Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

dghgit · dghgit · commit 2886c5f14eb5 · 2025-06-15T17:00:58.000+10:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECGOST3410Signer.java
@@ -29,28 +29,25 @@ public class ECGOST3410Signer
 
     SecureRandom    random;
 
-    public void init(
-        boolean                 forSigning,
-        CipherParameters        param)
+    public void init(boolean forSigning, CipherParameters param)
     {
         if (forSigning)
         {
+            SecureRandom providedRandom = null;
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (ECPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = CryptoServicesRegistrar.getSecureRandom();
-                this.key = (ECPrivateKeyParameters)param;
+                ParametersWithRandom withRandom = (ParametersWithRandom)param;
+                providedRandom = withRandom.getRandom();
+                param = withRandom.getParameters();
             }
+
+            this.key = (ECPrivateKeyParameters)param;
+            this.random = CryptoServicesRegistrar.getSecureRandom(providedRandom);
         }
         else
         {
             this.key = (ECPublicKeyParameters)param;
+            this.random = null;
         }
 
         CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("ECGOST3410", key, forSigning));
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECNRSigner.java
@@ -37,30 +37,27 @@ public class ECNRSigner
      * for verification or if we want to use the signer for message recovery.
      * @param param key parameters for signature generation.
      */
-    public void init(
-        boolean          forSigning, 
-        CipherParameters param) 
+    public void init(boolean forSigning, CipherParameters param) 
     {
         this.forSigning = forSigning;
-        
+
         if (forSigning)
         {
+            SecureRandom providedRandom = null;
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
-
-                this.random = rParam.getRandom();
-                this.key = (ECPrivateKeyParameters)rParam.getParameters();
-            }
-            else
-            {
-                this.random = CryptoServicesRegistrar.getSecureRandom();
-                this.key = (ECPrivateKeyParameters)param;
+                ParametersWithRandom withRandom = (ParametersWithRandom)param;
+                providedRandom = withRandom.getRandom();
+                param = withRandom.getParameters();
             }
+
+            this.key = (ECPrivateKeyParameters)param;
+            this.random = CryptoServicesRegistrar.getSecureRandom(providedRandom);
         }
         else
         {
             this.key = (ECPublicKeyParameters)param;
+            this.random = null;
         }
 
         CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("ECNR", key, forSigning));
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java b/core/src/main/java/org/bouncycastle/crypto/signers/GOST3410Signer.java
@@ -24,28 +24,25 @@ public class GOST3410Signer
 
         SecureRandom    random;
 
-        public void init(
-            boolean                 forSigning,
-            CipherParameters        param)
+        public void init(boolean forSigning, CipherParameters param)
         {
             if (forSigning)
             {
+                SecureRandom providedRandom = null;
                 if (param instanceof ParametersWithRandom)
                 {
-                    ParametersWithRandom rParam = (ParametersWithRandom)param;
-
-                    this.random = rParam.getRandom();
-                    this.key = (GOST3410PrivateKeyParameters)rParam.getParameters();
-                }
-                else
-                {
-                    this.random = CryptoServicesRegistrar.getSecureRandom();
-                    this.key = (GOST3410PrivateKeyParameters)param;
+                    ParametersWithRandom withRandom = (ParametersWithRandom)param;
+                    providedRandom = withRandom.getRandom();
+                    param = withRandom.getParameters();
                 }
+
+                this.key = (GOST3410PrivateKeyParameters)param;
+                this.random = CryptoServicesRegistrar.getSecureRandom(providedRandom);
             }
             else
             {
                 this.key = (GOST3410PublicKeyParameters)param;
+                this.random = null;
             }
 
             CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("GOST3410", key, forSigning));
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ISO9796d2PSSSigner.java
@@ -125,9 +125,7 @@ public ISO9796d2PSSSigner(
      * @throws IllegalArgumentException if wrong parameter type or a fixed
      * salt is passed in which is the wrong length.
      */
-    public void init(
-        boolean forSigning,
-        CipherParameters param)
+    public void init(boolean forSigning, CipherParameters param)
     {
         RSAKeyParameters kParam;
         int lengthOfSalt = saltLength;
@@ -137,16 +135,15 @@ public void init(
             ParametersWithRandom p = (ParametersWithRandom)param;
 
             kParam = (RSAKeyParameters)p.getParameters();
-            if (forSigning)
-            {
-                random = p.getRandom();
-            }
+            random = forSigning ? p.getRandom() : null;
+            standardSalt = null;
         }
         else if (param instanceof ParametersWithSalt)
         {
             ParametersWithSalt p = (ParametersWithSalt)param;
 
             kParam = (RSAKeyParameters)p.getParameters();
+            random = null;
             standardSalt = p.getSalt();
             lengthOfSalt = standardSalt.length;
             if (standardSalt.length != saltLength)
@@ -157,10 +154,8 @@ else if (param instanceof ParametersWithSalt)
         else
         {
             kParam = (RSAKeyParameters)param;
-            if (forSigning)
-            {
-                random = CryptoServicesRegistrar.getSecureRandom();
-            }
+            random = forSigning ? CryptoServicesRegistrar.getSecureRandom() : null;
+            standardSalt = null;
         }
 
         cipher.init(forSigning, kParam);
diff --git a/tls/src/main/java/org/bouncycastle/tls/SRTPProtectionProfile.java b/tls/src/main/java/org/bouncycastle/tls/SRTPProtectionProfile.java
@@ -7,6 +7,16 @@ public class SRTPProtectionProfile
      */
     public static final int SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001;
     public static final int SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002;
+
+    /**
+     * Removed by draft-ietf-avt-dtls-srtp-04. IANA: Unassigned.
+     */
+    public static final int DRAFT_SRTP_AES256_CM_SHA1_80 = 0x0003;
+    /**
+     * Removed by draft-ietf-avt-dtls-srtp-04. IANA: Unassigned.
+     */
+    public static final int DRAFT_SRTP_AES256_CM_SHA1_32 = 0x0004;
+
     public static final int SRTP_NULL_HMAC_SHA1_80 = 0x0005;
     public static final int SRTP_NULL_HMAC_SHA1_32 = 0x0006;
 
@@ -15,4 +25,20 @@ public class SRTPProtectionProfile
      */
     public static final int SRTP_AEAD_AES_128_GCM = 0x0007;
     public static final int SRTP_AEAD_AES_256_GCM = 0x0008;
+
+    /*
+     * RFC 8723 10.1.
+     */
+    public static final int DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM = 0x0009;
+    public static final int DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM = 0x000A;
+
+    /*
+     * RFC 8269 6.1.
+     */
+    public static final int SRTP_ARIA_128_CTR_HMAC_SHA1_80 = 0x000B;
+    public static final int SRTP_ARIA_128_CTR_HMAC_SHA1_32 = 0x000C;
+    public static final int SRTP_ARIA_256_CTR_HMAC_SHA1_80 = 0x000D;
+    public static final int SRTP_ARIA_256_CTR_HMAC_SHA1_32 = 0x000E;
+    public static final int SRTP_AEAD_ARIA_128_GCM = 0x000F;
+    public static final int SRTP_AEAD_ARIA_256_GCM = 0x0010;
 }

Original file line number	Diff line number	Diff line change
`@@ -29,28 +29,25 @@ public class ECGOST3410Signer`
`29`	`29`
`30`	`30`	`SecureRandom random;`
`31`	`31`
`32`		`- public void init(`
`33`		`- boolean forSigning,`
`34`		`- CipherParameters param)`
	`32`	`+ public void init(boolean forSigning, CipherParameters param)`
`35`	`33`	`{`
`36`	`34`	`if (forSigning)`
`37`	`35`	`{`
	`36`	`+ SecureRandom providedRandom = null;`
`38`	`37`	`if (param instanceof ParametersWithRandom)`
`39`	`38`	`{`
`40`		`- ParametersWithRandom rParam = (ParametersWithRandom)param;`
`41`		`-`
`42`		`- this.random = rParam.getRandom();`
`43`		`- this.key = (ECPrivateKeyParameters)rParam.getParameters();`
`44`		`- }`
`45`		`- else`
`46`		`- {`
`47`		`- this.random = CryptoServicesRegistrar.getSecureRandom();`
`48`		`- this.key = (ECPrivateKeyParameters)param;`
	`39`	`+ ParametersWithRandom withRandom = (ParametersWithRandom)param;`
	`40`	`+ providedRandom = withRandom.getRandom();`
	`41`	`+ param = withRandom.getParameters();`
`49`	`42`	`}`
	`43`	`+`
	`44`	`+ this.key = (ECPrivateKeyParameters)param;`
	`45`	`+ this.random = CryptoServicesRegistrar.getSecureRandom(providedRandom);`
`50`	`46`	`}`
`51`	`47`	`else`
`52`	`48`	`{`
`53`	`49`	`this.key = (ECPublicKeyParameters)param;`
	`50`	`+ this.random = null;`
`54`	`51`	`}`
`55`	`52`
`56`	`53`	`CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("ECGOST3410", key, forSigning));`
Original file line number	Diff line number	Diff line change
`@@ -24,28 +24,25 @@ public class GOST3410Signer`
`24`	`24`
`25`	`25`	`SecureRandom random;`
`26`	`26`
`27`		`- public void init(`
`28`		`- boolean forSigning,`
`29`		`- CipherParameters param)`
	`27`	`+ public void init(boolean forSigning, CipherParameters param)`
`30`	`28`	`{`
`31`	`29`	`if (forSigning)`
`32`	`30`	`{`
	`31`	`+ SecureRandom providedRandom = null;`
`33`	`32`	`if (param instanceof ParametersWithRandom)`
`34`	`33`	`{`
`35`		`- ParametersWithRandom rParam = (ParametersWithRandom)param;`
`36`		`-`
`37`		`- this.random = rParam.getRandom();`
`38`		`- this.key = (GOST3410PrivateKeyParameters)rParam.getParameters();`
`39`		`- }`
`40`		`- else`
`41`		`- {`
`42`		`- this.random = CryptoServicesRegistrar.getSecureRandom();`
`43`		`- this.key = (GOST3410PrivateKeyParameters)param;`
	`34`	`+ ParametersWithRandom withRandom = (ParametersWithRandom)param;`
	`35`	`+ providedRandom = withRandom.getRandom();`
	`36`	`+ param = withRandom.getParameters();`
`44`	`37`	`}`
	`38`	`+`
	`39`	`+ this.key = (GOST3410PrivateKeyParameters)param;`
	`40`	`+ this.random = CryptoServicesRegistrar.getSecureRandom(providedRandom);`
`45`	`41`	`}`
`46`	`42`	`else`
`47`	`43`	`{`
`48`	`44`	`this.key = (GOST3410PublicKeyParameters)param;`
	`45`	`+ this.random = null;`
`49`	`46`	`}`
`50`	`47`
`51`	`48`	`CryptoServicesRegistrar.checkConstraints(Utils.getDefaultProperties("GOST3410", key, forSigning));`