jessie-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jessie-discuss] Running GNU-Classpath-SSL with Sun-JDK1.5

From: Casey Marshall
Subject: Re: [Jessie-discuss] Running GNU-Classpath-SSL with Sun-JDK1.5
Date: Fri, 23 Mar 2007 17:46:39 -0700 
Did you undo the patch I posted earlier?

On Mar 23, 2007, at 5:38 PM, chinmaya wrote:


Thanks Casey, but I am still getting same error !!
I have just enabled the debug on GNU classpath jar, so that you can see the line number in stack trace. 
Here is the new stack trace
gnu.javax.net.ssl.provider.AlertException: HANDSHAKE_FAILURE: locally generated; FATAL at gnu.javax.net.ssl.provider.ServerHandshake.checkKeyExchange (ServerHandshake.java:1184) at gnu.javax.net.ssl.provider.AbstractHandshake.getInputParams (AbstractHandshake.java:330) at gnu.javax.net.ssl.provider.SSLEngineImpl.unwrap (SSLEngineImpl.java:560) 
        at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake (SSLSocketImpl.java:473) at gnu.javax.net.ssl.provider.SSLSocketImpl $SocketInputStream.read(SSLSocketImpl.java:150) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes (StreamDecoder.java:411) at sun.nio.cs.StreamDecoder$CharsetSD.implRead (StreamDecoder.java:453) 
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
        at java.io.InputStreamReader.read(InputStreamReader.java:167)
        at java.io.BufferedReader.fill(BufferedReader.java:136)
        at java.io.BufferedReader.read(BufferedReader.java:157)
        at TLSDataListener.processData(TLSDataListener.java :26)
        at TLSServer$2.run(TLSServer.java:197)
Caused by: javax.crypto.IllegalBlockSizeException : Data must not be longer than 128 bytes 
        at com.sun.crypto.provider.RSACipher.a(DashoA12275)
at com.sun.crypto.provider.RSACipher.engineDoFinal (DashoA12275) 
        at javax.crypto.Cipher.doFinal(DashoA12275)
at gnu.javax.net.ssl.provider.ServerHandshake $RSAKeyExchange.implRun(ServerHandshake.java:1347) at gnu.javax.net.ssl.provider.DelegatedTask.run (DelegatedTask.java:68) at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake (SSLSocketImpl.java :498) 
        ... 9 more


thanks
chinmaya
On 3/23/07, Casey Marshall <address@hidden> wrote: On Mar 23, 2007, at 5:10 PM, Casey Marshall wrote: 

> It looks like Sun's RSA requires that the input start with a byte
> 0, which the SSL spec doesn't require (the version of RSA in
> Classpath doesn't require this, either). I think the patch I've
> attached may help; I haven't tried this yet, however.
>

Actually, this likely won't fix this issue. It is more likely that
decrypting the session key is failing. My guess is this part of the
code (ServerHandshake.java:1334):

       rsa.init(Cipher.DECRYPT_MODE, serverKey);
       rsa.init(Cipher.DECRYPT_MODE, localCert);

is the problem. In Classpath, initializing an RSA cipher with two
keys (public and private) causes RSA to use "blinding," which helps
prevent timing attacks. You should try swapping the order of these
two statements, so they read:

       rsa.init(Cipher.DECRYPT_MODE , localCert);
       rsa.init(Cipher.DECRYPT_MODE, serverKey);
reply via email to
[Prev in Thread] Current Thread [Next in Thread]