Fedora 15 Update: bouncycastle-mail-1.46-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Mon Mar 21 03:29:39 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2627
2011-03-04 09:41:54
--------------------------------------------------------------------------------

Name        : bouncycastle-mail
Product     : Fedora 15
Version     : 1.46
Release     : 1.fc15
URL         : http://www.bouncycastle.org/
Summary     : S/MIME and CMS libraries for Bouncy Castle
Description :
Bouncy Castle consists of a lightweight cryptography API and is a provider
for the Java Cryptography Extension and the Java Cryptography Architecture.
This library package offers additional classes, in particuar
generators/processors for S/MIME and CMS, for Bouncy Castle.

--------------------------------------------------------------------------------
Update Information:

Defects Fixed

    * An edge condition in ECDSA which could result in an invalid signature has been fixed.
    * Exhaustive testing has been performed on the ASN.1 parser, eliminating another potential OutOfMemoryException and several escaping run time exceptions.
    * BC generated certificates generated different hashCodes from other equivalent implementations. This has been fixed.
    * Parsing an ESSCertIDv2 would fail if the object did not include an IssuerSerialNumber. This has been fixed.
    * DERGeneralizedTime.getDate() would produce incorrect results for fractional seconds. This has been fixed.
    * PSSSigner would produce incorrect results if the MGF digest and content digest were not the same. This has been fixed.

Additional Features and Functionality

    * A null genTime can be passed to TimeStampResponseGenerator.generate() to generate timeNotAvailable error responses.
    * Support has been added for reading and writing of openssl PKCS#8 encrypted keys.
    * New streams have been added for supporting general creation of PEM data, and allowing for estimation of output size on generation. Generators have been added for some of the standard OpenSSL objects.
    * CRL searching for CertPath validation now supports the optional algorithm given in Section 6.3.3 of RFC 5280, allowing the latest CRL to be used for a set time providing the certificate is unexpired.
    * AES-CMAC and DESede-CMAC have been added to the JCE provider.
    * Support for CRMF (RFC 4211) and CMP (RFC 4210) has been added.
    * BufferedBlockCipher will now always reset after a doFinal().
    * Support for CMS TimeStampedData (RFC 5544) has been added.
    * JCE EC keypairs are now serialisable.
    * TLS now supports client-side authentication.
    * TLS now supports compression.
    * TLS now supports ECC cipher suites (RFC 4492).
    * PGP public subkeys can now be separately decoded and encoded.
    * An IV can now be passed to an ISO9797Alg3Mac.

Other notes

Baring security patches we expect 1.46 will be the last of the 1.* releases. The next release of BC will be version 2.0. For this reason a lot of things in 1.46 that relate to CMS have been deprecated and new methods have been added to the CMS and certificate handling APIs which provide greater flexibility in how digest and signature algorithms get used. It is now possible to use the lightweight API or a simple custom API with CMS and for certificate generation. In addition a lot of methods and some classes that were deprecated for reasons of been confusing, or in some cases just plan wrong, have been removed.

So there are four things useful to know about this release:

    * It's not a simple drop in like previous releases, if you wish migrate to it you will need to recompile your application.
    * If you avoid deprecated methods it should be relatively painless to move to version 2.0
    * The X509Name class will utlimately be replaced with the X500Name class, the getInstance() methods on both these classes allow conversion from one type to another.
    * The org.bouncycastle.cms.RecipientId class now has a collection of subclasses to allow for more specific recipient matching. If you are creating your own recipient ids you should use the constructors for the subclasses rather than relying on the set methods inherited from X509CertSelector. The dependencies on X509CertSelector and CertStore will be removed from the version 2 CMS API.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #663136 - bouncycastle 1.45 incompatible with openssl 1.0.
        https://bugzilla.redhat.com/show_bug.cgi?id=663136
  [ 2 ] Bug #680103 - bouncycastle-1.46 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=680103
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update bouncycastle-mail' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list