Merge branch 'refs/heads/main' into x9.146-wolfssl-interop

# Conflicts:
#	tls/src/main/java/org/bouncycastle/tls/SignatureScheme.java
#	tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedSigner.java
#	tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcTlsRawKeyCertificate.java

Author: royb

.github/workflows/codeql.yml

@@ -67,8 +67,8 @@ jobs:
     #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
     # - run: |
-         echo "Run, Build Application using script"
-         gradle clean build
+    #     echo "Run, Build Application using script"
+    #     gradle clean build
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2

.gitlab-ci.yml

@@ -2,6 +2,8 @@ stages:
   - check
   - build
   - test
+  - publish
+  - sync
 
 check-code:
   stage: check
@@ -30,33 +32,13 @@ ant-build:
     - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/build_1_8.sh\""
 
 
-test-code-8:
+test-code:
   stage: test
   needs: [ "check-code" ]
   script:
     - "ecr_login"
     - "ecr_pull vm_base_intel latest"
-    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/test_8.sh\""
-  artifacts:
-    when: always
-    reports:
-      junit:
-        - "core/build/test-results/**/*.xml"
-        - "prov/build/test-results/**/*.xml"
-        - "pg/build/test-results/**/*.xml"
-        - "pkix/build/test-results/**/*.xml"
-        - "mail/build/test-results/**/*.xml"
-        - "util/build/test-results/**/*.xml"
-        - "tls/build/test-results/**/*.xml"
-        - "mls/build/test-results/**/*.xml"
-
-test-code-11:
-  stage: test
-  needs: [ "check-code" ]
-  script:
-    - "ecr_login"
-    - "ecr_pull vm_base_intel latest"
-    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/test_11.sh\""
+    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/test.sh\""
   artifacts:
     when: always
     reports:
@@ -71,43 +53,15 @@ test-code-11:
         - "mls/build/test-results/**/*.xml"
 
 
-test-code-17:
-  stage: test
-  needs: [ "check-code" ]
+publish:
+  stage: publish
   script:
+    - "apply_overlay bc-java-pub ./"
     - "ecr_login"
     - "ecr_pull vm_base_intel latest"
-    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/test_17.sh\""
-  artifacts:
-    when: always
-    reports:
-      junit:
-        - "core/build/test-results/**/*.xml"
-        - "prov/build/test-results/**/*.xml"
-        - "pg/build/test-results/**/*.xml"
-        - "pkix/build/test-results/**/*.xml"
-        - "mail/build/test-results/**/*.xml"
-        - "util/build/test-results/**/*.xml"
-        - "tls/build/test-results/**/*.xml"
-        - "mls/build/test-results/**/*.xml"
-
+    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/pub.sh\""
 
-test-code-21:
-  stage: test
-  needs: [ "check-code" ]
+spongycastle:
+  stage: "sync"
   script:
-    - "ecr_login"
-    - "ecr_pull vm_base_intel latest"
-    - "ci_docker_run \"vm_base_intel:latest\" \"bc-java\" \"/workspace/bc-java/ci/test_21.sh\""
-  artifacts:
-    when: always
-    reports:
-      junit:
-        - "core/build/test-results/**/*.xml"
-        - "prov/build/test-results/**/*.xml"
-        - "pg/build/test-results/**/*.xml"
-        - "pkix/build/test-results/**/*.xml"
-        - "mail/build/test-results/**/*.xml"
-        - "util/build/test-results/**/*.xml"
-        - "tls/build/test-results/**/*.xml"
-        - "mls/build/test-results/**/*.xml"
+    - "syncpongy.sh"  

CONTRIBUTORS.html

@@ -447,16 +447,15 @@
 <li>Adam Vartanian &lt;https://github.com/flooey&gt; use of ShortBuffer exception and buffer size pre-check in Cipher.doFinal().</li>
 <li>Bernd &lt;https://github.com/ecki&gt; Fix to make PGPUtil.pipeFileContents use buffer and not leak file handle.</li>
 <li>Shartung &lt;https://github.com/shartung&gt; Additional EC Key Agreement algorithms in support of German BSI TR-03111.</li>
-<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing. Efficiency improvements to TruncatedStream. Initial Argon2 support for OpenPGP. General cleanups. Fast CRC24 implementation, SHA3 addtions to BcImplProvider, improvements to One Pass Signature support, signatue validation, read() consistency in BCPGInputStream. Contributions to AEAD support (v6 & v5) in PGP API. Addition of PGP WildCard ID, moving the PGP example code into the 21st century. Security patches for encrypted data generation, initial thread safe certification verification. Support for V6 EC keys, PGP packet criticality, and Preferred AEAD CipherSuites sigsubpacket support.</li>
+<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing. Efficiency improvements to TruncatedStream. Initial Argon2 support for OpenPGP. General cleanups. Fast CRC24 implementation, SHA3 addtions to BcImplProvider, improvements to One Pass Signature support, signatue validation, read() consistency in BCPGInputStream. Contributions to AEAD support (v6 & v5) in PGP API. Addition of PGP WildCard ID, moving the PGP example code into the 21st century. Security patches for encrypted data generation, initial thread safe certification verification. Support for V6 EC keys, V6 signatures, V6 encryption, V6 PKESK, PGP packet criticality, and Preferred AEAD CipherSuites sigsubpacket support.</li>
 <li>Nick of Nexxar &lt;https://github.com/nros&gt; update to OpenPGP package to handle a broader range of EC curves.</li>
 <li>catbref &lt;https://github.com/catbref&gt; sample implementation of RFC 7748/Ed25519 (incorporated work from github users Valodim and str4d as well).</li>
 <li>gerlion &lt;https://github.com/gerlion&gt; detection of concurrency issue with pre-1.60 EC math library.</li>
 <li>fgrieu &lt;fgrieu&#064gmail.com&gt; identification and suggested fixes for possible timing vulnerability in OAEPEncoding and RSACoreEngine.</li>
 <li>MTG &lt;https://github.com/mtgag&gt; patch for decoding issues in PKIPublicationInfo and CertifiedKeyPair, patch for adding jurisdiction{C,ST,L} to X500 name style.</li>
 <li>Andreas Gadermaier &lt;up.gadermaier&#064gmail.com&gt; initial version of Argon2 PBKDF algorithm.</li>
-<li>Tony Washer &lt;tony.washer&#64yahoo.co.uk&gt; review of qTesla, Java 1.9 module code, additional test code and debugging for GOST, DSTU, and ECNR algorithms. Initial lightweight implementation of the ZUC ciphers and macs. Additions to LMS/HSS API implementations, fix for truncation issue with big HSS keys, contributions to optimization of LMS/HSS. Patch for XDH/EdDSA key handling and mcEliece decryption using kobaraImai. Initial GCM-SIV, Blake3, and Kangaroo implementation.</li>
+<li>Tony Washer &lt;https://github.com/tonywasher&gt; ECIESKeyEncapsulation fix for use of OldCofactor mode. Submitted ChaCha20Poly1305 prototype. Remove support for maxXofLen in Kangaroo. Police Blake3 output limit. Add LEAEngine. Review of qTesla, Java 1.9 module code, additional test code and debugging for GOST, DSTU, and ECNR algorithms. Initial lightweight implementation of the ZUC ciphers and macs. Additions to LMS/HSS API implementations, fix for truncation issue with big HSS keys, contributions to optimization of LMS/HSS. Patch for XDH/EdDSA key handling and mcEliece decryption using kobaraImai. Initial GCM-SIV, Blake3, and Kangaroo implementation. Corrections to length outputs for getUpdateOutputSize()/doFinal() in ISAP, PhotonBeetle, and Xoodyak.</li>
 <li>Vincent Bouckaert &lt;https://github.com/veebee&gt; initial version of RFC 4998 ASN.1 classes. Debugging and testing of high level RFC 4998 implementation.</li>
-<li>Tony Washer &lt;https://github.com/tonywasher&gt; ECIESKeyEncapsulation fix for use of OldCofactor mode. Submitted ChaCha20Poly1305 prototype. Remove support for maxXofLen in Kangaroo. Police Blake3 output limit. Add LEAEngine.</li>
 <li>Aurimas Liutikas &lt;https://github.com/liutikas&gt; JavaDoc patches to ReasonsMask.</li>
 <li>Gabriel Sroka &lt;https://github.com/gabrielsroka&gt; corrected comments in RSA validation.</li>
 <li>sarah-mdv &lt;https://github.com/sarah-mdv&gt; improvements to JceKeyTransRecipientInfoGenerator, tests for JournalingSecureRandom, initial implementation of JournaledAlgorithm.</li>
@@ -543,11 +542,21 @@
 <li>Bing Shi &lt;roadicing&#064gmail.com&gt; - addition of F2m bounds checking for imported EC F2m curves.</li>
 <li>Phil Brown &lt;https://github.com/brownp2k&gt; - additional ant targets for building util and pkix.</li>
 <li>Tamas Cservenak &lt;https://github.com/cstamas&gt; - initial patch for supporting Ed25519 keys in GnuPG S-expressions.</li>
-<li>chchen-scholar &lt;https://github.com/chchen-scholar&gt; - encoding fix for EccP256CurvePoint.</li>
+<li>chchen-scholar &lt;https://github.com/chchen-scholar&gt; - encoding fix for EccP256CurvePoint, fix missing extension EtsiTs102941TypesAuthorization.InnerAtRequest</li>
 <li>Seung Yeon &lt;https://github.com/seungyeonpark&gt; - addition of Memoable method implementations to CertPathValidationContext and CertificatePoliciesValidation.</li>
 <li>yuhh0328 &lt;https://github.com/yuhh0328&gt; - initial patch for adding ML-KEM support to TLS.</li>
-<li>Jan Oupick&yacute; &lt;https://github.com/Honzaik&gt; - update to draft 13 of composite PQC signatures.</li>
+<li>Jan Oupick&yacute; &lt;https://github.com/Honzaik&gt; - update to draft 13 of composite PQC signatures, patch for human readable algorithm name for composite private keys.</li>
 <li>Karsten Otto &lt;https://github.com/ottoka&gt; - finished the support for jdk.tls.server.defaultDHEParameters.</li>
+<li>Markus Sommer &lt;https://github.com/marsom&gt; - BCStyle lookup table fix for jurisdiction values.</li>
+<li>Jared Crawford &lt;https://github.com/jmcrawford45&gt; - Abstracting cire KEM functionality out of DHKEM to allow for use of alternative KEMs with HPKE.</li>
+<li>TaZbon &lt;https://github.com/TaZbon&gt; - Optional lax parsing patch for PEM parser.</li>
+<li>han-ji &lt;https://github.com/han-jl&gt; - Fix to sign extension issue in CTR random seek code.</li>
+<li>https://github.com/crlorentzen &lt;https://github.com/crlorentzen&gt; - Addition of system property for configuring GCM ciphers in 1.2 FIPS mode in the JSSE.</li>
+<li>Jakub Zelenka &lt;https://github.com/bukka&gt; - Initial SMIMEAuthEnvelopedData classes.</li>
+<li>rde-infologic &lt;https://github.com/rde-infologic&gt; - Initial SMIMEEnvelopedUtil class.</li>
+<li>moonfruit &lt;https://github.com/moonfruit&gt; - Patch to allow for extensions of GMSignatureSpi.</li>
+<li>Marcono1234 &lt;https://github.com/Marcono1234&gt; - Updates to OpenBSDBCrypt JavaDoc.</li>
+<li>DawidM &lt;https://github.com/dawmit&gt; - Implementation of EC J-PAKE.</li>
 </ul>
 </body>
 </html>

README.md

@@ -1,7 +1,5 @@
 # The Bouncy Castle Crypto Package For Java
 
-[![Build Status](https://travis-ci.org/bcgit/bc-java.svg?branch=master)](https://travis-ci.org/bcgit/bc-java)
-
 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms, it was developed by the Legion of the Bouncy Castle, a registered Australian Charity, with a little help! The Legion, and the latest goings on with this package, can be found at [https://www.bouncycastle.org](https://www.bouncycastle.org).
 
 The Legion also gratefully acknowledges the contributions made to this package by others (see [here](https://www.bouncycastle.org/contributors.html) for the current list). If you would like to contribute to our efforts please feel free to get in touch with us or visit our [donations page](https://www.bouncycastle.org/donate), sponsor some specific work, or purchase a support contract through [Crypto Workshop](https://www.keyfactor.com/platform/bouncy-castle-support/) (now part of Keyfactor).
@@ -12,17 +10,39 @@ Except where otherwise stated, this software is distributed under a license base
 
 **Note**: this source tree is not the FIPS version of the APIs - if you are interested in our FIPS version please contact us directly at  [office@bouncycastle.org](mailto:office@bouncycastle.org).
 
+## Maven Public Key
+
+The file [bc_maven_public_key.asc](bc_maven_public_key.asc) contains the public key used to sign our artifacts on Maven Central. You will need to use 
+
+```
+gpg -o bc_maven_public_key.gpg --dearmor bc_maven_public_key.asc
+```
+
+to dearmor the key before use. Once that is done, a file can be verified by using:
+
+```
+gpg --no-default-keyring --keyring ./bc_maven_public_key.gpg --verify  file_name.jar.asc file_name.jar
+```
+
+Note: the ./ is required in front of the key file name to tell gpg to look locally.
+
+## Building overview
+
+This project can now be built and tested with JDK21. 
+
+If the build script detects BC_JDK8, BC_JDK11, BC_JDK17 it will add to the usual test task a dependency on test tasks 
+that specifically use the JVMs addressed by those environmental variables. The script relies on JAVA_HOME for picking up Java 21 if it is use.
+
+We support testing on specific JVMs as it is the only way to be certain the library is compatible.
 
 ## Environmental Variables
 
-Before invoking gradlew you need to ensure the following environmental variables are defined and point
-to valid JAVA_HOMEs for each JVM version:
+The following environmental variables can optionally point to the JAVA_HOME for each JVM version.
 
 ```
 export BC_JDK8=/path/to/java8
 export BC_JDK11=/path/to/java11
 export BC_JDK17=/path/to/java17
-export BC_JDK21=/path/to/java21
 ```
 
 ## Building
@@ -32,7 +52,8 @@ The project now uses ```gradlew``` which can be invoked for example:
 ```
 # from the root of the project
 
-# Ensure JAVA_HOME points to JDK 17 or higher JAVA_HOME
+# Ensure JAVA_HOME points to JDK 21 or higher JAVA_HOME or that
+# gradlew can find a java 21 installation to use.
 
 
 ./gradlew clean build
@@ -43,19 +64,17 @@ The gradle script will endeavour to verify their existence but not the correctne
 
 
 ## Multi-release jars and testing
-Some subprojects produce multi-release jars and these jars are tested in different jvm versions.
-Default testing on these projects is done on java 1.8 and there are specific test tasks for other versions.
-
-1. test11 test on java 11 JVM
-2. test17 test on java 17 JVM
-3. test21 test on java 21 JVM
-
-To run all of them:
+Some subprojects produce multi-release jars and these jars are can be tested on different jvm versions specifically.
 
+If the env vars are defined:
 ```
-./gradlew clean build test11 test17 test21
+export BC_JDK8=/path/to/java8
+export BC_JDK11=/path/to/java11
+export BC_JDK17=/path/to/java17
 ```
 
+If only a Java 21 JDK is present then the normal test task and test21 are run only.
+
 
 ## Code Organisation
 

ant/bc+-build.xml

@@ -302,6 +302,7 @@
                  <include name="org/bouncycastle/util/**/*.java" />
                  <include name="org/bouncycastle/asn1/**/*.java" />
                  <include name="org/bouncycastle/internal/**/*.java" />
+                 <exclude name="org/bouncycastle/test/AllTests.java" />
                  <include name="org/bouncycastle/test/*.java" />
                  <include name="org/bouncycastle/pqc/legacy/**/*.java" />
                  <include name="org/bouncycastle/pqc/crypto/**/*.java" />
@@ -1012,7 +1013,7 @@
         <property name="test.target.src.dir" value="${test.target.dir}/src" />
 
         <mkdir dir="${basedir}/${build.dir}/${target.prefix}" />
-        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}">
+        <junit fork="yes" dir="${basedir}/${build.dir}/${target.prefix}" failureProperty="test.failed" printsummary="${junit.printsummary}" maxmemory="${junit.maxmemory}">
             <classpath>
                 <path refid="project.classpath" /> 
                 <fileset dir="${artifacts.jars.dir}">

ant/build.regexp

@@ -1,3 +1,3 @@
 
-regexp: <List<PGPSignature>>|<Map<CertID, OCSPResponse>>|<URI[^>]*>>|<[A-Z?][^>@]*[a-zA-Z0-9\\]]>|<[A-Z]>|<[a-z][^>@]*[a-z\\]]>|@SuppressWarnings(.*)|@Override|@Deprecated|@FunctionalInterface
+regexp: <List<PGPSignature>>|<Map<CertID, OCSPResponse>>|<URI[^>]*\\>>|<[A-Z?][^>@]*[a-zA-Z0-9\\]]>|<[A-Z]>|<[a-z][^>@]*[a-z\\]]>|@SuppressWarnings(.*)|@Override|@Deprecated|@FunctionalInterface