This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8406102925f23235ed19ce8bb07cca6a6160de2d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Oct 20 08:51:36 2023 +0100
Differentiate between IV and salt (the IV is re-used as salt)
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index e6fc76a1ce..9a83cd9bfb 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -287,6 +287,7 @@ public class PEMFile {
}
byte[] iv = fromHex(ivHex);
+ // The IV is also used as salt for the password generation
byte[] key = deriveKey(keyLength, password, iv);
SecretKey secretKey = new SecretKeySpec(key,
secretKeyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransformation);
@@ -339,7 +340,7 @@ public class PEMFile {
}
- private byte[] deriveKey(int keyLength, String password, byte[] iv)
throws NoSuchAlgorithmException {
+ private byte[] deriveKey(int keyLength, String password, byte[] salt)
throws NoSuchAlgorithmException {
// PBKDF1-MD5 as specified by PKCS#5
byte[] key = new byte[keyLength];
@@ -350,7 +351,7 @@ public class PEMFile {
while (insertPosition < keyLength) {
digest.update(pw);
- digest.update(iv, 0, 8);
+ digest.update(salt, 0, 8);
byte[] round = digest.digest();
digest.update(round);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
