Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
DTLS fix for proper closing JDK-8145252-TLS13-branch
authorascarpino
Fri, 18 May 2018 19:07:49 -0700
branchJDK-8145252-TLS13-branch
changeset 56573 4a53dd94403e
parent 56571 9dfdc35eb270
child 56575 c31233a71bd9
DTLS fix for proper closing
src/java.base/share/classes/sun/security/ssl/CipherSuite.java file | annotate | diff | comparison | revisions
src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java file | annotate | diff | comparison | revisions
src/java.base/share/classes/sun/security/ssl/TransportContext.java file | annotate | diff | comparison | revisions
test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java file | annotate | diff | comparison | revisions 
--- a/src/java.base/share/classes/sun/security/ssl/CipherSuite.java	Thu May 17 16:18:47 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CipherSuite.java	Fri May 18 19:07:49 2018 -0700
@@ -344,38 +344,38 @@
             ProtocolVersion.PROTOCOLS_TO_12,
             K_DH_ANON, B_3DES, M_SHA, H_SHA256),
 
-    // RC-4
+    // RC4
     TLS_ECDHE_ECDSA_WITH_RC4_128_SHA(
             0xC007, false, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_ECDHE_ECDSA, B_RC4_128, M_SHA, H_SHA256),
     TLS_ECDHE_RSA_WITH_RC4_128_SHA(
             0xC011, false, "TLS_ECDHE_RSA_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_ECDHE_RSA, B_RC4_128, M_SHA, H_SHA256),
     SSL_RSA_WITH_RC4_128_SHA(
             0x0005, false, "SSL_RSA_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_RSA, B_RC4_128, M_SHA, H_SHA256),
     TLS_ECDH_ECDSA_WITH_RC4_128_SHA(
             0xC002, false, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_ECDH_ECDSA, B_RC4_128, M_SHA, H_SHA256),
     TLS_ECDH_RSA_WITH_RC4_128_SHA(
             0xC00C, false, "TLS_ECDH_RSA_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_ECDH_RSA, B_RC4_128, M_SHA, H_SHA256),
     SSL_RSA_WITH_RC4_128_MD5(
             0x0004, false, "SSL_RSA_WITH_RC4_128_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_RSA, B_RC4_128, M_MD5, H_SHA256),
     TLS_ECDH_anon_WITH_RC4_128_SHA(
             0xC016, false, "TLS_ECDH_anon_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_ECDH_ANON, B_RC4_128, M_SHA, H_SHA256),
     SSL_DH_anon_WITH_RC4_128_MD5(
             0x0018, false, "SSL_DH_anon_WITH_RC4_128_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_DH_ANON, B_RC4_128, M_MD5, H_SHA256),
 
     // weak cipher suites obsoleted in TLS 1.2
@@ -459,43 +459,43 @@
     // supported Kerberos ciphersuites from RFC2712
     TLS_KRB5_WITH_3DES_EDE_CBC_SHA(
             0x001F, false, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_KRB5, B_3DES, M_SHA, H_SHA256),
     TLS_KRB5_WITH_3DES_EDE_CBC_MD5(
             0x0023, false, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_KRB5, B_3DES, M_MD5, H_SHA256),
     TLS_KRB5_WITH_RC4_128_SHA(
             0x0020, false, "TLS_KRB5_WITH_RC4_128_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_KRB5, B_RC4_128, M_SHA, H_SHA256),
     TLS_KRB5_WITH_RC4_128_MD5(
             0x0024, false, "TLS_KRB5_WITH_RC4_128_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_12,
+            ProtocolVersion.PROTOCOLS_TO_T12,
             K_KRB5, B_RC4_128, M_MD5, H_SHA256),
     TLS_KRB5_WITH_DES_CBC_SHA(
             0x001e, false, "TLS_KRB5_WITH_DES_CBC_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_11,
+            ProtocolVersion.PROTOCOLS_TO_T11,
             K_KRB5, B_DES, M_SHA, H_NONE),
     TLS_KRB5_WITH_DES_CBC_MD5(
             0x0022, false, "TLS_KRB5_WITH_DES_CBC_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_11,
+            ProtocolVersion.PROTOCOLS_TO_T11,
             K_KRB5, B_DES, M_MD5, H_NONE),
     TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA(
             0x0026, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_10,
+            ProtocolVersion.PROTOCOLS_TO_T10,
             K_KRB5_EXPORT, B_DES_40, M_SHA, H_NONE),
     TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5(
             0x0029, false, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_10,
+            ProtocolVersion.PROTOCOLS_TO_T10,
             K_KRB5_EXPORT, B_DES_40, M_MD5, H_NONE),
     TLS_KRB5_EXPORT_WITH_RC4_40_SHA(
             0x0028, false, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA", "",
-            ProtocolVersion.PROTOCOLS_TO_10,
+            ProtocolVersion.PROTOCOLS_TO_T10,
             K_KRB5_EXPORT, B_RC4_40, M_SHA, H_NONE),
     TLS_KRB5_EXPORT_WITH_RC4_40_MD5(
             0x002B, false, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5", "",
-            ProtocolVersion.PROTOCOLS_TO_10,
+            ProtocolVersion.PROTOCOLS_TO_T10,
             K_KRB5_EXPORT, B_RC4_40, M_MD5, H_NONE),
 
     // Other values from the TLS Cipher Suite Registry, as of August 2010.
--- a/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java	Thu May 17 16:18:47 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ProtocolVersion.java	Fri May 18 19:07:49 2018 -0700
@@ -80,7 +80,7 @@
     // (D)TLS ProtocolVersion array for (D)TLS 1.2 and previous versions.
     static final ProtocolVersion[] PROTOCOLS_TO_12 = new ProtocolVersion[] {
             TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10
-        };
+    };
 
     // (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions.
     static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] {
@@ -132,6 +132,21 @@
             TLS12, TLS11, TLS10, DTLS12, DTLS10
         };
 
+    // TLS ProtocolVersion array for TLS 1.2 and previous versions.
+    static final ProtocolVersion[] PROTOCOLS_TO_T12 = new ProtocolVersion[] {
+            TLS12, TLS11, TLS10, SSL30
+    };
+
+    // TLS ProtocolVersion array for TLS 1.1 and previous versions.
+    static final ProtocolVersion[] PROTOCOLS_TO_T11 = new ProtocolVersion[] {
+            TLS11, TLS10, SSL30
+    };
+
+    // TLS ProtocolVersion array for TLS 1.0 and previous versions.
+    static final ProtocolVersion[] PROTOCOLS_TO_T10 = new ProtocolVersion[] {
+            TLS10, SSL30
+    };
+
     // Empty ProtocolVersion array
     static final ProtocolVersion[] PROTOCOLS_EMPTY = new ProtocolVersion[0];
 
--- a/src/java.base/share/classes/sun/security/ssl/TransportContext.java	Thu May 17 16:18:47 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/TransportContext.java	Fri May 18 19:07:49 2018 -0700
@@ -449,7 +449,7 @@
     }
 
     boolean isOutboundDone() {
-        return outputRecord.isClosed();
+        return outputRecord.isClosed() && outputRecord.isEmpty();
     }
 
     boolean isInboundDone() {
@@ -537,14 +537,14 @@
         // TLS 1.3 does not define how to initiate and close a TLS connection
         // gracefully.  We will always send a close_notify alert, and close
         // the underlying transportation layer if needed.
-        if (!isOutboundDone() && !isOutputCloseNotified) {
+        if (!isInboundDone() && !isInputCloseNotified) {
             try {
                 // send a close_notify alert
                 warning(Alert.CLOSE_NOTIFY);
             } finally {
                 // any data received after a closure alert is ignored.
-                isOutputCloseNotified = true;
-                outputRecord.close();
+                isInputCloseNotified = true;
+                inputRecord.close();
             }
         }
 
@@ -558,8 +558,8 @@
         try {
             transport.shutdown();
         } finally {
-            if (!isInboundDone()) {
-                inputRecord.close();
+            if (!isOutboundDone()) {
+                outputRecord.close();
             }
         }
     }
--- a/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java	Thu May 17 16:18:47 2018 -0700
+++ b/test/jdk/javax/net/ssl/TLSCommon/SSLEngineTestCase.java	Fri May 18 19:07:49 2018 -0700
@@ -416,7 +416,7 @@
         int length = net.remaining();
         System.out.println(wrapper + " wrapped " + length + " bytes.");
         System.out.println(wrapper + " handshake status is "
-                + engine.getHandshakeStatus());
+                + engine.getHandshakeStatus() + " Result is " + r.getStatus());
         if (maxPacketSize < length && maxPacketSize != 0) {
             throw new AssertionError("Handshake wrapped net buffer length "
                     + length + " exceeds maximum packet size "
@@ -504,7 +504,7 @@
         SSLEngineResult r = engine.unwrap(net, app);
         app.flip();
         System.out.println(unwrapper + " handshake status is "
-                + engine.getHandshakeStatus());
+                + engine.getHandshakeStatus() + " Result is " + r.getStatus());
         checkResult(r, wantedStatus);
         if (result != null && result.length > 0) {
             result[0] = r;
jdk-sandbox