2.1.2 Defects Fixed
Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed.
Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed.
ESTService could fail for some valid Content-Type headers. This has been fixed.
Originator key algorithm parameters were being passed as NULL in key agreement recipients. The parameters now reflect the value of the parameters in the key's SubjectPublicKeyInfo.
ContentType on encapsulated data was not been passed through correctly for authenticated and enveloped data. This has been fixed.
NTRUEncryptionParameters and NTRUEncryptionKeyGenerationParameters were not correctly cloning the contained message digest. This has been fixed.
CertificateFactory.generateCertificates()/generateCRLs() would throw an exception if extra data was found at the end of a PEM file even if valid objects had been found. Extra data is now ignored providing at least one object found.
Internal class PKIXCRLUtil could throw a NullPointerException for CRLs with an absent nextUpdate field. This has been fixed.
PGP ArmoredInputStream now fails earlier on malformed headers.
The McElieceKobaraImaiCipher was randomly throwing "Bad Padding: invalid ciphertext" exception while decrypting due to leading zeroes been missed during processing of the cipher text. This has been fixed.
Ed25519 keys being passed in via OpenSSH key spec are now validated in the KeyFactory.
Blowfish keys are now range checked on cipher construction.
In some cases PGPSecretKeyRing was failing to search its extraPubKeys list when searching for public keys.
The BasicConstraintsValidation class in the BC cert path validation tools has improved conformance to RFC 5280.
AlgorithmIdentifiers involving message digests now attempt to follow the latest conventions for the parameters field (basically DER NULL appears less).
Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers.
TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3.
2.1.3 Additional Features and Functionality
GCM-SIV has been added to the lightweight API and the provider.
Blake3 has been added to the lightweight API.
The OpenSSL PEMParser can now be extended to add specialised parsers.
Base32 encoding has now been added, the default alphabet is from RFC 4648.
The KangarooTwelve message digest has been added to the lightweight API.
An implementation of the two FPE algorithms, FF1 and FF3-1 in SP 800-38G has been added to the lightweight API and the JCE provider.
An implementation of ParallelHash has been added to the lightweight API.
An implementation of TupleHash has been added to the lightweight API.
RSA-PSS now supports the use of SHAKE128 and SHAKE256 as the mask generation function and digest.
ECDSA now supports the use of SHAKE128 and SHAKE256.
PGPPBEEncryptedData will now reset the stream if the initial checksum fails so another password can be tried.
Iterators on public and secret key ring collections in PGP now reflect the original order of the public/secret key rings they contain.
KeyAgreeRecipientInformation now has a getOriginator() method for retrieving the underlying orginator information.
PGPSignature now has a getDigestPrefix() method for people wanting exposure to the signature finger print details.
The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding:
to the java.security file. We would be interested in hearing from anyone that needs to do this.
PLAIN-ECDSA now supports the SHA3 digests.
Some highlevel support for RFC 4998 ERS has been added for ArchiveTimeStamp and EvidenceRecord. The new classes are in the org.bouncycastle.tsp.ers package.
ECIES has now also support SHA256, SHA384, and SHA512.
digestAlgorithms filed in CMS SignedData now includes counter signature digest algorithms where possible.
A new property "org.bouncycastle.jsse.config" has been added which can be used to configure the BCJSSE provider when it is created using the no-args constructor.
In line with changes in OpenSSL 1.1.0, OpenSSLPBEParametersGenerator can now be configured with a digest.
PGPKeyRingGenerator now includes a method for adding a subkey with a primary key binding signature.
Support for ASN.1 PRIVATE tags has been added.
Performance enhancements to Nokeon, AES, GCM, and SICBlockCipher.
Support for ecoding/decoding McElieceCCA2 keys has been added to the PQC API
BCJSSE: Added support for jdk.tls.maxCertificateChainLength system property (default is 10).
BCJSSE: Added support for jdk.tls.maxHandshakeMessageSize system property (default is 32768).
BCJSSE: Added support for jdk.tls.client.enableCAExtension (default is 'false').
BCJSSE: Added support for jdk.tls.client.cipherSuites system property.
BCJSSE: Added support for jdk.tls.server.cipherSuites system property.
BCJSSE: Extended ALPN support via standard JSSE API to JDK 8 versions after u251/u252.
BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool).
TLS: Add TLS 1.3 support for brainpool curves per RFC 8734.
There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation.
A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar).
Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar.