Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8042982

Unexpected RuntimeExceptions being thrown by SSLEngine

    XMLWordPrintable

    Details

      Backports

        Description


        Based on an internal email discussion, this was pointed out.

            java.lang.RuntimeException: Could not generate secret[[
                    at
        com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Handshaker.java:973)
                    at
        com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:485)
                    at
        com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:753)
                    at
        com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)

        I note that DHCrypt/ECDHCrypto have this message. During the processing of other messages, we check to see if there was an exception thrown and then wrap it, but we don't do that there. Several examples:

                SecretKey getAgreedSecret(...) {
                ...deleted...
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException("Could not generate secret", e);
                } catch (java.io.IOException e) {
                    throw new RuntimeException("Could not generate secret", e);
                }

        and then in the handshakers:

                case K_DHE_RSA:
                case K_DHE_DSS:
                case K_DH_ANON:
                    preMasterSecret = dh.getAgreedSecret(serverDH, true);
                    break;
                case K_ECDHE_RSA:
                case K_ECDHE_ECDSA:
                case K_ECDH_ANON:
                    preMasterSecret = ecdh.getAgreedSecret(ephemeralServerKey);
                    break;

        A RTE will propagate all the way out.

        In other spots of the code (e.g. server_key_exchange), we do:

             try {
                 this.serverKeyExchange(new RSA_ServerKeyExchange(input));
             } catch (GeneralSecurityException e) {
                 throwSSLException("Server key", e);
             }
             break;

        We should also look to see where else this is done.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                robm Robert Mckenna
                Reporter:
                wetmore Bradford Wetmore
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: