Merge branch 'main' into pg-synchronize-bc_csharp

Author: gefeili

CONTRIBUTING.md

@@ -0,0 +1,51 @@
+# Bouncy Castle Contributing Guidelines <!-- omit in toc -->
+
+Thank you for contributing to Bouncy Castle!
+
+In this guide, you get an overview of the contribution workflow from starting a discussion or opening an issue, to creating, reviewing, and merging a pull request.
+
+For an overview of the project, see [README](README.md). 
+
+### Start a discussion
+If you have a question or problem, you can [search in discussions](https://github.com/bcgit/bc-java/discussions), if someone has already found a solution to your problem. 
+
+Or you can [start a new discussion](https://github.com/bcgit/bc-java/discussions/new/choose) and ask your question. 
+
+### Create an issue
+
+If you find a problem with Bouncy Castle, [search if an issue already exists](https://github.com/bcgit/bc-java/issues).
+
+> **_NOTE:_**  If the issue is a __potential security problem__, please contact us
+before posting anything public. See [Security Policy](SECURITY.md).
+
+If a related discussion or issue doesn't exist, and the issue is not security related, you can [open a new issue](https://github.com/bcgit/bc-java/issues/new). An issue can be converted into a discussion if regarded as one.
+
+### Contribute to the code
+
+For substantial, non-trivial contributions, you may be asked to sign a contributor assignment agreement. Optionally, you can also have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html). 
+
+Please note we are unable to accept contributions which cannot be released under the [Bouncy Castle License](https://www.bouncycastle.org/licence.html). Issuing a pull request on our public github mirror is taken as agreement to issuing under the Bouncy Castle License.
+
+#### Create a pull request
+
+> **_NOTE:_**  If the issue is a __potential security problem__, please contact us. See [Security Policy](SECURITY.md).
+
+You are welcome to send patches, under the Bouncy Castle License, as pull requests. For more information, see [Creating a pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request). For minor updates, you can instead choose to create an issue with short snippets of code. See above.
+
+* For contributions touching multiple files try and split up the pull request, smaller changes are easier to review and test, as well as being less likely to run into merge issues.
+* Create a test cases for your change, it may be a simple addition to an existing test. If you do not know how to do this, ask us and we will help you. 
+* If you run into any merge issues, check out this [git tutorial](https://github.com/skills/resolve-merge-conflicts) to help you resolve merge conflicts and other issues.
+
+For more information, refer to the Bouncy Castle documentation on [Getting Started with Bouncy Castle](https://doc.primekey.com/bouncycastle/introduction#Introduction-GettingStartedwithBouncyCastle).
+
+#### Self-review
+
+Don't forget to self-review. Please follow these simple guidelines:
+* Keep the patch limited, only change the parts related to your patch. 
+* Do not change other lines, such as whitespace, adding line breaks to Java doc, etc. It will make it very hard for us to review the patch.
+
+
+#### Your pull request is merged
+
+For acceptance, pull requests need to meet specific quality criteria, including tests for anything substantial. Someone on the Bouncy Castle core team will review the pull request when there is time, and let you know if something is missing or suggest improvements. If it is a useful and generic feature it will be integrated in Bouncy Castle to be available in a later release.
+

LICENSE.md

@@ -0,0 +1,13 @@
+Copyright (c) 2000-2024 The Legion of the Bouncy Castle Inc. (https://www.bouncycastle.org).
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction,
+including without limitation the rights to use, copy, modify, merge, publish, distribute,
+sub license, and/or sell copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions: The above copyright notice and this
+permission notice shall be included in all copies or substantial portions of the Software.
+
+**THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
+NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT
+OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.**

SECURITY.md

@@ -1,5 +1,17 @@
-# Reporting a security issue
+# Security Policy
 
-If you would like to report something you believe to be a security issue
-then please use [email protected]. 
-We can provide a PGP key if required.
+## Reporting a Vulnerability
+
+If you think that you have found a security vulnerability, please report it to this email address: [[email protected]](mailto:[email protected])
+
+Describe the issue including all details, for example: 
+* Short summary of the problem
+* Steps to reproduce
+* Affected API versions
+* Logs if available 
+
+The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. 
+
+If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. 
+
+Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.

ant/bc+-build.xml

@@ -360,14 +360,27 @@
                  <exclude name="org/bouncycastle/asn1/cmp/**" />
                  <exclude name="org/bouncycastle/asn1/cms/**" />
                  <exclude name="org/bouncycastle/asn1/crmf/**" />
+                 <exclude name="org/bouncycastle/asn1/cryptlib/**" />
                  <exclude name="org/bouncycastle/asn1/dvcs/**" />
                  <exclude name="org/bouncycastle/asn1/eac/**" />
+                 <exclude name="org/bouncycastle/asn1/edec/**" />
                  <exclude name="org/bouncycastle/asn1/esf/**" />
                  <exclude name="org/bouncycastle/asn1/ess/**" />
                  <exclude name="org/bouncycastle/asn1/est/**" />
+                 <exclude name="org/bouncycastle/asn1/gnu/**" />
+                 <exclude name="org/bouncycastle/asn1/iana/**" />
                  <exclude name="org/bouncycastle/asn1/icao/**" />
+                 <exclude name="org/bouncycastle/asn1/isara/**" />
                  <exclude name="org/bouncycastle/asn1/isismtt/**" />
-                 <exclude name="org/bouncycastle/asn1/its/**" />
+                 <exclude name="org/bouncycastle/asn1/iso/**" />
+                 <exclude name="org/bouncycastle/asn1/kisa/**" />
+                 <exclude name="org/bouncycastle/asn1/microsoft/**" />
+                 <exclude name="org/bouncycastle/asn1/misc/**" />
+                 <exclude name="org/bouncycastle/asn1/mozilla/**" />
+                 <exclude name="org/bouncycastle/asn1/nsri/**" />
+                 <exclude name="org/bouncycastle/asn1/ntt/**" />
+                 <exclude name="org/bouncycastle/asn1/oiw/**" />
+                 <exclude name="org/bouncycastle/asn1/rosstandart/**" />
                  <exclude name="org/bouncycastle/asn1/smime/**" />
                  <exclude name="org/bouncycastle/asn1/tsp/**" />
                  <exclude name="org/bouncycastle/bcpg/**" />
@@ -754,14 +767,27 @@
                  <include name="org/bouncycastle/asn1/cmp/**" />
                  <include name="org/bouncycastle/asn1/cms/**" />
                  <include name="org/bouncycastle/asn1/crmf/**" />
+                 <include name="org/bouncycastle/asn1/cryptlib/**" />
                  <include name="org/bouncycastle/asn1/dvcs/**" />
                  <include name="org/bouncycastle/asn1/eac/**" />
+                 <include name="org/bouncycastle/asn1/edec/**" />
                  <include name="org/bouncycastle/asn1/esf/**" />
                  <include name="org/bouncycastle/asn1/ess/**" />
                  <include name="org/bouncycastle/asn1/est/**" />
+                 <include name="org/bouncycastle/asn1/gnu/**" />
+                 <include name="org/bouncycastle/asn1/iana/**" />
                  <include name="org/bouncycastle/asn1/icao/**" />
+                 <include name="org/bouncycastle/asn1/isara/**" />
                  <include name="org/bouncycastle/asn1/isismtt/**" />
-                 <include name="org/bouncycastle/asn1/its/**" />
+                 <include name="org/bouncycastle/asn1/iso/**" />
+                 <include name="org/bouncycastle/asn1/kisa/**" />
+                 <include name="org/bouncycastle/asn1/microsoft/**" />
+                 <include name="org/bouncycastle/asn1/misc/**" />
+                 <include name="org/bouncycastle/asn1/mozilla/**" />
+                 <include name="org/bouncycastle/asn1/nsri/**" />
+                 <include name="org/bouncycastle/asn1/ntt/**" />
+                 <include name="org/bouncycastle/asn1/oiw/**" />
+                 <include name="org/bouncycastle/asn1/rosstandart/**" />
                  <include name="org/bouncycastle/asn1/smime/**" />
                  <include name="org/bouncycastle/asn1/tsp/**" />
                  <include name="org/bouncycastle/oer/**" />
@@ -860,7 +886,10 @@
         <copyStandardFiles toDir="${pg.target.dir}" />
 
         <copy todir="${pg.target.src.dir}" filtering="true">
-             <fileset dir="${src.dir}" includes="org/bouncycastle/bcpg/**/*.java" />
+             <fileset dir="${src.dir}">
+                <include name="org/bouncycastle/bcpg/**/*.java" />
+                <exclude name="org/bouncycastle/**/test/**/*.java" />
+             </fileset>
         </copy>
 
         <copy todir="${pg.target.src.dir}">

build.gradle

@@ -31,6 +31,22 @@ if (JavaVersion.current().isJava8Compatible()) {
     }
 }
 
+def String deriveOSGIVersion(String prjVersion) {
+    if (prjVersion.contains("-SNAPSHOT")) {
+        // Snapshots always extend to fourth level and terminate with time in seconds since epoch.
+        prjVersion = prjVersion.replace("-SNAPSHOT", "");
+        while (prjVersion.count(".") < 2) {
+            prjVersion = prjVersion + ".0";
+        }
+        prjVersion = prjVersion + "." + System.currentTimeMillis().intdiv(1000L).intdiv(60).intdiv(60).intdiv(24);
+    }
+    return prjVersion
+}
+
+ext {
+    bundle_version = deriveOSGIVersion(version.toString());
+}
+
 
 // this needs to go here, otherwise it can't find config
 apply plugin: 'io.spring.nohttp'
@@ -46,7 +62,6 @@ allprojects {
         mavenCentral()
     }
 
-
     dependencies {
         testImplementation group: 'junit', name: 'junit', version: '4.13.2'
     }
@@ -171,6 +186,7 @@ ext {
 
 
 
+
 subprojects {
     apply plugin: 'eclipse'
 

core/src/main/java/org/bouncycastle/asn1/x9/X9IntegerConverter.java

@@ -17,10 +17,9 @@ public class X9IntegerConverter
      * @param c the curve of interest.
      * @return the field size in bytes (rounded up).
      */
-    public int getByteLength(
-        ECCurve c)
+    public int getByteLength(ECCurve c)
     {
-        return (c.getFieldSize() + 7) / 8;
+        return c.getFieldElementEncodingLength();
     }
 
     /**
@@ -29,10 +28,9 @@ public int getByteLength(
      * @param fe the field element of interest.
      * @return the field size in bytes (rounded up).
      */
-    public int getByteLength(
-        ECFieldElement fe)
+    public int getByteLength(ECFieldElement fe)
     {
-        return (fe.getFieldSize() + 7) / 8;
+        return fe.getEncodedLength();
     }
 
     /**

core/src/main/java/org/bouncycastle/crypto/agreement/ECDHBasicAgreement.java

@@ -41,7 +41,7 @@ public void init(
 
     public int getFieldSize()
     {
-        return (key.getParameters().getCurve().getFieldSize() + 7) / 8;
+        return key.getParameters().getCurve().getFieldElementEncodingLength();
     }
 
     public BigInteger calculateAgreement(

core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCBasicAgreement.java

@@ -45,7 +45,7 @@ public void init(
 
     public int getFieldSize()
     {
-        return (key.getParameters().getCurve().getFieldSize() + 7) / 8;
+        return key.getParameters().getCurve().getFieldElementEncodingLength();
     }
 
     public BigInteger calculateAgreement(

core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCStagedAgreement.java

@@ -27,7 +27,7 @@ public void init(
 
     public int getFieldSize()
     {
-        return (key.getParameters().getCurve().getFieldSize() + 7) / 8;
+        return key.getParameters().getCurve().getFieldElementEncodingLength();
     }
 
     public AsymmetricKeyParameter calculateStage(

core/src/main/java/org/bouncycastle/crypto/agreement/ECDHCUnifiedAgreement.java

@@ -25,7 +25,7 @@ public void init(
 
     public int getFieldSize()
     {
-        return (privParams.getStaticPrivateKey().getParameters().getCurve().getFieldSize() + 7) / 8;
+        return privParams.getStaticPrivateKey().getParameters().getCurve().getFieldElementEncodingLength();
     }
 
     public byte[] calculateAgreement(CipherParameters pubKey)