This is primarily a security release concerning (D)TLS 1.2.
Motivated by CVE-2015-7575 (Common Vulnerabilities), we have added
validation that the signature algorithm received in DigitallySigned
structures is actually one of those offered (in signature_algorithms
extension or CertificateRequest). With our default TLS
configuration, we do not believe there is an exploitable
vulnerability in any earlier releases. Users that are customizing
the signature_algorithms extension, or running a server supporting
client authentication, are advised to double-check that they are not
offering any signature algorithms involving MD5.
In terms of new features, the CMS API now supports the PKCS#7 ANY
type for encapsulated content, RFC 3370, Camellia, and SEED are
now supported for key agreement in CMS, and CTR/SIC modes now
provide an explicit internal counter if initialized with a short
IV. TLS/DTLS now includes a non-blocking API. The Blake2b digests
are now actually supported in the provider (sorry, it got missed
in 1.53...) and ClassCastException issues with
Cipher.getOutputSize() for IES ciphers have been fixed. Finally,
in accordance with advice from the algorithm's authors, Serpent
has been modified to conform to the NESSIE vector suite, the
previous version of Serpent, which conforms to the NIST submission
format, is now called Tnepres.
As always we are grateful to the people and organisations who have
contributed/donated to the project and you can find the updated list
We would also like to thank holders of Crypto Workshop support
contracts once again we were able to contribute additional time back
to this release through left over consulting time provided as part
of the support agreements.
This release also features some work that arose out of our on-going
FIPS certification project, most particularly from work supported by
our primary sponsor Tripwire, Inc ( http://www.tripwire.com
). Thanks must go to Tripwire as well.
If you prefer to use direct bank transfer please feel free to
discuss it with us by contacting us at [hidden email]
and we'll be happy help. The Legion of the Bouncy Castle Inc is a
registered Australian charity based in the State of Victoria,
If you wish to sponsor specific work on Bouncy Castle or get a
commercial support contract for the APIs please contact us at Crypto
Workshop ( http://www.cryptoworkshop.com
Finally, for users of the maven repositories, 1.54 is also now
available on Maven Central both for regular BC users and Android
users making use of the Spongy Castle distribution (thanks to
Roberto Tyley for the prompt attention). The GitHub repositories for
both projects have been updated as well.