1berry/openjdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

8165275: Replace the reflective call to the implUpdate method in HandshakeMessage::digestKey

Browse Source 
Replaced the reflection calls with the new sun.security.util.MessageDigestSpi2 interface

Reviewed-by: xuelei, mchung
This commit is contained in:
Valerie Peng 2016-10-11 00:04:35 +00:00
parent e91b43837d
commit 81d15be0db
4 changed files with 71 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/java.base/share/classes/java/security/MessageDigest.java
View File

@ -32,10 +32,13 @@ import java.io.ByteArrayOutputStream;
import java.io.PrintStream; import java.io.PrintStream;
import java.io.InputStream; import java.io.InputStream;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.security.InvalidKeyException;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import sun.security.util.Debug; import sun.security.util.Debug;
import sun.security.util.MessageDigestSpi2;
import javax.crypto.SecretKey;
/** /**
* This MessageDigest class provides applications the functionality of a * This MessageDigest class provides applications the functionality of a
@ -548,7 +551,7 @@ public abstract class MessageDigest extends MessageDigestSpi {
* and its original parent (Object). * and its original parent (Object).
*/ */
static class Delegate extends MessageDigest { static class Delegate extends MessageDigest implements MessageDigestSpi2 {
// The provider implementation (delegate) // The provider implementation (delegate)
private MessageDigestSpi digestSpi; private MessageDigestSpi digestSpi;
@ -601,6 +604,14 @@ public abstract class MessageDigest extends MessageDigestSpi {
digestSpi.engineUpdate(input); digestSpi.engineUpdate(input);
} }
public void engineUpdate(SecretKey key) throws InvalidKeyException {
if (digestSpi instanceof MessageDigestSpi2) {
((MessageDigestSpi2)digestSpi).engineUpdate(key);
} else {
throw new UnsupportedOperationException
("Digest does not support update of SecretKey object");
}
}
protected byte[] engineDigest() { protected byte[] engineDigest() {
return digestSpi.engineDigest(); return digestSpi.engineDigest();
} }

56
jdk/src/java.base/share/classes/sun/security/ssl/HandshakeMessage.java
View File

@ -49,6 +49,7 @@ import sun.security.internal.spec.TlsPrfParameterSpec;
import sun.security.ssl.CipherSuite.*; import sun.security.ssl.CipherSuite.*;
import static sun.security.ssl.CipherSuite.PRF.*; import static sun.security.ssl.CipherSuite.PRF.*;
import sun.security.util.KeyUtil; import sun.security.util.KeyUtil;
import sun.security.util.MessageDigestSpi2;
import sun.security.provider.certpath.OCSPResponse; import sun.security.provider.certpath.OCSPResponse;
/** /**
@ -2124,63 +2125,14 @@ static final class CertificateVerify extends HandshakeMessage {
md.update(temp); md.update(temp);
} }
private static final Class<?> delegate;
private static final Field spiField;
static {
try {
delegate = Class.forName("java.security.MessageDigest$Delegate");
spiField = delegate.getDeclaredField("digestSpi");
} catch (Exception e) {
throw new RuntimeException("Reflection failed", e);
}
makeAccessible(spiField);
}
private static void makeAccessible(final AccessibleObject o) {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
@Override
public Object run() {
o.setAccessible(true);
return null;
}
});
}
// ConcurrentHashMap does not allow null values, use this marker object
private static final Object NULL_OBJECT = new Object();
// cache Method objects per Spi class
// Note that this will prevent the Spi classes from being GC'd. We assume
// that is not a problem.
private static final Map<Class<?>,Object> methodCache =
new ConcurrentHashMap<>();
private static void digestKey(MessageDigest md, SecretKey key) { private static void digestKey(MessageDigest md, SecretKey key) {
try { try {
// Verify that md is implemented via MessageDigestSpi, not if (md instanceof MessageDigestSpi2) {
// via JDK 1.1 style MessageDigest subclassing. ((MessageDigestSpi2)md).engineUpdate(key);
if (md.getClass() != delegate) { } else {
throw new Exception("Digest is not a MessageDigestSpi");
}
MessageDigestSpi spi = (MessageDigestSpi)spiField.get(md);
Class<?> clazz = spi.getClass();
Object r = methodCache.get(clazz);
if (r == null) {
try {
r = clazz.getDeclaredMethod("implUpdate", SecretKey.class);
makeAccessible((Method)r);
} catch (NoSuchMethodException e) {
r = NULL_OBJECT;
}
methodCache.put(clazz, r);
}
if (r == NULL_OBJECT) {
throw new Exception( throw new Exception(
"Digest does not support implUpdate(SecretKey)"); "Digest does not support implUpdate(SecretKey)");
} }
Method update = (Method)r;
update.invoke(spi, key);
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException( throw new RuntimeException(
"Could not obtain encoded key and " "Could not obtain encoded key and "

44
jdk/src/java.base/share/classes/sun/security/util/MessageDigestSpi2.java Normal file
View File

@ -0,0 +1,44 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.util;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
/**
* Special interface for additional MessageDigestSpi method(s).
*/
public interface MessageDigestSpi2 {
/**
* Updates the digest using the specified key.
* This is used for SSL 3.0 only, we may deprecate and remove the support
* of this in the future
*
* @param key the key whose value is to be digested.
*/
void engineUpdate(SecretKey key) throws InvalidKeyException;
}

16
jdk/src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11Digest.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -34,6 +34,8 @@ import javax.crypto.SecretKey;
import sun.nio.ch.DirectBuffer; import sun.nio.ch.DirectBuffer;
import sun.security.util.MessageDigestSpi2;
import sun.security.pkcs11.wrapper.*; import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
@ -49,7 +51,8 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
* @author Andreas Sterbenz * @author Andreas Sterbenz
* @since 1.5 * @since 1.5
*/ */
final class P11Digest extends MessageDigestSpi implements Cloneable { final class P11Digest extends MessageDigestSpi implements Cloneable,
MessageDigestSpi2 {
/* fields initialized, no session acquired */ /* fields initialized, no session acquired */
private final static int S_BLANK = 1; private final static int S_BLANK = 1;
@ -233,10 +236,11 @@ final class P11Digest extends MessageDigestSpi implements Cloneable {
} }
// Called by SunJSSE via reflection during the SSL 3.0 handshake if // Called by SunJSSE via reflection during the SSL 3.0 handshake if
// the master secret is sensitive. We may want to consider making this // the master secret is sensitive.
// method public in a future release. // Note: Change to protected after this method is moved from
protected void implUpdate(SecretKey key) throws InvalidKeyException { // sun.security.util.MessageSpi2 interface to
// java.security.MessageDigestSpi class
public void engineUpdate(SecretKey key) throws InvalidKeyException {
// SunJSSE calls this method only if the key does not have a RAW // SunJSSE calls this method only if the key does not have a RAW
// encoding, i.e. if it is sensitive. Therefore, no point in calling // encoding, i.e. if it is sensitive. Therefore, no point in calling
// SecretKeyFactory to try to convert it. Just verify it ourselves. // SecretKeyFactory to try to convert it. Just verify it ourselves.