jdk-sandbox: comparison jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java

equal deleted inserted replaced

-:0c7d705209c6
+:ec0224270f90
 * example, thread1 and thread2 both call wrap, thread1 gets the first
 * packet, thread2 gets the second packet, but thread2 gets control back
 * before thread1, and sends the data.  The receiving side would see an
 * out-of-order error.
 *
-* Handshaking is still done the same way as SSLSocket using the normal
-* InputStream/OutputStream abstactions.  We create
-* ClientHandshakers/ServerHandshakers, which produce/consume the
-* handshaking data.  The transfer of the data is largely handled by the
-* HandshakeInStream/HandshakeOutStreams.  Lastly, the
-* InputRecord/OutputRecords still have the same functionality, except
-* that they are overridden with EngineInputRecord/EngineOutputRecord,
-* which provide SSLEngine-specific functionality.
-*
-* Some of the major differences are:
-*
-* EngineInputRecord/EngineOutputRecord/EngineWriter:
-*
-*      In order to avoid writing whole new control flows for
-*      handshaking, and to reuse most of the same code, we kept most
-*      of the actual handshake code the same.  As usual, reading
-*      handshake data may trigger output of more handshake data, so
-*      what we do is write this data to internal buffers, and wait for
-*      wrap() to be called to give that data a ride.
-*
-*      All data is routed through
-*      EngineInputRecord/EngineOutputRecord.  However, all handshake
-*      data (ct_alert/ct_change_cipher_spec/ct_handshake) are passed
-*      through to the underlying InputRecord/OutputRecord, and
-*      the data uses the internal buffers.
-*
-*      Application data is handled slightly different, we copy the data
-*      directly from the src to the dst buffers, and do all operations
-*      on those buffers, saving the overhead of multiple copies.
-*
-*      In the case of an inbound record, unwrap passes the inbound
-*      ByteBuffer to the InputRecord.  If the data is handshake data,
-*      the data is read into the InputRecord's internal buffer.  If
-*      the data is application data, the data is decoded directly into
-*      the dst buffer.
-*
-*      In the case of an outbound record, when the write to the
-*      "real" OutputStream's would normally take place, instead we
-*      call back up to the EngineOutputRecord's version of
-*      writeBuffer, at which time we capture the resulting output in a
-*      ByteBuffer, and send that back to the EngineWriter for internal
-*      storage.
-*
-*      EngineWriter is responsible for "handling" all outbound
-*      data, be it handshake or app data, and for returning the data
-*      to wrap() in the proper order.
-*
-* ClientHandshaker/ServerHandshaker/Handshaker:
-*      Methods which relied on SSLSocket now have work on either
-*      SSLSockets or SSLEngines.
-*
 * @author Brad Wetmore
 */
 final public class SSLEngineImpl extends SSLEngine {
 //
 private static final int    cs_CLOSED = 6;
 /*
 * Once we're in state cs_CLOSED, we can continue to
 * wrap/unwrap until we finish sending/receiving the messages
-* for close_notify.  EngineWriter handles outboundDone.
+* for close_notify.
 */
 private boolean             inboundDone = false;
+private boolean             outboundDone = false;
-EngineWriter                writer;
 /*
 * The authentication context holds all information used to establish
 * who this end of the connection is (certificate chains, private keys,
 * etc) and who is trusted (e.g. as CAs or websites).
 */
 private Handshaker                  handshaker;
 private SSLSessionImpl              sess;
 private volatile SSLSessionImpl     handshakeSession;
-/*
-* Client authentication be off, requested, or required.
-*
-* This will be used by both this class and SSLSocket's variants.
-*/
-static final byte           clauth_none = 0;
-static final byte           clauth_requested = 1;
-static final byte           clauth_required = 2;
-/*
-* Flag indicating that the engine has received a ChangeCipherSpec message.
-*/
-private boolean             receivedCCS;
 /*
 * Flag indicating if the next record we receive MUST be a Finished
 * message. Temporarily set during the handshake to ensure that
 * a change cipher spec message is followed by a finished message.
 */
 /*
 * Per-connection private state that doesn't change when the
 * session is changed.
 */
-private byte                        doClientAuth;
+private ClientAuthType          doClientAuth =
-private boolean                     enableSessionCreation = true;
+ClientAuthType.CLIENT_AUTH_NONE;
-EngineInputRecord                   inputRecord;
+private boolean                 enableSessionCreation = true;
-EngineOutputRecord                  outputRecord;
+InputRecord                     inputRecord;
-private AccessControlContext        acc;
+OutputRecord                    outputRecord;
+private AccessControlContext    acc;
 // The cipher suites enabled for use on this connection.
 private CipherSuiteList             enabledCipherSuites;
 // the endpoint identification protocol
 private ProtocolList        enabledProtocols;
 /*
 * The SSL version associated with this connection.
 */
-private ProtocolVersion     protocolVersion = ProtocolVersion.DEFAULT;
+private ProtocolVersion     protocolVersion;
-/*
-* Crypto state that's reinitialized when the session changes.
-*/
-private Authenticator       readAuthenticator, writeAuthenticator;
-private CipherBox           readCipher, writeCipher;
-// NOTE: compression state would be saved here
 /*
 * security parameters for secure renegotiation.
 */
 private boolean             secureRenegotiation;
 private Object              wrapLock;
 private Object              unwrapLock;
 Object                      writeLock;
 /*
-* Is it the first application record to write?
-*/
-private boolean isFirstAppOutputRecord = true;
-/*
 * Whether local cipher suites preference in server side should be
 * honored during handshaking?
 */
 private boolean preferLocalCipherSuites = false;
+/*
+* whether DTLS handshake retransmissions should be enabled?
+*/
+private boolean enableRetransmissions = false;
+/*
+* The maximum expected network packet size for SSL/TLS/DTLS records.
+*/
+private int maximumPacketSize = 0;
+/*
+* Is this an instance for Datagram Transport Layer Security (DTLS)?
+*/
+private final boolean isDTLS;
 /*
 * Class and subclass dynamic debugging support
 */
 private static final Debug debug = Debug.getInstance("ssl");
 /**
 * Constructor for an SSLEngine from SSLContext, without
 * host/port hints.  This Engine will not be able to cache
 * sessions, but must renegotiate everything by hand.
 */
-SSLEngineImpl(SSLContextImpl ctx) {
+SSLEngineImpl(SSLContextImpl ctx, boolean isDTLS) {
 super();
-init(ctx);
+this.isDTLS = isDTLS;
+init(ctx, isDTLS);
 }
 /**
 * Constructor for an SSLEngine from SSLContext.
 */
-SSLEngineImpl(SSLContextImpl ctx, String host, int port) {
+SSLEngineImpl(SSLContextImpl ctx, String host, int port, boolean isDTLS) {
 super(host, port);
-init(ctx);
+this.isDTLS = isDTLS;
+init(ctx, isDTLS);
 }
 /**
 * Initializes the Engine
 */
-private void init(SSLContextImpl ctx) {
+private void init(SSLContextImpl ctx, boolean isDTLS) {
 if (debug != null && Debug.isOn("ssl")) {
 System.out.println("Using SSLEngineImpl.");
 }
 sslContext = ctx;
 sess = SSLSessionImpl.nullSession;
 handshakeSession = null;
+protocolVersion = isDTLS ?
+ProtocolVersion.DEFAULT_DTLS : ProtocolVersion.DEFAULT_TLS;
 /*
 * State is cs_START until we initialize the handshaker.
 *
 * Apps using SSLEngine are probably going to be server.
 * Somewhat arbitrary choice.
 */
 roleIsServer = true;
 connectionState = cs_START;
-receivedCCS = false;
 // default server name indication
 serverNames =
 Utilities.addToSNIServerNameList(serverNames, getPeerHost());
-/*
-* default read and write side cipher and MAC support
-*
-* Note:  compression support would go here too
-*/
-readCipher = CipherBox.NULL;
-readAuthenticator = MAC.NULL;
-writeCipher = CipherBox.NULL;
-writeAuthenticator = MAC.NULL;
 // default security parameters for secure renegotiation
 secureRenegotiation = false;
 clientVerifyData = new byte[0];
 serverVerifyData = new byte[0];
 * All outbound application data goes through this OutputRecord,
 * other data goes through their respective records created
 * elsewhere.  All inbound data goes through this one
 * input record.
 */
-outputRecord =
+if (isDTLS) {
-new EngineOutputRecord(Record.ct_application_data, this);
+enableRetransmissions = true;
-inputRecord = new EngineInputRecord(this);
-inputRecord.enableFormatChecks();
+// SSLEngine needs no record local buffer
+outputRecord = new DTLSOutputRecord();
-writer = new EngineWriter();
+inputRecord = new DTLSInputRecord();
+} else {
+outputRecord = new SSLEngineOutputRecord();
+inputRecord = new SSLEngineInputRecord();
+}
+maximumPacketSize = outputRecord.getMaxPacketSize();
 }
 /**
 * Initialize the handshaker object. This means:
 *
 }
 if (roleIsServer) {
 handshaker = new ServerHandshaker(this, sslContext,
 enabledProtocols, doClientAuth,
 protocolVersion, connectionState == cs_HANDSHAKE,
-secureRenegotiation, clientVerifyData, serverVerifyData);
+secureRenegotiation, clientVerifyData, serverVerifyData,
+isDTLS);
 handshaker.setSNIMatchers(sniMatchers);
 handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
 } else {
 handshaker = new ClientHandshaker(this, sslContext,
 enabledProtocols,
 protocolVersion, connectionState == cs_HANDSHAKE,
-secureRenegotiation, clientVerifyData, serverVerifyData);
+secureRenegotiation, clientVerifyData, serverVerifyData,
+isDTLS);
 handshaker.setSNIServerNames(serverNames);
 }
+handshaker.setMaximumPacketSize(maximumPacketSize);
 handshaker.setEnabledCipherSuites(enabledCipherSuites);
 handshaker.setEnableSessionCreation(enableSessionCreation);
+outputRecord.initHandshaker();
 }
 /*
 * Report the current status of the Handshaker
 */
 if (hss != null) {
 return hss;
 }
 synchronized (this) {
-if (writer.hasOutboundData()) {
+if (!outputRecord.isEmpty()) {
+// If no handshaking, special case to wrap alters.
 return HandshakeStatus.NEED_WRAP;
 } else if (handshaker != null) {
 if (handshaker.taskOutstanding()) {
 return HandshakeStatus.NEED_TASK;
+} else if (isDTLS && !inputRecord.isEmpty()) {
+return HandshakeStatus.NEED_UNWRAP_AGAIN;
 } else {
 return HandshakeStatus.NEED_UNWRAP;
 }
 } else if (connectionState == cs_CLOSED) {
 /*
 public SSLEngineResult.HandshakeStatus getHandshakeStatus() {
 return getHSStatus(null);
 }
 /*
-* When a connection finishes handshaking by enabling use of a newly
-* negotiated session, each end learns about it in two halves (read,
-* and write).  When both read and write ciphers have changed, and the
-* last handshake message has been read, the connection has joined
-* (rejoined) the new session.
-*
-* NOTE:  The SSLv3 spec is rather unclear on the concepts here.
-* Sessions don't change once they're established (including cipher
-* suite and master secret) but connections can join them (and leave
-* them).  They're created by handshaking, though sometime handshaking
-* causes connections to join up with pre-established sessions.
-*
-* Synchronized on "this" from readRecord.
-*/
-private void changeReadCiphers() throws SSLException {
-if (connectionState != cs_HANDSHAKE
-&& connectionState != cs_RENEGOTIATE) {
-throw new SSLProtocolException(
-"State error, change cipher specs");
-}
-// ... create decompressor
-CipherBox oldCipher = readCipher;
-try {
-readCipher = handshaker.newReadCipher();
-readAuthenticator = handshaker.newReadAuthenticator();
-} catch (GeneralSecurityException e) {
-// "can't happen"
-throw new SSLException("Algorithm missing:  ", e);
-}
-/*
-* Dispose of any intermediate state in the underlying cipher.
-* For PKCS11 ciphers, this will release any attached sessions,
-* and thus make finalization faster.
-*
-* Since MAC's doFinal() is called for every SSL/TLS packet, it's
-* not necessary to do the same with MAC's.
-*/
-oldCipher.dispose();
-}
-/*
 * used by Handshaker to change the active write cipher, follows
 * the output of the CCS message.
 *
 * Also synchronized on "this" from readRecord/delegatedTask.
 */
-void changeWriteCiphers() throws SSLException {
+void changeWriteCiphers() throws IOException {
-if (connectionState != cs_HANDSHAKE
-&& connectionState != cs_RENEGOTIATE) {
+Authenticator writeAuthenticator;
-throw new SSLProtocolException(
+CipherBox writeCipher;
-"State error, change cipher specs");
-}
-// ... create compressor
-CipherBox oldCipher = writeCipher;
 try {
 writeCipher = handshaker.newWriteCipher();
 writeAuthenticator = handshaker.newWriteAuthenticator();
 } catch (GeneralSecurityException e) {
 // "can't happen"
 throw new SSLException("Algorithm missing:  ", e);
 }
-// See comment above.
+outputRecord.changeWriteCiphers(writeAuthenticator, writeCipher);
-oldCipher.dispose();
-// reset the flag of the first application record
-isFirstAppOutputRecord = true;
 }
 /*
 * Updates the SSL version associated with this connection.
 * Called from Handshaker once it has determined the negotiated version.
 throw new SSLException("SSLEngine is closing/closed");
 }
 //
 // Kickstart handshake state machine if we need to ...
-//
-// Note that handshaker.kickstart() writes the message
-// to its HandshakeOutStream, which calls back into
-// SSLSocketImpl.writeRecord() to send it.
 //
 if (!handshaker.activated()) {
 // prior to handshaking, activate the handshake
 if (connectionState == cs_RENEGOTIATE) {
 // don't use SSLv2Hello when renegotiating
 if (connectionState == cs_HANDSHAKE) {
 // initial handshake, no kickstart message to send
 } else {
 // we want to renegotiate, send hello request
 handshaker.kickstart();
-// hello request is not included in the handshake
-// hashes, reset them
-handshaker.handshakeHash.reset();
 }
 }
 }
 }
 /**
 * Unwraps a buffer.  Does a variety of checks before grabbing
 * the unwrapLock, which blocks multiple unwraps from occurring.
 */
 @Override
-public SSLEngineResult unwrap(ByteBuffer netData, ByteBuffer [] appData,
+public SSLEngineResult unwrap(ByteBuffer netData, ByteBuffer[] appData,
 int offset, int length) throws SSLException {
-EngineArgs ea = new EngineArgs(netData, appData, offset, length);
+// check engine parameters
+checkEngineParas(netData, appData, offset, length, false);
 try {
 synchronized (unwrapLock) {
-return readNetRecord(ea);
+return readNetRecord(netData, appData, offset, length);
 }
+} catch (SSLProtocolException spe) {
+// may be an unexpected handshake message
+fatal(Alerts.alert_unexpected_message, spe.getMessage(), spe);
+return null;  // make compiler happy
 } catch (Exception e) {
 /*
 * Don't reset position so it looks like we didn't
 * consume anything.  We did consume something, and it
 * got us into this situation, so report that much back.
 * Our days of consuming are now over anyway.
 */
 fatal(Alerts.alert_internal_error,
 "problem unwrapping net record", e);
 return null;  // make compiler happy
-} finally {
+}
+}
+private static void checkEngineParas(ByteBuffer netData,
+ByteBuffer[] appData, int offset, int len, boolean isForWrap) {
+if ((netData == null) || (appData == null)) {
+throw new IllegalArgumentException("src/dst is null");
+}
+if ((offset < 0) || (len < 0) || (offset > appData.length - len)) {
+throw new IndexOutOfBoundsException();
+}
+/*
+* If wrapping, make sure the destination bufffer is writable.
+*/
+if (isForWrap && netData.isReadOnly()) {
+throw new ReadOnlyBufferException();
+}
+for (int i = offset; i < offset + len; i++) {
+if (appData[i] == null) {
+throw new IllegalArgumentException(
+"appData[" + i + "] == null");
+}
 /*
-* Just in case something failed to reset limits properly.
+* If unwrapping, make sure the destination bufffers are writable.
 */
-ea.resetLim();
+if (!isForWrap && appData[i].isReadOnly()) {
+throw new ReadOnlyBufferException();
+}
 }
 }
 /*
 * Makes additional checks for unwrap, but this time more
 * specific to this packet and the current state of the machine.
 */
-private SSLEngineResult readNetRecord(EngineArgs ea) throws IOException {
+private SSLEngineResult readNetRecord(ByteBuffer netData,
+ByteBuffer[] appData, int offset, int length) throws IOException {
 Status status = null;
 HandshakeStatus hsStatus = null;
 /*
 * doing any more unwrapping, because we could be in the middle
 * of receiving a handshake message, for example, a finished
 * message which would change the ciphers.
 */
 if (hsStatus == HandshakeStatus.NEED_TASK) {
+return new SSLEngineResult(Status.OK, hsStatus, 0, 0);
+}
+if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) {
+Plaintext plainText = null;
+try {
+plainText = readRecord(null, null, 0, 0);
+} catch (SSLException e) {
+throw e;
+} catch (IOException e) {
+throw new SSLException("readRecord", e);
+}
+status = (isInboundDone() ? Status.CLOSED : Status.OK);
+hsStatus = getHSStatus(plainText.handshakeStatus);
 return new SSLEngineResult(
-Status.OK, hsStatus, 0, 0);
+status, hsStatus, 0, 0, plainText.recordSN);
 }
 /*
 * Check the packet to make sure enough is here.
 * This will also indirectly check for 0 len packets.
 */
-int packetLen = inputRecord.bytesInCompletePacket(ea.netData);
+int packetLen = 0;
+try {
+packetLen = inputRecord.bytesInCompletePacket(netData);
+} catch (SSLException ssle) {
+// Need to discard invalid records for DTLS protocols.
+if (isDTLS) {
+if (debug != null && Debug.isOn("ssl")) {
+System.out.println(
+Thread.currentThread().getName() +
+" discard invalid record: " + ssle);
+}
+// invalid, discard the entire data [section 4.1.2.7, RFC 6347]
+int deltaNet = netData.remaining();
+netData.position(netData.limit());
+status = (isInboundDone() ? Status.CLOSED : Status.OK);
+hsStatus = getHSStatus(hsStatus);
+return new SSLEngineResult(status, hsStatus, deltaNet, 0, -1L);
+} else {
+throw ssle;
+}
+}
 // Is this packet bigger than SSL/TLS normally allows?
 if (packetLen > sess.getPacketBufferSize()) {
-if (packetLen > Record.maxLargeRecordSize) {
+int largestRecordSize = isDTLS ?
-throw new SSLProtocolException(
+DTLSRecord.maxRecordSize : SSLRecord.maxLargeRecordSize;
-"Input SSL/TLS record too big: max = " +
+if ((packetLen <= largestRecordSize) && !isDTLS) {
-Record.maxLargeRecordSize +
-" len = " + packetLen);
-} else {
 // Expand the expected maximum packet/application buffer
 // sizes.
+//
+// Only apply to SSL/TLS protocols.
+// Old behavior: shall we honor the System Property
+// "jsse.SSLEngine.acceptLargeFragments" if it is "false"?
 sess.expandBufferSizes();
 }
+// check the packet again
+largestRecordSize = sess.getPacketBufferSize();
+if (packetLen > largestRecordSize) {
+throw new SSLProtocolException(
+"Input record too big: max = " +
+largestRecordSize + " len = " + packetLen);
+}
+}
+int netPos = netData.position();
+int appRemains = 0;
+for (int i = offset; i < offset + length; i++) {
+if (appData[i] == null) {
+throw new IllegalArgumentException(
+"appData[" + i + "] == null");
+}
+appRemains += appData[i].remaining();
 }
 /*
 * Check for OVERFLOW.
 *
-* To be considered: We could delay enforcing the application buffer
+* Delay enforcing the application buffer free space requirement
-* free space requirement until after the initial handshaking.
+* until after the initial handshaking.
 */
-if ((packetLen - Record.headerSize) > ea.getAppRemaining()) {
+// synchronize connectionState?
-return new SSLEngineResult(Status.BUFFER_OVERFLOW, hsStatus, 0, 0);
+if ((connectionState == cs_DATA) ||
+(connectionState == cs_RENEGOTIATE)) {
+int FragLen = inputRecord.estimateFragmentSize(packetLen);
+if (FragLen > appRemains) {
+return new SSLEngineResult(
+Status.BUFFER_OVERFLOW, hsStatus, 0, 0);
+}
 }
 // check for UNDERFLOW.
-if ((packetLen == -1) || (ea.netData.remaining() < packetLen)) {
+if ((packetLen == -1) || (netData.remaining() < packetLen)) {
-return new SSLEngineResult(
+return new SSLEngineResult(Status.BUFFER_UNDERFLOW, hsStatus, 0, 0);
-Status.BUFFER_UNDERFLOW, hsStatus, 0, 0);
 }
 /*
 * We're now ready to actually do the read.
-* The only result code we really need to be exactly
+*/
-* right is the HS finished, for signaling to
+Plaintext plainText = null;
-* HandshakeCompletedListeners.
-*/
 try {
-hsStatus = readRecord(ea);
+plainText = readRecord(netData, appData, offset, length);
 } catch (SSLException e) {
 throw e;
 } catch (IOException e) {
 throw new SSLException("readRecord", e);
 }
 * status, which is more representative of the current state.
 *
 * status above should cover:  FINISHED, NEED_TASK
 */
 status = (isInboundDone() ? Status.CLOSED : Status.OK);
-hsStatus = getHSStatus(hsStatus);
+hsStatus = getHSStatus(plainText.handshakeStatus);
-return new SSLEngineResult(status, hsStatus,
+int deltaNet = netData.position() - netPos;
-ea.deltaNet(), ea.deltaApp());
+int deltaApp = appRemains;
+for (int i = offset; i < offset + length; i++) {
+deltaApp -= appData[i].remaining();
+}
+return new SSLEngineResult(
+status, hsStatus, deltaNet, deltaApp, plainText.recordSN);
+}
+// the caller have synchronized readLock
+void expectingFinishFlight() {
+inputRecord.expectingFinishFlight();
 }
 /*
 * Actually do the read record processing.
 *
 * Returns a Status if it can make specific determinations
 * of the engine state.  In particular, we need to signal
 * that a handshake just completed.
 *
 * It would be nice to be symmetrical with the write side and move
-* the majority of this to EngineInputRecord, but there's too much
+* the majority of this to SSLInputRecord, but there's too much
 * SSLEngine state to do that cleanly.  It must still live here.
 */
-private HandshakeStatus readRecord(EngineArgs ea) throws IOException {
+private Plaintext readRecord(ByteBuffer netData,
+ByteBuffer[] appData, int offset, int length) throws IOException {
-HandshakeStatus hsStatus = null;
 /*
 * The various operations will return new sliced BB's,
 * this will avoid having to worry about positions and
 * limits in the netBB.
 */
-ByteBuffer readBB = null;
+Plaintext plainText = null;
-ByteBuffer decryptedBB = null;
+if (getConnectionState() == cs_ERROR) {
-if (getConnectionState() != cs_ERROR) {
+return Plaintext.PLAINTEXT_NULL;
+}
-/*
-* Read a record ... maybe emitting an alert if we get a
+/*
-* comprehensible but unsupported "hello" message during
+* Read a record ... maybe emitting an alert if we get a
-* format checking (e.g. V2).
+* comprehensible but unsupported "hello" message during
-*/
+* format checking (e.g. V2).
-try {
+*/
-readBB = inputRecord.read(ea.netData);
+try {
-} catch (IOException e) {
+if (isDTLS) {
-fatal(Alerts.alert_unexpected_message, e);
+// Don't process the incoming record until all of the
-}
+// buffered records get handled.
+plainText = inputRecord.acquirePlaintext();
+}
+if ((!isDTLS || plainText == null) && netData != null) {
+plainText = inputRecord.decode(netData);
+}
+} catch (UnsupportedOperationException unsoe) {         // SSLv2Hello
+// Hack code to deliver SSLv2 error message for SSL/TLS connections.
+if (!isDTLS) {
+outputRecord.encodeV2NoCipher();
+}
+fatal(Alerts.alert_unexpected_message, unsoe);
+} catch (BadPaddingException e) {
 /*
 * The basic SSLv3 record protection involves (optional)
 * encryption for privacy, and an integrity check ensuring
 * data origin authentication.  We do them both here, and
 * throw a fatal alert if the integrity check fails.
 */
-try {
+byte alertType = (connectionState != cs_DATA) ?
-decryptedBB = inputRecord.decrypt(
+Alerts.alert_handshake_failure :
-readAuthenticator, readCipher, readBB);
+Alerts.alert_bad_record_mac;
-} catch (BadPaddingException e) {
+fatal(alertType, e.getMessage(), e);
-byte alertType = (inputRecord.contentType() ==
+} catch (SSLHandshakeException she) {
-Record.ct_handshake) ?
+// may be record sequence number overflow
-Alerts.alert_handshake_failure :
+fatal(Alerts.alert_handshake_failure, she);
-Alerts.alert_bad_record_mac;
+} catch (IOException ioe) {
-fatal(alertType, e.getMessage(), e);
+fatal(Alerts.alert_unexpected_message, ioe);
 }
-// if (!inputRecord.decompress(c))
+// plainText should never be null for TLS protocols
-//     fatal(Alerts.alert_decompression_failure,
+HandshakeStatus hsStatus = null;
-//     "decompression failure");
+if (!isDTLS || plainText != null) {
+hsStatus = processInputRecord(plainText, appData, offset, length);
+}
-/*
-* Process the record.
+if (hsStatus == null) {
-*/
+hsStatus = getHSStatus(null);
+}
-synchronized (this) {
-switch (inputRecord.contentType()) {
+if (plainText == null) {
-case Record.ct_handshake:
+plainText = new Plaintext();
-/*
+}
-* Handshake messages always go to a pending session
+plainText.handshakeStatus = hsStatus;
-* handshaker ... if there isn't one, create one.  This
-* must work asynchronously, for renegotiation.
+return plainText;
-*
+}
-* NOTE that handshaking will either resume a session
-* which was in the cache (and which might have other
+/*
-* connections in it already), or else will start a new
+* Process the record.
-* session (new keys exchanged) with just this connection
+*/
-* in it.
+private synchronized HandshakeStatus processInputRecord(
-*/
+Plaintext plainText,
-initHandshaker();
+ByteBuffer[] appData, int offset, int length) throws IOException {
-if (!handshaker.activated()) {
-// prior to handshaking, activate the handshake
+HandshakeStatus hsStatus = null;
-if (connectionState == cs_RENEGOTIATE) {
+switch (plainText.contentType) {
-// don't use SSLv2Hello when renegotiating
+case Record.ct_handshake:
-handshaker.activate(protocolVersion);
+/*
-} else {
+* Handshake messages always go to a pending session
-handshaker.activate(null);
+* handshaker ... if there isn't one, create one.  This
-}
+* must work asynchronously, for renegotiation.
+*
+* NOTE that handshaking will either resume a session
+* which was in the cache (and which might have other
+* connections in it already), or else will start a new
+* session (new keys exchanged) with just this connection
+* in it.
+*/
+initHandshaker();
+if (!handshaker.activated()) {
+// prior to handshaking, activate the handshake
+if (connectionState == cs_RENEGOTIATE) {
+// don't use SSLv2Hello when renegotiating
+handshaker.activate(protocolVersion);
+} else {
+handshaker.activate(null);
 }
+}
-/*
-* process the handshake record ... may contain just
+/*
-* a partial handshake message or multiple messages.
+* process the handshake record ... may contain just
-*
+* a partial handshake message or multiple messages.
-* The handshaker state machine will ensure that it's
+*
-* a finished message.
+* The handshaker state machine will ensure that it's
-*/
+* a finished message.
-handshaker.process_record(inputRecord, expectingFinished);
+*/
-expectingFinished = false;
+handshaker.processRecord(plainText.fragment, expectingFinished);
+expectingFinished = false;
-if (handshaker.invalidated) {
-handshaker = null;
+if (handshaker.invalidated) {
-receivedCCS = false;
+finishHandshake();
-// if state is cs_RENEGOTIATE, revert it to cs_DATA
-if (connectionState == cs_RENEGOTIATE) {
+// if state is cs_RENEGOTIATE, revert it to cs_DATA
-connectionState = cs_DATA;
+if (connectionState == cs_RENEGOTIATE) {
-}
-} else if (handshaker.isDone()) {
-// reset the parameters for secure renegotiation.
-secureRenegotiation =
-handshaker.isSecureRenegotiation();
-clientVerifyData = handshaker.getClientVerifyData();
-serverVerifyData = handshaker.getServerVerifyData();
-sess = handshaker.getSession();
-handshakeSession = null;
-if (!writer.hasOutboundData()) {
-hsStatus = HandshakeStatus.FINISHED;
-}
-handshaker = null;
 connectionState = cs_DATA;
-receivedCCS = false;
-// No handshakeListeners here.  That's a
-// SSLSocket thing.
-} else if (handshaker.taskOutstanding()) {
-hsStatus = HandshakeStatus.NEED_TASK;
 }
-break;
+} else if (handshaker.isDone()) {
+// reset the parameters for secure renegotiation.
-case Record.ct_application_data:
+secureRenegotiation =
-// Pass this right back up to the application.
+handshaker.isSecureRenegotiation();
-if ((connectionState != cs_DATA)
+clientVerifyData = handshaker.getClientVerifyData();
-&& (connectionState != cs_RENEGOTIATE)
+serverVerifyData = handshaker.getServerVerifyData();
-&& (connectionState != cs_CLOSED)) {
-throw new SSLProtocolException(
+sess = handshaker.getSession();
+handshakeSession = null;
+if (outputRecord.isEmpty()) {
+hsStatus = finishHandshake();
+connectionState = cs_DATA;
+}
+// No handshakeListeners here.  That's a
+// SSLSocket thing.
+} else if (handshaker.taskOutstanding()) {
+hsStatus = HandshakeStatus.NEED_TASK;
+}
+break;
+case Record.ct_application_data:
+// Pass this right back up to the application.
+if ((connectionState != cs_DATA)
+&& (connectionState != cs_RENEGOTIATE)
+&& (connectionState != cs_CLOSED)) {
+throw new SSLProtocolException(
 "Data received in non-data state: " +
 connectionState);
 }
 if (expectingFinished) {
 throw new SSLProtocolException
 ("Expecting finished message, received data");
 }
-/*
+if (!inboundDone) {
-* Don't return data once the inbound side is
+ByteBuffer fragment = plainText.fragment;
-* closed.
+int remains = fragment.remaining();
-*/
-if (!inboundDone) {
+// Should have enough room in appData.
-ea.scatter(decryptedBB.slice());
+for (int i = offset;
-}
+((i < (offset + length)) && (remains > 0)); i++) {
-break;
+int amount = Math.min(appData[i].remaining(), remains);
+fragment.limit(fragment.position() + amount);
-case Record.ct_alert:
+appData[i].put(fragment);
-recvAlert();
+remains -= amount;
-break;
-case Record.ct_change_cipher_spec:
-if ((connectionState != cs_HANDSHAKE
-&& connectionState != cs_RENEGOTIATE)
-|| !handshaker.sessionKeysCalculated()
-|| receivedCCS) {
-// For the CCS message arriving in the wrong state
-fatal(Alerts.alert_unexpected_message,
-"illegal change cipher spec msg, conn state = "
-+ connectionState + ", handshake state = "
-+ handshaker.state);
-} else if (inputRecord.available() != 1
-|| inputRecord.read() != 1) {
-// For structural/content issues with the CCS
-fatal(Alerts.alert_unexpected_message,
-"Malformed change cipher spec msg");
-}
-// Once we've received CCS, update the flag.
-// If the remote endpoint sends it again in this handshake
-// we won't process it.
-receivedCCS = true;
-//
-// The first message after a change_cipher_spec
-// record MUST be a "Finished" handshake record,
-// else it's a protocol violation.  We force this
-// to be checked by a minor tweak to the state
-// machine.
-//
-changeReadCiphers();
-// next message MUST be a finished message
-expectingFinished = true;
-break;
-default:
-//
-// TLS requires that unrecognized records be ignored.
-//
-if (debug != null && Debug.isOn("ssl")) {
-System.out.println(Thread.currentThread().getName() +
-", Received record type: "
-+ inputRecord.contentType());
-}
-break;
-} // switch
-/*
-* We only need to check the sequence number state for
-* non-handshaking record.
-*
-* Note that in order to maintain the handshake status
-* properly, we check the sequence number after the last
-* record reading process. As we request renegotiation
-* or close the connection for wrapped sequence number
-* when there is enough sequence number space left to
-* handle a few more records, so the sequence number
-* of the last record cannot be wrapped.
-*/
-hsStatus = getHSStatus(hsStatus);
-if (connectionState < cs_ERROR && !isInboundDone() &&
-(hsStatus == HandshakeStatus.NOT_HANDSHAKING)) {
-if (checkSequenceNumber(readAuthenticator,
-inputRecord.contentType())) {
-hsStatus = getHSStatus(null);
 }
 }
-} // synchronized (this)
+break;
+case Record.ct_alert:
+recvAlert(plainText.fragment);
+break;
+case Record.ct_change_cipher_spec:
+if ((connectionState != cs_HANDSHAKE
+&& connectionState != cs_RENEGOTIATE)) {
+// For the CCS message arriving in the wrong state
+fatal(Alerts.alert_unexpected_message,
+"illegal change cipher spec msg, conn state = "
++ connectionState);
+} else if (plainText.fragment.remaining() != 1
+|| plainText.fragment.get() != 1) {
+// For structural/content issues with the CCS
+fatal(Alerts.alert_unexpected_message,
+"Malformed change cipher spec msg");
+}
+//
+// The first message after a change_cipher_spec
+// record MUST be a "Finished" handshake record,
+// else it's a protocol violation.  We force this
+// to be checked by a minor tweak to the state
+// machine.
+//
+handshaker.receiveChangeCipherSpec();
+CipherBox readCipher;
+Authenticator readAuthenticator;
+try {
+readCipher = handshaker.newReadCipher();
+readAuthenticator = handshaker.newReadAuthenticator();
+} catch (GeneralSecurityException e) {
+// can't happen
+throw new SSLException("Algorithm missing:  ", e);
+}
+inputRecord.changeReadCiphers(readAuthenticator, readCipher);
+// next message MUST be a finished message
+expectingFinished = true;
+break;
+default:
+//
+// TLS requires that unrecognized records be ignored.
+//
+if (debug != null && Debug.isOn("ssl")) {
+System.out.println(Thread.currentThread().getName() +
+", Received record type: " + plainText.contentType);
+}
+break;
+} // switch
+/*
+* We only need to check the sequence number state for
+* non-handshaking record.
+*
+* Note that in order to maintain the handshake status
+* properly, we check the sequence number after the last
+* record reading process. As we request renegotiation
+* or close the connection for wrapped sequence number
+* when there is enough sequence number space left to
+* handle a few more records, so the sequence number
+* of the last record cannot be wrapped.
+*/
+hsStatus = getHSStatus(hsStatus);
+if (connectionState < cs_ERROR && !isInboundDone() &&
+(hsStatus == HandshakeStatus.NOT_HANDSHAKING) &&
+(inputRecord.seqNumIsHuge())) {
+/*
+* Ask for renegotiation when need to renew sequence number.
+*
+* Don't bother to kickstart the renegotiation when the local is
+* asking for it.
+*/
+if (debug != null && Debug.isOn("ssl")) {
+System.out.println(Thread.currentThread().getName() +
+", request renegotiation " +
+"to avoid sequence number overflow");
+}
+beginHandshake();
+hsStatus = getHSStatus(null);
 }
 return hsStatus;
 }
 /**
 * Wraps a buffer.  Does a variety of checks before grabbing
 * the wrapLock, which blocks multiple wraps from occurring.
 */
 @Override
-public SSLEngineResult wrap(ByteBuffer [] appData,
+public SSLEngineResult wrap(ByteBuffer[] appData,
 int offset, int length, ByteBuffer netData) throws SSLException {
-EngineArgs ea = new EngineArgs(appData, offset, length, netData);
+// check engine parameters
+checkEngineParas(netData, appData, offset, length, true);
 /*
 * We can be smarter about using smaller buffer sizes later.
-* For now, force it to be large enough to handle any
+* For now, force it to be large enough to handle any valid record.
-* valid SSL/TLS record.
+*/
-*/
+if (netData.remaining() < sess.getPacketBufferSize()) {
-if (netData.remaining() < EngineOutputRecord.maxRecordSize) {
 return new SSLEngineResult(
 Status.BUFFER_OVERFLOW, getHSStatus(null), 0, 0);
 }
 try {
 synchronized (wrapLock) {
-return writeAppRecord(ea);
+return writeAppRecord(appData, offset, length, netData);
 }
+} catch (SSLProtocolException spe) {
+// may be an unexpected handshake message
+fatal(Alerts.alert_unexpected_message, spe.getMessage(), spe);
+return null;  // make compiler happy
 } catch (Exception e) {
-ea.resetPos();
 fatal(Alerts.alert_internal_error,
 "problem wrapping app data", e);
 return null;  // make compiler happy
-} finally {
-/*
-* Just in case something didn't reset limits properly.
-*/
-ea.resetLim();
 }
 }
 /*
 * Makes additional checks for unwrap, but this time more
 * specific to this packet and the current state of the machine.
 */
-private SSLEngineResult writeAppRecord(EngineArgs ea) throws IOException {
+private SSLEngineResult writeAppRecord(ByteBuffer[] appData,
+int offset, int length, ByteBuffer netData) throws IOException {
 Status status = null;
 HandshakeStatus hsStatus = null;
 /*
 checkTaskThrown();
 /*
 * short circuit if we're closed/closing.
 */
-if (writer.isOutboundDone()) {
+if (isOutboundDone()) {
 return new SSLEngineResult(Status.CLOSED, getHSStatus(null), 0, 0);
 }
 /*
 * If we're still in cs_HANDSHAKE, make sure it's been
 * started.
 */
 synchronized (this) {
 if ((connectionState == cs_HANDSHAKE) ||
 (connectionState == cs_START)) {
 kickstartHandshake();
 /*
 * If there's no HS data available to write, we can return
 * without trying to wrap anything.
 */
 hsStatus = getHSStatus(null);
 if (hsStatus == HandshakeStatus.NEED_UNWRAP) {
-return new SSLEngineResult(Status.OK, hsStatus, 0, 0);
+/*
+* For DTLS, if the handshake state is
+* HandshakeStatus.NEED_UNWRAP, a call to SSLEngine.wrap()
+* means that the previous handshake packets (if delivered)
+* get lost, and need retransmit the handshake messages.
+*/
+if (!isDTLS || !enableRetransmissions ||
+(handshaker == null) || outputRecord.firstMessage) {
+return new SSLEngineResult(Status.OK, hsStatus, 0, 0);
+}   // otherwise, need retransmission
 }
 }
 }
 /*
 * doing any more wrapping, because we could be in the middle
 * of receiving a handshake message, for example, a finished
 * message which would change the ciphers.
 */
 if (hsStatus == HandshakeStatus.NEED_TASK) {
-return new SSLEngineResult(
+return new SSLEngineResult(Status.OK, hsStatus, 0, 0);
-Status.OK, hsStatus, 0, 0);
 }
 /*
 * This will obtain any waiting outbound data, or will
 * process the outbound appData.
 */
+int netPos = netData.position();
+int appRemains = 0;
+for (int i = offset; i < offset + length; i++) {
+if (appData[i] == null) {
+throw new IllegalArgumentException(
+"appData[" + i + "] == null");
+}
+appRemains += appData[i].remaining();
+}
+Ciphertext ciphertext = null;
 try {
-synchronized (writeLock) {
+if (appRemains != 0) {
-hsStatus = writeRecord(outputRecord, ea);
+synchronized (writeLock) {
+ciphertext = writeRecord(appData, offset, length, netData);
+}
+} else {
+synchronized (writeLock) {
+ciphertext = writeRecord(null, 0, 0, netData);
+}
 }
 } catch (SSLException e) {
 throw e;
 } catch (IOException e) {
 throw new SSLException("Write problems", e);
 * Now check for the remaining cases.
 *
 * status above should cover:  NEED_WRAP/FINISHED
 */
 status = (isOutboundDone() ? Status.CLOSED : Status.OK);
-hsStatus = getHSStatus(hsStatus);
+hsStatus = getHSStatus(ciphertext.handshakeStatus);
-return new SSLEngineResult(status, hsStatus,
+int deltaNet = netData.position() - netPos;
-ea.deltaApp(), ea.deltaNet());
+int deltaApp = appRemains;
+for (int i = offset; i < offset + length; i++) {
+deltaApp -= appData[i].remaining();
+}
+return new SSLEngineResult(
+status, hsStatus, deltaApp, deltaNet, ciphertext.recordSN);
 }
 /*
 * Central point to write/get all of the outgoing data.
 */
-private HandshakeStatus writeRecord(EngineOutputRecord eor,
+private Ciphertext writeRecord(ByteBuffer[] appData,
-EngineArgs ea) throws IOException {
+int offset, int length, ByteBuffer netData) throws IOException {
-// eventually compress as well.
+Ciphertext ciphertext = null;
-HandshakeStatus hsStatus =
+try {
-writer.writeRecord(eor, ea, writeAuthenticator, writeCipher);
+// Acquire the buffered to-be-delivered records or retransmissions.
+//
+// May have buffered records, or need retransmission if handshaking.
+if (!outputRecord.isEmpty() || (handshaker != null)) {
+ciphertext = outputRecord.acquireCiphertext(netData);
+}
+if ((ciphertext == null) && (appData != null)) {
+ciphertext = outputRecord.encode(
+appData, offset, length, netData);
+}
+} catch (SSLHandshakeException she) {
+// may be record sequence number overflow
+fatal(Alerts.alert_handshake_failure, she);
+return Ciphertext.CIPHERTEXT_NULL;   // make the complier happy
+} catch (IOException e) {
+fatal(Alerts.alert_unexpected_message, e);
+return Ciphertext.CIPHERTEXT_NULL;   // make the complier happy
+}
+if (ciphertext == null) {
+return Ciphertext.CIPHERTEXT_NULL;
+}
+HandshakeStatus hsStatus = null;
+Ciphertext.RecordType recordType = ciphertext.recordType;
+if ((handshaker != null) &&
+(recordType.contentType == Record.ct_handshake) &&
+(recordType.handshakeType == HandshakeMessage.ht_finished) &&
+handshaker.isDone() && outputRecord.isEmpty()) {
+hsStatus = finishHandshake();
+connectionState = cs_DATA;
+}   // Otherwise, the followed call to getHSStatus() will help.
 /*
 * We only need to check the sequence number state for
 * non-handshaking record.
 *
 * handle a few more records, so the sequence number
 * of the last record cannot be wrapped.
 */
 hsStatus = getHSStatus(hsStatus);
 if (connectionState < cs_ERROR && !isOutboundDone() &&
-(hsStatus == HandshakeStatus.NOT_HANDSHAKING)) {
+(hsStatus == HandshakeStatus.NOT_HANDSHAKING) &&
-if (checkSequenceNumber(writeAuthenticator, eor.contentType())) {
+(outputRecord.seqNumIsHuge())) {
-hsStatus = getHSStatus(null);
-}
-}
-/*
-* turn off the flag of the first application record if we really
-* consumed at least byte.
-*/
-if (isFirstAppOutputRecord && ea.deltaApp() > 0) {
-isFirstAppOutputRecord = false;
-}
-return hsStatus;
-}
-/*
-* Need to split the payload except the following cases:
-*
-* 1. protocol version is TLS 1.1 or later;
-* 2. bulk cipher does not use CBC mode, including null bulk cipher suites.
-* 3. the payload is the first application record of a freshly
-*    negotiated TLS session.
-* 4. the CBC protection is disabled;
-*
-* More details, please refer to
-* EngineOutputRecord.write(EngineArgs, MAC, CipherBox).
-*/
-boolean needToSplitPayload(CipherBox cipher, ProtocolVersion protocol) {
-return (protocol.v <= ProtocolVersion.TLS10.v) &&
-cipher.isCBCMode() && !isFirstAppOutputRecord &&
-Record.enableCBCProtection;
-}
-/*
-* Non-application OutputRecords go through here.
-*/
-void writeRecord(EngineOutputRecord eor) throws IOException {
-// eventually compress as well.
-writer.writeRecord(eor, writeAuthenticator, writeCipher);
-/*
-* Check the sequence number state
-*
-* Note that in order to maintain the connection I/O
-* properly, we check the sequence number after the last
-* record writing process. As we request renegotiation
-* or close the connection for wrapped sequence number
-* when there is enough sequence number space left to
-* handle a few more records, so the sequence number
-* of the last record cannot be wrapped.
-*/
-if ((connectionState < cs_ERROR) && !isOutboundDone()) {
-checkSequenceNumber(writeAuthenticator, eor.contentType());
-}
-}
-//
-// Close code
-//
-/**
-* Check the sequence number state
-*
-* RFC 4346 states that, "Sequence numbers are of type uint64 and
-* may not exceed 2^64-1.  Sequence numbers do not wrap. If a TLS
-* implementation would need to wrap a sequence number, it must
-* renegotiate instead."
-*
-* Return true if the handshake status may be changed.
-*/
-private boolean checkSequenceNumber(Authenticator authenticator, byte type)
-throws IOException {
-/*
-* Don't bother to check the sequence number for error or
-* closed connections, or NULL MAC
-*/
-if (connectionState >= cs_ERROR || authenticator == MAC.NULL) {
-return false;
-}
-/*
-* Conservatively, close the connection immediately when the
-* sequence number is close to overflow
-*/
-if (authenticator.seqNumOverflow()) {
 /*
-* TLS protocols do not define a error alert for sequence
+* Ask for renegotiation when need to renew sequence number.
-* number overflow. We use handshake_failure error alert
+*
-* for handshaking and bad_record_mac for other records.
+* Don't bother to kickstart the renegotiation when the local is
+* asking for it.
 */
-if (debug != null && Debug.isOn("ssl")) {
-System.out.println(Thread.currentThread().getName() +
-", sequence number extremely close to overflow " +
-"(2^64-1 packets). Closing connection.");
-}
-fatal(Alerts.alert_handshake_failure, "sequence number overflow");
-return true; // make the compiler happy
-}
-/*
-* Ask for renegotiation when need to renew sequence number.
-*
-* Don't bother to kickstart the renegotiation when the local is
-* asking for it.
-*/
-if ((type != Record.ct_handshake) && authenticator.seqNumIsHuge()) {
 if (debug != null && Debug.isOn("ssl")) {
 System.out.println(Thread.currentThread().getName() +
 ", request renegotiation " +
 "to avoid sequence number overflow");
 }
 beginHandshake();
-return true;
-}
+hsStatus = getHSStatus(null);
+}
-return false;
+ciphertext.handshakeStatus = hsStatus;
-}
+return ciphertext;
+}
+private HandshakeStatus finishHandshake() {
+handshaker = null;
+inputRecord.setHandshakeHash(null);
+outputRecord.setHandshakeHash(null);
+connectionState = cs_DATA;
+return HandshakeStatus.FINISHED;
+}
+//
+// Close code
+//
 /**
 * Signals that no more outbound application data will be sent
 * on this <code>SSLEngine</code>.
 */
 }
 /*
 * Already closed, ignore
 */
-if (writer.isOutboundDone()) {
+if (outboundDone) {
 return;
 }
 switch (connectionState) {
 /*
 * If we haven't even started yet, don't bother reading inbound.
 */
 case cs_START:
-writer.closeOutbound();
+try {
+outputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
+outboundDone = true;
+try {
+inputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
 inboundDone = true;
 break;
 case cs_ERROR:
 case cs_CLOSED:
 // case cs_HANDSHAKE:
 // case cs_DATA:
 // case cs_RENEGOTIATE:
 default:
 warning(Alerts.alert_close_notify);
-writer.closeOutbound();
+try {
+outputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
+outboundDone = true;
 break;
 }
-// See comment in changeReadCiphers()
-writeCipher.dispose();
 connectionState = cs_CLOSED;
 }
 @Override
 /**
 * Returns the outbound application data closure state
 */
 @Override
 public boolean isOutboundDone() {
-return writer.isOutboundDone();
+return outboundDone && outputRecord.isEmpty();
 }
 /**
 * Signals that no more inbound network data will be sent
 * to this <code>SSLEngine</code>.
 if (inboundDone) {
 return;
 }
 closeOutboundInternal();
+try {
+inputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
 inboundDone = true;
-// See comment in changeReadCiphers()
-readCipher.dispose();
 connectionState = cs_CLOSED;
 }
 /*
 synchronized public SSLSession getHandshakeSession() {
 return handshakeSession;
 }
 synchronized void setHandshakeSession(SSLSessionImpl session) {
+// update the fragment size, which may be negotiated during handshaking
+inputRecord.changeFragmentSize(session.getNegotiatedMaxFragSize());
+outputRecord.changeFragmentSize(session.getNegotiatedMaxFragSize());
 handshakeSession = session;
 }
 /**
 * Returns a delegated <code>Runnable</code> task for
 * Ok, this engine's going down.
 */
 int oldState = connectionState;
 connectionState = cs_ERROR;
+try {
+inputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
 inboundDone = true;
 sess.invalidate();
 if (handshakeSession != null) {
 handshakeSession.invalidate();
 */
 closeReason =
 Alerts.getSSLException(description, cause, diagnostic);
 }
-writer.closeOutbound();
+try {
+outputRecord.close();
+} catch (IOException ioe) {
+// ignore
+}
+outboundDone = true;
 connectionState = cs_CLOSED;
-// See comment in changeReadCiphers()
-readCipher.dispose();
-writeCipher.dispose();
 if (cause instanceof RuntimeException) {
 throw (RuntimeException)cause;
 } else {
 throw closeReason;
 /*
 * Process an incoming alert ... caller must already have synchronized
 * access to "this".
 */
-private void recvAlert() throws IOException {
+private void recvAlert(ByteBuffer fragment) throws IOException {
-byte level = (byte)inputRecord.read();
+byte level = fragment.get();
-byte description = (byte)inputRecord.read();
+byte description = fragment.get();
 if (description == -1) { // check for short message
 fatal(Alerts.alert_illegal_parameter, "Short alert message");
 }
 if (debug != null && (Debug.isOn("record") ||
 return;
 }
 // For initial handshaking, don't send alert message to peer if
 // handshaker has not started.
-if (connectionState == cs_HANDSHAKE &&
+//
-(handshaker == null || !handshaker.started())) {
+// Shall we send an fatal alter to terminate the connection gracefully?
+if (connectionState <= cs_HANDSHAKE &&
+(handshaker == null || !handshaker.started() ||
+!handshaker.activated())) {
 return;
 }
-EngineOutputRecord r = new EngineOutputRecord(Record.ct_alert, this);
-r.setVersion(protocolVersion);
-boolean useDebug = debug != null && Debug.isOn("ssl");
-if (useDebug) {
-synchronized (System.out) {
-System.out.print(Thread.currentThread().getName());
-System.out.print(", SEND " + protocolVersion + " ALERT:  ");
-if (level == Alerts.alert_fatal) {
-System.out.print("fatal, ");
-} else if (level == Alerts.alert_warning) {
-System.out.print("warning, ");
-} else {
-System.out.print("<level = " + (0x0ff & level) + ">, ");
-}
-System.out.println("description = "
-+ Alerts.alertDescription(description));
-}
-}
-r.write(level);
-r.write(description);
 try {
-writeRecord(r);
+outputRecord.encodeAlert(level, description);
-} catch (IOException e) {
+} catch (IOException ioe) {
-if (useDebug) {
+// ignore
-System.out.println(Thread.currentThread().getName() +
-", Exception sending alert: " + e);
-}
 }
 }
 //
 * we will need to wait for the next handshake.
 */
 @Override
 synchronized public void setNeedClientAuth(boolean flag) {
 doClientAuth = (flag ?
-SSLEngineImpl.clauth_required : SSLEngineImpl.clauth_none);
+ClientAuthType.CLIENT_AUTH_REQUIRED :
+ClientAuthType.CLIENT_AUTH_NONE);
 if ((handshaker != null) &&
 (handshaker instanceof ServerHandshaker) &&
 !handshaker.activated()) {
 ((ServerHandshaker) handshaker).setClientAuth(doClientAuth);
 }
 }
 @Override
 synchronized public boolean getNeedClientAuth() {
-return (doClientAuth == SSLEngineImpl.clauth_required);
+return (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUIRED);
 }
 /**
 * Sets the flag controlling whether a server mode engine
 * *REQUESTS* SSL client authentication.
 * we will need to wait for the next handshake.
 */
 @Override
 synchronized public void setWantClientAuth(boolean flag) {
 doClientAuth = (flag ?
-SSLEngineImpl.clauth_requested : SSLEngineImpl.clauth_none);
+ClientAuthType.CLIENT_AUTH_REQUESTED :
+ClientAuthType.CLIENT_AUTH_NONE);
 if ((handshaker != null) &&
 (handshaker instanceof ServerHandshaker) &&
 !handshaker.activated()) {
 ((ServerHandshaker) handshaker).setClientAuth(doClientAuth);
 }
 }
 @Override
 synchronized public boolean getWantClientAuth() {
-return (doClientAuth == SSLEngineImpl.clauth_requested);
+return (doClientAuth == ClientAuthType.CLIENT_AUTH_REQUESTED);
 }
 /**
 * Sets the flag controlling whether the engine is in SSL
 synchronized public void setUseClientMode(boolean flag) {
 switch (connectionState) {
 case cs_START:
 /*
-* If we need to change the engine mode and the enabled
+* If we need to change the socket mode and the enabled
-* protocols haven't specifically been set by the user,
+* protocols and cipher suites haven't specifically been
-* change them to the corresponding default ones.
+* set by the user, change them to the corresponding
+* default ones.
 */
-if (roleIsServer != (!flag) &&
+if (roleIsServer != (!flag)) {
-sslContext.isDefaultProtocolList(enabledProtocols)) {
+if (sslContext.isDefaultProtocolList(enabledProtocols)) {
-enabledProtocols = sslContext.getDefaultProtocolList(!flag);
+enabledProtocols =
+sslContext.getDefaultProtocolList(!flag);
+}
+if (sslContext.isDefaultCipherSuiteList(enabledCipherSuites)) {
+enabledCipherSuites =
+sslContext.getDefaultCipherSuiteList(!flag);
+}
 }
 roleIsServer = !flag;
 serverModeSet = true;
 break;
 * have the streams.
 */
 assert(handshaker != null);
 if (!handshaker.activated()) {
 /*
-* If we need to change the engine mode and the enabled
+* If we need to change the socket mode and the enabled
-* protocols haven't specifically been set by the user,
+* protocols and cipher suites haven't specifically been
-* change them to the corresponding default ones.
+* set by the user, change them to the corresponding
+* default ones.
 */
-if (roleIsServer != (!flag) &&
+if (roleIsServer != (!flag)) {
-sslContext.isDefaultProtocolList(enabledProtocols)) {
+if (sslContext.isDefaultProtocolList(enabledProtocols)) {
-enabledProtocols = sslContext.getDefaultProtocolList(!flag);
+enabledProtocols =
+sslContext.getDefaultProtocolList(!flag);
+}
+if (sslContext.isDefaultCipherSuiteList(
+enabledCipherSuites)) {
+enabledCipherSuites =
+sslContext.getDefaultCipherSuiteList(!flag);
+}
 }
 roleIsServer = !flag;
 connectionState = cs_START;
 initHandshaker();
 params.setEndpointIdentificationAlgorithm(identificationProtocol);
 params.setAlgorithmConstraints(algorithmConstraints);
 params.setSNIMatchers(sniMatchers);
 params.setServerNames(serverNames);
 params.setUseCipherSuitesOrder(preferLocalCipherSuites);
+params.setEnableRetransmissions(enableRetransmissions);
+params.setMaximumPacketSize(maximumPacketSize);
 return params;
 }
 /**
 // the super implementation does not handle the following parameters
 identificationProtocol = params.getEndpointIdentificationAlgorithm();
 algorithmConstraints = params.getAlgorithmConstraints();
 preferLocalCipherSuites = params.getUseCipherSuitesOrder();
+enableRetransmissions = params.getEnableRetransmissions();
+maximumPacketSize = params.getMaximumPacketSize();
+if (maximumPacketSize != 0) {
+outputRecord.changePacketSize(maximumPacketSize);
+} else {
+// use the implicit maximum packet size.
+maximumPacketSize = outputRecord.getMaxPacketSize();
+}
 List<SNIServerName> sniNames = params.getServerNames();
 if (sniNames != null) {
 serverNames = sniNames;
 }
 }
 if ((handshaker != null) && !handshaker.started()) {
 handshaker.setIdentificationProtocol(identificationProtocol);
 handshaker.setAlgorithmConstraints(algorithmConstraints);
+handshaker.setMaximumPacketSize(maximumPacketSize);
 if (roleIsServer) {
 handshaker.setSNIMatchers(sniMatchers);
 handshaker.setUseCipherSuitesOrder(preferLocalCipherSuites);
 } else {
 handshaker.setSNIServerNames(serverNames);
 }
 }
-}
-/**
-* Returns a boolean indicating whether the ChangeCipherSpec message
-* has been received for this handshake.
-*/
-boolean receivedChangeCipherSpec() {
-return receivedCCS;
 }
 /**
 * Returns a printable representation of this end of the connection.
 */
 retval.append("SSLEngine[hostname=");
 String host = getPeerHost();
 retval.append((host == null) ? "null" : host);
 retval.append(" port=");
 retval.append(Integer.toString(getPeerPort()));
+retval.append(" role=" + (roleIsServer ? "Server" : "Client"));
 retval.append("] ");
 retval.append(getSession().getCipherSuite());
 retval.append("]");
 return retval.toString();

changeset 30904	ec0224270f90
parent 28550	003089aca6b9
child 32649	2ee9017c7597