CONTRIBUTORS.html

 <html>
-<body bgcolor=#ffffff>
+<object bgcolor=#ffffff>
 The following organisations and people have contributed to the Bouncy Castle Cryptography Package.
 <p>
 Thanks, may your castles never deflate!
 <p>
 Donors
 <p>
+The following people donated financially to help with the release of 1.61:
+<br />
+Bihari Babu
+</p>
+<p>
 The following people donated financially to help with the release of 1.60:
 <br />
 Jens Neuhalfen and perillamint. 
@@ -61,9 +66,7 @@ Organisations
 <li><a href="http://www.atlassian.com/">Atlassian Software Systems</a> donation of Confluence and JIRA licences.</li>
 <li><a href="http://www.grierforensics.com/">Grier Forensics</a>, for collaborating in the development of the S/MIME Toolkit and DANE SMIMEA functionality.</li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
-lightweight client side TLS implementation, which is based on MicroTLS. MicroTLS was developed
-by Erik Tews under the supervision of Dipl.-Ing.
-Henning Baer and Prof. Max Muehlhaeuser.
+lightweight client side TLS implementation, which is based on MicroTLS and for help with qTESLA implementation. MicroTLS was developed by Erik Tews under the supervision of Dipl.-Ing. Henning Baer and Prof. Max Muehlhaeuser. qTESLA assistance was provided by Nina Bindel and Yinhua Xu.
 </li>
 <li>TU-Darmstadt, Computer Science Department, RBG, for the initial
 Post Quantum provider, which was based on the FlexiProvider. The FlexiProvider was developed
@@ -188,7 +191,7 @@ SecureRandom.</li>
 <li>Kaiser Yang &lt;kaiseryang&#064;yahoo.com&gt; - Finding BigInteger loop problem in prime generation.</li>
 <li>Jiri Urbanec &lt;jiri.urbanec&#064logicacmg.com&gt; - patch to fix defect in DERBMPString.equals().</li>
 <li>Justin Kolb &lt;jkolb&#064pristx.com&gt; - patch to DSA signature generation in OpenPGP. Fix for the unexpected "Unexpected end of ZLIB input stream" exception.</li>
-<li>Ralf Hauser &lt;ralfhauser&#064gmx.ch&gt; - patch to exception handling in PublicKeyRing, PEMReader, 1.4 build script, X509 Certificate Factory, CertPathValidatorUtilities, fromAddress null check in SignedMailValidator.</li>
+<li>Ralf Hauser &lt;ralfhauser&#064gmx.ch&gt; - patch to exception handling in PublicKeyRing, PEMReader, 1.4 build script, X509 Certificate Factory, CertPathValidatorUtilities, fromAddress null check in SignedMailValidator, ReadOnceInputStream testing utility in MIME tests.</li>
 <li>Michal Dvorak &lt;M_Dvorak&#064kb.cz&gt; - getNextUpdate patch for OCSP SingleResp.</li>
 <li>Klaus Greve Fiorentini &lt;Klaus&#064cpqd.com.br&gt; - array fix in PGP PublickKeyEncSessionPacket.</li>
 <li>Olivier Refalo &lt;Olivier_Refalo&#064fpl.com&gt; - null pointer exception fix for JDK 1.3 CMSSignedData objects.</li>
@@ -201,7 +204,7 @@ SecureRandom.</li>
 <li>Antoon Bosselaers &lt;Antoon.Bosselaers&#064esat.kuleuven.ac.be&gt; - help with RipeMD320 implementation.</li>
 <li>Peter Sylvester &lt;Peter.Sylvester&#064edelweb.fr&gt; - improvements to the ASN.1 BasicConstraints object.</li>
 <li>Doug &lt;ummmmm&#064myrealbox.com&gt; - addition of isEncryptionKey method to OpenPGP public keys.</li>
-<li>Francois Staes &lt;fstaes&#064netconsult.be&gt; - improvements to DEBitString, DERGeneralizedTime and initial implimentation of DERGeneralString, addition of settable signed content info to CMSSignedDataGenerator, patch to DH key agreement.</li>
+<li>Francois Staes &lt;fstaes&#064netconsult.be&gt; - improvements to DEBitString, DERGeneralizedTime and initial implimentation of DERGeneralString, addition of settable signed object info to CMSSignedDataGenerator, patch to DH key agreement.</li>
 <li>W.R. Dittmer &lt;wdittmer&#064cs.vu.nl&gt; - patch to decoding of SignatureCreationTime in BCPG. Patch to PGPKeyPair to fix nullpointer exception.</li>
 <li>Perez Paz Luis Alberto &lt;laperez&#064banxico.org.mx&gt; - patch to use of BitString in X.500 name.</li>
 <li>James Wright &lt;James_Wright&#064harte-hanks.com&gt; - patches for dealing with "odd" ArmoredInputStreams.</li>
@@ -277,7 +280,7 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>Georg Lippold &lt;georg.lippold&#064gmx.de&gt; - initial implementation of NaccacheStern cipher.</li>
 <li>Chris Viles &lt;chris_viles&#064yahoo.com&gt; - fix to SignatureSubpacket critical bit setting.</li>
 <li>Pasi Eronen &lt;Pasi.Eronen&#064nokia.com&gt; - extra toString() support for ASN.1 library. Initial patch for large OID components.</li>
-<li>Lijun Liao &lt;https://github.com/xipki&gt; performance enhancements for SHA family of digests. Bug report and patch for blank line handling in ArmoredInputStream. Addition of getSignatureAlgorithmID to BasicOCSPResp. Reset fix for SM2 signatures, performance improvements for SHA-3. Clean up of CMP EncryptedValueBuilder, additional functionality on PollReqContent.</li>
+<li>Lijun Liao &lt;https://github.com/xipki&gt; performance enhancements for SHA family of digests. Bug report and patch for blank line handling in ArmoredInputStream. Addition of getSignatureAlgorithmID to BasicOCSPResp. Reset fix for SM2 signatures, performance improvements for SHA-3. Clean up of CMP EncryptedValueBuilder, additional functionality on PollReqContent. Bug fix for endianness issue in cSHAKE left encode method.</li>
 <li>Maria Ivanova &lt;maria.ivanova&#064gmail.com&gt; - support for tags > 30 in ASN.1 parsing.</li>
 <li>Armin H&auml;berling &lt;arminha&#064student.ethz.ch&gt; - first cut of internationalisation, initial PKIX validation classes.</li>
 <li>Marius Schilder &lt;mschilder&#064google.com&gt; - main set of test vectors for Bleichenbacher's forgery attack.</li>
@@ -349,7 +352,7 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>Wayne Grant &lt;waynedgrant&#064gmail.com&gt; additional OIDs for PCKS10 and certificate generation support.</li>
 <li>Frank Cornelis &lt;info&#064frankcornelis.be&gt; additional support classes for CAdES, enhancements to OCSP classes.</li>
 <li>Jan Dittberner &lt;jan&#064dittberner.info&gt; addHeader patch for SMIME generator.</li>
-<li>Bob McGowan &lt;boab.mcgoo&#064btinternet.com&gt; patch to support different content and mgf digests in PSS signing.</li>
+<li>Bob McGowan &lt;boab.mcgoo&#064btinternet.com&gt; patch to support different object and mgf digests in PSS signing.</li>
 <li>Ivo Matheis &lt;i.matheis&#064seeburger.de&gt; fix to padding verification in ISO-9796-1.</li>
 <li>Marco Sandrini &lt;nessche&#064gmail.com&gt; patch to add IV to ISO9797Alg3Mac.</li>
 <li>Alf Malf &lt;alfilmalf&#064hotmail.com&gt; removal of unnecessary limit in CMSContentInfoParser.</li>
@@ -431,7 +434,7 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>Sergio Giro &lt;sgiro&#064google.com&gt; Fixed adding of additional stores from CRL distribution point [#BJA-537]. Fixed missing null check for CRL certificate issuer [#BJA-538], removal of risky zeroisation code in PBE.java, check for salt in PBEKeys that require it.</li>
 <li>bschuette&lt;https://github.com/bschuette&gt; Fixed typo in DefaultSignatureAlgorithmIdentifierFinder, additional methods on CMSSignedDataParser.</li>
 <li>Leonard Dallot&lt;https://github.com/dallotTazTag&gt; Fix to S2K usage of none on changing passwords on keys without passwords originally.</li>
-<li>Jan Willem Janssen &lt;j.w.janssen+bouncycastle&#064lxtreme.nl&gt; Support for DSAParameters in lightweight SubjectPublicKeyInfoFactory, initial content signer verifier for BC lightweight EC.</li>
+<li>Jan Willem Janssen &lt;j.w.janssen+bouncycastle&#064lxtreme.nl&gt; Support for DSAParameters in lightweight SubjectPublicKeyInfoFactory, initial object signer verifier for BC lightweight EC.</li>
 <li>Sebastian Oerding &lt;sebastian.oerding@robotron.de&gt; Fixes to toString() in x509.CertificatePolicies.</li>
 <li>Kai Kramer &lt;kai.kramer&#064gmail.com&gt; Code to deal with orphaned chain certificates in the PKCS#12 KeyStore.</li>
 <li>Benoit Charles &lt;benoit.charles&#064opentrust.com&gt; Fix for IES data length check on decryption.</li>
@@ -459,7 +462,7 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>Anders Schack-Mulligen &lt;https://github.com/aschackmull&gt; code cleanups for CMSSignedDataParser, BrokenKDF2BytesGenerator.</li>
 <li>Sebastian Wolfgang Roland &lt;sebastianwolfgang.roland&#064stud.tu-darmstadt.de&gt; Initial XMSS/XMSS-MT implementation.</li>
 <li>didisoft &lt;https://github.com/didisoft&gt; test code for PGP signature removal involving user ids.</li>
-<li>Mike Safonov&lt;https://github.com/MikeSafonov&gt; initial implementation of GOST3410-2012 for light weight provider and JCA, parameters patches for ECGOST keys, initial implementation of GOST3412-2015.</li>
+<li>Mike Safonov&lt;https://github.com/MikeSafonov&gt; initial implementation of GOST3410-2012 for light weight provider and JCA, parameters patches for ECGOST keys, initial implementation of GOST3412-2015, addition of fromExtensions() for CRLDistPoint.</li>
 <li>Artem Storozhuk &lt;storojs72&#064gmail.com&gt; initial implementation of DSTU7564 (digest) and DSTU7624 (cipher) and their associated modes.</li>
 <li>Andreas Glaser &lt;andreas.glaser&#064gi-de.com&gt; patch to recognise ANSSI curves for PKCS#10 requests.</li>
 <li>codeborne &lt;https://github.com/cbxp&gt; patch to correct OIDs used in public key digest parameters for ECGOST-2012.</li>
@@ -470,7 +473,7 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>str4d &lt;https://github.com/str4d&gt; initial implementation of Blake2s</li>
 <li>Scott Woodward &lt;scott&#064bit3consulting.com&gt; performance fixes for CTRSP800DRBG.</li>
 <li>David Strawn &lt;https://github.com/isomarcte&gt; fix for off by one error in SCRYPT bounds checking.</li>
-<li>chris mccown &lt;0xchrismccown&#064gmail.com&gt; identification of serialisation issue with XMSS/XMSSMT private keys.</li>
+<li>chris mccown &lt;0xchrismccown&#064gmail.com&gt; identification of serialisation issue with XMSS/XMSSMT private keys (see also CVE-2018-1000613).</li>
 <li>ZZMarquis &lt;https://github.com/ZZMarquis&gt; offset patch for SM2 decrypt.</li>
 <li>Andreas Kretschmer &lt;https://github.com/Akretsch&gt; NPE fix for CertTemplate.getVersion()</li>
 <li>Armin Lunkeit, Michael Tautenhahn &lt;&gt; identification of M-R test issue on higher certainty values in RSA key pair generation.</li> 
@@ -478,10 +481,17 @@ CertPath support for implicit DSA parameters and a range of NameConstraints. Add
 <li>Adam Vartanian &lt;https://github.com/flooey&gt; use of ShortBuffer exception and buffer size pre-check in Cipher.doFinal().</li>
 <li>Bernd &lt;https://github.com/ecki&gt; Fix to make PGPUtil.pipeFileContents use buffer and not leak file handle.</li>
 <li>Shartung &lt;https://github.com/shartung&gt; Additional EC Key Agreement algorithms in support of German BSI TR-03111.</li>
-<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory.</li>
+<li>Paul Schaub &lt;https://github.com/vanitasvitae&gt; bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation.</li>
 <li>Nick of Nexxar &lt;https://github.com/nros&gt; update to OpenPGP package to handle a broader range of EC curves.</li>
 <li>catbref &lt;https://github.com/catbref&gt; sample implementation of RFC 7748/Ed25519 (incorporated work from github users Valodim and str4d as well).</li>
 <li>gerlion &lt;https://github.com/gerlion&gt; detection of concurrency issue with pre-1.60 EC math library.</li>
+<li>fgrieu &lt;fgrieu&#064gmail.com&gt; identification and suggested fixes for possible timing vulnerability in OAEPEncoding and RSACoreEngine.</li>
+<li>MTG &lt;https://github.com/mtgag&gt; patch for decoding issues in PKIPublicationInfo and CertifiedKeyPair.</li>
+<li>Andreas Gadermaier &lt;up.gadermaier&#064gmail.com&gt; initial version of Argon2 PBKDF algorithm.</li>
+<li>Tony Washer &lt;tony.washer@yahoo.co.uk&gt; review of qTesla, Java 1.9 module code.</li>
+<li>Vincent Bouckaert &lt;https://github.com/veebee&gt; initial version of RFC 4998 ASN.1 classes.</li>
+<li>Tony Washer &lt;https://github.com/tonywasher&gt; ECIESKeyEncapsulation fix for use of OldCofactor mode.</li>
+<li>Aurimas Liutikas &lt;https://github.com/liutikas&gt; JavaDoc patches to ReasonsMask.</li>
 </ul>
-</body>
+</object>
 </html>

LICENSE.html

 <html>
 <body bgcolor=#ffffff>
 
-Copyright (c) 2000-2018 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
+Copyright (c) 2000-2019 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
 <p>
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
 and associated documentation files (the "Software"), to deal in the Software without restriction, 

README.md

@@ -12,7 +12,7 @@ Except where otherwise stated, this software is distributed under a license base
 
 ## Code Organisation
 
-The clean room JCE, for use with JDK 1.1 to JDK 1.3 is in the jce/src/main/java directory.
+The clean room JCE, for use with JDK 1.1 to JDK 1.3 is in the jce/src/main/java directory. From JDK 1.4 and later the JCE ships with the JVM, the source for later JDKs follows the progress that was made in the later versions of the JCE. If you are using a later version of the JDK which comes with a JCE install please **do not** include the jce directory as a source file as it will clash with the JCE API installed with your JDK.
 
 The **core** module provides all the functionality in the ligthweight APIs.
 
@@ -25,7 +25,7 @@ The **mail** module provides an S/MIME API built on top of CMS.
 
 The **pg** module is the home for code used to support OpenPGP.
 
-The **tls** module is the home for code used to a general TLS API and JSSE Provider (as at 1.56 this should be considered a beta).
+The **tls** module is the home for code used to a general TLS API and JSSE Provider.
 
 The build scripts that come with the full distribution allow creation of the different releases by using the different source trees while excluding classes that are not appropriate and copying in the required compatibility classes from the directories containing compatibility classes appropriate for the distribution.
 

ant/bc+-build.xml

@@ -326,6 +326,7 @@
                  <exclude name="org/bouncycastle/eac/**" />
                  <exclude name="org/bouncycastle/est/**" />
                  <exclude name="org/bouncycastle/cmc/**" />
+                 <exclude name="org/bouncycastle/mime/**" />
                  <exclude name="org/bouncycastle/mail/**" />
                  <exclude name="org/bouncycastle/gpg/**" />
                  <exclude name="org/bouncycastle/openpgp/**" />
@@ -435,6 +436,7 @@
                  <exclude name="org/bouncycastle/**/test/*.der" />
                  <exclude name="org/bouncycastle/**/test/*.properties" />
                  <exclude name="org/bouncycastle/util/utiltest/**" />
+                 <exclude name="org/bouncycastle/mime/**" />
                  <exclude name="org/bouncycastle/mail/**" />
                  <exclude name="org/bouncycastle/cms/**" />
                  <exclude name="org/bouncycastle/pkix/**" />
@@ -615,6 +617,7 @@
                  <include name="org/bouncycastle/est/**" />
                  <include name="org/bouncycastle/cmc/**" />
                  <include name="org/bouncycastle/cert/**/*.java" />
+                 <include name="org/bouncycastle/mime/**/*.java" />
                  <include name="org/bouncycastle/mozilla/**/*.java" />
                  <include name="org/bouncycastle/openssl/**/*.java" />
                  <include name="org/bouncycastle/operator/**/*.java" />
@@ -981,10 +984,12 @@
                  <include name="org/bouncycastle/est/**/test/*.java" />
                  <include name="org/bouncycastle/cmc/**/test/*.java" />
                  <include name="org/bouncycastle/cert/**/test/*.java" />
+                 <include name="org/bouncycastle/mime/**/test/*.java" />
                  <include name="org/bouncycastle/pkcs/**/test/*.java" />
                  <include name="org/bouncycastle/openssl/**/test/*.java" />
                  <include name="org/bouncycastle/mozilla/**/test/*.java" />
                  <include name="org/bouncycastle/operator/**/test/*.java" />
+                 <include name="org/bouncycastle/mime/**/*.html" />
                  <include name="org/bouncycastle/cms/**/*.html" />
                  <include name="org/bouncycastle/pkix/**/*.html" />
                  <include name="org/bouncycastle/dvcs/**/*.html" />
@@ -1021,9 +1026,10 @@
                 <group title="DVCS Packages" packages="org.bouncycastle.dvcs*" />
                 <group title="Extended Access Control Packages" packages="org.bouncycastle.eac*" />
                 <group title="PKCS Packages" packages="org.bouncycastle.pkcs*" />
+                <group title="MIME Packages" packages="org.bouncycastle.mime*" />
                 <group title="OpenSSL and PEM Support Packages" packages="org.bouncycastle.openssl*" />
                 <group title="TSP Packages" packages="org.bouncycastle.tsp*" />
-                <group title="Test and Example Packages" packages="org.bouncycastle.openssl.test*,org.bouncycastle.mozilla.test*,org.bouncycastle.pkcs.test*,org.bouncycastle.cert.test*,org.bouncycastle.cert.path.test*,org.bouncycastle.cert.ocsp.test*,org.bouncycastle.cert.crmf.test*,org.bouncycastle.cert.cmp.test*,org.bouncycastle.eac.test*,org.bouncycastle.dvcs.test*,org.bouncycastle.est.test*,org.bouncycastle.cms.test*,org.bouncycastle.tsp.test*,org.bouncycastle.operator.test*" />
+                <group title="Test and Example Packages" packages="org.bouncycastle.openssl.test*,org.bouncycastle.mozilla.test*,org.bouncycastle.pkcs.test*,org.bouncycastle.cert.test*,org.bouncycastle.cert.path.test*,org.bouncycastle.cert.ocsp.test*,org.bouncycastle.cert.crmf.test*,org.bouncycastle.cert.cmp.test*,org.bouncycastle.eac.test*,org.bouncycastle.dvcs.test*,org.bouncycastle.est.test*,org.bouncycastle.cms.test*,org.bouncycastle.mime.test*,org.bouncycastle.tsp.test*,org.bouncycastle.operator.test*" />
             </docElements>
         </compile-doc>
 

ant/jdk13.xml

@@ -84,13 +84,21 @@
                 <exclude name="**/asymmetric/DSTU*.java" />
                 <exclude name="**/asymmetric/dstu/*.java" />
                 <exclude name="**/provider/config/PKCS12StoreParameter.java" />
+                <exclude name="**/jcajce/BCFKSLoadStoreParameter.java" />
+                <exclude name="**/jcajce/BCLoadStoreParameter.java" />
+                <exclude name="**/jcajce/spec/DSTU4145ParameterSpec.java" />
             </fileset>
             <fileset dir="pkix/src/main/java">
                 <exclude name="**/cert/jcajce/JcaAttributeCertificateIssuer.java" />
+                <exclude name="**/pkix/jcajce/X509Revoc*.java" />
+                <exclude name="**/pkix/jcajce/Revoc*.java" />
+                <exclude name="**/pkix/jcajce/RFC3280Cert*.java" />
+                <exclude name="**/mime/**/*.java" />
                 <exclude name="**/est/**/*.java" />
             </fileset>
             <fileset dir="pg/src/main/java">
                 <exclude name="**/keybox/*.java" />
+                <exclude name="**/keybox/**/*.java" />
             </fileset>
             <fileset dir="mail/src/main/java">
                 <exclude name="**/ValidateSignedMail.java" />
@@ -123,6 +131,7 @@
                 <exclude name="**/PGPUnicodeTest.java" />
                 <exclude name="**/pqc/**/EncryptionKeyTest.java" />
                 <exclude name="**/pqc/**/BitStringTest.java" />
+                <exclude name="**/pqc/**/QTESLA*.java" />
                 <exclude name="**/jcajce/provider/test/*.java" />
                 <exclude name="**/jce/provider/test/JceTestUtil.java" />
                 <exclude name="**/speedy/**" />
@@ -176,6 +185,9 @@
                 <exclude name="**/CertPathLoopTest.java" />
                 <exclude name="**/TimeStampTokenInfoUnitTest.java" />
                 <exclude name="**/est/**/*.java" />
+                <exclude name="**/mime/test/*.java" />
+                <exclude name="**/pkix/**/RevocationTest.java" />
+                <exclude name="**/pkix/**/TestUtil.java" />
             </fileset>
             <fileset dir="mail/src/test/java">
                 <exclude name="**/SignedMailValidatorTest.java" />
@@ -227,7 +239,9 @@
         </copy>
         <copy todir="${src.dir}" overwrite="true">
             <fileset dir="prov/src/test/jdk1.4" includes="**/*.java" />
-            <fileset dir="pkix/src/test/jdk1.4" includes="**/*.java" />
+            <fileset dir="pkix/src/test/jdk1.4" includes="**/*.java" >
+                <exclude name="**/mime/test/*.java" />
+            </fileset>
             <fileset dir="mail/src/test/jdk1.4" includes="**/*.java" />
         </copy>
         <copy todir="${src.dir}" overwrite="true">

ant/jdk14.xml

@@ -31,11 +31,18 @@
             </fileset>
             <fileset dir="pkix/src/main/java">
                 <exclude name="**/est/**/*.java"/>
+                <exclude name="**/pkix/jcajce/*.java"/>
+            </fileset>
+            <fileset dir="pkix/src/main/java">
+                <include name="**/pkix/jcajce/Jca*.java" />
             </fileset>
             <fileset dir="mail/src/main/java">
                 <exclude name="**/ValidateSignedMail.java"/>
             </fileset>
             <fileset dir="prov/src/main/java">
+                <exclude name="**/DSTU4145ParameterSpec.java"/>
+                <exclude name="**/BCLoadStoreParameter.java"/>
+                <exclude name="**/BCFKSLoadStoreParameter.java"/>
                 <exclude name="**/BCFKSStoreParameter.java"/>
                 <exclude name="**/ECPointUtil.java"/>
                 <exclude name="**/ECNamedCurveSpec.java"/>
@@ -77,6 +84,7 @@
             </fileset>
             <fileset dir="pkix/src/test/java">
                 <exclude name="**/est/**/*.java"/>
+                <exclude name="**/pkix/test/RevocationTest.java"/>
                 <exclude name="**/TimeStampTokenInfoUnitTest.java"/>
             </fileset>
             <fileset dir="mail/src/test/java"/>
@@ -103,6 +111,19 @@
                 <exclude name="**/jcajce/provider/test/*.java"/>
                 <exclude name="**/jce/provider/test/JceTestUtil.java"/>
             </fileset>
+
+            <fileset dir="tls/src/main/java" includes="**/*.java">
+                <exclude name="**/jsse/**"/>
+            </fileset>
+            <fileset dir="tls/src/main/javadoc" includes="**/*.html"/>
+            <fileset dir="tls/src/test/java" includes="**/*.java">
+                <exclude name="**/jsse/**"/>
+                <exclude name="**/CertChainUtil.java"/>
+                <exclude name="**/TlsTestUtils.java"/>
+            </fileset>
+
+            <fileset dir="tls/src/test/resources" includes="**/*.*"/>
+
             <fileset dir="core/src/test/" includes="**/*.properties"/>
             <fileset dir="prov/src/main/resources" includes="**/*.properties"/>
             <fileset dir="pkix/src/test/resources" includes="**/*.*"/>
@@ -124,26 +145,36 @@
             <fileset dir="core/src/test/data" includes="**/*.cer"/>
             <fileset dir="core/src/test/data" includes="**/*.cvcert"/>
         </copy>
+        <copy todir="${src.dir}" overwrite="true">
+            <fileset dir="core/src/main/javadoc"/>
+            <fileset dir="prov/src/main/javadoc"/>
+            <fileset dir="pkix/src/main/javadoc"/>
+            <fileset dir="pg/src/main/javadoc"/>
+        </copy>
         <copy todir="${src.dir}" overwrite="true">
             <fileset dir="core/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="prov/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="pkix/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="pg/src/main/jdk1.4" includes="**/*.java"/>
+            <fileset dir="tls/src/main/jdk1.4" includes="**/*.java"/>
             <fileset dir="core/src/test/jdk1.4" includes="**/*.java"/>
-            <fileset dir="pkix/src/test/jdk1.4" includes="**/*.java" />
             <fileset dir="mail/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="prov/src/test/jdk1.4" includes="**/*.java"/>
             <fileset dir="pg/src/test/jdk1.4" includes="**/*.java"/>
+            <fileset dir="pkix/src/test/jdk1.4" includes="**/*.java"/>
+            <fileset dir="tls/src/test/jdk1.4" includes="**/*.java"/>
         </copy>
-        <copy todir="${src.dir}" overwrite="true">
-            <fileset dir="core/src/main/javadoc" />
-            <fileset dir="prov/src/main/javadoc" />
-            <fileset dir="pkix/src/main/javadoc" />
-            <fileset dir="pg/src/main/javadoc" />
-        </copy>
+
         <replaceregexp match="${regexp}" replace=" " flags="g" byline="true">
             <fileset dir="${src.dir}">
                 <include name="**/*.java"/>
+                <exclude name="**/MultipartParserTest.java"/>
+            </fileset>
+        </replaceregexp>
+        <replaceregexp match="(List|Map|Set) >" replace="\1" flags="g" byline="true">
+            <fileset dir="${src.dir}">
+                <include name="**/*.java"/>
+                <exclude name="**/MultipartParserTest.java"/>
             </fileset>
         </replaceregexp>
         <available classname="com.puppycrawl.tools.checkstyle.CheckStyleTask" property="checkstyle.on"/>
@@ -166,6 +197,7 @@
     </target>
 
     <target name="build" depends="init">
+  	<ant antfile="ant/bc+-build.xml" dir="." target="build-tls" />
         <ant antfile="ant/bc+-build.xml" dir="."/>
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-lw"/>
         <ant antfile="ant/bc+-build.xml" dir="." target="javadoc-libraries"/>

bc-build.properties

 
-release.suffix: 160
-release.name: 1.60
-release.version: 1.60.0
+release.suffix: 161
+release.name: 1.61
+release.version: 1.61.0
 release.debug: false
 
 mail.jar.home: /opt/javamail/mail.jar

build1-1

@@ -61,6 +61,8 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
 
     rm org/bouncycastle/jce/provider/test/GOST3410KeyPairTest.java
     rm org/bouncycastle/jce/provider/test/DRBGTest.java
+    rm -rf org/bouncycastle/jcajce/BC*LoadStore*.java
+    rm -rf org/bouncycastle/jcajce/spec/DSTU4145*.java
     rm -rf org/bouncycastle/math/ec/rfc8032/test
     rm -rf org/bouncycastle/crypto/test/ntru
     rm -rf org/bouncycastle/pqc/math/ntru
@@ -70,6 +72,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/pqc/crypto/*/XMSS*
     rm -rf org/bouncycastle/pqc/crypto/*/EncryptionKey*
     rm -rf org/bouncycastle/pqc/crypto/*/BitStringT*
+    rm -rf org/bouncycastle/pqc/crypto/test/QT*
     rm -rf org/bouncycastle/crypto/*/test
     rm -rf org/bouncycastle/crypto/*/IndexGenerator*
     rm -rf org/bouncycastle/util/utiltest
@@ -90,6 +93,8 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/jce/provider/JCEEC*.java
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/ec/EC5Util.java
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/ecgost12
+    rm -rf org/bouncycastle/jcajce/provider/asymmetric/edec
+    rm -rf org/bouncycastle/jcajce/provider/asymmetric/EdEC.java
     rm -rf org/bouncycastle/jcajce/provider/config/ProviderConfigurationPermission.java
     rm -rf org/bouncycastle/jcajce/provider/test
     rm org/bouncycastle/jcajce/BCFKSStoreParameter.java
@@ -98,6 +103,8 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/jce/provider/test/X509LDAP*.java
     rm -rf org/bouncycastle/jce/provider/test/MQVTest*.java
     rm -rf org/bouncycastle/jce/provider/test/AlgorithmParametersTest.java
+    rm -rf org/bouncycastle/jce/provider/test/EdECTest.java
+    rm -rf org/bouncycastle/jce/provider/test/SM2CipherTest.java
     rm -rf org/bouncycastle/jce/spec/ECNamedCurveSpec.java
     rm -rf org/bouncycastle/util/encoders/test/*.java
     rm -rf org/bouncycastle/x509/PKIXCertPathReviewer.java
@@ -153,6 +160,7 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/cert/test/GOST3410_2012CMSTest.java
     rm -rf org/bouncycastle/tsp/GenTimeAccuracyUnit*
     rm -rf org/bouncycastle/tsp/TimeStampTokenInfoUnit*
+    rm -rf org/bouncycastle/tsp/DataGroup*
     rm -rf org/bouncycastle/jce/provider/test/DHTest.java
     rm -rf org/bouncycastle/jce/provider/test/DSATest.java
     rm -rf org/bouncycastle/jce/provider/test/ECEncodingTest.java
@@ -177,6 +185,12 @@ find $jdk11src -name "*.java" -exec scripts/useseccert.sh \{\} \;
     rm -rf org/bouncycastle/pkcs/test
     rm -rf org/bouncycastle/eac/test
     rm -rf org/bouncycastle/cms/test
+    rm -rf org/bouncycastle/pkix/jcajce/X509*
+    rm -rf org/bouncycastle/pkix/jcajce/RFC3280*
+    rm -rf org/bouncycastle/pkix/jcajce/Revocation*
+    rm -rf org/bouncycastle/pkix/test/Revocation*
+    rm -rf org/bouncycastle/pkix/test/TestUtil*
+    rm -rf org/bouncycastle/mime/
     rm -rf org/bouncycastle/tsp/test
     rm -rf org/bouncycastle/est/test
     rm -rf org/bouncycastle/dvcs/test
@@ -414,8 +428,11 @@ then
     (cd src/javax/crypto; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip *.java */*.java)
 
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/*.java)
-    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/[bx]*/*.java)
-    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/[pc]*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/b*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/x*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/cr*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/cm*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/p*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip *.java pqc/*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip u*/*.java )
@@ -425,7 +442,9 @@ then
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/[adefghijk]*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/[lmnoqrstuvwyz]*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip asn1/*/*/*.java)
-    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/[ade]*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/[a]*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/[d]*/*.java)
+    (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/[e]*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/[gimpsu]*/*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/t*/[ABCD]*.java)
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:$JDK11PATH/lib/classes.zip crypto/t*/[EFHKMNOP]*.java)
@@ -581,6 +600,12 @@ q
 g/new PGPKeyRingTest(),/d
 w
 q
+%
+
+    ed src/org/bouncycastle/openpgp/operator/jcajce/JcaKeyFingerprintCalculator.java <<%
+g/private.*final.*;/s/final//
+w
+q
 %
 
     (cd src/org/bouncycastle; javac -d ../../../classes -classpath ../../../classes:../../../src:../../../../jce-jdk11-$base/classes:$JDK11PATH/lib/classes.zip bcpg/*.java bcpg/*/*.java openpgp/*.java )

build1-2

@@ -70,10 +70,10 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm -rf org/bouncycastle/mail
     rm -rf org/bouncycastle/bcpg
     rm -rf org/bouncycastle/openpgp
-    rm -rf org/bouncycastle/openssl
-    rm -rf org/bouncycastle/voms
-    rm -rf org/bouncycastle/mozilla
-    rm -rf org/bouncycastle/tsp
+    rm -rf org/bouncycastle/mime
+    rm org/bouncycastle/pkix/jcajce/Revocation*.java
+    rm org/bouncycastle/pkix/jcajce/X509RevocationChecker.java
+    rm org/bouncycastle/pkix/jcajce/RFC3280*.java
     rm -rf org/bouncycastle/sasn1/test
     rm -rf org/bouncycastle/i18n/test
     rm -rf org/bouncycastle/i18n/filter/test
@@ -120,6 +120,8 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm org/bouncycastle/jce/provider/test/DetDSATest.java
     rm org/bouncycastle/jce/provider/test/AEADTest.java
     rm -rf org/bouncycastle/jce/provider/JDKPKCS12StoreParameter.java
+    rm -rf org/bouncycastle/jcajce/BC*LoadStore*.java
+    rm -rf org/bouncycastle/jcajce/spec/DSTU4145*.java
     rm -rf org/bouncycastle/jcajce/provider/config/PKCS12StoreParameter.java
     rm -rf org/bouncycastle/jcajce/provider/test/PrivateConstructorTest.java
     rm -rf org/bouncycastle/jcajce/provider/test/ECAlgorithmParametersTest.java
@@ -128,20 +130,15 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm org/bouncycastle/asn1/test/ASN1SequenceParserTest.java
     rm org/bouncycastle/asn1/test/OctetStringTest.java
     rm org/bouncycastle/asn1/test/ParseTest.java
+    rm org/bouncycastle/pkix/test/RevocationTest.java
+    rm org/bouncycastle/pkix/test/TestUtil.java
     rm -r org/bouncycastle/crypto/test/BigSkippingCipherTest.java
     rm -rf org/bouncycastle/openssl/test
-    rm -rf org/bouncycastle/cms
-    rm -rf org/bouncycastle/cert
-    rm -rf org/bouncycastle/pkcs
-    rm -rf org/bouncycastle/operator
-    rm -rf org/bouncycastle/eac
-    rm -rf org/bouncycastle/tsp
-    rm -r org/bouncycastle/est
-    rm -rf org/bouncycastle/mozilla
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/dstu
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/DSTU*.java
     rm -rf org/bouncycastle/jcajce/provider/asymmetric/util/EC5*.java
     rm org/bouncycastle/asn1/test/EnumeratedTest.java
+    rm -rf org/bouncycastle/pqc/crypto/test/QT*.java
     rm -rf org/bouncycastle/pqc/jcajce/provider/test
     rm -r org/bouncycastle/crypto/test/speedy
     rm -r org/bouncycastle/crypto/test/cavp
@@ -150,17 +147,12 @@ find $jdk12src -name "*.java" -exec scripts/usejcecert.sh \{\} \;
     rm -r org/bouncycastle/crypto/test/KDFCounterGeneratorTest.java
     rm -r org/bouncycastle/math/test/PrimesTest.java
     rm -r org/bouncycastle/math/raw/test/InterleaveTest.java
-    rm -rf src/org/bouncycastle/cert/jcajce/JcaAttributeCertificateIssuer.java
-    rm -rf src/org/bouncycastle/cert/test/ConverterTest*
-    rm -rf src/org/bouncycastle/cert/test/CertPathLoopTest.java
-    rm -rf src/org/bouncycastle/cert/test/Bc*
-    rm -rf src/org/bouncycastle/cms/test
-    rm -rf src/org/bouncycastle/dvcs/test
-    rm -rf src/org/bouncycastle/eac/test
-    rm -rf src/org/bouncycastle/pkcs/test
-    rm -rf src/org/bouncycastle/tsp/test
-    rm -rf src/org/bouncycastle/tsp/GenTimeAccuracyUnit*
-    rm -rf src/org/bouncycastle/tsp/TimeStampTokenInfoUnit*
+    rm -rf org/bouncycastle/cert/jcajce/JcaAttributeCertificateIssuer.java
+    rm -rf org/bouncycastle/cert/test/ConverterTest*
+    rm -rf org/bouncycastle/cert/test/CertPathLoopTest.java
+    rm -rf org/bouncycastle/cert/test/Bc*
+    rm -rf org/bouncycastle/tsp/GenTimeAccuracyUnit*
+    rm -rf org/bouncycastle/tsp/TimeStampTokenInfoUnit*
 
     sh ../../scripts/jdk1.2ed.sh
 
@@ -389,16 +381,7 @@ then
     mkdir $artifacts/bcpkix-jdk12-$base
     mkdir $artifacts/bcpkix-jdk12-$base/src
     tar cf - index.html LICENSE.html CONTRIBUTORS.html docs | (cd $artifacts/bcpkix-jdk12-$base; tar xf -)
-    ((cd pkix/src/main/java && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/main/jdk1.4 && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/main/jdk1.3 && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/main/jdk1.2 && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/test/java && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/test/jdk1.4 && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/test/jdk1.3 && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    ((cd pkix/src/main/javadoc && tar cf - * ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
-    find $artifacts/bcpkix-jdk12-$base -name "*.java" -exec scripts/trim.sh \{\} \;
-    find $artifacts/bcpkix-jdk12-$base -name "*.java" -exec scripts/usejcecert.sh \{\} \;
+    ((cd $jdk12src && tar cf - org/bouncycastle/cert org/bouncycastle/cms org/bouncycastle/pkcs org/bouncycastle/pkix org/bouncycastle/openssl org/bouncycastle/operator org/bouncycastle/mozilla org/bouncycastle/tsp org/bouncycastle/voms ) | (cd $artifacts/bcpkix-jdk12-$base/src && tar xf -))
     (
     cd $artifacts/bcpkix-jdk12-$base; mkdir classes; mkdir javadoc;
 
@@ -497,12 +480,11 @@ then
     rm -rf src/org/bouncycastle/mail
     rm -rf src/org/bouncycastle/pkcs
     rm -rf src/org/bouncycastle/cms
+    rm -rf src/org/bouncycastle/mime
     rm -rf src/org/bouncycastle/eac
     rm -rf src/org/bouncycastle/cert
     rm -rf src/org/bouncycastle/tsp
     rm -rf src/org/bouncycastle/x509
-    rm -rf src/org/bouncycastle/openssl
-    rm -rf src/org/bouncycastle/operator
     rm -rf src/org/bouncycastle/voms
     rm -rf src/org/bouncycastle/sasn1
     rm -rf src/org/bouncycastle/est

buildj2me

@@ -70,6 +70,8 @@ then
         rm src/org/bouncycastle/asn1/test/CMCStatusTest.java
         rm src/org/bouncycastle/asn1/test/PublishTrustAnchorsTest.java
         rm src/org/bouncycastle/asn1/test/RevokeRequestTest.java
+	rm src/org/bouncycastle/asn1/test/LocaleTest.java
+	rm src/org/bouncycastle/tsp/DataGroup.java
         rm -rf src/org/bouncycastle/math/ec/rfc7748/test
         rm -rf src/org/bouncycastle/math/ec/rfc8032/test
         rm -rf src/org/bouncycastle/math/raw/test
@@ -131,6 +133,7 @@ then
         rm src/org/bouncycastle/cert/test/DANETest.java
         rm src/org/bouncycastle/cert/test/X509ExtensionUtilsTest.java
         rm src/org/bouncycastle/crypto/test/BigSkippingCipherTest.java
+        rm src/org/bouncycastle/crypto/test/OpenSSHKeyParsingTests.java
         rm -r src/org/bouncycastle/util/utiltest
         rm -r src/org/bouncycastle/openpgp/examples
         rm src/org/bouncycastle/openpgp/PGPCompressed*

core/src/main/j2me/org/bouncycastle/asn1/DateUtil.java

+package org.bouncycastle.asn1;
+
+import java.util.Date;
+
+class DateUtil
+{
+    static Date epochAdjust(Date date)
+    {
+       return date;
+    }
+}

core/src/main/j2me/org/bouncycastle/crypto/util/SSHBuilder.java

+package org.bouncycastle.crypto.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+
+import org.bouncycastle.util.Strings;
+
+class SSHBuilder
+{
+    private final ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+    public void u32(long value)
+    {
+        bos.write((int)((value >>> 24) & 0xFF));
+        bos.write((int)((value >>> 16) & 0xFF));
+        bos.write((int)((value >>> 8) & 0xFF));
+        bos.write((int)(value & 0xFF));
+    }
+
+    public void rawArray(byte[] value)
+    {
+        u32(value.length);
+        try
+        {
+            bos.write(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException(e.getMessage());
+        }
+    }
+
+    public void write(byte[] value)
+    {
+        try
+        {
+            bos.write(value);
+        }
+        catch (IOException e)
+        {
+            throw new IllegalStateException(e.getMessage());
+        }
+    }
+
+    public void writeString(String str)
+    {
+        rawArray(Strings.toByteArray(str));
+    }
+
+    public byte[] getBytes()
+    {
+        return bos.toByteArray();
+    }
+
+}

core/src/main/j2me/org/bouncycastle/util/Arrays.java

@@ -13,6 +13,16 @@ public final class Arrays
         // static class, hide constructor
     }
 
+    public static boolean areAllZeroes(byte[] buf, int off, int len)
+    {
+        int bits = 0;
+        for (int i = 0; i < len; ++i)
+        {
+            bits |= buf[off + i];
+        }
+        return bits == 0;
+    }
+    
     public static boolean areEqual(
         boolean[] a,
         boolean[] b)
@@ -256,6 +266,18 @@ public final class Arrays
         return false;
     }
 
+    public static void fill(
+        byte[] array,
+        int start,
+        int finish,
+        byte value)
+    {
+        for (int i = start; i < finish; i++)
+        {
+            array[i] = value;
+        }
+    }
+    
     public static void fill(
         byte[] array,
         byte value)

core/src/main/java/org/bouncycastle/LICENSE.java

@@ -5,7 +5,7 @@ import org.bouncycastle.util.Strings;
 /**
  * The Bouncy Castle License
  *
- * Copyright (c) 2000-2017 The Legion Of The Bouncy Castle Inc. (http://www.bouncycastle.org)
+ * Copyright (c) 2000-2019 The Legion Of The Bouncy Castle Inc. (http://www.bouncycastle.org)
  * <p>
  * Permission is hereby granted, free of charge, to any person obtaining a copy of this software 
  * and associated documentation files (the "Software"), to deal in the Software without restriction, 
@@ -25,8 +25,8 @@ import org.bouncycastle.util.Strings;
  */
 public class LICENSE
 {
-    public static String licenseText =
-      "Copyright (c) 2000-2017 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org) "
+    public static final String licenseText =
+      "Copyright (c) 2000-2019 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org) "
       + Strings.lineSeparator()
       + Strings.lineSeparator()
       + "Permission is hereby granted, free of charge, to any person obtaining a copy of this software "

core/src/main/java/org/bouncycastle/asn1/ASN1ApplicationSpecific.java

@@ -3,6 +3,7 @@ package org.bouncycastle.asn1;
 import java.io.IOException;
 
 import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
 
 /**
  * Base class for an ASN.1 ApplicationSpecific object
@@ -194,25 +195,19 @@ public abstract class ASN1ApplicationSpecific
         //
         if (tagNo == 0x1f)
         {
-            tagNo = 0;
-
             int b = input[index++] & 0xff;
 
             // X.690-0207 8.1.2.4.2
             // "c) bits 7 to 1 of the first subsequent octet shall not all be zero."
             if ((b & 0x7f) == 0) // Note: -1 will pass
             {
-                throw new ASN1ParsingException("corrupted stream - invalid high tag number found");
+                throw new IOException("corrupted stream - invalid high tag number found");
             }
 
-            while ((b >= 0) && ((b & 0x80) != 0))
+            while ((b & 0x80) != 0)
             {
-                tagNo |= (b & 0x7f);
-                tagNo <<= 7;
                 b = input[index++] & 0xff;
             }
-
-//            tagNo |= (b & 0x7f);
         }
 
         byte[] tmp = new byte[input.length - index + 1];
@@ -223,4 +218,29 @@ public abstract class ASN1ApplicationSpecific
 
         return tmp;
     }
+
+    public String toString()
+    {
+        StringBuffer sb = new StringBuffer();
+        sb.append("[");
+        if (isConstructed())
+        {
+            sb.append("CONSTRUCTED ");
+        }
+        sb.append("APPLICATION ");
+        sb.append(Integer.toString(getApplicationTag()));
+        sb.append("]");
+        // @todo content encoding somehow?
+        if (this.octets != null)
+        {
+            sb.append(" #");
+            sb.append(Hex.toHexString(this.octets));
+        }
+        else
+        {
+            sb.append(" #null");
+        }
+        sb.append(" ");
+        return sb.toString();
+    }
 }

core/src/main/java/org/bouncycastle/asn1/ASN1BitString.java

@@ -58,6 +58,7 @@ public abstract class ASN1BitString
             return 0;
         }
 
+
         int bits = 1;
 
         while (((val <<= 1) & 0xFF) != 0)

core/src/main/java/org/bouncycastle/asn1/ASN1External.java

+package org.bouncycastle.asn1;
+
+import java.io.IOException;
+
+/**
+ * Class representing the DER-type External
+ */
+public abstract class ASN1External
+    extends ASN1Primitive
+{
+    protected ASN1ObjectIdentifier directReference;
+    protected ASN1Integer indirectReference;
+    protected ASN1Primitive dataValueDescriptor;
+    protected int encoding;
+    protected ASN1Primitive externalContent;
+
+    /**
+     * Construct an EXTERNAL object, the input encoding vector must have exactly two elements on it.
+     * <p>
+     * Acceptable input formats are:
+     * <ul>
+     * <li> {@link ASN1ObjectIdentifier} + data {@link DERTaggedObject} (direct reference form)</li>
+     * <li> {@link ASN1Integer} + data {@link DERTaggedObject} (indirect reference form)</li>
+     * <li> Anything but {@link DERTaggedObject} + data {@link DERTaggedObject} (data value form)</li>
+     * </ul>
+     *
+     * @throws IllegalArgumentException if input size is wrong, or
+     */
+    public ASN1External(ASN1EncodableVector vector)
+    {
+        int offset = 0;
+
+        ASN1Primitive enc = getObjFromVector(vector, offset);
+        if (enc instanceof ASN1ObjectIdentifier)
+        {
+            directReference = (ASN1ObjectIdentifier)enc;
+            offset++;
+            enc = getObjFromVector(vector, offset);
+        }
+        if (enc instanceof ASN1Integer)
+        {
+            indirectReference = (ASN1Integer) enc;
+            offset++;
+            enc = getObjFromVector(vector, offset);
+        }
+        if (!(enc instanceof ASN1TaggedObject))
+        {
+            dataValueDescriptor = (ASN1Primitive) enc;
+            offset++;
+            enc = getObjFromVector(vector, offset);
+        }
+
+        if (vector.size() != offset + 1)
+        {
+            throw new IllegalArgumentException("input vector too large");
+        }
+
+        if (!(enc instanceof ASN1TaggedObject))
+        {
+            throw new IllegalArgumentException("No tagged object found in vector. Structure doesn't seem to be of type External");
+        }
+        ASN1TaggedObject obj = (ASN1TaggedObject)enc;
+        setEncoding(obj.getTagNo());
+        externalContent = obj.getObject();
+    }
+
+    private ASN1Primitive getObjFromVector(ASN1EncodableVector v, int index)
+    {
+        if (v.size() <= index)
+        {
+            throw new IllegalArgumentException("too few objects in input vector");
+        }
+
+        return v.get(index).toASN1Primitive();
+    }
+
+    /**
+     * Creates a new instance of External
+     * See X.690 for more informations about the meaning of these parameters
+     * @param directReference The direct reference or <code>null</code> if not set.
+     * @param indirectReference The indirect reference or <code>null</code> if not set.
+     * @param dataValueDescriptor The data value descriptor or <code>null</code> if not set.
+     * @param externalData The external data in its encoded form.
+     */
+    public ASN1External(ASN1ObjectIdentifier directReference, ASN1Integer indirectReference, ASN1Primitive dataValueDescriptor, DERTaggedObject externalData)
+    {
+        this(directReference, indirectReference, dataValueDescriptor, externalData.getTagNo(), externalData.toASN1Primitive());
+    }
+
+    /**
+     * Creates a new instance of External.
+     * See X.690 for more informations about the meaning of these parameters
+     * @param directReference The direct reference or <code>null</code> if not set.
+     * @param indirectReference The indirect reference or <code>null</code> if not set.
+     * @param dataValueDescriptor The data value descriptor or <code>null</code> if not set.
+     * @param encoding The encoding to be used for the external data
+     * @param externalData The external data
+     */
+    public ASN1External(ASN1ObjectIdentifier directReference, ASN1Integer indirectReference, ASN1Primitive dataValueDescriptor, int encoding, ASN1Primitive externalData)
+    {
+        setDirectReference(directReference);
+        setIndirectReference(indirectReference);
+        setDataValueDescriptor(dataValueDescriptor);
+        setEncoding(encoding);
+        setExternalContent(externalData.toASN1Primitive());
+    }
+
+    ASN1Primitive toDERObject()
+     {
+         if (this instanceof DERExternal)
+         {
+             return this;
+         }
+
+         return new DERExternal(directReference, indirectReference, dataValueDescriptor, encoding, externalContent);
+     }
+
+    /* (non-Javadoc)
+     * @see java.lang.Object#hashCode()
+     */
+    public int hashCode()
+    {
+        int ret = 0;
+        if (directReference != null)
+        {
+            ret = directReference.hashCode();
+        }
+        if (indirectReference != null)
+        {
+            ret ^= indirectReference.hashCode();
+        }
+        if (dataValueDescriptor != null)
+        {
+            ret ^= dataValueDescriptor.hashCode();
+        }
+        ret ^= externalContent.hashCode();
+        return ret;
+    }
+
+    boolean isConstructed()
+    {
+        return true;
+    }
+
+    int encodedLength()
+        throws IOException
+    {
+        return this.getEncoded().length;
+    }
+
+    /* (non-Javadoc)
+     * @see org.bouncycastle.asn1.ASN1Primitive#asn1Equals(org.bouncycastle.asn1.ASN1Primitive)
+     */
+    boolean asn1Equals(ASN1Primitive o)
+    {
+        if (!(o instanceof ASN1External))
+        {
+            return false;
+        }
+        if (this == o)
+        {
+            return true;
+        }
+        ASN1External other = (ASN1External)o;
+        if (directReference != null)
+        {
+            if (other.directReference == null || !other.directReference.equals(directReference))  
+            {
+                return false;
+            }
+        }
+        if (indirectReference != null)
+        {
+            if (other.indirectReference == null || !other.indirectReference.equals(indirectReference))
+            {
+                return false;
+            }
+        }
+        if (dataValueDescriptor != null)
+        {
+            if (other.dataValueDescriptor == null || !other.dataValueDescriptor.equals(dataValueDescriptor))
+            {
+                return false;
+            }
+        }
+        return externalContent.equals(other.externalContent);
+    }
+
+    /**
+     * Returns the data value descriptor
+     * @return The descriptor
+     */
+    public ASN1Primitive getDataValueDescriptor()
+    {
+        return dataValueDescriptor;
+    }
+
+    /**
+     * Returns the direct reference of the external element
+     * @return The reference
+     */
+    public ASN1ObjectIdentifier getDirectReference()
+    {
+        return directReference;
+    }
+
+    /**
+     * Returns the encoding of the content. Valid values are
+     * <ul>
+     * <li><code>0</code> single-ASN1-type</li>
+     * <li><code>1</code> OCTET STRING</li>
+     * <li><code>2</code> BIT STRING</li>
+     * </ul>
+     * @return The encoding
+     */
+    public int getEncoding()
+    {
+        return encoding;
+    }
+    
+    /**
+     * Returns the content of this element
+     * @return The content
+     */
+    public ASN1Primitive getExternalContent()
+    {
+        return externalContent;
+    }
+    
+    /**
+     * Returns the indirect reference of this element
+     * @return The reference
+     */
+    public ASN1Integer getIndirectReference()
+    {
+        return indirectReference;
+    }
+    
+    /**
+     * Sets the data value descriptor
+     * @param dataValueDescriptor The descriptor
+     */
+    private void setDataValueDescriptor(ASN1Primitive dataValueDescriptor)
+    {
+        this.dataValueDescriptor = dataValueDescriptor;
+    }
+
+    /**
+     * Sets the direct reference of the external element
+     * @param directReferemce The reference
+     */
+    private void setDirectReference(ASN1ObjectIdentifier directReferemce)
+    {
+        this.directReference = directReferemce;
+    }
+    
+    /**
+     * Sets the encoding of the content. Valid values are
+     * <ul>
+     * <li><code>0</code> single-ASN1-type</li>
+     * <li><code>1</code> OCTET STRING</li>
+     * <li><code>2</code> BIT STRING</li>
+     * </ul>
+     * @param encoding The encoding
+     */
+    private void setEncoding(int encoding)
+    {
+        if (encoding < 0 || encoding > 2)
+        {
+            throw new IllegalArgumentException("invalid encoding value: " + encoding);
+        }
+        this.encoding = encoding;
+    }
+    
+    /**
+     * Sets the content of this element
+     * @param externalContent The content
+     */
+    private void setExternalContent(ASN1Primitive externalContent)
+    {
+        this.externalContent = externalContent;
+    }
+    
+    /**
+     * Sets the indirect reference of this element
+     * @param indirectReference The reference
+     */
+    private void setIndirectReference(ASN1Integer indirectReference)
+    {
+        this.indirectReference = indirectReference;
+    }
+}

core/src/main/java/org/bouncycastle/asn1/ASN1GeneralizedTime.java

@@ -133,7 +133,7 @@ public class ASN1GeneralizedTime
     public ASN1GeneralizedTime(
         Date time)
     {
-        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
+        SimpleDateFormat dateF = new SimpleDateFormat("yyyyMMddHHmmss'Z'", DateUtil.EN_Locale);
 
         dateF.setTimeZone(new SimpleTimeZone(0, "Z"));
 
@@ -367,7 +367,7 @@ public class ASN1GeneralizedTime
             }
         }
 
-        return dateF.parse(d);
+        return DateUtil.epochAdjust(dateF.parse(d));
     }
 
     protected boolean hasFractionalSeconds()

core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java

@@ -143,7 +143,7 @@ public class ASN1InputStream
 
         if ((tag & APPLICATION) != 0)
         {
-            return new DERApplicationSpecific(isConstructed, tagNo, defIn.toByteArray());
+            return new DLApplicationSpecific(isConstructed, tagNo, defIn.toByteArray());
         }
 
         if ((tag & TAGGED) != 0)
@@ -181,7 +181,7 @@ public class ASN1InputStream
                 case SET:
                     return DERFactory.createSet(buildDEREncodableVector(defIn));
                 case EXTERNAL:
-                    return new DERExternal(buildDEREncodableVector(defIn));                
+                    return new DLExternal(buildDEREncodableVector(defIn));
                 default:
                     throw new IOException("unknown tag " + tagNo + " encountered");
             }

core/src/main/java/org/bouncycastle/asn1/ASN1Null.java

+/***************************************************************/
+/******    DO NOT EDIT THIS CLASS bc-java SOURCE FILE     ******/
+/***************************************************************/
 package org.bouncycastle.asn1;
 
 import java.io.IOException;
@@ -8,6 +11,11 @@ import java.io.IOException;
 public abstract class ASN1Null
     extends ASN1Primitive
 {
+    ASN1Null()
+    {
+
+    }
+
     /**
      * Return an instance of ASN.1 NULL from the passed in object.
      * <p>
@@ -17,6 +25,7 @@ public abstract class ASN1Null
      * <li> {@link ASN1Null} object
      * <li> a byte[] containing ASN.1 NULL object
      * </ul>
+     * </p>
      *
      * @param o object to be converted.
      * @return an instance of ASN1Null, or null.