提交 07f9fe14 编写于 作者: A asaha

8134774: Need to backout partial fix for 8081297 from 9, 8u65, 8u66, 7u91

Summary: Backing out changeset fe1c420a8982
Reviewed-by: igerasim
上级 a050ebd2
......@@ -74,14 +74,11 @@ public final class TlsRsaPremasterSecretGenerator extends KeyGeneratorSpi {
"TlsRsaPremasterSecretGenerator must be initialized");
}
byte[] b = spec.getEncodedSecret();
if (b == null) {
if (random == null) {
random = new SecureRandom();
}
b = new byte[48];
random.nextBytes(b);
if (random == null) {
random = new SecureRandom();
}
byte[] b = new byte[48];
random.nextBytes(b);
b[0] = (byte)spec.getMajorVersion();
b[1] = (byte)spec.getMinorVersion();
......
......@@ -43,8 +43,6 @@ import java.security.PrivilegedAction;
public class TlsRsaPremasterSecretParameterSpec
implements AlgorithmParameterSpec {
private final byte[] encodedSecret;
/*
* The TLS spec says that the version in the RSA premaster secret must
* be the maximum version supported by the client (i.e. the version it
......@@ -91,33 +89,6 @@ public class TlsRsaPremasterSecretParameterSpec
this.clientVersion = checkVersion(clientVersion);
this.serverVersion = checkVersion(serverVersion);
this.encodedSecret = null;
}
/**
* Constructs a new TlsRsaPremasterSecretParameterSpec.
*
* @param clientVersion the version of the TLS protocol by which the
* client wishes to communicate during this session
* @param serverVersion the negotiated version of the TLS protocol which
* contains the lower of that suggested by the client in the client
* hello and the highest supported by the server.
* @param encodedSecret the encoded secret key
*
* @throws IllegalArgumentException if clientVersion or serverVersion are
* negative or larger than (2^16 - 1) or if encodedSecret is not
* exactly 48 bytes
*/
public TlsRsaPremasterSecretParameterSpec(
int clientVersion, int serverVersion, byte[] encodedSecret) {
this.clientVersion = checkVersion(clientVersion);
this.serverVersion = checkVersion(serverVersion);
if (encodedSecret == null || encodedSecret.length != 48) {
throw new IllegalArgumentException(
"Encoded secret is not exactly 48 bytes");
}
this.encodedSecret = encodedSecret.clone();
}
/**
......@@ -176,13 +147,4 @@ public class TlsRsaPremasterSecretParameterSpec
}
return version;
}
/**
* Returns the encoded secret.
*
* @return the encoded secret, may be null if no encoded secret.
*/
public byte[] getEncodedSecret() {
return encodedSecret == null ? null : encodedSecret.clone();
}
}
......@@ -111,41 +111,14 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
}
boolean needFailover = false;
byte[] encoded = null;
try {
Cipher cipher = JsseJce.getCipher(JsseJce.CIPHER_RSA_PKCS1);
needFailover = !KeyUtil.isOracleJCEProvider(
cipher.getProvider().getName());
if (needFailover) {
cipher.init(Cipher.DECRYPT_MODE, privateKey);
encoded = cipher.doFinal(encrypted);
encoded = KeyUtil.checkTlsPreMasterSecretKey(
maxVersion.v, currentVersion.v,
generator, encoded, false);
preMaster = generatePreMasterSecret(
maxVersion.v, currentVersion.v,
encoded, generator);
} else {
cipher.init(Cipher.UNWRAP_MODE, privateKey,
new TlsRsaPremasterSecretParameterSpec(
maxVersion.v, currentVersion.v),
generator);
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
}
} catch (BadPaddingException bpe) {
if (needFailover) {
encoded = KeyUtil.checkTlsPreMasterSecretKey(
maxVersion.v, currentVersion.v,
generator, null, false);
preMaster = generatePreMasterSecret(
maxVersion.v, currentVersion.v,
encoded, generator);
} else {
// Otherwise, unlikely to happen
throw new RuntimeException("Unexpected exception", bpe);
}
cipher.init(Cipher.UNWRAP_MODE, privateKey,
new TlsRsaPremasterSecretParameterSpec(
maxVersion.v, currentVersion.v),
generator);
preMaster = (SecretKey)cipher.unwrap(encrypted,
"TlsRsaPremasterSecret", Cipher.SECRET_KEY);
} catch (InvalidKeyException ibk) {
// the message is too big to process with RSA
throw new SSLProtocolException(
......@@ -160,35 +133,6 @@ final class RSAClientKeyExchange extends HandshakeMessage {
}
}
// generate a premaster secret with the specified version number
@SuppressWarnings("deprecation")
private static SecretKey generatePreMasterSecret(
int clientVersion, int serverVersion,
byte[] encodedSecret, SecureRandom generator) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println("Generating a premaster secret");
}
try {
String s = ((clientVersion >= ProtocolVersion.TLS12.v) ?
"SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret");
KeyGenerator kg = JsseJce.getKeyGenerator(s);
kg.init(new TlsRsaPremasterSecretParameterSpec(
clientVersion, serverVersion, encodedSecret),
generator);
return kg.generateKey();
} catch (InvalidAlgorithmParameterException |
NoSuchAlgorithmException iae) {
// unlikely to happen, otherwise, must be a provider exception
if (debug != null && Debug.isOn("handshake")) {
System.out.println("RSA premaster secret generation error:");
iae.printStackTrace(System.out);
}
throw new RuntimeException("Could not generate premaster secret", iae);
}
}
@Override
int messageType() {
return ht_client_key_exchange;
......
......@@ -144,6 +144,8 @@ public final class KeyUtil {
/**
* Returns whether the specified provider is Oracle provider or not.
* <P>
* Note that this method is only apply to SunJCE and SunPKCS11 at present.
*
* @param providerName
* the provider name
......@@ -151,11 +153,8 @@ public final class KeyUtil {
* {@code providerName} is Oracle provider
*/
public static final boolean isOracleJCEProvider(String providerName) {
return providerName != null &&
(providerName.equals("SunJCE") ||
providerName.equals("SunMSCAPI") ||
providerName.equals("OracleUcrypto") ||
providerName.startsWith("SunPKCS11"));
return providerName != null && (providerName.equals("SunJCE") ||
providerName.startsWith("SunPKCS11"));
}
/**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册