packages/openjdk-1.8.0
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjdk-1.8.0/penetration_testing_vulnerability_fix.patch
kuenking111 45f1527add I4TXR9: Fix code consistency after upgrade 8u322
2022-02-16 15:18:47 +08:00

125 lines
6.0 KiB
Diff
Executable File
Raw Blame History

diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
index 429c65fc0..6094c82a1 100644
--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
+++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEDHKeyPairGenerator.java
@@ -148,6 +148,9 @@ public class KAEDHKeyPairGenerator
throw new ProviderException("Invoke nativeGenerateKeyPair failed.", e);
}
+ // check keys
+ checkKeys(keys);
+
BigInteger pubKey = new BigInteger(keys[0]);
BigInteger priKey = new BigInteger(keys[1]);
@@ -162,5 +165,21 @@ public class KAEDHKeyPairGenerator
throw new ProviderException(ikse);
}
}
+
+ private void checkKeys(byte[][] keys) {
+ if (keys == null) {
+ throw new ProviderException("Invalid keys, keys is null.");
+ }
+ // The keys needs to contain at least 2 byte arrays, which are public and private keys.
+ if (keys.length < 2) {
+ throw new ProviderException("Invalid keys, keys length is less than 2.");
+ }
+ for (int i = 0; i < keys.length; i++) {
+ if (keys[i] == null) {
+ throw new ProviderException("Invalid keys, keys[" + i + "]" + "is null.");
+ }
+ }
+ }
+
protected native static byte[][] nativeGenerateKeyPair(byte[] p, byte[] g, int lSize);
}
diff --git a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
index 5f0c4db05..812980608 100644
--- a/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
+++ b/jdk/src/solaris/classes/org/openeuler/security/openssl/KAEECKeyPairGenerator.java
@@ -65,9 +65,8 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi {
private ECParameterSpec getParamsByCurve(String curveName) {
byte[][] params = nativeGenerateParam(curveName);
- if (params == null) {
- throw new InvalidParameterException("unknown curve " + curveName);
- }
+ // check params
+ checkParams(params, curveName);
BigInteger p = new BigInteger(params[0]);
BigInteger a = new BigInteger(params[1]);
BigInteger b = new BigInteger(params[2]);
@@ -82,6 +81,21 @@ public class KAEECKeyPairGenerator extends KeyPairGeneratorSpi {
return spec;
}
+ private void checkParams(byte[][] params, String curveName) {
+ if (params == null) {
+ throw new InvalidParameterException("Unknown curve " + curveName);
+ }
+ // The params needs to contain at least 7 byte arrays, which are p,a,b,x,y,order and cofactor.
+ if (params.length < 7) {
+ throw new InvalidParameterException("The params length is less than 7.");
+ }
+ for (int i = 0; i < params.length; i++) {
+ if (params[i] == null) {
+ throw new InvalidParameterException("The params[" + i + "]" + "is null.");
+ }
+ }
+ }
+
@Override
public void initialize(AlgorithmParameterSpec param, SecureRandom random) throws InvalidAlgorithmParameterException {
if (param instanceof ECParameterSpec) {
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c
index 9ccc617c4..a43da7b30 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_exception.c
@@ -105,14 +105,10 @@ void KAE_ThrowFromOpenssl(JNIEnv* env, const char* msg, void (* defaultException
KAE_TRACE("OpenSSL error in %s: err=%lx, lib=%x, reason=%x, file=%s, line=%d, estring=%s, data=%s", msg, err,
lib, reason, file, line, estring, (flags & ERR_TXT_STRING) ? data : "(no data)");
- switch (lib) {
- case ERR_LIB_EVP:
- case ERR_LIB_RSA:
- KAE_ThrowEvpException(env, reason, estring, defaultException);
- break;
- default:
- defaultException(env, estring);
- break;
+ if (lib == ERR_LIB_EVP || lib == ERR_LIB_RSA) {
+ KAE_ThrowEvpException(env, reason, estring, defaultException);
+ } else {
+ defaultException(env, estring);
}
}
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c
index 7b28fa1fa..554a9750c 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_hmac.c
@@ -182,7 +182,7 @@ JNIEXPORT jint JNICALL Java_org_openeuler_security_openssl_KAEHMac_nativeFinal
// write back to output_array
(*env)->SetByteArrayRegion(env, output, out_offset, bytesWritten, (jbyte*) temp_result);
- KAE_TRACE("KAEHMac_nativeFinal success, output_offset = %d, bytesWritten = %d", out_offset, bytesWritten);
+ KAE_TRACE("KAEHMac_nativeFinal success, output_offset = %d, bytesWritten = %u", out_offset, bytesWritten);
cleanup:
free(temp_result);
diff --git a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
index 0b23aa7d6..2ca978bbe 100644
--- a/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
+++ b/jdk/src/solaris/native/org/openeuler/security/openssl/kae_keypairgenerator_rsa.c
@@ -136,7 +136,8 @@ static jobjectArray NewRSAKeyParams(JNIEnv* env, RSA* rsa) {
}
// set rsa key param
- for (RSAParamIndex paramIndex = rsaN; paramIndex <= rsaIqmp; paramIndex++) {
+ RSAParamIndex paramIndex;
+ for (paramIndex = rsaN; paramIndex <= rsaIqmp; paramIndex++) {
if (!SetRSAKeyParam(env, rsa, params, paramIndex)) {
return NULL;
}
Reference in New Issue View Git Blame Copy Permalink