the patch replaces the built-in DES and MD5 implementation with code which uses the crypto modules in the java.security / javax.crypto packages. This addresses export regulations. Test cases were added to make sure, that the code behaves the same as the previous built-in implementation. (Test cases passed with previous implementation and pass with the new implementation.)
PS1: A patch snippet for NtlmAuthTest.java has slipped in which just changes the order of imports.This can be excluded without any problem.
PS2: The patch for README.SSO contains also a few hunks which change whitespace only - the first hunk is a real change. If whitespace shall not be changed, those hunks can be excluded as well.