Revisions of bouncycastle
buildservice-autocommit
accepted
request 1130965
from
Fridrich Strba (fstrba)
(revision 102)
Fridrich Strba (fstrba)
(revision 102)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1130814
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 101)
- Update to version 1.77:
* Defects Fixed:
- Using an unescaped '=' in an X.500 RDN would result in the
RDN being truncated silently. The issue is now detected and
an exception is thrown.
- asn1.eac.CertificateBody was returning certificateEffectiveDate
from getCertificateExpirationDate(). This has been fixed to
return certificateExpirationDate.
- DTLS: Fixed retransmission in response to re-receipt of an
aggregated ChangeCipherSpec.
- (D)TLS: Fixed compliance for supported_groups extension.
Server will no longer negotiate an EC cipher suite using a
default curve when the ClientHello includes the supported_groups
extension but it contains no curves in common with the server.
Similarly, a DH cipher suite will not be negotiated when the
ClientHello includes supported_groups, containing at least one
FFDHE group, but none in common with the server.
- IllegalStateException was being thrown by Ed25519/Ed448 SignatureSpi.
- TLS: class annotation issues that could occur between the BC
provider and the TLS API for the GCMParameterSpec class when
the jars were loaded on the boot class path have been addressed.
- Attempt to create an ASN.1 OID from a zero length byte array
is now caught at construction time.
- Attempt to create an X.509 extension block which is empty will
now be blocked cause an exception.
- IES implementation will now accept a null ParameterSpec if no
nonce is needed.
- An internal method in Arrays was failing to construct its
failure message correctly on an error.
- HSSKeyPublicParameters.generateLMSContext() would fail for a
buildservice-autocommit
accepted
request 1118619
from
Fridrich Strba (fstrba)
(revision 100)
Fridrich Strba (fstrba)
(revision 100)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1118599
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 99)
- Update to version 1.76:
* Defects Fixed:
- Service allocation in the provider could fail due to the lack
of a permission block. This has been fixed.
- JceKeyFingerPrintCalculator has been generalised for different
providers by using "SHA-256" for the algorithm string.
- BCJSSE: Fixed a regression in 1.74 (NullPointerException) that
prevents a BCJSSE server from negotiating TLSv1.1 or earlier.
- DTLS: Fixed server support for client_certificate_type extension.
- Cipher.unwrap() for HQC could fail due to a miscalculation of
the length of the KEM packet. This has been fixed.
- There was exposure to a Java 7 method in the Java 5 to Java 8
BCTLS jar which could cause issues with some TLS 1.2 cipher
suites running on older JVMs. This is now fixed.
* Additional Features and Functionality:
- BCJSSE: Following OpenJDK, finalizers have been removed from
SSLSocket subclasses. Applications should close sockets and
not rely on garbage collection.
- BCJSSE: Added support for boolean system property
"jdk.tls.client.useCompatibilityMode" (default "true").
- DTLS: Added server support for session resumption.
- JcaPKCS10CertificationRequest will now work with EC on the
OpenJDK provider.
- TimeStamp generation now supports the SHA3 algorithm set.
- The SPHINCS+ simple parameters are now fully supported in the
BCPQC provider.
- Kyber, Classic McEliece, HQC, and Bike now supported by the
CRMF/CMS/CMP APIs.
- Builder classes have been add for PGP ASCII Armored streams
allowing CRCs and versions to now be optional.
Fridrich Strba (fstrba)
accepted
request 1114358
from
Fridrich Strba (fstrba)
(revision 98)
javapackages >= 6
buildservice-autocommit
accepted
request 1094295
from
Fridrich Strba (fstrba)
(revision 97)
Fridrich Strba (fstrba)
(revision 97)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 96)
Fridrich Strba (fstrba)
accepted
request 1094146
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 95)
- Update to version 1.74: [bsc#1212508, CVE-2023-33201]
* Defects Fixed:
- AsconEngine: Fixed a buffering bug when decrypting across
multiple processBytes calls (ascon128a unaffected).
- Context based sanity checking on PGP signatures has been added.
- The ParallelHash clone constructor was not copying all fields.
- The maximimum number of blocks for CTR/SIC modes was 1 block
less than it should have been.
* Additional Features and Functionality:
- The PGP API now supports wildcard key IDs for public key
based data encryption.
- LMS now supports SHA256/192, SHAKE256/192, and SHAKE256/256
(the additional SP 8000-208 parameter sets).
- The PGP API now supports V5 and V6 AEAD encryption for
encrypted data packets.
- The PGP examples have been updated to reflect key size and algorithm
changes that have occurred since they were first written (10+ years...).
- (D)TLS: A new callback 'TlsPeer.notifyConnectionClosed' will be called
when the connection is closed (including by failure).
- BCJSSE: Improved logging of connection events and include unique IDs
in connection-specific log messages.
- BCJSSE: Server now logs the offered cipher suites when it fails to
select one.
- BCJSSE: Added support for SSLParameters namedGroups and
signatureSchemes properties (can also be used via BCJSSE
extension API in earlier Java versions).
- DTLS: The initial handshake re-send time is now configurable by
overriding 'TlsPeer.getHandshakeResendTimeMillis'.
- DTLS: Added support for connection IDs per RFC 9146.
- DTLS: Performance of DTLSVerifier has been improved so that it can
Fridrich Strba (fstrba)
committed
(revision 94)
buildservice-autocommit
accepted
request 1082727
from
Fridrich Strba (fstrba)
(revision 93)
Fridrich Strba (fstrba)
(revision 93)
baserev update by copy to link target
Fridrich Strba (fstrba)
accepted
request 1082715
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 92)
- Update to version 1.73:
* Defects Fixed:
- BCJSSE: Instantiating a JSSE provider in some contexts could
cause an AccessControl exception.
- The EC key pair generator can generate out of range private
keys when used with SM2. A specific SM2KeyPairGenerator has
been added to the low-level API and is used by
KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has
been updated to check for out of range keys as well..
- The attached signature type byte was still present in Falcon
signatures as well as the detached signature byte.
- There was an off-by-one error in engineGetOutputSize() for ECIES.
- The method for invoking read() internally in BCPGInputStream
could result in inconsistent behaviour if the class was extended.
- Fixed a rounding issue with FF1 Format Preserving Encryption
algorithm for certain radices.
- Fixed RFC3394WrapEngine handling of 64 bit keys.
- Internal buffer for blake2sp was too small and could result in
an ArrayIndexOutOfBoundsException.
- JCA PSS Signatures using SHAKE128 and SHAKE256 now support
encoding of algorithm parameters.
- PKCS10CertificationRequest now checks for empty extension
parameters.
- Parsing errors in the processing of PGP Armored Data now throw
an explicit exception ArmoredInputException.
- PGP AEAD streams could occassionally be truncated.
- The ESTService class now supports processing of chunked HTTP data.
- A constructed ASN.1 OCTET STRING with a single member would
sometimes be re-encoded as a definite-length OCTET STRING. The
encoding has been adjusted to preserve the BER status of the object.
Fridrich Strba (fstrba)
committed
(revision 91)
Fridrich Strba (fstrba)
committed
(revision 90)
buildservice-autocommit
accepted
request 1031120
from
Fridrich Strba (fstrba)
(revision 89)
Fridrich Strba (fstrba)
(revision 89)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 88)
Fridrich Strba (fstrba)
accepted
request 1030002
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 87)
- Update to version 1.72:
* Defects Fixed:
- There were parameter errors in XMSS^MT OIDs for
XMSSMT_SHA2_40/4_256 and XMSSMT_SHA2_60/3_256. These have
been fixed.
- There was an error in Merkle tree construction for the
Evidence Records (ERS) implementation which could result in
invalid roots been timestamped. ERS now produces an
ArchiveTimeStamp for each data object/group with an associated
reduced hash tree. The reduced hash tree is now calculated as
a simple path to the root of the tree for each record.
- OpenPGP will now ignore signatures marked as non-exportable
on encoding.
- A tagging calculation error in GCMSIV which could result in
incorrect tags has been fixed.
- Issues around Java 17 which could result in failing tests
have been addressed.
* Additional Features and Functionality:
- BCJSSE: TLS 1.3 is now enabled by default where no explicit
protocols are supplied (e.g. "TLS" or "Default" SSLContext
algorithms, or SSLContext.getDefault() method).
- BCJSSE: Rewrite SSLEngine implementation to improve compatibility
with SunJSSE.
- BCJSSE: Support export of keying material via extension API.
- (D)TLS: Add support for 'tls-exporter' channel binding per RFC 9266.
- (D)TLS (low-level API): By default, only (D)TLS 1.2 and TLS 1.3 are
offered now. Earlier versions are still supported if explicitly
enabled. Users may need to check they are offering suitable
cipher suites for TLS 1.3.
- (D)TLS (low-level API): Add support for raw public keys per RFC 7250.
buildservice-autocommit
accepted
request 978876
from
Fridrich Strba (fstrba)
(revision 86)
Fridrich Strba (fstrba)
(revision 86)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 85)
buildservice-autocommit
accepted
request 973708
from
Fridrich Strba (fstrba)
(revision 84)
Fridrich Strba (fstrba)
(revision 84)
baserev update by copy to link target
Fridrich Strba (fstrba)
committed
(revision 83)
Displaying revisions 1 - 20 of 102
