Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

Author: dghgit

docs/releasenotes.html

@@ -21,17 +21,20 @@ <h2>2.0 Release History</h2>
 <a id="r1rv78"><h3>2.1.1 Version</h3></a>
 Release: 1.78<br/>
 Date:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; TBD
-<h3>2.1.3 Notes.</h3>
-<ul>
-<li>An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol) has been added as a new module.</li>
-</ul>
 <h3>2.1.2 Defects Fixed</h3>
 <ul>
 <li>Issues with a dangling weak reference causing intermittent NullPointerExceptions in the OcspCache have been fixed.</li>
 </ul>
-<h3>2.1.2 Notes.</h3>
+<h3>2.1.3 Additional Features and Functionality</h3>
+<ul>
+<li>An implementation of MLS (RFC 9420 - The Messaging Layer Security Protocol) has been added as a new module.</li>
+</ul>
+<h3>2.1.4 Notes.</h3>
 <ul>
 <li>Both versions of NTRUPrime have been updated to produce 256 bit secrets in line with Kyber. This should also bring them into line with other implementations such as those used in OpenSSH now.</li>
+<li>BCJSSE: The boolean system property 'org.bouncycastle.jsse.fips.allowRSAKeyExchange" now defaults to false. All RSA
+key exchange cipher suites will therefore be disabled when the BCJSSE provider is used in FIPS mode, unless this system
+property is explicitly set to true.</li>
 </ul>
 
 <a id="r1rv77"><h3>2.2.1 Version</h3></a>
@@ -65,7 +68,7 @@ <h3>2.2.3 Additional Features and Functionality</h3>
 <li>TLS: RSA key exchange cipher suites are now disabled by default.</li>
 <li>Support has been added for PKCS#10 requests to allow certificates using the altSignature/altPublicKey extensions.</li>
 </ul>
-<h3>2.2.3 Notes.</h3>
+<h3>2.2.4 Notes.</h3>
 <ul>
 <li>Kyber and Dilithium have been updated according to the latest draft of the standard. Dilithium-AES and Kyber-AES have now been removed. Kyber now produces 256 bit secrets for all parameter sets (in line with the draft standard).</li>
 <li>NTRU has been updated to produce 256 bit secrets in line with Kyber.</li>

tls/src/main/java/org/bouncycastle/tls/crypto/impl/bc/BcDefaultTlsCredentialedDecryptor.java

@@ -4,7 +4,6 @@
 
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
 import org.bouncycastle.crypto.params.RSAKeyParameters;
-import org.bouncycastle.crypto.tls.TlsRsaKeyExchange;
 import org.bouncycastle.tls.Certificate;
 import org.bouncycastle.tls.ProtocolVersion;
 import org.bouncycastle.tls.TlsCredentialedDecryptor;
@@ -79,9 +78,9 @@ protected TlsSecret safeDecryptPreMasterSecret(TlsCryptoParameters cryptoParams,
     {
         ProtocolVersion expectedVersion = cryptoParams.getRSAPreMasterSecretVersion();
 
-        byte[] M = TlsRsaKeyExchange.decryptPreMasterSecret(encryptedPreMasterSecret, rsaServerPrivateKey,
-            expectedVersion.getFullVersion(), crypto.getSecureRandom());
+        byte[] preMasterSecret = org.bouncycastle.crypto.tls.TlsRsaKeyExchange.decryptPreMasterSecret(
+            encryptedPreMasterSecret, rsaServerPrivateKey, expectedVersion.getFullVersion(), crypto.getSecureRandom());
 
-        return crypto.createSecret(M);
+        return crypto.createSecret(preMasterSecret);
     }
 }