jss/SOURCES/0002-Fix-swapped-parameter-names-with-PBE.patch

From 9f29430656342829822568f4ef49f5237b41164b Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Fri, 28 Feb 2020 14:10:32 -0500
Subject: [PATCH 1/2] Fix swapped parameter names with PBE

Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression
related to extracting the parameter classes during PBE operations:
previously, the classes of the underlying encryption algorithm were
iterated over, instead of the classes of the PBE class itself. However,
this commit iterated over the PBE parameter classes; no PBE algorithm
accepts a IvParameterSpec, resulting in a null parameter passed to the
later encryption or key wrap operation. This resulted in stack traces
like the following:

Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225)
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89)
	at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57)
	at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342)

Resolves: rh-bz#1807371

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
 org/mozilla/jss/pkcs7/EncryptedContentInfo.java             | 2 +-
 org/mozilla/jss/pkix/cms/EncryptedContentInfo.java          | 2 +-
 org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
index 084752c3..0344b14d 100644
--- a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
+++ b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java
@@ -182,7 +182,7 @@ public class EncryptedContentInfo implements ASN1Value {
         // generate IV
         EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
         AlgorithmParameterSpec params=null;
-        Class<?> [] paramClasses = pbeAlg.getParameterClasses();
+        Class<?> [] paramClasses = encAlg.getParameterClasses();
         for (int i = 0; i < paramClasses.length; i ++) {
             if ( paramClasses[i].equals(
                       javax.crypto.spec.IvParameterSpec.class ) ) {
diff --git a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
index a4709070..d85eb0d3 100644
--- a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
+++ b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java
@@ -180,7 +180,7 @@ public class EncryptedContentInfo implements ASN1Value {
         // generate IV
         EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
         AlgorithmParameterSpec params=null;
-        Class<?> [] paramClasses = pbeAlg.getParameterClasses();
+        Class<?> [] paramClasses = encAlg.getParameterClasses();
         for (int i = 0; i < paramClasses.length; i ++) {
             if ( paramClasses[i].equals( IVParameterSpec.class ) ) {
                 params = new IVParameterSpec( kg.generatePBE_IV() );
diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
index b35714e3..ebd269f3 100644
--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
+++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java
@@ -147,7 +147,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
         // generate IV
         EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
         AlgorithmParameterSpec params=null;
-        Class<?> [] paramClasses = pbeAlg.getParameterClasses();
+        Class<?> [] paramClasses = encAlg.getParameterClasses();
         for (int i = 0; i < paramClasses.length; i ++) {
             if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) {
                 params = new IVParameterSpec( kg.generatePBE_IV() );
@@ -328,7 +328,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {
         // generate IV
         EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();
         AlgorithmParameterSpec params=null;
-        Class<?> [] paramClasses = pbeAlg.getParameterClasses();
+        Class<?> [] paramClasses = encAlg.getParameterClasses();
         for (int i = 0; i < paramClasses.length; i ++) {
             if ( paramClasses[i].equals(
                       javax.crypto.spec.IvParameterSpec.class ) ) {
-- 
2.24.1
import jss-4.6.2-4.module+el8.2.0+6123+b4678599 2020-04-28 08:54:21 +00:00			`From 9f29430656342829822568f4ef49f5237b41164b Mon Sep 17 00:00:00 2001`
			`From: Alexander Scheel <ascheel@redhat.com>`
			`Date: Fri, 28 Feb 2020 14:10:32 -0500`
			`Subject: [PATCH 1/2] Fix swapped parameter names with PBE`

			`Commit 13998a9e77e60d6509ac814ed711dd21e1248ecd introduced a regression`
			`related to extracting the parameter classes during PBE operations:`
			`previously, the classes of the underlying encryption algorithm were`
			`iterated over, instead of the classes of the PBE class itself. However,`
			`this commit iterated over the PBE parameter classes; no PBE algorithm`
			`accepts a IvParameterSpec, resulting in a null parameter passed to the`
			`later encryption or key wrap operation. This resulted in stack traces`
			`like the following:`

			`Caused by: java.security.InvalidAlgorithmParameterException: DES3/CBC/Pad cannot use a null parameter`
			`at org.mozilla.jss.pkcs11.PK11KeyWrapper.checkParams(PK11KeyWrapper.java:225)`
			`at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:89)`
			`at org.mozilla.jss.pkcs11.PK11KeyWrapper.initWrap(PK11KeyWrapper.java:57)`
			`at org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo.createPBE(EncryptedPrivateKeyInfo.java:342)`

			`Resolves: rh-bz#1807371`

			`Signed-off-by: Alexander Scheel <ascheel@redhat.com>`
			`---`
			`org/mozilla/jss/pkcs7/EncryptedContentInfo.java \| 2 +-`
			`org/mozilla/jss/pkix/cms/EncryptedContentInfo.java \| 2 +-`
			`org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java \| 4 ++--`
			`3 files changed, 4 insertions(+), 4 deletions(-)`

			`diff --git a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java`
			`index 084752c3..0344b14d 100644`
			`--- a/org/mozilla/jss/pkcs7/EncryptedContentInfo.java`
			`+++ b/org/mozilla/jss/pkcs7/EncryptedContentInfo.java`
			`@@ -182,7 +182,7 @@ public class EncryptedContentInfo implements ASN1Value {`
			`// generate IV`
			`EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();`
			`AlgorithmParameterSpec params=null;`
			`- Class<?> [] paramClasses = pbeAlg.getParameterClasses();`
			`+ Class<?> [] paramClasses = encAlg.getParameterClasses();`
			`for (int i = 0; i < paramClasses.length; i ++) {`
			`if ( paramClasses[i].equals(`
			`javax.crypto.spec.IvParameterSpec.class ) ) {`
			`diff --git a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java`
			`index a4709070..d85eb0d3 100644`
			`--- a/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java`
			`+++ b/org/mozilla/jss/pkix/cms/EncryptedContentInfo.java`
			`@@ -180,7 +180,7 @@ public class EncryptedContentInfo implements ASN1Value {`
			`// generate IV`
			`EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();`
			`AlgorithmParameterSpec params=null;`
			`- Class<?> [] paramClasses = pbeAlg.getParameterClasses();`
			`+ Class<?> [] paramClasses = encAlg.getParameterClasses();`
			`for (int i = 0; i < paramClasses.length; i ++) {`
			`if ( paramClasses[i].equals( IVParameterSpec.class ) ) {`
			`params = new IVParameterSpec( kg.generatePBE_IV() );`
			`diff --git a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java`
			`index b35714e3..ebd269f3 100644`
			`--- a/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java`
			`+++ b/org/mozilla/jss/pkix/primitive/EncryptedPrivateKeyInfo.java`
			`@@ -147,7 +147,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {`
			`// generate IV`
			`EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();`
			`AlgorithmParameterSpec params=null;`
			`- Class<?> [] paramClasses = pbeAlg.getParameterClasses();`
			`+ Class<?> [] paramClasses = encAlg.getParameterClasses();`
			`for (int i = 0; i < paramClasses.length; i ++) {`
			`if ( paramClasses[i].equals( javax.crypto.spec.IvParameterSpec.class ) ) {`
			`params = new IVParameterSpec( kg.generatePBE_IV() );`
			`@@ -328,7 +328,7 @@ public class EncryptedPrivateKeyInfo implements ASN1Value {`
			`// generate IV`
			`EncryptionAlgorithm encAlg = pbeAlg.getEncryptionAlg();`
			`AlgorithmParameterSpec params=null;`
			`- Class<?> [] paramClasses = pbeAlg.getParameterClasses();`
			`+ Class<?> [] paramClasses = encAlg.getParameterClasses();`
			`for (int i = 0; i < paramClasses.length; i ++) {`
			`if ( paramClasses[i].equals(`
			`javax.crypto.spec.IvParameterSpec.class ) ) {`
			`--`
			`2.24.1`