提交 b101cdf7 编写于 作者: A asaha

Merge

...@@ -510,6 +510,8 @@ e494e93d48f943229223d881a2928064a69cdf23 jdk8u71-b10 ...@@ -510,6 +510,8 @@ e494e93d48f943229223d881a2928064a69cdf23 jdk8u71-b10
32226f73879f21f7a7bb024f4197c089b53a93c4 jdk8u71-b11 32226f73879f21f7a7bb024f4197c089b53a93c4 jdk8u71-b11
8181f8b6ef0d861f57547c89e52f258cb5583b77 jdk8u71-b12 8181f8b6ef0d861f57547c89e52f258cb5583b77 jdk8u71-b12
23a6e0931277e7d4278605f55db2c81fcb3907b0 jdk8u71-b13 23a6e0931277e7d4278605f55db2c81fcb3907b0 jdk8u71-b13
1ad1d1b46fef8bf88f36b8d0fae6b51df2de7fb2 jdk8u71-b14
06e7500086a69545a9f55bf5fec23969abe32c57 jdk8u71-b15
be5faa9c77042f202106c18f4e8ea211137b4a3b jdk8u72-b00 be5faa9c77042f202106c18f4e8ea211137b4a3b jdk8u72-b00
5ad1e9e8e8417f80c91d7e0f1f44cdf89b34ead3 jdk8u72-b01 5ad1e9e8e8417f80c91d7e0f1f44cdf89b34ead3 jdk8u72-b01
ab0c1040414d038ccbcfcc8ceb1ccf2f44ead8e4 jdk8u72-b02 ab0c1040414d038ccbcfcc8ceb1ccf2f44ead8e4 jdk8u72-b02
...@@ -524,6 +526,8 @@ dcf7fd07b08b59e1802851d016d913c254221a44 jdk8u72-b10 ...@@ -524,6 +526,8 @@ dcf7fd07b08b59e1802851d016d913c254221a44 jdk8u72-b10
d7cc3225f1050de03b236b92e12c547f21697013 jdk8u72-b11 d7cc3225f1050de03b236b92e12c547f21697013 jdk8u72-b11
8afb58c7312b45fe5237afb0292176b734934f60 jdk8u72-b12 8afb58c7312b45fe5237afb0292176b734934f60 jdk8u72-b12
d841d3fdae44f120883dab0a3a809a054cd0274b jdk8u72-b13 d841d3fdae44f120883dab0a3a809a054cd0274b jdk8u72-b13
f6d24d424cd2af4d2612f7737d3d9a25f58b882d jdk8u72-b14
f3e86cc607260bae368b52d88d7bc8883ee767e3 jdk8u72-b15
39baa472e20c13c0eb1243eb5dce589e82f78143 jdk8u76-b00 39baa472e20c13c0eb1243eb5dce589e82f78143 jdk8u76-b00
6ea3aea950d19d803475b3f4d704a2942e71b302 jdk8u76-b01 6ea3aea950d19d803475b3f4d704a2942e71b302 jdk8u76-b01
4de4cffb5988cd68959ce4bbd14c6d4547078c91 jdk8u76-b02 4de4cffb5988cd68959ce4bbd14c6d4547078c91 jdk8u76-b02
...@@ -269,7 +269,7 @@ final class ClientHandshaker extends Handshaker { ...@@ -269,7 +269,7 @@ final class ClientHandshaker extends Handshaker {
input, serverKey, input, serverKey,
clnt_random.random_bytes, svr_random.random_bytes, clnt_random.random_bytes, svr_random.random_bytes,
messageLen, messageLen,
localSupportedSignAlgs, protocolVersion)); getLocalSupportedSignAlgs(), protocolVersion));
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
throwSSLException("Server key", e); throwSSLException("Server key", e);
} }
...@@ -281,7 +281,7 @@ final class ClientHandshaker extends Handshaker { ...@@ -281,7 +281,7 @@ final class ClientHandshaker extends Handshaker {
this.serverKeyExchange(new ECDH_ServerKeyExchange this.serverKeyExchange(new ECDH_ServerKeyExchange
(input, serverKey, clnt_random.random_bytes, (input, serverKey, clnt_random.random_bytes,
svr_random.random_bytes, svr_random.random_bytes,
localSupportedSignAlgs, protocolVersion)); getLocalSupportedSignAlgs(), protocolVersion));
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
throwSSLException("Server key", e); throwSSLException("Server key", e);
} }
...@@ -331,7 +331,7 @@ final class ClientHandshaker extends Handshaker { ...@@ -331,7 +331,7 @@ final class ClientHandshaker extends Handshaker {
Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs = Collection<SignatureAndHashAlgorithm> supportedPeerSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms( SignatureAndHashAlgorithm.getSupportedAlgorithms(
peerSignAlgs); algorithmConstraints, peerSignAlgs);
if (supportedPeerSignAlgs.isEmpty()) { if (supportedPeerSignAlgs.isEmpty()) {
throw new SSLHandshakeException( throw new SSLHandshakeException(
"No supported signature and hash algorithm in common"); "No supported signature and hash algorithm in common");
...@@ -1094,8 +1094,8 @@ final class ClientHandshaker extends Handshaker { ...@@ -1094,8 +1094,8 @@ final class ClientHandshaker extends Handshaker {
if (protocolVersion.v >= ProtocolVersion.TLS12.v) { if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
preferableSignatureAlgorithm = preferableSignatureAlgorithm =
SignatureAndHashAlgorithm.getPreferableAlgorithm( SignatureAndHashAlgorithm.getPreferableAlgorithm(
peerSupportedSignAlgs, signingKey.getAlgorithm(), getPeerSupportedSignAlgs(),
signingKey); signingKey.getAlgorithm(), signingKey);
if (preferableSignatureAlgorithm == null) { if (preferableSignatureAlgorithm == null) {
throw new SSLHandshakeException( throw new SSLHandshakeException(
......
...@@ -1557,7 +1557,7 @@ static final class CertificateVerify extends HandshakeMessage { ...@@ -1557,7 +1557,7 @@ static final class CertificateVerify extends HandshakeMessage {
// the signature bytes // the signature bytes
private byte[] signature; private byte[] signature;
// protocol version being established using this ServerKeyExchange message // protocol version being established using this CertificateVerify message
ProtocolVersion protocolVersion; ProtocolVersion protocolVersion;
// the preferable signature algorithm used by this CertificateVerify message // the preferable signature algorithm used by this CertificateVerify message
...@@ -1610,7 +1610,7 @@ static final class CertificateVerify extends HandshakeMessage { ...@@ -1610,7 +1610,7 @@ static final class CertificateVerify extends HandshakeMessage {
preferableSignatureAlgorithm)) { preferableSignatureAlgorithm)) {
throw new SSLHandshakeException( throw new SSLHandshakeException(
"Unsupported SignatureAndHashAlgorithm in " + "Unsupported SignatureAndHashAlgorithm in " +
"ServerKeyExchange message"); "CertificateVerify message");
} }
} }
......
...@@ -89,7 +89,7 @@ abstract class Handshaker { ...@@ -89,7 +89,7 @@ abstract class Handshaker {
AlgorithmConstraints algorithmConstraints = null; AlgorithmConstraints algorithmConstraints = null;
// Local supported signature and algorithms // Local supported signature and algorithms
Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs; private Collection<SignatureAndHashAlgorithm> localSupportedSignAlgs;
// Peer supported signature and algorithms // Peer supported signature and algorithms
Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs; Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
......
...@@ -291,7 +291,7 @@ final class ServerHandshaker extends Handshaker { ...@@ -291,7 +291,7 @@ final class ServerHandshaker extends Handshaker {
case HandshakeMessage.ht_certificate_verify: case HandshakeMessage.ht_certificate_verify:
this.clientCertificateVerify(new CertificateVerify(input, this.clientCertificateVerify(new CertificateVerify(input,
localSupportedSignAlgs, protocolVersion)); getLocalSupportedSignAlgs(), protocolVersion));
break; break;
case HandshakeMessage.ht_finished: case HandshakeMessage.ht_finished:
...@@ -700,11 +700,10 @@ final class ServerHandshaker extends Handshaker { ...@@ -700,11 +700,10 @@ final class ServerHandshaker extends Handshaker {
Collection<SignatureAndHashAlgorithm> Collection<SignatureAndHashAlgorithm>
supportedPeerSignAlgs = supportedPeerSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms( SignatureAndHashAlgorithm.getSupportedAlgorithms(
peerSignAlgs); algorithmConstraints, peerSignAlgs);
if (supportedPeerSignAlgs.isEmpty()) { if (supportedPeerSignAlgs.isEmpty()) {
throw new SSLHandshakeException( throw new SSLHandshakeException(
"No supported signature and hash algorithm " + "No signature and hash algorithm in common");
"in common");
} }
setPeerSupportedSignAlgs(supportedPeerSignAlgs); setPeerSupportedSignAlgs(supportedPeerSignAlgs);
...@@ -1134,6 +1133,13 @@ final class ServerHandshaker extends Handshaker { ...@@ -1134,6 +1133,13 @@ final class ServerHandshaker extends Handshaker {
supportedSignAlgs = supportedSignAlgs =
new ArrayList<SignatureAndHashAlgorithm>(1); new ArrayList<SignatureAndHashAlgorithm>(1);
supportedSignAlgs.add(algorithm); supportedSignAlgs.add(algorithm);
supportedSignAlgs =
SignatureAndHashAlgorithm.getSupportedAlgorithms(
algorithmConstraints, supportedSignAlgs);
// May be no default activated signature algorithm, but
// let the following process make the final decision.
} }
// Sets the peer supported signature algorithm to use in KM // Sets the peer supported signature algorithm to use in KM
...@@ -1178,6 +1184,11 @@ final class ServerHandshaker extends Handshaker { ...@@ -1178,6 +1184,11 @@ final class ServerHandshaker extends Handshaker {
SignatureAndHashAlgorithm.getPreferableAlgorithm( SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "RSA", privateKey); supportedSignAlgs, "RSA", privateKey);
if (preferableSignatureAlgorithm == null) { if (preferableSignatureAlgorithm == null) {
if ((debug != null) && Debug.isOn("handshake")) {
System.out.println(
"No signature and hash algorithm for cipher " +
suite);
}
return false; return false;
} }
} }
...@@ -1196,6 +1207,11 @@ final class ServerHandshaker extends Handshaker { ...@@ -1196,6 +1207,11 @@ final class ServerHandshaker extends Handshaker {
SignatureAndHashAlgorithm.getPreferableAlgorithm( SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "RSA", privateKey); supportedSignAlgs, "RSA", privateKey);
if (preferableSignatureAlgorithm == null) { if (preferableSignatureAlgorithm == null) {
if ((debug != null) && Debug.isOn("handshake")) {
System.out.println(
"No signature and hash algorithm for cipher " +
suite);
}
return false; return false;
} }
} }
...@@ -1211,6 +1227,11 @@ final class ServerHandshaker extends Handshaker { ...@@ -1211,6 +1227,11 @@ final class ServerHandshaker extends Handshaker {
SignatureAndHashAlgorithm.getPreferableAlgorithm( SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "DSA"); supportedSignAlgs, "DSA");
if (preferableSignatureAlgorithm == null) { if (preferableSignatureAlgorithm == null) {
if ((debug != null) && Debug.isOn("handshake")) {
System.out.println(
"No signature and hash algorithm for cipher " +
suite);
}
return false; return false;
} }
} }
...@@ -1229,6 +1250,11 @@ final class ServerHandshaker extends Handshaker { ...@@ -1229,6 +1250,11 @@ final class ServerHandshaker extends Handshaker {
SignatureAndHashAlgorithm.getPreferableAlgorithm( SignatureAndHashAlgorithm.getPreferableAlgorithm(
supportedSignAlgs, "ECDSA"); supportedSignAlgs, "ECDSA");
if (preferableSignatureAlgorithm == null) { if (preferableSignatureAlgorithm == null) {
if ((debug != null) && Debug.isOn("handshake")) {
System.out.println(
"No signature and hash algorithm for cipher " +
suite);
}
return false; return false;
} }
} }
...@@ -1274,7 +1300,8 @@ final class ServerHandshaker extends Handshaker { ...@@ -1274,7 +1300,8 @@ final class ServerHandshaker extends Handshaker {
break; break;
default: default:
// internal error, unknown key exchange // internal error, unknown key exchange
throw new RuntimeException("Unrecognized cipherSuite: " + suite); throw new RuntimeException(
"Unrecognized cipherSuite: " + suite);
} }
setCipherSuite(suite); setCipherSuite(suite);
......
/* /*
* Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -167,10 +167,13 @@ final class SignatureAndHashAlgorithm { ...@@ -167,10 +167,13 @@ final class SignatureAndHashAlgorithm {
// Get supported algorithm collection from an untrusted collection // Get supported algorithm collection from an untrusted collection
static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms( static Collection<SignatureAndHashAlgorithm> getSupportedAlgorithms(
AlgorithmConstraints constraints,
Collection<SignatureAndHashAlgorithm> algorithms ) { Collection<SignatureAndHashAlgorithm> algorithms ) {
Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>(); Collection<SignatureAndHashAlgorithm> supported = new ArrayList<>();
for (SignatureAndHashAlgorithm sigAlg : algorithms) { for (SignatureAndHashAlgorithm sigAlg : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
constraints.permits(SIGNATURE_PRIMITIVE_SET,
sigAlg.algorithm, null)) {
supported.add(sigAlg); supported.add(sigAlg);
} }
} }
...@@ -234,30 +237,42 @@ final class SignatureAndHashAlgorithm { ...@@ -234,30 +237,42 @@ final class SignatureAndHashAlgorithm {
} }
static SignatureAndHashAlgorithm getPreferableAlgorithm( static SignatureAndHashAlgorithm getPreferableAlgorithm(
Collection<SignatureAndHashAlgorithm> algorithms, Collection<SignatureAndHashAlgorithm> algorithms,
String expected, PrivateKey signingKey) { String expected, PrivateKey signingKey) {
if (expected == null && !algorithms.isEmpty()) { int maxDigestLength = getMaxDigestLength(signingKey);
for (SignatureAndHashAlgorithm sigAlg : algorithms) { for (SignatureAndHashAlgorithm algorithm : algorithms) {
if (sigAlg.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM) { int signValue = algorithm.id & 0xFF;
return sigAlg; if ((expected == null) ||
(expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) ||
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
if (algorithm.priority <= SUPPORTED_ALG_PRIORITY_MAX_NUM &&
algorithm.hash.length <= maxDigestLength) {
return algorithm;
} }
} }
return null; // no supported algorithm
} }
if (expected == null ) { return null;
return null; // no expected algorithm, no supported algorithm }
}
/* /*
* Need to check RSA key length to match the length of hash value * Need to check key length to match the length of hash value
*/ */
private static int getMaxDigestLength(PrivateKey signingKey) {
int maxDigestLength = Integer.MAX_VALUE; int maxDigestLength = Integer.MAX_VALUE;
// only need to check RSA algorithm at present.
if (signingKey != null && if (signingKey != null &&
"rsa".equalsIgnoreCase(signingKey.getAlgorithm()) && "rsa".equalsIgnoreCase(signingKey.getAlgorithm())) {
expected.equalsIgnoreCase("rsa")) {
/* /*
* RSA keys of 512 bits have been shown to be practically * RSA keys of 512 bits have been shown to be practically
* breakable, it does not make much sense to use the strong * breakable, it does not make much sense to use the strong
...@@ -285,25 +300,7 @@ final class SignatureAndHashAlgorithm { ...@@ -285,25 +300,7 @@ final class SignatureAndHashAlgorithm {
// preferable hash algorithm. // preferable hash algorithm.
} }
for (SignatureAndHashAlgorithm algorithm : algorithms) { return maxDigestLength;
int signValue = algorithm.id & 0xFF;
if (expected.equalsIgnoreCase("rsa") &&
signValue == SignatureAlgorithm.RSA.value) {
if (algorithm.hash.length <= maxDigestLength) {
return algorithm;
}
} else if (
(expected.equalsIgnoreCase("dsa") &&
signValue == SignatureAlgorithm.DSA.value) ||
(expected.equalsIgnoreCase("ecdsa") &&
signValue == SignatureAlgorithm.ECDSA.value) ||
(expected.equalsIgnoreCase("ec") &&
signValue == SignatureAlgorithm.ECDSA.value)) {
return algorithm;
}
}
return null;
} }
static enum HashAlgorithm { static enum HashAlgorithm {
......
...@@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 ...@@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# #
# Example: # Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation. # processing in JSSE implementation.
......
...@@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 ...@@ -509,7 +509,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# #
# Example: # Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation. # processing in JSSE implementation.
......
...@@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 ...@@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# #
# Example: # Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation. # processing in JSSE implementation.
......
...@@ -511,7 +511,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 ...@@ -511,7 +511,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# #
# Example: # Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation. # processing in JSSE implementation.
......
...@@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024 ...@@ -512,7 +512,7 @@ jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
# #
# Example: # Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
# processing in JSSE implementation. # processing in JSSE implementation.
......
...@@ -43,9 +43,10 @@ LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableRefer ...@@ -43,9 +43,10 @@ LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableRefer
LEReferenceToArrayOf<FeatureRecord> LEReferenceToArrayOf<FeatureRecord>
featureRecordArrayRef(base, success, featureRecordArray, SWAPW(featureCount)); featureRecordArrayRef(base, success, featureRecordArray, SWAPW(featureCount));
if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
return LEReferenceTo<FeatureTable>(); success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
} return LEReferenceTo<FeatureTable>();
}
Offset featureTableOffset = featureRecordArray[featureIndex].featureTableOffset; Offset featureTableOffset = featureRecordArray[featureIndex].featureTableOffset;
......
...@@ -42,6 +42,7 @@ const LEReferenceTo<LookupTable> LookupListTable::getLookupTable(const LEReferen ...@@ -42,6 +42,7 @@ const LEReferenceTo<LookupTable> LookupListTable::getLookupTable(const LEReferen
LEReferenceToArrayOf<Offset> lookupTableOffsetArrayRef(base, success, (const Offset*)&lookupTableOffsetArray, SWAPW(lookupCount)); LEReferenceToArrayOf<Offset> lookupTableOffsetArrayRef(base, success, (const Offset*)&lookupTableOffsetArray, SWAPW(lookupCount));
if(LE_FAILURE(success) || lookupTableIndex>lookupTableOffsetArrayRef.getCount()) { if(LE_FAILURE(success) || lookupTableIndex>lookupTableOffsetArrayRef.getCount()) {
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
return LEReferenceTo<LookupTable>(); return LEReferenceTo<LookupTable>();
} else { } else {
return LEReferenceTo<LookupTable>(base, success, SWAPW(lookupTableOffsetArrayRef.getObject(lookupTableIndex, success))); return LEReferenceTo<LookupTable>(base, success, SWAPW(lookupTableOffsetArrayRef.getObject(lookupTableIndex, success)));
...@@ -53,6 +54,7 @@ const LEReferenceTo<LookupSubtable> LookupTable::getLookupSubtable(const LERefer ...@@ -53,6 +54,7 @@ const LEReferenceTo<LookupSubtable> LookupTable::getLookupSubtable(const LERefer
LEReferenceToArrayOf<Offset> subTableOffsetArrayRef(base, success, (const Offset*)&subTableOffsetArray, SWAPW(subTableCount)); LEReferenceToArrayOf<Offset> subTableOffsetArrayRef(base, success, (const Offset*)&subTableOffsetArray, SWAPW(subTableCount));
if(LE_FAILURE(success) || subtableIndex>subTableOffsetArrayRef.getCount()) { if(LE_FAILURE(success) || subtableIndex>subTableOffsetArrayRef.getCount()) {
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
return LEReferenceTo<LookupSubtable>(); return LEReferenceTo<LookupSubtable>();
} else { } else {
return LEReferenceTo<LookupSubtable>(base, success, SWAPW(subTableOffsetArrayRef.getObject(subtableIndex, success))); return LEReferenceTo<LookupSubtable>(base, success, SWAPW(subTableOffsetArrayRef.getObject(subtableIndex, success)));
......
/* /*
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -287,8 +287,10 @@ public class MD2InTrustAnchor { ...@@ -287,8 +287,10 @@ public class MD2InTrustAnchor {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -339,8 +339,10 @@ public class TrustTrustedCert { ...@@ -339,8 +339,10 @@ public class TrustTrustedCert {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -57,8 +57,10 @@ public class PreferredKey { ...@@ -57,8 +57,10 @@ public class PreferredKey {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
KeyStore ks; KeyStore ks;
KeyManagerFactory kmf; KeyManagerFactory kmf;
......
/* /*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -458,8 +458,10 @@ public class BasicConstraints { ...@@ -458,8 +458,10 @@ public class BasicConstraints {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -794,8 +794,10 @@ public class PKIXExtendedTM { ...@@ -794,8 +794,10 @@ public class PKIXExtendedTM {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -306,8 +306,10 @@ public class SelfIssuedCert { ...@@ -306,8 +306,10 @@ public class SelfIssuedCert {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -796,8 +796,10 @@ public class SunX509ExtendedTM { ...@@ -796,8 +796,10 @@ public class SunX509ExtendedTM {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2001, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -159,8 +159,10 @@ public class CriticalSubjectAltName implements HostnameVerifier { ...@@ -159,8 +159,10 @@ public class CriticalSubjectAltName implements HostnameVerifier {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
String keyFilename = String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores + System.getProperty("test.src", "./") + "/" + pathToStores +
......
/* /*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -433,8 +433,10 @@ public class SSLSocketSNISensitive { ...@@ -433,8 +433,10 @@ public class SSLSocketSNISensitive {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -230,8 +230,10 @@ public class EmptyCertificateAuthorities { ...@@ -230,8 +230,10 @@ public class EmptyCertificateAuthorities {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
String keyFilename = String keyFilename =
System.getProperty("test.src", ".") + "/" + pathToStores + System.getProperty("test.src", ".") + "/" + pathToStores +
......
/* /*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -282,6 +282,8 @@ public class ShortRSAKey512 { ...@@ -282,6 +282,8 @@ public class ShortRSAKey512 {
// reset the security property to make sure that the algorithms // reset the security property to make sure that the algorithms
// and keys used in this test are not disabled. // and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -304,6 +304,8 @@ public class ShortRSAKeyGCM { ...@@ -304,6 +304,8 @@ public class ShortRSAKeyGCM {
// reset the security property to make sure that the algorithms // reset the security property to make sure that the algorithms
// and keys used in this test are not disabled. // and keys used in this test are not disabled.
Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2"); Security.setProperty("jdk.certpath.disabledAlgorithms", "MD2");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) { if (debug) {
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -747,8 +747,10 @@ public class DNSIdentities { ...@@ -747,8 +747,10 @@ public class DNSIdentities {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -748,8 +748,10 @@ public class IPAddressIPIdentities { ...@@ -748,8 +748,10 @@ public class IPAddressIPIdentities {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -747,8 +747,10 @@ public class IPIdentities { ...@@ -747,8 +747,10 @@ public class IPIdentities {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
/* /*
* Copyright (c) 2010, 2014, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -747,8 +747,10 @@ public class Identities { ...@@ -747,8 +747,10 @@ public class Identities {
public static void main(String args[]) throws Exception { public static void main(String args[]) throws Exception {
// MD5 is used in this test case, don't disable MD5 algorithm. // MD5 is used in this test case, don't disable MD5 algorithm.
Security.setProperty( Security.setProperty("jdk.certpath.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024"); "MD2, RSA keySize < 1024");
Security.setProperty("jdk.tls.disabledAlgorithms",
"SSLv3, RC4, DH keySize < 768");
if (debug) if (debug)
System.setProperty("javax.net.debug", "all"); System.setProperty("javax.net.debug", "all");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册