/hg/release/icedtea7-forest-2.6/jdk: 3 new changesets

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Wed Oct 21 04:41:28 UTC 2015 

changeset 9e9f8bfd0cb6 in /hg/release/icedtea7-forest-2.6/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.6/jdk?cmd=changeset;node=9e9f8bfd0cb6
author: xuelei
date: Sun Oct 13 21:10:33 2013 -0700

	8026119. PR2679: Regression test DHEKeySizing.java failing intermittently
	Reviewed-by: weijun


changeset 55f29cb5ff8c in /hg/release/icedtea7-forest-2.6/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.6/jdk?cmd=changeset;node=55f29cb5ff8c
author: igerasim
date: Fri Apr 24 13:59:30 2015 +0300

	8076328, PR2679: Enforce key exchange constraints
	Reviewed-by: wetmore, ahgross, asmotrak, xuelei


changeset db69ae53157a in /hg/release/icedtea7-forest-2.6/jdk
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.6/jdk?cmd=changeset;node=db69ae53157a
author: xuelei
date: Thu Jul 23 09:51:31 2015 +0100

	8081760, PR2679: Better group dynamics
	Reviewed-by: coffeys, mullan, weijun, jnimeh, ahgross, asmotrak


diffstat:

 test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java |  58 ++++++---
 1 files changed, 37 insertions(+), 21 deletions(-)

diffs (129 lines):

diff -r 88330a73d258 -r db69ae53157a test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java
--- a/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	Wed Oct 21 03:15:32 2015 +0100
+++ b/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java	Thu Jul 23 09:51:31 2015 +0100
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,34 +31,34 @@
  * @bug 6956398
  * @summary make ephemeral DH key match the length of the certificate key
  * @run main/othervm
- *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1318 75
+ *      DHEKeySizing SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA true 1255 75
  *
  * @run main/othervm
- *      DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 292 75
+ *      DHEKeySizing SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA true 229 75
  *
  * @run main/othervm
- *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1510 139
+ *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1383 139
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1414 107
+ *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1319 107
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1894 267
+ *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1639 267
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1510 139
+ *      DHEKeySizing TLS_DHE_RSA_WITH_AES_128_CBC_SHA  false 1383 139
  *
  * @run main/othervm
- *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 484 139
+ *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=legacy
- *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 388 107
+ *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 293 107
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=matched
- *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 484 139
+ *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
  * @run main/othervm -Djdk.tls.ephemeralDHKeySize=1024
- *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 484 139
+ *      DHEKeySizing SSL_DH_anon_WITH_RC4_128_MD5  false 357 139
  */
 
 /*
@@ -90,16 +90,17 @@
  * Here is a summary of the record length in the test case.
  *
  *            |  ServerHello Series  |  ClientKeyExchange | ServerHello Anon
- *   512-bit  |          1318 bytes  |           75 bytes |        292 bytes
- *   768-bit  |          1414 bytes  |          107 bytes |        388 bytes
- *  1024-bit  |          1510 bytes  |          139 bytes |        484 bytes
- *  2048-bit  |          1894 bytes  |          267 bytes |        484 bytes
+ *   512-bit  |          1255 bytes  |           75 bytes |        229 bytes
+ *   768-bit  |          1319 bytes  |          107 bytes |        293 bytes
+ *  1024-bit  |          1383 bytes  |          139 bytes |        357 bytes
+ *  2048-bit  |          1639 bytes  |          267 bytes |        357 bytes
  */
 
 import javax.net.ssl.*;
 import javax.net.ssl.SSLEngineResult.*;
 import java.io.*;
 import java.nio.*;
+import java.security.Security;
 import java.security.KeyStore;
 import java.security.KeyFactory;
 import java.security.cert.Certificate;
@@ -111,7 +112,15 @@
 
 public class DHEKeySizing {
 
-    private static boolean debug = true;
+    private final static boolean debug = true;
+
+    // key length bias because of the stripping of leading zero bytes of
+    // negotiated DH keys.
+    //
+    // This is an effort to mimum intermittent failure when we cannot
+    // estimate what's the exact number of leading zero bytes of
+    // negotiated DH keys.
+    private final static int KEY_LEN_BIAS = 6;
 
     private SSLContext sslc;
     private SSLEngine ssle1;    // client
@@ -269,7 +278,8 @@
         twoToOne.flip();
 
         log("Message length of ServerHello series: " + twoToOne.remaining());
-        if (lenServerKeyEx != twoToOne.remaining()) {
+        if (twoToOne.remaining() < (lenServerKeyEx - KEY_LEN_BIAS) ||
+                twoToOne.remaining() > lenServerKeyEx) {
             throw new Exception(
                 "Expected to generate ServerHello series messages of " +
                 lenServerKeyEx + " bytes, but not " + twoToOne.remaining());
@@ -289,7 +299,8 @@
         oneToTwo.flip();
 
         log("Message length of ClientKeyExchange: " + oneToTwo.remaining());
-        if (lenClientKeyEx != oneToTwo.remaining()) {
+        if (oneToTwo.remaining() < (lenClientKeyEx - KEY_LEN_BIAS) ||
+                oneToTwo.remaining() > lenClientKeyEx) {
             throw new Exception(
                 "Expected to generate ClientKeyExchange message of " +
                 lenClientKeyEx + " bytes, but not " + oneToTwo.remaining());
@@ -367,6 +378,11 @@
     }
 
     public static void main(String args[]) throws Exception {
+        // reset security properties to make sure that the algorithms
+        // and keys used in this test are not disabled.
+        Security.setProperty("jdk.tls.disabledAlgorithms", "");
+        Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
         if (args.length != 4) {
             System.out.println(
                 "Usage: java DHEKeySizing cipher-suite " +

More information about the distro-pkg-dev mailing list