/hg/icedtea7-forest/jdk: 4 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Mon Nov 23 16:37:43 UTC 2015
changeset 1b114fff840b in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=1b114fff840b
author: xuelei
date: Sun Oct 13 21:10:33 2013 -0700
8026119. PR2679: Regression test DHEKeySizing.java failing intermittently
Reviewed-by: weijun
changeset 16cce7fa3ecb in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=16cce7fa3ecb
author: igerasim
date: Fri Apr 24 13:59:30 2015 +0300
8076328, PR2679: Enforce key exchange constraints
Reviewed-by: wetmore, ahgross, asmotrak, xuelei
changeset 91216176dcc7 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=91216176dcc7
author: xuelei
date: Thu Jul 23 09:51:31 2015 +0100
8081760, PR2679: Better group dynamics
Reviewed-by: coffeys, mullan, weijun, jnimeh, ahgross, asmotrak
changeset 4045b2061282 in /hg/icedtea7-forest/jdk
details: http://icedtea.classpath.org/hg/icedtea7-forest/jdk?cmd=changeset;node=4045b2061282
author: andrew
date: Fri Nov 20 01:09:50 2015 +0000
Added tag icedtea-2.7.0pre04 for changeset 91216176dcc7
diffstat:
.hgtags | 1 +
test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java | 58 ++++++---
2 files changed, 38 insertions(+), 21 deletions(-)
diffs (137 lines):
diff -r 10aef0978975 -r 4045b2061282 .hgtags
--- a/.hgtags Mon Oct 19 08:01:47 2015 +0100
+++ b/.hgtags Fri Nov 20 01:09:50 2015 +0000
@@ -631,3 +631,4 @@
6a8bf2d8048964b384b20c71bf441f113193a81b icedtea-2.7.0pre02
66eea0d727761bfbee10784baa6941f118bc06d1 jdk7u85-b02
dbb972937b50ccd7edc4534d74b91eb66fe6cf0b icedtea-2.7.0pre03
+91216176dcc70528412a937e962bcc7221322701 icedtea-2.7.0pre04
diff -r 10aef0978975 -r 4045b2061282 test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Mon Oct 19 08:01:47 2015 +0100
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Fri Nov 20 01:09:50 2015 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,34 +31,34 @@
* @bug 6956398
* @summary make ephemeral DH key match the length of the certificate key
* @run main/othervm
- * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ * DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
*
* @run main/othervm
- * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 292 75
+ * DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 229 75
*
* @run main/othervm
- * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139
+ * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1383 139
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1414 107
+ * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1319 107
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1894 267
+ * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1639 267
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1510 139
+ * DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA false 1383 139
*
* @run main/othervm
- * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
+ * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 357 139
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 388 107
+ * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 293 107
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
+ * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 357 139
* @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 484 139
+ * DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5 false 357 139
*/
/*
@@ -90,16 +90,17 @@
* Here is a summary of the record length in the test case.
*
* | ServerHello Series | ClientKeyExchange | ServerHello Anon
- * 512-bit | 1318 bytes | 75 bytes | 292 bytes
- * 768-bit | 1414 bytes | 107 bytes | 388 bytes
- * 1024-bit | 1510 bytes | 139 bytes | 484 bytes
- * 2048-bit | 1894 bytes | 267 bytes | 484 bytes
+ * 512-bit | 1255 bytes | 75 bytes | 229 bytes
+ * 768-bit | 1319 bytes | 107 bytes | 293 bytes
+ * 1024-bit | 1383 bytes | 139 bytes | 357 bytes
+ * 2048-bit | 1639 bytes | 267 bytes | 357 bytes
*/
import javax.net.ssl.*;
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.nio.*;
+import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@@ -111,7 +112,15 @@
public class DHEKeySizing {
- private static boolean debug = true;
+ private final static boolean debug = true;
+
+ // key length bias because of the stripping of leading zero bytes of
+ // negotiated DH keys.
+ //
+ // This is an effort to mimum intermittent failure when we cannot
+ // estimate what's the exact number of leading zero bytes of
+ // negotiated DH keys.
+ private final static int KEY_LEN_BIAS = 6;
private SSLContext sslc;
private SSLEngine ssle1; // client
@@ -269,7 +278,8 @@
twoToOne.flip();
log("Message length of ServerHello series: " + twoToOne.remaining());
- if (lenServerKeyEx != twoToOne.remaining()) {
+ if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) ||
+ twoToOne.remaining() > lenServerKeyEx) {
throw new Exception(
"Expected to generate ServerHello series messages of " +
lenServerKeyEx + " bytes, but not " + twoToOne.remaining());
@@ -289,7 +299,8 @@
oneToTwo.flip();
log("Message length of ClientKeyExchange: " + oneToTwo.remaining());
- if (lenClientKeyEx != oneToTwo.remaining()) {
+ if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) ||
+ oneToTwo.remaining() > lenClientKeyEx) {
throw new Exception(
"Expected to generate ClientKeyExchange message of " +
lenClientKeyEx + " bytes, but not " + oneToTwo.remaining());
@@ -367,6 +378,11 @@
}
public static void main(String args[]) throws Exception {
+ // reset security properties to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
if (args.length != 4) {
System.out.println(
"Usage: java DHEKeySizing cipher-suite " +
More information about the distro-pkg-dev
mailing list