Some things are provided by the code in libcore, some by bouncycastle, and some by openssl implementations. Some things such as X509 CertificateFactory and SSLSocket have multiple providers. For certs its because we favor the libcore implementation, but bouncycastle wants to use its own for its BKS KeyStore implementation. SSLSocket by default uses OpenSSL, but we keep the libcore one because its shared with the SSLEngine implementation which does not use OpenSSL. Other places OpenSSL backed implementations are used includes signature verification such as for RSA. In that case, even bouncycastle has been patched to use the faster path. Another case is just messages digest implementation such as MD5 and SHA1.
we have some benchmarks at http://code.google.com/p/dalvik/ to demonstrate why we do the extra work to use OpenSSL in those cases. -bri On Mon, Oct 17, 2011 at 7:35 AM, duraisamy <[email protected]>wrote: > Hi, > > I am trying to understand cryptography APIs in Android. > I understand that crypto framework uses BouncyCastle provider APIs. > I would like to know whether BouncyCastle APIs use openSSL > APIs(native). > > Regards > Duraisamy > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
