Skip to content

Commit b0440ad

Browse files
author
duke
committed
Backport 56baf64ada04f233fbfe4e0cd033c86183e22015
1 parent b84eb05 commit b0440ad

2 files changed

Lines changed: 17 additions & 15 deletions

File tree

src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java

Lines changed: 10 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -29,13 +29,11 @@
2929
import java.nio.ByteBuffer;
3030
import java.security.GeneralSecurityException;
3131
import java.security.ProviderException;
32-
import java.security.spec.AlgorithmParameterSpec;
3332
import javax.crypto.KDF;
3433
import javax.crypto.KeyGenerator;
3534
import javax.crypto.SecretKey;
3635
import javax.crypto.spec.HKDFParameterSpec;
3736
import javax.crypto.spec.IvParameterSpec;
38-
import javax.crypto.spec.SecretKeySpec;
3937
import javax.net.ssl.SSLHandshakeException;
4038
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
4139
import sun.security.internal.spec.TlsKeyMaterialSpec;
@@ -191,26 +189,26 @@ private static byte[] createHkdfInfo(
191189

192190
private enum KeySchedule {
193191
// Note that we use enum name as the key name.
194-
TlsKey ("key", false),
195-
TlsIv ("iv", true),
196-
TlsUpdateNplus1 ("traffic upd", false);
192+
TlsKey ("key"),
193+
TlsIv ("iv"),
194+
TlsUpdateNplus1 ("traffic upd");
197195

198196
private final byte[] label;
199-
private final boolean isIv;
200197

201-
KeySchedule(String label, boolean isIv) {
198+
KeySchedule(String label) {
202199
this.label = ("tls13 " + label).getBytes();
203-
this.isIv = isIv;
204200
}
205201

206202
int getKeyLength(CipherSuite cs) {
207-
if (this == KeySchedule.TlsUpdateNplus1)
208-
return cs.hashAlg.hashLength;
209-
return isIv ? cs.bulkCipher.ivSize : cs.bulkCipher.keySize;
203+
return switch (this) {
204+
case TlsUpdateNplus1 -> cs.hashAlg.hashLength;
205+
case TlsIv -> cs.bulkCipher.ivSize;
206+
case TlsKey -> cs.bulkCipher.keySize;
207+
};
210208
}
211209

212210
String getAlgorithm(CipherSuite cs, String algorithm) {
213-
return isIv ? algorithm : cs.bulkCipher.algorithm;
211+
return this == TlsKey ? cs.bulkCipher.algorithm : algorithm;
214212
}
215213
}
216214

test/jdk/sun/security/pkcs11/tls/fips/FipsModeTLS.java

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424

2525
/*
2626
* @test
27-
* @bug 8029661 8325164 8368073 8368514
27+
* @bug 8029661 8325164 8368073 8368514 8368520
2828
* @summary Test TLS 1.2 and TLS 1.3
2929
* @modules java.base/sun.security.internal.spec
3030
* java.base/sun.security.util
@@ -89,6 +89,9 @@ public final class FipsModeTLS extends SecmodTest {
8989
private static PublicKey publicKey;
9090

9191
public static void main(String[] args) throws Exception {
92+
// reduce the limit to trigger a key update later
93+
Security.setProperty("jdk.tls.keyLimits",
94+
"AES/GCM/NoPadding KeyUpdate 10000");
9295
try {
9396
initialize();
9497
} catch (Exception e) {
@@ -305,10 +308,11 @@ public static void run() throws Exception {
305308
cTOs = ByteBuffer.allocateDirect(netBufferMax);
306309
sTOc = ByteBuffer.allocateDirect(netBufferMax);
307310

311+
// big enough to trigger a key update
308312
clientOut = ByteBuffer.wrap(
309-
"Hi Server, I'm Client".getBytes());
313+
"a".repeat(16000).getBytes());
310314
serverOut = ByteBuffer.wrap(
311-
"Hello Client, I'm Server".getBytes());
315+
"b".repeat(16000).getBytes());
312316

313317
SSLEngineResult clientResult;
314318
SSLEngineResult serverResult;

0 commit comments

Comments
 (0)