Merge

JasonFengJ9 · Jan 18, 2024 · 3b5e8b1 · 3b5e8b1
2 parents def3180 + 876bb77
commit 3b5e8b1
Show file tree

Hide file tree

Showing 8 changed files with 166 additions and 101 deletions.
diff --git a/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java b/jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java
@@ -98,6 +98,7 @@ public final class RSACipher extends CipherSpi {
 
     // cipher parameter for OAEP padding and TLS RSA premaster secret
     private AlgorithmParameterSpec spec = null;
+    private boolean forTlsPremasterSecret = false;
 
     // buffer for the data
     private byte[] buffer;
@@ -290,6 +291,7 @@ private void init(int opmode, Key key, SecureRandom random,
                 }
 
                 spec = params;
+                forTlsPremasterSecret = true;
                 this.random = random;   // for TLS RSA premaster secret
             }
             int blockType = (mode <= MODE_DECRYPT) ? RSAPadding.PAD_BLOCKTYPE_2
@@ -381,7 +383,7 @@ private byte[] doFinal() throws BadPaddingException,
                 byte[] decryptBuffer = RSACore.convert(buffer, 0, bufOfs);
                 paddingCopy = RSACore.rsa(decryptBuffer, privateKey, false);
                 result = padding.unpad(paddingCopy);
-                if (result == null) {
+                if (result == null && !forTlsPremasterSecret) {
                     throw new BadPaddingException
                             ("Padding error in decryption");
                 }
@@ -469,26 +471,22 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
 
         boolean isTlsRsaPremasterSecret =
                 algorithm.equals("TlsRsaPremasterSecret");
-        Exception failover = null;
         byte[] encoded = null;
 
         update(wrappedKey, 0, wrappedKey.length);
         try {
             encoded = doFinal();
-        } catch (BadPaddingException e) {
-            if (isTlsRsaPremasterSecret) {
-                failover = e;
-            } else {
-                throw new InvalidKeyException("Unwrapping failed", e);
-            }
-        } catch (IllegalBlockSizeException e) {
-            // should not occur, handled with length check above
+        } catch (BadPaddingException | IllegalBlockSizeException e) {
+            // BadPaddingException cannot happen for TLS RSA unwrap.
+            // In that case, padding error is indicated by returning null.
+            // IllegalBlockSizeException cannot happen in any case,
+            // because of the length check above.
             throw new InvalidKeyException("Unwrapping failed", e);
         }
 
         try {
             if (isTlsRsaPremasterSecret) {
-                if (!(spec instanceof TlsRsaPremasterSecretParameterSpec)) {
+                if (!forTlsPremasterSecret) {
                     throw new IllegalStateException(
                             "No TlsRsaPremasterSecretParameterSpec specified");
                 }
@@ -497,7 +495,7 @@ protected Key engineUnwrap(byte[] wrappedKey, String algorithm,
                 encoded = KeyUtil.checkTlsPreMasterSecretKey(
                         ((TlsRsaPremasterSecretParameterSpec) spec).getClientVersion(),
                         ((TlsRsaPremasterSecretParameterSpec) spec).getServerVersion(),
-                        random, encoded, (failover != null));
+                        random, encoded, encoded == null);
             }
 
             return ConstructKeys.constructKey(encoded, algorithm, type);

diff --git a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
@@ -312,7 +312,6 @@ byte[] sign(Key key, SignedInfo si, XMLSignContext context)
         }
         signature.initSign((PrivateKey)key);
         LOG.debug("Signature provider: {}", signature.getProvider());
-        LOG.debug("Signing with key: {}", key);
         LOG.debug("JCA Algorithm: {}", getJCAAlgorithm());
 
         try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {

diff --git a/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java b/jdk/src/share/classes/sun/security/provider/certpath/ForwardBuilder.java
@@ -336,8 +336,11 @@ private void getMatchingCACerts(ForwardState currentState,
         }
     }
 
+    // Thread-local gate to prevent recursive provider lookups
+    private static ThreadLocal<Object> gate = new ThreadLocal<>();
+
     /**
-     * Download Certificates from the given AIA and add them to the
+     * Download certificates from the given AIA and add them to the
      * specified Collection.
      */
     // cs.getCertificates(caSelector) returns a collection of X509Certificate's
@@ -349,32 +352,47 @@ private boolean getCerts(AuthorityInfoAccessExtension aiaExt,
         if (Builder.USE_AIA == false) {
             return false;
         }
+
         List<AccessDescription> adList = aiaExt.getAccessDescriptions();
         if (adList == null || adList.isEmpty()) {
             return false;
         }
 
-        boolean add = false;
-        for (AccessDescription ad : adList) {
-            CertStore cs = URICertStore.getInstance(ad);
-            if (cs != null) {
-                try {
-                    if (certs.addAll((Collection<X509Certificate>)
-                        cs.getCertificates(caSelector))) {
-                        add = true;
-                        if (!searchAllCertStores) {
-                            return true;
+        if (gate.get() != null) {
+            // Avoid recursive fetching of certificates
+            if (debug != null) {
+                debug.println("Recursive fetching of certs via the AIA " +
+                    "extension detected");
+            }
+            return false;
+        }
+
+        gate.set(gate);
+        try {
+            boolean add = false;
+            for (AccessDescription ad : adList) {
+                CertStore cs = URICertStore.getInstance(ad);
+                if (cs != null) {
+                    try {
+                        if (certs.addAll((Collection<X509Certificate>)
+                            cs.getCertificates(caSelector))) {
+                            add = true;
+                            if (!searchAllCertStores) {
+                                return true;
+                            }
+                        }
+                    } catch (CertStoreException cse) {
+                        if (debug != null) {
+                            debug.println("exception getting certs from CertStore:");
+                            cse.printStackTrace();
                         }
-                    }
-                } catch (CertStoreException cse) {
-                    if (debug != null) {
-                        debug.println("exception getting certs from CertStore:");
-                        cse.printStackTrace();
                     }
                 }
             }
+            return add;
+        } finally {
+            gate.set(null);
         }
-        return add;
     }
 
     /**

diff --git a/jdk/src/share/classes/sun/security/util/KeyUtil.java b/jdk/src/share/classes/sun/security/util/KeyUtil.java
@@ -253,44 +253,53 @@ public static final boolean isOracleJCEProvider(String providerName) {
      *         contains the lower of that suggested by the client in the client
      *         hello and the highest supported by the server.
      * @param  encoded the encoded key in its "RAW" encoding format
-     * @param  isFailover whether or not the previous decryption of the
-     *         encrypted PreMasterSecret message run into problem
+     * @param  failure true if encoded is incorrect according to previous checks
      * @return the polished PreMasterSecret key in its "RAW" encoding format
      */
     public static byte[] checkTlsPreMasterSecretKey(
             int clientVersion, int serverVersion, SecureRandom random,
-            byte[] encoded, boolean isFailOver) {
+            byte[] encoded, boolean failure) {
+
+        byte[] tmp;
 
         if (random == null) {
             random = JCAUtil.getSecureRandom();
         }
         byte[] replacer = new byte[48];
         random.nextBytes(replacer);
 
-        if (!isFailOver && (encoded != null)) {
-            // check the length
-            if (encoded.length != 48) {
-                // private, don't need to clone the byte array.
-                return replacer;
-            }
-
-            int encodedVersion =
-                    ((encoded[0] & 0xFF) << 8) | (encoded[1] & 0xFF);
-            if (clientVersion != encodedVersion) {
-                if (clientVersion > 0x0301 ||               // 0x0301: TLSv1
-                       serverVersion != encodedVersion) {
-                    encoded = replacer;
-                }   // Otherwise, For compatibility, we maintain the behavior
-                    // that the version in pre_master_secret can be the
-                    // negotiated version for TLS v1.0 and SSL v3.0.
-            }
+        if (failure) {
+            tmp = replacer;
+        } else {
+            tmp = encoded;
+        }
 
+        if (tmp == null) {
+            encoded = replacer;
+        } else {
+            encoded = tmp;
+        }
+        // check the length
+        if (encoded.length != 48) {
             // private, don't need to clone the byte array.
-            return encoded;
+            tmp = replacer;
+        } else {
+            tmp = encoded;
         }
 
-        // private, don't need to clone the byte array.
-        return replacer;
+        int encodedVersion =
+                ((tmp[0] & 0xFF) << 8) | (tmp[1] & 0xFF);
+        int check1 = 0;
+        int check2 = 0;
+        int check3 = 0;
+        if (clientVersion != encodedVersion) check1 = 1;
+        if (clientVersion > 0x0301) check2 = 1;
+        if (serverVersion != encodedVersion) check3 = 1;
+        if ((check1 & (check2 | check3)) == 1) {
+            return replacer;
+        } else {
+            return tmp;
+        }
     }
 
     /**

diff --git a/jdk/src/share/native/common/check_code.c b/jdk/src/share/native/common/check_code.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,6 +84,7 @@
 #include <assert.h>
 #include <limits.h>
 #include <stdlib.h>
+#include <stdint.h>
 
 #include "jni.h"
 #include "jvm.h"
@@ -1202,7 +1203,7 @@ verify_opcode_operands(context_type *context, unsigned int inumber, int offset)
             }
         }
         if (opcode == JVM_OPC_tableswitch) {
-            keys = _ck_ntohl(lpc[2]) -  _ck_ntohl(lpc[1]) + 1;
+            keys = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]) + 1;
             delta = 1;
         } else {
             keys = _ck_ntohl(lpc[1]); /* number of pairs */
@@ -1682,11 +1683,13 @@ static int instruction_length(unsigned char *iptr, unsigned char *end)
     switch (instruction) {
         case JVM_OPC_tableswitch: {
             int *lpc = (int *)UCALIGN(iptr + 1);
-            int index;
             if (lpc + 2 >= (int *)end) {
                 return -1; /* do not read pass the end */
             }
-            index = _ck_ntohl(lpc[2]) - _ck_ntohl(lpc[1]);
+            int64_t low  = _ck_ntohl(lpc[1]);
+            int64_t high = _ck_ntohl(lpc[2]);
+            int64_t index = high - low;
+            // The value of low must be less than or equal to high - i.e. index >= 0
             if ((index < 0) || (index > 65535)) {
                 return -1;      /* illegal */
             } else {