diff --git a/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java b/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java index 14ceae5c..b917cab5 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java +++ b/kona-ssl/src/main/java/com/tencent/kona/ssl/KonaSSLProvider.java @@ -97,7 +97,8 @@ private static void putEntries(Provider provider) { provider.put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", "SunTlsKeyMaterial"); - provider.put("KeyGenerator.TlsRsaPremasterSecret", + provider.put("KeyGenerator.SunTlsRsaPremasterSecret", "com.tencent.kona.sun.security.provider.TlsRsaPremasterSecretGenerator"); + provider.put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret"); } } diff --git a/kona-ssl/src/main/java/com/tencent/kona/ssl/SSLInsts.java b/kona-ssl/src/main/java/com/tencent/kona/ssl/SSLInsts.java index e3b43264..bc3db484 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/ssl/SSLInsts.java +++ b/kona-ssl/src/main/java/com/tencent/kona/ssl/SSLInsts.java @@ -96,7 +96,7 @@ public static SSLContext getSSLContext(String protocol) = new HashSet<>(Arrays.asList( "SunTlsPrf", "SunTls12Prf", "SunTlsMasterSecret", "SunTlsKeyMaterial", - "TlcpSM2PremasterSecret")); + "SunTlsRsaPremasterSecret", "SunTls12RsaPremasterSecret")); public static KeyGenerator getKeyGenerator(String protocol) throws NoSuchAlgorithmException { diff --git a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SM2KeyExchange.java b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SM2KeyExchange.java index bbc5c42a..55283449 100644 --- a/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SM2KeyExchange.java +++ b/kona-ssl/src/main/java/com/tencent/kona/sun/security/ssl/SM2KeyExchange.java @@ -88,7 +88,8 @@ byte[] getEncoded(PublicKey publicKey, @SuppressWarnings("deprecation") static SM2PremasterSecret createPremasterSecret( ClientHandshakeContext chc) throws GeneralSecurityException { - String algorithm = "TlsRsaPremasterSecret"; + String algorithm = chc.negotiatedProtocol.useTLS12PlusSpec() ? + "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"; KeyGenerator kg = SSLInsts.getKeyGenerator(algorithm); TlsRsaPremasterSecretParameterSpec spec = new TlsRsaPremasterSecretParameterSpec( @@ -105,7 +106,7 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc, throws GeneralSecurityException { byte[] encoded = null; - boolean needFailover = false; + boolean needFailover; Cipher cipher = CryptoInsts.getCipher("SM2"); try { // Try UNWRAP_MODE mode firstly. @@ -117,8 +118,8 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc, // The provider selection can be delayed, please don't call // any Cipher method before the call to Cipher.init(). -// String providerName = cipher.getProvider().getName(); -// needFailover = !KeyUtil.isOracleJCEProvider(providerName); + String providerName = cipher.getProvider().getName(); + needFailover = !KeyUtil.isOracleJCEProvider(providerName); } catch (InvalidKeyException | UnsupportedOperationException iue) { if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.warning("The Cipher provider " @@ -153,7 +154,7 @@ static SM2PremasterSecret decode(ServerHandshakeContext shc, } else { // the cipher should have been initialized preMaster = (SecretKey)cipher.unwrap(encrypted, - "TlcpSM2PremasterSecret", Cipher.SECRET_KEY); + "TlsRsaPremasterSecret", Cipher.SECRET_KEY); } return new SM2PremasterSecret(preMaster); @@ -195,11 +196,8 @@ private static SecretKey generatePremasterSecret( } try { - String s = clientVersion == ProtocolVersion.TLCP11.id - ? "Tlcp11PremasterSecret" - : ((clientVersion >= ProtocolVersion.TLS12.id) - ? "SunTls12RsaPremasterSecret" - : "SunTlsRsaPremasterSecret"); + String s = ((clientVersion >= ProtocolVersion.TLS12.id) ? + "SunTls12RsaPremasterSecret" : "SunTlsRsaPremasterSecret"); KeyGenerator kg = CryptoInsts.getKeyGenerator(s); kg.init(new TlsRsaPremasterSecretParameterSpec( clientVersion, serverVersion, encodedSecret),