Mercurial > hg > release > icedtea7-forest-2.5 > jdk

changeset 8112:707b534fb895

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8057555: Less cryptic cipher suite management Reviewed-by: xuelei Contributed-by: jamil.j.nimeh@oracle.com
author igerasim
date Wed, 08 Oct 2014 10:43:46 +0400
parents 122ac65402e1
children 7c18e8582dec
files src/share/classes/sun/security/ssl/ClientHandshaker.java src/share/classes/sun/security/ssl/Handshaker.java src/share/classes/sun/security/ssl/SSLEngineImpl.java src/share/classes/sun/security/ssl/SSLSocketImpl.java src/share/classes/sun/security/ssl/ServerHandshaker.java
diffstat 5 files changed, 38 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ssl/ClientHandshaker.java	Tue Oct 07 13:23:30 2014 +0100
+++ b/src/share/classes/sun/security/ssl/ClientHandshaker.java	Wed Oct 08 10:43:46 2014 +0400
@@ -342,6 +342,13 @@
             break;
 
         case HandshakeMessage.ht_finished:
+            // A ChangeCipherSpec record must have been received prior to
+            // reception of the Finished message (RFC 5246, 7.4.9).
+            if (!receivedChangeCipherSpec()) {
+                fatalSE(Alerts.alert_handshake_failure,
+                        "Received Finished message before ChangeCipherSpec");
+            }
+
             this.serverFinished(
                 new Finished(protocolVersion, input, cipherSuite));
             break;
--- a/src/share/classes/sun/security/ssl/Handshaker.java	Tue Oct 07 13:23:30 2014 +0100
+++ b/src/share/classes/sun/security/ssl/Handshaker.java	Wed Oct 08 10:43:46 2014 +0400
@@ -351,6 +351,14 @@
         }
     }
 
+    final boolean receivedChangeCipherSpec() {
+        if (conn != null) {
+            return conn.receivedChangeCipherSpec();
+        } else {
+            return engine.receivedChangeCipherSpec();
+        }
+    }
+
     String getEndpointIdentificationAlgorithmSE() {
         SSLParameters paras;
         if (conn != null) {
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Tue Oct 07 13:23:30 2014 +0100
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java	Wed Oct 08 10:43:46 2014 +0400
@@ -2085,6 +2085,14 @@
         return Thread.currentThread().getName();
     }
 
+    /*
+     * Returns a boolean indicating whether the ChangeCipherSpec message
+     * has been received for this handshake.
+     */
+    boolean receivedChangeCipherSpec() {
+        return receivedCCS;
+    }
+
     /**
      * Returns a printable representation of this end of the connection.
      */
--- a/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Tue Oct 07 13:23:30 2014 +0100
+++ b/src/share/classes/sun/security/ssl/SSLSocketImpl.java	Wed Oct 08 10:43:46 2014 +0400
@@ -2498,6 +2498,14 @@
         }
     }
 
+    /*
+     * Returns a boolean indicating whether the ChangeCipherSpec message
+     * has been received for this handshake.
+     */
+    boolean receivedChangeCipherSpec() {
+        return receivedCCS;
+    }
+
     //
     // We allocate a separate thread to deliver handshake completion
     // events.  This ensures that the notifications don't block the
--- a/src/share/classes/sun/security/ssl/ServerHandshaker.java	Tue Oct 07 13:23:30 2014 +0100
+++ b/src/share/classes/sun/security/ssl/ServerHandshaker.java	Wed Oct 08 10:43:46 2014 +0400
@@ -240,6 +240,13 @@
                 break;
 
             case HandshakeMessage.ht_finished:
+                // A ChangeCipherSpec record must have been received prior to
+                // reception of the Finished message (RFC 5246, 7.4.9).
+                if (!receivedChangeCipherSpec()) {
+                    fatalSE(Alerts.alert_handshake_failure,
+                        "Received Finished message before ChangeCipherSpec");
+                }
+
                 this.clientFinished(
                     new Finished(protocolVersion, input, cipherSuite));
                 break;