--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java Tue Jun 19 09:05:57 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java Tue Jun 19 15:53:35 2018 -0700
@@ -34,6 +34,8 @@
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLProtocolException;
import sun.security.ssl.SSLCipher.SSLReadCipher;
+import sun.security.ssl.KeyUpdate.KeyUpdateMessage;
+import sun.security.ssl.KeyUpdate.KeyUpdateRequest;
/**
* {@code InputRecord} implementation for {@code SSLEngine}.
@@ -331,6 +333,20 @@
return plaintexts.toArray(new Plaintext[0]);
}
+ // KeyLimit check during application data.
+ // atKeyLimit() inactive when limits not checked, tc set when limits
+ // are active.
+
+ if (readCipher.atKeyLimit()) {
+ if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+ SSLLogger.fine("KeyUpdate: triggered, read side.");
+ }
+
+ PostHandshakeContext p = new PostHandshakeContext(tc);
+ KeyUpdate.handshakeProducer.produce(p,
+ new KeyUpdateMessage(p, KeyUpdateRequest.REQUESTED));
+ }
+
return new Plaintext[] {
new Plaintext(contentType,
majorVersion, minorVersion, -1, -1L, fragment)