1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
|
2006-07-09 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/AbstractSessionContext.java (newInstance):
return `AbstractSessionContext.'
(getSession): check if the session is null.
* gnu/javax/net/ssl/Session.java (packetBufferSize): removed.
(<init>): initialize `applicationBufferSize.'
(getPacketBufferSize): return application buffer size, plus 2048.
* gnu/javax/net/ssl/provider/AbstractHandshake.java (PAD1, PAD2):
new constants.
(handleInput): implement; call `implHandleOutput,' and hash
messages as they are consumed.
(implHandleInput): new abstract method.
(handleOutput): fix hashing of produced bytes.
(status, handleV2Hello): new abstract methods.
(pollHandshake): don't hash the input here; add logging.
(hasMessage): add logging.
(reallocateBuffer): shift the existing contents down in the
buffer, if it is, on the whole, large enough for new input.
(genV2CertificateVerify): renamed...
(genV3CertificateVerify): to this, which is correct.
(generateKeys): fix PRF setup; generate an IV for 1.1; add
logging.
(generateFinished): add logging; update with correct padding.
(generateMasterSecret): add logging; fix PRF initialization.
* gnu/javax/net/ssl/provider/CipherSuite.java (mac): use mac
algorithm name "HMac-SHA1".
* gnu/javax/net/ssl/provider/ClientHello.java: make extendable.
* gnu/javax/net/ssl/provider/ClientHelloBuilder.java: new file.
* gnu/javax/net/ssl/provider/ClientHelloV2.java (<init>): order
the input buffer BIG_ENDIAN.
(cipherSpecs): made public; use qualified return type.
* gnu/javax/net/ssl/provider/Debug.java: new file.
* gnu/javax/net/ssl/provider/Extension.java (<init>): order the
input buffer BIG_ENDIAN.
(length): return the total length, including the length field.
(toString): add prefix to value.
* gnu/javax/net/ssl/provider/ExtensionList.java (<init>): order
the input buffer BIG_ENDIAN.
* gnu/javax/net/ssl/provider/InputSecurityParameters.java
(logger): new constant.
(suite): new field.
(<init>): also take a `CipherSuite' argument.
(decrypt): use `update,' not `doFinal' for decryption; add debug
logging; fix mac computation; fix copying fragment to output.
(cipherSuite): return `suite' field.
* gnu/javax/net/ssl/provider/Jessie.java (<init>): add
"TLSv1.1-RSA" signature.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java
(logger): new constant.
(suite): new field.
(<init>): take additional `CipherSuite' argument.
(encrypt): add debug logging; fix mac computation; various little
fixes.
(suite): new method.
* gnu/javax/net/ssl/provider/ProtocolVersion.java (forName): also
recognize "TLSv1.1".
* gnu/javax/net/ssl/provider/Random.java (copy): fix copying the
internal buffer.
* gnu/javax/net/ssl/provider/Record.java (<init>): order the input
buffer BIG_ENDIAN.
(toString): include length in output.
* gnu/javax/net/ssl/provider/SSLContextImpl.java (serverContext,
clientContext): declare both as `AbstractSessionContext.'
* gnu/javax/net/ssl/provider/SSLEngineImpl.java (logger): make an
instance of `SystemLogger.'
(mode): declare as a Mode.
(Mode): new enum.
(<init>): add logging; initialize `enabledProtocols' and
`enabledSuites.'
(beginHandshake): debug logging; handle Mode enum.
(closeOutbound): prepare `lastAlert' to carry the close alert.
(isInboundDone, isOutboundDone): implement.
(setUseClientMode): use Mode enum.
(unwrap): fix V2 hello handling; optimize calls when the cipher
suite is TLS_NULL_WITH_NULL_NULL; add debug logging; handle closue
alerts properly; fix record length reporting.
(wrap): set `outClosed' if we are sending a closure alert here;
delay changing output security params until we emit the change
notification; optimize initial handshake; fix input buffer
consumption; handle end of handshake.
* gnu/javax/net/ssl/provider/SSLRSASignatureImpl.java: new file.
* gnu/javax/net/ssl/provider/ServerDHParams.java (buffer): set
position to 0 in the buffer we return.
* gnu/javax/net/ssl/provider/ServerHandshake.java (version,
suite): removed.
(chooseSuite): make non-static; only choose a cipher suite that we
have a compatible certificate for.
(chooseCompression): use properties to enable/disable zlib.
(doHash): say no if we are handling a V2 hello.
(handleInput): rename to...
(implHandleInput): this; only handle a single handshake message in
this method (handleInput from the superclass will call us
repeatedly to drain the input buffer); various other fixes.
(implHandleOutput): debug logging; temporarily disable packing
more than one handshake per record; various little fixes.
(status, handleV2Hello): new methods.
(genDiffieHellman): use static parameters from the DiffieHellman
class.
(signParams): use correct signature algorithm.
* gnu/javax/net/ssl/provider/ServerHello.java (totalLength):
removed.
(disableExtensions): new field.
(length): don't query extensions if `disableExtensions' is true.
* gnu/javax/net/ssl/provider/ServerHelloBuilder.java
(setDisableExtensions): new method.
* gnu/javax/net/ssl/provider/ServerNameList.java: various parsing
fixes.
* gnu/javax/net/ssl/provider/SessionImpl.java (<init>): new
constructor.
(setApplicationBufferSize): new method.
(setPacketBufferSize): new method.
* gnu/javax/net/ssl/provider/SignatureAlgorithm.java
(getAlgorithm): new method.
* gnu/javax/net/ssl/provider/Util.java: make public; mark
security-sensitive methods deprecated.
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java
(chooseAliases): handle DSA; handle unrecognized signature
algorithms.
2006-06-28 Casey Marshall <csm@gnu.org>
* jessie-tests/testCertificate.java: update for Builder
interface and API changes.
* jesasie-tests/testServerHello.java: likewise.
* jessie-tests/testServerKeyExchange.java: likewise.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/crypto/key/GnuPBEKey.java: new file.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/AbstractHandshake.java: implement
numerous "common" methods in server and client handshakes.
* gnu/javax/net/ssl/provider/AlertException.java: made public; add
cause constructors.
* gnu/javax/net/ssl/provider/Builder.java: new file.
* gnu/javax/net/ssl/provider/Certificate.java: make subclassable.
* gnu/javax/net/ssl/provider/CertificateBuilder.java: new file.
* gnu/javax/net/ssl/provider/CertificateRequest.java: make
subclassable.
* gnu/javax/net/ssl/provider/CertificateRequestBuilder.java: new
file.
* gnu/javax/net/ssl/provider/CipherSuite.java: remove dependence
on protocol version.
* gnu/javax/net/ssl/provider/ClientHello.java (hasExtensions): new
method.
* gnu/javax/net/ssl/provider/ClientHelloV2.java (cipherSpecs):
genericize collections.
* gnu/javax/net/ssl/provider/ClientKeyExchange.java: make version
argument explicit, instead of implied by the cipher suite.
* gnu/javax/net/ssl/provider/Constructed.java: expand JavaDocs.
* gnu/javax/net/ssl/provider/Finished.java: accept TLS 1.1 version
numbers, too.
* gnu/javax/net/ssl/provider/Handshake.java: make version
explicit, instead of implied by the cipher suite.
* gnu/javax/net/ssl/provider/InputSecurityParameters.java: made
public.
(suite): removed.
(session): new field (replaces/encapsulates `suite').
(<init>): made public; take a SessionImpl, not a CipherSuite.
(decrypt, decrypt, decrypt): add support for growable buffers AND
a fixed-size array of buffers (we use the former internally; the
latter is used to implement the scatter/gather model of
SSLEngine.
* gnu/javax/net/ssl/provider/Jessie.java: update algorithms.
* gnu/javax/net/ssl/provider/MacAlgorithm.java: just specify
NULL/MD5/SHA, not version-specific algorithms.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java:
replace suite with session; support scatter/gather operation.
* gnu/javax/net/ssl/provider/ProtocolVersion.java: implement
Comparable<ProtocolVersion>.
* gnu/javax/net/ssl/provider/Random.java: implement Builder.
(buffer): new method.
* gnu/javax/net/ssl/provider/SSLContextImpl.java: new file.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java: numerous changes;
largely implemented now.
* gnu/javax/net/ssl/provider/SSLv3HMacMD5Impl.java: new file.
* gnu/javax/net/ssl/provider/SSLv3HMacSHAImpl.java: new file.
* gnu/javax/net/ssl/provider/ServerDHParams.java: implement
Builder.
(<init>): new constructor that takes known parameters.
(buffer): new method.
* gnu/javax/net/ssl/provider/ServerHandshake.java: numerous
changes; largely implemented now.
* gnu/javax/net/ssl/provider/ServerHello.java: make subclassable.
* gnu/javax/net/ssl/provider/ServerHelloBuilder.java: new file.
* gnu/javax/net/ssl/provider/ServerKeyExchange.java: make
subclassable.
* gnu/javax/net/ssl/provider/ServerKeyExchangeBuilder.java: new
file.
* gnu/javax/net/ssl/provider/SessionImpl.java: expanded.
* gnu/javax/net/ssl/provider/Signature.java: implement Builder.
(<init>): new method, that takes a pre-computed signature.
(buffer): new method.
* gnu/javax/net/ssl/provider/SimpleSessionContext.java: new file.
* gnu/javax/net/ssl/provider/X509KeyManagerFactory.java:
genericize Collections usage.
(Manager): extend X509ExtendedKeyManager; genericize fields.
(Manager.chooseEngineClientAlias): new method.
(Manager.chooseEngineServerAlias): new method.
* gnu/javax/net/ssl/provider/X509TrustManagerFactory.java (sep):
new constant; use it instead of constantly calling getProperty.
(init): genericize lists.
(Manager.trusted): removed.
(Manager.anchors): new field (replacement for above).
(<init>): handle changes to fields.
(getAcceptedIssuers): use `anchors.toArray().'
(checkTrusted): use a PKIX CertPathVerifier.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/AbstractSessionContext.java: renamed from
`SessionStore.' Implement SessionContext.
* gnu/javax/net/ssl/PrivateCredentials.java: genericize
collections.
* gnu/javax/net/ssl/Session.java (packetBufferSize): new field.
(values): genericize.
(random): make transient.
(truncatedMac, context): new fields.
(getLocalPrincipal, getPacketBufferSize, getPeerPrincipal)
(getSessionContext): implement.
(isTruncatedMac): new method.
(repair, privateData, setPrivateData): new abstract methods.
(PrivateData.serialVersionUID): new constant.
* gnu/javax/net/ssl/SessionStore.java: renamed to
`AbstractSessionContext.'
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/java/security/Requires.java: new annotation.
* gnu/java/security/action/GetSecurityPropertyAction.java:
implement PrivilegedAction<String>.
(run): return String.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/java/io/ByteBufferOutputStream.java: new file.
2006-06-28 Casey Marshall <csm@gnu.org>
* gnu/classpath/debug/SystemLogger.java: extend Logger.
(SYSTEM): declare as instance of SystemLogger; set it to such an
instance.
(<clinit>): removed debug lines.
(<init>): new method.
(logv): new method.
2006-06-28 Casey Marshall <csm@gnu.org>
* java/security/Signature.java (update): new method.
* java/security/SignatureSpi.java (engineUpdate): new method.
2006-06-10 Casey Marshall <csm@gnu.org>
* jessie-tests/testClientHello.java: update for extensions
changes.
* jessie-tests/testExtensionList.java: likewise.
* jessie-tests/testServerHello.java: likewise.
2006-06-10 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ServerHello.java (extensions): return
an ExtensionList.
(setExtensionsLength): set the length in the buffer.
(toString): print out individual extensions.
* gnu/javax/net/ssl/provider/Extension.java (valueBytes): new
method.
(valueBuffer): new method.
(value): return an Extenion.Value.
(toString): print out extension value.
(Value): new abstract inner class.
* gnu/javax/net/ssl/provider/ClientHello.java (extensions): return
an ExtensionList.
(setExtensionListLength): set the length in the buffer.
(toString): print out extensions.
* gnu/javax/net/ssl/provider/ServerHandshake.java
(chooseSuite, chooseCompression): use generics and foreach loops.
* gnu/javax/net/ssl/provider/ExtensionList.java: new class.
* gnu/javax/net/ssl/provider/MaxFragmentLength.java: new class.
* gnu/javax/net/ssl/provider/CertificateURL.java: new class.
* gnu/javax/net/ssl/provider/UnresolvedExtensionValue.java: new
class.
* gnu/javax/net/ssl/provider/TruncatedHMAC.java: new class.
* gnu/javax/net/ssl/provider/ServerNameList.java: new class.
* gnu/javax/net/ssl/provider/TrustedAuthorities.java: new class.
* gnu/javax/net/ssl/provider/CertificateStatusType.java: new
class.
* gnu/javax/net/ssl/provider/CertificateStatusRequest.java: new
class.
2006-06-05 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/Extension.java: add Javadoc.
(length): return the length of the extension value.
(setLength, setType, setValue, setValue): new methods.
* gnu/javax/net/ssl/provider/ExtensionList.java: new file.
* jessie-tests/run-tests.sh: add testExtensionList.
* jessie-tests/testExtensionList.java: new file.
2006-06-05 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/CipherSuiteList.java: implement
Iterable<CipherSuite>.
(iterator): new method.
* gnu/javax/net/ssl/provider/CompressionMethodList.java: implement
Iterable<CompressionMethod>.
(iterator): new method.
* gnu/javax/net/ssl/provider/X500PrincipalList.java: implement
Iterable<X500Principal>.
(iterator): new method.
2006-06-05 C. Scott Marshall <csm@gnu.org>
* java/security/MessageDigest.java (update): new method.
* java/security/MessageDigestSpi.java (engineUpdate): new method.
2006-06-03 C. Scott Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ServerHelloDone.java: made public.
* jessie-tests/run-tests.sh: add `testServerHelloDone.'
* jessie-tests/testServerHelloDone.java: new test.
|