* Defects Fixed
The ASN.1 parser would throw a large object exception for some objects which could be safely parsed. This has been fixed.
GOST3412-2015 CTR mode was unusable at the JCE level. This has been fixed.
The DSTU MACs were failing to reset fully on doFinal(). This has been fixed.
The DSTU MACs would throw an exception if the key was a multiple of the size as the MAC's underlying buffer size. This has been fixed.
EdEC and QTESLA were not previously usable with the post Java 9 module structure. This is now fixed.
ECNR was not correctly bounds checking the input and could produce invalid signatures. This is now fixed.
ASN.1: Enforce no leading zeroes in OID branches (longer than 1 character).
TLS: Fix X448 support in JcaTlsCrypto.
Fixed field reduction for secp128r1 custom curve.
Fixed unsigned multiplications in X448 field squaring.
Some issues over subset Name Constraint validation in the CertPath analyser have now been fixed.
TimeStampResponse.getEncoded() could throw an exception if the TimeStampToken was null. This has been fixed.
Unnecessary memory usage in the ARGON2 implementation has been removed.
Param-Z in the GOST-28147 algorithm was not resolving correctly. This has been fixed.
It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC.
* Additional Features and Functionality
QTESLA is now updated with the round 2 changes. Note: the security catergories, and in some cases key generation and signatures, have changed. For people interested in comparison, the round 1 version is now moved to org.bouncycastle.pqc.crypto.qteslarnd1 - this package will be deleted in 1.64. Please keep in mind that QTESLA may continue to evolve.
Support has been added for generating Ed25519/Ed448 signed certificates.
A method for recovering the message/digest value from an ECNR signature has been added.
Support for the ZUC-128 and ZUC-256 ciphers and MACs has been added to the provider and the lightweight API.
Support has been added for ChaCha20-Poly1305 AEAD mode from RFC 7539.
Improved performance for multiple ECDSA verifications using same public key.
Support for PBKDF2withHmacSM3 has been added to the BC provider.
The S/MIME API has been fixed to avoid unnecessary delays due to DNS resolution of a hosts name in internal MimeMessage preparation.
The valid path for EST services has been updated to cope with the characters used in the Aruba clearpass EST implementation.