We have released new versions of our IAIK-JCE and IAIK [CP]AdES libraries!
IAIK-JCE 5.60 introduces a “subsidiary” provider for the IAIK
provider as workaround for fixing a JDK JSSE MessageDigest Cloneable
bug. Some versions of JSSE (e.g. Java 11) may contain a bug (https://bugs.openjdk.java.net/browse/JDK-8214098)
that may cause a TLS handshake to fail with an
UnsupportedOperationException if a MessageDigest engine is used that
implements the Cloneable interface and is extended from the
java.security.MessageDigest class.
The IAIK-MD provider contains
MessageDigest engines for the message digest algorithms commonly used by
JSSE for TLS (“MD5”, “SHA”, “SHA-256”, “SHA-384”) by wrapping around
the corresponding MessageDigest implementations of the IAIK provider but
extending from the MessageDigestSpi class and therefore allows to use
the IAIK provider with affected JSSE versions when installing
thisIAIK-MD provider as first provider in front of the IAIK provider:
Security.insertProviderAt(new IAIKMD(), 1); Security.insertProviderAt(new IAIK(), 2);
IAIK [CP]AdES 2.4 fixes a bug in the toASN1Object() method of class AtsHashIndexv3 to include the hashIndAlgorithm component in any case (even if SHA-256 is used) since the ASN.1 definition does not use a default value anymore:
ATSHashIndexV3 ::= SEQUENCE {
hashIndAlgorithm AlgorithmIdentifier,
certificatesHashIndex SEQUENCE OF OCTET STRING,
crlsHashIndex SEQUENCE OF OCTET STRING,
unsignedAttrValuesHashIndex SEQUENCE OF OCTET STRING
}
See the IAIK-JCE and IAIK [CP]AdES product pages for a detailed changes list and visit our download center to get the new version.
Kind regards,
Your SIC/IAIK Java Security Team!