Details
-
Task
-
Resolution: Fixed
-
Major
-
7.4
-
None
Description
See https://www.bouncycastle.org/latest_releases.html
This is primarily a security release concerning (D)TLS 1.2. Motivated by CVE-2015-7575, we have added validation that the signature algorithm received in DigitallySigned structures is actually one of those offered (in signature_algorithms extension or CertificateRequest). With our default TLS configuration, we do not believe there is an exploitable vulnerability in any earlier releases. Users that are customizing the signature_algorithms extension, or running a server supporting client authentication, are advised to double-check that they are not offering any signature algorithms involving MD5. In terms of new features, the CMS API now supports the PKCS#7 ANY type for encapsulated content, RFC 3370, Camellia, and SEED are now supported for key agreement in CMS, and CTR/SIC modes now provide an explicit internal counter if initialised with a short IV. TLS/DTLS now includes a non-blocking API. The Blake2b digests are now actually supported in the provider (sorry, it got missed in 1.53...) and ClassCastException issues with Cipher.getOutputSize() for IES ciphers have been fixed. Finally, in accordance with advice from the algorithm's authors, Serpent has been modified to conform to the NESSIE vector suite, the previous version of Serpent, which conforms to the NIST submission format, is now called Tnepres. Further details on other additions and bug fixes can be found in the release notes file accompanying the release. Change Warning (users of 1.52 or earlier): The PEM Parser now returns an X509TrustedCertificate block when parsing an openssl trusted certificate, the new object was required to allow the proper return of the trusted certificate's attribute block. Please also see the porting guide for advice on porting to this release from much earlier ones (release 1.45 or earlier).