archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8217835: Remove the experimental SunJSSE FIPS compliant mode

Browse source 
Reviewed-by: mullan
This commit is contained in:
Xue-Lei Andrew Fan 2019-02-12 13:36:15 -08:00
parent 5d0ff15a58
commit fca0af0487
46 changed files with 364 additions and 2350 deletions
Download patch file Download diff file Expand all files Collapse all files

38
src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,6 +27,7 @@ package sun.security.ssl;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import static sun.security.ssl.ClientHello.ClientHelloMessage;
@ -143,7 +144,13 @@ abstract class HelloCookieManager {
cookieVersion++;
}
MessageDigest md = JsseJce.getMessageDigest("SHA-256");
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException(
"MessageDigest algorithm SHA-256 is not available", nsae);
}
byte[] helloBytes = clientHello.getHelloCookieBytes();
md.update(helloBytes);
byte[] cookie = md.digest(secret); // 32 bytes
@ -169,7 +176,13 @@ abstract class HelloCookieManager {
}
}
MessageDigest md = JsseJce.getMessageDigest("SHA-256");
MessageDigest md;
try {
md = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException(
"MessageDigest algorithm SHA-256 is not available", nsae);
}
byte[] helloBytes = clientHello.getHelloCookieBytes();
md.update(helloBytes);
byte[] target = md.digest(secret); // 32 bytes
@ -234,8 +247,16 @@ abstract class HelloCookieManager {
cookieVersion++; // allow wrapped version number
}
MessageDigest md = JsseJce.getMessageDigest(
MessageDigest md;
try {
md = MessageDigest.getInstance(
context.negotiatedCipherSuite.hashAlg.name);
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException(
"MessageDigest algorithm " +
context.negotiatedCipherSuite.hashAlg.name +
" is not available", nsae);
}
byte[] headerBytes = clientHello.getHeaderBytes();
md.update(headerBytes);
byte[] headerCookie = md.digest(secret);
@ -300,7 +321,14 @@ abstract class HelloCookieManager {
}
}
MessageDigest md = JsseJce.getMessageDigest(cs.hashAlg.name);
MessageDigest md;
try {
md = MessageDigest.getInstance(cs.hashAlg.name);
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException(
"MessageDigest algorithm " +
cs.hashAlg.name + " is not available", nsae);
}
byte[] headerBytes = clientHello.getHeaderBytes();
md.update(headerBytes);
byte[] headerCookie = md.digest(secret);