# HG changeset patch
# User valeriep
# Date 1437348334 -3600
# Node ID ca52af59c969452e046fcff388e07932b54ac98f
# Parent e8fc101cdb38989753f03685c439e8c83a70a95d
8074865: General crypto resilience changes
Reviewed-by: mullan, xuelei
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/AESCrypt.java
--- a/src/share/classes/com/sun/crypto/provider/AESCrypt.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/AESCrypt.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
-import java.util.Arrays;
+import java.security.MessageDigest;
/**
* Rijndael --pronounced Reindaal-- is a symmetric cipher with a 128-bit
@@ -88,7 +88,7 @@
key.length + " bytes");
}
- if (!Arrays.equals(key, lastKey)) {
+ if (!MessageDigest.isEqual(key, lastKey)) {
// re-generate session key 'sessionK' when cipher key changes
makeSessionKey(key);
lastKey = key.clone(); // save cipher key
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/CipherCore.java
--- a/src/share/classes/com/sun/crypto/provider/CipherCore.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/CipherCore.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/DESKey.java
--- a/src/share/classes/com/sun/crypto/provider/DESKey.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/DESKey.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package com.sun.crypto.provider;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@@ -113,7 +114,7 @@
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatKey);
+ boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/DESedeKey.java
--- a/src/share/classes/com/sun/crypto/provider/DESedeKey.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/DESedeKey.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package com.sun.crypto.provider;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@@ -114,7 +115,7 @@
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatKey);
+ boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/PBEKey.java
--- a/src/share/classes/com/sun/crypto/provider/PBEKey.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/PBEKey.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
package com.sun.crypto.provider;
import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
@@ -108,7 +109,7 @@
return false;
byte[] thatEncoded = that.getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatEncoded);
+ boolean ret = MessageDigest.isEqual(this.key, thatEncoded);
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java
--- a/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.Arrays;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
@@ -157,7 +158,7 @@
SecretKey sk = (SecretKey)obj;
return prf.getAlgorithm().equalsIgnoreCase(
sk.getAlgorithm()) &&
- Arrays.equals(password, sk.getEncoded());
+ MessageDigest.isEqual(password, sk.getEncoded());
}
};
prf.init(macKey);
@@ -243,7 +244,7 @@
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
- boolean ret = Arrays.equals(key, that.getEncoded());
+ boolean ret = MessageDigest.isEqual(key, that.getEncoded());
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/java/security/Identity.java
--- a/src/share/classes/java/security/Identity.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/java/security/Identity.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -261,7 +261,7 @@
certificates.addElement(certificate);
}
- private boolean keyEquals(Key aKey, Key anotherKey) {
+ private boolean keyEquals(PublicKey aKey, PublicKey anotherKey) {
String aKeyFormat = aKey.getFormat();
String anotherKeyFormat = anotherKey.getFormat();
if ((aKeyFormat == null) ^ (anotherKeyFormat == null))
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/java/security/MessageDigest.java
--- a/src/share/classes/java/security/MessageDigest.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/java/security/MessageDigest.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -428,6 +428,10 @@
* @return true if the digests are equal, false otherwise.
*/
public static boolean isEqual(byte[] digesta, byte[] digestb) {
+ if (digesta == digestb) return true;
+ if (digesta == null || digestb == null) {
+ return false;
+ }
if (digesta.length != digestb.length) {
return false;
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/java/security/Signature.java
--- a/src/share/classes/java/security/Signature.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/java/security/Signature.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1288,7 +1288,7 @@
byte[] out = cipher.doFinal(sigBytes);
byte[] dataBytes = data.toByteArray();
data.reset();
- return Arrays.equals(out, dataBytes);
+ return MessageDigest.isEqual(out, dataBytes);
} catch (BadPaddingException e) {
// e.g. wrong public key used
// return false rather than throwing exception
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/javax/crypto/spec/SecretKeySpec.java
--- a/src/share/classes/javax/crypto/spec/SecretKeySpec.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/javax/crypto/spec/SecretKeySpec.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
import java.io.UnsupportedEncodingException;
import java.security.Key;
+import java.security.MessageDigest;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
@@ -228,6 +229,6 @@
byte[] thatKey = ((SecretKey)obj).getEncoded();
- return java.util.Arrays.equals(this.key, thatKey);
+ return MessageDigest.isEqual(this.key, thatKey);
}
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/pkcs11/P11Key.java
--- a/src/share/classes/sun/security/pkcs11/P11Key.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/pkcs11/P11Key.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -162,7 +162,7 @@
} else {
otherEnc = other.getEncoded();
}
- return Arrays.equals(thisEnc, otherEnc);
+ return MessageDigest.isEqual(thisEnc, otherEnc);
}
public int hashCode() {
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/pkcs11/wrapper/Functions.java
--- a/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@@ -447,22 +447,6 @@
/**
* Check the given arrays for equalitiy. This method considers both arrays as
* equal, if both are null
or both have the same length and
- * contain exactly the same byte values.
- *
- * @param array1 The first array.
- * @param array2 The second array.
- * @return True, if both arrays are null
or both have the same
- * length and contain exactly the same byte values. False, otherwise.
- * @preconditions
- * @postconditions
- */
- public static boolean equals(byte[] array1, byte[] array2) {
- return Arrays.equals(array1, array2);
- }
-
- /**
- * Check the given arrays for equalitiy. This method considers both arrays as
- * equal, if both are null
or both have the same length and
* contain exactly the same char values.
*
* @param array1 The first array.
@@ -472,7 +456,7 @@
* @preconditions
* @postconditions
*/
- public static boolean equals(char[] array1, char[] array2) {
+ private static boolean equals(char[] array1, char[] array2) {
return Arrays.equals(array1, array2);
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
--- a/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Mon Jul 20 00:25:34 2015 +0100
@@ -1347,7 +1347,7 @@
m.update(authSafeData);
byte[] macResult = m.doFinal();
- if (!Arrays.equals(macData.getDigest(), macResult)) {
+ if (!MessageDigest.isEqual(macData.getDigest(), macResult)) {
throw new SecurityException("Failed PKCS12" +
" integrity checking");
}
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/rsa/RSASignature.java
--- a/src/share/classes/sun/security/rsa/RSASignature.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/rsa/RSASignature.java Mon Jul 20 00:25:34 2015 +0100
@@ -28,7 +28,6 @@
import java.io.IOException;
import java.nio.ByteBuffer;
import java.math.BigInteger;
-import java.util.Arrays;
import java.security.*;
import java.security.interfaces.*;
@@ -195,7 +194,7 @@
byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
byte[] unpadded = padding.unpad(decrypted);
byte[] decodedDigest = decodeSignature(digestOID, unpadded);
- return Arrays.equals(digest, decodedDigest);
+ return MessageDigest.isEqual(digest, decodedDigest);
} catch (javax.crypto.BadPaddingException e) {
// occurs if the app has used the wrong RSA public key
// or if sigBytes is invalid
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/ssl/ClientHandshaker.java
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java Mon Jul 20 00:25:34 2015 +0100
@@ -486,7 +486,7 @@
0, clientVerifyData.length);
System.arraycopy(serverVerifyData, 0, verifyData,
clientVerifyData.length, serverVerifyData.length);
- if (!Arrays.equals(verifyData,
+ if (!MessageDigest.isEqual(verifyData,
serverHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ServerHello " +
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/ssl/HandshakeMessage.java
--- a/src/share/classes/sun/security/ssl/HandshakeMessage.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/ssl/HandshakeMessage.java Mon Jul 20 00:25:34 2015 +0100
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1881,7 +1881,7 @@
*/
boolean verify(HandshakeHash handshakeHash, int sender, SecretKey master) {
byte[] myFinished = getFinished(handshakeHash, sender, master);
- return Arrays.equals(myFinished, verifyData);
+ return MessageDigest.isEqual(myFinished, verifyData);
}
/*
diff -r e8fc101cdb38 -r ca52af59c969 src/share/classes/sun/security/ssl/ServerHandshaker.java
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue Apr 07 14:33:49 2015 +0300
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java Mon Jul 20 00:25:34 2015 +0100
@@ -383,7 +383,7 @@
}
// verify the client_verify_data value
- if (!Arrays.equals(clientVerifyData,
+ if (!MessageDigest.isEqual(clientVerifyData,
clientHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ClientHello " +