CVSROOT: /sources/classpath
Module name: classpath
Changes by: Andrew John Hughes <gnu_andrew> 11/12/21 15:35:09
Modified files:
. : ChangeLog
gnu/javax/net/ssl/provider: CipherSuite.java
OutputSecurityParameters.java
SSLEngineImpl.java
Log message:
Fix block-wise chosen-plaintext against SSL/TLS (BEAST) (CVE-2011-3389)
2011-12-01 Andrew John Hughes <ahug...@redhat.com>
* gnu/javax/net/ssl/provider/CipherSuite.java:
Pass CBC mode to the static CipherSuite instances.
(isCBCMode): New variable.
(CipherSuite(CipherAlgorithm, KeyExchangeAlgorithm,
SignatureAlgorithm, MacAlgorithm, int, int, int, String,
boolean)):
Allow isCBCMode to be specified.
(CipherSuite(CipherAlgorithm, KeyExchangeAlgorithm, boolean,
SignatureAlgorithm, MacAlgorithm, int, int, int, String,
boolean)):
Likewise.
(cipher()): Generalise setting of 'alg' to work with any suite
that does not use CBC, not just "RC4".
(isCBCMode()): New method. Returns true if the CBC mode is
used.
* gnu/javax/net/ssl/provider/OutputSecurityParameters.java:
(enableCBCProtection): Set to true by default of if
jsse.enableCBCProtection
is true.
(needToSplitPayload()): Returns true if TLS < 1.1 is in use with
a CBC mode cipher and CBC protection is enabled.
* gnu/javax/net/ssl/provider/SSLEngineImpl.java:
(wrap(ByteBuffer[], int, int, ByteBuffer)): Send application
data
as two packets (1 and n - 1) if CBC protection is enabled.
CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/classpath/ChangeLog?cvsroot=classpath&r1=1.9833&r2=1.9834
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/CipherSuite.java?cvsroot=classpath&r1=1.3&r2=1.4
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/OutputSecurityParameters.java?cvsroot=classpath&r1=1.4&r2=1.5
http://cvs.savannah.gnu.org/viewcvs/classpath/gnu/javax/net/ssl/provider/SSLEngineImpl.java?cvsroot=classpath&r1=1.4&r2=1.5
