From 9f29430656342829822568f4ef49f5237b41164b Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Fri, 28 Feb 2020 14:10:32 -0500 Subject: [PATCH 1/2] Fix swapped parameter names with PBE Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression related to extracting the parameter classes during PBE operations: previously, the classes of the underlying encryption algorithm were iterated over, instead of the classes of the PBE class itself. However, this commit iterated over the PBE parameter classes; no PBE algorithm accepts a IvParameterSpec, resulting in a null parameter passed to the later encryption or key wrap operation. This resulted in stack traces like the following: Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225) at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89) at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57) at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342) Resolves: rh-bz#1807371 Signed-off-by: Alexander Scheel --- org/mozilla/jss/pkcs7/EncryptedContentInfo.java | 2 +- org/mozilla/jss/pkix/cms/EncryptedContentInfo.java | 2 +- org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java index 084752c3..0344b14d 100644 --- a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java +++ b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java @@ -182,7 +182,7 @@ public class EncryptedContentInfo implements ASN1Value { // generate IV EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); AlgorithmParameterSpec params=null; - Class [] paramClasses = pbeAlg.getParameterClasses(); + Class [] paramClasses = encAlg.getParameterClasses(); for (int i = 0; i < paramClasses.length; i ++) { if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) { diff --git a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java index a4709070..d85eb0d3 100644 --- a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java +++ b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java @@ -180,7 +180,7 @@ public class EncryptedContentInfo implements ASN1Value { // generate IV EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); AlgorithmParameterSpec params=null; - Class [] paramClasses = pbeAlg.getParameterClasses(); + Class [] paramClasses = encAlg.getParameterClasses(); for (int i = 0; i < paramClasses.length; i ++) { if ( paramClasses[i].equals( IVParameterSpec.class ) ) { params = new IVParameterSpec( kg.generatePBE_IV() ); diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java index b35714e3..ebd269f3 100644 --- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java +++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java @@ -147,7 +147,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { // generate IV EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); AlgorithmParameterSpec params=null; - Class [] paramClasses = pbeAlg.getParameterClasses(); + Class [] paramClasses = encAlg.getParameterClasses(); for (int i = 0; i < paramClasses.length; i ++) { if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) { params = new IVParameterSpec( kg.generatePBE_IV() ); @@ -328,7 +328,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value { // generate IV EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg(); AlgorithmParameterSpec params=null; - Class [] paramClasses = pbeAlg.getParameterClasses(); + Class [] paramClasses = encAlg.getParameterClasses(); for (int i = 0; i < paramClasses.length; i ++) { if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) { -- 2.24.1