--- a/jdk/src/share/classes/sun/security/ssl/MAC.java Fri Oct 29 12:35:07 2010 +0200
+++ b/jdk/src/share/classes/sun/security/ssl/MAC.java Sat Oct 30 18:39:17 2010 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2010, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -155,6 +155,42 @@
return compute(type, bb, null, 0, bb.remaining());
}
+ /**
+ * Check whether the sequence number is close to wrap
+ *
+ * Sequence numbers are of type uint64 and may not exceed 2^64-1.
+ * Sequence numbers do not wrap. When the sequence number is near
+ * to wrap, we need to close the connection immediately.
+ */
+ final boolean seqNumOverflow() {
+ /*
+ * Conservatively, we don't allow more records to be generated
+ * when there are only 2^8 sequence numbers left.
+ */
+ return (block != null && mac != null &&
+ block[0] == 0xFF && block[1] == 0xFF &&
+ block[2] == 0xFF && block[3] == 0xFF &&
+ block[4] == 0xFF && block[5] == 0xFF &&
+ block[6] == 0xFF);
+ }
+
+ /*
+ * Check whether to renew the sequence number
+ *
+ * Sequence numbers are of type uint64 and may not exceed 2^64-1.
+ * Sequence numbers do not wrap. If a TLS
+ * implementation would need to wrap a sequence number, it must
+ * renegotiate instead.
+ */
+ final boolean seqNumIsHuge() {
+ /*
+ * Conservatively, we should ask for renegotiation when there are
+ * only 2^48 sequence numbers left.
+ */
+ return (block != null && mac != null &&
+ block[0] == 0xFF && block[1] == 0xFF);
+ }
+
// increment the sequence number in the block array
// it is a 64-bit number stored in big-endian format
private void incrementSequenceNumber() {