*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/cert/X509Cert.java	Wed Dec  1 23:00:52 1999
--- src//COM/claymoresystems/cert/X509Cert.java	Tue Jun 20 06:40:54 2000
***************
*** 1,3 ****
--- 1,4 ----
+ 
  /**
     X509Cert.java
  
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: X509Cert.java,v 1.8 1999/12/02 07:00:52 ekr Exp $
  
  */
  
--- 37,43 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: X509Cert.java,v 1.9 2000/05/09 15:35:16 ekr Exp $
  
  */
  
***************
*** 98,103 ****
--- 99,105 ----
       
       private static String[][] OIDMAP={
  	  {"2.5.4.6","C"},
+ 	  {"2.5.4.7","L"},          
  	  {"2.5.4.8","ST"},
  	  {"2.5.4.10","O"},
  	  {"2.5.4.11","OU"},	  
***************
*** 363,369 ****
  	     SSLDebug.debug(SSLDebug.DEBUG_CERT,"Is root");
  	     last=cert;
  	     chain.addElement((Object)last);
! 	     continue;  
  	   }
  	   else{
  	     SSLDebug.debug(SSLDebug.DEBUG_CERT,"Trying to find root with DN",
--- 365,372 ----
  	     SSLDebug.debug(SSLDebug.DEBUG_CERT,"Is root");
  	     last=cert;
  	     chain.addElement((Object)last);
! 	     found_root=true;
! 	     continue;
  	   }
  	   else{
  	     SSLDebug.debug(SSLDebug.DEBUG_CERT,"Trying to find root with DN",
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/BaseDSAPrivateKey.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/BaseDSAPrivateKey.java	Tue May  9 08:03:03 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: BaseDSAPrivateKey.java,v 1.4 1999/07/26 06:41:16 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: BaseDSAPrivateKey.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/BaseDSAPublicKey.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/BaseDSAPublicKey.java	Tue May  9 08:03:03 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: BaseDSAPublicKey.java,v 1.4 1999/07/26 06:41:16 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: BaseDSAPublicKey.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/DHPrivateKey.java	Sat Dec  4 17:22:02 1999
--- src//COM/claymoresystems/crypto/DHPrivateKey.java	Tue May  9 08:03:04 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: DHPrivateKey.java,v 1.4 1999/12/05 01:22:02 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: DHPrivateKey.java,v 1.1.1.1 2000/05/09 15:03:04 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/DHPublicKey.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/DHPublicKey.java	Tue May  9 08:03:04 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: DHPublicKey.java,v 1.1 1999/11/16 05:00:20 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: DHPublicKey.java,v 1.1.1.1 2000/05/09 15:03:04 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/EAYEncryptedPrivateKey.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/EAYEncryptedPrivateKey.java	Tue May  9 08:03:03 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: EAYEncryptedPrivateKey.java,v 1.8 1999/10/08 00:17:01 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: EAYEncryptedPrivateKey.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/HMACInputStream.java	Tue Nov 30 12:59:26 1999
--- src//COM/claymoresystems/crypto/HMACInputStream.java	Tue May  9 08:03:04 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: HMACInputStream.java,v 1.2 1999/11/30 20:59:26 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: HMACInputStream.java,v 1.1.1.1 2000/05/09 15:03:04 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/HMACOutputStream.java	Tue Nov 30 12:59:26 1999
--- src//COM/claymoresystems/crypto/HMACOutputStream.java	Tue May  9 08:03:04 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: HMACOutputStream.java,v 1.2 1999/11/30 20:59:26 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: HMACOutputStream.java,v 1.1.1.1 2000/05/09 15:03:04 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/PEMData.java	Tue Nov 30 12:59:26 1999
--- src//COM/claymoresystems/crypto/PEMData.java	Tue May  9 08:03:03 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: PEMData.java,v 1.4 1999/11/30 20:59:26 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: PEMData.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/PKCS1Pad.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/PKCS1Pad.java	Sat May 27 08:55:16 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: PKCS1Pad.java,v 1.2 1999/08/15 21:21:50 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: PKCS1Pad.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
***************
*** 75,89 ****
       public static byte[] pkcs1PadBuf(byte[] input, BigInteger modulus,
         int how){
         SecureRandom rnd=new SecureRandom();
!        int length=modulus.bitLength();
  
         SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"PKCS1 pad input",
  	 input);
  
-        if((length%8)!=0)
- 	 throw new InternalError("We don't know how to handle RSA keys that aren't multiples of 8 bits long");
  
!        length/=8;
  
         // And who asked Cryptix to add the zero on the front?
         int num_pad;
--- 75,88 ----
       public static byte[] pkcs1PadBuf(byte[] input, BigInteger modulus,
         int how){
         SecureRandom rnd=new SecureRandom();
!        int length;
  
         SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"PKCS1 pad input",
  	 input);
  
  
!        length=modulus.bitLength()/8;
!        length+=((modulus.bitLength()%8)>0)?1:0;
  
         // And who asked Cryptix to add the zero on the front?
         int num_pad;
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/RandomStore.java	Tue Nov 30 12:59:26 1999
--- src//COM/claymoresystems/crypto/RandomStore.java	Tue May  9 08:03:03 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: RandomStore.java,v 1.3 1999/11/30 20:59:26 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: RandomStore.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/RawDSAParams.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/RawDSAParams.java	Tue May  9 08:03:03 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSAParams.java,v 1.3 1999/06/22 06:24:51 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSAParams.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/crypto/RawDSAPublicKey.java	Tue Nov 30 12:26:53 1999
--- src//COM/claymoresystems/crypto/RawDSAPublicKey.java	Tue May  9 08:03:03 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSAPublicKey.java,v 1.3 1999/06/22 06:24:51 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSAPublicKey.java,v 1.1.1.1 2000/05/09 15:03:03 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/provider/ClaymoreProvider.java	Sun Nov 14 17:48:35 1999
--- src//COM/claymoresystems/provider/ClaymoreProvider.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: ClaymoreProvider.java,v 1.6 1999/10/11 00:56:37 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: ClaymoreProvider.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/provider/DSASignature.java	Tue Nov 30 12:59:30 1999
--- src//COM/claymoresystems/provider/DSASignature.java	Tue May  9 08:03:08 2000
***************
*** 37,43 ****
     SUCH DAMAGE.
  
  
!    $Id: DSASignature.java,v 1.7 1999/11/30 20:59:30 ekr Exp $
  
  */
  
--- 37,43 ----
     SUCH DAMAGE.
  
  
!    $Id: DSASignature.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/provider/RawDSASignature.java	Thu Oct  7 17:19:32 1999
--- src//COM/claymoresystems/provider/RawDSASignature.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSASignature.java,v 1.2 1999/09/16 15:28:56 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: RawDSASignature.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLClientKeyExchange.java	Mon Nov 15 21:00:25 1999
--- src//COM/claymoresystems/ptls/SSLClientKeyExchange.java	Tue May  9 08:35:16 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLClientKeyExchange.java,v 1.6 1999/11/16 05:00:25 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLClientKeyExchange.java,v 1.7 2000/05/09 15:35:16 ekr Exp $
  
  */
  
***************
*** 148,154 ****
  	     ciph.initDecrypt(conn.hs.rsaEphemeral==null?
  		  conn.ctx.getPrivateKey():conn.hs.rsaEphemeral);
  
! 	     byte[] decrypted=ciph.crypt(client_data.value);
  	     conn.hs.pre_master_secret=PKCS1Pad.pkcs1UnpadBuf(decrypted);
  	   } catch (java.security.IllegalBlockSizeException e){
  	     conn.alert(SSLAlertX.TLS_ALERT_DECRYPT_ERROR);
--- 148,154 ----
  	     ciph.initDecrypt(conn.hs.rsaEphemeral==null?
  		  conn.ctx.getPrivateKey():conn.hs.rsaEphemeral);
  
! 	     byte[] decrypted=ciph.crypt(val);
  	     conn.hs.pre_master_secret=PKCS1Pad.pkcs1UnpadBuf(decrypted);
  	   } catch (java.security.IllegalBlockSizeException e){
  	     conn.alert(SSLAlertX.TLS_ALERT_DECRYPT_ERROR);
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLContext.java	Sat Dec  4 17:22:03 1999
--- src//COM/claymoresystems/ptls/SSLContext.java	Tue May  9 08:35:16 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLContext.java,v 1.11 1999/12/05 01:22:03 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLContext.java,v 1.12 2000/05/09 15:35:16 ekr Exp $
  
  */
  
***************
*** 417,427 ****
  
  
       synchronized CryptixRSAPrivateKey getEphemeralRSAPrivateKey(){
!        return (CryptixRSAPrivateKey)rsaEphemeral.getPrivate();
       }
  
       synchronized CryptixRSAPublicKey getEphemeralRSAPublicKey(){
!        return (CryptixRSAPublicKey)rsaEphemeral.getPublic();
       }
  	 
  	 
--- 417,428 ----
  
  
       synchronized CryptixRSAPrivateKey getEphemeralRSAPrivateKey(){
!        
!        return (CryptixRSAPrivateKey)getEphemeralRSAPair().getPrivate();
       }
  
       synchronized CryptixRSAPublicKey getEphemeralRSAPublicKey(){
!        return (CryptixRSAPublicKey)getEphemeralRSAPair().getPublic();
       }
  	 
  	 
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLDHPrivateKey.java	Sat Dec  4 20:38:09 1999
--- src//COM/claymoresystems/ptls/SSLDHPrivateKey.java	Thu Dec 16 21:08:40 1999
***************
*** 37,43 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLDHPrivateKey.java,v 1.7 1999/12/05 01:22:03 ekr Exp $
  
  */
  
--- 37,43 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLDHPrivateKey.java,v 1.8 1999/12/17 05:08:40 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLHandshake.java	Wed Dec  1 23:01:31 1999
--- src//COM/claymoresystems/ptls/SSLHandshake.java	Tue May  9 08:35:16 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLHandshake.java,v 1.10 1999/12/02 07:01:31 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLHandshake.java,v 1.11 2000/05/09 15:35:16 ekr Exp $
  
  */
  
***************
*** 229,238 ****
  	 throw new IOException("Client authentication requested but no certificate available");
         }
         
!        for(int i=0;i<certs.size();i++){
  	 SSLopaque cert=new SSLopaque(-16777215);
  
! 	 cert.value=(byte[])certs.elementAt(i);
  	 
  	 cert_list.certificate_list.value.addElement((Object)
  	   cert);
--- 229,238 ----
  	 throw new IOException("Client authentication requested but no certificate available");
         }
         
!        for(int i=1;i<=certs.size();i++){
  	 SSLopaque cert=new SSLopaque(-16777215);
  
! 	 cert.value=(byte[])certs.elementAt(certs.size()-i);
  	 
  	 cert_list.certificate_list.value.addElement((Object)
  	   cert);
***************
*** 249,258 ****
         
         cert_list.decode(_conn,is);
  
!        for(int i=0;i<cert_list.certificate_list.value.size();i++){
  
  	 SSLopaque op=(SSLopaque)cert_list.certificate_list.value.
! 	   elementAt(i);
  
  	 certs.addElement(new X509Cert(op.value));
         }
--- 249,258 ----
         
         cert_list.decode(_conn,is);
  
!        for(int i=1;i<=cert_list.certificate_list.value.size();i++){
  
  	 SSLopaque op=(SSLopaque)cert_list.certificate_list.value.
! 	   elementAt(cert_list.certificate_list.value.size()-i);
  
  	 certs.addElement(new X509Cert(op.value));
         }
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLRSAParams.java	Thu Oct  7 17:19:34 1999
--- src//COM/claymoresystems/ptls/SSLRSAParams.java	Tue May  9 08:35:17 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLRSAParams.java,v 1.6 1999/08/15 20:57:45 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLRSAParams.java,v 1.7 2000/05/09 15:35:17 ekr Exp $
  
  */
  
***************
*** 63,68 ****
--- 63,78 ----
         
         r=RSA_modulus.decode(conn,s);
         r+=RSA_exponent.decode(conn,s);
+ 
+        return r;
+      }
+ 
+      public int encode(SSLConn conn, OutputStream s)
+        throws Error, java.io.IOException {
+        int r=0;
+ 
+        r=RSA_modulus.encode(conn,s);
+        r+=RSA_exponent.encode(conn,s);
  
         return r;
       }
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLRecord.java	Sun Dec  5 12:41:23 1999
--- src//COM/claymoresystems/ptls/SSLRecord.java	Thu Dec 16 21:08:40 1999
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLRecord.java,v 1.6 1999/10/06 20:17:29 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLRecord.java,v 1.7 1999/12/17 05:08:40 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLServerKeyExchange.java	Mon Nov 15 21:00:26 1999
--- src//COM/claymoresystems/ptls/SSLServerKeyExchange.java	Tue May  9 08:35:17 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLServerKeyExchange.java,v 1.6 1999/11/16 05:00:26 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLServerKeyExchange.java,v 1.7 2000/05/09 15:35:17 ekr Exp $
  
  */
  
***************
*** 48,53 ****
--- 48,54 ----
  import java.security.Signature;
  import java.security.PublicKey;
  import java.security.PrivateKey;
+ import java.security.MessageDigest;
  import cryptix.provider.rsa.RawRSAPublicKey;
  import COM.claymoresystems.crypto.DHPublicKey;
  import COM.claymoresystems.crypto.DHPrivateKey;
***************
*** 72,77 ****
--- 73,79 ----
  	 case SSLCipherSuite.SSL_KEX_RSA:
  	   conn.hs.rsaEphemeral=conn.ctx.getEphemeralRSAPrivateKey();
  	   par=rsa_params=new SSLRSAParams(conn.ctx.getEphemeralRSAPublicKey());
+            break;
  	 default:
  	   throw new Error("Unknown key exchange algorithm");
         }
***************
*** 79,102 ****
         byte[] kex_enc=kex_os.toByteArray();
  
         try {
  	 // Sign the buffer
  	 PrivateKey pk=conn.ctx.getPrivateKey();
! 	 String alg=pk.getAlgorithm();
  	 Signature sigChecker;
! 	 
! 	 if(alg.equals("DSA")){
  	   sigChecker=Signature.getInstance(alg,
  	     LoadProviders.getDSAProvider());
  	   sigChecker.setParameter("SecureRandom",
  	     conn.hs.rng);
  	 }
! 	 else {
  	   sigChecker=Signature.getInstance(alg);
  	 }
  	 sigChecker.initSign(pk);
! 	 sigChecker.update(conn.hs.client_random);
! 	 sigChecker.update(conn.hs.server_random);
! 	 sigChecker.update(kex_enc);
  
  	 byte[] sig=sigChecker.sign();
  
--- 81,109 ----
         byte[] kex_enc=kex_os.toByteArray();
  
         try {
+          byte[] toBeSigned;
+ 
  	 // Sign the buffer
  	 PrivateKey pk=conn.ctx.getPrivateKey();
! 	 String alg=conn.hs.cipher_suite.getSignatureAlgCV();
  	 Signature sigChecker;
! 
! 	 if(alg.equals("RawDSA")){
  	   sigChecker=Signature.getInstance(alg,
  	     LoadProviders.getDSAProvider());
  	   sigChecker.setParameter("SecureRandom",
  	     conn.hs.rng);
  	 }
! 	 else if(alg.equals("RawRSA")){
  	   sigChecker=Signature.getInstance(alg);
  	 }
+          else{
+            throw new Exception("Unknown key type");
+          }
  	 sigChecker.initSign(pk);
! 
!          toBeSigned=getToBeSigned(conn,alg,kex_enc);
!          sigChecker.update(toBeSigned);
  
  	 byte[] sig=sigChecker.sign();
  
***************
*** 151,163 ****
  
         try {
  	 // Check the signature
! 	 Signature sigChecker=Signature.getInstance(conn.hs.cipher_suite.
! 	   getSignatureAlgNorm());
  	 sigChecker.initVerify(pk);
- 	 sigChecker.update(conn.hs.client_random);
- 	 sigChecker.update(conn.hs.server_random);
- 	 sigChecker.update(kex_enc);
  
  	 
  	 SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"Signed Data", kex_enc);
  	 SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"Signature Data", signature.value);
--- 158,169 ----
  
         try {
  	 // Check the signature
!          String alg=conn.hs.cipher_suite.getSignatureAlgCV();
! 	 Signature sigChecker=Signature.getInstance(alg);
  	 sigChecker.initVerify(pk);
  
+          byte[] toBeSigned=getToBeSigned(conn,alg,kex_enc);
+          sigChecker.update(toBeSigned);
  	 
  	 SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"Signed Data", kex_enc);
  	 SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"Signature Data", signature.value);
***************
*** 171,176 ****
--- 177,212 ----
         conn.hs.peerEncryptionKey=tmp_pk;
         
         return rb;
+      }
+ 
+      private byte[] getToBeSigned(SSLConn conn,String alg,
+        byte[] kex_enc) throws java.security.NoSuchAlgorithmException{
+        byte[] toBeSigned;
+        MessageDigest md5,sha;
+        
+        sha=MessageDigest.getInstance("SHA-1");
+ 
+        sha.update(conn.hs.client_random);
+        sha.update(conn.hs.server_random);
+        sha.update(kex_enc);
+ 
+        if(alg.equals("RawRSA")){
+          md5=MessageDigest.getInstance("MD5");           
+          md5.update(conn.hs.client_random);
+          md5.update(conn.hs.server_random);
+          md5.update(kex_enc);
+ 
+          byte[] md5dig=md5.digest();
+          byte[] shadig=sha.digest();
+          toBeSigned=new byte[36];
+            
+          System.arraycopy(md5dig,0,toBeSigned,0,md5dig.length);
+          System.arraycopy(shadig,0,toBeSigned,16,shadig.length);           
+        }
+        else
+          toBeSigned=sha.digest();
+ 
+        return(toBeSigned);
       }
  }
         
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLSocket.java	Thu Oct  7 17:19:34 1999
--- src//COM/claymoresystems/ptls/SSLSocket.java	Thu Jun  1 10:38:25 2000
***************
*** 141,146 ****
--- 141,147 ----
       void internalSocket(SSLContext ctx)
         throws IOException {
         // Make the SSL connection
+        setTcpNoDelay(true);
         conn=new SSLConn(this,super.getInputStream(),
  	 super.getOutputStream(),ctx,SSLConn.SSL_CLIENT);
         conn.handshake();
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLv3MAC.java	Sun Dec  5 12:35:26 1999
--- src//COM/claymoresystems/ptls/SSLv3MAC.java	Thu Dec 16 21:08:40 1999
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLv3MAC.java,v 1.5 1999/06/22 06:24:56 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLv3MAC.java,v 1.6 1999/12/17 05:08:40 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/SSLv3PRF.java	Thu Oct  7 17:19:35 1999
--- src//COM/claymoresystems/ptls/SSLv3PRF.java	Tue May  9 08:35:17 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLv3PRF.java,v 1.3 1999/06/22 06:24:56 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLv3PRF.java,v 1.4 2000/05/09 15:35:17 ekr Exp $
  
  */
  
***************
*** 58,69 ****
  	 throw new Error("Internal inconsistency");
         }
       }
!      
       public void PRF(byte[] secret, int usage, byte[] client_random,
         byte[] server_random, byte[] out) {
         int off=0;
         byte[] buf=new byte[20];
         int i=0,j;
         
         for(off=0;off<out.length;off+=16){
  	 i++;
--- 58,92 ----
  	 throw new Error("Internal inconsistency");
         }
       }
! 
! 
       public void PRF(byte[] secret, int usage, byte[] client_random,
         byte[] server_random, byte[] out) {
+        
+        switch(usage){
+          case SSL_PRF_CLIENT_WRITE_KEY:
+          case SSL_PRF_SERVER_WRITE_KEY:
+          case SSL_PRF_CLIENT_WRITE_IV:
+          case SSL_PRF_SERVER_WRITE_IV:
+            PRFHash(secret,usage,client_random,server_random,out);
+            break;
+          default:
+            PRFPRF(secret,usage,client_random,server_random,out);
+        }
+      }
+      
+      public void PRFPRF(byte[] secret, int usage, byte[] client_random,
+        byte[] server_random, byte[] out) {
         int off=0;
         byte[] buf=new byte[20];
         int i=0,j;
+ 
+        SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
+          "Secret",secret);
+        SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
+          "Client random",client_random);
+        SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
+          "Server random",server_random);
         
         for(off=0;off<out.length;off+=16){
  	 i++;
***************
*** 72,105 ****
  	 for(j=0;j<i;j++){
  	   buf[j]=(byte)(64+i);
  	 }
! 	 
  	 sha.update(buf,0,i);
  	 sha.update(secret);
  
  	 switch(usage){
  	   case SSL_PRF_MASTER_SECRET:
- 	   case SSL_PRF_CLIENT_WRITE_KEY:
- 	   case SSL_PRF_CLIENT_WRITE_IV:
  	     sha.update(client_random);
  	     sha.update(server_random);
  	     break;
  	   case SSL_PRF_KEY_BLOCK:
- 	   case SSL_PRF_SERVER_WRITE_KEY:
- 	   case SSL_PRF_SERVER_WRITE_IV:
  	     sha.update(server_random);
  	     sha.update(client_random);
  	 }
! 
  	 byte[] sha_out=sha.digest();
! 	 
  	 md5.update(secret);
  	 md5.update(sha_out);
  
  	 byte[] md5_out=md5.digest();
  	 System.arraycopy(md5_out,0,out,off,
  	   (16>(out.length-off))?out.length-off:16);
         }
  
       }
  }
  
--- 95,154 ----
  	 for(j=0;j<i;j++){
  	   buf[j]=(byte)(64+i);
  	 }
! 
!          SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,"BUF",buf);
  	 sha.update(buf,0,i);
  	 sha.update(secret);
  
  	 switch(usage){
  	   case SSL_PRF_MASTER_SECRET:
  	     sha.update(client_random);
  	     sha.update(server_random);
  	     break;
  	   case SSL_PRF_KEY_BLOCK:
  	     sha.update(server_random);
  	     sha.update(client_random);
+              break;
+            default:
+              throw new InternalError("Bad usage");
  	 }
!          
  	 byte[] sha_out=sha.digest();
! 
!          SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
!            "SHA out",sha_out);
!          	 
  	 md5.update(secret);
  	 md5.update(sha_out);
  
  	 byte[] md5_out=md5.digest();
+          SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
+            "MD5 out",md5_out);
  	 System.arraycopy(md5_out,0,out,off,
  	   (16>(out.length-off))?out.length-off:16);
         }
  
+      }
+ 
+      public void PRFHash(byte[] secret, int usage, byte[] client_random,
+        byte[] server_random, byte[] out) {
+        md5.update(secret);
+ 
+        switch(usage){
+          case SSL_PRF_CLIENT_WRITE_KEY:
+          case SSL_PRF_CLIENT_WRITE_IV:
+            md5.update(client_random);
+            md5.update(server_random);
+            break;
+          default:
+            md5.update(server_random);
+            md5.update(client_random);
+        }
+ 
+        byte[] md5out=md5.digest();
+        SSLDebug.debug(SSLDebug.DEBUG_CRYPTO,
+          "PRFHash out",md5out);
+        System.arraycopy(md5out,0,out,0,16);
       }
  }
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/TLSMAC.java	Sun Dec  5 12:35:22 1999
--- src//COM/claymoresystems/ptls/TLSMAC.java	Thu Dec 16 21:08:40 1999
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: TLSMAC.java,v 1.5 1999/06/22 06:24:57 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: TLSMAC.java,v 1.6 1999/12/17 05:08:40 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/sslg/Certificate.java	Thu Oct  7 17:19:35 1999
--- src//COM/claymoresystems/sslg/Certificate.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: Certificate.java,v 1.5 1999/07/26 06:41:18 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: Certificate.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/sslg/SSLContextInt.java	Sat Dec  4 17:22:03 1999
--- src//COM/claymoresystems/sslg/SSLContextInt.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLContextInt.java,v 1.7 1999/12/05 01:22:03 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLContextInt.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/sslg/SSLPolicyInt.java	Mon Oct 11 15:42:51 1999
--- src//COM/claymoresystems/sslg/SSLPolicyInt.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLPolicyInt.java,v 1.7 1999/10/11 22:42:51 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLPolicyInt.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/sslg/SSLSocketXInt.java	Thu Oct  7 17:19:36 1999
--- src//COM/claymoresystems/sslg/SSLSocketXInt.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLSocketXInt.java,v 1.4 1999/06/22 06:24:58 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLSocketXInt.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/provider/test/DSATest.java	Thu Oct  7 17:19:38 1999
--- src//COM/claymoresystems/provider/test/DSATest.java	Tue May  9 08:03:08 2000
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: DSATest.java,v 1.4 1999/09/16 15:28:56 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: DSATest.java,v 1.1.1.1 2000/05/09 15:03:08 ekr Exp $
  
  */
  
*** /dist/ship/puretls-0.9b1/puretls-0.9b1/src/COM/claymoresystems/ptls/demo/SSLServer.java	Sun Dec  5 12:52:55 1999
--- src//COM/claymoresystems/ptls/demo/SSLServer.java	Thu Dec 16 21:08:40 1999
***************
*** 36,42 ****
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLServer.java,v 1.9 1999/11/24 21:57:29 ekr Exp $
  
  */
  
--- 36,42 ----
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
  
!    $Id: SSLServer.java,v 1.10 1999/12/17 05:08:40 ekr Exp $
  
  */
  
