diff -r b04860fd2e2c -r 103ed9569fc8 src/java.base/share/classes/sun/security/ssl/Finished.java --- a/src/java.base/share/classes/sun/security/ssl/Finished.java Tue Dec 18 19:13:54 2018 +0530 +++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Tue Dec 18 12:08:51 2018 -0800 @@ -83,7 +83,7 @@ try { vd = vds.createVerifyData(context, false); } catch (IOException ioe) { - context.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Failed to generate verify_data", ioe); } @@ -102,7 +102,7 @@ } if (m.remaining() != verifyDataLen) { - context.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Inappropriate finished message: need " + verifyDataLen + " but remaining " + m.remaining() + " bytes verify_data"); } @@ -116,12 +116,11 @@ try { myVerifyData = vd.createVerifyData(context, true); } catch (IOException ioe) { - context.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Failed to generate verify_data", ioe); - return; } if (!MessageDigest.isEqual(myVerifyData, verifyData)) { - context.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw context.conContext.fatal(Alert.ILLEGAL_PARAMETER, "The Finished message cannot be verified."); } } @@ -518,7 +517,7 @@ // we have received ChangeCipherSpec if (hc.conContext.consumers.containsKey( ContentType.CHANGE_CIPHER_SPEC.id)) { - hc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, + throw hc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, "Missing ChangeCipherSpec message"); } @@ -679,19 +678,17 @@ SSLKeyDerivation kd = chc.handshakeKeyDerivation; if (kd == null) { // unlikely - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation"); - return null; } SSLTrafficKeyDerivation kdg = SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); if (kdg == null) { // unlikely - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + chc.negotiatedProtocol); - return null; } try { @@ -714,12 +711,10 @@ chc.sslContext.getSecureRandom()); if (writeCipher == null) { - chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + chc.negotiatedCipherSuite + ") and protocol version (" + chc.negotiatedProtocol + ")"); - - return null; } chc.baseWriteSecret = writeSecret; @@ -727,9 +722,8 @@ writeCipher, false); } catch (GeneralSecurityException gse) { - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive application secrets", gse); - return null; } // The resumption master secret is stored in the session so @@ -772,19 +766,17 @@ SSLKeyDerivation kd = shc.handshakeKeyDerivation; if (kd == null) { // unlikely - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation"); - return null; } SSLTrafficKeyDerivation kdg = SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); if (kdg == null) { // unlikely - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + shc.negotiatedProtocol); - return null; } // derive salt secret @@ -821,12 +813,10 @@ shc.sslContext.getSecureRandom()); if (writeCipher == null) { - shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + shc.negotiatedCipherSuite + ") and protocol version (" + shc.negotiatedProtocol + ")"); - - return null; } shc.baseWriteSecret = writeSecret; @@ -836,9 +826,8 @@ // update the context for the following key derivation shc.handshakeKeyDerivation = secretKD; } catch (GeneralSecurityException gse) { - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive application secrets", gse); - return null; } /* @@ -911,19 +900,17 @@ SSLKeyDerivation kd = chc.handshakeKeyDerivation; if (kd == null) { // unlikely - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation"); - return; } SSLTrafficKeyDerivation kdg = SSLTrafficKeyDerivation.valueOf(chc.negotiatedProtocol); if (kdg == null) { // unlikely - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + chc.negotiatedProtocol); - return; } // save the session @@ -967,12 +954,10 @@ chc.sslContext.getSecureRandom()); if (readCipher == null) { - chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + chc.negotiatedCipherSuite + ") and protocol version (" + chc.negotiatedProtocol + ")"); - - return; } chc.baseReadSecret = readSecret; @@ -981,9 +966,8 @@ // update the context for the following key derivation chc.handshakeKeyDerivation = secretKD; } catch (GeneralSecurityException gse) { - chc.conContext.fatal(Alert.INTERNAL_ERROR, + throw chc.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive application secrets", gse); - return; } // @@ -1031,19 +1015,17 @@ SSLKeyDerivation kd = shc.handshakeKeyDerivation; if (kd == null) { // unlikely - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "no key derivation"); - return; } SSLTrafficKeyDerivation kdg = SSLTrafficKeyDerivation.valueOf(shc.negotiatedProtocol); if (kdg == null) { // unlikely - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "Not supported key derivation: " + shc.negotiatedProtocol); - return; } // save the session @@ -1073,12 +1055,10 @@ shc.sslContext.getSecureRandom()); if (readCipher == null) { - shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, + throw shc.conContext.fatal(Alert.ILLEGAL_PARAMETER, "Illegal cipher suite (" + shc.negotiatedCipherSuite + ") and protocol version (" + shc.negotiatedProtocol + ")"); - - return; } shc.baseReadSecret = readSecret; @@ -1094,9 +1074,8 @@ shc.handshakeSession.setResumptionMasterSecret( resumptionMasterSecret); } catch (GeneralSecurityException gse) { - shc.conContext.fatal(Alert.INTERNAL_ERROR, + throw shc.conContext.fatal(Alert.INTERNAL_ERROR, "Failure to derive application secrets", gse); - return; } // update connection context