apoleon/CVE-2015-6644-Jessie.patch

## CVE-2015-6644-Jessie.patch
From: Markus Koschany <apo@debian.org>
Date: Sun, 9 Apr 2017 16:05:34 +0200
Subject: CVE-2015-6644

---
 .../bouncycastle/crypto/modes/GCMBlockCipher.java    | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
index 9e617ec..9a0ef6b 100644
--- a/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
+++ b/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
@@ -41,6 +41,7 @@ public class GCMBlockCipher
     private byte[]      macBlock;
     private byte[]      S, S_at, S_atPre;
     private byte[]      counter;
+    private int         blocksRemaining;
     private int         bufOff;
     private long        totalLength;
     private byte[]      atBlock;
@@ -168,6 +169,7 @@ public class GCMBlockCipher
         this.atLength = 0;
         this.atLengthPre = 0;
         this.counter = Arrays.clone(J0);
+        this.blocksRemaining = -2;
         this.bufOff = 0;
         this.totalLength = 0;

@@ -428,6 +430,7 @@ public class GCMBlockCipher
         atLength = 0;
         atLengthPre = 0;
         counter = Arrays.clone(J0);
+        blocksRemaining = -2;
         bufOff = 0;
         totalLength = 0;

@@ -494,16 +497,17 @@ public class GCMBlockCipher

     private byte[] getNextCounterBlock()
     {
-        for (int i = 15; i >= 12; --i)
+        if (blocksRemaining == 0)
         {
-            byte b = (byte)((counter[i] + 1) & 0xff);
-            counter[i] = b;
-
-            if (b != 0)
-            {
-                break;
-            }
+            throw new IllegalStateException("Attempt to process too many blocks");
         }
+        blocksRemaining--;
+
+        int c = 1;
+        c += counter[15] & 0xFF; counter[15] = (byte)c; c >>>= 8;
+        c += counter[14] & 0xFF; counter[14] = (byte)c; c >>>= 8;
+        c += counter[13] & 0xFF; counter[13] = (byte)c; c >>>= 8;
+        c += counter[12] & 0xFF; counter[12] = (byte)c;

         byte[] tmp = new byte[BLOCK_SIZE];
         // TODO Sure would be nice if ciphers could operate on int[]
	From: Markus Koschany <apo@debian.org>
	Date: Sun, 9 Apr 2017 16:05:34 +0200
	Subject: CVE-2015-6644

	---
	.../bouncycastle/crypto/modes/GCMBlockCipher.java \| 20 ++++++++++++--------
	1 file changed, 12 insertions(+), 8 deletions(-)

	diff --git a/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
	index 9e617ec..9a0ef6b 100644
	--- a/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
	+++ b/src/org/bouncycastle/crypto/modes/GCMBlockCipher.java
	@@ -41,6 +41,7 @@ public class GCMBlockCipher
	private byte[] macBlock;
	private byte[] S, S_at, S_atPre;
	private byte[] counter;
	+ private int blocksRemaining;
	private int bufOff;
	private long totalLength;
	private byte[] atBlock;
	@@ -168,6 +169,7 @@ public class GCMBlockCipher
	this.atLength = 0;
	this.atLengthPre = 0;
	this.counter = Arrays.clone(J0);
	+ this.blocksRemaining = -2;
	this.bufOff = 0;
	this.totalLength = 0;

	@@ -428,6 +430,7 @@ public class GCMBlockCipher
	atLength = 0;
	atLengthPre = 0;
	counter = Arrays.clone(J0);
	+ blocksRemaining = -2;
	bufOff = 0;
	totalLength = 0;

	@@ -494,16 +497,17 @@ public class GCMBlockCipher

	private byte[] getNextCounterBlock()
	{
	- for (int i = 15; i >= 12; --i)
	+ if (blocksRemaining == 0)
	{
	- byte b = (byte)((counter[i] + 1) & 0xff);
	- counter[i] = b;
	-
	- if (b != 0)
	- {
	- break;
	- }
	+ throw new IllegalStateException("Attempt to process too many blocks");
	}
	+ blocksRemaining--;
	+
	+ int c = 1;
	+ c += counter[15] & 0xFF; counter[15] = (byte)c; c >>>= 8;
	+ c += counter[14] & 0xFF; counter[14] = (byte)c; c >>>= 8;
	+ c += counter[13] & 0xFF; counter[13] = (byte)c; c >>>= 8;
	+ c += counter[12] & 0xFF; counter[12] = (byte)c;

	byte[] tmp = new byte[BLOCK_SIZE];
	// TODO Sure would be nice if ciphers could operate on int[]