Details
-
Task
-
Resolution: Fixed
-
Major
-
7.3-milestone-2
-
None
Description
See https://www.bouncycastle.org/latest_releases.html
This release introduces the FIPS PUB 202 SHA3 digests and SHAKE extendible output functions. The original Keccak is also included for those wishing to use the original configuration of the function. Also added is the SM4 block cipher, the SHA-3 contestant Blake2b, and EC Key Agreement now supports a range of SEC and NIST variations. X9.31, ISO9796-2, and PSS signatures now support SHA512-224 and SHA512-256. An ASN.1 ObjectIdentifier cache based on an intern() method has been introduced to reduce memory requirements for large ASN.1 object such as CRLs and provide better user control. In terms of bug fixes, an issue which could cause cipher failure with the BC provider and JCE/JSSE using NIO has been fixed, looping certificate chains will no longer cause an OutOfMemoryException in PKCS12 KeyStores, irregular post-amble in SMIME signatures no longer cause verification issues, and the JceCRMFEncryptorBuilder now recognises key size specific object identifiers properly. The provider has also been updated to reflect changes in JDK 1.8 which broke X509Certificate.hashCode() and X509Certificate.verify(PublicKey, Provider). OpenPGP fixes include validation of hashed sub-packets with long length encoding, and it is now possible to add a password to a PGP key which did not have one originally. Finally, ECIES has been modified to be properly compliant with Shoup's definition of it and is now compatible with Crypto++ from version 6.0. We would also like to thank the team at Crypto++ for working with us on ECIES, interpretation combined with consensus is a great step forward for interoperability! Further details on other additions and bug fixes can be found in the release notes file accompanying the release. Change Warning: The PEM Parser now returns an X509TrustedCertificate block when parsing an openssl trusted certificate, the new object was required to allow the proper return of the trusted certificate's attribute block. Others have contributed to this release, both with code and/or financially. You can find them listed in the contributors file. We would also like to thank holders of Crypto Workshop support contracts as an additional 100 hours of time was contributed back to this release through left over consulting time provided as part of their support agreements. Thank you, one and all! One other note: if you're new to the new style of operator in OpenPGP and CMS and co, a brief document on how they are supposed to hang together is available on the BC wiki. If you think you are likely to do this a lot, you might also be interested in our guide project, which is now available as an initial draft. Please also see the porting guide for advice on porting to this release from much earlier ones (pre 1.46). If you're interested in grabbing the lot in one hit (includes JCE, JCE provider, light weight API, J2ME, range of JDK compatibility classes, signed jars, fries, and king prawns...) download crypto-153.tar.gz or crypto-153.zip, otherwise if you are only interested in one version in particular, see below. Early access to our FIPS hardened version of the Java APIs is now available as well, contact us at office@bouncycastle.org for further information.