jdk/src/share/classes/sun/security/ssl/HandshakeMessage.java
Print this page
rev 5725 : Merge
*** 39,54 ****
--- 39,56 ----
import javax.security.auth.x500.X500Principal;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+ import javax.crypto.spec.DHPublicKeySpec;
import javax.net.ssl.*;
import sun.security.internal.spec.TlsPrfParameterSpec;
import sun.security.ssl.CipherSuite.*;
import static sun.security.ssl.CipherSuite.PRF.*;
+ import sun.security.util.KeyUtil;
/**
* Many data structures are involved in the handshake messages. These
* classes are used as structures, with public data members. They are
* not visible outside the SSL package.
*** 700,709 ****
--- 702,712 ----
*/
DH_ServerKeyExchange(DHCrypt obj, ProtocolVersion protocolVersion) {
this.protocolVersion = protocolVersion;
this.preferableSignatureAlgorithm = null;
+ // The DH key has been validated in the constructor of DHCrypt.
setValues(obj);
signature = null;
}
/*
*** 716,725 ****
--- 719,729 ----
SignatureAndHashAlgorithm signAlgorithm,
ProtocolVersion protocolVersion) throws GeneralSecurityException {
this.protocolVersion = protocolVersion;
+ // The DH key has been validated in the constructor of DHCrypt.
setValues(obj);
Signature sig;
if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
this.preferableSignatureAlgorithm = signAlgorithm;
*** 742,759 ****
* Construct a DH_ServerKeyExchange message from an input
* stream, as if sent from server to client for use with
* DH_anon key exchange
*/
DH_ServerKeyExchange(HandshakeInStream input,
! ProtocolVersion protocolVersion) throws IOException {
this.protocolVersion = protocolVersion;
this.preferableSignatureAlgorithm = null;
dh_p = input.getBytes16();
dh_g = input.getBytes16();
dh_Ys = input.getBytes16();
signature = null;
}
/*
* Construct a DH_ServerKeyExchange message from an input stream
--- 746,768 ----
* Construct a DH_ServerKeyExchange message from an input
* stream, as if sent from server to client for use with
* DH_anon key exchange
*/
DH_ServerKeyExchange(HandshakeInStream input,
! ProtocolVersion protocolVersion)
! throws IOException, GeneralSecurityException {
this.protocolVersion = protocolVersion;
this.preferableSignatureAlgorithm = null;
dh_p = input.getBytes16();
dh_g = input.getBytes16();
dh_Ys = input.getBytes16();
+ KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
+ new BigInteger(1, dh_p),
+ new BigInteger(1, dh_g)));
+
signature = null;
}
/*
* Construct a DH_ServerKeyExchange message from an input stream
*** 770,779 ****
--- 779,791 ----
// read params: ServerDHParams
dh_p = input.getBytes16();
dh_g = input.getBytes16();
dh_Ys = input.getBytes16();
+ KeyUtil.validate(new DHPublicKeySpec(new BigInteger(1, dh_Ys),
+ new BigInteger(1, dh_p),
+ new BigInteger(1, dh_g)));
// read the signature and hash algorithm
if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
int hash = input.getInt8(); // hash algorithm
int signature = input.getInt8(); // signature algorithm