Mercurial > hg > release > icedtea6-1.11

view patches/openjdk/8014618-strip_leading_zeros_premastersecret.patch @ 2912:d59bbf7333e0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Backport additional fixes. Additional fixes were applied to jdk7u as part of the security release. This patch includes a subset of them. 2013-07-01 Omair Majid <omajid@redhat.com> * patches/openjdk/7188114-alternate_command_line_parser.patch, * patches/openjdk/7199143-OCSP_timeout.patch, * patches/openjdk/8006120-server_jre.patch, * patches/openjdk/8006536-remove_trailing_slashes.patch, * patches/openjdk/8009165-inappropriate_method_in_reflectutil.patch, * patches/openjdk/8009217-fix_test_compile.patch, * patches/openjdk/8009463-space_and_final_backslash.patch, * patches/openjdk/8009610-blacklist_malware_certificate.patch, * patches/openjdk/8010213-set_socketoptions_windows.patch, * patches/openjdk/8010714-xml_dsig_retrievalmethod.patch, * patches/openjdk/8011154-awt_regresssion.patch, * patches/openjdk/8011313-OCSP_timeout_wrong_value.patch, * patches/openjdk/8011992-MlibOpsTest_failed.patch, * patches/openjdk/8012112-MlibOpsTest_fails.patch, * patches/openjdk/8012617-arrayindexoutofbounds_linebreakmeasurer.patch, * patches/openjdk/8012933-appcontext_disposed_too_early.patch, * patches/openjdk/8013196-TimeZone_getDefault_throws_exception.patch, * patches/openjdk/8014205-blank_swing_dialogs_windows.patch, * patches/openjdk/8014427-raster_regresssion.patch, * patches/openjdk/8014618-strip_leading_zeros_premastersecret.patch, * patches/openjdk/8014676-javadebugger_space_in_paths.patch, * patches/openjdk/8014968-OCSP_timeout_default.patch: New file. Backport from icedtea/openjdk 7. * Makefile.am (ICEDTEA_PATCHES): Apply the above. * patches/ecj/override.patch: Add new hunk for BufferedImage. * NEWS: Update with backports.
author Omair Majid <omajid@redhat.com>
date Mon, 01 Jul 2013 21:05:04 -0400
parents
children
line wrap: on
line source

# HG changeset patch
# User andrew
# Date 1371046686 -3600
# Node ID 27e8f5644011928af792f6b99cc11308f21f5c32
# Parent  b56b4751faf02f4c3fcb0588e5d76a53d391e099
8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
Reviewed-by: xuelei
Contributed-by: Pasi Eronen <pe@iki.fi>

--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
+++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -407,8 +407,9 @@
             }
             return skey;
         } else if (algorithm.equals("TlsPremasterSecret")) {
-            // return entire secret
-            return new SecretKeySpec(secret, "TlsPremasterSecret");
+            // remove leading zero bytes per RFC 5246 Section 8.1.2
+            return new SecretKeySpec(
+                        KeyUtil.trimZeroes(secret), "TlsPremasterSecret");
         } else {
             throw new NoSuchAlgorithmException("Unsupported secret key "
                                                + "algorithm: "+ algorithm);
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -208,7 +208,7 @@
             byte[] secret = attributes[0].getByteArray();
             token.p11.C_DestroyObject(session.id(), keyID);
             // trim leading 0x00 bytes per JCE convention
-            return P11Util.trimZeroes(secret);
+            return KeyUtil.trimZeroes(secret);
         } catch (PKCS11Exception e) {
             throw new ProviderException("Could not derive key", e);
         } finally {
@@ -316,7 +316,7 @@
                 // as here we always retrieve the CKA_VALUE even for tokens
                 // that do not have that bug.
                 byte[] keyBytes = key.getEncoded();
-                byte[] newBytes = P11Util.trimZeroes(keyBytes);
+                byte[] newBytes = KeyUtil.trimZeroes(keyBytes);
                 if (keyBytes != newBytes) {
                     key = new SecretKeySpec(newBytes, algorithm);
                 }
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@
 
 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+import sun.security.util.KeyUtil;
 
 /**
  * Signature implementation class. This class currently supports the
@@ -687,8 +688,8 @@
             BigInteger r = values[0].getPositiveBigInteger();
             BigInteger s = values[1].getPositiveBigInteger();
             // trim leading zeroes
-            byte[] br = P11Util.trimZeroes(r.toByteArray());
-            byte[] bs = P11Util.trimZeroes(s.toByteArray());
+            byte[] br = KeyUtil.trimZeroes(r.toByteArray());
+            byte[] bs = KeyUtil.trimZeroes(s.toByteArray());
             int k = Math.max(br.length, bs.length);
             // r and s each occupy half the array
             byte[] res = new byte[k << 1];
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Util.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Util.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -131,20 +131,6 @@
         return b;
     }
 
-    // trim leading (most significant) zeroes from the result
-    static byte[] trimZeroes(byte[] b) {
-        int i = 0;
-        while ((i < b.length - 1) && (b[i] == 0)) {
-            i++;
-        }
-        if (i == 0) {
-            return b;
-        }
-        byte[] t = new byte[b.length - i];
-        System.arraycopy(b, i, t, 0, t.length);
-        return t;
-    }
-
     public static byte[] getMagnitude(BigInteger bi) {
         byte[] b = bi.toByteArray();
         if ((b.length > 1) && (b[0] == 0)) {
--- openjdk/jdk/src/share/classes/sun/security/util/KeyUtil.java
+++ openjdk/jdk/src/share/classes/sun/security/util/KeyUtil.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -200,5 +200,24 @@
 
         // Don't bother to check against the y^q mod p if safe primes are used.
     }
+
+    /**
+     * Trim leading (most significant) zeroes from the result.
+     *
+     * @throws NullPointerException if {@code b} is null
+     */
+    public static byte[] trimZeroes(byte[] b) {
+        int i = 0;
+        while ((i < b.length - 1) && (b[i] == 0)) {
+            i++;
+        }
+        if (i == 0) {
+            return b;
+        }
+        byte[] t = new byte[b.length - i];
+        System.arraycopy(b, i, t, 0, t.length);
+        return t;
+    }
+
 }