208 // allows server (or client) to accept ClientHello (or ServerHello)
209 // message without the secure renegotiation_info extension or SCSV.
210 //
211 // For maximum security, RFC 5746 also allows server (or client) to
212 // reject such message with a fatal "handshake_failure" alert.
213 //
214 // By default, allow such legacy hello messages.
215 static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
216 "sun.security.ssl.allowLegacyHelloMessages", true);
217
218 // To prevent the TLS renegotiation issues, by setting system property
219 // "jdk.tls.rejectClientInitiatedRenegotiation" to true, applications in
220 // server side can disable all client initiated SSL renegotiations
221 // regardless of the support of TLS protocols.
222 //
223 // By default, allow client initiated renegotiations.
224 static final boolean rejectClientInitiatedRenego =
225 Debug.getBooleanProperty(
226 "jdk.tls.rejectClientInitiatedRenegotiation", false);
227
228 // need to dispose the object when it is invalidated
229 boolean invalidated;
230
231 /*
232 * Is this an instance for Datagram Transport Layer Security (DTLS)?
233 */
234 final boolean isDTLS;
235
236 Handshaker(SSLSocketImpl c, SSLContextImpl context,
237 ProtocolList enabledProtocols, boolean needCertVerify,
238 boolean isClient, ProtocolVersion activeProtocolVersion,
239 boolean isInitialHandshake, boolean secureRenegotiation,
240 byte[] clientVerifyData, byte[] serverVerifyData) {
241 this.conn = c;
242 this.isDTLS = false;
243 init(context, enabledProtocols, needCertVerify, isClient,
244 activeProtocolVersion, isInitialHandshake, secureRenegotiation,
245 clientVerifyData, serverVerifyData);
246 }
247
1259 majorVersion = ProtocolVersion.TLS12.major;
1260 minorVersion = ProtocolVersion.TLS12.minor;
1261
1262 masterAlg = "SunTls12MasterSecret";
1263 prf = cipherSuite.prfAlg;
1264 }
1265 } else {
1266 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1267 masterAlg = "SunTls12MasterSecret";
1268 prf = cipherSuite.prfAlg;
1269 } else {
1270 masterAlg = "SunTlsMasterSecret";
1271 prf = P_NONE;
1272 }
1273 }
1274
1275 String prfHashAlg = prf.getPRFHashAlg();
1276 int prfHashLength = prf.getPRFHashLength();
1277 int prfBlockSize = prf.getPRFBlockSize();
1278
1279 @SuppressWarnings("deprecation")
1280 TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1281 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
1282 clnt_random.random_bytes, svr_random.random_bytes,
1283 prfHashAlg, prfHashLength, prfBlockSize);
1284
1285 try {
1286 KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1287 kg.init(spec);
1288 return kg.generateKey();
1289 } catch (InvalidAlgorithmParameterException |
1290 NoSuchAlgorithmException iae) {
1291 // unlikely to happen, otherwise, must be a provider exception
1292 //
1293 // For RSA premaster secrets, do not signal a protocol error
1294 // due to the Bleichenbacher attack. See comments further down.
1295 if (debug != null && Debug.isOn("handshake")) {
1296 System.out.println("RSA master secret generation error:");
1297 iae.printStackTrace(System.out);
1298 }
1299 throw new ProviderException(iae);
1300
1301 }
1302 }
|
208 // allows server (or client) to accept ClientHello (or ServerHello)
209 // message without the secure renegotiation_info extension or SCSV.
210 //
211 // For maximum security, RFC 5746 also allows server (or client) to
212 // reject such message with a fatal "handshake_failure" alert.
213 //
214 // By default, allow such legacy hello messages.
215 static final boolean allowLegacyHelloMessages = Debug.getBooleanProperty(
216 "sun.security.ssl.allowLegacyHelloMessages", true);
217
218 // To prevent the TLS renegotiation issues, by setting system property
219 // "jdk.tls.rejectClientInitiatedRenegotiation" to true, applications in
220 // server side can disable all client initiated SSL renegotiations
221 // regardless of the support of TLS protocols.
222 //
223 // By default, allow client initiated renegotiations.
224 static final boolean rejectClientInitiatedRenego =
225 Debug.getBooleanProperty(
226 "jdk.tls.rejectClientInitiatedRenegotiation", false);
227
228 // To switch off the extended_master_secret extension.
229 static final boolean useExtendedMasterSecretExtension =
230 Debug.getBooleanProperty("jsse.useExtendedMasterSecret", true);
231
232 // need to dispose the object when it is invalidated
233 boolean invalidated;
234
235 /*
236 * Is this an instance for Datagram Transport Layer Security (DTLS)?
237 */
238 final boolean isDTLS;
239
240 Handshaker(SSLSocketImpl c, SSLContextImpl context,
241 ProtocolList enabledProtocols, boolean needCertVerify,
242 boolean isClient, ProtocolVersion activeProtocolVersion,
243 boolean isInitialHandshake, boolean secureRenegotiation,
244 byte[] clientVerifyData, byte[] serverVerifyData) {
245 this.conn = c;
246 this.isDTLS = false;
247 init(context, enabledProtocols, needCertVerify, isClient,
248 activeProtocolVersion, isInitialHandshake, secureRenegotiation,
249 clientVerifyData, serverVerifyData);
250 }
251
1263 majorVersion = ProtocolVersion.TLS12.major;
1264 minorVersion = ProtocolVersion.TLS12.minor;
1265
1266 masterAlg = "SunTls12MasterSecret";
1267 prf = cipherSuite.prfAlg;
1268 }
1269 } else {
1270 if (protocolVersion.v >= ProtocolVersion.TLS12.v) {
1271 masterAlg = "SunTls12MasterSecret";
1272 prf = cipherSuite.prfAlg;
1273 } else {
1274 masterAlg = "SunTlsMasterSecret";
1275 prf = P_NONE;
1276 }
1277 }
1278
1279 String prfHashAlg = prf.getPRFHashAlg();
1280 int prfHashLength = prf.getPRFHashLength();
1281 int prfBlockSize = prf.getPRFBlockSize();
1282
1283 byte[] sessionHash = null;
1284 if (session.getUseExtendedMasterSecret()){
1285 sessionHash = handshakeHash.getFinishedHash();
1286 }
1287
1288 @SuppressWarnings("deprecation")
1289 TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
1290 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
1291 clnt_random.random_bytes, svr_random.random_bytes, sessionHash,
1292 prfHashAlg, prfHashLength, prfBlockSize);
1293
1294 try {
1295 KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
1296 kg.init(spec);
1297 return kg.generateKey();
1298 } catch (InvalidAlgorithmParameterException |
1299 NoSuchAlgorithmException iae) {
1300 // unlikely to happen, otherwise, must be a provider exception
1301 //
1302 // For RSA premaster secrets, do not signal a protocol error
1303 // due to the Bleichenbacher attack. See comments further down.
1304 if (debug != null && Debug.isOn("handshake")) {
1305 System.out.println("RSA master secret generation error:");
1306 iae.printStackTrace(System.out);
1307 }
1308 throw new ProviderException(iae);
1309
1310 }
1311 }
|