5408N/A * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This is the client key exchange message (CLIENT --> SERVER) used with 0N/A * all RSA key exchanges; it holds the RSA-encrypted pre-master secret. 0N/A * The message is encrypted using PKCS #1 block type 02 encryption with the 0N/A * server's public key. The padding and resulting message size is a function 0N/A * of this server's public key modulus size, but the pre-master secret is 0N/A * always exactly 48 bytes. 0N/A * The TLS spec says that the version in the RSA premaster secret must 0N/A * be the maximum version supported by the client (i.e. the version it 0N/A * requested in its client hello version). However, we (and other 0N/A * implementations) used to send the active negotiated version. The 0N/A * system property below allows to toggle the behavior. 0N/A "com.sun.net.ssl.rsaPreMasterSecretFix";
2998N/A * Default is "false" (old behavior) for compatibility reasons in 0N/A * The following field values were encrypted with the server's public 0N/A * key (or temp key from server key exchange msg) and are presented 0N/A * here in DECRYPTED form. 0N/A * Client randomly creates a pre-master secret and encrypts it 0N/A * using the server's RSA public key; only the server can decrypt 0N/A * it, using its RSA private key. Result is the same size as the 0N/A * server's public key, and uses PKCS #1 block format 02. 3002N/A "SunTls12RsaPremasterSecret" :
"SunTlsRsaPremasterSecret");
0N/A * Server gets the PKCS #1 (block format 02) data, decrypts 0N/A * it with its private key. 0N/A (
"SSL: read PreMasterSecret: short read");
2998N/A // polish the premaster secret 2998N/A // polish the premaster secret 2998N/A * To avoid vulnerabilities described by section 7.4.7.1, RFC 5246, 2998N/A * treating incorrectly formatted message blocks and/or mismatched 2998N/A * version numbers in a manner indistinguishable from correctly 2998N/A * RFC 5246 describes the approach as : 2998N/A * 1. Generate a string R of 46 random bytes 2998N/A * 2. Decrypt the message to recover the plaintext M 2998N/A * 3. If the PKCS#1 padding is not correct, or the length of message 2998N/A * M is not exactly 48 bytes: 2998N/A * pre_master_secret = ClientHello.client_version || R 2998N/A * else If ClientHello.client_version <= TLS 1.0, and version 2998N/A * number check is explicitly disabled: 2998N/A * pre_master_secret = ClientHello.client_version || M[2..47] 2998N/A "unable to get the plaintext of the premaster secret");
5408N/A "incorrect length of premaster secret: " +
5408N/A // The key size is exactly 48 bytes or not accessible. 5408N/A // Conservatively, pass the checking to master secret 5408N/A * For compatibility, we maintain the behavior that the 5408N/A * version in pre_master_secret can be the negotiated 5408N/A * version for TLS v1.0 and SSL v3.0. 2998N/A ", while PreMasterSecret.client_version is " +
2998N/A "incorrect length of premaster secret: " +
0N/A // generate a premaster secret with the specified version number 3002N/A "SunTls12RsaPremasterSecret" :
"SunTlsRsaPremasterSecret");