diff options
author | Pete Bentley <44170157+prbprbprb@users.noreply.github.com> | 2024-04-10 12:57:49 +0100 |
---|---|---|
committer | Pete Bentley <prb@google.com> | 2024-04-10 17:03:20 +0100 |
commit | 7a0edf317e760f6f449cfd116cfd9afc663bf887 (patch) | |
tree | 0f25a0d72acc05c6fb7fcb64f91b690da2830103 | |
parent | c15276c48a44b5fce1a7bb24f10d58f5e408a67f (diff) | |
download | conscrypt-7a0edf317e760f6f449cfd116cfd9afc663bf887.tar.gz |
Fix NativeCrypto.X509_verify() exceptions.
Cherry-picked from upstream commit #1203.
Re-throw IllegalBlockSizeException as SignatureException
from OpenSSLX509Certificate.verify(), as per the API contract
and fix the signature in NativeCrypto.
The only other user of the native method, OpenSSLX509CRL,
already had this fix.
Bug: 332810809
Bug: 332807070
Test: atest CtsLibcoreTestCases:libcore.java.security.cert.X509CertificateTest
Change-Id: Icb96f0f7de3292d1c003a0a7c65b720ef00080f6
4 files changed, 9 insertions, 7 deletions
diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java index bc8ab05e..ff8da46a 100644 --- a/common/src/main/java/org/conscrypt/NativeCrypto.java +++ b/common/src/main/java/org/conscrypt/NativeCrypto.java @@ -529,7 +529,7 @@ public final class NativeCrypto { static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder); static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx) - throws BadPaddingException; + throws BadPaddingException, IllegalBlockSizeException; static native byte[] get_X509_tbs_cert(long x509ctx, OpenSSLX509Certificate holder); diff --git a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java index f5e5c5f5..3998a25a 100644 --- a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java +++ b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java @@ -48,6 +48,7 @@ import java.util.List; import java.util.Set; import java.util.TimeZone; import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; import javax.security.auth.x500.X500Principal; import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException; @@ -383,8 +384,8 @@ public final class OpenSSLX509Certificate extends X509Certificate { NativeCrypto.X509_verify(mContext, this, pkey.getNativeRef()); } catch (RuntimeException e) { throw new CertificateException(e); - } catch (BadPaddingException e) { - throw new SignatureException(); + } catch (BadPaddingException | IllegalBlockSizeException e) { + throw new SignatureException(e); } } diff --git a/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java b/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java index de76ff15..12d0f267 100644 --- a/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java +++ b/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java @@ -540,8 +540,8 @@ public final class NativeCrypto { static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder); - static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx) - throws BadPaddingException; + static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, + NativeRef.EVP_PKEY pkeyCtx) throws BadPaddingException, IllegalBlockSizeException; static native byte[] get_X509_tbs_cert(long x509ctx, OpenSSLX509Certificate holder); diff --git a/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java b/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java index b007dbcd..f1471756 100644 --- a/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java +++ b/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java @@ -50,6 +50,7 @@ import java.util.List; import java.util.Set; import java.util.TimeZone; import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; import javax.security.auth.x500.X500Principal; /** @@ -384,8 +385,8 @@ public final class OpenSSLX509Certificate extends X509Certificate { NativeCrypto.X509_verify(mContext, this, pkey.getNativeRef()); } catch (RuntimeException e) { throw new CertificateException(e); - } catch (BadPaddingException e) { - throw new SignatureException(); + } catch (BadPaddingException | IllegalBlockSizeException e) { + throw new SignatureException(e); } } |