diff options
author | Casey Marshall <csm@gnu.org> | 2007-03-28 18:25:07 +0000 |
---|---|---|
committer | Tom Tromey <tromey@gcc.gnu.org> | 2007-03-28 18:25:07 +0000 |
commit | 5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf (patch) | |
tree | 828c5b4842df853884238a710a0a5db7bd0ec654 /libjava | |
parent | 8eced3a2a9b9f99561ac2033b85c8bde386e46cd (diff) | |
download | gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.zip gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.gz gcc-5a953bf1012fcb4c69d3e13bffa7eeb4dd1912bf.tar.bz2 |
ClientHandshake.java (RSAGen.implRun): check keyEncipherment bit of the certificate...
2007-03-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
check keyEncipherment bit of the certificate, and just pass the public
key to the cipher.
From-SVN: r123307
Diffstat (limited to 'libjava')
-rw-r--r-- | libjava/classpath/ChangeLog | 6 | ||||
-rw-r--r-- | libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java | 8 | ||||
-rw-r--r-- | libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class | bin | 2856 -> 2856 bytes | |||
-rw-r--r-- | libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class | bin | 3440 -> 3763 bytes |
4 files changed, 13 insertions, 1 deletions
diff --git a/libjava/classpath/ChangeLog b/libjava/classpath/ChangeLog index 376c072..caa611a 100644 --- a/libjava/classpath/ChangeLog +++ b/libjava/classpath/ChangeLog @@ -1,3 +1,9 @@ +2007-03-28 Casey Marshall <csm@gnu.org> + + * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): + check keyEncipherment bit of the certificate, and just pass the public + key to the cipher. + 2007-03-27 Casey Marshall <csm@gnu.org> PR classpath/31302: diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java index 059b165..a878008 100644 --- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java +++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java @@ -1082,7 +1082,13 @@ outer_loop: Cipher rsa = Cipher.getInstance("RSA"); java.security.cert.Certificate cert = engine.session().getPeerCertificates()[0]; - rsa.init(Cipher.ENCRYPT_MODE, cert); + if (cert instanceof X509Certificate) + { + boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage(); + if (keyUsage != null && !keyUsage[2]) + throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment"); + } + rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey()); encryptedPreMasterSecret = rsa.doFinal(preMasterSecret); // Generate our session keys, because we can. diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class Binary files differindex 51a1a2b..c614ed58 100644 --- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class +++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class Binary files differindex c7a8f87..6d99e3e 100644 --- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class +++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class |