Details

    • Type: Task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 9.7
    • Fix Version/s: 9.8-rc-1
    • Component/s: Dependency Upgrades
    • Labels:
      None
    • Documentation:
      N/A
    • Similar issues:

      Description

      See https://www.bouncycastle.org/releasenotes.html

      = Defects Fixed
      
          * NewHope and SPHINCS keys are now correctly created off certificates by the BC provider.
          * Use of the seeded constructor with SecureRandom() and the BC provider in first position could cause a stack overflow error. This has been fixed.
          * The boolean flag on ECDSAPublicKey in CVCertficate was hard coded. This has been fixed.
          * An edge condition in IV processing for GOFB mode has been found and fixed.
          * ANSSI named EC curves were not being recognised in PKCS#10 and certificate parsing. This has been fixed.
          * BaseStreamCipher.engineSetMode() could sometimes throw an IllegalArgumentException rather than a NoSuchAlgorithmException. This has been fixed.
          * Some class resolving used by the provider would fail if the BC jar was loaded on the boot class path. This has been fixed.
          * An off-by-one range check in SM2Signer has been fixed.
          * Retrieving an SM2 key from a certificate could result in a NullPointerException due to a problem with the curve lookup. This has been fixed.
          * DTLS now supports records containing multiple handshake messages.
      
      = Additional Features and Functionality
      
          * An implementation of GOST3410-2012 has been added to light weight API and the JCA provider.
          * Support for ECDH GOST3410-2012 and GOST3410-2001 have been added. The CMS API can also handle reading ECDH GOST3410 key transport messages.
          * Additional mappings have been added for a range of CVC-ECDSA algorithms.
          * XMMS and XMSSMT are now available via the BCPQC provider. Support has been added for using these keys in certificates as well.
          * Support has been added for DSTU-7564 message digest and the DSTU-7624 ciphers, together with their associated modes.
          * A new system property org.bouncycastle.asn1.allow_unsafe_integer has been added to allow parsing of malformed ASN.1 integers in a similar fashion to what BC 1.56 did. The default behavior remains as reject malformed integers.
          * SignedMailValidator would only pick up the first email address in a DN, even when there was more than one. This has been fixed.
          * PEMParser will now support a broader range of PBKDFs in encrypted private key files.
          * Work has been done on speeding up the SHA-3 family. The functions are now 3 to 4 times faster.
          * Some EC aliases in the provider had no corresponding implementations. These have been cleaned up.
          * TimeStampResponses now support definite-length encoding to allow the preservation of order in certificates sets for legacy responses.
          * The TSP API now supports SM2withSM3.
          * The BCJSSE provider now has a FIPS mode.
          * The BCJSSE provider now supports layered sockets.
          * The new TLS API now has protocol/API support for the status_request extension (OCSP stapling).
          * The new TLS API now supports RFC 7633 - X.509v3 TLS Feature Extension (e.g. "must staple"), enabled in default clients.
          * TLS exceptions have been made more directly informative.
      
      = Removed Features and Functionality
      
          * Per RFC 7465, removed support for RC4 in the new TLS API.
          * Per RFC 7568, removed support for SSLv3 in the new TLS API.
      
      

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              tmortagne Thomas Mortagne
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: