diff --git a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java index 2e60873c6aac1aa8350275c0326592ae54a149ab..94685659af39c870c8008abbb40f8c89d6c39b2d 100644 --- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java +++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java @@ -473,6 +473,9 @@ public final class DESedeWrapCipher extends CipherSpi { } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } byte[] out2 = new byte[out.length]; cipher.encrypt(out, 0, out.length, out2, 0); @@ -484,6 +487,9 @@ public final class DESedeWrapCipher extends CipherSpi { } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } return out2; } @@ -527,8 +533,12 @@ public final class DESedeWrapCipher extends CipherSpi { } iv = new byte[IV_LEN]; System.arraycopy(buffer, 0, iv, 0, iv.length); - cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), + try { + cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), iv); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] buffer2 = new byte[buffer.length - iv.length]; cipher.decrypt(buffer, iv.length, buffer2.length, buffer2, 0); @@ -541,8 +551,12 @@ public final class DESedeWrapCipher extends CipherSpi { } } // restore cipher state to prior to this call - cipher.init(decrypting, cipherKey.getAlgorithm(), + try { + cipher.init(decrypting, cipherKey.getAlgorithm(), cipherKey.getEncoded(), IV2); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] out = new byte[keyValLen]; System.arraycopy(buffer2, 0, out, 0, keyValLen); return ConstructKeys.constructKey(out, wrappedKeyAlgorithm, diff --git a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java index 8d03913e284aada73e62c45fdde2ea00f8db06fa..b21f96227a47716c8176d9a20c14ed0d755d1761 100644 --- a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java +++ b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import java.security.InvalidKeyException; +import java.security.InvalidAlgorithmParameterException; import javax.crypto.*; /** @@ -99,7 +100,8 @@ abstract class FeedbackCipher { * initializing this cipher */ abstract void init(boolean decrypting, String algorithm, byte[] key, - byte[] iv) throws InvalidKeyException; + byte[] iv) throws InvalidKeyException, + InvalidAlgorithmParameterException; /** * Gets the initialization vector. diff --git a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java index 4cb76ffef51431f4e4b6af1fbde61cc202a4a7d9..cdb22d1217919c632e1b427289382c6899163337 100644 --- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java +++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -262,8 +262,9 @@ final class GaloisCounterMode extends FeedbackCipher { * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher */ + @Override void init(boolean decrypting, String algorithm, byte[] key, byte[] iv) - throws InvalidKeyException { + throws InvalidKeyException, InvalidAlgorithmParameterException { init(decrypting, algorithm, key, iv, DEFAULT_TAG_LEN); } @@ -282,10 +283,16 @@ final class GaloisCounterMode extends FeedbackCipher { */ void init(boolean decrypting, String algorithm, byte[] keyValue, byte[] ivValue, int tagLenBytes) - throws InvalidKeyException { - if (keyValue == null || ivValue == null) { + throws InvalidKeyException, InvalidAlgorithmParameterException { + if (keyValue == null) { throw new InvalidKeyException("Internal error"); } + if (ivValue == null) { + throw new InvalidAlgorithmParameterException("Internal error"); + } + if (ivValue.length == 0) { + throw new InvalidAlgorithmParameterException("IV is empty"); + } // always encrypt mode for embedded cipher this.embeddedCipher.init(false, algorithm, keyValue);