From 2b4178010d417ca43851c71f22466dbeb66c1e8e Mon Sep 17 00:00:00 2001
From: David Hook <dgh@cryptoworkshop.com>
Date: Sun, 21 Apr 2024 10:10:55 +1000
Subject: [PATCH] started move to 1.79

---
 bc-build.properties                           |   6 +-
 docs/releasenotes.html                        | 568 +++++++++---------
 gradle.properties                             |   4 +-
 .../jce/provider/BouncyCastleProvider.java    |   4 +-
 4 files changed, 294 insertions(+), 288 deletions(-)

diff --git a/bc-build.properties b/bc-build.properties
index 8ab1b536ea..5a9d25595d 100644
--- a/bc-build.properties
+++ b/bc-build.properties
@@ -3,9 +3,9 @@
 # intended to hold user-specific settings that are *not* committed to 
 # the repository.
 
-release.suffix: 17801
-release.name: 1.78.1
-release.version: 1.78.1
+release.suffix: 1.79b01
+release.name: 1.78.99
+release.version: 1.78.99
 release.debug: true
 
 mail.jar.home: ./libs/javax.mail-1.4.7.jar
diff --git a/docs/releasenotes.html b/docs/releasenotes.html
index 495c876314..f0872080e2 100644
--- a/docs/releasenotes.html
+++ b/docs/releasenotes.html
@@ -18,20 +18,26 @@ <h2>1.0 Introduction</h2>
 </p>
 <h2>2.0 Release History</h2>
 
-<a id="r1rv78d1"><h3>2.1.1 Version</h3></a>
-Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, 18th April.
+<a id="r1rv79"><h3>2.1.1 Version</h3></a>
+Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, TBD.
 <h3>2.1.2 Defects Fixed</h3>
 <ul>
+</ul>
+
+<a id="r1rv78d1"><h3>2.2.1 Version</h3></a>
+Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, 18th April.
+<h3>2.2.2 Defects Fixed</h3>
+<ul>
 <li>The new dependency of the the PGP API on the bcutil jar was missing from the module jar, the OSGi manifest, and the Maven POM. This has been fixed.</li>
 <li>Missing exports and duplicate imports have been added/removed from the OSGi manifests.</li>
 <li>The OSGi manifests now have the same bundle IDs as 1.77 and lock down dependencies to the equivalent variations</li>
 <li>A check in the X.509 Extensions class preventing the parsing of empty extensions has been removed.</li>
 </ul>
 
-<a id="r1rv78"><h3>2.2.1 Version</h3></a>
+<a id="r1rv78"><h3>2.3.1 Version</h3></a>
 Release: 1.78<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2024, 7th April.
-<h3>2.2.2 Defects Fixed</h3>
+<h3>2.3.2 Defects Fixed</h3>
 <ul>
 <li>Issues with a dangling weak reference causing intermittent NullPointerExceptions in the OcspCache have been fixed.</li>
 <li>Issues with non-constant time RSA operations in TLS handshakes have been fixed.</li>
@@ -48,7 +54,7 @@ <h3>2.2.2 Defects Fixed</h3>
 <li>GOST ASN.1 public key alg parameters are now compliant with <a href="https://datatracker.ietf.org/doc/rfc9215/">RFC 9215</a>.</li>
 <li>An off-by-one error in the encoding for EccP256CurvePoint for ITS has been fixed.</li>
 </ul>
-<h3>2.2.3 Additional Features and Functionality</h3>
+<h3>2.3.3 Additional Features and Functionality</h3>
 <ul>
 <li>An implementation of MLS (<a href="https://datatracker.ietf.org/doc/rfc9420/">RFC 9420 - The Messaging Layer Security Protocol</a>) has been added as a new module.</li>
 <li>NTRU now supports NTRU-HPS4096-1229 and NTRU-HRSS-1373.</li>
@@ -66,7 +72,7 @@ <h3>2.2.3 Additional Features and Functionality</h3>
 <li>CertPathValidationContext and CertificatePoliciesValidation now include implementations of Memoable.</li>
 <li>The Composite post-quantum signatures implementation has been updated to the latest draft <a href="https://datatracker.ietf.org/doc/html/draft-ounsworth-pq-composite-sigs/">draft-ounsworth-pq-composite-sigs</a>.</li>
 </ul>
-<h3>2.2.4 Notes.</h3>
+<h3>2.3.4 Notes.</h3>
 <ul>
 <li>Both versions of NTRUPrime have been updated to produce 256 bit secrets in line with Kyber. This should also bring them into line with other implementations such as those used in OpenSSH now.</li>
 <li>BCJSSE: The boolean system property 'org.bouncycastle.jsse.fips.allowRSAKeyExchange" now defaults to false. All RSA
@@ -77,7 +83,7 @@ <h3>2.2.4 Notes.</h3>
 <li>The PKCS12 store using GCM does not include the PKCS#12 MAC so no longer includes use of the PKCS#12 PBE scheme and only uses PBKDF2.</li>
 <li>In keeping with the current set of experimental OIDs for PQC algorithms, OIDs may have changed to reflect updated versions of the algorithms.</li>
 </ul>
-<h3>2.2.5 Security Advisories.</h3>
+<h3>2.3.5 Security Advisories.</h3>
 <p>
 Release 1.78 deals with the following CVEs:
 </p>
@@ -88,10 +94,10 @@ <h3>2.2.5 Security Advisories.</h3>
 <li>CVE-2024-301XX - When endpoint identification is enabled in the BCJSSE and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. This has been fixed.</li>
 </ul>
 
-<a id="r1rv77"><h3>2.3.1 Version</h3></a>
+<a id="r1rv77"><h3>2.4.1 Version</h3></a>
 Release: 1.77<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2023, November 13th
-<h3>2.3.2 Defects Fixed</h3>
+<h3>2.4.2 Defects Fixed</h3>
 <ul>
 <li>Using an unescaped '=' in an X.500 RDN would result in the RDN being truncated silently. The issue is now detected and an exception is thrown.</li>
 <li>asn1.eac.CertificateBody was returning certificateEffectiveDate from getCertificateExpirationDate(). This has been fixed to return certificateExpirationDate.</li> 
@@ -107,7 +113,7 @@ <h3>2.3.2 Defects Fixed</h3>
 <li>An internal method in Arrays was failing to construct its failure message correctly on an error. This has been fixed.</li>
 <li>HSSKeyPublicParameters.generateLMSContext() would fail for a unit depth key. This has been fixed.</li>
 </ul>
-<h3>2.3.3 Additional Features and Functionality</h3>
+<h3>2.4.3 Additional Features and Functionality</h3>
 <ul>
 <li>BCJSSE: Added org.bouncycastle.jsse.client.omitSigAlgsCertExtension and org.bouncycastle.jsse.server.omitSigAlgsCertExtension boolean system properties
 to control (for client and server resp.) whether the signature_algorithms_cert extension should be omitted if it would be identical to signature_algorithms.
@@ -119,7 +125,7 @@ <h3>2.3.3 Additional Features and Functionality</h3>
 <li>TLS: RSA key exchange cipher suites are now disabled by default.</li>
 <li>Support has been added for PKCS#10 requests to allow certificates using the altSignature/altPublicKey extensions.</li>
 </ul>
-<h3>2.3.4 Notes.</h3>
+<h3>2.4.4 Notes.</h3>
 <ul>
 <li>Kyber and Dilithium have been updated according to the latest draft of the standard. Dilithium-AES and Kyber-AES have now been removed. Kyber now produces 256 bit secrets for all parameter sets (in line with the draft standard).</li>
 <li>NTRU has been updated to produce 256 bit secrets in line with Kyber.</li>
@@ -128,10 +134,10 @@ <h3>2.3.4 Notes.</h3>
 <li>PQC CMS SignedData now defaults to SHA-256 for signed attributes rather than SHAKE-256. This is also a compatibility change, but may change further again as the IETF standard for CMS is updated.</li>
 </ul>
 
-<a id="r1rv76"><h3>2.4.1 Version</h3></a>
+<a id="r1rv76"><h3>2.5.1 Version</h3></a>
 Release: 1.76<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2023, July 29th
-<h3>2.4.2 Defects Fixed</h3>
+<h3>2.5.2 Defects Fixed</h3>
 <ul>
 <li>Service allocation in the provider could fail due to the lack of a permission block. This has been fixed.</li>
 <li>JceKeyFingerPrintCalculator has been generalised for different providers by using "SHA-256" for the algorithm string.</li>
@@ -140,7 +146,7 @@ <h3>2.4.2 Defects Fixed</h3>
 <li>Cipher.unwrap() for HQC could fail due to a miscalculation of the length of the KEM packet. This has been fixed.</li>
 <li>There was exposure to a Java 7 method in the Java 5 to Java 8 BCTLS jar which could cause issues with some TLS 1.2 cipher suites running on older JVMs. This is now fixed.</li>
 </ul>
-<h3>2.4.3 Additional Features and Functionality</h3>
+<h3>2.5.3 Additional Features and Functionality</h3>
 <ul>
 <li>BCJSSE: Following OpenJDK, finalizers have been removed from SSLSocket subclasses. Applications should close sockets and not rely on garbage collection.</li>
 <li>BCJSSE: Added support for boolean system property "jdk.tls.client.useCompatibilityMode" (default "true").</li>
@@ -153,30 +159,30 @@ <h3>2.4.3 Additional Features and Functionality</h3>
 <li>An UnknownPacket type has been added to the PGP APIs to allow for forwards compatibility with upcoming revisions to the standard.</li>
 </ul>
 
-<a id="r1rv75"><h3>2.5.1 Version</h3></a>
+<a id="r1rv75"><h3>2.6.1 Version</h3></a>
 Release: 1.75<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2023, June 21st
-<h3>2.5.2 Defects Fixed</h3>
+<h3>2.6.2 Defects Fixed</h3>
 <ul>
 <li>Several Java 8 method calls were accidentally introduced in the Java 5 to Java 8 build. The affected classes have been refactored to remove this.</li>
 <li>(D)TLS: renegotiation after resumption now fixed to avoid breaking connection.</li>
 </ul>
-<h3>2.5.3 Notes.</h3>
+<h3>2.6.3 Notes.</h3>
 <ul>
 <li>The ASN.1 core package has had some dead and retired methods cleaned up and removed.</li>
 </ul>
 
-<a id="r1rv74"><h3>2.6.1 Version</h3></a>
+<a id="r1rv74"><h3>2.7.1 Version</h3></a>
 Release: 1.74<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2023, June 12th
-<h3>2.6.2 Defects Fixed</h3>
+<h3>2.7.2 Defects Fixed</h3>
 <ul>
 <li>AsconEngine: Fixed a buffering bug when decrypting across multiple processBytes calls (ascon128a unaffected).</li>
 <li>Context based sanity checking on PGP signatures has been added.</li>
 <li>The ParallelHash clone constructor was not copying all fields. This is now fixed.</li>
 <li>The maximimum number of blocks for CTR/SIC modes was 1 block less than it should have been. This is now fixed.</li>
 </ul>
-<h3>2.6.3 Additional Features and Functionality</h3>
+<h3>2.7.3 Additional Features and Functionality</h3>
 <ul>
 <li>The PGP API now supports wildcard key IDs for public key based data encryption.</li>
 <li>LMS now supports SHA256/192, SHAKE256/192, and SHAKE256/256 (the additional SP 8000-208 parameter sets).</li>
@@ -195,22 +201,22 @@ <h3>2.6.3 Additional Features and Functionality</h3>
 <li>The number of keys/sub-keys in a PGPKeyRing can now be found by calling PGPKeyRing.size().</li>
 <li>The PQC algorithms LMS/HSS, SPHINCS+, Dilithium, Falcon, and NTRU are now supported directly by the BC provider.</li>
 </ul>
-<h3>2.6.4 Notes.</h3>
+<h3>2.7.4 Notes.</h3>
 <ul>
 <li>The now defunct PQC SIKE algorithm has been removed, this has also meant the removal of its resource files so the provider is now quite a bit smaller.</li>
 <li>As a precaution, HC128 now enforces a 128 bit IV, previous behaviour for shorter IVs can be supported where required by padding the IV to the 128 bits with zero.</li>
 <li>PGP encrypted data generation now uses integrity protection by default. Previous behaviour for encrypted data can be supported where required by calling PGPDataEncryptorBuilder.setWithIntegrityPacket(false) when data encryption is set up.</li>
 <li>There are now additional sanity checks in place to prevent accidental mis-use of PGPSignature objects. If this change causes any issues, you might want to check what your code is up to as there is probably a bug.</li>
 </ul>
-<h3>2.6.5 Security Advisories.</h3>
+<h3>2.7.5 Security Advisories.</h3>
 <ul>
 <li>CVE-2023-33201 - this release fixes an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server with wild-card matching enabled.</li>
 </ul>
 
-<a id="r1rv73"><h3>2.7.1 Version</h3></a>
+<a id="r1rv73"><h3>2.8.1 Version</h3></a>
 Release: 1.73<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2023, April 8th
-<h3>2.7.2 Defects Fixed</h3>
+<h3>2.8.2 Defects Fixed</h3>
 <ul>
 <li>BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. This has been fixed.</li>
 <li>The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well..</li>
@@ -231,7 +237,7 @@ <h3>2.7.2 Defects Fixed</h3>
 <li>IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt().</li>
 <li>A Java 7 class snuck into the Java 5 to Java 8 build. This has been addressed.</li>
 </ul>
-<h3>2.7.3 Additional Features and Functionality</h3>
+<h3>2.8.3 Additional Features and Functionality</h3>
 <ul>
 <li>The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low-level API and the BCPQC provider (level 3 and level 5 parameter sets only).</li>
 <li>The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low-level API.</li>
@@ -258,38 +264,38 @@ <h3>2.7.3 Additional Features and Functionality</h3>
 <li>A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU.</li>
 <li>An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API.
 </ul>
-<h3>2.7.4 Security Advisories.</h3>
+<h3>2.8.4 Security Advisories.</h3>
 <ul>
 <li>The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the <a href="../CONTRIBUTORS.html">CONTRIBUTORS</a> file.</li>
 <li>For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended.</li>
 </ul>
-<h3>2.7.5 Notes.</h3>
+<h3>2.8.5 Notes.</h3>
 <ul>
 <li>Most test data files have now been migrated to a separate project bc-test-data which is also available on github. If you clone bc-test-data at the same level as the bc-java project the tests will find the test data they require.</li>
 <li>There has been further work to make entropy collection more friendly in container environments. See <a hef="https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java">DRBG.java</a> for details. We would welcome any further feedback on this as we clearly cannot try all situations first hand.</li>
 </ul>
 
-<a id="r1rv72.3"><h3>2.8.1 Version</h3></a>
+<a id="r1rv72.3"><h3>2.9.1 Version</h3></a>
 Release: <a id="r1rv72.2">1.72.2</a>, 1.72.3<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2022, November 20th
-<h3>2.8.2 Defects Fixed</h3>
+<h3>2.9.2 Defects Fixed</h3>
 <ul>
 <li>PGP patch release - fix for OSGI and version header in 1.72.1 jar file.
 </ul>
 
 
-<a id="r1rv72.1"><h3>2.9.1 Version</h3></a>
+<a id="r1rv72.1"><h3>2.10.1 Version</h3></a>
 Release: 1.72.1<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2022, October 25th
-<h3>2.9.2 Defects Fixed</h3>
+<h3>2.10.2 Defects Fixed</h3>
 <ul>
 <li>PGP patch release - fix for regression in OpenPGP PGPEncryptedData.java which could result in checksum failures on correct files.</li>
 </ul>
 
-<a id="r1rv72"><h3>2.10.1 Version</h3></a>
+<a id="r1rv72"><h3>2.11.1 Version</h3></a>
 Release: 1.72<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2022, September 25th
-<h3>2.10.2 Defects Fixed</h3>
+<h3>2.11.2 Defects Fixed</h3>
 <ul>
 <li>There were parameter errors in XMSS^MT OIDs for XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have been fixed.</li>
 <li>There was an error in Merkle tree construction for the Evidence Records (ERS) implementation which could result in invalid roots been timestamped. ERS now produces an ArchiveTimeStamp for each data object/group with an associated reduced hash tree. The reduced hash tree is now calculated as a simple path to the root of the tree for each record.</li>
@@ -297,7 +303,7 @@ <h3>2.10.2 Defects Fixed</h3>
 <li>A tagging calculation error in GCMSIV which could result in incorrect tags has been fixed.</li>
 <li>Issues around Java 17 which could result in failing tests have been addressed.</li>
 </ul>
-<h3>2.10.3 Additional Features and Functionality</h3>
+<h3>2.11.3 Additional Features and Functionality</h3>
 <ul>
 <li>BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method).</li>
 <li>BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE.</li>
@@ -327,22 +333,22 @@ <h3>2.10.3 Additional Features and Functionality</h3>
 <li>Support has been added to the PKCS#12 implementation for the Oracle trusted certificate attribute.</li>
 <li>Performance of our BZIP2 classes has been improved.</li>
 </ul>
-<h3>2.10.4 Notes</h3>
+<h3>2.11.4 Notes</h3>
 <p>
 Keep in mind the PQC algorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term.
 </p>
 <p>
 The legacy "Rainbow" and "McEliece" implementations have been removed from the BCPQC provider. The underlying classes are still present if required. Other legacy algorithm implementations can be found under the org.bouncycastle.pqc.legacy package.
 </p>
-<h3>2.10.5 Security Notes</h3>
+<h3>2.11.5 Security Notes</h3>
 <p>
 The PQC SIKE algorithm is provided for research purposes only. It should now be regarded as broken. The SIKE implementation will be withdrawn in BC 1.73.
 </p>
 
-<a id="r1rv71"><h3>2.11.1 Version</h3></a>
+<a id="r1rv71"><h3>2.12.1 Version</h3></a>
 Release: 1.71<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2022, March 31st.
-<h3>2.11.2 Defects Fixed</h3>
+<h3>2.12.2 Defects Fixed</h3>
 <ul>
 <li>In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF-8 characters.</li>
 <li>An accidental partial dependency on Java 1.7 has been removed from the TLS API.</li>
@@ -356,7 +362,7 @@ <h3>2.11.2 Defects Fixed</h3>
 <li>An accidental regression introduced by a fix for another issue in PKIXCertPathReviewer around use of the AuthorityKeyIdentifier extension and it failing to match a certificate uniquely when the serial number field is missing has been fixed.</li>
 <li>An error was found in the creation of TLS 1.3 Export Keying Material which could cause compatibility issues. This has been fixed.</li>
 </ul>
-<h3>2.11.3 Additional Features and Functionality</h3>
+<h3>2.12.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support has been added for OpenPGP regular expression signature packets.</li>
 <li>Support has been added for OpenPGP PolicyURI signature packets.</li>
@@ -386,16 +392,16 @@ <h3>2.11.3 Additional Features and Functionality</h3>
 <li>ASN.1 object support has been added for the Lightweight Certificate Management Protocol (CMP), currently in draft.</li>
 <li>A HybridValueParamterSpec class has been added for use with KeyAgreement to support SP 800-56C hybrid (so classical/post-quantum) key agreement.</li>
 </ul>
-<h3>2.11.4 Notes</h3>
+<h3>2.12.4 Notes</h3>
 <ul>
 <li>The deprecated QTESLA implementation has been removed from the BCPQC provider.</li>
 <li>The <a href="https://groups.google.com/u/1/a/list.nist.gov/g/pqc-forum/c/F9ZUtWCij54">submission update to SPHINCS+</a> has been added. This changes the generation of signatures - particularly deterministic ones.</li>
 </ul>
 
-<a id="r1rv70"><h3>2.12.1 Version</h3></a>
+<a id="r1rv70"><h3>2.13.1 Version</h3></a>
 Release: 1.70<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2021, November 29th.
-<h3>2.12.2 Defects Fixed</h3>
+<h3>2.13.2 Defects Fixed</h3>
 <ul>
 <li>Blake 3 output limit is enforced.</li>
 <li>The PKCS12 KeyStore was relying on default precedence for its key Cipher implementation so was sometimes failing if used from the keytool. The KeyStore class now makes sure it uses the correct Cipher implementation.</li>
@@ -409,7 +415,7 @@ <h3>2.12.2 Defects Fixed</h3>
 <li>The lack of close() in the ASN.1 Dump command line utility was triggering false positives in some code analysis tools. A close() call has been added.</li>
 <li>PGPPublicKey.getBitStrength() now properly recognises EdDSA keys.</li>
 </ul>
-<h3>2.12.3 Additional Features and Functionality</h3>
+<h3>2.13.3 Additional Features and Functionality</h3>
 <ul>
 <li>Missing PGP CRC checksums can now be optionally ignored using setDetectMissingCRC() (default false) on ArmoredInputStream.</li>
 <li>PGPSecretKey.copyWithNewPassword() now has a variant which uses USAGE_SHA1 for key protection if a PGPDigestCalculator is passed in.</li> 
@@ -448,15 +454,15 @@ <h3>2.12.3 Additional Features and Functionality</h3>
 <li>The JcePKCSPBEOutputEncryptorBuilder now supports SCRYPT with ciphers that do not have algorithm parameters (e.g. AESKWP).</li>
 <li>Support is now added for certificates using ETSI TS 103 097, "Intelligent Transport Systems (ITS)" in the bcpkix package.</li>
 </ul>
-<h3>2.12.4 Notes.</h3>
+<h3>2.13.4 Notes.</h3>
 <ul>
 <li>While this release should maintain source code compatibility, developers making use of some parts of the ASN.1 library will find that some classes need recompiling. Apologies for the inconvenience.</li>
 </ul>
 
-<a id="r1rv69"><h3>2.13.1 Version</h3></a>
+<a id="r1rv69"><h3>2.14.1 Version</h3></a>
 Release: 1.69<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2021, June 7th.
-<h3>2.13.2 Defects Fixed</h3>
+<h3>2.14.2 Defects Fixed</h3>
 <ul>
 <li>Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed.</li>
 <li>Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed.</li>
@@ -476,7 +482,7 @@ <h3>2.13.2 Defects Fixed</h3>
 <li>Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers.</li>
 <li>TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3.</li>
 </ul>
-<h3>2.13.3 Additional Features and Functionality</h3>
+<h3>2.14.3 Additional Features and Functionality</h3>
 <ul>
 <li>GCM-SIV has been added to the lightweight API and the provider.</li>
 <li>Blake3 has been added to the lightweight API.</li>
@@ -517,24 +523,24 @@ <h3>2.13.3 Additional Features and Functionality</h3>
 <li>BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool).</li>
 <li>TLS: Add TLS 1.3 support for brainpool curves per RFC 8734.</li>
 </ul>
-<h3>2.13.4 Notes</h3>
+<h3>2.14.4 Notes</h3>
 <ul>
 <li>There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation.</li>
 <li>A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar).</li>
 <li>Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar.</li>
 </ul>
 
-<a id="r1rv68"><h3>2.14.1 Version</h3></a>
+<a id="r1rv68"><h3>2.15.1 Version</h3></a>
 Release: 1.68<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2020, December 21st.
-<h3>2.14.2 Defects Fixed</h3>
+<h3>2.15.2 Defects Fixed</h3>
 <ul>
 <li>Some BigIntegers utility methods would fail for BigInteger.ZERO. This has been fixed.</li>
 <li>PGPUtil.isKeyRing() was not detecting secret sub-keys in its input. This has been fixed.</li>
 <li>The ASN.1 class, ArchiveTimeStamp was insisting on a value for the optional reducedHashTree field. This has been fixed.</li>
 <li>BCJSSE: Lock against multiple writers - a possible synchronization issue has been removed.</li>
 </ul>
-<h3>2.14.3 Additional Features and Functionality</h3>
+<h3>2.15.3 Additional Features and Functionality</h3>
 <ul>
 <li>BCJSSE: Added support for system property com.sun.net.ssl.requireCloseNotify. Note that we are using a default value of 'true'.</li>
 <li>BCJSSE: 'TLSv1.3' is now a supported protocol for both client and server. For this release it is only enabled by default for the 'TLSv1.3' SSLContext, but can be explicitly enabled using 'setEnabledProtocols' on an SSLSocket or SSLEngine, or via SSLParameters.</li>
@@ -545,10 +551,10 @@ <h3>2.14.3 Additional Features and Functionality</h3>
 </ul>
 
 
-<a id="r1rv67"><h3>2.15.1 Version</h3></a>
+<a id="r1rv67"><h3>2.16.1 Version</h3></a>
 Release: 1.67<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2020, November 1st.
-<h3>2.15.2 Defects Fixed</h3>
+<h3>2.16.2 Defects Fixed</h3>
 <ul>
 <li>BCJSSE: SunJSSE compatibility fix - override of getChannel() removed and 'urgent data' behaviour should now conform to what the SunJSSE expects.
 <li>Nested BER data could sometimes cause issues in octet strings. This has been fixed.</li>
@@ -560,7 +566,7 @@ <h3>2.15.2 Defects Fixed</h3>
 <li>Zero length data would cause an unexpected exception from RFC5649WrapEngine. This has been fixed.</li>
 <li>OpenBSDBcrypt was failing to handle some valid prefixes. This has been fixed.</li>
 </ul>
-<h3>2.15.3 Additional Features and Functionality</h3>
+<h3>2.16.3 Additional Features and Functionality</h3>
 <ul>
 <li>Performance of Argon2 has been improved.</li>
 <li>Performance of Noekeon has been improved.</li>
@@ -578,15 +584,15 @@ <h3>2.15.3 Additional Features and Functionality</h3>
 <li>Mode name checks in Cipher strings should now make sure an improper mode name always results in a NoSuchAlgorithmException.</li>
 <li>In line with changes in OpenSSL, the OpenSSLPBKDF now uses UTF-8 encoding.</li>
 </ul>
-<h3>2.15.4 Security Advisory</h3>
+<h3>2.16.4 Security Advisory</h3>
 <ul>
 <li>As described in CVE-2020-28052, the OpenBSDBCrypt.checkPassword() method had a flaw in it due to a change for BC 1.65. BC 1.66 is also affected. The issue is fixed in BC 1.67. If you are using OpenBSDBCrypt.checkPassword() and you are using BC 1.65 or BC 1.66 we strongly advise moving to BC 1.67 or later.</li>
 </ul>
 
-<a id="r1rv66"><h3>2.16.1 Version</h3></a>
+<a id="r1rv66"><h3>2.17.1 Version</h3></a>
 Release: 1.66<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2020, July 4th.
-<h3>2.16.2 Defects Fixed</h3>
+<h3>2.17.2 Defects Fixed</h3>
 <ul>
 <li>EdDSA verifiers now reset correctly after rejecting overly long signatures.</li>
 <li>BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException. This has been fixed.</li>
@@ -603,7 +609,7 @@ <h3>2.16.2 Defects Fixed</h3>
 <li>For a few values the cSHAKE implementation would add unnecessary pad bytes where the N and S strings produced encoded data that was block aligned. This has been fixed.</li>
 <li>There were a few circumstances where Argon2BytesGenerator might hit an unexpected null. These have been removed.</li>
 </ul>
-<h3>2.16.3 Additional Features and Functionality</h3>
+<h3>2.17.3 Additional Features and Functionality</h3>
 <ul>
 <li>The qTESLA signature algorithm has been updated to v2.8 (20191108).</li>
 <li>BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.</li>
@@ -622,15 +628,15 @@ <h3>2.16.3 Additional Features and Functionality</h3>
 <li>Performance of the Base64 encoder has been improved.</li>
 <li>The PGPPublicKey class will now include direct key sigantures when checking for key expiry times.</li>
 </ul>
-<h3>2.16.4 Notes</h3>
+<h3>2.17.4 Notes</h3>
 <p>
 The qTESLA update breaks compatibility with previous versions. Private keys now include a hash of the public key at the end, and signatures are no longer interoperable with previous versions.
 </p>
 
-<a id="r1rv65"><h3>2.17.1 Version</h3></a>
+<a id="r1rv65"><h3>2.18.1 Version</h3></a>
 Release: 1.65<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2020, March 31st.
-<h3>2.17.2 Defects Fixed</h3>
+<h3>2.18.2 Defects Fixed</h3>
 <ul>
 <li>DLExternal would encode using DER encoding for tagged SETs. This has been fixed.</li>
 <li>ChaCha20Poly1305 could fail for large (&gt;~2GB) files. This has been fixed.</li>
@@ -642,7 +648,7 @@ <h3>2.17.2 Defects Fixed</h3>
 <li>BCJSSE: Choice of credentials and signing algorithm now respect the peer's signature_algorithms extension properly.</li>
 <li>BCJSSE: KeyManager for KeyStoreBuilderParameters no longer leaks memory.</li>
 </ul>
-<h3>2.17.3 Additional Features and Functionality</h3>
+<h3>2.18.3 Additional Features and Functionality</h3>
 <ul>
 <li>LMS and HSS (RFC 8554) support has been added to the low level library and the PQC provider.</li>
 <li>SipHash128 support has been added to the low level library and the JCE provider.</li>
@@ -656,10 +662,10 @@ <h3>2.17.3 Additional Features and Functionality</h3>
 <li>TLS: DSA in JcaTlsCrypto now falls back to stream signing to work around NoneWithDSA limitations in default provider.</li>
 </ul>
 
-<a id="r1rv64"><h3>2.18.1 Version</h3></a>
+<a id="r1rv64"><h3>2.19.1 Version</h3></a>
 Release: 1.64<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2019, October 7th.
-<h3>2.18.2 Defects Fixed</h3>
+<h3>2.19.2 Defects Fixed</h3>
 <ul>
 <li>OpenSSH: Fixed padding in generated Ed25519 private keys.</li>
 <li>Validation of headers in PemReader now looks for tailing dashes in header.</li>
@@ -667,7 +673,7 @@ <h3>2.18.2 Defects Fixed</h3>
 <li>Some compatibility issues around the signature encryption algorithm field in CMS SignedData and the GOST algorithms have been addressed.</li>
 <li>GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest.</li>
 </ul>
-<h3>2.18.3 Additional Features and Functionality</h3>
+<h3>2.19.3 Additional Features and Functionality</h3>
 <ul>
 <li>PKCS12: key stores containing only certificates can now be created without the need to provide passwords.</li>
 <li>BCJSSE: Initial support for AlgorithmConstraints; protocol versions and cipher suites.</li>
@@ -680,20 +686,20 @@ <h3>2.18.3 Additional Features and Functionality</h3>
 <li>Support for Java 11's NamedParameterSpec class has been added (using reflection) to the EC and EdEC KeyPairGenerator implementations.</li>
 </ul>
 
-<h3>2.18.4 Removed Features and Functionality</h3>
+<h3>2.19.4 Removed Features and Functionality</h3>
 <ul>
 <li>Deprecated ECPoint 'withCompression' tracking has been removed.</li>
 </ul>
 
-<h3>2.18.5 Security Advisory</h3>
+<h3>2.19.5 Security Advisory</h3>
 <ul>
 <li>A change to the ASN.1 parser in 1.63 introduced a regression that can cause an OutOfMemoryError to occur on parsing ASN.1 data. We recommend upgrading to 1.64, particularly where an application might be parsing untrusted ASN.1 data from third parties.</li>
 </ul>
 
-<a id="r1rv63"><h3>2.19.1 Version</h3></a>
+<a id="r1rv63"><h3>2.20.1 Version</h3></a>
 Release: 1.63<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2019, September 10th.
-<h3>2.19.2 Defects Fixed</h3>
+<h3>2.20.2 Defects Fixed</h3>
 <ul>
 <li>The ASN.1 parser would throw a large object exception for some objects which could be safely parsed. This has been fixed.</li>
 <li>GOST3412-2015 CTR mode was unusable at the JCE level. This has been fixed.</li>
@@ -712,7 +718,7 @@ <h3>2.19.2 Defects Fixed</h3>
 <li>It is now possible to specify different S-Box parameters for the GOST 28147-89 MAC.</li>
 </ul>
 
-<h3>2.19.3 Additional Features and Functionality</h3>
+<h3>2.20.3 Additional Features and Functionality</h3>
 <ul>
 <li>QTESLA is now updated with the round 2 changes. Note: the security catergories, and in some cases key generation and signatures, have changed. For people interested in comparison, the round 1 version is now moved to org.bouncycastle.pqc.crypto.qteslarnd1 - this package will be deleted in 1.64. Please keep in mind that QTESLA may continue to evolve.</li>
 <li>Support has been added for generating Ed25519/Ed448 signed certificates.</li>
@@ -725,10 +731,10 @@ <h3>2.19.3 Additional Features and Functionality</h3>
 <li>The valid path for EST services has been updated to cope with the characters used in the Aruba clearpass EST implementation.</li>
 </ul>
 
-<a id="r1rv62"><h3>2.20.1 Version</h3></a>
+<a id="r1rv62"><h3>2.21.1 Version</h3></a>
 Release: 1.62<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2019, June 3rd.
-<h3>2.20.2 Defects Fixed</h3>
+<h3>2.21.2 Defects Fixed</h3>
 <ul>
 <li>DTLS: Fixed infinite loop on IO exceptions.</li>
 <li>DTLS: Retransmission timers now properly apply to flights monolithically.</li>
@@ -745,7 +751,7 @@ <h3>2.20.2 Defects Fixed</h3>
 <li>CertificateFactory now enforces presence of PEM headers when required.</li>
 <li>A performance issue with RSA key pair generation that was introduced in 1.61 has been mostly eliminated.</li>
 </ul>
-<h3>2.20.3 Additional Features and Functionality</h3>
+<h3>2.21.3 Additional Features and Functionality</h3>
 <ul>
 <li>Builders for X509 certificates and CRLs now support replace and remove extension methods.</li>
 <li>DTLS: Added server-side support for HelloVerifyRequest.</li>
@@ -766,10 +772,10 @@ <h3>2.20.3 Additional Features and Functionality</h3>
 <li>Support for the Ethereum flavor of IES has been added to the lightweight API.</li>
 </ul>
 
-<a id="r1rv61"><h3>2.21.1 Version</h3></a>
+<a id="r1rv61"><h3>2.22.1 Version</h3></a>
 Release: 1.61<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2019, February 4th.
-<h3>2.21.2 Defects Fixed</h3>
+<h3>2.22.2 Defects Fixed</h3>
 <ul>
 <li>Use of EC named curves could be lost if keys were constructed via a key factory and algorithm parameters. This has been fixed.</li>
 <li>RFC3211WrapEngine would not properly handle messages longer than 127 bytes. This has been fixed.</li>
@@ -790,7 +796,7 @@ <h3>2.21.2 Defects Fixed</h3>
 <li>Several parsing issues related to the processing of CMP PKIPublicationInfo have been fixed.</li>
 <li>The ECGOST curves for id-tc26-gost-3410-12-256-paramSetA and id-tc26-gost-3410-12-512-paramSetC had incorrect co-factors. These have been fixed.</li>
 </ul>
-<h3>2.21.3 Additional Features and Functionality</h3>
+<h3>2.22.3 Additional Features and Functionality</h3>
 <ul>
 <li>The qTESLA signature algorithm has been added to PQC light-weight API and the PQC provider.</li>
 <li>The password hashing function, Argon2 has been added to the lightweight API.</li>
@@ -814,15 +820,15 @@ <h3>2.21.3 Additional Features and Functionality</h3>
 <li>SM2 in public key cipher mode has been added to the provider API.</li>
 <li>The BCFKSLoadStoreParameter has been extended to allow the use of certificates and digital signatures for verifying the integrity of BCFKS key stores.</li>
 </ul>
-<h3>2.21.4 Removed Features and Functionality</h3>
+<h3>2.22.4 Removed Features and Functionality</h3>
 <ul>
 <li>Deprecated methods for EC point construction independent of curves have been removed.</li>
 </ul>
 
-<a id="r1rv60"><h3>2.22.1 Version</h3></a>
+<a id="r1rv60"><h3>2.23.1 Version</h3></a>
 Release: 1.60<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2018, June 30
-<h3>2.22.2 Defects Fixed</h3>
+<h3>2.23.2 Defects Fixed</h3>
 <ul>
 <li>Base64/UrlBase64 would throw an exception on a zero length string. This has been fixed.</li>
 <li>Base64/UrlBase64 would throw an exception if there was whitespace in the last 4 characters. This has been fixed.</li>
@@ -843,7 +849,7 @@ <h3>2.22.2 Defects Fixed</h3>
 <li>In some situations the use of sm2p256v1 would result in "unknown curve name". This has been fixed.</li>
 <li>CMP PollReqContent now supports multiple certificate request IDs.</li>
 </ul>
-<h3>2.22.3 Additional Features and Functionality</h3>
+<h3>2.23.3 Additional Features and Functionality</h3>
 <ul>
 <li>TLS: Extended CBC padding is now optional (and disabled by default).</li>
 <li>TLS: Now supports channel binding 'tls-server-end-point'.</li>
@@ -871,16 +877,16 @@ <h3>2.22.3 Additional Features and Functionality</h3>
 <li>Support has been added for the German BSI KAEG Elliptic Curve key agreement algorithm with X9.63 as the KDF to the JCE.</li>
 <li>Support has been added for the German BSI KAEG Elliptic Curve session key KDF to the lightweight API.</li>
 </ul>
-<h3>2.22.4 Security Related Changes and CVE's Addressed by this Release</h3>
+<h3>2.23.4 Security Related Changes and CVE's Addressed by this Release</h3>
 <ul>
 <li>CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.</li>
 <li>CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.</li>
 </ul>
 
-<a id="r1rv59"><h3>2.23.1 Version</h3></a>
+<a id="r1rv59"><h3>2.24.1 Version</h3></a>
 Release: 1.59 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2017, December 28
-<h3>2.23.2 Defects Fixed</h3>
+<h3>2.24.2 Defects Fixed</h3>
 <ul>
 <li>Issues with using PQC based keys with the provided BC KeyStores have now been fixed.</li>
 <li>ECGOST-2012 public keys were being encoded with the wrong OID for the digest parameter in the algorithm parameter set. This has been fixed.</li>
@@ -894,7 +900,7 @@ <h3>2.23.2 Defects Fixed</h3>
 <li>An off-by-one error for the max N check for SCRYPT has been fixed. SCRYPT should now be compliant with RFC 7914.</li>
 <li>ASN1GeneralizedTime will now accept a broader range of input strings.</li>
 </ul>
-<h3>2.23.3 Additional Features and Functionality</h3>
+<h3>2.24.3 Additional Features and Functionality</h3>
 <ul>
 <li>GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted in private key info objects.</li>
 <li>SCRYPT is now supported as a SecretKeyFactory in the provider and in the PKCS8 APIs</li>
@@ -913,15 +919,15 @@ <h3>2.23.3 Additional Features and Functionality</h3>
 <li>A DEROtherInfo generator for key agreement using NewHope as the source of the shared private info has been added that can be used in conjunction with regular key agreement algorithms.</li>
 <li>RFC 7748: Added low-level implementations of X25519 and X448.</li>
 </ul>
-<h3>2.23.4 Security Related Changes and CVE's Addressed by this Release</h3>
+<h3>2.24.4 Security Related Changes and CVE's Addressed by this Release</h3>
 <ul>
 <li>CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.</li>
 </ul>
 
-<a id="r1rv58"><h3>2.24.1 Version</h3></a>
+<a id="r1rv58"><h3>2.25.1 Version</h3></a>
 Release: 1.58 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2017, August 18
-<h3>2.24.2 Defects Fixed</h3>
+<h3>2.25.2 Defects Fixed</h3>
 <ul>
 <li>NewHope and SPHINCS keys are now correctly created off certificates by the BC provider.</li>
 <li>Use of the seeded constructor with SecureRandom() and the BC provider in first position could cause a stack overflow error. This has been fixed.</li>
@@ -935,7 +941,7 @@ <h3>2.24.2 Defects Fixed</h3>
 <li>A race condition that could occur inside the HybridSecureRandom on reseed and result in an exception has been fixed.</li>
 <li>DTLS now supports records containing multiple handshake messages.</li>
 </ul>
-<h3>2.24.3 Additional Features and Functionality</h3>
+<h3>2.25.3 Additional Features and Functionality</h3>
 <ul>
 <li>An implementation of GOST3410-2012 has been added to light weight API and the JCA provider.</li>
 <li>Support for ECDH GOST3410-2012 and GOST3410-2001 have been added. The CMS API can also handle reading ECDH GOST3410 key transport messages.</li>
@@ -955,16 +961,16 @@ <h3>2.24.3 Additional Features and Functionality</h3>
 <li>The new TLS API now supports RFC 7633 - X.509v3 TLS Feature Extension (e.g. "must staple"), enabled in default clients.</li>
 <li>TLS exceptions have been made more directly informative.</li>
 </ul>
-<h3>2.24.4 Removed Features and Functionality</h3>
+<h3>2.25.4 Removed Features and Functionality</h3>
 <ul>
 <li>Per RFC 7465, removed support for RC4 in the new TLS API.</li>
 <li>Per RFC 7568, removed support for SSLv3 in the new TLS API.</li>
 </ul>
 
-<a id="r1rv57"><h3>2.25.1 Version</h3></a>
+<a id="r1rv57"><h3>2.26.1 Version</h3></a>
 Release: 1.57 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2017, May 11
-<h3>2.25.2 Defects Fixed</h3>
+<h3>2.26.2 Defects Fixed</h3>
 <ul>
 <li>A class cast exception for master certification removal in PGPPublicKey.removeCertification() by certification has been fixed.</li>
 <li>GOST GOFB 28147-89 mode had an edge condition concerning the incorrect calculation of N4 (see section 6.1 of RFC 5830) affecting about 1% of IVs. This has been fixed.</li>
@@ -981,7 +987,7 @@ <h3>2.25.2 Defects Fixed</h3>
 <li>EC FixedPointCombMultiplier avoids 'infinity' point in lookup tables, reducing timing side-channels.</li>
 <li>Reuse of a Blake2b digest with a call to reset() rather than doFinal() could result in incorrect padding being introduced and the wrong digest result produced. This has been fixed.</li>
 </ul>
-<h3>2.25.3 Additional Features and Functionality</h3>
+<h3>2.26.3 Additional Features and Functionality</h3>
 <ul>
 <li>ARIA (RFC 5794) is now supported by the provider and the lightweight API.</li>
 <li>ARIA Key Wrapping (RFC 5649 style) is now supported by the provider and the lightweight API.</li>
@@ -991,23 +997,23 @@ <h3>2.25.3 Additional Features and Functionality</h3>
 <li>A test client for EST which will interop with the 7030 test server at http://testrfc7030.com/ has been added to the general test module in the current source tree.</li>
 <li>The BCJSSE provider now supports SSLContext.getDefault(), with very similar behaviour to the SunJSSE provider, including checks of the relevant javax.net.ssl.* system properties and auto-loading of jssecacerts or cacerts as the default trust store.</li>
 </ul>
-<h3>2.25.4 Security Related Changes</h3>
+<h3>2.26.4 Security Related Changes</h3>
 <ul>
 <li>The default parameter sizes for DH and DSA are now 2048. If you have been relying on key pair generation without passing in parameters generated keys will now be larger.</li>
 <li>Further work has been done on preventing accidental re-use of a GCM cipher without first changing its key or iv.</li>
 </ul>
 
-<a id="r1rv56"><h3>2.26.1 Version</h3></a>
+<a id="r1rv56"><h3>2.27.1 Version</h3></a>
 Release: 1.56 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2016, December 23
-<h3>2.26.2 Defects Fixed</h3>
+<h3>2.27.2 Defects Fixed</h3>
 <ul>
 <li>See section <a href="#CVE156">2.15.4</a> for Security Defects.</li>
 <li>Using unknown status with the ASN.1 CertStatus primitive could result in an IllegalArgumentException on construction. This has been fixed.</li>
 <li>A potentional NullPointerException in a precomputation in WNafUtil has been removed.</li>
 <li>PGPUtil.getDecoderStream() would throw something other than an IOException for empty and very small data. This has been fixed.</li>
 </ul>
-<h3>2.26.3 Additional Features and Functionality</h3>
+<h3>2.27.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for the explicit setting of AlgorithmParameters has been added to the JceCMSContentEncryptorBuilder and the JceCMSMacCaculatorBuilder classes to allow configuration of the session cipher/MAC used.</li>
 <li>EC, ECGOST3410, and DSTU4145 Public keys are now validated on construction in the JCA/JCE and the light weight API.</li>
@@ -1023,7 +1029,7 @@ <h3>2.26.3 Additional Features and Functionality</h3>
 <li>SHA-3 support has been added to BcDefaultDigestProvider.</li>
 <li>A higher level TLS API and JSSE provider have been added to the project.</li>
 </ul>
-<a id="CVE156"><h3>2.26.4 Security Related Changes and CVE's Addressed by this Release</h3></a>
+<a id="CVE156"><h3>2.27.4 Security Related Changes and CVE's Addressed by this Release</h3></a>
 <ul>
 <li>It is now possible to configure the provider to only import keys for specific named curves.</li>
 <li>Work has been done to improve the "constant time" behaviour of the RSA padding mechanisms.</li>
@@ -1042,15 +1048,15 @@ <h3>2.26.3 Additional Features and Functionality</h3>
 <li>CVE-2016-1000346: Other party DH public key not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of this release the key parameters are checked on agreement calculation.</li>
 <li>CVE-2016-1000352: ECIES allows the use of unsafe ECB mode. This algorithm is now removed from the provider.</li>
 </ul>
-<h3>2.26.5 Security Advisory</h3>
+<h3>2.27.5 Security Advisory</h3>
 <ul>
 <li>We consider the carry propagation bugs fixed in this release to have been exploitable in previous releases (1.51-1.55), for static ECDH, to reveal the long-term key, per <a href="https://eprint.iacr.org/2011/633">"Practical realisation and elimination of an ECC-related software bug attack", Brumley et.al.</a>. The most common case of this would be the non-ephemeral ECDH ciphersuites in TLS. These are not enabled by default in our TLS implementations, but they can be enabled explicitly by users. We recommend that users DO NOT enable static ECDH ciphersuites for TLS.</li>
 </ul>
 
-<a id="r1rv55"><h3>2.27.1 Version</h3></a>
+<a id="r1rv55"><h3>2.28.1 Version</h3></a>
 Release: 1.55 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2016, August 18
-<h3>2.27.2 Defects Fixed</h3>
+<h3>2.28.2 Defects Fixed</h3>
 <ul>
 <li>Issues with cloning of blake digests with salts and personalisation strings have been fixed.</li>
 <li>The JceAsymmetricValueDecryptor in the CRMF package now attempts to recognise a wider range of parameters for the key wrapping algorithm, rather than relying on a default.</li>
@@ -1071,7 +1077,7 @@ <h3>2.27.2 Defects Fixed</h3>
 <li>Trying to use of non-default parameters for OAEP in CRMF would resort to the default parameter set. This has been fixed.</li>
 <li>If the BC provider was not registered, creating a CertificateFactory would cause a new provider object to be created. This has been fixed.</li>
 </ul>
-<h3>2.27.3 Additional Features and Functionality</h3>
+<h3>2.28.3 Additional Features and Functionality</h3>
 <ul>
 <li>The DANE API has been updated to reflect the latest standard changes.</li>
 <li>The signature algorithm SPHINCS-256 has been added to the post-quantum provider (BCPQC). Support is in place for SHA-512 and SHA3-512 (using trees based around SHA512_256 and SHA3_256 respectively).</li>
@@ -1089,10 +1095,10 @@ <h3>2.27.3 Additional Features and Functionality</h3>
 <li>Additional search methods have been added to PGP public and secret key rings.</li>
 </ul>
 
-<a id="r1rv54"><h3>2.28.1 Version</h3></a>
+<a id="r1rv54"><h3>2.29.1 Version</h3></a>
 Release: 1.54 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2015, December 29
-<h3>2.28.2 Defects Fixed</h3>
+<h3>2.29.2 Defects Fixed</h3>
 <ul>
 <li>Blake2b-160, Blake2b-256, Blake2b-384, and Blake2b-512 are now actually in the provider and an issue with cloning Blake2b digests has been fixed.</li>
 <li>PKCS#5 Scheme 2 using DESede CBC is now supported by the PKCS#12 implementation.</li>
@@ -1101,7 +1107,7 @@ <h3>2.28.2 Defects Fixed</h3>
 <li>It turns out, after advice one way and another that the NESSIE test vectors for Serpent are now what should be followed and that the vectors in the AES submission are regarded as an algorithm called Tnepres. The Serpent version now follows the NESSIE vectors, and the Tnepres cipher has been added to the provider and the lightweight API for compatibility.</li>
 <li>Problems with DTLS record-layer version handling were resolved, making version negotiation work properly.
 </ul>
-<h3>2.28.3 Additional Features and Functionality</h3>
+<h3>2.29.3 Additional Features and Functionality</h3>
 <ul>
 <li>Camellia and SEED key wrapping are now supported for CMS key agreement</li>
 <li>The BC TLS/DTLS code now includes a non-blocking API.</li>
@@ -1111,19 +1117,19 @@ <h3>2.28.3 Additional Features and Functionality</h3>
 <li>Support has been added to the CMS API for PKCS#7 ANY type encapsulated content where the encapsulated content is not an OCTET STRING.</li>
 <li>PSSSigner in the lightweight API now supports fixed salts.</li>
 </ul>
-<h3>2.28.4 Security Advisory</h3>
+<h3>2.29.4 Security Advisory</h3>
 <ul>
 <li>(D)TLS 1.2: Motivated by <a href="https://www.google.com/search?q=CVE-2015-7575">CVE-2015-7575</a>, we have added validation that the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are advised to double-check that they are not offering any signature algorithms involving MD5.</li>
 </ul>
-<h3>2.28.5 Notes</h3>
+<h3>2.29.5 Notes</h3>
 <p>
 If you have been using Serpent, you will need to either change to Tnepres, or take into account the fact that Serpent is now byte-swapped compared to what it was before.
 </p>
 
-<a id="r1rv53"><h3>2.29.1 Version</h3></a>
+<a id="r1rv53"><h3>2.30.1 Version</h3></a>
 Release: 1.53 <br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2015, October 10
-<h3>2.29.2 Defects Fixed</h3>
+<h3>2.30.2 Defects Fixed</h3>
 <ul>
 <li>The BC JCE cipher implementations could sometimes fail when used in conjunction with the JSSE and NIO. This has been fixed.</li>
 <li>PGPPublicKey.getBitStrength() always returned 0 for EC keys. This has been fixed.</li>
@@ -1148,7 +1154,7 @@ <h3>2.29.2 Defects Fixed</h3>
 <li>Some decidedly odd argument casting in the PKIXCertPathValidator has been fixed to throw an InvalidAlgorithmParameterException.</li>
 <li>Presenting an empty array of certificates to the PKIXCertPathValidator would cause an IndexOutOfRangeException instead of a CertPathValidatorException. This has been fixed.</li>
 </ul>
-<h3>2.29.3 Additional Features and Functionality</h3>
+<h3>2.30.3 Additional Features and Functionality</h3>
 <ul>
 <li>It is now possible to specify that an unwrapped key must be usable by a software provider in the asymmetric unwrappers for CMS.</li>
 <li>A Blake2b implementation has been added to the provider and lightweight API.</li>
@@ -1164,15 +1170,15 @@ <h3>2.29.3 Additional Features and Functionality</h3>
 <li>The PKCS#12 key store will now garbage collect orphaned certificates on saving.</li>
 <li>Caching for ASN.1 ObjectIdentifiers has been rewritten to make use of an intern method. The "usual suspects" are now interned automatically, and the cache is used by the parser. Other OIDs can be added to the cache by calling ASN1ObjectIdentifier.intern().</li>
 </ul>
-<h3>2.29.4 Notes</h3>
+<h3>2.30.4 Notes</h3>
 <p>
 It turns out there was a similar, but different, issue in Crypto++ to the BC issue with ECIES. Crypto++ 6.0 now offers a corrected version of ECIES which is compatible with that which is now in BC.
 </p>
 
-<a id="r1rv52"><h3>2.30.1 Version</h3></a>
+<a id="r1rv52"><h3>2.31.1 Version</h3></a>
 Release: 1.52<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2015, March 2
-<h3>2.30.2 Defects Fixed</h3>
+<h3>2.31.2 Defects Fixed</h3>
 <ul>
 <li>GenericSigner in the lightweight API would fail if the digest started with a zero byte, occasionally causing a TLS negotiation to fail. This has been fixed.</li>
 <li>Some BC internal classes expected the BC provider to be accessible within the provider. This has been fixed.</li>
@@ -1189,7 +1195,7 @@ <h3>2.30.2 Defects Fixed</h3>
 <li>A badly formed issuer in a X.509 certificate could cause a null pointer exception in X509CertificateHolder.toString(). This has been fixed.</li>
 <li>CMSSignedData.verifySignatures() could fail on a correct counter signature due to a mismatch of the SID. This has been fixed.</li>
 </ul>
-<h3>2.30.3 Additional Features and Functionality</h3>
+<h3>2.31.3 Additional Features and Functionality</h3>
 <ul>
 <li>The CMP support class CMPCertificate restricted the types of certificates that could be added. A more flexible method has been introduced to allow for other certificate types.</li>
 <li>Support classes have be added for DNS-based Authentication of Named Entities (DANE) to the PKIX distribution.</li>
@@ -1217,15 +1223,15 @@ <h3>2.30.3 Additional Features and Functionality</h3>
 <li>Support for some JDK1.5+ language features has finally made its way into the repository.</li>
 <li>A load store parameter, PKCS12StoreParameter, has been added to support DER only encoding of PKCS12 key stores.</li>
 </ul>
-<h3>2.30.4 Security Advisory</h3>
+<h3>2.31.4 Security Advisory</h3>
 <ul>
 <li>The CTR DRBGs would not populate some bytes in the requested block of random bytes if the size of the block requested was not an exact multiple of the block size of the underlying cipher being used in the DRBG. If you are using the CTR DRBGs with "odd" keysizes, we strongly advise upgrading to this release, or contacting us for a work around.</li>
 </ul>
 
-<a id="r1rv51"><h3>2.31.1 Version</h3></a>
+<a id="r1rv51"><h3>2.32.1 Version</h3></a>
 Release: 1.51<br />
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2014, July 28
-<h3>2.31.2 Defects Fixed</h3>
+<h3>2.32.2 Defects Fixed</h3>
 <ul>
 <li>The AEAD GCM AlgorithmParameters object was unable to return a GCMParameterSpec object. This has been fixed.</li>
 <li>Cipher.getIV() was returning null for AEAD mode ciphers. This has been fixed.</li>
@@ -1240,7 +1246,7 @@ <h3>2.31.2 Defects Fixed</h3>
 <li>PKCS#12 files containing keys/certificates with empty attribute sets attached to them no longer cause an ArrayIndexOutOfBoundsException to be thrown.</li>
 <li>Issues with certificate verification and server side DTLS/TLS 1.2 have now been fixed.</li>
 </ul>
-<h3>2.31.3 Additional Features and Functionality</h3>
+<h3>2.32.3 Additional Features and Functionality</h3>
 <ul>
 <li>The range of key algorithm names that will be interpreted by KeyAgreement.generateSecret() has been expanded for ECDH derived algorithms in the provider. A KeyAgreement of ECDHwithSHA1KDF can now be explicitly created.</li>
 <li>ECIES now supports the use of IVs with the underlying block cipher and CBC mode in both the lightweight and the JCE APIs.</li>
@@ -1267,17 +1273,17 @@ <h3>2.31.3 Additional Features and Functionality</h3>
 <li>Full support is now provided for client-side auth in the D/TLS server code.</li>
 <li>Compatibility issues with some OSGI containers have been addressed.</li>
 </ul>
-<h3>2.31.4 Notes</h3>
+<h3>2.32.4 Notes</h3>
 <ul>
 <li>Support for NTRUSigner has been deprecated as the algorithm has been withdrawn.</li>
 <li>Some changes have affected the return values of some methods. If you are migrating from an earlier release, it is recommended to recompile before using this release.</li>
 <li>There has been further clean out of deprecated methods in this release. If your code has previously been flagged as using a deprecated method you may need to change it. The OpenPGP API is the most heavily affected.</li>
 </ul>
 
-<a id="r1rv50"><h3>2.32.1 Version</h3></a>
+<a id="r1rv50"><h3>2.33.1 Version</h3></a>
 Release: 1.50<br />
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2013, December 3
-<h3>2.32.2 Defects Fixed</h3>
+<h3>2.33.2 Defects Fixed</h3>
 <ul>
 <li>The DualECSP800DRBG sometimes truncated the last block in the generated stream incorrectly. This has been fixed.</li>
 <li>Keys produced from RSA certificates with specialised parameters would lose the parameter settings. This has been fixed.</li>
@@ -1291,7 +1297,7 @@ <h3>2.32.2 Defects Fixed</h3>
 <li>Default RC2 parameters for 40 bit RC2 keys in CMSEnvelopedData were encoding incorrectly. This has been fixed.</li>
 <li>In case of a long hash the DSTU4145 implementation would sometimes remove one bit too much during truncation. This has been fixed.</li>
 </ul>
-<h3>2.32.3 Additional Features and Functionality</h3>
+<h3>2.33.3 Additional Features and Functionality</h3>
 <ul>
 <li>Additional work has been done on CMS recipient generation to simplify the generation of OAEP encrypted messages and allow for non-default parameters.</li>
 <li>OCB implementation updated to account for changes in draft-irtf-cfrg-ocb-03.</li>
@@ -1311,7 +1317,7 @@ <h3>2.32.3 Additional Features and Functionality</h3>
 <li>The JDK 1.5+ provider will now recognise and use GCMParameterSpec if it is run in a 1.7 JVM.</li>
 <li>Client side support and some server side support has been added for TLS/DTLS 1.2.</li>
 </ul>
-<h3>2.32.4 Notes</h3>
+<h3>2.33.4 Notes</h3>
 <ul>
 <li>org.bouncycastle.crypto.DerivationFunction is now a base interface, the getDigest() method appears on DigestDerivationFunction.</li>
 <li>Recent developments at NIST indicate the SHA-3 may be changed before final standardisation. Please bare this in mind if you are using it.</li>
@@ -1321,10 +1327,10 @@ <h3>2.32.4 Notes</h3>
 <li>ECDH support for OpenPGP should still be regarded as experimental. It is still possible there will be compliance issues with other implementations.</li>
 </ul>
 
-<a id="r1rv49"><h3>2.33.1 Version</h3></a>
+<a id="r1rv49"><h3>2.34.1 Version</h3></a>
 Release: 1.49<br />
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2013, May 31
-<h3>2.33.2 Defects Fixed</h3>
+<h3>2.34.2 Defects Fixed</h3>
 <ul>
 <li>Occasional ArrayOutOfBounds exception in DSTU-4145 signature generation has been fixed.</li>
 <li>The handling of escaped characters in X500 names is much improved.</li>
@@ -1335,7 +1341,7 @@ <h3>2.33.2 Defects Fixed</h3>
 <li>PEMParser would throw a NullPointerException if it ran into explicit EC curve parameters, it would also throw an Exception if the named curve was not already defined. The parser now returns X9ECParmameters for explicit parameters and returns an ASN1ObjectIdentifier for a named curve.</li>
 <li>The V2TBSCertListGenerator was adding the wrong date type for CRL invalidity date extensions. This has been fixed.</li>
 </ul>
-<h3>2.33.3 Additional Features and Functionality</h3>
+<h3>2.34.3 Additional Features and Functionality</h3>
 <ul>
 <li>A SecretKeyFactory has been added that enables use of PBKDF2WithHmacSHA.</li>
 <li>Support has been added to PKCS12 KeyStores and PfxPdu to handle PKCS#5 encrypted private keys.</li>
@@ -1364,16 +1370,16 @@ <h3>2.33.3 Additional Features and Functionality</h3>
 <li>A basic commitment package has been introduced into the lightweight API containing a digest based commitment scheme.</li>
 <li>It is now possible to set the NotAfter and NotBefore date in the CRMF CertificateRequestMessageBuilder class.</li>
 </ul>
-<h3>2.33.4 Notes</h3>
+<h3>2.34.4 Notes</h3>
 <ul>
 <li>The NTRU implementation has been moved into the org.bouncycastle.pqc package hierarchy.</li>
 <li>The change to PEMParser to support explicit EC curves is not backward compatible. If you run into a named curve you need to use org.bouncycastle.asn1.x9.ECNamedCurveTable.getByOID() to look the curve up if required.</li>
 </ul>
 
-<a id="r1rv48"><h3>2.34.1 Version</h3></a>
+<a id="r1rv48"><h3>2.35.1 Version</h3></a>
 Release: 1.48<br />
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2013, February 10
-<h3>2.34.2 Defects Fixed</h3>
+<h3>2.35.2 Defects Fixed</h3>
 <ul>
 <li>Occasional key compatibility issues in IES due to variable length keys have been fixed.</li>
 <li>PEMWriter now recognises the new PKCS10CertificationRequest object.</li>
@@ -1384,7 +1390,7 @@ <h3>2.34.2 Defects Fixed</h3>
 <li>The BC SSL implementation has been modified to deal with the "Lucky Thirteen" attack.</li>
 <li>A regression in 1.47 which prevented key wrapping with regular symmetric PBE algorihtms has been fixed.</li>
 </ul>
-<h3>2.34.3 Additional Features and Functionality</h3>
+<h3>2.35.3 Additional Features and Functionality</h3>
 <ul>
 <li>IES now supports auto generation of ephemeral keys in both the JCE and the lightweight APIs.</li>
 <li>A new class PEMParser has been added to return the new CertificateHolder and Request objects introduced recently.</li>
@@ -1399,10 +1405,10 @@ <h3>2.34.3 Additional Features and Functionality</h3>
 <li>T61String now uses UTF-8 encoding by default rather than a simple 8 bit transform.</li>
 </ul>
 
-<a id="r1rv47"><h3>2.35.1 Version</h3></a>
+<a id="r1rv47"><h3>2.36.1 Version</h3></a>
 Release: 1.47<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2012, March 30
-<h3>2.35.2 Defects Fixed</h3>
+<h3>2.36.2 Defects Fixed</h3>
 <ul>
 <li>OpenPGP ID based certifications now support UTF-8. Note: this may mean that some old certifications no longer validate - if this happens a retry can be added using by converting the ID using Strings.fromByteArray(Strings.toByteArray(id)) - this will strip out the top byte in each character.</li>
 <li>IPv4/IPv6 parsing in CIDR no longer assumes octet boundaries on a mask.</li>
@@ -1419,7 +1425,7 @@ <h3>2.35.2 Defects Fixed</h3>
 <li>Check of DH parameter L could reject some valid keys. This is now fixed.</li>
 </ul>
 
-<h3>2.35.3 Additional Features and Functionality</h3>
+<h3>2.36.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support is now provided via the RepeatedKey class to enable IV only re-initialisation in the JCE layer. The same effect can be acheived in the light weight API by using null as the key parameter when creating a ParametersWithIV object.</li>
 <li>CRMF now supports empty poposkInput.</li>
@@ -1439,15 +1445,15 @@ <h3>2.35.3 Additional Features and Functionality</h3>
 <li>The J2ME lcrypto release now includes higher level classes for handling PKCS, CMS, CRMF, CMP, EAC, OpenPGP, and certificate generation.</li>
 </ul>
 
-<h3>2.35.4 Other notes</h3>
+<h3>2.36.4 Other notes</h3>
 <p>
 Okay, so we have had to do another release. The issue we have run into is that we probably didn't go far enough in 1.46, but we are now confident that moving from this release to 2.0 should be largely just getting rid of deprecated methods. While this release does change a lot it is relatively straight forward to do a port and we have a <a href="https://github.com/bcgit/bc-java/wiki/Porting-From-Earlier-BC-Releases-to-1.47-and-Later">porting guide</a> which explains the important ones. The area there has been the most change in is the ASN.1 library which was in bad need of a rewrite after 10 years of patching. On the bright side the rewrite did allow us to eliminate a few problems and bugs in the ASN.1 library, so we have some hope anyone porting to it will also have similar benefits. As with 1.46 the other point of emphasis has been making sure interface support is available for operations across the major APIs, so the lightweight API or some local role your own methods can be used instead for doing encryption and signing.
 </p>
 
-<a id="r1rv46"><h3>2.36.1 Version</h3></a>
+<a id="r1rv46"><h3>2.37.1 Version</h3></a>
 Release: 1.46<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2011, February 23
-<h3>2.36.2 Defects Fixed</h3>
+<h3>2.37.2 Defects Fixed</h3>
 <ul>
 <li>An edge condition in ECDSA which could result in an invalid signature has been fixed.</li>
 <li>Exhaustive testing has been performed on the ASN.1 parser, eliminating another potential OutOfMemoryException and several escaping run time exceptions.</li>
@@ -1456,7 +1462,7 @@ <h3>2.36.2 Defects Fixed</h3>
 <li>DERGeneralizedTime.getDate() would produce incorrect results for fractional seconds. This has been fixed.</li>
 <li>PSSSigner would produce incorrect results if the MGF digest and content digest were not the same. This has been fixed.</li>
 </ul>
-<h3>2.36.3 Additional Features and Functionality</h3>
+<h3>2.37.3 Additional Features and Functionality</h3>
 <ul>
 <li>A null genTime can be passed to TimeStampResponseGenerator.generate() to generate timeNotAvailable error responses.</li>
 <li>Support has been added for reading and writing of openssl PKCS#8 encrypted keys.</li>
@@ -1473,7 +1479,7 @@ <h3>2.36.3 Additional Features and Functionality</h3>
 <li>PGP public subkeys can now be separately decoded and encoded.</li>
 <li>An IV can now be passed to an ISO9797Alg3Mac.</li>
 </ul>
-<h3>2.36.4 Other notes</h3>
+<h3>2.37.4 Other notes</h3>
 <p>
 Baring security patches we expect 1.46 will be the last of the 1.* releases. The next release of
 BC will be version 2.0. For this reason a lot of things in 1.46 that relate to CMS have been deprecated and
@@ -1490,29 +1496,29 @@ <h3>2.36.4 Other notes</h3>
 <li>The X509Name class will utlimately be replacde with the X500Name class, the getInstance() methods on both these classes allow conversion from one type to another.</li>
 <li>The org.bouncycastle.cms.RecipientId class now has a collection of subclasses to allow for more specific recipient matching. If you are creating your own recipient ids you should use the constructors for the subclasses rather than relying on the set methods inherited from X509CertSelector. The dependencies on X509CertSelector and CertStore will be removed from the version 2 CMS API.</li>
 </ul>
-<a id="r1rv45"><h3>2.37.1 Version</h3></a>
+<a id="r1rv45"><h3>2.38.1 Version</h3></a>
 Release: 1.45<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2010, January 12
-<h3>2.37.2 Defects Fixed</h3>
+<h3>2.38.2 Defects Fixed</h3>
 <ul>
 <li>OpenPGP now supports UTF-8 in file names for literal data.</li>
 <li>The ASN.1 library was losing track of the stream limit in a couple of places, leading to the potential of an OutOfMemoryError on a badly corrupted stream. This has been fixed.</li>
 <li>The provider now uses a privileged block for initialisation.</li>
 <li>JCE/JCA EC keys are now serialisable.</li>
 </ul>
-<h3>2.37.3 Additional Features and Functionality</h3>
+<h3>2.38.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for EC MQV has been added to the light weight API, provider, and the CMS/SMIME library.</li>
 </ul>
-<h3>2.37.4 Security Advisory</h3>
+<h3>2.38.4 Security Advisory</h3>
 <ul>
 <li>This version of the provider has been specifically reviewed to eliminate possible timing attacks on algorithms such as GCM and CCM mode.</li>
 </ul>
 
-<a id="r1rv44"><h3>2.38.1 Version</h3></a>
+<a id="r1rv44"><h3>2.39.1 Version</h3></a>
 Release: 1.44<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2009, October 9
-<h3>2.38.2 Defects Fixed</h3>
+<h3>2.39.2 Defects Fixed</h3>
 <ul>
 <li>The reset() method in BufferedAsymmetricBlockCipher is now fully clearing the buffer.</li>
 <li>Use of ImplicitlyCA with KeyFactory and Sun keyspec no longer causes NullPointerException.</li>
@@ -1528,7 +1534,7 @@ <h3>2.38.2 Defects Fixed</h3>
 <li>PKIXCertPathReviewer.getTrustAnchor() could occasionally cause a null pointer exception or an exception due to conflicting trust anchors. This has been fixed.</li>
 <li>Handling of explicit CommandMap objects with the generation of S/MIME messages has been improved.</li>
 </ul>
-<h3>2.38.3 Additional Features and Functionality</h3>
+<h3>2.39.3 Additional Features and Functionality</h3>
 <ul>
 <li>PEMReader/PEMWriter now support encrypted EC keys.</li>
 <li>BC generated EC private keys now include optional fields required by OpenSSL.</li>
@@ -1544,24 +1550,24 @@ <h3>2.38.3 Additional Features and Functionality</h3>
 <li>Support for raw signatures has been extended to RSA and RSA-PSS in the provider. RSA support can be used in CMSSignedDataStreamGenerator to support signatures without signed attributes.</li>
 </ul>
 
-<a id="r1rv43"><h3>2.39.1 Version</h3></a>
+<a id="r1rv43"><h3>2.40.1 Version</h3></a>
 Release: 1.43<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2009, April 13
-<h3>2.39.2 Defects Fixed</h3>
+<h3>2.40.2 Defects Fixed</h3>
 <ul>
 <li>Multiple countersignature attributes are now correctly collected.</li>
 <li>Two bugs in HC-128 and HC-256 related to sign extension and byte swapping have been fixed. The implementations now pass the latest ecrypt vector tests.</li>
 <li>X509Name.hashCode() is now consistent with equals.</li>
 </ul>
-<h3>2.39.3 Security Advisory</h3>
+<h3>2.40.3 Security Advisory</h3>
 <ul>
 <li>The effect of the sign extension bug was to decrease the key space the HC-128 and HC-256 ciphers were operating in and the byte swapping inverted every 32 bits of the generated stream. If you are using either HC-128 or HC-256 you must upgrade to this release.</li>
 </ul>
 
-<a id="r1rv42"><h3>2.40.1 Version</h3></a>
+<a id="r1rv42"><h3>2.41.1 Version</h3></a>
 Release: 1.42<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2009, March 16
-<h3>2.40.2 Defects Fixed</h3>
+<h3>2.41.2 Defects Fixed</h3>
 <ul>
 <li>A NullPointer exception which could be result from generating a diffie-hellman key has been fixed.</li>
 <li>CertPath validation could occasionally mistakenly identify a delta CRL. This has been fixed.</li>
@@ -1574,7 +1580,7 @@ <h3>2.40.2 Defects Fixed</h3>
 <li>Multiplication by negative powers of two is fixed in BigInteger.</li>
 <li>OptionalValidity now encodes correctly.</li>
 </ul>
-<h3>2.40.3 Additional Features and Functionality</h3>
+<h3>2.41.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for NONEwithECDSA has been added.</li>
 <li>Support for Grainv1 and Grain128 has been added.</li>
@@ -1585,10 +1591,10 @@ <h3>2.40.3 Additional Features and Functionality</h3>
 <li>Support for the SRP-6a protocol has been added to the lightweight API.</li>
 </ul>
 
-<a id="r1rv41"><h3>2.41.1 Version</h3></a>
+<a id="r1rv41"><h3>2.42.1 Version</h3></a>
 Release: 1.41<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2008, October 1
-<h3>2.41.2 Defects Fixed</h3>
+<h3>2.42.2 Defects Fixed</h3>
 <ul>
 <li>The GeneralName String constructor now supports IPv4 and IPv6 address parsing.</li>
 <li>An issue with nested-multiparts with postamble for S/MIME that was causing signatures to fail verification has been fixed.</li>
@@ -1599,7 +1605,7 @@ <h3>2.41.2 Defects Fixed</h3>
 <li>Standard name "DiffieHellman" is now supported in the provider.</li>
 <li>Better support for equality tests for '#' encoded entries has been added to X509Name.</li>
 </ul>
-<h3>2.41.3 Additional Features and Functionality</h3>
+<h3>2.42.3 Additional Features and Functionality</h3>
 <ul>
 <li>Camellia is now 12.5% faster than previously.</li>
 <li>A smaller version (around 8k compiled) of Camellia, CamelliaLightEngine has also been added.</li>
@@ -1610,10 +1616,10 @@ <h3>2.41.3 Additional Features and Functionality</h3>
 <li>Support for reading and extracting personalised certificates in PGP Secret Key rings has been added.</li>
 </ul>
 
-<a id="r1rv40"><h3>2.42.1 Version</h3></a>
+<a id="r1rv40"><h3>2.43.1 Version</h3></a>
 Release: 1.40<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2008, July 12
-<h3>2.42.2 Defects Fixed</h3>
+<h3>2.43.2 Defects Fixed</h3>
 <ul>
 <li>EAX mode ciphers were not resetting correctly after a doFinal/reset. This has been fixed.</li>
 <li>The SMIME API was failing to verify doubly nested multipart objects in signatures correctly. This has been fixed.</li>
@@ -1629,7 +1635,7 @@ <h3>2.42.2 Defects Fixed</h3>
 <li>The '+' character can now be escaped or quoted in the constructor for X509Name, X509Prinicipal.</li>
 <li>Fix to regression from 1.38: PKIXCertPathValidatorResult.getPublicKey was returning the wrong public key when the BC certificate path validator was used.</li>
 </ul>
-<h3>2.42.3 Additional Features and Functionality</h3>
+<h3>2.43.3 Additional Features and Functionality</h3>
 <ul>
 <li>Galois/Counter Mode (GCM) has been added to the lightweight API and the JCE provider.</li>
 <li>SignedPublicKeyAndChallenge and PKCS10CertificationRequest can now take null providers if you need to fall back to the default provider mechanism.</li>
@@ -1637,15 +1643,15 @@ <h3>2.42.3 Additional Features and Functionality</h3>
 <li>Unnecessary local ID attributes on certificates in PKCS12 files are now automatically removed.</li>
 <li>The PKCS12 store types PKCS12-3DES-3DES and PKCS12-DEF-3DES-3DES have been added to support generation of PKCS12 files with both certificates and keys protected by 3DES.</li>
 </ul>
-<h3>2.42.4 Additional Notes</h3>
+<h3>2.43.4 Additional Notes</h3>
 <ul>
 <li>Due to problems for some users caused by the presence of the IDEA algorithm, an implementation is no longer included in the default signed jars. Only the providers of the form bcprov-ext-*-*.jar now include IDEA.</li>
 </ul>
 
-<a id="r1rv39"><h3>2.43.1 Version</h3></a>
+<a id="r1rv39"><h3>2.44.1 Version</h3></a>
 Release: 1.39<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2008, March 29
-<h3>2.43.2 Defects Fixed</h3>
+<h3>2.44.2 Defects Fixed</h3>
 <ul>
 <li>A bug causing the odd NullPointerException has been removed from the LocalizedMessage class.</li>
 <li>IV handling in CMS for the SEED and Camellia was incorrect. This has been fixed.</li>
@@ -1659,7 +1665,7 @@ <h3>2.43.2 Defects Fixed</h3>
 <li>A decoding issue with a mis-identified tagged object in CertRepMessage has been fixed.</li>
 <li>\# is now properly recognised in the X509Name class.</li>
 </ul>
-<h3>2.43.3 Additional Features and Functionality</h3>
+<h3>2.44.3 Additional Features and Functionality</h3>
 <ul>
 <li>Certifications associated with user attributes can now be created, verified and removed in OpenPGP.</li>
 <li>API support now exists for CMS countersignature reading and production.</li>
@@ -1674,10 +1680,10 @@ <h3>2.43.3 Additional Features and Functionality</h3>
 <li>Support has been added to the provider for the VMPC MAC.</li>
 </ul>
 
-<a id="r1rv38"><h3>2.44.1 Version</h3></a>
+<a id="r1rv38"><h3>2.45.1 Version</h3></a>
 Release: 1.38<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2007, November 7
-<h3>2.44.2 Defects Fixed</h3>
+<h3>2.45.2 Defects Fixed</h3>
 <ul>
 <li>SMIME signatures containing non-standard quote-printable data could be altered by SMIME encryption. This has been fixed.</li>
 <li>CMS signatures that do not use signed attributes were vulnerable to one of Bleichenbacher's RSA signature forgery attacks. This has been fixed.</li>
@@ -1691,7 +1697,7 @@ <h3>2.44.2 Defects Fixed</h3>
 <li>Overwriting entities in a PKCS#12 file was not fully compliant with the JavaDoc for KeyStore. This has been fixed.</li>
 <li>TlsInputStream.read() could appear to return end of file when end of file had not been reached. This has been fixed.</li>
 </ul>
-<h3>2.44.3 Additional Features and Functionality</h3>
+<h3>2.45.3 Additional Features and Functionality</h3>
 <ul>
 <li>Buffering in the streaming CMS has been reworked. Throughput is now usually higher and the behaviour is more predictable.</li>
 <li>It's now possible to pass a table of hashes to a CMS detached signature rather than having to always pass the data.</li>
@@ -1702,10 +1708,10 @@ <h3>2.44.3 Additional Features and Functionality</h3>
 <li>CertPathReviewer has better handling for problem trust anchors.</li>
 <li>Base64 encoder now does initial size calculations to try to improve resource usage.</li>
 </ul>
-<a id="r1rv37"><h3>2.45.1 Version</h3></a>
+<a id="r1rv37"><h3>2.46.1 Version</h3></a>
 Release: 1.37<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2007, June 15
-<h3>2.45.2 Defects Fixed</h3>
+<h3>2.46.2 Defects Fixed</h3>
 <ul>
 <li>The ClearSignedFileProcessor example for OpenPGP did not take into account trailing white space in
 the file to be signed. This has been fixed.</li>
@@ -1719,7 +1725,7 @@ <h3>2.45.2 Defects Fixed</h3>
 <li>The default private key length in the lightweght API for generated DiffieHellman parameters was absurdly small, this has been fixed.</li>
 <li>Cipher.getParameters() for PBEwithSHAAndTwofish-CBC was returning null after intialisation. This has been fixed.</li>
 </ul>
-<h3>2.45.3 Additional Features and Functionality</h3>
+<h3>2.46.3 Additional Features and Functionality</h3>
 <ul>
 <li>The block cipher mode CCM has been added to the provider and light weight API.</li>
 <li>The block cipher mode EAX has been added to the provider and light weight API.</li>
@@ -1738,10 +1744,10 @@ <h3>2.45.3 Additional Features and Functionality</h3>
 <li>The JCE provider now supports RIPEMD160withECDSA.</li>
 </ul>
 
-<a id="r1rv36"><h3>2.46.1 Version</h3></a>
+<a id="r1rv36"><h3>2.47.1 Version</h3></a>
 Release: 1.36<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2007, March 16
-<h3>2.46.2 Defects Fixed</h3>
+<h3>2.47.2 Defects Fixed</h3>
 <ul>
 <li>DSA key generator now checks range and keysize.</li>
 <li>Class loader issues with i18n classes should now be fixed.</li>
@@ -1755,7 +1761,7 @@ <h3>2.46.2 Defects Fixed</h3>
 <li>Some surrogate pairs were not assembled correctly by the UTF-8 decoder. This has been fixed.</li>
 <li>Alias resolution in PKCS#12 is now case insensitive.</li>
 </ul>
-<h3>2.46.3 Additional Features and Functionality</h3>
+<h3>2.47.3 Additional Features and Functionality</h3>
 <ul>
 <li>CMS/SMIME now supports basic EC KeyAgreement with X9.63.</li>
 <li>CMS/SMIME now supports RFC 3211 password based encryption.</li>
@@ -1771,10 +1777,10 @@ <h3>2.46.3 Additional Features and Functionality</h3>
 <li>DSASigner now handles long messages. SHA2 family digest support for DSA has been added to the provider.</li>
 </ul>
 
-<a id="r1rv35"><h3>2.47.1 Version</h3></a>
+<a id="r1rv35"><h3>2.48.1 Version</h3></a>
 Release: 1.35<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2006, December 16
-<h3>2.47.2 Defects Fixed</h3>
+<h3>2.48.2 Defects Fixed</h3>
 <ul>
 <li>Test data files are no longer in the provider jars.</li>
 <li>SMIMESignedParser now handles indefinite length data in SignerInfos.</li>
@@ -1789,7 +1795,7 @@ <h3>2.47.2 Defects Fixed</h3>
 <li>The IESEngine could incorrectly encrypt data when used in block cipher mode. This has been fixed.
 <li>An error in the encoding of the KEKRecipientInfo has been fixed. Compatability warning: this may mean that versions of BC mail prior to 1.35 will have trouble processing KEK messages produced by 1.35 or later.
 </ul>
-<h3>2.47.3 Additional Features and Functionality</h3>
+<h3>2.48.3 Additional Features and Functionality</h3>
 <ul>
 <li>Further optimisations to elliptic curve math libraries.</li>
 <li>API now incorporates a CertStore which should be suitable for use with LDAP.</li>
@@ -1811,10 +1817,10 @@ <h3>2.47.3 Additional Features and Functionality</h3>
 <li>PGP packet streams can now be closed off using close() on the returned stream as well as closing the generator.</li>
 </ul>
 
-<a id="r1rv34"><h3>2.48.1 Version</h3></a>
+<a id="r1rv34"><h3>2.49.1 Version</h3></a>
 Release: 1.34<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2006, October 2
-<h3>2.48.2 Defects Fixed</h3>
+<h3>2.49.2 Defects Fixed</h3>
 <ul>
 <li>Endianess of integer conversion in KDF2BytesGenerator was incorrect. This has been fixed.
 <li>Generating critical signature subpackets in OpenPGP would result in a zero packet tag. This has been fixed.
@@ -1826,7 +1832,7 @@ <h3>2.48.2 Defects Fixed</h3>
 <li>PGP Identity strings were only being interpreted as ASCII rather than UTF-8. This has been fixed.
 <li>CertificateFactory.generateCRLs now returns a Collection rather than null.
 </ul>
-<h3>2.48.3 Additional Features and Functionality</h3>
+<h3>2.49.3 Additional Features and Functionality</h3>
 <ul>
 <li>An ISO18033KDFParameters class had been added to support ISO18033 KDF generators.
 <li>An implemention of the KDF1 bytes generator algorithm has been added.
@@ -1846,16 +1852,16 @@ <h3>2.48.3 Additional Features and Functionality</h3>
 <li>Performance of the prime number generation in the BigInteger library has been further improved.
 <li>In line with RFC 3280 section 4.1.2.4 DN's are now encoded using UTF8String by default rather than PrintableString.
 </ul>
-<h3>2.48.4 Security Advisory</h3>
+<h3>2.49.4 Security Advisory</h3>
 <ul>
 <li>If you are using public exponents with the value three you *must* upgrade to this release, otherwise it
 will be possible for attackers to exploit some of Bleichenbacher's RSA signature forgery attacks on your applications.</li>
 </ul>
 
-<a id="r1rv33"><h3>2.49.1 Version</h3></a>
+<a id="r1rv33"><h3>2.50.1 Version</h3></a>
 Release: 1.33<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2006, May 3
-<h3>2.49.2 Defects Fixed</h3>
+<h3>2.50.2 Defects Fixed</h3>
 <ul>
 <li>OCSPResponseData was including the default version in its encoding. This has been fixed.
 <li>BasicOCSPResp.getVersion() would throw a NullPointer exception if called on a default version response. This has been fixed.
@@ -1864,7 +1870,7 @@ <h3>2.49.2 Defects Fixed</h3>
 <li>ArmoredInputStream was not closing the underlying stream on close. This has been fixed.
 <li>Small base64 encoded strings with embedded white space could decode incorrectly using the Base64 class. This has been fixed.
 </ul>
-<h3>2.49.3 Additional Features and Functionality</h3>
+<h3>2.50.3 Additional Features and Functionality</h3>
 <ul>
 <li>The X509V2CRLGenerator now supports adding general extensions to CRL entries.
 <li>A RoleSyntax implementation has been added to the x509 ASN.1 package, and the AttributeCertificateHolder class now support the IssuerSerial option.
@@ -1872,10 +1878,10 @@ <h3>2.49.3 Additional Features and Functionality</h3>
 <li>DERUTF8String now supports surrogate pairs.
 </ul>
 
-<a id="r1rv32"><h3>2.50.1 Version</h3></a>
+<a id="r1rv32"><h3>2.51.1 Version</h3></a>
 Release: 1.32<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2006, March 27
-<h3>2.50.2 Defects Fixed</h3>
+<h3>2.51.2 Defects Fixed</h3>
 <ul>
 <li>Further work has been done on RFC 3280 compliance.
 <li>The ASN1Sequence constructor for SemanticsInformation would sometimes throw a ClassCastException on reconstruction an object from a byte stream. This has been fixed.
@@ -1892,7 +1898,7 @@ <h3>2.50.2 Defects Fixed</h3>
 <li>OpenPGP clear text signatures containing '\r' as line separators were not being correctly canonicalized. This has been fixed.
 </ul>
 
-<h3>2.50.3 Additional Features and Functionality</h3>
+<h3>2.51.3 Additional Features and Functionality</h3>
 <ul>
 <li>The ASN.1 library now includes classes for the ICAO Electronic Passport.
 <li>Support has been added to CMS and S/MIME for ECDSA.
@@ -1901,16 +1907,16 @@ <h3>2.50.3 Additional Features and Functionality</h3>
 <li>Support has been added for repeated attributes in CMS and S/MIME messages.
 <li>A wider range of RSA-PSS signature types is now supported for CRL and Certificate verification.
 </ul>
-<h3>2.50.4 Possible compatibility issue</h3>
+<h3>2.51.4 Possible compatibility issue</h3>
 <ul>
 <li>Previously elliptic curve keys and points were generated with point compression enabled by default.
 Owing to patent issues in some jurisdictions, they are now generated with point compression disabled by default.
 </ul>
 
-<a id="r1rv31"><h3>2.51.1 Version</h3></a>
+<a id="r1rv31"><h3>2.52.1 Version</h3></a>
 Release: 1.31<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, December 29
-<h3>2.51.2 Defects Fixed</h3>
+<h3>2.52.2 Defects Fixed</h3>
 <ul>
 <li>getCriticalExtensionOIDs on an X.509 attribute certificate was returning the non-critical set. This has been fixed.
 <li>Encoding uncompressed ECDSA keys could occasionally introduce an extra leading zero byte. This has been fixed.
@@ -1923,7 +1929,7 @@ <h3>2.51.2 Defects Fixed</h3>
 This has been fixed.
 <li>OIDs with extremely large components would sometimes reencode with unnecessary bytes in their encoding. The optimal DER encoding will now be produced instead.
 </ul>
-<h3>2.51.3 Additional Features and Functionality</h3>
+<h3>2.52.3 Additional Features and Functionality</h3>
 <ul>
 <li>The SMIME package now supports the large file streaming model as well.
 <li>Additional ASN.1 message support has been added for RFC 3739 in the org.bouncycastle.x509.qualified package.
@@ -1932,10 +1938,10 @@ <h3>2.51.3 Additional Features and Functionality</h3>
 <li>CertPathValidator has been updated to better support path validation as defined in RFC 3280.
 </ul>
 
-<a id="r1rv30"><h3>2.52.1 Version</h3></a>
+<a id="r1rv30"><h3>2.53.1 Version</h3></a>
 Release: 1.30<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, September 18
-<h3>2.52.2 Defects Fixed</h3>
+<h3>2.53.2 Defects Fixed</h3>
 <ul>
 <li>Whirlpool was calculating the wrong digest for 31 byte data and could throw an exception for some other data lengths. This has been fixed.
 <li>AlgorithmParameters for IVs were returning a default of RAW encoding of the parameters when they should have been returning an
@@ -1947,7 +1953,7 @@ <h3>2.52.2 Defects Fixed</h3>
 <li>KEKIdentifier would not handle OtherKeyAttribute objects correctly. This has been fixed.
 <li>GetCertificateChain on a PKCS12 keystore would return a single certificate chain rather than null if the alias passed in represented a certificate not a key. This has been fixed.
 </ul>
-<h3>2.52.3 Additional Features and Functionality</h3>
+<h3>2.53.3 Additional Features and Functionality</h3>
 <ul>
 <li>RSAEngine no longer assumes keys are byte aligned when checking for out of range input.
 <li>PGPSecretKeyRing.removeSecretKey and PGPSecretKeyRing.insertSecretKey have been added.
@@ -1958,10 +1964,10 @@ <h3>2.52.3 Additional Features and Functionality</h3>
 <li>Both the lightweight API and the provider now support the Camellia encryption algorithm.
 </ul>
 
-<a id="r1rv29"><h3>2.53.1 Version</h3></a>
+<a id="r1rv29"><h3>2.54.1 Version</h3></a>
 Release: 1.29<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, June 27
-<h3>2.53.2 Defects Fixed</h3>
+<h3>2.54.2 Defects Fixed</h3>
 <ul>
 <li>HMac-SHA384 and HMac-SHA512 were not IETF compliant. This has been fixed.
 <li>The equals() method on ElGamalKeyParameters and DHKeyParameters in the lightweight API would sometimes
@@ -1972,7 +1978,7 @@ <h3>2.53.2 Defects Fixed</h3>
 <li>ISO9796 signatures for full recovered messsages could incorrectly verify for similar messages in some circumstances. This has been fixed.
 <li>The occasional problem with decrypting PGP messages containing compressed streams now appears to be fixed.
 </ul>
-<h3>2.53.3 Additional Features and Functionality</h3>
+<h3>2.54.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support has been added for the OIDs and key generation required for HMac-SHA224, HMac-SHA256, HMac-SHA384, and 
 HMac-SHA512.
@@ -1980,16 +1986,16 @@ <h3>2.53.3 Additional Features and Functionality</h3>
 <li>The provider and the lightweight API now support the GOST-28147-94 MAC algorithm.
 <li>Headers are now settable for PGP armored output streams.
 </ul>
-<h3>2.53.4 Notes</h3>
+<h3>2.54.4 Notes</h3>
 <ul>
 <li>The old versions of HMac-SHA384 and HMac-SHA512 can be invoked as OldHMacSHA384 and OldHMacSHA512, or by using the OldHMac class in the
 lightweight API.
 </ul> 
 
-<a id="r1rv28"><h3>2.54.1 Version</h3></a>
+<a id="r1rv28"><h3>2.55.1 Version</h3></a>
 Release: 1.28<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, April 20
-<h3>2.54.2 Defects Fixed</h3>
+<h3>2.55.2 Defects Fixed</h3>
 <ul>
 <li>Signatures on binary encoded S/MIME messages could fail to validate when correct. This has been fixed.
 <li>getExtensionValue() on CRL Entries were returning the encoding of the inner object, rather than the octet string. This has been fixed.
@@ -2003,7 +2009,7 @@ <h3>2.54.2 Defects Fixed</h3>
 <li>Filetype for S/MIME compressed messages was incorrect. This has been fixed.
 <li>BigInteger class can now create negative numbers from byte arrays.
 </ul>
-<h3>2.54.3 Additional Features and Functionality</h3>
+<h3>2.55.3 Additional Features and Functionality</h3>
 <ul>
 <li>S/MIME now does canonicalization on non-binary input for signatures.
 <li>Micalgs for the new SHA schemes are now supported.
@@ -2014,7 +2020,7 @@ <h3>2.54.3 Additional Features and Functionality</h3>
 <li>Support has been added for the creation of ECDSA certificate requests.
 <li>The provider and the light weight API now support the WHIRLPOOL message digest.
 </ul>
-<h3>2.54.4 Notes</h3>
+<h3>2.55.4 Notes</h3>
 <ul>
 <li>Patches for S/MIME binary signatures and canonicalization were actually applied in 1.27, but a couple of days after the release - if the class 
 CMSProcessableBodyPartOutbound is present in the package org.bouncycastle.mail.smime you have the patched 1.27. We would recommend upgrading to 1.28 in any case
@@ -2022,10 +2028,10 @@ <h3>2.54.4 Notes</h3>
 <li>GOST private keys are probably not encoding correctly and can be expected to change.
 </ul>
 
-<a id="r1rv27"><h3>2.55.1 Version</h3></a>
+<a id="r1rv27"><h3>2.56.1 Version</h3></a>
 Release: 1.27<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, February 20
-<h3>2.55.2 Defects Fixed</h3>
+<h3>2.56.2 Defects Fixed</h3>
 <ul>
 <li>Typos in the provider which pointed Signature algorithms SHA256WithRSA, SHA256WithRSAEncryption, SHA384WithRSA, SHA384WithRSAEncryption, SHA512WithRSA, and SHA512WithRSAEncryption at the PSS versions of the algorithms have been fixed. The correct names for the PSS algorithms are SHA256withRSAandMGF1, SHA384withRSAandMGF1, and SHA512withRSAandMGF1.
 <li>X509CertificateFactory failed under some circumstances to reset properly if the input stream being passed
@@ -2039,7 +2045,7 @@ <h3>2.55.2 Defects Fixed</h3>
 <li>TSP TimeStampToken was failing to validate time stamp tokens with the issuerSerial field set in the ESSCertID structure. This has been fixed.
 <li>Path validation in environments with frequently updated CRLs could occasionally reject a valid path. This has been fixed.
 </ul>
-<h3>2.55.3 Additional Features and Functionality</h3>
+<h3>2.56.3 Additional Features and Functionality</h3>
 <ul>
 <li>Full support has been added for the OAEPParameterSpec class to the JDK 1.5 povider.
 <li>Full support has been added for the PSSParameterSpec class to the JDK 1.4 and JDK 1.5 providers.
@@ -2050,7 +2056,7 @@ <h3>2.55.3 Additional Features and Functionality</h3>
 <li>The CertPath support classes now support PKCS #7 encoding.
 <li>Point compression can now be turned off when encoding elliptic curve keys.
 </ul>
-<h3>2.55.4 Changes that may affect compatibility</h3>
+<h3>2.56.4 Changes that may affect compatibility</h3>
 <ul>
 <li>org.bouncycastle.jce.interfaces.ElGamalKey.getParams() has been changed to getParameters() to avoid clashes with
 a JCE interface with the same method signature.
@@ -2060,10 +2066,10 @@ <h3>2.55.4 Changes that may affect compatibility</h3>
 were using these previously you should use SHA256WithRSAAndMGF1, SHA384WithRSAAndMGF1, or SHA512WithRSAAndMGF1.
 </ul>
 
-<a id="r1rv26"><h3>2.56.1 Version</h3></a>
+<a id="r1rv26"><h3>2.57.1 Version</h3></a>
 Release: 1.26<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2005, January 15
-<h3>2.56.2 Defects Fixed</h3>
+<h3>2.57.2 Defects Fixed</h3>
 <ul>
 <li>The X.509 class UserNotice assumed some of the optional fields were not optional. This has been fixed.
 <li>BCPGInputStream would break on input packets of 8274 bytes in length. This has been fixed.
@@ -2072,7 +2078,7 @@ <h3>2.56.2 Defects Fixed</h3>
 <li>ASN1Sets now properly sort their contents when created from scratch.
 <li>A bug introduced in the CertPath validation in the last release which meant some certificate paths would validate if they were invalid has been fixed.
 </ul>
-<h3>2.56.3 Additional Features and Functionality</h3>
+<h3>2.57.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for JDK 1.5 naming conventions for OAEP encryption and PSS signing has been added.
 <li>Support for Time Stamp Protocol (RFC 3161) has been added.
@@ -2082,15 +2088,15 @@ <h3>2.56.3 Additional Features and Functionality</h3>
 <li>PBEWithMD5AndRC2, PBEWithSHA1AndRC2 now generate keys rather than exceptions.
 <li>The BigInteger implementation has been further optimised to take more advantage of the Montgomery number capabilities.
 </ul>
-<h3>2.56.4 JDK 1.5 Changes</h3>
+<h3>2.57.4 JDK 1.5 Changes</h3>
 <ul>
 <li>The JDK 1.5 version of the provider now supports the new Elliptic Curve classes found in the java.security packages. Note: while we have tried to preserve some backwards compatibility people using Elliptic curve are likely to find some minor code changes are required when moving code from JDK 1.4 to JDK 1.5 as the java.security APIs have changed.
 </ul>
 
-<a id="r1rv25"><h3>2.57.1 Version</h3></a>
+<a id="r1rv25"><h3>2.58.1 Version</h3></a>
 Release: 1.25<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004, October 1
-<h3>2.57.2 Defects Fixed</h3>
+<h3>2.58.2 Defects Fixed</h3>
 <ul>
 <li>In some situations OpenPGP would overread when a stream had been
 broken up into partial blocks. This has been fixed.
@@ -2112,7 +2118,7 @@ <h3>2.57.2 Defects Fixed</h3>
 <li>Parsing a message with a zero length body with SMIMESigned would cause an exception. This has been fixed.
 <li>Some versions of PGP use zeros in the data stream rather than a replication of the last two bytes of the iv as specified in the RFC to determine if the correct decryption key has been found. The decryption classes will now cope with both.
 </ul>
-<h3>2.57.3 Additional Features and Functionality</h3>
+<h3>2.58.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for extracting signatures based on PGP user attributes has been
 added to PGPPublicKey.
@@ -2132,10 +2138,10 @@ <h3>2.57.3 Additional Features and Functionality</h3>
 <li>OID components of up to 2^63 bits are now supported.
 </ul>
 
-<a id="r1rv24"><h3>2.58.1 Version</h3></a>
+<a id="r1rv24"><h3>2.59.1 Version</h3></a>
 Release: 1.24<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004, June 12
-<h3>2.58.2 Defects Fixed</h3>
+<h3>2.59.2 Defects Fixed</h3>
 <ul>
 <li>OpenPGP Secret key rings now parse key rings with user attribute packets in them correctly.
 <li>OpenPGP Secret key rings now parse key rings with GPG comment packets in them.
@@ -2152,17 +2158,17 @@ <h3>2.58.2 Defects Fixed</h3>
 <li>An encoding error introduced in 1.23 which affected generation of the
 KeyUsage extension has been fixed.
 </ul>
-<h3>2.58.3 Additional Features and Functionality</h3>
+<h3>2.59.3 Additional Features and Functionality</h3>
 <ul>
 <li>PKCS12 keystore now handles single key/certificate files without any attributes present.
 <li>Support for creation of PGPKeyRings incorporating sub keys has been added.
 <li>ZeroPadding for encrypting ASCII data has been added.
 </ul>
 
-<a id="r1rv23"><h3>2.59.1 Version</h3></a>
+<a id="r1rv23"><h3>2.60.1 Version</h3></a>
 Release: 1.23<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004, April 10
-<h3>2.59.2 Defects Fixed</h3>
+<h3>2.60.2 Defects Fixed</h3>
 <ul>
 <li>Reading a PGP Secret key file would sometimes cause a class cast exception. This has been fixed.
 <li>PGP will now read SecretKeys which are encrypted with the null algorithm.
@@ -2177,7 +2183,7 @@ <h3>2.59.2 Defects Fixed</h3>
 <li>X509Name class will now print names with nested pairs in component sets correctly.
 <li>RC4 now resets correctly on doFinal.
 </ul>
-<h3>2.59.3 Additional Features and Functionality</h3>
+<h3>2.60.3 Additional Features and Functionality</h3>
 <ul>
 <li>PGP V3 keys and V3 signature generation is now supported.
 <li>Collection classes have been added for representing files of PGP public and secret keys.
@@ -2196,10 +2202,10 @@ <h3>2.59.3 Additional Features and Functionality</h3>
 <li>DERGeneralizedTime getTime() method now handles a broader range of input strings.
 </ul>
 
-<a id="r1rv22"><h3>2.60.1 Version</h3></a>
+<a id="r1rv22"><h3>2.61.1 Version</h3></a>
 Release: 1.22<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2004, February 7
-<h3>2.60.2 Defects Fixed</h3>
+<h3>2.61.2 Defects Fixed</h3>
 <ul>
 <li>Generating DSA signatures with PGP would cause a class cast exception, this has been fixed.
 <li>PGP Data in the 192 to 8383 byte length would sometimes be written with the wrong length header. This has been fixed.
@@ -2209,7 +2215,7 @@ <h3>2.60.2 Defects Fixed</h3>
 <li>PSS signature verification would fail approximately 0.5 % of the time on correct signatures. This has been fixed.
 <li>Encoding of CRL Distribution Points now always works.
 </ul>
-<h3>2.60.3 Additional Features and Functionality</h3>
+<h3>2.61.3 Additional Features and Functionality</h3>
 <ul>
 <li>Additional methods for getting public key information have been added to the PGP package.
 <li>Some support for user attributes and the image attribute tag has been added.
@@ -2217,10 +2223,10 @@ <h3>2.60.3 Additional Features and Functionality</h3>
 <li>Support for ElGamal encryption/decryption has been added to the PGP package.
 </ul>
 
-<a id="r1rv21"><h3>2.61.1 Version</h3></a>
+<a id="r1rv21"><h3>2.62.1 Version</h3></a>
 Release: 1.21<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003, December 6
-<h3>2.61.2 Defects Fixed</h3>
+<h3>2.62.2 Defects Fixed</h3>
 <ul>
 <li>The CertPath validator would fail for some valid CRLs. This has been  fixed.
 <li>AES OIDS for S/MIME were still incorrect, this has been fixed.
@@ -2228,17 +2234,17 @@ <h3>2.61.2 Defects Fixed</h3>
 <li>The J2ME BigInteger class would sometimes go into an infinite loop generating prime numbers. This has been fixed.
 <li>DERBMPString.equals() would throw a class cast exception. This has been fixed.
 </ul>
-<h3>2.61.3 Additional Features and Functionality</h3>
+<h3>2.62.3 Additional Features and Functionality</h3>
 <ul>
 <li>PEMReader now handles public keys.
 <li>OpenPGP/BCPG should now handle partial input streams. Additional methods for reading subpackets off signatures.
 <li>The ASN.1 library now supports policy qualifiers and policy info objects.
 </ul>
 
-<a id="r1rv20"><h3>2.62.1 Version</h3></a>
+<a id="r1rv20"><h3>2.63.1 Version</h3></a>
 Release: 1.20<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003, October 8
-<h3>2.62.2 Defects Fixed</h3>
+<h3>2.63.2 Defects Fixed</h3>
 <ul>
 <li>BigInteger toString() in J2ME/JDK1.0 now produces same output as the Sun one.
 <li>RSA would throw a NullPointer exception with doFinal without arguments. This has been fixed.
@@ -2248,7 +2254,7 @@ <h3>2.62.2 Defects Fixed</h3>
 <li>AES OIDS were incorrect, this has been fixed.
 <li>In some cases BC generated private keys would not work with the JSSE. This has been fixed.
 </ul>
-<h3>2.62.3 Additional Features and Functionality</h3>
+<h3>2.63.3 Additional Features and Functionality</h3>
 <ul>
 <li>Support for reading/writing OpenPGP public/private keys and OpenPGP signatures has been added.
 <li>Support for generating OpenPGP PBE messages and public key encrypted messages has been added.
@@ -2256,10 +2262,10 @@ <h3>2.62.3 Additional Features and Functionality</h3>
 <li>Addition of a Null block cipher to the light weight API.
 </ul>
 
-<a id="r1rv19"><h3>2.63.1 Version</h3></a>
+<a id="r1rv19"><h3>2.64.1 Version</h3></a>
 Release: 1.19<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003, June 7
-<h3>2.63.2 Defects Fixed</h3>
+<h3>2.64.2 Defects Fixed</h3>
 <ul>
 <li>The PKCS12 store would throw an exception reading PFX files that had attributes with no values. This has been fixed.
 <li>RSA Private Keys would not serialise if they had PKCS12 bag attributes attached to them, this has been fixed.
@@ -2267,7 +2273,7 @@ <h3>2.63.2 Defects Fixed</h3>
 <li>ASN1 parser would sometimes mistake an implicit null for an implicit empty
 sequence. This has been fixed.
 </ul>
-<h3>2.63.3 Additional Features and Functionality</h3>
+<h3>2.64.3 Additional Features and Functionality</h3>
 <ul>
 <li>S/MIME and CMS now support the draft standard for AES encryption.
 <li>S/MIME and CMS now support setable key sizes for the standard algorithms.
@@ -2279,10 +2285,10 @@ <h3>2.63.3 Additional Features and Functionality</h3>
 in order to find algorithms.
 </ul>
 
-<a id="r1rv18"><h3>2.64.1 Version</h3></a>
+<a id="r1rv18"><h3>2.65.1 Version</h3></a>
 Release: 1.18<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003, February 8
-<h3>2.64.2 Defects Fixed</h3>
+<h3>2.65.2 Defects Fixed</h3>
 <ul>
 <li>DESKeySpec.isParityAdjusted in the clean room JCE could go into an
 infinite loop. This has been fixed.
@@ -2293,7 +2299,7 @@ <h3>2.64.2 Defects Fixed</h3>
 <li>Seeding with longs in the SecureRandom for the J2ME and JDK 1.0,
 only used 4 bytes of the seed value. This has been fixed.
 </ul>
-<h3>2.64.3 Additional Features and Functionality</h3>
+<h3>2.65.3 Additional Features and Functionality</h3>
 <ul>
 <li>The X.509 OID for RSA is now recognised by the provider as is the OID for RSA/OAEP.
 <li>Default iv's for DES are now handled correctly in CMS.
@@ -2305,10 +2311,10 @@ <h3>2.64.3 Additional Features and Functionality</h3>
 Sun BigInteger library.
 </ul>
 
-<a id="r1rv17"><h3>2.65.1 Version</h3></a>
+<a id="r1rv17"><h3>2.66.1 Version</h3></a>
 Release: 1.17<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2003, January 8
-<h3>2.65.2 Defects Fixed</h3>
+<h3>2.66.2 Defects Fixed</h3>
 <ul>
 <li>Reuse of an CMSSignedObject could occasionally result in a class
 cast exception. This has been fixed.
@@ -2319,7 +2325,7 @@ <h3>2.65.2 Defects Fixed</h3>
 <li>The DERObject constructor in OriginatorIdentifierOrKey was leaving 
 the id field as null. This has been fixed.
 </ul>
-<h3>2.65.3 Additional Functionality and Features</h3>
+<h3>2.66.3 Additional Functionality and Features</h3>
 <ul>
 <li>RC2 now supports the full range of parameter versions and effective
 key sizes.
@@ -2339,10 +2345,10 @@ <h3>2.65.3 Additional Functionality and Features</h3>
 string to OID conversion.
 </ul>
 
-<a id="r1rv16"><h3>2.66.1 Version</h3></a>
+<a id="r1rv16"><h3>2.67.1 Version</h3></a>
 Release: 1.16<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2002, November 30
-<h3>2.66.2 Defects Fixed</h3>
+<h3>2.67.2 Defects Fixed</h3>
 <ul>
 <li>CRLS were only working for UTC time constructed Time objects, this has
 been fixed.
@@ -2356,7 +2362,7 @@ <h3>2.66.2 Defects Fixed</h3>
 to throw a NullPointerException at the wrong time.
 <li>Macs now clone correctly in the clean room JCE.
 </ul>
-<h3>2.66.3 Additional Functionality and Features</h3>
+<h3>2.67.3 Additional Functionality and Features</h3>
 <ul>
 <li>PGPCFB support has been added to the provider and the lightweight API.
 <li>There are now three versions of the AESEngine, all faster than before,
@@ -2374,10 +2380,10 @@ <h3>2.66.3 Additional Functionality and Features</h3>
 and to support multiple recipients/signers.
 </ul>
 
-<a id="r1rv15"><h3>2.67.1 Version</h3></a>
+<a id="r1rv15"><h3>2.68.1 Version</h3></a>
 Release: 1.15<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2002, September 6
-<h3>2.67.2 Defects Fixed</h3>
+<h3>2.68.2 Defects Fixed</h3>
 <ul>
 <li>The base string for the oids in asn1.x509.KeyPurposeId was incorrect. This
 has been fixed.
@@ -2400,7 +2406,7 @@ <h3>2.67.2 Defects Fixed</h3>
 The local name now takes precedence.
 <li>ReasonFlags now correctly encodes.
 </ul>
-<h3>2.67.3 Additional Functionality and Features</h3>
+<h3>2.68.3 Additional Functionality and Features</h3>
 <ul>
 <li>The PKCS12 key store now handles key bags in encryptedData bags.
 <li>The X509NameTokenizer now handles for '\' and '"' characters.
@@ -2409,10 +2415,10 @@ <h3>2.67.3 Additional Functionality and Features</h3>
 <li>Both the provider and the lightweight library now support a basic SIC mode for block ciphers.
 </ul>
 
-<a id="r1rv14"><h3>2.68.1 Version</h3></a>
+<a id="r1rv14"><h3>2.69.1 Version</h3></a>
 Release: 1.14<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2002, June 17
-<h3>2.68.2 Defects Fixed</h3>
+<h3>2.69.2 Defects Fixed</h3>
 <ul>
 <li>there was a bug in the BigInteger right shifting for > 31 bit shifts.
 This has been fixed.
@@ -2433,7 +2439,7 @@ <h3>2.68.2 Defects Fixed</h3>
 <li>asn1.x509.ExtendedKeyUsage used to throw a null pointer exception
 on construction. This has been fixed.
 </ul>
-<h3>2.68.3 Additional Functionality and Features</h3>
+<h3>2.69.3 Additional Functionality and Features</h3>
 <ul>
 <li>The BigInteger library now uses Montgomery numbers for modPow and is
 substantially faster.
@@ -2447,10 +2453,10 @@ <h3>2.68.3 Additional Functionality and Features</h3>
 object identifiers.
 </ul>
 
-<a id="r1rv13"><h3>2.69.1 Version</h3></a>
+<a id="r1rv13"><h3>2.70.1 Version</h3></a>
 Release: 1.13<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2002, April 19
-<h3>2.69.2 Defects Fixed</h3>
+<h3>2.70.2 Defects Fixed</h3>
 <ul>
     <li>The TBSCertificate object in the ASN.1 library now properly implements
     the Time object, rather returning UTC time.
@@ -2459,7 +2465,7 @@ <h3>2.69.2 Defects Fixed</h3>
     <li>toByteArray in the big integer class was not always producing correct
     results for negative numbers. This has been Fixed.
 </ul>
-<h3>2.69.3 Additional Functionality and Features</h3>
+<h3>2.70.3 Additional Functionality and Features</h3>
 <ul>
     <li>The key to keySpec handling of the secret key factories has been improved.
     <li>There is now a SMIME implementation and a more complete CMS
@@ -2474,10 +2480,10 @@ <h3>2.69.3 Additional Functionality and Features</h3>
     length certificate chains for signing keys.
 </ul>
 
-<a id="r1rv12"><h3>2.70.1 Version</h3></a>
+<a id="r1rv12"><h3>2.71.1 Version</h3></a>
 Release: 1.12<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2002, February 8
-<h3>2.70.2 Defects Fixed</h3>
+<h3>2.71.2 Defects Fixed</h3>
 <ul>
     <li>The ASN.1 library was unable to read an empty set object. This has been fixed.
     <li>Returning sets of critical and non-critical extensions on X.509 certificates could result in a null pointer exception if the certificate had no extensions. This has been fixed.
@@ -2496,7 +2502,7 @@ <h3>2.70.2 Defects Fixed</h3>
     <li>the IV algorithm parameters class would improperly throw an exception
     on initialisation. This has been fixed.
 </ul>
-<h3>2.70.3 Additional Functionality and Features</h3>
+<h3>2.71.3 Additional Functionality and Features</h3>
 <ul>
     <li>The AESWrap ciphers will now take IV's.
     <li>The DES-EDEWrap algorithm described in https://www.ietf.org/internet-drafts/draft-ietf-smime-key-wrap-01.txt is now supported.
@@ -2510,10 +2516,10 @@ <h3>2.70.3 Additional Functionality and Features</h3>
     for details).
 </ul>
 
-<a id="r1rv11"><h3>2.71.1 Version</h3></a>
+<a id="r1rv11"><h3>2.72.1 Version</h3></a>
 Release: 1.11<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, December 10
-<h3>2.71.2 Defects Fixed</h3>
+<h3>2.72.2 Defects Fixed</h3>
 <ul>
 <li>X9.23 padding of MACs now works correctly with block size aligned data.
 <li>Loading a corrupted "UBER" key store would occasionally cause the
@@ -2539,7 +2545,7 @@ <h3>2.71.2 Defects Fixed</h3>
 extensions. This has been fixed.
 <li>The NetscapeCert type bits were reversed! This has been fixed.
 </ul>
-<h3>2.71.3 Additional Functionality and Features</h3>
+<h3>2.72.3 Additional Functionality and Features</h3>
 <ul>
 <li>The lightweight API and the JCE provider now support ElGamal.
 <li>X509Principal, and X509Name now supports the "DC" attribute and the
@@ -2553,7 +2559,7 @@ <h3>2.71.3 Additional Functionality and Features</h3>
 <li>Elliptic curve routines now handle uncompressed points as well as the
 compressed ones.
 </ul>
-<h3>2.71.4 Other changes</h3>
+<h3>2.72.4 Other changes</h3>
 <ul>
 <li>As the range of public key types supported has expanded the getPublicKey
 method on the SubjectPublicKeyInfo class is not always going to work. The
@@ -2561,10 +2567,10 @@ <h3>2.71.4 Other changes</h3>
 throws an IOException if there is a problem.
 </ul>
 
-<a id="r1rv10"><h3>2.72.1 Version</h3></a>
+<a id="r1rv10"><h3>2.73.1 Version</h3></a>
 Release: 1.10<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, October 20
-<h3>2.72.2 Defects Fixed</h3>
+<h3>2.73.2 Defects Fixed</h3>
 <ul>
 <li>The PKCS12 Key Store now interoperates with the JDK key tool. <b>Note:</b> this does mean the the key name passed to the setKeyEntry calls has become
 significant.
@@ -2572,7 +2578,7 @@ <h3>2.72.2 Defects Fixed</h3>
 has been fixed.
 <li>The ASN.1 input streams now handle zero-tagged zero length objects correctly.
 </ul>
-<h3>2.72.3 Additional Functionality and Features</h3>
+<h3>2.73.3 Additional Functionality and Features</h3>
 <ul>
 <li>The JCE Provider and the lightweight API now support Serpent, CAST5, and CAST6.
 <li>The JCE provider and the lightweight API now has an implementation of ECIES.
@@ -2582,10 +2588,10 @@ <h3>2.72.3 Additional Functionality and Features</h3>
 <li>Support for the generation of PKCS10 certification requests has been added.
 </ul>
 
-<a id="r1rv09"><h3>2.73.1 Version</h3></a>
+<a id="r1rv09"><h3>2.74.1 Version</h3></a>
 Release: 1.09<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, October 6
-<h3>2.73.2 Defects Fixed</h3>
+<h3>2.74.2 Defects Fixed</h3>
 <ul>
 <li>failure to pass in an RC5 parameters object now results in an exception
 at the upper level of the JCE, rather than falling over in the lightweight
@@ -2598,7 +2604,7 @@ <h3>2.73.2 Defects Fixed</h3>
 <li>In some cases the ASN.1 library wouldn't handle implicit tagging properly.
 This has been fixed.
 </ul>
-<h3>2.73.3 Additional Functionality and Features</h3>
+<h3>2.74.3 Additional Functionality and Features</h3>
 <ul>
 <li>Support for RC5-64 has been added to the JCE.
 <li>ISO9796-2 signatures have been added to the JCE and lightweight API.
@@ -2622,10 +2628,10 @@ <h3>2.73.3 Additional Functionality and Features</h3>
 resource hungry and faster - whether it's fast enough remains to be seen!
 </ul>
 
-<a id="r1rv08"><h3>2.74.1 Version</h3></a>
+<a id="r1rv08"><h3>2.75.1 Version</h3></a>
 Release: 1.08<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, September 9
-<h3>2.74.2 Defects Fixed</h3>
+<h3>2.75.2 Defects Fixed</h3>
 <ul>
 <li>It wasn't possible to specify an ordering for distinguished names in
 X509 certificates. This is now supported.
@@ -2636,7 +2642,7 @@ <h3>2.74.2 Defects Fixed</h3>
 <li>The netscape certificate request class wouldn't compile under JDK 1.1. This
 has been fixed.
 </ul>
-<h3>2.74.3 Additional Functionality and Features</h3>
+<h3>2.75.3 Additional Functionality and Features</h3>
 <ul>
 <li>ISO 9796-1 padding is now supported with RSA in the lightweight
 API and the JCE.
@@ -2650,10 +2656,10 @@ <h3>2.74.3 Additional Functionality and Features</h3>
 this is fixed.
 </ul>
 
-<a id="r1rv07"><h3>2.75.1 Version</h3></a>
+<a id="r1rv07"><h3>2.76.1 Version</h3></a>
 Release: 1.07<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, July 9
-<h3>2.75.2 Defects Fixed</h3>
+<h3>2.76.2 Defects Fixed</h3>
 <ul>
 <li>It turned out that the setOddParity method in the DESParameter class
 was indeed doing something odd but not what was intended. This is now
@@ -2664,10 +2670,10 @@ <h3>2.75.2 Defects Fixed</h3>
 have a look in org.bouncycastle.jce.provider.JDKKeyStore lines 201-291.
 </ul>
 
-<a id="r1rv06"><h3>2.76.1 Version</h3></a>
+<a id="r1rv06"><h3>2.77.1 Version</h3></a>
 Release: 1.06<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, July 2
-<h3>2.76.2 Defects Fixed</h3>
+<h3>2.77.2 Defects Fixed</h3>
 <ul>
 <li>Diffie-Hellman keys are now properly serialisable as well as
 encodable.
@@ -2689,17 +2695,17 @@ <h3>2.76.2 Defects Fixed</h3>
 <li>Resetting and resusing HMacs in the lightweight and heavyweight libraries
 caused a NullPointer exception. This has been fixed.
 </ul>
-<h3>2.76.3 Additional Functionality</h3>
+<h3>2.77.3 Additional Functionality</h3>
 <ul>
 <li>ISO10126Padding is now recognised explicitly for block ciphers
 as well.
 <li>The Blowfish implementation is now somewhat faster.
 </ul>
 
-<a id="r1rv05"><h3>2.77.1 Version</h3></a>
+<a id="r1rv05"><h3>2.78.1 Version</h3></a>
 Release: 1.05<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, April 17
-<h3>2.77.2 Defects Fixed</h3>
+<h3>2.78.2 Defects Fixed</h3>
 <ul>
 <li>The DESEDE key generator can now be used to generate 2-Key-DESEDE
 keys as well as 3-Key-DESEDE keys.
@@ -2710,22 +2716,22 @@ <h3>2.77.2 Defects Fixed</h3>
 <li>The ASN.1 library was skipping explicitly tagged objects of zero length.
 This has been fixed.
 </ul>
-<h3>2.77.3 Additional Functionality</h3>
+<h3>2.78.3 Additional Functionality</h3>
 <ul>
 <li>There is now an org.bouncycastle.jce.netscape package which has
 a class in for dealing with Netscape Certificate Request objects.
 </ul>
-<h3>2.77.4 Additional Notes</h3>
+<h3>2.78.4 Additional Notes</h3>
 <p>
 Concerning the PKCS12 fix: in a few cases this may cause some backward
 compatibility issues - if this happens to you, drop us a line at
 <a href="mailto:feedback-crypto@bouncycastle.org">feedback-crypto@bouncycastle.org</a>
 and we will help you get it sorted out.
 </p>
-<a id="r1rv04"><h3>2.78.1 Version</h3></a>
+<a id="r1rv04"><h3>2.79.1 Version</h3></a>
 Release: 1.04<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, March 11
-<h3>2.78.2 Defects Fixed</h3>
+<h3>2.79.2 Defects Fixed</h3>
 <ul>
 <li>Signatures generated by other providers that include optional null
 parameters in the AlgorithmIdentifier are now handled correctly by the
@@ -2754,7 +2760,7 @@ <h3>2.78.2 Defects Fixed</h3>
 hash table when the hash table constructor was called. This has been fixed.
 </ul>
 
-<h3>2.78.3 Additional Functionality</h3>
+<h3>2.79.3 Additional Functionality</h3>
 <ul>
 <li>Added Elliptic Curve DSA (X9.62) - ECDSA - to provider and lightweight
 library.
@@ -2766,10 +2772,10 @@ <h3>2.78.3 Additional Functionality</h3>
 <li>The certificate generators now support ECDSA and DSA certs as well.
 </ul>
 
-<a id="r1rv03"><h3>2.79.1 Version</h3></a>
+<a id="r1rv03"><h3>2.80.1 Version</h3></a>
 Release: 1.03<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2001, January 7
-<h3>2.79.2 Defects Fixed</h3>
+<h3>2.80.2 Defects Fixed</h3>
 <ul>
 <li>CFB and OFB modes when specified without padding would insist on input
 being block aligned. When specified without padding CFB and OFB now behave in a compatible 
@@ -2779,29 +2785,29 @@ <h3>2.79.2 Defects Fixed</h3>
 length as the plain text.
 </ul>
 
-<a id="r1rv02"><h3>2.80.1 Version</h3></a>
+<a id="r1rv02"><h3>2.81.1 Version</h3></a>
 Release: 1.02<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2000, November 7
-<h3>2.80.2 Defects Fixed</h3>
+<h3>2.81.2 Defects Fixed</h3>
 <ul>
 <li>The RSA key pair generator occasionally produced keys 1 bit under the
 requested size. This is now fixed.
 </ul>
 
-<a id="r1rv01"><h3>2.81.1 Version</h3></a>
+<a id="r1rv01"><h3>2.82.1 Version</h3></a>
 Release: 1.01<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2000, October 15
-<h3>2.81.2 Defects Fixed</h3>
+<h3>2.82.2 Defects Fixed</h3>
 
 <ul>
 <li>Buffered ciphers in lightweight library were not resetting correctly
 on a doFinal. This has been fixed.
 </ul>
 
-<a id="r1rv00"><h3>2.82.1 Version</h3></a>
+<a id="r1rv00"><h3>2.83.1 Version</h3></a>
 Release: 1.00<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 2000, October 13
-<h3>2.82.2 Defects Fixed</h3>
+<h3>2.83.2 Defects Fixed</h3>
 <p>
 <ul>
 <li>JDK1.2 version now works with keytool for certificate generation.
@@ -2816,7 +2822,7 @@ <h3>2.82.2 Defects Fixed</h3>
 <li>Some DES PBE algorithms did not set the parity correctly in generated keys, this has been fixed.
 </ul>
 
-<h3>2.82.3 Additional functionality</h3>
+<h3>2.83.3 Additional functionality</h3>
 <p>
 <ul>
 <li>Argument validation is much improved.
diff --git a/gradle.properties b/gradle.properties
index 4e15dd08af..bd57b2ce2f 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 org.gradle.jvmargs=-Xmx2g
-version=1.78.1
-maxVersion=1.79
+version=1.79-SNAPSHOT
+maxVersion=1.80
 org.gradle.java.installations.auto-detect=false
 org.gradle.java.installations.auto-download=false
 org.gradle.java.installations.fromEnv=BC_JDK8,BC_JDK11,BC_JDK17,BC_JDK21
diff --git a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 0098ec2d55..771724e998 100644
--- a/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -74,7 +74,7 @@ public final class BouncyCastleProvider extends Provider
 {
     private static final Logger LOG = Logger.getLogger(BouncyCastleProvider.class.getName());
 
-    private static String info = "BouncyCastle Security Provider v1.78.1";
+    private static String info = "BouncyCastle Security Provider v1.79b";
 
     public static final String PROVIDER_NAME = "BC";
 
@@ -167,7 +167,7 @@ public final class BouncyCastleProvider extends Provider
      */
     public BouncyCastleProvider()
     {
-        super(PROVIDER_NAME, 1.7801, info);
+        super(PROVIDER_NAME, 1.7899, info);
 
         AccessController.doPrivileged(new PrivilegedAction()
         {