Repository: accumulo Updated Branches: refs/heads/1.7 c58cf6437 -> 9e236f289 refs/heads/1.8 980309303 -> 9c11f72e3 refs/heads/master 693d5be1a -> 3d11cab03
ACCUMULO-2278 Return value from in.read() should be checked Return value from in.read() should be checked in NonCachingSecretKeyEn.cryptionStrategy#doKeyEncryptionOperation() Commits squashed and rebase'd onto 1.7 branch, formatted, and log message reworded by ctubbsii. This closes #163 Signed-off-by: Christopher Tubbs <ctubb...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/9e236f28 Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/9e236f28 Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/9e236f28 Branch: refs/heads/1.7 Commit: 9e236f289679e950e181db7c14b7f54042d1bb14 Parents: c58cf64 Author: mm376k <mm3...@mdcdtl02mm376k.itservices.sbc.com> Authored: Tue Oct 11 19:29:03 2016 -0400 Committer: Christopher Tubbs <ctubb...@apache.org> Committed: Fri Oct 14 17:43:13 2016 -0400 ---------------------------------------------------------------------- .../NonCachingSecretKeyEncryptionStrategy.java | 61 +++++++++++--------- 1 file changed, 33 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/9e236f28/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java index 1dd8d60..5c9ca8c 100644 --- a/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java +++ b/core/src/main/java/org/apache/accumulo/core/security/crypto/NonCachingSecretKeyEncryptionStrategy.java @@ -76,44 +76,49 @@ public class NonCachingSecretKeyEncryptionStrategy implements SecretKeyEncryptio int keyEncryptionKeyLength = in.readInt(); byte[] keyEncryptionKey = new byte[keyEncryptionKeyLength]; - in.read(keyEncryptionKey); + int bytesRead = in.read(keyEncryptionKey); Cipher cipher = DefaultCryptoModuleUtils.getCipher(params.getAllOptions().get(Property.CRYPTO_DEFAULT_KEY_STRATEGY_CIPHER_SUITE.getKey())); - try { - cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, params.getAlgorithmName())); - } catch (InvalidKeyException e) { - log.error("{}", e.getMessage(), e); - throw new RuntimeException(e); - } - - if (Cipher.UNWRAP_MODE == encryptionMode) { + // check if the number of bytes read into the array is the same as the value of the length field, + if (bytesRead == keyEncryptionKeyLength) { try { - Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(), Cipher.SECRET_KEY); - params.setPlaintextKey(plaintextKey.getEncoded()); + cipher.init(encryptionMode, new SecretKeySpec(keyEncryptionKey, params.getAlgorithmName())); } catch (InvalidKeyException e) { log.error("{}", e.getMessage(), e); throw new RuntimeException(e); - } catch (NoSuchAlgorithmException e) { - log.error("{}", e.getMessage(), e); - throw new RuntimeException(e); - } - } else { - Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()); - try { - byte[] encryptedSecretKey = cipher.wrap(plaintextKey); - params.setEncryptedKey(encryptedSecretKey); - params.setOpaqueKeyEncryptionKeyID(pathToKeyName); - } catch (InvalidKeyException e) { - log.error("{}", e.getMessage(), e); - throw new RuntimeException(e); - } catch (IllegalBlockSizeException e) { - log.error("{}", e.getMessage(), e); - throw new RuntimeException(e); } - } + if (Cipher.UNWRAP_MODE == encryptionMode) { + try { + Key plaintextKey = cipher.unwrap(params.getEncryptedKey(), params.getAlgorithmName(), Cipher.SECRET_KEY); + params.setPlaintextKey(plaintextKey.getEncoded()); + } catch (InvalidKeyException e) { + log.error("{}", e.getMessage(), e); + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + log.error("{}", e.getMessage(), e); + throw new RuntimeException(e); + } + } else { + Key plaintextKey = new SecretKeySpec(params.getPlaintextKey(), params.getAlgorithmName()); + try { + byte[] encryptedSecretKey = cipher.wrap(plaintextKey); + params.setEncryptedKey(encryptedSecretKey); + params.setOpaqueKeyEncryptionKeyID(pathToKeyName); + } catch (InvalidKeyException e) { + log.error("{}", e.getMessage(), e); + throw new RuntimeException(e); + } catch (IllegalBlockSizeException e) { + log.error("{}", e.getMessage(), e); + throw new RuntimeException(e); + } + } + } else { + log.error("{}", "Error:bytesRead does not match EncryptionkeyLength"); + throw new IllegalArgumentException("Error:bytesRead does not match EncryptionkeyLength"); + } } finally { if (in != null) { in.close();
