compatibility updates

documentation updates to releasenotes and contributors.

CONTRIBUTORS.html

@@ -6,6 +6,11 @@
 <p>
 Donors
 <p>
+The following people donated financially to help with the release of 1.66:
+<br />
+Denis Beurive, Ravi_02, and Manuel Corona.
+</p>
+<p>
 The following people donated financially to help with the release of 1.65:
 <br />
 Christian Kahlo, Alexi Livshitz, and Denis Beurive.

ant/jdk13.xml

@@ -87,6 +87,12 @@
                 <exclude name="**/asymmetric/DSTU*.java" />
                 <exclude name="**/asymmetric/dstu/*.java" />
                 <exclude name="**/provider/config/PKCS12StoreParameter.java" />
+                <exclude name="**/PKIXCertPathValidatorSpi_8.java"/>
+                <exclude name="**/PKIXCertPathBuilderSpi_8.java"/>
+                <exclude name="**/WrappedRevocationChecker.java"/>
+                <exclude name="**/ProvRevocationChecker.java"/>
+                <exclude name="**/provider/OcspCache.java"/>
+                <exclude name="**/provider/ProvOcspRevocationChecker.java"/>
                 <exclude name="**/jcajce/BCFKSLoadStoreParameter.java" />
                 <exclude name="**/jcajce/BCLoadStoreParameter.java" />
                 <exclude name="**/jcajce/spec/DSTU4145ParameterSpec.java" />
@@ -191,8 +197,10 @@
                 <exclude name="**/PSSTest.java" />
                 <exclude name="**/KDFCounterGeneratorTest.java" />
                 <exclude name="**/jce/provider/test/AEADTest.java" />
+                <exclude name="**/jce/provider/test/ECEncodingTest.java" />
             </fileset>
             <fileset dir="pkix/src/test/java">
+                <exclude name="**/pkix/test/RevocationTest.java"/>
                 <exclude name="**/SunProviderTest.java" />
                 <exclude name="**/NullProviderTest.java" />
                 <exclude name="**/CertPathLoopTest.java" />
@@ -202,6 +210,7 @@
                 <exclude name="**/pkix/**/RevocationTest.java" />
                 <exclude name="**/pkix/**/TestUtil.java" />
                 <exclude name="**/JournalingSecureRandomEncryptTest.java" />
+                <exclude name="**/PKIXRevocationTest.java" />
                 <exclude name="**/cms/test/AnnotatedKeyTest.java"/>
                 <exclude name="**/bouncycastle/cms/test/AuthEnvelopedDataTest.java"/>
             </fileset>

bc-build.properties

@@ -1,8 +1,8 @@
 
-release.suffix: 166b13
-release.name: 1.66b13
-release.version: 1.66.00.13
-release.debug: true
+release.suffix: 166
+release.name: 1.66
+release.version: 1.66.00
+release.debug: false
 
 mail.jar.home: ./libs/mail.jar
 activation.jar.home:  ./libs/activation.jar

build1-1

@@ -70,6 +70,8 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/pqc/jcajce/provider/LMS*
     rm -rf org/bouncycastle/pqc/crypto/*/LMS*
     rm org/bouncycastle/pqc/jcajce/spec/LMS*
+    rm -f org/bouncycastle/jce/provider/test/SimpleTestTest.java
+    rm -f org/bouncycastle/jce/provider/ProvCrlRevocationChecker.java
     rm -rf org/bouncycastle/pqc/crypto/*/HSS*
     rm -rf org/bouncycastle/pqc/math/ntru
     rm -rf org/bouncycastle/pqc/crypto/ntru
@@ -83,12 +85,20 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/crypto/*/IndexGenerator*
     rm -rf org/bouncycastle/util/utiltest
     rm -rf org/bouncycastle/i18n/test
+    rm -f org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi_8.java
+    rm -f org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi_8.java
+    rm -f org/bouncycastle/jce/provider/WrappedRevocationChecker.java
+    rm -f org/bouncycastle/jce/provider/ProvRevocationChecker.java
+    rm -f org/bouncycastle/jce/provider/OcspCache.java
+    rm -f org/bouncycastle/jce/provider/ProvOcspRevocationChecker.java
     rm -rf org/bouncycastle/i18n/filter/test
     rm -rf org/bouncycastle/math/ec/test
+    rm -rf org/bouncycastle/jce/provider/test/ECEncodingTest.java
     rm -rf org/bouncycastle/math/ec/custom/test
     rm -rf org/bouncycastle/math/ec/custom/sec/test
     rm -rf org/bouncycastle/crypto/CryptoServicesPermission.java
     rm -rf org/bouncycastle/crypto/tls/test
+    rm -rf org/bouncycastle/crypto/test/SimpleTestTest.java
     rm -rf org/bouncycastle/crypto/test/GCMReorderTest.java
     rm -rf org/bouncycastle/jce/cert
     rm -rf org/bouncycastle/jce/ECPointUtil.java
@@ -167,6 +177,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/cert/test/CertPathLoopTest.java
     rm -rf org/bouncycastle/cert/test/Bc*
     rm -rf org/bouncycastle/cert/test/GOST3410_2012CMSTest.java
+    rm -rf org/bouncycastle/cert/ocsp/test/PKIXRevocationTest.java
     rm -rf org/bouncycastle/tsp/GenTimeAccuracyUnit*
     rm -rf org/bouncycastle/tsp/TimeStampTokenInfoUnit*
     rm -rf org/bouncycastle/tsp/DataGroup*

build1-2

@@ -72,6 +72,7 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm org/bouncycastle/pqc/jcajce/spec/LMS*
     rm -rf org/bouncycastle/crypto/*/test
     rm -rf org/bouncycastle/crypto/*/IndexGenerator*
+    rm -rf org/bouncycastle/crypto/test/SimpleTestTest.java
     rm -rf org/bouncycastle/util/utiltest
     rm -rf org/bouncycastle/mail
     rm -rf org/bouncycastle/bcpg
@@ -122,6 +123,13 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm -rf org/bouncycastle/jce/provider/test/rsa3
     rm -rf org/bouncycastle/jce/provider/test/DSTU4145Test.java
     rm -rf org/bouncycastle/jce/provider/test/JceTestUtil.java
+    rm -f org/bouncycastle/jce/provider/PKIXCertPathValidatorSpi_8.java
+    rm -f org/bouncycastle/jce/provider/PKIXCertPathBuilderSpi_8.java
+    rm -f org/bouncycastle/jce/provider/WrappedRevocationChecker.java
+    rm -f org/bouncycastle/jce/provider/ProvRevocationChecker.java
+    rm -f org/bouncycastle/jce/provider/OcspCache.java
+    rm -f org/bouncycastle/jce/provider/test/SimpleTestTest.java
+    rm -f org/bouncycastle/jce/provider/ProvOcspRevocationChecker.java
     rm -rf org/bouncycastle/x509/PKIXAttrCert*.java
     rm -rf org/bouncycastle/jce/provider/RFC3281*.java
     rm -rf org/bouncycastle/jcajce/PKCS12StoreParameter.java
@@ -134,12 +142,14 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm -rf org/bouncycastle/jcajce/provider/test/PrivateConstructorTest.java
     rm -rf org/bouncycastle/jcajce/provider/test/ECAlgorithmParametersTest.java
     rm -rf org/bouncycastle/jcajce/provider/test/RandomTest.java
+    rm -rf org/bouncycastle/jce/provider/test/ECEncodingTest.java
     rm org/bouncycastle/asn1/test/GetInstanceTest.java
     rm org/bouncycastle/asn1/test/ASN1SequenceParserTest.java
     rm org/bouncycastle/asn1/test/OctetStringTest.java
     rm org/bouncycastle/asn1/test/ParseTest.java
     rm org/bouncycastle/pkix/test/RevocationTest.java
     rm org/bouncycastle/pkix/test/TestUtil.java
+    rm org/bouncycastle/cert/ocsp/test/PKIXRevocationTest.java
     rm -r org/bouncycastle/crypto/test/BigSkippingCipherTest.java
     rm -rf org/bouncycastle/openssl/test
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/dstu

buildj2me

@@ -106,6 +106,8 @@ then
         rm src/org/bouncycastle/asn1/test/TagTest.java
         rm src/org/bouncycastle/asn1/test/TypeOfBiometricDataUnitTest.java
         rm src/org/bouncycastle/asn1/test/UTCTimeTest.java
+        rm src/org/bouncycastle/crypto/test/SimpleTestTest.java
+        rm src/org/bouncycastle/crypto/test/Argon2Test.java
         rm src/org/bouncycastle/crypto/test/AESVectorFileTest.java
         rm src/org/bouncycastle/crypto/test/GCMReorderTest.java
         rm src/org/bouncycastle/crypto/test/HCFamilyVecTest.java

core/src/main/j2me/java/security/SecureRandom.java

@@ -66,6 +66,11 @@ public static SecureRandom getInstance(String algorithm, String provider)
         return getInstance(algorithm);
     }
 
+    public String getAlgorithm()
+    {
+        return "unknown";
+    }
+
     public static byte[] getSeed(int numBytes)
     {
         byte[] rv = new byte[numBytes];

core/src/main/j2me/org/bouncycastle/util/Integers.java

@@ -18,6 +18,22 @@ public static int numberOfLeadingZeros(int i)
         return n;
     }
 
+    public static int numberOfTrailingZeros(int i)
+    {
+        if (i == 0)
+        {
+            return 32;
+        }
+
+        int count = 0;
+        while ((i & 1) == 0)
+        {
+            i >>>= 1;
+            ++count;
+        }
+        return count;
+    }
+
     public static int rotateLeft(int i, int distance)
     {
         return (i << distance) ^ (i >>> -distance);

core/src/main/jdk1.1/org/bouncycastle/crypto/CryptoServicesRegistrar.java

@@ -108,6 +108,17 @@ public static SecureRandom getSecureRandom()
         return defaultSecureRandom;
     }
 
+    /**
+     * Return either the passed-in SecureRandom, or if it is null, then the default source of randomness.
+     *
+     * @param secureRandom the SecureRandom to use if it is not null.
+     * @return the SecureRandom parameter if it is not null, or else the default SecureRandom
+     */
+    public static SecureRandom getSecureRandom(SecureRandom secureRandom)
+    {
+        return null == secureRandom ? getSecureRandom() : secureRandom;
+    }
+
     /**
      * Set a default secure random to be used where none is otherwise provided.
      *

core/src/main/jdk1.1/org/bouncycastle/crypto/prng/SP800SecureRandomBuilder.java

@@ -6,20 +6,21 @@
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.Mac;
+import org.bouncycastle.crypto.engines.DESedeEngine;
+import org.bouncycastle.crypto.macs.HMac;
 import org.bouncycastle.crypto.prng.drbg.CTRSP800DRBG;
-import org.bouncycastle.crypto.prng.drbg.DualECPoints;
-import org.bouncycastle.crypto.prng.drbg.DualECSP800DRBG;
 import org.bouncycastle.crypto.prng.drbg.HMacSP800DRBG;
 import org.bouncycastle.crypto.prng.drbg.HashSP800DRBG;
 import org.bouncycastle.crypto.prng.drbg.SP80090DRBG;
+import org.bouncycastle.util.Arrays;
 
 /**
  * Builder class for making SecureRandom objects based on SP 800-90A Deterministic Random Bit Generators (DRBG).
  */
 public class SP800SecureRandomBuilder
 {
-    private SecureRandom random;
-    private EntropySourceProvider entropySourceProvider;
+    private final SecureRandom random;
+    private final EntropySourceProvider entropySourceProvider;
 
     private byte[] personalizationString;
     private int securityStrength = 256;
@@ -45,8 +46,8 @@ public SP800SecureRandomBuilder()
      * Any SecureRandom created from a builder constructed like this will make use of input passed to SecureRandom.setSeed() if
      * the passed in SecureRandom does for its generateSeed() call.
      * </p>
-     * @param entropySource
-     * @param predictionResistant
+     * @param entropySource the SecureRandom acting as a source of entropy for DRBGs made by this builder.
+     * @param predictionResistant true if the SecureRandom seeder can be regarded as predictionResistant.
      */
     public SP800SecureRandomBuilder(SecureRandom entropySource, boolean predictionResistant)
     {
@@ -74,7 +75,7 @@ public SP800SecureRandomBuilder(EntropySourceProvider entropySourceProvider)
      */
     public SP800SecureRandomBuilder setPersonalizationString(byte[] personalizationString)
     {
-        this.personalizationString = personalizationString;
+        this.personalizationString = Arrays.clone(personalizationString);
 
         return this;
     }
@@ -145,33 +146,6 @@ public SP800SecureRandom buildHMAC(Mac hMac, byte[] nonce, boolean predictionRes
         return new SP800SecureRandom(random, entropySourceProvider.get(entropyBitsRequired), new HMacDRBGProvider(hMac, nonce, personalizationString, securityStrength), predictionResistant);
     }
 
-    /**
-     * Build a SecureRandom based on a SP 800-90A Dual EC DRBG.
-     *
-     * @param digest digest algorithm to use in the DRBG underneath the SecureRandom.
-     * @param nonce  nonce value to use in DRBG construction.
-     * @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes.
-     * @return a SecureRandom supported by a Dual EC DRBG.
-     */
-    public SP800SecureRandom buildDualEC(Digest digest, byte[] nonce, boolean predictionResistant)
-    {
-        return new SP800SecureRandom(random, entropySourceProvider.get(entropyBitsRequired), new DualECDRBGProvider(digest, nonce, personalizationString, securityStrength), predictionResistant);
-    }
-
-    /**
-     * Build a SecureRandom based on a SP 800-90A Dual EC DRBG.
-     *
-     * @param pointSet an array of DualECPoints to use for DRB generation.
-     * @param digest digest algorithm to use in the DRBG underneath the SecureRandom.
-     * @param nonce  nonce value to use in DRBG construction.
-     * @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes.
-     * @return a SecureRandom supported by a Dual EC DRBG.
-     */
-    public SP800SecureRandom buildDualEC(DualECPoints[] pointSet, Digest digest, byte[] nonce, boolean predictionResistant)
-    {
-        return new SP800SecureRandom(random, entropySourceProvider.get(entropyBitsRequired), new ConfigurableDualECDRBGProvider(pointSet, digest, nonce, personalizationString, securityStrength), predictionResistant);
-    }
-
     private static class HashDRBGProvider
         implements DRBGProvider
     {
@@ -188,56 +162,14 @@ public HashDRBGProvider(Digest digest, byte[] nonce, byte[] personalizationStrin
             this.securityStrength = securityStrength;
         }
 
-        public SP80090DRBG get(EntropySource entropySource)
-        {
-            return new HashSP800DRBG(digest, securityStrength, entropySource, personalizationString, nonce);
-        }
-    }
-
-    private static class DualECDRBGProvider
-        implements DRBGProvider
-    {
-        private final Digest digest;
-        private final byte[] nonce;
-        private final byte[] personalizationString;
-        private final int securityStrength;
-
-        public DualECDRBGProvider(Digest digest, byte[] nonce, byte[] personalizationString, int securityStrength)
-        {
-            this.digest = digest;
-            this.nonce = nonce;
-            this.personalizationString = personalizationString;
-            this.securityStrength = securityStrength;
-        }
-
-        public SP80090DRBG get(EntropySource entropySource)
+        public String getAlgorithm()
         {
-            return new DualECSP800DRBG(digest, securityStrength, entropySource, personalizationString, nonce);
-        }
-    }
-
-    private static class ConfigurableDualECDRBGProvider
-        implements DRBGProvider
-    {
-        private final DualECPoints[] pointSet;
-        private final Digest digest;
-        private final byte[] nonce;
-        private final byte[] personalizationString;
-        private final int securityStrength;
-
-        public ConfigurableDualECDRBGProvider(DualECPoints[] pointSet, Digest digest, byte[] nonce, byte[] personalizationString, int securityStrength)
-        {
-            this.pointSet = new DualECPoints[pointSet.length];
-            System.arraycopy(pointSet, 0, this.pointSet, 0, pointSet.length);
-            this.digest = digest;
-            this.nonce = nonce;
-            this.personalizationString = personalizationString;
-            this.securityStrength = securityStrength;
+            return "HASH-DRBG-" + getSimplifiedName(digest);
         }
 
         public SP80090DRBG get(EntropySource entropySource)
         {
-            return new DualECSP800DRBG(pointSet, digest, securityStrength, entropySource, personalizationString, nonce);
+            return new HashSP800DRBG(digest, securityStrength, entropySource, personalizationString, nonce);
         }
     }
 
@@ -257,6 +189,16 @@ public HMacDRBGProvider(Mac hMac, byte[] nonce, byte[] personalizationString, in
             this.securityStrength = securityStrength;
         }
 
+        public String getAlgorithm()
+        {
+            if (hMac instanceof HMac)
+            {
+                return "HMAC-DRBG-" + getSimplifiedName(((HMac)hMac).getUnderlyingDigest());
+            }
+
+            return "HMAC-DRBG-" + hMac.getAlgorithmName();
+        }
+
         public SP80090DRBG get(EntropySource entropySource)
         {
             return new HMacSP800DRBG(hMac, securityStrength, entropySource, personalizationString, nonce);
@@ -282,9 +224,32 @@ public CTRDRBGProvider(BlockCipher blockCipher, int keySizeInBits, byte[] nonce,
             this.securityStrength = securityStrength;
         }
 
+        public String getAlgorithm()
+        {
+            if (blockCipher instanceof DESedeEngine)
+            {
+                return "CTR-DRBG-3KEY-TDES";
+            }
+            return "CTR-DRBG-" + blockCipher.getAlgorithmName() + keySizeInBits;
+        }
+
         public SP80090DRBG get(EntropySource entropySource)
         {
             return new CTRSP800DRBG(blockCipher, keySizeInBits, securityStrength, entropySource, personalizationString, nonce);
         }
     }
+
+    private static String getSimplifiedName(Digest digest)
+    {
+        String name = digest.getAlgorithmName();
+
+        int dIndex = name.indexOf('-');
+        if (dIndex > 0 && !name.startsWith("SHA3"))
+        {
+            return name.substring(0, dIndex) + name.substring(dIndex + 1);
+        }
+
+        return name;
+    }
+
 }