Mercurial > hg > icedtea8-forest > jdk
changeset 11500:7eb9c6cf007c jdk8u65-b12
8134774: Need to backout partial fix for 8081297 from 9, 8u65, 8u66, 7u91
Summary: Backing out changeset fe1c420a8982
Reviewed-by: igerasim
author | asaha |
---|---|
date | Mon, 31 Aug 2015 13:30:33 -0700 |
parents | 54b89a1b4175 |
children | a3c7f0985a84 |
files | src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java src/share/classes/sun/security/ssl/RSAClientKeyExchange.java src/share/classes/sun/security/util/KeyUtil.java |
diffstat | 4 files changed, 14 insertions(+), 112 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Tue Aug 18 14:43:04 2015 +0300 +++ b/src/share/classes/com/sun/crypto/provider/TlsRsaPremasterSecretGenerator.java Mon Aug 31 13:30:33 2015 -0700 @@ -74,14 +74,11 @@ "TlsRsaPremasterSecretGenerator must be initialized"); } - byte[] b = spec.getEncodedSecret(); - if (b == null) { - if (random == null) { - random = new SecureRandom(); - } - b = new byte[48]; - random.nextBytes(b); + if (random == null) { + random = new SecureRandom(); } + byte[] b = new byte[48]; + random.nextBytes(b); b[0] = (byte)spec.getMajorVersion(); b[1] = (byte)spec.getMinorVersion();
--- a/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Tue Aug 18 14:43:04 2015 +0300 +++ b/src/share/classes/sun/security/internal/spec/TlsRsaPremasterSecretParameterSpec.java Mon Aug 31 13:30:33 2015 -0700 @@ -43,8 +43,6 @@ public class TlsRsaPremasterSecretParameterSpec implements AlgorithmParameterSpec { - private final byte[] encodedSecret; - /* * The TLS spec says that the version in the RSA premaster secret must * be the maximum version supported by the client (i.e. the version it @@ -91,33 +89,6 @@ this.clientVersion = checkVersion(clientVersion); this.serverVersion = checkVersion(serverVersion); - this.encodedSecret = null; - } - - /** - * Constructs a new TlsRsaPremasterSecretParameterSpec. - * - * @param clientVersion the version of the TLS protocol by which the - * client wishes to communicate during this session - * @param serverVersion the negotiated version of the TLS protocol which - * contains the lower of that suggested by the client in the client - * hello and the highest supported by the server. - * @param encodedSecret the encoded secret key - * - * @throws IllegalArgumentException if clientVersion or serverVersion are - * negative or larger than (2^16 - 1) or if encodedSecret is not - * exactly 48 bytes - */ - public TlsRsaPremasterSecretParameterSpec( - int clientVersion, int serverVersion, byte[] encodedSecret) { - - this.clientVersion = checkVersion(clientVersion); - this.serverVersion = checkVersion(serverVersion); - if (encodedSecret == null || encodedSecret.length != 48) { - throw new IllegalArgumentException( - "Encoded secret is not exactly 48 bytes"); - } - this.encodedSecret = encodedSecret.clone(); } /** @@ -176,13 +147,4 @@ } return version; } - - /** - * Returns the encoded secret. - * - * @return the encoded secret, may be null if no encoded secret. - */ - public byte[] getEncodedSecret() { - return encodedSecret == null ? null : encodedSecret.clone(); - } }
--- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Aug 18 14:43:04 2015 +0300 +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Mon Aug 31 13:30:33 2015 -0700 @@ -111,41 +111,14 @@ } } - boolean needFailover = false; - byte[] encoded = null; try { Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1); - needFailover = !KeyUtil.isOracleJCEProvider( - cipher.getProvider().getName()); - if (needFailover) { - cipher.init(Cipher.DECRYPT_MODE, privateKey); - encoded = cipher.doFinal(encrypted); - encoded = KeyUtil.checkTlsPreMasterSecretKey( - maxVersion.v, currentVersion.v, - generator, encoded, false); - preMaster = generatePreMasterSecret( - maxVersion.v, currentVersion.v, - encoded, generator); - } else { - cipher.init(Cipher.UNWRAP_MODE, privateKey, - new TlsRsaPremasterSecretParameterSpec( - maxVersion.v, currentVersion.v), - generator); - preMaster = (SecretKey)cipher.unwrap(encrypted, - "TlsRsaPremasterSecret", Cipher.SECRET_KEY); - } - } catch (BadPaddingException bpe) { - if (needFailover) { - encoded = KeyUtil.checkTlsPreMasterSecretKey( - maxVersion.v, currentVersion.v, - generator, null, false); - preMaster = generatePreMasterSecret( - maxVersion.v, currentVersion.v, - encoded, generator); - } else { - // Otherwise, unlikely to happen - throw new RuntimeException("Unexpected exception", bpe); - } + cipher.init(Cipher.UNWRAP_MODE, privateKey, + new TlsRsaPremasterSecretParameterSpec( + maxVersion.v, currentVersion.v), + generator); + preMaster = (SecretKey)cipher.unwrap(encrypted, + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); } catch (InvalidKeyException ibk) { // the message is too big to process with RSA throw new SSLProtocolException( @@ -160,35 +133,6 @@ } } - // generate a premaster secret with the specified version number - @SuppressWarnings("deprecation") - private static SecretKey generatePreMasterSecret( - int clientVersion, int serverVersion, - byte[] encodedSecret, SecureRandom generator) { - - if (debug != null && Debug.isOn("handshake")) { - System.out.println("Generating a premaster secret"); - } - - try { - String s = ((clientVersion >= ProtocolVersion.TLS12.v) ? - "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); - KeyGenerator kg = JsseJce.getKeyGenerator(s); - kg.init(new TlsRsaPremasterSecretParameterSpec( - clientVersion, serverVersion, encodedSecret), - generator); - return kg.generateKey(); - } catch (InvalidAlgorithmParameterException | - NoSuchAlgorithmException iae) { - // unlikely to happen, otherwise, must be a provider exception - if (debug != null && Debug.isOn("handshake")) { - System.out.println("RSA premaster secret generation error:"); - iae.printStackTrace(System.out); - } - throw new RuntimeException("Could not generate premaster secret", iae); - } - } - @Override int messageType() { return ht_client_key_exchange;
--- a/src/share/classes/sun/security/util/KeyUtil.java Tue Aug 18 14:43:04 2015 +0300 +++ b/src/share/classes/sun/security/util/KeyUtil.java Mon Aug 31 13:30:33 2015 -0700 @@ -144,6 +144,8 @@ /** * Returns whether the specified provider is Oracle provider or not. + * <P> + * Note that this method is only apply to SunJCE and SunPKCS11 at present. * * @param providerName * the provider name @@ -151,11 +153,8 @@ * {@code providerName} is Oracle provider */ public static final boolean isOracleJCEProvider(String providerName) { - return providerName != null && - (providerName.equals("SunJCE") || - providerName.equals("SunMSCAPI") || - providerName.equals("OracleUcrypto") || - providerName.startsWith("SunPKCS11")); + return providerName != null && (providerName.equals("SunJCE") || + providerName.startsWith("SunPKCS11")); } /**