= Defects Fixed
BCJSSE: SunJSSE compatibility fix - override of getChannel() removed and 'urgent data' behaviour should now conform to what the SunJSSE expects.
Nested BER data could sometimes cause issues in octet strings. This has been fixed.
Certificates/CRLs with short signatures could cause an exception in toString() in the BC X509 Certificate implmentation. This has been fixed.
In line with latest changes in the JVM, SignatureSpis which don't require parameters now return null on engineGetParameters().
The RSA KeyFactory now always preferentially produces RSAPrivateCrtKey where it can on requests for a KeySpec based on an RSAPrivateKey.
CMSTypedStream$FullReaderStream now handles zero length reads correctly.
Unecessary padding was added on KMAC when the key string was block aligned. This has been fixed.
Zero length data would cause an unexpected exception from RFC5649WrapEngine. This has been fixed.
OpenBSDBcrypt was failing to handle some valid prefixes. This has been fixed.
= Additional Features and Functionality
Performance of Argon2 has been improved.
Performance of Noekeon has been improved.
A setSessionKeyObfuscation() method has been added to PublicKeyKeyEncryptionMethodGenerator to allow turning off of session key obfuscation (default is on, method primarily to get around early version GPG issues with AES-128 keys).
Implemented 'safegcd' constant-time modular inversion (as well as a variable-time variant). It has replaced Fermat inversion in all our EC code, and BigInteger.modInverse in several other places, particularly signers. This improves side-channel protection, and also gives a significant performance boost.
Performance of custom binary ECC curves and Edwards Curves has been improved.
BCJSSE: New boolean system property 'org.bouncycastle.jsse.keyManager.checkEKU' allows to disable ExtendedKeyUsage restrictions when selecting credentials (although the peer may still complain).
Initial support has been added for "Composite Keys and Signatures For Use In Internet PKI" using the test OID. Please note there will be further refinements to this as the draft is standardised.
The BC EdDSA signature API now supports keys implementing all methods on the EdECKey and XECKey interfaces directly.
Work has begun on classes to support the ETSI TS 103 097, Intelligent Transport Systems (ITS) in the bcpkix package.
Further optimization work has been done on GCM.
A NewHope based processor, similar to the one for Key Agreement has been added for trying to "quantum hard" KEM algorithms.
PGP clear signed signatures now support SHA-224.
Treating absent vs NULL as equivalent can now be configured by a system property. By default this is not enabled.
Mode name checks in Cipher strings should now make sure an improper mode name always results in a NoSuchAlgorithmException.
In line with changes in OpenSSL, the OpenSSLPBKDF now uses UTF8 encoding.