Mercurial > hg > release > icedtea7-forest-2.2 > jdk

--- a/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java	Mon May 13 18:30:45 2013 -0700
+++ b/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java	Wed Jun 12 11:42:41 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -407,8 +407,9 @@
             }
             return skey;
         } else if (algorithm.equals("TlsPremasterSecret")) {
-            // return entire secret
-            return new SecretKeySpec(secret, "TlsPremasterSecret");
+            // remove leading zero bytes per RFC 5246 Section 8.1.2
+            return new SecretKeySpec(
+                        KeyUtil.trimZeroes(secret), "TlsPremasterSecret");
         } else {
             throw new NoSuchAlgorithmException("Unsupported secret key "
                                                + "algorithm: "+ algorithm);
--- a/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java	Mon May 13 18:30:45 2013 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java	Wed Jun 12 11:42:41 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -316,7 +316,7 @@
                 // as here we always retrieve the CKA_VALUE even for tokens
                 // that do not have that bug.
                 byte[] keyBytes = key.getEncoded();
-                byte[] newBytes = P11Util.trimZeroes(keyBytes);
+                byte[] newBytes = KeyUtil.trimZeroes(keyBytes);
                 if (keyBytes != newBytes) {
                     key = new SecretKeySpec(newBytes, algorithm);
                 }
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java	Mon May 13 18:30:45 2013 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java	Wed Jun 12 11:42:41 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -41,6 +41,7 @@

 import sun.security.pkcs11.wrapper.*;
 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+import sun.security.util.KeyUtil;

 /**
  * Signature implementation class. This class currently supports the
@@ -687,8 +688,8 @@
             BigInteger r = values[0].getPositiveBigInteger();
             BigInteger s = values[1].getPositiveBigInteger();
             // trim leading zeroes
-            byte[] br = P11Util.trimZeroes(r.toByteArray());
-            byte[] bs = P11Util.trimZeroes(s.toByteArray());
+            byte[] br = KeyUtil.trimZeroes(r.toByteArray());
+            byte[] bs = KeyUtil.trimZeroes(s.toByteArray());
             int k = Math.max(br.length, bs.length);
             // r and s each occupy half the array
             byte[] res = new byte[k << 1];
--- a/src/share/classes/sun/security/pkcs11/P11Util.java	Mon May 13 18:30:45 2013 -0700
+++ b/src/share/classes/sun/security/pkcs11/P11Util.java	Wed Jun 12 11:42:41 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -131,20 +131,6 @@
         return b;
     }

-    // trim leading (most significant) zeroes from the result
-    static byte[] trimZeroes(byte[] b) {
-        int i = 0;
-        while ((i < b.length - 1) && (b[i] == 0)) {
-            i++;
-        }
-        if (i == 0) {
-            return b;
-        }
-        byte[] t = new byte[b.length - i];
-        System.arraycopy(b, i, t, 0, t.length);
-        return t;
-    }
-
     public static byte[] getMagnitude(BigInteger bi) {
         byte[] b = bi.toByteArray();
         if ((b.length > 1) && (b[0] == 0)) {
--- a/src/share/classes/sun/security/util/KeyUtil.java	Mon May 13 18:30:45 2013 -0700
+++ b/src/share/classes/sun/security/util/KeyUtil.java	Wed Jun 12 11:42:41 2013 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -200,5 +200,24 @@

         // Don't bother to check against the y^q mod p if safe primes are used.
     }
+
+    /**
+     * Trim leading (most significant) zeroes from the result.
+     *
+     * @throws NullPointerException if {@code b} is null
+     */
+    public static byte[] trimZeroes(byte[] b) {
+        int i = 0;
+        while ((i < b.length - 1) && (b[i] == 0)) {
+            i++;
+        }
+        if (i == 0) {
+            return b;
+        }
+        byte[] t = new byte[b.length - i];
+        System.arraycopy(b, i, t, 0, t.length);
+        return t;
+    }
+
 }