Quantcast

Bouncy Castle Crypto Provider Package version 1.56 now available

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bouncy Castle Crypto Provider Package version 1.56 now available

Jon Eaves
This release concentrates in 2 areas. The first is a new feature: a new
API for DTLS/TLS and a JSSE provider suitable for Java 5 and later. The
second is that particular effort has been made on security and
robustness in migrating some of the validation coding done in the FIPS
project and we have also received feedback both from Google's Project
Wycheproof and the Intel Security Team which has allowed us to further
improve the robustness of the APIs as well as fix some possible security
issues. Support for RFC 7539 ChaCha20 and Poly1305 has also been added
and general support for SHA-3 in the PKIX APIs has been improved. A
potential null pointer exception in the WNafUtil class has been removed
and issues with escaping exceptions in PGPUtil.getDecoderStream() have
been addressed.

Full details of the release, including the CVE details and numbers for
the 10 CVE's resolved in this release can be found in the release notes at

https://www.bouncycastle.org/releasenotes.html
Please check the release notes to check whether any of the CVEs dealt
with may affect your use of the APIs. If you are affected we strongly
recommend upgrading.

We would like to make a special acknowledgement on this release to the
Core Infrastructure Initiative of the Linux Foundation for funding the
initial work on the new DTLS/TLS API and JSSE provider.

Additional thanks should also go to the Distributed Weakness Filing
(DWF) project for providing us with a path to registering CVEs and to
holders of Crypto Workshop support contracts as we were again able to
fund extra work on this release through time available from those.
Thanks also goes to other people and organisations who have
contributed/donated to the project and you can find the updated list at

https://www.bouncycastle.org/contributors.html

For the actual release and other details go to our latest releases page:

https://www.bouncycastle.org/latest_releases.html

And for those who like living on the bleeding edge, the betas for future
releases can be downloaded from:

https://www.bouncycastle.org/betas/

and changes to the code base can be tracked via:

https://github.com/bcgit

In other news work is now ongoing with the Java FIPS 1.0.1 release. A
list of issues fixed in it can be found at:

We are still in discussion about sponsoring the addition of the release
to our existing certification.
If you are interested helping support the Bouncy Castle project through
donation, you can find the details on how to donate via PayPal or
Bitcoin, at:

https://www.bouncycastle.org/donate

If you prefer to use direct bank transfer please feel free to discuss it
with us by contacting us at [hidden email] and we'll be happy
help. The Legion of the Bouncy Castle Inc is a registered Australian
charity based in the State of Victoria, Australia.

If you wish to sponsor specific work on Bouncy Castle or get a
commercial support contract for the APIs please contact us at Crypto
Workshop ( https://www.cryptoworkshop.com )

Remember, you can also follow this project on Facebook (
https://www.facebook.com/legionofthebouncycastle ), Google+ (
https://plus.google.com/+BouncycastleOrgAPIs/posts ) and/or Twitter (
https://twitter.com/bccrypto ).

Finally, for users of the maven repositories, 1.56 should be appearing
shortly on maven central. The GitHub repository has been updated as well.

Loading...