|
From: | chinmaya |
Subject: | Re: [Jessie-discuss] Running GNU-Classpath-SSL with Sun-JDK1.5 |
Date: | Fri, 23 Mar 2007 19:04:25 -0600 |
Did you undo the patch I posted earlier?
On Mar 23, 2007, at 5:38 PM, chinmaya wrote:
> Thanks Casey, but I am still getting same error !!
> I have just enabled the debug on GNU classpath jar, so that you can
> see the line number in stack trace.
> Here is the new stack trace
>
> gnu.javax.net.ssl.provider.AlertException: HANDSHAKE_FAILURE:
> locally generated; FATAL
> at
> gnu.javax.net.ssl.provider.ServerHandshake.checkKeyExchange
> (ServerHandshake.java:1184)
> at
> gnu.javax.net.ssl.provider.AbstractHandshake.getInputParams
> (AbstractHandshake.java:330)
> at gnu.javax.net.ssl.provider.SSLEngineImpl.unwrap
> (SSLEngineImpl.java:560)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
> at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake
> (SSLSocketImpl.java:473)
> at gnu.javax.net.ssl.provider.SSLSocketImpl
> $SocketInputStream.read(SSLSocketImpl.java:150)
> at sun.nio.cs.StreamDecoder$CharsetSD.readBytes
> (StreamDecoder.java:411)
> at sun.nio.cs.StreamDecoder$CharsetSD.implRead
> (StreamDecoder.java:453)
> at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
> at java.io.InputStreamReader.read(InputStreamReader.java:167)
> at java.io.BufferedReader.fill (BufferedReader.java:136)
> at java.io.BufferedReader.read(BufferedReader.java:157)
> at TLSDataListener.processData(TLSDataListener.java :26)
> at TLSServer$2.run(TLSServer.java:197)
> Caused by: javax.crypto.IllegalBlockSizeException : Data must not
> be longer than 128 bytes
> at com.sun.crypto.provider.RSACipher.a(DashoA12275)
> at com.sun.crypto.provider.RSACipher.engineDoFinal
> (DashoA12275)
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at gnu.javax.net.ssl.provider.ServerHandshake
> $RSAKeyExchange.implRun(ServerHandshake.java:1347)
> at gnu.javax.net.ssl.provider.DelegatedTask.run
> (DelegatedTask.java:68)
> at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake
> (SSLSocketImpl.java :498)
> ... 9 more
>
>
> thanks
> chinmaya
>
> On 3/23/07, Casey Marshall <address@hidden> wrote: On Mar 23,
> 2007, at 5:10 PM, Casey Marshall wrote:
>
> > It looks like Sun's RSA requires that the input start with a byte
> > 0, which the SSL spec doesn't require (the version of RSA in
> > Classpath doesn't require this, either). I think the patch I've
> > attached may help; I haven't tried this yet, however.
> >
>
> Actually, this likely won't fix this issue. It is more likely that
> decrypting the session key is failing. My guess is this part of the
> code (ServerHandshake.java:1334):
>
> rsa.init(Cipher.DECRYPT_MODE, serverKey);
> rsa.init(Cipher.DECRYPT_MODE, localCert);
>
> is the problem. In Classpath, initializing an RSA cipher with two
> keys (public and private) causes RSA to use "blinding," which helps
> prevent timing attacks. You should try swapping the order of these
> two statements, so they read:
>
> rsa.init(Cipher.DECRYPT_MODE , localCert);
> rsa.init(Cipher.DECRYPT_MODE, serverKey);
>
[Prev in Thread] | Current Thread | [Next in Thread] |