jdk11u-dev Cdiff src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java

src/java.base/share/classes/sun/security/ssl/XDHKeyExchange.java

rev 54061 : 8226374: Restrict TLS signature schemes and named groups
Reviewed-by: mullan


*** 27,37 ****
  import java.io.IOException;
  import java.math.BigInteger;
  import java.security.*;
  import java.security.interfaces.XECPublicKey;
  import java.security.spec.*;
! import sun.security.ssl.NamedGroup.NamedGroupType;
  import sun.security.util.*;
  
  /**
   * Specifics for XEC/XDH Keys/Exchanges
   */
--- 27,37 ----
  import java.io.IOException;
  import java.math.BigInteger;
  import java.security.*;
  import java.security.interfaces.XECPublicKey;
  import java.security.spec.*;
! import sun.security.ssl.NamedGroup.NamedGroupSpec;
  import sun.security.util.*;
  
  /**
   * Specifics for XEC/XDH Keys/Exchanges
   */
*** 66,76 ****
           */
          static XDHECredentials valueOf(NamedGroup namedGroup,
                  byte[] encodedPoint) throws IOException,
                  GeneralSecurityException {
  
!             if (namedGroup.type != NamedGroupType.NAMED_GROUP_XDH) {
                  throw new RuntimeException(
                          "Credentials decoding:  Not XDH named group");
              }
  
              if (encodedPoint == null || encodedPoint.length == 0) {
--- 66,76 ----
           */
          static XDHECredentials valueOf(NamedGroup namedGroup,
                  byte[] encodedPoint) throws IOException,
                  GeneralSecurityException {
  
!             if (namedGroup.spec != NamedGroupSpec.NAMED_GROUP_XDH) {
                  throw new RuntimeException(
                          "Credentials decoding:  Not XDH named group");
              }
  
              if (encodedPoint == null || encodedPoint.length == 0) {
*** 99,110 ****
  
          XDHEPossession(NamedGroup namedGroup, SecureRandom random) {
              try {
                  KeyPairGenerator kpg
                          = JsseJce.getKeyPairGenerator(namedGroup.algorithm);
!                 AlgorithmParameterSpec params = namedGroup.getParameterSpec();
!                 kpg.initialize(params, random);
                  KeyPair kp = kpg.generateKeyPair();
                  privateKey = kp.getPrivate();
                  publicKey = (XECPublicKey) kp.getPublic();
              } catch (GeneralSecurityException e) {
                  throw new RuntimeException(
--- 99,109 ----
  
          XDHEPossession(NamedGroup namedGroup, SecureRandom random) {
              try {
                  KeyPairGenerator kpg
                          = JsseJce.getKeyPairGenerator(namedGroup.algorithm);
!                 kpg.initialize(namedGroup.keAlgParamSpec, random);
                  KeyPair kp = kpg.generateKeyPair();
                  privateKey = kp.getPrivate();
                  publicKey = (XECPublicKey) kp.getPublic();
              } catch (GeneralSecurityException e) {
                  throw new RuntimeException(

< prev index next >