<div class="container">
    <h1>Recommended update for bouncycastle</h1>

    <table class="table table-striped table-bordered">
        <tbody>
        <tr>
            <th>Announcement ID:</th>
            <td>SUSE-RU-2023:2300-1</td>
        </tr>
        
        <tr>
            <th>Rating:</th>
            <td>moderate</td>
        </tr>
        <tr>
            <th>References:</th>
            <td>
                <ul>
                    
                </ul>
            </td>
        </tr>
        
        <tr>
            <th>Affected Products:</th>
            <td>
                <ul class="list-group">
                    
                        <li class="list-group-item">Development Tools Module 15-SP4</li>
                    
                        <li class="list-group-item">openSUSE Leap 15.4</li>
                    
                        <li class="list-group-item">SUSE Enterprise Storage 7</li>
                    
                        <li class="list-group-item">SUSE Enterprise Storage 7.1</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP4</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing 15 SP4</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise High Performance Computing LTSS 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP4</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP2</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server 15 SP4</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP2</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP3</li>
                    
                        <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP4</li>
                    
                        <li class="list-group-item">SUSE Manager Proxy 4.3</li>
                    
                        <li class="list-group-item">SUSE Manager Retail Branch Server 4.3</li>
                    
                        <li class="list-group-item">SUSE Manager Server 4.3</li>
                    
                </ul>
            </td>
        </tr>
        </tbody>
    </table>

    <p>An update that  can now be installed.</p>

    <h2>Description:</h2>
    <p>This update for bouncycastle fixes the following issues:</p>
<p>bouncycastle was updated to version 1.73:</p>
<ul>
<li>
<p>Defects Fixed:</p>
</li>
<li>
<p>BCJSSE: Instantiating a JSSE provider in some contexts could
    cause an AccessControl exception.</p>
</li>
<li>The EC key pair generator can generate out of range private
    keys when used with SM2. A specific SM2KeyPairGenerator has
    been added to the low-level API and is used by
    KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has
    been updated to check for out of range keys as well..</li>
<li>The attached signature type byte was still present in Falcon
    signatures as well as the detached signature byte.</li>
<li>There was an off-by-one error in engineGetOutputSize() for ECIES.</li>
<li>The method for invoking read() internally in BCPGInputStream
    could result in inconsistent behaviour if the class was extended.</li>
<li>Fixed a rounding issue with FF1 Format Preserving Encryption
    algorithm for certain radices.</li>
<li>Fixed RFC3394WrapEngine handling of 64 bit keys.</li>
<li>Internal buffer for blake2sp was too small and could result in
    an ArrayIndexOutOfBoundsException.</li>
<li>JCA PSS Signatures using SHAKE128 and SHAKE256 now support
    encoding of algorithm parameters.</li>
<li>PKCS10CertificationRequest now checks for empty extension
    parameters.</li>
<li>Parsing errors in the processing of PGP Armored Data now throw
    an explicit exception ArmoredInputException.</li>
<li>PGP AEAD streams could occassionally be truncated.</li>
<li>The ESTService class now supports processing of chunked HTTP data.</li>
<li>A constructed ASN.1 OCTET STRING with a single member would
    sometimes be re-encoded as a definite-length OCTET STRING. The
    encoding has been adjusted to preserve the BER status of the object.</li>
<li>PKIXCertPathReviewer could fail if the trust anchor was also
    included in the certificate store being used for path analysis.</li>
<li>UTF-8 parsing of an array range ignored the provided length.</li>
<li>IPAddress has been written to provide stricter checking and
    avoid the use of Integer.parseInt().</li>
<li>
<p>A Java 7 class snuck into the Java 5 to Java 8 build.</p>
</li>
<li>
<p>Additional Features and Functionality:</p>
</li>
<li>
<p>The Rainbow NIST Post Quantum Round-3 Candidate has been added to
    the low-level API and the BCPQC provider (level 3 and level 5
    parameter sets only).</p>
</li>
<li>The GeMSS NIST Post Quantum Round-3 Candidate has been added to
    the low-level API.</li>
<li>The org.bouncycastle.rsa.max_mr_tests property check has been
    added to allow capping of MR tests done on RSA moduli.</li>
<li>Significant performance improvements in PQC algorithms,
    especially BIKE, CMCE, Frodo, HQC, Picnic.</li>
<li>EdDSA verification now conforms to the recommendations of Taming
    the many EdDSAs, in particular cofactored verification. As a side
    benefit, Pornin&#x27;s basis reduction is now used for EdDSA
    verification, giving a significant performance boost.</li>
<li>Major performance improvements for Anomalous Binary (Koblitz) Curves.</li>
<li>The lightweight Cryptography finalists Ascon, ISAP, Elephant,
    PhotonBeetle, Sparkle, and Xoodyak have been added to the
    light-weight cryptography API.</li>
<li>BLAKE2bp and BLAKE2sp have been added to the light-weight
    cryptography API.</li>
<li>Support has been added for X.509, Section 9.8, hybrid certificates
    and CRLs using alternate public keys and alternate signatures.</li>
<li>The property "org.bouncycastle.emulate.oracle" has been added to
    signal the provider should return algorithm names on some algorithms
    in the same manner as the Oracle JCE provider.</li>
<li>An extra replaceSigners method has been added to CMSSignedData
    which allows for specifying the digest algorithm IDs to be used
    in the new CMSSignedData object.</li>
<li>Parsing and re-encoding of ASN.1 PEM data has been further
    optimized to prevent unecessary conversions between basic encoding,
    definite length, and DER.</li>
<li>Support has been added for KEM ciphers in CMS in accordance with
    draft-ietf-lamps-cms-kemri</li>
<li>Support has been added for certEncr in CRMF to allow issuing of
    certificates for KEM public keys.</li>
<li>Further speedups have been made to CRC24.</li>
<li>GCMParameterSpec constructor caching has been added to improve
    performance for JVMs that have the class available.</li>
<li>The PGPEncrytedDataGenerator now supports injecting the session
    key to be used for PGP PBE encrypted data.</li>
<li>The CRMF CertificateRequestMessageBuilder now supports optional
    attributes.</li>
<li>Improvements to the s calculation in JPAKE.</li>
<li>A general purpose PQCOtherInfoGenerator has been added which
    supports all Kyber and NTRU.</li>
<li>
<p>An implementation of HPKE (RFC 9180 - Hybrid Public Key
    Encryption) has been added to the light-weight cryptography API.</p>
</li>
<li>
<p>Security Advisories:</p>
</li>
<li>
<p>The PQC implementations have now been subject to formal review for
    secret leakage and side channels, there were issues in BIKE, Falcon,
    Frodo, HQC which have now been fixed. Some weak positives also
    showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last
    set has been ignored as the algorithms will either be updated if
    they reappear in the Signature Round, or deleted, as is already the
    case for SIKE (it is now in the legacy package). Details on the
    group responsible for the testing can be found in the CONTRIBUTORS
    file.</p>
</li>
<li>For at least some ECIES variants (e.g. when using CBC) there is
    an issue with potential malleability of a nonce (implying silent
    malleability of the plaintext) that must be sent alongside the
    ciphertext but is outside the IES integrity check. For this reason
    the automatic generation of nonces with IED is now disabled and
    they have to be passed in using an IESParameterSpec. The current
    advice is to agree on a nonce between parties and then rely on the
    use of the ephemeral key component to allow the nonce (rather the
    so called nonce) usage to be extended.</li>
</ul>

    

    <h2>Patch Instructions:</h2>
    <p>
        To install this SUSE Moderate update use the SUSE recommended
        installation methods like YaST online_update or "zypper patch".<br/>

        Alternatively you can run the command listed for your product:
    </p>
    <ul class="list-group">
        
            <li class="list-group-item">
                openSUSE Leap 15.4
                
                    
                        <br/>
                        <code>zypper in -t patch openSUSE-SLE-15.4-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                Development Tools Module 15-SP4
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Real Time 15 SP3
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server for SAP Applications 15 SP2
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Linux Enterprise Server for SAP Applications 15 SP3
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Enterprise Storage 7.1
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-Storage-7.1-2023-2300=1</code>
                    
                    
                
            </li>
        
            <li class="list-group-item">
                SUSE Enterprise Storage 7
                
                    
                        <br/>
                        <code>zypper in -t patch SUSE-Storage-7-2023-2300=1</code>
                    
                    
                
            </li>
        
    </ul>

    <h2>Package List:</h2>
    <ul>
        
            
                <li>
                    openSUSE Leap 15.4 (noarch)
                    <ul>
                        
                            <li>bouncycastle-mail-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-javadoc-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-tls-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    Development Tools Module 15-SP4 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Real Time 15 SP3 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Enterprise Storage 7.1 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
            
                <li>
                    SUSE Enterprise Storage 7 (noarch)
                    <ul>
                        
                            <li>bouncycastle-pkix-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-util-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-1.73-150200.3.15.1</li>
                        
                            <li>bouncycastle-pg-1.73-150200.3.15.1</li>
                        
                    </ul>
                </li>
            
        
    </ul>

    
</div>