This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6f239ca39aad47d7010506c9ec3d5e1ab1918006
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Oct 20 08:51:36 2023 +0100
Differentiate between IV and salt (the IV is re-used as salt)
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index 7bed5bddbd..b8705c4aab 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -286,6 +286,7 @@ public class PEMFile {
}
byte[] iv = fromHex(ivHex);
+ // The IV is also used as salt for the password generation
byte[] key = deriveKey(keyLength, password, iv);
SecretKey secretKey = new SecretKeySpec(key,
secretKeyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransformation);
@@ -337,7 +338,7 @@ public class PEMFile {
}
- private byte[] deriveKey(int keyLength, String password, byte[] iv)
throws NoSuchAlgorithmException {
+ private byte[] deriveKey(int keyLength, String password, byte[] salt)
throws NoSuchAlgorithmException {
// PBKDF1-MD5 as specified by PKCS#5
byte[] key = new byte[keyLength];
@@ -348,7 +349,7 @@ public class PEMFile {
while (insertPosition < keyLength) {
digest.update(pw);
- digest.update(iv, 0, 8);
+ digest.update(salt, 0, 8);
byte[] round = digest.digest();
digest.update(round);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
