From d75ee5abbc49766a469a11f0e6d7f503a0f38434 Mon Sep 17 00:00:00 2001 From: Jimmy Wu Date: Wed, 12 Feb 2025 22:59:19 -0500 Subject: [PATCH] fips140-3: don't cache iv in audit crypto --- .../audit/encryption/AuditCrypto.java | 58 ++++++++----------- 1 file changed, 24 insertions(+), 34 deletions(-) diff --git a/dev/com.ibm.ws.security.audit.source/src/com/ibm/ws/security/audit/encryption/AuditCrypto.java b/dev/com.ibm.ws.security.audit.source/src/com/ibm/ws/security/audit/encryption/AuditCrypto.java index fbf1d5989a2..c45cd3875f3 100644 --- a/dev/com.ibm.ws.security.audit.source/src/com/ibm/ws/security/audit/encryption/AuditCrypto.java +++ b/dev/com.ibm.ws.security.audit.source/src/com/ibm/ws/security/audit/encryption/AuditCrypto.java @@ -2118,14 +2118,10 @@ private static Cipher createCipher(int cipherMode, byte[] key, String cipher, if (cipher.indexOf("ECB") == -1) { if (cipher.indexOf("AES") != -1) { - if (ivs16 == null) { - setIVS16(key); - } + setIVS16(key); ci.init(cipherMode, sKey, ivs16); } else { - if (ivs8 == null) { - setIVS8(key); - } + setIVS8(key); ci.init(cipherMode, sKey, ivs8); } } else { @@ -2225,21 +2221,18 @@ public static synchronized void setIVS8(byte[] key) { if (tc.isEntryEnabled()) Tr.entry(tc, "setIVS8"); - if (ivs8 == null) // only set it once - { - try { - byte[] iv8 = new byte[8]; - for (int i = 0; i < 8; i++) { - iv8[i] = key[i]; - } - ivs8 = new IvParameterSpec(iv8); - if (tc.isDebugEnabled()) - Tr.debug(tc, "setIVS8: ivs8 successfully set"); - } catch (Exception e) { - if (tc.isDebugEnabled()) - Tr.debug(tc, "setIVS8 unxepected exception setting initialization vector", new Object[] { e }); - com.ibm.ws.ffdc.FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2Factory.initialize", "2539"); + try { + byte[] iv8 = new byte[8]; + for (int i = 0; i < 8; i++) { + iv8[i] = key[i]; } + ivs8 = new IvParameterSpec(iv8); + if (tc.isDebugEnabled()) + Tr.debug(tc, "setIVS8: ivs8 successfully set"); + } catch (Exception e) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "setIVS8 unxepected exception setting initialization vector", new Object[] { e }); + com.ibm.ws.ffdc.FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2Factory.initialize", "2539"); } } @@ -2250,21 +2243,18 @@ public static synchronized void setIVS16(byte[] key) { if (tc.isEntryEnabled()) Tr.entry(tc, "setIVS16"); - if (ivs16 == null) // only set it once - { - try { - byte[] iv16 = new byte[16]; - for (int i = 0; i < 16; i++) { - iv16[i] = key[i]; - } - ivs16 = new IvParameterSpec(iv16); - if (tc.isDebugEnabled()) - Tr.debug(tc, "setIVS16: ivs16 successfully set"); - } catch (Exception e) { - if (tc.isDebugEnabled()) - Tr.debug(tc, "setIVS16 unxepected exception setting initialization vector", new Object[] { e }); - com.ibm.ws.ffdc.FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2Factory.initialize", "2568"); + try { + byte[] iv16 = new byte[16]; + for (int i = 0; i < 16; i++) { + iv16[i] = key[i]; } + ivs16 = new IvParameterSpec(iv16); + if (tc.isDebugEnabled()) + Tr.debug(tc, "setIVS16: ivs16 successfully set"); + } catch (Exception e) { + if (tc.isDebugEnabled()) + Tr.debug(tc, "setIVS16 unxepected exception setting initialization vector", new Object[] { e }); + com.ibm.ws.ffdc.FFDCFilter.processException(e, "com.ibm.ws.security.ltpa.LTPAToken2Factory.initialize", "2568"); } } } \ No newline at end of file