We have released new versions of our IAIK-JCE, IAIK-ECCelerate™ and PKCS#11 Wrapper libraries.
IAIK-JCE 5.61 implements blinding for DSA signature calculation as countermeasure against timing attacks. If you are using DSA we recommend to upgrade to the new version of IAIK-JCE. However, please note that the usage of DSA is deprecated by major standard protocols like TLS. Thus you should think about switching to the Elliptic Curve variant of the Digital Signature Algorithm, ECDSA (or EdDSA) supported by our Elliptic Curve Library, ECCelerate™.
IAIK-ECCelerate™ 6.02 implements a workaround to solve a TLS signature algorithm selection issue with the Java Secure Socket Extension. JSSE does not choose the curve in fully JCA provider independent way. This may cause the handshake to fail (JDK 11.0.7) or to use a weaker signature algorithm (ecdsa_sha1 instead of ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384 or ecdsa_secp521r1_sha512) than possible.
IAIK PKCS#11 Wrapper 1.6.1 fixes some issues in the native part.
Please have a look at the product pages of IAIK-JCE, IAIK-ECCelerate and IAIK PKCS#11 Wrapper:
Please visit our download center to get the new versions.
Kind regards and Stay well in these days!
Your SIC/IAIK Java Security Team!