2.1.2 Defects Fixed
Base64/UrlBase64 would throw an exception on a zero length string. This has been fixed.
Base64/UrlBase64 would throw an exception if there was whitespace in the last 4 characters. This has been fixed.
The SM2 Signature JCE class now properly resets of Signature.sign() is called.
XMSS applies further validation to deserialisation of the BDS tree so that failure occurs as soon as tampering is detected (see CVE below).
An off by one error in the JsseDefaultHostnameAuthorizer isValidNameMatch method has been fixed.
BCJSSE: Return empty byte array instead of null, for the null session ID.
If a checksum calculator was passed to a PGPSecretKey constructor, but the encryptor was set to null, the wrong checksum would be calculated for the S2K usage. This has been fixed.
The CRMF EncryptedValue, when containing a private key, held an encoding of an EncryptedPrivateKeyInfo, rather than just the encrypted bytes. This has been fixed.
EC point precomputations could fail due to race conditions in concurrent settings. Point precomputation was reworked to fix this.
PGP key rings containing EdDSA signatures would cause an exception on parsing. This has been fixed.
BCJSSE: a mixed case error for brainpool curves in the supported groups set has been fixed.
getVersion() on the CRMF CertTemplate class could cause a null pointer exception if the optional version field was left out. This has been fixed.
Use of a short buffer with RSA via the JCE could result in an escaping ArrayIndexOutOfBoundsException. This has been fixed so that a ShortBufferException is now thrown.
SM2Engine.decrypt() ignored the offset parameter and assumed zero. This has been fixed.
A PEM encoded TRUSTED CERTIFICATE missing a trust block would result in a NullPointerException. This has been fixed.
If the Sun provider was removed entirely the BC SecureRandom was unable to seed and caused an InstantiationException. A back up seeding strategy has been added to prevent this.
In some situations the use of sm2p256v1 would result in "unknown curve name". This has been fixed.
CMP PollReqContent now supports multiple certificate request IDs.
2.1.3 Additional Features and Functionality
TLS: Extended CBC padding is now optional (and disabled by default).
TLS: Now supports channel binding 'tls-server-end-point'.
TLS: InterruptedIOException (e.g. socket timeout) during app-data reads no longer fails connection; handshake is optionally resumable after IIOE using 'TlsProtocol.setResumableHandshake()'.
TLS: Added utility methods and constants for ALPN (RFC 7301).
BCJSSE: Now supports system property 'jdk.tls.client.protocols'
BCJSSE: Now supports SSLParameters.setSNIMatchers.
BCJSSE: SNI can now be used in earlier JDKs via BC extensions.
BCJSSE: Session context now holds sessions via soft references.
An implementation of CryptoServicesRegistrar has been added to allow configuring of DSA/DH parameters and global setting of the SecureRandom used in the APIs.
Support has been added for the Unified Model of key agreement for both regular Diffie-Hellman and ECCDH.
Standard key-wrapping ciphers can now be used for wrapping other data where the cipher supports it.
BCFKS can now support the use of generalised wrapping algorithms.
A parser has now been added for the GNU keybox file format. The GPG SExpr parser now covers a wider range of key types.
PGP EC operations now support more than just NIST curves.
Restrictions on the output sizes of the Blake2b/s digests in the lightweight API have been removed.
The Whirlpool digest OID has been added to its corresponding mappings for the JCA.
Support has been added for SHA-3 based signatures to the CMS API.
Support has been added to the CMS API for the generation of ECGOST key transport messages.
The ECElGamalEncryptor now supports the use of ECGOST curves.
The number of signature subpackets in OpenPGP signatures that are converted into explicit types automatically has been increased.
RFC 8032: Added low-level implementations of Ed25519 and Ed448.
The provider jars now include a services entry for the 2 providers they hold.
Support has been added for the German BSI KAEG Elliptic Curve key agreement algorithm with X9.63 as the KDF to the JCE.
Support has been added for the German BSI KAEG Elliptic Curve session key KDF to the lightweight API.
2.1.4 Security Related Changes and CVE's Addressed by this Release
CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.
CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.