releasenotes.html

kjlj oipipi poipoipo ipo [pipoi

OID started with 2 and the second number was greater than 47. This has been
fixed.
<li>If a key had PKCS9 attributes associated with it on storage they took
precedence over the local alias used to add the key to the PKCS12 key store.
The local name now takes precedence.
<li>ReasonFlags now correctly encodes.
</ul>
<h3>2.28.3 Additional Functionality and Features</h3>
<ul>
<li>The PKCS12 key store now handles key bags in encryptedData bags.
<li>The X509NameTokenizer now handles for '\' and '"' characters.
<li>SMIME v2 compliance has been added. Use setVersion(2) in the generator classes.
<li>The ASN.1 library now supports ENUMERATED, UniversalString and the X.509 library support for CRLs now includes CRLReason, and some elements of CertificatePolicies.
<li>Both the provider and the lightweight library now support a basic SIC mode for block ciphers.
</ul>
<h3>2.29.1 Version</h3>
Release 1.14
<h3>2.29.2 Defects Fixed</h3>
<ul>
<li>there was a bug in the BigInteger right shifting for > 31 bit shifts.
This has been fixed.
<li>x509 name had it's equality test based on the order of the directory
elements, this has been fixed.
<li>the mode used with the RSA cipher in KeyTransRecipientInfoParser in
the smime implementation was not compatible with the Sun JCE.
This has been fixed.
<li>PKCS7 SignedData now supports single length signing chains.
<li>When a root certificate had a different issuer id from the subject id, or
had it's own AuthorityKeyExtension the PKCS12 key store would drop the root
certificate from the certificate chain. This has been fixed.
<li>The PKCS10 CertificationRequestInfo class always expected at least one
attribute. This has been fixed.
<li>UTF8 strings are now correctly recognised.
<li>The Tiger implementation was producing results in reverse byte
order for each of the 3 words making up the digest. This has been fixed.
<li>asn1.x509.ExtendedKeyUsage used to through a null pointer exception
on construction. This has been fixed.
</ul>
<h3>2.29.3 Additional Functionality and Features</h3>
<ul>
<li>The BigInteger library now uses Montgomery numbers for modPow and is
substantially faster.
<li>SMIMECapabilities, and SMIMEEncryptionKeyPreference attributes added to S/MIME.
<li>Increased range of key sizes available in S/MIME.
<li>getInstance(ASN1TaggedObject, boolean) methods have been added to most ASN1 types.
These deal with implicit/explicit tagging ambiguities with constructed types.
<li>Added EncryptedPrivateKeyInfo object to the clean room JCE.
<li>A PEMReader has been added for handling some of the openSSL PEM files.
<li>The X.509 certificate factory supports a wider range of encodings and
object identifiers.
</ul>
<h3>2.30.1 Version</h3>
Release 1.13
<h3>2.30.2 Defects Fixed</h3>
<ul>
    <li>The TBSCertificate object in the ASN.1 library now properly implements
    the Time object, rather returning UTC time.
    <li>The DESedeKeyGenerator now supports 112 and 168 bit key generation.
    <li>Certificates with the keyId set to null in the AuthorityKeyIdentifier extensions would sometimes cause the PKCS12 store to throw a NullPointer exception. This has been fixed.
    <li>toByteArray in the big integer class was not always producing correct
    results for negative numbers. This has been Fixed.
</ul>

<h3>2.30.3 Additional Functionality and Features</h3>
<ul>
    <li>The key to keySpec handling of the secret key factories has been improved.
    <li>There is now a SMIME implementation and a more complete CMS
        implementation (see CONTRIBUTORS file for additonal details).
    <li>A CertPath implementation that runs under jdk1.1 and jdk1.4 has also
    being contributed. A work around to allow it to be used with jdk1.2 and
    jdk1.3 has also been added. Note: the implementation is not quite complete
    because policymapping, name and subtree constraints are not yet
    implemented.
    <li>The API now supports the generation of PKCS7 signed objects. Note: this
    is still beta code - one known issue is that it doesn't support single
    length certificate chains for signing keys.
</ul>

<h3>2.31.1 Version</h3>
Release 1.12
<h3>2.31.2 Defects Fixed</h3>
<ul>
    <li>The ASN.1 library was unable to read an empty set object. This has been fixed.
    <li>Returning sets of critical and non-critical extensions on X.509 certificates could result in a null pointer exception if the certificate had no extensions. This has been fixed.
    <li>The BC JKS implementation does not follow the conventional one - it has been renamed BKS, an attempt to create a JKS keystore using the BC provider will now result in an exception.
    <li>The PKCS 10 generator verify(provider) method was ignoring the provider when generating the public key. This has been fixed.
    <li>The PKCS12 store would throw an OutOfMemoryException if passed a non-PKCS12 file. This has been fixed.
    <li>In the case where there was no AuthorityKeyIdentifier the PKCS12 store
    would fail to find certificates further up the signing chain. The store now
    uses the IssuerDN if no AuthorityKeyIdentifier is specified and the IssuerDN
    is different from the SubjectDN,
    <li>PKCS10/CertificationRequestInfo objects with only a single attribute wer
    not being handled properly. This has been fixed.
    <li>getExtensionValue for X.509 CRLs was returning the value of the
    DER-Encoded octet string not the DER-Encoded octet string as required. This
    has been fixed.
    <li>the IV algorithm parameters class would improperly throw an exception
    on initialisation. This has been fixed.
</ul>
<h3>2.31.3 Additional Functionality and Features</h3>
<ul>
    <li>The AESWrap ciphers will now take IV's.
    <li>The DES-EDEWrap algorithm described in http://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt is now supported.
    <li>Support for the ExtendedKeyUsageExtension and the KeyPurposeId has been added.
    <li>The OID based alias for DSA has been added to the JCE provider.
    <li>BC key stores now implement the BCKeyStore interface so you can provide your own source of randomness to a key store.
    <li>The ASN.1 library now supports GeneralizedTime.
    <li>HMACSHA256, HMACSHA384, and HMACSHA512 are now added.
    <li>PSS has been added to the JCE, PSS and ISO9796 signers in the lightweight api have been rewritten so they can be used incrementally. SHA256withRSA, SHA384withRSA, and SHA512withRSA have been added.
    <li>Base support for CMS (RFC 2630) is now provided (see CONTRIBUTORS file
    for details).
</ul>
<h3>2.32.1 Version</h3>
Release 1.11
<h3>2.32.2 Defects Fixed</h3>
<ul>
<li>X9.23 padding of MACs now works correctly with block size aligned data.
<li>Loading a corrupted "UBER" key store would occasionally cause the
appearance of hanging. This has been fixed.
<li>Loading a PKCS12 store where not all certificates had PKCS9 attributes
assigned to them would cause a NullPointerException. This has been fixed.
<li>The PKCS12 store wasn't correctly recovering certificate chains of
length less than 2 on calling the getCertificateChain method. This has been
fixed.
<li>Lone certificates were not been stored in the PKCS12 store. This has been fixed.
<li>CFB and OFB modes weren't padding iv's more than 1 byte less than the 
block size of the cipher if the mode was reused with a shorter IV. This has
been fixed.
<li>IV handling and block size return values for CFB and OFB modes wasn't being handled in the same way as the Sun reference implementation. This has been fixed.
<li>CertificateInfoRequests were not handling null attributes correctly. This
has been fixed.
<li>Tags for the X.509 GeneralName structure were wrongly encoded. This has been
fixed.
<li>getExtensionValue for X.509 certificates was returning the value of the
DER-Encoded octet string not the DER-Encoded octet string as required. This has
been fixed.
<li>reset on the version 3 X.509 certificate generator was not flushing the
extensions. This has been fixed.
<li>The NetscapeCert type bits were reversed! This has been fixed.
</ul>
<h3>2.32.3 Additional Functionality and Features</h3>
<ul>
<li>The lightweight API and the JCE provider now support ElGamal.
<li>X509Principal, and X509Name now supports the "DC" attribute and the
creation of directory names from vectors.
<li>RSA-PSS signature padding has been added to the lightweight API.
<li>EC Public/Private keys are now encoded in accordance with SEC 1. The library
will still read older keys as well.
<li>Added PKCS12-DEF a pkcs12 based key store which works around a bug in
the Sun keytool - it always uses the default provider for creating certificates.
<li>A cut down version of the Rijndael has been added that provides the functionality required to conform the the AES. It is designed to fully support FIPS-197. A fips AES wrapper (AESWrap in the JCE, AESWrapEngine in the lightweight library has also been added).
<li>Elliptic curve routines now handle uncompressed points as well as the
compressed ones.
</ul>
<h3>2.32.4 Other changes</h3>
<ul>
<li>As the range of public key types supported has expanded the getPublicKey
method on the SubjectPublicKeyInfo class is not always going to work. The
more generic method getPublicKeyData has been added and getPublicKey now
throws an IOException if there is a problem.
</ul>
<h3>2.33.1 Version</h3>
Release 1.10
<h3>2.33.2 Defects Fixed</h3>
<ul>
<li>The PKCS12 Key Store now interoperates with the JDK key tool. <b>Note:</b> this does mean the the key name passed to the setKeyEntry calls has become
significant.
<li>The "int" constructor for DERInteger only supported ints up to 128. This
has been fixed.
<li>The ASN.1 input streams now handle zero-tagged zero length objects correctly.
</ul>
<h3>2.33.3 Additional Functionality and Features</h3>
<ul>
<li>The JCE Provider and the lightweight API now support Serpent, CAST5, and CAST6.
<li>The JCE provider and the lightweight API now has an implementation of ECIES.
<b>Note:</b> this is based on a draft, don't use it for anything that needs to
be kept long term as it may be adjusted.
<li>Further work has been done on performance - mainly in the symmetric ciphers.
<li>Support for the generation of PKCS10 certification requests has been added.
</ul>
<h3>2.34.1 Version</h3>
Release 1.09
<h3>2.34.2 Defects Fixed</h3>
<ul>
<li>failure to pass in an RC5 parameters object now results in an exception
at the upper level of the JCE, rather than falling over in the lightweight
library.
<li>ISO10126Padding now incorporates the correct amount of random data.
<li>The PKCS12 key store wasn't picking up certificate chains properly
when being used to write PKCS12 files. This has been fixed.
<li>The Twofish engine would call System.exit if the key was too large.
This has been fixed.
<li>In some cases the ASN.1 library wouldn't handle implicit tagging properly.
This has been fixed.
</ul>
<h3>2.34.3 Additional Functionality and Features</h3>
<ul>
<li>Support for RC5-64 has been added to the JCE.
<li>ISO9796-2 signatures have been added to the JCE and lightweight API.
<li>A more general paddings packge for use with MACs and block ciphers had been aded to the lightweight API. MACs now allow you to specify padding.
<li>X9.23 Padding has been added to the JCE and lightwieght API. The old
PaddedBlockCipher class is now deprecated see org.bouncycastle.cryp