diff --git a/0001-cve-pre.patch b/0001-cve-pre.patch deleted file mode 100644 index 03e5d6e9987b3b9855f977e6267eb6f0892eef7e..0000000000000000000000000000000000000000 --- a/0001-cve-pre.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 744c0dc2958870899d8b604bc3cclalef04db5 Mon Sep 17 00:00:00 2001 -From: Peter Dettman -Date: Fri, 3 Jul 2020 23:18:22 +0700 -Subject: [PATCH] Methods for generating random FEs - ---- - .../org/bouncycastle/math/ec/ECCurve.java | 90 ++++++++++++++++++- - 1 file changed, 86 insertions(+), 4 deletions(-) - -diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java -index 7c10c78..19cbd92 100644 ---- a/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java -+++ b/core/src/main/java/org/bouncycastle/math/ec/ECCurve.java -@@ -1,6 +1,7 @@ - package org.bouncycastle.math.ec; - - import java.math.BigInteger; -+import java.security.SecureRandom; - import java.util.Hashtable; - import java.util.Random; - -@@ -107,6 +108,10 @@ protected ECCurve(FiniteField field) - - public abstract boolean isValidFieldElement(BigInteger x); - -+ public abstract ECFieldElement randomFieldElement(SecureRandom r); -+ -+ public abstract ECFieldElement randomFieldElementMult(SecureRandom r); -+ - public synchronized Config configure() - { - return new Config(this.coord, this.endomorphism, this.multiplier); -@@ -589,6 +594,30 @@ public boolean isValidFieldElement(BigInteger x) - return x != null && x.signum() >= 0 && x.compareTo(this.getField().getCharacteristic()) < 0; - } - -+ public ECFieldElement randomFieldElement(SecureRandom r) -+ { -+ /* -+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we -+ * use the product of two independent elements to mitigate side-channels. -+ */ -+ BigInteger p = getField().getCharacteristic(); -+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElement(r, p)); -+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElement(r, p)); -+ return fe1.multiply(fe2); -+ } -+ -+ public ECFieldElement randomFieldElementMult(SecureRandom r) -+ { -+ /* -+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we -+ * use the product of two independent elements to mitigate side-channels. -+ */ -+ BigInteger p = getField().getCharacteristic(); -+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, p)); -+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, p)); -+ return fe1.multiply(fe2); -+ } -+ - protected ECPoint decompressPoint(int yTilde, BigInteger X1) - { - ECFieldElement x = this.fromBigInteger(X1); -@@ -611,6 +640,28 @@ protected ECPoint decompressPoint(int yTilde, BigInteger X1) - - return this.createRawPoint(x, y, true); - } -+ -+ private static BigInteger implRandomFieldElement(SecureRandom r, BigInteger p) -+ { -+ BigInteger x; -+ do -+ { -+ x = BigIntegers.createRandomBigInteger(p.bitLength(), r); -+ } -+ while (x.compareTo(p) >= 0); -+ return x; -+ } -+ -+ private static BigInteger implRandomFieldElementMult(SecureRandom r, BigInteger p) -+ { -+ BigInteger x; -+ do -+ { -+ x = BigIntegers.createRandomBigInteger(p.bitLength(), r); -+ } -+ while (x.signum() <= 0 || x.compareTo(p) >= 0); -+ return x; -+ } - } - - /** -@@ -790,10 +841,6 @@ protected AbstractF2m(int m, int k1, int k2, int k3) - super(buildField(m, k1, k2, k3)); - } - -- public boolean isValidFieldElement(BigInteger x) -- { -- return x != null && x.signum() >= 0 && x.bitLength() <= this.getFieldSize(); -- } - - public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression) - { -@@ -840,6 +887,30 @@ public ECPoint createPoint(BigInteger x, BigInteger y, boolean withCompression) - return this.createRawPoint(X, Y, withCompression); - } - -+ public boolean isValidFieldElement(BigInteger x) -+ { -+ return x != null && x.signum() >= 0 && x.bitLength() <= this.getFieldSize(); -+ } -+ -+ public ECFieldElement randomFieldElement(SecureRandom r) -+ { -+ int m = getFieldSize(); -+ return fromBigInteger(BigIntegers.createRandomBigInteger(m, r)); -+ } -+ -+ public ECFieldElement randomFieldElementMult(SecureRandom r) -+ { -+ /* -+ * NOTE: BigInteger comparisons in the rejection sampling are not constant-time, so we -+ * use the product of two independent elements to mitigate side-channels. -+ */ -+ int m = getFieldSize(); -+ ECFieldElement fe1 = fromBigInteger(implRandomFieldElementMult(r, m)); -+ ECFieldElement fe2 = fromBigInteger(implRandomFieldElementMult(r, m)); -+ return fe1.multiply(fe2); -+ } -+ -+ - /** - * Decompresses a compressed point P = (xp, yp) (X9.62 s 4.2.2). - * -@@ -956,6 +1027,17 @@ public boolean isKoblitz() - { - return this.order != null && this.cofactor != null && this.b.isOne() && (this.a.isZero() || this.a.isOne()); - } -+ -+ private static BigInteger implRandomFieldElementMult(SecureRandom r, int m) -+ { -+ BigInteger x; -+ do -+ { -+ x = BigIntegers.createRandomBigInteger(m, r); -+ } -+ while (x.signum() <= 0); -+ return x; -+ } - } - - /** --- -2.23.0 - diff --git a/CVE-2019-17359.patch b/CVE-2019-17359.patch deleted file mode 100644 index 8af990c5f34ca860c550378b930bee8ce7e7b6c9..0000000000000000000000000000000000000000 --- a/CVE-2019-17359.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:41:28.246642457 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1InputStream.java 2019-12-25 16:42:45.727085573 +0800 -@@ -139,7 +139,7 @@ - { - boolean isConstructed = (tag & CONSTRUCTED) != 0; - -- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length); -+ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(this, length, limit); - - if ((tag & APPLICATION) != 0) - { -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:41:28.246642457 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/ASN1StreamParser.java 2019-12-25 16:43:14.097247799 +0800 -@@ -168,7 +168,7 @@ - } - else - { -- DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length); -+ DefiniteLengthInputStream defIn = new DefiniteLengthInputStream(_in, length, _limit); - - if ((tag & BERTags.APPLICATION) != 0) - { -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/DefiniteLengthInputStream.java 2019-12-25 16:45:17.287952074 +0800 -@@ -19,9 +19,10 @@ - - DefiniteLengthInputStream( - InputStream in, -- int length) -+ int length, -+ int limit) - { -- super(in, length); -+ super(in, limit, length); - - if (length < 0) - { -@@ -97,6 +98,12 @@ - return EMPTY_BYTES; - } - -+ //make sure it's safe to do this! -+ if (_remaining >= this.getLimit()) -+ { -+ throw new IOException("corrupted stream - out of bounds length found: " + _remaining + " >= " + this.getLimit()); -+ } -+ - byte[] bytes = new byte[_remaining]; - if ((_remaining -= Streams.readFully(_in, bytes)) != 0) - { -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:41:28.246642457 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/IndefiniteLengthInputStream.java 2019-12-25 16:45:50.298140750 +0800 -@@ -17,7 +17,7 @@ - int limit) - throws IOException - { -- super(in, limit); -+ super(in, limit, limit); - - _b1 = in.read(); - _b2 = in.read(); -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:41:28.256642514 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/LimitedInputStream.java 2019-12-25 16:47:41.218774610 +0800 -@@ -10,19 +10,27 @@ - { - protected final InputStream _in; - private int _limit; -+ private int _length; - - LimitedInputStream( - InputStream in, -- int limit) -+ int limit, -+ int length) - { - this._in = in; - this._limit = limit; -+ this._length = length; -+ } -+ -+ int getLimit() -+ { -+ return _limit; - } - - int getRemaining() - { - // TODO: maybe one day this can become more accurate -- return _limit; -+ return _length; - } - - protected void setParentEofDetect(boolean on) -diff -Nur bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java ---- bc-java-r1rv61.org/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:41:28.256642514 +0800 -+++ bc-java-r1rv61/core/src/main/java/org/bouncycastle/asn1/StreamUtil.java 2019-12-25 16:48:49.509164763 +0800 -@@ -11,7 +11,7 @@ - private static final long MAX_MEMORY = Runtime.getRuntime().maxMemory(); - - /** -- * Find out possible longest length... -+ * Find out possible longest length, capped by available memory. - * - * @param in input stream of interest - * @return length calculation or MAX_VALUE. -@@ -20,7 +20,7 @@ - { - if (in instanceof LimitedInputStream) - { -- return ((LimitedInputStream)in).getRemaining(); -+ return ((LimitedInputStream)in).getLimit(); - } - else if (in instanceof ASN1InputStream) - { diff --git a/CVE-2020-15522.patch b/CVE-2020-15522.patch deleted file mode 100644 index 372b178b0a3750494fb1f7592fe10c0551c2992f..0000000000000000000000000000000000000000 --- a/CVE-2020-15522.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 87ab5d8470829879219e50213912bab6b1ab8fe8 Mon Sep 17 00:00:00 2001 -From: Peter Dettman -Date: Sat, 4 Jul 2020 00:09:03 +0700 -Subject: [PATCH] Blind the inversion when normalizing - -- see the paper "Yet another GCD based inversion side-channel affecting -ECC implementations" by Nir Drucker and Shay Gueron. ---- - .../org/bouncycastle/math/ec/ECPoint.java | 27 ++++++++++++++++--- - 1 file changed, 24 insertions(+), 3 deletions(-) - -diff --git a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java -index 20882dacc9..575ddb851e 100644 ---- a/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java -+++ b/core/src/main/java/org/bouncycastle/math/ec/ECPoint.java -@@ -1,8 +1,11 @@ - package org.bouncycastle.math.ec; - - import java.math.BigInteger; -+import java.security.SecureRandom; - import java.util.Hashtable; - -+import org.bouncycastle.crypto.CryptoServicesRegistrar; -+ - /** - * base class for points on elliptic curves. - */ -@@ -222,13 +225,31 @@ public ECPoint normalize() - } - default: - { -- ECFieldElement Z1 = getZCoord(0); -- if (Z1.isOne()) -+ ECFieldElement z = getZCoord(0); -+ if (z.isOne()) - { - return this; - } - -- return normalize(Z1.invert()); -+ if (null == curve) -+ { -+ throw new IllegalStateException("Detached points must be in affine coordinates"); -+ } -+ -+ /* -+ * Use blinding to avoid the side-channel leak identified and analyzed in the paper -+ * "Yet another GCD based inversion side-channel affecting ECC implementations" by Nir -+ * Drucker and Shay Gueron. -+ * -+ * To blind the calculation of z^-1, choose a multiplicative (i.e. non-zero) field -+ * element 'b' uniformly at random, then calculate the result instead as (z * b)^-1 * b. -+ * Any side-channel in the implementation of 'inverse' now only leaks information about -+ * the value (z * b), and no longer reveals information about 'z' itself. -+ */ -+ SecureRandom r = CryptoServicesRegistrar.getSecureRandom(); -+ ECFieldElement b = curve.randomFieldElementMult(r); -+ ECFieldElement zInv = z.multiply(b).invert().multiply(b); -+ return normalize(zInv); - } - } - } diff --git a/bcmail-jdk15on-1.61.pom b/bcmail-jdk15on-1.67.pom similarity index 77% rename from bcmail-jdk15on-1.61.pom rename to bcmail-jdk15on-1.67.pom index e720603e91e173e5d58dd9b1a715bd810f86cfa0..ce6412a1f2173edf6a959a4670caea9e53bb36ec 100644 --- a/bcmail-jdk15on-1.61.pom +++ b/bcmail-jdk15on-1.67.pom @@ -5,8 +5,8 @@ bcmail-jdk15on jar Bouncy Castle S/MIME API - 1.61 - The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. + 1.67 + The Bouncy Castle Java S/MIME APIs for handling S/MIME protocols. This jar contains S/MIME APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. The JavaMail API and the Java activation framework will also be needed. http://www.bouncycastle.org/java.html @@ -33,13 +33,13 @@ org.bouncycastle bcprov-jdk15on - 1.61 + 1.67 jar org.bouncycastle bcpkix-jdk15on - 1.61 + 1.67 jar diff --git a/bcpg-jdk15on-1.61.pom b/bcpg-jdk15on-1.67.pom similarity index 83% rename from bcpg-jdk15on-1.61.pom rename to bcpg-jdk15on-1.67.pom index e5b414dabbcd4a0240bcc2083c99d635552eb53c..fa1975289417d4aa0157cacafcfc488ecf711436 100644 --- a/bcpg-jdk15on-1.61.pom +++ b/bcpg-jdk15on-1.67.pom @@ -5,8 +5,8 @@ bcpg-jdk15on jar Bouncy Castle OpenPGP API - 1.61 - The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.67 + The Bouncy Castle Java API for handling the OpenPGP protocol. This jar contains the OpenPGP API for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -38,7 +38,7 @@ org.bouncycastle bcprov-jdk15on - 1.61 + 1.67 jar diff --git a/bcpkix-jdk15on-1.61.pom b/bcpkix-jdk15on-1.67.pom similarity index 84% rename from bcpkix-jdk15on-1.61.pom rename to bcpkix-jdk15on-1.67.pom index 5497b8723a53bcc127f7df2b4e81c732b10f4729..12633c0500e730d7ef791bb5c4057377ed9e358f 100644 --- a/bcpkix-jdk15on-1.61.pom +++ b/bcpkix-jdk15on-1.67.pom @@ -5,8 +5,8 @@ bcpkix-jdk15on jar Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs - 1.61 - The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. + 1.67 + The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. http://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk15on - 1.61 + 1.67 jar diff --git a/bcprov-jdk15on-1.61.pom b/bcprov-jdk15on-1.67.pom similarity index 94% rename from bcprov-jdk15on-1.61.pom rename to bcprov-jdk15on-1.67.pom index 04fe3fa6736cf375a4fa02f54905839151e376f3..65f379fbdb3186fb45ec5c2d2ca3e6fd94ab4575 100644 --- a/bcprov-jdk15on-1.61.pom +++ b/bcprov-jdk15on-1.67.pom @@ -5,8 +5,8 @@ bcprov-jdk15on jar Bouncy Castle Provider - 1.61 - The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8. + 1.67 + The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. http://www.bouncycastle.org/java.html diff --git a/bctls-jdk15on-1.61.pom b/bctls-jdk15on-1.67.pom similarity index 95% rename from bctls-jdk15on-1.61.pom rename to bctls-jdk15on-1.67.pom index d5634cb1dadd7e6c1e14192b65915999b4d63bd8..2c00d62186a2aeac866fcb045a5bf7205f9febf9 100644 --- a/bctls-jdk15on-1.61.pom +++ b/bctls-jdk15on-1.67.pom @@ -5,7 +5,7 @@ bctls-jdk15on jar Bouncy Castle JSSE provider and TLS/DTLS API - 1.61 + 1.67 The Bouncy Castle Java APIs for TLS and DTLS, including a provider for the JSSE. http://www.bouncycastle.org/java.html @@ -33,7 +33,7 @@ org.bouncycastle bcprov-jdk15on - 1.61 + 1.67 jar diff --git a/bouncycastle.spec b/bouncycastle.spec index 905887f08902c00ea79a7967d7f727bf5df32eef..7c789c83bae1120688431a277900af3e6cc51995 100644 --- a/bouncycastle.spec +++ b/bouncycastle.spec @@ -1,25 +1,23 @@ -%define tag r1rv61 +%define tag r1rv67 %define class_name org.bouncycastle.jce.provider.BouncyCastleProvider %define jdk_dir build/artifacts/jdk1.5 %define java_sec_dir %{_sysconfdir}/java/security/security.d %define suffix_name security/classpath.security Name: bouncycastle -Version: 1.61 -Release: 5 +Version: 1.67 +Release: 1 Summary: A Java implementation of cryptographic algorithms License: MIT URL: http://www.bouncycastle.org Source0: https://github.com/bcgit/bc-java/archive/%{tag}.tar.gz -Source1: http://repo1.maven.org/maven2/org/bouncycastle/bcmail-jdk15on/%{version}/bcmail-jdk15on-%{version}.pom -Source2: http://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%{version}/bcpg-jdk15on-%{version}.pom -Source3: http://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom -Source4: http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom -Source5: http://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom -Patch6000: CVE-2019-17359.patch -Patch6001: 0001-cve-pre.patch -Patch6002: CVE-2020-15522.patch +Source1: https://repo1.maven.org/maven2/org/bouncycastle/bcmail-jdk15on/%{version}/bcmail-jdk15on-%{version}.pom +Source2: https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/%{version}/bcpg-jdk15on-%{version}.pom +Source3: https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/%{version}/bcpkix-jdk15on-%{version}.pom +Source4: https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/%{version}/bcprov-jdk15on-%{version}.pom +Source5: https://repo1.maven.org/maven2/org/bouncycastle/bctls-jdk15on/%{version}/bctls-jdk15on-%{version}.pom BuildRequires: ant ant-junit aqute-bnd javamail javapackages-local +BuildRequires: jakarta-activation Requires(post): javapackages-tools Requires(postun): javapackages-tools @@ -55,7 +53,7 @@ infrastructure to conform the algorithms to the JCE framework. find . -type f -name "*.class" -delete find . -type f -name "*.jar" -delete -sed -i -e '/ bnd.bnd < - 1.67-1 +- Update to 1.67 + * Sat Jul 31 2021 liwu - 1.61-5 - fix CVE-2020-15522 diff --git a/r1rv61.tar.gz b/r1rv67.tar.gz similarity index 31% rename from r1rv61.tar.gz rename to r1rv67.tar.gz index 289564a0c0720ef31be7f1b52bd11b575a56717a..c84436af38a17ae6f2af7d15b1d48780cc4fe811 100644 Binary files a/r1rv61.tar.gz and b/r1rv67.tar.gz differ