You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<li>Leading zeroes were sometimes dropped from Ed25519 signatures leading to verification errors in the PGP API. This has been fixed.</li>
27
27
<li>Default version string for Armored Output is now set correctly in 18on build.</li>
28
+
<li>The Elephant cipher would fail on large messages. This has been fixed.</li>
29
+
<li>CMSSignedData.replaceSigners() would re-encode the digest algorithms block, occassionally dropping ones where NULL had been previously added as an algorithm parameter. The method now attempts to only use the original digest algorithm identifiers.</li>
30
+
<li>ERSInputStreamData would fail to generate the correct hash if called a second time with a different hash algorithm. This has been fixed.</li>
31
+
<li>A downcast in the CrlCache which would cause FTP based CRLs to fail to load has been removed.</li>
32
+
<li>ECUtil.getNamedCurveOid() now trims curve names of excess space before look up.</li>
33
+
<li>The PhotonBeetle and Xoodyak did not reset properly after a doFinal() call. This has been fixed.</li>
34
+
<li>Malformed AlgorithmIdentifiers in CertIDs could cause caching issues in the OCSP cache. This has been fixed.</li>
35
+
<li>With Java 21 a provider service class will now be returned with a null class name where previously a null would have been returned for a service. This can cause a NullPointerException to be thrown by the BC provider if a non-existant service is requested. This issue has now been worked around.</li>
36
+
<li>CMS: OtherKeyAttribute.keyAttr now treated as optional.</li>
37
+
<li>CMS: EnvelopedData and AuthEnvelopedData could calculate the wrong versions. This has been fixed.</li>
28
38
</ul>
29
39
<h3>2.1.3 Additional Features and Functionality</h3>
30
40
<ul>
41
+
<li>Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA.</li>
42
+
<li>The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API.</li>
43
+
<li>A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA.</li>
31
44
<li>BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode).</li>
32
45
<li>BCJSSE: Added support for signature_algorithms_cert configuration via "org.bouncycastle.jsse.client.SignatureSchemesCert" and "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or BCSSLParameters property "SignatureSchemesCert".</li>
33
46
<li>BCJSSE: Added support for boolean system property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default).</li>
34
47
<li>(D)TLS: Remove redundant verification of self-generated RSA signatures.</li>
48
+
<li>CompositePrivateKeys now support the latest revision of the composite signature draft.</li>
49
+
<li>Delta Certificates now support the latest revision of the delta certificate extension draft.</li>
50
+
<li>A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API.</li>
51
+
<li>Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API.</li>
52
+
<li>Support Version 6 signatures, including salts, has been added to the PGP API.</li>
53
+
<li>Support for the PreferredKeyServer signature supacket has been added to the PGP API.</li>
54
+
<li>Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)", has been added to the CMS API.</li>
55
+
<li>Support for the Argon2 S2K has been added to the PGP API.</li>
56
+
<li>The system property "org.bouncycastle.pemreader.lax" has been introduced for situations where the BC PEM parsing is now too strict.</li>
57
+
<li>The system property "org.bouncycastle.ec.disable_f2m" has been introduced to allow F2m EC support to be disabled.</li>
0 commit comments