Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
cb7ceb93
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
cb7ceb93
编写于
11月 04, 2017
作者:
I
igerasim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8185292: Stricter key generation
Reviewed-by: mullan
上级
3761204b
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
52 addition
and
7 deletion
+52
-7
src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
...share/classes/com/sun/crypto/provider/DHKeyAgreement.java
+22
-1
src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
+21
-1
test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
.../com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
+2
-1
test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
...com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
+2
-1
test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
...sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
+2
-2
test/sun/security/pkcs11/KeyAgreement/TestDH.java
test/sun/security/pkcs11/KeyAgreement/TestDH.java
+3
-1
未找到文件。
src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 1997, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -28,11 +28,13 @@ package com.sun.crypto.provider;
...
@@ -28,11 +28,13 @@ package com.sun.crypto.provider;
import
java.util.*
;
import
java.util.*
;
import
java.lang.*
;
import
java.lang.*
;
import
java.math.BigInteger
;
import
java.math.BigInteger
;
import
java.security.AccessController
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.InvalidKeyException
;
import
java.security.InvalidKeyException
;
import
java.security.Key
;
import
java.security.Key
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.SecureRandom
;
import
java.security.SecureRandom
;
import
java.security.PrivilegedAction
;
import
java.security.ProviderException
;
import
java.security.ProviderException
;
import
java.security.spec.AlgorithmParameterSpec
;
import
java.security.spec.AlgorithmParameterSpec
;
import
java.security.spec.InvalidKeySpecException
;
import
java.security.spec.InvalidKeySpecException
;
...
@@ -60,6 +62,17 @@ extends KeyAgreementSpi {
...
@@ -60,6 +62,17 @@ extends KeyAgreementSpi {
private
BigInteger
x
=
BigInteger
.
ZERO
;
// the private value
private
BigInteger
x
=
BigInteger
.
ZERO
;
// the private value
private
BigInteger
y
=
BigInteger
.
ZERO
;
private
BigInteger
y
=
BigInteger
.
ZERO
;
private
static
class
AllowKDF
{
private
static
final
boolean
VALUE
=
getValue
();
private
static
boolean
getValue
()
{
return
AccessController
.
doPrivileged
(
(
PrivilegedAction
<
Boolean
>)
()
->
Boolean
.
getBoolean
(
"jdk.crypto.KeyAgreement.legacyKDF"
));
}
}
/**
/**
* Empty constructor
* Empty constructor
*/
*/
...
@@ -367,6 +380,14 @@ extends KeyAgreementSpi {
...
@@ -367,6 +380,14 @@ extends KeyAgreementSpi {
if
(
algorithm
==
null
)
{
if
(
algorithm
==
null
)
{
throw
new
NoSuchAlgorithmException
(
"null algorithm"
);
throw
new
NoSuchAlgorithmException
(
"null algorithm"
);
}
}
if
(!
algorithm
.
equalsIgnoreCase
(
"TlsPremasterSecret"
)
&&
!
AllowKDF
.
VALUE
)
{
throw
new
NoSuchAlgorithmException
(
"Unsupported secret key "
+
"algorithm: "
+
algorithm
);
}
byte
[]
secret
=
engineGenerateSecret
();
byte
[]
secret
=
engineGenerateSecret
();
if
(
algorithm
.
equalsIgnoreCase
(
"DES"
))
{
if
(
algorithm
.
equalsIgnoreCase
(
"DES"
))
{
// DES
// DES
...
...
src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 2003, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -69,6 +69,17 @@ final class P11KeyAgreement extends KeyAgreementSpi {
...
@@ -69,6 +69,17 @@ final class P11KeyAgreement extends KeyAgreementSpi {
// KeyAgreement from SunJCE as fallback for > 2 party agreement
// KeyAgreement from SunJCE as fallback for > 2 party agreement
private
KeyAgreement
multiPartyAgreement
;
private
KeyAgreement
multiPartyAgreement
;
private
static
class
AllowKDF
{
private
static
final
boolean
VALUE
=
getValue
();
private
static
boolean
getValue
()
{
return
AccessController
.
doPrivileged
(
(
PrivilegedAction
<
Boolean
>)
()
->
Boolean
.
getBoolean
(
"jdk.crypto.KeyAgreement.legacyKDF"
));
}
}
P11KeyAgreement
(
Token
token
,
String
algorithm
,
long
mechanism
)
{
P11KeyAgreement
(
Token
token
,
String
algorithm
,
long
mechanism
)
{
super
();
super
();
this
.
token
=
token
;
this
.
token
=
token
;
...
@@ -260,6 +271,7 @@ final class P11KeyAgreement extends KeyAgreementSpi {
...
@@ -260,6 +271,7 @@ final class P11KeyAgreement extends KeyAgreementSpi {
if
(
algorithm
==
null
)
{
if
(
algorithm
==
null
)
{
throw
new
NoSuchAlgorithmException
(
"Algorithm must not be null"
);
throw
new
NoSuchAlgorithmException
(
"Algorithm must not be null"
);
}
}
if
(
algorithm
.
equals
(
"TlsPremasterSecret"
))
{
if
(
algorithm
.
equals
(
"TlsPremasterSecret"
))
{
// For now, only perform native derivation for TlsPremasterSecret
// For now, only perform native derivation for TlsPremasterSecret
// as that is required for FIPS compliance.
// as that is required for FIPS compliance.
...
@@ -268,6 +280,14 @@ final class P11KeyAgreement extends KeyAgreementSpi {
...
@@ -268,6 +280,14 @@ final class P11KeyAgreement extends KeyAgreementSpi {
// (bug not yet filed).
// (bug not yet filed).
return
nativeGenerateSecret
(
algorithm
);
return
nativeGenerateSecret
(
algorithm
);
}
}
if
(!
algorithm
.
equalsIgnoreCase
(
"TlsPremasterSecret"
)
&&
!
AllowKDF
.
VALUE
)
{
throw
new
NoSuchAlgorithmException
(
"Unsupported secret key "
+
"algorithm: "
+
algorithm
);
}
byte
[]
secret
=
engineGenerateSecret
();
byte
[]
secret
=
engineGenerateSecret
();
// Maintain compatibility for SunJCE:
// Maintain compatibility for SunJCE:
// verify secret length is sensible for algorithm / truncate
// verify secret length is sensible for algorithm / truncate
...
...
test/com/sun/crypto/provider/KeyAgreement/DHGenSecretKey.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 2005, 20
0
7, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 20
1
7, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -27,6 +27,7 @@
...
@@ -27,6 +27,7 @@
* @summary Verify that DHKeyAgreement can generate secret key
* @summary Verify that DHKeyAgreement can generate secret key
* objects for AES algorithm
* objects for AES algorithm
* @author Valerie Peng
* @author Valerie Peng
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHGenSecretKey
*/
*/
import
java.security.*
;
import
java.security.*
;
import
java.security.interfaces.*
;
import
java.security.interfaces.*
;
...
...
test/com/sun/crypto/provider/KeyAgreement/DHKeyAgreement2.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 1997, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -26,6 +26,7 @@
...
@@ -26,6 +26,7 @@
* @bug 7146728
* @bug 7146728
* @summary DHKeyAgreement2
* @summary DHKeyAgreement2
* @author Jan Luehe
* @author Jan Luehe
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true DHKeyAgreement2
*/
*/
import
java.io.*
;
import
java.io.*
;
...
...
test/com/sun/crypto/provider/KeyAgreement/SameDHKeyStressTest.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 1999, 201
4
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1999, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -26,7 +26,7 @@
...
@@ -26,7 +26,7 @@
* @bug 8048819
* @bug 8048819
* @summary This test stressful verifies the assertion of "The secret keys generated
* @summary This test stressful verifies the assertion of "The secret keys generated
* by all involved parties should be the same." for javax.crypto.KeyAgreement
* by all involved parties should be the same." for javax.crypto.KeyAgreement
* @run main SameDHKeyStressTest
* @run main
/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true
SameDHKeyStressTest
*/
*/
import
java.security.AlgorithmParameterGenerator
;
import
java.security.AlgorithmParameterGenerator
;
import
java.security.InvalidAlgorithmParameterException
;
import
java.security.InvalidAlgorithmParameterException
;
...
...
test/sun/security/pkcs11/KeyAgreement/TestDH.java
浏览文件 @
cb7ceb93
/*
/*
* Copyright (c) 2003, 20
0
7, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 20
1
7, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
*
* This code is free software; you can redistribute it and/or modify it
* This code is free software; you can redistribute it and/or modify it
...
@@ -27,6 +27,8 @@
...
@@ -27,6 +27,8 @@
* @summary Verify that DH works properly
* @summary Verify that DH works properly
* @author Andreas Sterbenz
* @author Andreas Sterbenz
* @library ..
* @library ..
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH
* @run main/othervm -Djdk.crypto.KeyAgreement.legacyKDF=true TestDH sm
*/
*/
import
java.io.*
;
import
java.io.*
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录