From c97eb1fb7c739dc4cd2f92bf359c2f85966297aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sat, 22 Feb 2014 13:04:49 +0200 Subject: Javadoc 1.8 error fixes --- .../src/main/java/org/bouncycastle/asn1/DLSet.java | 4 +- .../org/bouncycastle/asn1/eac/CVCertificate.java | 4 - .../org/bouncycastle/asn1/eac/CertificateBody.java | 3 - .../asn1/eac/CertificateHolderAuthorization.java | 1 - .../org/bouncycastle/asn1/eac/ECDSAPublicKey.java | 1 - .../org/bouncycastle/asn1/eac/RSAPublicKey.java | 1 - .../org/bouncycastle/asn1/icao/CscaMasterList.java | 2 +- .../bouncycastle/asn1/isismtt/ocsp/CertHash.java | 5 +- .../asn1/isismtt/ocsp/RequestedCertificate.java | 8 +- .../isismtt/x509/AdditionalInformationSyntax.java | 3 +- .../asn1/isismtt/x509/AdmissionSyntax.java | 30 ++++---- .../bouncycastle/asn1/isismtt/x509/Admissions.java | 8 +- .../asn1/isismtt/x509/DeclarationOfMajority.java | 7 +- .../asn1/isismtt/x509/MonetaryLimit.java | 13 ++-- .../asn1/isismtt/x509/NamingAuthority.java | 9 +-- .../asn1/isismtt/x509/ProcurationSyntax.java | 11 +-- .../asn1/isismtt/x509/ProfessionInfo.java | 5 +- .../asn1/isismtt/x509/Restriction.java | 6 +- .../asn1/misc/MiscObjectIdentifiers.java | 2 +- .../java/org/bouncycastle/asn1/pkcs/CRLBag.java | 26 +++---- .../asn1/pkcs/CertificationRequestInfo.java | 4 +- .../org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java | 2 +- .../bouncycastle/asn1/x509/CertificatePair.java | 3 +- .../asn1/x509/X509NameEntryConverter.java | 3 +- .../asn1/x509/sigi/NameOrPseudonym.java | 6 +- .../bouncycastle/asn1/x509/sigi/PersonalData.java | 5 +- .../org/bouncycastle/asn1/x9/X962Parameters.java | 2 +- .../crypto/agreement/jpake/JPAKEParticipant.java | 87 ++++++++-------------- .../agreement/jpake/JPAKEPrimeOrderGroup.java | 21 ++---- .../agreement/jpake/JPAKEPrimeOrderGroups.java | 6 +- .../crypto/agreement/jpake/JPAKERound1Payload.java | 7 +- .../crypto/agreement/jpake/JPAKERound2Payload.java | 7 +- .../crypto/agreement/jpake/JPAKERound3Payload.java | 7 +- .../crypto/agreement/jpake/JPAKEUtil.java | 27 ++----- .../bouncycastle/crypto/digests/SHA3Digest.java | 2 +- .../org/bouncycastle/crypto/digests/SM3Digest.java | 2 +- .../bouncycastle/crypto/digests/SkeinDigest.java | 5 +- .../bouncycastle/crypto/digests/SkeinEngine.java | 10 +-- .../bouncycastle/crypto/engines/ChaChaEngine.java | 2 - .../bouncycastle/crypto/engines/Salsa20Engine.java | 2 - .../bouncycastle/crypto/engines/SerpentEngine.java | 2 +- .../crypto/engines/ThreefishEngine.java | 6 +- .../bouncycastle/crypto/examples/DESExample.java | 2 + .../crypto/generators/DSAParametersGenerator.java | 2 +- .../crypto/generators/HKDFBytesGenerator.java | 2 +- .../crypto/generators/Poly1305KeyGenerator.java | 2 +- .../bouncycastle/crypto/io/CipherInputStream.java | 8 +- .../bouncycastle/crypto/io/CipherOutputStream.java | 11 ++- .../java/org/bouncycastle/crypto/macs/CMac.java | 4 +- .../java/org/bouncycastle/crypto/macs/GMac.java | 4 +- .../org/bouncycastle/crypto/macs/Poly1305.java | 2 +- .../java/org/bouncycastle/crypto/macs/SipHash.java | 2 +- .../org/bouncycastle/crypto/macs/SkeinMac.java | 5 +- .../bouncycastle/crypto/modes/OCBBlockCipher.java | 4 +- .../crypto/params/SkeinParameters.java | 10 +-- .../crypto/prng/drbg/DualECPoints.java | 2 +- .../crypto/signers/ISO9796d2PSSSigner.java | 2 +- .../crypto/tls/AlwaysValidVerifyer.java | 1 - .../crypto/tls/BulkCipherAlgorithm.java | 2 +- .../org/bouncycastle/crypto/tls/Certificate.java | 5 +- .../crypto/tls/CertificateRequest.java | 7 +- .../org/bouncycastle/crypto/tls/CipherType.java | 2 +- .../org/bouncycastle/crypto/tls/ConnectionEnd.java | 2 +- .../bouncycastle/crypto/tls/DigestAlgorithm.java | 2 +- .../crypto/tls/EncryptionAlgorithm.java | 2 +- .../crypto/tls/KeyExchangeAlgorithm.java | 2 +- .../org/bouncycastle/crypto/tls/MACAlgorithm.java | 2 +- .../org/bouncycastle/crypto/tls/NamedCurve.java | 2 +- .../org/bouncycastle/crypto/tls/PRFAlgorithm.java | 2 +- .../java/org/bouncycastle/crypto/tls/SSL3Mac.java | 4 +- .../org/bouncycastle/crypto/tls/TlsClient.java | 6 +- .../org/bouncycastle/crypto/tls/TlsContext.java | 2 +- .../java/org/bouncycastle/crypto/tls/TlsMac.java | 2 +- .../org/bouncycastle/crypto/tls/TlsServer.java | 2 +- .../org/bouncycastle/pqc/asn1/GMSSPublicKey.java | 1 - .../bouncycastle/pqc/asn1/RainbowPrivateKey.java | 3 +- .../bouncycastle/pqc/asn1/RainbowPublicKey.java | 1 - .../pqc/crypto/gmss/GMSSKeyPairGenerator.java | 21 +++--- .../pqc/crypto/gmss/GMSSParameters.java | 1 - .../bouncycastle/pqc/crypto/gmss/GMSSSigner.java | 1 - .../pqc/crypto/gmss/util/WinternitzOTSVerify.java | 1 - .../crypto/gmss/util/WinternitzOTSignature.java | 1 - .../NTRUEncryptionKeyGenerationParameters.java | 4 +- .../ntru/NTRUEncryptionKeyPairGenerator.java | 2 +- .../pqc/crypto/ntru/NTRUEncryptionParameters.java | 4 +- .../ntru/NTRUEncryptionPrivateKeyParameters.java | 2 +- .../bouncycastle/pqc/crypto/ntru/NTRUEngine.java | 2 +- .../ntru/NTRUSigningKeyGenerationParameters.java | 4 +- .../pqc/crypto/ntru/NTRUSigningParameters.java | 4 +- .../org/bouncycastle/pqc/crypto/rainbow/Layer.java | 8 +- .../crypto/rainbow/RainbowKeyPairGenerator.java | 3 +- .../pqc/crypto/rainbow/RainbowSigner.java | 6 +- .../pqc/crypto/rainbow/util/ComputeInField.java | 6 +- .../pqc/crypto/rainbow/util/GF2Field.java | 4 +- .../pqc/math/linearalgebra/GF2Polynomial.java | 18 ++--- .../pqc/math/linearalgebra/GF2mField.java | 9 +-- .../pqc/math/linearalgebra/GF2mMatrix.java | 2 +- .../pqc/math/linearalgebra/GF2mVector.java | 2 +- .../pqc/math/linearalgebra/GF2nONBElement.java | 2 +- .../pqc/math/linearalgebra/IntUtils.java | 3 +- .../pqc/math/linearalgebra/IntegerFunctions.java | 17 ++--- .../pqc/math/linearalgebra/Permutation.java | 2 +- .../math/linearalgebra/PolynomialGF2mSmallM.java | 9 +-- .../pqc/math/linearalgebra/PolynomialRingGF2.java | 6 +- .../pqc/math/linearalgebra/PolynomialRingGF2m.java | 2 +- .../pqc/math/ntru/euclid/BigIntEuclidean.java | 2 +- .../pqc/math/ntru/euclid/IntEuclidean.java | 2 +- .../pqc/math/ntru/polynomial/BigIntPolynomial.java | 6 +- .../math/ntru/polynomial/IntegerPolynomial.java | 24 +++--- .../pqc/math/ntru/polynomial/LongPolynomial2.java | 2 +- .../pqc/math/ntru/polynomial/LongPolynomial5.java | 2 +- .../pqc/math/ntru/polynomial/Polynomial.java | 2 +- .../pqc/math/ntru/util/ArrayEncoder.java | 18 ++--- .../main/java/org/bouncycastle/util/Memoable.java | 4 +- 114 files changed, 286 insertions(+), 403 deletions(-) (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/asn1/DLSet.java b/core/src/main/java/org/bouncycastle/asn1/DLSet.java index 91e83faf..e3042c25 100644 --- a/core/src/main/java/org/bouncycastle/asn1/DLSet.java +++ b/core/src/main/java/org/bouncycastle/asn1/DLSet.java @@ -11,13 +11,13 @@ import java.util.Enumeration; *

8: Basic encoding rules

*

8.11 Encoding of a set value

* 8.11.1 The encoding of a set value shall be constructed - *

+ *

* 8.11.2 The contents octets shall consist of the complete * encoding of a data value from each of the types listed in the * ASN.1 definition of the set type, in an order chosen by the sender, * unless the type was referenced with the keyword * OPTIONAL or the keyword DEFAULT. - *

+ *

* 8.11.3 The encoding of a data value may, but need not, * be present for a type which was referenced with the keyword * OPTIONAL or the keyword DEFAULT. diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java b/core/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java index 845925c7..7bbd7f15 100644 --- a/core/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java +++ b/core/src/main/java/org/bouncycastle/asn1/eac/CVCertificate.java @@ -15,7 +15,6 @@ import org.bouncycastle.asn1.DEROctetString; /** * an iso7816Certificate structure. - *

* 

  *  Certificate ::= SEQUENCE {
  *      CertificateBody         Iso7816CertificateBody,
@@ -85,7 +84,6 @@ public class CVCertificate
      * Create an iso7816Certificate structure from an ASN1InputStream.
      *
      * @param aIS the byte stream to parse.
-     * @return the Iso7816CertificateStructure represented by the byte stream.
      * @throws IOException if there is a problem parsing the data.
      */
     public CVCertificate(ASN1InputStream aIS)
@@ -129,7 +127,6 @@ public class CVCertificate
      *
      * @param body the Iso7816CertificateBody object containing the body.
      * @param signature   the byte array containing the signature
-     * @return the Iso7816CertificateStructure
      * @throws IOException if there is a problem parsing the data.
      */
     public CVCertificate(CertificateBody body, byte[] signature)
@@ -147,7 +144,6 @@ public class CVCertificate
      *
      * @param obj the Object to extract the certificate from.
      * @return the Iso7816CertificateStructure represented by the byte stream.
-     * @throws IOException if there is a problem parsing the data.
      */
     public static CVCertificate getInstance(Object obj)
     {
diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java b/core/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
index 87d6554c..04c4d703 100644
--- a/core/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
+++ b/core/src/main/java/org/bouncycastle/asn1/eac/CertificateBody.java
@@ -13,7 +13,6 @@ import org.bouncycastle.asn1.DEROctetString;
 
 /**
  * an Iso7816CertificateBody structure.
- * 

  * 
  *  CertificateBody ::= SEQUENCE {
  *      // version of the certificate format. Must be 0 (version 1)
@@ -128,7 +127,6 @@ public class CertificateBody
      * @param certificateHolderAuthorization
      * @param certificateEffectiveDate
      * @param certificateExpirationDate
-     * @throws IOException
      */
     public CertificateBody(
         DERApplicationSpecific certificateProfileIdentifier,
@@ -276,7 +274,6 @@ public class CertificateBody
      * create a "request" or "profile" type Iso7816CertificateBody according to the variables sets.
      *
      * @return return the ASN1Primitive representing the "request" or "profile" type certificate body.
-     * @throws IOException if the DERApplicationSpecific cannot be created or if data are missings to create a valid certificate.
      */
     public ASN1Primitive toASN1Primitive()
     {
diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java b/core/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
index 93ae57f2..ba8486aa 100644
--- a/core/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
+++ b/core/src/main/java/org/bouncycastle/asn1/eac/CertificateHolderAuthorization.java
@@ -13,7 +13,6 @@ import org.bouncycastle.util.Integers;
 
 /**
  * an Iso7816CertificateHolderAuthorization structure.
- * 

  * 
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      // specifies the format and the rules for the evaluation of the authorization
diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java b/core/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
index 3dd22fc3..077807f2 100644
--- a/core/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
+++ b/core/src/main/java/org/bouncycastle/asn1/eac/ECDSAPublicKey.java
@@ -15,7 +15,6 @@ import org.bouncycastle.asn1.DERTaggedObject;
 
 /**
  * an Iso7816ECDSAPublicKeyStructure structure.
- * 

  * 
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      ASN1TaggedObject primeModulusP;        // OPTIONAL
diff --git a/core/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java b/core/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
index 7c851699..3e1727e4 100644
--- a/core/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
+++ b/core/src/main/java/org/bouncycastle/asn1/eac/RSAPublicKey.java
@@ -12,7 +12,6 @@ import org.bouncycastle.asn1.DERSequence;
 
 /**
  * an Iso7816RSAPublicKeyStructure structure.
- * 

  * 
  *  Certificate Holder Authorization ::= SEQUENCE {
  *      // modulus should be at least 1024bit and a multiple of 512.
diff --git a/core/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java b/core/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
index 2cae261f..ff629f2f 100644
--- a/core/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
+++ b/core/src/main/java/org/bouncycastle/asn1/icao/CscaMasterList.java
@@ -13,7 +13,7 @@ import org.bouncycastle.asn1.x509.Certificate;
 /**
  * The CscaMasterList object. This object can be wrapped in a
  * CMSSignedData to be published in LDAP.
- * 

+ *
  * 
  * CscaMasterList ::= SEQUENCE {
  *   version                CscaMasterListVersion,
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
index 932d3008..1791b508 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/CertHash.java
@@ -19,8 +19,6 @@ import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
  * the expiry of the corresponding certificate. Hence, clients MUST support this
  * extension. If a positive statement of availability is to be delivered, this
  * extension syntax and OID MUST be used.
- * 

- * 

  * 
  *     CertHash ::= SEQUENCE {
  *       hashAlgorithm AlgorithmIdentifier,
@@ -102,9 +100,8 @@ public class CertHash
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *     CertHash ::= SEQUENCE {
      *       hashAlgorithm AlgorithmIdentifier,
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
index cffcc5ab..5c12016e 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/ocsp/RequestedCertificate.java
@@ -16,7 +16,7 @@ import org.bouncycastle.asn1.x509.Certificate;
  * ISIS-MTT-Optional: The certificate requested by the client by inserting the
  * RetrieveIfAllowed extension in the request, will be returned in this
  * extension.
- * 

+ * 

  * ISIS-MTT-SigG: The signature act allows publishing certificates only then,
  * when the certificate owner gives his explicit permission. Accordingly, there
  * may be �nondownloadable� certificates, about which the responder must provide
@@ -36,7 +36,6 @@ import org.bouncycastle.asn1.x509.Certificate;
  * Clients requesting RetrieveIfAllowed MUST be able to handle these cases. If
  * any of the OCTET STRING options is used, it MUST contain the DER encoding of
  * the requested certificate.
- * 

  * 
  *            RequestedCertificate ::= CHOICE {
  *              Certificate Certificate,
@@ -105,7 +104,7 @@ public class RequestedCertificate
 
     /**
      * Constructor from a given details.
-     * 

+     * 

      * Only one parameter can be given. All other must be null.
      *
      * @param certificate          Given as Certificate
@@ -155,9 +154,8 @@ public class RequestedCertificate
     
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *            RequestedCertificate ::= CHOICE {
      *              Certificate Certificate,
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
index ff9ed124..55c7d43f 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdditionalInformationSyntax.java
@@ -54,9 +54,8 @@ public class AdditionalInformationSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *   AdditionalInformationSyntax ::= DirectoryString (SIZE(1..2048))
      * 

diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
index 202373ec..88bb7411 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/AdmissionSyntax.java
@@ -11,28 +11,28 @@ import org.bouncycastle.asn1.x509.GeneralName;
 
 /**
  * Attribute to indicate admissions to certain professions.
- * 

+ *
  * 
  *     AdmissionSyntax ::= SEQUENCE
  *     {
  *       admissionAuthority GeneralName OPTIONAL,
  *       contentsOfAdmissions SEQUENCE OF Admissions
  *     }
- * 

+ *
  *     Admissions ::= SEQUENCE
  *     {
  *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
  *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
  *       professionInfos SEQUENCE OF ProfessionInfo
  *     }
- * 

+ *
  *     NamingAuthority ::= SEQUENCE
  *     {
  *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
  *       namingAuthorityUrl IA5String OPTIONAL,
  *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
  *     }
- * 

+ *
  *     ProfessionInfo ::= SEQUENCE
  *     {
  *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
@@ -42,8 +42,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  *       addProfessionInfo OCTET STRING OPTIONAL
  *     }
  * 

- * 

- * 

+ * 

  * ISIS-MTT PROFILE: The relatively complex structure of AdmissionSyntax
  * supports the following concepts and requirements:
  * 
    
@@ -68,7 +67,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * component namingAuthorityId are grouped under the OID-branch
  * id-isis-at-namingAuthorities and must be applied for.
  * 
  • See
- * http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0 for
+ * http://www.teletrust.de/anwend.asp?Id=30200&Sprache=E_&HomePG=0 for
  * an application form and http://www.teletrust.de/links.asp?id=30220,11
  * for an overview of registered naming authorities.
  * 
  •  By means of the data type ProfessionInfo certain professions,
@@ -80,7 +79,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * addProfessionInfo may contain additional applicationspecific information in
  * DER-encoded form.
  * 

- * 

+ * 

  * By means of different namingAuthority-OIDs or profession OIDs hierarchies of
  * professions, specializations, disciplines, fields of activity, etc. can be
  * expressed. The issuing admission authority should always be indicated (field
@@ -89,9 +88,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * naming authority by the exclusive use of the component professionItems. In
  * this case the certification authority is responsible for the verification of
  * the admission information.
- * 

- * 

- * 

+ * 

  * This attribute is single-valued. Still, several admissions can be captured in
  * the sequence structure of the component contentsOfAdmissions of
  * AdmissionSyntax or in the component professionInfos of Admissions. The
@@ -102,7 +99,7 @@ import org.bouncycastle.asn1.x509.GeneralName;
  * value for the component namingAuthority of ProfessionInfo. Within the latter
  * component the default value can be overwritten, in case that another naming
  * authority needs to be recorded.
- * 

+ * 

  * The length of the string objects is limited to 128 characters. It is
  * recommended to indicate a namingAuthorityURL in all issued attribute
  * certificates. If a namingAuthorityURL is indicated, the field professionItems
@@ -209,30 +206,29 @@ public class AdmissionSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *     AdmissionSyntax ::= SEQUENCE
      *     {
      *       admissionAuthority GeneralName OPTIONAL,
      *       contentsOfAdmissions SEQUENCE OF Admissions
      *     }
-     * 

+     *
      *     Admissions ::= SEQUENCE
      *     {
      *       admissionAuthority [0] EXPLICIT GeneralName OPTIONAL
      *       namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
      *       professionInfos SEQUENCE OF ProfessionInfo
      *     }
-     * 

+     *
      *     NamingAuthority ::= SEQUENCE
      *     {
      *       namingAuthorityId OBJECT IDENTIFIER OPTIONAL,
      *       namingAuthorityUrl IA5String OPTIONAL,
      *       namingAuthorityText DirectoryString(SIZE(1..128)) OPTIONAL
      *     }
-     * 

+     *
      *     ProfessionInfo ::= SEQUENCE
      *     {
      *       namingAuthority [0] EXPLICIT NamingAuthority OPTIONAL,
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
index 3a5ef242..48a3e470 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Admissions.java
@@ -14,7 +14,6 @@ import org.bouncycastle.asn1.x509.GeneralName;
 
 /**
  * An Admissions structure.
- * 

  * 
  *            Admissions ::= SEQUENCE
  *            {
@@ -22,7 +21,6 @@ import org.bouncycastle.asn1.x509.GeneralName;
  *              namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
  *              professionInfos SEQUENCE OF ProfessionInfo
  *            }
- * 

  * 

  *
  * @see org.bouncycastle.asn1.isismtt.x509.AdmissionSyntax
@@ -117,7 +115,7 @@ public class Admissions
 
     /**
      * Constructor from a given details.
-     * 

+     * 

      * Parameter professionInfos is mandatory.
      *
      * @param admissionAuthority The admission authority.
@@ -155,9 +153,8 @@ public class Admissions
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *       Admissions ::= SEQUENCE
      *       {
@@ -165,7 +162,6 @@ public class Admissions
      *         namingAuthority [1] EXPLICIT NamingAuthority OPTIONAL
      *         professionInfos SEQUENCE OF ProfessionInfo
      *       }
-     * 

      * 

      *
      * @return an ASN1Primitive
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
index 20887cee..987c5907 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/DeclarationOfMajority.java
@@ -15,7 +15,7 @@ import org.bouncycastle.asn1.DERTaggedObject;
 
 /**
  * A declaration of majority.
- * 

+ *
  * 
  *           DeclarationOfMajoritySyntax ::= CHOICE
  *           {
@@ -28,7 +28,7 @@ import org.bouncycastle.asn1.DERTaggedObject;
  *             dateOfBirth [2] IMPLICIT GeneralizedTime
  *           }
  * 

- * 

+ * 

  * fullAgeAtCountry indicates the majority of the owner with respect to the laws
  * of a specific country.
  */
@@ -101,9 +101,8 @@ public class DeclarationOfMajority
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *           DeclarationOfMajoritySyntax ::= CHOICE
      *           {
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
index 1b101998..7425287e 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/MonetaryLimit.java
@@ -17,11 +17,10 @@ import org.bouncycastle.asn1.DERSequence;
  * since January 1, 2004. For the sake of backward compatibility with
  * certificates already in use, components SHOULD support MonetaryLimit (as well
  * as QcEuLimitValue).
- * 

+ * 

  * Indicates a monetary limit within which the certificate holder is authorized
  * to act. (This value DOES NOT express a limit on the liability of the
  * certification authority).
- * 

  * 
  *    MonetaryLimitSyntax ::= SEQUENCE
  *    {
@@ -30,9 +29,9 @@ import org.bouncycastle.asn1.DERSequence;
  *      exponent INTEGER
  *    }
  * 

- * 

+ * 

  * currency must be the ISO code.
- * 

+ * 

  * value = amount�10*exponent
  */
 public class MonetaryLimit
@@ -72,8 +71,7 @@ public class MonetaryLimit
 
     /**
      * Constructor from a given details.
-     * 

-     * 

+     * 

      * value = amount�10^exponent
      *
      * @param currency The currency. Must be the ISO code.
@@ -104,9 +102,8 @@ public class MonetaryLimit
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *    MonetaryLimitSyntax ::= SEQUENCE
      *    {
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
index 237f5e55..157e2cc7 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
@@ -173,9 +173,9 @@ public class NamingAuthority
         return namingAuthorityUrl;
     }
 
-        /**
+    /**
      * Constructor from given details.
-     * 

+     * 

      * All parameters can be combined.
      *
      * @param namingAuthorityId   ObjectIdentifier for naming authority.
@@ -193,7 +193,7 @@ public class NamingAuthority
 
     /**
      * Constructor from given details.
-     * 

+     * 

      * All parameters can be combined.
      *
      * @param namingAuthorityId   ObjectIdentifier for naming authority.
@@ -210,9 +210,8 @@ public class NamingAuthority
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *             NamingAuthority ::= SEQUENCE
      *             {
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
index 0a64f8e9..b6ab3451 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProcurationSyntax.java
@@ -132,8 +132,7 @@ public class ProcurationSyntax
 
     /**
      * Constructor from a given details.
-     * 

-     * 

+     * 

      * Either generalName or certRef MUST be
      * null.
      *
@@ -154,8 +153,7 @@ public class ProcurationSyntax
 
     /**
      * Constructor from a given details.
-     * 

-     * 

+     * 

      * Either generalName or certRef MUST be
      * null.
      *
@@ -196,16 +194,15 @@ public class ProcurationSyntax
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *               ProcurationSyntax ::= SEQUENCE {
      *                 country [1] EXPLICIT PrintableString(SIZE(2)) OPTIONAL,
      *                 typeOfSubstitution [2] EXPLICIT DirectoryString (SIZE(1..128)) OPTIONAL,
      *                 signingFor [3] EXPLICIT SigningFor
      *               }
-     * 

+     *
      *               SigningFor ::= CHOICE
      *               {
      *                 thirdPerson GeneralName,
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
index 081d9af9..67737f69 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/ProfessionInfo.java
@@ -274,7 +274,7 @@ public class ProfessionInfo
 
     /**
      * Constructor from given details.
-     * 

+     * 

      * professionItems is mandatory, all other parameters are
      * optional.
      *
@@ -311,9 +311,8 @@ public class ProfessionInfo
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *               ProfessionInfo ::= SEQUENCE
      *               {
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
index c2a2a413..3d06e77b 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/Restriction.java
@@ -6,7 +6,7 @@ import org.bouncycastle.asn1.x500.DirectoryString;
 
 /**
  * Some other restriction regarding the usage of this certificate.
- * 

+ *
  * 
  *  RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
  * 

@@ -64,12 +64,10 @@ public class Restriction
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *      RestrictionSyntax ::= DirectoryString (SIZE(1..1024))
-     * 

      * 

      *
      * @return a DERObject
diff --git a/core/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java b/core/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
index 6aff988d..dfc31214 100644
--- a/core/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
+++ b/core/src/main/java/org/bouncycastle/asn1/misc/MiscObjectIdentifiers.java
@@ -36,7 +36,7 @@ public interface MiscObjectIdentifiers
 
     /** Verisign CZAG (Country,Zip,Age,Gender) Extension OID: 2.16.840.1.113733.1.6.3 */
     static final ASN1ObjectIdentifier    verisignCzagExtension   = verisign.branch("6.3");
-    /** Verisign D&B D-U-N-S number Extension OID: 2.16.840.1.113733.1.6.15 */
+    /** Verisign D&B D-U-N-S number Extension OID: 2.16.840.1.113733.1.6.15 */
     static final ASN1ObjectIdentifier    verisignDnbDunsNumber   = verisign.branch("6.15");
 
     //
diff --git a/core/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java b/core/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
index b91c1a59..06208731 100644
--- a/core/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
+++ b/core/src/main/java/org/bouncycastle/asn1/pkcs/CRLBag.java
@@ -56,19 +56,19 @@ public class CRLBag
 
     /**
      * 
-     CRLBag ::= SEQUENCE {
-     crlId  BAG-TYPE.&id ({CRLTypes}),
-     crlValue  [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
-     }
-
-     x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}
-     -- DER-encoded X.509 CRL stored in OCTET STRING
-
-     CRLTypes BAG-TYPE ::= {
-     x509CRL,
-     ... -- For future extensions
-     }
-       

+     * CRLBag ::= SEQUENCE {
+     * crlId  BAG-TYPE.&id ({CRLTypes}),
+     * crlValue  [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
+     * }
+     *
+     * x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}
+     * -- DER-encoded X.509 CRL stored in OCTET STRING
+	 *
+     * CRLTypes BAG-TYPE ::= {
+     * x509CRL,
+     * ... -- For future extensions
+     * }
+     * 

      */
     public ASN1Primitive toASN1Primitive()
     {
diff --git a/core/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java b/core/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
index c9c14fe4..d2acd303 100644
--- a/core/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
+++ b/core/src/main/java/org/bouncycastle/asn1/pkcs/CertificationRequestInfo.java
@@ -25,8 +25,8 @@ import org.bouncycastle.asn1.x509.X509Name;
  *  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
  *
  *  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
- *    type    ATTRIBUTE.&id({IOSet}),
- *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
+ *    type    ATTRIBUTE.&id({IOSet}),
+ *    values  SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{\@type})
  *  }
  * 

  */
diff --git a/core/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java b/core/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
index dad86502..7f02e709 100644
--- a/core/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
+++ b/core/src/main/java/org/bouncycastle/asn1/pkcs/PrivateKeyInfo.java
@@ -68,7 +68,7 @@ public class PrivateKeyInfo
     }
 
     /**
-     * @deprectaed use PrivateKeyInfo.getInstance()
+     * @deprecated use PrivateKeyInfo.getInstance()
      * @param seq
      */
     public PrivateKeyInfo(
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java b/core/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
index cab44d1b..4a70f2df 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/CertificatePair.java
@@ -123,9 +123,8 @@ public class CertificatePair
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *       CertificatePair ::= SEQUENCE {
      *         forward        [0]    Certificate OPTIONAL,
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java b/core/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
index 5d919e1b..188af430 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/X509NameEntryConverter.java
@@ -23,7 +23,7 @@ import org.bouncycastle.util.Strings;
  *         ASN1ObjectIdentifier  oid,
  *         String               value)
  *     {
- *         if (str.length() != 0 && str.charAt(0) == '#')
+ *         if (str.length() != 0 && str.charAt(0) == '#')
  *         {
  *             return convertHexEncoded(str, 1);
  *         }
@@ -45,6 +45,7 @@ import org.bouncycastle.util.Strings;
  *         }
  *     }
  * }
+ * 

  */
 public abstract class X509NameEntryConverter
 {
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java b/core/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
index 304f1d46..f7162e2a 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/sigi/NameOrPseudonym.java
@@ -60,9 +60,8 @@ public class NameOrPseudonym
 
     /**
      * Constructor from DirectoryString.
-     * 

+     * 

      * The sequence is of type NameOrPseudonym:
-     * 

      * 
      *       NameOrPseudonym ::= CHOICE {
      *            surAndGivenName SEQUENCE {
@@ -159,9 +158,8 @@ public class NameOrPseudonym
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *       NameOrPseudonym ::= CHOICE {
      *            surAndGivenName SEQUENCE {
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java b/core/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
index 0b732480..f8c23b3a 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/sigi/PersonalData.java
@@ -18,7 +18,7 @@ import org.bouncycastle.asn1.x500.DirectoryString;
 /**
  * Contains personal data for the otherName field in the subjectAltNames
  * extension.
- * 

+ *
  * 
  *     PersonalData ::= SEQUENCE {
  *       nameOrPseudonym NameOrPseudonym,
@@ -169,9 +169,8 @@ public class PersonalData
 
     /**
      * Produce an object suitable for an ASN1OutputStream.
-     * 

+     * 

      * Returns:
-     * 

      * 
      *     PersonalData ::= SEQUENCE {
      *       nameOrPseudonym NameOrPseudonym,
diff --git a/core/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java b/core/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
index 1c395d20..a4348dec 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x9/X962Parameters.java
@@ -74,7 +74,7 @@ public class X962Parameters
      * 
      * Parameters ::= CHOICE {
      *    ecParameters ECParameters,
-     *    namedCurve   CURVES.&id({CurveNames}),
+     *    namedCurve   CURVES.&id({CurveNames}),
      *    implicitlyCA NULL
      * }
      * 

diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
index 94efd92d..605b88ed 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEParticipant.java
@@ -10,19 +10,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A participant in a Password Authenticated Key Exchange by Juggling (J-PAKE) exchange.
- * 

- * 

+ * 

  * The J-PAKE exchange is defined by Feng Hao and Peter Ryan in the paper
  * 
  * "Password Authenticated Key Exchange by Juggling, 2008."
- * 

- * 

+ * 

  * The J-PAKE protocol is symmetric.
  * There is no notion of a client or server, but rather just two participants.
  * An instance of {@link JPAKEParticipant} represents one participant, and
  * is the primary interface for executing the exchange.
- * 

- * 

+ * 

  * To execute an exchange, construct a {@link JPAKEParticipant} on each end,
  * and call the following 7 methods
  * (once and only once, in the given order, for each participant, sending messages between them as described):
@@ -35,36 +32,29 @@ import org.bouncycastle.util.Arrays;
  * 
  • {@link #createRound3PayloadToSend(BigInteger)} - and send the payload to the other participant
    • 
  * 
  • {@link #validateRound3PayloadReceived(JPAKERound3Payload, BigInteger)} - use the payload received from the other participant
    • 
  * 
- * 
    
- * 
    
+ * 
    
  * Each side should derive a session key from the keying material returned by {@link #calculateKeyingMaterial()}.
  * The caller is responsible for deriving the session key using a secure key derivation function (KDF).
- * 
    
- * 
    
+ * 
    
  * Round 3 is an optional key confirmation process.
  * If you do not execute round 3, then there is no assurance that both participants are using the same key.
  * (i.e. if the participants used different passwords, then their session keys will differ.)
- * 
    
- * 
    
+ * 
    
  * If the round 3 validation succeeds, then the keys are guaranteed to be the same on both sides.
- * 
    
- * 
    
+ * 
    
  * The symmetric design can easily support the asymmetric cases when one party initiates the communication.
  * e.g. Sometimes the round1 payload and round2 payload may be sent in one pass.
  * Also, in some cases, the key confirmation payload can be sent together with the round2 payload.
  * These are the trivial techniques to optimize the communication.
- * 
    
- * 
    
+ * 
    
  * The key confirmation process is implemented as specified in
  * NIST SP 800-56A Revision 1,
  * Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
- * 
    
- * 
    
+ * 
    
  * This class is stateful and NOT threadsafe.
  * Each instance should only be used for ONE complete J-PAKE exchange
  * (i.e. a new {@link JPAKEParticipant} should be constructed for each new J-PAKE exchange).
- * 
    
- * 
    
+ * 
    
  * See {@link JPAKEExample} for example usage.
  */
 public class JPAKEParticipant
@@ -155,7 +145,7 @@ public class JPAKEParticipant
      * Convenience constructor for a new {@link JPAKEParticipant} that uses
      * the {@link JPAKEPrimeOrderGroups#NIST_3072} prime order group,
      * a SHA-256 digest, and a default {@link SecureRandom} implementation.
-     * 
    
+     * 
    
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -180,7 +170,7 @@ public class JPAKEParticipant
     /**
      * Convenience constructor for a new {@link JPAKEParticipant} that uses
      * a SHA-256 digest and a default {@link SecureRandom} implementation.
-     * 
    
+     * 
    
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -209,7 +199,7 @@ public class JPAKEParticipant
 
     /**
      * Construct a new {@link JPAKEParticipant}.
-     * 
    
+     * 
    
      * After construction, the {@link #getState() state} will be  {@link #STATE_INITIALIZED}.
      *
      * @param participantId unique identifier of this participant.
@@ -278,8 +268,7 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 1.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_1_CREATED}.
      */
     public JPAKERound1Payload createRound1PayloadToSend()
@@ -304,11 +293,9 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 1.
-     * 
    
-     * 
    
+     * 
    
      * Must be called prior to {@link #createRound2PayloadToSend()}.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_1_VALIDATED}.
      *
      * @throws CryptoException if validation fails.
@@ -338,11 +325,9 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 2.
-     * 
    
-     * 
    
+     * 
    
      * {@link #validateRound1PayloadReceived(JPAKERound1Payload)} must be called prior to this method.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_2_CREATED}.
      *
      * @throws IllegalStateException if called prior to {@link #validateRound1PayloadReceived(JPAKERound1Payload)}, or multiple times
@@ -370,16 +355,13 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 2.
-     * 
    
-     * 
    
+     * 
    
      * Note that this DOES NOT detect a non-common password.
      * The only indication of a non-common password is through derivation
      * of different keys (which can be detected explicitly by executing round 3 and round 4)
-     * 
    
-     * 
    
+     * 
    
      * Must be called prior to {@link #calculateKeyingMaterial()}.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_2_VALIDATED}.
      *
      * @throws CryptoException if validation fails.
@@ -412,8 +394,7 @@ public class JPAKEParticipant
      * Calculates and returns the key material.
      * A session key must be derived from this key material using a secure key derivation function (KDF).
      * The KDF used to derive the key is handled externally (i.e. not by {@link JPAKEParticipant}).
-     * 
    
-     * 
    
+     * 
    
      * The keying material will be identical for each participant if and only if
      * each participant's password is the same.  i.e. If the participants do not
      * share the same password, then each participant will derive a different key.
@@ -422,17 +403,13 @@ public class JPAKEParticipant
      * If you want to handle this detection explicitly, you can optionally perform
      * rounds 3 and 4.  See {@link JPAKEParticipant} for details on how to execute
      * rounds 3 and 4.
-     * 
    
-     * 
    
+     * 
    
      * The keying material will be in the range [0, p-1].
-     * 
    
-     * 
    
+     * 
    
      * {@link #validateRound2PayloadReceived(JPAKERound2Payload)} must be called prior to this method.
-     * 
    
-     * 
    
+     * 
    
      * As a side effect, the internal {@link #password} array is cleared, since it is no longer needed.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_KEY_CALCULATED}.
      *
      * @throws IllegalStateException if called prior to {@link #validateRound2PayloadReceived(JPAKERound2Payload)},
@@ -484,11 +461,9 @@ public class JPAKEParticipant
 
     /**
      * Creates and returns the payload to send to the other participant during round 3.
-     * 
    
-     * 
    
+     * 
    
      * See {@link JPAKEParticipant} for more details on round 3.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be  {@link #STATE_ROUND_3_CREATED}.
      *
      * @param keyingMaterial The keying material as returned from {@link #calculateKeyingMaterial()}.
@@ -522,11 +497,9 @@ public class JPAKEParticipant
 
     /**
      * Validates the payload received from the other participant during round 3.
-     * 
    
-     * 
    
+     * 
    
      * See {@link JPAKEParticipant} for more details on round 3.
-     * 
    
-     * 
    
+     * 
    
      * After execution, the {@link #getState() state} will be {@link #STATE_ROUND_3_VALIDATED}.
      *
      * @param keyingMaterial The keying material as returned from {@link #calculateKeyingMaterial()}.
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
index d5df727d..ad2c6aea 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroup.java
@@ -4,15 +4,12 @@ import java.math.BigInteger;
 
 /**
  * A pre-computed prime order group for use during a J-PAKE exchange.
- * 
    
- * 
    
+ * 
    
  * Typically a Schnorr group is used.  In general, J-PAKE can use any prime order group
  * that is suitable for public key cryptography, including elliptic curve cryptography.
- * 
    
- * 
    
+ * 
    
  * See {@link JPAKEPrimeOrderGroups} for convenient standard groups.
- * 
    
- * 
    
+ * 
    
  * NIST publishes
  * many groups that can be used for the desired level of security.
  */
@@ -24,12 +21,10 @@ public class JPAKEPrimeOrderGroup
 
     /**
      * Constructs a new {@link JPAKEPrimeOrderGroup}.
-     * 
    
-     * 
    
+     * 
    
      * In general, you should use one of the pre-approved groups from
      * {@link JPAKEPrimeOrderGroups}, rather than manually constructing one.
-     * 
    
-     * 
    
+     * 
    
      * The following basic checks are performed:
      * 
      
      * 
    • p-1 must be evenly divisible by q
      • 
@@ -38,12 +33,10 @@ public class JPAKEPrimeOrderGroup
      * 
    • p must be prime (within reasonably certainty)
      • 
      * 
    • q must be prime (within reasonably certainty)
      • 
      * 
    
-     * 
    
-     * 
    
+     * 
    
      * The prime checks are performed using {@link BigInteger#isProbablePrime(int)},
      * and are therefore subject to the same probability guarantees.
-     * 
    
-     * 
    
+     * 
    
      * These checks prevent trivial mistakes.
      * However, due to the small uncertainties if p and q are not prime,
      * advanced attacks are not prevented.
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
index 812d776e..2fb18613 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEPrimeOrderGroups.java
@@ -5,12 +5,10 @@ import java.math.BigInteger;
 /**
  * Standard pre-computed prime order groups for use by J-PAKE.
  * (J-PAKE can use pre-computed prime order groups, same as DSA and Diffie-Hellman.)
- * 
    
- * 
    
+ * 
    
  * This class contains some convenient constants for use as input for
  * constructing {@link JPAKEParticipant}s.
- * 
    
- * 
    
+ * 
    
  * The prime order groups below are taken from Sun's JDK JavaDoc (docs/guide/security/CryptoSpec.html#AppB),
  * and from the prime order groups
  * published by NIST.
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
index b319f9c4..086196dd 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound1Payload.java
@@ -6,19 +6,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * The payload sent/received during the first round of a J-PAKE exchange.
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound1PayloadToSend()}.
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound1PayloadReceived(JPAKERound1Payload)}.
- * 
    
  */
 public class JPAKERound1Payload
 {
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
index 8800cf5f..e047443e 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound2Payload.java
@@ -6,19 +6,16 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * The payload sent/received during the second round of a J-PAKE exchange.
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound2PayloadToSend()}
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound2PayloadReceived(JPAKERound2Payload)}
- * 
    
  */
 public class JPAKERound2Payload
 {
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
index c1255df6..0fe1cba9 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKERound3Payload.java
@@ -5,19 +5,16 @@ import java.math.BigInteger;
 /**
  * The payload sent/received during the optional third round of a J-PAKE exchange,
  * which is for explicit key confirmation.
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} creates and sends an instance
  * of this payload to the other {@link JPAKEParticipant}.
  * The payload to send should be created via
  * {@link JPAKEParticipant#createRound3PayloadToSend(BigInteger)}
- * 
    
- * 
    
+ * 
    
  * Each {@link JPAKEParticipant} must also validate the payload
  * received from the other {@link JPAKEParticipant}.
  * The received payload should be validated via
  * {@link JPAKEParticipant#validateRound3PayloadReceived(JPAKERound3Payload, BigInteger)}
- * 
    
  */
 public class JPAKERound3Payload
 {
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
index 416152e9..0a6c5fe4 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/jpake/JPAKEUtil.java
@@ -14,13 +14,11 @@ import org.bouncycastle.util.Strings;
 
 /**
  * Primitives needed for a J-PAKE exchange.
- * 
    
- * 
    
+ * 
    
  * The recommended way to perform a J-PAKE exchange is by using
  * two {@link JPAKEParticipant}s.  Internally, those participants
  * call these primitive operations in {@link JPAKEUtil}.
- * 
    
- * 
    
+ * 
    
  * The primitives, however, can be used without a {@link JPAKEParticipant}
  * if needed.
  */
@@ -31,8 +29,7 @@ public class JPAKEUtil
 
     /**
      * Return a value that can be used as x1 or x3 during round 1.
-     * 
    
-     * 
    
+     * 
    
      * The returned value is a random value in the range [0, q-1].
      */
     public static BigInteger generateX1(
@@ -46,8 +43,7 @@ public class JPAKEUtil
 
     /**
      * Return a value that can be used as x2 or x4 during round 1.
-     * 
    
-     * 
    
+     * 
    
      * The returned value is a random value in the range [1, q-1].
      */
     public static BigInteger generateX2(
@@ -188,10 +184,9 @@ public class JPAKEUtil
 
     /**
      * Validates that ga is not 1.
-     * 
    
-     * 
    
+     * 
    
      * As described by Feng Hao...
-     * 
    
+     * 
    
      * 
    
      * Alice could simply check ga != 1 to ensure it is a generator.
      * In fact, as we will explain in Section 3, (x1 + x3 + x4 ) is random over Zq even in the face of active attacks.
@@ -250,8 +245,6 @@ public class JPAKEUtil
      * Calculates the keying material, which can be done after round 2 has completed.
      * A session key must be derived from this key material using a secure key derivation function (KDF).
      * The KDF used to derive the key is handled externally (i.e. not by {@link JPAKEParticipant}).
-     * 
    
-     * 
    
      * 
          * KeyingMaterial = (B/g^{x2*x4*s})^x2
      * 
    
@@ -326,8 +319,6 @@ public class JPAKEUtil
      * Calculates the MacTag (to be used for key confirmation), as defined by
      * NIST SP 800-56A Revision 1,
      * Section 8.2 Unilateral Key Confirmation for Key Agreement Schemes.
-     * 
    
-     * 
    
      * 
          * MacTag = HMAC(MacKey, MacLen, MacData)
      *
@@ -339,10 +330,9 @@ public class JPAKEUtil
      * is always the initiator for key confirmation.
      *
      * HMAC = {@link HMac} used with the given {@link Digest}
-     * H = The given {@link Digest}
+     * H = The given {@link Digest}
      * MacLen = length of MacTag
      * 
    
-     * 
    
      */
     public static BigInteger calculateMacTag(
         String participantId,
@@ -383,8 +373,6 @@ public class JPAKEUtil
 
     /**
      * Calculates the MacKey (i.e. the key to use when calculating the MagTag for key confirmation).
-     * 
    
-     * 
    
      * 
          * MacKey = H(K || "JPAKE_KC")
      * 
    
@@ -407,7 +395,6 @@ public class JPAKEUtil
 
     /**
      * Validates the MacTag received from the partner participant.
-     * 
    
      *
      * @param partnerMacTag the MacTag received from the partner.
      * @throws CryptoException if the participantId strings are equal.
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
index 15eb77ce..e13dc614 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/SHA3Digest.java
@@ -5,7 +5,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * implementation of SHA-3 based on following KeccakNISTInterface.c from http://keccak.noekeon.org/
- * 
    
+ * 
    
  * Following the naming conventions used in the C source code to enable easy review of the implementation.
  */
 public class SHA3Digest
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
index 55e579ed..a02938bc 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/SM3Digest.java
@@ -7,7 +7,7 @@ import org.bouncycastle.util.Memoable;
  * Implementation of Chinese SM3 digest as described at
  * http://tools.ietf.org/html/draft-shen-sm3-hash-00
  * and at .... ( Chinese PDF )
- * 
    
+ * 
    
  * The specification says "process a bit stream",
  * but this is written to process bytes in blocks of 4,
  * meaning this will process 32-bit word groups.
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
index 06eaabd0..ae1dbd62 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinDigest.java
@@ -8,13 +8,12 @@ import org.bouncycastle.util.Memoable;
 /**
  * Implementation of the Skein parameterised hash function in 256, 512 and 1024 bit block sizes,
  * based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * 
    
+ * 
    
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * 
    
+ * 
    
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * 
    
  *
  * @see SkeinEngine
  * @see SkeinParameters
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
index bca524e3..b125dbd6 100644
--- a/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/digests/SkeinEngine.java
@@ -14,18 +14,18 @@ import org.bouncycastle.util.Memoable;
 /**
  * Implementation of the Skein family of parameterised hash functions in 256, 512 and 1024 bit block
  * sizes, based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * 
    
+ * 
    
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * 
    
+ * 
    
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * 
    
+ * 
    
  * This implementation is the basis for {@link SkeinDigest} and {@link SkeinMac}, implementing the
  * parameter based configuration system that allows Skein to be adapted to multiple applications. 
    
  * Initialising the engine with {@link SkeinParameters} allows standard and arbitrary parameters to
  * be applied during the Skein hash function.
- * 
    
+ * 
    
  * Implemented:
  * 
      
  * 
    • 256, 512 and 1024 bit internal states.
      • 
@@ -34,7 +34,7 @@ import org.bouncycastle.util.Memoable;
  * parameters.
  * 
    • Arbitrary output size in 1 byte intervals.
      • 
  * 
    
- * 
    
+ * 
    
  * Not implemented:
  * 
      
  * 
    • Sub-byte length input (bit padding).
      • 
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
index e18fa3c5..ce75a144 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/ChaChaEngine.java
@@ -96,8 +96,6 @@ public class ChaChaEngine extends Salsa20Engine
      * ChacCha function
      *
      * @param   input   input data
-     *
-     * @return  keystream
      */    
     public static void chachaCore(int rounds, int[] input, int[] x)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java b/core/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
index ea4d0276..b23c9ca7 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/Salsa20Engine.java
@@ -268,8 +268,6 @@ public class Salsa20Engine
      * Salsa20 function
      *
      * @param   input   input data
-     *
-     * @return  keystream
      */    
     public static void salsaCore(int rounds, int[] input, int[] x)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
index 9da23013..8db5a6f7 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/SerpentEngine.java
@@ -12,7 +12,7 @@ import org.bouncycastle.crypto.params.KeyParameter;
  * secure as three-key triple-DES.
  * 
      
  * Serpent was designed by Ross Anderson, Eli Biham and Lars Knudsen as a
- * candidate algorithm for the NIST AES Quest.>
+ * candidate algorithm for the NIST AES Quest.
  * 
      
  * For full details see the The Serpent home page
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
index 74bccfe7..33660224 100644
--- a/core/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
+++ b/core/src/main/java/org/bouncycastle/crypto/engines/ThreefishEngine.java
@@ -9,13 +9,13 @@ import org.bouncycastle.crypto.params.TweakableBlockCipherParameters;
 /**
  * Implementation of the Threefish tweakable large block cipher in 256, 512 and 1024 bit block
  * sizes.
- * 
      
+ * 
      
  * This is the 1.3 version of Threefish defined in the Skein hash function submission to the NIST
  * SHA-3 competition in October 2010.
- * 
      
+ * 
      
  * Threefish was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * 
      
+ * 
      
  * This implementation inlines all round functions, unrolls 8 rounds, and uses 1.2k of static tables
  * to speed up key schedule injection. 
      
  * 2 x block size state is retained by each cipher instance.
diff --git a/core/src/main/java/org/bouncycastle/crypto/examples/DESExample.java b/core/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
index 16989971..90a21def 100644
--- a/core/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
+++ b/core/src/main/java/org/bouncycastle/crypto/examples/DESExample.java
@@ -41,9 +41,11 @@ import org.bouncycastle.util.encoders.Hex;
  * 
    
  * 
    
  * When decrypting;
+ * 
      
  *  
    • the infile is expected to be the 60 character wide base64 
  *    encoded file
  *  
    • the keyfile is expected to be a base64 encoded file
+ * 
    
  * 
    
  * This example shows how to use the light-weight API, DES and
  * the filesystem for message encryption and decryption.
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
index f7a3df23..fe98b7c8 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/DSAParametersGenerator.java
@@ -42,7 +42,7 @@ public class DSAParametersGenerator
     /**
      * initialise the key generator.
      *
-     * @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments)
+     * @param size size of the key (range 2^512 -> 2^1024 - 64 bit increments)
      * @param certainty measure of robustness of prime (for FIPS 186-2 compliance this should be at least 80).
      * @param random random byte source.
      */
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
index 8e93e6b0..75915cf2 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/HKDFBytesGenerator.java
@@ -11,7 +11,7 @@ import org.bouncycastle.crypto.params.KeyParameter;
 /**
  * HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented
  * according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM
- * Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM
+ * Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM
  * (output keying material) and is likely to have better security properties
  * than KDF's based on just a hash function.
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
index 91659730..59eee39e 100644
--- a/core/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/generators/Poly1305KeyGenerator.java
@@ -53,7 +53,7 @@ public class Poly1305KeyGenerator
      * 
  • r[4], r[8], r[12] have bottom two bits clear (i.e., are in {0, 4, 8, . . . , 252})
    • 
      * 
      *
-     * @param a 32 byte key value k[0] ... k[15], r[0] ... r[15]
+     * @param key a 32 byte key value k[0] ... k[15], r[0] ... r[15]
      */
     public static void clamp(byte[] key)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java b/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
index 93b04e99..38ebcb0c 100644
--- a/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
+++ b/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
@@ -13,7 +13,7 @@ import org.bouncycastle.crypto.modes.AEADBlockCipher;
  * A CipherInputStream is composed of an InputStream and a cipher so that read() methods return data
  * that are read in from the underlying InputStream but have been additionally processed by the
  * Cipher. The cipher must be fully initialized before being used by a CipherInputStream.
- * 
    
+ * 
    
  * For example, if the Cipher is initialized for decryption, the
  * CipherInputStream will attempt to read in data and decrypt them,
  * before returning the decrypted data.
@@ -162,7 +162,7 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and returns the next available byte.
-     * 
    
+     * 
    
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      *
      * @throws IOException if there was an error closing the input stream.
@@ -186,7 +186,7 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to b.length bytes in the provided array.
-     * 
    
+     * 
    
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      *
      * @param b the buffer into which the data is read.
@@ -206,7 +206,7 @@ public class CipherInputStream
     /**
      * Reads data from the underlying stream and processes it with the cipher until the cipher
      * outputs data, and then returns up to len bytes in the provided array.
-     * 
    
+     * 
    
      * If the underlying stream is exhausted by this call, the cipher will be finalised.
      *
      * @param b   the buffer into which the data is read.
diff --git a/core/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java b/core/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
index 9beb5b95..4b68adfd 100644
--- a/core/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
+++ b/core/src/main/java/org/bouncycastle/crypto/io/CipherOutputStream.java
@@ -14,7 +14,7 @@ import org.bouncycastle.crypto.modes.AEADBlockCipher;
  * the written data with the cipher, and the output of the cipher is in turn written to the
  * underlying OutputStream. The cipher must be fully initialized before being used by a
  * CipherInputStream.
- * 
    
+ * 
    
  * For example, if the cipher is initialized for encryption, the CipherOutputStream will encrypt the
  * data before writing the encrypted data to the underlying stream.
  */
@@ -86,7 +86,7 @@ public class CipherOutputStream
     /**
      * Writes b.length bytes from the specified byte array
      * to this output stream.
-     * 
    
+     * 
    
      * The write method of
      * CipherOutputStream calls the write
      * method of three arguments with the three arguments
@@ -177,8 +177,7 @@ public class CipherOutputStream
      * Flushes this output stream by forcing any buffered output bytes
      * that have already been processed by the encapsulated cipher object
      * to be written out.
-     * 
    
-     * 
    
+     * 
    
      * Any bytes buffered by the encapsulated cipher
      * and waiting to be processed by it will not be written out. For example,
      * if the encapsulated cipher is a block cipher, and the total number of
@@ -196,12 +195,12 @@ public class CipherOutputStream
     /**
      * Closes this output stream and releases any system resources
      * associated with this stream.
-     * 
    
+     * 
    
      * This method invokes the doFinal method of the encapsulated
      * cipher object, which causes any bytes buffered by the encapsulated
      * cipher to be processed. The result is written out by calling the
      * flush method of this output stream.
-     * 
    
+     * 
    
      * This method resets the encapsulated cipher object to its initial state
      * and calls the close method of the underlying output
      * stream.
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java
index 1aa8ede4..64294e08 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/CMac.java
@@ -58,14 +58,14 @@ public class CMac implements Mac
     /**
      * create a standard MAC based on a block cipher with the size of the
      * MAC been given in bits.
-     * 
    
+     * 
    
      * Note: the size of the MAC must be at least 24 bits (FIPS Publication 81),
      * or 16 bits if being used as a data authenticator (FIPS Publication 113),
      * and in general should be less than the size of the block cipher as it reduces
      * the chance of an exhaustive attack (see Handbook of Applied Cryptography).
      *
      * @param cipher        the cipher to be used as the basis of the MAC generation.
-     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
+     * @param macSizeInBits the size of the MAC in bits, must be a multiple of 8 and <= 128.
      */
     public CMac(BlockCipher cipher, int macSizeInBits)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java
index 8aae1e26..89a0f7e1 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java
@@ -23,7 +23,7 @@ public class GMac implements Mac
 
     /**
      * Creates a GMAC based on the operation of a block cipher in GCM mode.
-     * 
    
+     * 
    
      * This will produce an authentication code the length of the block size of the cipher.
      * 
      * @param cipher
@@ -40,7 +40,7 @@ public class GMac implements Mac
      * Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode.
      * 
      * @param macSizeBits
-     *            the mac size to generate, in bits. Must be a multiple of 8 and >= 96 and <= 128.
+     *            the mac size to generate, in bits. Must be a multiple of 8 and >= 96 and <= 128.
      * @param cipher
      *            the cipher to be used in GCM mode to generate the MAC.
      */
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java b/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
index 366aa762..578765e7 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/Poly1305.java
@@ -75,7 +75,7 @@ public class Poly1305
     /**
      * Initialises the Poly1305 MAC.
      * 
-     * @param if used with a block cipher, then a {@link ParametersWithIV} containing a 128 bit
+     * @param params if used with a block cipher, then a {@link ParametersWithIV} containing a 128 bit
      *        nonce and a {@link KeyParameter} with a 256 bit key complying to the
      *        {@link Poly1305KeyGenerator Poly1305 key format}, otherwise just the
      *        {@link KeyParameter}.
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java b/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
index 527c8040..5a4845ca 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/SipHash.java
@@ -10,7 +10,7 @@ import org.bouncycastle.util.Arrays;
 /**
  * Implementation of SipHash as specified in "SipHash: a fast short-input PRF", by Jean-Philippe
  * Aumasson and Daniel J. Bernstein (https://131002.net/siphash/siphash.pdf).
- * 
    
+ * 
    
  * "SipHash is a family of PRFs SipHash-c-d where the integer parameters c and d are the number of
  * compression rounds and the number of finalization rounds. A compression round is identical to a
  * finalization round and this round function is called SipRound. Given a 128-bit key k and a
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
index 60972470..7115b510 100644
--- a/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/macs/SkeinMac.java
@@ -10,13 +10,12 @@ import org.bouncycastle.crypto.params.SkeinParameters;
 /**
  * Implementation of the Skein parameterised MAC function in 256, 512 and 1024 bit block sizes,
  * based on the {@link ThreefishEngine Threefish} tweakable block cipher.
- * 
    
+ * 
    
  * This is the 1.3 version of Skein defined in the Skein hash function submission to the NIST SHA-3
  * competition in October 2010.
- * 
    
+ * 
    
  * Skein was designed by Niels Ferguson - Stefan Lucks - Bruce Schneier - Doug Whiting - Mihir
  * Bellare - Tadayoshi Kohno - Jon Callas - Jesse Walker.
- * 
    
  *
  * @see SkeinEngine
  * @see SkeinParameters
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
index d0345c4b..c3e8a96c 100644
--- a/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
+++ b/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
@@ -15,13 +15,13 @@ import org.bouncycastle.util.Arrays;
  * An implementation of the "work in progress" Internet-Draft The OCB Authenticated-Encryption
  * Algorithm, licensed per:
- * 
    
+ * 
    
  * 
     License for
  * Open-Source Software Implementations of OCB (Jan 9, 2013) — “License 1” 
    
  * Under this license, you are authorized to make, use, and distribute open-source software
  * implementations of OCB. This license terminates for you if you sue someone over their open-source
  * software implementation of OCB claiming that you have a patent covering their implementation.
- * 
    
+ * 
    
  * This is a non-binding summary of a legal document (the link above). The parameters of the license
  * are specified in the license document and that document is controlling. 
    
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
index 76241eea..4e2edd56 100644
--- a/core/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
+++ b/core/src/main/java/org/bouncycastle/crypto/params/SkeinParameters.java
@@ -17,7 +17,7 @@ import org.bouncycastle.util.Integers;
 
 /**
  * Parameters for the Skein hash function - a series of byte[] strings identified by integer tags.
- * 
    
+ * 
    
  * Parameterised Skein can be used for:
  * 
      
  * 
    • MAC generation, by providing a {@link SkeinParameters.Builder#setKey(byte[]) key}.
      • 
@@ -179,9 +179,9 @@ public class SkeinParameters
          * Sets a parameters to apply to the Skein hash function.
      
          * Parameter types must be in the range 0,5..62, and cannot use the value {@value
          * SkeinParameters#PARAM_TYPE_MESSAGE} (reserved for message body).
-         * 
      
-         * Parameters with type < {@value SkeinParameters#PARAM_TYPE_MESSAGE} are processed before
-         * the message content, parameters with type > {@value SkeinParameters#PARAM_TYPE_MESSAGE}
+         * 
      
+         * Parameters with type < {@value SkeinParameters#PARAM_TYPE_MESSAGE} are processed before
+         * the message content, parameters with type > {@value SkeinParameters#PARAM_TYPE_MESSAGE}
          * are processed after the message and prior to output.
          *
          * @param type  the type of the parameter, in the range 5..62.
@@ -227,7 +227,7 @@ public class SkeinParameters
         /**
          * Implements the recommended personalisation format for Skein defined in Section 4.11 of
          * the Skein 1.3 specification.
-         * 
      
+         * 
      
          * The format is YYYYMMDD email@address distinguisher, encoded to a byte
          * sequence using UTF-8 encoding.
          *
diff --git a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
index c3715bc1..7dcfa94f 100644
--- a/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
+++ b/core/src/main/java/org/bouncycastle/crypto/prng/drbg/DualECPoints.java
@@ -19,7 +19,7 @@ public class DualECPoints
      * 
            *     max_outlen = largest multiple of 8 less than ((field size in bits) - (13 + log2(cofactor))
      * 
      
-     * 
      
+     *
      * @param securityStrength maximum security strength to be associated with these parameters
      * @param p the P point.
      * @param q the Q point.
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
index e3dcc08e..fcd5816a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
+++ b/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
@@ -17,7 +17,7 @@ import org.bouncycastle.util.Integers;
 
 /**
  * ISO9796-2 - mechanism using a hash function with recovery (scheme 2 and 3).
- * 
      
+ * 
      
  * Note: the usual length for the salt is the length of the hash
  * function used in bytes.
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java b/core/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
index bf4cd13b..961408ae 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/AlwaysValidVerifyer.java
@@ -2,7 +2,6 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * A certificate verifyer, that will always return true.
- * 
      
  * 
        * DO NOT USE THIS FILE UNLESS YOU KNOW EXACTLY WHAT YOU ARE DOING.
  * 
      
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
index e90bb7f9..7f013b3a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/BulkCipherAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/Certificate.java b/core/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
index 02cf6931..33a6edd4 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/Certificate.java
@@ -11,12 +11,11 @@ import org.bouncycastle.asn1.ASN1Primitive;
 
 /**
  * Parsing and encoding of a Certificate struct from RFC 4346.
- * 
      
  * 
      - * opaque ASN.1Cert<2^24-1>;
+ * opaque ASN.1Cert<2^24-1>;
  *
  * struct {
- *     ASN.1Cert certificate_list<0..2^24-1>;
+ *     ASN.1Cert certificate_list<0..2^24-1>;
  * } Certificate;
  * 
      
  *
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java b/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
index b76e50a3..1e2e8e37 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/CertificateRequest.java
@@ -12,11 +12,10 @@ import org.bouncycastle.asn1.x500.X500Name;
 
 /**
  * Parsing and encoding of a CertificateRequest struct from RFC 4346.
- * 
      
  * 
        * struct {
- *     ClientCertificateType certificate_types<1..2^8-1>;
- *     DistinguishedName certificate_authorities<3..2^16-1>;
+ *     ClientCertificateType certificate_types<1..2^8-1>;
+ *     DistinguishedName certificate_authorities<3..2^16-1>;
  * } CertificateRequest;
  * 
      
  *
@@ -42,7 +41,7 @@ public class CertificateRequest
 
     /**
      * @return an array of certificate types
-     * @see {@link ClientCertificateType}
+     * @see ClientCertificateType
      */
     public short[] getCertificateTypes()
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/CipherType.java b/core/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
index b2d3e797..c6d845a6 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/CipherType.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java b/core/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
index 9fdd5a89..bcbf607e 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/ConnectionEnd.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
index 41d54009..8bb89a66 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/DigestAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  *
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
index 8338ae56..2da2f76a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/EncryptionAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
index 72a944f8..d862d769 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/KeyExchangeAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
index 856e5ffe..bd13ab89 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/MACAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 2246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java b/core/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
index 83d64552..49fc923a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/NamedCurve.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 4492 5.1.1
- * 
      
+ * 
      
  * The named curves defined here are those specified in SEC 2 [13]. Note that many of these curves
  * are also recommended in ANSI X9.62 [7] and FIPS 186-2 [11]. Values 0xFE00 through 0xFEFF are
  * reserved for private use. Values 0xFF01 and 0xFF02 indicate that the client supports arbitrary
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java b/core/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
index 3da5fdec..33c27c4a 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/PRFAlgorithm.java
@@ -2,7 +2,7 @@ package org.bouncycastle.crypto.tls;
 
 /**
  * RFC 5246
- * 
      
+ * 
      
  * Note that the values here are implementation-specific and arbitrary. It is recommended not to
  * depend on the particular values (e.g. serialization).
  */
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java b/core/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
index 0d2e2f19..7d838590 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/SSL3Mac.java
@@ -8,9 +8,9 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * HMAC implementation based on original internet draft for HMAC (RFC 2104)
- * 
      
+ * 
      
  * The difference is that padding is concatenated versus XORed with the key
- * 
      
+ * 
      
  * H(K + opad, H(K + ipad, text))
  */
 public class SSL3Mac
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
index 7db86cd4..8b29c1f7 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsClient.java
@@ -36,9 +36,9 @@ public interface TlsClient
 
     /**
      * Notifies the client of the session_id sent in the ServerHello.
-     * 
+     *
      * @param sessionID
-     * @see {@link TlsContext#getResumableSession()}
+     * @see TlsContext#getResumableSession()
      */
     void notifySessionID(byte[] sessionID);
 
@@ -66,7 +66,7 @@ public interface TlsClient
 
     /**
      * RFC 5077 3.3. NewSessionTicket Handshake Message
-     * 
      
+     * 
      
      * This method will be called (only) when a NewSessionTicket handshake message is received. The
      * ticket is opaque to the client and clients MUST NOT examine the ticket under the assumption
      * that it complies with e.g. RFC 5077 4. Recommended Ticket Construction.
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
index 04781efc..33de8e36 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsContext.java
@@ -20,7 +20,7 @@ public interface TlsContext
      * 
      * @return A {@link TlsSession} representing the resumable session used by this connection, or
      *         null if no resumable session available.
-     * @see {@link TlsPeer#notifyHandshakeComplete()}
+     * @see TlsPeer#notifyHandshakeComplete()
      */
     TlsSession getResumableSession();
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
index e720d08d..00e0c79f 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsMac.java
@@ -26,7 +26,7 @@ public class TlsMac
      * @param digest  The digest to use.
      * @param key     A byte-array where the key for this MAC is located.
      * @param keyOff  The number of bytes to skip, before the key starts in the buffer.
-     * @param len     The length of the key.
+     * @param keyLen  The length of the key.
      */
     public TlsMac(TlsContext context, Digest digest, byte[] key, int keyOff, int keyLen)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
index 85c0a9a8..d97c16d5 100644
--- a/core/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
+++ b/core/src/main/java/org/bouncycastle/crypto/tls/TlsServer.java
@@ -78,7 +78,7 @@ public interface TlsServer
 
     /**
      * RFC 5077 3.3. NewSessionTicket Handshake Message.
-     * 
      
+     * 
      
      * This method will be called (only) if a NewSessionTicket extension was sent by the server. See
      * RFC 5077 4. Recommended Ticket Construction for recommended format and protection.
      *
diff --git a/core/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java b/core/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
index e4f8f502..fc5c4f2b 100644
--- a/core/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
+++ b/core/src/main/java/org/bouncycastle/pqc/asn1/GMSSPublicKey.java
@@ -13,7 +13,6 @@ import org.bouncycastle.util.Arrays;
 /**
  * This class implements an ASN.1 encoded GMSS public key. The ASN.1 definition
  * of this structure is:
- * 
      
  * 
        *  GMSSPublicKey        ::= SEQUENCE{
  *      version         INTEGER
diff --git a/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java b/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
index 06064646..7c21691d 100644
--- a/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
+++ b/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPrivateKey.java
@@ -14,9 +14,8 @@ import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil;
 
 /**
  * Return the key data to encode in the PrivateKeyInfo structure.
- * 
      
+ * 
      
  * The ASN.1 definition of the key structure is
- * 
      
  * 
        *   RainbowPrivateKey ::= SEQUENCE {
  *         CHOICE
diff --git a/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java b/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
index 2073c555..febe5387 100644
--- a/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
+++ b/core/src/main/java/org/bouncycastle/pqc/asn1/RainbowPublicKey.java
@@ -14,7 +14,6 @@ import org.bouncycastle.pqc.crypto.rainbow.util.RainbowUtil;
 /**
  * This class implements an ASN.1 encoded Rainbow public key. The ASN.1 definition
  * of this structure is:
- * 
      
  * 
        *       RainbowPublicKey ::= SEQUENCE {
  *         CHOICE
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
index f84b7f32..013441ec 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSKeyPairGenerator.java
@@ -98,7 +98,6 @@ public class GMSSKeyPairGenerator
     /**
      * The standard constructor tries to generate the GMSS algorithm identifier
      * with the corresponding OID.
-     * 
      
      *
      * @param digestProvider     provider for digest implementations.
      */
@@ -363,21 +362,21 @@ public class GMSSKeyPairGenerator
      * This method initializes the GMSS KeyPairGenerator using an integer value
      * keySize as input. It provides a simple use of the GMSS for
      * testing demands.
-     * 
      
+     * 
      
      * A given keysize of less than 10 creates an amount 2^10
      * signatures. A keySize between 10 and 20 creates 2^20 signatures. Given an
      * integer greater than 20 the key pair generator creates 2^40 signatures.
      *
      * @param keySize      Assigns the parameters used for the GMSS signatures. There are
-     *                     3 choices:
      
-     *                     1. keysize <= 10: creates 2^10 signatures using the
-     *                     parameterset
      
-     *                     P = (2, (5, 5), (3, 3), (3, 3))
      
-     *                     2. keysize > 10 and <= 20: creates 2^20 signatures using the
-     *                     parameterset
      
-     *                     P = (2, (10, 10), (5, 4), (2, 2))
      
-     *                     3. keysize > 20: creates 2^40 signatures using the
-     *                     parameterset
      
+     *                     3 choices:
      
+     *                     1. keysize <= 10: creates 2^10 signatures using the
+     *                     parameterset
      
+     *                     P = (2, (5, 5), (3, 3), (3, 3))
      
+     *                     2. keysize > 10 and <= 20: creates 2^20 signatures using the
+     *                     parameterset
      
+     *                     P = (2, (10, 10), (5, 4), (2, 2))
      
+     *                     3. keysize > 20: creates 2^40 signatures using the
+     *                     parameterset
      
      *                     P = (2, (10, 10, 10, 10), (9, 9, 9, 3), (2, 2, 2, 2))
      * @param secureRandom not used by GMSS, the SHA1PRNG of the SUN Provider is always
      *                     used
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
index 04332619..aa89f76a 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSParameters.java
@@ -32,7 +32,6 @@ public class GMSSParameters
 
     /**
      * The constructor for the parameters of the GMSSKeyPairGenerator.
-     * 
      
      *
      * @param layers              the number of authentication tree layers
      * @param heightOfTrees       the height of the authentication trees
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
index 7cedf120..8832fb34 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/GMSSSigner.java
@@ -214,7 +214,6 @@ public class GMSSSigner
 
     /**
      * Signs a message.
-     * 
      
      *
      * @return the signature.
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
index 096de757..d012ce7c 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSVerify.java
@@ -20,7 +20,6 @@ public class WinternitzOTSVerify
 
     /**
      * The constructor
-     * 
      
      *
      * @param digest the name of the hash function used by the OTS and the provider
      *               name of the hash function
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
index 51eaf53c..23bf3fab 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/gmss/util/WinternitzOTSignature.java
@@ -50,7 +50,6 @@ public class WinternitzOTSignature
     /**
      * The constructor generates an OTS key pair, using seed0 and
      * the PRNG
-     * 
      
      *
      * @param seed0    the seed for the PRGN
      * @param digest an array of strings, containing the name of the used hash
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
index d5caa352..8d64ae29 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyGenerationParameters.java
@@ -79,7 +79,7 @@ public class NTRUEncryptionKeyGenerationParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
+     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -116,7 +116,7 @@ public class NTRUEncryptionKeyGenerationParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
+     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
index 7a648c8f..f2751caa 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionKeyPairGenerator.java
@@ -10,7 +10,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.ProductFormPolynomial;
 import org.bouncycastle.pqc.math.ntru.util.Util;
 
 /**
- * Generates key pairs.
      
+ * Generates key pairs.
      
  * The parameter p is hardcoded to 3.
  */
 public class NTRUEncryptionKeyPairGenerator
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
index eeb38391..b387bc24 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionParameters.java
@@ -42,7 +42,7 @@ public class NTRUEncryptionParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
+     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -78,7 +78,7 @@ public class NTRUEncryptionParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
+     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
index d1ee858e..bcf9418e 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEncryptionPrivateKeyParameters.java
@@ -14,7 +14,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.SparseTernaryPolynomial;
 /**
  * A NtruEncrypt private key is essentially a polynomial named f
  * which takes different forms depending on whether product-form polynomials are used,
- * and on fastP
      
+ * and on fastP
      
  * The inverse of f modulo p is precomputed on initialization.
  */
 public class NTRUEncryptionPrivateKeyParameters
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
index 1fb6a1de..6c5fe811 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUEngine.java
@@ -17,7 +17,7 @@ import org.bouncycastle.pqc.math.ntru.polynomial.TernaryPolynomial;
 import org.bouncycastle.util.Arrays;
 
 /**
- * Encrypts, decrypts data and generates key pairs.
      
+ * Encrypts, decrypts data and generates key pairs.
      
  * The parameter p is hardcoded to 3.
  */
 public class NTRUEngine
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
index 1398e2b6..90c243eb 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningKeyGenerationParameters.java
@@ -75,7 +75,7 @@ public class NTRUSigningKeyGenerationParameters
     public int polyType;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
+     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -110,7 +110,7 @@ public class NTRUSigningKeyGenerationParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
+     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
index bf70cafb..2f018b0f 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUSigningParameters.java
@@ -29,7 +29,7 @@ public class NTRUSigningParameters
     public Digest hashAlg;
 
     /**
-     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
+     * Constructs a parameter set that uses ternary private keys (i.e. polyType=SIMPLE).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
@@ -52,7 +52,7 @@ public class NTRUSigningParameters
     }
 
     /**
-     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
+     * Constructs a parameter set that uses product-form private keys (i.e. polyType=PRODUCT).
      *
      * @param N            number of polynomial coefficients
      * @param q            modulus
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
index 4c457ec5..ae76922c 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/Layer.java
@@ -10,14 +10,14 @@ import org.bouncycastle.util.Arrays;
 /**
  * This class represents a layer of the Rainbow Oil- and Vinegar Map. Each Layer
  * consists of oi polynomials with their coefficients, generated at random.
- * 
      
+ * 
      
  * To sign a document, we solve a LES (linear equation system) for each layer in
  * order to find the oil variables of that layer and to be able to use the
  * variables to compute the signature. This functionality is implemented in the
  * RainbowSignature-class, by the aid of the private key.
- * 
      
+ * 
      
  * Each layer is a part of the private key.
- * 
      
+ * 
      
  * More information about the layer can be found in the paper of Jintai Ding,
  * Dieter Schmidt: Rainbow, a New Multivariable Polynomial Signature Scheme.
  * ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
@@ -124,7 +124,7 @@ public class Layer
      * This method plugs in the vinegar variables into the polynomials of this
      * layer and computes the coefficients of the Oil-variables as well as the
      * free coefficient in each polynomial.
-     * 
      
+     * 
      
      * It is needed for computing the Oil variables while signing.
      *
      * @param x vinegar variables of this layer that should be plugged into
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
index e7fe0593..8ef15337 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowKeyPairGenerator.java
@@ -12,7 +12,7 @@ import org.bouncycastle.pqc.crypto.rainbow.util.GF2Field;
  * This class implements AsymmetricCipherKeyPairGenerator. It is used
  * as a generator for the private and public key of the Rainbow Signature
  * Scheme.
- * 
      
+ * 
      
  * Detailed information about the key generation is to be found in the paper of
  * Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable Polynomial
  * Signature Scheme. ACNS 2005: 164-175 (http://dx.doi.org/10.1007/11496137_12)
@@ -49,7 +49,6 @@ public class RainbowKeyPairGenerator
     /**
      * The standard constructor tries to generate the Rainbow algorithm identifier
      * with the corresponding OID.
-     * 
      
      */
     public RainbowKeyPairGenerator()
     {
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
index b6014a54..979e759b 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/RainbowSigner.java
@@ -12,7 +12,7 @@ import org.bouncycastle.pqc.crypto.rainbow.util.GF2Field;
  * It implements the sign and verify functions for the Rainbow Signature Scheme.
  * Here the message, which has to be signed, is updated. The use of
  * different hash functions is possible.
- * 
      
+ * 
      
  * Detailed information about the signature and the verify-method is to be found
  * in the paper of Jintai Ding, Dieter Schmidt: Rainbow, a New Multivariable
  * Polynomial Signature Scheme. ACNS 2005: 164-175
@@ -96,10 +96,10 @@ public class RainbowSigner
     /**
      * This function signs the message that has been updated, making use of the
      * private key.
-     * 
      
+     * 
      
      * For computing the signature, L1 and L2 are needed, as well as LES should
      * be solved for each layer in order to find the Oil-variables in the layer.
-     * 
      
+     * 
      
      * The Vinegar-variables of the first layer are random generated.
      *
      * @param message the message
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
index 9a1115da..3517ba30 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/ComputeInField.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.crypto.rainbow.util;
 
 /**
  * This class offers different operations on matrices in field GF2^8.
- * 
      
+ * 
      
  * Implemented are functions:
  * - finding inverse of a matrix
  * - solving linear equation systems using the Gauss-Elimination method
@@ -88,7 +88,7 @@ public class ComputeInField
     /**
      * This function computes the inverse of a given matrix using the Gauss-
      * Elimination method.
-     * 
      
+     * 
      
      * An exception is thrown if the matrix has no inverse
      *
      * @param coef the matrix which inverse matrix is needed
@@ -345,7 +345,7 @@ public class ComputeInField
 
     /**
      * This function multiplies a given matrix with a one-dimensional array.
-     * 
      
+     * 
      
      * An exception is thrown, if the number of columns in the matrix and
      * the number of rows in the one-dim. array differ.
      *
diff --git a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
index 7c286491..8d542799 100644
--- a/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
+++ b/core/src/main/java/org/bouncycastle/pqc/crypto/rainbow/util/GF2Field.java
@@ -3,10 +3,10 @@ package org.bouncycastle.pqc.crypto.rainbow.util;
 /**
  * This class provides the basic operations like addition, multiplication and
  * finding the multiplicative inverse of an element in GF2^8.
- * 
      
+ * 
      
  * The operations are implemented using the irreducible polynomial
  * 1+x^2+x^3+x^6+x^8 ( 1 0100 1101 = 0x14d )
- * 
      
+ * 
      
  * This class makes use of lookup tables(exps and logs) for implementing the
  * operations in order to increase the efficiency of Rainbow.
  */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
index 64e21e7a..3ef1fbbc 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2Polynomial.java
@@ -1339,7 +1339,7 @@ public class GF2Polynomial
 
     /**
      * Checks if this is irreducible, according to IEEE P1363, A.5.5,
-     * p103. 
      
+     * p103.
      
      * Note: The algorithm from IEEE P1363, A5.5 can be used to check a
      * polynomial with coefficients in GF(2^r) for irreducibility. As this class
      * only represents polynomials with coefficients in GF(2), the algorithm is
@@ -1635,7 +1635,7 @@ public class GF2Polynomial
      * Does a vector-multiplication modulo 2 and returns the result as boolean.
      *
      * @param b GF2Polynomial
-     * @return this x b as boolean (1->true, 0->false)
+     * @return this x b as boolean (1->true, 0->false)
      * @throws PolynomialsHaveDifferentLengthException if this and b have a different length and
      * thus cannot be vector-multiplied
      */
@@ -1730,7 +1730,7 @@ public class GF2Polynomial
      * Sets the bit at position i.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
+     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
      */
     public void setBit(int i)
         throws RuntimeException
@@ -1767,7 +1767,7 @@ public class GF2Polynomial
      * Resets the bit at position i.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
+     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
      */
     public void resetBit(int i)
         throws RuntimeException
@@ -1787,7 +1787,7 @@ public class GF2Polynomial
      * Xors the bit at position i.
      *
      * @param i int
-     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
+     * @throws BitDoesNotExistException if (i < 0) || (i > (len - 1))
      */
     public void xorBit(int i)
         throws RuntimeException
@@ -1808,7 +1808,7 @@ public class GF2Polynomial
      *
      * @param i the position of the bit to be tested
      * @return true if the bit at position i is set (a(i) ==
-     *         1). False if (i < 0) || (i > (len - 1))
+     *         1). False if (i < 0) || (i > (len - 1))
      */
     public boolean testBit(int i)
     {
@@ -1822,7 +1822,7 @@ public class GF2Polynomial
     /**
      * Returns this GF2Polynomial shift-left by 1 in a new GF2Polynomial.
      *
-     * @return a new GF2Polynomial (this << 1)
+     * @return a new GF2Polynomial (this << 1)
      */
     public GF2Polynomial shiftLeft()
     {
@@ -1878,7 +1878,7 @@ public class GF2Polynomial
      * GF2Polynomial.
      *
      * @param k int
-     * @return a new GF2Polynomial (this << k)
+     * @return a new GF2Polynomial (this << k)
      */
     public GF2Polynomial shiftLeft(int k)
     {
@@ -1996,7 +1996,7 @@ public class GF2Polynomial
     /**
      * Returns this GF2Polynomial shift-right by 1 in a new GF2Polynomial.
      *
-     * @return a new GF2Polynomial (this << 1)
+     * @return a new GF2Polynomial (this << 1)
      */
     public GF2Polynomial shiftRight()
     {
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
index e74d20b2..37298a1e 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mField.java
@@ -7,9 +7,9 @@ import java.security.SecureRandom;
  * GF(2^m). ( GF(2^m)= GF(2)[A] where A is a root of irreducible polynomial with
  * degree m, each field element B has a polynomial basis representation, i.e. it
  * is represented by a different binary polynomial of degree less than m, B =
- * poly(A) ) All operations are defined only for field with 1< m <32. For the
- * representation of field elements the map f: F->Z, poly(A)->poly(2) is used,
- * where integers have the binary representation. For example: A^7+A^3+A+1 ->
+ * poly(A) ) All operations are defined only for field with 1< m <32. For the
+ * representation of field elements the map f: F->Z, poly(A)->poly(2) is used,
+ * where integers have the binary representation. For example: A^7+A^3+A+1 ->
  * (00...0010001011)=139 Also for elements type Integer is used.
  *
  * @see PolynomialRingGF2
@@ -291,7 +291,7 @@ public class GF2mField
 
     /**
      * checks if given object is equal to this field.
-     * 
      
+     * 
      
      * The method returns false whenever the given object is not GF2m.
      *
      * @param other object
@@ -322,7 +322,6 @@ public class GF2mField
 
     /**
      * Returns a human readable form of this field.
-     * 
      
      *
      * @return a human readable form of this field.
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
index 5c985a18..8dfdb9b1 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mMatrix.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.math.linearalgebra;
 
 /**
  * This class describes some operations with matrices over finite field GF(2m)
- * with small m (1< m <32).
+ * with small m (1< m <32).
  *
  * @see Matrix
  */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
index 1f2f5953..f2527f67 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2mVector.java
@@ -161,7 +161,7 @@ public class GF2mVector
      * @return this + addend
      * @throws ArithmeticException if the other vector is not defined over the same field as
      * this vector.
-     * 
      
+     * 
      
      * TODO: implement this method
      */
     public Vector add(Vector addend)
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
index d8ae6c7a..8b4b473f 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/GF2nONBElement.java
@@ -1048,7 +1048,7 @@ public class GF2nONBElement
     /**
      * Returns a String representation of this element. radix
      * specifies the radix of the String representation.
      
-     * NOTE: ONLY radix = 2 or radix = 16 IS IMPLEMENTED>
+     * NOTE: ONLY radix = 2 or radix = 16 IS IMPLEMENTED
      *
      * @param radix specifies the radix of the String representation
      * @return String representation of this element with the specified radix
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
index bfb8fca0..90a3c60d 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntUtils.java
@@ -70,8 +70,7 @@ public final class IntUtils
      * Sorts this array of integers according to the Quicksort algorithm. After
      * calling this method this array is sorted in ascending order with the
      * smallest integer taking position 0 in the array.
-     * 
      
-     * 
      
+     * 
      
      * This implementation is based on the quicksort algorithm as described in
      * Data Structures In Java by Thomas A. Standish, Chapter 10,
      * ISBN 0-201-30564-X.
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
index 763b180e..779f384a 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/IntegerFunctions.java
@@ -38,8 +38,8 @@ public final class IntegerFunctions
      * Computes the value of the Jacobi symbol (A|B). The following properties
      * hold for the Jacobi symbol which makes it a very efficient way to
      * evaluate the Legendre symbol
-     * 
      
-     * (A|B) = 0 IF gcd(A,B) > 1
      
+     * 
      
+     * (A|B) = 0 IF gcd(A,B) > 1
      
      * (-1|B) = 1 IF n = 1 (mod 1)
      
      * (-1|B) = -1 IF n = 3 (mod 4)
      
      * (A|B) (C|B) = (AC|B)
      
@@ -47,7 +47,6 @@ public final class IntegerFunctions
      * (A|B) = (C|B) IF A = C (mod B)
      
      * (2|B) = 1 IF N = 1 OR 7 (mod 8)
      
      * (2|B) = 1 IF N = 3 OR 5 (mod 8)
-     * 
      
      *
      * @param A integer value
      * @param B integer value
@@ -493,10 +492,10 @@ public final class IntegerFunctions
     }
 
     /**
-     * determines the order of g modulo p, p prime and 1 < g < p. This algorithm
+     * determines the order of g modulo p, p prime and 1 < g < p. This algorithm
      * is only efficient for small p (see X9.62-1998, p. 68).
      *
-     * @param g an integer with 1 < g < p
+     * @param g an integer with 1 < g < p
      * @param p a prime
      * @return the order k of g (that is k is the smallest integer with
      *         gk = 1 mod p
@@ -743,7 +742,7 @@ public final class IntegerFunctions
      * Find and return the least non-trivial divisor of an integer a.
      *
      * @param a - the integer
-     * @return divisor p >1 or 1 if a = -1,0,1
+     * @return divisor p >1 or 1 if a = -1,0,1
      */
     public static int leastDiv(int a)
     {
@@ -1008,11 +1007,11 @@ public final class IntegerFunctions
     }
 
     /**
-     * Computes the binomial coefficient (n|t) ("n over t"). Formula:
      
+     * Computes the binomial coefficient (n|t) ("n over t"). Formula:
      * 
        
      * 
      • if n !=0 and t != 0 then (n|t) = Mult(i=1, t): (n-(i-1))/i
        • 
      * 
      • if t = 0 then (n|t) = 1
        • 
-     * 
      • if n = 0 and t > 0 then (n|t) = 0
        • 
+     * 
      • if n = 0 and t > 0 then (n|t) = 0
        • 
      * 
      
      *
      * @param n - the "upper" integer
@@ -1225,7 +1224,7 @@ public final class IntegerFunctions
     /**
      * calculate the logarithm to the base 2.
      *
-     * @param x any long value >=1
+     * @param x any long value >=1
      * @return log_2(x)
      * @deprecated use MathFunctions.log(long) instead
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
index 80cd2e5e..28b58d34 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/Permutation.java
@@ -179,7 +179,7 @@ public class Permutation
 
     /**
      * checks if given object is equal to this permutation.
-     * 
      
+     * 
      
      * The method returns false whenever the given object is not permutation.
      *
      * @param other -
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
index 668fbf93..866b6f7c 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialGF2mSmallM.java
@@ -4,7 +4,7 @@ import java.security.SecureRandom;
 
 /**
  * This class describes operations with polynomials from the ring R =
- * GF(2^m)[X], where 2 <= m <=31.
+ * GF(2^m)[X], where 2 <= m <=31.
  *
  * @see GF2mField
  * @see PolynomialRingGF2m
@@ -948,10 +948,10 @@ public class PolynomialGF2mSmallM
 
     /**
      * Compute a polynomial pair (a,b) from this polynomial and the given
-     * polynomial g with the property b*this = a mod g and deg(a)<=deg(g)/2.
+     * polynomial g with the property b*this = a mod g and deg(a)<=deg(g)/2.
      *
      * @param g the reduction polynomial
-     * @return PolynomialGF2mSmallM[] {a,b} with b*this = a mod g and deg(a)<=
+     * @return PolynomialGF2mSmallM[] {a,b} with b*this = a mod g and deg(a)<=
      *         deg(g)/2
      */
     public PolynomialGF2mSmallM[] modPolynomialToFracton(PolynomialGF2mSmallM g)
@@ -978,7 +978,7 @@ public class PolynomialGF2mSmallM
 
     /**
      * checks if given object is equal to this polynomial.
-     * 
      
+     * 
      
      * The method returns false whenever the given object is not polynomial over
      * GF(2^m).
      *
@@ -1045,7 +1045,6 @@ public class PolynomialGF2mSmallM
 
     /**
      * Returns a human readable form of the polynomial.
-     * 
      
      *
      * @return a human readable form of the polynomial.
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
index 0bdbc41a..a0e2bacc 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2.java
@@ -3,9 +3,9 @@ package org.bouncycastle.pqc.math.linearalgebra;
 /**
  * This class describes operations with polynomials over finite field GF(2), i e
  * polynomial ring R = GF(2)[X]. All operations are defined only for polynomials
- * with degree <=32. For the polynomial representation the map f: R->Z,
- * poly(X)->poly(2) is used, where integers have the binary representation. For
- * example: X^7+X^3+X+1 -> (00...0010001011)=139 Also for polynomials type
+ * with degree <=32. For the polynomial representation the map f: R->Z,
+ * poly(X)->poly(2) is used, where integers have the binary representation. For
+ * example: X^7+X^3+X+1 -> (00...0010001011)=139 Also for polynomials type
  * Integer is used.
  *
  * @see GF2mField
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
index 0711583b..9e5d4139 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/linearalgebra/PolynomialRingGF2m.java
@@ -2,7 +2,7 @@ package org.bouncycastle.pqc.math.linearalgebra;
 
 /**
  * This class represents polynomial rings GF(2^m)[X]/p(X) for
- * m<<;32. If p(X) is irreducible, the polynomial ring
+ * m<32. If p(X) is irreducible, the polynomial ring
  * is in fact an extension field of GF(2^m).
  */
 public class PolynomialRingGF2m
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
index b5af2ec5..5fb30584 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/BigIntEuclidean.java
@@ -14,7 +14,7 @@ public class BigIntEuclidean
     }
 
     /**
-     * Runs the EEA on two BigIntegers
      
+     * Runs the EEA on two BigIntegers
      
      * Implemented from pseudocode on Wikipedia.
      *
      * @param a
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
index 3ada3d4e..c959a26d 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/euclid/IntEuclidean.java
@@ -12,7 +12,7 @@ public class IntEuclidean
     }
 
     /**
-     * Runs the EEA on two ints
      
+     * Runs the EEA on two ints
      
      * Implemented from pseudocode on Wikipedia.
      *
      * @param a
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
index fadd3912..3c79b2e9 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/BigIntPolynomial.java
@@ -10,7 +10,7 @@ import java.util.List;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A polynomial with {@link BigInteger} coefficients.
      
+ * A polynomial with {@link BigInteger} coefficients.
      
  * Some methods (like add) change the polynomial, others (like mult) do
  * not but return the result as a new polynomial.
  */
@@ -95,7 +95,7 @@ public class BigIntPolynomial
 
     /**
      * Multiplies the polynomial by another, taking the indices mod N. Does not
-     * change this polynomial but returns the result as a new polynomial.
      
+     * change this polynomial but returns the result as a new polynomial.
      
      * Both polynomials must have the same number of coefficients.
      *
      * @param poly2 the polynomial to multiply by
@@ -257,7 +257,7 @@ public class BigIntPolynomial
     }
 
     /**
-     * Divides each coefficient by a BigInteger and rounds the result to the nearest whole number.
      
+     * Divides each coefficient by a BigInteger and rounds the result to the nearest whole number.
      
      * Does not return a new polynomial but modifies this polynomial.
      *
      * @param divisor the number to divide by
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
index 76ffac6b..c6bd7fbc 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/IntegerPolynomial.java
@@ -19,7 +19,7 @@ import org.bouncycastle.pqc.math.ntru.util.Util;
 import org.bouncycastle.util.Arrays;
 
 /**
- * A polynomial with int coefficients.
      
+ * A polynomial with int coefficients.
      
  * Some methods (like add) change the polynomial, others (like mult) do
  * not but return the result as a new polynomial.
  */
@@ -143,7 +143,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Decodes a byte array to a polynomial with N ternary coefficients
      
+     * Decodes a byte array to a polynomial with N ternary coefficients
      
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -181,8 +181,8 @@ public class IntegerPolynomial
     }
 
     /**
-     * Returns a polynomial with N coefficients between 0 and q-1.
      
-     * q must be a power of 2.
      
+     * Returns a polynomial with N coefficients between 0 and q-1.
      
+     * q must be a power of 2.
      
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -196,8 +196,8 @@ public class IntegerPolynomial
     }
 
     /**
-     * Returns a polynomial with N coefficients between 0 and q-1.
      
-     * q must be a power of 2.
      
+     * Returns a polynomial with N coefficients between 0 and q-1.
      
+     * q must be a power of 2.
      
      * Ignores any excess bytes.
      *
      * @param is an encoded ternary polynomial
@@ -213,7 +213,7 @@ public class IntegerPolynomial
 
     /**
      * Encodes a polynomial with ternary coefficients to binary.
-     * coeffs[2*i] and coeffs[2*i+1] must not both equal -1 for any integer i,
+     * coeffs[2*i] and coeffs[2*i+1] must not both equal -1 for any integer i,
      * so this method is only safe to use with polynomials produced by fromBinary3Sves().
      *
      * @return the encoded polynomial
@@ -366,7 +366,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Computes the inverse mod q; q must be a power of 2.
      
+     * Computes the inverse mod q; q must be a power of 2.
      
      * Returns null if the polynomial is not invertible.
      *
      * @param q the modulus
@@ -572,14 +572,14 @@ public class IntegerPolynomial
 
     /**
      * Resultant of this polynomial with x^n-1 using a probabilistic algorithm.
-     * 
      
+     * 
      
      * Unlike EESS, this implementation does not compute all resultants modulo primes
      * such that their product exceeds the maximum possible resultant, but rather stops
-     * when NUM_EQUAL_RESULTANTS consecutive modular resultants are equal.
      
+     * when NUM_EQUAL_RESULTANTS consecutive modular resultants are equal.
      
      * This means the return value may be incorrect. Experiments show this happens in
      * about 1 out of 100 cases when N=439 and NUM_EQUAL_RESULTANTS=2,
      * so the likelyhood of leaving the loop too early is (1/100)^(NUM_EQUAL_RESULTANTS-1).
-     * 
      
+     * 
      
      * Because of the above, callers must verify the output and try a different polynomial if necessary.
      *
      * @return (rho, res) satisfying res = rho*this + t*(x^n-1) for some integer t.
@@ -766,7 +766,7 @@ public class IntegerPolynomial
     }
 
     /**
-     * Resultant of this polynomial with x^n-1 mod p.
      
+     * Resultant of this polynomial with x^n-1 mod p.
      *
      * @return (rho, res) satisfying res = rho*this + t*(x^n-1) mod p for some integer t.
      */
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
index c7ae56c3..d71615a3 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial2.java
@@ -4,7 +4,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A polynomial class that combines two coefficients into one long value for
- * faster multiplication in 64 bit environments.
      
+ * faster multiplication in 64 bit environments.
      
  * Coefficients can be between 0 and 2047 and are stored in pairs in the bits 0..10 and 24..34 of a long number.
  */
 public class LongPolynomial2
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
index 69801e90..c804cc8d 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/LongPolynomial5.java
@@ -4,7 +4,7 @@ import org.bouncycastle.util.Arrays;
 
 /**
  * A polynomial class that combines five coefficients into one long value for
- * faster multiplication by a ternary polynomial.
      
+ * faster multiplication by a ternary polynomial.
      
  * Coefficients can be between 0 and 2047 and are stored in bits 0..11, 12..23, ..., 48..59 of a long number.
  */
 public class LongPolynomial5
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
index 7a7237c2..69193e39 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/polynomial/Polynomial.java
@@ -32,7 +32,7 @@ public interface Polynomial
 
     /**
      * Multiplies the polynomial by a BigIntPolynomial, taking the indices mod N. Does not
-     * change this polynomial but returns the result as a new polynomial.
      
+     * change this polynomial but returns the result as a new polynomial.
      
      * Both polynomials must have the same number of coefficients.
      *
      * @param poly2 the polynomial to multiply by
diff --git a/core/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java b/core/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
index 0c8f5abf..a437d48a 100644
--- a/core/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
+++ b/core/src/main/java/org/bouncycastle/pqc/math/ntru/util/ArrayEncoder.java
@@ -56,7 +56,7 @@ public class ArrayEncoder
 
     /**
      * Encodes an int array whose elements are between 0 and q,
-     * to a byte array leaving no gaps between bits.
      
+     * to a byte array leaving no gaps between bits.
      
      * q must be a power of 2.
      *
      * @param a the input array
@@ -92,8 +92,8 @@ public class ArrayEncoder
     }
 
     /**
-     * Decodes a byte array encoded with {@link #encodeModQ(int[], int)} back to an int array.
      
-     * N is the number of coefficients. q must be a power of 2.
      
+     * Decodes a byte array encoded with {@link #encodeModQ(int[], int)} back to an int array.
      
+     * N is the number of coefficients. q must be a power of 2.
      
      * Ignores any excess bytes.
      *
      * @param data an encoded ternary polynomial
@@ -120,8 +120,8 @@ public class ArrayEncoder
     }
 
     /**
-     * Decodes data encoded with {@link #encodeModQ(int[], int)} back to an int array.
      
-     * N is the number of coefficients. q must be a power of 2.
      
+     * Decodes data encoded with {@link #encodeModQ(int[], int)} back to an int array.
      
+     * N is the number of coefficients. q must be a power of 2.
      
      * Ignores any excess bytes.
      *
      * @param is an encoded ternary polynomial
@@ -140,8 +140,8 @@ public class ArrayEncoder
 
     /**
      * Decodes a byte array encoded with {@link #encodeMod3Sves(int[])} back to an int array
-     * with N coefficients between -1 and 1.
      
-     * Ignores any excess bytes.
      
+     * with N coefficients between -1 and 1.
      
+     * Ignores any excess bytes.
      
      * See P1363.1 section 9.2.2.
      *
      * @param data an encoded ternary polynomial
@@ -171,8 +171,8 @@ public class ArrayEncoder
 
     /**
      * Encodes an int array whose elements are between -1 and 1, to a byte array.
-     * coeffs[2*i] and coeffs[2*i+1] must not both equal -1 for any integer       i,
-     * so this method is only safe to use with arrays produced by {@link #decodeMod3Sves(byte[], int)}.
      
+     * coeffs[2*i] and coeffs[2*i+1] must not both equal -1 for any integer i,
+     * so this method is only safe to use with arrays produced by {@link #decodeMod3Sves(byte[], int)}.
      
      * See P1363.1 section 9.2.3.
      *
      * @param arr
diff --git a/core/src/main/java/org/bouncycastle/util/Memoable.java b/core/src/main/java/org/bouncycastle/util/Memoable.java
index 0be91711..ee0bedac 100644
--- a/core/src/main/java/org/bouncycastle/util/Memoable.java
+++ b/core/src/main/java/org/bouncycastle/util/Memoable.java
@@ -4,7 +4,7 @@ public interface Memoable
 {
     /**
      * Produce a copy of this object with its configuration and in its current state.
-     * 
      
+     * 
      
      * The returned object may be used simply to store the state, or may be used as a similar object
      * starting from the copied state.
      */
@@ -12,7 +12,7 @@ public interface Memoable
 
     /**
      * Restore a copied object state into this object.
-     * 
      
+     * 
      
      * Implementations of this method should try to avoid or minimise memory allocation to perform the reset.
      *
      * @param other an object originally {@link #copy() copied} from an object of the same type as this instance.
-- 
cgit v1.2.3


From 737bedf272b4fb34c395f07addb72b28d4f90a13 Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 12:07:38 +1100
Subject: refactoring

---
 .../java/org/bouncycastle/asn1/ASN1Boolean.java    | 182 ++++++++-
 .../bouncycastle/asn1/ASN1ObjectIdentifier.java    | 425 +++++++++++++++++++-
 .../java/org/bouncycastle/asn1/DERBoolean.java     | 173 +-------
 .../org/bouncycastle/asn1/DERObjectIdentifier.java | 440 +--------------------
 4 files changed, 611 insertions(+), 609 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
index 1360e8b5..f9665c27 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
@@ -1,15 +1,187 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
+
+import org.bouncycastle.util.Arrays;
+
 public class ASN1Boolean
-    extends DERBoolean
+    extends ASN1Primitive
 {
-    public ASN1Boolean(boolean value)
+    private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
+    private static final byte[] FALSE_VALUE = new byte[] { 0 };
+
+    private byte[]         value;
+
+    public static final ASN1Boolean FALSE = new ASN1Boolean(false);
+    public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
+
+
+    /**
+     * return a boolean from the passed in object.
+     *
+     * @exception IllegalArgumentException if the object cannot be converted.
+     */
+    public static ASN1Boolean getInstance(
+        Object  obj)
+    {
+        if (obj == null || obj instanceof ASN1Boolean)
+        {
+            return (ASN1Boolean)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            byte[] enc = (byte[])obj;
+            try
+            {
+                return (ASN1Boolean)fromByteArray(enc);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("failed to construct boolean from byte[]: " + e.getMessage());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an ASN1Boolean from the passed in boolean.
+     */
+    public static ASN1Boolean getInstance(
+        boolean  value)
+    {
+        return (value ? TRUE : FALSE);
+    }
+
+    /**
+     * return an ASN1Boolean from the passed in value.
+     */
+    public static ASN1Boolean getInstance(
+        int value)
+    {
+        return (value != 0 ? TRUE : FALSE);
+    }
+
+    /**
+     * return a Boolean from a tagged object.
+     *
+     * @param obj the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *              tagged false otherwise.
+     * @exception IllegalArgumentException if the tagged object cannot
+     *               be converted.
+     */
+    public static ASN1Boolean getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Boolean)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return ASN1Boolean.fromOctetString(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    ASN1Boolean(
+        byte[] value)
+    {
+        if (value.length != 1)
+        {
+            throw new IllegalArgumentException("byte value should have 1 byte in it");
+        }
+
+        if (value[0] == 0)
+        {
+            this.value = FALSE_VALUE;
+        }
+        else if ((value[0] & 0xff) == 0xff)
+        {
+            this.value = TRUE_VALUE;
+        }
+        else
+        {
+            this.value = Arrays.clone(value);
+        }
+    }
+
+    /**
+     * @deprecated use getInstance(boolean) method.
+     * @param value
+     */
+    public ASN1Boolean(
+        boolean     value)
     {
-        super(value);
+        this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
     }
 
-    ASN1Boolean(byte[] value)
+    public boolean isTrue()
     {
-        super(value);
+        return (value[0] != 0);
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+    {
+        return 3;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.BOOLEAN, value);
+    }
+
+    protected boolean asn1Equals(
+        ASN1Primitive  o)
+    {
+        if ((o == null) || !(o instanceof ASN1Boolean))
+        {
+            return false;
+        }
+
+        return (value[0] == ((ASN1Boolean)o).value[0]);
+    }
+
+    public int hashCode()
+    {
+        return value[0];
+    }
+
+
+    public String toString()
+    {
+      return (value[0] != 0) ? "TRUE" : "FALSE";
+    }
+
+    static ASN1Boolean fromOctetString(byte[] value)
+    {
+        if (value.length != 1)
+        {
+            throw new IllegalArgumentException("BOOLEAN value should have 1 byte in it");
+        }
+
+        if (value[0] == 0)
+        {
+            return FALSE;
+        }
+        else if ((value[0] & 0xff) == 0xff)
+        {
+            return TRUE;
+        }
+        else
+        {
+            return new ASN1Boolean(value);
+        }
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
index 98f46a6d..656272ed 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -1,21 +1,429 @@
 package org.bouncycastle.asn1;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+
+import org.bouncycastle.util.Arrays;
+
 public class ASN1ObjectIdentifier
-    extends DERObjectIdentifier
+    extends ASN1Primitive
 {
-    public ASN1ObjectIdentifier(String identifier)
+    String identifier;
+
+    private byte[] body;
+
+    /**
+     * return an OID from the passed in object
+     *
+     * @throws IllegalArgumentException if the object cannot be converted.
+     */
+    public static ASN1ObjectIdentifier getInstance(
+        Object obj)
+    {
+        if (obj == null || obj instanceof ASN1ObjectIdentifier)
+        {
+            return (ASN1ObjectIdentifier)obj;
+        }
+
+        if (obj instanceof ASN1Encodable && ((ASN1Encodable)obj).toASN1Primitive() instanceof ASN1ObjectIdentifier)
+        {
+            return (ASN1ObjectIdentifier)((ASN1Encodable)obj).toASN1Primitive();
+        }
+
+        if (obj instanceof byte[])
+        {
+            byte[] enc = (byte[])obj;
+            try
+            {
+                return (ASN1ObjectIdentifier)fromByteArray(enc);
+            }
+            catch (IOException e)
+            {
+                throw new IllegalArgumentException("failed to construct object identifier from byte[]: " + e.getMessage());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an Object Identifier from a tagged object.
+     *
+     * @param obj      the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *                 tagged false otherwise.
+     * @throws IllegalArgumentException if the tagged object cannot
+     * be converted.
+     */
+    public static ASN1ObjectIdentifier getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1ObjectIdentifier)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return ASN1ObjectIdentifier.fromOctetString(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
+    }
+
+    private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f;
+
+    ASN1ObjectIdentifier(
+        byte[] bytes)
+    {
+        StringBuffer objId = new StringBuffer();
+        long value = 0;
+        BigInteger bigValue = null;
+        boolean first = true;
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            int b = bytes[i] & 0xff;
+
+            if (value <= LONG_LIMIT)
+            {
+                value += (b & 0x7f);
+                if ((b & 0x80) == 0)             // end of number reached
+                {
+                    if (first)
+                    {
+                        if (value < 40)
+                        {
+                            objId.append('0');
+                        }
+                        else if (value < 80)
+                        {
+                            objId.append('1');
+                            value -= 40;
+                        }
+                        else
+                        {
+                            objId.append('2');
+                            value -= 80;
+                        }
+                        first = false;
+                    }
+
+                    objId.append('.');
+                    objId.append(value);
+                    value = 0;
+                }
+                else
+                {
+                    value <<= 7;
+                }
+            }
+            else
+            {
+                if (bigValue == null)
+                {
+                    bigValue = BigInteger.valueOf(value);
+                }
+                bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f));
+                if ((b & 0x80) == 0)
+                {
+                    if (first)
+                    {
+                        objId.append('2');
+                        bigValue = bigValue.subtract(BigInteger.valueOf(80));
+                        first = false;
+                    }
+
+                    objId.append('.');
+                    objId.append(bigValue);
+                    bigValue = null;
+                    value = 0;
+                }
+                else
+                {
+                    bigValue = bigValue.shiftLeft(7);
+                }
+            }
+        }
+
+        this.identifier = objId.toString();
+        this.body = Arrays.clone(bytes);
+    }
+
+    public ASN1ObjectIdentifier(
+        String identifier)
     {
-        super(identifier);
+        if (identifier == null)
+        {
+            throw new IllegalArgumentException("'identifier' cannot be null");
+        }
+        if (!isValidIdentifier(identifier))
+        {
+            throw new IllegalArgumentException("string " + identifier + " not an OID");
+        }
+
+        this.identifier = identifier;
     }
 
-    ASN1ObjectIdentifier(byte[] bytes)
+    ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branchID)
     {
-        super(bytes);
+        if (!isValidBranchID(branchID, 0))
+        {
+            throw new IllegalArgumentException("string " + branchID + " not a valid OID branch");
+        }
+
+        this.identifier = oid.getId() + "." + branchID;
     }
 
-    ASN1ObjectIdentifier(ASN1ObjectIdentifier oid, String branch)
+    public String getId()
     {
-        super(oid, branch);
+        return identifier;
+    }
+
+    private void writeField(
+        ByteArrayOutputStream out,
+        long fieldValue)
+    {
+        byte[] result = new byte[9];
+        int pos = 8;
+        result[pos] = (byte)((int)fieldValue & 0x7f);
+        while (fieldValue >= (1L << 7))
+        {
+            fieldValue >>= 7;
+            result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
+        }
+        out.write(result, pos, 9 - pos);
+    }
+
+    private void writeField(
+        ByteArrayOutputStream out,
+        BigInteger fieldValue)
+    {
+        int byteCount = (fieldValue.bitLength() + 6) / 7;
+        if (byteCount == 0)
+        {
+            out.write(0);
+        }
+        else
+        {
+            BigInteger tmpValue = fieldValue;
+            byte[] tmp = new byte[byteCount];
+            for (int i = byteCount - 1; i >= 0; i--)
+            {
+                tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80);
+                tmpValue = tmpValue.shiftRight(7);
+            }
+            tmp[byteCount - 1] &= 0x7f;
+            out.write(tmp, 0, tmp.length);
+        }
+    }
+
+    private void doOutput(ByteArrayOutputStream aOut)
+    {
+        OIDTokenizer tok = new OIDTokenizer(identifier);
+        int first = Integer.parseInt(tok.nextToken()) * 40;
+
+        String secondToken = tok.nextToken();
+        if (secondToken.length() <= 18)
+        {
+            writeField(aOut, first + Long.parseLong(secondToken));
+        }
+        else
+        {
+            writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first)));
+        }
+
+        while (tok.hasMoreTokens())
+        {
+            String token = tok.nextToken();
+            if (token.length() <= 18)
+            {
+                writeField(aOut, Long.parseLong(token));
+            }
+            else
+            {
+                writeField(aOut, new BigInteger(token));
+            }
+        }
+    }
+
+    protected synchronized byte[] getBody()
+    {
+        if (body == null)
+        {
+            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+
+            doOutput(bOut);
+
+            body = bOut.toByteArray();
+        }
+
+        return body;
+    }
+
+    boolean isConstructed()
+    {
+        return false;
+    }
+
+    int encodedLength()
+        throws IOException
+    {
+        int length = getBody().length;
+
+        return 1 + StreamUtil.calculateBodyLength(length) + length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        byte[] enc = getBody();
+
+        out.write(BERTags.OBJECT_IDENTIFIER);
+        out.writeLength(enc.length);
+        out.write(enc);
+    }
+
+    public int hashCode()
+    {
+        return identifier.hashCode();
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof DERObjectIdentifier))
+        {
+            return false;
+        }
+
+        return identifier.equals(((DERObjectIdentifier)o).identifier);
+    }
+
+    public String toString()
+    {
+        return getId();
+    }
+
+    private static boolean isValidBranchID(
+        String branchID, int start)
+    {
+        boolean periodAllowed = false;
+
+        int pos = branchID.length();
+        while (--pos >= start)
+        {
+            char ch = branchID.charAt(pos);
+
+            // TODO Leading zeroes?
+            if ('0' <= ch && ch <= '9')
+            {
+                periodAllowed = true;
+                continue;
+            }
+
+            if (ch == '.')
+            {
+                if (!periodAllowed)
+                {
+                    return false;
+                }
+
+                periodAllowed = false;
+                continue;
+            }
+
+            return false;
+        }
+
+        return periodAllowed;
+    }
+
+    private static boolean isValidIdentifier(
+        String identifier)
+    {
+        if (identifier.length() < 3 || identifier.charAt(1) != '.')
+        {
+            return false;
+        }
+
+        char first = identifier.charAt(0);
+        if (first < '0' || first > '2')
+        {
+            return false;
+        }
+
+        return isValidBranchID(identifier, 2);
+    }
+
+    private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][];
+
+    static ASN1ObjectIdentifier fromOctetString(byte[] enc)
+    {
+        if (enc.length < 3)
+        {
+            return new ASN1ObjectIdentifier(enc);
+        }
+
+        int idx1 = enc[enc.length - 2] & 0xff;
+        // in this case top bit is always zero
+        int idx2 = enc[enc.length - 1] & 0x7f;
+
+        ASN1ObjectIdentifier possibleMatch;
+
+        synchronized (cache)
+        {
+            ASN1ObjectIdentifier[] first = cache[idx1];
+            if (first == null)
+            {
+                first = cache[idx1] = new ASN1ObjectIdentifier[128];
+            }
+
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+
+            if (Arrays.areEqual(enc, possibleMatch.getBody()))
+            {
+                return possibleMatch;
+            }
+
+            idx1 = (idx1 + 1) & 0xff;
+            first = cache[idx1];
+            if (first == null)
+            {
+                first = cache[idx1] = new ASN1ObjectIdentifier[128];
+            }
+
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+
+            if (Arrays.areEqual(enc, possibleMatch.getBody()))
+            {
+                return possibleMatch;
+            }
+
+            idx2 = (idx2 + 1) & 0x7f;
+            possibleMatch = first[idx2];
+            if (possibleMatch == null)
+            {
+                return first[idx2] = new ASN1ObjectIdentifier(enc);
+            }
+        }
+
+        if (Arrays.areEqual(enc, possibleMatch.getBody()))
+        {
+            return possibleMatch;
+        }
+
+        return new ASN1ObjectIdentifier(enc);
     }
 
     /**
@@ -31,8 +439,9 @@ public class ASN1ObjectIdentifier
 
     /**
      * Return  true if this oid is an extension of the passed in branch, stem.
+     *
      * @param stem the arc or branch that is a possible parent.
-     * @return  true if the branch is on the passed in stem, false otherwise.
+     * @return true if the branch is on the passed in stem, false otherwise.
      */
     public boolean on(ASN1ObjectIdentifier stem)
     {
diff --git a/core/src/main/java/org/bouncycastle/asn1/DERBoolean.java b/core/src/main/java/org/bouncycastle/asn1/DERBoolean.java
index 8b8d2260..378ea359 100644
--- a/core/src/main/java/org/bouncycastle/asn1/DERBoolean.java
+++ b/core/src/main/java/org/bouncycastle/asn1/DERBoolean.java
@@ -1,179 +1,22 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
-
-import org.bouncycastle.util.Arrays;
-
+/**
+ * @deprecated use ASN1Boolean
+ */
 public class DERBoolean
-    extends ASN1Primitive
+    extends ASN1Boolean
 {
-    private static final byte[] TRUE_VALUE = new byte[] { (byte)0xff };
-    private static final byte[] FALSE_VALUE = new byte[] { 0 };
-
-    private byte[]         value;
-
-    public static final ASN1Boolean FALSE = new ASN1Boolean(false);
-    public static final ASN1Boolean TRUE  = new ASN1Boolean(true);
-
-
-    /**
-     * return a boolean from the passed in object.
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Boolean getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Boolean)
-        {
-            return (ASN1Boolean)obj;
-        }
-
-        if (obj instanceof DERBoolean)
-        {
-            return ((DERBoolean)obj).isTrue() ? DERBoolean.TRUE : DERBoolean.FALSE;
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return a ASN1Boolean from the passed in boolean.
-     */
-    public static ASN1Boolean getInstance(
-        boolean  value)
-    {
-        return (value ? TRUE : FALSE);
-    }
-
-    /**
-     * return a ASN1Boolean from the passed in boolean.
-     */
-    public static ASN1Boolean getInstance(
-        int value)
-    {
-        return (value != 0 ? TRUE : FALSE);
-    }
-
-    /**
-     * return a Boolean from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Boolean getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERBoolean)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return ASN1Boolean.fromOctetString(((ASN1OctetString)o).getOctets());
-        }
-    }
-    
-    DERBoolean(
-        byte[]       value)
-    {
-        if (value.length != 1)
-        {
-            throw new IllegalArgumentException("byte value should have 1 byte in it");
-        }
-
-        if (value[0] == 0)
-        {
-            this.value = FALSE_VALUE;
-        }
-        else if (value[0] == 0xff)
-        {
-            this.value = TRUE_VALUE;
-        }
-        else
-        {
-            this.value = Arrays.clone(value);
-        }
-    }
-
     /**
      * @deprecated use getInstance(boolean) method.
      * @param value
      */
-    public DERBoolean(
-        boolean     value)
-    {
-        this.value = (value) ? TRUE_VALUE : FALSE_VALUE;
-    }
-
-    public boolean isTrue()
-    {
-        return (value[0] != 0);
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
+    public DERBoolean(boolean value)
     {
-        return 3;
+        super(value);
     }
 
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
+    DERBoolean(byte[] value)
     {
-        out.writeEncoded(BERTags.BOOLEAN, value);
-    }
-    
-    protected boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if ((o == null) || !(o instanceof DERBoolean))
-        {
-            return false;
-        }
-
-        return (value[0] == ((DERBoolean)o).value[0]);
-    }
-    
-    public int hashCode()
-    {
-        return value[0];
-    }
-
-
-    public String toString()
-    {
-      return (value[0] != 0) ? "TRUE" : "FALSE";
-    }
-
-    static ASN1Boolean fromOctetString(byte[] value)
-    {
-        if (value.length != 1)
-        {
-            throw new IllegalArgumentException("BOOLEAN value should have 1 byte in it");
-        }
-
-        if (value[0] == 0)
-        {
-            return FALSE;
-        }
-        else if (value[0] == 0xff)
-        {
-            return TRUE;
-        }
-        else
-        {
-            return new ASN1Boolean(value);
-        }
+        super(value);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java b/core/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
index 3d4d04c1..acb2ada6 100644
--- a/core/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
+++ b/core/src/main/java/org/bouncycastle/asn1/DERObjectIdentifier.java
@@ -1,446 +1,24 @@
 package org.bouncycastle.asn1;
 
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.math.BigInteger;
-
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1ObjectIdentifier instead of this,
+ *
+ * @deprecated Use ASN1ObjectIdentifier instead of this,
  */
 public class DERObjectIdentifier
-    extends ASN1Primitive
+    extends ASN1ObjectIdentifier
 {
-    String identifier;
-
-    private byte[] body;
-
-    /**
-     * return an OID from the passed in object
-     *
-     * @throws IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1ObjectIdentifier getInstance(
-        Object obj)
-    {
-        if (obj == null || obj instanceof ASN1ObjectIdentifier)
-        {
-            return (ASN1ObjectIdentifier)obj;
-        }
-
-        if (obj instanceof DERObjectIdentifier)
-        {
-            return new ASN1ObjectIdentifier(((DERObjectIdentifier)obj).getId());
-        }
-
-        if (obj instanceof ASN1Encodable && ((ASN1Encodable)obj).toASN1Primitive() instanceof ASN1ObjectIdentifier)
-        {
-            return (ASN1ObjectIdentifier)((ASN1Encodable)obj).toASN1Primitive();
-        }
-
-        if (obj instanceof byte[])
-        {
-            byte[] enc = (byte[])obj;
-            if (enc[0] == BERTags.OBJECT_IDENTIFIER)
-            {
-                try
-                {
-                    return (ASN1ObjectIdentifier)fromByteArray(enc);
-                }
-                catch (IOException e)
-                {
-                    throw new IllegalArgumentException("failed to construct sequence from byte[]: " + e.getMessage());
-                }
-            }
-            else
-            {    // TODO: this really shouldn't be supported here...
-                return ASN1ObjectIdentifier.fromOctetString((byte[])obj);
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return an Object Identifier from a tagged object.
-     *
-     * @param obj      the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *                 tagged false otherwise.
-     * @throws IllegalArgumentException if the tagged object cannot
-     * be converted.
-     */
-    public static ASN1ObjectIdentifier getInstance(
-        ASN1TaggedObject obj,
-        boolean explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERObjectIdentifier)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return ASN1ObjectIdentifier.fromOctetString(ASN1OctetString.getInstance(obj.getObject()).getOctets());
-        }
-    }
-
-    private static final long LONG_LIMIT = (Long.MAX_VALUE >> 7) - 0x7f;
-
-    DERObjectIdentifier(
-        byte[] bytes)
+    public DERObjectIdentifier(String identifier)
     {
-        StringBuffer objId = new StringBuffer();
-        long value = 0;
-        BigInteger bigValue = null;
-        boolean first = true;
-
-        for (int i = 0; i != bytes.length; i++)
-        {
-            int b = bytes[i] & 0xff;
-
-            if (value <= LONG_LIMIT)
-            {
-                value += (b & 0x7f);
-                if ((b & 0x80) == 0)             // end of number reached
-                {
-                    if (first)
-                    {
-                        if (value < 40)
-                        {
-                            objId.append('0');
-                        }
-                        else if (value < 80)
-                        {
-                            objId.append('1');
-                            value -= 40;
-                        }
-                        else
-                        {
-                            objId.append('2');
-                            value -= 80;
-                        }
-                        first = false;
-                    }
-
-                    objId.append('.');
-                    objId.append(value);
-                    value = 0;
-                }
-                else
-                {
-                    value <<= 7;
-                }
-            }
-            else
-            {
-                if (bigValue == null)
-                {
-                    bigValue = BigInteger.valueOf(value);
-                }
-                bigValue = bigValue.or(BigInteger.valueOf(b & 0x7f));
-                if ((b & 0x80) == 0)
-                {
-                    if (first)
-                    {
-                        objId.append('2');
-                        bigValue = bigValue.subtract(BigInteger.valueOf(80));
-                        first = false;
-                    }
-
-                    objId.append('.');
-                    objId.append(bigValue);
-                    bigValue = null;
-                    value = 0;
-                }
-                else
-                {
-                    bigValue = bigValue.shiftLeft(7);
-                }
-            }
-        }
-
-        this.identifier = objId.toString();
-        this.body = Arrays.clone(bytes);
+        super(identifier);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier constructor.
-     */
-    public DERObjectIdentifier(
-        String identifier)
+    DERObjectIdentifier(byte[] bytes)
     {
-        if (identifier == null)
-        {
-            throw new IllegalArgumentException("'identifier' cannot be null");
-        }
-        if (!isValidIdentifier(identifier))
-        {
-            throw new IllegalArgumentException("string " + identifier + " not an OID");
-        }
-
-        this.identifier = identifier;
+        super(bytes);
     }
 
-    DERObjectIdentifier(DERObjectIdentifier oid, String branchID)
+    DERObjectIdentifier(ASN1ObjectIdentifier oid, String branch)
     {
-        if (!isValidBranchID(branchID, 0))
-        {
-            throw new IllegalArgumentException("string " + branchID + " not a valid OID branch");
-        }
-
-        this.identifier = oid.getId() + "." + branchID;
-    }
-
-    public String getId()
-    {
-        return identifier;
-    }
-
-    private void writeField(
-        ByteArrayOutputStream out,
-        long fieldValue)
-    {
-        byte[] result = new byte[9];
-        int pos = 8;
-        result[pos] = (byte)((int)fieldValue & 0x7f);
-        while (fieldValue >= (1L << 7))
-        {
-            fieldValue >>= 7;
-            result[--pos] = (byte)((int)fieldValue & 0x7f | 0x80);
-        }
-        out.write(result, pos, 9 - pos);
-    }
-
-    private void writeField(
-        ByteArrayOutputStream out,
-        BigInteger fieldValue)
-    {
-        int byteCount = (fieldValue.bitLength() + 6) / 7;
-        if (byteCount == 0)
-        {
-            out.write(0);
-        }
-        else
-        {
-            BigInteger tmpValue = fieldValue;
-            byte[] tmp = new byte[byteCount];
-            for (int i = byteCount - 1; i >= 0; i--)
-            {
-                tmp[i] = (byte)((tmpValue.intValue() & 0x7f) | 0x80);
-                tmpValue = tmpValue.shiftRight(7);
-            }
-            tmp[byteCount - 1] &= 0x7f;
-            out.write(tmp, 0, tmp.length);
-        }
-    }
-
-    private void doOutput(ByteArrayOutputStream aOut)
-    {
-        OIDTokenizer tok = new OIDTokenizer(identifier);
-        int first = Integer.parseInt(tok.nextToken()) * 40;
-
-        String secondToken = tok.nextToken();
-        if (secondToken.length() <= 18)
-        {
-            writeField(aOut, first + Long.parseLong(secondToken));
-        }
-        else
-        {
-            writeField(aOut, new BigInteger(secondToken).add(BigInteger.valueOf(first)));
-        }
-
-        while (tok.hasMoreTokens())
-        {
-            String token = tok.nextToken();
-            if (token.length() <= 18)
-            {
-                writeField(aOut, Long.parseLong(token));
-            }
-            else
-            {
-                writeField(aOut, new BigInteger(token));
-            }
-        }
-    }
-
-    protected synchronized byte[] getBody()
-    {
-        if (body == null)
-        {
-            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
-
-            doOutput(bOut);
-
-            body = bOut.toByteArray();
-        }
-
-        return body;
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-        throws IOException
-    {
-        int length = getBody().length;
-
-        return 1 + StreamUtil.calculateBodyLength(length) + length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
-    {
-        byte[] enc = getBody();
-
-        out.write(BERTags.OBJECT_IDENTIFIER);
-        out.writeLength(enc.length);
-        out.write(enc);
-    }
-
-    public int hashCode()
-    {
-        return identifier.hashCode();
-    }
-
-    boolean asn1Equals(
-        ASN1Primitive o)
-    {
-        if (!(o instanceof DERObjectIdentifier))
-        {
-            return false;
-        }
-
-        return identifier.equals(((DERObjectIdentifier)o).identifier);
-    }
-
-    public String toString()
-    {
-        return getId();
-    }
-
-    private static boolean isValidBranchID(
-        String branchID, int start)
-    {
-        boolean periodAllowed = false;
-
-        int pos = branchID.length();
-        while (--pos >= start)
-        {
-            char ch = branchID.charAt(pos);
-
-            // TODO Leading zeroes?
-            if ('0' <= ch && ch <= '9')
-            {
-                periodAllowed = true;
-                continue;
-            }
-
-            if (ch == '.')
-            {
-                if (!periodAllowed)
-                {
-                    return false;
-                }
-
-                periodAllowed = false;
-                continue;
-            }
-
-            return false;
-        }
-
-        return periodAllowed;
-    }
-
-    private static boolean isValidIdentifier(
-        String identifier)
-    {
-        if (identifier.length() < 3 || identifier.charAt(1) != '.')
-        {
-            return false;
-        }
-
-        char first = identifier.charAt(0);
-        if (first < '0' || first > '2')
-        {
-            return false;
-        }
-
-        return isValidBranchID(identifier, 2);
-    }
-
-    private static ASN1ObjectIdentifier[][] cache = new ASN1ObjectIdentifier[256][];
-
-    static ASN1ObjectIdentifier fromOctetString(byte[] enc)
-    {
-        if (enc.length < 3)
-        {
-            return new ASN1ObjectIdentifier(enc);
-        }
-
-        int idx1 = enc[enc.length - 2] & 0xff;
-        // in this case top bit is always zero
-        int idx2 = enc[enc.length - 1] & 0x7f;
-
-        ASN1ObjectIdentifier possibleMatch;
-
-        synchronized (cache)
-        {
-            ASN1ObjectIdentifier[] first = cache[idx1];
-            if (first == null)
-            {
-                first = cache[idx1] = new ASN1ObjectIdentifier[128];
-            }
-
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-
-            if (Arrays.areEqual(enc, possibleMatch.getBody()))
-            {
-                return possibleMatch;
-            }
-
-            idx1 = (idx1 + 1) & 0xff;
-            first = cache[idx1];
-            if (first == null)
-            {
-                first = cache[idx1] = new ASN1ObjectIdentifier[128];
-            }
-
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-
-            if (Arrays.areEqual(enc, possibleMatch.getBody()))
-            {
-                return possibleMatch;
-            }
-
-            idx2 = (idx2 + 1) & 0x7f;
-            possibleMatch = first[idx2];
-            if (possibleMatch == null)
-            {
-                return first[idx2] = new ASN1ObjectIdentifier(enc);
-            }
-        }
-
-        if (Arrays.areEqual(enc, possibleMatch.getBody()))
-        {
-            return possibleMatch;
-        }
-
-        return new ASN1ObjectIdentifier(enc);
+        super(oid, branch);
     }
 }
-- 
cgit v1.2.3


From 9407ff16b8cf860d59e4493af60b43996d13703c Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 12:09:09 +1100
Subject: fixed asn1Equals

---
 core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java b/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
index 656272ed..6bd335bc 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java
@@ -294,12 +294,12 @@ public class ASN1ObjectIdentifier
     boolean asn1Equals(
         ASN1Primitive o)
     {
-        if (!(o instanceof DERObjectIdentifier))
+        if (!(o instanceof ASN1ObjectIdentifier))
         {
             return false;
         }
 
-        return identifier.equals(((DERObjectIdentifier)o).identifier);
+        return identifier.equals(((ASN1ObjectIdentifier)o).identifier);
     }
 
     public String toString()
-- 
cgit v1.2.3


From c36089c37a0656df8b63ceebf5d52161238694d7 Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 13:25:24 +1100
Subject: refactoring of ASN1 primitive classes.

---
 .../java/org/bouncycastle/asn1/ASN1Enumerated.java | 154 +++++++++++++++++++-
 .../java/org/bouncycastle/asn1/ASN1Integer.java    | 136 +++++++++++++++--
 .../java/org/bouncycastle/asn1/DEREnumerated.java  | 161 +--------------------
 .../java/org/bouncycastle/asn1/DERInteger.java     | 150 ++-----------------
 .../java/org/bouncycastle/asn1/cms/Attribute.java  |  12 --
 .../org/bouncycastle/asn1/cms/AttributeTable.java  |  17 ---
 .../org/bouncycastle/asn1/ess/ContentHints.java    |  20 ---
 .../asn1/isismtt/x509/NamingAuthority.java         |  19 ---
 .../bouncycastle/asn1/oiw/ElGamalParameter.java    |  16 +-
 .../java/org/bouncycastle/asn1/util/ASN1Dump.java  |  13 +-
 .../asn1/x509/AlgorithmIdentifier.java             |  25 ----
 .../bouncycastle/asn1/x509/BasicConstraints.java   |   5 +-
 .../org/bouncycastle/asn1/x509/X509Extension.java  |   4 +-
 .../org/bouncycastle/asn1/x509/X509Extensions.java |  18 +--
 .../asn1/x509/X509ExtensionsGenerator.java         |  23 ---
 .../bouncycastle/asn1/x9/DHDomainParameters.java   |  24 +++
 .../crypto/agreement/kdf/DHKEKGenerator.java       |   4 +-
 .../crypto/signers/DSADigestSigner.java            |  10 +-
 .../crypto/util/PrivateKeyFactory.java             |   3 +-
 .../bouncycastle/crypto/util/PublicKeyFactory.java |   3 +-
 20 files changed, 352 insertions(+), 465 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java b/core/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
index d93fd912..09a518f6 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1Enumerated.java
@@ -1,22 +1,162 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
 import java.math.BigInteger;
 
+import org.bouncycastle.util.Arrays;
+
 public class ASN1Enumerated
-    extends DEREnumerated
+    extends ASN1Primitive
 {
-    ASN1Enumerated(byte[] bytes)
+    byte[]      bytes;
+
+    /**
+     * return an integer from the passed in object
+     *
+     * @exception IllegalArgumentException if the object cannot be converted.
+     */
+    public static ASN1Enumerated getInstance(
+        Object  obj)
+    {
+        if (obj == null || obj instanceof ASN1Enumerated)
+        {
+            return (ASN1Enumerated)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1Enumerated)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
+    }
+
+    /**
+     * return an Enumerated from a tagged object.
+     *
+     * @param obj the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *              tagged false otherwise.
+     * @exception IllegalArgumentException if the tagged object cannot
+     *               be converted.
+     */
+    public static ASN1Enumerated getInstance(
+        ASN1TaggedObject obj,
+        boolean          explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Enumerated)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return fromOctetString(((ASN1OctetString)o).getOctets());
+        }
+    }
+
+    /**
+     * @deprecated use ASN1Enumerated
+     */
+    public ASN1Enumerated(
+        int         value)
+    {
+        bytes = BigInteger.valueOf(value).toByteArray();
+    }
+
+    /**
+     * @deprecated use ASN1Enumerated
+     */
+    public ASN1Enumerated(
+        BigInteger   value)
+    {
+        bytes = value.toByteArray();
+    }
+
+    /**
+     * @deprecated use ASN1Enumerated
+     */
+    public ASN1Enumerated(
+        byte[]   bytes)
+    {
+        this.bytes = bytes;
+    }
+
+    public BigInteger getValue()
     {
-        super(bytes);
+        return new BigInteger(bytes);
     }
 
-    public ASN1Enumerated(BigInteger value)
+    boolean isConstructed()
     {
-        super(value);
+        return false;
     }
 
-    public ASN1Enumerated(int value)
+    int encodedLength()
     {
-        super(value);
+        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
+    }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.ENUMERATED, bytes);
+    }
+    
+    boolean asn1Equals(
+        ASN1Primitive  o)
+    {
+        if (!(o instanceof ASN1Enumerated))
+        {
+            return false;
+        }
+
+        ASN1Enumerated other = (ASN1Enumerated)o;
+
+        return Arrays.areEqual(this.bytes, other.bytes);
+    }
+
+    public int hashCode()
+    {
+        return Arrays.hashCode(bytes);
+    }
+
+    private static ASN1Enumerated[] cache = new ASN1Enumerated[12];
+
+    static ASN1Enumerated fromOctetString(byte[] enc)
+    {
+        if (enc.length > 1)
+        {
+            return new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        if (enc.length == 0)
+        {
+            throw new IllegalArgumentException("ENUMERATED has zero length");
+        }
+        int value = enc[0] & 0xff;
+
+        if (value >= cache.length)
+        {
+            return new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        ASN1Enumerated possibleMatch = cache[value];
+
+        if (possibleMatch == null)
+        {
+            possibleMatch = cache[value] = new ASN1Enumerated(Arrays.clone(enc));
+        }
+
+        return possibleMatch;
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1Integer.java b/core/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
index 18e89c6d..b951e745 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1Integer.java
@@ -1,34 +1,150 @@
 package org.bouncycastle.asn1;
 
+import java.io.IOException;
 import java.math.BigInteger;
 
 import org.bouncycastle.util.Arrays;
 
 public class ASN1Integer
-    extends DERInteger
+    extends ASN1Primitive
 {
-    ASN1Integer(byte[] bytes, boolean clone)
+    byte[] bytes;
+
+    /**
+     * return an integer from the passed in object
+     *
+     * @throws IllegalArgumentException if the object cannot be converted.
+     */
+    public static ASN1Integer getInstance(
+        Object obj)
     {
-        super(clone ? Arrays.clone(bytes) : bytes);
+        if (obj == null || obj instanceof ASN1Integer)
+        {
+            return (ASN1Integer)obj;
+        }
+
+        if (obj instanceof byte[])
+        {
+            try
+            {
+                return (ASN1Integer)fromByteArray((byte[])obj);
+            }
+            catch (Exception e)
+            {
+                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
+            }
+        }
+
+        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
     }
 
     /**
-     * Constructor from a byte array containing a signed representation of the number.
+     * return an Integer from a tagged object.
      *
-     * @param bytes a byte array containing the signed number.A copy is made of the byte array.
+     * @param obj      the tagged object holding the object we want
+     * @param explicit true if the object is meant to be explicitly
+     *                 tagged false otherwise.
+     * @throws IllegalArgumentException if the tagged object cannot
+     * be converted.
      */
-    public ASN1Integer(byte[] bytes)
+    public static ASN1Integer getInstance(
+        ASN1TaggedObject obj,
+        boolean explicit)
+    {
+        ASN1Primitive o = obj.getObject();
+
+        if (explicit || o instanceof ASN1Integer)
+        {
+            return getInstance(o);
+        }
+        else
+        {
+            return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
+        }
+    }
+
+    public ASN1Integer(
+        long value)
+    {
+        bytes = BigInteger.valueOf(value).toByteArray();
+    }
+
+    public ASN1Integer(
+        BigInteger value)
+    {
+        bytes = value.toByteArray();
+    }
+
+    public ASN1Integer(
+        byte[] bytes)
     {
         this(bytes, true);
     }
 
-    public ASN1Integer(BigInteger value)
+    ASN1Integer(byte[] bytes, boolean clone)
+    {
+        this.bytes = (clone) ? Arrays.clone(bytes) : bytes;
+    }
+
+    public BigInteger getValue()
+    {
+        return new BigInteger(bytes);
+    }
+
+    /**
+     * in some cases positive values get crammed into a space,
+     * that's not quite big enough...
+     */
+    public BigInteger getPositiveValue()
+    {
+        return new BigInteger(1, bytes);
+    }
+
+    boolean isConstructed()
     {
-        super(value);
+        return false;
     }
 
-    public ASN1Integer(long value)
+    int encodedLength()
     {
-        super(value);
+        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
     }
+
+    void encode(
+        ASN1OutputStream out)
+        throws IOException
+    {
+        out.writeEncoded(BERTags.INTEGER, bytes);
+    }
+
+    public int hashCode()
+    {
+        int value = 0;
+
+        for (int i = 0; i != bytes.length; i++)
+        {
+            value ^= (bytes[i] & 0xff) << (i % 4);
+        }
+
+        return value;
+    }
+
+    boolean asn1Equals(
+        ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1Integer))
+        {
+            return false;
+        }
+
+        ASN1Integer other = (ASN1Integer)o;
+
+        return Arrays.areEqual(bytes, other.bytes);
+    }
+
+    public String toString()
+    {
+        return getValue().toString();
+    }
+
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/DEREnumerated.java b/core/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
index 9b1ef55c..879a01ca 100644
--- a/core/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
+++ b/core/src/main/java/org/bouncycastle/asn1/DEREnumerated.java
@@ -1,170 +1,25 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
 import java.math.BigInteger;
 
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1Enumerated instead of this.
+ * @deprecated Use ASN1Enumerated instead of this.
  */
 public class DEREnumerated
-    extends ASN1Primitive
+    extends ASN1Enumerated
 {
-    byte[]      bytes;
-
-    /**
-     * return an integer from the passed in object
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Enumerated getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Enumerated)
-        {
-            return (ASN1Enumerated)obj;
-        }
-
-        if (obj instanceof DEREnumerated)
-        {
-            return new ASN1Enumerated(((DEREnumerated)obj).getValue());
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1Enumerated)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
-    /**
-     * return an Enumerated from a tagged object.
-     *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Enumerated getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DEREnumerated)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return fromOctetString(((ASN1OctetString)o).getOctets());
-        }
-    }
-
-    /**
-     * @deprecated use ASN1Enumerated
-     */
-    public DEREnumerated(
-        int         value)
-    {
-        bytes = BigInteger.valueOf(value).toByteArray();
-    }
-
-    /**
-     * @deprecated use ASN1Enumerated
-     */
-    public DEREnumerated(
-        BigInteger   value)
-    {
-        bytes = value.toByteArray();
-    }
-
-    /**
-     * @deprecated use ASN1Enumerated
-     */
-    public DEREnumerated(
-        byte[]   bytes)
-    {
-        this.bytes = bytes;
-    }
-
-    public BigInteger getValue()
-    {
-        return new BigInteger(bytes);
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-    {
-        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
+    DEREnumerated(byte[] bytes)
     {
-        out.writeEncoded(BERTags.ENUMERATED, bytes);
+        super(bytes);
     }
-    
-    boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if (!(o instanceof DEREnumerated))
-        {
-            return false;
-        }
-
-        DEREnumerated other = (DEREnumerated)o;
 
-        return Arrays.areEqual(this.bytes, other.bytes);
-    }
-
-    public int hashCode()
+    public DEREnumerated(BigInteger value)
     {
-        return Arrays.hashCode(bytes);
+        super(value);
     }
 
-    private static ASN1Enumerated[] cache = new ASN1Enumerated[12];
-
-    static ASN1Enumerated fromOctetString(byte[] enc)
+    public DEREnumerated(int value)
     {
-        if (enc.length > 1)
-        {
-            return new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        if (enc.length == 0)
-        {
-            throw new IllegalArgumentException("ENUMERATED has zero length");
-        }
-        int value = enc[0] & 0xff;
-
-        if (value >= cache.length)
-        {
-            return new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        ASN1Enumerated possibleMatch = cache[value];
-
-        if (possibleMatch == null)
-        {
-            possibleMatch = cache[value] = new ASN1Enumerated(Arrays.clone(enc));
-        }
-
-        return possibleMatch;
+        super(value);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/DERInteger.java b/core/src/main/java/org/bouncycastle/asn1/DERInteger.java
index 57cc84a7..d2e850f3 100644
--- a/core/src/main/java/org/bouncycastle/asn1/DERInteger.java
+++ b/core/src/main/java/org/bouncycastle/asn1/DERInteger.java
@@ -1,160 +1,30 @@
 package org.bouncycastle.asn1;
 
-import java.io.IOException;
 import java.math.BigInteger;
 
-import org.bouncycastle.util.Arrays;
-
 /**
- * Use ASN1Integer instead of this,
+ * @deprecated  Use ASN1Integer instead of this,
  */
 public class DERInteger
-    extends ASN1Primitive
+    extends ASN1Integer
 {
-    byte[]      bytes;
-
-    /**
-     * return an integer from the passed in object
-     *
-     * @exception IllegalArgumentException if the object cannot be converted.
-     */
-    public static ASN1Integer getInstance(
-        Object  obj)
-    {
-        if (obj == null || obj instanceof ASN1Integer)
-        {
-            return (ASN1Integer)obj;
-        }
-        if (obj instanceof DERInteger)
-        {
-            return new ASN1Integer((((DERInteger)obj).getValue()));
-        }
-
-        if (obj instanceof byte[])
-        {
-            try
-            {
-                return (ASN1Integer)fromByteArray((byte[])obj);
-            }
-            catch (Exception e)
-            {
-                throw new IllegalArgumentException("encoding error in getInstance: " + e.toString());
-            }
-        }
-
-        throw new IllegalArgumentException("illegal object in getInstance: " + obj.getClass().getName());
-    }
-
     /**
-     * return an Integer from a tagged object.
+     * Constructor from a byte array containing a signed representation of the number.
      *
-     * @param obj the tagged object holding the object we want
-     * @param explicit true if the object is meant to be explicitly
-     *              tagged false otherwise.
-     * @exception IllegalArgumentException if the tagged object cannot
-     *               be converted.
-     */
-    public static ASN1Integer getInstance(
-        ASN1TaggedObject obj,
-        boolean          explicit)
-    {
-        ASN1Primitive o = obj.getObject();
-
-        if (explicit || o instanceof DERInteger)
-        {
-            return getInstance(o);
-        }
-        else
-        {
-            return new ASN1Integer(ASN1OctetString.getInstance(obj.getObject()).getOctets());
-        }
-    }
-
-    /**
-     * @deprecated use ASN1Integer constructor
-     */
-    public DERInteger(
-        long         value)
-    {
-        bytes = BigInteger.valueOf(value).toByteArray();
-    }
-
-    /**
-     * @deprecated use ASN1Integer constructor
+     * @param bytes a byte array containing the signed number.A copy is made of the byte array.
      */
-    public DERInteger(
-        BigInteger   value)
+    public DERInteger(byte[] bytes)
     {
-        bytes = value.toByteArray();
+        super(bytes, true);
     }
 
-    /**
-     * @deprecated use ASN1Integer constructor
-     */
-    public DERInteger(
-        byte[]   bytes)
+    public DERInteger(BigInteger value)
     {
-        this.bytes = bytes;
-    }
-
-    public BigInteger getValue()
-    {
-        return new BigInteger(bytes);
-    }
-
-    /**
-     * in some cases positive values get crammed into a space,
-     * that's not quite big enough...
-     */
-    public BigInteger getPositiveValue()
-    {
-        return new BigInteger(1, bytes);
-    }
-
-    boolean isConstructed()
-    {
-        return false;
-    }
-
-    int encodedLength()
-    {
-        return 1 + StreamUtil.calculateBodyLength(bytes.length) + bytes.length;
-    }
-
-    void encode(
-        ASN1OutputStream out)
-        throws IOException
-    {
-        out.writeEncoded(BERTags.INTEGER, bytes);
-    }
-    
-    public int hashCode()
-    {
-         int     value = 0;
- 
-         for (int i = 0; i != bytes.length; i++)
-         {
-             value ^= (bytes[i] & 0xff) << (i % 4);
-         }
- 
-         return value;
-    }
-
-    boolean asn1Equals(
-        ASN1Primitive  o)
-    {
-        if (!(o instanceof DERInteger))
-        {
-            return false;
-        }
-
-        DERInteger other = (DERInteger)o;
-
-        return Arrays.areEqual(bytes, other.bytes);
+        super(value);
     }
 
-    public String toString()
+    public DERInteger(long value)
     {
-      return getValue().toString();
+        super(value);
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/asn1/cms/Attribute.java b/core/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
index 066cf693..8c487433 100644
--- a/core/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
+++ b/core/src/main/java/org/bouncycastle/asn1/cms/Attribute.java
@@ -7,7 +7,6 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 /**
@@ -73,17 +72,6 @@ public class Attribute
         attrValues = (ASN1Set)seq.getObjectAt(1);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public Attribute(
-        DERObjectIdentifier attrType,
-        ASN1Set             attrValues)
-    {
-        this.attrType = new ASN1ObjectIdentifier(attrType.getId());
-        this.attrValues = attrValues;
-    }
-
     public Attribute(
         ASN1ObjectIdentifier attrType,
         ASN1Set             attrValues)
diff --git a/core/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java b/core/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
index 02b6cc1e..3b8e0bed 100644
--- a/core/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
+++ b/core/src/main/java/org/bouncycastle/asn1/cms/AttributeTable.java
@@ -8,7 +8,6 @@ import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Set;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSet;
 
 /**
@@ -90,14 +89,6 @@ public class AttributeTable
         }
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public Attribute get(DERObjectIdentifier oid)
-    {
-        return get(new ASN1ObjectIdentifier(oid.getId()));
-    }
-
     /**
      * Return the first attribute matching the OBJECT IDENTIFIER oid.
      * 
@@ -117,14 +108,6 @@ public class AttributeTable
         return (Attribute)value;
     }
 
-     /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ASN1EncodableVector getAll(DERObjectIdentifier oid)
-    {
-        return getAll(new ASN1ObjectIdentifier(oid.getId()));
-    }
-
     /**
      * Return all the attributes matching the OBJECT IDENTIFIER oid. The vector will be 
      * empty if there are no attributes of the required type present.
diff --git a/core/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java b/core/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
index 93d9d0c8..462d9685 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ess/ContentHints.java
@@ -6,7 +6,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERUTF8String;
 
@@ -47,25 +46,6 @@ public class ContentHints
         }
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ContentHints(
-        DERObjectIdentifier contentType)
-    {
-        this(new ASN1ObjectIdentifier(contentType.getId()));
-    }
-
-        /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public ContentHints(
-        DERObjectIdentifier contentType,
-        DERUTF8String contentDescription)
-    {
-        this(new ASN1ObjectIdentifier(contentType.getId()), contentDescription);
-    }
-
     public ContentHints(
         ASN1ObjectIdentifier contentType)
     {
diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
index 237f5e55..ca472e67 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
@@ -11,7 +11,6 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
 import org.bouncycastle.asn1.x500.DirectoryString;
@@ -173,24 +172,6 @@ public class NamingAuthority
         return namingAuthorityUrl;
     }
 
-        /**
-     * Constructor from given details.
-     * 
      
-     * All parameters can be combined.
-     *
-     * @param namingAuthorityId   ObjectIdentifier for naming authority.
-     * @param namingAuthorityUrl  URL for naming authority.
-     * @param namingAuthorityText Textual representation of naming authority.
-         * @deprecated use ASN1ObjectIdentifier method
-     */
-    public NamingAuthority(DERObjectIdentifier namingAuthorityId,
-                           String namingAuthorityUrl, DirectoryString namingAuthorityText)
-    {
-        this.namingAuthorityId = new ASN1ObjectIdentifier(namingAuthorityId.getId());
-        this.namingAuthorityUrl = namingAuthorityUrl;
-        this.namingAuthorityText = namingAuthorityText;
-    }
-
     /**
      * Constructor from given details.
      * 
      
diff --git a/core/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java b/core/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
index c6a2965b..d654d032 100644
--- a/core/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
+++ b/core/src/main/java/org/bouncycastle/asn1/oiw/ElGamalParameter.java
@@ -23,7 +23,7 @@ public class ElGamalParameter
         this.g = new ASN1Integer(g);
     }
 
-    public ElGamalParameter(
+    private ElGamalParameter(
         ASN1Sequence  seq)
     {
         Enumeration     e = seq.getObjects();
@@ -32,6 +32,20 @@ public class ElGamalParameter
         g = (ASN1Integer)e.nextElement();
     }
 
+    public static ElGamalParameter getInstance(Object o)
+    {
+        if (o instanceof ElGamalParameter)
+        {
+            return (ElGamalParameter)o;
+        }
+        else if (o != null)
+        {
+            return new ElGamalParameter(ASN1Sequence.getInstance(o));
+        }
+
+        return null;
+    }
+
     public BigInteger getP()
     {
         return p.getPositiveValue();
diff --git a/core/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java b/core/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
index 4560f647..8221e182 100644
--- a/core/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
+++ b/core/src/main/java/org/bouncycastle/asn1/util/ASN1Dump.java
@@ -3,7 +3,9 @@ package org.bouncycastle.asn1.util;
 import java.io.IOException;
 import java.util.Enumeration;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Enumerated;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
@@ -12,7 +14,6 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.BERApplicationSpecific;
-import org.bouncycastle.asn1.BERConstructedOctetString;
 import org.bouncycastle.asn1.BEROctetString;
 import org.bouncycastle.asn1.BERSequence;
 import org.bouncycastle.asn1.BERSet;
@@ -21,8 +22,6 @@ import org.bouncycastle.asn1.BERTags;
 import org.bouncycastle.asn1.DERApplicationSpecific;
 import org.bouncycastle.asn1.DERBMPString;
 import org.bouncycastle.asn1.DERBitString;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DEREnumerated;
 import org.bouncycastle.asn1.DERExternal;
 import org.bouncycastle.asn1.DERGeneralizedTime;
 import org.bouncycastle.asn1.DERIA5String;
@@ -193,9 +192,9 @@ public class ASN1Dump
         {
             buf.append(indent + "ObjectIdentifier(" + ((ASN1ObjectIdentifier)obj).getId() + ")" + nl);
         }
-        else if (obj instanceof DERBoolean)
+        else if (obj instanceof ASN1Boolean)
         {
-            buf.append(indent + "Boolean(" + ((DERBoolean)obj).isTrue() + ")" + nl);
+            buf.append(indent + "Boolean(" + ((ASN1Boolean)obj).isTrue() + ")" + nl);
         }
         else if (obj instanceof ASN1Integer)
         {
@@ -254,9 +253,9 @@ public class ASN1Dump
         {
             buf.append(outputApplicationSpecific("DER", indent, verbose, obj, nl));
         }
-        else if (obj instanceof DEREnumerated)
+        else if (obj instanceof ASN1Enumerated)
         {
-            DEREnumerated en = (DEREnumerated) obj;
+            ASN1Enumerated en = (ASN1Enumerated) obj;
             buf.append(indent + "DER Enumerated(" + en.getValue() + ")" + nl);
         }
         else if (obj instanceof DERExternal)
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java b/core/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
index d250bf1e..bb90030c 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/AlgorithmIdentifier.java
@@ -8,7 +8,6 @@ import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERNull;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 public class AlgorithmIdentifier
@@ -64,30 +63,6 @@ public class AlgorithmIdentifier
         this.objectId = new ASN1ObjectIdentifier(objectId);
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     * @param objectId
-     */
-    public AlgorithmIdentifier(
-        DERObjectIdentifier    objectId)
-    {
-        this.objectId = new ASN1ObjectIdentifier(objectId.getId());
-    }
-
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     * @param objectId
-     * @param parameters
-     */
-    public AlgorithmIdentifier(
-        DERObjectIdentifier objectId,
-        ASN1Encodable           parameters)
-    {
-        parametersDefined = true;
-        this.objectId = new ASN1ObjectIdentifier(objectId.getId());
-        this.parameters = parameters;
-    }
-
     public AlgorithmIdentifier(
         ASN1ObjectIdentifier     objectId,
         ASN1Encodable           parameters)
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java b/core/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
index 4a16bd4b..ba5ecf1f 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/BasicConstraints.java
@@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERBoolean;
 import org.bouncycastle.asn1.DERSequence;
 
 public class BasicConstraints
@@ -59,9 +58,9 @@ public class BasicConstraints
         }
         else
         {
-            if (seq.getObjectAt(0) instanceof DERBoolean)
+            if (seq.getObjectAt(0) instanceof ASN1Boolean)
             {
-                this.cA = DERBoolean.getInstance(seq.getObjectAt(0));
+                this.cA = ASN1Boolean.getInstance(seq.getObjectAt(0));
             }
             else
             {
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java b/core/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
index f29284d5..93530571 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/X509Extension.java
@@ -2,11 +2,11 @@ package org.bouncycastle.asn1.x509;
 
 import java.io.IOException;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.DERBoolean;
 
 /**
  * an object for the elements in the X.509 V3 extension block.
@@ -173,7 +173,7 @@ public class X509Extension
     ASN1OctetString     value;
 
     public X509Extension(
-        DERBoolean              critical,
+        ASN1Boolean             critical,
         ASN1OctetString         value)
     {
         this.critical = critical.isTrue();
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java b/core/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
index c72e3cc0..5b9ea9e1 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/X509Extensions.java
@@ -4,6 +4,7 @@ import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
 
+import org.bouncycastle.asn1.ASN1Boolean;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -11,8 +12,6 @@ import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1TaggedObject;
-import org.bouncycastle.asn1.DERBoolean;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 
 /**
@@ -259,7 +258,7 @@ public class X509Extensions
 
             if (s.size() == 3)
             {
-                extensions.put(s.getObjectAt(0), new X509Extension(DERBoolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
+                extensions.put(s.getObjectAt(0), new X509Extension(ASN1Boolean.getInstance(s.getObjectAt(1)), ASN1OctetString.getInstance(s.getObjectAt(2))));
             }
             else if (s.size() == 2)
             {
@@ -368,17 +367,6 @@ public class X509Extensions
      *
      * @return the extension if it's present, null otherwise.
      */
-    public X509Extension getExtension(
-        DERObjectIdentifier oid)
-    {
-        return (X509Extension)extensions.get(oid);
-    }
-
-    /**
-     * @deprecated
-     * @param oid
-     * @return
-     */
     public X509Extension getExtension(
         ASN1ObjectIdentifier oid)
     {
@@ -410,7 +398,7 @@ public class X509Extensions
 
             if (ext.isCritical())
             {
-                v.add(DERBoolean.TRUE);
+                v.add(ASN1Boolean.TRUE);
             }
 
             v.add(ext.getValue());
diff --git a/core/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java b/core/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
index 468d1b96..589d512f 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x509/X509ExtensionsGenerator.java
@@ -7,7 +7,6 @@ import java.util.Vector;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1Encoding;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 
 /**
@@ -28,28 +27,6 @@ public class X509ExtensionsGenerator
         extOrdering = new Vector();
     }
 
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        ASN1Encodable       value)
-    {
-        addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
-    }
-
-    /**
-     * @deprecated use ASN1ObjectIdentifier
-     */
-    public void addExtension(
-        DERObjectIdentifier oid,
-        boolean             critical,
-        byte[]              value)
-    {
-        addExtension(new ASN1ObjectIdentifier(oid.getId()), critical, value);
-    }
-
     /**
      * Add an extension with the given oid and the passed in value to be included
      * in the OCTET STRING associated with the extension.
diff --git a/core/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java b/core/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
index 6a97a48e..509111ad 100644
--- a/core/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
+++ b/core/src/main/java/org/bouncycastle/asn1/x9/DHDomainParameters.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.asn1.x9;
 
+import java.math.BigInteger;
 import java.util.Enumeration;
 
 import org.bouncycastle.asn1.ASN1Encodable;
@@ -38,6 +39,29 @@ public class DHDomainParameters
             + obj.getClass().getName());
     }
 
+    public DHDomainParameters(BigInteger p, BigInteger g, BigInteger q, BigInteger j,
+        DHValidationParms validationParms)
+    {
+        if (p == null)
+        {
+            throw new IllegalArgumentException("'p' cannot be null");
+        }
+        if (g == null)
+        {
+            throw new IllegalArgumentException("'g' cannot be null");
+        }
+        if (q == null)
+        {
+            throw new IllegalArgumentException("'q' cannot be null");
+        }
+
+        this.p = new ASN1Integer(p);
+        this.g = new ASN1Integer(g);
+        this.q = new ASN1Integer(q);
+        this.j = new ASN1Integer(j);
+        this.validationParms = validationParms;
+    }
+
     public DHDomainParameters(ASN1Integer p, ASN1Integer g, ASN1Integer q, ASN1Integer j,
         DHValidationParms validationParms)
     {
diff --git a/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java b/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
index 947bc5c4..55d8ba51 100644
--- a/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
+++ b/core/src/main/java/org/bouncycastle/crypto/agreement/kdf/DHKEKGenerator.java
@@ -4,7 +4,7 @@ import java.io.IOException;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
-import org.bouncycastle.asn1.DERObjectIdentifier;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.DERTaggedObject;
@@ -22,7 +22,7 @@ public class DHKEKGenerator
 {
     private final Digest digest;
 
-    private DERObjectIdentifier algorithm;
+    private ASN1ObjectIdentifier algorithm;
     private int                 keySize;
     private byte[]              z;
     private byte[]              partyAInfo;
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
index 2e4c48d3..684eb9c0 100644
--- a/core/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
+++ b/core/src/main/java/org/bouncycastle/crypto/signers/DSADigestSigner.java
@@ -5,9 +5,9 @@ import java.math.BigInteger;
 
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Encoding;
+import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
-import org.bouncycastle.asn1.DERInteger;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.DSA;
@@ -142,8 +142,8 @@ public class DSADigestSigner
         throws IOException
     {
         ASN1EncodableVector v = new ASN1EncodableVector();
-        v.add(new DERInteger(r));
-        v.add(new DERInteger(s));
+        v.add(new ASN1Integer(r));
+        v.add(new ASN1Integer(s));
 
         return new DERSequence(v).getEncoded(ASN1Encoding.DER);
     }
@@ -156,8 +156,8 @@ public class DSADigestSigner
 
         return new BigInteger[]
         {
-            ((DERInteger)s.getObjectAt(0)).getValue(),
-            ((DERInteger)s.getObjectAt(1)).getValue()
+            ((ASN1Integer)s.getObjectAt(0)).getValue(),
+            ((ASN1Integer)s.getObjectAt(1)).getValue()
         };
     }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java b/core/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
index 9e342ff9..92684ecc 100644
--- a/core/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
+++ b/core/src/main/java/org/bouncycastle/crypto/util/PrivateKeyFactory.java
@@ -9,7 +9,6 @@ import org.bouncycastle.asn1.ASN1InputStream;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
 import org.bouncycastle.asn1.pkcs.DHParameter;
@@ -101,7 +100,7 @@ public class PrivateKeyFactory
         }
         else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
             ASN1Integer derX = (ASN1Integer)keyInfo.parsePrivateKey();
 
             return new ElGamalPrivateKeyParameters(derX.getValue(), new ElGamalParameters(
diff --git a/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java b/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
index b52d9bc0..cb130954 100644
--- a/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
+++ b/core/src/main/java/org/bouncycastle/crypto/util/PublicKeyFactory.java
@@ -10,7 +10,6 @@ import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.asn1.ASN1OctetString;
 import org.bouncycastle.asn1.ASN1Primitive;
-import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.oiw.ElGamalParameter;
 import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
@@ -136,7 +135,7 @@ public class PublicKeyFactory
         }
         else if (algId.getAlgorithm().equals(OIWObjectIdentifiers.elGamalAlgorithm))
         {
-            ElGamalParameter params = new ElGamalParameter((ASN1Sequence)algId.getParameters());
+            ElGamalParameter params = ElGamalParameter.getInstance(algId.getParameters());
             ASN1Integer derY = (ASN1Integer)keyInfo.parsePublicKey();
 
             return new ElGamalPublicKeyParameters(derY.getValue(), new ElGamalParameters(
-- 
cgit v1.2.3


From 823c2bf7db2edbccd0811cbf1d3928628c9446d7 Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 14:01:29 +1100
Subject: Minor refactoring

---
 core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java b/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
index f9665c27..1d4f5af0 100644
--- a/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
+++ b/core/src/main/java/org/bouncycastle/asn1/ASN1Boolean.java
@@ -112,7 +112,7 @@ public class ASN1Boolean
 
     /**
      * @deprecated use getInstance(boolean) method.
-     * @param value
+     * @param value true or false.
      */
     public ASN1Boolean(
         boolean     value)
@@ -145,12 +145,12 @@ public class ASN1Boolean
     protected boolean asn1Equals(
         ASN1Primitive  o)
     {
-        if ((o == null) || !(o instanceof ASN1Boolean))
+        if (o instanceof ASN1Boolean)
         {
-            return false;
+            return (value[0] == ((ASN1Boolean)o).value[0]);
         }
 
-        return (value[0] == ((ASN1Boolean)o).value[0]);
+        return false;
     }
 
     public int hashCode()
-- 
cgit v1.2.3


From 00a6b4281f2c446246e2aaafe63c8a6689d186c4 Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 15:06:12 +1100
Subject: update

---
 .../asn1/isismtt/x509/NamingAuthority.java            | 19 -------------------
 1 file changed, 19 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
index 157e2cc7..17162649 100644
--- a/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
+++ b/core/src/main/java/org/bouncycastle/asn1/isismtt/x509/NamingAuthority.java
@@ -11,7 +11,6 @@ import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1String;
 import org.bouncycastle.asn1.ASN1TaggedObject;
 import org.bouncycastle.asn1.DERIA5String;
-import org.bouncycastle.asn1.DERObjectIdentifier;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.isismtt.ISISMTTObjectIdentifiers;
 import org.bouncycastle.asn1.x500.DirectoryString;
@@ -173,24 +172,6 @@ public class NamingAuthority
         return namingAuthorityUrl;
     }
 
-    /**
-     * Constructor from given details.
-     * 
      
-     * All parameters can be combined.
-     *
-     * @param namingAuthorityId   ObjectIdentifier for naming authority.
-     * @param namingAuthorityUrl  URL for naming authority.
-     * @param namingAuthorityText Textual representation of naming authority.
-         * @deprecated use ASN1ObjectIdentifier method
-     */
-    public NamingAuthority(DERObjectIdentifier namingAuthorityId,
-                           String namingAuthorityUrl, DirectoryString namingAuthorityText)
-    {
-        this.namingAuthorityId = new ASN1ObjectIdentifier(namingAuthorityId.getId());
-        this.namingAuthorityUrl = namingAuthorityUrl;
-        this.namingAuthorityText = namingAuthorityText;
-    }
-
     /**
      * Constructor from given details.
      * 
      
-- 
cgit v1.2.3


From 9f22da58b961dc899fbb14099ed3a13810769d1e Mon Sep 17 00:00:00 2001
From: David Hook 
Date: Fri, 21 Mar 2014 15:20:30 +1100
Subject: Fixed error introduced in JavaDoc merge

---
 .../bouncycastle/crypto/io/CipherInputStream.java  | 61 ++++++++++++++++------
 1 file changed, 46 insertions(+), 15 deletions(-)

(limited to 'core/src/main/java/org')

diff --git a/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java b/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
index 11cd903b..ebebe3d0 100644
--- a/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
+++ b/core/src/main/java/org/bouncycastle/crypto/io/CipherInputStream.java
@@ -21,19 +21,19 @@ import org.bouncycastle.crypto.modes.AEADBlockCipher;
 public class CipherInputStream
     extends FilterInputStream
 {
+    private static final int INPUT_BUF_SIZE = 2048;
+
     private BufferedBlockCipher bufferedBlockCipher;
     private StreamCipher streamCipher;
     private AEADBlockCipher aeadBlockCipher;
 
-    private final byte[] buf;
-    private final byte[] inBuf;
+    private byte[] buf;
+    private final byte[] inBuf = new byte[INPUT_BUF_SIZE];
 
     private int bufOff;
     private int maxBuf;
     private boolean finalized;
 
-    private static final int INPUT_BUF_SIZE = 2048;
-
     /**
      * Constructs a CipherInputStream from an InputStream and a
      * BufferedBlockCipher.
@@ -45,9 +45,6 @@ public class CipherInputStream
         super(is);
 
         this.bufferedBlockCipher = cipher;
-
-        buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)];
-        inBuf = new byte[INPUT_BUF_SIZE];
     }
 
     public CipherInputStream(
@@ -57,9 +54,6 @@ public class CipherInputStream
         super(is);
 
         this.streamCipher = cipher;
-
-        buf = new byte[INPUT_BUF_SIZE];
-        inBuf = new byte[INPUT_BUF_SIZE];
     }
 
     /**
@@ -70,9 +64,6 @@ public class CipherInputStream
         super(is);
 
         this.aeadBlockCipher = cipher;
-
-        buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)];
-        inBuf = new byte[INPUT_BUF_SIZE];
     }
 
     /**
@@ -108,6 +99,7 @@ public class CipherInputStream
 
             try
             {
+                ensureCapacity(read, false);
                 if (bufferedBlockCipher != null)
                 {
                     maxBuf = bufferedBlockCipher.processBytes(inBuf, 0, read, buf, 0);
@@ -124,7 +116,7 @@ public class CipherInputStream
             }
             catch (Exception e)
             {
-                throw new IOException("Error processing stream " + e);
+                throw new CipherIOException("Error processing stream ", e);
             }
         }
         return maxBuf;
@@ -136,6 +128,7 @@ public class CipherInputStream
         try
         {
             finalized = true;
+            ensureCapacity(0, true);
             if (bufferedBlockCipher != null)
             {
                 maxBuf = bufferedBlockCipher.doFinal(buf, 0);
@@ -258,12 +251,50 @@ public class CipherInputStream
         return maxBuf - bufOff;
     }
 
+    /**
+     * Ensure the ciphertext buffer has space sufficient to accept an upcoming output.
+     *
+     * @param updateSize the size of the pending update.
+     * @param finalOutput true iff this the cipher is to be finalised.
+     */
+    private void ensureCapacity(int updateSize, boolean finalOutput)
+    {
+        int bufLen = updateSize;
+        if (finalOutput)
+        {
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getOutputSize(updateSize);
+            }
+        }
+        else
+        {
+            if (bufferedBlockCipher != null)
+            {
+                bufLen = bufferedBlockCipher.getUpdateOutputSize(updateSize);
+            }
+            else if (aeadBlockCipher != null)
+            {
+                bufLen = aeadBlockCipher.getUpdateOutputSize(updateSize);
+            }
+        }
+
+        if ((buf == null) || (buf.length < bufLen))
+        {
+            buf = new byte[bufLen];
+        }
+    }
+
     /**
      * Closes the underlying input stream and finalises the processing of the data by the cipher.
      *
      * @throws IOException if there was an error closing the input stream.
      * @throws InvalidCipherTextIOException if the data read from the stream was invalid ciphertext
-     * (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
+     *             (e.g. the cipher is an AEAD cipher and the ciphertext tag check fails).
      */
     public void close()
         throws IOException
-- 
cgit v1.2.3