jdk-sandbox: comparison src/java.base/share/classes/com/sun/crypto/provider/KeyProtector.java

equal deleted inserted replaced

-:a627f88bed3a
+:5984d1c9d03d
 /*
-* Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 import java.security.UnrecoverableKeyException;
 import java.security.AlgorithmParameters;
+import java.security.spec.InvalidParameterSpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import javax.crypto.Cipher;
 import javax.crypto.CipherSpi;
 import javax.crypto.SecretKey;
 // JavaSoft proprietary key-protection algorithm (used to protect private
 // keys in the keystore implementation that comes with JDK 1.2)
 private static final String KEY_PROTECTOR_OID = "1.3.6.1.4.1.42.2.17.1.1";
+private static final int MAX_ITERATION_COUNT = 5000000;
+private static final int ITERATION_COUNT = 200000;
 private static final int SALT_LEN = 20; // the salt length
 private static final int DIGEST_LEN = 20;
 // the password used for protecting/recovering keys passed through this
 // key protector
 // create a random salt (8 bytes)
 byte[] salt = new byte[8];
 SunJCE.getRandom().nextBytes(salt);
 // create PBE parameters from salt and iteration count
-PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
+PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
 // create PBE key from password
 PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
 SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
 pbeKeySpec.clearPassword();
 AlgorithmParameters pbeParams =
 AlgorithmParameters.getInstance("PBE");
 pbeParams.init(encodedParams);
 PBEParameterSpec pbeSpec =
 pbeParams.getParameterSpec(PBEParameterSpec.class);
+if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
+throw new IOException("PBE iteration count too large");
+}
 // create PBE key from password
 PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
 SecretKey sKey =
 new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
 // create a random salt (8 bytes)
 byte[] salt = new byte[8];
 SunJCE.getRandom().nextBytes(salt);
 // create PBE parameters from salt and iteration count
-PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, 20);
+PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, ITERATION_COUNT);
 // create PBE key from password
 PBEKeySpec pbeKeySpec = new PBEKeySpec(this.password);
 SecretKey sKey = new PBEKey(pbeKeySpec, "PBEWithMD5AndTripleDES");
 pbeKeySpec.clearPassword();
 }
 AlgorithmParameters params = soForKeyProtector.getParameters();
 if (params == null) {
 throw new UnrecoverableKeyException("Cannot get " +
 "algorithm parameters");
+}
+PBEParameterSpec pbeSpec;
+try {
+pbeSpec = params.getParameterSpec(PBEParameterSpec.class);
+} catch (InvalidParameterSpecException ipse) {
+throw new IOException("Invalid PBE algorithm parameters");
+}
+if (pbeSpec.getIterationCount() > MAX_ITERATION_COUNT) {
+throw new IOException("PBE iteration count too large");
 }
 PBEWithMD5AndTripleDESCipher cipherSpi;
 cipherSpi = new PBEWithMD5AndTripleDESCipher();
 Cipher cipher = new CipherForKeyProtector(cipherSpi,
 SunJCE.getInstance(),

changeset 47417	5984d1c9d03d
parent 47216	71c04702a3d5
child 49783	977c6dd636bd