Merge tag 'r1rv56' of https://github.com/bcgit/bc-java

Release 1.56 tag

Author: Dominik Schürmann

.gitignore

@@ -9,3 +9,8 @@
 bin/
 build/
 .settings/
+
+pg/*.asc
+pg/*.bak
+pg/*.bpg
+pg/*.txt

CONTRIBUTORS.html

@@ -6,6 +6,19 @@
 <p>
 Donors
 <p>
+The following people and organisations donated financially to help with the release of 1.56:
+<br />
+DidiSoft, Cotiviti, Atanas Krachev, Encryptomatic LLC, LogicalAnswersIncSupporter
+</p>
+<p>
+We also wish to acknowledge financial support from the <a href="https://www.coreinfrastructure.org/">Core Infrastructure Initiative</a> towards developing the TLS API and JSSE provider.
+</p>
+<p>
+The following people and organisations donated financially to help with the release of 1.55:
+<br />
+Digistamp, RAM NAG
+</p>
+<p>
 The following people and organisations donated financially to help with the release of 1.54:
 <br />
 Lobster GmbH
@@ -27,7 +40,7 @@
 <p>
 Organisations
 <ul>
-<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Currently 100 hours of consulting time left over from these has been contributed back to working on the Bouncy Castle APIs. You know who you are!</li>
+<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Without the consulting time left over from support contracts being contributed back to working on the Bouncy Castle APIs, progress would be impossible. You know who you are!</li>
 <li><a href="http://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li>
 <li><a href="http://www.grierforensics.com/">Grier Forensics</a>, for collaborating in the development of the S/MIME Toolkit and DANE SMIMEA functionality.</li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
@@ -347,7 +360,7 @@
 <li>Samuel Lid&eacute;n Borell &lt;samuel&#064primekey.se&gt; patch to add DSTU-4145 to DefaultSignatureAlgorithmFinder</li>
 <li>Sergio Demian Lerner &lt;sergiolerner&#064certimix.com&gt; pointing out isInfinity issue in ECDSASigner signature verification.</li>
 <li>Tim Whittington &lt;Tim.Whittington&#064orionhealth.com&gt; patch to remove extra init call in CMac, additional of Memoable interface for Digest classes, initial implementation of GMAC, further correctness tests for IV and reset processing in OCB, CCM, and block cipher reset. Initial implementation of Skein, XSalsa20, ChaCha, reduced round Salsa20, Threefish, and the Poly1305 MAC. Documentation updates. Added OCB support to Noekeon and CAST6 in the provider, exception testing for CTS, optimisations for CCM, provider support for AAD cipher methods, safe CipherInput/OutputStream implementations for use with AAD and subsequent bug fixes, cleanup after IDEA patent expiry, work on JCE SipHash support, optimisations for AESFastEngine, further work on EncodableDigest for SHA-2 digests, contributions to BCrypt/OpenBSDBCrypt, PGP API documentation and code quality work.</li>
-<li>Marcus Lundblad &lt;marcus.lundblad&#064primekey.se&gt; patch for working arnound JDK jarsigner TSP bug, optional setting of IssuerSerial in TimeStampTokenGenerator.</li>
+<li>Marcus Lundblad &lt;marcus.lundblad&#064primekey.se&gt; patch for working arnound JDK jarsigner TSP bug, optional setting of IssuerSerial in TimeStampTokenGenerator, additional extensions enhancement for time stamp token generation.</li>
 <li>Andrey Zhozhin &lt;zhozhin&#064xrm.ru&gt; patch for override of TSP SignerInfo attributes.</li>
 <li>Sergey Tiunov &lt;t5555d&#064gmail.com&gt; initial cut of DVCS classes.</li>
 <li>Damian Kolasa &lt;fatfredyy&#064gmail.com&gt; ASN1Sequence patch for class cast issue in X9Curve.</li>
@@ -393,20 +406,30 @@
 <li>Thomas Belot&lt;thomas.belot+BC&#064gmail.com&gt; initial CertPathLoopTest for demonstrating stack overflow issue.</li>
 <li>Rich DiCroce&lt;https://github.com/rdicroce&gt; Initial implementation of server-side TLS-SRP support. TLS API extension to support non-blocking usage.</li>
 <li>Bj&ouml;rn Kautler&lt;https://github.com/Vampire&gt; Refinements to cert path validation (authority key addition, certificate order preservation).</li>
-<li>Dominik Sch&uuml;rmann&lt;https://github.com/dschuermann&gt; method for returning signatures/verifications without user IDs on PGPPublicKey, method for exposing S2K in PGPSecretKey, constants for GNU protection modes in S2K classes.</li>
+<li>Dominik Sch&uuml;rmann&lt;https://github.com/dschuermann&gt; method for returning signatures/verifications without user IDs on PGPPublicKey, method for exposing S2K in PGPSecretKey, constants for GNU protection modes in S2K classes, optional version header for armored output.</li>
 <li>Michael &lt;MSKnete&#064web.de&gt; initial fix for bitStrength issue for OpenPGP EC keys.</li>
 <li>Tobias Wagner &lt;tobias.wagner&#064n-design.de&gt; Fix SecureRandom handling in BcAsymmetricKeyWrapper [#BJA-536].</li>
-<li>Sergio Giro &lt;sgiro&#064google.com&gt; Fixed adding of additional stores from CRL distribution point [#BJA-537]. Fixed missing null check for CRL certificate issuer [#BJA-538].</li>
+<li>Sergio Giro &lt;sgiro&#064google.com&gt; Fixed adding of additional stores from CRL distribution point [#BJA-537]. Fixed missing null check for CRL certificate issuer [#BJA-538], removal of risky zeroisation code in PBE.java, check for salt in PBEKeys that require it.</li>
 <li>bschuette&lt;https://github.com/bschuette&gt; Fixed typo in DefaultSignatureAlgorithmIdentifierFinder, additional methods on CMSSignedDataParser.</li>
 <li>Leonard Dallot&lt;https://github.com/dallotTazTag&gt; Fix to S2K usage of none on changing passwords on keys without passwords originally.</li>
 <li>Jan Willem Janssen &lt;j.w.janssen+bouncycastle&#064lxtreme.nl&gt; Support for DSAParameters in lightweight SubjectPublicKeyInfoFactory, initial content signer verifier for BC lightweight EC.</li>
 <li>Sebastian Oerding &lt;[email protected]&gt; Fixes to toString() in x509.CertificatePolicies.</li>
 <li>Kai Kramer &lt;kai.kramer&#064gmail.com&gt; Code to deal with orphaned chain certificates in the PKCS#12 KeyStore.</li>
 <li>Benoit Charles &lt;benoit.charles&#064opentrust.com&gt; Fix for IES data length check on decryption.</li>
-<li>Niko &lt;nfink95@gmail.com&gt; fix to cast issue in getOutputSize() for ECIES.</li>
+<li>Niko &lt;nfink95&#064gmail.com&gt; fix to cast issue in getOutputSize() for ECIES.</li>
 <li>akwizgran&lt;https://github.com/akwizgran&gt; Fixed clone of key in Blake2bDgest copy constructor, blake2b reset issue for varient keys.</li>
 <li>Matthias Edelhoff &lt;Matthias.Edelhoff&#064cryptovision.com&gt; BasicConstraintsValidation pathlen fix in PKIX certpath classes.</li>
 <li>Lukasz Deputat &lt;lukasz.deputat&#064gmail.com&gt; Fixed bugs in TlsUtils read methods [#BJA-592].</li>
+<li>Justin Ludwig &lt;https://github.com/justinludwig&gt; Iterator fix for PGPObjectFactory to handle stream packets at start of iterated data.</li>
+<li>Andr&eacute; Berenguel &lt;https://github.com/aberenguel&gt; Fix to include ECNamedCurveSpec in EC AlgorithmParameterSpi</li>
+<li>Slawomir Jaranowski&lt;https://github.com/slawekjaranowski&gt; Patch to make cipher/hash/signature name methods in PGP internal API public.</li>
+<li>Andrey Vasilyev&lt;https://github.com/andrey-vasilyev&gt; Initial implementation of GOST R 34.11-2012.</li>
+<li>William Glanton &lt;wglanton77&#064gmail.com&gt; Fixed bug in Poly1305 [#BJA-620].</li>
+<li>jdvorak001&lt;https://github.com/jdvorak001&gt; Speed improvements for ASN.1 ObjectIdentifier cache.</li>
+<li>Joseph Naegele &lt;[email protected]&gt; Patch for handling multiple certificates in a DANE SMIMEA entry.</li>
+<li>Andrew Bonventre&lt;https://github.com/andybons&gt; NullPointer patch for WNafUtil.</li>
+<li>The Google Security Team (Project Wycheproof) &lt;https://github.com/google/wycheproof&gt; defect analysis and additional test cases for the provider.</li>
+<li>The Intel Security Team &lt;&gt; analysis detecting the issue with AESFastEngine (CVE-2016-1000339), additional suggestions for improvement to hardening of AESEngine.</li>
 </ul>
 </body>
 </html>

LICENSE.html

@@ -1,7 +1,7 @@
 <html>
 <body bgcolor=#ffffff>
 
-Copyright (c) 2000-2015 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
+Copyright (c) 2000-2016 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
 <p>
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
 and associated documentation files (the "Software"), to deal in the Software without restriction, 

README.md

@@ -25,6 +25,8 @@ The **mail** module provides an S/MIME API built on top of CMS.
 
 The **pg** module is the home for code used to support OpenPGP.
 
+The **tls** module is the home for code used to a general TLS API and JSSE Provider (as at 1.56 this should be considered a beta).
+
 The build scripts that come with the full distribution allow creation of the different releases by using the different source trees while excluding classes that are not appropriate and copying in the required compatibility classes from the directories containing compatibility classes appropriate for the distribution.
 
 If you want to try create a build for yourself, using your own environment, the best way to do it is to start with the build for the distribution you are interested in, make sure that builds, and then modify your build scripts to do the required exclusions and file copies for your setup, otherwise you are likely to get class not found exceptions. The final caveat to this is that as the j2me distribution includes some compatibility classes starting in the java package, you need to use an obfuscator to change the package names before attempting to import a midlet using the BC API.
@@ -71,4 +73,4 @@ For bug reporting/requests you can report issues here on github, via feedback-cr
 
 ## Finally
 
-Enjoy!
+Enjoy!

ant/bc+-build.xml

@@ -43,6 +43,12 @@
     <property name="pg.target.docs.dir" value="${pg.target.dir}/javadoc" />
     <property name="pg.target.src.zip" value="${pg.target.dir}/src.zip" />
 
+    <property name="tls.target" value="bctls-${target.name}" />
+    <property name="tls.target.dir" value="${artifacts.dir}/${tls.target}" />
+    <property name="tls.target.src.dir" value="${tls.target.dir}/src" />
+    <property name="tls.target.docs.dir" value="${tls.target.dir}/javadoc" />
+    <property name="tls.target.src.zip" value="${tls.target.dir}/src.zip" />
+
     <property name="lcrypto.target" value="lcrypto-${target.name}" />
     <property name="lcrypto.target.dir" value="${artifacts.dir}/${lcrypto.target}" />
     <property name="lcrypto.target.src.dir" value="${lcrypto.target.dir}/src" />
@@ -100,7 +106,7 @@
                 <javac source="${bc.javac.source}" target="${bc.javac.target}"
                     srcdir="${artifacts.dir}/@{target}/src"
                     destdir="${build.dir}/@{target}/classes"
-                    debug="${release.debug}">
+                    debug="${release.debug}" fork="true">
                     <classpath>
                         <path refid="project.classpath" /> 
                         <fileset dir="${artifacts.jars.dir}">
@@ -320,6 +326,8 @@
                  <exclude name="org/bouncycastle/tsp/**" />
                  <exclude name="org/bouncycastle/voms/**" />
                  <exclude name="org/bouncycastle/apache/**" />
+                 <exclude name="org/bouncycastle/tls/**" />
+                 <exclude name="org/bouncycastle/jsse/**" />
              </fileset>
              <fileset dir="${src.dir}">
                  <include name="org/bouncycastle/x509/CertPathReviewerMessages*.properties" />
@@ -430,6 +438,8 @@
                  <exclude name="org/bouncycastle/mozilla/**" />
                  <exclude name="org/bouncycastle/bcpg/**" />
                  <exclude name="org/bouncycastle/voms/**" />
+                 <exclude name="org/bouncycastle/tls/**" />
+                 <exclude name="org/bouncycastle/jsse/**" />
                  <exclude name="org/apache/**/*.java" />
              </fileset>
              <fileset dir="${src.dir}" includes="org/bouncycastle/util/test/*.java" />
@@ -530,6 +540,50 @@
 
     </target>
 
+    <!--
+          TLS
+    -->
+    <target name="build-tls" depends="initMacros">
+        <mkdir dir="${tls.target.dir}" />
+
+        <copyStandardFiles toDir="${tls.target.dir}" />
+
+        <copy todir="${tls.target.src.dir}">
+             <fileset dir="${src.dir}">
+                 <exclude name="**/*Test.java" />
+                 <exclude name="**/*Tests.java" />
+                 <exclude name="**/test/*.java" />
+                 <include name="org/bouncycastle/tls/**/*.java" />
+                 <include name="org/bouncycastle/tls/**/*.properties" />
+                 <include name="org/bouncycastle/jsse/**/*.java" />
+                 <include name="org/bouncycastle/jsse/**/*.properties" />
+             </fileset>
+        </copy>
+
+        <compile target="${tls.target}">
+            <jarFileSet>
+                <include name="**/*.class"/>
+                <include name="**/*.properties"/>
+            </jarFileSet>
+            <manifestElements>
+                <attribute name="Manifest-Version" value="1.0" />
+                <attribute name="Extension-Name" value="org.bouncycastle.bctls" />
+                <attribute name="Specification-Vendor" value="BouncyCastle.org" />
+                <attribute name="Specification-Version" value="1.1" />
+                <attribute name="Implementation-Vendor-Id" value="org.bouncycastle" />
+                <attribute name="Implementation-Vendor" value="BouncyCastle.org" />
+                <attribute name="Implementation-Version" value="${release.version}.0" />
+                <attribute name="Application-Name" value="Bouncy Castle TLS API and Provider" />
+                <attribute name="Trusted-Library" value="true" />
+                <attribute name="Permissions" value="all-permissions" />
+                <attribute name="Codebase" value="*" />
+                <attribute name="Application-Library-Allowable-Codebase" value="*" />
+                <attribute name="Caller-Allowable-Codebase" value="*" />
+            </manifestElements>
+        </compile>
+
+    </target>
+
     <target name="build-pkix" depends="initMacros">
         <mkdir dir="${pkix.target.dir}" />
 
@@ -863,6 +917,34 @@
         </copy>
     </target>
 
+    <!--
+          TLS JavaDoc
+    -->
+    <target name="javadoc-tls" depends="initMacros">
+        <copy todir="${tls.target.src.dir}">
+             <fileset dir="${src.dir}">
+                 <include name="org/bouncycastle/jsse/**/test/*.java" />
+                 <include name="org/bouncycastle/jsse/**/*.html" />
+                 <include name="org/bouncycastle/tls/**/test/*.java" />
+                 <include name="org/bouncycastle/tls/**/*.html" />
+             </fileset>
+        </copy>
+
+        <compile-doc srcDir="${tls.target.src.dir}" docsDir="${artifacts.docs.dir}/bctls">
+            <docElements>
+                <package name="org.bouncycastle.tls.*" />
+                <package name="org.bouncycastle.jsse.*" />
+                <group title="TLS/DTLS Packages" packages="org.bouncycastle.tls,org.bouncycastle.tls.crypto*" />
+                <group title="JSSE Provider Packages" packages="org.bouncycastle.jsse.provider" />
+                <group title="TLS/DTLS/JSSE Provider Test and Example Packages" packages="org.bouncycastle.jsse.provider.test*,org.bouncycastle.tls.test*" />
+            </docElements>
+        </compile-doc>
+
+        <copy todir="${tls.target.docs.dir}">
+             <fileset dir="${artifacts.docs.dir}/bctls" />
+        </copy>
+    </target>
+
     <!--
           PKIX JavaDoc
     -->

ant/jdk14.xml

@@ -31,7 +31,6 @@
                 <exclude name="**/ValidateSignedMail.java"/>
             </fileset>
             <fileset dir="prov/src/main/java">
-                <exclude name="**/ec/ECUtils.java" />
                 <exclude name="**/ECPointUtil.java" />
                 <exclude name="**/ECNamedCurveSpec.java" />
                 <exclude name="**/BCEC*.java" />

ant/jdk15+.xml

@@ -37,6 +37,11 @@
             <fileset dir="prov/src/test/java" includes="**/*.java" />
             <fileset dir="prov/src/test/resources" includes="**/*.*" />
 
+            <fileset dir="tls/src/main/java" includes="**/*.java" />
+            <fileset dir="tls/src/main/javadoc" includes="**/*.html" />
+            <fileset dir="tls/src/test/java" includes="**/*.java" />
+            <fileset dir="tls/src/test/resources" includes="**/*.*" />
+
             <fileset dir="pkix/src/main/java" includes="**/*.java" />
             <fileset dir="pkix/src/main/javadoc" includes="**/*.html" />
             <fileset dir="pkix/src/main/java" includes="**/*.properties" />
@@ -86,9 +91,11 @@
     </target>
 
     <target name="build" depends="init">
+        <ant antfile="ant/bc+-build.xml" dir="." target="build-tls" />
         <ant antfile="ant/bc+-build.xml" dir="." />
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-lw" />
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-libraries" />
+        <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-tls" />
     </target>
 
     <target name="build-lw" depends="init">

bc-build.properties

@@ -1,8 +1,8 @@
 
-release.suffix: 155b02
-release.name: 1.55b02
-release.version: 1.55.0.2
-release.debug: true
+release.suffix: 156
+release.name: 1.56
+release.version: 1.56.0
+release.debug: false
 
 mail.jar.home: /opt/javamail/mail.jar
 activation.jar.home: /opt/jaf/activation.jar

build.gradle

@@ -41,7 +41,7 @@ subprojects {
 
     sourceCompatibility = 1.5
     targetCompatibility = 1.5
-    version = '1.52'
+    version = '1.56-SNAPSHOT'
 
     test {
         systemProperty 'bc.test.data.home', bcTestDataHome
@@ -52,29 +52,32 @@ subprojects {
     }
 }
 
-test.dependsOn([':core:test', ':prov:test', ':pkix:test', ':mail:test', 'pg:test'])
+test.dependsOn([':core:test', ':prov:test', ':tls:test', ':pkix:test', ':mail:test', 'pg:test'])
 
 cobertura {
    coverageDirs = [
         "${rootProject.projectDir}/core/build/classes/main",
         "${rootProject.projectDir}/mail/build/classes/main",
         "${rootProject.projectDir}/pg/build/classes/main",
         "${rootProject.projectDir}/pkix/build/classes/main",
-        "${rootProject.projectDir}/prov/build/classes/main"
+        "${rootProject.projectDir}/prov/build/classes/main",
+        "${rootProject.projectDir}/tls/build/classes/main",
    ]
    coverageSourceDirs = [
         "${rootProject.projectDir}/core/src/main/java",
         "${rootProject.projectDir}/mail/src/main/java",
         "${rootProject.projectDir}/pg/src/main/java",
         "${rootProject.projectDir}/pkix/src/main/java",
         "${rootProject.projectDir}/prov/src/main/java",
+        "${rootProject.projectDir}/tls/src/main/java",
    ]
    coverageMergeDatafiles = [
           file("${rootProject.projectDir}/core/build/cobertura/cobertura.ser"),
           file("${rootProject.projectDir}/mail/build/cobertura/cobertura.ser"),
           file("${rootProject.projectDir}/pg/build/cobertura/cobertura.ser"),
           file("${rootProject.projectDir}/pkix/build/cobertura/cobertura.ser"),
           file("${rootProject.projectDir}/prov/build/cobertura/cobertura.ser"),
+          file("${rootProject.projectDir}/tls/build/cobertura/cobertura.ser"),
    ]
    auxiliaryClasspath += files("${rootProject.projectDir}/core/build/classes/main")
    coverageFormats = ['html', 'xml']