Merge branch 'master' of git.bouncycastle.org:bc-java

7 files changed, 56 insertions, 11 deletions

diff --git a/CONTRIBUTORS.html b/CONTRIBUTORS.html
index 1c6f0e36..e562ceb7 100644
--- a/CONTRIBUTORS.html
+++ b/CONTRIBUTORS.html
@@ -4,9 +4,16 @@ The following organisations and people have contributed to the Bouncy Castle Cry
 <p>
 Thanks, may your castles never deflate!
 <p>
+Donors.
+<p>
+The following people and organisations donated financially to help with the release of 1.51:
+<p>
+Gup & Boz @ Alki Seattle, Bytemine Gmbh, Ted Pennings, Atanas Krachev, PrimeKey Solutions AB, Martin Paljak, CorseraFri19980116, CPU Terminator, Lindsay Bradford, kares, Philius, and Aaron Anderson.
+</p>
+<p>
 Organisations
 <ul>
-<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Currently 20 hours of consulting time left over from these has been contributed back to working on the Bouncy Castle APIs. You know who you are!</li>
+<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Currently 40 hours of consulting time left over from these has been contributed back to working on the Bouncy Castle APIs. You know who you are!</li>
 <li><a href="http://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
 lightweight client side TLS implementation, which is based on MicroTLS. MicroTLS was developed
diff --git a/ant/bc+-build.xml b/ant/bc+-build.xml
index ab608d32..a891c0de 100644
--- a/ant/bc+-build.xml
+++ b/ant/bc+-build.xml
@@ -201,7 +201,7 @@
             <element name="docElements" />
             <sequential>
             <mkdir dir="@{docsDir}" />
-            <javadoc sourcepath="@{srcDir}"
+            <javadoc maxmemory="128m" sourcepath="@{srcDir}"
                      destdir="@{docsDir}"
                      windowtitle="Bouncy Castle Library ${release.name} API Specification"
                      header="&lt;b&gt;Bouncy Castle Cryptography Library ${release.name}&lt;/b&gt;">
@@ -621,7 +621,7 @@
         <mkdir dir="${artifacts.jars.dir}" />
 
         <property name="test.target.dir" value="${artifacts.dir}/${test.target}" />
-<property name="test.target.src.dir" value="${test.target.dir}/src" />
+        <property name="test.target.src.dir" value="${test.target.dir}/src" />
 
         <mkdir dir="${test.target.dir}" />
 
@@ -673,7 +673,8 @@
     </target>
 
     <target name="test">
-        <junit fork="yes" dir="${basedir}" failureProperty="test.failed">
+        <mkdir dir="${basedir}/${build.dir}/${target.prefix}" />
+        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed">
             <classpath>
                 <path refid="project.classpath" /> 
                 <fileset dir="${artifacts.jars.dir}">
@@ -681,7 +682,7 @@
                     <exclude name="**/bcprov-jdk*.jar" />
                 </fileset>
             </classpath>
-            <sysproperty key="bc.test.data.home" value="core/src/test/data" />
+            <sysproperty key="bc.test.data.home" value="../../core/src/test/data" />
 
             <formatter type="xml" />
             <test name="${testcase}" todir="${artifacts.reports.xml.dir}" if="testcase" />
@@ -703,7 +704,7 @@
     </target>
 
     <target name="test-lw">
-        <junit fork="yes" dir="${basedir}" failureProperty="test.failed">
+        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed">
             <classpath>
                 <fileset dir="${artifacts.jars.dir}">
                     <include name="**/*.jar" />
diff --git a/ant/jdk14.xml b/ant/jdk14.xml
index 0bdeb592..14282195 100644
--- a/ant/jdk14.xml
+++ b/ant/jdk14.xml
@@ -113,6 +113,12 @@
             <fileset dir="prov/src/test/jdk1.4" includes="**/*.java" />
             <fileset dir="pg/src/test/jdk1.4" includes="**/*.java" />
         </copy>
+        <copy todir="${src.dir}" overwrite="true">
+            <fileset dir="core/src/main/javadoc" />
+            <fileset dir="prov/src/main/javadoc" />
+            <fileset dir="pkix/src/main/javadoc" />
+            <fileset dir="pg/src/main/javadoc" />
+        </copy>
         <available classname="com.puppycrawl.tools.checkstyle.CheckStyleTask" property="checkstyle.on" />
     </target>
 
diff --git a/docs/releasenotes.html b/docs/releasenotes.html
index 5384f9f6..a1d0ffa9 100644
--- a/docs/releasenotes.html
+++ b/docs/releasenotes.html
@@ -35,6 +35,8 @@ Release 1.51
 <li>Calls to  CommandMap.setDefaultCommandMap() in the SMIME API are now wrapped in doPrivileged() blocks to allow them to work with a security manager.</li>
 <li>The encoding of the certificate_authorities field of a TLS CertificateRequest has been fixed.</li>
 <li>EC point formats are now strictly enforced in the TLS API.</li>
+<li>The provider implementation was failing to throw an exception if algorithm parameters were passed in when none were required for EC key agreement. This has been fixed.</li>
+<li>PKCS#12 files containing keys/certificates with empty attribute sets attached to them no longer cause an ArrayIndexOutOfBoundsException to be thrown.</li>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>
@@ -43,13 +45,30 @@ Release 1.51
 <li>Support has been add for RFC5649 key wrapping using AES.</li>
 <li>The PGP API now allows access and handling of User IDs as raw byte arrays, to deal with keyrings not using UTF-8.</li>
 <li>The PGP API now provides automatic conversion of embedded signatures in signature sub-packet vectors.</li>
+<li>The PGP API now fully supports ECDH as outlined in RFC 6637.</li>
 <li>GCM and GMAC now support tag lengths down to 32 bits.</li>
 <li>Custom implementations for many of the SEC Fp curves have been added, resulting in drastically improved performance. The current list includes all secp***k1 and secp***r1 curves from 192 to 521 bits. They can be accessed via the org.bouncycastle.crypto.ec.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.</li>
 <li>Automatic EC point validation added, both for decoded inputs and multiplier outputs.</li>
+<li>A SkippingCipher interface has been added for ciphers that can be moved into a specific state for a given byte address. The lightweight class StreamBlockCipher has been generalised to support any BlockCipher object that can support a streaming mode.</li>
+<li>ASN.1 date/time objects now support the passing in of a Locale to allow for constructing the object using a Date interpreted from a different locale to the default for the JVM.</li>
+<li>The range of Diffie-Hellman OIDs recognised by the provider has been extended.</li>
+<li>Some utility methods for interpreting OIDs have been exposed in the JcaJceUtils class.</li>
+<li>A method has been added to CMSSignedData for replacing the OCSP responses associated with a signed message.</li>
+<li>Use of RC2/RC4 in the CMS is now provider independent.</li>
+<li>TlsInputStream now provides a means of supporting InputStream.available().</li>
+<li>Dependencies on the JCA have been removed from PGPObjectFactory.</li>
+<li>Further work has been done on improving key quality with EC and DSA algorithms.</li>
+<li>KDFCounterBytesGenerator now supports suffix and prefix fixed input data, as outlined in NIST SP 800-108.</li>
+<li>Support has been added to allow retrieval and resetting the internal state of the SHA/SHA-2 digests in the lightweight API using an encoded format.</li>
+<li>BSI plain ECDSA is now supported by the provider.</li>
+<li>The provider now advertises RSA PSS signature implementations directly using the standard naming.</li>
+<li>Compatibility issues with some OSGI containers have been addressed.</li>
 </ul>
 <h3>2.1.4 Notes</h3>
 <ul>
 <li>Support for NTRUSigner has been deprecated as the algorithm has been withdrawn.</li>
+<li>Some changes have affected the return values of some methods. If you are migrating from an earlier release, it is recommended to recompile before using this release.</li>
+<li>There has been further clean out of deprecated methods in this release. If your code has previously been flagged as using a deprecated method you may need to change it. The OpenPGP API is the most heavily affected.</li>
 </ul>
 <h3>2.2.1 Version</h3>
 Release 1.50
diff --git a/docs/specifications.html b/docs/specifications.html
index 89582ab0..d810c533 100644
--- a/docs/specifications.html
+++ b/docs/specifications.html
@@ -213,6 +213,7 @@ used with the above modes.
 <tr><td><b>RijndaelEngine</b></td><td>0 .. 256 </td><td>128 bit, 160 bit, 192 bit, 224 bit, 256 bit</td><td>&nbsp;</td></tr>
 <tr><td><b>SEEDEngine</b></td><td>128</td><td>128 bit</td><td>&nbsp;</td></tr>
 <tr><td><b>SEEDWrapEngine</b></td><td>128</td><td>128 bit</td><td>&nbsp;</td></tr>
+<tr><td><b>Shacal2Engine</b></td><td>512</td><td>256 bit</td><td>&nbsp;</td></tr>
 <tr><td><b>SerpentEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td>&nbsp;</td></tr>
 <tr><td><b>SkipjackEngine</b></td><td>0 .. 128 </td><td>64 bit</td><td>&nbsp;</td></tr>
 <tr><td><b>TEAEngine</b></td><td>128</td><td>64 bit</td><td>&nbsp;</td></tr>
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
index 70fe3860..438164b5 100644
--- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
+++ b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java
@@ -80,6 +80,10 @@ public class RSA
             provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
             provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA");
 
+            provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA");
+            provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA");
+            provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA");
+            provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA");
             provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA");
             provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA");
             provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA");
@@ -101,10 +105,6 @@ public class RSA
             provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS");
             provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS");
             provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS");
-            provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS");
 
             if (provider.hasAlgorithm("MessageDigest", "MD2"))
             {
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
index 8a478717..87773da8 100644
--- a/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
+++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java
@@ -811,7 +811,18 @@ public class ECDSA5Test
         throws Exception
     {
         testCustomNamedCurveSigning("secp256r1");
-        testCustomNamedCurveSigning("secp256k1");
+
+        try
+        {
+            testCustomNamedCurveSigning("secp256k1");
+        }
+        catch (IllegalArgumentException e)
+        {
+            if (!e.getMessage().equals("first coefficient is negative"))     // bogus jdk 1.5 exception...
+            {
+                throw e;
+            }
+        }
     }
 
     private void testCustomNamedCurveSigning(String name)