This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new eca81d9607 Avoid NPE
eca81d9607 is described below
commit eca81d9607db983e28ab98778230077bd9cd1726
Author: remm <r...@apache.org>
AuthorDate: Mon Jan 15 14:38:09 2024 +0100
Avoid NPE
Reported by coverity.
---
java/org/apache/tomcat/util/net/jsse/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 6 ++++++
2 files changed, 7 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
index 9a21160bd7..6a3d1fd3e7 100644
--- a/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
@@ -20,6 +20,7 @@ jsseUtil.excludeProtocol=The SSL protocol [{0}] which is
supported in this JRE w
jsseUtil.noDefaultProtocols=Unable to determine a default for
sslEnabledProtocols. Set an explicit value to ensure the connector can start.
pemFile.noMultiPrimes=The PKCS#1 certificate is in multi-prime format and Java
does not provide an API for constructing an RSA private key object from that
format
+pemFile.noPassword=A password is required to decrypt the private key
pemFile.notPbkdf2=The OID [{0}] is not the correct OID for PKBDF2 which is the
only permitted KDF for PBES2
pemFile.notValidRFC5915=The provided key file does not conform to RFC 5915
pemFile.parseError=Unable to parse the key from [{0}]
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index 0185a62bcb..8b5e8fdc61 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -505,6 +505,9 @@ public class PEMFile {
private byte[] deriveKeyPBKDF1(int keyLength, String password, byte[]
salt) throws NoSuchAlgorithmException {
+ if (password == null) {
+ throw new
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+ }
// PBKDF1-MD5 as specified by PKCS#5
byte[] key = new byte[keyLength];
@@ -529,6 +532,9 @@ public class PEMFile {
private byte[] deriveKeyPBKDF2(String algorithm, String password,
byte[] salt, int iterations, int keyLength)
throws GeneralSecurityException {
+ if (password == null) {
+ throw new
IllegalArgumentException(sm.getString("pemFile.noPassword"));
+ }
SecretKeyFactory secretKeyFactory =
SecretKeyFactory.getInstance(algorithm);
KeySpec keySpec;
keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations,
keyLength);
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
