poi-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kiwiwi...@apache.org
Subject svn commit: r1848538 - in /poi: site/src/documentation/content/xdocs/ trunk/src/java/org/apache/poi/poifs/crypt/ trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/ trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/
Date Sun, 09 Dec 2018 21:45:47 GMT 
Author: kiwiwings
Date: Sun Dec  9 21:45:47 2018
New Revision: 1848538

URL: http://svn.apache.org/viewvc?rev=1848538&view=rev
Log:
#62994 - IBM JCE workarounds

Modified:
    poi/site/src/documentation/content/xdocs/changes.xml
    poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java
    poi/trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java
    poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureOutputStream.java

Modified: poi/site/src/documentation/content/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/poi/site/src/documentation/content/xdocs/changes.xml?rev=1848538&r1=1848537&r2=1848538&view=diff
==============================================================================
--- poi/site/src/documentation/content/xdocs/changes.xml (original)
+++ poi/site/src/documentation/content/xdocs/changes.xml Sun Dec  9 21:45:47 2018
@@ -87,6 +87,7 @@
 
     <release version="4.0.2" date="2019-02-??">
       <actions>
+        <action dev="PD" type="fix" fixes-bug="62994" context="POI_Overall">IBM JCE
workarounds</action>
         <action dev="PD" type="fix" fixes-bug="62966" context="SL_Common">init presetShapeDefinitions.xml
fail under IBM jdk</action>
         <action dev="PD" type="fix" fixes-bug="62953" context="SL_Common XSLF HSLF">Rendering
of FreeformShapes with formula fails</action>
       </actions>

Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java?rev=1848538&r1=1848537&r2=1848538&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/ChunkedCipherOutputStream.java Sun Dec 
9 21:45:47 2018
@@ -99,6 +99,13 @@ public abstract class ChunkedCipherOutpu
         return initCipherForBlock(cipher, block, lastChunk);
     }
 
+    // helper method to break a recursion loop introduced because of an IBMJCE bug, i.e.
not resetting on Cipher.doFinal()
+    @Internal
+    protected Cipher initCipherForBlockNoFlush(Cipher existing, int block, boolean lastChunk)
+    throws IOException, GeneralSecurityException {
+        return initCipherForBlock(cipher, block, lastChunk);
+    }
+
     protected abstract Cipher initCipherForBlock(Cipher existing, int block, boolean lastChunk)
     throws IOException, GeneralSecurityException;
 
@@ -212,13 +219,30 @@ public abstract class ChunkedCipherOutpu
      * @throws IllegalBlockSizeException 
      * @throws ShortBufferException
      */
-    protected int invokeCipher(int posInChunk, boolean doFinal) throws GeneralSecurityException
{
+    protected int invokeCipher(int posInChunk, boolean doFinal) throws GeneralSecurityException,
IOException {
         byte plain[] = (plainByteFlags.isEmpty()) ? null : chunk.clone();
 
         int ciLen = (doFinal)
             ? cipher.doFinal(chunk, 0, posInChunk, chunk)
             : cipher.update(chunk, 0, posInChunk, chunk);
 
+        if (doFinal && "IBMJCE".equals(cipher.getProvider().getName()) &&
"RC4".equals(cipher.getAlgorithm())) {
+            // workaround for IBMs cipher not resetting on doFinal
+
+            int index = (int)(pos >> chunkBits);
+            boolean lastChunk;
+            if (posInChunk==0) {
+                index--;
+                posInChunk = chunk.length;
+                lastChunk = false;
+            } else {
+                // pad the last chunk
+                lastChunk = true;
+            }
+
+            cipher = initCipherForBlockNoFlush(cipher, index, lastChunk);
+        }
+
         if (plain != null) {
             int i = plainByteFlags.nextSetBit(0);
             while (i >= 0 && i < posInChunk) {

Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java?rev=1848538&r1=1848537&r2=1848538&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIEncryptor.java Sun Dec
 9 21:45:47 2018
@@ -207,9 +207,15 @@ public class CryptoAPIEncryptor extends
         protected Cipher initCipherForBlock(Cipher cipher, int block, boolean lastChunk)
         throws IOException, GeneralSecurityException {
             flush();
+            return initCipherForBlockNoFlush(cipher, block, lastChunk);
+        }
+
+        @Override
+        protected Cipher initCipherForBlockNoFlush(Cipher existing, int block, boolean lastChunk)
+        throws GeneralSecurityException {
             EncryptionInfo ei = getEncryptionInfo();
             SecretKey sk = getSecretKey();
-            return CryptoAPIDecryptor.initCipherForBlock(cipher, block, ei, sk, Cipher.ENCRYPT_MODE);
+            return CryptoAPIDecryptor.initCipherForBlock(existing, block, ei, sk, Cipher.ENCRYPT_MODE);
         }
 
         @Override

Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureOutputStream.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureOutputStream.java?rev=1848538&r1=1848537&r2=1848538&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureOutputStream.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/dsig/SignatureOutputStream.java Sun
Dec  9 21:45:47 2018
@@ -20,6 +20,7 @@ package org.apache.poi.poifs.crypt.dsig;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
+import java.security.Security;
 import java.security.Signature;
 import java.security.SignatureException;
 
@@ -35,7 +36,12 @@ import org.apache.poi.poifs.crypt.HashAl
     @Override
     public void init() throws GeneralSecurityException {
         final String provider = isMSCapi(key) ? "SunMSCAPI" : "SunRsaSign";
-        signature = Signature.getInstance(algo.ecmaString+"withRSA", provider);
+        if (Security.getProvider(provider) != null) {
+            signature = Signature.getInstance(algo.ecmaString + "withRSA", provider);
+        } else {
+            signature = Signature.getInstance(algo.ecmaString + "withRSA");
+        }
+
         signature.initSign(key);
     }
 



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org
Mime
View raw message