= Defects Fixed
* NewHope and SPHINCS keys are now correctly created off certificates by the BC provider.
* Use of the seeded constructor with SecureRandom() and the BC provider in first position could cause a stack overflow error. This has been fixed.
* The boolean flag on ECDSAPublicKey in CVCertficate was hard coded. This has been fixed.
* An edge condition in IV processing for GOFB mode has been found and fixed.
* ANSSI named EC curves were not being recognised in PKCS#10 and certificate parsing. This has been fixed.
* BaseStreamCipher.engineSetMode() could sometimes throw an IllegalArgumentException rather than a NoSuchAlgorithmException. This has been fixed.
* Some class resolving used by the provider would fail if the BC jar was loaded on the boot class path. This has been fixed.
* An off-by-one range check in SM2Signer has been fixed.
* Retrieving an SM2 key from a certificate could result in a NullPointerException due to a problem with the curve lookup. This has been fixed.
* DTLS now supports records containing multiple handshake messages.
= Additional Features and Functionality
* An implementation of GOST3410-2012 has been added to light weight API and the JCA provider.
* Support for ECDH GOST3410-2012 and GOST3410-2001 have been added. The CMS API can also handle reading ECDH GOST3410 key transport messages.
* Additional mappings have been added for a range of CVC-ECDSA algorithms.
* XMMS and XMSSMT are now available via the BCPQC provider. Support has been added for using these keys in certificates as well.
* Support has been added for DSTU-7564 message digest and the DSTU-7624 ciphers, together with their associated modes.
* A new system property org.bouncycastle.asn1.allow_unsafe_integer has been added to allow parsing of malformed ASN.1 integers in a similar fashion to what BC 1.56 did. The default behavior remains as reject malformed integers.
* SignedMailValidator would only pick up the first email address in a DN, even when there was more than one. This has been fixed.
* PEMParser will now support a broader range of PBKDFs in encrypted private key files.
* Work has been done on speeding up the SHA-3 family. The functions are now 3 to 4 times faster.
* Some EC aliases in the provider had no corresponding implementations. These have been cleaned up.
* TimeStampResponses now support definite-length encoding to allow the preservation of order in certificates sets for legacy responses.
* The TSP API now supports SM2withSM3.
* The BCJSSE provider now has a FIPS mode.
* The BCJSSE provider now supports layered sockets.
* The new TLS API now has protocol/API support for the status_request extension (OCSP stapling).
* The new TLS API now supports RFC 7633 - X.509v3 TLS Feature Extension (e.g. "must staple"), enabled in default clients.
* TLS exceptions have been made more directly informative.
= Removed Features and Functionality
* Per RFC 7465, removed support for RC4 in the new TLS API.
* Per RFC 7568, removed support for SSLv3 in the new TLS API.