WL#11629, Change caching_sha2_password padding.

IcedSoul · Feb 5, 2018 · 4a29588 · 4a29588
1 parent 88bd339
commit 4a29588
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 28 deletions.
diff --git a/src/com/mysql/jdbc/ExportControlled.java b/src/com/mysql/jdbc/ExportControlled.java
@@ -516,8 +516,4 @@ public static byte[] encryptWithRSAPublicKey(byte[] source, RSAPublicKey key, St
             throw SQLError.createSQLException(ex.getMessage(), SQLError.SQL_STATE_ILLEGAL_ARGUMENT, ex, interceptor);
         }
     }
-
-    public static byte[] encryptWithRSAPublicKey(byte[] source, RSAPublicKey key, ExceptionInterceptor interceptor) throws SQLException {
-        return encryptWithRSAPublicKey(source, key, "RSA/ECB/OAEPWithSHA-1AndMGF1Padding", interceptor);
-    }
 }
diff --git a/src/com/mysql/jdbc/authentication/CachingSha2PasswordPlugin.java b/src/com/mysql/jdbc/authentication/CachingSha2PasswordPlugin.java
@@ -31,7 +31,6 @@
 
 import com.mysql.jdbc.Buffer;
 import com.mysql.jdbc.Connection;
-import com.mysql.jdbc.ExportControlled;
 import com.mysql.jdbc.Messages;
 import com.mysql.jdbc.MySQLConnection;
 import com.mysql.jdbc.MysqlIO;
@@ -123,7 +122,7 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
 
             } else if (this.connection.getServerRSAPublicKeyFile() != null) {
                 // encrypt with given key, don't use "Public Key Retrieval"
-                Buffer bresp = new Buffer(encryptPassword(this.password, this.seed, this.connection, this.publicKeyString));
+                Buffer bresp = new Buffer(encryptPassword());
                 toServer.add(bresp);
 
             } else {
@@ -138,7 +137,8 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
                     // so we check payload length to detect that.
 
                     // read key response
-                    Buffer bresp = new Buffer(encryptPassword(this.password, this.seed, this.connection, fromServer.readString()));
+                    this.publicKeyString = fromServer.readString();
+                    Buffer bresp = new Buffer(encryptPassword());
                     toServer.add(bresp);
                     this.publicKeyRequested = false;
                 } else {
@@ -152,20 +152,12 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
         return true;
     }
 
-    private static byte[] encryptPassword(String password, String seed, Connection connection, String key) throws SQLException {
-        byte[] input = null;
-        try {
-            input = password != null ? StringUtils.getBytesNullTerminated(password, connection.getPasswordCharacterEncoding()) : new byte[] { 0 };
-        } catch (UnsupportedEncodingException e) {
-            throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.3", new Object[] { connection.getPasswordCharacterEncoding() }),
-                    SQLError.SQL_STATE_GENERAL_ERROR, null);
+    @Override
+    protected byte[] encryptPassword() throws SQLException {
+        if (this.connection.versionMeetsMinimum(8, 0, 5)) {
+            return super.encryptPassword();
         }
-        byte[] mysqlScrambleBuff = new byte[input.length];
-        Security.xorString(input, mysqlScrambleBuff, seed.getBytes(), input.length);
-
-        return ExportControlled.encryptWithRSAPublicKey(mysqlScrambleBuff,
-                ExportControlled.decodeRSAPublicKey(key, ((MySQLConnection) connection).getExceptionInterceptor()), "RSA/ECB/PKCS1Padding",
-                ((MySQLConnection) connection).getExceptionInterceptor());
+        return super.encryptPassword("RSA/ECB/PKCS1Padding");
     }
 
     @Override

diff --git a/src/com/mysql/jdbc/authentication/Sha256PasswordPlugin.java b/src/com/mysql/jdbc/authentication/Sha256PasswordPlugin.java
@@ -113,7 +113,7 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
         } else if (this.connection.getServerRSAPublicKeyFile() != null) {
             // encrypt with given key, don't use "Public Key Retrieval"
             this.seed = fromServer.readString();
-            Buffer bresp = new Buffer(encryptPassword(this.password, this.seed, this.connection, this.publicKeyString));
+            Buffer bresp = new Buffer(encryptPassword());
             toServer.add(bresp);
 
         } else {
@@ -128,7 +128,8 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
                 // so we check payload length to detect that.
 
                 // read key response
-                Buffer bresp = new Buffer(encryptPassword(this.password, this.seed, this.connection, fromServer.readString()));
+                this.publicKeyString = fromServer.readString();
+                Buffer bresp = new Buffer(encryptPassword());
                 toServer.add(bresp);
                 this.publicKeyRequested = false;
             } else {
@@ -142,19 +143,24 @@ public boolean nextAuthenticationStep(Buffer fromServer, List<Buffer> toServer)
         return true;
     }
 
-    private static byte[] encryptPassword(String password, String seed, Connection connection, String key) throws SQLException {
+    protected byte[] encryptPassword() throws SQLException {
+        return encryptPassword("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
+    }
+
+    protected byte[] encryptPassword(String transformation) throws SQLException {
         byte[] input = null;
         try {
-            input = password != null ? StringUtils.getBytesNullTerminated(password, connection.getPasswordCharacterEncoding()) : new byte[] { 0 };
+            input = this.password != null ? StringUtils.getBytesNullTerminated(this.password, this.connection.getPasswordCharacterEncoding())
+                    : new byte[] { 0 };
         } catch (UnsupportedEncodingException e) {
-            throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.3", new Object[] { connection.getPasswordCharacterEncoding() }),
+            throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.3", new Object[] { this.connection.getPasswordCharacterEncoding() }),
                     SQLError.SQL_STATE_GENERAL_ERROR, null);
         }
         byte[] mysqlScrambleBuff = new byte[input.length];
-        Security.xorString(input, mysqlScrambleBuff, seed.getBytes(), input.length);
+        Security.xorString(input, mysqlScrambleBuff, this.seed.getBytes(), input.length);
         return ExportControlled.encryptWithRSAPublicKey(mysqlScrambleBuff,
-                ExportControlled.decodeRSAPublicKey(key, ((MySQLConnection) connection).getExceptionInterceptor()),
-                ((MySQLConnection) connection).getExceptionInterceptor());
+                ExportControlled.decodeRSAPublicKey(this.publicKeyString, this.connection.getExceptionInterceptor()), transformation,
+                this.connection.getExceptionInterceptor());
     }
 
     private static String readRSAKey(Connection connection, String pkPath) throws SQLException {