Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: bouncycastle-util | Distribution: openSUSE Tumbleweed |
Version: 1.82 | Vendor: openSUSE |
Release: 1.1 | Build date: Mon Sep 22 11:29:17 2025 |
Group: Development/Libraries/Java | Build host: reproducible |
Size: 802984 | Source RPM: bouncycastle-1.82-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.bouncycastle.org | |
Summary: Bouncy Castle ASN.1 Extension and Utility APIs |
The Bouncy Castle Java APIs for ASN.1 extension and utility APIs used to support bcpkix and bctls.
MIT
* Mon Sep 22 2025 Pedro Monreal <pmonreal@suse.com> - Update to 1.82: * Defects Fixed: - SNOVA and MAYO are now correctly added to the JCA provider module-info file. - TLS: Avoid nonce reuse error in JCE AEAD workaround for pre-Java7. - BCJSSE: Session binding map is now shared across all stages of the session lifecycle (SunJSSE compatibility). - The CMCEPrivateKeyParameters#reconstructPublicKey method was returning an empty byte array. It now returns an encoding of the public key. - CBZip2InputStream no longer auto-closes at end-of-contents. - The BC CertPath implementation was eliminating certificates on the bases of the Key-ID. This is not in accordance with RFC 4158. - Support for the previous set of libOQS Falcon OIDs has been restored. - The BC CipherInputStream could throw an exception if asked to handle an AEAD stream consisting of the MAC only. - Some KeyAgreement classes were missing in the Java 11 class hierarchy. - Fix typo in a constant name in the HPKE class and deprecate the old constant. - Fuzzing analysis has been done on the OpenPGP API and additional code has been added to prevent escaping exceptions. * Additional Features and Functionality: - SHA3Digest, CSHAKE, TupleHash, KMAC now provide support for Memoable and EncodableService. - BCJSSE: Added support for integrity-only cipher suites in TLS 1.3 per RFC 9150. - BCJSSE: Added support for system properties "jdk.tls.{client,server}.maxInboundCertificateChainLength" - BCJSSE: Added support for ML-DSA signature schemes in TLS 1.3 per draft-ietf-tls-mldsa-00. - The Composite post-quantum signatures implementation has been updated to the latest draft (07) draft-ietf-lamps-pq-composite-sigs. - "_PREHASH" implementations are now provided for all composite signatures to allow the hash of the date to be used instead of the actual data in signature calculation. - The gradle build can now be used to generate an Bill of Materials (BOM) file. - It is now possible to configure the SignerInfoVerifierBuilder used by the SignedMailValidator class. - The Ascon family of algorithms has been updated with the latest published changes. - Composite signature keys can now be constructed from the individual keys of the algorithms composing the composite. - PGPSecretKey, PGPSignatureGenerator now support version 6. - Further optimisation work has been done on ML-KEM public key validation. - Zeroization of passwords in the JCA PKCS12 key store has been improved. - The "org.bouncycastle.drbg.effective_256bits_entropy" property has been added for platforms where the entropy source is not producing 1 full bit of entropy per bit and additional bits are required (default value 282). - OpenPGPKeyGenerator now allows for the use of empty UserIDs (version 4 compatibility). - The HQC KEM has been updated with the latest draft updates. * Additional Notes: - The legacy post-quantum package has now been removed. * Wed Jun 18 2025 Fridrich Strba <fstrba@suse.com> - Added patch: * bouncycastle-char-literal.patch + Somehow, during the build, one unicode character become too long for being a char literal. Consider it as string then. * Wed Jun 18 2025 Pedro Monreal <pmonreal@suse.com> - Update to 1.81: * Defects Fixed: - A potention NullPointerException in the KEM KDF KemUtil class has been removed. - Overlapping input/output buffers in doFinal could result in data corruption. - Fixed Grain-128AEAD decryption incorrectly handle MAC verification. - Add configurable header validation to prevent malicious header injection in PGP cleartext signed messages; Fix signature packet encoding issues in PGPSignature.join() and embedded signatures while phasing out legacy format. - Fixed ParallelHash initialization stall when using block size B=0. - The PRF from the PBKDF2 function was been lost when PBMAC1 was initialized from protectionAlgorithm. This has been fixed. - The lowlevel DigestFactory was cloning MD5 when being asked to clone SHA1. * Additional Features and Functionality: - XWing implementation updated to draft-connolly-cfrg-xwing-kem/07/ - Further support has been added for generation and use of PGP V6 keys - Additional validation has been added for armored headers in Cleartext Signed Messages. - The PQC signature algorithm proposal Mayo has been added to the low-level API and the BCPQC provider. - The PQC signature algorithm proposal Snova has been added to the low-level API and the BCPQC provider. - Support for ChaCha20-Poly1305 has been added to the CMS/SMIME APIs. - The Falcon implementation has been updated to the latest draft. - Support has been added for generating keys which encode as seed-only and expanded-key-only for ML-KEM and ML-DSA private keys. - Private key encoding of ML-DSA and ML-KEM private keys now follows the latest IETF draft. - The Ascon family of algorithms has been updated to the initial draft of SP 800-232. Some additional optimisation work has been done. - Support for ML-DSA's external-mu calculation and signing has been added to the BC provider. - CMS now supports ML-DSA for SignedData generation. - Introduce high-level OpenPGP API for message creation/consumption and certificate evaluation. - Added JDK21 KEM API implementation for HQC algorithm. - BCJSSE: Strip trailing dot from hostname for SNI, endpointID checks. - BCJSSE: Draft support for ML-KEM updated (draft-connolly-tls-mlkem-key-agreement-05). - BCJSSE: Draft support for hybrid ECDHE-MLKEM (draft-ietf-tls-ecdhe-mlkem-00). - BCJSSE: Optionally prefer TLS 1.3 server's supported_groups order (BCSSLParameters.useNamedGroupsOrder). * Mon Feb 03 2025 Pedro Monreal <pmonreal@suse.com> - Update to 1.80: * Defects Fixed: - A splitting issue for ML-KEM led to an incorrect size for kemct in KEMRecipientInfos. This has been fixed. - The PKCS12 KeyStore has been adjusted to prevent accidental doubling of the Oracle trusted certificate attribute (results in an IOException when used with the JVM PKCS12 implementation). - The SignerInfoGenerator copy constructor was ignoring the certHolder field. - The getAlgorithm() method return value for a CompositePrivateKey was not consistent with the corresponding getAlgorithm() return value for the CompositePrivateKey. This has been fixed. - The international property files were missing from the bcjmail distribution. - Issues with ElephantEngine failing on processing large/multi-block messages have been addressed. - GCFB mode now fully resets on a reset. - The lightweight algorithm contestants: Elephant, ISAP, PhotonBeetle, Xoodyak now support the use of the AEADParameters class and provide accurate update/doFinal output lengths. - An unnecessary downcast in CertPathValidatorUtilities was resulting in the ignoring of URLs for FTP based CRLs. - A regression in the OpenPGP API could cause NoSuchAlgorithmException to be thrown when attempting to use SHA-256 in some contexts. - EtsiTs1029411TypesAuthorization was missing an extension field. - Interoperability issues with single depth LMS keys have been addressed. * Additional Features and Functionality: - CompositeSignatures now updated to draft-ietf-lamps-pq-composite-sigs-03. - ML-KEM, ML-DSA, SLH-DSA, and Composite private keys now use raw encodings as per the latest drafts from IETF 121: draft-ietf-lamps-kyber-certificates-06, draft-ietf-lamps-dilithium-certificates-05, and draft-ietf-lamps-x509-slhdsa. - Initial support has been added for RFC 9579 PBMAC1 in the PKCS API. - Support has been added for EC-JPAKE to the lightweight API. - Support has been added for the direct construction of S/MIME AuthEnvelopedData objects, via the SMIMEAuthEnvelopedData class. - An override "org.bouncycastle.asn1.allow_wrong_oid_enc" property has been added to disable new OID encoding checks (use with caution). - Support has been added for the PBEParemeterSpec.getParameterSpec() method where supported by the JVM. - ML-DSA/SLH-DSA now return null for Signature.getParameters() if no context is provided. This allows the algorithms to be used with the existing Java key tool. - HQC has been updated to reflect the reference implementation released on 2024-10-30. - Support has been added to the low-level APIs for the OASIS Shamir Secret Splitting algorithms. - BCJSSE: System property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" no longer used. FIPS TLS 1.2 GCM suites can now be enabled according to JcaTlsCrypto#getFipsGCMNonceGeneratorFactory (see JavaDoc for details) if done in alignment with FIPS requirements. - Support has been added for OpenPGP V6 PKESK and message encryption. - PGPSecretKey.copyWithNewPassword() now includes AEAD support. - The ASCON family of algorithms have been updated in accordance with the published FIPS SP 800-232 draft. * Mon Nov 04 2024 Pedro Monreal <pmonreal@suse.com> - Update to 1.79: * Defects Fixed: - Leading zeroes were sometimes dropped from Ed25519 signatures leading to verification errors in the PGP API. - Default version string for Armored Output is now set correctly in 18on build. - The Elephant cipher would fail on large messages. - CMSSignedData.replaceSigners() would re-encode the digest algorithms block, occassionally dropping ones where NULL had been previously added as an algorithm parameter. The method now attempts to only use the original digest algorithm identifiers. - ERSInputStreamData would fail to generate the correct hash if called a second time with a different hash algorithm. - A downcast in the CrlCache which would cause FTP based CRLs to fail to load has been removed. - ECUtil.getNamedCurveOid() now trims curve names of excess space before look up. - The PhotonBeetle and Xoodyak digests did not reset properly after a doFinal() call. - Malformed AlgorithmIdentifiers in CertIDs could cause caching issues in the OCSP cache. - With Java 21 a provider service class will now be returned with a null class name where previously a null would have been returned for a service. This can cause a NullPointerException to be thrown by the BC provider if a non-existant service is requested. - CMS: OtherKeyAttribute.keyAttr now treated as optional. - CMS: EnvelopedData and AuthEnvelopedData could calculate the wrong versions. - The default version header for PGP armored output did not carry the correct version string. - In some situations the algorithm lookup for creating PGPDigestCalculators would fail due to truncation of the algorithm name. * Additional Features and Functionality: - Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA. - The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API. - A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA. - BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode). - BCJSSE: Added support for signature_algorithms_cert configuration via "org.bouncycastle.jsse.client.SignatureSchemesCert" and "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or BCSSLParameters property "SignatureSchemesCert". - BCJSSE: Added support for boolean system property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default). - (D)TLS: Remove redundant verification of self-generated RSA signatures. - CompositePrivateKeys now support the latest revision of the composite signature draft. - Delta Certificates now support the latest revision of the delta certificate extension draft. - A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API. - Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API. - Support for Version 6 signatures, including salts, has been added to the PGP API. - Support for the PreferredKeyServer signature supacket has been added to the PGP API. - Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)", has been added to the CMS API. - Support for the Argon2 S2K has been added to the PGP API. - The system property "org.bouncycastle.pemreader.lax" has been introduced for situations where the BC PEM parsing is now too strict. - The system property "org.bouncycastle.ec.disable_f2m" has been introduced to allow F2m EC support to be disabled. * Rebase bouncycastle-notests.patch * Mon Apr 29 2024 Fridrich Strba <fstrba@suse.com> - Update to version 1.78.1 * Defects Fixed: - The new dependency of the the PGP API on the bcutil jar was missing from the module jar, the OSGi manifest, and the Maven POM. This has been fixed. - Missing exports and duplicate imports have been added/removed from the OSGi manifests. - The OSGi manifests now have the same bundle IDs as 1.77 and lock down dependencies to the equivalent variations - A check in the X.509 Extensions class preventing the parsing of empty extensions has been removed. * Mon Apr 29 2024 Pedro Monreal <pmonreal@suse.com> - Update to version 1.78: [bsc#1223252, CVE-2024-30171] [bsc#1224304, CVE-2024-30172] [bsc#1224299, CVE-2024-29857] * Security Advisories. - CVE-2024-29857: Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation. - CVE-2024-30171: Possible timing based leakage in RSA based handshakes due to exception processing eliminated. - CVE-2024-30172: Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code. - CVE-2024-301XX: When endpoint identification is enabled in the BCJSSE and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. This has been fixed. * Defects Fixed: - Issues with a dangling weak reference causing intermittent NullPointerExceptions in the OcspCache have been fixed. - Issues with non-constant time RSA operations in TLS handshakes. - Issue with Ed25519, Ed448 signature verification causing intermittent infinite loop have been fixed. - Issues with non-constant time ML-KEM implementation ("Kyber Slash"). - Align ML-KEM input validation with FIPS 203 IPD requirements. - Make PEM parsing more forgiving of whitespace to align with RFC 7468. - Fix CCM length checks with large nonce sizes (n=12, n=13). - EAC: Fixed the CertificateBody ASN.1 type to support an optional Certification Authority Reference in a Certificate Request. - ASN.1: ObjectIdentifier (also Relative OID) parsing has been optimized and the contents octets for both types are now limited to 4096 bytes. - BCJSSE: Fixed a missing null check on the result of PrivateKey.getEncoded(), which could cause issues for HSM RSA keys. - BCJSSE: When endpoint identification is enabled and an SSL socket is not created with an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address. - The missing module import of java.logging to the provider module has been added. - GOST ASN.1 public key alg parameters are now compliant with RFC 9215. - An off-by-one error in the encoding for EccP256CurvePoint for ITS. - PEM Parser now enforces PEM headers to start at the beginning of the line to be meaningful. * Additional Features and Functionality. - An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol) has been added as a new module. - NTRU now supports NTRU-HPS4096-1229 and NTRU-HRSS-1373. - Improvements to PGP support, including Camellia key wrapping and Curve25519, Curve448 key types (including XDH with HKDF). - Added initial support for ML-KEM in TLS. - Added XWing hybrid KEM construction (X25519 + ML-KEM-768). - Introduced initial KEMSpi support (NTRU, SNTRU Prime) for JDK 21+. - Introduced initial composite signature support for X509 Certificates. - PKCS#12 now supports PKCS12-AES256-AES128, PKCS12-AES256-AES128-GCM, PKCS12-DEF-AES256-AES128, and PKCS12-DEF-AES256-AES128-GCM. - The default type for the KeyStore.getInstance("PKCS12", "BC") can now be set using the org.bouncycastle.pkcs12.default system/security property. - The PGP SExpParser will now handle Ed25519 and Ed448 keys. - Dilithium and Kyber key encoding updated to latest Draft RFCs (draft-ietf-lamps-dilithium-certificates and draft-ietf-lamps-kyber-certificates) - Support has been added for encryption key derivation using HKDF in CMS, see draft-housley-lamps-cms-cek-hkdf-sha256. - X500Name now recognises jurisdiction{C,ST,L} DNs. - CertPathValidationContext and CertificatePoliciesValidation now include implementations of Memoable. - The Composite post-quantum signatures implementation has been updated to the latest draft draft-ounsworth-pq-composite-sigs. * Full release notes: bouncycastle.org/releasenotes.html#r1rv78 * Rebase bouncycastle-notests.patch * Mon Dec 04 2023 Pedro Monreal <pmonreal@suse.com> - Update to version 1.77: * Defects Fixed: - Using an unescaped '=' in an X.500 RDN would result in the RDN being truncated silently. The issue is now detected and an exception is thrown. - asn1.eac.CertificateBody was returning certificateEffectiveDate from getCertificateExpirationDate(). This has been fixed to return certificateExpirationDate. - DTLS: Fixed retransmission in response to re-receipt of an aggregated ChangeCipherSpec. - (D)TLS: Fixed compliance for supported_groups extension. Server will no longer negotiate an EC cipher suite using a default curve when the ClientHello includes the supported_groups extension but it contains no curves in common with the server. Similarly, a DH cipher suite will not be negotiated when the ClientHello includes supported_groups, containing at least one FFDHE group, but none in common with the server. - IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi. - TLS: class annotation issues that could occur between the BC provider and the TLS API for the GCMParameterSpec class when the jars were loaded on the boot class path have been addressed. - Attempt to create an ASN.1 OID from a zero length byte array is now caught at construction time. - Attempt to create an X.509 extension block which is empty will now be blocked cause an exception. - IES implementation will now accept a null ParameterSpec if no nonce is needed. - An internal method in Arrays was failing to construct its failure message correctly on an error. - HSSKeyPublicParameters.generateLMSContext() would fail for a unit depth key. * Additional Features and Functionality: - BCJSSE: Added org.bouncycastle.jsse.client.omitSigAlgsCertExtension and org.bouncycastle.jsse.server.omitSigAlgsCertExtension boolean system properties to control (for client and server resp.) whether the signature_algorithms_cert extension should be omitted if it would be identical to signature_algorithms. Defaults to true, the historical behaviour. - The low-level HPKE API now allows the sender to specify an ephemeral key pair. - Support has been added for the delta-certificate requests in line with the current Chameleon Cert draft from the IETF. - Some accommodation has been added for historical systems to accommodate variations in the SHA-1 digest OID for CMS SignedData. - TLS: the TLS API will now try "RSAwithDigestAndMFG1" as well as the newer RSAPSS algorithm names when used with the JCA. - TLS: RSA key exchange cipher suites are now disabled by default. - Support has been added for PKCS#10 requests to allow certificates using the altSignature/altPublicKey extensions. * Notes: - Kyber and Dilithium have been updated according to the latest draft of the standard. Dilithium-AES and Kyber-AES have now been removed. Kyber now produces 256 bit secrets for all parameter sets (in line with the draft standard). - NTRU has been updated to produce 256 bit secrets in line with Kyber. - SPHINCS+ can now be used to generate certificates in line with those used by (Open Quantum Safe) OQS. - Falcon object idenitifiers are now in line with OQS as well. - PQC CMS SignedData now defaults to SHA-256 for signed attributes rather than SHAKE-256. This is also a compatibility change, but may change further again as the IETF standard for CMS is updated. * Wed Oct 18 2023 Pedro Monreal <pmonreal@suse.com> - Update to version 1.76: * Defects Fixed: - Service allocation in the provider could fail due to the lack of a permission block. This has been fixed. - JceKeyFingerPrintCalculator has been generalised for different providers by using "SHA-256" for the algorithm string. - BCJSSE: Fixed a regression in 1.74 (NullPointerException) that prevents a BCJSSE server from negotiating TLSv1.1 or earlier. - DTLS: Fixed server support for client_certificate_type extension. - Cipher.unwrap() for HQC could fail due to a miscalculation of the length of the KEM packet. This has been fixed. - There was exposure to a Java 7 method in the Java 5 to Java 8 BCTLS jar which could cause issues with some TLS 1.2 cipher suites running on older JVMs. This is now fixed. * Additional Features and Functionality: - BCJSSE: Following OpenJDK, finalizers have been removed from SSLSocket subclasses. Applications should close sockets and not rely on garbage collection. - BCJSSE: Added support for boolean system property "jdk.tls.client.useCompatibilityMode" (default "true"). - DTLS: Added server support for session resumption. - JcaPKCS10CertificationRequest will now work with EC on the OpenJDK provider. - TimeStamp generation now supports the SHA3 algorithm set. - The SPHINCS+ simple parameters are now fully supported in the BCPQC provider. - Kyber, Classic McEliece, HQC, and Bike now supported by the CRMF/CMS/CMP APIs. - Builder classes have been add for PGP ASCII Armored streams allowing CRCs and versions to now be optional. - An UnknownPacket type has been added to the PGP APIs to allow for forwards compatibility with upcoming revisions to the standard. * Rebase patch bouncycastle-notests.patch - Update to version 1.75: * Defects Fixed: - Several Java 8 method calls were accidentally introduced in the Java 5 to Java 8 build. The affected classes have been refactored to remove this. - (D)TLS: renegotiation after resumption now fixed to avoid breaking connection. * Notes: - The ASN.1 core package has had some dead and retired methods cleaned up and removed. * Mon Jun 19 2023 Pedro Monreal <pmonreal@suse.com> - Update to version 1.74: [bsc#1212508, CVE-2023-33201] * Defects Fixed: - AsconEngine: Fixed a buffering bug when decrypting across multiple processBytes calls (ascon128a unaffected). - Context based sanity checking on PGP signatures has been added. - The ParallelHash clone constructor was not copying all fields. - The maximimum number of blocks for CTR/SIC modes was 1 block less than it should have been. * Additional Features and Functionality: - The PGP API now supports wildcard key IDs for public key based data encryption. - LMS now supports SHA256/192, SHAKE256/192, and SHAKE256/256 (the additional SP 8000-208 parameter sets). - The PGP API now supports V5 and V6 AEAD encryption for encrypted data packets. - The PGP examples have been updated to reflect key size and algorithm changes that have occurred since they were first written (10+ years...). - (D)TLS: A new callback 'TlsPeer.notifyConnectionClosed' will be called when the connection is closed (including by failure). - BCJSSE: Improved logging of connection events and include unique IDs in connection-specific log messages. - BCJSSE: Server now logs the offered cipher suites when it fails to select one. - BCJSSE: Added support for SSLParameters namedGroups and signatureSchemes properties (can also be used via BCJSSE extension API in earlier Java versions). - DTLS: The initial handshake re-send time is now configurable by overriding 'TlsPeer.getHandshakeResendTimeMillis'. - DTLS: Added support for connection IDs per RFC 9146. - DTLS: Performance of DTLSVerifier has been improved so that it can reasonably be used for all incoming packets. - Initial support has been added for A Mechanism for Encoding Differences in Paired Certificates. - The PGP API now supports parsing, encoding, and fingerprinting of V6 EC/EdEC keys. - A thread safe verifier API has been added to the PGP API to support multi-threaded verification of certifications on keys and user IDs. - The number of keys/sub-keys in a PGPKeyRing can now be found by calling PGPKeyRing.size(). - The PQC algorithms LMS/HSS, SPHINCS+, Dilithium, Falcon, and NTRU are now supported directly by the BC provider. * Notes: - The now defunct PQC SIKE algorithm has been removed, this has also meant the removal of its resource files so the provider is now quite a bit smaller. - As a precaution, HC128 now enforces a 128 bit IV, previous behaviour for shorter IVs can be supported where required by padding the IV to the 128 bits with zero. - PGP encrypted data generation now uses integrity protection by default. Previous behaviour for encrypted data can be supported where required by calling PGPDataEncryptorBuilder.setWithIntegrityPacket(false) when data encryption is set up. - There are now additional sanity checks in place to prevent accidental mis-use of PGPSignature objects. If this change causes any issues, you might want to check what your code is up to as there is probably a bug. * Security Advisories: - CVE-2023-33201: this release fixes an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server with wild-card matthing enabled. * Rebase bouncycastle-javadoc.patch * Add bouncycastle-notests.patch * Tue Apr 25 2023 Pedro Monreal <pmonreal@suse.com> - Update to version 1.73: [jsc#PED-3756] * Defects Fixed: - BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. - The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. - The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. - There was an off-by-one error in engineGetOutputSize() for ECIES. - The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. - Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. - Fixed RFC3394WrapEngine handling of 64 bit keys. - Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. - JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. - PKCS10CertificationRequest now checks for empty extension parameters. - Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. - PGP AEAD streams could occassionally be truncated. - The ESTService class now supports processing of chunked HTTP data. - A constructed ASN.1 OCTET STRING with a single member would sometimes be re-encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. - PKIXCertPathReviewer could fail if the trust anchor was also included in the certificate store being used for path analysis. - UTF-8 parsing of an array range ignored the provided length. - IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt(). - A Java 7 class snuck into the Java 5 to Java 8 build. * Additional Features and Functionality: - The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low-level API and the BCPQC provider (level 3 and level 5 parameter sets only). - The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low-level API. - The org.bouncycastle.rsa.max_mr_tests property check has been added to allow capping of MR tests done on RSA moduli. - Significant performance improvements in PQC algorithms, especially BIKE, CMCE, Frodo, HQC, Picnic. - EdDSA verification now conforms to the recommendations of Taming the many EdDSAs, in particular cofactored verification. As a side benefit, Pornin's basis reduction is now used for EdDSA verification, giving a significant performance boost. - Major performance improvements for Anomalous Binary (Koblitz) Curves. - The lightweight Cryptography finalists Ascon, ISAP, Elephant, PhotonBeetle, Sparkle, and Xoodyak have been added to the light-weight cryptography API. - BLAKE2bp and BLAKE2sp have been added to the light-weight cryptography API. - Support has been added for X.509, Section 9.8, hybrid certificates and CRLs using alternate public keys and alternate signatures. - The property "org.bouncycastle.emulate.oracle" has been added to signal the provider should return algorithm names on some algorithms in the same manner as the Oracle JCE provider. - An extra replaceSigners method has been added to CMSSignedData which allows for specifying the digest algorithm IDs to be used in the new CMSSignedData object. - Parsing and re-encoding of ASN.1 PEM data has been further optimized to prevent unecessary conversions between basic encoding, definite length, and DER. - Support has been added for KEM ciphers in CMS in accordance with draft-ietf-lamps-cms-kemri - Support has been added for certEncr in CRMF to allow issuing of certificates for KEM public keys. - Further speedups have been made to CRC24. - GCMParameterSpec constructor caching has been added to improve performance for JVMs that have the class available. - The PGPEncrytedDataGenerator now supports injecting the session key to be used for PGP PBE encrypted data. - The CRMF CertificateRequestMessageBuilder now supports optional attributes. - Improvements to the s calculation in JPAKE. - A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU. - An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API. * Security Advisories: - The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the CONTRIBUTORS file. - For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended. * Wed Oct 19 2022 Pedro Monreal <pmonreal@suse.com> - Update to version 1.72: * Defects Fixed: - There were parameter errors in XMSS^MT OIDs for XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have been fixed. - There was an error in Merkle tree construction for the Evidence Records (ERS) implementation which could result in invalid roots been timestamped. ERS now produces an ArchiveTimeStamp for each data object/group with an associated reduced hash tree. The reduced hash tree is now calculated as a simple path to the root of the tree for each record. - OpenPGP will now ignore signatures marked as non-exportable on encoding. - A tagging calculation error in GCMSIV which could result in incorrect tags has been fixed. - Issues around Java 17 which could result in failing tests have been addressed. * Additional Features and Functionality: - BCJSSE: TLS 1.3 is now enabled by default where no explicit protocols are supplied (e.g. "TLS" or "Default" SSLContext algorithms, or SSLContext.getDefault() method). - BCJSSE: Rewrite SSLEngine implementation to improve compatibility with SunJSSE. - BCJSSE: Support export of keying material via extension API. - (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266. - (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are offered now. Earlier versions are still supported if explicitly enabled. Users may need to check they are offering suitable cipher suites for TLS 1.3. - (D)TLS (low-level API): Add support for raw public keys per RFC 7250. - CryptoServicesRegistrar now has a setServicesConstraints() method on it which can be used to selectively turn off algorithms. - The NIST PQC Alternate Candidate, Picnic, has been added to the low level API and the BCPQC provider. - SPHINCS+ has been upgraded to the latest submission, SPHINCS+ 3.1 and support for Haraka has been added. - Evidence records now support timestamp renewal and hash renewal. - The SIKE Alternative Candidate NIST Post Quantum Algorithm has been added to the low-level PQC API. - The NTRU Round 3 Finalist Candidate NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. - The Falcon Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. - The CRYSTALS-Kyber Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. - Argon2 Support has been added to the OpenPGP API. - XDH IES has now been added to the BC provider. - The OpenPGP API now supports AEAD encryption and decryption. - The NTRU Prime Alternative Candidate NIST Post Quantum Algorithms have been added to the low-level API and the BCPQC provider. - The CRYSTALS-Dilithium Finalist NIST Post Quantum Algorithm has been added to the low-level API and the BCPQC provider. - The BIKE NIST Post Quantum Alternative/Round-4 Candidate has been added to the low-level API and the BCPQC provider. - The HQC NIST Post Quantum Alternative/Round-4 Candidate has been added to the low-level API and the BCPQC provider. - Grain128AEAD has been added to the lightweight API. - A fast version of CRC24 has been added for use with the PGP API. - Some additional methods and fields have been exposed in the PGPOnePassSignature class to (hopefully) make it easier to deal with nested signatures. - CMP support classes have been updated to reflect the latest editions to the the draft RFC "Lightweight Certificate Management Protocol (CMP) Profile". - Support has been added to the PKCS#12 implementation for the Oracle trusted certificate attribute. - Performance of our BZIP2 classes has been improved. * Notes: - Keep in mind the PQC algorithms are still under development and we are still at least a year and a half away from published standards. This means the algorithms may still change so by all means experiment, but do not use the PQC algoritms for anything long term. - The legacy "Rainbow" and "McEliece" implementations have been removed from the BCPQC provider. The underlying classes are still present if required. Other legacy algorithm implementations can be found under the org.bouncycastle.pqc.legacy package. * Security Notes: - The PQC SIKE algorithm is provided for research purposes only. It should now be regarded as broken. The SIKE implementation will be withdrawn in BC 1.73. * Rebase bouncycastle-javadoc.patch * Fri Apr 22 2022 Anton Shvetz <shvetz.anton@gmail.com> - Version update to 1.71 * Defects Fixed - In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF8 characters. - An accidental partial dependency on Java 1.7 has been removed from the TLS API. - JcaPKIXIdentityBuilder would fail to process File objects correctly. This is now fixed. - Some byte[] parameters to the CMP API were not being defensively cloned to prevent accidental changes. Extra defensive cloning has been added. - CMS primitives would sometimes convert ASN.1 definite-length encodings into indefinite-length encodings. The primitives will now try and preserve the original encoding where possible. - CMSSignedData.getAttributeCertificates() now properly restricts the tag values checked to just 1 (the obsolete v1 tag) and 2 (for the more current v2 certificates). - BCJSSE now tries to validate a custom KeyManager selection in order to catch errors around a key manager ignoring key type early. - Compressed streams in PGP ending with zero length partial packets could cause failure on parsing the OpenPGP API. This has been fixed. - The fallback mode for JceAsymmetricKeyWrapper/Unwrapper would lose track of any algorithm parameters generated in the initial attempt. The algorithm parameters are now propagated. - An accidental regression introduced by a fix for another issue in PKIXCertPathReviewer around use of the AuthorityKeyIdentifier extension and it failing to match a certificate uniquely when the serial number field is missing has been fixed. - An error was found in the creation of TLS 1.3 Export Keying Material which could cause compatibility issues. This has been fixed. * Additional Features and Functionality - Support has been added for OpenPGP regular expression signature packets. - Support has been added for OpenPGP PolicyURI signature packets. - A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey. - The NIST PQC Finalist, Classic McEliece has been added to the low level API and the BCPQC provider. - The NIST PQC Alternate Candidate, SPHINCS+ has been added to the BCPQC provider. - The NIST PQC Alternate Candidate, FrodoKEM has been added to the low level API and the BCPQC provider. - The NIST PQC Finalist, SABER has been added to the low level API and the BCPQC provider. - KMAC128, KMAC256 has been added to the BC provider (empty customization string). - TupleHash128, TupleHash256 has been added to the BC provider (empty customization string). - ParallelHash128, ParallelHash256 has been added to the BC provider (empty customization string, block size 1024 bits). - Two new properties: "org.bouncycastle.rsa.max_size" (default 15360) and "org.bouncycastle.ec.fp_max_size" (default 1042) have been added to cap the maximum size of RSA and EC keys. - RSA modulus are now checked to be provably composite using the enhanced MR probable prime test. - Imported EC Fp basis values are now validated against the MR prime number test before use. The certainty level of the prime test can be determined by "org.bouncycastle.ec.fp_certainty" (default 100). - The BC entropy thread now has a specific name: "BC-ENTROPY-GATHERER". - Utility methods have been added for joining/merging PGP public keys and signatures. - Blake3-256 has been added to the BC provider. - DTLS: optimisation to delayed handshake hash. - Further additions to the ETSI 102 941 support in the ETSI/ITS package: certification request, signed message generation and verification now supported. - CMSSignedDataGenerator now supports the direct generation of definite-length data. - The NetscapeCertType class now has a hasUsages() method on it for querying usage settings on its bit string. - Support for additional input has been added for deterministic (EC)DSA. - The OpenPGP API provides better support for subkey generation. - BCJSSE: Added boolean system properties "org.bouncycastle.jsse.client.dh.disableDefaultSuites" and "org.bouncycastle.jsse.server.dh.disableDefaultSuites". Default "false". Set to "true" to disable inclusion of DH cipher suites in the default cipher suites for client/server respectively. * Notes - The deprecated QTESLA implementation has been removed from the BCPQC provider. - The submission update to SPHINCS+ has been added. This changes the generation of signatures - particularly deterministic ones. - Version update to 1.70 * Defects Fixed - Blake 3 output limit is enforced. - The PKCS12 KeyStore was relying on default precedence for its key Cipher implementation so was sometimes failing if used from the keytool. The KeyStore class now makes sure it uses the correct Cipher implementation. - Fixed bzip2 compression for empty contents (GH #993). - ASN.1: More robust handling of high tag numbers and definite-length forms. - BCJSSE: Fix a concurrent modification issue in session contexts (GH#968). - BCJSSE: Don't log sensitive system property values (GH#976). - BCJSSE: Fixed a priority issue amongst imperfect-match credentials in KeyManager classes. - The IES AlgorithmParameters object has been re-written to properly support all the variations of IESParameterSpec. - getOutputSize() for ECIES has been corrected to avoid occassional underestimates. - The lack of close() in the ASN.1 Dump command line utility was triggering false positives in some code analysis tools. A close() call has been added. - PGPPublicKey.getBitStrength() now properly recognises EdDSA keys. * Additional Features and Functionality - Missing PGP CRC checksums can now be optionally ignored using setDetectMissingCRC() (default false) on ArmoredInputStream. - PGPSecretKey.copyWithNewPassword() now has a variant which uses USAGE_SHA1 for key protection if a PGPDigestCalculator is passed in. - PGP ASCII armored data now skips "\t", "\v", and "\f". - PKCS12 files with duplicate localKeyId attributes on certificates will now have the incorrect attributes filtered out, rather than the duplicate causing an exception. - PGPObjectFactory will now ignore packets representing unrecognised signature versions in the input stream. - The X.509 extension generator will now accumulate some duplicate X.509 extensions into a single extension where it is possible to do so. - Removed support for maxXofLen in Kangaroo digest. - Ignore marker packets in PGP Public and Secret key ring collection. - An implementation of LEA has been added to the low-level API. - Access, recovery, and direct use for PGP session keys has been added to the OpenPGP API for processing encrypted data. - A PGPCanonicalizedDataGenerator has been added which converts input into canonicalized literal data for text and UTF-8 mode. - A getUserKeyingMaterial() method has been added to the KeyAgreeRecipientInformation class. - ASN.1: Tagged objects (and parsers) now support all tag classes. Special code for ApplicationSpecific has been deprecated and re-implemented in terms of TaggedObject. - ASN.1: Improved support for nested tagging. - ASN.1: Added support for GraphicString, ObjectDescriptor, RelativeOID. - ASN.1: Added support for constructed BitString encodings, including efficient parsing for large values. - TLS: Added support for external PSK handshakes. - TLS: Check policy restrictions on key size when determining cipher suite support. - A performance issue in KeccakDigest due to left over debug code has been identified and dealt with. - BKS key stores can now be used for collecting protected keys (note: any attempt to store such a store will cause an exception). - A method for recovering user keying material has been added to KeyAgreeRecipientInformation. - Support has been added to the CMS API for SHA-3 based PLAIN-ECDSA. - The low level BcDefaultDigestProvider now supports the SHAKE family of algorithms and the SM3 alogirthm. - PGPKeyRingGenerator now supports creation of key-rings with direct-key identified keys. - The PQC NIST candidate, signature algorithm SPHINCS+ has been added to the low-level API. - ArmoredInputStream now explicitly checks for a '\n' if in crLF mode. - Direct support for NotationDataOccurances, Exportable, Revocable, IntendedRecipientFingerPrints, and AEAD algorithm preferences has been added to PGPSignatureSubpacketVector. - Further support has been added for keys described using S-Expressions in GPG 2.2.X. - Support for OpenPGP Session Keys from the (draft) Stateless OpenPGP CLI has been added. - Additional checks have been added for PGP marker packets in the parsing of PGP objects. - A CMSSignedData.addDigestAlgorithm() has been added to allow for adding additional digest algorithm identifiers to CMS SignedData structures when required. - Support has been added to CMS for the LMS/HSS signature algorithm. - The system property "org.bouncycastle.jsse.client.assumeOriginalHostName" (default false) has been added for dealing with SNI problems related to the host name not being propagate by the JVM. - The JcePKCSPBEOutputEncryptorBuilder now supports SCRYPT with ciphers that do not have algorithm parameters (e.g. AESKWP). - Support is now added for certificates using ETSI TS 103 097, "Intelligent Transport Systems (ITS)" in the bcpkix package. * Notes. - While this release should maintain source code compatibility, developers making use of some parts of the ASN.1 library will find that some classes need recompiling. Apologies for the inconvenience. - Version update to 1.69 * Defects Fixed - Lightweight and JCA conversion of Ed25519 keys in the PGP API could drop the leading byte as it was zero. This has been fixed. - Marker packets appearing at the start of PGP public key rings could cause parsing failure. This has been fixed. - ESTService could fail for some valid Content-Type headers. This has been fixed. - Originator key algorithm parameters were being passed as NULL in key agreement recipients. The parameters now reflect the value of the parameters in the key's SubjectPublicKeyInfo. - ContentType on encapsulated data was not been passed through correctly for authenticated and enveloped data. This has been fixed. - NTRUEncryptionParameters and NTRUEncryptionKeyGenerationParameters were not correctly cloning the contained message digest. This has been fixed. - CertificateFactory.generateCertificates()/generateCRLs() would throw an exception if extra data was found at the end of a PEM file even if valid objects had been found. Extra data is now ignored providing at least one object found. - Internal class PKIXCRLUtil could throw a NullPointerException for CRLs with an absent nextUpdate field. This has been fixed. - PGP ArmoredInputStream now fails earlier on malformed headers. - The McElieceKobaraImaiCipher was randomly throwing "Bad Padding: invalid ciphertext" exception while decrypting due to leading zeroes been missed during processing of the cipher text. This has been fixed. - Ed25519 keys being passed in via OpenSSH key spec are now validated in the KeyFactory. - Blowfish keys are now range checked on cipher construction. - In some cases PGPSecretKeyRing was failing to search its extraPubKeys list when searching for public keys. - The BasicConstraintsValidation class in the BC cert path validation tools has improved conformance to RFC 5280. - AlgorithmIdentifiers involving message digests now attempt to follow the latest conventions for the parameters field (basically DER NULL appears less). - Fix various conversions and interoperability for XDH and EdDSA between BC and SunEC providers. - TLS: Prevent attempts to use KeyUpdate mechanism in versions before TLS 1.3. * Additional Features and Functionality - GCM-SIV has been added to the lightweight API and the provider. - Blake3 has been added to the lightweight API. - The OpenSSL PEMParser can now be extended to add specialised parsers. - Base32 encoding has now been added, the default alphabet is from RFC 4648. - The KangarooTwelve message digest has been added to the lightweight API. - An implementation of the two FPE algorithms, FF1 and FF3-1 in SP 800-38G has been added to the lightweight API and the JCE provider. - An implementation of ParallelHash has been added to the lightweight API. - An implementation of TupleHash has been added to the lightweight API. - RSA-PSS now supports the use of SHAKE128 and SHAKE256 as the mask generation function and digest. - ECDSA now supports the use of SHAKE128 and SHAKE256. - PGPPBEEncryptedData will now reset the stream if the initial checksum fails so another password can be tried. - Iterators on public and secret key ring collections in PGP now reflect the original order of the public/secret key rings they contain. - KeyAgreeRecipientInformation now has a getOriginator() method for retrieving the underlying orginator information. - PGPSignature now has a getDigestPrefix() method for people wanting exposure to the signature finger print details. - The old BKS-V1 format keystore is now disabled by default. If you need to use BKS-V1 for legacy reasons, it can be re-enabled by adding: org.bouncycastle.bks.enable_v1=true to the java.security file. We would be interested in hearing from anyone that needs to do this. - PLAIN-ECDSA now supports the SHA3 digests. - Some highlevel support for RFC 4998 ERS has been added for ArchiveTimeStamp and EvidenceRecord. The new classes are in the org.bouncycastle.tsp.ers package. - ECIES has now also support SHA256, SHA384, and SHA512. - digestAlgorithms filed in CMS SignedData now includes counter signature digest algorithms where possible. - A new property "org.bouncycastle.jsse.config" has been added which can be used to configure the BCJSSE provider when it is created using the no-args constructor. - In line with changes in OpenSSL 1.1.0, OpenSSLPBEParametersGenerator can now be configured with a digest. - PGPKeyRingGenerator now includes a method for adding a subkey with a primary key binding signature. - Support for ASN.1 PRIVATE tags has been added. - Performance enhancements to Nokeon, AES, GCM, and SICBlockCipher. - Support for ecoding/decoding McElieceCCA2 keys has been added to the PQC API - BCJSSE: Added support for jdk.tls.maxCertificateChainLength system property (default is 10). - BCJSSE: Added support for jdk.tls.maxHandshakeMessageSize system property (default is 32768). - BCJSSE: Added support for jdk.tls.client.enableCAExtension (default is 'false'). - BCJSSE: Added support for jdk.tls.client.cipherSuites system property. - BCJSSE: Added support for jdk.tls.server.cipherSuites system property. - BCJSSE: Extended ALPN support via standard JSSE API to JDK 8 versions after u251/u252. - BCJSSE: Key managers now support EC credentials for use with TLS 1.3 ECDSA signature schemes (including brainpool). - TLS: Add TLS 1.3 support for brainpool curves per RFC 8734. * Notes - There is a small API change in the PKIX package to the DigestAlgorithmIdentifierFinder interface as a find() method that takes an ASN1ObjectIdentifier has been added to it. For people wishing to extend their own implementations, see DefaultDigestAlgorithmIdentifierFinder for a sample implementation. - A version of the bcmail API supporting Jakarta Mail has now been added (see bcjmail jar). - Some work has been done on moving out code that does not need to be in the provider jar. This has reduced the size of the provider jar and should also make it easier for developers to patch the classes involved as they no longer need to be signed. bcpkix and bctls are both dependent on the new bcutil jar. - Add build dependencies on mvn(jakarta.activation:jakarta.activation-api) and mvn(jakarta.mail:jakarta.mail-api) - Remove unneeded script bouncycastle_getpoms.sh from sources * Wed Mar 30 2022 Fridrich Strba <fstrba@suse.com> - Build against the standalone JavaEE modules unconditionally * Fri Mar 18 2022 Fridrich Strba <fstrba@suse.com> - Build with source/target levels 8 * Thu Mar 17 2022 Fridrich Strba <fstrba@suse.com> - Add glassfish-activation-api dependency so that we can build with JDK that does not contain the JavaEE modules
/usr/share/java/bcutil.jar /usr/share/licenses/bouncycastle-util /usr/share/licenses/bouncycastle-util/LICENSE.html /usr/share/maven-metadata/bouncycastle-bcutil.xml /usr/share/maven-poms/bcutil.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 22:37:43 2025