|
 |
6fc53e |
From 9f29430656342829822568f4ef49f5237b41164b Mon Sep 17 00:00:00 2001
|
|
|
6fc53e |
From: Alexander Scheel <ascheel@redhat.com>
|
|
|
6fc53e |
Date: Fri, 28 Feb 2020 14:10:32 -0500
|
|
|
6fc53e |
Subject: [PATCH 1/2] Fix swapped parameter names with PBE
|
|
|
6fc53e |
|
|
|
6fc53e |
Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression
|
|
|
6fc53e |
related to extracting the parameter classes during PBE operations:
|
|
|
6fc53e |
previously, the classes of the underlying encryption algorithm were
|
|
|
6fc53e |
iterated over, instead of the classes of the PBE class itself. However,
|
|
|
6fc53e |
this commit iterated over the PBE parameter classes; no PBE algorithm
|
|
|
6fc53e |
accepts a IvParameterSpec, resulting in a null parameter passed to the
|
|
|
6fc53e |
later encryption or key wrap operation. This resulted in stack traces
|
|
|
6fc53e |
like the following:
|
|
|
6fc53e |
|
|
|
6fc53e |
Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter
|
|
|
6fc53e |
at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225)
|
|
|
6fc53e |
at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89)
|
|
|
6fc53e |
at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57)
|
|
|
6fc53e |
at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342)
|
|
|
6fc53e |
|
|
|
6fc53e |
Resolves: rh-bz#1807371
|
|
|
6fc53e |
|
|
|
6fc53e |
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
|
|
6fc53e |
---
|
|
|
6fc53e |
org/mozilla/jss/pkcs7/EncryptedContentInfo.java | 2 +-
|
|
|
6fc53e |
org/mozilla/jss/pkix/cms/EncryptedContentInfo.java | 2 +-
|
|
|
6fc53e |
org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++--
|
|
|
6fc53e |
3 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
6fc53e |
|
|
|
6fc53e |
diff --git a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
|
|
|
6fc53e |
index 084752c3..0344b14d 100644
|
|
|
6fc53e |
--- a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
|
|
|
6fc53e |
+++ b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
|
|
|
6fc53e |
@@ -182,7 +182,7 @@ public class EncryptedContentInfo implements ASN1Value {
|
|
|
6fc53e |
// generate IV
|
|
|
6fc53e |
EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
|
|
|
6fc53e |
AlgorithmParameterSpec params=null;
|
|
|
6fc53e |
- Class [] paramClasses = pbeAlg.getParameterClasses();
|
|
|
6fc53e |
+ Class [] paramClasses = encAlg.getParameterClasses();
|
|
|
6fc53e |
for (int i = 0; i < paramClasses.length; i ++) {
|
|
|
6fc53e |
if ( paramClasses[i].equals(
|
|
|
6fc53e |
javax.crypto.spec.IvParameterSpec.class ) ) {
|
|
|
6fc53e |
diff --git a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
|
|
|
6fc53e |
index a4709070..d85eb0d3 100644
|
|
|
6fc53e |
--- a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
|
|
|
6fc53e |
+++ b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
|
|
|
6fc53e |
@@ -180,7 +180,7 @@ public class EncryptedContentInfo implements ASN1Value {
|
|
|
6fc53e |
// generate IV
|
|
|
6fc53e |
EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
|
|
|
6fc53e |
AlgorithmParameterSpec params=null;
|
|
|
6fc53e |
- Class [] paramClasses = pbeAlg.getParameterClasses();
|
|
|
6fc53e |
+ Class [] paramClasses = encAlg.getParameterClasses();
|
|
|
6fc53e |
for (int i = 0; i < paramClasses.length; i ++) {
|
|
|
6fc53e |
if ( paramClasses[i].equals( IVParameterSpec.class ) ) {
|
|
|
6fc53e |
params = new IVParameterSpec( kg.generatePBE_IV() );
|
|
|
6fc53e |
diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
index b35714e3..ebd269f3 100644
|
|
|
6fc53e |
--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
+++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
|
|
|
6fc53e |
@@ -147,7 +147,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
|
|
|
6fc53e |
// generate IV
|
|
|
6fc53e |
EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
|
|
|
6fc53e |
AlgorithmParameterSpec params=null;
|
|
|
6fc53e |
- Class [] paramClasses = pbeAlg.getParameterClasses();
|
|
|
6fc53e |
+ Class [] paramClasses = encAlg.getParameterClasses();
|
|
|
6fc53e |
for (int i = 0; i < paramClasses.length; i ++) {
|
|
|
6fc53e |
if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) {
|
|
|
6fc53e |
params = new IVParameterSpec( kg.generatePBE_IV() );
|
|
|
6fc53e |
@@ -328,7 +328,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
|
|
|
6fc53e |
// generate IV
|
|
|
6fc53e |
EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
|
|
|
6fc53e |
AlgorithmParameterSpec params=null;
|
|
|
6fc53e |
- Class [] paramClasses = pbeAlg.getParameterClasses();
|
|
|
6fc53e |
+ Class [] paramClasses = encAlg.getParameterClasses();
|
|
|
6fc53e |
for (int i = 0; i < paramClasses.length; i ++) {
|
|
|
6fc53e |
if ( paramClasses[i].equals(
|
|
|
6fc53e |
javax.crypto.spec.IvParameterSpec.class ) ) {
|
|
|
6fc53e |
--
|
|
|
6fc53e |
2.24.1
|
|
|
6fc53e |
|