# HG changeset patch # User xuelei # Date 1527050807 25200 # Node ID 99e0f3f3f0e4c51ab1242dc26836aa9cb5ffa643 # Parent 3223aa3fcc6cd87c6992728872949b3b3b946e3b close issues introduced in TLS 1.3 implementation diff -r 3223aa3fcc6c -r 99e0f3f3f0e4 src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Tue May 22 16:38:48 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Tue May 22 21:46:47 2018 -0700 @@ -163,7 +163,8 @@ HandshakeContext hc = conContext.handshakeContext; HandshakeStatus hsStatus = null; - if (!conContext.isNegotiated) { + if (!conContext.isNegotiated && + !conContext.isClosed() && !conContext.isBroken) { conContext.kickstart(); hsStatus = getHandshakeStatus(); @@ -470,7 +471,8 @@ } HandshakeStatus hsStatus = null; - if (!conContext.isNegotiated) { + if (!conContext.isNegotiated && + !conContext.isClosed() && !conContext.isBroken) { conContext.kickstart(); /* diff -r 3223aa3fcc6c -r 99e0f3f3f0e4 src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Tue May 22 16:38:48 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Tue May 22 21:46:47 2018 -0700 @@ -473,7 +473,8 @@ } private synchronized void ensureNegotiated() throws IOException { - if (conContext.isNegotiated || conContext.isClosed()) { + if (conContext.isNegotiated || + conContext.isClosed() || conContext.isBroken) { return; } @@ -552,7 +553,8 @@ } // start handshaking if the connection has not been negotiated. - if (!conContext.isNegotiated && !conContext.isClosed()) { + if (!conContext.isNegotiated && + !conContext.isClosed() && !conContext.isBroken) { ensureNegotiated(); } @@ -691,7 +693,8 @@ } // start handshaking if the connection has not been negotiated. - if (!conContext.isNegotiated && !conContext.isClosed()) { + if (!conContext.isNegotiated && + !conContext.isClosed() && !conContext.isBroken) { ensureNegotiated(); } diff -r 3223aa3fcc6c -r 99e0f3f3f0e4 src/java.base/share/classes/sun/security/ssl/TransportContext.java --- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java Tue May 22 16:38:48 2018 -0700 +++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java Tue May 22 21:46:47 2018 -0700 @@ -214,6 +214,17 @@ throw new IllegalStateException("Client/Server mode not yet set."); } + if (outputRecord.isClosed() || inputRecord.isClosed() || isBroken) { + if (closeReason != null) { + throw new SSLException( + "Cannot kickstart, the connection is broken or closed", + closeReason); + } else { + throw new SSLException( + "Cannot kickstart, the connection is broken or closed"); + } + } + // initialize the handshaker if necessary if (handshakeContext == null) { // TLS1.3 post-handshake diff -r 3223aa3fcc6c -r 99e0f3f3f0e4 test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java --- a/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java Tue May 22 16:38:48 2018 -0700 +++ b/test/jdk/javax/net/ssl/SSLEngine/NoAuthClientAuth.java Tue May 22 21:46:47 2018 -0700 @@ -21,15 +21,19 @@ * questions. */ +// +// SunJSSE does not support dynamic system properties, no way to re-use +// system properties in samevm/agentvm mode. +// + /* * @test * @bug 4495742 * @summary Demonstrate SSLEngine switch from no client auth to client auth. - * @run main/othervm NoAuthClientAuth - * - * SunJSSE does not support dynamic system properties, no way to re-use - * system properties in samevm/agentvm mode. - * + * @run main/othervm NoAuthClientAuth SSLv3 + * @run main/othervm NoAuthClientAuth TLSv1 + * @run main/othervm NoAuthClientAuth TLSv1.1 + * @run main/othervm NoAuthClientAuth TLSv1.2 * @author Brad R. Wetmore */ @@ -78,6 +82,7 @@ import java.security.*; import java.nio.*; +// Note that this test case depends on JSSE provider implementation details. public class NoAuthClientAuth { /* @@ -128,15 +133,21 @@ private static String trustFilename = System.getProperty("test.src", ".") + "/" + pathToStores + "/" + trustStoreFile; + // the specified protocol + private static String tlsProtocol; /* * Main entry point for this test. */ public static void main(String args[]) throws Exception { + Security.setProperty("jdk.tls.disabledAlgorithms", ""); + if (debug) { System.setProperty("javax.net.debug", "all"); } + tlsProtocol = args[0]; + NoAuthClientAuth test = new NoAuthClientAuth(); test.runTest(); @@ -298,6 +309,7 @@ */ clientEngine = sslc.createSSLEngine("client", 80); clientEngine.setUseClientMode(true); + clientEngine.setEnabledProtocols(new String[] { tlsProtocol }); } /* diff -r 3223aa3fcc6c -r 99e0f3f3f0e4 test/jdk/sun/security/ssl/SSLEngineImpl/CloseEngineException.java --- a/test/jdk/sun/security/ssl/SSLEngineImpl/CloseEngineException.java Tue May 22 16:38:48 2018 -0700 +++ b/test/jdk/sun/security/ssl/SSLEngineImpl/CloseEngineException.java Tue May 22 21:46:47 2018 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,9 +45,10 @@ import java.security.*; import java.nio.*; +// Note that this test case depends on JSSE provider implementation details. public class CloseEngineException { - private static boolean debug = false; + private static boolean debug = true; private SSLContext sslc; private SSLEngine ssle1; // client @@ -94,43 +95,53 @@ SSLEngineResult result1; // ssle1's results from last operation SSLEngineResult result2; // ssle2's results from last operation - while (!isEngineClosed(ssle1) || !isEngineClosed(ssle2)) { + while (!isEngineClosed(ssle1) && !isEngineClosed(ssle2)) { log("================"); - result1 = ssle1.wrap(appOut1, oneToTwo); - result2 = ssle2.wrap(appOut2, twoToOne); + if (!isEngineClosed(ssle1)) { + result1 = ssle1.wrap(appOut1, oneToTwo); + runDelegatedTasks(result1, ssle1); - log("wrap1: " + result1); - log("oneToTwo = " + oneToTwo); - log(""); + log("wrap1: " + result1); + log("oneToTwo = " + oneToTwo); + log(""); - log("wrap2: " + result2); - log("twoToOne = " + twoToOne); + oneToTwo.flip(); + } + if (!isEngineClosed(ssle2)) { + result2 = ssle2.wrap(appOut2, twoToOne); + runDelegatedTasks(result2, ssle2); - runDelegatedTasks(result1, ssle1); - runDelegatedTasks(result2, ssle2); + log("wrap2: " + result2); + log("twoToOne = " + twoToOne); - oneToTwo.flip(); - twoToOne.flip(); + twoToOne.flip(); + } log("----"); - result1 = ssle1.unwrap(twoToOne, appIn1); - result2 = ssle2.unwrap(oneToTwo, appIn2); - - log("unwrap1: " + result1); - log("twoToOne = " + twoToOne); - log(""); + if (!isEngineClosed(ssle1) && !dataDone) { + log("--"); + result1 = ssle1.unwrap(twoToOne, appIn1); + runDelegatedTasks(result1, ssle1); - log("unwrap2: " + result2); - log("oneToTwo = " + oneToTwo); + log("unwrap1: " + result1); + log("twoToOne = " + twoToOne); + log(""); + + twoToOne.compact(); + } + if (!isEngineClosed(ssle2)) { + log("---"); + result2 = ssle2.unwrap(oneToTwo, appIn2); + runDelegatedTasks(result2, ssle2); - runDelegatedTasks(result1, ssle1); - runDelegatedTasks(result2, ssle2); + log("unwrap2: " + result2); + log("oneToTwo = " + oneToTwo); - oneToTwo.compact(); - twoToOne.compact(); + oneToTwo.compact(); + } /* * If we've transfered all the data between app1 and app2, @@ -154,7 +165,7 @@ throw new Exception( "TEST FAILED: didn't throw Exception"); } catch (SSLException e) { - System.out.println("PARTIAL PASS"); + System.err.println("PARTIAL PASS"); } } } @@ -167,7 +178,7 @@ throw new Exception( "TEST FAILED: didn't throw Exception"); } catch (SSLException e) { - System.out.println("TEST PASSED"); + System.err.println("TEST PASSED"); } } @@ -181,7 +192,7 @@ test.runTest(); - System.out.println("Test Passed."); + System.err.println("Test Passed."); } /* @@ -277,7 +288,7 @@ private static void log(String str) { if (debug) { - System.out.println(str); + System.err.println(str); } } }