- Update to 1.79:
* Defects Fixed:
- Leading zeroes were sometimes dropped from Ed25519 signatures
leading to verification errors in the PGP API.
- Default version string for Armored Output is now set correctly in 18on build.
- The Elephant cipher would fail on large messages.
- CMSSignedData.replaceSigners() would re-encode the digest algorithms
block, occassionally dropping ones where NULL had been previously
added as an algorithm parameter. The method now attempts to only use
the original digest algorithm identifiers.
- ERSInputStreamData would fail to generate the correct hash if
called a second time with a different hash algorithm.
- A downcast in the CrlCache which would cause FTP based CRLs to fail
to load has been removed.
- ECUtil.getNamedCurveOid() now trims curve names of excess space
before look up.
- The PhotonBeetle and Xoodyak digests did not reset properly after
a doFinal() call.
- Malformed AlgorithmIdentifiers in CertIDs could cause caching
issues in the OCSP cache.
- With Java 21 a provider service class will now be returned with
a null class name where previously a null would have been returned
for a service. This can cause a NullPointerException to be thrown
by the BC provider if a non-existant service is requested.
- CMS: OtherKeyAttribute.keyAttr now treated as optional.
- CMS: EnvelopedData and AuthEnvelopedData could calculate the wrong versions.
- The default version header for PGP armored output did not carry
the correct version string.
- In some situations the algorithm lookup for creating PGPDigestCalculators
would fail due to truncation of the algorithm name.
OBS-URL: https://build.opensuse.org/request/show/1220549
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=106
- Update to version 1.78: [bsc#1223252, CVE-2024-30171]
* Security Advisories.
- CVE-2024-29857: Importing an EC certificate with specially crafted
F2m parameters can cause high CPU usage during parameter evaluation.
- CVE-2024-30171: Possible timing based leakage in RSA based handshakes
due to exception processing eliminated.
- CVE-2024-30172: Crafted signature and public key can be used to
trigger an infinite loop in the Ed25519 verification code.
- CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE
and an SSL socket is not created with an explicit hostname (as happens
with HttpsURLConnection), hostname verification could be performed
against a DNS-resolved IP address. This has been fixed.
* Defects Fixed:
- Issues with a dangling weak reference causing intermittent
NullPointerExceptions in the OcspCache have been fixed.
- Issues with non-constant time RSA operations in TLS handshakes.
- Issue with Ed25519, Ed448 signature verification causing intermittent
infinite loop have been fixed.
- Issues with non-constant time ML-KEM implementation ("Kyber Slash").
- Align ML-KEM input validation with FIPS 203 IPD requirements.
- Make PEM parsing more forgiving of whitespace to align with RFC 7468.
- Fix CCM length checks with large nonce sizes (n=12, n=13).
- EAC: Fixed the CertificateBody ASN.1 type to support an optional
Certification Authority Reference in a Certificate Request.
- ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized
and the contents octets for both types are now limited to 4096 bytes.
- BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(),
which could cause issues for HSM RSA keys.
- BCJSSE: When endpoint identification is enabled and an SSL socket is not
created with an explicit hostname (as happens with HttpsURLConnection),
OBS-URL: https://build.opensuse.org/request/show/1170680
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=103
- Update to version 1.76:
* Defects Fixed:
- Service allocation in the provider could fail due to the lack
of a permission block. This has been fixed.
- JceKeyFingerPrintCalculator has been generalised for different
providers by using "SHA-256" for the algorithm string.
- BCJSSE: Fixed a regression in 1.74 (NullPointerException) that
prevents a BCJSSE server from negotiating TLSv1.1 or earlier.
- DTLS: Fixed server support for client_certificate_type extension.
- Cipher.unwrap() for HQC could fail due to a miscalculation of
the length of the KEM packet. This has been fixed.
- There was exposure to a Java 7 method in the Java 5 to Java 8
BCTLS jar which could cause issues with some TLS 1.2 cipher
suites running on older JVMs. This is now fixed.
* Additional Features and Functionality:
- BCJSSE: Following OpenJDK, finalizers have been removed from
SSLSocket subclasses. Applications should close sockets and
not rely on garbage collection.
- BCJSSE: Added support for boolean system property
"jdk.tls.client.useCompatibilityMode" (default "true").
- DTLS: Added server support for session resumption.
- JcaPKCS10CertificationRequest will now work with EC on the
OpenJDK provider.
- TimeStamp generation now supports the SHA3 algorithm set.
- The SPHINCS+ simple parameters are now fully supported in the
BCPQC provider.
- Kyber, Classic McEliece, HQC, and Bike now supported by the
CRMF/CMS/CMP APIs.
- Builder classes have been add for PGP ASCII Armored streams
allowing CRCs and versions to now be optional.
OBS-URL: https://build.opensuse.org/request/show/1118599
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=99
