diff options
author | Almaz Mingaleev <mingaleev@google.com> | 2021-03-08 16:55:41 +0000 |
---|---|---|
committer | Almaz Mingaleev <mingaleev@google.com> | 2021-03-10 10:02:31 +0000 |
commit | 0fcbf6f8504f8a61005896436dd5732ff559870d (patch) | |
tree | 8d510413ecc6d17cef7aeb2ebed39e715ad0da54 | |
parent | 8b678848c31ca7f016e54566327daf1ff42f5be3 (diff) | |
download | bouncycastle-0fcbf6f8504f8a61005896436dd5732ff559870d.tar.gz |
Do not accept null password in PKCS12KeyStoreSpi#engineStore.
android.keystore.cts.KeyStoreTest verifies that NPE is thrown on
null password. Android followed that behaviour historically, but
during upgrade to 1.68 upstream version was applied.
Bug: 179780002
Bug: 181339859
Test: CtsLibcoreTestCases
Test: CtsWhycheProofTestCases
Test: CtsLibcoreOkHttpTestCases
Test: MtsConscryptTestCases
Change-Id: I47c4d25ae3237e6580d5d1afcd731a87962028d0
3 files changed, 33 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index 4969e8a3..4c3e480d 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -1306,6 +1306,14 @@ public class PKCS12KeyStoreSpi private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException { + // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. + // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest + if (password == null) + { + throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); + } + /* if (keys.size() == 0) { if (password == null) @@ -1358,6 +1366,9 @@ public class PKCS12KeyStoreSpi throw new NullPointerException("no password supplied for PKCS#12 KeyStore"); } } + */ + // END Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. // // handle the key diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index f53f8df0..fb5f2fdd 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException { + // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. + // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest + if (password == null) + { + throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); + } + /* if (keys.size() == 0) { if (password == null) @@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi throw new NullPointerException("no password supplied for PKCS#12 KeyStore"); } } + */ + // END Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. // // handle the key diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index 0b4e2d90..d5897959 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -1310,6 +1310,14 @@ public class PKCS12KeyStoreSpi private void doStore(OutputStream stream, char[] password, boolean useDEREncoding) throws IOException { + // BEGIN Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. + // See CtsKeystoreTestCases:android.keystore.cts.KeyStoreTest + if (password == null) + { + throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); + } + /* if (keys.size() == 0) { if (password == null) @@ -1362,6 +1370,9 @@ public class PKCS12KeyStoreSpi throw new NullPointerException("no password supplied for PKCS#12 KeyStore"); } } + */ + // END Android-changed: Upstream allows null passwords, but we maintain historical Android + // behaviour. // // handle the key |