Contributors

The following organisations and people have contributed to the Bouncy Castle Cryptography Package.

Thanks, may your castles never deflate!

Donors

The following people and organisations donated financially to help with the release of Bouncy Castle:
 
AXL Software, Larry West (California), A-Sher (1.77). EduFer (1.72). Miguel, Rodolfo Hansen, and iterate GmbH (1.69). Encryptomatic.com (1.67). Denis Beurive, Ravi_02, and Manuel Corona (1.66). Christian Kahlo, Alexi Livshitz, and Denis Beurive (1.65). Joshua Hight (1.63). Bihari Babu (1.61). Jens Neuhalfen and perillamint (1.60). Brian Reid (1.59). Joop Kaashoek and Pexus LLC (1.57). DidiSoft, Cotiviti, Atanas Krachev, Encryptomatic LLC, LogicalAnswersIncSupporter (1.56). Digistamp, RAM NAG (1.55). Lobster GmbH (1.54). Sheba, Ishmal Bartley, and Li-Chang Johnny Lo (1.53). lecker@buetterchen.de, Charles Proxy, Gunny Mills, Morgan Le Douget, Ben Whitaker, and Emilio Navarrete Lineros (1.52). Gup & Boz @ Alki Seattle, Bytemine Gmbh, Ted Pennings, Atanas Krachev, PrimeKey Solutions AB, Martin Paljak, CorseraFri19980116, CPU Terminator, Lindsay Bradford, kares, Philius, and Aaron Anderson (1.51).

We also wish to acknowledge financial and collaborative support from CISCO and additional financial support from PrimeKey towards developing the EST API for RFC 7030 support.

Organisations

  • Holders of Keyfactor Support Contracts. Without the consulting time left over from support contracts being contributed back to working on the Bouncy Castle APIs, progress would be impossible. You know who you are!
  • University of Adelaide, Dr. Yuval Yarom and Deepak Bhargavan Pillai, and University of Melbourne, Dr. Chitchanok Chuengsatiansup, technical review and analysis of the Java PQC implementations and advice on remediations to address possible security issues found.
  • Monash University, Cyber Security Lab, under the supervision of A. Prof. Ron Steinfeld, Dr. Amin Sakzad, and Dr. Raymond K. Zhao for contributions to the NIST post-quantum algorithm set. Initial NTRU implementation: Akbar Fadiansyah. Initial Falcon implementation: Zi Li Tan. Initial CRYSTALS-Kyber implementation: Salang Kang. Initial NTRU Prime implementation: Sai Agraharam (saicharan.agraharam@gmail.com). Initial CRYSTALS-Dilithium implementation: Salang Kang.
  • University of Wollongong, Institute of Cybersecurity and Cryptology, under the supervision of Dr Dung Duong <hduong@uow.edu.au> for contributions to the NIST post-quantum algorithm set. Initial BIKE implementation: Tuong Ngoc Nguyen <tuong.nguyenng@gmail.com>, Xuan Thanh Khuc <khucxuanthanh@gmail.com>, and Khanh Nguyen <tungkhanhmta@gmail.com>. Initial HQC implementation: Tuong Ngoc Nguyen <tuong.nguyenng@gmail.com>, Xuan Thanh Khuc <khucxuanthanh@gmail.com>, and Khanh Nguyen <tungkhanhmta@gmail.com>.
  • Grier Forensics, for collaborating in the development of the S/MIME Toolkit and DANE SMIMEA functionality.
  • TU-Darmstadt, Computer Science Department, RBG, for the initial lightweight client side TLS implementation, which is based on MicroTLS and for help with qTESLA implementation. MicroTLS was developed by Erik Tews under the supervision of Dipl.-Ing. Henning Baer and Prof. Max Muehlhaeuser. qTESLA assistance was provided by Nina Bindel and Yinhua Xu.
  • TU-Darmstadt, Computer Science Department, RBG, for the initial Post Quantum provider, which was based on the FlexiProvider. The FlexiProvider was developed by the Theoretical Computer Science Research Group at TU-Darmstadt, Computer Science Department, RBG under the supervision of Prof. Dr. Johannes Buchmann. More information on the history of FlexiProvider can be found at: https://www.flexiprovider.de/
  • Voxeo Labs - sponsorship of the initial development of APIs for DTLS 1.0 (RFC 4347), DTLS-SRTP key negotiation (RFC 5764), and server side TLS 1.1 (RFC 4346) and tested WebRTC compatibility. More information on Voxeo Labs can be found at https://voxeolabs.com
  • Core Infrastructure Initiative - financial support towards developing the TLS API and JSSE provider that appeared in 1.56.
  • Additional CertPath testing and validation data from the CertPath testing tool developed by cryptosource GmbH and media Transfer AG both located in Darmstadt, Germany.
  • Micro Focus - additional support towards further developing the TLS/DTLS API and the BCJSSE provider.
  • Atlassian Software Systems donation of Confluence and JIRA licences.

People

  • Tito Pena <Fortunato.Pena@AdNovum.CH> - initial RC5 (32 and 64) implementation.
  • Michael Lee <yfl@mira.net> - initial RC6 implementation, MD2 implementation
  • Nuno Santos <nsantos@student.dei.uc.pt> - finding toString bug in certificate object.
  • Brett Sealey <bretts@mortbay.com> - fixing the missing return problem in JDKKeyFactory (affected SSLeay private keys).
  • Victor A. Salaman <salaman@teknos.com> - fixing the bug in Cipher.java which caused it to ignore specified providers, fixing the bug in RSAKeyGenerator which caused keys to be occasionally produced 1 bit too small.
  • Eran Librach <eranl@valicert.com> - spotting and fixing the classLoader bug that occurs if javax.crypto and the provider aren't sharing the same classpath (occurs in JDK 1.3 and greater).
  • Jonathan Knudsen <jonathan@LearningPatterns.com> - porting information and restrictions when using the lightweight library with the MIDP environment.
  • Markus Niedermann <markus.niedermann@softwired-inc.com> - porting information and restrictions when using the lightweight library with the MIDP environment.
  • Mike Benham <moxie@thoughtcrime.org> - detection and fixing of an incorrect weak key in the DES key generation support classes. Suggestions for simplifying DESedeParameter objects. Optimisations for the Blowfish engine and BufferedBlockCipher class.
  • Soren Hilmer <hilmer@mail.tele.dk> - initial implementation of netscape certificate request classes.
  • Uwe Guenther <uwe@cscc.de> - detection and fixing of 3 incorrect semi-weak keys in the DES key generation support classes.
  • Markus Bradtke <mab@informatik.uni-kiel.de> - fixing of a logic error in the JDKKeyStore class.
  • Waclaw Sierek <waclaw.sierek@tpg.pl> - fix to setOddParity in the DESParameter class. Assistance with adding ordering to X509 names for certificate generation, proper processing of byte strings in the ASN1 package, further simplifications and additional classes to improve pkcs7 support, bug fixes in CertPath API.
  • Ly-Na Phu <lyna.phu@init-consulting.de> - assistance in the addition of ISO 9796-1 padding.
  • Stefan Köpsell <sk13@mail.inf.tu-dresden.de> - making the jdk 1.1 version of the collections API available. For further details see https://sourceforge.net/projects/jcf/
  • Carmen Bastiaans <cbastiaa@microbits.com.au> - fixing the improper null pointer problem in the setting of certificates in the PKCS12 key store.
  • Tomas Gustavsson <tomasg@primekey.se> - initial implementation of the AuthorityInformationAccess, SubjectKeyIdentifier, AuthorityKeyIdentifier, CRLNumber, CRLReason, CertificatePolicies, V2TBSCertListGenerator, and X509V2CRLGenerator classes in the ASN.1 library. Additions to GeneralName class, other bug fixes in the X.509 package. Initial implementation of the CertificationRequest classes. getRevocationReason() patch for OCSP. Patch to SemanticsInformation to prevent ClassCastException.
  • Eugen Kuleshov <euxx@hotmail.com> - optimisations for Blowfish, assistance with PKCS12/keytool interoperability.
  • Megan Woods <meganwoods@sekurafile.com> - initial implementation of ECIES.
  • Christian Geuer-Pollmann <geuerp@apache.org> - adding IV's to the AESWrap implementations. Initial implementation of DESedeWrap.
  • Michael Mühle <michael@mouling.de> - contributing the initial CertPath implementation and compatibility classes, fixing provider bug in JDK 1.1 java.security.cert.CertificateFactory compatibilty class.
  • Michael Mansell <me@michaelmansell.com> - fixing the parsing of the empty DER set in the ASN.1 library.
  • Eike Recker <eike.recker@gmx.de> - fixing misspelling of provider reference for RSA/1 and RSA/2.
  • Chris Southern <CSouthern@baltimore.com> - fixing misuse of specified provider in the PKCS10 certification request class.
  • Sidney Markowitz <sidney@sidney.com> - fixing null pointed exception on unknown OID in X509Name class, initial implementation of the three AES engines.
  • Chris Kerr <ckerr@filonet.ca> - initial implementation of the cms, asn1.cms, and the mail/smime packages, assistance in simplifying the ASN.1 package, miscellaneous other optimisations, NIST CertPath certification test, PKIXPolicyNode class, CertPath subtree validation and policy tree construction. We also wish to acknowledge the generosity of Filonet Corporation for allowing Chris to make the initial cms and mail/smime packages available to us.
  • Mike Bean <mbean@lucentradius.com> - fixing the fall through bug in the IV algorithm parameters class.
  • Martin Petraschek <e9526225@student.tuwien.ac.at> - fixing ASN1 tagging so tag values up to 30 are now supported.
  • Jess Garms <jgarms@yahoo.com> - fixing 112/168 key size bug for DESede key generation.
  • Mike Bremford <mike@big.faceless.org> - contributing the inital PKCS7 implementation.
  • Shankar Srinivasan <ssr002@yahoo.com> - S/Mime interoperability testing and debugging.
  • Stef Hoeben <ilsestef@skynet.be> - adding Montgomery multiplication to the BigInteger class.
  • Klaudiusz Ciosk <kciosk@max.com.pl> - improving the compatibility of the SMIME package with the Sun JCE.
  • Thomas Houtekier <Thomas.Houtekier@tectrade.net> - S/Mime testing and debugging. Interoperability with Biztalk.
  • Don Hillsberry <hillsber@dialcorp.com> - S/Mime testing and debugging.
  • Kazuo Furuya <kfuruya@infoteria.co.jp> - fixing root certificate chaining bug in PKCS12 key store.
  • Jason Novotny <jdnovotny@lbl.gov> - initial work on the openSSL PEM processing.
  • Joel Hockey <joel.hockey@qsipayments.com> - initial work on the openSSL PEM processing.
  • John Steenbruggen <JohnS@geotrust.com> - fixing CertificationRequestInfo to handle cert request info objects without attribute blocks.
  • Justin Chapweske <justin@chapweske.com> - ordering patch for Tiger message digest.
  • John Serock <jserock@hotmail.com> - fixing null pointer exception in constructor for ExtendedKeyUsage. Fixing of base OID bug in KeyPurposeId. Compliance of KeyUsage extension return value with security API.
  • Sascha Weinreuter <Sascha.Weinreuter@cit.de> - fixed SMIME saveChanges() bug.
  • Andre Wehnert <aw5@mail.inf.tu-dresden.de> - fixing key schedule problem in RC5-64, fixing buffer cleaning issue in buffered block cipher.
  • Luigi Lo Iacono <lo_iacono@nue.et-inf.uni-siegen.de> - adding SIC mode to the blockciphers in the provider.
  • Tim Sakach <tsakach@certivo.net> - SMIME v2 compatibility patches.
  • Marcus Povey <mpovey@brookes.ac.uk> - adding the PGP mode to the lightweight API and the provider.
  • Sebastian Clauß <sc2@inf.tu-dresden.de> - adding randomness setting to the certificate and CRL generators.
  • Nicolas Bielza <nicolas.bielza@alligacom.com> - isolating the tagging bug in the ASN.1 library that was misrepresenting some ASN.1 constructed data types. Contributions to the streaming S/MIME classes.
  • Casey Marshall <rsdio@metastatic.org> - fixing the clone problem with Macs in the clean room JCE.
  • Rick Zeldes <rick.zeldes@eds.com> - initial code for CMS/SMIME CompressedData.
  • Jarek Gawor <gawor@mcs.anl.gov> - fixing ASN.1 sequence unpacking in BasicConstraints constructor.
  • Brett Neumeier <random@rnd.cx> - patch to OriginatorIdentifierOrKey object, improvements to encoders package, introduction of UrlBase64.
  • Graham Coles <graham.coles@retail-logic.com> - patch to isParityAdjusted in DESKeySpec.
  • Jörn von Kattchée <J.Kattchee@seeburger.de> - patch to SMIMEGenerator for preventing class cast exceptions with BodyParts containing Multipart objects.
  • Matteo Artuso <matartuso@libero.it> - picking up the possible overead in ASN1InputStream.
  • Julian Morrison <julian@extropy.demon.co.uk> - spotting the slow down in Diffie-Hellman key generation.
  • Elmar Sonnenschein <eso@esomail.de> - fix to long conversion in clean room SecureRandom.
  • Jörn Schwarze <JSchwarze@ulc.de> - Locale fix for the clean room JCE.
  • Bryan Lovquist <bkl@cps.com.au> - Other provider compatibility fixes for CMS signing.
  • Artem Portnoy <Artem_Portnoy@ibi.com> - generalisations for CMSProcessableBodyPart in S/MIME. Header fix for mime messages.
  • Michael Häusler <haeusler@ponton-consulting.de> - missing OID update for SHA1 with RSA Signature.
  • Johan Seland <johans@netfonds.no> - general toString for BigInteger class.
  • Johannes Nicolai <johannes.nicolai@novosec.com> - further enhancements to OCSP response generation, fix to CertificateID issuer.
  • Marc Doberva <marc.doberva@ilex-si.com> - help in isolating the JSSE/BC RSA key issue.
  • Jan Dvorak <jan.dvorak@mathan.cz> - initial implementation of the light weight Null block cipher.
  • Joe Cohen <jcohen@forumsys.com> - converting the ArrayOutOfBoundsException in DERInputStream into what it should have been.
  • Chris Long<aclong@ece.cmu.edu> - adding public key decoding to PEMReader.
  • Hes Siemelink<hes@izecom.com> - findIssuer fix for CertPathBuilder, toMimeMessage converter for Mail API, getSize() fix for zero length messages in SMIMEMessage.
  • Stefan Puiu<stefanpuiuro@yahoo.com> - initial implementation V3 policy mapping, policy qualifier objects in ASN.1 X.509 package.
  • Kaiser Yang <kaiseryang@yahoo.com> - Finding BigInteger loop problem in prime generation.
  • Jiri Urbanec <jiri.urbanec@logicacmg.com> - patch to fix defect in DERBMPString.equals().
  • Justin Kolb <jkolb@pristx.com> - patch to DSA signature generation in OpenPGP. Fix for the unexpected "Unexpected end of ZLIB input stream" exception.
  • Ralf Hauser <ralfhauser@gmx.ch> - patch to exception handling in PublicKeyRing, PEMReader, 1.4 build script, X509 Certificate Factory, CertPathValidatorUtilities, fromAddress null check in SignedMailValidator, ReadOnceInputStream testing utility in MIME tests.
  • Michal Dvorak <M_Dvorak@kb.cz> - getNextUpdate patch for OCSP SingleResp.
  • Klaus Greve Fiorentini <Klaus@cpqd.com.br> - array fix in PGP PublickKeyEncSessionPacket.
  • Olivier Refalo <Olivier_Refalo@fpl.com> - null pointer exception fix for JDK 1.3 CMSSignedData objects.
  • Mariusz Bandola <mariusz.bandola@cryptotech.com.pl> - patch to DERGeneralizedTime. Compliance patch for OCSP TBSRequest class. Patch to X509Name for delaing with general objects in sequences.
  • Brien Oberstein <brien.oberstein@transacttools.net> - patch to S2K algorithm in OpenPGP, initial PGP version 3 secret key support, initial PGP version 3 signature generation, RIPEMD160 addition to PGPUtil.
  • Ian Haywood <ian@haywood.bpa.nu> - addition of getSignatureType to PGPSignature.
  • Jonathan Edwards <s34gull@mac.com> - initial support for reading multiple rings from a PGP key file.
  • Andrew Thornton <andrew@caret.cam.ac.uk> - patch for RSA PUBLIC KEY in PEMReader.
  • Gregor Leander <gl@bos-bremen.de> - initial parsing of multiple sequence entries in an X.500 Name.
  • Antoon Bosselaers <Antoon.Bosselaers@esat.kuleuven.ac.be> - help with RipeMD320 implementation.
  • Peter Sylvester <Peter.Sylvester@edelweb.fr> - improvements to the ASN.1 BasicConstraints object.
  • Doug <ummmmm@myrealbox.com> - addition of isEncryptionKey method to OpenPGP public keys.
  • Francois Staes <fstaes@netconsult.be> - improvements to DEBitString, DERGeneralizedTime and initial implimentation of DERGeneralString, addition of settable signed object info to CMSSignedDataGenerator, patch to DH key agreement.
  • W.R. Dittmer <wdittmer@cs.vu.nl> - patch to decoding of SignatureCreationTime in BCPG. Patch to PGPKeyPair to fix nullpointer exception.
  • Perez Paz Luis Alberto <laperez@banxico.org.mx> - patch to use of BitString in X.500 name.
  • James Wright <James_Wright@harte-hanks.com> - patches for dealing with "odd" ArmoredInputStreams.
  • Jim Ford <jim@muirford.com> - patch to PGPSecretKey to avoid null pointer exception on encoding secret keys, comments on KeyExpirationTime, getBitStrength for ElGamal keys. Signature creation time patch for newly created v4 signatures.
  • Michael Hausler <haeusler@ponton-consulting.de> - extra aliases for provider.
  • Sai Pullabhotla <psai@linoma.com> - fix to PGP compressed data generator to improve compression levels. Performance improvements for KeyBasedLargeFileProcessor.
  • Joseph Miller <joseph@digiweb.net.nz> - addition of ZeroBytePadding.
  • Lars <xyz@sagemdenmark.dk> - patch to explicit padded mode for CBC block cipher MAC.
  • Jeroen van Vianen <jeroen@vanvianen.nl> - the Signed and Encrypted mail example.
  • Jun Sun <JSun@diversinet.com> - patch to SecureRandom to work around problem in wtk 1.0.4 and wtk 2.1.
  • Petr Dukem <pdukem@email.cz> - patch to CMSSignedDataGenerator to allow it to work with PKCS11 providers.
  • Filipe Silva <filipe.silva@wedoconsulting.com> - patch to fix overead issue in BCPGInputStream.
  • Alpesh Parmar <alps@linuxmail.org> - patch for class cast problem in PGPPublicKey.getSignatures().
  • Jay Gengelbach <jgengelbach@webmethods.com> - patch to fix isSigningKey in PGPSecretKey class, patch to hashedPackets in PGP signatureGenerator, initial cut for indefinite length output.
  • Doug <doug@tigerprivacy.com> - public key ring patches for ElGamal Signatures, problem key ring data.
  • Matthew Mundy <mmundy1@umbc.edu> - infinite loop prevention patch to PKCS5S2ParametersGenerator.
  • Tom Cargill <cargill@profcon.com> - spelling patch in provider.
  • Breitenstrom Christian <C.Breitenstrom@t-systems.com> - compatibility patch to SignaturePacket, DetachedSignatureProcessor.
  • Zanotti Mirko <zanotti@cad.it> - patch to ordered equality test for X509Name.
  • Nicola Scendoni <nscendoni@babelps.it> - patch to add sorting to CertPath validation.
  • Ville Skyttä <ville.skytta@iki.fi> - patch to CRLDistPoint for cRLIssuer field. KeyStore compliance on add patches. DiffieHellman patch for provider compliance. Support for PEM object "TRUSTED CERTIFICATE". Exception handling patch in PEMReader. JavaDoc clean up.
  • Bruce Gordon <bruce.gordon@savvis.net> - patch to secret key creation encoding NullPointerException in OpenPGP, speed up for BCPGInputStream.
  • Miles Whiteley <Miles.Whiteley@savvis.net> - "223" fix for BCPGInputStream new packets.
  • Albert Moliner <amoliner@evintia.com> - initial TSP implementation.
  • Carlos Lozano <carlos@evintia.com> - initial TSP implementation, patch to SignerInformation for supporting repeated signers, initial updates for supporting repeated attributes in CMS.
  • Javier Delgadillo <javi@javi.codewarp.org> - initial Mozilla PublicKeyAndChallenge classes.
  • Joni Hahkala <joni.hahkala@cern.ch> - initial implementations of VOMS Attribute Certificate Validation, IetfAttrSyntax, and ObjectDigestInfo. We also wish to thank the EGEE project for making the work available.
  • Rolf Schillinger<rolf@sir-wum.de> - initial implementation of Attribute Certificate generation.
  • Sergey Bahtin <Sergey_Bahtin@yahoo.com> - fix for recovering certificate aliases in BKS and UBER key stores. Initial implementations of GOST-28147, GOST-3410, EC GOST-3410, GOST OFB mode (GOFB) and GOST-3411.
  • Franck Leroy <Franck.Leroy@keynectis.com> - ANS.1 set sorting. Contributions to TSP implementation. Test vectors for Bleichenbacher's forgery attack.
  • Atsuhiko Yamanaka <ymnk@jcraft.com> - patch for improving use of Montgomery numbers in BigInteger library. Patch to use size of private exponent in DH parameters.
  • Nickolay Bolshackov <tyrex@reksoft.ru> - patch for class cast exception in AuthorityInformationAccess class.
  • Soren Hilmer <soren.hilmer@tietoenator.com> - patches for CertID with issuerSerial set in TSP implementation, additional compliance testing.
  • Steve Mitchell <mitchell@intertrust.com> - patch for stateful path validator fix. Patch to allow BigInteger class to create negative numbers from byte arrays. Additions to allow different providers to be used for asymmetric/symmetric encryption in OpenPGP. Optimisation to avoid redundant verification in path validator. Suggestion to use PKIXParameters.getSigProvider() correctly.
  • Dirk Eisner <D.Eisner@seeburger.de> - initial implementation of ISO 78164-4 padding.
  • Julien Pasquier <julienpasquier@free.fr> - initial implementation of attribute classes from RFC 3126. Fix to KEKIdentifier, OtherKeyAttribute parsing. Initial ContentHints class.
  • Matteo <matartuso@libero.it> - sequence patch to ASN1Dump.
  • Andrew Paterson <andrew.paterson@burnsecs.com> - patches to PGP tools, isRevoked method on PGPPublicKey.
  • Vladimir Molotkov <vladimir.n.molotkov@intel.com> - extensive provider exception handling compliance testing.
  • Florin Kollan <adlocflo@web.de> - fix to ElGamalKeyParameters equality testing.
  • Pavel Vassiliev <paulvas@gmail.com> - Initial GOST28147Mac implementation.
  • Tom Pesman <tom@tnux.net> - addition of DES-EDE encryption for RSAPrivate keys to PEMWriter.
  • Lukasz Kowalczyk <lukasz.b.kowalczyk@gmail.com> - patch to fix parsing issue with OpenSSL PEM based certificate requests.
  • Arndt Hasch <Arndt.Hasch@maxence.de> - additional fix for partial reading with new style PGP packets.
  • Fix Bernd (KCDP 11) <bernd.fix@credit-suisse.com> - fix for 31 byte issue and exception throwing by Whirlpool.
  • David M. Lee <dmlee@Crossroads.com> - code for add and remove secret key in the PGPSecretKeyRing class. Additions to S/MIME and CMS unit tests.
  • Mike Dillon <md5@embody.org> - additional checks for PGP secret and public key construction, patches to copyWithNewPassword.
  • tu-vi cung <t2cung@hotmail.com> - patch for out of bounds problem in getDecoderStream method.
  • Chris Schultz <cschultz@gmail.com> - fix for InputStream constructor for X509V2AttributeCertificate.
  • David M. Lee <dmlee@Crossroads.com> - implementation assistance with streaming CMS classes.
  • Joel Rees <rees@ddcom.co.jp> - fix to correct getOID methods from returning same set on X.509 attribute certificates.
  • Francesc Sau <francesc.sau@partners.netfocus.es> - micro fix for tsp Accuracy class.
  • Larry Bugbee <bugbee@mac.com> - initial ECNR implementation.
  • Remi Blancher <Remi.Blancher@keynectis.com> - Contributions to TSP implementation. Initial implementation of RFC 3739 and ICAO ASN.1 classes.
  • Brian O'Rourke <brianorourke@gmail.com> - patch for signature creation time override in OpenPGP.
  • Andreas Schwier <andreas.schwier@cardcontact.de> - initial implementation of ISO9797 MAC Algorithm 3, addition of DES-EDE 64 MAC to the provider, fix to EC point encoding, addition of EC and RSA-PSS OIDs to CMS, addition of AES-CMAC and DESede-CMAC to JCE provider.
  • David Josse <david.josse@transacttools.net> - Patch for trailer function in version 2 signature packets.
  • Kishimoto Kazuhiko <kazu-k@hi-ho.ne.jp> - RFC 3280 updates to policy processing in the CertPath validator. Additional test data not covered by NIST.
  • Lawrence Tan <lwrnctan@gmail.com> - Large field OID sample test data. Missing key types in JDKKeyFactory.
  • Carlos Valiente <superdupont@gmail.com> - Addition of CRL writing to the PEMWriter class.
  • Keyon AG, Martin Christinat, https://www.keyon.ch - fixing incorrect ASN.1 encoding of field elements in X9FieldElement class.
  • Olaf Keller, <olaf.keller.bc@bluewin.ch> - initial implementation of the elliptic curves over binary fields F2m. Additional tests and modifications to elliptic curve support for both F2m and Fp. Performance improvements to F2m multiplication. Initial implementation of WNAF/WTNAF point multiplication. Improvement to k value generation in ECDSA.
  • Jörg Eichhorn <eichhorn@ponton-consulting.de> - patch to fix EOF read on SharedFileInputStream, support for F2m compression.
  • Karsten Ohme <widerstand@t-online.de> - initial check against for out of range data on non byte aligned RSA keys. Addition of equals/hashCode on ECCurve.Fp. Additional curve type support for Fp, contributions to F2m compression. F2m decoding for ECPointUtil. Infinity fix and prime192v2 fix for Fp. Extra validation for RSA key creation. Fix to name typos for some OpenSSL key generators. RFC-1779 table, improved RFC 2253 compliance for X509Name. Additional constructor validation for X.509/ESS ASN.1 classes. Validation for Printable, IA5, and Numeric Strings. Fix for RFC 5280 NameConstraint checking for RDNs.
    • Support for surrogate pairs in DERUTF8String, DER UTF8 test. Additional X.509 name attributes for ISIS-MTT, RFC 3039, addition of indirect CRL support, initial X509 LDAP CertStore implementation, CertificatePair class, and X509CertificatePair class. Contributions to X509Store/Parser infrastructure and design. CertPath support for implicit DSA parameters and a range of NameConstraints. Addition of support for V1 attribute certificates and attribute certificate path validation. Initial classes for ASN.1 ISIS-MTT support. Enhancements for improving compliance with the NIST CertPath tests.
  • Carlos Lozano Ruiz <carlos@tradise.com> - patch for <ctrl><m> only handling in CRLFOutputStream.
  • John Alfred Prufrock <j.a.prufrock@gmail.com> - mods to GOST-3411 and MD2 to support ExtendedDigest.
  • Stefan Neusatz Guilhen <sneusatz@gmail.com> - initial version of RoleSyntax, improvements to AttributeCertificateHolder and AttributeCertificateIssuer.
  • Marzio Lo Giudice <marzio.logiudice@gmail.com> - fix to endianess in KDF2BytesGenerator, additional KDF2 tests.
  • Georg Lippold <georg.lippold@gmx.de> - initial implementation of NaccacheStern cipher.
  • Chris Viles <chris_viles@yahoo.com> - fix to SignatureSubpacket critical bit setting.
  • Pasi Eronen <Pasi.Eronen@nokia.com> - extra toString() support for ASN.1 library. Initial patch for large OID components.
  • Lijun Liao <https://github.com/xipki> performance enhancements for SHA family of digests. Bug report and patch for blank line handling in ArmoredInputStream. Addition of getSignatureAlgorithmID to BasicOCSPResp. Reset fix for SM2 signatures, performance improvements for SHA-3. Clean up of CMP EncryptedValueBuilder, additional functionality on PollReqContent. Bug fix for endianness issue in cSHAKE left encode method. Initial implementation of SipHash128. Initial code for RFC 8702 compliance. Additional settings for ECIES with SHA-2. Support for SHAKE lookup in PSS/ECDSA and SM3 in CMS. Correction to SHA-256 OIDs for XMSS^MT. Initial implementation of XDH IES.
  • Maria Ivanova <maria.ivanova@gmail.com> - support for tags > 30 in ASN.1 parsing.
  • Armin Häberling <arminha@student.ethz.ch> - first cut of internationalisation, initial PKIX validation classes.
  • Marius Schilder <mschilder@google.com> - main set of test vectors for Bleichenbacher's forgery attack.
  • Xavier Le Vourch <xavier@brittanysoftware.com> - general code clean ups.
  • Erik Tews <e_tews@cdc.informatik.tu-darmstadt.de> - initial threaded random seed generator, constant-time PKCS#1.5 decoding
  • Thomas Dixon <reikomusha@gmail.com> - initial implementations of TEA/XTEA, Salsa20, ISAAC, and Noekeon. XTEA enhancements.
  • Frank Cornelis <info@frankcornelis.be>- addition of crlAccessMethod in X509ObjectIdentifiers.
  • Rui Joaquim <rjoaquim@cc.isel.ipl.pt> - initial implementation of RSA blinding for signatures.
  • David Stacey <DStacey@allantgroup.com> - addition of trust packet checking on revocation signatures in PGPSecretKeyRing.
  • Martijn Brinkers <list@mitm.nl> - better exception handling in CMS enveloping, "just in time" modifications for CRL and Sequence evaluation.
  • Julius Davies <juliusdavies@gmail.com> - additional modes and algorithm support in PEMReader
  • Matthias <g@rtner.de> - GnuPG compatibility changes for PBEFileProcessor.
  • Olga Käthler <olga.kaethler@hjp-consulting.com> - initial implementation of TeleTrusT EC curves, additional ISO 9797 MACs, contributions to EAC OIDs, addition of EAC algorithms to CMS Signing.
  • Germano Rizzo <germano.rizzo@gmail.com> - initial implementation of CMac, EAX, HC-128, and HC-256, optimisations for Salsa20.
  • Núria Marí <numaa@hotmail.com> - patch for alternate data type recoginition in CMSSignedDataParser.
  • Janis Schuller <js@tzi.de> - addition of NotationData packets for OpenPGP.
  • Michael Samblanet <mike@samblanet.com> - patches towards improved Sun/default provider support in CMS.
  • Mike StJohns <mstjohns@comcast.net> - patches for supporting empty subject in X.509 certificate generation, noneWithECDSA, updates to KeyPurposeId.
  • Ramon Keller <ramon.keller@gmx.ch> - patch to deal with null revocations return from other CRL in X509V2CRLGenerator.
  • Mark Nelson <mark@nbr.com> - correction to excluded DN in name constraints processing for PKIX processing.
  • Eugene Golushkov <eugene_gff@ukr.net> - mask fix to single byte read in TlsInputStream.
  • Julien Pasquier <julienpasquier@free.fr> - additional classes for supporting signature policy and signer certificates in the ASN.1 esf and ess libraries.
  • Peter Knopp <pknopp@mtg.de> - fix for named curve recognition in ECGOST key generation.
  • Jakub Gwozdz <gwozdziu@rpg.pl> - addition of getTsa() to TimeStampTokenInfo.
  • Bartosz Malkowski <bmalkow@tigase.org> - initial implementation of VMPC cipher, VMPCRandomGenerator, VMPCMac.
  • Tal Yacobi <tal.yacobi@octavian-tech.com> - fix for issue in OpenPGP examples [#BJA-55].
  • Massimiliano Ziccardi <massimiliano.ziccardi@gmail.comt> - support for counter signature reading in CMS API, update for multiple counter signature attributes, JCA compliance patch for PEM parsing in CertificateFactory.
  • Andrey Pavlenko <andrey.a.pavlenko@gmail.com> - security manager patch for PKCS1Encoding property check.
  • J Ross Nicoll <jrn@jrn.me.uk> - improved exception handling for getInstance() in ASN.1 library.
  • Matthew Stevenson <mavricknz@yahoo.com> - patch to construtor for CRMF CertSequence.
  • Gabriele Contini <gcontini@hotpop.com> - identified a bug in ASN.1 library with handling of unterminated NDEF's.
  • Roelof Naude <roelof.naude@epiuse.com> - patch for TLS client to send empty client certs in response to HP_CERTIFICATE_REQUEST.
  • Patrick Peck <peck@signaturen.at> - identified problem with DERApplicationSpecific and high tag numbers in ASN.1 library.
  • Michael LeMay <lemaymd@lemaymd.com> - identified problem with EAX [#BJA-93].
  • Alex Dupre <ale@FreeBSD.org> - fix to use of Signature rather than SignatureSpi in provider [#BJA-90]. Addition of null provider use to SignedPublicKeyAndChallenge and PKCS10CertificationRequest [#BJA-102]
  • Michael Schoene <michael@sigrid-und-michael.de> - fix of improper handling of null in ExtendedPKIXParameters.setTrustedACIssuers(), check for V2 signingCertificate attribute in TimeStampResponse.validate().
  • Ion Larrañaga <ilarra@s21sec.com> fix to default partial packet generation in BCPGOutputStream.
  • Bob Kerns <bob.kerns@positscience.com> fix to hashCode for X509CertificateObject.
  • Stefan Meyer <stefan.meyer@ewe.de> backport for PKIXCertPathValidotor and SMIMESignedMailReviewer.
  • Robert J. Moore <Robert.J.Moore@allanbank.com> speedups for OpenPGPCFB mode, clean room JCE patches.
  • Rui Hodai <rui@po.ntts.co.jp> speed ups for Camellia implementation, CamelliaLightEngine.
  • Emir Bucalovic <emir.bucalovic@mail.com> initial implementation of Grain-v1 and Grain-128.
  • Torbjorn Svensson <tobbe79@gmail.com> initial implementation of Grain-v1 and Grain-128.
  • Paul FitzPatrick <bouncycastle_pfitz@fitzpatrick.cc> error message fix to X509LDAPCertStoreSpi, comparison fix to BCStrictStyle.
  • Henrik Andersson <k.henrik.andersson@gmail.com> addition of UniqueIssuerID to certificate generation.
  • Cagdas Cirit <cagdascirit@gmail.com> subjectAlternativeName fix for x509CertStoreSelector.
  • Harakiri <harakiri_23@yahoo.com> datahandler patch for attached parts in SMIME signatures.
  • Pedro Henriques <pmahenriques@gmail.com> explicit bounds checking for DESKeyGenerator, code simplification for OAEPEncoding.
  • Lothar Kimmeringer <job@kimmeringer.de> verbose mode for ASN1Dump, support for DERExternal, DNS performance fix for S/MIME API, corrections for DLExternal and testing. Identified an issue with Properties utils ignoring system properties in some cases.
  • Richard Farr <rfarr.se@gmail.com> initial SRP-6a implementation.
  • Thomas Castiglione <castiglione@au.ibm.com> patch to encoding for CRMF OptionalValidity.
  • Elisabetta Romani <eromani@sogei.it> patch for recognising multiple counter signatures.
  • Robin Lundgren <r737lundgren@gmail.com> CMPCertificate constructor from X509CertificateStructure fix.
  • Petr Kadlec <mormegil@centrum.cz> fix to sign extension key and IV problem in HC-128, HC-256.
  • Andreas Antener <antener_a@gmx.ch> fix to buffer reset in AsymmetricBufferedBlockCipher.
  • Harendra Rawat <hsrawat@yahoo.com> fix for BERConstructedOctetString.
  • Rolf Lindemann <lindemann@trustcenter.de> patch for PKCS12 key store to support more flexible attribute specifications [#BMA-42].
  • Alex Artamonov <alexart.home@gmail.com> name look up patch for GOST-2001 parameters.
  • Mike Lyons <mlyons@layer7tech.com> work arounds for EC JDK bug 6738532 and JSSE EC naming conventions.
  • Chris Cole <chris_h_cole@yahoo.com> identified a problem handling null passwords when loading a BKS keystore.
  • Tomas Krivanek <tom@atack.cz> added checking of Sender header to SignedMailValidator.
  • Michael <emfau@t-online.de> correction of field error in getResponse method in CertRepMessage.
  • Trevor Perrin <trevor@cryptography.com> addition of constant time equals to avoid possible timing attacks.
  • Markus Kilås <markus@primekey.se> several enhancements to TimeStampResponseGenerator.
  • Dario Novakovic <darionis@yahoo.com> fix for NPE when checking revocation reason on CRL without extensions.
  • Michael Smith <msmith@cbnco.com> bug fixes and enhancements to the CMP and CRMF classes, initial Master List classes.
  • Andrea Zilio <andrea.zilio@gmail.com> fix for PEM password encryption of private keys.
  • Alex Birkett <alex@birkett.co.uk> added support for EC cipher suites in TLS client (RFC 4492) [#BJA-291].
  • Wayne Grant <waynedgrant@gmail.com> additional OIDs for PCKS10 and certificate generation support.
  • Frank Cornelis <info@frankcornelis.be> additional support classes for CAdES, enhancements to OCSP classes.
  • Jan Dittberner <jan@dittberner.info> addHeader patch for SMIME generator.
  • Bob McGowan <boab.mcgoo@btinternet.com> patch to support different object and mgf digests in PSS signing.
  • Ivo Matheis <i.matheis@seeburger.de> fix to padding verification in ISO-9796-1.
  • Marco Sandrini <nessche@gmail.com> patch to add IV to ISO9797Alg3Mac.
  • Alf Malf <alfilmalf@hotmail.com> removal of unnecessary limit in CMSContentInfoParser.
  • Alfonso Massa <alfonso.massa@insiel.it> contributions to CMS time stamp classes.
  • Giacomo Boccardo <gboccardo@unimaticaspa.it> initial work on CMSTimeStampedDataParser.
  • Arnis Tartu <arnis@ut.ee> patches for dealing with OIDs with specific key sizes associated in CMS.
  • Janusz SikociƄski <J.Sikocinski@gdzie.pl> addition of Features subpacket support to OpenPGP API.
  • Juri Hudolejev <jhudolejev@gmail.com> JavaDoc fix to CMSSignedDataParser.
  • Liane Velten <liane.velten@hjp-consulting.com> fine tuning of code for DHParameters validation.
  • Shawn Willden <swillden@google.com> additional functionality to PGPKeyRing.
  • Atanas Krachev <akrachev@gmail.com> added support for revocation signatures in OpenPGP.
  • Mickael Laiking <mickael.laiking@keynectis.com> initial cut of EAC classes.
  • Tim Buktu <tbuktu@hotmail.com> Initial implementation of NTRU signing and encryption.
  • Bernd <rbernd@gmail.com> Fix for open of PGP literal data stream with UTF-8 naming.
  • Steing Inge Morisbak <stein.inge.morisbak@BEKK.no> Test code for lower case Hex data in PEM headers.
  • Andreas Schmid <andreas.schmid@tngtech.com> Additional expiry time check in PGPPublicKeys.
  • Phil Steitz <phil.steitz@gmail.com> Final patch eliminating JCE dependencies in the OpenPGP BC classes.
  • Ignat Korchagin <ignat.korchagin@gmail.com> Initial implementation of DSTU-4145-2002, long hash fix for DSTU-4145-2002.
  • Petar Petrov <p.petrov@bers-soft.com> Testing and debugging of UTF-8 OpenPGP passwords.
  • Daniel Fitzpatrick <daniel.f.nwr@gmail.com> Initial implementation of ephemeral key support for IES, initial implementions of RSA-KEM and ECIES-KEM, initial implementation of homogeneous projective coordinates for EC.
  • Andy Neilson <Andy.Neilson@quest.com>a further patches to deal with multiple providers and PEMReader.
  • Ted Shaw <xiao.xj@gmail.com> patch to MiscPEMGenerator for handling new PKCS10CeriticationRequests.
  • Eleriseth <Eleriseth@WPECGLtYbVi8Rl6Y7Vzl2Lvd2EUVW99v3yNV3IWROG8.fms> speed up for SIC/CTR mode. Provider compatibilty generalisations for EC operations.
  • Kenny Root <kenny@the-b.org> patch for issuerAltName, subjectAltName support in X509CertificateObject, BaseBlockCipher.getIV() patch for AEAD.
  • Maarten Bodewes <maarten.bodewes@gmail.com> initial implementation of HKDF and NIST SP 800-108 MAC based KDF functions.
  • Philip Clay <pilf_b@gyahoo.com> Initial implementation of J-PAKE.
  • Brian Carlstrom <bdc@carlstrom.com> compliance patches for some JCA/JCE keystore and cipher classes, miscellaneous code quality improvements, intial provider PBKDF2WithHmacSHA1 SecretKeyFactory.
  • Samuel Lidén Borell <samuel@primekey.se> patch to add DSTU-4145 to DefaultSignatureAlgorithmFinder
  • Sergio Demian Lerner <sergiolerner@certimix.com> pointing out isInfinity issue in ECDSASigner signature verification.
  • Tim Whittington <Tim.Whittington@orionhealth.com> patch to remove extra init call in CMac, additional of Memoable interface for Digest classes, initial implementation of GMAC, further correctness tests for IV and reset processing in OCB, CCM, and block cipher reset. Initial implementation of Skein, XSalsa20, ChaCha, reduced round Salsa20, Threefish, and the Poly1305 MAC. Documentation updates. Added OCB support to Noekeon and CAST6 in the provider, exception testing for CTS, optimisations for CCM, provider support for AAD cipher methods, safe CipherInput/OutputStream implementations for use with AAD and subsequent bug fixes, cleanup after IDEA patent expiry, work on JCE SipHash support, optimisations for AESFastEngine, further work on EncodableDigest for SHA-2 digests, contributions to BCrypt/OpenBSDBCrypt, PGP API documentation and code quality work.
  • Marcus Lundblad <marcus.lundblad@primekey.se> patch for working arnound JDK jarsigner TSP bug, optional setting of IssuerSerial in TimeStampTokenGenerator, additional extensions enhancement for time stamp token generation.
  • Andrey Zhozhin <zhozhin@xrm.ru> patch for override of TSP SignerInfo attributes.
  • Sergey Tiunov <t5555d@gmail.com> initial cut of DVCS classes.
  • Damian Kolasa <fatfredyy@gmail.com> ASN1Sequence patch for class cast issue in X9Curve.
  • Ash Hughes <ashley.hughes@blueyonder.co.uk> patches for supporting PGPSecretKeyRing/PGPSecretKeys encodings with empty private keys, initial code for PGPSignatureSubpacketVector.getEmbeddedSignatures().
  • Daniel Hirscher <dev@daniel-hirscher.de> patch to support parsing of explicit EC parameters in PEM files.
  • Daniele Ricci <daniele.athome@gmail.com> initial implementation of EC keys for OpenpPGP and RFC6637 support.
  • Matti Aarnio <matti.aarnio@methics.fi> tweaks to any build to remove dependence on shell scripts. Initial SM3 digest implementation, some EC related code cleanups, JavaDoc improvements for ASN.1 classes, addition of NONEwithRSA to lightweight RSADigestSigner.
  • Babak Najafi <bnajafi@akamai.com> fixes to OpenPGP NotationData to prevent truncation problems.
  • Eric Müller <eric.mueller@sage.de> additional standard algorithm name lookups in JcaPEMKeyConverter.
  • Mathias Herberts <Mathias.Herberts@gmail.com> fix to inOff usage in RFC3394WrapEngine.
  • Daniil Ivanov <daniil.ivanov@gmail.com> addition of provider support for GOST HMAC SecretKeyFactory.
  • Daniele Grasso <daniele.grasso86@gmail.com> contributions to final Key calculation code for SRP6.
  • Andrey Utkin <cindrhc@gmail.com> patch to reconstruction of ECGOST keys from PrivateKeyInfo objects in provider classes.
  • Arnis Tartu <arnis@ut.ee> checker for generated key vs OID in JceCMSContentEncryptorBuilder.
  • AxelVDB <axel-vdb@riseup.net> initial implementation of Shacal2.
  • Roberto Tyley <> further work on completing gradle build.
  • Waldemar Dick <wdick@devmue.de> code improvement in x500 ASN.1 package.
  • Sid Steward <sid.steward@pdflabs.com> code improvements to ASN1Boolean.
  • Alex Klyubin <klyubin@google.com> AlgorithmParameters check for EC key agreement.
  • Jonathan Gillett <gsoc.student@gmail.com> Initial support for block cipher IVs in IESEngine, IES MAC length check bug fix.
  • Andreas Reiter <andreas.reiter@iaik.tugraz.at> Reported incomplete status of CertificateVerify processing in (D)TLS server, and provided fix.
  • Kieran Miller <kieran.miller@gmail.com> initial implementation for RFC 5649 key wrap with padding.
  • Oliver Ehli<ehli@arago.de> Additional support for BSI plain ECDSA in the provider.
  • Daniel Heldt<Daniel.Heldt@cryptovision.com> Initial support for encodable state message digests
  • Robert Bushman <bouncycastle@traxel.com> Clean up of DirectKeySignature example.
  • Maurice Aarts<aarts@riscure.com> updated to KDF generator to follow NIST SP 800-108.
  • Franziskus Kiefer<https://github.com/franziskuskiefer> initial implementation of Cramer-Shoup.
  • KB Sriram<mail_kb@yahoo.com> testing for odd encodings for PGP User Attribute Subpackets.
  • Marco Schulze<marco@nightlabs.de> Reported verification bug in GenericSigner.
  • Martin Schaef<https://github.com/martinschaef> contributed a code-cleanup patch.
  • dstutz<https://github.com/dstutz> added iteration count setters to PKCS#12 PBE mac/key generator builders.
  • Tobias Wich<tobias.wich@ecsec.de> Provided patch for TLS to work around servers sending Supported Elliptic Curves extension unexpectedly.
  • Hauke Mehrtens<hauke@hauke-m.de> TLS patch to add ECDHE_ECDSA CCM ciphersuites from RFC 7251.
  • Daniel Zimmerman<dmz@galois.com> Further key quality improvements to RSAKeyPairGenerator.
  • Jens Kapitza<j.kapitza@schwarze-allianz.de> Iterable support in OpenPGP API, code cleanup in OpenPGP API.
  • Johan Eklund<johan@primekey.se> update to RFC 6960 for OCSPObjectIdentifiers.
  • nikosn<https://github.com/nikosn> Fix to encoding of EC private keys to ensure encoding matches order length.
  • Axel von dem Bruch <axel-vdb@riseup.net> Contributions to BCrypt/OpenBSDBCrypt, original version of Blake2bDigest.
  • Derek Atkins <derek@ihtfp.com> Documentation fixes to X9ObjectIdentifiers.
  • Peter Jr Halicky <peto@halicky.sk> Correction to notification/error message handling in SignedMailValidator.
  • lartiguePierre<https://github.com/lartiguePierre> Fix for counter signature SID in CMSSignedData.
  • Thomas Belot<thomas.belot+BC@gmail.com> initial CertPathLoopTest for demonstrating stack overflow issue.
  • Rich DiCroce<https://github.com/rdicroce> Initial implementation of server-side TLS-SRP support. TLS API extension to support non-blocking usage. Support for TLS RAW public keys.
  • Björn Kautler<https://github.com/Vampire> Refinements to cert path validation (authority key addition, certificate order preservation).
  • Dominik Schürmann<https://github.com/dschuermann> method for returning signatures/verifications without user IDs on PGPPublicKey, method for exposing S2K in PGPSecretKey, constants for GNU protection modes in S2K classes, optional version header for armored output.
  • Michael <MSKnete@web.de> initial fix for bitStrength issue for OpenPGP EC keys, correction for generic type on RecipientInformationStore.
  • Tobias Wagner <tobias.wagner@n-design.de> Fix SecureRandom handling in BcAsymmetricKeyWrapper [#BJA-536].
  • Sergio Giro <sgiro@google.com> Fixed adding of additional stores from CRL distribution point [#BJA-537]. Fixed missing null check for CRL certificate issuer [#BJA-538], removal of risky zeroisation code in PBE.java, check for salt in PBEKeys that require it.
  • bschuette<https://github.com/bschuette> Fixed typo in DefaultSignatureAlgorithmIdentifierFinder, additional methods on CMSSignedDataParser.
  • Leonard Dallot<https://github.com/dallotTazTag> Fix to S2K usage of none on changing passwords on keys without passwords originally.
  • Jan Willem Janssen <j.w.janssen+bouncycastle@lxtreme.nl> Support for DSAParameters in lightweight SubjectPublicKeyInfoFactory, initial object signer verifier for BC lightweight EC.
  • Sebastian Oerding <sebastian.oerding@robotron.de> Fixes to toString() in x509.CertificatePolicies.
  • Kai Kramer <kai.kramer@gmail.com> Code to deal with orphaned chain certificates in the PKCS#12 KeyStore.
  • Benoit Charles <benoit.charles@opentrust.com> Fix for IES data length check on decryption.
  • Niko <nfink95@gmail.com> fix to cast issue in getOutputSize() for ECIES.
  • akwizgran<https://github.com/akwizgran> Fixed clone of key in Blake2bDgest copy constructor, blake2b reset issue for varient keys.
  • Matthias Edelhoff <Matthias.Edelhoff@cryptovision.com> BasicConstraintsValidation pathlen fix in PKIX certpath classes.
  • Lukasz Deputat <lukasz.deputat@gmail.com> Fixed bugs in TlsUtils read methods [#BJA-592].
  • Justin Ludwig <https://github.com/justinludwig> Iterator fix for PGPObjectFactory to handle stream packets at start of iterated data.
  • André Berenguel <https://github.com/aberenguel> Fix to include ECNamedCurveSpec in EC AlgorithmParameterSpi
  • Slawomir Jaranowski<https://github.com/slawekjaranowski> Patch to make cipher/hash/signature name methods in PGP internal API public.
  • Andrey Vasilyev<https://github.com/andrey-vasilyev> Initial implementation of GOST R 34.11-2012.
  • William Glanton <wglanton77@gmail.com> Fixed bug in Poly1305 [#BJA-620].
  • jdvorak001<https://github.com/jdvorak001> Speed improvements for ASN.1 ObjectIdentifier cache.
  • Joseph Naegele <jnaegele@grierforensics.com> Patch for handling multiple certificates in a DANE SMIMEA entry.
  • Andrew Bonventre<https://github.com/andybons> NullPointer patch for WNafUtil.
  • The Google Security Team (Project Wycheproof) <https://github.com/google/wycheproof> defect analysis and additional test cases for the provider.
  • Gorka Irazoqui <girazoki@wpi.edu> from Intel Security Center of Excellence <https://security-center.intel.com/> detection of the issue with AESFastEngine (CVE-2016-1000339), additional suggestions for improvement to hardening of AESEngine and finding cache sensitivities in EC key generation/signing.
  • Joerg Senekowitsch <joerg.senekowitsch@veridos.com> patch to deal with hard coded boolean in EAC ECDSAPublicKey.
  • Alexandr Krivoshta <wipe@ya.ru> N4 calculation fix to GOFB mode.
  • Artem Storozhuk <storojs72@gmail.com> N4 calculation fix to GOFB mode.
  • Na Yu <na.yu@samsung.com> Constructor patches to CMC PKIData.
  • Evangelos Karatsiolis <ekaratsiolis@mtg.de> Corrected use of explicit tagging in X.509 PolicyConstraints class.
  • VivleSoren <https://github.com/VivleSoren> additional constructor for McElieceCCA2PrivateKeyParameters.
  • mtausig <https://github.com/mtausig> JavaDoc fix for MCSEncryptedDataGenerator.
  • Anders Schack-Mulligen <https://github.com/aschackmull> code cleanups for CMSSignedDataParser, BrokenKDF2BytesGenerator.
  • Sebastian Wolfgang Roland <sebastianwolfgang.roland@stud.tu-darmstadt.de> Initial XMSS/XMSS-MT implementation.
  • didisoft <https://github.com/didisoft> test code for PGP signature removal involving user ids.
  • Mike Safonov<https://github.com/MikeSafonov> initial implementation of GOST3410-2012 for light weight provider and JCA, parameters patches for ECGOST keys, initial implementation of GOST3412-2015, addition of fromExtensions() for CRLDistPoint.
  • Artem Storozhuk <storojs72@gmail.com> initial implementation of DSTU7564 (digest) and DSTU7624 (cipher) and their associated modes.
  • Andreas Glaser <andreas.glaser@gi-de.com> patch to recognise ANSSI curves for PKCS#10 requests.
  • codeborne <https://github.com/cbxp> patch to correct OIDs used in public key digest parameters for ECGOST-2012.
  • FauxFaux <https://github.com/FauxFaux> patch for JDK 1.9 update to DRBG.java.
  • 4garbage <https://github.com/4garbage> patch to allow GOST3410-94 private keys encoded as integers.
  • ekszz <https://github.com/ekszz> corrections to SM2 signer to include default identity value.
  • jminer <https://github.com/jminer> fix to Blake2b for hashes in range of 2**64-127 to 2**64.
  • str4d <https://github.com/str4d> initial implementation of Blake2s
  • Scott Woodward <scott@bit3consulting.com> performance fixes for CTRSP800DRBG.
  • David Strawn <https://github.com/isomarcte> fix for off by one error in SCRYPT bounds checking.
  • chris mccown <0xchrismccown@gmail.com> identification of serialisation issue with XMSS/XMSSMT private keys (see also CVE-2018-1000613).
  • ZZMarquis <https://github.com/ZZMarquis> offset patches for SM2 encryption and decryption, improvement to Array constant time comparison.
  • Andreas Kretschmer, Siemens AG <https://github.com/Akretsch> NPE fix for CertTemplate.getVersion(), ASN.1 KEM Support classes for CMP.
  • Armin Lunkeit, Michael Tautenhahn <> identification of M-R test issue on higher certainty values in RSA key pair generation.
  • Vincent Breitmoser <https://github.com/Valodim> fix to ignore unnecessary checksum calculator on PGP secret key encryption.
  • Adam Vartanian <https://github.com/flooey> use of ShortBuffer exception and buffer size pre-check in Cipher.doFinal().
  • Bernd <https://github.com/ecki> Fix to make PGPUtil.pipeFileContents use buffer and not leak file handle.
  • Shartung <https://github.com/shartung> Additional EC Key Agreement algorithms in support of German BSI TR-03111.
  • Paul Schaub <https://github.com/vanitasvitae> bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing. Efficiency improvements to TruncatedStream. Initial Argon2 support for OpenPGP. General cleanups. Fast CRC24 implementation, SHA3 addtions to BcImplProvider, improvements to One Pass Signature support, signatue validation, read() consistency in BCPGInputStream. Contributions to AEAD support (v6 & v5) in PGP API. Addition of PGP WildCard ID, moving the PGP example code into the 21st century. Security patches for encrypted data generation, initial thread safe certification verification. Support for V6 EC keys, PGP packet criticality, and Preferred AEAD CipherSuites sigsubpacket support.
  • Nick of Nexxar <https://github.com/nros> update to OpenPGP package to handle a broader range of EC curves.
  • catbref <https://github.com/catbref> sample implementation of RFC 7748/Ed25519 (incorporated work from github users Valodim and str4d as well).
  • gerlion <https://github.com/gerlion> detection of concurrency issue with pre-1.60 EC math library.
  • fgrieu <fgrieu@gmail.com> identification and suggested fixes for possible timing vulnerability in OAEPEncoding and RSACoreEngine.
  • MTG <https://github.com/mtgag> patch for decoding issues in PKIPublicationInfo and CertifiedKeyPair.
  • Andreas Gadermaier <up.gadermaier@gmail.com> initial version of Argon2 PBKDF algorithm.
  • Tony Washer <tony.washer@yahoo.co.uk> review of qTesla, Java 1.9 module code, additional test code and debugging for GOST, DSTU, and ECNR algorithms. Initial lightweight implementation of the ZUC ciphers and macs. Additions to LMS/HSS API implementations, fix for truncation issue with big HSS keys, contributions to optimization of LMS/HSS. Patch for XDH/EdDSA key handling and mcEliece decryption using kobaraImai. Initial GCM-SIV, Blake3, and Kangaroo implementation.
  • Vincent Bouckaert <https://github.com/veebee> initial version of RFC 4998 ASN.1 classes. Debugging and testing of high level RFC 4998 implementation.
  • Tony Washer <https://github.com/tonywasher> ECIESKeyEncapsulation fix for use of OldCofactor mode. Submitted ChaCha20Poly1305 prototype. Remove support for maxXofLen in Kangaroo. Police Blake3 output limit. Add LEAEngine.
  • Aurimas Liutikas <https://github.com/liutikas> JavaDoc patches to ReasonsMask.
  • Gabriel Sroka <https://github.com/gabrielsroka> corrected comments in RSA validation.
  • sarah-mdv <https://github.com/sarah-mdv> improvements to JceKeyTransRecipientInfoGenerator, tests for JournalingSecureRandom, initial implementation of JournaledAlgorithm.
  • Jesse Feinman <https://github.com/jessefeinman> performance optimisation in RSAKeyParameters.
  • Gilis95 <https://github.com/Gilis95> improved JSSE compatibility for setEnabledCipherSuites.
  • Haemin Yoo <https://github.com/yoohaemin> Javadoc fixes.
  • Antoine Toulme <https://github.com/atoulme> Initial implementation of EthereumIESEngine.
  • Golden Looly <https://github.com/looly> Patch for addition of C1C3C2 mode to SM2Engine.
  • Moses Palmér, TrueSec <Henrik.Palmer@truesec.se> Additional improvements to constant time comparisons.
  • René Korthaus<https://github.com/securitykernel> Update to XMSS/XMSS^MT OID values to bring them in line with RFC 8391.
  • THausherr<https://github.com/THausherr> Addition generic support for CMS/TSP functions.
  • Gaylor Bosson<https://github.com/Gilthoniel> Initial implementation of Blake2xs.
  • gaellalire<https://github.com/gaellalire> Patch for unprotected PGP private keys as SExpr.
  • im-scooter<https://github.com/im-scooter> Patch for case-insensitive behaviour of Param-Z.
  • Nick hitchan<https://github.com/hitchan> Fix for typo in engineInitSign() in EdEc SignatureSpi.
  • dbusche<https://github.com/dbusche> Argon2 optimisations.
  • Daniel Heldt<https://github.com/dheldt> Fixing encodings in unicode tests to allow a wider range of Java compilers to work. Tweak to inheritance in JceKeyAgreeRecipient.
  • Ugochukwu Mmaduekwe<https://github.com/Xor-el> Fix for initially bugged legacy Integers.numberOfLeadingZeros method.
  • Gsealy <https://github.com/Gsealy> addition of PBKDF2withHmacSM3 and HmacSM3 to the provider.
  • aphuang2013 <https://github.com/aphuang2013> update to path validation in EST service for ClearPath EST.
  • Kevin Herron <https://github.com/kevinherron> Initial ChaCha20Poly1305 prototype.
  • vkreml <https://github.com/svkreml> GOST compliance change for DefaultCMSSignatureEncryptionAlgorithmFinder.
  • Tobias Ospelt <tobias@pentagrid.ch> Identification of 1.63 regression in ASN.1 parsing.
  • Phil Glass <https://github.com/PhilGlass> Patch for to allow BC to function on Android 10.
  • Steven <https://github.com/acid1103> Identified issue with ChaCha20Poly1305 and large files. Identified an overly-eager null check in ChaCha20Poly1305.
  • Anatoly Zaretsky <https://github.com/azaretsky> Daemon mode patch for entropy gatherer thread.
  • Brandon Weeks <https://github.com/brandonweeks> Fix for engineInitSign() with null random values in PSSSignatureSpi. Further Error Prone static analysis. Off by one error fix in ECIES engineGetOutputSize().
  • Stojan Dimitrovski <https://github.com/hf> SecureRandom configuration code for NTRU key generation.
  • vvvlado <https://github.com/vvvlado> Fix to support repeated headers in PGP armored data.
  • a--v--k <https://github.com/a--v--k> Clean up for some invalid mappings in the Java provider.
  • lipnitsk <https://github.com/lipnitsk> Fix for non-CRT RSA Private serialisation.
  • Niccolò Fontana <https://github.com/NicFontana> Initial fix for high-latency DTLS HelloVerifyRequest handshakes.
  • sudheernv <https://github.com/sudheernv> Patch for KMAC rightEncode() encoding.
  • Mathias Neuhaus <https://github.com/mneuhaus-cv> Patch for cSHAKE extra padding on block aligned N and S bug.
  • Yuri Schimke <https://github.com/yschimke> Patch for nested exception handling in BcKeyStoreSpi.
  • Jaime Hablutzel <hablutzel1@gmail.com> Typo fixes in properties for CertPathReviewer/SignedMailValidator.
  • macknight <https://github.com/macknight> Fix to usage string in ClearSignedFileProcessor example.
  • Hugo Visser <https://github.com/hvisser> Patch for BigInteger.intValueExact() compatibility issue.
  • Adam Cao <https://github.com/AdamXiaotCao> thread safety patch to X500Name.hashCode()
  • Artem Smotrakov<https://github.com/artem-smotrakov> general code clean ups and some additional sanity checks.
  • Irina <https://github.com/alek-sun> Upgrade of OpenSSL PBKDF to use UTF8.
  • John Stell <https://github.com/BlackthornYugen> Additional test code for EC point multiply.
  • Susmit Sarkar <https://github.com/Susmit07> Addition of SHA-224 support to PGP clear signed data.
  • Simon Greatrix <https://github.com/simon-greatrix> RFC5649WrapEngine zero length fix.
  • Matti Varanka and Tero Rontti from the Synopsys Cybersecurity Research Center; discovery and notification of CVE-2020-28052.
  • Jan S. <https://github.com/jpstotz> Extensions to PEMParser to allow for inheritance and adding specialised PEM object parsing.
  • dipakbag <https://github.com/dipakbag> Fix to ESTService Content-Type header check.
  • pelzvieh <https://github.com/pelzvieh> fix for CRLs with absent next update in PKIXCRLUtil.
  • Matthias Valvekens <matthias.valvekens@itextpdf.com> new implementation and additional testing for BasicConstraints task in validations package.
  • Bart Bakker <https://github.com/bjpbakker> RFC 5280 boundaries checks for CRLReason and CRLNumber. Addition of binary-signing-time CMS attribute.
  • Matthias Neugschwandtner and Gergo Barany from Oracle Labs; SICBlockCipher performance optimisation.
  • Rebecca Searls <https://github.com/rsearls> Initial migration of bcmail to the jakarta APIs.
  • Amann Malik <https://github.com/amannm> Initial implementation of private tags in ASN.1 library
  • Ties de Kock <https://github.com/ties> Extract dedicated functions out of SignerInformation.doVerify
  • matheus-eyng <https://github.com/matheus-eyng> Initial light weight patch for shake-len object identifiers.
  • Le Karasique <https://github.com/Karasiq> Identification of non-performant unnecessary code in KeccakDigest.java.
  • Matti Bickel <https://github.com/wundrian> canRead test fix for JcaPKIXIdentityBuilder.
  • wodzu-dudis <https://github.com/wodzu-dudis> 1.5 compatibility fix for ProvX509KeyManagerSimple$Match.
  • John Jiang <johnsjiang@tencent.com> improvements to input validation in SM2Engine class. Identification of SM2 signer private key out of range issue.
  • mgrafl <https://github.com/mgrafl> - JavaDoc fix for NISTObjectIdentifiers class.
  • iiordanov <https://github.com/iiordanov> DH and ECDH anon cipher support for TLS.
  • yf-zs <https://github.com/yf-zs> - Fix for CRL DP extension handling in CertPathValidatorUtilities.
  • Dr. Harbich <https://github.com/raubv0gel> - Testing and debugging of high level implementation of RFC 4998. Addition of Blake2, Blake3 OIDS.
  • Francesco Gini <https://github.com/francesco-gini-privitar> - RadixConverter speed up for SP 800-38G FPE.
  • Alexander Falb <https://github.com/elexx> - additional JavaDoc in X509Extensions class.
  • Jonathan W. Cranford <https://github.com/jwcranford> - added capability to show incremental progress and suppress out of scope tests in build scripts.
  • Brady Siegel <https://github.com/bmsiegel> - PKCS10CertificationRequest OID comparison fix.
  • Andreas Kuehne <https://github.com/kuehne-trustable-de> - addition of regInfo to CRMF request message builder.
  • Fethbita <https://github.com/Fethbita> - added len range check on ConcatenationKDFGenerator (SP 800-56C compliance).
  • Amazon AWS Security Team - isolation and identification of performance bottlenecks in the BC PEM parsing support.
  • Phillip Schichtel <https://github.com/pschichtel> - initial code for specifying wrapping algorithm with PGP PBE encryption method, forcing of session key usage.
  • Alexander Dippel <https://github.com/adippel> - corrections to prevent NPEs on chunked encoding of EST responses.
  • Johann N. Löfflmann <https://github.com/jonelo> - fix to "too small" buffer issue in Blake2sp.
  • Scott Xu <https://github.com/scott-xu> - message fix in OpenSSHPublicKeyUtil
  • Scott Arciszewski <https://github/scottarc> - correction to ant scripts to ensure UTF8 support.
  • GitHub Security team - identification of the X509LDAPCertStoreSpi wildcard bug (see CVE-2023-33201).
  • James Howe <https://github.com/OrangeDog> - improvement to cross-provider compatibility in JcaPKCS10CertificationRequest.
  • Steffen Heil <https://github.com/steffen-heil> - correction to error handling in Arrays.getLength().
  • Thomas D. <https://github.com/thomdev> - expansion of HPKE APIs, addition of user controlled ephemeral key to HPKE API.
  • Franz Fangmeyer <https://github.com/ff-wl> - exception handling for improper use of '=' in an X.500 RDN.
  • Jonathan Lennox <https://github.com/JonathanLennox> - fix DTLS retransmission bug with aggregated ChangeCipherSpec.
  • Thomas Devanneaux <tdevanneaux@apple.com> - extensions to the HPKE API to support encryption/decryption from byte ranges, allow sender selected ephemeral key.
  • Norman Maurer <norman_maurer@apple.com> - extensions to the HPKE API to support encryption/decryption from byte ranges, allow sender selected ephemeral key.