- Update to version 1.78: [bsc#1223252, CVE-2024-30171]
* Security Advisories.
- CVE-2024-29857: Importing an EC certificate with specially crafted
F2m parameters can cause high CPU usage during parameter evaluation.
- CVE-2024-30171: Possible timing based leakage in RSA based handshakes
due to exception processing eliminated.
- CVE-2024-30172: Crafted signature and public key can be used to
trigger an infinite loop in the Ed25519 verification code.
- CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE
and an SSL socket is not created with an explicit hostname (as happens
with HttpsURLConnection), hostname verification could be performed
against a DNS-resolved IP address. This has been fixed.
* Defects Fixed:
- Issues with a dangling weak reference causing intermittent
NullPointerExceptions in the OcspCache have been fixed.
- Issues with non-constant time RSA operations in TLS handshakes.
- Issue with Ed25519, Ed448 signature verification causing intermittent
infinite loop have been fixed.
- Issues with non-constant time ML-KEM implementation ("Kyber Slash").
- Align ML-KEM input validation with FIPS 203 IPD requirements.
- Make PEM parsing more forgiving of whitespace to align with RFC 7468.
- Fix CCM length checks with large nonce sizes (n=12, n=13).
- EAC: Fixed the CertificateBody ASN.1 type to support an optional
Certification Authority Reference in a Certificate Request.
- ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized
and the contents octets for both types are now limited to 4096 bytes.
- BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(),
which could cause issues for HSM RSA keys.
- BCJSSE: When endpoint identification is enabled and an SSL socket is not
created with an explicit hostname (as happens with HttpsURLConnection),
OBS-URL: https://build.opensuse.org/request/show/1170680
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=103
- Update to version 1.76:
* Defects Fixed:
- Service allocation in the provider could fail due to the lack
of a permission block. This has been fixed.
- JceKeyFingerPrintCalculator has been generalised for different
providers by using "SHA-256" for the algorithm string.
- BCJSSE: Fixed a regression in 1.74 (NullPointerException) that
prevents a BCJSSE server from negotiating TLSv1.1 or earlier.
- DTLS: Fixed server support for client_certificate_type extension.
- Cipher.unwrap() for HQC could fail due to a miscalculation of
the length of the KEM packet. This has been fixed.
- There was exposure to a Java 7 method in the Java 5 to Java 8
BCTLS jar which could cause issues with some TLS 1.2 cipher
suites running on older JVMs. This is now fixed.
* Additional Features and Functionality:
- BCJSSE: Following OpenJDK, finalizers have been removed from
SSLSocket subclasses. Applications should close sockets and
not rely on garbage collection.
- BCJSSE: Added support for boolean system property
"jdk.tls.client.useCompatibilityMode" (default "true").
- DTLS: Added server support for session resumption.
- JcaPKCS10CertificationRequest will now work with EC on the
OpenJDK provider.
- TimeStamp generation now supports the SHA3 algorithm set.
- The SPHINCS+ simple parameters are now fully supported in the
BCPQC provider.
- Kyber, Classic McEliece, HQC, and Bike now supported by the
CRMF/CMS/CMP APIs.
- Builder classes have been add for PGP ASCII Armored streams
allowing CRCs and versions to now be optional.
OBS-URL: https://build.opensuse.org/request/show/1118599
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=99
