Release v5.4.2

Full Changelog: v5.4.1...v5.4.2

Release v4.7.0

This release features many improvements over the v4.6.x series:

Features:

• Support for javax.net.ssl interfaces, including SSLContext, SSLEngine, and SSLSocket,
• Support for loading JSS via the java.security provider list,
• Support for newer NSS versions which replace _NETSCAPE_ PKCS#11 constants with _NSS_ versions,
• Support for RSA/PSS signatures (thanks @jmagne!),
• Additional support for TrustManagers and KeyManagers.

Bug fixes:

• Various memory leak fixes (thanks @ZuluForce!),
• Stable ordering of extensions in a netscape.security certificate (thanks @ladycfu!),
• Fix various issues with Base64 decoding related to removal of the apache-commons-codec dependency,

Thank you to everyone who contributed to this release!

Release v4.6.4

This release features improvements over v4.6.3:

• Fixed base-64 encoding of CSRs
• Fixed PBE handling
• Detect broken NSS versions with partial CMAC support
• Fix NativeProxy memory leaks present since v4.6.2

Thanks to everyone who contributed to this release!

Signed-off-by: Alexander Scheel <[email protected]>

Release v4.4.9

This features two improvements over JSS v4.4.8:

• Change to dynamic-first libjss4.so linking, mirroring the behavior of
  later JSS releases, and
• Introduces RSA-PSS signature support.

Thanks to Jack Magne for the latter!

Release v4.6.3

This version of JSS has a few enhancements over v4.6.2:

• Support for NIST SP800-108 KBKDF
• Various enhancements towards a SSLEngine implementation
• Modernized exception constructors
• Various reductions in memory leaks (with thanks to Code42)
• Introduce jss.crypto.Policy to reflect local system crypto-policies.
  This allows callers of JSS to inquiry about, e.g., minimum RSA key
  sizes independent of platform.
• Various enhancements to the build system

Note that this version of JSS is incompatible with NSS versions between
v3.47 and v3.50 inclusive. This is because moz-bz#1570501 introduced a
bug that wasn't caught and fixed until moz-bz#1611209. NSS versions
v3.46 and earlier will work but lack CMAC and KBKDF support, and NSS
versions v3.51 and later will work and have CMAC and KBKDF support.

Note that this means the value of PKCS11Constants.CKM_AES_CMAC and
CKM_AES_CMAC_GENERAL have also changed and thus differ from v4.6.2.
This also means that JSS v4.6.2 may not be compatible with NSS versions
after v3.50.

Thanks to everyone who contributed to this release!

JSS v4.5.4

Release v4.5.4

This version of JSS has a security fix:

• CVE-2019-14823: Fix root certificate validation when using Leaf and
  Chain OCSP mode. Note that unlike the v4.6.x or v4.4.x series, the
  previous v4.5.3 release was not impacted.

This version of JSS also has a few enhancements over v4.5.3:

• Backporting @Dessa's JUnit CMake typo fix
• Adding HSM support for PKCS#11 AES KeyWrap/Padding (by @ladycfu)
• OCSP checking for leaf and chain (by @jmagne)

Thanks to all who contributed to this release!

JSS v4.4.8

This version of JSS has a security fix:

• CVE-2019-14823: Fix root certificate validation when using Leaf and Chain OCSP mode.

No other changes have been made since v4.4.7.

JSS v4.6.2

Release v4.6.2

This version of JSS has a security fix:

• CVE-2019-14823: Fix root certificate validation when using Leaf and Chain OCSP mode

This version of JSS also has a few enhancements over v4.6.1:

• Fixing JSS internal deprecation warnings by @emaldona
• Fixing javadoc builds by @stanislavlevin
• Introduce a new InitializationValue, installJSSProviderFirst, to support favoring other cryptographic providers.
• Add support for CMAC as a Mac algorithm from JSSProvider; note that this requires JSS to be compiled with a NSS release which also supports CMAC (3.47+).
• Various improvements to the Key APIs.

Thanks to everyone who contributed to this release!

JSS v4.6.1

This version of JSS has a few enhancements over v4.6.0:

• Fixed LD_FLAG handling,
• Extensions to the unfinished org.mozilla.jss.nss interface,
• Better handling of uncleared passwords (by @edewata),
• Better test handling in FIPS mode,
• Changes to SymmetricKey and HMAC handling,
• Fix typo in JUnit CMake variable (by @Dessa).

Thanks to everyone who contributed to this release!

JSS v4.4.7

This release features HSM support for the PKCS#11 AES KeyWrap/Padding mechanism. Also in this release are several minor fixes to OCSP handling in the SSLSocket code.