# HG changeset patch # User ascarpino # Date 1528389042 25200 # Node ID aa54a1f8e42605469acc4b99805637b76e908408 # Parent 64aa781522be6cb65f8378a46ba51970b71fe33c InputRecord related fixes diff -r 64aa781522be -r aa54a1f8e426 src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java --- a/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java Thu Jun 07 23:53:56 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java Thu Jun 07 09:30:42 2018 -0700 @@ -25,12 +25,18 @@ package sun.security.ssl; -import java.io.*; -import java.nio.*; +import java.io.IOException; +import java.nio.ByteBuffer; import java.security.GeneralSecurityException; -import java.util.*; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; +import java.util.TreeSet; import javax.crypto.BadPaddingException; -import javax.net.ssl.*; +import javax.net.ssl.SSLException; import sun.security.ssl.SSLCipher.SSLReadCipher; /** @@ -506,7 +512,7 @@ // Should be repacked for suitable fragment length. // - // Note that the acquiring processes will reassemble the + // Note that the acquiring processes will reassemble // the fragments later. return compareToSequence(o.recordEpoch, o.recordSeq); } diff -r 64aa781522be -r aa54a1f8e426 src/java.base/share/classes/sun/security/ssl/InputRecord.java --- a/src/java.base/share/classes/sun/security/ssl/InputRecord.java Thu Jun 07 23:53:56 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/InputRecord.java Thu Jun 07 09:30:42 2018 -0700 @@ -25,8 +25,12 @@ package sun.security.ssl; -import java.io.*; -import java.nio.*; +import java.io.Closeable; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.BufferUnderflowException; +import java.nio.ByteBuffer; import javax.crypto.BadPaddingException; import sun.security.ssl.SSLCipher.SSLReadCipher; @@ -62,10 +66,6 @@ this.helloVersion = helloVersion; } - ProtocolVersion getHelloVersion() { - return helloVersion; - } - boolean seqNumIsHuge() { return (readCipher.authenticator != null) && readCipher.authenticator.seqNumIsHuge(); @@ -281,7 +281,7 @@ j = pointer + 2; for (int i = 0; i < cipherSpecLen; i += 3) { if (packet.get() != 0) { - // Ignore version 2.0 specifix cipher suite. Clients + // Ignore version 2.0 specific cipher suite. Clients // should also include the version 3.0 equivalent in // the V2ClientHello message. packet.get(); // ignore the 2nd byte diff -r 64aa781522be -r aa54a1f8e426 src/java.base/share/classes/sun/security/ssl/Record.java --- a/src/java.base/share/classes/sun/security/ssl/Record.java Thu Jun 07 23:53:56 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/Record.java Thu Jun 07 09:30:42 2018 -0700 @@ -65,25 +65,25 @@ * in standard big-endian form. */ static int getInt8(ByteBuffer m) throws IOException { - Record.verifyLength(m, 1); + verifyLength(m, 1); return (m.get() & 0xFF); } static int getInt16(ByteBuffer m) throws IOException { - Record.verifyLength(m, 2); + verifyLength(m, 2); return ((m.get() & 0xFF) << 8) | (m.get() & 0xFF); } static int getInt24(ByteBuffer m) throws IOException { - Record.verifyLength(m, 3); + verifyLength(m, 3); return ((m.get() & 0xFF) << 16) | ((m.get() & 0xFF) << 8) | (m.get() & 0xFF); } static int getInt32(ByteBuffer m) throws IOException { - Record.verifyLength(m, 4); + verifyLength(m, 4); return ((m.get() & 0xFF) << 24) | ((m.get() & 0xFF) << 16) | ((m.get() & 0xFF) << 8) | @@ -95,7 +95,7 @@ */ static byte[] getBytes8(ByteBuffer m) throws IOException { int len = Record.getInt8(m); - Record.verifyLength(m, len); + verifyLength(m, len); byte[] b = new byte[len]; m.get(b); @@ -104,7 +104,7 @@ static byte[] getBytes16(ByteBuffer m) throws IOException { int len = Record.getInt16(m); - Record.verifyLength(m, len); + verifyLength(m, len); byte[] b = new byte[len]; m.get(b); @@ -113,7 +113,7 @@ static byte[] getBytes24(ByteBuffer m) throws IOException { int len = Record.getInt24(m); - Record.verifyLength(m, len); + verifyLength(m, len); byte[] b = new byte[len]; m.get(b); @@ -125,18 +125,18 @@ * in standard big-endian form. */ static void putInt8(ByteBuffer m, int i) throws IOException { - Record.verifyLength(m, 1); + verifyLength(m, 1); m.put((byte)(i & 0xFF)); } static void putInt16(ByteBuffer m, int i) throws IOException { - Record.verifyLength(m, 2); + verifyLength(m, 2); m.put((byte)((i >> 8) & 0xFF)); m.put((byte)(i & 0xFF)); } static void putInt24(ByteBuffer m, int i) throws IOException { - Record.verifyLength(m, 3); + verifyLength(m, 3); m.put((byte)((i >> 16) & 0xFF)); m.put((byte)((i >> 8) & 0xFF)); m.put((byte)(i & 0xFF)); @@ -154,10 +154,10 @@ */ static void putBytes8(ByteBuffer m, byte[] s) throws IOException { if (s == null || s.length == 0) { - Record.verifyLength(m, 1); + verifyLength(m, 1); putInt8(m, 0); } else { - Record.verifyLength(m, 1 + s.length); + verifyLength(m, 1 + s.length); putInt8(m, s.length); m.put(s); } @@ -165,10 +165,10 @@ static void putBytes16(ByteBuffer m, byte[] s) throws IOException { if (s == null || s.length == 0) { - Record.verifyLength(m, 2); + verifyLength(m, 2); putInt16(m, 0); } else { - Record.verifyLength(m, 2 + s.length); + verifyLength(m, 2 + s.length); putInt16(m, s.length); m.put(s); } @@ -176,10 +176,10 @@ static void putBytes24(ByteBuffer m, byte[] s) throws IOException { if (s == null || s.length == 0) { - Record.verifyLength(m, 3); + verifyLength(m, 3); putInt24(m, 0); } else { - Record.verifyLength(m, 3 + s.length); + verifyLength(m, 3 + s.length); putInt24(m, s.length); m.put(s); } diff -r 64aa781522be -r aa54a1f8e426 src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java --- a/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java Thu Jun 07 23:53:56 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java Thu Jun 07 09:30:42 2018 -0700 @@ -25,23 +25,20 @@ package sun.security.ssl; -import java.io.*; -import java.nio.*; +import java.io.IOException; +import java.nio.ByteBuffer; import java.security.GeneralSecurityException; import java.util.ArrayList; import javax.crypto.BadPaddingException; -import javax.net.ssl.*; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLProtocolException; import sun.security.ssl.SSLCipher.SSLReadCipher; /** * {@code InputRecord} implementation for {@code SSLEngine}. */ final class SSLEngineInputRecord extends InputRecord implements SSLRecord { - // used by handshake hash computation for handshake fragment - private byte prevType = -1; - private int hsMsgOff = 0; - private int hsMsgLen = 0; - private boolean formatVerified = false; // SSLv2 ruled out? // Cache for incomplete handshake messages. @@ -84,7 +81,7 @@ /* * If we have already verified previous packets, we can * ignore the verifications steps, and jump right to the - * determination. Otherwise, try one last hueristic to + * determination. Otherwise, try one last heuristic to * see if it's SSL/TLS. */ if (formatVerified || @@ -233,7 +230,8 @@ // // check for handshake fragment // - if (contentType != ContentType.HANDSHAKE.id && hsMsgOff != hsMsgLen) { + if (contentType != ContentType.HANDSHAKE.id && + handshakeBuffer != null && handshakeBuffer.hasRemaining()) { throw new SSLProtocolException( "Expected to get a handshake fragment"); } diff -r 64aa781522be -r aa54a1f8e426 src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java --- a/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java Thu Jun 07 23:53:56 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java Thu Jun 07 09:30:42 2018 -0700 @@ -25,12 +25,18 @@ package sun.security.ssl; -import java.io.*; -import java.nio.*; +import java.io.EOFException; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.ByteBuffer; import java.security.GeneralSecurityException; import java.util.ArrayList; import javax.crypto.BadPaddingException; -import javax.net.ssl.*; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; +import javax.net.ssl.SSLProtocolException; + import sun.security.ssl.SSLCipher.SSLReadCipher; /** @@ -43,11 +49,6 @@ private OutputStream os = null; private final byte[] temporary = new byte[1024]; - // used by handshake hash computation for handshake fragment - private byte prevType = -1; - private int hsMsgOff = 0; - private int hsMsgLen = 0; - private boolean formatVerified = false; // SSLv2 ruled out? // Cache for incomplete handshake messages. @@ -78,7 +79,7 @@ /* * If we have already verified previous packets, we can * ignore the verifications steps, and jump right to the - * determination. Otherwise, try one last hueristic to + * determination. Otherwise, try one last heuristic to * see if it's SSL/TLS. */ if (formatVerified || @@ -180,7 +181,7 @@ } } - // The record header should has comsumed. + // The record header should has consumed. hasHeader = false; return decodeInputRecord(temporary); } @@ -263,7 +264,8 @@ throw (SSLProtocolException)(new SSLProtocolException( "Unexpected exception")).initCause(gse); } - if (contentType != ContentType.HANDSHAKE.id && hsMsgOff != hsMsgLen) { + if (contentType != ContentType.HANDSHAKE.id && + handshakeBuffer != null && handshakeBuffer.hasRemaining()) { throw new SSLProtocolException( "Expected to get a handshake fragment"); }