Details
-
Task
-
Resolution: Fixed
-
Major
-
9.11
-
None
Description
See https://www.bouncycastle.org/releasenotes.html
2.1.2 Defects Fixed
Issues with using PQC based keys with the provided BC KeyStores have now been fixed.
ECGOST-2012 public keys were being encoded with the wrong OID for the digest parameter in the algorithm parameter set. This has been fixed.
SM3 has now been added as an acceptable algorithm for TSP timestamps.
SM2 signatures were using the wrong default identity value. This has now been fixed.
An edge condition in Blake2b for hashes on data with a length in the range of 2**64 - 127 to 2**64 has been identifed and fixed.
The ISO Trailer for SHA512/256 used in X9.31 and ISO9796-2 signatures was incorrect. This has been fixed.
The BCJSSE SSLEngine implementation now correctly wraps/unwraps application data only in whole records.
The curve parameters for tc26_gost_3410_12_256_paramSetA were incorrect. These have been fixed.
Further work has been done to try and prevent escaping exceptions on opening random files as BCFKS files or PKCS#12 files.
An off-by-one error for the max N check for SCRYPT has been fixed. SCRYPT should now be compliant with RFC 7914.
ASN1GeneralizedTime will now accept a broader range of input strings.
2.1.3 Additional Features and Functionality
GOST3410-94 private keys encoded using ASN.1 INTEGER are now accepted in private key info objects.
SCRYPT is now supported as a SecretKeyFactory in the provider and in the PKCS8 APIs
The BCJSSE provider now supports session resumption in clients.
The BCJSSE provider now supports Server Name Indication.
The BCJSSE provider now supports the jdk.tls.namedGroups system property.
The BCJSSE provider now supports the org.bouncycastle.jsse.ec.disableChar2 system property, which optionally disables the use of characteristic-2 elliptic curves.
EC key generation and signing now use cache-timing resistant table lookups.
Performance of the DSTU algorithms has been greatly improved.
Support has been added for generating certificates and signatures in the PKIX API using SHA-3 based digests.
Further work has been done on improving SHA-3 performance.
The organizationIdentifier (2.5.4.97) attribute has been added to BCStyle.
GOST3412-2015 has been added to the JCE provider and the lightweight API.
The Blake2s message digest has been added to the provider and the lightweight API.
Unified Cofactor Diffie-Hellman (ECCDHU) is now supported for EC in the JCE and the lightweight API.
A DEROtherInfo generator for key agreement using NewHope as the source of the shared private info has been added that can be used in conjunction with regular key agreement algorithms.
2.1.4 Security Related Changes and CVE's Addressed by this Release
CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.