Releases: Tencent/TencentKonaSMSuite
Tencent Kona SM Suite 1.0.16
Features
SM2 cipher implementation based on OpenSSL
SM2 signature based on OpenSSL
SM2 keyAgreement implementation based on OpenSSL
Provide one-shot native crypto implementations
Upgrade OpenSSL version to 3.4.0
Bugs
SM2 cipher would not encrypt empty message
SM2Engine:checkInputBound should check len rather input.length
Need to free EVP_MAC
The pointer of the closed NativeRef should be 0
Remove unnecessary OpenSSL header files
No need KONA_GOOD and KONA_BAD
Remove NativeMAC
Not re-create NativeSM4 instance after doFinal
Need to re-create NativeSM4.SM4GCM instance when opmode is changed
Native SymmetricCipher should add method updateAAD
Native SM4Crypt init should reset parameters at first
Native SM3HMac engineUpdate should check parameters
Tencent Kona SM Suite 1.0.15
Features
Implements a function converting byte array to hex for native crypto
Bugs
NativeCrypto::sm2GenKeyPair would not use fixed public key length
Simplify provider initialization
It would not depend on other providers
Tencent Kona SM Suite 1.0.14
Features
SM3 and SM3HMAC implementations based on OpenSSL
Enhance SM3 engine performance
SM4 implementation based on OpenSSL
SM2 key generator implementation based on OpenSSL
Vulnerabilities
JDK-8307383: Enhance DTLS connections
Tencent Kona SM Suite 1.0.13
Bugs
Improve KeyStoreTool usage hint
SM2EPossession should use the provided secure random
Remove SSLUtils::getECKeyPairGenerator
Remove key generator TlsRsaPremasterSecret
JDK-8334670: SSLSocketOutputRecord buffer miscalculation
Tencent Kona SM Suite 1.0.12
Vulnerabilities
Improve RSA key implementations
Bugs
SharedSecretsUtil is not flexible
Constants should not depend on CryptoUtils
KonaSSLProvider should not define TlcpKeyMaterial
SM2E key exchange should not call SM2PublicKey directly
TLCP should not be restricted by the named group and signature scheme constraints
Better certificate key usage checking on TLCP
Tencent Kona SM Suite 1.0.11
Vulnerabilities
JDK-8308204: Enhanced certificate processing
Bugs
EC infinite point is not (0, 0)
Re-implement SM3HMac with HmacCore
SM2 public key should start with 0x04
Enhance SM2PrivateKey and SM2PublicKey
SM2KeyAgreement instance should allow to be reused after re-init
SM2KeyAgreement should check peer public key
SM2 private key would not be order - 1
Remove SM4KeySpec
Rewrite SM2KeyPairGenerator with ECKeyPairGenerator
SM2KeyAgreementParamSpec should check ID length
SM2KeyAgreement should check private key
KonaCrypto should not support RSA and RSASSA-PSS
Use default ID value directly
Enhance store entry cache in PKCS12KeyStore
PKCS12KeyStore should clear storeEntryCache
Tencent Kona SM Suite 1.0.10
Vulnerabilities
CVE-2023-22081/JDK-8309966: Enhanced TLS connections
JDK-8286503: Enhance security classes
Bugs
The key in PBEKey should be cleaned
SM2Ciphertext should check uncompressed flag
No need to counter chosen-plaintext issue on TLCP
Use HmacSM3 as the standard name for SM3 HMAC algorithm
SM3MessageDigest must check the input bounds
SM3 HMAC supports clone
Deprecate SM4KeySpec
SM2 cipher should accept empty input
Declare SM3withSM2 as an alias of SM2 signature
AlgorithmParameterSpecs would not depend on internal Keys
SM2KeyAgreementParamSpec should not expose fields directly
SM2 KeySpecs should not copy a part of a byte array as keys
Tencent Kona SM Suite 1.0.9
Features
PKCS#12 keystore supports PBEWithHmacSM3AndSM4 and HmacPBESM3
KeyTool for creating generating key pairs, certificates and keystores with ShangMi algorithms
KeyStoreTool for adding the existing private keys and certificates to keystores
Enhance SM3 performance
Enhance SM4-CTR performance
Bugs
Enable useSharedSecrets by default on JDK 8
Tencent Kona SM Suite 1.0.8
Features
Enhance SM4-GCM performance with precomputed tables
Vulnerabilities
CVE-2023-21930/JDK-8294474: Better AES support
CVE-2023-21967/JDK-8298310: Enhance TLS session negotiation
Tencent Kona SM Suite 1.0.7.1
Bugs
SM2 decryption would raise BadPaddingException on invalid public key