8057555: Less cryptic cipher suite management
Reviewed-by: xuelei, igerasim, mullan, asmotrak
Contributed-by: jamil.j.nimeh@oracle.com
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Fri Sep 12 16:11:40 2014 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java Thu Oct 02 11:20:48 2014 -0700
@@ -345,6 +345,13 @@
break;
case HandshakeMessage.ht_finished:
+ // A ChangeCipherSpec record must have been received prior to
+ // reception of the Finished message (RFC 5246, 7.4.9).
+ if (!receivedChangeCipherSpec()) {
+ fatalSE(Alerts.alert_handshake_failure,
+ "Received Finished message before ChangeCipherSpec");
+ }
+
this.serverFinished(
new Finished(protocolVersion, input, cipherSuite));
break;
--- a/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Fri Sep 12 16:11:40 2014 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/Handshaker.java Thu Oct 02 11:20:48 2014 -0700
@@ -360,6 +360,14 @@
}
}
+ final boolean receivedChangeCipherSpec() {
+ if (conn != null) {
+ return conn.receivedChangeCipherSpec();
+ } else {
+ return engine.receivedChangeCipherSpec();
+ }
+ }
+
String getEndpointIdentificationAlgorithmSE() {
SSLParameters paras;
if (conn != null) {
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Fri Sep 12 16:11:40 2014 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Thu Oct 02 11:20:48 2014 -0700
@@ -2141,6 +2141,14 @@
}
/**
+ * Returns a boolean indicating whether the ChangeCipherSpec message
+ * has been received for this handshake.
+ */
+ boolean receivedChangeCipherSpec() {
+ return receivedCCS;
+ }
+
+ /**
* Returns a printable representation of this end of the connection.
*/
@Override
--- a/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Fri Sep 12 16:11:40 2014 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/SSLSocketImpl.java Thu Oct 02 11:20:48 2014 -0700
@@ -2610,6 +2610,14 @@
}
/**
+ * Returns a boolean indicating whether the ChangeCipherSpec message
+ * has been received for this handshake.
+ */
+ boolean receivedChangeCipherSpec() {
+ return receivedCCS;
+ }
+
+ /**
* Returns a printable representation of this end of the connection.
*/
@Override
--- a/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Fri Sep 12 16:11:40 2014 +0100
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java Thu Oct 02 11:20:48 2014 -0700
@@ -287,6 +287,13 @@
break;
case HandshakeMessage.ht_finished:
+ // A ChangeCipherSpec record must have been received prior to
+ // reception of the Finished message (RFC 5246, 7.4.9).
+ if (!receivedChangeCipherSpec()) {
+ fatalSE(Alerts.alert_handshake_failure,
+ "Received Finished message before ChangeCipherSpec");
+ }
+
this.clientFinished(
new Finished(protocolVersion, input, cipherSuite));
break;