--- a/src/java.base/share/classes/sun/security/rsa/RSAPadding.java Fri May 11 14:55:56 2018 -0700
+++ b/src/java.base/share/classes/sun/security/rsa/RSAPadding.java Fri May 11 15:53:12 2018 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -39,16 +39,13 @@
/**
* RSA padding and unpadding.
*
- * The various PKCS#1 versions can be found in the EMC/RSA Labs
- * web site, which is currently:
- *
- * http://www.emc.com/emc-plus/rsa-labs/index.htm
+ * The various PKCS#1 versions can be found in the IETF RFCs
+ * tracking the corresponding PKCS#1 standards.
*
- * or in the IETF RFCs derived from the above PKCS#1 standards.
- *
- * RFC 2313: v1.5
- * RFC 2437: v2.0
- * RFC 3447: v2.1
+ * RFC 2313: PKCS#1 v1.5
+ * RFC 2437: PKCS#1 v2.0
+ * RFC 3447: PKCS#1 v2.1
+ * RFC 8017: PKCS#1 v2.2
*
* The format of PKCS#1 v1.5 padding is:
*
@@ -105,11 +102,11 @@
// maximum size of the data
private final int maxDataSize;
- // OAEP: main messagedigest
+ // OAEP: main message digest
private MessageDigest md;
- // OAEP: message digest for MGF1
- private MessageDigest mgfMd;
+ // OAEP: MGF1
+ private MGF1 mgf;
// OAEP: value of digest of data (user-supplied or zero-length) using md
private byte[] lHash;
@@ -164,7 +161,7 @@
break;
case PAD_OAEP_MGF1:
String mdName = "SHA-1";
- String mgfMdName = "SHA-1";
+ String mgfMdName = mdName;
byte[] digestInput = null;
try {
if (spec != null) {
@@ -185,10 +182,9 @@
digestInput = ((PSource.PSpecified) pSrc).getValue();
}
md = MessageDigest.getInstance(mdName);
- mgfMd = MessageDigest.getInstance(mgfMdName);
+ mgf = new MGF1(mgfMdName);
} catch (NoSuchAlgorithmException e) {
- throw new InvalidKeyException
- ("Digest " + mdName + " not available", e);
+ throw new InvalidKeyException("Digest not available", e);
}
lHash = getInitialHash(md, digestInput);
int digestLen = lHash.length;
@@ -196,7 +192,7 @@
if (maxDataSize <= 0) {
throw new InvalidKeyException
("Key is too short for encryption using OAEPPadding" +
- " with " + mdName + " and MGF1" + mgfMdName);
+ " with " + mdName + " and " + mgf.getName());
}
break;
default:
@@ -431,10 +427,10 @@
System.arraycopy(M, 0, EM, mStart, M.length);
// produce maskedDB
- mgf1(EM, seedStart, seedLen, EM, dbStart, dbLen);
+ mgf.generateAndXor(EM, seedStart, seedLen, dbLen, EM, dbStart);
// produce maskSeed
- mgf1(EM, dbStart, dbLen, EM, seedStart, seedLen);
+ mgf.generateAndXor(EM, dbStart, dbLen, seedLen, EM, seedStart);
return EM;
}
@@ -457,8 +453,8 @@
int dbStart = hLen + 1;
int dbLen = EM.length - dbStart;
- mgf1(EM, dbStart, dbLen, EM, seedStart, seedLen);
- mgf1(EM, seedStart, seedLen, EM, dbStart, dbLen);
+ mgf.generateAndXor(EM, dbStart, dbLen, seedLen, EM, seedStart);
+ mgf.generateAndXor(EM, seedStart, seedLen, dbLen, EM, dbStart);
// verify lHash == lHash'
for (int i = 0; i < hLen; i++) {
@@ -506,37 +502,4 @@
return m;
}
}
-
- /**
- * Compute MGF1 using mgfMD as the message digest.
- * Note that we combine MGF1 with the XOR operation to reduce data
- * copying.
- *
- * We generate maskLen bytes of MGF1 from the seed and XOR it into
- * out[] starting at outOfs;
- */
- private void mgf1(byte[] seed, int seedOfs, int seedLen,
- byte[] out, int outOfs, int maskLen) throws BadPaddingException {
- byte[] C = new byte[4]; // 32 bit counter
- byte[] digest = new byte[mgfMd.getDigestLength()];
- while (maskLen > 0) {
- mgfMd.update(seed, seedOfs, seedLen);
- mgfMd.update(C);
- try {
- mgfMd.digest(digest, 0, digest.length);
- } catch (DigestException e) {
- // should never happen
- throw new BadPaddingException(e.toString());
- }
- for (int i = 0; (i < digest.length) && (maskLen > 0); maskLen--) {
- out[outOfs++] ^= digest[i++];
- }
- if (maskLen > 0) {
- // increment counter
- for (int i = C.length - 1; (++C[i] == 0) && (i > 0); i--) {
- // empty
- }
- }
- }
- }
}