< prev index next >

src/java.base/share/classes/sun/security/ssl/Handshaker.java

Print this page




 208     // allows server (or client) to accept ClientHello (or ServerHello)
 209     // message without the secure renegotiation_info extension or SCSV.
 210     //
 211     // For maximum security, RFC 5746 also allows server (or client) to
 212     // reject such message with a fatal "handshake_failure" alert.
 213     //
 214     // By default, allow such legacy hello messages.
 215     static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
 216                     "sun.security.ssl.allowLegacyHelloMessages", true);
 217 
 218     // To prevent the TLS renegotiation issues, by setting system property
 219     // "jdk.tls.rejectClientInitiatedRenegotiation" to true, applications in
 220     // server side can disable all client initiated SSL renegotiations
 221     // regardless of the support of TLS protocols.
 222     //
 223     // By default, allow client initiated renegotiations.
 224     static final boolean rejectClientInitiatedRenego =
 225             Debug.getBooleanProperty(
 226                 "jdk.tls.rejectClientInitiatedRenegotiation", false);
 227 




 228     // need to dispose the object when it is invalidated
 229     boolean invalidated;
 230 
 231     /*
 232      * Is this an instance for Datagram Transport Layer Security (DTLS)?
 233      */
 234     final boolean isDTLS;
 235 
 236     Handshaker(SSLSocketImpl c, SSLContextImpl context,
 237             ProtocolList enabledProtocols, boolean needCertVerify,
 238             boolean isClient, ProtocolVersion activeProtocolVersion,
 239             boolean isInitialHandshake, boolean secureRenegotiation,
 240             byte[] clientVerifyData, byte[] serverVerifyData) {
 241         this.conn = c;
 242         this.isDTLS = false;
 243         init(context, enabledProtocols, needCertVerify, isClient,
 244             activeProtocolVersion, isInitialHandshake, secureRenegotiation,
 245             clientVerifyData, serverVerifyData);
 246     }
 247 


1259                 majorVersion = ProtocolVersion.TLS12.major;
1260                 minorVersion = ProtocolVersion.TLS12.minor;
1261 
1262                 masterAlg = "SunTls12MasterSecret";
1263                 prf = cipherSuite.prfAlg;
1264             }
1265         } else {
1266             if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1267                 masterAlg = "SunTls12MasterSecret";
1268                 prf = cipherSuite.prfAlg;
1269             } else {
1270                 masterAlg = "SunTlsMasterSecret";
1271                 prf = P_NONE;
1272             }
1273         }
1274 
1275         String prfHashAlg = prf.getPRFHashAlg();
1276         int prfHashLength = prf.getPRFHashLength();
1277         int prfBlockSize = prf.getPRFBlockSize();
1278 





1279         @SuppressWarnings("deprecation")
1280         TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1281                 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
1282                 clnt_random.random_bytes, svr_random.random_bytes,
1283                 prfHashAlg, prfHashLength, prfBlockSize);
1284 
1285         try {
1286             KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1287             kg.init(spec);
1288             return kg.generateKey();
1289         } catch (InvalidAlgorithmParameterException |
1290                 NoSuchAlgorithmException iae) {
1291             // unlikely to happen, otherwise, must be a provider exception
1292             //
1293             // For RSA premaster secrets, do not signal a protocol error
1294             // due to the Bleichenbacher attack. See comments further down.
1295             if (debug != null && Debug.isOn("handshake")) {
1296                 System.out.println("RSA master secret generation error:");
1297                 iae.printStackTrace(System.out);
1298             }
1299             throw new ProviderException(iae);
1300 
1301         }
1302     }




 208     // allows server (or client) to accept ClientHello (or ServerHello)
 209     // message without the secure renegotiation_info extension or SCSV.
 210     //
 211     // For maximum security, RFC 5746 also allows server (or client) to
 212     // reject such message with a fatal "handshake_failure" alert.
 213     //
 214     // By default, allow such legacy hello messages.
 215     static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
 216                     "sun.security.ssl.allowLegacyHelloMessages", true);
 217 
 218     // To prevent the TLS renegotiation issues, by setting system property
 219     // "jdk.tls.rejectClientInitiatedRenegotiation" to true, applications in
 220     // server side can disable all client initiated SSL renegotiations
 221     // regardless of the support of TLS protocols.
 222     //
 223     // By default, allow client initiated renegotiations.
 224     static final boolean rejectClientInitiatedRenego =
 225             Debug.getBooleanProperty(
 226                 "jdk.tls.rejectClientInitiatedRenegotiation", false);
 227 
 228     // To switch off the extended_master_secret extension.
 229     static final boolean useExtendedMasterSecretExtension =
 230             Debug.getBooleanProperty("jsse.useExtendedMasterSecret", true);
 231 
 232     // need to dispose the object when it is invalidated
 233     boolean invalidated;
 234 
 235     /*
 236      * Is this an instance for Datagram Transport Layer Security (DTLS)?
 237      */
 238     final boolean isDTLS;
 239 
 240     Handshaker(SSLSocketImpl c, SSLContextImpl context,
 241             ProtocolList enabledProtocols, boolean needCertVerify,
 242             boolean isClient, ProtocolVersion activeProtocolVersion,
 243             boolean isInitialHandshake, boolean secureRenegotiation,
 244             byte[] clientVerifyData, byte[] serverVerifyData) {
 245         this.conn = c;
 246         this.isDTLS = false;
 247         init(context, enabledProtocols, needCertVerify, isClient,
 248             activeProtocolVersion, isInitialHandshake, secureRenegotiation,
 249             clientVerifyData, serverVerifyData);
 250     }
 251 


1263                 majorVersion = ProtocolVersion.TLS12.major;
1264                 minorVersion = ProtocolVersion.TLS12.minor;
1265 
1266                 masterAlg = "SunTls12MasterSecret";
1267                 prf = cipherSuite.prfAlg;
1268             }
1269         } else {
1270             if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1271                 masterAlg = "SunTls12MasterSecret";
1272                 prf = cipherSuite.prfAlg;
1273             } else {
1274                 masterAlg = "SunTlsMasterSecret";
1275                 prf = P_NONE;
1276             }
1277         }
1278 
1279         String prfHashAlg = prf.getPRFHashAlg();
1280         int prfHashLength = prf.getPRFHashLength();
1281         int prfBlockSize = prf.getPRFBlockSize();
1282 
1283         byte[] sessionHash = null;
1284         if (session.getUseExtendedMasterSecret()){
1285             sessionHash = handshakeHash.getFinishedHash();
1286         }
1287 
1288         @SuppressWarnings("deprecation")
1289         TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1290                 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
1291                 clnt_random.random_bytes, svr_random.random_bytes, sessionHash,
1292                 prfHashAlg, prfHashLength, prfBlockSize);
1293 
1294         try {
1295             KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1296             kg.init(spec);
1297             return kg.generateKey();
1298         } catch (InvalidAlgorithmParameterException |
1299                 NoSuchAlgorithmException iae) {
1300             // unlikely to happen, otherwise, must be a provider exception
1301             //
1302             // For RSA premaster secrets, do not signal a protocol error
1303             // due to the Bleichenbacher attack. See comments further down.
1304             if (debug != null && Debug.isOn("handshake")) {
1305                 System.out.println("RSA master secret generation error:");
1306                 iae.printStackTrace(System.out);
1307             }
1308             throw new ProviderException(iae);
1309 
1310         }
1311     }


< prev index next >