You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/26 07:18:25 UTC
[tomcat] branch 8.5.x updated: Fix regression that broke support for unencrypted PKCS#1 keys
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7de16c3460 Fix regression that broke support for unencrypted PKCS#1 keys
7de16c3460 is described below
commit 7de16c34600328642da8480f28882d5df37d1b45
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu May 26 08:18:01 2022 +0100
Fix regression that broke support for unencrypted PKCS#1 keys
---
java/org/apache/tomcat/util/net/jsse/PEMFile.java | 8 +++++++-
test/org/apache/tomcat/util/net/jsse/TestPEMFile.java | 6 ++++++
webapps/docs/changelog.xml | 5 +++++
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/jsse/PEMFile.java b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
index d758bf43e8..0866fcf1ea 100644
--- a/java/org/apache/tomcat/util/net/jsse/PEMFile.java
+++ b/java/org/apache/tomcat/util/net/jsse/PEMFile.java
@@ -143,7 +143,13 @@ public class PEMFile {
privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS8);
break;
case Part.RSA_PRIVATE_KEY:
- privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS1);
+ if (part.algorithm == null) {
+ // If no encryption algorithm was detected, ignore any
+ // (probably default) key password provided.
+ privateKey = part.toPrivateKey(null, keyAlgorithm, Format.PKCS1);
+ } else {
+ privateKey = part.toPrivateKey(password, keyAlgorithm, Format.PKCS1);
+ }
break;
case Part.CERTIFICATE:
case Part.X509_CERTIFICATE:
diff --git a/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java b/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
index 7adba1d6ab..2ee54e26e1 100644
--- a/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
+++ b/test/org/apache/tomcat/util/net/jsse/TestPEMFile.java
@@ -40,6 +40,12 @@ public class TestPEMFile {
}
+ @Test
+ public void testKeyPkcs1WithUnnecessaryPassword() throws Exception {
+ testKey(KEY_PKCS1, "ignore-me");
+ }
+
+
@Test
public void testKeyEncryptedPkcs1DesEde3Cbc() throws Exception {
testKeyEncrypted(KEY_ENCRYPTED_PKCS1_DES_EDE3_CBC);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 7d430b94bb..83a418b72c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -133,6 +133,11 @@
<bug>66084</bug>: Correctly calculate bytes written to a response. Pull
request <pr>516</pr> provided by aooohan HanLi. (markt)
</fix>
+ <add>
+ Correct a regression in the support added for encrypted PKCS#1 formatted
+ private keys in the previous release that broke support for unencrypted
+ PKCS#1 formatted private keys. (jfclere/markt)
+ </add>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org