jdk Cdiff src/share/classes/com/sun/crypto/provider/KeyProtector.java

src/share/classes/com/sun/crypto/provider/KeyProtector.java

rev 12548 : 8181692: Update storage implementations
Reviewed-by: weijun, igerasim


*** 1,7 ****
  /*
!  * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
--- 1,7 ----
  /*
!  * Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
   * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   *
   * This code is free software; you can redistribute it and/or modify it
   * under the terms of the GNU General Public License version 2 only, as
   * published by the Free Software Foundation.  Oracle designates this
*** 36,45 ****
--- 36,46 ----
  import java.security.GeneralSecurityException;
  import java.security.NoSuchAlgorithmException;
  import java.security.NoSuchProviderException;
  import java.security.UnrecoverableKeyException;
  import java.security.AlgorithmParameters;
+ import java.security.spec.InvalidParameterSpecException;
  import java.security.spec.PKCS8EncodedKeySpec;
  
  import javax.crypto.Cipher;
  import javax.crypto.CipherSpi;
  import javax.crypto.SecretKey;
*** 72,81 ****
--- 73,84 ----
  
      // JavaSoft proprietary key-protection algorithm (used to protect private
      // keys in the keystore implementation that comes with JDK 1.2)
      private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
  
+     private static final int MAX_ITERATION_COUNT = 5000000;
+     private static final int ITERATION_COUNT = 200000;
      private static final int SALT_LEN = 20; // the salt length
      private static final int DIGEST_LEN = 20;
  
      // the password used for protecting/recovering keys passed through this
      // key protector
*** 98,108 ****
          // create a random salt (8 bytes)
          byte[] salt = new byte[8];
          SunJCE.getRandom().nextBytes(salt);
  
          // create PBE parameters from salt and iteration count
!         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
  
          // create PBE key from password
          PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
          SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
          pbeKeySpec.clearPassword();
--- 101,111 ----
          // create a random salt (8 bytes)
          byte[] salt = new byte[8];
          SunJCE.getRandom().nextBytes(salt);
  
          // create PBE parameters from salt and iteration count
!         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
  
          // create PBE key from password
          PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
          SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
          pbeKeySpec.clearPassword();
*** 153,162 ****
--- 156,168 ----
                  AlgorithmParameters pbeParams =
                      AlgorithmParameters.getInstance("PBE");
                  pbeParams.init(encodedParams);
                  PBEParameterSpec pbeSpec =
                          pbeParams.getParameterSpec(PBEParameterSpec.class);
+                 if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
+                     throw new IOException("PBE iteration count too large");
+                 }
  
                  // create PBE key from password
                  PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
                  SecretKey sKey =
                      new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
*** 283,293 ****
          // create a random salt (8 bytes)
          byte[] salt = new byte[8];
          SunJCE.getRandom().nextBytes(salt);
  
          // create PBE parameters from salt and iteration count
!         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
  
          // create PBE key from password
          PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
          SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
          pbeKeySpec.clearPassword();
--- 289,299 ----
          // create a random salt (8 bytes)
          byte[] salt = new byte[8];
          SunJCE.getRandom().nextBytes(salt);
  
          // create PBE parameters from salt and iteration count
!         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
  
          // create PBE key from password
          PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
          SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
          pbeKeySpec.clearPassword();
*** 324,333 ****
--- 330,348 ----
              AlgorithmParameters params = soForKeyProtector.getParameters();
              if (params == null) {
                  throw new UnrecoverableKeyException("Cannot get " +
                                                      "algorithm parameters");
              }
+             PBEParameterSpec pbeSpec;
+             try {
+                 pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+             } catch (InvalidParameterSpecException ipse) {
+                 throw new IOException("Invalid PBE algorithm parameters");
+             }
+             if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
+                 throw new IOException("PBE iteration count too large");
+             }
              PBEWithMD5AndTripleDESCipher cipherSpi;
              cipherSpi = new PBEWithMD5AndTripleDESCipher();
              Cipher cipher = new CipherForKeyProtector(cipherSpi,
                                                        SunJCE.getInstance(),
                                                        "PBEWithMD5AndTripleDES");

< prev index next >