diff options
author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-24 17:42:43 +0400 |
---|---|---|
committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-07-24 17:42:43 +0400 |
commit | 995407496e4d3d8eb24fe9fdffefefa230e485d4 (patch) | |
tree | 7dbdce75c16b54e5f8764ce992cf8688397e34cb | |
parent | 2c27bc698845cf6ce477facd15fdfaaea6cfc2db (diff) | |
parent | ad2607775f0dc3b3b4e2763bdd2845a057529675 (diff) |
Merge branch 'master' of git.bouncycastle.org:bc-java
-rw-r--r-- | CONTRIBUTORS.html | 9 | ||||
-rw-r--r-- | ant/bc+-build.xml | 11 | ||||
-rw-r--r-- | ant/jdk14.xml | 6 | ||||
-rw-r--r-- | docs/releasenotes.html | 19 | ||||
-rw-r--r-- | docs/specifications.html | 1 | ||||
-rw-r--r-- | prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java | 8 | ||||
-rw-r--r-- | prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java | 13 |
7 files changed, 56 insertions, 11 deletions
diff --git a/CONTRIBUTORS.html b/CONTRIBUTORS.html index 1c6f0e36..e562ceb7 100644 --- a/CONTRIBUTORS.html +++ b/CONTRIBUTORS.html @@ -4,9 +4,16 @@ The following organisations and people have contributed to the Bouncy Castle Cry <p> Thanks, may your castles never deflate! <p> +Donors. +<p> +The following people and organisations donated financially to help with the release of 1.51: +<p> +Gup & Boz @ Alki Seattle, Bytemine Gmbh, Ted Pennings, Atanas Krachev, PrimeKey Solutions AB, Martin Paljak, CorseraFri19980116, CPU Terminator, Lindsay Bradford, kares, Philius, and Aaron Anderson. +</p> +<p> Organisations <ul> -<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Currently 20 hours of consulting time left over from these has been contributed back to working on the Bouncy Castle APIs. You know who you are!</li> +<li>Holders of <a href="http://www.cryptoworkshop.com">Crypto Workshop Support Contracts</a>. Currently 40 hours of consulting time left over from these has been contributed back to working on the Bouncy Castle APIs. You know who you are!</li> <li><a href="http://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li> <li>TU-Darmstadt, Computer Science Department, RBG, for the initial lightweight client side TLS implementation, which is based on MicroTLS. MicroTLS was developed diff --git a/ant/bc+-build.xml b/ant/bc+-build.xml index ab608d32..a891c0de 100644 --- a/ant/bc+-build.xml +++ b/ant/bc+-build.xml @@ -201,7 +201,7 @@ <element name="docElements" /> <sequential> <mkdir dir="@{docsDir}" /> - <javadoc sourcepath="@{srcDir}" + <javadoc maxmemory="128m" sourcepath="@{srcDir}" destdir="@{docsDir}" windowtitle="Bouncy Castle Library ${release.name} API Specification" header="<b>Bouncy Castle Cryptography Library ${release.name}</b>"> @@ -621,7 +621,7 @@ <mkdir dir="${artifacts.jars.dir}" /> <property name="test.target.dir" value="${artifacts.dir}/${test.target}" /> -<property name="test.target.src.dir" value="${test.target.dir}/src" /> + <property name="test.target.src.dir" value="${test.target.dir}/src" /> <mkdir dir="${test.target.dir}" /> @@ -673,7 +673,8 @@ </target> <target name="test"> - <junit fork="yes" dir="${basedir}" failureProperty="test.failed"> + <mkdir dir="${basedir}/${build.dir}/${target.prefix}" /> + <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed"> <classpath> <path refid="project.classpath" /> <fileset dir="${artifacts.jars.dir}"> @@ -681,7 +682,7 @@ <exclude name="**/bcprov-jdk*.jar" /> </fileset> </classpath> - <sysproperty key="bc.test.data.home" value="core/src/test/data" /> + <sysproperty key="bc.test.data.home" value="../../core/src/test/data" /> <formatter type="xml" /> <test name="${testcase}" todir="${artifacts.reports.xml.dir}" if="testcase" /> @@ -703,7 +704,7 @@ </target> <target name="test-lw"> - <junit fork="yes" dir="${basedir}" failureProperty="test.failed"> + <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed"> <classpath> <fileset dir="${artifacts.jars.dir}"> <include name="**/*.jar" /> diff --git a/ant/jdk14.xml b/ant/jdk14.xml index 0bdeb592..14282195 100644 --- a/ant/jdk14.xml +++ b/ant/jdk14.xml @@ -113,6 +113,12 @@ <fileset dir="prov/src/test/jdk1.4" includes="**/*.java" /> <fileset dir="pg/src/test/jdk1.4" includes="**/*.java" /> </copy> + <copy todir="${src.dir}" overwrite="true"> + <fileset dir="core/src/main/javadoc" /> + <fileset dir="prov/src/main/javadoc" /> + <fileset dir="pkix/src/main/javadoc" /> + <fileset dir="pg/src/main/javadoc" /> + </copy> <available classname="com.puppycrawl.tools.checkstyle.CheckStyleTask" property="checkstyle.on" /> </target> diff --git a/docs/releasenotes.html b/docs/releasenotes.html index 5384f9f6..a1d0ffa9 100644 --- a/docs/releasenotes.html +++ b/docs/releasenotes.html @@ -35,6 +35,8 @@ Release 1.51 <li>Calls to CommandMap.setDefaultCommandMap() in the SMIME API are now wrapped in doPrivileged() blocks to allow them to work with a security manager.</li> <li>The encoding of the certificate_authorities field of a TLS CertificateRequest has been fixed.</li> <li>EC point formats are now strictly enforced in the TLS API.</li> +<li>The provider implementation was failing to throw an exception if algorithm parameters were passed in when none were required for EC key agreement. This has been fixed.</li> +<li>PKCS#12 files containing keys/certificates with empty attribute sets attached to them no longer cause an ArrayIndexOutOfBoundsException to be thrown.</li> </ul> <h3>2.1.3 Additional Features and Functionality</h3> <ul> @@ -43,13 +45,30 @@ Release 1.51 <li>Support has been add for RFC5649 key wrapping using AES.</li> <li>The PGP API now allows access and handling of User IDs as raw byte arrays, to deal with keyrings not using UTF-8.</li> <li>The PGP API now provides automatic conversion of embedded signatures in signature sub-packet vectors.</li> +<li>The PGP API now fully supports ECDH as outlined in RFC 6637.</li> <li>GCM and GMAC now support tag lengths down to 32 bits.</li> <li>Custom implementations for many of the SEC Fp curves have been added, resulting in drastically improved performance. The current list includes all secp***k1 and secp***r1 curves from 192 to 521 bits. They can be accessed via the org.bouncycastle.crypto.ec.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.</li> <li>Automatic EC point validation added, both for decoded inputs and multiplier outputs.</li> +<li>A SkippingCipher interface has been added for ciphers that can be moved into a specific state for a given byte address. The lightweight class StreamBlockCipher has been generalised to support any BlockCipher object that can support a streaming mode.</li> +<li>ASN.1 date/time objects now support the passing in of a Locale to allow for constructing the object using a Date interpreted from a different locale to the default for the JVM.</li> +<li>The range of Diffie-Hellman OIDs recognised by the provider has been extended.</li> +<li>Some utility methods for interpreting OIDs have been exposed in the JcaJceUtils class.</li> +<li>A method has been added to CMSSignedData for replacing the OCSP responses associated with a signed message.</li> +<li>Use of RC2/RC4 in the CMS is now provider independent.</li> +<li>TlsInputStream now provides a means of supporting InputStream.available().</li> +<li>Dependencies on the JCA have been removed from PGPObjectFactory.</li> +<li>Further work has been done on improving key quality with EC and DSA algorithms.</li> +<li>KDFCounterBytesGenerator now supports suffix and prefix fixed input data, as outlined in NIST SP 800-108.</li> +<li>Support has been added to allow retrieval and resetting the internal state of the SHA/SHA-2 digests in the lightweight API using an encoded format.</li> +<li>BSI plain ECDSA is now supported by the provider.</li> +<li>The provider now advertises RSA PSS signature implementations directly using the standard naming.</li> +<li>Compatibility issues with some OSGI containers have been addressed.</li> </ul> <h3>2.1.4 Notes</h3> <ul> <li>Support for NTRUSigner has been deprecated as the algorithm has been withdrawn.</li> +<li>Some changes have affected the return values of some methods. If you are migrating from an earlier release, it is recommended to recompile before using this release.</li> +<li>There has been further clean out of deprecated methods in this release. If your code has previously been flagged as using a deprecated method you may need to change it. The OpenPGP API is the most heavily affected.</li> </ul> <h3>2.2.1 Version</h3> Release 1.50 diff --git a/docs/specifications.html b/docs/specifications.html index 89582ab0..d810c533 100644 --- a/docs/specifications.html +++ b/docs/specifications.html @@ -213,6 +213,7 @@ used with the above modes. <tr><td><b>RijndaelEngine</b></td><td>0 .. 256 </td><td>128 bit, 160 bit, 192 bit, 224 bit, 256 bit</td><td> </td></tr> <tr><td><b>SEEDEngine</b></td><td>128</td><td>128 bit</td><td> </td></tr> <tr><td><b>SEEDWrapEngine</b></td><td>128</td><td>128 bit</td><td> </td></tr> +<tr><td><b>Shacal2Engine</b></td><td>512</td><td>256 bit</td><td> </td></tr> <tr><td><b>SerpentEngine</b></td><td>128, 192, 256 </td><td>128 bit</td><td> </td></tr> <tr><td><b>SkipjackEngine</b></td><td>0 .. 128 </td><td>64 bit</td><td> </td></tr> <tr><td><b>TEAEngine</b></td><td>128</td><td>64 bit</td><td> </td></tr> diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java index 70fe3860..438164b5 100644 --- a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java +++ b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/RSA.java @@ -80,6 +80,10 @@ public class RSA provider.addAlgorithm("Signature." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); provider.addAlgorithm("Signature.OID." + PKCSObjectIdentifiers.id_RSASSA_PSS, PREFIX + "PSSSignatureSpi$PSSwithRSA"); + provider.addAlgorithm("Signature.SHA224WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA224withRSA"); + provider.addAlgorithm("Signature.SHA256WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA256withRSA"); + provider.addAlgorithm("Signature.SHA384WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA384withRSA"); + provider.addAlgorithm("Signature.SHA512WITHRSAANDMGF1", PREFIX + "PSSSignatureSpi$SHA512withRSA"); provider.addAlgorithm("Signature.SHA224withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA224withRSA"); provider.addAlgorithm("Signature.SHA256withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA256withRSA"); provider.addAlgorithm("Signature.SHA384withRSA/PSS", PREFIX + "PSSSignatureSpi$SHA384withRSA"); @@ -101,10 +105,6 @@ public class RSA provider.addAlgorithm("Alg.Alias.Signature.SHA256withRSAandMGF1", "SHA256withRSA/PSS"); provider.addAlgorithm("Alg.Alias.Signature.SHA384withRSAandMGF1", "SHA384withRSA/PSS"); provider.addAlgorithm("Alg.Alias.Signature.SHA512withRSAandMGF1", "SHA512withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA224WITHRSAANDMGF1", "SHA224withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA256WITHRSAANDMGF1", "SHA256withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA384WITHRSAANDMGF1", "SHA384withRSA/PSS"); - provider.addAlgorithm("Alg.Alias.Signature.SHA512WITHRSAANDMGF1", "SHA512withRSA/PSS"); if (provider.hasAlgorithm("MessageDigest", "MD2")) { diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java index 8a478717..87773da8 100644 --- a/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java +++ b/prov/src/test/java/org/bouncycastle/jce/provider/test/ECDSA5Test.java @@ -811,7 +811,18 @@ public class ECDSA5Test throws Exception { testCustomNamedCurveSigning("secp256r1"); - testCustomNamedCurveSigning("secp256k1"); + + try + { + testCustomNamedCurveSigning("secp256k1"); + } + catch (IllegalArgumentException e) + { + if (!e.getMessage().equals("first coefficient is negative")) // bogus jdk 1.5 exception... + { + throw e; + } + } } private void testCustomNamedCurveSigning(String name) |