You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<li>Don't auto-close CBZip2InputStream at end-of-contents.</li>
29
+
<li>The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key.</li>
30
+
<li>CBZip2InputStream no longer auto-closes at end-of-contents.</li>
31
+
<li>The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158 and has been fixed.</li>
32
+
<li>Support for the previous set of libOQS Falcon OIDs has been restored.</li>
33
+
<li>The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. This has been fixed.</li>
34
+
<li>Some KeyAgreement classes were missing in the Java 11 class hierarchy. This has been fixed.</li>
35
+
<li>A typo in a constant name in the HPKE class has been fixed and the old constant deprecated.</li>
36
+
<li>Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions.</li>
31
37
</ul>
32
38
<h3>2.1.3 Additional Features and Functionality</h3>
33
39
<ul>
34
40
<li>SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService.</li>
35
41
<li>BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150.</li>
36
42
<li>BCJSSE: Added support for system properties "jdk.tls.client.maxInboundCertificateChainLength" and "jdk.tls.server.maxInboundCertificateChainLength".</li>
37
43
<li>BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00.</li>
44
+
<li>The Composite post-quantum signatures implementation has been updated to the latest draft (07) <ahref="https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-sigs">draft-ietf-lamps-pq-composite-sigs</a>.</li>
45
+
<li>"<name>_PREHASH" implementations are now provided for all composite signatures to allow the hash of the date to be used instead of the actual data in signature calculation.</li>
46
+
<li>The gradle build can now be used to generate an Bill of Materials (BOM) file.</li>
47
+
<li>It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class.</li>
48
+
<li>The Ascon family of algorithms has been updated with the latest published changes.</li>
49
+
<li>Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite.</li>
50
+
<li>PGPSecretKey, PGPSignatureGenerator now support version 6.</li>
51
+
<li>Further optimisation work has been done on ML-KEM public key validation.</li>
52
+
<li>Zeroization of passwords in the JCA PKCS12 key store has been improved.</li>
53
+
<li>The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282).</li>
54
+
<li>Support has been added to the CMS content encryptors to allow a generated key to be passed in, rather than always having them generate their own.</li>
55
+
<li>OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility).</li>
56
+
</ul>
57
+
<h3>2.1.4 Additional Notes</h3>
58
+
<ul>
59
+
<li>The legacy post-quantum package has now been removed.</li>
0 commit comments