[Git][java-team/bouncycastle][master] 3 commits: Fix CVE-2018-1000180.
Markus Koschany
gitlab at salsa.debian.org
Tue Jun 12 21:56:20 BST 2018
Markus Koschany pushed to branch master at Debian Java Maintainers / bouncycastle
Commits:
6affe849 by Markus Koschany at 2018-06-12T22:37:13+02:00
Fix CVE-2018-1000180.
Closes: #900843
Thanks: Salvatore Bonaccorso for the report.
- - - - -
755d444d by Markus Koschany at 2018-06-12T22:37:53+02:00
Declare compliance with Debian Policy 4.1.4.
- - - - -
77fe47a6 by Markus Koschany at 2018-06-12T22:47:00+02:00
Update changelog
- - - - -
5 changed files:
- debian/changelog
- debian/control
- + debian/patches/CVE-2018-1000180_part1.patch
- + debian/patches/CVE-2018-1000180_part2.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+bouncycastle (1.59-2) unstable; urgency=high
+
+ * Team upload.
+ * Fix CVE-2018-1000180.
+ Thanks to Salvatore Bonaccorso for the report. (Closes: #900843)
+ * Declare compliance with Debian Policy 4.1.4.
+
+ -- Markus Koschany <apo at debian.org> Tue, 12 Jun 2018 22:38:03 +0200
+
bouncycastle (1.59-1) unstable; urgency=medium
* Team upload.
=====================================
debian/control
=====================================
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Build-Depends: ant,
junit,
libmail-java,
maven-repo-helper
-Standards-Version: 4.1.3
+Standards-Version: 4.1.4
Vcs-Git: https://anonscm.debian.org/git/pkg-java/bouncycastle.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/bouncycastle.git
Homepage: http://www.bouncycastle.org
=====================================
debian/patches/CVE-2018-1000180_part1.patch
=====================================
--- /dev/null
+++ b/debian/patches/CVE-2018-1000180_part1.patch
@@ -0,0 +1,53 @@
+From 73780ac522b7795fc165630aba8d5f5729acc839 Mon Sep 17 00:00:00 2001
+From: David Hook <dgh at cryptoworkshop.com>
+Date: Thu, 19 Apr 2018 18:40:01 +1000
+Subject: [PATCH] BJA-694 cleaned up primality test
+
+---
+ .../org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+index f23f654b8..3dafea948 100644
+--- a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
++++ b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+@@ -20,12 +20,10 @@
+ private static final BigInteger ONE = BigInteger.valueOf(1);
+
+ private RSAKeyGenerationParameters param;
+- private int iterations;
+
+ public void init(KeyGenerationParameters param)
+ {
+ this.param = (RSAKeyGenerationParameters)param;
+- this.iterations = getNumberOfIterations(this.param.getStrength(), this.param.getCertainty());
+ }
+
+ public AsymmetricCipherKeyPair generateKeyPair()
+@@ -159,6 +157,8 @@ public AsymmetricCipherKeyPair generateKeyPair()
+ */
+ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger sqrdBound)
+ {
++ int iterations = getNumberOfIterations(bitlength, param.getCertainty());
++
+ for (int i = 0; i != 5 * bitlength; i++)
+ {
+ BigInteger p = new BigInteger(bitlength, 1, param.getRandom());
+@@ -173,7 +173,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+ continue;
+ }
+
+- if (!isProbablePrime(p))
++ if (!isProbablePrime(p, iterations))
+ {
+ continue;
+ }
+@@ -189,7 +189,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+ throw new IllegalStateException("unable to generate prime number for RSA key");
+ }
+
+- protected boolean isProbablePrime(BigInteger x)
++ protected boolean isProbablePrime(BigInteger x, int iterations)
+ {
+ /*
+ * Primes class for FIPS 186-4 C.3 primality checking
=====================================
debian/patches/CVE-2018-1000180_part2.patch
=====================================
--- /dev/null
+++ b/debian/patches/CVE-2018-1000180_part2.patch
@@ -0,0 +1,43 @@
+From 22467b6e8fe19717ecdf201c0cf91bacf04a55ad Mon Sep 17 00:00:00 2001
+From: David Hook <dgh at cryptoworkshop.com>
+Date: Mon, 23 Apr 2018 08:14:24 +1000
+Subject: [PATCH] BJA-694 minor tweak to avoid method signature change
+
+---
+ .../org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+index 3dafea948..beb1aee2e 100644
+--- a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
++++ b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+@@ -157,8 +157,6 @@ public AsymmetricCipherKeyPair generateKeyPair()
+ */
+ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger sqrdBound)
+ {
+- int iterations = getNumberOfIterations(bitlength, param.getCertainty());
+-
+ for (int i = 0; i != 5 * bitlength; i++)
+ {
+ BigInteger p = new BigInteger(bitlength, 1, param.getRandom());
+@@ -173,7 +171,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+ continue;
+ }
+
+- if (!isProbablePrime(p, iterations))
++ if (!isProbablePrime(p))
+ {
+ continue;
+ }
+@@ -189,8 +187,10 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+ throw new IllegalStateException("unable to generate prime number for RSA key");
+ }
+
+- protected boolean isProbablePrime(BigInteger x, int iterations)
++ protected boolean isProbablePrime(BigInteger x)
+ {
++ int iterations = getNumberOfIterations(x.bitLength(), param.getCertainty());
++
+ /*
+ * Primes class for FIPS 186-4 C.3 primality checking
+ */
=====================================
debian/patches/series
=====================================
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,5 @@
02_index.patch
fix-encoding.patch
backward-compatibility.patch
+CVE-2018-1000180_part1.patch
+CVE-2018-1000180_part2.patch
View it on GitLab: https://salsa.debian.org/java-team/bouncycastle/compare/978a528ac27e90d500c600bfdb133845c798cd24...77fe47a6a9fb780b319e156f8f44306bb104713a
--
View it on GitLab: https://salsa.debian.org/java-team/bouncycastle/compare/978a528ac27e90d500c600bfdb133845c798cd24...77fe47a6a9fb780b319e156f8f44306bb104713a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180612/12aa1677/attachment.html>
More information about the pkg-java-commits
mailing list