Fix NativeCrypto.X509_verify() exceptions.

Cherry-picked from upstream commit #1203. Re-throw IllegalBlockSizeException as SignatureException from OpenSSLX509Certificate.verify(), as per the API contract and fix the signature in NativeCrypto. The only other user of the native method, OpenSSLX509CRL, already had this fix. Bug: 332810809 Bug: 332807070 Test: atest CtsLibcoreTestCases:libcore.java.security.cert.X509CertificateTest Change-Id: Icb96f0f7de3292d1c003a0a7c65b720ef00080f6
author: Pete Bentley <44170157+prbprbprb@users.noreply.github.com> 2024-04-10 12:57:49 +0100
committer: Pete Bentley <prb@google.com> 2024-04-10 17:03:20 +0100
commit: 7a0edf317e760f6f449cfd116cfd9afc663bf887 (patch)
tree: 0f25a0d72acc05c6fb7fcb64f91b690da2830103
parent: c15276c48a44b5fce1a7bb24f10d58f5e408a67f (diff)
download: conscrypt-7a0edf317e760f6f449cfd116cfd9afc663bf887.tar.gz
4 files changed, 9 insertions, 7 deletions
diff --git a/common/src/main/java/org/conscrypt/NativeCrypto.java b/common/src/main/java/org/conscrypt/NativeCrypto.java
index bc8ab05e..ff8da46a 100644
--- a/common/src/main/java/org/conscrypt/NativeCrypto.java
+++ b/common/src/main/java/org/conscrypt/NativeCrypto.java
@@ -529,7 +529,7 @@ public final class NativeCrypto {
     static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder);
 
     static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx)
-            throws BadPaddingException;
+            throws BadPaddingException, IllegalBlockSizeException;
 
     static native byte[] get_X509_tbs_cert(long x509ctx, OpenSSLX509Certificate holder);
 
diff --git a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
index f5e5c5f5..3998a25a 100644
--- a/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
+++ b/common/src/main/java/org/conscrypt/OpenSSLX509Certificate.java
@@ -48,6 +48,7 @@ import java.util.List;
 import java.util.Set;
 import java.util.TimeZone;
 import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
 import javax.security.auth.x500.X500Principal;
 import org.conscrypt.OpenSSLX509CertificateFactory.ParsingException;
 
@@ -383,8 +384,8 @@ public final class OpenSSLX509Certificate extends X509Certificate {
             NativeCrypto.X509_verify(mContext, this, pkey.getNativeRef());
         } catch (RuntimeException e) {
             throw new CertificateException(e);
-        } catch (BadPaddingException e) {
-            throw new SignatureException();
+        } catch (BadPaddingException | IllegalBlockSizeException e) {
+            throw new SignatureException(e);
         }
     }
 
diff --git a/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java b/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java
index de76ff15..12d0f267 100644
--- a/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java
+++ b/repackaged/common/src/main/java/com/android/org/conscrypt/NativeCrypto.java
@@ -540,8 +540,8 @@ public final class NativeCrypto {
 
     static native byte[] X509_get_serialNumber(long x509ctx, OpenSSLX509Certificate holder);
 
-    static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder, NativeRef.EVP_PKEY pkeyCtx)
-            throws BadPaddingException;
+    static native void X509_verify(long x509ctx, OpenSSLX509Certificate holder,
+            NativeRef.EVP_PKEY pkeyCtx) throws BadPaddingException, IllegalBlockSizeException;
 
     static native byte[] get_X509_tbs_cert(long x509ctx, OpenSSLX509Certificate holder);
 
diff --git a/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java b/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java
index b007dbcd..f1471756 100644
--- a/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java
+++ b/repackaged/common/src/main/java/com/android/org/conscrypt/OpenSSLX509Certificate.java
@@ -50,6 +50,7 @@ import java.util.List;
 import java.util.Set;
 import java.util.TimeZone;
 import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
 import javax.security.auth.x500.X500Principal;
 
 /**
@@ -384,8 +385,8 @@ public final class OpenSSLX509Certificate extends X509Certificate {
             NativeCrypto.X509_verify(mContext, this, pkey.getNativeRef());
         } catch (RuntimeException e) {
             throw new CertificateException(e);
-        } catch (BadPaddingException e) {
-            throw new SignatureException();
+        } catch (BadPaddingException | IllegalBlockSizeException e) {
+            throw new SignatureException(e);
         }
     }
author	Pete Bentley <44170157+prbprbprb@users.noreply.github.com>	2024-04-10 12:57:49 +0100
committer	Pete Bentley <prb@google.com>	2024-04-10 17:03:20 +0100
commit	7a0edf317e760f6f449cfd116cfd9afc663bf887 (patch)
tree	0f25a0d72acc05c6fb7fcb64f91b690da2830103
parent	c15276c48a44b5fce1a7bb24f10d58f5e408a67f (diff)
download	conscrypt-7a0edf317e760f6f449cfd116cfd9afc663bf887.tar.gz