CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

References

Affected packages

Git / github.com/bcgit/bc-java

Affected ranges

Type: GIT
Repo: https://github.com/bcgit/bc-java
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

22467b6e8fe19717ecdf201c0cf91bacf04a55ad

Fixed

73780ac522b7795fc165630aba8d5f5729acc839

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
        "deprecated": false,
        "id": "CVE-2018-1000180-4be11a56",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "257698838932714443289646009555494598341",
                "289848681659626294251947604395719801481",
                "156915566116362155606891889355124502872",
                "26895649160699150255602757069596481226",
                "220811889832895347815946836515128187770",
                "47045332555838027236932019877537168760",
                "22919438933150866736858579667051393581",
                "143814390065555812665951859181297093884",
                "237451756451439053358303576206498505327",
                "277246556836375319833842980669284337346",
                "130689352777683059142271724779473551753",
                "336435536837793534198724193478017402442",
                "17704946286379027993761977778742095203",
                "260155809973710943641365639216995634088",
                "7377602204838434508197526472147943878",
                "187118732279990443988316599001482697228",
                "214681161194493830139928104179165807571",
                "250657119348606598417294254264344680167",
                "144151817570865529575959812164844930523",
                "90485390753289015655808852128637265999"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
        "deprecated": false,
        "id": "CVE-2018-1000180-5e3a00a7",
        "digest": {
            "function_hash": "26046904150781172814100366087529876009",
            "length": 160.0
        },
        "signature_version": "v1",
        "target": {
            "function": "init",
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
        "deprecated": false,
        "id": "CVE-2018-1000180-7651a32a",
        "digest": {
            "function_hash": "180386821627022930209336221623287827991",
            "length": 587.0
        },
        "signature_version": "v1",
        "target": {
            "function": "chooseRandomPrime",
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839",
        "deprecated": false,
        "id": "CVE-2018-1000180-81d898a1",
        "digest": {
            "function_hash": "315724511571408902034389038163610651938",
            "length": 140.0
        },
        "signature_version": "v1",
        "target": {
            "function": "isProbablePrime",
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
        "deprecated": false,
        "id": "CVE-2018-1000180-8b6af0b8",
        "digest": {
            "function_hash": "27729502142872267922297904038327336014",
            "length": 149.0
        },
        "signature_version": "v1",
        "target": {
            "function": "isProbablePrime",
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad",
        "deprecated": false,
        "id": "CVE-2018-1000180-d2c8940d",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "37241332092936570627242432409298825798",
                "195260635595133800691077600044648505596",
                "285722143077504090987395592668400836412",
                "171255120392971314891725930518442638777",
                "319518172979322031606708392733565733104",
                "265327114450227984543453889458859355433",
                "202798530285906364200179439218695585720",
                "197160571916195115317016901004995391026",
                "269053106002936979940648009165920129944",
                "11169404668320650517863205883520913898",
                "8623795654927510216276052505167252789",
                "169874198158942799182872929991717271321",
                "327123855982038575496567462178584935276"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "core/src/main/java/org/bouncycastle/crypto/generators/RSAKeyPairGenerator.java"
        }
    }
]