From 01a5f36012284255ef130d0987eafcb918448e6f Mon Sep 17 00:00:00 2001 From: Valentine <21033866+BoomEaro@users.noreply.github.com> Date: Sun, 29 Sep 2024 12:44:15 +0300 Subject: [PATCH] #3751: Fix potential overriding of cipher by other libraries --- .../src/main/java/net/md_5/bungee/EncryptionUtil.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java b/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java index 27c5b066..a8b77678 100644 --- a/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java +++ b/proxy/src/main/java/net/md_5/bungee/EncryptionUtil.java @@ -11,12 +11,12 @@ import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.Signature; import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; -import java.util.Arrays; import java.util.Base64; import java.util.Random; import java.util.UUID; @@ -108,17 +108,17 @@ public class EncryptionUtil return signature.verify( resp.getEncryptionData().getSignature() ); } else { - Cipher cipher = Cipher.getInstance( "RSA" ); + Cipher cipher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" ); cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() ); byte[] decrypted = cipher.doFinal( resp.getVerifyToken() ); - return Arrays.equals( request.getVerifyToken(), decrypted ); + return MessageDigest.isEqual( request.getVerifyToken(), decrypted ); } } public static SecretKey getSecret(EncryptionResponse resp, EncryptionRequest request) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance( "RSA" ); + Cipher cipher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" ); cipher.init( Cipher.DECRYPT_MODE, keys.getPrivate() ); return new SecretKeySpec( cipher.doFinal( resp.getSharedSecret() ), "AES" ); } @@ -143,7 +143,7 @@ public class EncryptionUtil public static byte[] encrypt(Key key, byte[] b) throws GeneralSecurityException { - Cipher hasher = Cipher.getInstance( "RSA" ); + Cipher hasher = Cipher.getInstance( "RSA/ECB/PKCS1Padding" ); hasher.init( Cipher.ENCRYPT_MODE, key ); return hasher.doFinal( b ); }