infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-10 15:08:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

8377550: [REDO] Need to keep leading zeros in TlsPremasterSecret of TLS1.3 DHKeyAgreement

Browse Source 
Reviewed-by: hchao, mullan
This commit is contained in:
Daniel Jeliński 2026-04-02 13:40:51 +00:00
parent 81b6fcc3e9
commit 06c9aebce3
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/java.base/share/classes/sun/security/ssl/KAKeyDerivation.java
View File

@ -49,6 +49,9 @@ import sun.security.util.KeyUtil;
*/
public class KAKeyDerivation implements SSLKeyDerivation {
// Algorithm used to derive TLS 1.3 shared secrets
private static final String t13KeyDerivationAlgorithm =
System.getProperty("jdk.tls.t13KeyDerivationAlgorithm", "Generic");
private final String algorithmName;
private final HandshakeContext context;
private final PrivateKey localPrivateKey;
@ -234,7 +237,7 @@ public class KAKeyDerivation implements SSLKeyDerivation {
var decapsulator = kem.newDecapsulator(localPrivateKey);
sharedSecret = decapsulator.decapsulate(
keyshare, 0, decapsulator.secretSize(),
"TlsPremasterSecret");
t13KeyDerivationAlgorithm);
} catch (IllegalArgumentException | InvalidKeyException |
DecapsulateException e) {
// Peer validation failure
@ -252,7 +255,7 @@ public class KAKeyDerivation implements SSLKeyDerivation {
KeyAgreement ka = KeyAgreement.getInstance(algorithmName);
ka.init(localPrivateKey);
ka.doPhase(peerPublicKey, true);
sharedSecret = ka.generateSecret("TlsPremasterSecret");
sharedSecret = ka.generateSecret(t13KeyDerivationAlgorithm);
}
return deriveHandshakeSecret(type, sharedSecret);