packages/bouncycastle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!12 [sync] PR-10: Update to 1.67

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
This commit is contained in:
openeuler-ci-bot 2022-11-25 09:37:23 +00:00 committed by Gitee
commit 794778ebed
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
11 changed files with 29 additions and 364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

155
0001-cve-pre.patch
View File

@ -1,155 +0,0 @@
From 744c0dc2958870899d8b604bc3cclalef04db5 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Fri, 3 Jul 2020 23:18:22 +0700
Subject: [PATCH] Methods for generating random FEs
---
.../org/bouncycastle/math/ec/ECCurve.java | 90 ++++++++++++++++++-
1 file changed, 86 insertions(+), 4 deletions(-)
diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java
index 7c10c78..19cbd92 100644
--- a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java
+++ b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java
@@ -1,6 +1,7 @@
package org.bouncycastle.math.ec;
import java.math.BigInteger;
+import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Random;
@@ -107,6 +108,10 @@ protected ECCurve(FiniteField field)
public abstract boolean isValidFieldElement(BigInteger x);
+ public abstract ECFieldElement randomFieldElement(SecureRandom r);
+
+ public abstract ECFieldElement randomFieldElementMult(SecureRandom r);
+
public synchronized Config configure()
{
return new Config(this.coord, this.endomorphism, this.multiplier);
@@ -589,6 +594,30 @@ public boolean isValidFieldElement(BigInteger x)
return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0;
}
+ public ECFieldElement randomFieldElement(SecureRandom r)
+ {
+ /*
+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
+ * use the product of two independent elements to mitigate side-channels.
+ */
+ BigInteger p = getField().getCharacteristic();
+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElement(r, p));
+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElement(r, p));
+ return fe1.multiply(fe2);
+ }
+
+ public ECFieldElement randomFieldElementMult(SecureRandom r)
+ {
+ /*
+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
+ * use the product of two independent elements to mitigate side-channels.
+ */
+ BigInteger p = getField().getCharacteristic();
+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, p));
+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, p));
+ return fe1.multiply(fe2);
+ }
+
protected ECPoint decompressPoint(int yTilde, BigInteger X1)
{
ECFieldElement x = this.fromBigInteger(X1);
@@ -611,6 +640,28 @@ protected ECPoint decompressPoint(int yTilde, BigInteger X1)
return this.createRawPoint(x, y, true);
}
+
+ private static BigInteger implRandomFieldElement(SecureRandom r, BigInteger p)
+ {
+ BigInteger x;
+ do
+ {
+ x = BigIntegers.createRandomBigInteger(p.bitLength(), r);
+ }
+ while (x.compareTo(p) >= 0);
+ return x;
+ }
+
+ private static BigInteger implRandomFieldElementMult(SecureRandom r, BigInteger p)
+ {
+ BigInteger x;
+ do
+ {
+ x = BigIntegers.createRandomBigInteger(p.bitLength(), r);
+ }
+ while (x.signum() <= 0 || x.compareTo(p) >= 0);
+ return x;
+ }
}
/**
@@ -790,10 +841,6 @@ protected AbstractF2m(int m, int k1, int k2, int k3)
super(buildField(m, k1, k2, k3));
}
- public boolean isValidFieldElement(BigInteger x)
- {
- return x != null && x.signum() >= 0 && x.bitLength() <= this.getFieldSize();
- }
public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
{
@@ -840,6 +887,30 @@ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression)
return this.createRawPoint(X, Y, withCompression);
}
+ public boolean isValidFieldElement(BigInteger x)
+ {
+ return x != null && x.signum() >= 0 && x.bitLength() <= this.getFieldSize();
+ }
+
+ public ECFieldElement randomFieldElement(SecureRandom r)
+ {
+ int m = getFieldSize();
+ return fromBigInteger(BigIntegers.createRandomBigInteger(m, r));
+ }
+
+ public ECFieldElement randomFieldElementMult(SecureRandom r)
+ {
+ /*
+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we
+ * use the product of two independent elements to mitigate side-channels.
+ */
+ int m = getFieldSize();
+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, m));
+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, m));
+ return fe1.multiply(fe2);
+ }
+
+
/**
* Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2).
*
@@ -956,6 +1027,17 @@ public boolean isKoblitz()
{
return this.order != null && this.cofactor != null && this.b.isOne() && (this.a.isZero() || this.a.isOne());
}
+
+ private static BigInteger implRandomFieldElementMult(SecureRandom r, int m)
+ {
+ BigInteger x;
+ do
+ {
+ x = BigIntegers.createRandomBigInteger(m, r);
+ }
+ while (x.signum() <= 0);
+ return x;
+ }
}
/**
--
2.23.0

119
CVE-2019-17359.patch
View File

@ -1,119 +0,0 @@
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:41:28.246642457 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:42:45.727085573 +0800
@@ -139,7 +139,7 @@
{
boolean isConstructed = (tag & CONSTRUCTED) != 0;
- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length);
+ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length, limit);
if ((tag & APPLICATION) != 0)
{
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:41:28.246642457 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:43:14.097247799 +0800
@@ -168,7 +168,7 @@
}
else
{
- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length);
+ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length, _limit);
if ((tag & BERTags.APPLICATION) != 0)
{
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:45:17.287952074 +0800
@@ -19,9 +19,10 @@
DefiniteLengthInputStream(
InputStream in,
- int length)
+ int length,
+ int limit)
{
- super(in, length);
+ super(in, limit, length);
if (length < 0)
{
@@ -97,6 +98,12 @@
return EMPTY_BYTES;
}
+ //make sure it's safe to do this!
+ if (_remaining >= this.getLimit())
+ {
+ throw new IOException("corrupted stream - out of bounds length found: " + _remaining + " >= " + this.getLimit());
+ }
+
byte[] bytes = new byte[_remaining];
if ((_remaining -= Streams.readFully(_in, bytes)) != 0)
{
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:45:50.298140750 +0800
@@ -17,7 +17,7 @@
int limit)
throws IOException
{
- super(in, limit);
+ super(in, limit, limit);
_b1 = in.read();
_b2 = in.read();
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:41:28.256642514 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:47:41.218774610 +0800
@@ -10,19 +10,27 @@
{
protected final InputStream _in;
private int _limit;
+ private int _length;
LimitedInputStream(
InputStream in,
- int limit)
+ int limit,
+ int length)
{
this._in = in;
this._limit = limit;
+ this._length = length;
+ }
+
+ int getLimit()
+ {
+ return _limit;
}
int getRemaining()
{
// TODO: maybe one day this can become more accurate
- return _limit;
+ return _length;
}
protected void setParentEofDetect(boolean on)
diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java
--- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:41:28.256642514 +0800
+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:48:49.509164763 +0800
@@ -11,7 +11,7 @@
private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory();
/**
- * Find out possible longest length...
+ * Find out possible longest length, capped by available memory.
*
* @param in input stream of interest
* @return length calculation or MAX_VALUE.
@@ -20,7 +20,7 @@
{
if (in instanceof LimitedInputStream)
{
- return ((LimitedInputStream)in).getRemaining();
+ return ((LimitedInputStream)in).getLimit();
}
else if (in instanceof ASN1InputStream)
{

62
CVE-2020-15522.patch
View File

@ -1,62 +0,0 @@
From 87ab5d8470829879219e50213912bab6b1ab8fe8 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sat, 4 Jul 2020 00:09:03 +0700
Subject: [PATCH] Blind the inversion when normalizing
- see the paper "Yet another GCD based inversion side-channel affecting
ECC implementations" by Nir Drucker and Shay Gueron.
---
.../org/bouncycastle/math/ec/ECPoint.java | 27 ++++++++++++++++---
1 file changed, 24 insertions(+), 3 deletions(-)
diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java
index 20882dacc9..575ddb851e 100644
--- a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java
+++ b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java
@@ -1,8 +1,11 @@
package org.bouncycastle.math.ec;
import java.math.BigInteger;
+import java.security.SecureRandom;
import java.util.Hashtable;
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
+
/**
* base class for points on elliptic curves.
*/
@@ -222,13 +225,31 @@ public ECPoint normalize()
}
default:
{
- ECFieldElement Z1 = getZCoord(0);
- if (Z1.isOne())
+ ECFieldElement z = getZCoord(0);
+ if (z.isOne())
{
return this;
}
- return normalize(Z1.invert());
+ if (null == curve)
+ {
+ throw new IllegalStateException("Detached points must be in affine coordinates");
+ }
+
+ /*
+ * Use blinding to avoid the side-channel leak identified and analyzed in the paper
+ * "Yet another GCD based inversion side-channel affecting ECC implementations" by Nir
+ * Drucker and Shay Gueron.
+ *
+ * To blind the calculation of z^-1, choose a multiplicative (i.e. non-zero) field
+ * element 'b' uniformly at random, then calculate the result instead as (z * b)^-1 * b.
+ * Any side-channel in the implementation of 'inverse' now only leaks information about
+ * the value (z * b), and no longer reveals information about 'z' itself.
+ */
+ SecureRandom r = CryptoServicesRegistrar.getSecureRandom();
+ ECFieldElement b = curve.randomFieldElementMult(r);
+ ECFieldElement zInv = z.multiply(b).invert().multiply(b);
+ return normalize(zInv);
}
}
}

8
bcmail-jdk15on-1.61.pom → bcmail-jdk15on-1.67.pom
View File

@ -5,8 +5,8 @@
<artifactId>bcmail-jdk15on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle S/MIME API</name>
<version>1.61</version>
<description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
<version>1.67</version>
<description>The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed.</description>
<url>http://www.bouncycastle.org/java.html</url>
<licenses>
<license>
@ -33,13 +33,13 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
<version>1.67</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.61</version>
<version>1.67</version>
<type>jar</type>
</dependency>
</dependencies>

6
bcpg-jdk15on-1.61.pom → bcpg-jdk15on-1.67.pom
View File

@ -5,8 +5,8 @@
<artifactId>bcpg-jdk15on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle OpenPGP API</name>
<version>1.61</version>
<description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<version>1.67</version>
<description>The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<url>http://www.bouncycastle.org/java.html</url>
<licenses>
<license>
@ -38,7 +38,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
<version>1.67</version>
<type>jar</type>
</dependency>
</dependencies>

6
bcpkix-jdk15on-1.61.pom → bcpkix-jdk15on-1.67.pom
View File

@ -5,8 +5,8 @@
<artifactId>bcpkix-jdk15on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs</name>
<version>1.61</version>
<description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<version>1.67</version>
<description>The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.</description>
<url>http://www.bouncycastle.org/java.html</url>
<licenses>
<license>
@ -33,7 +33,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
<version>1.67</version>
<type>jar</type>
</dependency>
</dependencies>

4
bcprov-jdk15on-1.61.pom → bcprov-jdk15on-1.67.pom
View File

@ -5,8 +5,8 @@
<artifactId>bcprov-jdk15on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle Provider</name>
<version>1.61</version>
<description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.</description>
<version>1.67</version>
<description>The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.</description>
<url>http://www.bouncycastle.org/java.html</url>
<licenses>
<license>

4
bctls-jdk15on-1.61.pom → bctls-jdk15on-1.67.pom
View File

@ -5,7 +5,7 @@
<artifactId>bctls-jdk15on</artifactId>
<packaging>jar</packaging>
<name>Bouncy Castle JSSE provider and TLS/DTLS API</name>
<version>1.61</version>
<version>1.67</version>
<description>The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE.</description>
<url>http://www.bouncycastle.org/java.html</url>
<licenses>
@ -33,7 +33,7 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.61</version>
<version>1.67</version>
<type>jar</type>
</dependency>
</dependencies>

29
bouncycastle.spec
View File

@ -1,25 +1,23 @@
%define tag r1rv61
%define tag r1rv67
%define class_name org.bouncycastle.jce.provider.BouncyCastleProvider
%define jdk_dir build/artifacts/jdk1.5
%define java_sec_dir %{_sysconfdir}/java/security/security.d
%define suffix_name security/classpath.security
Name: bouncycastle
Version: 1.61
Release: 5
Version: 1.67
Release: 1
Summary: A Java implementation of cryptographic algorithms
License: MIT
URL: http://www.bouncycastle.org
Source0: https://github.com/bcgit/bc-java/archive/%{tag}.tar.gz
Source1: http://repo1.maven.org/maven2/org/bouncycastle/bcmail-jdk15on/%{version}/bcmail-jdk15on-%{version}.pom
Source2: http://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%{version}/bcpg-jdk15on-%{version}.pom
Source3: http://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom
Source4: http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom
Source5: http://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom
Patch6000: CVE-2019-17359.patch
Patch6001: 0001-cve-pre.patch
Patch6002: CVE-2020-15522.patch
Source1: https://repo1.maven.org/maven2/org/bouncycastle/bcmail-jdk15on/%{version}/bcmail-jdk15on-%{version}.pom
Source2: https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%{version}/bcpg-jdk15on-%{version}.pom
Source3: https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom
Source4: https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom
Source5: https://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom
BuildRequires: ant ant-junit aqute-bnd javamail javapackages-local
BuildRequires: jakarta-activation
Requires(post): javapackages-tools
Requires(postun): javapackages-tools
@ -55,7 +53,7 @@ infrastructure to conform the algorithms to the JCE framework.
find . -type f -name "*.class" -delete
find . -type f -name "*.jar" -delete
sed -i -e '/<javadoc/aadditionalparam="-Xdoclint:none" encoding="UTF-8"' \
sed -i -e '/<javadoc/aadditionalparam="-Xdoclint:none" encoding="UTF-8" source="1.8"' \
-e '/<javac/aencoding="UTF-8"' ant/bc+-build.xml
cp -p %{SOURCE1} bcmail.pom
@ -66,10 +64,10 @@ cp -p %{SOURCE5} bctls.pom
%build
ant -f ant/jdk15+.xml \
-Dactivation.jar.home= \
-Dactivation.jar.home=$(build-classpath jakarta-activation/jakarta.activation) \
-Dmail.jar.home=$(build-classpath javax.mail) \
-Djunit.jar.home=$(build-classpath junit) \
-Drelease.debug=true \
-Drelease.debug=true -Dbc.javac.source=1.8 -Dbc.javac.target=1.8 \
clean build-provider build
cat > bnd.bnd <<EOF
@ -148,6 +146,9 @@ fi
%{java_sec_dir}/2000-%{class_name}
%changelog
* Fri Nov 25 2022 wangkai <wangkai385@h-partners.com> - 1.67-1
- Update to 1.67
* Sat Jul 31 2021 liwu <liwu13@huawei.com> - 1.61-5
- fix CVE-2020-15522

BIN
r1rv61.tar.gz
View File

Binary file not shown.

BIN
r1rv67.tar.gz Normal file
View File

Binary file not shown.