jdk-sandbox: comparison jdk/src/share/classes/sun/security/ssl/SSLEngineImpl.java

equal deleted inserted replaced

-:6cc48540fcd7
+:a6f4d1626ad9
 private ProtocolVersion     protocolVersion = ProtocolVersion.DEFAULT;
 /*
 * Crypto state that's reinitialized when the session changes.
 */
-private MAC                 readMAC, writeMAC;
+private Authenticator       readAuthenticator, writeAuthenticator;
 private CipherBox           readCipher, writeCipher;
 // NOTE: compression state would be saved here
 /*
 * security parameters for secure renegotiation.
 * default read and write side cipher and MAC support
 *
 * Note:  compression support would go here too
 */
 readCipher = CipherBox.NULL;
-readMAC = MAC.NULL;
+readAuthenticator = MAC.NULL;
 writeCipher = CipherBox.NULL;
-writeMAC = MAC.NULL;
+writeAuthenticator = MAC.NULL;
 // default security parameters for secure renegotiation
 secureRenegotiation = false;
 clientVerifyData = new byte[0];
 serverVerifyData = new byte[0];
 CipherBox oldCipher = readCipher;
 try {
 readCipher = handshaker.newReadCipher();
-readMAC = handshaker.newReadMAC();
+readAuthenticator = handshaker.newReadAuthenticator();
 } catch (GeneralSecurityException e) {
 // "can't happen"
 throw new SSLException("Algorithm missing:  ", e);
 }
 CipherBox oldCipher = writeCipher;
 try {
 writeCipher = handshaker.newWriteCipher();
-writeMAC = handshaker.newWriteMAC();
+writeAuthenticator = handshaker.newWriteAuthenticator();
 } catch (GeneralSecurityException e) {
 // "can't happen"
 throw new SSLException("Algorithm missing:  ", e);
 }
 * encryption for privacy, and an integrity check ensuring
 * data origin authentication.  We do them both here, and
 * throw a fatal alert if the integrity check fails.
 */
 try {
-decryptedBB = inputRecord.decrypt(readMAC, readCipher, readBB);
+decryptedBB = inputRecord.decrypt(
+readAuthenticator, readCipher, readBB);
 } catch (BadPaddingException e) {
 byte alertType = (inputRecord.contentType() ==
 Record.ct_handshake) ?
 Alerts.alert_handshake_failure :
 Alerts.alert_bad_record_mac;
 fatal(alertType, e.getMessage(), e);
 }
 // if (!inputRecord.decompress(c))
 //     fatal(Alerts.alert_decompression_failure,
 //     "decompression failure");
 * of the last record cannot be wrapped.
 */
 hsStatus = getHSStatus(hsStatus);
 if (connectionState < cs_ERROR && !isInboundDone() &&
 (hsStatus == HandshakeStatus.NOT_HANDSHAKING)) {
-if (checkSequenceNumber(readMAC,
+if (checkSequenceNumber(readAuthenticator,
 inputRecord.contentType())) {
 hsStatus = getHSStatus(null);
 }
 }
 } // synchronized (this)
 private HandshakeStatus writeRecord(EngineOutputRecord eor,
 EngineArgs ea) throws IOException {
 // eventually compress as well.
 HandshakeStatus hsStatus =
-writer.writeRecord(eor, ea, writeMAC, writeCipher);
+writer.writeRecord(eor, ea, writeAuthenticator, writeCipher);
 /*
 * We only need to check the sequence number state for
 * non-handshaking record.
 *
 * of the last record cannot be wrapped.
 */
 hsStatus = getHSStatus(hsStatus);
 if (connectionState < cs_ERROR && !isOutboundDone() &&
 (hsStatus == HandshakeStatus.NOT_HANDSHAKING)) {
-if (checkSequenceNumber(writeMAC, eor.contentType())) {
+if (checkSequenceNumber(writeAuthenticator, eor.contentType())) {
 hsStatus = getHSStatus(null);
 }
 }
 /*
 /*
 * Non-application OutputRecords go through here.
 */
 void writeRecord(EngineOutputRecord eor) throws IOException {
 // eventually compress as well.
-writer.writeRecord(eor, writeMAC, writeCipher);
+writer.writeRecord(eor, writeAuthenticator, writeCipher);
 /*
 * Check the sequence number state
 *
 * Note that in order to maintain the connection I/O
 * when there is enough sequence number space left to
 * handle a few more records, so the sequence number
 * of the last record cannot be wrapped.
 */
 if ((connectionState < cs_ERROR) && !isOutboundDone()) {
-checkSequenceNumber(writeMAC, eor.contentType());
+checkSequenceNumber(writeAuthenticator, eor.contentType());
 }
 }
 //
 // Close code
 * implementation would need to wrap a sequence number, it must
 * renegotiate instead."
 *
 * Return true if the handshake status may be changed.
 */
-private boolean checkSequenceNumber(MAC mac, byte type)
+private boolean checkSequenceNumber(Authenticator authenticator, byte type)
 throws IOException {
 /*
 * Don't bother to check the sequence number for error or
 * closed connections, or NULL MAC
 */
-if (connectionState >= cs_ERROR || mac == MAC.NULL) {
+if (connectionState >= cs_ERROR || authenticator == MAC.NULL) {
 return false;
 }
 /*
 * Conservatively, close the connection immediately when the
 * sequence number is close to overflow
 */
-if (mac.seqNumOverflow()) {
+if (authenticator.seqNumOverflow()) {
 /*
 * TLS protocols do not define a error alert for sequence
 * number overflow. We use handshake_failure error alert
 * for handshaking and bad_record_mac for other records.
 */
 * Ask for renegotiation when need to renew sequence number.
 *
 * Don't bother to kickstart the renegotiation when the local is
 * asking for it.
 */
-if ((type != Record.ct_handshake) && mac.seqNumIsHuge()) {
+if ((type != Record.ct_handshake) && authenticator.seqNumIsHuge()) {
 if (debug != null && Debug.isOn("ssl")) {
 System.out.println(Thread.currentThread().getName() +
 ", request renegotiation " +
 "to avoid sequence number overflow");
 }

changeset 16913	a6f4d1626ad9
parent 16126	aad71cf676d7
child 19823	f0fd09e20528