From c7483405848e8e20aab80b3f64c2996a0dc8c5a323b258dfd9c39aebd31975c0 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 25 Apr 2023 11:19:32 +0000 Subject: [PATCH] Accepting request 1082715 from home:pmonrealgonzalez:branches:Java:packages - Update to version 1.73: * Defects Fixed: - BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. - The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. - The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. - There was an off-by-one error in engineGetOutputSize() for ECIES. - The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. - Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. - Fixed RFC3394WrapEngine handling of 64 bit keys. - Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. - JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. - PKCS10CertificationRequest now checks for empty extension parameters. - Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. - PGP AEAD streams could occassionally be truncated. - The ESTService class now supports processing of chunked HTTP data. - A constructed ASN.1 OCTET STRING with a single member would sometimes be re-encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. OBS-URL: https://build.opensuse.org/request/show/1082715 OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=92 --- ...k18on-1.72.pom => bcjmail-jdk18on-1.73.pom | 8 +- ...dk18on-1.72.pom => bcmail-jdk18on-1.73.pom | 8 +- ...-jdk18on-1.72.pom => bcpg-jdk18on-1.73.pom | 4 +- ...dk18on-1.72.pom => bcpkix-jdk18on-1.73.pom | 6 +- ...dk18on-1.72.pom => bcprov-jdk18on-1.73.pom | 2 +- ...jdk18on-1.72.pom => bctls-jdk18on-1.73.pom | 6 +- ...dk18on-1.72.pom => bcutil-jdk18on-1.73.pom | 4 +- bouncycastle.changes | 106 ++++++++++++++++++ bouncycastle.spec | 4 +- r1rv72.tar.gz | 3 - r1rv73.tar.gz | 3 + 11 files changed, 130 insertions(+), 24 deletions(-) rename bcjmail-jdk18on-1.72.pom => bcjmail-jdk18on-1.73.pom (94%) rename bcmail-jdk18on-1.72.pom => bcmail-jdk18on-1.73.pom (93%) rename bcpg-jdk18on-1.72.pom => bcpg-jdk18on-1.73.pom (96%) rename bcpkix-jdk18on-1.72.pom => bcpkix-jdk18on-1.73.pom (94%) rename bcprov-jdk18on-1.72.pom => bcprov-jdk18on-1.73.pom (97%) rename bctls-jdk18on-1.72.pom => bctls-jdk18on-1.73.pom (93%) rename bcutil-jdk18on-1.72.pom => bcutil-jdk18on-1.73.pom (95%) delete mode 100644 r1rv72.tar.gz create mode 100644 r1rv73.tar.gz diff --git a/bcjmail-jdk18on-1.72.pom b/bcjmail-jdk18on-1.73.pom similarity index 94% rename from bcjmail-jdk18on-1.72.pom rename to bcjmail-jdk18on-1.73.pom index 62f957c..ce58f2a 100644 --- a/bcjmail-jdk18on-1.72.pom +++ b/bcjmail-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcjmail-jdk18on jar Bouncy Castle Jakarta S/MIME API - 1.72 + 1.73 The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The Jakarta Mail API and the Jakarta activation framework will also be needed. https://www.bouncycastle.org/java.html @@ -33,19 +33,19 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcutil-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcpkix-jdk18on - 1.72 + 1.73 jar diff --git a/bcmail-jdk18on-1.72.pom b/bcmail-jdk18on-1.73.pom similarity index 93% rename from bcmail-jdk18on-1.72.pom rename to bcmail-jdk18on-1.73.pom index 05fd83f..f00a884 100644 --- a/bcmail-jdk18on-1.72.pom +++ b/bcmail-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcmail-jdk18on jar Bouncy Castle S/MIME API - 1.72 + 1.73 The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. https://www.bouncycastle.org/java.html @@ -33,19 +33,19 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcutil-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcpkix-jdk18on - 1.72 + 1.73 jar diff --git a/bcpg-jdk18on-1.72.pom b/bcpg-jdk18on-1.73.pom similarity index 96% rename from bcpg-jdk18on-1.72.pom rename to bcpg-jdk18on-1.73.pom index d37909f..57c31ea 100644 --- a/bcpg-jdk18on-1.72.pom +++ b/bcpg-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcpg-jdk18on jar Bouncy Castle OpenPGP API - 1.72 + 1.73 The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. https://www.bouncycastle.org/java.html @@ -38,7 +38,7 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar diff --git a/bcpkix-jdk18on-1.72.pom b/bcpkix-jdk18on-1.73.pom similarity index 94% rename from bcpkix-jdk18on-1.72.pom rename to bcpkix-jdk18on-1.73.pom index 70bb063..cf9dd9e 100644 --- a/bcpkix-jdk18on-1.72.pom +++ b/bcpkix-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcpkix-jdk18on jar Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs - 1.72 + 1.73 The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.8 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. https://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcutil-jdk18on - 1.72 + 1.73 jar diff --git a/bcprov-jdk18on-1.72.pom b/bcprov-jdk18on-1.73.pom similarity index 97% rename from bcprov-jdk18on-1.72.pom rename to bcprov-jdk18on-1.73.pom index 257c90a..a7ac741 100644 --- a/bcprov-jdk18on-1.72.pom +++ b/bcprov-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcprov-jdk18on jar Bouncy Castle Provider - 1.72 + 1.73 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.8 and up. https://www.bouncycastle.org/java.html diff --git a/bctls-jdk18on-1.72.pom b/bctls-jdk18on-1.73.pom similarity index 93% rename from bctls-jdk18on-1.72.pom rename to bctls-jdk18on-1.73.pom index 8910ee3..0b970f4 100644 --- a/bctls-jdk18on-1.72.pom +++ b/bctls-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bctls-jdk18on jar Bouncy Castle JSSE provider and TLS/DTLS API - 1.72 + 1.73 The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE. https://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar org.bouncycastle bcutil-jdk18on - 1.72 + 1.73 jar diff --git a/bcutil-jdk18on-1.72.pom b/bcutil-jdk18on-1.73.pom similarity index 95% rename from bcutil-jdk18on-1.72.pom rename to bcutil-jdk18on-1.73.pom index afd9d9d..42d2537 100644 --- a/bcutil-jdk18on-1.72.pom +++ b/bcutil-jdk18on-1.73.pom @@ -5,7 +5,7 @@ bcutil-jdk18on jar Bouncy Castle ASN.1 Extension and Utility APIs - 1.72 + 1.73 The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls. This jar contains APIs for JDK 1.8 and up. https://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk18on - 1.72 + 1.73 jar diff --git a/bouncycastle.changes b/bouncycastle.changes index da1b6b0..d31c126 100644 --- a/bouncycastle.changes +++ b/bouncycastle.changes @@ -1,3 +1,109 @@ +------------------------------------------------------------------- +Tue Apr 25 10:26:27 UTC 2023 - Pedro Monreal + +- Update to version 1.73: + * Defects Fixed: + - BCJSSE: Instantiating a JSSE provider in some contexts could + cause an AccessControl exception. + - The EC key pair generator can generate out of range private + keys when used with SM2. A specific SM2KeyPairGenerator has + been added to the low-level API and is used by + KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has + been updated to check for out of range keys as well.. + - The attached signature type byte was still present in Falcon + signatures as well as the detached signature byte. + - There was an off-by-one error in engineGetOutputSize() for ECIES. + - The method for invoking read() internally in BCPGInputStream + could result in inconsistent behaviour if the class was extended. + - Fixed a rounding issue with FF1 Format Preserving Encryption + algorithm for certain radices. + - Fixed RFC3394WrapEngine handling of 64 bit keys. + - Internal buffer for blake2sp was too small and could result in + an ArrayIndexOutOfBoundsException. + - JCA PSS Signatures using SHAKE128 and SHAKE256 now support + encoding of algorithm parameters. + - PKCS10CertificationRequest now checks for empty extension + parameters. + - Parsing errors in the processing of PGP Armored Data now throw + an explicit exception ArmoredInputException. + - PGP AEAD streams could occassionally be truncated. + - The ESTService class now supports processing of chunked HTTP data. + - A constructed ASN.1 OCTET STRING with a single member would + sometimes be re-encoded as a definite-length OCTET STRING. The + encoding has been adjusted to preserve the BER status of the object. + - PKIXCertPathReviewer could fail if the trust anchor was also + included in the certificate store being used for path analysis. + - UTF-8 parsing of an array range ignored the provided length. + - IPAddress has been written to provide stricter checking and + avoid the use of Integer.parseInt(). + - A Java 7 class snuck into the Java 5 to Java 8 build. + * Additional Features and Functionality: + - The Rainbow NIST Post Quantum Round-3 Candidate has been added to + the low-level API and the BCPQC provider (level 3 and level 5 + parameter sets only). + - The GeMSS NIST Post Quantum Round-3 Candidate has been added to + the low-level API. + - The org.bouncycastle.rsa.max_mr_tests property check has been + added to allow capping of MR tests done on RSA moduli. + - Significant performance improvements in PQC algorithms, + especially BIKE, CMCE, Frodo, HQC, Picnic. + - EdDSA verification now conforms to the recommendations of Taming + the many EdDSAs, in particular cofactored verification. As a side + benefit, Pornin's basis reduction is now used for EdDSA + verification, giving a significant performance boost. + - Major performance improvements for Anomalous Binary (Koblitz) Curves. + - The lightweight Cryptography finalists Ascon, ISAP, Elephant, + PhotonBeetle, Sparkle, and Xoodyak have been added to the + light-weight cryptography API. + - BLAKE2bp and BLAKE2sp have been added to the light-weight + cryptography API. + - Support has been added for X.509, Section 9.8, hybrid certificates + and CRLs using alternate public keys and alternate signatures. + - The property "org.bouncycastle.emulate.oracle" has been added to + signal the provider should return algorithm names on some algorithms + in the same manner as the Oracle JCE provider. + - An extra replaceSigners method has been added to CMSSignedData + which allows for specifying the digest algorithm IDs to be used + in the new CMSSignedData object. + - Parsing and re-encoding of ASN.1 PEM data has been further + optimized to prevent unecessary conversions between basic encoding, + definite length, and DER. + - Support has been added for KEM ciphers in CMS in accordance with + draft-ietf-lamps-cms-kemri + - Support has been added for certEncr in CRMF to allow issuing of + certificates for KEM public keys. + - Further speedups have been made to CRC24. + - GCMParameterSpec constructor caching has been added to improve + performance for JVMs that have the class available. + - The PGPEncrytedDataGenerator now supports injecting the session + key to be used for PGP PBE encrypted data. + - The CRMF CertificateRequestMessageBuilder now supports optional + attributes. + - Improvements to the s calculation in JPAKE. + - A general purpose PQCOtherInfoGenerator has been added which + supports all Kyber and NTRU. + - An implementation of HPKE (RFC 9180 - Hybrid Public Key + Encryption) has been added to the light-weight cryptography API. + * Security Advisories: + - The PQC implementations have now been subject to formal review for + secret leakage and side channels, there were issues in BIKE, Falcon, + Frodo, HQC which have now been fixed. Some weak positives also + showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last + set has been ignored as the algorithms will either be updated if + they reappear in the Signature Round, or deleted, as is already the + case for SIKE (it is now in the legacy package). Details on the + group responsible for the testing can be found in the CONTRIBUTORS + file. + - For at least some ECIES variants (e.g. when using CBC) there is + an issue with potential malleability of a nonce (implying silent + malleability of the plaintext) that must be sent alongside the + ciphertext but is outside the IES integrity check. For this reason + the automatic generation of nonces with IED is now disabled and + they have to be passed in using an IESParameterSpec. The current + advice is to agree on a nonce between parties and then rely on the + use of the ephemeral key component to allow the nonce (rather the + so called nonce) usage to be extended. + ------------------------------------------------------------------- Wed Oct 19 12:09:48 UTC 2022 - Pedro Monreal diff --git a/bouncycastle.spec b/bouncycastle.spec index c6d50d0..cc4bd89 100644 --- a/bouncycastle.spec +++ b/bouncycastle.spec @@ -1,7 +1,7 @@ # # spec file for package bouncycastle # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %global ver_major 1 -%global ver_minor 72 +%global ver_minor 73 %global gittag r%{ver_major}rv%{ver_minor} %global archivever jdk18on-%{ver_major}%{ver_minor} %global classname org.bouncycastle.jce.provider.BouncyCastleProvider diff --git a/r1rv72.tar.gz b/r1rv72.tar.gz deleted file mode 100644 index ed6c07f..0000000 --- a/r1rv72.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4c8062c5b5f6d9e19f1fc21ceb20f8fe0170fdb4c135051c82faa5ef5b7cb00b -size 380374879 diff --git a/r1rv73.tar.gz b/r1rv73.tar.gz new file mode 100644 index 0000000..77e4358 --- /dev/null +++ b/r1rv73.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d26563a1a005fc8e856545f2e90950628d724c8b444e0cbd0baf7daf907d38fb +size 20087104