1.4 compatibility changes

doc updates.

CONTRIBUTORS.html

@@ -435,6 +435,9 @@
 <li>Artem Storozhuk &lt;storojs72&#064gmail.com&gt; N4 calculation fix to GOFB mode.</li>
 <li>Na Yu &lt;na.yu&#064samsung.com&gt; Constructor patches to CMC PKIData.</li>
 <li>Evangelos Karatsiolis &lt;ekaratsiolis&#064mtg.de&gt; Corrected use of explicit tagging in X.509 PolicyConstraints class.</li>
+<li>VivleSoren &lt;https://github.com/VivleSoren&gt; additional constructor for McElieceCCA2PrivateKeyParameters.</li>
+<li>mtausig &lt;https://github.com/mtausig&gt; JavaDoc fix for MCSEncryptedDataGenerator.</li>
+<li>Anders Schack-Mulligen &lt;https://github.com/aschackmull&gt; code cleanups for CMSSignedDataParser, BrokenKDF2BytesGenerator.</li>
 </ul>
 </body>
 </html>

ant/bc+-build.xml

@@ -106,6 +106,7 @@
                 <javac source="${bc.javac.source}" target="${bc.javac.target}"
                     srcdir="${artifacts.dir}/@{target}/src"
                     destdir="${build.dir}/@{target}/classes"
+                    memoryMaximumSize="512m"
                     debug="${release.debug}" fork="true">
                     <classpath>
                         <path refid="project.classpath" /> 
@@ -142,6 +143,7 @@
                 <javac source="${bc.javac.source}" target="${bc.javac.target}"
                     srcdir="${artifacts.dir}/@{target}/src"
                     destdir="${build.dir}/@{target}/classes"
+                    memoryMaximumSize="512m"
                     debug="${release.debug}">
                     <classpath>
                         <path refid="project.classpath" /> 
@@ -279,6 +281,8 @@
         <javac source="${bc.javac.source}" target="${bc.javac.target}"
             srcdir="${lcrypto.target.src.dir}"
             destdir="${lcrypto.target.classes.dir}"
+	    memoryMaximumSize="512m"
+            fork="true"
             debug="${release.debug}">
             <classpath>
                 <path refid="project.classpath" /> 

ant/build.regexp

@@ -1,3 +1,3 @@
 
-regexp: <[A-Z?][^>@]*[a-zA-Z0-9]>|<[A-Z]>
+regexp: <[A-Z?][^>@]*[a-zA-Z0-9\\[\\]]>|<[A-Z]>
 

ant/jdk14.xml

@@ -24,6 +24,7 @@
         <copy todir="${src.dir}">
             <fileset dir="core/src/main/java">
                 <exclude name="**/ntru/**/*.java" />
+                <exclude name="**/xmss/**/*.java" />
             </fileset>
             <fileset dir="pg/src/main/java" />
             <fileset dir="pkix/src/main/java" />
@@ -42,6 +43,7 @@
                 <exclude name="**/NTRU*.java" />
                 <exclude name="**/IndexGenerator.java" />
                 <exclude name="**/ntru/**/*.java" />
+                <exclude name="**/xmss/**/*.java" />
                 <exclude name="**/asymmetric/DSTU*.java" />
                 <exclude name="**/asymmetric/dstu/*.java" />
 		<exclude name="**/provider/config/PKCS12StoreParameter.java" />
@@ -55,9 +57,11 @@
                 <exclude name="**/KDFDoublePipeline*.java" />
                 <exclude name="**/KDFCounterGener*.java" />
                 <exclude name="**/ntru/**/*.java" />
+                <exclude name="**/xmss/**/*.java" />
                 <exclude name="**/NTRU*.java" />
                 <exclude name="**/pqc/**/EncryptionKeyTest.java" />
                 <exclude name="**/pqc/**/BitStringTest.java" />
+                <exclude name="**/pqc/**/XMS*.java" />
                 <exclude name="**/GetInstanceTest.java" />
             </fileset>
             <fileset dir="pg/src/test/java" />

core/src/main/java/org/bouncycastle/asn1/cmc/OtherStatusInfo.java

@@ -1,11 +1,9 @@
 package org.bouncycastle.asn1.cmc;
 
-import java.io.ByteArrayInputStream;
 import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1Choice;
 import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -55,27 +53,15 @@ else if (asn1Value instanceof ASN1Sequence) // PendInfo is a sequence.
         }
         else if (obj instanceof byte[])
         {
-            ASN1InputStream ain = new ASN1InputStream(new ByteArrayInputStream((byte[])obj));
             try
             {
-                return getInstance(ain.readObject());
+                return getInstance(ASN1Primitive.fromByteArray((byte[])obj));
             }
-            catch (Exception e)
+            catch (IOException e)
             {
-                throw new IllegalArgumentException(e.getMessage(), e);
+                throw new IllegalArgumentException("parsing error: " + e.getMessage());
             }
-            finally
-            {
-                try
-                {
-                    ain.close();
-                }
-                catch (IOException e)
-                {
-                    throw new IllegalArgumentException(e.getMessage(), e);
-                }
-            }
-        }
+        }                          
         throw new IllegalArgumentException("unknown object in getInstance(): " + obj.getClass().getName());
     }
 

core/src/main/java/org/bouncycastle/crypto/tls/TlsUtils.java

@@ -35,6 +35,7 @@
 import org.bouncycastle.crypto.util.PublicKeyFactory;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
+import org.bouncycastle.util.Shorts;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.io.Streams;
 
@@ -709,10 +710,10 @@ public static void writeVersion(ProtocolVersion version, byte[] buf, int offset)
     public static Vector getAllSignatureAlgorithms()
     {
         Vector v = new Vector(4);
-        v.addElement(SignatureAlgorithm.anonymous);
-        v.addElement(SignatureAlgorithm.rsa);
-        v.addElement(SignatureAlgorithm.dsa);
-        v.addElement(SignatureAlgorithm.ecdsa);
+        v.addElement(Shorts.valueOf(SignatureAlgorithm.anonymous));
+        v.addElement(Shorts.valueOf(SignatureAlgorithm.rsa));
+        v.addElement(Shorts.valueOf(SignatureAlgorithm.dsa));
+        v.addElement(Shorts.valueOf(SignatureAlgorithm.ecdsa));
         return v;
     }
 
@@ -2500,21 +2501,21 @@ public static boolean isValidCipherSuiteForSignatureAlgorithms(int cipherSuite,
         case KeyExchangeAlgorithm.DH_anon:
         case KeyExchangeAlgorithm.DH_anon_EXPORT:
         case KeyExchangeAlgorithm.ECDH_anon:
-            return sigAlgs.contains(SignatureAlgorithm.anonymous);
+            return sigAlgs.contains(Shorts.valueOf(SignatureAlgorithm.anonymous));
 
         case KeyExchangeAlgorithm.DHE_RSA:
         case KeyExchangeAlgorithm.DHE_RSA_EXPORT:
         case KeyExchangeAlgorithm.ECDHE_RSA:
         case KeyExchangeAlgorithm.SRP_RSA:
-            return sigAlgs.contains(SignatureAlgorithm.rsa);
+            return sigAlgs.contains(Shorts.valueOf(SignatureAlgorithm.rsa));
 
         case KeyExchangeAlgorithm.DHE_DSS:
         case KeyExchangeAlgorithm.DHE_DSS_EXPORT:
         case KeyExchangeAlgorithm.SRP_DSS:
-            return sigAlgs.contains(SignatureAlgorithm.dsa);
+            return sigAlgs.contains(Shorts.valueOf(SignatureAlgorithm.dsa));
 
         case KeyExchangeAlgorithm.ECDHE_ECDSA:
-            return sigAlgs.contains(SignatureAlgorithm.ecdsa);
+            return sigAlgs.contains(Shorts.valueOf(SignatureAlgorithm.ecdsa));
 
         default:
             return true;
@@ -2534,13 +2535,13 @@ public static Vector getUsableSignatureAlgorithms(Vector sigHashAlgs)
         }
 
         Vector v = new Vector(4);
-        v.addElement(SignatureAlgorithm.anonymous);
+        v.addElement(Shorts.valueOf(SignatureAlgorithm.anonymous));
         for (int i = 0; i < sigHashAlgs.size(); ++i)
         {
             SignatureAndHashAlgorithm sigHashAlg = (SignatureAndHashAlgorithm)sigHashAlgs.elementAt(i);
 //            if (sigHashAlg.getHash() >= MINIMUM_HASH_STRICT)
             {
-                short sigAlg = sigHashAlg.getSignature();
+                Short sigAlg = Shorts.valueOf(sigHashAlg.getSignature());
                 if (!v.contains(sigAlg))
                 {
                     v.addElement(sigAlg);

core/src/main/java/org/bouncycastle/util/test/SimpleTest.java

@@ -49,6 +49,38 @@ protected void isEquals(
         }
     }
 
+    protected void isEquals(
+        int a,
+        int b)
+    {
+        if (a != b)
+        {
+            throw new TestFailedException(SimpleTestResult.failed(this, "no message"));
+        }
+    }
+
+    protected void isEquals(
+        String message,
+        boolean a,
+        boolean b)
+    {
+        if (a != b)
+        {
+            throw new TestFailedException(SimpleTestResult.failed(this, message));
+        }
+    }
+
+    protected void isEquals(
+        String message,
+        long a,
+        long b)
+    {
+        if (a != b)
+        {
+            throw new TestFailedException(SimpleTestResult.failed(this, message));
+        }
+    }
+
     protected void isEquals(
         String message,
         Object a,

core/src/test/java/org/bouncycastle/asn1/test/CMCFailInfoTest.java

@@ -15,20 +15,20 @@ public class CMCFailInfoTest
 
     // From Page 68, CMC: Structures RFC 5272
     private static Object[][] types = new Object[][]{
-        {"badAlg", 0L},
-        {"badMessageCheck", 1L},
-        {"badRequest", 2L},
-        {"badTime", 3L},
-        {"badCertId", 4L},
-        {"unsupportedExt", 5L},
-        {"mustArchiveKeys", 6L},
-        {"badIdentity", 7L},
-        {"popRequired", 8L},
-        {"popFailed", 9L},
-        {"noKeyReuse", 10L},
-        {"internalCAError", 11L},
-        {"tryLater", 12L},
-        {"authDataFail", 13L}
+        {"badAlg", new Long(0L) },
+        {"badMessageCheck", new Long(1L) },
+        {"badRequest", new Long(2L) },
+        {"badTime", new Long(3L) },
+        {"badCertId", new Long(4L) },
+        {"unsupportedExt", new Long(5L) },
+        {"mustArchiveKeys", new Long(6L) },
+        {"badIdentity", new Long(7L) },
+        {"popRequired", new Long(8L) },
+        {"popFailed", new Long(9L) },
+        {"noKeyReuse", new Long(10L) },
+        {"internalCAError", new Long(11L) },
+        {"tryLater", new Long(12L) },
+        {"authDataFail", new Long(13L)}
     };
     private static Map typesMap = new HashMap();
 
@@ -60,15 +60,15 @@ public void performTest()
 
         for (Iterator rangeKeys = range.keySet().iterator(); rangeKeys.hasNext(); )
         {   Object j = rangeKeys.next();
-            if (!typesMap.containsKey(((ASN1Integer)j).getValue().longValue()))  {
+            if (!typesMap.containsKey(new Long(((ASN1Integer)j).getValue().longValue())))  {
                 fail("The 'range' map in CMCFailInfo contains a value not in the test ('typesMap') map, value was: "+j.toString());
             }
         }
 
 
         for (Iterator typeKeys = typesMap.keySet().iterator(); typeKeys.hasNext(); )
         {   Object j = typeKeys.next();
-            if (!range.containsKey(new ASN1Integer((Long)j)))  {
+            if (!range.containsKey(new ASN1Integer(((Long)j).longValue())))  {
                 fail("The 'typesMap' map in CMCFailInfoTest contains a value not in the CMCFailInfo ('range') map, value was: "+j.toString());
             }
         }

core/src/test/java/org/bouncycastle/asn1/test/CMCStatusTest.java

@@ -26,14 +26,14 @@ public String getName()
 
     // From Page 68, CMC: Structures RFC 5272
     private static Object[][] types = new Object[][]{
-        {"success", 0L},
+        {"success", new Long(0L) },
         // -- reserved            (1),
-        {"failed", 2L},
-        {"pending", 3L},
-        {"noSupport", 4L},
-        {"confirmRequired", 5L},
-        {"popRequired", 6L},
-        {"partial", 7L}
+        {"failed", new Long(2L) },
+        {"pending", new Long(3L) },
+        {"noSupport", new Long(4L) },
+        {"confirmRequired", new Long(5L) },
+        {"popRequired", new Long(6L) },
+        {"partial", new Long(7L) }
     };
     private static Map typesMap = new HashMap();
 
@@ -66,7 +66,7 @@ public void performTest()
         for (Iterator rangeKeys = range.keySet().iterator(); rangeKeys.hasNext(); )
         {
             Object j = rangeKeys.next();
-            if (!typesMap.containsKey(((ASN1Integer)j).getValue().longValue()))
+            if (!typesMap.containsKey(new Long(((ASN1Integer)j).getValue().longValue())))
             {
                 fail("The 'range' map in CMCStatus contains a value not in the test ('typesMap') map, value was: " + j.toString());
             }
@@ -76,7 +76,7 @@ public void performTest()
         for (Iterator typeKeys = typesMap.keySet().iterator(); typeKeys.hasNext(); )
         {
             Object j = typeKeys.next();
-            if (!range.containsKey(new ASN1Integer((Long)j)))
+            if (!range.containsKey(new ASN1Integer(((Long)j).longValue())))
             {
                 fail("The 'typesMap' map in CMCStatusTest contains a value not in the CMCStatus ('range') map, value was: " + j.toString());
             }

core/src/test/java/org/bouncycastle/asn1/test/ControlsProcessedTest.java

@@ -28,7 +28,7 @@ public void performTest()
         ControlsProcessed cp = new ControlsProcessed(new BodyPartReference[]{new BodyPartReference(new BodyPartID(12L)), new BodyPartReference(new BodyPartID(14L))});
         byte[] b = cp.getEncoded();
         ControlsProcessed cpResult = ControlsProcessed.getInstance(b);
-        isEquals(cpResult.getBodyList().length, cp.getBodyList().length);
+        isTrue(cpResult.getBodyList().length == cp.getBodyList().length);
         isEquals(cpResult.getBodyList()[0], cp.getBodyList()[0]);
         isEquals(cpResult.getBodyList()[1], cp.getBodyList()[1]);
 

core/src/test/java/org/bouncycastle/asn1/test/RevokeRequestTest.java

@@ -53,11 +53,11 @@ public void performTest()
             }
             if ((t & 2) == 2)
             {
-                passphrase = new DEROctetString(Pack.longToBigEndian(System.nanoTime()));
+                passphrase = new DEROctetString(Pack.longToBigEndian(System.currentTimeMillis()));
             }
             if ((t & 4) == 4)
             {
-                comment = new DERUTF8String(Long.toOctalString(System.nanoTime()));
+                comment = new DERUTF8String("T" + Long.toOctalString(System.currentTimeMillis()));
             }
 
             RevokeRequest rr = new RevokeRequest(

docs/releasenotes.html

@@ -29,6 +29,17 @@ <h3>2.1.2 Defects Fixed</h3>
 <ul>
 <li>A class cast exception for master certification removal in PGPPublicKey.removeCertification() by certification has been fixed.</li>
 <li>GOST GOFB 28147-89 mode had an edge condition concerning the incorrect calculation of N4 (see section 6.1 of RFC 5830) affecting about 1% of IVs. This has been fixed.</li>
+<li>The X.509 PolicyConstraints class was using implicit rather than explicit tagging for the SkipCerts field. This has been fixed.</li>
+<li>Key expiration in the OpenPGP is now calculated for ambiguous self signatures using the most recently created self-signature, in line with GPG and the recommendation in RFC 4880.</li>
+</ul>
+<h3>2.2.3 Additional Features and Functionality</h3>
+<ul>
+<li>ARIA (RFC 5794) is now supported by the provider and the lightweight API.</li>
+<li>SM2 signatures, key exchange, and public key encryption has been added to the lightweight API.</li>
+</ul>
+<h3>2.1.3 Security Related Changes</h3>
+<ul>
+<li>The default parameter sizes for DH and DSA are now 2048. If you have been relying on key pair generation without passing in parameters generated keys will now be larger.</li>
 </ul>
 
 <h3>2.2.1 Version</h3>

pkix/src/main/java/org/bouncycastle/est/CTEBase64InputStream.java

@@ -25,7 +25,6 @@ public CTEBase64InputStream(InputStream src, Long limit)
         this.src = src;
         this.dataOutputStream = new OutputStream()
         {
-            @Override
             public void write(int b)
                 throws IOException
             {
@@ -35,7 +34,6 @@ public void write(int b)
         this.max = limit;
     }
 
-
     // Pulls a line from the source, decodes it and returns the decoded length.
     // Or returns -1 if there is nothing more to read and nothing was read in this pass.
     protected int pullFromSrc()
@@ -82,7 +80,7 @@ else if (j >= 0)
             }
             catch (Exception ex)
             {
-                throw new IOException("Decode Base64 Content-Transfer-Encoding", ex);
+                throw new IOException("Decode Base64 Content-Transfer-Encoding: " + ex);
             }
         }
         else
@@ -112,11 +110,9 @@ public int read()
         return data[rp++] & 0xFF;
     }
 
-    @Override
     public void close()
         throws IOException
     {
         src.close();
     }
-
 }

pkix/src/main/java/org/bouncycastle/est/ESTException.java

@@ -74,8 +74,7 @@ public Throwable getCause()
     {
         return cause;
     }
-
-    @Override
+
     public String getMessage()
     {
         return super.getMessage() + " HTTP Status Code: " + statusCode;