--- a/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateMessage.java Thu May 24 09:21:01 2018 -0700
@@ -791,7 +791,6 @@
this.requestContext = requestContext.clone();
this.certEntries = new LinkedList<>();
for (X509Certificate cert : certificates) {
- // TODO: shall we use the Certificate for the session?
byte[] encoded = cert.getEncoded();
SSLExtensions extensions = new SSLExtensions(this);
certEntries.add(new CertificateEntry(encoded, extensions));
@@ -1223,7 +1222,6 @@
for (CertificateEntry entry : certEntries) {
certs[i++] = (X509Certificate)cf.generateCertificate(
new ByteArrayInputStream(entry.encoded));
- // TODO: check extensions
}
} catch (CertificateException ce) {
shc.conContext.fatal(Alert.BAD_CERTIFICATE,
@@ -1276,7 +1274,6 @@
// the certificate chain in the TLS session.
shc.handshakeSession.setPeerCertificates(certs);
} catch (CertificateException ce) {
- // TODO: A more precise alert should be used.
shc.conContext.fatal(Alert.CERTIFICATE_UNKNOWN, ce);
}
@@ -1294,7 +1291,6 @@
for (CertificateEntry entry : certEntries) {
certs[i++] = (X509Certificate)cf.generateCertificate(
new ByteArrayInputStream(entry.encoded));
- // TODO: check extensions
}
} catch (CertificateException ce) {
chc.conContext.fatal(Alert.BAD_CERTIFICATE,
--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java Thu May 24 09:21:01 2018 -0700
@@ -727,7 +727,6 @@
HandshakeContext handshakeContext) throws IOException {
super(handshakeContext);
- // TODO: post-handshake authentication exchanges
this.requestContext = new byte[0];
this.extensions = new SSLExtensions(this);
}
--- a/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/DHClientKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -205,7 +205,8 @@
"Not supported key exchange type");
} else {
SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
chc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
@@ -299,7 +300,8 @@
// update the states
SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
shc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
--- a/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/DHKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -125,7 +125,8 @@
DHParameterSpec params =
PredefinedDHParameterSpecs.definedParams.get(keyLength);
try {
- KeyPairGenerator kpg = JsseJce.getKeyPairGenerator("DiffieHellman");
+ KeyPairGenerator kpg =
+ JsseJce.getKeyPairGenerator("DiffieHellman");
if (params != null) {
kpg.initialize(params, random);
} else {
@@ -218,15 +219,16 @@
private static final class
DHEPossessionGenerator implements SSLPossessionGenerator {
- // Flag to use smart ephemeral DH key which size matches the corresponding
- // authentication key
+ // Flag to use smart ephemeral DH key which size matches the
+ // corresponding authentication key
private static final boolean useSmartEphemeralDHKeys;
// Flag to use legacy ephemeral DH key which size is 512 bits for
// exportable cipher suites, and 768 bits for others
private static final boolean useLegacyEphemeralDHKeys;
- // The customized ephemeral DH key size for non-exportable cipher suites.
+ // The customized ephemeral DH key size for non-exportable
+ // cipher suites.
private static final int customizedDHKeySize;
// Is it for exportable cipher suite?
@@ -465,7 +467,7 @@
context.negotiatedProtocol);
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
- return kd.deriveKey("TODO", params);
+ return kd.deriveKey("MasterSecret", params);
} catch (GeneralSecurityException gse) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(gse);
--- a/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHClientKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -231,7 +231,8 @@
"Not supported key exchange type");
} else {
SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
chc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
@@ -342,7 +343,8 @@
// update the states
SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
shc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
@@ -411,7 +413,8 @@
"Not supported key exchange type");
} else {
SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
chc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
@@ -514,7 +517,8 @@
// update the states
SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
shc.handshakeSession.setMasterSecret(masterSecret);
SSLTrafficKeyDerivation kd =
--- a/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ECDHKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -435,7 +435,7 @@
context.negotiatedProtocol);
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
- return kd.deriveKey("TODO", params);
+ return kd.deriveKey("MasterSecret", params);
} catch (GeneralSecurityException gse) {
throw (SSLHandshakeException) new SSLHandshakeException(
"Could not generate secret").initCause(gse);
--- a/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/EncryptedExtensions.java Thu May 24 09:21:01 2018 -0700
@@ -126,9 +126,6 @@
// The producing happens in server side only.
ServerHandshakeContext shc = (ServerHandshakeContext)context;
- // Change client/server handshake traffic secrets.
- // TODO
-
EncryptedExtensionsMessage eem =
new EncryptedExtensionsMessage(shc);
SSLExtension[] extTypes =
@@ -185,7 +182,6 @@
//
// update
//
- // TODO: all extensions should be considered.
eem.extensions.consumeOnTrade(chc, extTypes);
//
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Thu May 24 09:21:01 2018 -0700
@@ -807,8 +807,6 @@
shc.conContext.outputRecord.changeWriteCiphers(
writeCipher, false);
- // TODO: the exporter_master_secret
-
// update the context for the following key derivation
shc.handshakeKeyDerivation = secretKD;
} catch (GeneralSecurityException gse) {
@@ -945,8 +943,6 @@
chc.baseReadSecret = readSecret;
chc.conContext.inputRecord.changeReadCiphers(readCipher);
- // TODO: the exporter_master_secret
-
// update the context for the following key derivation
chc.handshakeKeyDerivation = secretKD;
} catch (GeneralSecurityException gse) {
--- a/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/HelloVerifyRequest.java Thu May 24 09:21:01 2018 -0700
@@ -150,7 +150,7 @@
// update the context
- // TODO: stateless, clean up the handshake context?
+ // Stateless, clean up the handshake context as well?
shc.handshakeHash.finish(); // forgot about the handshake hash
shc.handshakeExtensions.clear();
--- a/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java Thu May 24 09:21:01 2018 -0700
@@ -817,8 +817,6 @@
ng.name);
}
- // TODO: is the named group supported by the underlying
- // crypto provider?
selectedGroup = ng;
break;
}
@@ -942,10 +940,6 @@
return; // fatal() always throws, make the compiler happy.
}
- // TODO: the selected group does not correspond to a group which
- // was provided in the "key_share" extension in the original
- // ClientHello.
-
// update the context
// When sending the new ClientHello, the client MUST replace the
--- a/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/PskKeyExchangeModesExtension.java Thu May 24 09:21:01 2018 -0700
@@ -79,7 +79,6 @@
int modesReadLength = 0;
while (modesReadLength < modesEncodedLength) {
int mode = Record.getInt8(m);
- // TODO: handle incorrect values
modes.add(PskKeyExchangeMode.ofInt(mode));
modesReadLength += 1;
}
--- a/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/RSAClientKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -211,7 +211,8 @@
"Not supported key exchange type");
} else {
SSLKeyDerivation masterKD = ke.createKeyDerivation(chc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
// update the states
chc.handshakeSession.setMasterSecret(masterSecret);
@@ -300,7 +301,8 @@
"Not supported key exchange type");
} else {
SSLKeyDerivation masterKD = ke.createKeyDerivation(shc);
- SecretKey masterSecret = masterKD.deriveKey("TODO", null);
+ SecretKey masterSecret =
+ masterKD.deriveKey("MasterSecret", null);
// update the states
shc.handshakeSession.setMasterSecret(masterSecret);
--- a/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/RSAKeyExchange.java Thu May 24 09:21:01 2018 -0700
@@ -299,7 +299,7 @@
context.negotiatedProtocol);
SSLKeyDerivation kd = mskd.createKeyDerivation(
context, preMasterSecret);
- return kd.deriveKey("TODO", params);
+ return kd.deriveKey("MasterSecret", params);
}
}
}
--- a/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLEngineImpl.java Thu May 24 09:21:01 2018 -0700
@@ -548,7 +548,6 @@
}
// invalid, discard the entire data [section 4.1.2.7, RFC 6347]
- // TODO
int deltaNet = 0;
// int deltaNet = netData.remaining();
// netData.position(netData.limit());
--- a/src/java.base/share/classes/sun/security/ssl/SSLSecretDerivation.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SSLSecretDerivation.java Thu May 24 09:21:01 2018 -0700
@@ -70,16 +70,11 @@
HandshakeContext context, SecretKey secret) {
this.context = context;
this.secret = secret;
- // TODO: May need the hash algogorithm if the secret is a PSK.
- // if (secret is a PSK) {
- // ...
- // } else {
- this.hashAlg = context.negotiatedCipherSuite.hashAlg;
- this.hkdfAlg =
- "HKDF-Expand/Hmac" + hashAlg.name.replace("-", "");
- context.handshakeHash.update();
- this.transcriptHash = context.handshakeHash.digest();
- // }
+ this.hashAlg = context.negotiatedCipherSuite.hashAlg;
+ this.hkdfAlg =
+ "HKDF-Expand/Hmac" + hashAlg.name.replace("-", "");
+ context.handshakeHash.update();
+ this.transcriptHash = context.handshakeHash.digest();
}
SSLSecretDerivation forContext(HandshakeContext context) {
--- a/src/java.base/share/classes/sun/security/ssl/ServerHello.java Wed May 23 11:55:41 2018 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/ServerHello.java Thu May 24 09:21:01 2018 -0700
@@ -542,7 +542,8 @@
shc.handshakeHash.determine(
shc.negotiatedProtocol, shc.negotiatedCipherSuite);
- setUpPskKD(shc, shc.resumingSession.consumePreSharedKey().get());
+ setUpPskKD(shc,
+ shc.resumingSession.consumePreSharedKey().get());
// The session can't be resumed again---remove it from cache
SSLSessionContextImpl sessionCache = (SSLSessionContextImpl)
@@ -771,7 +772,7 @@
hhrm.write(shc.handshakeOutput);
shc.handshakeOutput.flush();
- // TODO: stateless, clean up the handshake context?
+ // Stateless, shall we clean up the handshake context as well?
shc.handshakeHash.finish(); // forgot about the handshake hash
shc.handshakeExtensions.clear();
@@ -1206,7 +1207,8 @@
chc.sslConfig.maximumPacketSize);
} else {
// The PSK is consumed to allow it to be deleted
- Optional<SecretKey> psk = chc.resumingSession.consumePreSharedKey();
+ Optional<SecretKey> psk =
+ chc.resumingSession.consumePreSharedKey();
if(!psk.isPresent()) {
chc.conContext.fatal(Alert.INTERNAL_ERROR,
"No PSK available. Unable to resume.");
@@ -1327,7 +1329,7 @@
SSLHandshake.ENCRYPTED_EXTENSIONS.id,
SSLHandshake.ENCRYPTED_EXTENSIONS);
- // TODO: Optional cert authentication, when not PSK
+ // Support cert authentication only, when not PSK.
chc.handshakeConsumers.put(
SSLHandshake.CERTIFICATE_REQUEST.id,
SSLHandshake.CERTIFICATE_REQUEST);