This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new b42a0e508c Avoid NPE
b42a0e508c is described below
commit b42a0e508cdc46dc9aab2c390d45074ede1679f5
Author: remm <[email protected]>
AuthorDate: Mon Jan 15 14:38:09 2024 +0100
Avoid NPE
Reported by coverity.
---
java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
index 888a2a6761..4e57393326 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -20,6 +20,7 @@ jsseUtil.excludeProtocol=The SSL protocol [{0}] which is
supported in this JRE w
jsseUtil.noDefaultProtocols=Unable to determine a default for
sslEnabledProtocols. Set an explicit value to ensure the connector can start.
pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java
does not provide an API for constructing an RSA private key object from that
format
+pemFile.noPassword=A password is required to decrypt the private key
pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the
only permitted KDF for PBES2
pemFile.parseError=Unable to parse the key from [{0}]
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index 0185a62bcb..8b5e8fdc61 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -505,6 +505,9 @@ public class PEMFile {
private byte[] deriveKeyPBKDF1(int keyLength, String password, byte[]
salt) throws NoSuchAlgorithmException {
+ if (password == null) {
+ throw new
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+ }
// PBKDF1-MD5 as specified by PKCS#5
byte[] key = new byte[keyLength];
@@ -529,6 +532,9 @@ public class PEMFile {
private byte[] deriveKeyPBKDF2(String algorithm, String password,
byte[] salt, int iterations, int keyLength)
throws GeneralSecurityException {
+ if (password == null) {
+ throw new
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+ }
SecretKeyFactory secretKeyFactory =
SecretKeyFactory.getInstance(algorithm);
KeySpec keySpec;
keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations,
keyLength);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
