- Version update to 1.67 [bsc#1180215, CVE-2020-28052]
* CVE-2020-28052: OpenBSDBCrypt.checkPassword utility method
compared incorrect data when checking the password
* Defects Fixed:
- BCJSSE: SunJSSE compatibility fix - override of getChannel()
removed and 'urgent data' behaviour should now conform to
what the SunJSSE expects
- Nested BER data could sometimes cause issues in octet strings
- Certificates/CRLs with short signatures could cause an exception
in toString() in the BC X509 Certificate implmentation
- In line with latest changes in the JVM, SignatureSpis which
don't require parameters now return null on engineGetParameters()
- The RSA KeyFactory now always preferentially produces RSAPrivateCrtKey
where it can on requests for a KeySpec based on an RSAPrivateKey
- CMSTypedStream$FullReaderStream now handles zero length reads correctly
- Unecessary padding was added on KMAC when the key string was block aligned
- Zero length data would cause an unexpected exception from RFC5649WrapEngine
- OpenBSDBcrypt was failing to handle some valid prefixes
* Additional Features and Functionality
- Performance improvement of Argon2 and Noekeon
- A setSessionKeyObfuscation() method has been added to
PublicKeyKeyEncryptionMethodGenerator to allow turning off of session key
obfuscation (default is on, method primarily to get around early version
GPG issues with AES-128 keys)
- Implemented 'safegcd' constant-time modular inversion (as well as a
variable-time variant). It has replaced Fermat inversion in all our EC
code, and BigInteger.modInverse in several other places, particularly
signers. This improves side-channel protection, and also gives a
significant performance boost
- Performance of custom binary ECC curves and Edwards Curves has been improved
OBS-URL: https://build.opensuse.org/request/show/857837
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=62
- Version update to 1.66
* Defects Fixed:
- EdDSA verifiers now reset correctly after rejecting overly long signatures.
- BCJSSE: SSLSession.getPeerCertificateChain could throw NullPointerException.
- qTESLA-I verifier would reject some valid signatures.
- qTESLA verifiers now reject overly long signatures.
- PGP regression caused failure to preserve existing version header when
headers were reset.
- PKIXNameConstraintValidator had a bad cast preventing use of multiple
OtherName constraints.
- Serialisation of the non-CRT RSA Private Key could cause a NullPointerException.
- An extra 4 bytes was included in the start of HSS public key encodings.
- CMS with Ed448 using a direct signature was using id-shake256-len
rather than id-shake256.
- Use of GCMParameterSpec could cause an AccessControlException under
some circumstances.
- DTLS: Fixed high-latency HelloVerifyRequest handshakes.
- An encoding bug for rightEncoded() in KMAC has been fixed.
- For a few values the cSHAKE implementation would add unnecessary pad bytes
where the N and S strings produced encoded data that was block aligned.
- There were a few circumstances where Argon2BytesGenerator might hit an
unexpected null. These have been removed.
* Additional Features and Functionality
- The qTESLA signature algorithm has been updated to v2.8 (20191108).
- BCJSSE: Client-side OCSP stapling now supports status_request_v2 extension.
- Support has been added for "ocsp.enable", "ocsp.responderURL" and
PKIXRevocationChecker for users of Java 8 and later.
- Support has been added for "org.bouncycastle.x509.enableCRLDP" to the PKIX validator.
- BCJSSE: Now supports system property 'jsse.enableFFDHE'
- BCJSSE: Now supports system properties 'jdk.tls.client.SignatureSchemes'
OBS-URL: https://build.opensuse.org/request/show/823216
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=60
- Version update to 1.65
* Defects Fixed:
- DLExternal would encode using DER encoding for tagged SETs.
- ChaCha20Poly1305 could fail for large (>~2GB) files.
- ChaCha20Poly1305 could fail for small updates when used via the provider.
- Properties.getPropertyValue could ignore system property when other
local overrides set.
- The entropy gathering thread was not running in daemon mode, meaning there
could be a delay in an application shutting down due to it.
- A recent change in Java 11 could cause an exception with the BC Provider's
implementation of PSS.
- BCJSSE: TrustManager now tolerates having no trusted certificates.
- BCJSSE: Choice of credentials and signing algorithm now respect the peer's
signature_algorithms extension properly.
- BCJSSE: KeyManager for KeyStoreBuilderParameters no longer leaks memory.
* Additional Features and Functionality:
- LMS and HSS (RFC 8554) support has been added to the low level library and
the PQC provider.
- SipHash128 support has been added to the low level library and the JCE provider.
- BCJSSE: BC API now supports explicitly specifying the session to resume.
- BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is
negotiated (except in FIPS mode).
- BCJSSE: Added support for extended_master_secret system properties:
jdk.tls.allowLegacyMasterSecret, jdk.tls.allowLegacyResumption,
jdk.tls.useExtendedMasterSecret .
- BCJSSE: Ed25519, Ed448 are now supported when TLS 1.2 or higher is
negotiated (except in FIPS mode).
- BCJSSE: KeyManager and TrustManager now check algorithm constraints for
keys and certificate chains.
- BCJSSE: KeyManager selection of server credentials now prefers matching
OBS-URL: https://build.opensuse.org/request/show/798842
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=58
- Version update to 1.64 [bsc#1153385, CVE-2019-17359]
[bsc#1096291, CVE-2018-1000180][bsc#1100694, CVE-2018-1000613]
* Security Advisory:
- CVE-2019-17359: A change to the ASN.1 parser in 1.63 introduced
a regression that can cause an OutOfMemoryError to occur on
parsing ASN.1 data.
* Defects Fixed:
- OpenSSH: Fixed padding in generated Ed25519 private keys.
- GOST3410-2012-512 now uses the GOST3411-2012-256 as its KDF digest.
- Validation of headers in PemReader now looks for tailing dashes in header.
- Some compatibility issues around the signature encryption algorithm
field in CMS SignedData and the GOST algorithms have been addressed.
* Additional Features and Functionality:
- PKCS12 key stores containing only certificates can now be created
without the need to provide passwords.
- BCJSSE: Initial support for AlgorithmConstraints; protocol versions
and cipher suites.
- BCJSSE: Initial support for 'jdk.tls.disabledAlgorithms'; protocol
versions and cipher suites.
- BCJSSE: Add SecurityManager check to access session context.
- BCJSSE: Improved SunJSSE compatibility of the NULL_SESSION.
- BCJSSE: SSLContext algorithms updated for SunJSSE compatibility
(default enabled protocols).
- The digest functions Haraka-256 and Haraka-512 have been added to
the provider and the light-weight API
- XMSS/XMSS^MT key management now allows for allocating subsets of the
private key space using the extraKeyShard() method. Use of
StateAwareSignature is now deprecated.
- Support for Java 11's NamedParameterSpec class has been added
(using reflection) to the EC and EdEC KeyPairGenerator implementations.
OBS-URL: https://build.opensuse.org/request/show/737444
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=51
* CVE-2016-1000338: Fix DSA ASN.1 validation during encoding of
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
- bumb target to 1.6
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=42
signature on verification (boo#1095722).
* CVE-2016-1000339: Fix AESEngine key information leak via lookup
table accesses (boo#1095853).
* CVE-2016-1000340: Fix carry propagation bugs in the
implementation of squaring for several raw math classes
(boo#1095854).
* CVE-2016-1000341: Fix DSA signature generation vulnerability to
timing attack (boo#1095852).
* CVE-2016-1000342: Fix ECDSA ASN.1 validation during encoding of
signature on verification (boo#1095850).
* CVE-2016-1000343: Fix week default settings for private DSA key
pair generation (boo#1095849).
* CVE-2016-1000344: Remove DHIES from the provider to disable the
unsafe usage of ECB mode (boo#1096026).
* CVE-2016-1000345: Fix DHIES/ECIES CBC mode padding oracle
attack (boo#1096025).
* CVE-2016-1000346: Fix other party DH public key validation
(boo#1096024).
* CVE-2016-1000352: Remove ECIES from the provider to disable the
unsafe usage of ECB mode (boo#1096022).
OBS-URL: https://build.opensuse.org/package/show/Java:packages/bouncycastle?expand=0&rev=41
