1.4/1.3 update

CONTRIBUTORS.html

@@ -6,6 +6,11 @@
 <p>
 Donors
 <p>
+The following people donated financially to help with the release of 1.61:
+<br />
+Bihari Babu
+</p>
+<p>
 The following people donated financially to help with the release of 1.60:
 <br />
 Jens Neuhalfen and perillamint. 
@@ -457,7 +462,7 @@
 <li>Anders Schack-Mulligen &lt;https://github.com/aschackmull&gt; code cleanups for CMSSignedDataParser, BrokenKDF2BytesGenerator.</li>
 <li>Sebastian Wolfgang Roland &lt;sebastianwolfgang.roland&#064stud.tu-darmstadt.de&gt; Initial XMSS/XMSS-MT implementation.</li>
 <li>didisoft &lt;https://github.com/didisoft&gt; test code for PGP signature removal involving user ids.</li>
-<li>Mike Safonov&lt;https://github.com/MikeSafonov&gt; initial implementation of GOST3410-2012 for light weight provider and JCA, parameters patches for ECGOST keys, initial implementation of GOST3412-2015.</li>
+<li>Mike Safonov&lt;https://github.com/MikeSafonov&gt; initial implementation of GOST3410-2012 for light weight provider and JCA, parameters patches for ECGOST keys, initial implementation of GOST3412-2015, addition of fromExtensions() for CRLDistPoint.</li>
 <li>Artem Storozhuk &lt;storojs72&#064gmail.com&gt; initial implementation of DSTU7564 (digest) and DSTU7624 (cipher) and their associated modes.</li>
 <li>Andreas Glaser &lt;andreas.glaser&#064gi-de.com&gt; patch to recognise ANSSI curves for PKCS#10 requests.</li>
 <li>codeborne &lt;https://github.com/cbxp&gt; patch to correct OIDs used in public key digest parameters for ECGOST-2012.</li>
@@ -484,6 +489,9 @@
 <li>MTG &lt;https://github.com/mtgag&gt; patch for decoding issues in PKIPublicationInfo and CertifiedKeyPair.</li>
 <li>Andreas Gadermaier &lt;up.gadermaier&#064gmail.com&gt; initial version of Argon2 PBKDF algorithm.</li>
 <li>Tony Washer &lt;[email protected]&gt; review of qTesla, Java 1.9 module code.</li>
+<li>Vincent Bouckaert &lt;https://github.com/veebee&gt; initial version of RFC 4998 ASN.1 classes.</li>
+<li>Tony Washer &lt;https://github.com/tonywasher&gt; ECIESKeyEncapsulation fix for use of OldCofactor mode.</li>
+<li>Aurimas Liutikas &lt;https://github.com/liutikas&gt; JavaDoc patches to ReasonsMask.</li>
 </ul>
 </object>
 </html>

ant/bc+-build.xml

@@ -513,7 +513,7 @@
         </packJar>
     </target>
 
-    <target name="build-libraries" depends="initMacros, build-pkix, build-tls, build-pg, build-mail" />
+    <target name="build-libraries" depends="initMacros, build-pkix, build-pg, build-mail" />
 
     <!--
           SMIME

ant/jdk13.xml

@@ -93,6 +93,7 @@
                 <exclude name="**/pkix/jcajce/X509Revoc*.java" />
                 <exclude name="**/pkix/jcajce/Revoc*.java" />
                 <exclude name="**/pkix/jcajce/RFC3280Cert*.java" />
+                <exclude name="**/mime/**/*.java" />
                 <exclude name="**/est/**/*.java" />
             </fileset>
             <fileset dir="pg/src/main/java">

ant/jdk14.xml

@@ -197,6 +197,7 @@
     </target>
 
     <target name="build" depends="init">
+  	<ant antfile="ant/bc+-build.xml" dir="." target="build-tls" />
         <ant antfile="ant/bc+-build.xml" dir="."/>
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-lw"/>
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-libraries"/>

ant/jdk15+.xml

@@ -92,6 +92,7 @@
     </target>
 
     <target name="build" depends="init">
+        <ant antfile="ant/bc+-build.xml" dir="." target="build-tls" />
         <ant antfile="ant/bc+-build.xml" dir="." />
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-lw" />
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-libraries" />

core/src/main/jdk1.4/org/bouncycastle/crypto/util/SSHBuilder.java

@@ -0,0 +1,55 @@
+package org.bouncycastle.crypto.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import org.bouncycastle.util.Strings;
+
+class SSHBuilder
+{
+    private final ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+    public void u32(long value)
+    {
+        bos.write((int)((value >>> 24) & 0xFF));
+        bos.write((int)((value >>> 16) & 0xFF));
+        bos.write((int)((value >>> 8) & 0xFF));
+        bos.write((int)(value & 0xFF));
+    }
+
+    public void rawArray(byte[] value)
+    {
+        u32(value.length);
+        try
+        {
+            bos.write(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException(e.getMessage());
+        }
+    }
+
+    public void write(byte[] value)
+    {
+        try
+        {
+            bos.write(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException(e.getMessage());
+        }
+    }
+
+    public void writeString(String str)
+    {
+        rawArray(Strings.toByteArray(str));
+    }
+
+    public byte[] getBytes()
+    {
+        return bos.toByteArray();
+    }
+
+}

docs/releasenotes.html

@@ -25,18 +25,30 @@ <h2>2.0 Release History</h2>
 
 <h3>2.1.1 Version</h3>
 Release: 1.61<br/>
-Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2018,
+Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2019, February 4th.
 <h3>2.1.2 Defects Fixed</h3>
 <ul>
 <li>Use of EC named curves could be lost if keys were constructed via a key factory and algorithm parameters. This has been fixed.</li>
 <li>RFC3211WrapEngine would not properly handle messages longer than 127 bytes. This has been fixed.</li>
-<li>The JCE implementations for RFC3211 would not returned null AlgorithmParameters. This has been fixed.</li>
+<li>The JCE implementations for RFC3211 would not return null AlgorithmParameters. This has been fixed.</li>
 <li>TLS: Don't check CCS status for hello_request.</li>
 <li>TLS: Tolerate unrecognized hash algorithms.</li>
 <li>TLS: Tolerate unrecognized SNI types.</li>
+<li>An incompatibility issue in ECIES-KEM encryption in cofactor mode has been fixed.</li>
+<li>An issue with XMSS/XMSSMT private key loading which could result in invalid signatures has been fixed.</li>
+<li>StateAwareSignature.isSigningCapable() now returns false when the key has reached it's maximum number of signatures.</li>
+<li>The McEliece KeyPairGenerator was failing to initialize the underlying class if a SecureRandom was explicitly passed.</li>
+<li>The McEliece cipher would sometimes report the wrong value on a call to Cipher.getOutputSize(int). This has been fixed.</li>
+<li>CSHAKEDigest.leftEncode() was using the wrong endianness for multi byte values. This has been fixed.</li>
+<li>Some ciphers, such as CAST6, were missing AlgorithmParameters implementations. This has been fixed.</li>
+<li>An issue with the default "m" parameter for 1024 bit Diffie-Hellman keys which could result in an exception on key pair generation has been fixed.</li>
+<li>The SPHINCS256 implementation is now more tolerant of parameters wrapped with a SecureRandom and will not throw an exception if it receives one.</li>
+<li>A regression in PGPUtil.writeFileToLiteralData() which could cause corrupted literal data has been fixed.</li>
+<li>Several parsing issues related to the processing of CMP PKIPublicationInfo have been fixed.</li>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
+<li>The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider.</li>
 <li>The password hashing function, Argon2 has been added to the lightweight API.</li>
 <li>BCJSSE: Added support for endpoint ID validation (HTTPS, LDAP, LDAPS).</li>
 <li>BCJSSE: Added support for 'useCipherSuitesOrder' parameter.</li>
@@ -49,6 +61,12 @@ <h3>2.1.3 Additional Features and Functionality</h3>
 <li>TLS: Updated to RFC 7627 from draft-ietf-tls-session-hash-04.</li>
 <li>TLS: Improved certificate sig. alg. checks.</li>
 <li>TLS: Finalised support for RFC 8442 cipher suites.</li>
+<li>Support has been added to the main Provider for the Ed25519 and Ed448 signature algorithms.</li>
+<li>Support has been added to the main Provider for the X25519 and X448 key agreement algorithms.</li>
+<li>Utility classes have been added for handling OpenSSH keys.</li>
+<li>Support for processing messages built using GPG and Curve25519 has been added to the OpenPGP API.</li>
+<li>The provider now recognises the standard SM3 OID.</li>
+<li>An new API for directly parsing and creating S/MIME documents has been added to the PKIX API.</li>
 </ul>
 
 <h3>2.2.1 Version</h3>

docs/specifications.html

@@ -327,7 +327,7 @@ <h4>Digest</h4>
 <tr><td><b>SHA384Digest</b></td><td>384</td><td>FIPS 180-2</td></tr>
 <tr><td><b>SHA512Digest</b></td><td>512</td><td>FIPS 180-2</td></tr>
 <tr><td><b>SHA3Digest</b></td><td>224, 256, 384, 512</td><td></td></tr>
-<tr><td><b>SHAKEDigest</b></td><td>128, 256</td><td></td></tr>
+<tr><td><b>SHAKEDigest</b></td><td>128, 256</td><td>cSHAKE primitive also supported.</td></tr>
 <tr><td><b>SkeinDigest</b></td><td>any byte length</td><td>256 bit, 512 bit and 1024 state sizes. Additional parameterisation using SkeinParameters.</td></tr>
 <tr><td><b>SM3Digest</b></td><td>256</td><td>The SM3 Digest.</td></tr>
 <tr><td><b>TigerDigest</b></td><td>192</td><td>The Tiger Digest.</td></tr>
@@ -378,6 +378,7 @@ <h4>PBE and Password Hashing</h4>
 </p>
 <table cellpadding=5 cellspacing=0 border=1 width=80%>
 <tr><th>Name</th><th>Constructor</th><th>Notes</th></tr>
+<tr><td><b>Argon2</b></td><td>&nbsp;</td><td>&nbsp;</td></tr>
 <tr><td><b>BCrypt</b></td><td>&nbsp;</td><td>&nbsp;</td></tr>
 <tr><td><b>OpenBSDBcyrpt</b></td><td>&nbsp;</td><td>&nbsp;</td></tr>
 <tr><td><b>SCrypt</b></td><td>&nbsp;</td><td>&nbsp;</td></tr>
@@ -929,6 +930,11 @@ <h4>Signature Algorithms</h4>
 <li>SHA512withXMSSMT-SHA512</li>
 <li>SHAKE128withXMSSMT-SHAKE128</li>
 <li>SHAKE256withXMSSMT-SHAKE256</li>
+<li>qTESLA-I</li>
+<li>qTESLA-III-SIZE</li>
+<li>qTESLA-III-SPEED</li>
+<li>qTESLA-P-I</li>
+<li>qTESLA-P-III</li>
 </ul>
 
 <h4>Password Hashing and PBE</h4>