diff options
| author | Pete Bentley <44170157+prbprbprb@users.noreply.github.com> | 2024-04-10 12:57:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-10 12:57:49 +0100 |
| commit | a5a0aa01a54e586945222c1aa476575200bf3229 (patch) | |
| tree | 19f80cc957a3efcdb34983f8d880ca4c68131eec | |
| parent | 59de3194ca10ac29521b837928e467029c1d7479 (diff) | |
| download | conscrypt-upstream-master.tar.gz | |
Fix NativeCrypto.X509_verify() exceptions. (#1203)upstream-master
Re-throw IllegalBlockSizeException as SignatureException
from OpenSSLX509Certificate.verify(), as per the API contract
and fix the signature in NativeCrypto.
The only other user of the native method, OpenSSLX509CRL,
already had this fix.
| -rw-r--r-- | common/src/main/java/org/conscrypt/NativeCrypto.java | 2 | ||||
| -rw-r--r-- | common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index aa349e78..1f7005ff 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -535,7 +535,7 @@ public final class NativeCrypto { static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder); static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx) - throws BadPaddingException; + throws BadPaddingException, IllegalBlockSizeException; static native byte[] get_X509_tbs_cert(long x509ctx, OpenSSLX509Certificate holder); diff --git a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java index 718d4203..76849914 100644 --- a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java +++ b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java @@ -49,6 +49,7 @@ import java.util.Set; import java.util.TimeZone; import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; import javax.security.auth.x500.X500Principal; import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException; @@ -384,8 +385,8 @@ public final class OpenSSLX509Certificate extends X509Certificate { NativeCrypto.X509_verify(mContext, this, pkey.getNativeRef()); } catch (RuntimeException e) { throw new CertificateException(e); - } catch (BadPaddingException e) { - throw new SignatureException(); + } catch (BadPaddingException | IllegalBlockSizeException e) { + throw new SignatureException(e); } } |