithm("Signature.SHA1withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA1withRSA");
-+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSAandMGF1", "SHA1withRSA/PSS");
-+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WITHRSAANDMGF1", "SHA1withRSA/PSS");
-+                // END android-removed
- 
-                 addDigestSignature(provider, "SHA1", PREFIX + "DigestSignatureSpi$SHA1", PKCSObjectIdentifiers.sha1WithRSAEncryption);
- 
--                provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
--                provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
-+                // BEGIN android-removed
-+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/ISO9796-2", "SHA1withRSA/ISO9796-2");
-+                // provider.addAlgorithm("Signature.SHA1withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$SHA1WithRSAEncryption");
-+                // END android-removed
-                 provider.addAlgorithm("Alg.Alias.Signature." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
-                 provider.addAlgorithm("Alg.Alias.Signature.OID." + OIWObjectIdentifiers.sha1WithRSA, "SHA1WITHRSA");
- 
--                provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSA/X9.31", "SHA1WITHRSA/X9.31");
--                provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/X9.31", "SHA1WITHRSA/X9.31");
--                provider.addAlgorithm("Signature.SHA1WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
-+                // BEGIN android-removed
-+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1withRSA/X9.31", "SHA1WITHRSA/X9.31");
-+                // provider.addAlgorithm("Alg.Alias.Signature.SHA1WithRSA/X9.31", "SHA1WITHRSA/X9.31");
-+                // provider.addAlgorithm("Signature.SHA1WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA1WithRSAEncryption");
-+                // END android-removed
-             }
- 
-             addDigestSignature(provider, "SHA224", PREFIX + "DigestSignatureSpi$SHA224", PKCSObjectIdentifiers.sha224WithRSAEncryption);
-@@ -148,52 +168,54 @@
-             addDigestSignature(provider, "SHA384", PREFIX + "DigestSignatureSpi$SHA384", PKCSObjectIdentifiers.sha384WithRSAEncryption);
-             addDigestSignature(provider, "SHA512", PREFIX + "DigestSignatureSpi$SHA512", PKCSObjectIdentifiers.sha512WithRSAEncryption);
- 
--            provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSA/X9.31", "SHA224WITHRSA/X9.31");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA224WithRSA/X9.31", "SHA224WITHRSA/X9.31");
--            provider.addAlgorithm("Signature.SHA224WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSA/X9.31", "SHA256WITHRSA/X9.31");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA256WithRSA/X9.31", "SHA256WITHRSA/X9.31");
--            provider.addAlgorithm("Signature.SHA256WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSA/X9.31", "SHA384WITHRSA/X9.31");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA384WithRSA/X9.31", "SHA384WITHRSA/X9.31");
--            provider.addAlgorithm("Signature.SHA384WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSA/X9.31", "SHA512WITHRSA/X9.31");
--            provider.addAlgorithm("Alg.Alias.Signature.SHA512WithRSA/X9.31", "SHA512WITHRSA/X9.31");
--            provider.addAlgorithm("Signature.SHA512WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
--
--            if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
--            {
--                addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--                addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
--                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128withRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
--                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128WithRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
--                provider.addAlgorithm("Signature.RIPEMD128WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
--            }
--
--            if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
--            {
--                addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--                addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
--                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
--                provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
--                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160withRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
--                provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
--                provider.addAlgorithm("Signature.RIPEMD160WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
--            }
--
--            if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
--            {
--                addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
--                addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
--            }
--
--            if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
--            {
--                provider.addAlgorithm("Alg.Alias.Signature.WhirlpoolWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
--                provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLwithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
--                provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
--                provider.addAlgorithm("Signature.WHIRLPOOLWITHRSA/X9.31", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
--            }
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224withRSA/X9.31", "SHA224WITHRSA/X9.31");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA224WithRSA/X9.31", "SHA224WITHRSA/X9.31");
-+            // provider.addAlgorithm("Signature.SHA224WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA224WithRSAEncryption");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSA/X9.31", "SHA256WITHRSA/X9.31");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA256WithRSA/X9.31", "SHA256WITHRSA/X9.31");
-+            // provider.addAlgorithm("Signature.SHA256WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA256WithRSAEncryption");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSA/X9.31", "SHA384WITHRSA/X9.31");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA384WithRSA/X9.31", "SHA384WITHRSA/X9.31");
-+            // provider.addAlgorithm("Signature.SHA384WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA384WithRSAEncryption");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSA/X9.31", "SHA512WITHRSA/X9.31");
-+            // provider.addAlgorithm("Alg.Alias.Signature.SHA512WithRSA/X9.31", "SHA512WITHRSA/X9.31");
-+            // provider.addAlgorithm("Signature.SHA512WITHRSA/X9.31", PREFIX + "X931SignatureSpi$SHA512WithRSAEncryption");
-+            //
-+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD128"))
-+            // {
-+            //     addDigestSignature(provider, "RIPEMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+            //     addDigestSignature(provider, "RMD128", PREFIX + "DigestSignatureSpi$RIPEMD128", null);
-+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128withRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
-+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD128WithRSA/X9.31", "RIPEMD128WITHRSA/X9.31");
-+            //     provider.addAlgorithm("Signature.RIPEMD128WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD128WithRSAEncryption");
-+            // }
-+	    //
-+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD160"))
-+            // {
-+            //     addDigestSignature(provider, "RIPEMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+            //     addDigestSignature(provider, "RMD160", PREFIX + "DigestSignatureSpi$RIPEMD160", null);
-+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/ISO9796-2", "RIPEMD160withRSA/ISO9796-2");
-+            //     provider.addAlgorithm("Signature.RIPEMD160withRSA/ISO9796-2", PREFIX + "ISOSignatureSpi$RIPEMD160WithRSAEncryption");
-+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160withRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
-+            //     provider.addAlgorithm("Alg.Alias.Signature.RIPEMD160WithRSA/X9.31", "RIPEMD160WITHRSA/X9.31");
-+            //     provider.addAlgorithm("Signature.RIPEMD160WITHRSA/X9.31", PREFIX + "X931SignatureSpi$RIPEMD160WithRSAEncryption");
-+            // }
-+	    //
-+            // if (provider.hasAlgorithm("MessageDigest", "RIPEMD256"))
-+            // {
-+            //     addDigestSignature(provider, "RIPEMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+            //     addDigestSignature(provider, "RMD256", PREFIX + "DigestSignatureSpi$RIPEMD256", null);
-+            // }
-+	    //
-+            // if (provider.hasAlgorithm("MessageDigest", "WHIRLPOOL"))
-+            // {
-+            //     provider.addAlgorithm("Alg.Alias.Signature.WhirlpoolWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
-+            //     provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLwithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
-+            //     provider.addAlgorithm("Alg.Alias.Signature.WHIRLPOOLWithRSA/X9.31", "WHIRLPOOLWITHRSA/X9.31");
-+            //     provider.addAlgorithm("Signature.WHIRLPOOLWITHRSA/X9.31", PREFIX + "X931SignatureSpi$WhirlpoolWithRSAEncryption");
-+            // }
-+	    // END android-removed
-         }
- 
-         private void addDigestSignature(
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/X509.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/X509.java	2012-09-17 23:04:47.000000000 +0000
-@@ -18,8 +18,10 @@
- 
-         public void configure(ConfigurableProvider provider)
-         {
--            provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
--            provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyFactory.X.509", "org.bouncycastle.jcajce.provider.asymmetric.x509.KeyFactory");
-+            // provider.addAlgorithm("Alg.Alias.KeyFactory.X509", "X.509");
-+            // END android-removed
- 
-             //
-             // certificate factories.
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSASigner.java	2015-07-21 14:37:00.000000000 +0000
-@@ -23,13 +23,24 @@
- import org.bouncycastle.crypto.DSA;
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.digests.NullDigest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
--import org.bouncycastle.crypto.digests.SHA224Digest;
--import org.bouncycastle.crypto.digests.SHA256Digest;
--import org.bouncycastle.crypto.digests.SHA384Digest;
--import org.bouncycastle.crypto.digests.SHA512Digest;
-+// BEGIN android-added
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-added
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.SHA1Digest;
-+// import org.bouncycastle.crypto.digests.SHA224Digest;
-+// import org.bouncycastle.crypto.digests.SHA256Digest;
-+// import org.bouncycastle.crypto.digests.SHA384Digest;
-+// import org.bouncycastle.crypto.digests.SHA512Digest;
-+// END android-removed
-+// BEGIN android-added
-+import org.bouncycastle.crypto.params.DSAKeyParameters;
-+import org.bouncycastle.crypto.params.DSAParameters;
-+// END android-added
- import org.bouncycastle.crypto.params.ParametersWithRandom;
--import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
-+// END android-removed
- 
- public class DSASigner
-     extends SignatureSpi
-@@ -79,6 +90,10 @@
-                 throw new InvalidKeyException("can't recognise key type in DSA based signer");
-             }
-         }
-+        // BEGIN android-added
-+        DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters();
-+        checkKey(dsaParam);
-+        // END android-added
- 
-         digest.reset();
-         signer.init(false, param);
-@@ -100,6 +115,10 @@
-         CipherParameters    param;
- 
-         param = DSAUtil.generatePrivateKeyParameter(privateKey);
-+        // BEGIN android-added
-+        DSAParameters dsaParam = ((DSAKeyParameters) param).getParameters();
-+        checkKey(dsaParam);
-+        // END android-added
- 
-         if (random != null)
-         {
-@@ -173,6 +192,28 @@
-         throw new UnsupportedOperationException("engineSetParameter unsupported");
-     }
- 
-+    // BEGIN android-added
-+    protected void checkKey(DSAParameters params) throws InvalidKeyException {
-+        int valueL = params.getP().bitLength();
-+        int valueN = params.getQ().bitLength();
-+        int digestSize = digest.getDigestSize();
-+
-+        // The checks are consistent with DSAParametersGenerator's init method.
-+        if ((valueL < 1024 || valueL > 3072) || valueL % 1024 != 0) {
-+            throw new InvalidKeyException("valueL values must be between 1024 and 3072 and a multiple of 1024");
-+        } else if (valueL == 1024 && valueN != 160) {
-+            throw new InvalidKeyException("valueN must be 160 for valueL = 1024");
-+        } else if (valueL == 2048 && (valueN != 224 && valueN != 256)) {
-+            throw new InvalidKeyException("valueN must be 224 or 256 for valueL = 2048");
-+        } else if (valueL == 3072 && valueN != 256) {
-+            throw new InvalidKeyException("valueN must be 256 for valueL = 3072");
-+        }
-+        if (valueN > digestSize * 8) {
-+            throw new InvalidKeyException("Key is too strong for this signature algorithm");
-+        }
-+    }
-+
-+    // END android-added
-     /**
-      * @deprecated replaced with <a href = "#engineSetParameter(java.security.spec.AlgorithmParameterSpec)">
-      */
-@@ -217,90 +258,102 @@
-     {
-         public stdDSA()
-         {
--            super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA1(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // END android-changed
-         }
-     }
- 
--    static public class detDSA
--        extends DSASigner
--    {
--        public detDSA()
--        {
--            super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest())));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class detDSA
-+    //     extends DSASigner
-+    // {
-+    //     public detDSA()
-+    //     {
-+    //         super(new SHA1Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA1Digest())));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class dsa224
-         extends DSASigner
-     {
-         public dsa224()
-         {
--            super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA224(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // END android-changed
-         }
-     }
- 
--    static public class detDSA224
--        extends DSASigner
--    {
--        public detDSA224()
--        {
--            super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest())));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class detDSA224
-+    //     extends DSASigner
-+    // {
-+    //     public detDSA224()
-+    //     {
-+    //         super(new SHA224Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA224Digest())));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class dsa256
-         extends DSASigner
-     {
-         public dsa256()
-         {
--            super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA256(), new org.bouncycastle.crypto.signers.DSASigner());
-+            // END android-changed
-         }
-     }
- 
--    static public class detDSA256
--        extends DSASigner
--    {
--        public detDSA256()
--        {
--            super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest())));
--        }
--    }
--
--    static public class dsa384
--        extends DSASigner
--    {
--        public dsa384()
--        {
--            super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
--        }
--    }
--
--    static public class detDSA384
--        extends DSASigner
--    {
--        public detDSA384()
--        {
--            super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest())));
--        }
--    }
--
--    static public class dsa512
--        extends DSASigner
--    {
--        public dsa512()
--        {
--            super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
--        }
--    }
--
--    static public class detDSA512
--        extends DSASigner
--    {
--        public detDSA512()
--        {
--            super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest())));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class detDSA256
-+    //     extends DSASigner
-+    // {
-+    //     public detDSA256()
-+    //     {
-+    //         super(new SHA256Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA256Digest())));
-+    //     }
-+    // }
-+    //
-+    // static public class dsa384
-+    //     extends DSASigner
-+    // {
-+    //     public dsa384()
-+    //     {
-+    //         super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-+    //     }
-+    // }
-+    //
-+    // static public class detDSA384
-+    //     extends DSASigner
-+    // {
-+    //     public detDSA384()
-+    //     {
-+    //         super(new SHA384Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA384Digest())));
-+    //     }
-+    // }
-+    //
-+    // static public class dsa512
-+    //     extends DSASigner
-+    // {
-+    //     public dsa512()
-+    //     {
-+    //         super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner());
-+    //     }
-+    // }
-+    //
-+    // static public class detDSA512
-+    //     extends DSASigner
-+    // {
-+    //     public detDSA512()
-+    //     {
-+    //         super(new SHA512Digest(), new org.bouncycastle.crypto.signers.DSASigner(new HMacDSAKCalculator(new SHA512Digest())));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class noneDSA
-         extends DSASigner
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/dsa/DSAUtil.java	2015-06-01 19:10:55.000000000 +0000
-@@ -23,6 +23,9 @@
-     public static final ASN1ObjectIdentifier[] dsaOids =
-     {
-         X9ObjectIdentifiers.id_dsa,
-+        // BEGIN android-added
-+        X9ObjectIdentifiers.id_dsa_with_sha1,
-+        // END android-added
-         OIWObjectIdentifiers.dsaWithSHA1
-     };
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyAgreementSpi.java	2015-07-07 18:14:00.000000000 +0000
-@@ -24,22 +24,28 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.DerivationFunction;
- import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
--import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
--import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
--import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
--import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.agreement.ECDHCBasicAgreement;
-+// import org.bouncycastle.crypto.agreement.ECMQVBasicAgreement;
-+// import org.bouncycastle.crypto.agreement.kdf.DHKDFParameters;
-+// import org.bouncycastle.crypto.agreement.kdf.ECDHKEKGenerator;
-+// END android-removed
- import org.bouncycastle.crypto.digests.SHA1Digest;
- import org.bouncycastle.crypto.params.DESParameters;
- import org.bouncycastle.crypto.params.ECDomainParameters;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
--import org.bouncycastle.crypto.params.MQVPrivateParameters;
--import org.bouncycastle.crypto.params.MQVPublicParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.MQVPrivateParameters;
-+// import org.bouncycastle.crypto.params.MQVPublicParameters;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
- import org.bouncycastle.jce.interfaces.ECPrivateKey;
- import org.bouncycastle.jce.interfaces.ECPublicKey;
--import org.bouncycastle.jce.interfaces.MQVPrivateKey;
--import org.bouncycastle.jce.interfaces.MQVPublicKey;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.interfaces.MQVPrivateKey;
-+// import org.bouncycastle.jce.interfaces.MQVPublicKey;
-+// END android-removed
- import org.bouncycastle.util.Integers;
- import org.bouncycastle.util.Strings;
- 
-@@ -89,7 +95,9 @@
-     private BigInteger             result;
-     private ECDomainParameters     parameters;
-     private BasicAgreement         agreement;
--    private DerivationFunction     kdf;
-+    // BEGIN android-removed
-+    // private DerivationFunction     kdf;
-+    // END android-removed
- 
-     private byte[] bigIntToBytes(
-         BigInteger    r)
-@@ -104,7 +112,9 @@
-     {
-         this.kaAlgorithm = kaAlgorithm;
-         this.agreement = agreement;
--        this.kdf = kdf;
-+        // BEGIN android-removed
-+        // this.kdf = kdf;
-+        // END android-removed
-     }
- 
-     protected Key engineDoPhase(
-@@ -123,25 +133,27 @@
-         }
- 
-         CipherParameters pubKey;        
--        if (agreement instanceof ECMQVBasicAgreement)
--        {
--            if (!(key instanceof MQVPublicKey))
--            {
--                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
--                    + getSimpleName(MQVPublicKey.class) + " for doPhase");
--            }
--
--            MQVPublicKey mqvPubKey = (MQVPublicKey)key;
--            ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
--                ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
--            ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
--                ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
--
--            pubKey = new MQVPublicParameters(staticKey, ephemKey);
--
--            // TODO Validate that all the keys are using the same parameters?
--        }
--        else
-+        // BEGIN android-removed
-+        // if (agreement instanceof ECMQVBasicAgreement)
-+        // {
-+        //     if (!(key instanceof MQVPublicKey))
-+        //     {
-+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-+        //             + getSimpleName(MQVPublicKey.class) + " for doPhase");
-+        //     }
-+        //
-+        //     MQVPublicKey mqvPubKey = (MQVPublicKey)key;
-+        //     ECPublicKeyParameters staticKey = (ECPublicKeyParameters)
-+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getStaticKey());
-+        //     ECPublicKeyParameters ephemKey = (ECPublicKeyParameters)
-+        //         ECUtil.generatePublicKeyParameter(mqvPubKey.getEphemeralKey());
-+        //
-+        //     pubKey = new MQVPublicParameters(staticKey, ephemKey);
-+        //
-+        //     // TODO Validate that all the keys are using the same parameters?
-+        // }
-+        // else
-+        // END android-removed
-         {
-             if (!(key instanceof PublicKey))
-             {
-@@ -154,7 +166,15 @@
-             // TODO Validate that all the keys are using the same parameters?
-         }
- 
-+        // BEGIN android-added
-+        try {
-+        // END android-added
-         result = agreement.calculateAgreement(pubKey);
-+        // BEGIN android-added
-+        } catch (IllegalStateException e) {
-+          throw new InvalidKeyException("Invalid public key");
-+        }
-+        // END android-added
- 
-         return null;
-     }
-@@ -162,11 +182,13 @@
-     protected byte[] engineGenerateSecret()
-         throws IllegalStateException
-     {
--        if (kdf != null)
--        {
--            throw new UnsupportedOperationException(
--                "KDF can only be used when algorithm is known");
--        }
-+        // BEGIN android-removed
-+        // if (kdf != null)
-+        // {
-+        //     throw new UnsupportedOperationException(
-+        //         "KDF can only be used when algorithm is known");
-+        // }
-+        // END android-removed
- 
-         return bigIntToBytes(result);
-     }
-@@ -201,23 +223,25 @@
-             oidAlgorithm = ((ASN1ObjectIdentifier)oids.get(algKey)).getId();
-         }
- 
--        if (kdf != null)
--        {
--            if (!algorithms.containsKey(oidAlgorithm))
--            {
--                throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
--            }
--            
--            int    keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue();
--
--            DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret);
--
--            byte[] keyBytes = new byte[keySize / 8];
--            kdf.init(params);
--            kdf.generateBytes(keyBytes, 0, keyBytes.length);
--            secret = keyBytes;
--        }
--        else
-+        // BEGIN android-removed
-+        // if (kdf != null)
-+        // {
-+        //     if (!algorithms.containsKey(oidAlgorithm))
-+        //     {
-+        //         throw new NoSuchAlgorithmException("unknown algorithm encountered: " + algorithm);
-+        //     }
-+        //     
-+        //     int    keySize = ((Integer)algorithms.get(oidAlgorithm)).intValue();
-+        //
-+        //     DHKDFParameters params = new DHKDFParameters(new ASN1ObjectIdentifier(oidAlgorithm), keySize, secret);
-+        //
-+        //     byte[] keyBytes = new byte[keySize / 8];
-+        //     kdf.init(params);
-+        //     kdf.generateBytes(keyBytes, 0, keyBytes.length);
-+        //     secret = keyBytes;
-+        // }
-+        // else
-+        // END android-removed
-         {
-             if (algorithms.containsKey(oidAlgorithm))
-             {
-@@ -264,35 +288,37 @@
-     private void initFromKey(Key key)
-         throws InvalidKeyException
-     {
--        if (agreement instanceof ECMQVBasicAgreement)
--        {
--            if (!(key instanceof MQVPrivateKey))
--            {
--                throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
--                    + getSimpleName(MQVPrivateKey.class) + " for initialisation");
--            }
--
--            MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
--            ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
--                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
--            ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
--                ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
--
--            ECPublicKeyParameters ephemPubKey = null;
--            if (mqvPrivKey.getEphemeralPublicKey() != null)
--            {
--                ephemPubKey = (ECPublicKeyParameters)
--                    ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
--            }
--
--            MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
--            this.parameters = staticPrivKey.getParameters();
--
--            // TODO Validate that all the keys are using the same parameters?
--
--            agreement.init(localParams);
--        }
--        else
-+        // BEGIN android-removed
-+        // if (agreement instanceof ECMQVBasicAgreement)
-+        // {
-+        //     if (!(key instanceof MQVPrivateKey))
-+        //     {
-+        //         throw new InvalidKeyException(kaAlgorithm + " key agreement requires "
-+        //             + getSimpleName(MQVPrivateKey.class) + " for initialisation");
-+        //     }
-+        //
-+        //     MQVPrivateKey mqvPrivKey = (MQVPrivateKey)key;
-+        //     ECPrivateKeyParameters staticPrivKey = (ECPrivateKeyParameters)
-+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getStaticPrivateKey());
-+        //     ECPrivateKeyParameters ephemPrivKey = (ECPrivateKeyParameters)
-+        //         ECUtil.generatePrivateKeyParameter(mqvPrivKey.getEphemeralPrivateKey());
-+        //
-+        //     ECPublicKeyParameters ephemPubKey = null;
-+        //     if (mqvPrivKey.getEphemeralPublicKey() != null)
-+        //     {
-+        //         ephemPubKey = (ECPublicKeyParameters)
-+        //             ECUtil.generatePublicKeyParameter(mqvPrivKey.getEphemeralPublicKey());
-+        //     }
-+        //
-+        //     MQVPrivateParameters localParams = new MQVPrivateParameters(staticPrivKey, ephemPrivKey, ephemPubKey);
-+        //     this.parameters = staticPrivKey.getParameters();
-+        //
-+        //     // TODO Validate that all the keys are using the same parameters?
-+        //
-+        //     agreement.init(localParams);
-+        // }
-+        // else
-+        // END android-removed
-         {
-             if (!(key instanceof PrivateKey))
-             {
-@@ -323,39 +349,41 @@
-         }
-     }
- 
--    public static class DHC
--        extends KeyAgreementSpi
--    {
--        public DHC()
--        {
--            super("ECDHC", new ECDHCBasicAgreement(), null);
--        }
--    }
--
--    public static class MQV
--        extends KeyAgreementSpi
--    {
--        public MQV()
--        {
--            super("ECMQV", new ECMQVBasicAgreement(), null);
--        }
--    }
--
--    public static class DHwithSHA1KDF
--        extends KeyAgreementSpi
--    {
--        public DHwithSHA1KDF()
--        {
--            super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
--        }
--    }
--
--    public static class MQVwithSHA1KDF
--        extends KeyAgreementSpi
--    {
--        public MQVwithSHA1KDF()
--        {
--            super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class DHC
-+    //     extends KeyAgreementSpi
-+    // {
-+    //     public DHC()
-+    //     {
-+    //         super("ECDHC", new ECDHCBasicAgreement(), null);
-+    //     }
-+    // }
-+    //
-+    // public static class MQV
-+    //     extends KeyAgreementSpi
-+    // {
-+    //     public MQV()
-+    //     {
-+    //         super("ECMQV", new ECMQVBasicAgreement(), null);
-+    //     }
-+    // }
-+    //
-+    // public static class DHwithSHA1KDF
-+    //     extends KeyAgreementSpi
-+    // {
-+    //     public DHwithSHA1KDF()
-+    //     {
-+    //         super("ECDHwithSHA1KDF", new ECDHBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-+    //     }
-+    // }
-+    //
-+    // public static class MQVwithSHA1KDF
-+    //     extends KeyAgreementSpi
-+    // {
-+    //     public MQVwithSHA1KDF()
-+    //     {
-+    //         super("ECMQVwithSHA1KDF", new ECMQVBasicAgreement(), new ECDHKEKGenerator(new SHA1Digest()));
-+    //     }
-+    // }
-+    // END android-removed
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyFactorySpi.java	2013-05-25 02:14:15.000000000 +0000
-@@ -201,14 +201,16 @@
-         }
-     }
- 
--    public static class ECGOST3410
--        extends KeyFactorySpi
--    {
--        public ECGOST3410()
--        {
--            super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class ECGOST3410
-+    //     extends KeyFactorySpi
-+    // {
-+    //     public ECGOST3410()
-+    //     {
-+    //         super("ECGOST3410", BouncyCastleProvider.CONFIGURATION);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class ECDH
-         extends KeyFactorySpi
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/KeyPairGeneratorSpi.java	2015-05-12 17:22:22.000000000 +0000
-@@ -42,7 +42,9 @@
-         ECKeyGenerationParameters   param;
-         ECKeyPairGenerator          engine = new ECKeyPairGenerator();
-         Object                      ecParams = null;
--        int                         strength = 239;
-+        // BEGIN android-changed
-+        int                         strength = 256;
-+        // BEGIN android-changed
-         int                         certainty = 50;
-         SecureRandom                random = new SecureRandom();
-         boolean                     initialised = false;
-@@ -84,7 +86,13 @@
-             SecureRandom    random)
-         {
-             this.strength = strength;
-+            // BEGIN android-added
-+            if (random != null) {
-+            // END android-added
-             this.random = random;
-+            // BEGIN android-added
-+            }
-+            // END android-added
- 
-             ECGenParameterSpec ecParams = (ECGenParameterSpec)ecParameters.get(Integers.valueOf(strength));
-             if (ecParams == null)
-@@ -107,6 +115,11 @@
-             SecureRandom            random)
-             throws InvalidAlgorithmParameterException
-         {
-+            // BEGIN android-added
-+            if (random == null) {
-+                random = this.random;
-+            }
-+            // END android-added
-             if (params == null)
-             {
-                 ECParameterSpec implicitCA = configuration.getEcImplicitlyCa();
-@@ -267,4 +280,4 @@
-             super("ECMQV", BouncyCastleProvider.CONFIGURATION);
-         }
-     }
--}
-\ No newline at end of file
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/ec/SignatureSpi.java	2014-07-28 19:51:54.000000000 +0000
-@@ -16,16 +16,23 @@
- import org.bouncycastle.crypto.DSA;
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.digests.NullDigest;
--import org.bouncycastle.crypto.digests.RIPEMD160Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
--import org.bouncycastle.crypto.digests.SHA224Digest;
--import org.bouncycastle.crypto.digests.SHA256Digest;
--import org.bouncycastle.crypto.digests.SHA384Digest;
--import org.bouncycastle.crypto.digests.SHA512Digest;
-+// BEGIN android-added
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-added
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-+// import org.bouncycastle.crypto.digests.SHA1Digest;
-+// import org.bouncycastle.crypto.digests.SHA224Digest;
-+// import org.bouncycastle.crypto.digests.SHA256Digest;
-+// import org.bouncycastle.crypto.digests.SHA384Digest;
-+// import org.bouncycastle.crypto.digests.SHA512Digest;
-+// END android-removed
- import org.bouncycastle.crypto.params.ParametersWithRandom;
- import org.bouncycastle.crypto.signers.ECDSASigner;
--import org.bouncycastle.crypto.signers.ECNRSigner;
--import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.signers.ECNRSigner;
-+// import org.bouncycastle.crypto.signers.HMacDSAKCalculator;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.asymmetric.util.DSABase;
- import org.bouncycastle.jcajce.provider.asymmetric.util.DSAEncoder;
- import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
-@@ -70,18 +77,22 @@
-     {
-         public ecDSA()
-         {
--            super(new SHA1Digest(), new ECDSASigner(), new StdDSAEncoder());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA1(), new ECDSASigner(), new StdDSAEncoder());
-+            // END android-changed
-         }
-     }
- 
--    static public class ecDetDSA
--        extends SignatureSpi
--    {
--        public ecDetDSA()
--        {
--            super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder());
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class ecDetDSA
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDetDSA()
-+    //     {
-+    //         super(new SHA1Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA1Digest())), new StdDSAEncoder());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class ecDSAnone
-         extends SignatureSpi
-@@ -97,180 +108,196 @@
-     {
-         public ecDSA224()
-         {
--            super(new SHA224Digest(), new ECDSASigner(), new StdDSAEncoder());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA224(), new ECDSASigner(), new StdDSAEncoder());
-+            // END android-changed
-         }
-     }
- 
--    static public class ecDetDSA224
--        extends SignatureSpi
--    {
--        public ecDetDSA224()
--        {
--            super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder());
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class ecDetDSA224
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDetDSA224()
-+    //     {
-+    //         super(new SHA224Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA224Digest())), new StdDSAEncoder());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class ecDSA256
-         extends SignatureSpi
-     {
-         public ecDSA256()
-         {
--            super(new SHA256Digest(), new ECDSASigner(), new StdDSAEncoder());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA256(), new ECDSASigner(), new StdDSAEncoder());
-+            // END android-changed
-         }
-     }
- 
--    static public class ecDetDSA256
--        extends SignatureSpi
--    {
--        public ecDetDSA256()
--        {
--            super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder());
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class ecDetDSA256
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDetDSA256()
-+    //     {
-+    //         super(new SHA256Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA256Digest())), new StdDSAEncoder());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class ecDSA384
-         extends SignatureSpi
-     {
-         public ecDSA384()
-         {
--            super(new SHA384Digest(), new ECDSASigner(), new StdDSAEncoder());
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA384(), new ECDSASigner(), new StdDSAEncoder());
-+            // END android-changed
-         }
-     }
- 
--    static public class ecDetDSA384
--        extends SignatureSpi
--    {
--        public ecDetDSA384()
--        {
--            super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder());
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class ecDetDSA384
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDetDSA384()
-+    //     {
-+    //         super(new SHA384Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA384Digest())), new StdDSAEncoder());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class ecDSA512
-         extends SignatureSpi
-     {
-         public ecDSA512()
-         {
--            super(new SHA512Digest(), new ECDSASigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecDetDSA512
--        extends SignatureSpi
--    {
--        public ecDetDSA512()
--        {
--            super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecDSARipeMD160
--        extends SignatureSpi
--    {
--        public ecDSARipeMD160()
--        {
--            super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecNR
--        extends SignatureSpi
--    {
--        public ecNR()
--        {
--            super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecNR224
--        extends SignatureSpi
--    {
--        public ecNR224()
--        {
--            super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecNR256
--        extends SignatureSpi
--    {
--        public ecNR256()
--        {
--            super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecNR384
--        extends SignatureSpi
--    {
--        public ecNR384()
--        {
--            super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecNR512
--        extends SignatureSpi
--    {
--        public ecNR512()
--        {
--            super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
--        }
--    }
--
--    static public class ecCVCDSA
--        extends SignatureSpi
--    {
--        public ecCVCDSA()
--        {
--            super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
--
--    static public class ecCVCDSA224
--        extends SignatureSpi
--    {
--        public ecCVCDSA224()
--        {
--            super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
--
--    static public class ecCVCDSA256
--        extends SignatureSpi
--    {
--        public ecCVCDSA256()
--        {
--            super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
--
--    static public class ecCVCDSA384
--        extends SignatureSpi
--    {
--        public ecCVCDSA384()
--        {
--            super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
--
--    static public class ecCVCDSA512
--        extends SignatureSpi
--    {
--        public ecCVCDSA512()
--        {
--            super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
--
--    static public class ecPlainDSARP160
--        extends SignatureSpi
--    {
--        public ecPlainDSARP160()
--        {
--            super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
--        }
--    }
-+            // BEGIN android-changed
-+            super(AndroidDigestFactory.getSHA512(), new ECDSASigner(), new StdDSAEncoder());
-+            // END android-changed
-+        }
-+    }
-+
-+    // BEGIN android-removed
-+    // static public class ecDetDSA512
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDetDSA512()
-+    //     {
-+    //         super(new SHA512Digest(), new ECDSASigner(new HMacDSAKCalculator(new SHA512Digest())), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecDSARipeMD160
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecDSARipeMD160()
-+    //     {
-+    //         super(new RIPEMD160Digest(), new ECDSASigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecNR
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecNR()
-+    //     {
-+    //         super(new SHA1Digest(), new ECNRSigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecNR224
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecNR224()
-+    //     {
-+    //         super(new SHA224Digest(), new ECNRSigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecNR256
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecNR256()
-+    //     {
-+    //         super(new SHA256Digest(), new ECNRSigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecNR384
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecNR384()
-+    //     {
-+    //         super(new SHA384Digest(), new ECNRSigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecNR512
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecNR512()
-+    //     {
-+    //         super(new SHA512Digest(), new ECNRSigner(), new StdDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecCVCDSA
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecCVCDSA()
-+    //     {
-+    //         super(new SHA1Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecCVCDSA224
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecCVCDSA224()
-+    //     {
-+    //         super(new SHA224Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecCVCDSA256
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecCVCDSA256()
-+    //     {
-+    //         super(new SHA256Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecCVCDSA384
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecCVCDSA384()
-+    //     {
-+    //         super(new SHA384Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecCVCDSA512
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecCVCDSA512()
-+    //     {
-+    //         super(new SHA512Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    //
-+    // static public class ecPlainDSARP160
-+    //     extends SignatureSpi
-+    // {
-+    //     public ecPlainDSARP160()
-+    //     {
-+    //         super(new RIPEMD160Digest(), new ECDSASigner(), new PlainDSAEncoder());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     private static class StdDSAEncoder
-         implements DSAEncoder
-@@ -302,66 +329,68 @@
-         }
-     }
- 
--    private static class PlainDSAEncoder
--        implements DSAEncoder
--    {
--        public byte[] encode(
--            BigInteger r,
--            BigInteger s)
--            throws IOException
--        {
--            byte[] first = makeUnsigned(r);
--            byte[] second = makeUnsigned(s);
--            byte[] res;
--
--            if (first.length > second.length)
--            {
--                res = new byte[first.length * 2];
--            }
--            else
--            {
--                res = new byte[second.length * 2];
--            }
--
--            System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
--            System.arraycopy(second, 0, res, res.length - second.length, second.length);
--
--            return res;
--        }
--
--
--        private byte[] makeUnsigned(BigInteger val)
--        {
--            byte[] res = val.toByteArray();
--
--            if (res[0] == 0)
--            {
--                byte[] tmp = new byte[res.length - 1];
--
--                System.arraycopy(res, 1, tmp, 0, tmp.length);
--
--                return tmp;
--            }
--
--            return res;
--        }
--
--        public BigInteger[] decode(
--            byte[] encoding)
--            throws IOException
--        {
--            BigInteger[] sig = new BigInteger[2];
--
--            byte[] first = new byte[encoding.length / 2];
--            byte[] second = new byte[encoding.length / 2];
--
--            System.arraycopy(encoding, 0, first, 0, first.length);
--            System.arraycopy(encoding, first.length, second, 0, second.length);
--
--            sig[0] = new BigInteger(1, first);
--            sig[1] = new BigInteger(1, second);
--
--            return sig;
--        }
--    }
--}
-\ No newline at end of file
-+    // BEGIN android-removed
-+    // private static class PlainDSAEncoder
-+    //     implements DSAEncoder
-+    // {
-+    //     public byte[] encode(
-+    //         BigInteger r,
-+    //         BigInteger s)
-+    //         throws IOException
-+    //     {
-+    //         byte[] first = makeUnsigned(r);
-+    //         byte[] second = makeUnsigned(s);
-+    //         byte[] res;
-+    //
-+    //         if (first.length > second.length)
-+    //         {
-+    //             res = new byte[first.length * 2];
-+    //         }
-+    //         else
-+    //         {
-+    //             res = new byte[second.length * 2];
-+    //         }
-+    //
-+    //         System.arraycopy(first, 0, res, res.length / 2 - first.length, first.length);
-+    //         System.arraycopy(second, 0, res, res.length - second.length, second.length);
-+    //
-+    //         return res;
-+    //     }
-+    //
-+    //
-+    //     private byte[] makeUnsigned(BigInteger val)
-+    //     {
-+    //         byte[] res = val.toByteArray();
-+    //
-+    //         if (res[0] == 0)
-+    //         {
-+    //             byte[] tmp = new byte[res.length - 1];
-+    //
-+    //             System.arraycopy(res, 1, tmp, 0, tmp.length);
-+    //
-+    //             return tmp;
-+    //         }
-+    //
-+    //         return res;
-+    //     }
-+    //
-+    //     public BigInteger[] decode(
-+    //         byte[] encoding)
-+    //         throws IOException
-+    //     {
-+    //         BigInteger[] sig = new BigInteger[2];
-+    //
-+    //         byte[] first = new byte[encoding.length / 2];
-+    //         byte[] second = new byte[encoding.length / 2];
-+    //
-+    //         System.arraycopy(encoding, 0, first, 0, first.length);
-+    //         System.arraycopy(encoding, first.length, second, 0, second.length);
-+    //
-+    //         sig[0] = new BigInteger(1, first);
-+    //         sig[1] = new BigInteger(1, second);
-+    //
-+    //         return sig;
-+    //     }
-+    // }
-+    // END android-removed
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/CipherSpi.java	2015-04-09 13:10:16.000000000 +0000
-@@ -26,7 +26,9 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.Digest;
- import org.bouncycastle.crypto.InvalidCipherTextException;
--import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.encodings.ISO9796d1Encoding;
-+// END android-removed
- import org.bouncycastle.crypto.encodings.OAEPEncoding;
- import org.bouncycastle.crypto.encodings.PKCS1Encoding;
- import org.bouncycastle.crypto.engines.RSABlindedEngine;
-@@ -201,10 +203,12 @@
-         {
-             cipher = new PKCS1Encoding(new RSABlindedEngine());
-         }
--        else if (pad.equals("ISO9796-1PADDING"))
--        {
--            cipher = new ISO9796d1Encoding(new RSABlindedEngine());
--        }
-+        // BEGIN android-removed
-+        // else if (pad.equals("ISO9796-1PADDING"))
-+        // {
-+        //     cipher = new ISO9796d1Encoding(new RSABlindedEngine());
-+        // }
-+        // END android-removed
-         else if (pad.equals("OAEPWITHMD5ANDMGF1PADDING"))
-         {
-             initFromSpec(new OAEPParameterSpec("MD5", "MGF1", new MGF1ParameterSpec("MD5"), PSource.PSpecified.DEFAULT));
-@@ -543,48 +547,50 @@
-         }
-     }
- 
--    static public class PKCS1v1_5Padding
--        extends CipherSpi
--    {
--        public PKCS1v1_5Padding()
--        {
--            super(new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class PKCS1v1_5Padding_PrivateOnly
--        extends CipherSpi
--    {
--        public PKCS1v1_5Padding_PrivateOnly()
--        {
--            super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class PKCS1v1_5Padding_PublicOnly
--        extends CipherSpi
--    {
--        public PKCS1v1_5Padding_PublicOnly()
--        {
--            super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class OAEPPadding
--        extends CipherSpi
--    {
--        public OAEPPadding()
--        {
--            super(OAEPParameterSpec.DEFAULT);
--        }
--    }
--    
--    static public class ISO9796d1Padding
--        extends CipherSpi
--    {
--        public ISO9796d1Padding()
--        {
--            super(new ISO9796d1Encoding(new RSABlindedEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class PKCS1v1_5Padding
-+    //     extends CipherSpi
-+    // {
-+    //     public PKCS1v1_5Padding()
-+    //     {
-+    //         super(new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class PKCS1v1_5Padding_PrivateOnly
-+    //     extends CipherSpi
-+    // {
-+    //     public PKCS1v1_5Padding_PrivateOnly()
-+    //     {
-+    //         super(false, true, new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class PKCS1v1_5Padding_PublicOnly
-+    //     extends CipherSpi
-+    // {
-+    //     public PKCS1v1_5Padding_PublicOnly()
-+    //     {
-+    //         super(true, false, new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class OAEPPadding
-+    //     extends CipherSpi
-+    // {
-+    //     public OAEPPadding()
-+    //     {
-+    //         super(OAEPParameterSpec.DEFAULT);
-+    //     }
-+    // }
-+    //
-+    // static public class ISO9796d1Padding
-+    //     extends CipherSpi
-+    // {
-+    //     public ISO9796d1Padding()
-+    //     {
-+    //         super(new ISO9796d1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/rsa/DigestSignatureSpi.java	2015-04-09 13:10:16.000000000 +0000
-@@ -17,24 +17,31 @@
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x509.DigestInfo;
- import org.bouncycastle.crypto.AsymmetricBlockCipher;
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.Digest;
--import org.bouncycastle.crypto.digests.MD2Digest;
--import org.bouncycastle.crypto.digests.MD4Digest;
--import org.bouncycastle.crypto.digests.MD5Digest;
--import org.bouncycastle.crypto.digests.NullDigest;
--import org.bouncycastle.crypto.digests.RIPEMD128Digest;
--import org.bouncycastle.crypto.digests.RIPEMD160Digest;
--import org.bouncycastle.crypto.digests.RIPEMD256Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
--import org.bouncycastle.crypto.digests.SHA224Digest;
--import org.bouncycastle.crypto.digests.SHA256Digest;
--import org.bouncycastle.crypto.digests.SHA384Digest;
--import org.bouncycastle.crypto.digests.SHA512Digest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.MD2Digest;
-+// import org.bouncycastle.crypto.digests.MD4Digest;
-+// import org.bouncycastle.crypto.digests.MD5Digest;
-+// import org.bouncycastle.crypto.digests.NullDigest;
-+// import org.bouncycastle.crypto.digests.RIPEMD128Digest;
-+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-+// import org.bouncycastle.crypto.digests.RIPEMD256Digest;
-+// import org.bouncycastle.crypto.digests.SHA1Digest;
-+// import org.bouncycastle.crypto.digests.SHA224Digest;
-+// import org.bouncycastle.crypto.digests.SHA256Digest;
-+// import org.bouncycastle.crypto.digests.SHA384Digest;
-+// import org.bouncycastle.crypto.digests.SHA512Digest;
-+// END android-removed
-+// BEGIN android-added
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-added
- import org.bouncycastle.crypto.encodings.PKCS1Encoding;
- import org.bouncycastle.crypto.engines.RSABlindedEngine;
- import org.bouncycastle.util.Arrays;
-@@ -254,7 +261,9 @@
-     {
-         public SHA1()
-         {
--            super(OIWObjectIdentifiers.idSHA1, new SHA1Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(OIWObjectIdentifiers.idSHA1, AndroidDigestFactory.getSHA1(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
-@@ -263,7 +272,9 @@
-     {
-         public SHA224()
-         {
--            super(NISTObjectIdentifiers.id_sha224, new SHA224Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(NISTObjectIdentifiers.id_sha224, AndroidDigestFactory.getSHA224(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
-@@ -272,7 +283,9 @@
-     {
-         public SHA256()
-         {
--            super(NISTObjectIdentifiers.id_sha256, new SHA256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(NISTObjectIdentifiers.id_sha256, AndroidDigestFactory.getSHA256(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
-@@ -281,7 +294,9 @@
-     {
-         public SHA384()
-         {
--            super(NISTObjectIdentifiers.id_sha384, new SHA384Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(NISTObjectIdentifiers.id_sha384, AndroidDigestFactory.getSHA384(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
-@@ -290,70 +305,78 @@
-     {
-         public SHA512()
-         {
--            super(NISTObjectIdentifiers.id_sha512, new SHA512Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(NISTObjectIdentifiers.id_sha512, AndroidDigestFactory.getSHA512(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
--    static public class MD2
--        extends DigestSignatureSpi
--    {
--        public MD2()
--        {
--            super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class MD4
--        extends DigestSignatureSpi
--    {
--        public MD4()
--        {
--            super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class MD2
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public MD2()
-+    //     {
-+    //         super(PKCSObjectIdentifiers.md2, new MD2Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class MD4
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public MD4()
-+    //     {
-+    //         super(PKCSObjectIdentifiers.md4, new MD4Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class MD5
-         extends DigestSignatureSpi
-     {
-         public MD5()
-         {
--            super(PKCSObjectIdentifiers.md5, new MD5Digest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class RIPEMD160
--        extends DigestSignatureSpi
--    {
--        public RIPEMD160()
--        {
--            super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // BEGIN android-changed
-+            super(PKCSObjectIdentifiers.md5, AndroidDigestFactory.getMD5(), new PKCS1Encoding(new RSABlindedEngine()));
-+            // END android-changed
-         }
-     }
- 
--    static public class RIPEMD128
--        extends DigestSignatureSpi
--    {
--        public RIPEMD128()
--        {
--            super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class RIPEMD256
--        extends DigestSignatureSpi
--    {
--        public RIPEMD256()
--        {
--            super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
--
--    static public class noneRSA
--        extends DigestSignatureSpi
--    {
--        public noneRSA()
--        {
--            super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class RIPEMD160
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public RIPEMD160()
-+    //     {
-+    //         super(TeleTrusTObjectIdentifiers.ripemd160, new RIPEMD160Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class RIPEMD128
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public RIPEMD128()
-+    //     {
-+    //         super(TeleTrusTObjectIdentifiers.ripemd128, new RIPEMD128Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class RIPEMD256
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public RIPEMD256()
-+    //     {
-+    //         super(TeleTrusTObjectIdentifiers.ripemd256, new RIPEMD256Digest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    //
-+    // static public class noneRSA
-+    //     extends DigestSignatureSpi
-+    // {
-+    //     public noneRSA()
-+    //     {
-+    //         super(new NullDigest(), new PKCS1Encoding(new RSABlindedEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/BaseCipherSpi.java	2015-04-09 13:10:16.000000000 +0000
-@@ -18,8 +18,10 @@
- import javax.crypto.NoSuchPaddingException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- import javax.crypto.spec.SecretKeySpec;
- 
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-@@ -39,8 +41,10 @@
-                                     {
-                                         IvParameterSpec.class,
-                                         PBEParameterSpec.class,
--                                        RC2ParameterSpec.class,
--                                        RC5ParameterSpec.class
-+                                        // BEGIN android-removed
-+                                        // RC2ParameterSpec.class,
-+                                        // RC5ParameterSpec.class
-+                                        // END android-removed
-                                     };
- 
-     private final JcaJceHelper helper = new BCJcaJceHelper();
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/util/ECUtil.java	2015-04-09 13:10:16.000000000 +0000
-@@ -6,11 +6,15 @@
- import java.security.PublicKey;
- 
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
--import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTNamedCurves;
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
- import org.bouncycastle.asn1.sec.SECNamedCurves;
--import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
-+// END android-removed
- import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
- import org.bouncycastle.asn1.x9.X962NamedCurves;
- import org.bouncycastle.asn1.x9.X962Parameters;
-@@ -247,14 +251,16 @@
-             {
-                 oid = NISTNamedCurves.getOID(name);
-             }
--            if (oid == null)
--            {
--                oid = TeleTrusTNamedCurves.getOID(name);
--            }
--            if (oid == null)
--            {
--                oid = ECGOST3410NamedCurves.getOID(name);
--            }
-+            // BEGIN android-removed
-+            // if (oid == null)
-+            // {
-+            //     oid = TeleTrusTNamedCurves.getOID(name);
-+            // }
-+            // if (oid == null)
-+            // {
-+            //     oid = ECGOST3410NamedCurves.getOID(name);
-+            // }
-+            // END android-removed
-         }
- 
-         return oid;
-@@ -276,10 +282,12 @@
-             {
-                 params = NISTNamedCurves.getByOID(oid);
-             }
--            if (params == null)
--            {
--                params = TeleTrusTNamedCurves.getByOID(oid);
--            }
-+            // BEGIN android-removed
-+            // if (params == null)
-+            // {
-+            //     params = TeleTrusTNamedCurves.getByOID(oid);
-+            // }
-+            // END android-removed
-         }
- 
-         return params;
-@@ -297,14 +305,16 @@
-             {
-                 name = NISTNamedCurves.getName(oid);
-             }
--            if (name == null)
--            {
--                name = TeleTrusTNamedCurves.getName(oid);
--            }
--            if (name == null)
--            {
--                name = ECGOST3410NamedCurves.getName(oid);
--            }
-+            // BEGIN android-removed
-+            // if (name == null)
-+            // {
-+            //     name = TeleTrusTNamedCurves.getName(oid);
-+            // }
-+            // if (name == null)
-+            // {
-+            //     name = ECGOST3410NamedCurves.getName(oid);
-+            // }
-+            // END android-removed
-         }
- 
-         return name;
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/PKIXCertPath.java	2015-04-09 13:10:16.000000000 +0000
-@@ -37,7 +37,9 @@
- import org.bouncycastle.jcajce.util.BCJcaJceHelper;
- import org.bouncycastle.jcajce.util.JcaJceHelper;
- import org.bouncycastle.util.io.pem.PemObject;
--import org.bouncycastle.util.io.pem.PemWriter;
-+// BEGIN android-removed
-+// import org.bouncycastle.util.io.pem.PemWriter;
-+// END android-removed
- 
- /**
-  * CertPath implementation for X.509 certificates.
-@@ -54,7 +56,9 @@
-     {
-         List encodings = new ArrayList();
-         encodings.add("PkiPath");
--        encodings.add("PEM");
-+        // BEGIN android-removed
-+        // encodings.add("PEM");
-+        // END android-removed
-         encodings.add("PKCS7");
-         certPathEncodings = Collections.unmodifiableList(encodings);
-     }
-@@ -301,27 +305,29 @@
-             return toDEREncoded(new ContentInfo(
-                     PKCSObjectIdentifiers.signedData, sd));
-         }
--        else if (encoding.equalsIgnoreCase("PEM"))
--        {
--            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
--            PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
--
--            try
--            {
--                for (int i = 0; i != certificates.size(); i++)
--                {
--                    pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
--                }
--            
--                pWrt.close();
--            }
--            catch (Exception e)
--            {
--                throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
--            }
--
--            return bOut.toByteArray();
--        }
-+        // BEGIN android-removed
-+        // else if (encoding.equalsIgnoreCase("PEM"))
-+        // {
-+        //     ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-+        //     PemWriter pWrt = new PemWriter(new OutputStreamWriter(bOut));
-+        //
-+        //     try
-+        //     {
-+        //         for (int i = 0; i != certificates.size(); i++)
-+        //         {
-+        //             pWrt.writeObject(new PemObject("CERTIFICATE", ((X509Certificate)certificates.get(i)).getEncoded()));
-+        //         }
-+        //
-+        //         pWrt.close();
-+        //     }
-+        //     catch (Exception e)
-+        //     {
-+        //         throw new CertificateEncodingException("can't encode certificate for PEM encoded path");
-+        //     }
-+        //
-+        //     return bOut.toByteArray();
-+        // }
-+        // END android-removed
-         else
-         {
-             throw new CertificateEncodingException("unsupported encoding: " + encoding);
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509CertificateObject.java	2015-04-09 13:10:16.000000000 +0000
-@@ -55,6 +55,9 @@
- import org.bouncycastle.asn1.x509.Extensions;
- import org.bouncycastle.asn1.x509.GeneralName;
- import org.bouncycastle.asn1.x509.KeyUsage;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.x509.X509Name;
-+// END android-added
- import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
- import org.bouncycastle.jce.X509Principal;
- import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-@@ -534,12 +537,20 @@
-         }
-     }
- 
-+    // BEGIN android-changed
-+    private byte[] encoded;
-+    // END android-changed
-     public byte[] getEncoded()
-         throws CertificateEncodingException
-     {
-         try
-         {
--            return c.getEncoded(ASN1Encoding.DER);
-+            // BEGIN android-changed
-+            if (encoded == null) {
-+                encoded = c.getEncoded(ASN1Encoding.DER);
-+            }
-+            return encoded;
-+            // END android-changed
-         }
-         catch (IOException e)
-         {
-@@ -839,7 +850,9 @@
-                     list.add(genName.getEncoded());
-                     break;
-                 case GeneralName.directoryName:
--                    list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
-+                    // BEGIN android-changed
-+                    list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-+                    // END android-changed
-                     break;
-                 case GeneralName.dNSName:
-                 case GeneralName.rfc822Name:
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/asymmetric/x509/X509SignatureUtil.java	2015-04-09 13:10:16.000000000 +0000
-@@ -16,12 +16,16 @@
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.ASN1Sequence;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
-@@ -143,22 +147,24 @@
-         {
-             return "SHA512";
-         }
--        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
--        {
--            return "RIPEMD128";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
--        {
--            return "RIPEMD160";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
--        {
--            return "RIPEMD256";
--        }
--        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
--        {
--            return "GOST3411";
--        }
-+        // BEGIN android-removed
-+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD128";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD160";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD256";
-+        // }
-+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-+        // {
-+        //     return "GOST3411";
-+        // }
-+        // END android-removed
-         else
-         {
-             return digestAlgOID.getId();            
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA256.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA256.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA256.java	2013-05-25 02:14:15.000000000 +0000
-@@ -45,17 +45,19 @@
-         }
-     }
- 
--    /**
--     * PBEWithHmacSHA
--     */
--    public static class PBEWithMacKeyFactory
--        extends PBESecretKeyFactory
--    {
--        public PBEWithMacKeyFactory()
--        {
--            super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * PBEWithHmacSHA
-+    //  */
-+    // public static class PBEWithMacKeyFactory
-+    //     extends PBESecretKeyFactory
-+    // {
-+    //     public PBEWithMacKeyFactory()
-+    //     {
-+    //         super("PBEwithHmacSHA256", null, false, PKCS12, SHA256, 256, 0);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * HMACSHA256
-@@ -84,9 +86,11 @@
-             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA256", "SHA-256");
-             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha256, "SHA-256");
- 
--            provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHHMACSHA256", PREFIX + "$PBEWithMacKeyFactory");
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHHMACSHA-256", "PBEWITHHMACSHA256");
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + NISTObjectIdentifiers.id_sha256, "PBEWITHHMACSHA256");
-+            // END android-removed
- 
-             addHMACAlgorithm(provider, "SHA256", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
-             addHMACAlias(provider, "SHA256", PKCSObjectIdentifiers.id_hmacWithSHA256);
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA384.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA384.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA384.java	2013-05-25 02:14:15.000000000 +0000
-@@ -5,7 +5,9 @@
- import org.bouncycastle.crypto.CipherKeyGenerator;
- import org.bouncycastle.crypto.digests.SHA384Digest;
- import org.bouncycastle.crypto.macs.HMac;
--import org.bouncycastle.crypto.macs.OldHMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.macs.OldHMac;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-@@ -57,14 +59,16 @@
-         }
-     }
- 
--    public static class OldSHA384
--        extends BaseMac
--    {
--        public OldSHA384()
--        {
--            super(new OldHMac(new SHA384Digest()));
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class OldSHA384
-+    //     extends BaseMac
-+    // {
-+    //     public OldSHA384()
-+    //     {
-+    //         super(new OldHMac(new SHA384Digest()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class Mappings
-         extends DigestAlgorithmProvider
-@@ -80,7 +84,9 @@
-             provider.addAlgorithm("MessageDigest.SHA-384", PREFIX + "$Digest");
-             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA384", "SHA-384");
-             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha384, "SHA-384");
--            provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Mac.OLDHMACSHA384", PREFIX + "$OldSHA384");
-+            // END android-removed
- 
-             addHMACAlgorithm(provider, "SHA384", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
-             addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA512.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/digest/SHA512.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/digest/SHA512.java	2013-05-25 02:14:15.000000000 +0000
-@@ -4,9 +4,13 @@
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.crypto.CipherKeyGenerator;
- import org.bouncycastle.crypto.digests.SHA512Digest;
--import org.bouncycastle.crypto.digests.SHA512tDigest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.SHA512tDigest;
-+// END android-removed
- import org.bouncycastle.crypto.macs.HMac;
--import org.bouncycastle.crypto.macs.OldHMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.macs.OldHMac;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-@@ -37,42 +41,44 @@
-         }
-     }
- 
--    static public class DigestT
--        extends BCMessageDigest
--        implements Cloneable
--    {
--        public DigestT(int bitLength)
--        {
--            super(new SHA512tDigest(bitLength));
--        }
--
--        public Object clone()
--            throws CloneNotSupportedException
--        {
--            DigestT d = (DigestT)super.clone();
--            d.digest = new SHA512tDigest((SHA512tDigest)digest);
--
--            return d;
--        }
--    }
--
--    static public class DigestT224
--        extends DigestT
--    {
--        public DigestT224()
--        {
--            super(224);
--        }
--    }
--
--    static public class DigestT256
--        extends DigestT
--    {
--        public DigestT256()
--        {
--            super(256);
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class DigestT
-+    //     extends BCMessageDigest
-+    //     implements Cloneable
-+    // {
-+    //     public DigestT(int bitLength)
-+    //     {
-+    //         super(new SHA512tDigest(bitLength));
-+    //     }
-+    //
-+    //     public Object clone()
-+    //         throws CloneNotSupportedException
-+    //     {
-+    //         DigestT d = (DigestT)super.clone();
-+    //         d.digest = new SHA512tDigest((SHA512tDigest)digest);
-+    //
-+    //         return d;
-+    //     }
-+    // }
-+    //
-+    // static public class DigestT224
-+    //     extends DigestT
-+    // {
-+    //     public DigestT224()
-+    //     {
-+    //         super(224);
-+    //     }
-+    // }
-+    //
-+    // static public class DigestT256
-+    //     extends DigestT
-+    // {
-+    //     public DigestT256()
-+    //     {
-+    //         super(256);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class HashMac
-         extends BaseMac
-@@ -83,35 +89,37 @@
-         }
-     }
- 
--    public static class HashMacT224
--        extends BaseMac
--    {
--        public HashMacT224()
--        {
--            super(new HMac(new SHA512tDigest(224)));
--        }
--    }
--
--    public static class HashMacT256
--        extends BaseMac
--    {
--        public HashMacT256()
--        {
--            super(new HMac(new SHA512tDigest(256)));
--        }
--    }
--
--    /**
--     * SHA-512 HMac
--     */
--    public static class OldSHA512
--        extends BaseMac
--    {
--        public OldSHA512()
--        {
--            super(new OldHMac(new SHA512Digest()));
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class HashMacT224
-+    //     extends BaseMac
-+    // {
-+    //     public HashMacT224()
-+    //     {
-+    //         super(new HMac(new SHA512tDigest(224)));
-+    //     }
-+    // }
-+    //
-+    // public static class HashMacT256
-+    //     extends BaseMac
-+    // {
-+    //     public HashMacT256()
-+    //     {
-+    //         super(new HMac(new SHA512tDigest(256)));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * SHA-512 HMac
-+    //  */
-+    // public static class OldSHA512
-+    //     extends BaseMac
-+    // {
-+    //     public OldSHA512()
-+    //     {
-+    //         super(new OldHMac(new SHA512Digest()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * HMACSHA512
-@@ -125,23 +133,25 @@
-         }
-     }
- 
--    public static class KeyGeneratorT224
--        extends BaseKeyGenerator
--    {
--        public KeyGeneratorT224()
--        {
--            super("HMACSHA512/224", 224, new CipherKeyGenerator());
--        }
--    }
--
--    public static class KeyGeneratorT256
--        extends BaseKeyGenerator
--    {
--        public KeyGeneratorT256()
--        {
--            super("HMACSHA512/256", 256, new CipherKeyGenerator());
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class KeyGeneratorT224
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public KeyGeneratorT224()
-+    //     {
-+    //         super("HMACSHA512/224", 224, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // public static class KeyGeneratorT256
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public KeyGeneratorT256()
-+    //     {
-+    //         super("HMACSHA512/256", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class Mappings
-         extends DigestAlgorithmProvider
-@@ -158,21 +168,25 @@
-             provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512", "SHA-512");
-             provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512, "SHA-512");
- 
--            provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
--            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
--            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
--
--            provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
--            provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
--            provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
--
--            provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("MessageDigest.SHA-512/224", PREFIX + "$DigestT224");
-+            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512/224", "SHA-512/224");
-+            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_224, "SHA-512/224");
-+            //
-+            // provider.addAlgorithm("MessageDigest.SHA-512/256", PREFIX + "$DigestT256");
-+            // provider.addAlgorithm("Alg.Alias.MessageDigest.SHA512256", "SHA-512/256");
-+            // provider.addAlgorithm("Alg.Alias.MessageDigest." + NISTObjectIdentifiers.id_sha512_256, "SHA-512/256");
-+            //
-+            // provider.addAlgorithm("Mac.OLDHMACSHA512", PREFIX + "$OldSHA512");
-+            // END android-removed
- 
-             addHMACAlgorithm(provider, "SHA512", PREFIX + "$HashMac",  PREFIX + "$KeyGenerator");
-             addHMACAlias(provider, "SHA512", PKCSObjectIdentifiers.id_hmacWithSHA512);
- 
--            addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
--            addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
-+            // BEGIN android-removed
-+            // addHMACAlgorithm(provider, "SHA512/224", PREFIX + "$HashMacT224",  PREFIX + "$KeyGeneratorT224");
-+            // addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256",  PREFIX + "$KeyGeneratorT256");
-+            // END android-removed
-         }
-     }
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/BC.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/BC.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/BC.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/BC.java	2013-05-25 02:14:15.000000000 +0000
-@@ -17,7 +17,9 @@
-         public void configure(ConfigurableProvider provider)
-         {
-             provider.addAlgorithm("KeyStore.BKS", PREFIX + "BcKeyStoreSpi$Std");
--            provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyStore.BKS-V1", PREFIX + "BcKeyStoreSpi$Version1");
-+            // END android-removed
-             provider.addAlgorithm("KeyStore.BouncyCastle", PREFIX + "BcKeyStoreSpi$BouncyCastleStore");
-             provider.addAlgorithm("Alg.Alias.KeyStore.UBER", "BouncyCastle");
-             provider.addAlgorithm("Alg.Alias.KeyStore.BOUNCYCASTLE", "BouncyCastle");
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/PKCS12.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/PKCS12.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/PKCS12.java	2013-05-25 02:14:15.000000000 +0000
-@@ -17,14 +17,16 @@
-         public void configure(ConfigurableProvider provider)
-         {
-             provider.addAlgorithm("KeyStore.PKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
--            provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
--            provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
--
--            provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
--            provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
--    
--            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
--            provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyStore.BCPKCS12", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-+            // provider.addAlgorithm("KeyStore.PKCS12-DEF", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-+            //
-+            // provider.addAlgorithm("KeyStore.PKCS12-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore");
-+            // provider.addAlgorithm("KeyStore.PKCS12-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$BCPKCS12KeyStore3DES");
-+            //
-+            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-40RC2", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore");
-+            // provider.addAlgorithm("KeyStore.PKCS12-DEF-3DES-3DES", PREFIX + "PKCS12KeyStoreSpi$DefPKCS12KeyStore3DES");
-+            // END android-removed
-         }
-     }
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java	2015-04-09 13:10:16.000000000 +0000
-@@ -62,8 +62,10 @@
- import org.bouncycastle.asn1.DEROutputStream;
- import org.bouncycastle.asn1.DERSequence;
- import org.bouncycastle.asn1.DERSet;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.GOST28147Parameters;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;
-@@ -89,7 +91,9 @@
- import org.bouncycastle.crypto.digests.SHA1Digest;
- import org.bouncycastle.jcajce.PKCS12StoreParameter;
- import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey;
--import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-+// END android-removed
- import org.bouncycastle.jcajce.spec.PBKDF2KeySpec;
- import org.bouncycastle.jcajce.util.BCJcaJceHelper;
- import org.bouncycastle.jcajce.util.JcaJceHelper;
-@@ -753,13 +757,15 @@
-         {
-             cipher.init(mode, key, new IvParameterSpec(ASN1OctetString.getInstance(encParams).getOctets()));
-         }
--        else
--        {
--            // TODO: at the moment it's just GOST, but...
--            GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
--
--            cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
--        }
-+        // BEGIN android-removed
-+        // else
-+        // {
-+        //     // TODO: at the moment it's just GOST, but...
-+        //     GOST28147Parameters gParams = GOST28147Parameters.getInstance(encParams);
-+        //
-+        //     cipher.init(mode, key, new GOST28147ParameterSpec(gParams.getEncryptionParamSet(), gParams.getIV()));
-+        // }
-+        // END android-removed
-         return cipher;
-     }
- 
-@@ -1680,33 +1686,34 @@
-             super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-         }
-     }
--
--    public static class BCPKCS12KeyStore3DES
--        extends PKCS12KeyStoreSpi
--    {
--        public BCPKCS12KeyStore3DES()
--        {
--            super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
--        }
--    }
--
--    public static class DefPKCS12KeyStore
--        extends PKCS12KeyStoreSpi
--    {
--        public DefPKCS12KeyStore()
--        {
--            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
--        }
--    }
--
--    public static class DefPKCS12KeyStore3DES
--        extends PKCS12KeyStoreSpi
--    {
--        public DefPKCS12KeyStore3DES()
--        {
--            super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class BCPKCS12KeyStore3DES
-+    //     extends PKCS12KeyStoreSpi
-+    // {
-+    //     public BCPKCS12KeyStore3DES()
-+    //     {
-+    //         super(new BouncyCastleProvider(), pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-+    //     }
-+    // }
-+    // 
-+    // public static class DefPKCS12KeyStore
-+    //     extends PKCS12KeyStoreSpi
-+    // {
-+    //     public DefPKCS12KeyStore()
-+    //     {
-+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd40BitRC2_CBC);
-+    //     }
-+    // }
-+    // 
-+    // public static class DefPKCS12KeyStore3DES
-+    //     extends PKCS12KeyStoreSpi
-+    // {
-+    //     public DefPKCS12KeyStore3DES()
-+    //     {
-+    //         super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     private static class IgnoresCaseHashtable
-     {
-@@ -1779,7 +1786,9 @@
-             keySizes.put(NTTObjectIdentifiers.id_camellia192_cbc, Integers.valueOf(192));
-             keySizes.put(NTTObjectIdentifiers.id_camellia256_cbc, Integers.valueOf(256));
- 
--            keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256));
-+            // BEGIN android-removed
-+            // keySizes.put(CryptoProObjectIdentifiers.gostR28147_gcfb, Integers.valueOf(256));
-+            // END android-removed
- 
-             KEY_SIZES = Collections.unmodifiableMap(keySizes);
-         }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/AES.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/AES.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/AES.java	2015-07-22 00:42:46.000000000 +0000
-@@ -3,16 +3,28 @@
- import java.io.IOException;
- import java.lang.reflect.Constructor;
- import java.lang.reflect.Method;
--import java.security.AlgorithmParameters;
--import java.security.InvalidAlgorithmParameterException;
-+// BEGIN android-added
-+import java.security.NoSuchAlgorithmException;
-+// END android-added
-+// BEGIN android-removed
-+// import java.security.AlgorithmParameters;
-+// import java.security.InvalidAlgorithmParameterException;
-+// END android-removed
- import java.security.SecureRandom;
- import java.security.spec.AlgorithmParameterSpec;
- import java.security.spec.InvalidParameterSpecException;
- 
--import javax.crypto.spec.IvParameterSpec;
--
-+// BEGIN android-removed
-+// import javax.crypto.spec.IvParameterSpec;
-+// END android-removed
-+
-+// BEGIN android-added
-+import javax.crypto.NoSuchPaddingException;
-+// END android-added
- import org.bouncycastle.asn1.bc.BCObjectIdentifiers;
--import org.bouncycastle.asn1.cms.CCMParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cms.CCMParameters;
-+// END android-removed
- import org.bouncycastle.asn1.cms.GCMParameters;
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.crypto.BlockCipher;
-@@ -20,22 +32,30 @@
- import org.bouncycastle.crypto.CipherKeyGenerator;
- import org.bouncycastle.crypto.engines.AESFastEngine;
- import org.bouncycastle.crypto.engines.AESWrapEngine;
--import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
--import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
--import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
--import org.bouncycastle.crypto.macs.CMac;
--import org.bouncycastle.crypto.macs.GMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// import org.bouncycastle.crypto.engines.RFC5649WrapEngine;
-+// import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
-+// import org.bouncycastle.crypto.macs.CMac;
-+// import org.bouncycastle.crypto.macs.GMac;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
--import org.bouncycastle.crypto.modes.CCMBlockCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.modes.CCMBlockCipher;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CFBBlockCipher;
- import org.bouncycastle.crypto.modes.GCMBlockCipher;
- import org.bouncycastle.crypto.modes.OFBBlockCipher;
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
- import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
- import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-@@ -98,53 +118,64 @@
-         public GCM()
-         {
-             super(new GCMBlockCipher(new AESFastEngine()));
-+            // BEGIN android-added
-+            try {
-+                engineSetMode("GCM");
-+                engineSetPadding("NoPadding");
-+            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-+                // this should not be possible
-+                throw new RuntimeException("Could not set mode or padding for GCM mode", e);
-+            }
-+            // END android-added
-         }
-     }
- 
--    static public class CCM
--        extends BaseBlockCipher
--    {
--        public CCM()
--        {
--            super(new CCMBlockCipher(new AESFastEngine()));
--        }
--    }
--
--    public static class AESCMAC
--        extends BaseMac
--    {
--        public AESCMAC()
--        {
--            super(new CMac(new AESFastEngine()));
--        }
--    }
--
--    public static class AESGMAC
--        extends BaseMac
--    {
--        public AESGMAC()
--        {
--            super(new GMac(new GCMBlockCipher(new AESFastEngine())));
--        }
--    }
--
--    public static class Poly1305
--        extends BaseMac
--    {
--        public Poly1305()
--        {
--            super(new org.bouncycastle.crypto.macs.Poly1305(new AESFastEngine()));
--        }
--    }
--
--    public static class Poly1305KeyGen
--        extends BaseKeyGenerator
--    {
--        public Poly1305KeyGen()
--        {
--            super("Poly1305-AES", 256, new Poly1305KeyGenerator());
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class CCM
-+    //     extends BaseBlockCipher
-+    // {
-+    //     public CCM()
-+    //     {
-+    //         super(new CCMBlockCipher(new AESFastEngine()));
-+    //     }
-+    // }
-+    //
-+    // public static class AESCMAC
-+    //     extends BaseMac
-+    // {
-+    //     public AESCMAC()
-+    //     {
-+    //         super(new CMac(new AESFastEngine()));
-+    //     }
-+    // }
-+    //
-+    // public static class AESGMAC
-+    //     extends BaseMac
-+    // {
-+    //     public AESGMAC()
-+    //     {
-+    //         super(new GMac(new GCMBlockCipher(new AESFastEngine())));
-+    //     }
-+    // }
-+    //
-+    // public static class Poly1305
-+    //     extends BaseMac
-+    // {
-+    //     public Poly1305()
-+    //     {
-+    //         super(new org.bouncycastle.crypto.macs.Poly1305(new AESFastEngine()));
-+    //     }
-+    // }
-+    //
-+    // public static class Poly1305KeyGen
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public Poly1305KeyGen()
-+    //     {
-+    //         super("Poly1305-AES", 256, new Poly1305KeyGenerator());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class Wrap
-         extends BaseWrapCipher
-@@ -155,23 +186,25 @@
-         }
-     }
- 
--    public static class RFC3211Wrap
--        extends BaseWrapCipher
--    {
--        public RFC3211Wrap()
--        {
--            super(new RFC3211WrapEngine(new AESFastEngine()), 16);
--        }
--    }
--
--    public static class RFC5649Wrap
--        extends BaseWrapCipher
--    {
--        public RFC5649Wrap()
--        {
--            super(new RFC5649WrapEngine(new AESFastEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class RFC3211Wrap
-+    //     extends BaseWrapCipher
-+    // {
-+    //     public RFC3211Wrap()
-+    //     {
-+    //         super(new RFC3211WrapEngine(new AESFastEngine()), 16);
-+    //     }
-+    // }
-+    //
-+    // public static class RFC5649Wrap
-+    //     extends BaseWrapCipher
-+    // {
-+    //     public RFC5649Wrap()
-+    //     {
-+    //         super(new RFC5649WrapEngine(new AESFastEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * PBEWithAES-CBC
-@@ -190,7 +223,9 @@
-     {
-         public KeyGen()
-         {
--            this(192);
-+            // BEGIN android-changed
-+            this(128);
-+            // END android-changed
-         }
- 
-         public KeyGen(int keySize)
-@@ -199,32 +234,34 @@
-         }
-     }
- 
--    public static class KeyGen128
--        extends KeyGen
--    {
--        public KeyGen128()
--        {
--            super(128);
--        }
--    }
--
--    public static class KeyGen192
--        extends KeyGen
--    {
--        public KeyGen192()
--        {
--            super(192);
--        }
--    }
--
--    public static class KeyGen256
--        extends KeyGen
--    {
--        public KeyGen256()
--        {
--            super(256);
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class KeyGen128
-+    //     extends KeyGen
-+    // {
-+    //     public KeyGen128()
-+    //     {
-+    //         super(128);
-+    //     }
-+    // }
-+    //
-+    // public static class KeyGen192
-+    //     extends KeyGen
-+    // {
-+    //     public KeyGen192()
-+    //     {
-+    //         super(192);
-+    //     }
-+    // }
-+    //
-+    // public static class KeyGen256
-+    //     extends KeyGen
-+    // {
-+    //     public KeyGen256()
-+    //     {
-+    //         super(256);
-+    //     }
-+    // }
-+    // END android-removed
-     
-     /**
-      * PBEWithSHA1And128BitAES-BC
-@@ -334,119 +371,121 @@
-         }
-     }
-     
--    public static class AlgParamGen
--        extends BaseAlgorithmParameterGenerator
--    {
--        protected void engineInit(
--            AlgorithmParameterSpec genParamSpec,
--            SecureRandom random)
--            throws InvalidAlgorithmParameterException
--        {
--            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
--        }
--
--        protected AlgorithmParameters engineGenerateParameters()
--        {
--            byte[]  iv = new byte[16];
--
--            if (random == null)
--            {
--                random = new SecureRandom();
--            }
--
--            random.nextBytes(iv);
--
--            AlgorithmParameters params;
--
--            try
--            {
--                params = createParametersInstance("AES");
--                params.init(new IvParameterSpec(iv));
--            }
--            catch (Exception e)
--            {
--                throw new RuntimeException(e.getMessage());
--            }
--
--            return params;
--        }
--    }
--
--    public static class AlgParamGenCCM
--        extends BaseAlgorithmParameterGenerator
--    {
--        protected void engineInit(
--            AlgorithmParameterSpec genParamSpec,
--            SecureRandom random)
--            throws InvalidAlgorithmParameterException
--        {
--            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
--        }
--
--        protected AlgorithmParameters engineGenerateParameters()
--        {
--            byte[]  iv = new byte[12];
--
--            if (random == null)
--            {
--                random = new SecureRandom();
--            }
--
--            random.nextBytes(iv);
--
--            AlgorithmParameters params;
--
--            try
--            {
--                params = createParametersInstance("CCM");
--                params.init(new CCMParameters(iv, 12).getEncoded());
--            }
--            catch (Exception e)
--            {
--                throw new RuntimeException(e.getMessage());
--            }
--
--            return params;
--        }
--    }
--
--    public static class AlgParamGenGCM
--        extends BaseAlgorithmParameterGenerator
--    {
--        protected void engineInit(
--            AlgorithmParameterSpec genParamSpec,
--            SecureRandom random)
--            throws InvalidAlgorithmParameterException
--        {
--            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
--        }
--
--        protected AlgorithmParameters engineGenerateParameters()
--        {
--            byte[]  nonce = new byte[12];
--
--            if (random == null)
--            {
--                random = new SecureRandom();
--            }
--
--            random.nextBytes(nonce);
--
--            AlgorithmParameters params;
--
--            try
--            {
--                params = createParametersInstance("GCM");
--                params.init(new GCMParameters(nonce, 12).getEncoded());
--            }
--            catch (Exception e)
--            {
--                throw new RuntimeException(e.getMessage());
--            }
--
--            return params;
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class AlgParamGen
-+    //     extends BaseAlgorithmParameterGenerator
-+    // {
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec genParamSpec,
-+    //         SecureRandom random)
-+    //         throws InvalidAlgorithmParameterException
-+    //     {
-+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-+    //     }
-+    //
-+    //     protected AlgorithmParameters engineGenerateParameters()
-+    //     {
-+    //         byte[]  iv = new byte[16];
-+    //
-+    //         if (random == null)
-+    //         {
-+    //             random = new SecureRandom();
-+    //         }
-+    //
-+    //         random.nextBytes(iv);
-+    //
-+    //         AlgorithmParameters params;
-+    //
-+    //         try
-+    //         {
-+    //             params = createParametersInstance("AES");
-+    //             params.init(new IvParameterSpec(iv));
-+    //         }
-+    //         catch (Exception e)
-+    //         {
-+    //             throw new RuntimeException(e.getMessage());
-+    //         }
-+    //
-+    //         return params;
-+    //     }
-+    // }
-+    //
-+    // public static class AlgParamGenCCM
-+    //     extends BaseAlgorithmParameterGenerator
-+    // {
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec genParamSpec,
-+    //         SecureRandom random)
-+    //         throws InvalidAlgorithmParameterException
-+    //     {
-+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-+    //     }
-+    //
-+    //     protected AlgorithmParameters engineGenerateParameters()
-+    //     {
-+    //         byte[]  iv = new byte[12];
-+    //
-+    //         if (random == null)
-+    //         {
-+    //             random = new SecureRandom();
-+    //         }
-+    //
-+    //         random.nextBytes(iv);
-+    //
-+    //         AlgorithmParameters params;
-+    //
-+    //         try
-+    //         {
-+    //             params = createParametersInstance("CCM");
-+    //             params.init(new CCMParameters(iv, 12).getEncoded());
-+    //         }
-+    //         catch (Exception e)
-+    //         {
-+    //             throw new RuntimeException(e.getMessage());
-+    //         }
-+    //
-+    //         return params;
-+    //     }
-+    // }
-+    //
-+    // public static class AlgParamGenGCM
-+    //     extends BaseAlgorithmParameterGenerator
-+    // {
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec genParamSpec,
-+    //         SecureRandom random)
-+    //         throws InvalidAlgorithmParameterException
-+    //     {
-+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for AES parameter generation.");
-+    //     }
-+    //
-+    //     protected AlgorithmParameters engineGenerateParameters()
-+    //     {
-+    //         byte[]  nonce = new byte[12];
-+    //
-+    //         if (random == null)
-+    //         {
-+    //             random = new SecureRandom();
-+    //         }
-+    //
-+    //         random.nextBytes(nonce);
-+    //
-+    //         AlgorithmParameters params;
-+    //
-+    //         try
-+    //         {
-+    //             params = createParametersInstance("GCM");
-+    //             params.init(new GCMParameters(nonce, 12).getEncoded());
-+    //         }
-+    //         catch (Exception e)
-+    //         {
-+    //             throw new RuntimeException(e.getMessage());
-+    //         }
-+    //
-+    //         return params;
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class AlgParams
-         extends IvAlgorithmParameters
-@@ -545,80 +584,82 @@
-         }
-     }
- 
--    public static class AlgParamsCCM
--        extends BaseAlgorithmParameters
--    {
--        private CCMParameters ccmParams;
--
--        protected void engineInit(AlgorithmParameterSpec paramSpec)
--            throws InvalidParameterSpecException
--        {
--            throw new InvalidParameterSpecException("No supported AlgorithmParameterSpec for AES parameter generation.");
--        }
--
--        protected void engineInit(byte[] params)
--            throws IOException
--        {
--            ccmParams = CCMParameters.getInstance(params);
--        }
--
--        protected void engineInit(byte[] params, String format)
--            throws IOException
--        {
--            if (!isASN1FormatString(format))
--            {
--                throw new IOException("unknown format specified");
--            }
--
--            ccmParams = CCMParameters.getInstance(params);
--        }
--
--        protected byte[] engineGetEncoded()
--            throws IOException
--        {
--            return ccmParams.getEncoded();
--        }
--
--        protected byte[] engineGetEncoded(String format)
--            throws IOException
--        {
--            if (!isASN1FormatString(format))
--            {
--                throw new IOException("unknown format specified");
--            }
--
--            return ccmParams.getEncoded();
--        }
--
--        protected String engineToString()
--        {
--            return "CCM";
--        }
--
--        protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
--            throws InvalidParameterSpecException
--        {
--            if (gcmSpecClass != null)
--            {
--                try
--                {
--                    Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class });
--
--                    return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(ccmParams.getIcvLen() * 8), ccmParams.getNonce() });
--                }
--                catch (NoSuchMethodException e)
--                {
--                    throw new InvalidParameterSpecException("no constructor found!");   // should never happen
--                }
--                catch (Exception e)
--                {
--                    throw new InvalidParameterSpecException("construction failed: " + e.getMessage());   // should never happen
--                }
--            }
--
--            throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName());
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class AlgParamsCCM
-+    //     extends BaseAlgorithmParameters
-+    // {
-+    //     private CCMParameters ccmParams;
-+    // 
-+    //     protected void engineInit(AlgorithmParameterSpec paramSpec)
-+    //         throws InvalidParameterSpecException
-+    //     {
-+    //         throw new InvalidParameterSpecException("No supported AlgorithmParameterSpec for AES parameter generation.");
-+    //     }
-+    // 
-+    //     protected void engineInit(byte[] params)
-+    //         throws IOException
-+    //     {
-+    //         ccmParams = CCMParameters.getInstance(params);
-+    //     }
-+    // 
-+    //     protected void engineInit(byte[] params, String format)
-+    //         throws IOException
-+    //     {
-+    //         if (!isASN1FormatString(format))
-+    //         {
-+    //             throw new IOException("unknown format specified");
-+    //         }
-+    // 
-+    //         ccmParams = CCMParameters.getInstance(params);
-+    //     }
-+    // 
-+    //     protected byte[] engineGetEncoded()
-+    //         throws IOException
-+    //     {
-+    //         return ccmParams.getEncoded();
-+    //     }
-+    // 
-+    //     protected byte[] engineGetEncoded(String format)
-+    //         throws IOException
-+    //     {
-+    //         if (!isASN1FormatString(format))
-+    //         {
-+    //             throw new IOException("unknown format specified");
-+    //         }
-+    // 
-+    //         return ccmParams.getEncoded();
-+    //     }
-+    // 
-+    //     protected String engineToString()
-+    //     {
-+    //         return "CCM";
-+    //     }
-+    // 
-+    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(Class paramSpec)
-+    //         throws InvalidParameterSpecException
-+    //     {
-+    //         if (gcmSpecClass != null)
-+    //         {
-+    //             try
-+    //             {
-+    //                 Constructor constructor = gcmSpecClass.getConstructor(new Class[] { Integer.TYPE, byte[].class });
-+    // 
-+    //                 return (AlgorithmParameterSpec)constructor.newInstance(new Object[] { Integers.valueOf(ccmParams.getIcvLen() * 8), ccmParams.getNonce() });
-+    //             }
-+    //             catch (NoSuchMethodException e)
-+    //             {
-+    //                 throw new InvalidParameterSpecException("no constructor found!");   // should never happen
-+    //             }
-+    //             catch (Exception e)
-+    //             {
-+    //                 throw new InvalidParameterSpecException("construction failed: " + e.getMessage());   // should never happen
-+    //             }
-+    //         }
-+    // 
-+    //         throw new InvalidParameterSpecException("unknown parameter spec: " + paramSpec.getName());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class Mappings
-         extends SymmetricAlgorithmProvider
-@@ -652,92 +693,101 @@
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
--
--            provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
--
--            provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("AlgorithmParameters.CCM", PREFIX + "$AlgParamsCCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-+            //
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.AES", PREFIX + "$AlgParamGen");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES128, "AES");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES192, "AES");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + wrongAES256, "AES");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CBC, "AES");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CBC, "AES");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CBC, "AES");
-+            // END android-removed
- 
-             provider.addAlgorithm("Cipher.AES", PREFIX + "$ECB");
-             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES128, "AES");
-             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES192, "AES");
-             provider.addAlgorithm("Alg.Alias.Cipher." + wrongAES256, "AES");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
--            provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$ECB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$ECB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$ECB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$OFB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$OFB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$OFB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$CFB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$CFB");
-+            // provider.addAlgorithm("Cipher." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$CFB");
-+            // END android-removed
-             provider.addAlgorithm("Cipher.AESWRAP", PREFIX + "$Wrap");
-             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_wrap, "AESWRAP");
-             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_wrap, "AESWRAP");
-             provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_wrap, "AESWRAP");
- 
--            provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
--            provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
--
--            provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
--
--            provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
--
--            provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
--
--            provider.addAlgorithm("Cipher.GCM", PREFIX + "$GCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
--            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.AESRFC3211WRAP", PREFIX + "$RFC3211Wrap");
-+            // provider.addAlgorithm("Cipher.AESRFC5649WRAP", PREFIX + "$RFC5649Wrap");
-+            // 
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.CCM", PREFIX + "$AlgParamGenCCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-+            // 
-+            // provider.addAlgorithm("Cipher.CCM", PREFIX + "$CCM");
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_CCM, "CCM");
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_CCM, "CCM");
-+            // 
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.GCM", PREFIX + "$AlgParamGenGCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes128_GCM, "GCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes192_GCM, "GCM");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + NISTObjectIdentifiers.id_aes256_GCM, "GCM");
-+            // END android-removed
-+
-+            // BEGIN android-changed
-+            provider.addAlgorithm("Cipher.AES/GCM/NOPADDING", PREFIX + "$GCM");
-+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes128_GCM, "AES/GCM/NOPADDING");
-+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes192_GCM, "AES/GCM/NOPADDING");
-+            provider.addAlgorithm("Alg.Alias.Cipher." + NISTObjectIdentifiers.id_aes256_GCM, "AES/GCM/NOPADDING");
-+            // END android-changed
- 
-             provider.addAlgorithm("KeyGenerator.AES", PREFIX + "$KeyGen");
--            provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
--            provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
--
--            provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyGenerator." + wrongAES128, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + wrongAES192, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + wrongAES256, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_ECB, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_OFB, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CFB, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_ECB, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_OFB, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CFB, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_ECB, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_OFB, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CFB, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator.AESWRAP", PREFIX + "$KeyGen");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_wrap, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_wrap, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_wrap, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_GCM, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_GCM, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_GCM, PREFIX + "$KeyGen256");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes128_CCM, PREFIX + "$KeyGen128");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes192_CCM, PREFIX + "$KeyGen192");
-+            // provider.addAlgorithm("KeyGenerator." + NISTObjectIdentifiers.id_aes256_CCM, PREFIX + "$KeyGen256");
-+            // 
-+            // provider.addAlgorithm("Mac.AESCMAC", PREFIX + "$AESCMAC");
-+            // END android-removed
-             
-             provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes128_cbc.getId(), "PBEWITHSHAAND128BITAES-CBC-BC");
-             provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.bc_pbe_sha1_pkcs12_aes192_cbc.getId(), "PBEWITHSHAAND192BITAES-CBC-BC");
-@@ -816,8 +866,10 @@
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes192_cbc.getId(), "PKCS12PBE");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + BCObjectIdentifiers.bc_pbe_sha256_pkcs12_aes256_cbc.getId(), "PKCS12PBE");
- 
--            addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
--            addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-+            // BEGIN android-removed
-+            // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
-+            // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-+            // END android-removed
-         }
-     }
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/ARC4.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/ARC4.java	2013-05-25 02:14:15.000000000 +0000
-@@ -29,7 +29,9 @@
-     {
-         public KeyGen()
-         {
--            super("RC4", 128, new CipherKeyGenerator());
-+            // BEGIN android-changed
-+            super("ARC4", 128, new CipherKeyGenerator());
-+            // END android-changed
-         }
-     }
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Blowfish.java	2012-09-17 23:04:47.000000000 +0000
-@@ -64,7 +64,9 @@
-         {
- 
-             provider.addAlgorithm("Cipher.BLOWFISH", PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.1.3.6.1.4.1.3029.1.2", PREFIX + "$CBC");
-+            // END android-removed
-             provider.addAlgorithm("KeyGenerator.BLOWFISH", PREFIX + "$KeyGen");
-             provider.addAlgorithm("Alg.Alias.KeyGenerator.1.3.6.1.4.1.3029.1.2", "BLOWFISH");
-             provider.addAlgorithm("AlgorithmParameters.BLOWFISH", PREFIX + "$AlgParams");
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DES.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DES.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DES.java	2015-04-09 13:10:16.000000000 +0000
-@@ -19,12 +19,16 @@
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.KeyGenerationParameters;
- import org.bouncycastle.crypto.engines.DESEngine;
--import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// END android-removed
- import org.bouncycastle.crypto.generators.DESKeyGenerator;
- import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
--import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
--import org.bouncycastle.crypto.macs.CMac;
--import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-+// import org.bouncycastle.crypto.macs.CMac;
-+// import org.bouncycastle.crypto.macs.ISO9797Alg3Mac;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
- import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
- import org.bouncycastle.crypto.params.DESParameters;
-@@ -65,17 +69,19 @@
-         }
-     }
- 
--    /**
--     * DES   CFB8
--     */
--    public static class DESCFB8
--        extends BaseMac
--    {
--        public DESCFB8()
--        {
--            super(new CFBBlockCipherMac(new DESEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * DES   CFB8
-+    //  */
-+    // public static class DESCFB8
-+    //     extends BaseMac
-+    // {
-+    //     public DESCFB8()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new DESEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * DES64
-@@ -110,47 +116,49 @@
-         }
-     }
- 
--    static public class CMAC
--        extends BaseMac
--    {
--        public CMAC()
--        {
--            super(new CMac(new DESEngine()));
--        }
--    }
--
--    /**
--     * DES9797Alg3with7816-4Padding
--     */
--    public static class DES9797Alg3with7816d4
--        extends BaseMac
--    {
--        public DES9797Alg3with7816d4()
--        {
--            super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
--        }
--    }
--
--    /**
--     * DES9797Alg3
--     */
--    public static class DES9797Alg3
--        extends BaseMac
--    {
--        public DES9797Alg3()
--        {
--            super(new ISO9797Alg3Mac(new DESEngine()));
--        }
--    }
--
--    public static class RFC3211
--        extends BaseWrapCipher
--    {
--        public RFC3211()
--        {
--            super(new RFC3211WrapEngine(new DESEngine()), 8);
--        }
--    }
-+    // BEGIN android-removed
-+    // static public class CMAC
-+    //     extends BaseMac
-+    // {
-+    //     public CMAC()
-+    //     {
-+    //         super(new CMac(new DESEngine()));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * DES9797Alg3with7816-4Padding
-+    //  */
-+    // public static class DES9797Alg3with7816d4
-+    //     extends BaseMac
-+    // {
-+    //     public DES9797Alg3with7816d4()
-+    //     {
-+    //         super(new ISO9797Alg3Mac(new DESEngine(), new ISO7816d4Padding()));
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * DES9797Alg3
-+    //  */
-+    // public static class DES9797Alg3
-+    //     extends BaseMac
-+    // {
-+    //     public DES9797Alg3()
-+    //     {
-+    //         super(new ISO9797Alg3Mac(new DESEngine()));
-+    //     }
-+    // }
-+    //
-+    // public static class RFC3211
-+    //     extends BaseWrapCipher
-+    // {
-+    //     public RFC3211()
-+    //     {
-+    //         super(new RFC3211WrapEngine(new DESEngine()), 8);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class AlgParamGen
-         extends BaseAlgorithmParameterGenerator
-@@ -350,17 +358,19 @@
-         }
-     }
- 
--    /**
--     * PBEWithMD2AndDES
--     */
--    static public class PBEWithMD2KeyFactory
--        extends DESPBEKeyFactory
--    {
--        public PBEWithMD2KeyFactory()
--        {
--            super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * PBEWithMD2AndDES
-+    //  */
-+    // static public class PBEWithMD2KeyFactory
-+    //     extends DESPBEKeyFactory
-+    // {
-+    //     public PBEWithMD2KeyFactory()
-+    //     {
-+    //         super("PBEwithMD2andDES", PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, true, PKCS5S1, MD2, 64, 64);
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * PBEWithMD5AndDES
-@@ -386,17 +396,19 @@
-         }
-     }
- 
--    /**
--     * PBEWithMD2AndDES
--     */
--    static public class PBEWithMD2
--        extends BaseBlockCipher
--    {
--        public PBEWithMD2()
--        {
--            super(new CBCBlockCipher(new DESEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * PBEWithMD2AndDES
-+    //  */
-+    // static public class PBEWithMD2
-+    //     extends BaseBlockCipher
-+    // {
-+    //     public PBEWithMD2()
-+    //     {
-+    //         super(new CBCBlockCipher(new DESEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * PBEWithMD5AndDES
-@@ -436,61 +448,75 @@
-         {
- 
-             provider.addAlgorithm("Cipher.DES", PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
--
--            addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
--
--            provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher." + OIWObjectIdentifiers.desCBC, PREFIX + "$CBC");
-+            //
-+            // addAlias(provider, OIWObjectIdentifiers.desCBC, "DES");
-+            //
-+            // provider.addAlgorithm("Cipher.DESRFC3211WRAP", PREFIX + "$RFC3211");
-+            // END android-removed
- 
-             provider.addAlgorithm("KeyGenerator.DES", PREFIX + "$KeyGenerator");
- 
-             provider.addAlgorithm("SecretKeyFactory.DES", PREFIX + "$KeyFactory");
- 
--            provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
--            provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
--            provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
--
--            provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
--            provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
--
--            provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
--            provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
--
--            provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
--            provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
--            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
--            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
--
--            provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
--            provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
--
--            provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
--            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
--            provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
--            provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Mac.DESCMAC", PREFIX + "$CMAC");
-+            // provider.addAlgorithm("Mac.DESMAC", PREFIX + "$CBCMAC");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DES", "DESMAC");
-+            //
-+            // provider.addAlgorithm("Mac.DESMAC/CFB8", PREFIX + "$DESCFB8");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DES/CFB8", "DESMAC/CFB8");
-+            //
-+            // provider.addAlgorithm("Mac.DESMAC64", PREFIX + "$DES64");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DES64", "DESMAC64");
-+            //
-+            // provider.addAlgorithm("Mac.DESMAC64WITHISO7816-4PADDING", PREFIX + "$DES64with7816d4");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DES64WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1MACWITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797ALG1WITHISO7816-4PADDING", "DESMAC64WITHISO7816-4PADDING");
-+            //
-+            // provider.addAlgorithm("Mac.DESWITHISO9797", PREFIX + "$DES9797Alg3");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESISO9797MAC", "DESWITHISO9797");
-+            //
-+            // provider.addAlgorithm("Mac.ISO9797ALG3MAC", PREFIX + "$DES9797Alg3");
-+            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3", "ISO9797ALG3MAC");
-+            // provider.addAlgorithm("Mac.ISO9797ALG3WITHISO7816-4PADDING", PREFIX + "$DES9797Alg3with7816d4");
-+            // provider.addAlgorithm("Alg.Alias.Mac.ISO9797ALG3MACWITHISO7816-4PADDING", "ISO9797ALG3WITHISO7816-4PADDING");
-+            // END android-removed
- 
-             provider.addAlgorithm("AlgorithmParameters.DES", PACKAGE + ".util.IvAlgorithmParameters");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + OIWObjectIdentifiers.desCBC, "DES");
- 
--            provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
--
--            provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.DES",  PREFIX + "$AlgParamGen");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + OIWObjectIdentifiers.desCBC, "DES");
-+            //
-+            // provider.addAlgorithm("Cipher.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2");
-+            // END android-removed
-             provider.addAlgorithm("Cipher.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5");
-             provider.addAlgorithm("Cipher.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1");
-             
--            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-+            // END android-removed
-             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
-             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-             
--            provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDDES", PREFIX + "$PBEWithMD2KeyFactory");
-+            // END android-removed
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDDES", PREFIX + "$PBEWithMD5KeyFactory");
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDDES", PREFIX + "$PBEWithSHA1KeyFactory");
- 
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDDES-CBC", "PBEWITHMD2ANDDES");
-+            // END android-removed
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDDES-CBC", "PBEWITHMD5ANDDES");
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDDES-CBC", "PBEWITHSHA1ANDDES");
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndDES_CBC, "PBEWITHMD2ANDDES");
-+            // END android-removed
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndDES_CBC, "PBEWITHMD5ANDDES");
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithSHA1AndDES_CBC, "PBEWITHSHA1ANDDES");
-         }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DESede.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/DESede.java	2015-04-09 13:10:16.000000000 +0000
-@@ -1,30 +1,42 @@
- package org.bouncycastle.jcajce.provider.symmetric;
- 
--import java.security.AlgorithmParameters;
--import java.security.InvalidAlgorithmParameterException;
-+// BEGIN android-removed
-+// import java.security.AlgorithmParameters;
-+// import java.security.InvalidAlgorithmParameterException;
-+// END android-removed
- import java.security.SecureRandom;
--import java.security.spec.AlgorithmParameterSpec;
-+// BEGIN android-removed
-+// import java.security.spec.AlgorithmParameterSpec;
-+// END android-removed
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.KeySpec;
- 
- import javax.crypto.SecretKey;
- import javax.crypto.spec.DESedeKeySpec;
--import javax.crypto.spec.IvParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.IvParameterSpec;
-+// END android-removed
- import javax.crypto.spec.SecretKeySpec;
- 
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.crypto.KeyGenerationParameters;
- import org.bouncycastle.crypto.engines.DESedeEngine;
- import org.bouncycastle.crypto.engines.DESedeWrapEngine;
--import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
-+// END android-removed
- import org.bouncycastle.crypto.generators.DESedeKeyGenerator;
- import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
--import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
--import org.bouncycastle.crypto.macs.CMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-+// import org.bouncycastle.crypto.macs.CMac;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
- import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-@@ -56,17 +68,19 @@
-         }
-     }
- 
--    /**
--     * DESede   CFB8
--     */
--    public static class DESedeCFB8
--        extends BaseMac
--    {
--        public DESedeCFB8()
--        {
--            super(new CFBBlockCipherMac(new DESedeEngine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * DESede   CFB8
-+    //  */
-+    // public static class DESedeCFB8
-+    //     extends BaseMac
-+    // {
-+    //     public DESedeCFB8()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new DESedeEngine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * DESede64
-@@ -101,15 +115,17 @@
-         }
-     }
- 
--    static public class CMAC
--        extends BaseMac
--    {
--        public CMAC()
--        {
--            super(new CMac(new DESedeEngine()));
--        }
--    }
--
-+    // BEGIN android-removed
-+    // static public class CMAC
-+    //     extends BaseMac
-+    // {
-+    //     public CMAC()
-+    //     {
-+    //         super(new CMac(new DESedeEngine()));
-+    //     }
-+    // }
-+    // END android-removed
-+    
-     public static class Wrap
-         extends BaseWrapCipher
-     {
-@@ -118,15 +134,17 @@
-             super(new DESedeWrapEngine());
-         }
-     }
--
--    public static class RFC3211
--        extends BaseWrapCipher
--    {
--        public RFC3211()
--        {
--            super(new RFC3211WrapEngine(new DESedeEngine()), 8);
--        }
--    }
-+    
-+    // BEGIN android-removed
-+    // public static class RFC3211
-+    //     extends BaseWrapCipher
-+    // {
-+    //     public RFC3211()
-+    //     {
-+    //         super(new RFC3211WrapEngine(new DESedeEngine()), 8);
-+    //     }
-+    // }
-+    // END android-removed
- 
-   /**
-      * DESede - the default for this is to generate a key in
-@@ -240,43 +258,45 @@
-         }
-     }
- 
--    public static class AlgParamGen
--        extends BaseAlgorithmParameterGenerator
--    {
--        protected void engineInit(
--            AlgorithmParameterSpec genParamSpec,
--            SecureRandom            random)
--            throws InvalidAlgorithmParameterException
--        {
--            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
--        }
--
--        protected AlgorithmParameters engineGenerateParameters()
--        {
--            byte[]  iv = new byte[8];
--
--            if (random == null)
--            {
--                random = new SecureRandom();
--            }
--
--            random.nextBytes(iv);
--
--            AlgorithmParameters params;
--
--            try
--            {
--                params = createParametersInstance("DES");
--                params.init(new IvParameterSpec(iv));
--            }
--            catch (Exception e)
--            {
--                throw new RuntimeException(e.getMessage());
--            }
--
--            return params;
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class AlgParamGen
-+    //     extends BaseAlgorithmParameterGenerator
-+    // {
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec genParamSpec,
-+    //         SecureRandom            random)
-+    //         throws InvalidAlgorithmParameterException
-+    //     {
-+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for DES parameter generation.");
-+    //     }
-+
-+    //     protected AlgorithmParameters engineGenerateParameters()
-+    //     {
-+    //         byte[]  iv = new byte[8];
-+
-+    //         if (random == null)
-+    //         {
-+    //             random = new SecureRandom();
-+    //         }
-+
-+    //         random.nextBytes(iv);
-+
-+    //         AlgorithmParameters params;
-+
-+    //         try
-+    //         {
-+    //             params = createParametersInstance("DES");
-+    //             params.init(new IvParameterSpec(iv));
-+    //         }
-+    //         catch (Exception e)
-+    //         {
-+    //             throw new RuntimeException(e.getMessage());
-+    //         }
-+
-+    //         return params;
-+    //     }
-+    // }
-+    // END android-removed
- 
-     static public class KeyFactory
-         extends BaseSecretKeyFactory
-@@ -360,25 +380,37 @@
-         public void configure(ConfigurableProvider provider)
-         {
-             provider.addAlgorithm("Cipher.DESEDE", PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$CBC");
-+            // END android-removed
-             provider.addAlgorithm("Cipher.DESEDEWRAP", PREFIX + "$Wrap");
--            provider.addAlgorithm("Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, PREFIX + "$Wrap");
--            provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
-+            // BEGIN android-changed
-+            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMS3DESwrap, "DESEDEWRAP");
-+            // END android-changed
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.DESEDERFC3211WRAP", PREFIX + "$RFC3211");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.Cipher.TDEA", "DESEDE");
-             provider.addAlgorithm("Alg.Alias.Cipher.TDEAWRAP", "DESEDEWRAP");
-             provider.addAlgorithm("Alg.Alias.KeyGenerator.TDEA", "DESEDE");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.TDEA", "DESEDE");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
-+            // END android-removed
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
- 
-             if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
-             {
-                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
--                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
--                provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
-+                // BEGIN android-removed
-+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES3Key");
-+                // provider.addAlgorithm("Cipher.OLDPBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$OldPBEWithSHAAndDES3Key");
-+                // END android-removed
-                 provider.addAlgorithm("Cipher.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2Key");
--                provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
-+                // BEGIN android-removed
-+                // provider.addAlgorithm("Cipher.BROKENPBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$BrokePBEWithSHAAndDES2Key");
-+                // END android-removed
-                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-                 provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithSHAAnd2_KeyTripleDES_CBC, "PBEWITHSHAAND2-KEYTRIPLEDES-CBC");
-                 provider.addAlgorithm("Alg.Alias.Cipher.PBEWITHSHA1ANDDESEDE", "PBEWITHSHAAND3-KEYTRIPLEDES-CBC");
-@@ -387,31 +419,37 @@
-             }
- 
-             provider.addAlgorithm("KeyGenerator.DESEDE", PREFIX + "$KeyGenerator");
--            provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
--            provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("KeyGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, PREFIX + "$KeyGenerator3");
-+            // provider.addAlgorithm("KeyGenerator.DESEDEWRAP", PREFIX + "$KeyGenerator");
-+            // END android-removed
- 
-             provider.addAlgorithm("SecretKeyFactory.DESEDE", PREFIX + "$KeyFactory");
- 
--            provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
--            provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
--
--            provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
--
--            provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
--
--            provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
--            provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Mac.DESEDECMAC", PREFIX + "$CMAC");
-+            // provider.addAlgorithm("Mac.DESEDEMAC", PREFIX + "$CBCMAC");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE", "DESEDEMAC");
-+            //
-+            // provider.addAlgorithm("Mac.DESEDEMAC/CFB8", PREFIX + "$DESedeCFB8");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE/CFB8", "DESEDEMAC/CFB8");
-+            //
-+            // provider.addAlgorithm("Mac.DESEDEMAC64", PREFIX + "$DESede64");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64", "DESEDEMAC64");
-+            //
-+            // provider.addAlgorithm("Mac.DESEDEMAC64WITHISO7816-4PADDING", PREFIX + "$DESede64with7816d4");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDE64WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1MACWITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+            // provider.addAlgorithm("Alg.Alias.Mac.DESEDEISO9797ALG1WITHISO7816-4PADDING", "DESEDEMAC64WITHISO7816-4PADDING");
-+            // END android-removed
- 
-             provider.addAlgorithm("AlgorithmParameters.DESEDE", PACKAGE + ".util.IvAlgorithmParameters");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
- 
--            provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
--            provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.DESEDE",  PREFIX + "$AlgParamGen");
-+            // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator." + PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE");
-+            // END android-removed
- 
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3KeyFactory");
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND2-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES2KeyFactory");
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/RC2.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/RC2.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/RC2.java	2015-04-09 13:10:16.000000000 +0000
-@@ -12,20 +12,28 @@
- 
- import org.bouncycastle.asn1.ASN1Primitive;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
--import org.bouncycastle.crypto.CipherKeyGenerator;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.pkcs.RC2CBCParameter;
-+// import org.bouncycastle.crypto.CipherKeyGenerator;
-+// END android-removed
- import org.bouncycastle.crypto.engines.RC2Engine;
--import org.bouncycastle.crypto.engines.RC2WrapEngine;
--import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
--import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.engines.RC2WrapEngine;
-+// import org.bouncycastle.crypto.macs.CBCBlockCipherMac;
-+// import org.bouncycastle.crypto.macs.CFBBlockCipherMac;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameterGenerator;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseWrapCipher;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
- import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
- import org.bouncycastle.util.Arrays;
-@@ -36,59 +44,61 @@
-     {
-     }
- 
--    /**
--     * RC2
--     */
--    static public class ECB
--        extends BaseBlockCipher
--    {
--        public ECB()
--        {
--            super(new RC2Engine());
--        }
--    }
--
--    /**
--     * RC2CBC
--     */
--    static public class CBC
--        extends BaseBlockCipher
--    {
--        public CBC()
--        {
--            super(new CBCBlockCipher(new RC2Engine()), 64);
--        }
--    }
--
--    public static class Wrap
--        extends BaseWrapCipher
--    {
--        public Wrap()
--        {
--            super(new RC2WrapEngine());
--        }
--    }
--
--    /**
--     * RC2
--     */
--    public static class CBCMAC
--        extends BaseMac
--    {
--        public CBCMAC()
--        {
--            super(new CBCBlockCipherMac(new RC2Engine()));
--        }
--    }
--
--    public static class CFB8MAC
--        extends BaseMac
--    {
--        public CFB8MAC()
--        {
--            super(new CFBBlockCipherMac(new RC2Engine()));
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * RC2
-+    //  */
-+    // static public class ECB
-+    //     extends BaseBlockCipher
-+    // {
-+    //     public ECB()
-+    //     {
-+    //         super(new RC2Engine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC2CBC
-+    //  */
-+    // static public class CBC
-+    //     extends BaseBlockCipher
-+    // {
-+    //     public CBC()
-+    //     {
-+    //         super(new CBCBlockCipher(new RC2Engine()), 64);
-+    //     }
-+    // }
-+    //
-+    // public static class Wrap
-+    //     extends BaseWrapCipher
-+    // {
-+    //     public Wrap()
-+    //     {
-+    //         super(new RC2WrapEngine());
-+    //     }
-+    // }
-+    //
-+    // /**
-+    //  * RC2
-+    //  */
-+    // public static class CBCMAC
-+    //     extends BaseMac
-+    // {
-+    //     public CBCMAC()
-+    //     {
-+    //         super(new CBCBlockCipherMac(new RC2Engine()));
-+    //     }
-+    // }
-+    //
-+    // public static class CFB8MAC
-+    //     extends BaseMac
-+    // {
-+    //     public CFB8MAC()
-+    //     {
-+    //         super(new CFBBlockCipherMac(new RC2Engine()));
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * PBEWithSHA1AndRC2
-@@ -174,17 +184,19 @@
-         }
-     }
- 
--    /**
--     * PBEWithMD2AndRC2
--     */
--    static public class PBEWithMD2KeyFactory
--        extends PBESecretKeyFactory
--    {
--        public PBEWithMD2KeyFactory()
--        {
--            super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
--        }
--    }
-+    // BEGIN android-removed
-+    // /**
-+    //  * PBEWithMD2AndRC2
-+    //  */
-+    // static public class PBEWithMD2KeyFactory
-+    //     extends PBESecretKeyFactory
-+    // {
-+    //     public PBEWithMD2KeyFactory()
-+    //     {
-+    //         super("PBEwithMD2andRC2", PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, true, PKCS5S1, MD2, 64, 64);
-+    //     }
-+    // }
-+    // END android-removed
- 
-    /**
-     * PBEWithMD5AndRC2
-@@ -198,247 +210,249 @@
-        }
-    }
- 
--    public static class AlgParamGen
--        extends BaseAlgorithmParameterGenerator
--    {
--        RC2ParameterSpec spec = null;
--
--        protected void engineInit(
--            AlgorithmParameterSpec genParamSpec,
--            SecureRandom random)
--            throws InvalidAlgorithmParameterException
--        {
--            if (genParamSpec instanceof RC2ParameterSpec)
--            {
--                spec = (RC2ParameterSpec)genParamSpec;
--                return;
--            }
--
--            throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
--        }
--
--        protected AlgorithmParameters engineGenerateParameters()
--        {
--            AlgorithmParameters params;
--
--            if (spec == null)
--            {
--                byte[] iv = new byte[8];
--
--                if (random == null)
--                {
--                    random = new SecureRandom();
--                }
--
--                random.nextBytes(iv);
--
--                try
--                {
--                    params = createParametersInstance("RC2");
--                    params.init(new IvParameterSpec(iv));
--                }
--                catch (Exception e)
--                {
--                    throw new RuntimeException(e.getMessage());
--                }
--            }
--            else
--            {
--                try
--                {
--                    params = createParametersInstance("RC2");
--                    params.init(spec);
--                }
--                catch (Exception e)
--                {
--                    throw new RuntimeException(e.getMessage());
--                }
--            }
--
--            return params;
--        }
--    }
--
--    public static class KeyGenerator
--        extends BaseKeyGenerator
--    {
--        public KeyGenerator()
--        {
--            super("RC2", 128, new CipherKeyGenerator());
--        }
--    }
--
--    public static class AlgParams
--        extends BaseAlgorithmParameters
--    {
--        private static final short[] table = {
--            0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
--            0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
--            0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
--            0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
--            0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
--            0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
--            0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
--            0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
--            0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
--            0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
--            0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
--            0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
--            0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
--            0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
--            0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
--            0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
--        };
--
--        private static final short[] ekb = {
--            0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
--            0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
--            0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
--            0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
--            0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
--            0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
--            0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
--            0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
--            0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
--            0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
--            0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
--            0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
--            0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
--            0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
--            0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
--            0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
--        };
--
--        private byte[] iv;
--        private int parameterVersion = 58;
--
--        protected byte[] engineGetEncoded()
--        {
--            return Arrays.clone(iv);
--        }
--
--        protected byte[] engineGetEncoded(
--            String format)
--            throws IOException
--        {
--            if (this.isASN1FormatString(format))
--            {
--                if (parameterVersion == -1)
--                {
--                    return new RC2CBCParameter(engineGetEncoded()).getEncoded();
--                }
--                else
--                {
--                    return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
--                }
--            }
--
--            if (format.equals("RAW"))
--            {
--                return engineGetEncoded();
--            }
--
--            return null;
--        }
--
--        protected AlgorithmParameterSpec localEngineGetParameterSpec(
--            Class paramSpec)
--            throws InvalidParameterSpecException
--        {
--            if (paramSpec == RC2ParameterSpec.class)
--            {
--                if (parameterVersion != -1)
--                {
--                    if (parameterVersion < 256)
--                    {
--                        return new RC2ParameterSpec(ekb[parameterVersion], iv);
--                    }
--                    else
--                    {
--                        return new RC2ParameterSpec(parameterVersion, iv);
--                    }
--                }
--            }
--
--            if (paramSpec == IvParameterSpec.class)
--            {
--                return new IvParameterSpec(iv);
--            }
--
--            throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
--        }
--
--        protected void engineInit(
--            AlgorithmParameterSpec paramSpec)
--            throws InvalidParameterSpecException
--        {
--            if (paramSpec instanceof IvParameterSpec)
--            {
--                this.iv = ((IvParameterSpec)paramSpec).getIV();
--            }
--            else if (paramSpec instanceof RC2ParameterSpec)
--            {
--                int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
--                if (effKeyBits != -1)
--                {
--                    if (effKeyBits < 256)
--                    {
--                        parameterVersion = table[effKeyBits];
--                    }
--                    else
--                    {
--                        parameterVersion = effKeyBits;
--                    }
--                }
--
--                this.iv = ((RC2ParameterSpec)paramSpec).getIV();
--            }
--            else
--            {
--                throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
--            }
--        }
--
--        protected void engineInit(
--            byte[] params)
--            throws IOException
--        {
--            this.iv = Arrays.clone(params);
--        }
--
--        protected void engineInit(
--            byte[] params,
--            String format)
--            throws IOException
--        {
--            if (this.isASN1FormatString(format))
--            {
--                RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
--
--                if (p.getRC2ParameterVersion() != null)
--                {
--                    parameterVersion = p.getRC2ParameterVersion().intValue();
--                }
--
--                iv = p.getIV();
--
--                return;
--            }
--
--            if (format.equals("RAW"))
--            {
--                engineInit(params);
--                return;
--            }
--
--            throw new IOException("Unknown parameters format in IV parameters object");
--        }
--
--        protected String engineToString()
--        {
--            return "RC2 Parameters";
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class AlgParamGen
-+    //     extends BaseAlgorithmParameterGenerator
-+    // {
-+    //     RC2ParameterSpec spec = null;
-+    // 
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec genParamSpec,
-+    //         SecureRandom random)
-+    //         throws InvalidAlgorithmParameterException
-+    //     {
-+    //         if (genParamSpec instanceof RC2ParameterSpec)
-+    //         {
-+    //             spec = (RC2ParameterSpec)genParamSpec;
-+    //             return;
-+    //         }
-+    // 
-+    //         throw new InvalidAlgorithmParameterException("No supported AlgorithmParameterSpec for RC2 parameter generation.");
-+    //     }
-+    // 
-+    //     protected AlgorithmParameters engineGenerateParameters()
-+    //     {
-+    //         AlgorithmParameters params;
-+    // 
-+    //         if (spec == null)
-+    //         {
-+    //             byte[] iv = new byte[8];
-+    // 
-+    //             if (random == null)
-+    //             {
-+    //                 random = new SecureRandom();
-+    //             }
-+    // 
-+    //             random.nextBytes(iv);
-+    // 
-+    //             try
-+    //             {
-+    //                 params = createParametersInstance("RC2");
-+    //                 params.init(new IvParameterSpec(iv));
-+    //             }
-+    //             catch (Exception e)
-+    //             {
-+    //                 throw new RuntimeException(e.getMessage());
-+    //             }
-+    //         }
-+    //         else
-+    //         {
-+    //             try
-+    //             {
-+    //                 params = createParametersInstance("RC2");
-+    //                 params.init(spec);
-+    //             }
-+    //             catch (Exception e)
-+    //             {
-+    //                 throw new RuntimeException(e.getMessage());
-+    //             }
-+    //         }
-+    // 
-+    //         return params;
-+    //     }
-+    // }
-+    // 
-+    // public static class KeyGenerator
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public KeyGenerator()
-+    //     {
-+    //         super("RC2", 128, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    // 
-+    // public static class AlgParams
-+    //     extends BaseAlgorithmParameters
-+    // {
-+    //     private static final short[] table = {
-+    //         0xbd, 0x56, 0xea, 0xf2, 0xa2, 0xf1, 0xac, 0x2a, 0xb0, 0x93, 0xd1, 0x9c, 0x1b, 0x33, 0xfd, 0xd0,
-+    //         0x30, 0x04, 0xb6, 0xdc, 0x7d, 0xdf, 0x32, 0x4b, 0xf7, 0xcb, 0x45, 0x9b, 0x31, 0xbb, 0x21, 0x5a,
-+    //         0x41, 0x9f, 0xe1, 0xd9, 0x4a, 0x4d, 0x9e, 0xda, 0xa0, 0x68, 0x2c, 0xc3, 0x27, 0x5f, 0x80, 0x36,
-+    //         0x3e, 0xee, 0xfb, 0x95, 0x1a, 0xfe, 0xce, 0xa8, 0x34, 0xa9, 0x13, 0xf0, 0xa6, 0x3f, 0xd8, 0x0c,
-+    //         0x78, 0x24, 0xaf, 0x23, 0x52, 0xc1, 0x67, 0x17, 0xf5, 0x66, 0x90, 0xe7, 0xe8, 0x07, 0xb8, 0x60,
-+    //         0x48, 0xe6, 0x1e, 0x53, 0xf3, 0x92, 0xa4, 0x72, 0x8c, 0x08, 0x15, 0x6e, 0x86, 0x00, 0x84, 0xfa,
-+    //         0xf4, 0x7f, 0x8a, 0x42, 0x19, 0xf6, 0xdb, 0xcd, 0x14, 0x8d, 0x50, 0x12, 0xba, 0x3c, 0x06, 0x4e,
-+    //         0xec, 0xb3, 0x35, 0x11, 0xa1, 0x88, 0x8e, 0x2b, 0x94, 0x99, 0xb7, 0x71, 0x74, 0xd3, 0xe4, 0xbf,
-+    //         0x3a, 0xde, 0x96, 0x0e, 0xbc, 0x0a, 0xed, 0x77, 0xfc, 0x37, 0x6b, 0x03, 0x79, 0x89, 0x62, 0xc6,
-+    //         0xd7, 0xc0, 0xd2, 0x7c, 0x6a, 0x8b, 0x22, 0xa3, 0x5b, 0x05, 0x5d, 0x02, 0x75, 0xd5, 0x61, 0xe3,
-+    //         0x18, 0x8f, 0x55, 0x51, 0xad, 0x1f, 0x0b, 0x5e, 0x85, 0xe5, 0xc2, 0x57, 0x63, 0xca, 0x3d, 0x6c,
-+    //         0xb4, 0xc5, 0xcc, 0x70, 0xb2, 0x91, 0x59, 0x0d, 0x47, 0x20, 0xc8, 0x4f, 0x58, 0xe0, 0x01, 0xe2,
-+    //         0x16, 0x38, 0xc4, 0x6f, 0x3b, 0x0f, 0x65, 0x46, 0xbe, 0x7e, 0x2d, 0x7b, 0x82, 0xf9, 0x40, 0xb5,
-+    //         0x1d, 0x73, 0xf8, 0xeb, 0x26, 0xc7, 0x87, 0x97, 0x25, 0x54, 0xb1, 0x28, 0xaa, 0x98, 0x9d, 0xa5,
-+    //         0x64, 0x6d, 0x7a, 0xd4, 0x10, 0x81, 0x44, 0xef, 0x49, 0xd6, 0xae, 0x2e, 0xdd, 0x76, 0x5c, 0x2f,
-+    //         0xa7, 0x1c, 0xc9, 0x09, 0x69, 0x9a, 0x83, 0xcf, 0x29, 0x39, 0xb9, 0xe9, 0x4c, 0xff, 0x43, 0xab
-+    //     };
-+    // 
-+    //     private static final short[] ekb = {
-+    //         0x5d, 0xbe, 0x9b, 0x8b, 0x11, 0x99, 0x6e, 0x4d, 0x59, 0xf3, 0x85, 0xa6, 0x3f, 0xb7, 0x83, 0xc5,
-+    //         0xe4, 0x73, 0x6b, 0x3a, 0x68, 0x5a, 0xc0, 0x47, 0xa0, 0x64, 0x34, 0x0c, 0xf1, 0xd0, 0x52, 0xa5,
-+    //         0xb9, 0x1e, 0x96, 0x43, 0x41, 0xd8, 0xd4, 0x2c, 0xdb, 0xf8, 0x07, 0x77, 0x2a, 0xca, 0xeb, 0xef,
-+    //         0x10, 0x1c, 0x16, 0x0d, 0x38, 0x72, 0x2f, 0x89, 0xc1, 0xf9, 0x80, 0xc4, 0x6d, 0xae, 0x30, 0x3d,
-+    //         0xce, 0x20, 0x63, 0xfe, 0xe6, 0x1a, 0xc7, 0xb8, 0x50, 0xe8, 0x24, 0x17, 0xfc, 0x25, 0x6f, 0xbb,
-+    //         0x6a, 0xa3, 0x44, 0x53, 0xd9, 0xa2, 0x01, 0xab, 0xbc, 0xb6, 0x1f, 0x98, 0xee, 0x9a, 0xa7, 0x2d,
-+    //         0x4f, 0x9e, 0x8e, 0xac, 0xe0, 0xc6, 0x49, 0x46, 0x29, 0xf4, 0x94, 0x8a, 0xaf, 0xe1, 0x5b, 0xc3,
-+    //         0xb3, 0x7b, 0x57, 0xd1, 0x7c, 0x9c, 0xed, 0x87, 0x40, 0x8c, 0xe2, 0xcb, 0x93, 0x14, 0xc9, 0x61,
-+    //         0x2e, 0xe5, 0xcc, 0xf6, 0x5e, 0xa8, 0x5c, 0xd6, 0x75, 0x8d, 0x62, 0x95, 0x58, 0x69, 0x76, 0xa1,
-+    //         0x4a, 0xb5, 0x55, 0x09, 0x78, 0x33, 0x82, 0xd7, 0xdd, 0x79, 0xf5, 0x1b, 0x0b, 0xde, 0x26, 0x21,
-+    //         0x28, 0x74, 0x04, 0x97, 0x56, 0xdf, 0x3c, 0xf0, 0x37, 0x39, 0xdc, 0xff, 0x06, 0xa4, 0xea, 0x42,
-+    //         0x08, 0xda, 0xb4, 0x71, 0xb0, 0xcf, 0x12, 0x7a, 0x4e, 0xfa, 0x6c, 0x1d, 0x84, 0x00, 0xc8, 0x7f,
-+    //         0x91, 0x45, 0xaa, 0x2b, 0xc2, 0xb1, 0x8f, 0xd5, 0xba, 0xf2, 0xad, 0x19, 0xb2, 0x67, 0x36, 0xf7,
-+    //         0x0f, 0x0a, 0x92, 0x7d, 0xe3, 0x9d, 0xe9, 0x90, 0x3e, 0x23, 0x27, 0x66, 0x13, 0xec, 0x81, 0x15,
-+    //         0xbd, 0x22, 0xbf, 0x9f, 0x7e, 0xa9, 0x51, 0x4b, 0x4c, 0xfb, 0x02, 0xd3, 0x70, 0x86, 0x31, 0xe7,
-+    //         0x3b, 0x05, 0x03, 0x54, 0x60, 0x48, 0x65, 0x18, 0xd2, 0xcd, 0x5f, 0x32, 0x88, 0x0e, 0x35, 0xfd
-+    //     };
-+    // 
-+    //     private byte[] iv;
-+    //     private int parameterVersion = 58;
-+    // 
-+    //     protected byte[] engineGetEncoded()
-+    //     {
-+    //         return Arrays.clone(iv);
-+    //     }
-+    // 
-+    //     protected byte[] engineGetEncoded(
-+    //         String format)
-+    //         throws IOException
-+    //     {
-+    //         if (this.isASN1FormatString(format))
-+    //         {
-+    //             if (parameterVersion == -1)
-+    //             {
-+    //                 return new RC2CBCParameter(engineGetEncoded()).getEncoded();
-+    //             }
-+    //             else
-+    //             {
-+    //                 return new RC2CBCParameter(parameterVersion, engineGetEncoded()).getEncoded();
-+    //             }
-+    //         }
-+    // 
-+    //         if (format.equals("RAW"))
-+    //         {
-+    //             return engineGetEncoded();
-+    //         }
-+    // 
-+    //         return null;
-+    //     }
-+    // 
-+    //     protected AlgorithmParameterSpec localEngineGetParameterSpec(
-+    //         Class paramSpec)
-+    //         throws InvalidParameterSpecException
-+    //     {
-+    //         if (paramSpec == RC2ParameterSpec.class)
-+    //         {
-+    //             if (parameterVersion != -1)
-+    //             {
-+    //                 if (parameterVersion < 256)
-+    //                 {
-+    //                     return new RC2ParameterSpec(ekb[parameterVersion], iv);
-+    //                 }
-+    //                 else
-+    //                 {
-+    //                     return new RC2ParameterSpec(parameterVersion, iv);
-+    //                 }
-+    //             }
-+    //         }
-+    // 
-+    //         if (paramSpec == IvParameterSpec.class)
-+    //         {
-+    //             return new IvParameterSpec(iv);
-+    //         }
-+    // 
-+    //         throw new InvalidParameterSpecException("unknown parameter spec passed to RC2 parameters object.");
-+    //     }
-+    // 
-+    //     protected void engineInit(
-+    //         AlgorithmParameterSpec paramSpec)
-+    //         throws InvalidParameterSpecException
-+    //     {
-+    //         if (paramSpec instanceof IvParameterSpec)
-+    //         {
-+    //             this.iv = ((IvParameterSpec)paramSpec).getIV();
-+    //         }
-+    //         else if (paramSpec instanceof RC2ParameterSpec)
-+    //         {
-+    //             int effKeyBits = ((RC2ParameterSpec)paramSpec).getEffectiveKeyBits();
-+    //             if (effKeyBits != -1)
-+    //             {
-+    //                 if (effKeyBits < 256)
-+    //                 {
-+    //                     parameterVersion = table[effKeyBits];
-+    //                 }
-+    //                 else
-+    //                 {
-+    //                     parameterVersion = effKeyBits;
-+    //                 }
-+    //             }
-+    // 
-+    //             this.iv = ((RC2ParameterSpec)paramSpec).getIV();
-+    //         }
-+    //         else
-+    //         {
-+    //             throw new InvalidParameterSpecException("IvParameterSpec or RC2ParameterSpec required to initialise a RC2 parameters algorithm parameters object");
-+    //         }
-+    //     }
-+    // 
-+    //     protected void engineInit(
-+    //         byte[] params)
-+    //         throws IOException
-+    //     {
-+    //         this.iv = Arrays.clone(params);
-+    //     }
-+    // 
-+    //     protected void engineInit(
-+    //         byte[] params,
-+    //         String format)
-+    //         throws IOException
-+    //     {
-+    //         if (this.isASN1FormatString(format))
-+    //         {
-+    //             RC2CBCParameter p = RC2CBCParameter.getInstance(ASN1Primitive.fromByteArray(params));
-+    // 
-+    //             if (p.getRC2ParameterVersion() != null)
-+    //             {
-+    //                 parameterVersion = p.getRC2ParameterVersion().intValue();
-+    //             }
-+    // 
-+    //             iv = p.getIV();
-+    // 
-+    //             return;
-+    //         }
-+    // 
-+    //         if (format.equals("RAW"))
-+    //         {
-+    //             engineInit(params);
-+    //             return;
-+    //         }
-+    // 
-+    //         throw new IOException("Unknown parameters format in IV parameters object");
-+    //     }
-+    // 
-+    //     protected String engineToString()
-+    //     {
-+    //         return "RC2 Parameters";
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class Mappings
-         extends AlgorithmProvider
-@@ -452,32 +466,36 @@
-         public void configure(ConfigurableProvider provider)
-         {
- 
--            provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
--            provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
--
--            provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
--            provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
--
--            provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
--            provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
--
--            provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
--            provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
--            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
--            provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC");
--
--            provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
--            provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
--            provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
--            provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
--
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.RC2", PREFIX + "$AlgParamGen");
-+            // provider.addAlgorithm("AlgorithmParameterGenerator.1.2.840.113549.3.2", PREFIX + "$AlgParamGen");
-+            //
-+            // provider.addAlgorithm("KeyGenerator.RC2", PREFIX + "$KeyGenerator");
-+            // provider.addAlgorithm("KeyGenerator.1.2.840.113549.3.2", PREFIX + "$KeyGenerator");
-+            //
-+            // provider.addAlgorithm("AlgorithmParameters.RC2", PREFIX + "$AlgParams");
-+            // provider.addAlgorithm("AlgorithmParameters.1.2.840.113549.3.2", PREFIX + "$AlgParams");
-+            //
-+            // provider.addAlgorithm("Cipher.RC2", PREFIX + "$ECB");
-+            // provider.addAlgorithm("Cipher.RC2WRAP", PREFIX + "$Wrap");
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.id_alg_CMSRC2wrap, "RC2WRAP");
-+            // provider.addAlgorithm("Cipher.1.2.840.113549.3.2", PREFIX + "$CBC");
-+            //
-+            // provider.addAlgorithm("Mac.RC2MAC", PREFIX + "$CBCMAC");
-+            // provider.addAlgorithm("Alg.Alias.Mac.RC2", "RC2MAC");
-+            // provider.addAlgorithm("Mac.RC2MAC/CFB8", PREFIX + "$CFB8MAC");
-+            // provider.addAlgorithm("Alg.Alias.Mac.RC2/CFB8", "RC2MAC/CFB8");
-+            //
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD2ANDRC2-CBC", "PBEWITHMD2ANDRC2");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHMD5ANDRC2-CBC", "PBEWITHMD5ANDRC2");
- 
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.PBEWITHSHA1ANDRC2-CBC", "PBEWITHSHA1ANDRC2");
- 
--            provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
- 
-@@ -485,14 +503,18 @@
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.5", "PBEWITHSHAAND128BITRC2-CBC");
-             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.12.1.6", "PBEWITHSHAAND40BITRC2-CBC");
- 
--            provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("SecretKeyFactory.PBEWITHMD2ANDRC2", PREFIX + "$PBEWithMD2KeyFactory");
-+            // END android-removed
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHMD5ANDRC2", PREFIX + "$PBEWithMD5KeyFactory");
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHA1ANDRC2", PREFIX + "$PBEWithSHA1KeyFactory");
- 
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND128BITRC2-CBC", PREFIX + "$PBEWithSHAAnd128BitKeyFactory");
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAAND40BITRC2-CBC", PREFIX + "$PBEWithSHAAnd40BitKeyFactory");
-             
--            provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD2AndRC2_CBC, "PBEWITHMD2ANDRC2");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.Cipher." + PKCSObjectIdentifiers.pbeWithMD5AndRC2_CBC, "PBEWITHMD5ANDRC2");
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/SymmetricAlgorithmProvider.java	2013-12-12 00:35:05.000000000 +0000
-@@ -6,29 +6,31 @@
- abstract class SymmetricAlgorithmProvider
-     extends AlgorithmProvider
- {
--    protected void addGMacAlgorithm(
--        ConfigurableProvider provider,
--        String algorithm,
--        String algorithmClassName,
--        String keyGeneratorClassName)
--    {
--        provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
--        provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
--
--        provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
--        provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
--    }
--
--    protected void addPoly1305Algorithm(ConfigurableProvider provider,
--                                        String algorithm,
--                                        String algorithmClassName,
--                                        String keyGeneratorClassName)
--    {
--        provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
--        provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
--
--        provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
--        provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
--    }
-+    // BEGIN android-removed
-+    // protected void addGMacAlgorithm(
-+    //     ConfigurableProvider provider,
-+    //     String algorithm,
-+    //     String algorithmClassName,
-+    //     String keyGeneratorClassName)
-+    // {
-+    //     provider.addAlgorithm("Mac." + algorithm + "-GMAC", algorithmClassName);
-+    //     provider.addAlgorithm("Alg.Alias.Mac." + algorithm + "GMAC", algorithm + "-GMAC");
-+    //
-+    //     provider.addAlgorithm("KeyGenerator." + algorithm + "-GMAC", keyGeneratorClassName);
-+    //     provider.addAlgorithm("Alg.Alias.KeyGenerator." + algorithm + "GMAC",  algorithm + "-GMAC");
-+    // }
-+    //
-+    // protected void addPoly1305Algorithm(ConfigurableProvider provider,
-+    //                                     String algorithm,
-+    //                                     String algorithmClassName,
-+    //                                     String keyGeneratorClassName)
-+    // {
-+    //     provider.addAlgorithm("Mac.POLY1305-" + algorithm, algorithmClassName);
-+    //     provider.addAlgorithm("Alg.Alias.Mac.POLY1305" + algorithm, "POLY1305-" + algorithm);
-+    //
-+    //     provider.addAlgorithm("KeyGenerator.POLY1305-" + algorithm, keyGeneratorClassName);
-+    //     provider.addAlgorithm("Alg.Alias.KeyGenerator.POLY1305" + algorithm, "POLY1305-" + algorithm);
-+    // }
-+    // END android-removed
- 
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Twofish.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/Twofish.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/Twofish.java	2013-12-12 00:35:05.000000000 +0000
-@@ -1,18 +1,26 @@
- package org.bouncycastle.jcajce.provider.symmetric;
- 
--import org.bouncycastle.crypto.BlockCipher;
--import org.bouncycastle.crypto.CipherKeyGenerator;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.BlockCipher;
-+// import org.bouncycastle.crypto.CipherKeyGenerator;
-+// END android-removed
- import org.bouncycastle.crypto.engines.TwofishEngine;
--import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
--import org.bouncycastle.crypto.macs.GMac;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.generators.Poly1305KeyGenerator;
-+// import org.bouncycastle.crypto.macs.GMac;
-+// END android-removed
- import org.bouncycastle.crypto.modes.CBCBlockCipher;
--import org.bouncycastle.crypto.modes.GCMBlockCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.modes.GCMBlockCipher;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
- import org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
--import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
--import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
--import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseKeyGenerator;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BaseMac;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.BlockCipherProvider;
-+// import org.bouncycastle.jcajce.provider.symmetric.util.IvAlgorithmParameters;
-+// END android-removed
- import org.bouncycastle.jcajce.provider.symmetric.util.PBESecretKeyFactory;
- 
- public final class Twofish
-@@ -21,56 +29,58 @@
-     {
-     }
- 
--    public static class ECB
--        extends BaseBlockCipher
--    {
--        public ECB()
--        {
--            super(new BlockCipherProvider()
--            {
--                public BlockCipher get()
--                {
--                    return new TwofishEngine();
--                }
--            });
--        }
--    }
--
--    public static class KeyGen
--        extends BaseKeyGenerator
--    {
--        public KeyGen()
--        {
--            super("Twofish", 256, new CipherKeyGenerator());
--        }
--    }
--
--    public static class GMAC
--        extends BaseMac
--    {
--        public GMAC()
--        {
--            super(new GMac(new GCMBlockCipher(new TwofishEngine())));
--        }
--    }
--
--    public static class Poly1305
--        extends BaseMac
--    {
--        public Poly1305()
--        {
--            super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
--        }
--    }
--
--    public static class Poly1305KeyGen
--        extends BaseKeyGenerator
--    {
--        public Poly1305KeyGen()
--        {
--            super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class ECB
-+    //     extends BaseBlockCipher
-+    // {
-+    //     public ECB()
-+    //     {
-+    //         super(new BlockCipherProvider()
-+    //         {
-+    //             public BlockCipher get()
-+    //             {
-+    //                 return new TwofishEngine();
-+    //             }
-+    //         });
-+    //     }
-+    // }
-+    //
-+    // public static class KeyGen
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public KeyGen()
-+    //     {
-+    //         super("Twofish", 256, new CipherKeyGenerator());
-+    //     }
-+    // }
-+    //
-+    // public static class GMAC
-+    //     extends BaseMac
-+    // {
-+    //     public GMAC()
-+    //     {
-+    //         super(new GMac(new GCMBlockCipher(new TwofishEngine())));
-+    //     }
-+    // }
-+    //
-+    // public static class Poly1305
-+    //     extends BaseMac
-+    // {
-+    //     public Poly1305()
-+    //     {
-+    //         super(new org.bouncycastle.crypto.macs.Poly1305(new TwofishEngine()));
-+    //     }
-+    // }
-+    //
-+    // public static class Poly1305KeyGen
-+    //     extends BaseKeyGenerator
-+    // {
-+    //     public Poly1305KeyGen()
-+    //     {
-+    //         super("Poly1305-Twofish", 256, new Poly1305KeyGenerator());
-+    //     }
-+    // }
-+    // END android-removed
- 
-     /**
-      * PBEWithSHAAndTwofish-CBC
-@@ -96,14 +106,16 @@
-         }
-     }
- 
--    public static class AlgParams
--        extends IvAlgorithmParameters
--    {
--        protected String engineToString()
--        {
--            return "Twofish IV";
--        }
--    }
-+    // BEGIN android-removed
-+    // public static class AlgParams
-+    //     extends IvAlgorithmParameters
-+    // {
-+    //     protected String engineToString()
-+    //     {
-+    //         return "Twofish IV";
-+    //     }
-+    // }
-+    // END android-removed
- 
-     public static class Mappings
-         extends SymmetricAlgorithmProvider
-@@ -116,17 +128,21 @@
- 
-         public void configure(ConfigurableProvider provider)
-         {
--            provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
--            provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
--            provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
-+            // BEGIN android-removed
-+            // provider.addAlgorithm("Cipher.Twofish", PREFIX + "$ECB");
-+            // provider.addAlgorithm("KeyGenerator.Twofish", PREFIX + "$KeyGen");
-+            // provider.addAlgorithm("AlgorithmParameters.Twofish", PREFIX + "$AlgParams");
-+            // END android-removed
- 
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH", "PKCS12PBE");
-             provider.addAlgorithm("Alg.Alias.AlgorithmParameters.PBEWITHSHAANDTWOFISH-CBC", "PKCS12PBE");
-             provider.addAlgorithm("Cipher.PBEWITHSHAANDTWOFISH-CBC",  PREFIX + "$PBEWithSHA");
-             provider.addAlgorithm("SecretKeyFactory.PBEWITHSHAANDTWOFISH-CBC", PREFIX + "$PBEWithSHAKeyFactory");
- 
--            addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
--            addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-+            // BEGIN android-removed
-+            // addGMacAlgorithm(provider, "Twofish", PREFIX + "$GMAC", PREFIX + "$KeyGen");
-+            // addPoly1305Algorithm(provider, "Twofish", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
-+            // END android-removed
-         }
-     }
- }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java	2015-04-09 13:10:16.000000000 +0000
-@@ -20,8 +20,10 @@
- import javax.crypto.ShortBufferException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- 
- import org.bouncycastle.asn1.cms.GCMParameters;
- import org.bouncycastle.crypto.BlockCipher;
-@@ -35,14 +37,20 @@
- import org.bouncycastle.crypto.modes.CCMBlockCipher;
- import org.bouncycastle.crypto.modes.CFBBlockCipher;
- import org.bouncycastle.crypto.modes.CTSBlockCipher;
--import org.bouncycastle.crypto.modes.EAXBlockCipher;
--import org.bouncycastle.crypto.modes.GCFBBlockCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.modes.EAXBlockCipher;
-+// import org.bouncycastle.crypto.modes.GCFBBlockCipher;
-+// END android-removed
- import org.bouncycastle.crypto.modes.GCMBlockCipher;
--import org.bouncycastle.crypto.modes.GOFBBlockCipher;
--import org.bouncycastle.crypto.modes.OCBBlockCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.modes.GOFBBlockCipher;
-+// import org.bouncycastle.crypto.modes.OCBBlockCipher;
-+// END android-removed
- import org.bouncycastle.crypto.modes.OFBBlockCipher;
--import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
--import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.modes.OpenPGPCFBBlockCipher;
-+// import org.bouncycastle.crypto.modes.PGPCFBBlockCipher;
-+// END android-removed
- import org.bouncycastle.crypto.modes.SICBlockCipher;
- import org.bouncycastle.crypto.paddings.BlockCipherPadding;
- import org.bouncycastle.crypto.paddings.ISO10126d2Padding;
-@@ -55,11 +63,15 @@
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
- import org.bouncycastle.crypto.params.ParametersWithRandom;
--import org.bouncycastle.crypto.params.ParametersWithSBox;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.ParametersWithSBox;
-+// END android-removed
- import org.bouncycastle.crypto.params.RC2Parameters;
--import org.bouncycastle.crypto.params.RC5Parameters;
--import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
--import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.RC5Parameters;
-+// import org.bouncycastle.jcajce.spec.GOST28147ParameterSpec;
-+// import org.bouncycastle.jcajce.spec.RepeatedSecretKeySpec;
-+// END android-removed
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
- import org.bouncycastle.util.Strings;
- 
-@@ -74,11 +86,15 @@
-     //
-     private Class[]                 availableSpecs =
-                                     {
--                                        RC2ParameterSpec.class,
--                                        RC5ParameterSpec.class,
-+                                        // BEGIN android-removed
-+                                        // RC2ParameterSpec.class,
-+                                        // RC5ParameterSpec.class,
-+                                        // END android-removed
-                                         IvParameterSpec.class,
-                                         PBEParameterSpec.class,
--                                        GOST28147ParameterSpec.class,
-+                                        // BEGIN android-removed
-+                                        // GOST28147ParameterSpec.class,
-+                                        // END android-removed
-                                         gcmSpecClass
-                                     };
- 
-@@ -284,48 +300,52 @@
-                         new CFBBlockCipher(baseEngine, 8 * baseEngine.getBlockSize()));
-             }
-         }
--        else if (modeName.startsWith("PGP"))
--        {
--            boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
--
--            ivLength = baseEngine.getBlockSize();
--            cipher = new BufferedGenericBlockCipher(
--                new PGPCFBBlockCipher(baseEngine, inlineIV));
--        }
--        else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
--        {
--            ivLength = 0;
--            cipher = new BufferedGenericBlockCipher(
--                new OpenPGPCFBBlockCipher(baseEngine));
--        }
--        else if (modeName.startsWith("SIC"))
--        {
--            ivLength = baseEngine.getBlockSize();
--            if (ivLength < 16)
--            {
--                throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
--            }
--            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
--                        new SICBlockCipher(baseEngine)));
--        }
-+        // BEGIN android-removed
-+        // else if (modeName.startsWith("PGP"))
-+        // {
-+        //     boolean inlineIV = modeName.equalsIgnoreCase("PGPCFBwithIV");
-+        //
-+        //     ivLength = baseEngine.getBlockSize();
-+        //     cipher = new BufferedGenericBlockCipher(
-+        //         new PGPCFBBlockCipher(baseEngine, inlineIV));
-+        // }
-+        // else if (modeName.equalsIgnoreCase("OpenPGPCFB"))
-+        // {
-+        //     ivLength = 0;
-+        //     cipher = new BufferedGenericBlockCipher(
-+        //         new OpenPGPCFBBlockCipher(baseEngine));
-+        // }
-+        // else if (modeName.startsWith("SIC"))
-+        // {
-+        //     ivLength = baseEngine.getBlockSize();
-+        //     if (ivLength < 16)
-+        //     {
-+        //         throw new IllegalArgumentException("Warning: SIC-Mode can become a twotime-pad if the blocksize of the cipher is too small. Use a cipher with a block size of at least 128 bits (e.g. AES)");
-+        //     }
-+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-+        //                 new SICBlockCipher(baseEngine)));
-+        // }
-+        // END android-removed
-         else if (modeName.startsWith("CTR"))
-         {
-             ivLength = baseEngine.getBlockSize();
-             cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-                         new SICBlockCipher(baseEngine)));
-         }
--        else if (modeName.startsWith("GOFB"))
--        {
--            ivLength = baseEngine.getBlockSize();
--            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
--                        new GOFBBlockCipher(baseEngine)));
--        }
--        else if (modeName.startsWith("GCFB"))
--        {
--            ivLength = baseEngine.getBlockSize();
--            cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
--                        new GCFBBlockCipher(baseEngine)));
--        }
-+        // BEGIN android-removed
-+        // else if (modeName.startsWith("GOFB"))
-+        // {
-+        //     ivLength = baseEngine.getBlockSize();
-+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-+        //                 new GOFBBlockCipher(baseEngine)));
-+        // }
-+        // else if (modeName.startsWith("GCFB"))
-+        // {
-+        //     ivLength = baseEngine.getBlockSize();
-+        //     cipher = new BufferedGenericBlockCipher(new BufferedBlockCipher(
-+        //                 new GCFBBlockCipher(baseEngine)));
-+        // }
-+        // END android-removed
-         else if (modeName.startsWith("CTS"))
-         {
-             ivLength = baseEngine.getBlockSize();
-@@ -336,26 +356,28 @@
-             ivLength = 13; // CCM nonce 7..13 bytes
-             cipher = new AEADGenericBlockCipher(new CCMBlockCipher(baseEngine));
-         }
--        else if (modeName.startsWith("OCB"))
--        {
--            if (engineProvider != null)
--            {
--                /*
--                 * RFC 7253 4.2. Nonce is a string of no more than 120 bits
--                 */
--                ivLength = 15;
--                cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
--            }
--            else
--            {
--                throw new NoSuchAlgorithmException("can't support mode " + mode);
--            }
--        }
--        else if (modeName.startsWith("EAX"))
--        {
--            ivLength = baseEngine.getBlockSize();
--            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
--        }
-+        // BEGIN android-removed
-+        // else if (modeName.startsWith("OCB"))
-+        // {
-+        //     if (engineProvider != null)
-+        //     {
-+        //         /*
-+        //          * RFC 7253 4.2. Nonce is a string of no more than 120 bits
-+        //          */
-+        //         ivLength = 15;
-+        //         cipher = new AEADGenericBlockCipher(new OCBBlockCipher(baseEngine, engineProvider.get()));
-+        //     }
-+        //     else
-+        //     {
-+        //         throw new NoSuchAlgorithmException("can't support mode " + mode);
-+        //     }
-+        // }
-+        // else if (modeName.startsWith("EAX"))
-+        // {
-+        //     ivLength = baseEngine.getBlockSize();
-+        //     cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
-+        // }
-+        // END android-removed
-         else if (modeName.startsWith("GCM"))
-         {
-             ivLength = baseEngine.getBlockSize();
-@@ -478,18 +500,20 @@
- 
-                     param = new ParametersWithIV(param, iv.getIV());
-                 }
--                else if (params instanceof GOST28147ParameterSpec)
--                {
--                    // need to pick up IV and SBox.
--                    GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
--
--                    param = new ParametersWithSBox(param, gost28147Param.getSbox());
--
--                    if (gost28147Param.getIV() != null && ivLength != 0)
--                    {
--                        param = new ParametersWithIV(param, gost28147Param.getIV());
--                    }
--                }
-+                // BEGIN android-removed
-+                // else if (params instanceof GOST28147ParameterSpec)
-+                // {
-+                //     // need to pick up IV and SBox.
-+                //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-+                //
-+                //     param = new ParametersWithSBox(param, gost28147Param.getSbox());
-+                //
-+                //     if (gost28147Param.getIV() != null && ivLength != 0)
-+                //     {
-+                //         param = new ParametersWithIV(param, gost28147Param.getIV());
-+                //     }
-+                // }
-+                // END android-removed
-             }
-             else if (params instanceof PBEParameterSpec)
-             {
-@@ -521,12 +545,14 @@
-                     throw new InvalidAlgorithmParameterException("IV must be " + ivLength + " bytes long.");
-                 }
- 
--                if (key instanceof RepeatedSecretKeySpec)
--                {
--                    param = new ParametersWithIV(null, p.getIV());
--                    ivParam = (ParametersWithIV)param;
--                }
--                else
-+                // BEGIN android-removed
-+                // if (key instanceof RepeatedSecretKeySpec)
-+                // {
-+                //     param = new ParametersWithIV(null, p.getIV());
-+                //     ivParam = (ParametersWithIV)param;
-+                // }
-+                // else
-+                // END android-removed
-                 {
-                     param = new ParametersWithIV(new KeyParameter(key.getEncoded()), p.getIV());
-                     ivParam = (ParametersWithIV)param;
-@@ -542,63 +568,65 @@
-                 param = new KeyParameter(key.getEncoded());
-             }
-         }
--        else if (params instanceof GOST28147ParameterSpec)
--        {
--            GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
--
--            param = new ParametersWithSBox(
--                       new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
--
--            if (gost28147Param.getIV() != null && ivLength != 0)
--            {
--                param = new ParametersWithIV(param, gost28147Param.getIV());
--                ivParam = (ParametersWithIV)param;
--            }
--        }
--        else if (params instanceof RC2ParameterSpec)
--        {
--            RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
--
--            param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
--
--            if (rc2Param.getIV() != null && ivLength != 0)
--            {
--                param = new ParametersWithIV(param, rc2Param.getIV());
--                ivParam = (ParametersWithIV)param;
--            }
--        }
--        else if (params instanceof RC5ParameterSpec)
--        {
--            RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
--
--            param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
--            if (baseEngine.getAlgorithmName().startsWith("RC5"))
--            {
--                if (baseEngine.getAlgorithmName().equals("RC5-32"))
--                {
--                    if (rc5Param.getWordSize() != 32)
--                    {
--                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
--                    }
--                }
--                else if (baseEngine.getAlgorithmName().equals("RC5-64"))
--                {
--                    if (rc5Param.getWordSize() != 64)
--                    {
--                        throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
--                    }
--                }
--            }
--            else
--            {
--                throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
--            }
--            if ((rc5Param.getIV() != null) && (ivLength != 0))
--            {
--                param = new ParametersWithIV(param, rc5Param.getIV());
--                ivParam = (ParametersWithIV)param;
--            }
--        }
-+        // BEGIN android-removed
-+        // else if (params instanceof GOST28147ParameterSpec)
-+        // {
-+        //     GOST28147ParameterSpec    gost28147Param = (GOST28147ParameterSpec)params;
-+        //
-+        //     param = new ParametersWithSBox(
-+        //                new KeyParameter(key.getEncoded()), ((GOST28147ParameterSpec)params).getSbox());
-+        //
-+        //     if (gost28147Param.getIV() != null && ivLength != 0)
-+        //     {
-+        //         param = new ParametersWithIV(param, gost28147Param.getIV());
-+        //         ivParam = (ParametersWithIV)param;
-+        //     }
-+        // }
-+        // else if (params instanceof RC2ParameterSpec)
-+        // {
-+        //     RC2ParameterSpec    rc2Param = (RC2ParameterSpec)params;
-+        //
-+        //     param = new RC2Parameters(key.getEncoded(), ((RC2ParameterSpec)params).getEffectiveKeyBits());
-+        //
-+        //     if (rc2Param.getIV() != null && ivLength != 0)
-+        //     {
-+        //         param = new ParametersWithIV(param, rc2Param.getIV());
-+        //         ivParam = (ParametersWithIV)param;
-+        //     }
-+        // }
-+        // else if (params instanceof RC5ParameterSpec)
-+        // {
-+        //     RC5ParameterSpec    rc5Param = (RC5ParameterSpec)params;
-+        //
-+        //     param = new RC5Parameters(key.getEncoded(), ((RC5ParameterSpec)params).getRounds());
-+        //     if (baseEngine.getAlgorithmName().startsWith("RC5"))
-+        //     {
-+        //         if (baseEngine.getAlgorithmName().equals("RC5-32"))
-+        //         {
-+        //             if (rc5Param.getWordSize() != 32)
-+        //             {
-+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 32 not " + rc5Param.getWordSize() + ".");
-+        //             }
-+        //         }
-+        //         else if (baseEngine.getAlgorithmName().equals("RC5-64"))
-+        //         {
-+        //             if (rc5Param.getWordSize() != 64)
-+        //             {
-+        //                 throw new InvalidAlgorithmParameterException("RC5 already set up for a word size of 64 not " + rc5Param.getWordSize() + ".");
-+        //             }
-+        //         }
-+        //     }
-+        //     else
-+        //     {
-+        //         throw new InvalidAlgorithmParameterException("RC5 parameters passed to a cipher that is not RC5.");
-+        //     }
-+        //     if ((rc5Param.getIV() != null) && (ivLength != 0))
-+        //     {
-+        //         param = new ParametersWithIV(param, rc5Param.getIV());
-+        //         ivParam = (ParametersWithIV)param;
-+        //     }
-+        // }
-+        // END android-removed
-         else if (gcmSpecClass != null && gcmSpecClass.isInstance(params))
-         {
-             if (!isAEADModeName(modeName) && !(cipher instanceof AEADGenericBlockCipher))
-@@ -611,11 +639,13 @@
-                 Method tLen = gcmSpecClass.getDeclaredMethod("getTLen", new Class[0]);
-                 Method iv= gcmSpecClass.getDeclaredMethod("getIV", new Class[0]);
- 
--                if (key instanceof RepeatedSecretKeySpec)
--                {
--                    param = aeadParams = new AEADParameters(null, ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0]));
--                }
--                else
-+                // BEGIN android-removed
-+                // if (key instanceof RepeatedSecretKeySpec)
-+                // {
-+                //     param = aeadParams = new AEADParameters(null, ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0]));
-+                // }
-+                // else
-+                // END android-removed
-                 {
-                     param = aeadParams = new AEADParameters(new KeyParameter(key.getEncoded()), ((Integer)tLen.invoke(params, new Object[0])).intValue(), (byte[])iv.invoke(params, new Object[0]));
-                 }
-@@ -867,7 +897,9 @@
-     private boolean isAEADModeName(
-         String modeName)
-     {
--        return "CCM".equals(modeName) || "EAX".equals(modeName) || "GCM".equals(modeName) || "OCB".equals(modeName);
-+        // BEGIN android-changed
-+        return "CCM".equals(modeName) || "GCM".equals(modeName);
-+        // END android-changed
-     }
- 
-     /*
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseMac.java	2013-12-12 00:35:05.000000000 +0000
-@@ -16,8 +16,10 @@
- import org.bouncycastle.crypto.Mac;
- import org.bouncycastle.crypto.params.KeyParameter;
- import org.bouncycastle.crypto.params.ParametersWithIV;
--import org.bouncycastle.crypto.params.SkeinParameters;
--import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.params.SkeinParameters;
-+// import org.bouncycastle.jcajce.spec.SkeinParameterSpec;
-+// END android-removed
- 
- public class BaseMac
-     extends MacSpi implements PBE
-@@ -79,10 +81,12 @@
-         {
-             param = new ParametersWithIV(new KeyParameter(key.getEncoded()), ((IvParameterSpec)params).getIV());
-         }
--        else if (params instanceof SkeinParameterSpec)
--        {
--            param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(key.getEncoded()).build();
--        }
-+        // BEGIN android-removed
-+        // else if (params instanceof SkeinParameterSpec)
-+        // {
-+        //     param = new SkeinParameters.Builder(copyMap(((SkeinParameterSpec)params).getParameters())).setKey(key.getEncoded()).build();
-+        // }
-+        // END android-removed
-         else if (params == null)
-         {
-             param = new KeyParameter(key.getEncoded());
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseStreamCipher.java	2015-04-09 13:10:16.000000000 +0000
-@@ -15,8 +15,10 @@
- import javax.crypto.ShortBufferException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- 
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.DataLengthException;
-@@ -34,8 +36,10 @@
-     //
-     private Class[]                 availableSpecs =
-                                     {
--                                        RC2ParameterSpec.class,
--                                        RC5ParameterSpec.class,
-+                                        // BEGIN android-removed
-+                                        // RC2ParameterSpec.class,
-+                                        // RC5ParameterSpec.class,
-+                                        // END android-removed
-                                         IvParameterSpec.class,
-                                         PBEParameterSpec.class
-                                     };
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/BaseWrapCipher.java	2015-04-09 13:10:16.000000000 +0000
-@@ -24,8 +24,10 @@
- import javax.crypto.ShortBufferException;
- import javax.crypto.spec.IvParameterSpec;
- import javax.crypto.spec.PBEParameterSpec;
--import javax.crypto.spec.RC2ParameterSpec;
--import javax.crypto.spec.RC5ParameterSpec;
-+// BEGIN android-removed
-+// import javax.crypto.spec.RC2ParameterSpec;
-+// import javax.crypto.spec.RC5ParameterSpec;
-+// END android-removed
- import javax.crypto.spec.SecretKeySpec;
- 
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-@@ -50,8 +52,10 @@
-                                     {
-                                         IvParameterSpec.class,
-                                         PBEParameterSpec.class,
--                                        RC2ParameterSpec.class,
--                                        RC5ParameterSpec.class
-+                                        // BEGIN android-removed
-+                                        // RC2ParameterSpec.class,
-+                                        // RC5ParameterSpec.class
-+                                        // END android-removed
-                                     };
- 
-     protected int                     pbeType = PKCS12;
-@@ -276,6 +280,8 @@
-         return null;
-     }
- 
-+    // BEGIN android-changed
-+    // added ShortBufferException to throws statement
-     protected int engineDoFinal(
-         byte[]  input,
-         int     inputOffset,
-@@ -286,6 +292,7 @@
-     {
-         return 0;
-     }
-+    // END android-changed
- 
-     protected byte[] engineWrap(
-         Key     key)
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/symmetric/util/PBE.java	2013-12-12 00:35:05.000000000 +0000
-@@ -7,13 +7,18 @@
- 
- import org.bouncycastle.crypto.CipherParameters;
- import org.bouncycastle.crypto.PBEParametersGenerator;
--import org.bouncycastle.crypto.digests.GOST3411Digest;
--import org.bouncycastle.crypto.digests.MD2Digest;
--import org.bouncycastle.crypto.digests.MD5Digest;
--import org.bouncycastle.crypto.digests.RIPEMD160Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
--import org.bouncycastle.crypto.digests.SHA256Digest;
--import org.bouncycastle.crypto.digests.TigerDigest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.GOST3411Digest;
-+// import org.bouncycastle.crypto.digests.MD2Digest;
-+// import org.bouncycastle.crypto.digests.MD5Digest;
-+// import org.bouncycastle.crypto.digests.RIPEMD160Digest;
-+// import org.bouncycastle.crypto.digests.SHA1Digest;
-+// import org.bouncycastle.crypto.digests.SHA256Digest;
-+// import org.bouncycastle.crypto.digests.TigerDigest;
-+// END android-removed
-+// BEGIN android-added
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-added
- import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
- import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
- import org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator;
-@@ -29,11 +34,15 @@
-     //
-     static final int        MD5          = 0;
-     static final int        SHA1         = 1;
--    static final int        RIPEMD160    = 2;
--    static final int        TIGER        = 3;
-+    // BEGIN android-removed
-+    // static final int        RIPEMD160    = 2;
-+    // static final int        TIGER        = 3;
-+    // END android-removed
-     static final int        SHA256       = 4;
--    static final int        MD2          = 5;
--    static final int        GOST3411     = 6;
-+    // BEGIN android-removed
-+    // static final int        MD2          = 5;
-+    // static final int        GOST3411     = 6;
-+    // END android-removed
- 
-     static final int        PKCS5S1      = 0;
-     static final int        PKCS5S2      = 1;
-@@ -57,14 +66,20 @@
-             {
-                 switch (hash)
-                 {
--                case MD2:
--                    generator = new PKCS5S1ParametersGenerator(new MD2Digest());
--                    break;
-+                // BEGIN android-removed
-+                // case MD2:
-+                //     generator = new PKCS5S1ParametersGenerator(new MD2Digest());
-+                //     break;
-+                // END android-removed
-                 case MD5:
--                    generator = new PKCS5S1ParametersGenerator(new MD5Digest());
-+                    // BEGIN android-changed
-+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getMD5());
-+                    // END android-changed
-                     break;
-                 case SHA1:
--                    generator = new PKCS5S1ParametersGenerator(new SHA1Digest());
-+                    // BEGIN android-changed
-+                    generator = new PKCS5S1ParametersGenerator(AndroidDigestFactory.getSHA1());
-+                    // END android-changed
-                     break;
-                 default:
-                     throw new IllegalStateException("PKCS5 scheme 1 only supports MD2, MD5 and SHA1.");
-@@ -74,27 +89,39 @@
-             {
-                 switch (hash)
-                 {
--                case MD2:
--                    generator = new PKCS5S2ParametersGenerator(new MD2Digest());
--                    break;
-+                // BEGIN android-removed
-+                // case MD2:
-+                //     generator = new PKCS5S2ParametersGenerator(new MD2Digest());
-+                //     break;
-+                // END android-removed
-                 case MD5:
--                    generator = new PKCS5S2ParametersGenerator(new MD5Digest());
-+                    // BEGIN android-changed
-+                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getMD5());
-+                    // END android-changed
-                     break;
-                 case SHA1:
--                    generator = new PKCS5S2ParametersGenerator(new SHA1Digest());
--                    break;
--                case RIPEMD160:
--                    generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
--                    break;
--                case TIGER:
--                    generator = new PKCS5S2ParametersGenerator(new TigerDigest());
--                    break;
-+                    // BEGIN android-changed
-+                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA1());
-+                    // END android-changed
-+                    break;
-+                // BEGIN android-removed
-+                // case RIPEMD160:
-+                //     generator = new PKCS5S2ParametersGenerator(new RIPEMD160Digest());
-+                //     break;
-+                // case TIGER:
-+                //     generator = new PKCS5S2ParametersGenerator(new TigerDigest());
-+                //     break;
-+                // END android-removed
-                 case SHA256:
--                    generator = new PKCS5S2ParametersGenerator(new SHA256Digest());
--                    break;
--                case GOST3411:
--                    generator = new PKCS5S2ParametersGenerator(new GOST3411Digest());
--                    break;
-+                    // BEGIN android-changed
-+                    generator = new PKCS5S2ParametersGenerator(AndroidDigestFactory.getSHA256());
-+                    // END android-changed
-+                    break;
-+                // BEGIN android-removed
-+                // case GOST3411:
-+                //     generator = new PKCS5S2ParametersGenerator(new GOST3411Digest());
-+                //     break;
-+                // END android-removed
-                 default:
-                     throw new IllegalStateException("unknown digest scheme for PBE PKCS5S2 encryption.");
-                 }
-@@ -103,27 +130,39 @@
-             {
-                 switch (hash)
-                 {
--                case MD2:
--                    generator = new PKCS12ParametersGenerator(new MD2Digest());
--                    break;
-+                // BEGIN android-removed
-+                // case MD2:
-+                //     generator = new PKCS12ParametersGenerator(new MD2Digest());
-+                //     break;
-+                // END android-removed
-                 case MD5:
--                    generator = new PKCS12ParametersGenerator(new MD5Digest());
-+                    // BEGIN android-changed
-+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getMD5());
-+                    // END android-changed
-                     break;
-                 case SHA1:
--                    generator = new PKCS12ParametersGenerator(new SHA1Digest());
--                    break;
--                case RIPEMD160:
--                    generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
--                    break;
--                case TIGER:
--                    generator = new PKCS12ParametersGenerator(new TigerDigest());
--                    break;
-+                    // BEGIN android-changed
-+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA1());
-+                    // END android-changed
-+                    break;
-+                // BEGIN android-removed
-+                // case RIPEMD160:
-+                //     generator = new PKCS12ParametersGenerator(new RIPEMD160Digest());
-+                //     break;
-+                // case TIGER:
-+                //     generator = new PKCS12ParametersGenerator(new TigerDigest());
-+                //     break;
-+                // END android-removed
-                 case SHA256:
--                    generator = new PKCS12ParametersGenerator(new SHA256Digest());
--                    break;
--                case GOST3411:
--                    generator = new PKCS12ParametersGenerator(new GOST3411Digest());
--                    break;
-+                    // BEGIN android-changed
-+                    generator = new PKCS12ParametersGenerator(AndroidDigestFactory.getSHA256());
-+                    // END android-changed
-+                    break;
-+                // BEGIN android-removed
-+                // case GOST3411:
-+                //     generator = new PKCS12ParametersGenerator(new GOST3411Digest());
-+                //     break;
-+                // END android-removed
-                 default:
-                     throw new IllegalStateException("unknown digest scheme for PBE encryption.");
-                 }
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/util/DigestFactory.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/provider/util/DigestFactory.java	2013-09-26 18:06:21.000000000 +0000
-@@ -10,12 +10,17 @@
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.crypto.Digest;
--import org.bouncycastle.crypto.digests.MD5Digest;
--import org.bouncycastle.crypto.digests.SHA1Digest;
--import org.bouncycastle.crypto.digests.SHA224Digest;
--import org.bouncycastle.crypto.digests.SHA256Digest;
--import org.bouncycastle.crypto.digests.SHA384Digest;
--import org.bouncycastle.crypto.digests.SHA512Digest;
-+// BEGIN android-removed
-+// import org.bouncycastle.crypto.digests.MD5Digest;
-+// import org.bouncycastle.crypto.digests.SHA1Digest;
-+// import org.bouncycastle.crypto.digests.SHA224Digest;
-+// import org.bouncycastle.crypto.digests.SHA256Digest;
-+// import org.bouncycastle.crypto.digests.SHA384Digest;
-+// import org.bouncycastle.crypto.digests.SHA512Digest;
-+// END android-removed
-+// BEGIN android-added
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+// END android-added
- import org.bouncycastle.util.Strings;
- 
- public class DigestFactory
-@@ -85,27 +90,39 @@
-         
-         if (sha1.contains(digestName))
-         {
--            return new SHA1Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getSHA1();
-+            // END android-changed
-         }
-         if (md5.contains(digestName))
-         {
--            return new MD5Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getMD5();
-+            // END android-changed
-         }
-         if (sha224.contains(digestName))
-         {
--            return new SHA224Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getSHA224();
-+            // END android-changed
-         }
-         if (sha256.contains(digestName))
-         {
--            return new SHA256Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getSHA256();
-+            // END android-changed
-         }
-         if (sha384.contains(digestName))
-         {
--            return new SHA384Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getSHA384();
-+            // END android-changed
-         }
-         if (sha512.contains(digestName))
-         {
--            return new SHA512Digest();
-+            // BEGIN android-changed
-+            return AndroidDigestFactory.getSHA512();
-+            // END android-changed
-         }
-         
-         return null;
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/util/JcaJceUtils.java bcprov-jdk15on-152/org/bouncycastle/jcajce/util/JcaJceUtils.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jcajce/util/JcaJceUtils.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jcajce/util/JcaJceUtils.java	2014-07-28 19:51:54.000000000 +0000
-@@ -6,11 +6,15 @@
- import org.bouncycastle.asn1.ASN1Encodable;
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.ASN1Primitive;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- 
- /**
-  * General JCA/JCE utility methods.
-@@ -100,22 +104,24 @@
-         {
-             return "SHA512";
-         }
--        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
--        {
--            return "RIPEMD128";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
--        {
--            return "RIPEMD160";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
--        {
--            return "RIPEMD256";
--        }
--        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
--        {
--            return "GOST3411";
--        }
-+        // BEGIN android-removed
-+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD128";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD160";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD256";
-+        // }
-+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-+        // {
-+        //     return "GOST3411";
-+        // }
-+        // END android-removed
-         else
-         {
-             return digestAlgOID.getId();
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java bcprov-jdk15on-152/org/bouncycastle/jce/PKCS10CertificationRequest.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/PKCS10CertificationRequest.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/PKCS10CertificationRequest.java	2014-07-28 19:51:54.000000000 +0000
-@@ -30,14 +30,18 @@
- import org.bouncycastle.asn1.ASN1Set;
- import org.bouncycastle.asn1.DERBitString;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.CertificationRequest;
- import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
- import org.bouncycastle.asn1.x509.X509Name;
-@@ -81,8 +85,11 @@
- 
-     static
-     {
--        algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
--        algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
-+        // BEGIN android-removed
-+        // Dropping MD2
-+        // algorithms.put("MD2WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
-+        // algorithms.put("MD2WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"));
-+        // END android-removed
-         algorithms.put("MD5WITHRSAENCRYPTION", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
-         algorithms.put("MD5WITHRSA", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
-         algorithms.put("RSAWITHMD5", new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"));
-@@ -102,12 +109,14 @@
-         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("RSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"));
--        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
--        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // BEGIN android-removed
-+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // END android-removed
-         algorithms.put("SHA1WITHDSA", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
-         algorithms.put("DSAWITHSHA1", new ASN1ObjectIdentifier("1.2.840.10040.4.3"));
-         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-@@ -120,11 +129,13 @@
-         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
-         algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
--        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // BEGIN android-removed
-+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3410WITHGOST3411", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // END android-removed
- 
-         //
-         // reverse mappings
-@@ -134,11 +145,15 @@
-         oids.put(PKCSObjectIdentifiers.sha256WithRSAEncryption, "SHA256WITHRSA");
-         oids.put(PKCSObjectIdentifiers.sha384WithRSAEncryption, "SHA384WITHRSA");
-         oids.put(PKCSObjectIdentifiers.sha512WithRSAEncryption, "SHA512WITHRSA");
--        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
--        oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-+        // BEGIN android-removed
-+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94, "GOST3411WITHGOST3410");
-+        // oids.put(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001, "GOST3411WITHECGOST3410");
-+        // END android-removed
-         
-         oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.4"), "MD5WITHRSA");
--        oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-+        // BEGIN android-removed
-+        // oids.put(new ASN1ObjectIdentifier("1.2.840.113549.1.1.2"), "MD2WITHRSA");
-+        // END android-removed
-         oids.put(new ASN1ObjectIdentifier("1.2.840.10040.4.3"), "SHA1WITHDSA");
-         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA1, "SHA1WITHECDSA");
-         oids.put(X9ObjectIdentifiers.ecdsa_with_SHA224, "SHA224WITHECDSA");
-@@ -172,8 +187,10 @@
-         //
-         // RFC 4491
-         //
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // BEGIN android-removed
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // END android-removed
-         //
-         // explicit params
-         //
-@@ -616,22 +633,24 @@
-         {
-             return "SHA512";
-         }
--        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
--        {
--            return "RIPEMD128";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
--        {
--            return "RIPEMD160";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
--        {
--            return "RIPEMD256";
--        }
--        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
--        {
--            return "GOST3411";
--        }
-+        // BEGIN android-removed
-+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD128";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD160";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD256";
-+        // }
-+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-+        // {
-+        //     return "GOST3411";
-+        // }
-+        // END android-removed
-         else
-         {
-             return digestAlgOID.getId();            
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/BouncyCastleProvider.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/BouncyCastleProvider.java	2015-04-09 13:10:16.000000000 +0000
-@@ -64,15 +64,22 @@
- 
-     private static final String[] SYMMETRIC_MACS =
-     {
--        "SipHash"
-+        // BEGIN android-removed
-+        // "SipHash"
-+        // END android-removed
-     };
- 
-     private static final String[] SYMMETRIC_CIPHERS =
-     {
--        "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede",
--        "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5",
--        "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish",
--        "VMPC", "VMPCKSA3", "XTEA", "XSalsa20"
-+        // BEGIN android-removed
-+        // "AES", "ARC4", "Blowfish", "Camellia", "CAST5", "CAST6", "ChaCha", "DES", "DESede",
-+        // "GOST28147", "Grainv1", "Grain128", "HC128", "HC256", "IDEA", "Noekeon", "RC2", "RC5",
-+        // "RC6", "Rijndael", "Salsa20", "SEED", "Serpent", "Shacal2", "Skipjack", "TEA", "Twofish", "Threefish",
-+        // "VMPC", "VMPCKSA3", "XTEA", "XSalsa20"
-+        // END android-removed
-+        // BEGIN android-added
-+        "AES", "ARC4", "Blowfish", "DES", "DESede", "RC2", "Twofish",
-+        // END android-added
-     };
- 
-      /*
-@@ -84,12 +91,22 @@
-     // later ones configure it.
-     private static final String[] ASYMMETRIC_GENERIC =
-     {
--        "X509", "IES"
-+        // BEGIN android-removed
-+        // "X509", "IES"
-+        // END android-removed
-+        // BEGIN android-added
-+        "X509"
-+        // END android-added
-     };
- 
-     private static final String[] ASYMMETRIC_CIPHERS =
-     {
--        "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145"
-+        // BEGIN android-removed
-+        // "DSA", "DH", "EC", "RSA", "GOST", "ECGOST", "ElGamal", "DSTU4145"
-+        // END android-removed
-+        // BEGIN android-added
-+        "DSA", "DH", "EC", "RSA",
-+        // END android-added
-     };
- 
-     /*
-@@ -98,7 +115,12 @@
-     private static final String DIGEST_PACKAGE = "org.bouncycastle.jcajce.provider.digest.";
-     private static final String[] DIGESTS =
-     {
--        "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool"
-+        // BEGIN android-removed
-+        // "GOST3411", "MD2", "MD4", "MD5", "SHA1", "RIPEMD128", "RIPEMD160", "RIPEMD256", "RIPEMD320", "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "Skein", "SM3", "Tiger", "Whirlpool"
-+        // END android-removed
-+        // BEGIN android-added
-+        "MD5", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512",
-+        // END android-added
-     };
- 
-     /*
-@@ -145,48 +167,52 @@
- 
-         loadAlgorithms(KEYSTORE_PACKAGE, KEYSTORES);
- 
--        //
--        // X509Store
--        //
--        put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
--        put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
--        put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
--        put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
--
--        put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
--        put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
--        put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
--        put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
--        
--        //
--        // X509StreamParser
--        //
--        put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
--        put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
--        put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
--        put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
--
--        //
--        // cipher engines
--        //
--        put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
--
--        put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
--
--
--        put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
--
--        // Certification Path API
--        put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
--        put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
--        put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
--        put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-+        // BEGIN android-removed
-+        // //
-+        // // X509Store
-+        // //
-+        // put("X509Store.CERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertCollection");
-+        // put("X509Store.ATTRIBUTECERTIFICATE/COLLECTION", "org.bouncycastle.jce.provider.X509StoreAttrCertCollection");
-+        // put("X509Store.CRL/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCRLCollection");
-+        // put("X509Store.CERTIFICATEPAIR/COLLECTION", "org.bouncycastle.jce.provider.X509StoreCertPairCollection");
-+        //
-+        // put("X509Store.CERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCerts");
-+        // put("X509Store.CRL/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCRLs");
-+        // put("X509Store.ATTRIBUTECERTIFICATE/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPAttrCerts");
-+        // put("X509Store.CERTIFICATEPAIR/LDAP", "org.bouncycastle.jce.provider.X509StoreLDAPCertPairs");
-+        //
-+        // //
-+        // // X509StreamParser
-+        // //
-+        // put("X509StreamParser.CERTIFICATE", "org.bouncycastle.jce.provider.X509CertParser");
-+        // put("X509StreamParser.ATTRIBUTECERTIFICATE", "org.bouncycastle.jce.provider.X509AttrCertParser");
-+        // put("X509StreamParser.CRL", "org.bouncycastle.jce.provider.X509CRLParser");
-+        // put("X509StreamParser.CERTIFICATEPAIR", "org.bouncycastle.jce.provider.X509CertPairParser");
-+        //
-+        // //
-+        // // cipher engines
-+        // //
-+        // put("Cipher.BROKENPBEWITHMD5ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithMD5AndDES");
-+        //
-+        // put("Cipher.BROKENPBEWITHSHA1ANDDES", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$BrokePBEWithSHA1AndDES");
-+        //
-+        //
-+        // put("Cipher.OLDPBEWITHSHAANDTWOFISH-CBC", "org.bouncycastle.jce.provider.BrokenJCEBlockCipher$OldPBEWithSHAAndTwofish");
-+        //
-+        // // Certification Path API
-+        // put("CertPathValidator.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathValidatorSpi");
-+        // put("CertPathBuilder.RFC3281", "org.bouncycastle.jce.provider.PKIXAttrCertPathBuilderSpi");
-+        // put("CertPathValidator.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-+        // put("CertPathBuilder.RFC3280", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-+        // END android-removed
-         put("CertPathValidator.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathValidatorSpi");
-         put("CertPathBuilder.PKIX", "org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi");
-         put("CertStore.Collection", "org.bouncycastle.jce.provider.CertStoreCollectionSpi");
--        put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
--        put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
--        put("Alg.Alias.CertStore.X509LDAP", "LDAP");
-+        // BEGIN android-removed
-+        // put("CertStore.LDAP", "org.bouncycastle.jce.provider.X509LDAPCertStoreSpi");
-+        // put("CertStore.Multi", "org.bouncycastle.jce.provider.MultiCertStoreSpi");
-+        // put("Alg.Alias.CertStore.X509LDAP", "LDAP");
-+        // END android-removed
-     }
- 
-     private void loadAlgorithms(String packageName, String[] names)
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertBlacklist.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertBlacklist.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertBlacklist.java	1970-01-01 00:00:00.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertBlacklist.java	2015-06-10 22:51:41.000000000 +0000
-@@ -0,0 +1,233 @@
-+/*
-+ * Copyright (C) 2012 The Android Open Source Project
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *      http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+package org.bouncycastle.jce.provider;
-+
-+import java.io.Closeable;
-+import java.io.ByteArrayOutputStream;
-+import java.io.FileNotFoundException;
-+import java.io.IOException;
-+import java.io.RandomAccessFile;
-+import java.math.BigInteger;
-+import java.security.PublicKey;
-+import java.util.Arrays;
-+import java.util.Collections;
-+import java.util.HashSet;
-+import java.util.Set;
-+import java.util.logging.Level;
-+import java.util.logging.Logger;
-+import org.bouncycastle.crypto.Digest;
-+import org.bouncycastle.crypto.digests.AndroidDigestFactory;
-+import org.bouncycastle.util.encoders.Hex;
-+
-+public class CertBlacklist {
-+    private static final Logger logger = Logger.getLogger(CertBlacklist.class.getName());
-+
-+    // public for testing
-+    public final Set<BigInteger> serialBlacklist;
-+    public final Set<byte[]> pubkeyBlacklist;
-+
-+    public CertBlacklist() {
-+        String androidData = System.getenv("ANDROID_DATA");
-+        String blacklistRoot = androidData + "/misc/keychain/";
-+        String defaultPubkeyBlacklistPath = blacklistRoot + "pubkey_blacklist.txt";
-+        String defaultSerialBlacklistPath = blacklistRoot + "serial_blacklist.txt";
-+
-+        pubkeyBlacklist = readPublicKeyBlackList(defaultPubkeyBlacklistPath);
-+        serialBlacklist = readSerialBlackList(defaultSerialBlacklistPath);
-+    }
-+
-+    /** Test only interface, not for public use */
-+    public CertBlacklist(String pubkeyBlacklistPath, String serialBlacklistPath) {
-+        pubkeyBlacklist = readPublicKeyBlackList(pubkeyBlacklistPath);
-+        serialBlacklist = readSerialBlackList(serialBlacklistPath);
-+    }
-+
-+    private static boolean isHex(String value) {
-+        try {
-+            new BigInteger(value, 16);
-+            return true;
-+        } catch (NumberFormatException e) {
-+            logger.log(Level.WARNING, "Could not parse hex value " + value, e);
-+            return false;
-+        }
-+    }
-+
-+    private static boolean isPubkeyHash(String value) {
-+        if (value.length() != 40) {
-+            logger.log(Level.WARNING, "Invalid pubkey hash length: " + value.length());
-+            return false;
-+        }
-+        return isHex(value);
-+    }
-+
-+    private static String readBlacklist(String path) {
-+        try {
-+            return readFileAsString(path);
-+        } catch (FileNotFoundException ignored) {
-+        } catch (IOException e) {
-+            logger.log(Level.WARNING, "Could not read blacklist", e);
-+        }
-+        return "";
-+    }
-+
-+    // From IoUtils.readFileAsString
-+    private static String readFileAsString(String path) throws IOException {
-+        return readFileAsBytes(path).toString("UTF-8");
-+    }
-+
-+    // Based on IoUtils.readFileAsBytes
-+    private static ByteArrayOutputStream readFileAsBytes(String path) throws IOException {
-+        RandomAccessFile f = null;
-+        try {
-+            f = new RandomAccessFile(path, "r");
-+            ByteArrayOutputStream bytes = new ByteArrayOutputStream((int) f.length());
-+            byte[] buffer = new byte[8192];
-+            while (true) {
-+                int byteCount = f.read(buffer);
-+                if (byteCount == -1) {
-+                    return bytes;
-+                }
-+                bytes.write(buffer, 0, byteCount);
-+            }
-+        } finally {
-+            closeQuietly(f);
-+        }
-+    }
-+
-+    // Base on IoUtils.closeQuietly
-+    private static void closeQuietly(Closeable closeable) {
-+        if (closeable != null) {
-+            try {
-+                closeable.close();
-+            } catch (RuntimeException rethrown) {
-+                throw rethrown;
-+            } catch (Exception ignored) {
-+            }
-+        }
-+    }
-+
-+    private static final Set<BigInteger> readSerialBlackList(String path) {
-+
-+        /* Start out with a base set of known bad values.
-+         *
-+         * WARNING: Do not add short serials to this list!
-+         *
-+         * Since this currently doesn't compare the serial + issuer, you
-+         * should only add serials that have enough entropy here. Short
-+         * serials may inadvertently match a certificate that was issued
-+         * not in compliance with the Baseline Requirements.
-+         */
-+        Set<BigInteger> bl = new HashSet<BigInteger>(Arrays.asList(
-+            // From http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate.cc?revision=78748&view=markup
-+            // Not a real certificate. For testing only.
-+            new BigInteger("077a59bcd53459601ca6907267a6dd1c", 16),
-+            new BigInteger("047ecbe9fca55f7bd09eae36e10cae1e", 16),
-+            new BigInteger("d8f35f4eb7872b2dab0692e315382fb0", 16),
-+            new BigInteger("b0b7133ed096f9b56fae91c874bd3ac0", 16),
-+            new BigInteger("9239d5348f40d1695a745470e1f23f43", 16),
-+            new BigInteger("e9028b9578e415dc1a710a2b88154447", 16),
-+            new BigInteger("d7558fdaf5f1105bb213282b707729a3", 16),
-+            new BigInteger("f5c86af36162f13a64f54f6dc9587c06", 16),
-+            new BigInteger("392a434f0e07df1f8aa305de34e0c229", 16),
-+            new BigInteger("3e75ced46b693021218830ae86a82a71", 16)
-+        ));
-+
-+        // attempt to augment it with values taken from gservices
-+        String serialBlacklist = readBlacklist(path);
-+        if (!serialBlacklist.equals("")) {
-+            for(String value : serialBlacklist.split(",")) {
-+                try {
-+                    bl.add(new BigInteger(value, 16));
-+                } catch (NumberFormatException e) {
-+                    logger.log(Level.WARNING, "Tried to blacklist invalid serial number " + value, e);
-+                }
-+            }
-+        }
-+
-+        // whether that succeeds or fails, send it on its merry way
-+        return Collections.unmodifiableSet(bl);
-+    }
-+
-+    private static final Set<byte[]> readPublicKeyBlackList(String path) {
-+
-+        // start out with a base set of known bad values
-+        Set<byte[]> bl = new HashSet<byte[]>(Arrays.asList(
-+            // From http://src.chromium.org/viewvc/chrome/branches/782/src/net/base/x509_certificate.cc?r1=98750&r2=98749&pathrev=98750
-+            // C=NL, O=DigiNotar, CN=DigiNotar Root CA/emailAddress=info@diginotar.nl
-+            "410f36363258f30b347d12ce4863e433437806a8".getBytes(),
-+            // Subject: CN=DigiNotar Cyber CA
-+            // Issuer: CN=GTE CyberTrust Global Root
-+            "ba3e7bd38cd7e1e6b9cd4c219962e59d7a2f4e37".getBytes(),
-+            // Subject: CN=DigiNotar Services 1024 CA
-+            // Issuer: CN=Entrust.net
-+            "e23b8d105f87710a68d9248050ebefc627be4ca6".getBytes(),
-+            // Subject: CN=DigiNotar PKIoverheid CA Organisatie - G2
-+            // Issuer: CN=Staat der Nederlanden Organisatie CA - G2
-+            "7b2e16bc39bcd72b456e9f055d1de615b74945db".getBytes(),
-+            // Subject: CN=DigiNotar PKIoverheid CA Overheid en Bedrijven
-+            // Issuer: CN=Staat der Nederlanden Overheid CA
-+            "e8f91200c65cee16e039b9f883841661635f81c5".getBytes(),
-+            // From http://src.chromium.org/viewvc/chrome?view=rev&revision=108479
-+            // Subject: O=Digicert Sdn. Bhd.
-+            // Issuer: CN=GTE CyberTrust Global Root
-+            "0129bcd5b448ae8d2496d1c3e19723919088e152".getBytes(),
-+            // Subject: CN=e-islem.kktcmerkezbankasi.org/emailAddress=ileti@kktcmerkezbankasi.org
-+            // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri
-+            "5f3ab33d55007054bc5e3e5553cd8d8465d77c61".getBytes(),
-+            // Subject: CN=*.EGO.GOV.TR 93
-+            // Issuer: CN=T\xC3\x9CRKTRUST Elektronik Sunucu Sertifikas\xC4\xB1 Hizmetleri
-+            "783333c9687df63377efceddd82efa9101913e8e".getBytes(),
-+            // Subject: Subject: C=FR, O=DG Tr\xC3\xA9sor, CN=AC DG Tr\xC3\xA9sor SSL
-+            // Issuer: C=FR, O=DGTPE, CN=AC DGTPE Signature Authentification
-+            "3ecf4bbbe46096d514bb539bb913d77aa4ef31bf".getBytes()
-+        ));
-+
-+        // attempt to augment it with values taken from gservices
-+        String pubkeyBlacklist = readBlacklist(path);
-+        if (!pubkeyBlacklist.equals("")) {
-+            for (String value : pubkeyBlacklist.split(",")) {
-+                value = value.trim();
-+                if (isPubkeyHash(value)) {
-+                    bl.add(value.getBytes());
-+                } else {
-+                    logger.log(Level.WARNING, "Tried to blacklist invalid pubkey " + value);
-+                }
-+            }
-+        }
-+
-+        return bl;
-+    }
-+
-+    public boolean isPublicKeyBlackListed(PublicKey publicKey) {
-+        byte[] encoded = publicKey.getEncoded();
-+        Digest digest = AndroidDigestFactory.getSHA1();
-+        digest.update(encoded, 0, encoded.length);
-+        byte[] out = new byte[digest.getDigestSize()];
-+        digest.doFinal(out, 0);
-+        for (byte[] blacklisted : pubkeyBlacklist) {
-+            if (Arrays.equals(blacklisted, Hex.encode(out))) {
-+                return true;
-+            }
-+        }
-+        return false;
-+    }
-+
-+    public boolean isSerialNumberBlackListed(BigInteger serial) {
-+        return serialBlacklist.contains(serial);
-+    }
-+
-+}
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/CertPathValidatorUtilities.java	2015-04-09 13:10:16.000000000 +0000
-@@ -35,6 +35,7 @@
- import java.util.List;
- import java.util.Map;
- import java.util.Set;
-+import javax.security.auth.x500.X500Principal;
- 
- import org.bouncycastle.asn1.ASN1Encodable;
- import org.bouncycastle.asn1.ASN1Enumerated;
-@@ -73,7 +74,9 @@
- import org.bouncycastle.util.Store;
- import org.bouncycastle.util.StoreException;
- import org.bouncycastle.x509.X509AttributeCertificate;
--import org.bouncycastle.x509.extension.X509ExtensionUtil;
-+// BEGIN android-removed
-+// import org.bouncycastle.x509.extension.X509ExtensionUtil;
-+// END android-removed
- 
- class CertPathValidatorUtilities
- {
-@@ -653,20 +656,22 @@
-         {
-             Object obj = iter.next();
- 
--            if (obj instanceof Store)
--            {
--                Store certStore = (Store)obj;
--                try
--                {
--                    certs.addAll(certStore.getMatches(certSelect));
--                }
--                catch (StoreException e)
--                {
--                    throw new AnnotatedException(
--                            "Problem while picking certificates from X.509 store.", e);
--                }
--            }
--            else
-+            // BEGIN android-removed
-+            // if (obj instanceof X509Store)
-+            // {
-+            //     X509Store certStore = (X509Store)obj;
-+            //     try
-+            //     {
-+            //         certs.addAll(certStore.getMatches(certSelect));
-+            //     }
-+            //     catch (StoreException e)
-+            //     {
-+            //         throw new AnnotatedException(
-+            //                 "Problem while picking certificates from X.509 store.", e);
-+            //     }
-+            // }
-+            // else
-+            // END android-removed
-             {
-                 CertStore certStore = (CertStore)obj;
- 
-@@ -715,7 +720,14 @@
- 
-                         for (int j = 0; j < genNames.length; j++)
-                         {
--                            PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]);
-+                            // BEGIN android-removed
-+                            // PKIXCRLStore store = namedCRLStoreMap.get(genNames[i]);
-+                            // END android-removed
-+                            // BEGIN android-added
-+                            // Seems like a bug, unless there should be a guarantee that j < i,
-+                            // However, it's breaking the tests.
-+                            PKIXCRLStore store = namedCRLStoreMap.get(genNames[j]);
-+                            // END android-added
-                             if (store != null)
-                             {
-                                 stores.add(store);
-@@ -888,8 +900,20 @@
-             {
-                 return;
-             }
--
--            X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded());
-+            // BEGIN android-removed
-+            // X500Name certIssuer = X500Name.getInstance(crl_entry.getCertificateIssuer().getEncoded());
-+            // END android-removed
-+            // BEGIN android-added
-+            // The original code throws null pointer exception for OpenSSLX509CRL,
-+            // which uses the implementation for getCertificateIssuer() in X509CRL, method
-+            // whose reference implementation has the following JavaDoc: "If the certificate
-+            // issuer is also the CRL issuer, this method returns null."
-+            X500Name certIssuer = null;
-+            X500Principal certificateIssuerPrincipal = crl_entry.getCertificateIssuer();
-+            if (certificateIssuerPrincipal != null) {
-+                certIssuer = X500Name.getInstance(certificateIssuerPrincipal.getEncoded());
-+            }
-+            // END android-added
- 
-             if (certIssuer == null)
-             {
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPrivateKey.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPrivateKey.java	2014-07-28 19:51:54.000000000 +0000
-@@ -19,8 +19,10 @@
- import org.bouncycastle.asn1.ASN1Sequence;
- import org.bouncycastle.asn1.DERBitString;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-+// END android-removed
- import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
- import org.bouncycastle.asn1.sec.ECPrivateKeyStructure;
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
-@@ -202,21 +204,23 @@
-             ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(params.getParameters());
-             X9ECParameters ecP = ECUtil.getNamedCurveByOid(oid);
- 
--            if (ecP == null) // GOST Curve
--            {
--                ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
--                EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
--
--                ecSpec = new ECNamedCurveSpec(
--                        ECGOST3410NamedCurves.getName(oid),
--                        ellipticCurve,
--                        new ECPoint(
--                                gParam.getG().getAffineXCoord().toBigInteger(),
--                                gParam.getG().getAffineYCoord().toBigInteger()),
--                        gParam.getN(),
--                        gParam.getH());
--            }
--            else
-+            // BEGIN android-removed
-+            // if (ecP == null) // GOST Curve
-+            // {
-+            //     ECDomainParameters gParam = ECGOST3410NamedCurves.getByOID(oid);
-+            //     EllipticCurve ellipticCurve = EC5Util.convertCurve(gParam.getCurve(), gParam.getSeed());
-+            //
-+            //     ecSpec = new ECNamedCurveSpec(
-+            //             ECGOST3410NamedCurves.getName(oid),
-+            //             ellipticCurve,
-+            //             new ECPoint(
-+            //                     gParam.getG().getAffineXCoord().toBigInteger(),
-+            //                     gParam.getG().getAffineYCoord().toBigInteger()),
-+            //             gParam.getN(),
-+            //             gParam.getH());
-+            // }
-+            // else
-+            // END android-removed
-             {
-                 EllipticCurve ellipticCurve = EC5Util.convertCurve(ecP.getCurve(), ecP.getSeed());
- 
-@@ -330,11 +334,13 @@
- 
-         try
-         {
--            if (algorithm.equals("ECGOST3410"))
--            {
--                info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
--            }
--            else
-+            // BEGIN android-removed
-+            // if (algorithm.equals("ECGOST3410"))
-+            // {
-+            //     info = new PrivateKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-+            // }
-+            // else
-+            // END android-removed
-             {
- 
-                 info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.id_ecPublicKey, params.toASN1Primitive()), keyStructure.toASN1Primitive());
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPublicKey.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/JCEECPublicKey.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/JCEECPublicKey.java	2014-07-28 19:51:54.000000000 +0000
-@@ -18,9 +18,11 @@
- import org.bouncycastle.asn1.DERBitString;
- import org.bouncycastle.asn1.DERNull;
- import org.bouncycastle.asn1.DEROctetString;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
--import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
--import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// import org.bouncycastle.asn1.cryptopro.ECGOST3410NamedCurves;
-+// import org.bouncycastle.asn1.cryptopro.GOST3410PublicKeyAlgParameters;
-+// END android-removed
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
- import org.bouncycastle.asn1.x9.X962Parameters;
-@@ -33,9 +35,13 @@
- import org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util;
- import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
- import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
--import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.ECGOST3410NamedCurveTable;
-+// END android-removed
- import org.bouncycastle.jce.interfaces.ECPointEncoder;
--import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-+// BEGIN android-removed
-+// import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec;
-+// END android-removed
- import org.bouncycastle.jce.spec.ECNamedCurveSpec;
- import org.bouncycastle.math.ec.ECCurve;
- import org.bouncycastle.math.ec.custom.sec.SecP256K1Point;
-@@ -48,7 +54,9 @@
-     private org.bouncycastle.math.ec.ECPoint q;
-     private ECParameterSpec         ecSpec;
-     private boolean                 withCompression;
--    private GOST3410PublicKeyAlgParameters       gostParams;
-+    // BEGIN android-removed
-+    // private GOST3410PublicKeyAlgParameters       gostParams;
-+    // END android-removed
- 
-     public JCEECPublicKey(
-         String              algorithm,
-@@ -58,7 +66,9 @@
-         this.q = key.q;
-         this.ecSpec = key.ecSpec;
-         this.withCompression = key.withCompression;
--        this.gostParams = key.gostParams;
-+        // BEGIN android-removed
-+        // this.gostParams = key.gostParams;
-+        // END android-removed
-     }
-     
-     public JCEECPublicKey(
-@@ -181,54 +191,55 @@
- 
-     private void populateFromPubKeyInfo(SubjectPublicKeyInfo info)
-     {
--        if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
--        {
--            DERBitString bits = info.getPublicKeyData();
--            ASN1OctetString key;
--            this.algorithm = "ECGOST3410";
--
--            try
--            {
--                key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
--            }
--            catch (IOException ex)
--            {
--                throw new IllegalArgumentException("error recovering public key");
--            }
--
--            byte[]          keyEnc = key.getOctets();
--            byte[]          x = new byte[32];
--            byte[]          y = new byte[32];
--
--            for (int i = 0; i != x.length; i++)
--            {
--                x[i] = keyEnc[32 - 1 - i];
--            }
--
--            for (int i = 0; i != y.length; i++)
--            {
--                y[i] = keyEnc[64 - 1 - i];
--            }
--
--            gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
--
--            ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
--
--            ECCurve curve = spec.getCurve();
--            EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
--
--            this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
--
--            ecSpec = new ECNamedCurveSpec(
--                    ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
--                    ellipticCurve,
--                    new ECPoint(
--                            spec.getG().getAffineXCoord().toBigInteger(),
--                            spec.getG().getAffineYCoord().toBigInteger()),
--                            spec.getN(), spec.getH());
--
--        }
--        else
-+        // if (info.getAlgorithmId().getObjectId().equals(CryptoProObjectIdentifiers.gostR3410_2001))
-+        // {
-+        //     DERBitString bits = info.getPublicKeyData();
-+        //     ASN1OctetString key;
-+        //     this.algorithm = "ECGOST3410";
-+        //
-+        //     try
-+        //     {
-+        //         key = (ASN1OctetString) ASN1Primitive.fromByteArray(bits.getBytes());
-+        //     }
-+        //     catch (IOException ex)
-+        //     {
-+        //         throw new IllegalArgumentException("error recovering public key");
-+        //     }
-+        //
-+        //     byte[]          keyEnc = key.getOctets();
-+        //     byte[]          x = new byte[32];
-+        //     byte[]          y = new byte[32];
-+        //
-+        //     for (int i = 0; i != x.length; i++)
-+        //     {
-+        //         x[i] = keyEnc[32 - 1 - i];
-+        //     }
-+        //
-+        //     for (int i = 0; i != y.length; i++)
-+        //     {
-+        //         y[i] = keyEnc[64 - 1 - i];
-+        //     }
-+        //
-+        //     gostParams = new GOST3410PublicKeyAlgParameters((ASN1Sequence)info.getAlgorithmId().getParameters());
-+        //
-+        //     ECNamedCurveParameterSpec spec = ECGOST3410NamedCurveTable.getParameterSpec(ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()));
-+        //
-+        //     ECCurve curve = spec.getCurve();
-+        //     EllipticCurve ellipticCurve = EC5Util.convertCurve(curve, spec.getSeed());
-+        //
-+        //     this.q = curve.createPoint(new BigInteger(1, x), new BigInteger(1, y), false);
-+        //
-+        //     ecSpec = new ECNamedCurveSpec(
-+        //             ECGOST3410NamedCurves.getName(gostParams.getPublicKeyParamSet()),
-+        //             ellipticCurve,
-+        //             new ECPoint(
-+        //                     spec.getG().getAffineXCoord().toBigInteger(),
-+        //                     spec.getG().getAffineYCoord().toBigInteger()),
-+        //                     spec.getN(), spec.getH());
-+        //
-+        // }
-+        // else
-+        // END android-removed
-         {
-             X962Parameters params = new X962Parameters((ASN1Primitive)info.getAlgorithmId().getParameters());
-             ECCurve                 curve;
-@@ -317,52 +328,54 @@
-         ASN1Encodable        params;
-         SubjectPublicKeyInfo info;
- 
--        if (algorithm.equals("ECGOST3410"))
--        {
--            if (gostParams != null)
--            {
--                params = gostParams;
--            }
--            else
--            {
--                if (ecSpec instanceof ECNamedCurveSpec)
--                {
--                    params = new GOST3410PublicKeyAlgParameters(
--                                   ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
--                                   CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
--                }
--                else
--                {   // strictly speaking this may not be applicable...
--                    ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
--
--                    X9ECParameters ecP = new X9ECParameters(
--                        curve,
--                        EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
--                        ecSpec.getOrder(),
--                        BigInteger.valueOf(ecSpec.getCofactor()),
--                        ecSpec.getCurve().getSeed());
--
--                    params = new X962Parameters(ecP);
--                }
--            }
--
--            BigInteger      bX = this.q.getAffineXCoord().toBigInteger();
--            BigInteger      bY = this.q.getAffineYCoord().toBigInteger();
--            byte[]          encKey = new byte[64];
--
--            extractBytes(encKey, 0, bX);
--            extractBytes(encKey, 32, bY);
--
--            try
--            {
--                info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
--            }
--            catch (IOException e)
--            {
--                return null;
--            }
--        }
--        else
-+        // BEGIN android-removed
-+        // if (algorithm.equals("ECGOST3410"))
-+        // {
-+        //     if (gostParams != null)
-+        //     {
-+        //         params = gostParams;
-+        //     }
-+        //     else
-+        //     {
-+        //         if (ecSpec instanceof ECNamedCurveSpec)
-+        //         {
-+        //             params = new GOST3410PublicKeyAlgParameters(
-+        //                            ECGOST3410NamedCurves.getOID(((ECNamedCurveSpec)ecSpec).getName()),
-+        //                            CryptoProObjectIdentifiers.gostR3411_94_CryptoProParamSet);
-+        //         }
-+        //         else
-+        //         {   // strictly speaking this may not be applicable...
-+        //             ECCurve curve = EC5Util.convertCurve(ecSpec.getCurve());
-+        //
-+        //             X9ECParameters ecP = new X9ECParameters(
-+        //                 curve,
-+        //                 EC5Util.convertPoint(curve, ecSpec.getGenerator(), withCompression),
-+        //                 ecSpec.getOrder(),
-+        //                 BigInteger.valueOf(ecSpec.getCofactor()),
-+        //                 ecSpec.getCurve().getSeed());
-+        //
-+        //             params = new X962Parameters(ecP);
-+        //         }
-+        //     }
-+        //
-+        //     BigInteger      bX = this.q.getAffineXCoord().toBigInteger();
-+        //     BigInteger      bY = this.q.getAffineYCoord().toBigInteger();
-+        //     byte[]          encKey = new byte[64];
-+        //
-+        //     extractBytes(encKey, 0, bX);
-+        //     extractBytes(encKey, 32, bY);
-+        //
-+        //     try
-+        //     {
-+        //         info = new SubjectPublicKeyInfo(new AlgorithmIdentifier(CryptoProObjectIdentifiers.gostR3410_2001, params), new DEROctetString(encKey));
-+        //     }
-+        //     catch (IOException e)
-+        //     {
-+        //         return null;
-+        //     }
-+        // }
-+        // else
-+        // END android-removed
-         {
-             if (ecSpec instanceof ECNamedCurveSpec)
-             {
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCRLUtil.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCRLUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCRLUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCRLUtil.java	2015-04-09 13:10:16.000000000 +0000
-@@ -88,22 +88,24 @@
-         {
-             Object obj = iter.next();
- 
--            if (obj instanceof Store)
--            {
--                Store store = (Store)obj;
-+            // BEGIN android-removed
-+	    // if (obj instanceof Store)
-+            // {
-+            //     Store store = (Store)obj;
- 
--                try
--                {
--                    crls.addAll(store.getMatches(crlSelect));
--                    foundValidStore = true;
--                }
--                catch (StoreException e)
--                {
--                    lastException = new AnnotatedException(
--                        "Exception searching in X.509 CRL store.", e);
--                }
--            }
--            else
-+            //     try
-+            //     {
-+            //         crls.addAll(store.getMatches(crlSelect));
-+            //         foundValidStore = true;
-+            //     }
-+            //     catch (StoreException e)
-+            //     {
-+            //         lastException = new AnnotatedException(
-+            //             "Exception searching in X.509 CRL store.", e);
-+            //     }
-+            // }
-+            // else
-+            // END android-removed
-             {
-                 CertStore store = (CertStore)obj;
- 
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi.java	2015-04-24 13:59:41.000000000 +0000
-@@ -1,5 +1,8 @@
- package org.bouncycastle.jce.provider;
- 
-+// BEGIN android-added
-+import java.math.BigInteger;
-+// END android-added
- import java.security.InvalidAlgorithmParameterException;
- import java.security.PublicKey;
- import java.security.cert.CertPath;
-@@ -41,6 +44,11 @@
-     public PKIXCertPathValidatorSpi()
-     {
-     }
-+    // BEGIN android-added
-+    private static class NoPreloadHolder {
-+        private final static CertBlacklist blacklist = new CertBlacklist();
-+    }
-+    // END android-added
- 
-     public CertPathValidatorResult engineValidate(
-             CertPath certPath,
-@@ -73,10 +81,18 @@
-         {
-             paramsPKIX = ((PKIXExtendedBuilderParameters)params).getBaseParameters();
-         }
--        else
-+        // BEGIN android-changed
-+        // else
-+        else if (params instanceof PKIXExtendedParameters)
-+        // END android-changed
-         {
-             paramsPKIX = (PKIXExtendedParameters)params;
-         }
-+        // BEGIN android-added
-+        else {
-+            throw new InvalidAlgorithmParameterException("Expecting PKIX algorithm parameters");
-+        }
-+        // END android-added
- 
-         if (paramsPKIX.getTrustAnchors() == null)
-         {
-@@ -98,6 +114,22 @@
-         {
-             throw new CertPathValidatorException("Certification path is empty.", null, certPath, 0);
-         }
-+        // BEGIN android-added
-+        {
-+            X509Certificate cert = (X509Certificate) certs.get(0);
-+
-+            if (cert != null) {
-+                BigInteger serial = cert.getSerialNumber();
-+                if (NoPreloadHolder.blacklist.isSerialNumberBlackListed(serial)) {
-+                    // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
-+                    String message = "Certificate revocation of serial 0x" + serial.toString(16);
-+                    System.out.println(message);
-+                    AnnotatedException e = new AnnotatedException(message);
-+                    throw new CertPathValidatorException(e.getMessage(), e, certPath, 0);
-+                }
-+            }
-+        }
-+        // END android-added
- 
-         //
-         // (b)
-@@ -277,6 +309,15 @@
- 
-         for (index = certs.size() - 1; index >= 0; index--)
-         {
-+            // BEGIN android-added
-+            if (NoPreloadHolder.blacklist.isPublicKeyBlackListed(workingPublicKey)) {
-+                // emulate CRL exception message in RFC3280CertPathUtilities.checkCRLs
-+                String message = "Certificate revocation of public key " + workingPublicKey;
-+                System.out.println(message);
-+                AnnotatedException e = new AnnotatedException(message);
-+                throw new CertPathValidatorException(e.getMessage(), e, certPath, index);
-+            }
-+            // END android-added
-             // try
-             // {
-             //
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509CertificateObject.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509CertificateObject.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509CertificateObject.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509CertificateObject.java	2013-01-31 02:26:40.000000000 +0000
-@@ -57,6 +57,9 @@
- import org.bouncycastle.asn1.x509.Extensions;
- import org.bouncycastle.asn1.x509.GeneralName;
- import org.bouncycastle.asn1.x509.KeyUsage;
-+// BEGIN android-added
-+import org.bouncycastle.asn1.x509.X509Name;
-+// END android-added
- import org.bouncycastle.jcajce.provider.asymmetric.util.PKCS12BagAttributeCarrierImpl;
- import org.bouncycastle.jce.X509Principal;
- import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;
-@@ -562,12 +565,20 @@
-         }
-     }
- 
-+    // BEGIN android-changed
-+    private byte[] encoded;
-+    // END android-changed
-     public byte[] getEncoded()
-         throws CertificateEncodingException
-     {
-         try
-         {
--            return c.getEncoded(ASN1Encoding.DER);
-+            // BEGIN android-changed
-+            if (encoded == null) {
-+                encoded = c.getEncoded(ASN1Encoding.DER);
-+            }
-+            return encoded;
-+            // END android-changed
-         }
-         catch (IOException e)
-         {
-@@ -858,7 +869,9 @@
-                     list.add(genName.getEncoded());
-                     break;
-                 case GeneralName.directoryName:
--                    list.add(X500Name.getInstance(RFC4519Style.INSTANCE, genName.getName()).toString());
-+                    // BEGIN android-changed
-+                    list.add(X509Name.getInstance(genName.getName()).toString(true, X509Name.DefaultSymbols));
-+                    // END android-changed
-                     break;
-                 case GeneralName.dNSName:
-                 case GeneralName.rfc822Name:
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509SignatureUtil.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/jce/provider/X509SignatureUtil.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/jce/provider/X509SignatureUtil.java	2014-07-28 19:51:54.000000000 +0000
-@@ -14,7 +14,9 @@
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.ASN1Sequence;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-@@ -66,12 +68,14 @@
-         
-         if (params != null && !derNull.equals(params))
-         {
--            if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
--            {
--                RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
--                
--                return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
--            }
-+            // BEGIN android-removed
-+            // if (sigAlgId.getAlgorithm().equals(PKCSObjectIdentifiers.id_RSASSA_PSS))
-+            // {
-+            //     RSASSAPSSparams rsaParams = RSASSAPSSparams.getInstance(params);
-+            //     
-+            //     return getDigestAlgName(rsaParams.getHashAlgorithm().getAlgorithm()) + "withRSAandMGF1";
-+            // }
-+            // END android-removed
-             if (sigAlgId.getAlgorithm().equals(X9ObjectIdentifiers.ecdsa_with_SHA2))
-             {
-                 ASN1Sequence ecDsaParams = ASN1Sequence.getInstance(params);
-@@ -114,22 +118,24 @@
-         {
-             return "SHA512";
-         }
--        else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
--        {
--            return "RIPEMD128";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
--        {
--            return "RIPEMD160";
--        }
--        else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
--        {
--            return "RIPEMD256";
--        }
--        else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
--        {
--            return "GOST3411";
--        }
-+        // BEGIN android-removed
-+        // else if (TeleTrusTObjectIdentifiers.ripemd128.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD128";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd160.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD160";
-+        // }
-+        // else if (TeleTrusTObjectIdentifiers.ripemd256.equals(digestAlgOID))
-+        // {
-+        //     return "RIPEMD256";
-+        // }
-+        // else if (CryptoProObjectIdentifiers.gostR3411.equals(digestAlgOID))
-+        // {
-+        //     return "GOST3411";
-+        // }
-+        // END android-removed
-         else
-         {
-             return digestAlgOID.getId();            
-diff -Naur bcprov-jdk15on-152.orig/org/bouncycastle/x509/X509Util.java bcprov-jdk15on-152/org/bouncycastle/x509/X509Util.java
---- bcprov-jdk15on-152.orig/org/bouncycastle/x509/X509Util.java	2015-03-01 12:03:02.000000000 +0000
-+++ bcprov-jdk15on-152/org/bouncycastle/x509/X509Util.java	2014-07-28 19:51:54.000000000 +0000
-@@ -25,12 +25,16 @@
- import org.bouncycastle.asn1.ASN1Integer;
- import org.bouncycastle.asn1.ASN1ObjectIdentifier;
- import org.bouncycastle.asn1.DERNull;
--import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.cryptopro.CryptoProObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
- import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
- import org.bouncycastle.asn1.pkcs.RSASSAPSSparams;
--import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// BEGIN android-removed
-+// import org.bouncycastle.asn1.teletrust.TeleTrusTObjectIdentifiers;
-+// END android-removed
- import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
- import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
- import org.bouncycastle.jce.X509Principal;
-@@ -44,8 +48,10 @@
-     
-     static
-     {   
--        algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
--        algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // BEGIN android-removed
-+        // algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
-+        // END android-removed
-         algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
-         algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
-         algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
-@@ -63,12 +69,14 @@
-         algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
-         algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
--        algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
--        algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
--        algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
--        algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // BEGIN android-removed
-+        // algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
-+        // algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
-+        // algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
-+        // END android-removed
-         algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
-         algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
-         algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
-@@ -81,11 +89,13 @@
-         algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
-         algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
-         algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
--        algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
--        algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // BEGIN android-removed
-+        // algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // END android-removed
- 
-         //
-         // According to RFC 3279, the ASN.1 encoding SHALL (id-dsa-with-sha1) or MUST (ecdsa-with-SHA*) omit the parameters field. 
-@@ -105,8 +115,10 @@
-         //
-         // RFC 4491
-         //
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
--        noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // BEGIN android-removed
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
-+        // noParams.add(CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
-+        // END android-removed
- 
-         //
-         // explicit params