added check to prevent PSS signature parameters being changed mid upd…

…ate.
gengjiawen · Dec 21, 2018 · 3ea3325 · 3ea3325
1 parent 17acf8c
commit 3ea3325
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 1 deletion.
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/rsa/PSSSignatureSpi.java
@@ -5,6 +5,7 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.PrivateKey;
+import java.security.ProviderException;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.SignatureException;
@@ -43,6 +44,7 @@ public class PSSSignatureSpi
     private RSAKeyParameters key;
 
     private org.bouncycastle.crypto.signers.PSSSigner pss;
+    private boolean isInitState = true;
 
     private byte getTrailer(
         int trailerField)
@@ -113,6 +115,7 @@ protected void engineInitVerify(
         key = RSAUtil.generatePublicKeyParameter((RSAPublicKey)publicKey);
         pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer);
         pss.init(false, key);
+        isInitState = true;
     }
 
     protected void engineInitSign(
@@ -128,6 +131,7 @@ protected void engineInitSign(
         key = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
         pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer);
         pss.init(true, new ParametersWithRandom(key, random));
+        isInitState = true;
     }
 
     protected void engineInitSign(
@@ -142,13 +146,15 @@ protected void engineInitSign(
         key = RSAUtil.generatePrivateKeyParameter((RSAPrivateKey)privateKey);
         pss = new org.bouncycastle.crypto.signers.PSSSigner(signer, contentDigest, mgfDigest, saltLength, trailer);
         pss.init(true, key);
+        isInitState = true;
     }
 
     protected void engineUpdate(
         byte    b)
         throws SignatureException
     {
         pss.update(b);
+        isInitState = false;
     }
 
     protected void engineUpdate(
@@ -158,11 +164,13 @@ protected void engineUpdate(
         throws SignatureException
     {
         pss.update(b, off, len);
+        isInitState = false;
     }
 
     protected byte[] engineSign()
         throws SignatureException
     {
+        isInitState = true;
         try
         {
             return pss.generateSignature();
@@ -177,13 +185,19 @@ protected boolean engineVerify(
         byte[]  sigBytes) 
         throws SignatureException
     {
+        isInitState = true;
         return pss.verifySignature(sigBytes);
     }
 
     protected void engineSetParameter(
         AlgorithmParameterSpec params)
         throws InvalidAlgorithmParameterException
     {
+        if (!isInitState)
+        {
+            throw new ProviderException("cannot call setParameter in the middle of update");
+        }
+
         if (params == null)
         {
             if (originalSpec != null)

diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/PSSTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/PSSTest.java
@@ -5,6 +5,7 @@
 import java.security.KeyFactory;
 import java.security.MessageDigest;
 import java.security.PrivateKey;
+import java.security.ProviderException;
 import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.security.Security;
@@ -182,7 +183,7 @@ public void performTest() throws Exception
             fail("SHA256 signature verification failed");
         }
 
-        s = Signature.getInstance("RSAPSS", "BC");
+        s = Signature.getInstance("RSASSA-PSS", "BC");
 
         s.initSign(privKey);
 
@@ -201,6 +202,38 @@ public void performTest() throws Exception
             fail("SHA256 signature verification failed (setParameter)");
         }
 
+        s = Signature.getInstance("RSASSA-PSS", "BC");
+
+        s.initSign(privKey);
+
+        s.setParameter(pss.getParameterSpec(PSSParameterSpec.class));
+
+        s.update(msg1a);
+
+        try
+        {
+            s.setParameter(pss.getParameterSpec(PSSParameterSpec.class));
+            fail("no exception - setParameter byte[]");
+        }
+        catch (ProviderException e)
+        {
+            isEquals("cannot call setParameter in the middle of update", e.getMessage());
+        }
+
+        s.initSign(privKey);
+
+        s.update(msg1a[0]);
+
+        try
+        {
+            s.setParameter(pss.getParameterSpec(PSSParameterSpec.class));
+            fail("no exception - setParameter byte");
+        }
+        catch (ProviderException e)
+        {
+            isEquals("cannot call setParameter in the middle of update", e.getMessage());
+        }
+
         //
         // 512 test -with zero salt length
         //