diff options
Diffstat (limited to 'java/openjdk6/files/icedtea/security/20130219')
3 files changed, 0 insertions, 1561 deletions
diff --git a/java/openjdk6/files/icedtea/security/20130219/8006446.patch b/java/openjdk6/files/icedtea/security/20130219/8006446.patch deleted file mode 100644 index 80501ea62890..000000000000 --- a/java/openjdk6/files/icedtea/security/20130219/8006446.patch +++ /dev/null @@ -1,395 +0,0 @@ -diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java ---- openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java 2011-11-14 22:11:44.000000000 +0000 -+++ jdk/src/share/classes/com/sun/jmx/mbeanserver/ClassLoaderRepositorySupport.java 2013-02-15 03:40:40.511587149 +0000 -@@ -36,6 +36,7 @@ - - import javax.management.ObjectName; - import javax.management.loading.PrivateClassLoader; -+import sun.reflect.misc.ReflectUtil; - - /** - * This class keeps the list of Class Loaders registered in the MBean Server. -@@ -192,6 +193,7 @@ - final ClassLoader without, - final ClassLoader stop) - throws ClassNotFoundException { -+ ReflectUtil.checkPackageAccess(className); - final int size = list.length; - for(int i=0; i<size; i++) { - try { -diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java ---- openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java 2011-11-14 22:11:44.000000000 +0000 -+++ jdk/src/share/classes/com/sun/jmx/mbeanserver/JmxMBeanServer.java 2013-02-15 03:40:40.511587149 +0000 -@@ -57,6 +57,7 @@ - import javax.management.RuntimeOperationsException; - import javax.management.MBeanServer; - import javax.management.MBeanServerDelegate; -+import javax.management.MBeanServerPermission; - import javax.management.loading.ClassLoaderRepository; - - import static com.sun.jmx.defaults.JmxProperties.MBEANSERVER_LOGGER; -@@ -1413,6 +1414,8 @@ - // Default is true. - final boolean fairLock = DEFAULT_FAIR_LOCK_POLICY; - -+ checkNewMBeanServerPermission(); -+ - // This constructor happens to disregard the value of the interceptors - // flag - that is, it always uses the default value - false. - // This is admitedly a bug, but we chose not to fix it for now -@@ -1499,4 +1502,11 @@ - } - } - -+ private static void checkNewMBeanServerPermission() { -+ SecurityManager sm = System.getSecurityManager(); -+ if (sm != null) { -+ Permission perm = new MBeanServerPermission("newMBeanServer"); -+ sm.checkPermission(perm); -+ } -+ } - } -diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java ---- openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java 2011-11-14 22:11:44.000000000 +0000 -+++ jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanInstantiator.java 2013-02-15 03:40:40.511587149 +0000 -@@ -32,11 +32,13 @@ - import java.io.ObjectInputStream; - import java.lang.reflect.Constructor; - import java.lang.reflect.InvocationTargetException; -+import java.security.Permission; - import java.util.Map; - import java.util.logging.Level; - - import javax.management.InstanceNotFoundException; - import javax.management.MBeanException; -+import javax.management.MBeanPermission; - import javax.management.NotCompliantMBeanException; - import javax.management.ObjectName; - import javax.management.OperationsException; -@@ -44,7 +46,7 @@ - import javax.management.RuntimeErrorException; - import javax.management.RuntimeMBeanException; - import javax.management.RuntimeOperationsException; -- -+import sun.reflect.misc.ConstructorUtil; - import sun.reflect.misc.ReflectUtil; - - /** -@@ -56,7 +58,6 @@ - * @since 1.5 - */ - public class MBeanInstantiator { -- - private final ModifiableClassLoaderRepository clr; - // private MetaData meta = null; - -@@ -88,6 +89,7 @@ - "Exception occurred during object instantiation"); - } - -+ ReflectUtil.checkPackageAccess(className); - try { - if (clr == null) throw new ClassNotFoundException(className); - theClass = clr.loadClass(className); -@@ -162,6 +164,7 @@ - continue; - } - -+ ReflectUtil.checkPackageAccess(signature[i]); - // Ok we do not have a primitive type ! We need to build - // the signature of the method - // -@@ -205,6 +208,9 @@ - */ - public Object instantiate(Class theClass) - throws ReflectionException, MBeanException { -+ -+ checkMBeanPermission(theClass, null, null, "instantiate"); -+ - Object moi = null; - - -@@ -260,6 +266,9 @@ - public Object instantiate(Class theClass, Object params[], - String signature[], ClassLoader loader) - throws ReflectionException, MBeanException { -+ -+ checkMBeanPermission(theClass, null, null, "instantiate"); -+ - // Instantiate the new object - - // ------------------------------ -@@ -408,6 +417,8 @@ - throw new RuntimeOperationsException(new - IllegalArgumentException(), "Null className passed in parameter"); - } -+ -+ ReflectUtil.checkPackageAccess(className); - Class theClass = null; - if (loaderName == null) { - // Load the class using the agent class loader -@@ -620,13 +631,13 @@ - **/ - static Class loadClass(String className, ClassLoader loader) - throws ReflectionException { -- - Class theClass = null; - if (className == null) { - throw new RuntimeOperationsException(new - IllegalArgumentException("The class name cannot be null"), - "Exception occurred during object instantiation"); - } -+ ReflectUtil.checkPackageAccess(className); - try { - if (loader == null) - loader = MBeanInstantiator.class.getClassLoader(); -@@ -677,6 +688,7 @@ - // We need to load the class through the class - // loader of the target object. - // -+ ReflectUtil.checkPackageAccess(signature[i]); - tab[i] = Class.forName(signature[i], false, aLoader); - } - } catch (ClassNotFoundException e) { -@@ -702,7 +714,7 @@ - - private Constructor<?> findConstructor(Class<?> c, Class<?>[] params) { - try { -- return c.getConstructor(params); -+ return ConstructorUtil.getConstructor(c, params); - } catch (Exception e) { - return null; - } -@@ -716,4 +728,18 @@ - char.class, boolean.class}) - primitiveClasses.put(c.getName(), c); - } -+ -+ private static void checkMBeanPermission(Class<?> clazz, -+ String member, -+ ObjectName objectName, -+ String actions) { -+ SecurityManager sm = System.getSecurityManager(); -+ if (clazz != null && sm != null) { -+ Permission perm = new MBeanPermission(clazz.getName(), -+ member, -+ objectName, -+ actions); -+ sm.checkPermission(perm); -+ } -+ } - } -diff -Nru openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java openjdk/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java ---- openjdk.orig/jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java 2011-11-14 22:11:44.000000000 +0000 -+++ jdk/src/share/classes/com/sun/jmx/mbeanserver/MBeanSupport.java 2013-02-15 03:40:40.511587149 +0000 -@@ -38,6 +38,7 @@ - import javax.management.NotCompliantMBeanException; - import javax.management.ObjectName; - import javax.management.ReflectionException; -+import sun.reflect.misc.ReflectUtil; - - /** - * Base class for MBeans. There is one instance of this class for -@@ -131,6 +132,7 @@ - " is not an instance of " + mbeanInterface.getName(); - throw new NotCompliantMBeanException(msg); - } -+ ReflectUtil.checkPackageAccess(mbeanInterface); - this.resource = resource; - MBeanIntrospector<M> introspector = getMBeanIntrospector(); - this.perInterface = introspector.getPerInterface(mbeanInterface); -diff -Nru openjdk.orig/jdk/src/share/classes/sun/management/LockDataConverter.java openjdk/jdk/src/share/classes/sun/management/LockDataConverter.java ---- openjdk.orig/jdk/src/share/classes/sun/management/LockDataConverter.java 2011-11-14 22:12:00.000000000 +0000 -+++ jdk/src/share/classes/sun/management/LockDataConverter.java 2013-02-15 03:40:40.511587149 +0000 -@@ -27,6 +27,8 @@ - - import java.lang.management.LockInfo; - import java.lang.management.ThreadInfo; -+import java.security.AccessController; -+import java.security.PrivilegedAction; - import javax.management.Attribute; - import javax.management.StandardMBean; - import javax.management.openmbean.CompositeData; -@@ -40,13 +42,13 @@ - private LockInfo lockInfo; - private LockInfo[] lockedSyncs; - -- LockDataConverter() { -+ private LockDataConverter() { - super(LockDataConverterMXBean.class, true); - this.lockInfo = null; - this.lockedSyncs = null; - } - -- LockDataConverter(ThreadInfo ti) { -+ private LockDataConverter(ThreadInfo ti) { - super(LockDataConverterMXBean.class, true); - this.lockInfo = ti.getLockInfo(); - this.lockedSyncs = ti.getLockedSynchronizers(); -@@ -104,8 +106,24 @@ - } - - static CompositeData toLockInfoCompositeData(LockInfo l) { -- LockDataConverter ldc = new LockDataConverter(); -+ LockDataConverter ldc = newLockDataConverter(); - ldc.setLockInfo(l); - return ldc.toLockInfoCompositeData(); - } -+ -+ static LockDataConverter newLockDataConverter() { -+ return AccessController.doPrivileged(new PrivilegedAction<LockDataConverter>() { -+ public LockDataConverter run() { -+ return new LockDataConverter(); -+ } -+ }); -+ } -+ -+ static LockDataConverter newLockDataConverter(final ThreadInfo ti) { -+ LockDataConverter result = newLockDataConverter(); -+ result.lockInfo = ti.getLockInfo(); -+ result.lockedSyncs = ti.getLockedSynchronizers(); -+ return result; -+ } - } -+ -diff -Nru openjdk.orig/jdk/src/share/classes/sun/management/ThreadInfoCompositeData.java openjdk/jdk/src/share/classes/sun/management/ThreadInfoCompositeData.java ---- openjdk.orig/jdk/src/share/classes/sun/management/ThreadInfoCompositeData.java 2011-11-14 22:12:01.000000000 +0000 -+++ jdk/src/share/classes/sun/management/ThreadInfoCompositeData.java 2013-02-15 03:40:40.511587149 +0000 -@@ -85,7 +85,7 @@ - } - - // Convert MonitorInfo[] and LockInfo[] to CompositeData[] -- LockDataConverter converter = new LockDataConverter(threadInfo); -+ LockDataConverter converter = LockDataConverter.newLockDataConverter(threadInfo); - CompositeData lockInfoData = converter.toLockInfoCompositeData(); - CompositeData[] lockedSyncsData = converter.toLockedSynchronizersCompositeData(); - -@@ -315,7 +315,7 @@ - - // 6.0 new attributes - public LockInfo lockInfo() { -- LockDataConverter converter = new LockDataConverter(); -+ LockDataConverter converter = LockDataConverter.newLockDataConverter(); - CompositeData lockInfoData = (CompositeData) cdata.get(LOCK_INFO); - return converter.toLockInfo(lockInfoData); - } -@@ -336,7 +336,7 @@ - } - - public LockInfo[] lockedSynchronizers() { -- LockDataConverter converter = new LockDataConverter(); -+ LockDataConverter converter = LockDataConverter.newLockDataConverter(); - CompositeData[] lockedSyncsData = - (CompositeData[]) cdata.get(LOCKED_SYNCS); - -diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security openjdk/jdk/src/share/lib/security/java.security ---- openjdk.orig/jdk/src/share/lib/security/java.security 2013-02-15 03:39:56.922892783 +0000 -+++ jdk/src/share/lib/security/java.security 2013-02-15 03:40:40.511587149 +0000 -@@ -131,8 +131,7 @@ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ -- com.sun.jmx.defaults.,\ -- com.sun.jmx.remote.util. -+ com.sun.jmx. - - # - # List of comma-separated packages that start with or equal this string -@@ -148,8 +147,7 @@ - com.sun.xml.internal.,\ - com.sun.imageio.,\ - com.sun.istack.internal.,\ -- com.sun.jmx.defaults.,\ -- com.sun.jmx.remote.util. -+ com.sun.jmx. - - # - # Determines whether this properties file can be appended to -diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-solaris openjdk/jdk/src/share/lib/security/java.security-solaris ---- openjdk.orig/jdk/src/share/lib/security/java.security-solaris 2013-02-15 03:39:56.902892466 +0000 -+++ jdk/src/share/lib/security/java.security-solaris 2013-02-15 03:41:36.996489851 +0000 -@@ -131,6 +131,8 @@ - package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio. -+ com.sun.istack.internal.,\ -+ com.sun.jmx. - - # - # List of comma-separated packages that start with or equal this string -@@ -145,6 +147,8 @@ - package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio. -+ com.sun.istack.internal.,\ -+ com.sun.jmx. - - # - # Determines whether this properties file can be appended to -diff -Nru openjdk.orig/jdk/src/share/lib/security/java.security-windows openjdk/jdk/src/share/lib/security/java.security-windows ---- openjdk.orig/jdk/src/share/lib/security/java.security-windows 2013-02-15 03:39:56.902892466 +0000 -+++ jdk/src/share/lib/security/java.security-windows 2013-02-15 03:42:05.304943135 +0000 -@@ -131,6 +131,8 @@ - package.access=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio. -+ com.sun.istack.internal.,\ -+ com.sun.jmx. - - # - # List of comma-separated packages that start with or equal this string -@@ -145,6 +147,8 @@ - package.definition=sun.,\ - com.sun.xml.internal.,\ - com.sun.imageio. -+ com.sun.istack.internal.,\ -+ com.sun.jmx. - - # - # Determines whether this properties file can be appended to -diff -Nru openjdk.orig/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java openjdk/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java ---- openjdk.orig/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java 2011-11-14 22:12:28.000000000 +0000 -+++ jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation2Test.java 2013-02-15 03:40:40.511587149 +0000 -@@ -119,9 +119,6 @@ - System.out.println("Create SimpleStandard MBean"); - SimpleStandard s = new SimpleStandard("monitorRole"); - mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard")); -- // Set Security Manager -- // -- System.setSecurityManager(new SecurityManager()); - // Create Properties containing the username/password entries - // - Properties props = new Properties(); -@@ -132,6 +129,9 @@ - HashMap env = new HashMap(); - env.put("jmx.remote.authenticator", - new JMXPluggableAuthenticator(props)); -+ // Set Security Manager -+ // -+ System.setSecurityManager(new SecurityManager()); - // Create an RMI connector server - // - System.out.println("Create an RMI connector server"); -diff -Nru openjdk.orig/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java openjdk/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java ---- openjdk.orig/jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java 2011-11-14 22:12:28.000000000 +0000 -+++ jdk/test/javax/management/remote/mandatory/subjectDelegation/SubjectDelegation3Test.java 2013-02-15 03:40:40.511587149 +0000 -@@ -120,9 +120,6 @@ - System.out.println("Create SimpleStandard MBean"); - SimpleStandard s = new SimpleStandard("delegate"); - mbs.registerMBean(s, new ObjectName("MBeans:type=SimpleStandard")); -- // Set Security Manager -- // -- System.setSecurityManager(new SecurityManager()); - // Create Properties containing the username/password entries - // - Properties props = new Properties(); -@@ -133,6 +130,9 @@ - HashMap env = new HashMap(); - env.put("jmx.remote.authenticator", - new JMXPluggableAuthenticator(props)); -+ // Set Security Manager -+ // -+ System.setSecurityManager(new SecurityManager()); - // Create an RMI connector server - // - System.out.println("Create an RMI connector server"); diff --git a/java/openjdk6/files/icedtea/security/20130219/8006777.patch b/java/openjdk6/files/icedtea/security/20130219/8006777.patch deleted file mode 100644 index 913617accfd5..000000000000 --- a/java/openjdk6/files/icedtea/security/20130219/8006777.patch +++ /dev/null @@ -1,1036 +0,0 @@ -# HG changeset patch -# User coffeys -# Date 1360882104 0 -# Node ID 85b3b034fdecdc94f082efa8d74e014366502deb -# Parent 617e68a3948824283f15c36fcd8cf264c1dd0a99 -8006777: Improve TLS handling of invalid messages -Reviewed-by: wetmore - -diff --git a/src/share/classes/sun/security/ssl/CipherBox.java b/src/share/classes/sun/security/ssl/CipherBox.java ---- jdk/src/share/classes/sun/security/ssl/CipherBox.java -+++ jdk/src/share/classes/sun/security/ssl/CipherBox.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -244,7 +244,8 @@ final class CipherBox { - * Decrypts a block of data, returning the size of the - * resulting block if padding was required. - */ -- int decrypt(byte[] buf, int offset, int len) throws BadPaddingException { -+ int decrypt(byte[] buf, int offset, int len, -+ int tagLen) throws BadPaddingException { - if (cipher == null) { - return len; - } -@@ -268,8 +269,8 @@ final class CipherBox { - } catch (IOException e) { } - } - if (blockSize != 0) { -- newLen = removePadding(buf, offset, newLen, -- blockSize, protocolVersion); -+ newLen = removePadding( -+ buf, offset, newLen, tagLen, blockSize, protocolVersion); - } - return newLen; - } catch (ShortBufferException e) { -@@ -285,7 +286,7 @@ final class CipherBox { - * limit and new limit may be different, given we may - * have stripped off some padding bytes. - */ -- int decrypt(ByteBuffer bb) throws BadPaddingException { -+ int decrypt(ByteBuffer bb, int tagLen) throws BadPaddingException { - - int len = bb.remaining(); - -@@ -309,7 +310,6 @@ final class CipherBox { - } - - if (debug != null && Debug.isOn("plaintext")) { -- bb.position(pos); - try { - HexDumpEncoder hd = new HexDumpEncoder(); - -@@ -317,7 +317,8 @@ final class CipherBox { - "Padded plaintext after DECRYPTION: len = " - + newLen); - -- hd.encodeBuffer(bb, System.out); -+ hd.encodeBuffer( -+ (ByteBuffer)bb.duplicate().position(pos), System.out); - } catch (IOException e) { } - } - -@@ -326,7 +327,8 @@ final class CipherBox { - */ - if (blockSize != 0) { - bb.position(pos); -- newLen = removePadding(bb, blockSize, protocolVersion); -+ newLen = removePadding( -+ bb, tagLen, blockSize, protocolVersion); - } - return newLen; - } catch (ShortBufferException e) { -@@ -400,6 +402,65 @@ final class CipherBox { - return newlen; - } - -+ /* -+ * A constant-time check of the padding. -+ * -+ * NOTE that we are checking both the padding and the padLen bytes here. -+ * -+ * The caller MUST ensure that the len parameter is a positive number. -+ */ -+ private static int[] checkPadding( -+ byte[] buf, int offset, int len, byte pad) { -+ -+ if (len <= 0) { -+ throw new RuntimeException("padding len must be positive"); -+ } -+ -+ // An array of hits is used to prevent Hotspot optimization for -+ // the purpose of a constant-time check -+ int[] results = {0, 0}; // {missed #, matched #} -+ for (int i = 0; i <= 256;) { -+ for (int j = 0; j < len && i <= 256; j++, i++) { // j <= i -+ if (buf[offset + j] != pad) { -+ results[0]++; // mismatched padding data -+ } else { -+ results[1]++; // matched padding data -+ } -+ } -+ } -+ -+ return results; -+ } -+ -+ /* -+ * A constant-time check of the padding. -+ * -+ * NOTE that we are checking both the padding and the padLen bytes here. -+ * -+ * The caller MUST ensure that the bb parameter has remaining. -+ */ -+ private static int[] checkPadding(ByteBuffer bb, byte pad) { -+ -+ if (!bb.hasRemaining()) { -+ throw new RuntimeException("hasRemaining() must be positive"); -+ } -+ -+ // An array of hits is used to prevent Hotspot optimization for -+ // the purpose of a constant-time check. -+ int[] results = {0, 0}; // {missed #, matched #} -+ bb.mark(); -+ for (int i = 0; i <= 256; bb.reset()) { -+ for (; bb.hasRemaining() && i <= 256; i++) { -+ if (bb.get() != pad) { -+ results[0]++; // mismatched padding data -+ } else { -+ results[1]++; // matched padding data -+ } -+ } -+ } -+ -+ return results; -+ } - - /* - * Typical TLS padding format for a 64 bit block cipher is as follows: -@@ -412,86 +473,95 @@ final class CipherBox { - * as it makes the data a multiple of the block size - */ - private static int removePadding(byte[] buf, int offset, int len, -- int blockSize, ProtocolVersion protocolVersion) -- throws BadPaddingException { -+ int tagLen, int blockSize, -+ ProtocolVersion protocolVersion) throws BadPaddingException { -+ - // last byte is length byte (i.e. actual padding length - 1) - int padOffset = offset + len - 1; -- int pad = buf[padOffset] & 0x0ff; -+ int padLen = buf[padOffset] & 0xFF; - -- int newlen = len - (pad + 1); -- if (newlen < 0) { -- throw new BadPaddingException("Padding length invalid: " + pad); -+ int newLen = len - (padLen + 1); -+ if ((newLen - tagLen) < 0) { -+ // If the buffer is not long enough to contain the padding plus -+ // a MAC tag, do a dummy constant-time padding check. -+ // -+ // Note that it is a dummy check, so we won't care about what is -+ // the actual padding data. -+ checkPadding(buf, offset, len, (byte)(padLen & 0xFF)); -+ -+ throw new BadPaddingException("Invalid Padding length: " + padLen); - } - -+ // The padding data should be filled with the padding length value. -+ int[] results = checkPadding(buf, offset + newLen, -+ padLen + 1, (byte)(padLen & 0xFF)); - if (protocolVersion.v >= ProtocolVersion.TLS10.v) { -- for (int i = 1; i <= pad; i++) { -- int val = buf[padOffset - i] & 0xff; -- if (val != pad) { -- throw new BadPaddingException -- ("Invalid TLS padding: " + val); -- } -+ if (results[0] != 0) { // padding data has invalid bytes -+ throw new BadPaddingException("Invalid TLS padding data"); - } - } else { // SSLv3 - // SSLv3 requires 0 <= length byte < block size - // some implementations do 1 <= length byte <= block size, - // so accept that as well - // v3 does not require any particular value for the other bytes -- if (pad > blockSize) { -- throw new BadPaddingException("Invalid SSLv3 padding: " + pad); -+ if (padLen > blockSize) { -+ throw new BadPaddingException("Invalid SSLv3 padding"); - } - } -- return newlen; -+ return newLen; - } - - /* - * Position/limit is equal the removed padding. - */ - private static int removePadding(ByteBuffer bb, -- int blockSize, ProtocolVersion protocolVersion) -- throws BadPaddingException { -+ int tagLen, int blockSize, -+ ProtocolVersion protocolVersion) throws BadPaddingException { - - int len = bb.remaining(); - int offset = bb.position(); - - // last byte is length byte (i.e. actual padding length - 1) - int padOffset = offset + len - 1; -- int pad = bb.get(padOffset) & 0x0ff; -+ int padLen = bb.get(padOffset) & 0xFF; - -- int newlen = len - (pad + 1); -- if (newlen < 0) { -- throw new BadPaddingException("Padding length invalid: " + pad); -+ int newLen = len - (padLen + 1); -+ if ((newLen - tagLen) < 0) { -+ // If the buffer is not long enough to contain the padding plus -+ // a MAC tag, do a dummy constant-time padding check. -+ // -+ // Note that it is a dummy check, so we won't care about what is -+ // the actual padding data. -+ checkPadding(bb.duplicate(), (byte)(padLen & 0xFF)); -+ -+ throw new BadPaddingException("Invalid Padding length: " + padLen); - } - -- /* -- * We could zero the padding area, but not much useful -- * information there. -- */ -+ // The padding data should be filled with the padding length value. -+ int[] results = checkPadding( -+ (ByteBuffer)bb.duplicate().position(offset + newLen), -+ (byte)(padLen & 0xFF)); - if (protocolVersion.v >= ProtocolVersion.TLS10.v) { -- bb.put(padOffset, (byte)0); // zero the padding. -- for (int i = 1; i <= pad; i++) { -- int val = bb.get(padOffset - i) & 0xff; -- if (val != pad) { -- throw new BadPaddingException -- ("Invalid TLS padding: " + val); -- } -+ if (results[0] != 0) { // padding data has invalid bytes -+ throw new BadPaddingException("Invalid TLS padding data"); - } - } else { // SSLv3 - // SSLv3 requires 0 <= length byte < block size - // some implementations do 1 <= length byte <= block size, - // so accept that as well - // v3 does not require any particular value for the other bytes -- if (pad > blockSize) { -- throw new BadPaddingException("Invalid SSLv3 padding: " + pad); -+ if (padLen > blockSize) { -+ throw new BadPaddingException("Invalid SSLv3 padding"); - } - } - - /* - * Reset buffer limit to remove padding. - */ -- bb.position(offset + newlen); -- bb.limit(offset + newlen); -+ bb.position(offset + newLen); -+ bb.limit(offset + newLen); - -- return newlen; -+ return newLen; - } - - /* -@@ -502,4 +572,40 @@ final class CipherBox { - boolean isCBCMode() { - return isCBCMode; - } -+ -+ /** -+ * Is the cipher null? -+ * -+ * @return true if the cipher is null, false otherwise. -+ */ -+ boolean isNullCipher() { -+ return cipher == null; -+ } -+ -+ /** -+ * Sanity check the length of a fragment before decryption. -+ * -+ * In CBC mode, check that the fragment length is one or multiple times -+ * of the block size of the cipher suite, and is at least one (one is the -+ * smallest size of padding in CBC mode) bigger than the tag size of the -+ * MAC algorithm. -+ * -+ * In non-CBC mode, check that the fragment length is not less than the -+ * tag size of the MAC algorithm. -+ * -+ * @return true if the length of a fragment matches above requirements -+ */ -+ boolean sanityCheck(int tagLen, int fragmentLen) { -+ if (!isCBCMode) { -+ return fragmentLen >= tagLen; -+ } -+ -+ if ((fragmentLen % blockSize) == 0) { -+ int minimal = tagLen + 1; -+ minimal = (minimal >= blockSize) ? minimal : blockSize; -+ return (fragmentLen >= minimal); -+ } -+ -+ return false; -+ } - } -diff --git a/src/share/classes/sun/security/ssl/CipherSuite.java b/src/share/classes/sun/security/ssl/CipherSuite.java ---- jdk/src/share/classes/sun/security/ssl/CipherSuite.java -+++ jdk/src/share/classes/sun/security/ssl/CipherSuite.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -451,9 +451,18 @@ final class CipherSuite implements Compa - // size of the MAC value (and MAC key) in bytes - final int size; - -- MacAlg(String name, int size) { -+ // block size of the underlying hash algorithm -+ final int hashBlockSize; -+ -+ // minimal padding size of the underlying hash algorithm -+ final int minimalPaddingSize; -+ -+ MacAlg(String name, int size, -+ int hashBlockSize, int minimalPaddingSize) { - this.name = name; - this.size = size; -+ this.hashBlockSize = hashBlockSize; -+ this.minimalPaddingSize = minimalPaddingSize; - } - - /** -@@ -497,9 +506,9 @@ final class CipherSuite implements Compa - new BulkCipher(CIPHER_AES, 32, 16, true); - - // MACs -- final static MacAlg M_NULL = new MacAlg("NULL", 0); -- final static MacAlg M_MD5 = new MacAlg("MD5", 16); -- final static MacAlg M_SHA = new MacAlg("SHA", 20); -+ final static MacAlg M_NULL = new MacAlg("NULL", 0, 0, 0); -+ final static MacAlg M_MD5 = new MacAlg("MD5", 16, 64, 9); -+ final static MacAlg M_SHA = new MacAlg("SHA", 20, 64, 9); - - static { - idMap = new HashMap<Integer,CipherSuite>(); -diff --git a/src/share/classes/sun/security/ssl/EngineInputRecord.java b/src/share/classes/sun/security/ssl/EngineInputRecord.java ---- jdk/src/share/classes/sun/security/ssl/EngineInputRecord.java -+++ jdk/src/share/classes/sun/security/ssl/EngineInputRecord.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -177,71 +177,6 @@ final class EngineInputRecord extends In - } - - /* -- * Verifies and removes the MAC value. Returns true if -- * the MAC checks out OK. -- * -- * On entry: -- * position = beginning of app/MAC data -- * limit = end of MAC data. -- * -- * On return: -- * position = beginning of app data -- * limit = end of app data -- */ -- boolean checkMAC(MAC signer, ByteBuffer bb) { -- if (internalData) { -- return checkMAC(signer); -- } -- -- int len = signer.MAClen(); -- if (len == 0) { // no mac -- return true; -- } -- -- /* -- * Grab the original limit -- */ -- int lim = bb.limit(); -- -- /* -- * Delineate the area to apply a MAC on. -- */ -- int macData = lim - len; -- bb.limit(macData); -- -- byte[] mac = signer.compute(contentType(), bb); -- -- if (len != mac.length) { -- throw new RuntimeException("Internal MAC error"); -- } -- -- /* -- * Delineate the MAC values, position was already set -- * by doing the compute above. -- * -- * We could zero the MAC area, but not much useful information -- * there anyway. -- */ -- bb.position(macData); -- bb.limit(lim); -- -- try { -- for (int i = 0; i < len; i++) { -- if (bb.get() != mac[i]) { // No BB.equals(byte []); ! -- return false; -- } -- } -- return true; -- } finally { -- /* -- * Position to the data. -- */ -- bb.rewind(); -- bb.limit(macData); -- } -- } -- -- /* - * Pass the data down if it's internally cached, otherwise - * do it here. - * -@@ -250,18 +185,161 @@ final class EngineInputRecord extends In - * If external data(app), return a new ByteBuffer with data to - * process. - */ -- ByteBuffer decrypt(CipherBox box, ByteBuffer bb) -- throws BadPaddingException { -+ ByteBuffer decrypt(MAC signer, -+ CipherBox box, ByteBuffer bb) throws BadPaddingException { - - if (internalData) { -- decrypt(box); -+ decrypt(signer, box); // MAC is checked during decryption - return tmpBB; - } - -- box.decrypt(bb); -- bb.rewind(); -+ BadPaddingException reservedBPE = null; -+ int tagLen = signer.MAClen(); -+ int cipheredLength = bb.remaining(); -+ -+ if (!box.isNullCipher()) { -+ // sanity check length of the ciphertext -+ if (!box.sanityCheck(tagLen, cipheredLength)) { -+ throw new BadPaddingException( -+ "ciphertext sanity check failed"); -+ } -+ -+ try { -+ // Note that the CipherBox.decrypt() does not change -+ // the capacity of the buffer. -+ box.decrypt(bb, tagLen); -+ } catch (BadPaddingException bpe) { -+ // RFC 2246 states that decryption_failed should be used -+ // for this purpose. However, that allows certain attacks, -+ // so we just send bad record MAC. We also need to make -+ // sure to always check the MAC to avoid a timing attack -+ // for the same issue. See paper by Vaudenay et al and the -+ // update in RFC 4346/5246. -+ // -+ // Failover to message authentication code checking. -+ reservedBPE = bpe; -+ } finally { -+ bb.rewind(); -+ } -+ } -+ -+ if (tagLen != 0) { -+ int macOffset = bb.limit() - tagLen; -+ -+ // Note that although it is not necessary, we run the same MAC -+ // computation and comparison on the payload for both stream -+ // cipher and CBC block cipher. -+ if (bb.remaining() < tagLen) { -+ // negative data length, something is wrong -+ if (reservedBPE == null) { -+ reservedBPE = new BadPaddingException("bad record"); -+ } -+ -+ // set offset of the dummy MAC -+ macOffset = cipheredLength - tagLen; -+ bb.limit(cipheredLength); -+ } -+ -+ // Run MAC computation and comparison on the payload. -+ if (checkMacTags(contentType(), bb, signer, false)) { -+ if (reservedBPE == null) { -+ reservedBPE = new BadPaddingException("bad record MAC"); -+ } -+ } -+ -+ // Run MAC computation and comparison on the remainder. -+ // -+ // It is only necessary for CBC block cipher. It is used to get a -+ // constant time of MAC computation and comparison on each record. -+ if (box.isCBCMode()) { -+ int remainingLen = calculateRemainingLen( -+ signer, cipheredLength, macOffset); -+ -+ // NOTE: here we use the InputRecord.buf because I did not find -+ // an effective way to work on ByteBuffer when its capacity is -+ // less than remainingLen. -+ -+ // NOTE: remainingLen may be bigger (less than 1 block of the -+ // hash algorithm of the MAC) than the cipheredLength. However, -+ // We won't need to worry about it because we always use a -+ // maximum buffer for every record. We need a change here if -+ // we use small buffer size in the future. -+ if (remainingLen > buf.length) { -+ // unlikely to happen, just a placehold -+ throw new RuntimeException( -+ "Internal buffer capacity error"); -+ } -+ -+ // Won't need to worry about the result on the remainder. And -+ // then we won't need to worry about what's actual data to -+ // check MAC tag on. We start the check from the header of the -+ // buffer so that we don't need to construct a new byte buffer. -+ checkMacTags(contentType(), buf, 0, remainingLen, signer, true); -+ } -+ -+ bb.limit(macOffset); -+ } -+ -+ // Is it a failover? -+ if (reservedBPE != null) { -+ throw reservedBPE; -+ } - - return bb.slice(); -+ } -+ -+ /* -+ * Run MAC computation and comparison -+ * -+ * Please DON'T change the content of the ByteBuffer parameter! -+ */ -+ private static boolean checkMacTags(byte contentType, ByteBuffer bb, -+ MAC signer, boolean isSimulated) { -+ -+ int tagLen = signer.MAClen(); -+ int lim = bb.limit(); -+ int macData = lim - tagLen; -+ -+ bb.limit(macData); -+ byte[] hash = signer.compute(contentType, bb, isSimulated); -+ if (hash == null || tagLen != hash.length) { -+ // Something is wrong with MAC implementation. -+ throw new RuntimeException("Internal MAC error"); -+ } -+ -+ bb.position(macData); -+ bb.limit(lim); -+ try { -+ int[] results = compareMacTags(bb, hash); -+ return (results[0] != 0); -+ } finally { -+ bb.rewind(); -+ bb.limit(macData); -+ } -+ } -+ -+ /* -+ * A constant-time comparison of the MAC tags. -+ * -+ * Please DON'T change the content of the ByteBuffer parameter! -+ */ -+ private static int[] compareMacTags(ByteBuffer bb, byte[] tag) { -+ -+ // An array of hits is used to prevent Hotspot optimization for -+ // the purpose of a constant-time check. -+ int[] results = {0, 0}; // {missed #, matched #} -+ -+ // The caller ensures there are enough bytes available in the buffer. -+ // So we won't need to check the remaining of the buffer. -+ for (int i = 0; i < tag.length; i++) { -+ if (bb.get() != tag[i]) { -+ results[0]++; // mismatched bytes -+ } else { -+ results[1]++; // matched bytes -+ } -+ } -+ -+ return results; - } - - /* -diff --git a/src/share/classes/sun/security/ssl/EngineOutputRecord.java b/src/share/classes/sun/security/ssl/EngineOutputRecord.java ---- jdk/src/share/classes/sun/security/ssl/EngineOutputRecord.java -+++ jdk/src/share/classes/sun/security/ssl/EngineOutputRecord.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -120,7 +120,7 @@ final class EngineOutputRecord extends O - throws IOException { - - if (signer.MAClen() != 0) { -- byte[] hash = signer.compute(contentType(), bb); -+ byte[] hash = signer.compute(contentType(), bb, false); - - /* - * position was advanced to limit in compute above. -diff --git a/src/share/classes/sun/security/ssl/InputRecord.java b/src/share/classes/sun/security/ssl/InputRecord.java ---- jdk/src/share/classes/sun/security/ssl/InputRecord.java -+++ jdk/src/share/classes/sun/security/ssl/InputRecord.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -135,43 +135,173 @@ class InputRecord extends ByteArrayInput - return handshakeHash; - } - -- /* -- * Verify and remove the MAC ... used for all records. -- */ -- boolean checkMAC(MAC signer) { -- int len = signer.MAClen(); -- if (len == 0) { // no mac -- return true; -+ void decrypt(MAC signer, CipherBox box) throws BadPaddingException { -+ -+ BadPaddingException reservedBPE = null; -+ int tagLen = signer.MAClen(); -+ int cipheredLength = count - headerSize; -+ -+ if (!box.isNullCipher()) { -+ // sanity check length of the ciphertext -+ if (!box.sanityCheck(tagLen, cipheredLength)) { -+ throw new BadPaddingException( -+ "ciphertext sanity check failed"); -+ } -+ -+ try { -+ // Note that the CipherBox.decrypt() does not change -+ // the capacity of the buffer. -+ count = headerSize + -+ box.decrypt(buf, headerSize, cipheredLength, tagLen); -+ } catch (BadPaddingException bpe) { -+ // RFC 2246 states that decryption_failed should be used -+ // for this purpose. However, that allows certain attacks, -+ // so we just send bad record MAC. We also need to make -+ // sure to always check the MAC to avoid a timing attack -+ // for the same issue. See paper by Vaudenay et al and the -+ // update in RFC 4346/5246. -+ // -+ // Failover to message authentication code checking. -+ reservedBPE = bpe; -+ } - } - -- int offset = count - len; -+ if (tagLen != 0) { -+ int macOffset = count - tagLen; -+ int contentLen = macOffset - headerSize; - -- if (offset < headerSize) { -- // data length would be negative, something is wrong -- return false; -+ // Note that although it is not necessary, we run the same MAC -+ // computation and comparison on the payload for both stream -+ // cipher and CBC block cipher. -+ if (contentLen < 0) { -+ // negative data length, something is wrong -+ if (reservedBPE == null) { -+ reservedBPE = new BadPaddingException("bad record"); -+ } -+ -+ // set offset of the dummy MAC -+ macOffset = headerSize + cipheredLength - tagLen; -+ contentLen = macOffset - headerSize; -+ } -+ -+ count -= tagLen; // Set the count before any MAC checking -+ // exception occurs, so that the following -+ // process can read the actual decrypted -+ // content (minus the MAC) in the fragment -+ // if necessary. -+ -+ // Run MAC computation and comparison on the payload. -+ if (checkMacTags(contentType(), -+ buf, headerSize, contentLen, signer, false)) { -+ if (reservedBPE == null) { -+ reservedBPE = new BadPaddingException("bad record MAC"); -+ } -+ } -+ -+ // Run MAC computation and comparison on the remainder. -+ // -+ // It is only necessary for CBC block cipher. It is used to get a -+ // constant time of MAC computation and comparison on each record. -+ if (box.isCBCMode()) { -+ int remainingLen = calculateRemainingLen( -+ signer, cipheredLength, contentLen); -+ -+ // NOTE: remainingLen may be bigger (less than 1 block of the -+ // hash algorithm of the MAC) than the cipheredLength. However, -+ // We won't need to worry about it because we always use a -+ // maximum buffer for every record. We need a change here if -+ // we use small buffer size in the future. -+ if (remainingLen > buf.length) { -+ // unlikely to happen, just a placehold -+ throw new RuntimeException( -+ "Internal buffer capacity error"); -+ } -+ -+ // Won't need to worry about the result on the remainder. And -+ // then we won't need to worry about what's actual data to -+ // check MAC tag on. We start the check from the header of the -+ // buffer so that we don't need to construct a new byte buffer. -+ checkMacTags(contentType(), buf, 0, remainingLen, signer, true); -+ } - } - -- byte[] mac = signer.compute(contentType(), buf, -- headerSize, offset - headerSize); -+ // Is it a failover? -+ if (reservedBPE != null) { -+ throw reservedBPE; -+ } -+ } - -- if (len != mac.length) { -+ /* -+ * Run MAC computation and comparison -+ * -+ * Please DON'T change the content of the byte buffer parameter! -+ */ -+ static boolean checkMacTags(byte contentType, byte[] buffer, -+ int offset, int contentLen, MAC signer, boolean isSimulated) { -+ -+ int tagLen = signer.MAClen(); -+ byte[] hash = signer.compute( -+ contentType, buffer, offset, contentLen, isSimulated); -+ if (hash == null || tagLen != hash.length) { -+ // Something is wrong with MAC implementation. - throw new RuntimeException("Internal MAC error"); - } - -- for (int i = 0; i < len; i++) { -- if (buf[offset + i] != mac[i]) { -- return false; -+ int[] results = compareMacTags(buffer, offset + contentLen, hash); -+ return (results[0] != 0); -+ } -+ -+ /* -+ * A constant-time comparison of the MAC tags. -+ * -+ * Please DON'T change the content of the byte buffer parameter! -+ */ -+ private static int[] compareMacTags( -+ byte[] buffer, int offset, byte[] tag) { -+ -+ // An array of hits is used to prevent Hotspot optimization for -+ // the purpose of a constant-time check. -+ int[] results = {0, 0}; // {missed #, matched #} -+ -+ // The caller ensures there are enough bytes available in the buffer. -+ // So we won't need to check the length of the buffer. -+ for (int i = 0; i < tag.length; i++) { -+ if (buffer[offset + i] != tag[i]) { -+ results[0]++; // mismatched bytes -+ } else { -+ results[1]++; // matched bytes - } - } -- count -= len; -- return true; -+ -+ return results; - } - -- void decrypt(CipherBox box) throws BadPaddingException { -- int len = count - headerSize; -- count = headerSize + box.decrypt(buf, headerSize, len); -+ /* -+ * Calculate the length of a dummy buffer to run MAC computation -+ * and comparison on the remainder. -+ * -+ * The caller MUST ensure that the fullLen is not less than usedLen. -+ */ -+ static int calculateRemainingLen( -+ MAC signer, int fullLen, int usedLen) { -+ -+ int blockLen = signer.hashBlockLen(); -+ int minimalPaddingLen = signer.minimalPaddingLen(); -+ -+ // (blockLen - minimalPaddingLen) is the maximum message size of -+ // the last block of hash function operation. See FIPS 180-4, or -+ // MD5 specification. -+ fullLen += 13 - (blockLen - minimalPaddingLen); -+ usedLen += 13 - (blockLen - minimalPaddingLen); -+ -+ // Note: fullLen is always not less than usedLen, and blockLen -+ // is always bigger than minimalPaddingLen, so we don't worry -+ // about negative values. 0x01 is added to the result to ensure -+ // that the return value is positive. The extra one byte does -+ // not impact the overall MAC compression function evaluations. -+ return 0x01 + (int)(Math.ceil(fullLen/(1.0d * blockLen)) - -+ Math.ceil(usedLen/(1.0d * blockLen))) * signer.hashBlockLen(); - } -- - - /* - * Well ... hello_request messages are _never_ hashed since we can't -diff --git a/src/share/classes/sun/security/ssl/MAC.java b/src/share/classes/sun/security/ssl/MAC.java ---- jdk/src/share/classes/sun/security/ssl/MAC.java -+++ jdk/src/share/classes/sun/security/ssl/MAC.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -44,7 +44,8 @@ import static sun.security.ssl.CipherSui - * one of several keyed hashes, as associated with the cipher suite and - * protocol version. (SSL v3.0 uses one construct, TLS uses another.) - * -- * <P>NOTE: MAC computation is the only place in the SSL protocol that the -+ * <P> -+ * NOTE: MAC computation is the only place in the SSL protocol that the - * sequence number is used. It's also reset to zero with each change of - * a cipher spec, so this is the only place this state is needed. - * -@@ -129,15 +130,31 @@ final class MAC { - } - - /** -+ * Returns the hash function block length of the MAC alorithm. -+ */ -+ int hashBlockLen() { -+ return macAlg.hashBlockSize; -+ } -+ -+ /** -+ * Returns the hash function minimal padding length of the MAC alorithm. -+ */ -+ int minimalPaddingLen() { -+ return macAlg.minimalPaddingSize; -+ } -+ -+ /** - * Computes and returns the MAC for the data in this byte array. - * - * @param type record type - * @param buf compressed record on which the MAC is computed - * @param offset start of compressed record data - * @param len the size of the compressed record -+ * @param isSimulated if true, simulate the the MAC computation - */ -- final byte[] compute(byte type, byte buf[], int offset, int len) { -- return compute(type, null, buf, offset, len); -+ final byte[] compute(byte type, byte buf[], -+ int offset, int len, boolean isSimulated) { -+ return compute(type, null, buf, offset, len, isSimulated); - } - - /** -@@ -150,9 +167,10 @@ final class MAC { - * @param type record type - * @param bb a ByteBuffer in which the position and limit - * demarcate the data to be MAC'd. -+ * @param isSimulated if true, simulate the the MAC computation - */ -- final byte[] compute(byte type, ByteBuffer bb) { -- return compute(type, bb, null, 0, bb.remaining()); -+ final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) { -+ return compute(type, bb, null, 0, bb.remaining(), isSimulated); - } - - // increment the sequence number in the block array -@@ -168,18 +186,22 @@ final class MAC { - * Compute based on either buffer type, either bb.position/limit - * or buf/offset/len. - */ -- private byte[] compute(byte type, ByteBuffer bb, byte[] buf, int offset, int len) { -+ private byte[] compute(byte type, ByteBuffer bb, byte[] buf, -+ int offset, int len, boolean isSimulated) { - - if (macSize == 0) { - return nullMAC; - } - -- block[BLOCK_OFFSET_TYPE] = type; -- block[block.length - 2] = (byte)(len >> 8); -- block[block.length - 1] = (byte)(len ); -+ // MUST NOT increase the sequence number for a simulated computation. -+ if (!isSimulated) { -+ block[BLOCK_OFFSET_TYPE] = type; -+ block[block.length - 2] = (byte)(len >> 8); -+ block[block.length - 1] = (byte)(len ); - -- mac.update(block); -- incrementSequenceNumber(); -+ mac.update(block); -+ incrementSequenceNumber(); -+ } - - // content - if (bb != null) { -diff --git a/src/share/classes/sun/security/ssl/OutputRecord.java b/src/share/classes/sun/security/ssl/OutputRecord.java ---- jdk/src/share/classes/sun/security/ssl/OutputRecord.java -+++ jdk/src/share/classes/sun/security/ssl/OutputRecord.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -204,7 +204,7 @@ class OutputRecord extends ByteArrayOutp - } - if (signer.MAClen() != 0) { - byte[] hash = signer.compute(contentType, buf, -- headerSize, count - headerSize); -+ headerSize, count - headerSize, false); - write(hash); - } - } -diff --git a/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/share/classes/sun/security/ssl/SSLEngineImpl.java ---- jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java -+++ jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -919,34 +919,13 @@ final public class SSLEngineImpl extends - * throw a fatal alert if the integrity check fails. - */ - try { -- decryptedBB = inputRecord.decrypt(readCipher, readBB); -+ decryptedBB = inputRecord.decrypt(readMAC, readCipher, readBB); - } catch (BadPaddingException e) { -- // RFC 2246 states that decryption_failed should be used -- // for this purpose. However, that allows certain attacks, -- // so we just send bad record MAC. We also need to make -- // sure to always check the MAC to avoid a timing attack -- // for the same issue. See paper by Vaudenay et al. -- // -- // rewind the BB if necessary. -- readBB.rewind(); -- -- inputRecord.checkMAC(readMAC, readBB); -- -- // use the same alert types as for MAC failure below - byte alertType = (inputRecord.contentType() == - Record.ct_handshake) ? - Alerts.alert_handshake_failure : - Alerts.alert_bad_record_mac; -- fatal(alertType, "Invalid padding", e); -- } -- -- if (!inputRecord.checkMAC(readMAC, decryptedBB)) { -- if (inputRecord.contentType() == Record.ct_handshake) { -- fatal(Alerts.alert_handshake_failure, -- "bad handshake record MAC"); -- } else { -- fatal(Alerts.alert_bad_record_mac, "bad record MAC"); -- } -+ fatal(alertType, e.getMessage(), e); - } - - // if (!inputRecord.decompress(c)) -diff --git a/src/share/classes/sun/security/ssl/SSLSocketImpl.java b/src/share/classes/sun/security/ssl/SSLSocketImpl.java ---- jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java -+++ jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -922,27 +922,12 @@ final public class SSLSocketImpl extends - * throw a fatal alert if the integrity check fails. - */ - try { -- r.decrypt(readCipher); -+ r.decrypt(readMAC, readCipher); - } catch (BadPaddingException e) { -- // RFC 2246 states that decryption_failed should be used -- // for this purpose. However, that allows certain attacks, -- // so we just send bad record MAC. We also need to make -- // sure to always check the MAC to avoid a timing attack -- // for the same issue. See paper by Vaudenay et al. -- r.checkMAC(readMAC); -- // use the same alert types as for MAC failure below - byte alertType = (r.contentType() == Record.ct_handshake) - ? Alerts.alert_handshake_failure - : Alerts.alert_bad_record_mac; -- fatal(alertType, "Invalid padding", e); -- } -- if (!r.checkMAC(readMAC)) { -- if (r.contentType() == Record.ct_handshake) { -- fatal(Alerts.alert_handshake_failure, -- "bad handshake record MAC"); -- } else { -- fatal(Alerts.alert_bad_record_mac, "bad record MAC"); -- } -+ fatal(alertType, e.getMessage(), e); - } - - // if (!r.decompress(c)) diff --git a/java/openjdk6/files/icedtea/security/20130219/8007688.patch b/java/openjdk6/files/icedtea/security/20130219/8007688.patch deleted file mode 100644 index bc13a982ab4f..000000000000 --- a/java/openjdk6/files/icedtea/security/20130219/8007688.patch +++ /dev/null @@ -1,130 +0,0 @@ -# HG changeset patch -# User coffeys -# Date 1360873966 0 -# Node ID 617e68a3948824283f15c36fcd8cf264c1dd0a99 -# Parent 25e83b78298b71abb46eb5a337ed7bddef418ca4 -8007688: Blacklist known bad certificate -Reviewed-by: mullan - -diff --git a/src/share/classes/sun/security/util/UntrustedCertificates.java b/src/share/classes/sun/security/util/UntrustedCertificates.java ---- jdk/src/share/classes/sun/security/util/UntrustedCertificates.java -+++ jdk/src/share/classes/sun/security/util/UntrustedCertificates.java -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -739,5 +739,111 @@ public final class UntrustedCertificates - "B8WfedLHjFW/TMcnXlEWKz4=\n" + - "-----END CERTIFICATE-----"); - -+ // -+ // Revoked DigiCert code signing certificates used to sign malware -+ // -+ -+ // Subject: CN=Buster Paper Comercial Ltda, -+ // O=Buster Paper Comercial Ltda, -+ // L=S?o Jos? Dos Campos, -+ // ST=S?o Paulo, -+ // C=BR -+ // Issuer: CN=DigiCert Assured ID Code Signing CA-1, -+ // OU=www.digicert.com, -+ // O=DigiCert Inc, -+ // C=US -+ // Serial: 07:b4:4c:db:ff:fb:78:de:05:f4:26:16:72:a6:73:12 -+ add("buster-paper-comercial-ltda-72A67312", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIGwzCCBaugAwIBAgIQB7RM2//7eN4F9CYWcqZzEjANBgkqhkiG9w0BAQUFADBv\n" + -+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + -+ "d3cuZGlnaWNlcnQuY29tMS4wLAYDVQQDEyVEaWdpQ2VydCBBc3N1cmVkIElEIENv\n" + -+ "ZGUgU2lnbmluZyBDQS0xMB4XDTEzMDExNzAwMDAwMFoXDTE0MDEyMjEyMDAwMFow\n" + -+ "gY4xCzAJBgNVBAYTAkJSMRMwEQYDVQQIDApTw6NvIFBhdWxvMR4wHAYDVQQHDBVT\n" + -+ "w6NvIEpvc8OpIERvcyBDYW1wb3MxJDAiBgNVBAoTG0J1c3RlciBQYXBlciBDb21l\n" + -+ "cmNpYWwgTHRkYTEkMCIGA1UEAxMbQnVzdGVyIFBhcGVyIENvbWVyY2lhbCBMdGRh\n" + -+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzO0l6jWIpEfO2oUpVHpL\n" + -+ "HETj5lzivNb0S9jKHgGJax917czh81PnGTxwxFXd6gLJuy/XFHvmiSi8g8jzlymn\n" + -+ "2Ji5zQ3CPaz7nomJokSUDlMVJ2qYWtctw4jrdjuI4qtn+koXXUFkWjkf8h8251I4\n" + -+ "tUs7S49HE2Go5owCYP3byajj7fsFAYR/Xb7TdVtndkZsUB/YgOjHovyACjouaNCi\n" + -+ "mDiRyQ6zLLjZGiyeD65Yiseuhp5b8/BL5h1p7w76QYMYMVQNAdtDKut2R8MBpuWf\n" + -+ "Ny7Eoi0x/gm1p9X5Rcl5aN7K0G4UtTAJKbkuUfXddsyFoM0Nx8uo8SgNQ8Y/X5Jx\n" + -+ "BwIDAQABo4IDOTCCAzUwHwYDVR0jBBgwFoAUe2jOKarAF75JeuHlP9an90WPNTIw\n" + -+ "HQYDVR0OBBYEFFLZ3n5nt/Eer7n1bvtOqMb1qKO5MA4GA1UdDwEB/wQEAwIHgDAT\n" + -+ "BgNVHSUEDDAKBggrBgEFBQcDAzBzBgNVHR8EbDBqMDOgMaAvhi1odHRwOi8vY3Js\n" + -+ "My5kaWdpY2VydC5jb20vYXNzdXJlZC1jcy0yMDExYS5jcmwwM6AxoC+GLWh0dHA6\n" + -+ "Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9hc3N1cmVkLWNzLTIwMTFhLmNybDCCAcQGA1Ud\n" + -+ "IASCAbswggG3MIIBswYJYIZIAYb9bAMBMIIBpDA6BggrBgEFBQcCARYuaHR0cDov\n" + -+ "L3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsG\n" + -+ "AQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABD\n" + -+ "AGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABh\n" + -+ "AGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQBy\n" + -+ "AHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBn\n" + -+ "ACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABs\n" + -+ "AGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABp\n" + -+ "AG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBl\n" + -+ "AGYAZQByAGUAbgBjAGUALjCBggYIKwYBBQUHAQEEdjB0MCQGCCsGAQUFBzABhhho\n" + -+ "dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wTAYIKwYBBQUHMAKGQGh0dHA6Ly9jYWNl\n" + -+ "cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRENvZGVTaWduaW5nQ0Et\n" + -+ "MS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOCAQEAPTTQvpOIikXI\n" + -+ "hTLnNbajaFRR5GhQpTzUNgBfF9VYSlNw/wMjpGsrh5RxaJCip52jbehmTgjMRhft\n" + -+ "jRYyml44PAVsCcR9uEoDpCZYpI1fHI1R+F8jd1C9rqprbSwwOG4xlg4SmvTHYs6e\n" + -+ "gBItQ/1p9XY+Sf4Wv1qOuOFL1qvV/5VyR2zdlOQCmKCeMgxt6a/tHLBDiAA67D44\n" + -+ "/vfdoNJl0CU2It0PO60jdCPFNWIRcxL+OSDqAoePeUC7xQ+JsTEIxuUE8+d6w6fc\n" + -+ "BV2mYb1flh22t46GLjh4gyo7xw3aL6L0L0jzlTT6IcEw6NIbaPbIKj/npQnHobYj\n" + -+ "XMuKLxbh7g==\n" + -+ "-----END CERTIFICATE-----"); -+ -+ // Subject: CN=BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME, -+ // O=BUSTER ASSISTENCIA TECNICA ELETRONICA LTDA - ME, -+ // L=S?o Paulo, -+ // ST=S?o Paulo, -+ // C=BR -+ // Issuer: CN=DigiCert Assured ID Code Signing CA-1, -+ // OU=www.digicert.com, -+ // O=DigiCert Inc, -+ // C=US -+ // Serial: 0a:38:9b:95:ee:73:6d:d1:3b:c0:ed:74:3f:d7:4d:2f -+ add("buster-assistencia-tecnica-electronica-ltda-3FD74D2F", -+ "-----BEGIN CERTIFICATE-----\n" + -+ "MIIG4DCCBcigAwIBAgIQCjible5zbdE7wO10P9dNLzANBgkqhkiG9w0BAQUFADBv\n" + -+ "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n" + -+ "d3cuZGlnaWNlcnQuY29tMS4wLAYDVQQDEyVEaWdpQ2VydCBBc3N1cmVkIElEIENv\n" + -+ "ZGUgU2lnbmluZyBDQS0xMB4XDTEyMTEwOTAwMDAwMFoXDTEzMTExNDEyMDAwMFow\n" + -+ "gasxCzAJBgNVBAYTAkJSMRMwEQYDVQQIDApTw6NvIFBhdWxvMRMwEQYDVQQHDApT\n" + -+ "w6NvIFBhdWxvMTgwNgYDVQQKEy9CVVNURVIgQVNTSVNURU5DSUEgVEVDTklDQSBF\n" + -+ "TEVUUk9OSUNBIExUREEgLSBNRTE4MDYGA1UEAxMvQlVTVEVSIEFTU0lTVEVOQ0lB\n" + -+ "IFRFQ05JQ0EgRUxFVFJPTklDQSBMVERBIC0gTUUwggEiMA0GCSqGSIb3DQEBAQUA\n" + -+ "A4IBDwAwggEKAoIBAQDAqNeEs5/B2CTXGjTOkUIdu6jV6qulOZwdw4sefHWYj1UR\n" + -+ "4z6zPk9kjpUgbnb402RFq88QtfInwddZ/wXn9OxMtDd/3TnC7HrhNS7ga79ZFL2V\n" + -+ "JnmzKHum2Yvh0q82QEJ9tHBR2X9VdKpUIH08Zs3k6cWWM1H0YX0cxA/HohhesQJW\n" + -+ "kwJ3urOIJiH/HeByDk8a1NS8safcCxk5vxvW4WvCg43iT09LeHY5Aa8abKw8lqVb\n" + -+ "0tD5ZSIjdmdj3TT1U37iAHLLRM2DXbxfdbhouUX1c5U1ZHAMA67HwjKiseOiDaHj\n" + -+ "NUGbC37C+cgbc9VVM/cURD8WvS0Kj6fQv7F2QtJDAgMBAAGjggM5MIIDNTAfBgNV\n" + -+ "HSMEGDAWgBR7aM4pqsAXvkl64eU/1qf3RY81MjAdBgNVHQ4EFgQU88EXKAyDsh30\n" + -+ "o9+Gu9a4xUy+FSMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMD\n" + -+ "MHMGA1UdHwRsMGowM6AxoC+GLWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9hc3N1\n" + -+ "cmVkLWNzLTIwMTFhLmNybDAzoDGgL4YtaHR0cDovL2NybDQuZGlnaWNlcnQuY29t\n" + -+ "L2Fzc3VyZWQtY3MtMjAxMWEuY3JsMIIBxAYDVR0gBIIBuzCCAbcwggGzBglghkgB\n" + -+ "hv1sAwEwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9z\n" + -+ "c2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4A\n" + -+ "eQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQA\n" + -+ "ZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUA\n" + -+ "IABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAA\n" + -+ "YQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcA\n" + -+ "cgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIA\n" + -+ "aQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQA\n" + -+ "ZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMIGC\n" + -+ "BggrBgEFBQcBAQR2MHQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0\n" + -+ "LmNvbTBMBggrBgEFBQcwAoZAaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp\n" + -+ "Z2lDZXJ0QXNzdXJlZElEQ29kZVNpZ25pbmdDQS0xLmNydDAMBgNVHRMBAf8EAjAA\n" + -+ "MA0GCSqGSIb3DQEBBQUAA4IBAQAei1QmiXepje8OIfo/WonD4MIXgpPr2dfRaquQ\n" + -+ "A8q63OpTRSveyqdQDCSPpDRF/nvO1Y30yksZvIH1tNBsW5LBdxAKN3lFdBlqBwtE\n" + -+ "Q3jHc0KVVYRJ0FBaGE/PJHmRajscdAhYIcMPhTga0u0tDK+wOHEq3993dfl6yHjA\n" + -+ "XHU2iW5pnk75ZoE39zALD5eKXT8ZXrET5c3XUFJKWA+XuGmdmyzqo0Au49PanBv9\n" + -+ "UlZnabYfqoMArqMS0tGSX4cGgi9/2E+pHG9BX4sFW+ZDumroOA2pxyMWEKjxePEL\n" + -+ "zCOfhbsRWdMLYepauaNZOIMZXmFwcrIl0TGMkTAtATz+XmZc\n" + -+ "-----END CERTIFICATE-----"); -+ - } - } |