8368984: Extra slashes in Cipher transformation leads to NSPE instead of NSAE #27615
Conversation
|
👋 Welcome back valeriep! A progress list of the required criteria for merging this PR into |
|
@valeriepeng This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 123 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
@valeriepeng The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
| sha512Idx = transformation.indexOf(SHA512TRUNCATED, sha512SlashIdx + | ||
| SHA512TRUNCATED.length()); | ||
| sha512SlashIdx = (sha512Idx != -1 ? sha512Idx + 3 : -2); | ||
| } |
There was a problem hiding this comment.
The logic is quite complex. Can you create a dedicated method for it like indexOfRealSlashIn(String s)?
We can even call it on the mode part.
There was a problem hiding this comment.
There are quite a few values being updated here, that's why I didn't make it into a method initially. Let me think about it more...
There was a problem hiding this comment.
Both sha512Idx and sha512SlashIdx locally assigned, SHA512TRUNCATED is a constant, transformation is not mutated.
There was a problem hiding this comment.
I did refactoring it using a record. If we apply the same method on mode as well, then the flow is simplified even though the mode should not contain truncated algorithms.
|
|
||
| private static final String SHA512TRUNCATED = "SHA512/2"; | ||
| // for special handling SHA-512/224, SHA-512/256, SHA512/224, SHA512/256 | ||
| private static final String SHA512TRUNCATED = "512/2"; |
There was a problem hiding this comment.
Is this constant still used?
There was a problem hiding this comment.
Nope, I've removed it in the last commit.
|
Thanks for the review~ |
This PR updates the cipher transformation parsing and verification logic to be stricter and throws NoSuchAlgorithmException (NSAE) when additional slash(es) is found. With the existing parsing logic, the extra slash(es) is likely to end up in the last component, i.e. the padding scheme, and lead to NoSuchPaddingException (NSPE) from the underlying CipherSpi object.
Out of the supported cipher algorithms for all JDK providers, PBES2 cipher algorithms and RSA cipher with OAEP paddings may contain truncated SHA-512 in their transformations. This proposed fix would check for truncated SHA in both algorithm and padding schemes and throws NSAE if any extra slash is found.
Thanks in advance for the review~
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27615/head:pull/27615$ git checkout pull/27615Update a local copy of the PR:
$ git checkout pull/27615$ git pull https://git.openjdk.org/jdk.git pull/27615/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 27615View PR using the GUI difftool:
$ git pr show -t 27615Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27615.diff
Using Webrev
Link to Webrev Comment