--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Wed Jan 21 12:49:53 2015 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Tue Aug 26 17:09:05 2014 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -172,6 +172,12 @@
private volatile int connectionState;
/*
+ * Flag indicating that the engine's handshaker has done the necessary
+ * steps so the engine may process a ChangeCipherSpec message.
+ */
+ private boolean receivedCCS;
+
+ /*
* Flag indicating if the next record we receive MUST be a Finished
* message. Temporarily set during the handshake to ensure that
* a change cipher spec message is followed by a finished message.
@@ -587,6 +593,7 @@
*/
roleIsServer = isServer;
connectionState = cs_START;
+ receivedCCS = false;
/*
* default read and write side cipher and MAC support
@@ -1045,6 +1052,7 @@
if (handshaker.invalidated) {
handshaker = null;
+ receivedCCS = false;
// if state is cs_RENEGOTIATE, revert it to cs_DATA
if (connectionState == cs_RENEGOTIATE) {
connectionState = cs_DATA;
@@ -1060,6 +1068,7 @@
handshakeSession = null;
handshaker = null;
connectionState = cs_DATA;
+ receivedCCS = false;
//
// Tell folk about handshake completion, but do
@@ -1107,13 +1116,24 @@
case Record.ct_change_cipher_spec:
if ((connectionState != cs_HANDSHAKE
&& connectionState != cs_RENEGOTIATE)
- || r.available() != 1
- || r.read() != 1) {
+ || !handshaker.sessionKeysCalculated()
+ || receivedCCS) {
+ // For the CCS message arriving in the wrong state
fatal(Alerts.alert_unexpected_message,
- "illegal change cipher spec msg, state = "
- + connectionState);
+ "illegal change cipher spec msg, conn state = "
+ + connectionState + ", handshake state = "
+ + handshaker.state);
+ } else if (r.available() != 1 || r.read() != 1) {
+ // For structural/content issues with the CCS
+ fatal(Alerts.alert_unexpected_message,
+ "Malformed change cipher spec msg");
}
+ // Once we've received CCS, update the flag.
+ // If the remote endpoint sends it again in this handshake
+ // we won't process it.
+ receivedCCS = true;
+
//
// The first message after a change_cipher_spec
// record MUST be a "Finished" handshake record,