packages/cryptacular
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!5 Upgrade to 1.2.4

Browse Source 
Merge pull request !5 from wk333/openEuler-22.03-LTS-Next
This commit is contained in:
openeuler-ci-bot 2022-01-10 00:43:17 +00:00 committed by Gitee
commit 1e183de624
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 5 additions and 1407 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1261
backport-CVE-2020-7226-1.patch
View File

File diff suppressed because it is too large Load Diff

81
backport-CVE-2020-7226-2.patch
View File

@ -1,81 +0,0 @@
From 132f15ead532d78d4c19d2bcb39ec8f319ad6945 Mon Sep 17 00:00:00 2001
From: "Marvin S. Addison" <serac@vt.edu>
Date: Mon, 27 Jan 2020 14:39:35 -0500
Subject: [PATCH] Address code review feedback points.
---
src/main/java/org/cryptacular/CiphertextHeader.java | 6 +++---
.../java/org/cryptacular/CiphertextHeaderV2.java | 12 +++++++-----
src/main/java/org/cryptacular/util/CipherUtil.java | 1 -
3 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/main/java/org/cryptacular/CiphertextHeader.java b/src/main/java/org/cryptacular/CiphertextHeader.java
index c17e735..d43bf9a 100644
--- a/src/main/java/org/cryptacular/CiphertextHeader.java
+++ b/src/main/java/org/cryptacular/CiphertextHeader.java
@@ -75,12 +75,12 @@ public CiphertextHeader(final byte[] nonce)
*/
public CiphertextHeader(final byte[] nonce, final String keyName)
{
- if (nonce.length > 255) {
- throw new IllegalArgumentException("Nonce exceeds size limit in bytes (255)");
+ if (nonce.length > MAX_NONCE_LEN) {
+ throw new IllegalArgumentException("Nonce exceeds size limit in bytes (" + MAX_NONCE_LEN + ")");
}
if (keyName != null) {
if (ByteUtil.toBytes(keyName).length > MAX_KEYNAME_LEN) {
- throw new IllegalArgumentException("Key name exceeds size limit in bytes (500)");
+ throw new IllegalArgumentException("Key name exceeds size limit in bytes (" + MAX_KEYNAME_LEN + ")");
}
}
this.nonce = nonce;
diff --git a/src/main/java/org/cryptacular/CiphertextHeaderV2.java b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
index 8119f4e..1fe095b 100644
--- a/src/main/java/org/cryptacular/CiphertextHeaderV2.java
+++ b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
@@ -102,6 +102,9 @@ public void setKeyLookup(final Function<String, SecretKey> keyLookup)
*/
public byte[] encode(final SecretKey hmacKey)
{
+ if (hmacKey == null) {
+ throw new IllegalArgumentException("Secret key cannot be null");
+ }
final ByteBuffer bb = ByteBuffer.allocate(length);
bb.order(ByteOrder.BIG_ENDIAN);
bb.putInt(VERSION);
@@ -109,10 +112,7 @@ public void setKeyLookup(final Function<String, SecretKey> keyLookup)
bb.put((byte) 0);
bb.put(ByteUtil.toUnsignedByte(nonce.length));
bb.put(nonce);
- if (hmacKey != null) {
- final byte[] hmac = hmac(bb.array(), 0, bb.limit() - HMAC_SIZE);
- bb.put(hmac);
- }
+ bb.put(hmac(bb.array(), 0, bb.limit() - HMAC_SIZE));
return bb.array();
}
@@ -253,8 +253,10 @@ public static CiphertextHeaderV2 decode(final InputStream input, final Function<
*
* @param input Input stream.
* @param output Output buffer.
+ *
+ * @throws StreamException on stream IO errors.
*/
- private static void readInto(final InputStream input, final byte[] output)
+ private static void readInto(final InputStream input, final byte[] output) throws StreamException
{
try {
input.read(output);
diff --git a/src/main/java/org/cryptacular/util/CipherUtil.java b/src/main/java/org/cryptacular/util/CipherUtil.java
index cdbac0d..40ef4d1 100644
--- a/src/main/java/org/cryptacular/util/CipherUtil.java
+++ b/src/main/java/org/cryptacular/util/CipherUtil.java
@@ -376,7 +376,6 @@ private static void process(final BlockCipherAdapter cipher, final InputStream i
}
-
/**
* Writes a ciphertext header to the output stream.
*

22
backport-CVE-2020-7226-3.patch
View File

@ -1,22 +0,0 @@
From 00395c232cdc62d4292ce27999c026fc1f076b1d Mon Sep 17 00:00:00 2001
From: "Marvin S. Addison" <serac@vt.edu>
Date: Wed, 29 Jan 2020 16:51:35 -0500
Subject: [PATCH] Remove runtime exception from method sig.
---
src/main/java/org/cryptacular/CiphertextHeaderV2.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main/java/org/cryptacular/CiphertextHeaderV2.java b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
index 1fe095b..23d039e 100644
--- a/src/main/java/org/cryptacular/CiphertextHeaderV2.java
+++ b/src/main/java/org/cryptacular/CiphertextHeaderV2.java
@@ -256,7 +256,7 @@ public static CiphertextHeaderV2 decode(final InputStream input, final Function<
*
* @throws StreamException on stream IO errors.
*/
- private static void readInto(final InputStream input, final byte[] output) throws StreamException
+ private static void readInto(final InputStream input, final byte[] output)
{
try {
input.read(output);

37
change-version-to-Java8.patch
View File

@ -1,37 +0,0 @@
From 1972c658289468599bbb832bad03fe0a5a34713d Mon Sep 17 00:00:00 2001
From: zhanghua1831 <zhanghua1831@163.com>
Date: Fri, 26 Feb 2021 12:33:02 +0800
Subject: [PATCH] fix build error by using Java8
changes of CVE-2020-7226's patches require Java8
---
pom.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1f83d44..9506e54 100644
--- a/pom.xml
+++ b/pom.xml
@@ -140,8 +140,8 @@
<showDeprecation>true</showDeprecation>
<showWarnings>true</showWarnings>
<compilerArgument>-Xlint:unchecked</compilerArgument>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
</configuration>
</plugin>
<plugin>
@@ -182,7 +182,7 @@
<version>2.10.3</version>
<configuration>
<links>
- <link>http://download.oracle.com/javase/7/docs/api</link>
+ <link>http://download.oracle.com/javase/8/docs/api</link>
</links>
<bottom><![CDATA[<i>Copyright &#169; 2003-2015 Virginia Tech. All Rights Reserved.</i>]]></bottom>
</configuration>
--
2.23.0

11
cryptacular.spec
View File

@ -1,14 +1,10 @@
Name: cryptacular
Version: 1.1.0
Release: 2
Version: 1.2.4
Release: 1
Summary: Java Library that complement to the Bouncy Castle crypto API
License: ASL 2.0 or LGPLv3
URL: http://www.cryptacular.org/
Source0: https://github.com/vt-middleware/cryptacular/archive/v%{version}.tar.gz
Patch0000: backport-CVE-2020-7226-1.patch
Patch0001: backport-CVE-2020-7226-2.patch
Patch0002: backport-CVE-2020-7226-3.patch
Patch0003: change-version-to-Java8.patch
BuildRequires: maven-local mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-assembly-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-release-plugin)
@ -51,6 +47,9 @@ This package contains man pages and other related documents for %{name}.
%license LICENSE LICENSE-apache2 LICENSE-lgpl NOTICE
%changelog
* Wed Dec 29 2021 wangkai <wangkai385@huawei.com> - 1.2.4-1
* Update to 1.2.4
* Thu Feb 25 2021 zhanghua <zhanghua40@huawei.com> - 1.1.0-2
- fix CVE-2020-7226 and fix build error by using Java8

BIN
v1.1.0.tar.gz
View File

Binary file not shown.

BIN
v1.2.4.tar.gz Normal file
View File

Binary file not shown.