--- a/jdk/src/share/classes/sun/security/ssl/EngineInputRecord.java Thu Apr 11 14:47:54 2013 -0700
+++ b/jdk/src/share/classes/sun/security/ssl/EngineInputRecord.java Thu Apr 11 18:57:14 2013 -0700
@@ -186,29 +186,35 @@
* If external data(app), return a new ByteBuffer with data to
* process.
*/
- ByteBuffer decrypt(MAC signer,
+ ByteBuffer decrypt(Authenticator authenticator,
CipherBox box, ByteBuffer bb) throws BadPaddingException {
if (internalData) {
- decrypt(signer, box); // MAC is checked during decryption
+ decrypt(authenticator, box); // MAC is checked during decryption
return tmpBB;
}
BadPaddingException reservedBPE = null;
- int tagLen = signer.MAClen();
+ int tagLen =
+ (authenticator instanceof MAC) ? ((MAC)authenticator).MAClen() : 0;
int cipheredLength = bb.remaining();
if (!box.isNullCipher()) {
- // sanity check length of the ciphertext
- if (!box.sanityCheck(tagLen, cipheredLength)) {
- throw new BadPaddingException(
- "ciphertext sanity check failed");
- }
+ try {
+ // apply explicit nonce for AEAD/CBC cipher suites if needed
+ int nonceSize =
+ box.applyExplicitNonce(authenticator, contentType(), bb);
- try {
+ // decrypt the content
+ if (box.isAEADMode()) {
+ // DON'T encrypt the nonce_explicit for AEAD mode
+ bb.position(bb.position() + nonceSize);
+ } // The explicit IV for CBC mode can be decrypted.
+
// Note that the CipherBox.decrypt() does not change
// the capacity of the buffer.
box.decrypt(bb, tagLen);
+ bb.position(nonceSize); // We don't actually remove the nonce.
} catch (BadPaddingException bpe) {
// RFC 2246 states that decryption_failed should be used
// for this purpose. However, that allows certain attacks,
@@ -219,12 +225,13 @@
//
// Failover to message authentication code checking.
reservedBPE = bpe;
- } finally {
- bb.rewind();
}
}
- if (tagLen != 0) {
+ // Requires message authentication code for null, stream and block
+ // cipher suites.
+ if ((authenticator instanceof MAC) && (tagLen != 0)) {
+ MAC signer = (MAC)authenticator;
int macOffset = bb.limit() - tagLen;
// Note that although it is not necessary, we run the same MAC
@@ -297,6 +304,7 @@
private static boolean checkMacTags(byte contentType, ByteBuffer bb,
MAC signer, boolean isSimulated) {
+ int position = bb.position();
int tagLen = signer.MAClen();
int lim = bb.limit();
int macData = lim - tagLen;
@@ -314,7 +322,8 @@
int[] results = compareMacTags(bb, hash);
return (results[0] != 0);
} finally {
- bb.rewind();
+ // reset to the data
+ bb.position(position);
bb.limit(macData);
}
}
@@ -416,8 +425,8 @@
if (debug != null && Debug.isOn("packet")) {
try {
HexDumpEncoder hd = new HexDumpEncoder();
- srcBB.limit(srcPos + len);
ByteBuffer bb = srcBB.duplicate(); // Use copy of BB
+ bb.limit(srcPos + len);
System.out.println("[Raw read (bb)]: length = " + len);
hd.encodeBuffer(bb, System.out);