debian/changelog

+bouncycastle (1.59-2) unstable; urgency=high
+
+  * Team upload.
+  * Fix CVE-2018-1000180.
+    Thanks to Salvatore Bonaccorso for the report. (Closes: #900843)
+  * Declare compliance with Debian Policy 4.1.4.
+
+ -- Markus Koschany <apo@debian.org>  Tue, 12 Jun 2018 22:38:03 +0200
+
 bouncycastle (1.59-1) unstable; urgency=medium
 
   * Team upload.

debian/control

@@ -12,7 +12,7 @@ Build-Depends: ant,
                junit,
                libmail-java,
                maven-repo-helper
-Standards-Version: 4.1.3
+Standards-Version: 4.1.4
 Vcs-Git: https://anonscm.debian.org/git/pkg-java/bouncycastle.git
 Vcs-Browser: https://anonscm.debian.org/cgit/pkg-java/bouncycastle.git
 Homepage: http://www.bouncycastle.org

debian/patches/CVE-2018-1000180_part1.patch

+From 73780ac522b7795fc165630aba8d5f5729acc839 Mon Sep 17 00:00:00 2001
+From: David Hook <dgh@cryptoworkshop.com>
+Date: Thu, 19 Apr 2018 18:40:01 +1000
+Subject: [PATCH] BJA-694 cleaned up primality test
+
+---
+ .../org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java   | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+index f23f654b8..3dafea948 100644
+--- a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
++++ b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+@@ -20,12 +20,10 @@
+     private static final BigInteger ONE = BigInteger.valueOf(1);
+ 
+     private RSAKeyGenerationParameters param;
+-    private int iterations;
+ 
+     public void init(KeyGenerationParameters param)
+     {
+         this.param = (RSAKeyGenerationParameters)param;
+-        this.iterations = getNumberOfIterations(this.param.getStrength(), this.param.getCertainty());
+     }
+ 
+     public AsymmetricCipherKeyPair generateKeyPair()
+@@ -159,6 +157,8 @@ public AsymmetricCipherKeyPair generateKeyPair()
+      */
+     protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger sqrdBound)
+     {
++        int iterations = getNumberOfIterations(bitlength, param.getCertainty());
++
+         for (int i = 0; i != 5 * bitlength; i++)
+         {
+             BigInteger p = new BigInteger(bitlength, 1, param.getRandom());
+@@ -173,7 +173,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+                 continue;
+             }
+ 
+-            if (!isProbablePrime(p))
++            if (!isProbablePrime(p, iterations))
+             {
+                 continue;
+             }
+@@ -189,7 +189,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+         throw new IllegalStateException("unable to generate prime number for RSA key");
+     }
+ 
+-    protected boolean isProbablePrime(BigInteger x)
++    protected boolean isProbablePrime(BigInteger x, int iterations)
+     {
+         /*
+          * Primes class for FIPS 186-4 C.3 primality checking

debian/patches/CVE-2018-1000180_part2.patch

+From 22467b6e8fe19717ecdf201c0cf91bacf04a55ad Mon Sep 17 00:00:00 2001
+From: David Hook <dgh@cryptoworkshop.com>
+Date: Mon, 23 Apr 2018 08:14:24 +1000
+Subject: [PATCH] BJA-694 minor tweak to avoid method signature change
+
+---
+ .../org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java   | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+index 3dafea948..beb1aee2e 100644
+--- a/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
++++ b/core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java
+@@ -157,8 +157,6 @@ public AsymmetricCipherKeyPair generateKeyPair()
+      */
+     protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger sqrdBound)
+     {
+-        int iterations = getNumberOfIterations(bitlength, param.getCertainty());
+-
+         for (int i = 0; i != 5 * bitlength; i++)
+         {
+             BigInteger p = new BigInteger(bitlength, 1, param.getRandom());
+@@ -173,7 +171,7 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+                 continue;
+             }
+ 
+-            if (!isProbablePrime(p, iterations))
++            if (!isProbablePrime(p))
+             {
+                 continue;
+             }
+@@ -189,8 +187,10 @@ protected BigInteger chooseRandomPrime(int bitlength, BigInteger e, BigInteger s
+         throw new IllegalStateException("unable to generate prime number for RSA key");
+     }
+ 
+-    protected boolean isProbablePrime(BigInteger x, int iterations)
++    protected boolean isProbablePrime(BigInteger x)
+     {
++        int iterations = getNumberOfIterations(x.bitLength(), param.getCertainty());
++
+         /*
+          * Primes class for FIPS 186-4 C.3 primality checking
+          */

debian/patches/series

 02_index.patch
 fix-encoding.patch
 backward-compatibility.patch
+CVE-2018-1000180_part1.patch
+CVE-2018-1000180_part2.patch