Merge remote-tracking branch 'origin/main'

Author: royb

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java

@@ -113,7 +113,8 @@ protected JcaTlsCrypto(JcaJceHelper helper, SecureRandom entropySource, SecureRa
      * @param entropySource      primary entropy source, used for key generation.
      * @param nonceEntropySource secondary entropy source, used for nonce and IV generation.
      */
-    protected JcaTlsCrypto(JcaJceHelper helper, JcaJceHelper altHelper, SecureRandom entropySource, SecureRandom nonceEntropySource)
+    protected JcaTlsCrypto(JcaJceHelper helper, JcaJceHelper altHelper, SecureRandom entropySource,
+        SecureRandom nonceEntropySource)
     {
         this.helper = helper;
         this.altHelper = altHelper;
@@ -573,7 +574,7 @@ public boolean hasCryptoSignatureAlgorithm(int cryptoSignatureAlgorithm)
         case CryptoSignatureAlgorithm.gostr34102012_256:
         case CryptoSignatureAlgorithm.gostr34102012_512:
 
-            // TODO[RFC 8998]
+        // TODO[RFC 8998]
         case CryptoSignatureAlgorithm.sm2:
 
         default:
@@ -755,7 +756,7 @@ public boolean hasSignatureAlgorithm(short signatureAlgorithm)
         case SignatureAlgorithm.gostr34102012_256:
         case SignatureAlgorithm.gostr34102012_512:
 
-            // TODO[RFC 8998]
+        // TODO[RFC 8998]
 //        case SignatureAlgorithm.sm2:
 
         default:
@@ -784,7 +785,7 @@ public boolean hasSignatureScheme(int signatureScheme)
         switch (signatureScheme)
         {
         case SignatureScheme.sm2sig_sm3:
-            // TODO[tls] Implement before adding
+        // TODO[tls] Implement before adding
         case SignatureScheme.DRAFT_mldsa44:
         case SignatureScheme.DRAFT_mldsa65:
         case SignatureScheme.DRAFT_mldsa87:
@@ -903,8 +904,7 @@ protected TlsAEADCipherImpl createAEADCipher(String cipherName, String algorithm
      * @throws GeneralSecurityException in case of failure.
      */
     protected TlsBlockCipherImpl createBlockCipher(String cipherName, String algorithm, int keySize,
-                                                   boolean isEncrypting)
-        throws GeneralSecurityException
+        boolean isEncrypting) throws GeneralSecurityException
     {
         return new JceBlockCipherImpl(this, helper.createCipher(cipherName), algorithm, keySize, isEncrypting);
     }
@@ -920,8 +920,7 @@ protected TlsBlockCipherImpl createBlockCipher(String cipherName, String algorit
      * @throws GeneralSecurityException in case of failure.
      */
     protected TlsBlockCipherImpl createBlockCipherWithCBCImplicitIV(String cipherName, String algorithm, int keySize,
-                                                                    boolean isEncrypting)
-        throws GeneralSecurityException
+        boolean isEncrypting) throws GeneralSecurityException
     {
         return new JceBlockCipherWithCBCImplicitIVImpl(this, helper.createCipher(cipherName), algorithm, isEncrypting);
     }
@@ -955,17 +954,15 @@ protected TlsNullCipher createNullCipher(TlsCryptoParameters cryptoParams, int m
     }
 
     protected TlsStreamSigner createStreamSigner(SignatureAndHashAlgorithm algorithm, PrivateKey privateKey,
-                                                 boolean needsRandom)
-        throws IOException
+        boolean needsRandom) throws IOException
     {
         String algorithmName = JcaUtils.getJcaAlgorithmName(algorithm);
 
         return createStreamSigner(algorithmName, null, privateKey, needsRandom);
     }
 
     protected TlsStreamSigner createStreamSigner(String algorithmName, AlgorithmParameterSpec parameter,
-                                                 PrivateKey privateKey, boolean needsRandom)
-        throws IOException
+        PrivateKey privateKey, boolean needsRandom) throws IOException
     {
         SecureRandom random = needsRandom ? getSecureRandom() : null;
 
@@ -977,14 +974,13 @@ protected TlsStreamSigner createStreamSigner(String algorithmName, AlgorithmPara
             }
             catch (InvalidKeyException e)
             {
-                if (altHelper != null)
-                {
-                    return createStreamSigner(altHelper, algorithmName, parameter, privateKey, random);
-                }
-                else
+                JcaJceHelper altHelper = getAltHelper();
+                if (altHelper == null)
                 {
                     throw e;
                 }
+
+                return createStreamSigner(altHelper, algorithmName, parameter, privateKey, random);
             }
         }
         catch (GeneralSecurityException e)
@@ -993,38 +989,36 @@ protected TlsStreamSigner createStreamSigner(String algorithmName, AlgorithmPara
         }
     }
 
-    private TlsStreamSigner createStreamSigner(JcaJceHelper helper, String algorithmName, AlgorithmParameterSpec parameter,
-                                               PrivateKey privateKey, SecureRandom random)
-        throws GeneralSecurityException
+    protected TlsStreamSigner createStreamSigner(JcaJceHelper helper, String algorithmName,
+        AlgorithmParameterSpec parameter, PrivateKey privateKey, SecureRandom random) throws GeneralSecurityException
     {
         try
         {
             if (null != parameter)
             {
+                Signature dummySigner;                
                 try
                 {
-                    Signature dummySigner = helper.createSignature(algorithmName);
-                    dummySigner.initSign(privateKey, random);
-                    helper = new ProviderJcaJceHelper(dummySigner.getProvider());
+                    dummySigner = helper.createSignature(algorithmName);
                 }
                 catch (NoSuchAlgorithmException e)
                 {
                     // more PKCS#11 mischief
                     String upperAlg = Strings.toUpperCase(algorithmName);
-                    if (upperAlg.endsWith("MGF1"))
+                    if (upperAlg.endsWith("ANDMGF1"))
                     {
                         // ANDMGF1 has vanished from the Sun PKCS11 provider.
                         algorithmName = upperAlg.replace("ANDMGF1", "SSA-PSS");
-                        Signature dummySigner = helper.createSignature(algorithmName);
-
-                        dummySigner.initSign(privateKey, random);
-                        helper = new ProviderJcaJceHelper(dummySigner.getProvider());
+                        dummySigner = helper.createSignature(algorithmName);
                     }
                     else
                     {
                         throw e;
                     }
                 }
+
+                dummySigner.initSign(privateKey, random);
+                helper = new ProviderJcaJceHelper(dummySigner.getProvider());
             }
 
             Signature signer = helper.createSignature(algorithmName);
@@ -1038,7 +1032,7 @@ private TlsStreamSigner createStreamSigner(JcaJceHelper helper, String algorithm
         catch (InvalidKeyException e)
         {
             String upperAlg = Strings.toUpperCase(algorithmName);
-            if (upperAlg.endsWith("MGF1"))
+            if (upperAlg.endsWith("ANDMGF1"))
             {
                 // ANDMGF1 has vanished from the Sun PKCS11 provider.
                 algorithmName = upperAlg.replace("ANDMGF1", "SSA-PSS");
@@ -1060,8 +1054,7 @@ protected TlsStreamVerifier createStreamVerifier(DigitallySigned digitallySigned
     }
 
     protected TlsStreamVerifier createStreamVerifier(String algorithmName, AlgorithmParameterSpec parameter,
-                                                     byte[] signature, PublicKey publicKey)
-        throws IOException
+        byte[] signature, PublicKey publicKey) throws IOException
     {
         try
         {
@@ -1088,8 +1081,7 @@ protected TlsStreamVerifier createStreamVerifier(String algorithmName, Algorithm
     }
 
     protected Tls13Verifier createTls13Verifier(String algorithmName, AlgorithmParameterSpec parameter,
-                                                PublicKey publicKey)
-        throws IOException
+        PublicKey publicKey) throws IOException
     {
         try
         {
@@ -1269,8 +1261,7 @@ public JcaJceHelper getAltHelper()
     }
 
     protected TlsBlockCipherImpl createCBCBlockCipherImpl(TlsCryptoParameters cryptoParams, String algorithm,
-                                                          int cipherKeySize, boolean forEncryption)
-        throws GeneralSecurityException
+        int cipherKeySize, boolean forEncryption) throws GeneralSecurityException
     {
         String cipherName = algorithm + "/CBC/NoPadding";
 
@@ -1325,8 +1316,7 @@ private TlsAEADCipher createCipher_Camellia_GCM(TlsCryptoParameters cryptoParams
     }
 
     protected TlsCipher createCipher_CBC(TlsCryptoParameters cryptoParams, String algorithm, int cipherKeySize,
-                                         int macAlgorithm)
-        throws GeneralSecurityException, IOException
+        int macAlgorithm) throws GeneralSecurityException, IOException
     {
         TlsBlockCipherImpl encrypt = createCBCBlockCipherImpl(cryptoParams, algorithm, cipherKeySize, true);
         TlsBlockCipherImpl decrypt = createCBCBlockCipherImpl(cryptoParams, algorithm, cipherKeySize, false);

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCryptoProvider.java

@@ -20,7 +20,7 @@ public class JcaTlsCryptoProvider
     implements TlsCryptoProvider
 {
     private JcaJceHelper helper = new DefaultJcaJceHelper();
-    private JcaJceHelper altHelper = helper;
+    private JcaJceHelper altHelper = null;
 
     public JcaTlsCryptoProvider()
     {
@@ -34,7 +34,8 @@ public JcaTlsCryptoProvider()
      */
     public JcaTlsCryptoProvider setProvider(Provider provider)
     {
-        this.helper = this.altHelper = new ProviderJcaJceHelper(provider);
+        this.helper = new ProviderJcaJceHelper(provider);
+        this.altHelper = null;
 
         return this;
     }
@@ -61,7 +62,8 @@ public JcaTlsCryptoProvider setAlternateProvider(Provider provider)
      */
     public JcaTlsCryptoProvider setProvider(String providerName)
     {
-        this.helper = this.altHelper = new NamedJcaJceHelper(providerName);
+        this.helper = new NamedJcaJceHelper(providerName);
+        this.altHelper = null;
 
         return this;
     }
@@ -120,19 +122,19 @@ public JcaTlsCrypto create(SecureRandom random)
      */
     public JcaTlsCrypto create(SecureRandom keyRandom, SecureRandom nonceRandom)
     {
-        if (helper != altHelper)
-        {
-            return new JcaTlsCrypto(getHelper(), altHelper, keyRandom, nonceRandom);
-        }
-
-        return new JcaTlsCrypto(getHelper(), keyRandom, nonceRandom);
+        return new JcaTlsCrypto(getHelper(), getAltHelper(), keyRandom, nonceRandom);
     }
 
     public JcaJceHelper getHelper()
     {
         return helper;
     }
 
+    public JcaJceHelper getAltHelper()
+    {
+        return altHelper;
+    }
+
     @SuppressWarnings("serial")
     private static class NonceEntropySource
        extends SecureRandom

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsECDSA13Signer.java

@@ -4,8 +4,10 @@
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.PrivateKey;
+import java.security.SecureRandom;
 import java.security.Signature;
 
+import org.bouncycastle.jcajce.util.JcaJceHelper;
 import org.bouncycastle.tls.AlertDescription;
 import org.bouncycastle.tls.SignatureAndHashAlgorithm;
 import org.bouncycastle.tls.SignatureScheme;
@@ -51,26 +53,24 @@ public byte[] generateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] h
             throw new IllegalStateException("Invalid algorithm: " + algorithm);
         }
 
+        SecureRandom random = crypto.getSecureRandom();
+
         try
         {
-            Signature signer = crypto.getHelper().createSignature("NoneWithECDSA");
-            signer.initSign(privateKey, crypto.getSecureRandom());
-            signer.update(hash, 0, hash.length);
-            return signer.sign();
-        }
-        catch (InvalidKeyException e)
-        {
-            // try with PKCS#11 (usually) alternative provider
             try
             {
-                Signature signer = crypto.getAltHelper().createSignature("NoneWithECDSA");
-                signer.initSign(privateKey, crypto.getSecureRandom());
-                signer.update(hash, 0, hash.length);
-                return signer.sign();
+                return implGenerateRawSignature(crypto.getHelper(), privateKey, random, hash);
             }
-            catch (GeneralSecurityException ex)
+            catch (InvalidKeyException e)
             {
-                throw new TlsFatalAlert(AlertDescription.internal_error, ex);
+                // try with PKCS#11 (usually) alternative provider
+                JcaJceHelper altHelper = crypto.getAltHelper();
+                if (altHelper == null)
+                {
+                    throw e;
+                }
+
+                return implGenerateRawSignature(altHelper, privateKey, random, hash);
             }
         }
         catch (GeneralSecurityException e)
@@ -84,4 +84,13 @@ public TlsStreamSigner getStreamSigner(SignatureAndHashAlgorithm algorithm)
     {
         return null;
     }
+
+    private static byte[] implGenerateRawSignature(JcaJceHelper helper, PrivateKey privateKey, SecureRandom random,
+        byte[] hash) throws GeneralSecurityException
+    {
+        Signature signer = helper.createSignature("NoneWithECDSA");
+        signer.initSign(privateKey, random);
+        signer.update(hash, 0, hash.length);
+        return signer.sign();
+    }
 }

tls/src/test/java/org/bouncycastle/jsse/provider/test/FipsJcaTlsCrypto.java

@@ -14,6 +14,12 @@ public FipsJcaTlsCrypto(JcaJceHelper helper, SecureRandom entropySource, SecureR
         super(helper, entropySource, nonceEntropySource);
     }
 
+    public FipsJcaTlsCrypto(JcaJceHelper helper, JcaJceHelper altHelper, SecureRandom entropySource,
+        SecureRandom nonceEntropySource)
+    {
+        super(helper, altHelper, entropySource, nonceEntropySource);
+    }
+
     @Override
     public AEADNonceGeneratorFactory getFipsGCMNonceGeneratorFactory()
     {

tls/src/test/java/org/bouncycastle/jsse/provider/test/FipsJcaTlsCryptoProvider.java

@@ -10,6 +10,6 @@ public class FipsJcaTlsCryptoProvider extends JcaTlsCryptoProvider
     @Override
     public JcaTlsCrypto create(SecureRandom keyRandom, SecureRandom nonceRandom)
     {
-        return new FipsJcaTlsCrypto(getHelper(), keyRandom, nonceRandom);
+        return new FipsJcaTlsCrypto(getHelper(), getAltHelper(), keyRandom, nonceRandom);
     }
 }