# HG changeset patch # User andrew # Date 1371046686 -3600 # Node ID 27e8f5644011928af792f6b99cc11308f21f5c32 # Parent b56b4751faf02f4c3fcb0588e5d76a53d391e099 8014618: Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement Reviewed-by: xuelei Contributed-by: Pasi Eronen diff -r b56b4751faf0 -r 27e8f5644011 src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java --- a/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Mon May 13 18:30:45 2013 -0700 +++ b/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java Wed Jun 12 15:18:06 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -407,8 +407,9 @@ } return skey; } else if (algorithm.equals("TlsPremasterSecret")) { - // return entire secret - return new SecretKeySpec(secret, "TlsPremasterSecret"); + // remove leading zero bytes per RFC 5246 Section 8.1.2 + return new SecretKeySpec( + KeyUtil.trimZeroes(secret), "TlsPremasterSecret"); } else { throw new NoSuchAlgorithmException("Unsupported secret key " + "algorithm: "+ algorithm); diff -r b56b4751faf0 -r 27e8f5644011 src/share/classes/sun/security/pkcs11/P11KeyAgreement.java --- a/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java Mon May 13 18:30:45 2013 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java Wed Jun 12 15:18:06 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -208,7 +208,7 @@ byte[] secret = attributes[0].getByteArray(); token.p11.C_DestroyObject(session.id(), keyID); // trim leading 0x00 bytes per JCE convention - return P11Util.trimZeroes(secret); + return KeyUtil.trimZeroes(secret); } catch (PKCS11Exception e) { throw new ProviderException("Could not derive key", e); } finally { @@ -316,7 +316,7 @@ // as here we always retrieve the CKA_VALUE even for tokens // that do not have that bug. byte[] keyBytes = key.getEncoded(); - byte[] newBytes = P11Util.trimZeroes(keyBytes); + byte[] newBytes = KeyUtil.trimZeroes(keyBytes); if (keyBytes != newBytes) { key = new SecretKeySpec(newBytes, algorithm); } diff -r b56b4751faf0 -r 27e8f5644011 src/share/classes/sun/security/pkcs11/P11Signature.java --- a/src/share/classes/sun/security/pkcs11/P11Signature.java Mon May 13 18:30:45 2013 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java Wed Jun 12 15:18:06 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -41,6 +41,7 @@ import sun.security.pkcs11.wrapper.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; +import sun.security.util.KeyUtil; /** * Signature implementation class. This class currently supports the @@ -687,8 +688,8 @@ BigInteger r = values[0].getPositiveBigInteger(); BigInteger s = values[1].getPositiveBigInteger(); // trim leading zeroes - byte[] br = P11Util.trimZeroes(r.toByteArray()); - byte[] bs = P11Util.trimZeroes(s.toByteArray()); + byte[] br = KeyUtil.trimZeroes(r.toByteArray()); + byte[] bs = KeyUtil.trimZeroes(s.toByteArray()); int k = Math.max(br.length, bs.length); // r and s each occupy half the array byte[] res = new byte[k << 1]; diff -r b56b4751faf0 -r 27e8f5644011 src/share/classes/sun/security/pkcs11/P11Util.java --- a/src/share/classes/sun/security/pkcs11/P11Util.java Mon May 13 18:30:45 2013 -0700 +++ b/src/share/classes/sun/security/pkcs11/P11Util.java Wed Jun 12 15:18:06 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -131,20 +131,6 @@ return b; } - // trim leading (most significant) zeroes from the result - static byte[] trimZeroes(byte[] b) { - int i = 0; - while ((i < b.length - 1) && (b[i] == 0)) { - i++; - } - if (i == 0) { - return b; - } - byte[] t = new byte[b.length - i]; - System.arraycopy(b, i, t, 0, t.length); - return t; - } - public static byte[] getMagnitude(BigInteger bi) { byte[] b = bi.toByteArray(); if ((b.length > 1) && (b[0] == 0)) { diff -r b56b4751faf0 -r 27e8f5644011 src/share/classes/sun/security/util/KeyUtil.java --- a/src/share/classes/sun/security/util/KeyUtil.java Mon May 13 18:30:45 2013 -0700 +++ b/src/share/classes/sun/security/util/KeyUtil.java Wed Jun 12 15:18:06 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -200,5 +200,24 @@ // Don't bother to check against the y^q mod p if safe primes are used. } + + /** + * Trim leading (most significant) zeroes from the result. + * + * @throws NullPointerException if {@code b} is null + */ + public static byte[] trimZeroes(byte[] b) { + int i = 0; + while ((i < b.length - 1) && (b[i] == 0)) { + i++; + } + if (i == 0) { + return b; + } + byte[] t = new byte[b.length - i]; + System.arraycopy(b, i, t, 0, t.length); + return t; + } + }