--- a/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Tue Jun 19 15:53:35 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Wed Jun 20 09:41:50 2018 -0700
@@ -477,6 +477,12 @@
SSLMasterKeyDerivation mskd =
SSLMasterKeyDerivation.valueOf(
context.negotiatedProtocol);
+ if (mskd == null) {
+ // unlikely
+ throw new SSLHandshakeException(
+ "No expected master key derivation for protocol: " +
+ context.negotiatedProtocol.name);
+ }
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
return kd.deriveKey("MasterSecret", params);
--- a/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Tue Jun 19 15:53:35 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Wed Jun 20 09:41:50 2018 -0700
@@ -433,6 +433,12 @@
SSLMasterKeyDerivation mskd =
SSLMasterKeyDerivation.valueOf(
context.negotiatedProtocol);
+ if (mskd == null) {
+ // unlikely
+ throw new SSLHandshakeException(
+ "No expected master key derivation for protocol: " +
+ context.negotiatedProtocol.name);
+ }
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
return kd.deriveKey("MasterSecret", params);
--- a/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java Tue Jun 19 15:53:35 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java Wed Jun 20 09:41:50 2018 -0700
@@ -40,6 +40,7 @@
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+import javax.net.ssl.SSLHandshakeException;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
import sun.security.util.KeyUtil;
@@ -297,6 +298,12 @@
SSLMasterKeyDerivation mskd =
SSLMasterKeyDerivation.valueOf(
context.negotiatedProtocol);
+ if (mskd == null) {
+ // unlikely
+ throw new SSLHandshakeException(
+ "No expected master key derivation for protocol: " +
+ context.negotiatedProtocol.name);
+ }
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
return kd.deriveKey("MasterSecret", params);
--- a/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Tue Jun 19 15:53:35 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Wed Jun 20 09:41:50 2018 -0700
@@ -37,18 +37,14 @@
import static sun.security.ssl.CipherSuite.HashAlg.H_NONE;
enum SSLMasterKeyDerivation implements SSLKeyDerivationGenerator {
- SSL30 ("kdf_ssl30", S30MasterSecretKeyDerivationGenerator.instance),
- TLS10 ("kdf_tls10", T10MasterSecretKeyDerivationGenerator.instance),
- TLS12 ("kdf_tls12", T12MasterSecretKeyDerivationGenerator.instance),
- TLS13 ("kdf_tls13", null);
+ SSL30 ("kdf_ssl30"),
+ TLS10 ("kdf_tls10"),
+ TLS12 ("kdf_tls12");
final String name;
- final SSLKeyDerivationGenerator keyDerivationGenerator;
- SSLMasterKeyDerivation(String name,
- SSLKeyDerivationGenerator keyDerivationGenerator) {
+ private SSLMasterKeyDerivation(String name) {
this.name = name;
- this.keyDerivationGenerator = keyDerivationGenerator;
}
static SSLMasterKeyDerivation valueOf(ProtocolVersion protocolVersion) {
@@ -62,8 +58,6 @@
case TLS12:
case DTLS12:
return SSLMasterKeyDerivation.TLS12;
- case TLS13:
- return SSLMasterKeyDerivation.TLS13;
default:
return null;
}
@@ -72,62 +66,10 @@
@Override
public SSLKeyDerivation createKeyDerivation(HandshakeContext context,
SecretKey secretKey) throws IOException {
- return keyDerivationGenerator.createKeyDerivation(context, secretKey);
- }
-
- private static final class S30MasterSecretKeyDerivationGenerator
- implements SSLKeyDerivationGenerator {
- private static final S30MasterSecretKeyDerivationGenerator instance =
- new S30MasterSecretKeyDerivationGenerator();
-
- // Prevent instantiation of this class.
- private S30MasterSecretKeyDerivationGenerator() {
- // blank
- }
-
- @Override
- public SSLKeyDerivation createKeyDerivation(
- HandshakeContext context, SecretKey secretKey) throws IOException {
- return new LegacyMasterKeyDerivation(context, secretKey);
- }
+ return new LegacyMasterKeyDerivation(context, secretKey);
}
-
- private static final class T10MasterSecretKeyDerivationGenerator
- implements SSLKeyDerivationGenerator {
- private static final T10MasterSecretKeyDerivationGenerator instance =
- new T10MasterSecretKeyDerivationGenerator();
-
- // Prevent instantiation of this class.
- private T10MasterSecretKeyDerivationGenerator() {
- // blank
- }
-
- @Override
- public SSLKeyDerivation createKeyDerivation(
- HandshakeContext context, SecretKey secretKey) throws IOException {
- return new LegacyMasterKeyDerivation(context, secretKey);
- }
- }
-
- private static final class T12MasterSecretKeyDerivationGenerator
- implements SSLKeyDerivationGenerator {
- private static final T12MasterSecretKeyDerivationGenerator instance =
- new T12MasterSecretKeyDerivationGenerator();
-
- // Prevent instantiation of this class.
- private T12MasterSecretKeyDerivationGenerator() {
- // blank
- }
-
- @Override
- public SSLKeyDerivation createKeyDerivation(
- HandshakeContext context, SecretKey secretKey) throws IOException {
- return new LegacyMasterKeyDerivation(context, secretKey);
- }
-
- }
-
+ // Note, we may use different key derivation implementation in the future.
private static final
class LegacyMasterKeyDerivation implements SSLKeyDerivation {
--- a/src/java.base/share/classes/sun/security/ssl/SSLSecretDerivation.java Tue Jun 19 15:53:35 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSecretDerivation.java Wed Jun 20 09:41:50 2018 -0700
@@ -95,7 +95,9 @@
} else {
// unlikely, but please update if more hash algorithm
// get supported in the future.
- expandContext = new byte[0];
+ throw new SSLHandshakeException(
+ "Unexpected unsupported hash algorithm: " +
+ algorithm);
}
} else {
expandContext = transcriptHash;