You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/26 07:18:13 UTC
[tomcat] branch main updated: Fix regression that broke support for unencrypted PKCS#1 keys
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 314c31ea1e Fix regression that broke support for unencrypted PKCS#1 keys
314c31ea1e is described below
commit 314c31ea1ec20daf3612409aabccd3c1bf0aad8c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu May 26 08:18:01 2022 +0100
Fix regression that broke support for unencrypted PKCS#1 keys
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 8 +++++++-
test/org/apache/tomcat/util/net/jsse/TestPEMFile.java | 6 ++++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index 80c585d3b8..03abf596d7 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -143,7 +143,13 @@ public class PEMFile {
privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS8);
break;
case Part.RSA_PRIVATE_KEY:
- privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS1);
+ if (part.algorithm == null) {
+ // If no encryption algorithm was detected, ignore any
+ // (probably default) key password provided.
+ privateKey = part.toPrivateKey(null, keyAlgorithm, Format.PKCS1);
+ } else {
+ privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS1);
+ }
break;
case Part.CERTIFICATE:
case Part.X509_CERTIFICATE:
diff --git a/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java b/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
index afefdebd1b..272295c3ab 100644
--- a/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
+++ b/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
@@ -40,6 +40,12 @@ public class TestPEMFile {
}
+ @Test
+ public void testKeyPkcs1WithUnnecessaryPassword() throws Exception {
+ testKey(KEY_PKCS1, "ignore-me");
+ }
+
+
@Test
public void testKeyEncryptedPkcs1DesEde3Cbc() throws Exception {
testKeyEncrypted(KEY_ENCRYPTED_PKCS1_DES_EDE3_CBC);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 89663f9cee..4236cc02a7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -142,6 +142,11 @@
<bug>66084</bug>: Correctly calculate bytes written to a response. Pull
request <pr>516</pr> provided by aooohan HanLi. (markt)
</fix>
+ <add>
+ Correct a regression in the support added for encrypted PKCS#1 formatted
+ private keys in the previous release that broke support for unencrypted
+ PKCS#1 formatted private keys. (jfclere/markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org