Revisions of bouncycastle
buildservice-autocommit
accepted
request 1170836
from
Fridrich Strba (fstrba)
(revision 105)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 104)
Gus Kenion (gkenion)
accepted
request 1170680
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 103)
- Update to version 1.78: [bsc#1223252, CVE-2024-30171] * Security Advisories. - CVE-2024-29857: Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation. - CVE-2024-30171: Possible timing based leakage in RSA based handshakes due to exception processing eliminated. - CVE-2024-30172: Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code. - CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. This has been fixed. * Defects Fixed: - Issues with a dangling weak reference causing intermittent NullPointerExceptions in the OcspCache have been fixed. - Issues with non-constant time RSA operations in TLS handshakes. - Issue with Ed25519, Ed448 signature verification causing intermittent infinite loop have been fixed. - Issues with non-constant time ML-KEM implementation ("Kyber Slash"). - Align ML-KEM input validation with FIPS 203 IPD requirements. - Make PEM parsing more forgiving of whitespace to align with RFC 7468. - Fix CCM length checks with large nonce sizes (n=12, n=13). - EAC: Fixed the CertificateBody ASN.1 type to support an optional Certification Authority Reference in a Certificate Request. - ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized and the contents octets for both types are now limited to 4096 bytes. - BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(), which could cause issues for HSM RSA keys. - BCJSSE: When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection),
buildservice-autocommit
accepted
request 1130965
from
Fridrich Strba (fstrba)
(revision 102)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1130814
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 101)
- Update to version 1.77: * Defects Fixed: - Using an unescaped '=' in an X.500 RDN would result in the RDN being truncated silently. The issue is now detected and an exception is thrown. - asn1.eac.CertificateBody was returning certificateEffectiveDate from getCertificateExpirationDate(). This has been fixed to return certificateExpirationDate. - DTLS: Fixed retransmission in response to re-receipt of an aggregated ChangeCipherSpec. - (D)TLS: Fixed compliance for supported_groups extension. Server will no longer negotiate an EC cipher suite using a default curve when the ClientHello includes the supported_groups extension but it contains no curves in common with the server. Similarly, a DH cipher suite will not be negotiated when the ClientHello includes supported_groups, containing at least one FFDHE group, but none in common with the server. - IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi. - TLS: class annotation issues that could occur between the BC provider and the TLS API for the GCMParameterSpec class when the jars were loaded on the boot class path have been addressed. - Attempt to create an ASN.1 OID from a zero length byte array is now caught at construction time. - Attempt to create an X.509 extension block which is empty will now be blocked cause an exception. - IES implementation will now accept a null ParameterSpec if no nonce is needed. - An internal method in Arrays was failing to construct its failure message correctly on an error. - HSSKeyPublicParameters.generateLMSContext() would fail for a
buildservice-autocommit
accepted
request 1118619
from
Fridrich Strba (fstrba)
(revision 100)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1118599
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 99)
- Update to version 1.76: * Defects Fixed: - Service allocation in the provider could fail due to the lack of a permission block. This has been fixed. - JceKeyFingerPrintCalculator has been generalised for different providers by using "SHA-256" for the algorithm string. - BCJSSE: Fixed a regression in 1.74 (NullPointerException) that prevents a BCJSSE server from negotiating TLSv1.1 or earlier. - DTLS: Fixed server support for client_certificate_type extension. - Cipher.unwrap() for HQC could fail due to a miscalculation of the length of the KEM packet. This has been fixed. - There was exposure to a Java 7 method in the Java 5 to Java 8 BCTLS jar which could cause issues with some TLS 1.2 cipher suites running on older JVMs. This is now fixed. * Additional Features and Functionality: - BCJSSE: Following OpenJDK, finalizers have been removed from SSLSocket subclasses. Applications should close sockets and not rely on garbage collection. - BCJSSE: Added support for boolean system property "jdk.tls.client.useCompatibilityMode" (default "true"). - DTLS: Added server support for session resumption. - JcaPKCS10CertificationRequest will now work with EC on the OpenJDK provider. - TimeStamp generation now supports the SHA3 algorithm set. - The SPHINCS+ simple parameters are now fully supported in the BCPQC provider. - Kyber, Classic McEliece, HQC, and Bike now supported by the CRMF/CMS/CMP APIs. - Builder classes have been add for PGP ASCII Armored streams allowing CRCs and versions to now be optional.
Fridrich Strba (fstrba)
accepted
request 1114358
from
Fridrich Strba (fstrba)
(revision 98)
javapackages >= 6
buildservice-autocommit
accepted
request 1094295
from
Fridrich Strba (fstrba)
(revision 97)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 96)
Fridrich Strba (fstrba)
accepted
request 1094146
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 95)
- Update to version 1.74: [bsc#1212508, CVE-2023-33201] * Defects Fixed: - AsconEngine: Fixed a buffering bug when decrypting across multiple processBytes calls (ascon128a unaffected). - Context based sanity checking on PGP signatures has been added. - The ParallelHash clone constructor was not copying all fields. - The maximimum number of blocks for CTR/SIC modes was 1 block less than it should have been. * Additional Features and Functionality: - The PGP API now supports wildcard key IDs for public key based data encryption. - LMS now supports SHA256/192, SHAKE256/192, and SHAKE256/256 (the additional SP 8000-208 parameter sets). - The PGP API now supports V5 and V6 AEAD encryption for encrypted data packets. - The PGP examples have been updated to reflect key size and algorithm changes that have occurred since they were first written (10+ years...). - (D)TLS: A new callback 'TlsPeer.notifyConnectionClosed' will be called when the connection is closed (including by failure). - BCJSSE: Improved logging of connection events and include unique IDs in connection-specific log messages. - BCJSSE: Server now logs the offered cipher suites when it fails to select one. - BCJSSE: Added support for SSLParameters namedGroups and signatureSchemes properties (can also be used via BCJSSE extension API in earlier Java versions). - DTLS: The initial handshake re-send time is now configurable by overriding 'TlsPeer.getHandshakeResendTimeMillis'. - DTLS: Added support for connection IDs per RFC 9146. - DTLS: Performance of DTLSVerifier has been improved so that it can
Fridrich Strba (fstrba)
committed
(revision 94)
buildservice-autocommit
accepted
request 1082727
from
Fridrich Strba (fstrba)
(revision 93)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1082715
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 92)
- Update to version 1.73: * Defects Fixed: - BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. - The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. - The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. - There was an off-by-one error in engineGetOutputSize() for ECIES. - The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. - Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. - Fixed RFC3394WrapEngine handling of 64 bit keys. - Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. - JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. - PKCS10CertificationRequest now checks for empty extension parameters. - Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. - PGP AEAD streams could occassionally be truncated. - The ESTService class now supports processing of chunked HTTP data. - A constructed ASN.1 OCTET STRING with a single member would sometimes be re-encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object.
Fridrich Strba (fstrba)
committed
(revision 91)
Fridrich Strba (fstrba)
committed
(revision 90)
buildservice-autocommit
accepted
request 1031120
from
Fridrich Strba (fstrba)
(revision 89)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 88)
Fridrich Strba (fstrba)
accepted
request 1030002
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 87)
- Update to version 1.72: * Defects Fixed: - There were parameter errors in XMSS^MT OIDs for XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have been fixed. - There was an error in Merkle tree construction for the Evidence Records (ERS) implementation which could result in invalid roots been timestamped. ERS now produces an ArchiveTimeStamp for each data object/group with an associated reduced hash tree. The reduced hash tree is now calculated as a simple path to the root of the tree for each record. - OpenPGP will now ignore signatures marked as non-exportable on encoding. - A tagging calculation error in GCMSIV which could result in incorrect tags has been fixed. - Issues around Java 17 which could result in failing tests have been addressed. * Additional Features and Functionality: - BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method). - BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE. - BCJSSE: Support export of keying material via extension API. - (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266. - (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3. - (D)TLS (low-level API): Add support for raw public keys per RFC 7250.
buildservice-autocommit
accepted
request 978876
from
Fridrich Strba (fstrba)
(revision 86)
baserev update by copy to link target
Displaying revisions 1 - 20 of 105