diff options
| author | tromey <tromey@138bc75d-0d04-0410-961f-82ee72b054a4> | 2007-03-28 18:25:07 +0000 |
|---|---|---|
| committer | tromey <tromey@138bc75d-0d04-0410-961f-82ee72b054a4> | 2007-03-28 18:25:07 +0000 |
| commit | 7661969dc3a19dc3b7d408b17f4c946a4e104738 (patch) | |
| tree | 828c5b4842df853884238a710a0a5db7bd0ec654 /libjava/classpath | |
| parent | 7af2a8746857d6b61f89982eef6b4f2826169ebc (diff) | |
| download | gcc-7661969dc3a19dc3b7d408b17f4c946a4e104738.tar.gz | |
2007-03-28 Casey Marshall <csm@gnu.org>
* gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun):
check keyEncipherment bit of the certificate, and just pass the public
key to the cipher.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@123307 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'libjava/classpath')
| -rw-r--r-- | libjava/classpath/ChangeLog | 6 | ||||
| -rw-r--r-- | libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java | 8 | ||||
| -rw-r--r-- | libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class | bin | 2856 -> 2856 bytes | |||
| -rw-r--r-- | libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class | bin | 3440 -> 3763 bytes |
4 files changed, 13 insertions, 1 deletions
diff --git a/libjava/classpath/ChangeLog b/libjava/classpath/ChangeLog index 376c072852d..caa611a55cd 100644 --- a/libjava/classpath/ChangeLog +++ b/libjava/classpath/ChangeLog @@ -1,3 +1,9 @@ +2007-03-28 Casey Marshall <csm@gnu.org> + + * gnu/javax/net/ssl/provider/ClientHandshake.java (RSAGen.implRun): + check keyEncipherment bit of the certificate, and just pass the public + key to the cipher. + 2007-03-27 Casey Marshall <csm@gnu.org> PR classpath/31302: diff --git a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java index 059b165a67d..a8780084508 100644 --- a/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java +++ b/libjava/classpath/gnu/javax/net/ssl/provider/ClientHandshake.java @@ -1082,7 +1082,13 @@ outer_loop: Cipher rsa = Cipher.getInstance("RSA"); java.security.cert.Certificate cert = engine.session().getPeerCertificates()[0]; - rsa.init(Cipher.ENCRYPT_MODE, cert); + if (cert instanceof X509Certificate) + { + boolean[] keyUsage = ((X509Certificate) cert).getKeyUsage(); + if (keyUsage != null && !keyUsage[2]) + throw new InvalidKeyException("certificate's keyUsage does not permit keyEncipherment"); + } + rsa.init(Cipher.ENCRYPT_MODE, cert.getPublicKey()); encryptedPreMasterSecret = rsa.doFinal(preMasterSecret); // Generate our session keys, because we can. diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class Binary files differindex 51a1a2b9508..c614ed58477 100644 --- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class +++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$GenCertVerify.class diff --git a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class Binary files differindex c7a8f8760db..6d99e3e3b8a 100644 --- a/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class +++ b/libjava/classpath/lib/gnu/javax/net/ssl/provider/ClientHandshake$RSAGen.class |