--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Wed Jan 21 12:49:53 2015 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Tue Aug 26 17:09:05 2014 -0700
@@ -95,8 +95,6 @@
Collection<SignatureAndHashAlgorithm> peerSupportedSignAlgs;
/*
-
- /*
* List of active protocols
*
* Active protocols is a subset of enabled protocols, and will
@@ -114,10 +112,8 @@
private CipherSuiteList activeCipherSuites;
// The server name indication and matchers
- List<SNIServerName> serverNames =
- Collections.<SNIServerName>emptyList();
- Collection<SNIMatcher> sniMatchers =
- Collections.<SNIMatcher>emptyList();
+ List<SNIServerName> serverNames = Collections.<SNIServerName>emptyList();
+ Collection<SNIMatcher> sniMatchers = Collections.<SNIMatcher>emptyList();
private boolean isClient;
private boolean needCertVerify;
@@ -139,12 +135,16 @@
// current key exchange. Never null, initially K_NULL
KeyExchange keyExchange;
- /* True if this session is being resumed (fast handshake) */
+ // True if this session is being resumed (fast handshake)
boolean resumingSession;
- /* True if it's OK to start a new SSL session */
+ // True if it's OK to start a new SSL session
boolean enableNewSession;
+ // True if session keys have been calculated and the caller may receive
+ // and process a ChangeCipherSpec message
+ private boolean sessKeysCalculated;
+
// Whether local cipher suites preference should be honored during
// handshaking?
//
@@ -253,6 +253,7 @@
this.serverVerifyData = serverVerifyData;
enableNewSession = true;
invalidated = false;
+ sessKeysCalculated = false;
setCipherSuite(CipherSuite.C_NULL);
setEnabledProtocols(enabledProtocols);
@@ -1081,7 +1082,6 @@
calculateConnectionKeys(master);
}
-
/*
* Calculate the master secret from its various components. This is
* used for key exchange by all cipher suites.
@@ -1226,6 +1226,10 @@
throw new ProviderException(e);
}
+ // Mark a flag that allows outside entities (like SSLSocket/SSLEngine)
+ // determine if a ChangeCipherSpec message could be processed.
+ sessKeysCalculated = true;
+
//
// Dump the connection keys as they're generated.
//
@@ -1280,6 +1284,15 @@
}
}
+ /**
+ * Return whether or not the Handshaker has derived session keys for
+ * this handshake. This is used for determining readiness to process
+ * an incoming ChangeCipherSpec message.
+ */
+ boolean sessionKeysCalculated() {
+ return sessKeysCalculated;
+ }
+
private static void printHex(HexDumpEncoder dump, byte[] bytes) {
if (bytes == null) {
System.out.println("(key bytes not available)");