From 33e7c047626b75ef491dd1131ca138b4cce617bf Mon Sep 17 00:00:00 2001
From: Ryan Goulding <ryandgoulding@gmail.com>
Date: Fri, 24 Feb 2017 13:52:55 -0500
Subject: [PATCH] Bump bouncycastle dependencies from 1.55 to 1.56

Comprehensive release notes can be found here:

https://www.bouncycastle.org/releasenotes.html

This release fixes the following:

*    It is now possible to configure the provider to only import keys for specific named curves.
*    Work has been done to improve the "constant time" behaviour of the RSA padding mechanisms.
*    The GCM ciphers in the JCE and lightweight API will now fail if an attempt is made to use
     them for encryption after doFinal or without changing the IV.
*    The constructor for IESParameterSpec that allows the use of cipher without a nonce has been
     deleted. See also details for CVE-2016-1000344, CVE-2016-1000352.
*    Strict encoding enforcement has been introduced for ASN1Integer.
*    CVE-2016-1000338: DSA does not fully validate ASN.1 encoding of signature on verification.
     It is possible to inject extra elements in the sequence making up the signature and still
     have it validate, which in some cases may allow the introduction of "invisible" data into a
     signed structure.
*    CVE-2016-1000339: AESFastEngine has a side channel leak if table accesses can be observed.
     The use of lookup large static lookup tables in AESFastEngine means that where data accesses
     by the CPU can be observed, it is possible to gain information about the key used to
     initialize the cipher. We now recommend not using AESFastEngine where this might be a concern.
     The BC provider is now using AESEngine by default.
*    CVE-2016-1000340: Static ECDH vulnerable to carry propagation bug. Carry propagation bugs in
     the implementation of squaring for several raw math classes have been fixed
     (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve
     implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare
     (in general usage) spurious calculations for elliptic curve scalar multiplications. Such
     errors would have been detected with high probability by the output validation for our scalar
     multipliers.
*    CVE-2016-1000341: DSA signature generation vulnerable to timing attack. Where timings can be
     closely observed for the generation of signatures, the lack of blinding in 1.55 or earlier,
     may allow an attacker to gain information about the signatures k value and ultimately the
     private value as well.
*    CVE-2016-1000342: ECDSA does not fully validate ASN.1 encoding of signature on verification.
     It is possible to inject extra elements in the sequence making up the signature and still have
     it validate, which in some cases may allow the introduction of "invisible" data into a signed
     structure.
*    CVE-2016-1000343: DSA key pair generator generates a weak private key if used with default
     values. If the JCA key pair generator is not explicitly initialised with DSA parameters,
     1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases
     this can be dealt with by explicitly passing parameters to the key pair generator.
*    CVE-2016-1000344: DHIES allows the use of unsafe ECB mode. This algorithm is now removed from
     the provider.
*    CVE-2016-1000345: DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and
     older, in an environment where timings can be easily observed, it is possible with enough
     observations to identify when the decryption is failing due to padding.
*    CVE-2016-1000346: Other party DH public key not fully validated. This can cause issues as
     invalid keys can be used to reveal details about the other party's private key where static
     Diffie-Hellman is in use. As of this release the key parameters are checked on agreement
     calculation.
*    CVE-2016-1000352: ECIES allows the use of unsafe ECB mode. This algorithm is now removed
     from the provider.

This upgraded provider provides a great number of security fixes.  We should consider moving to
the updated version swiftly.

Change-Id: I0cec4b220bf6d37a76718faad682a9cf095a0dc1
Signed-off-by: Ryan Goulding <ryandgoulding@gmail.com>
---
 odlparent/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/odlparent/pom.xml b/odlparent/pom.xml
index 70a166454..86e6b7b31 100644
--- a/odlparent/pom.xml
+++ b/odlparent/pom.xml
@@ -100,7 +100,7 @@
 
     <!-- Supporting Libraries -->
     <!-- Used by controller -->
-    <bouncycastle.version>1.55</bouncycastle.version>
+    <bouncycastle.version>1.56</bouncycastle.version>
 
     <!-- Used by controller, snbi; see also centinel, dlux, toolkit -->
     <osgi.core.version>5.0.0</osgi.core.version>
-- 
2.36.6