Skip to content

Commit

Permalink
8294474: Better AES support
Browse files Browse the repository at this point in the history
Reviewed-by: mbaesken
Backport-of: 0c534f3309a308e89363ec69dee74d95fd9647a4
  • Loading branch information
martinuy authored and RealCLanger committed Apr 12, 2023
1 parent adc5fe7 commit 13a9069
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 13 deletions.
6 changes: 4 additions & 2 deletions src/java.base/share/classes/sun/security/ssl/KeyUpdate.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -169,7 +169,9 @@ private KeyUpdateKickstartProducer() {
public byte[] produce(ConnectionContext context) throws IOException {
PostHandshakeContext hc = (PostHandshakeContext)context;
return handshakeProducer.produce(context,
new KeyUpdateMessage(hc, KeyUpdateRequest.REQUESTED));
new KeyUpdateMessage(hc, hc.conContext.isInboundClosed() ?
KeyUpdateRequest.NOTREQUESTED :
KeyUpdateRequest.REQUESTED));
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -394,11 +394,11 @@ private HandshakeStatus tryToFinishHandshake(byte contentType) {
*/
private HandshakeStatus tryKeyUpdate(
HandshakeStatus currentHandshakeStatus) throws IOException {
// Don't bother to kickstart if handshaking is in progress, or if the
// connection is not duplex-open.
// Don't bother to kickstart if handshaking is in progress, or if
// the write side of the connection is not open. We allow a half-
// duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -1541,11 +1541,11 @@ private Plaintext decode(ByteBuffer destination) throws IOException {
* wrapped.
*/
private void tryKeyUpdate() throws IOException {
// Don't bother to kickstart if handshaking is in progress, or if the
// connection is not duplex-open.
// Don't bother to kickstart if handshaking is in progress, or if
// the write side of the connection is not open. We allow a half-
// duplex write-only connection for key updates.
if ((conContext.handshakeContext == null) &&
!conContext.isOutboundClosed() &&
!conContext.isInboundClosed() &&
!conContext.isBroken) {
if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
SSLLogger.finest("trigger key update");
Expand Down
13 changes: 10 additions & 3 deletions src/java.base/share/classes/sun/security/ssl/TransportContext.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -219,7 +219,14 @@ void kickstart() throws IOException {
throw new IllegalStateException("Client/Server mode not yet set.");
}

if (outputRecord.isClosed() || inputRecord.isClosed() || isBroken) {
// The threshold for allowing the method to continue processing
// depends on whether we are doing a key update or kickstarting
// a handshake. In the former case, we only require the write-side
// to be open where a handshake would require a full duplex connection.
boolean isNotUsable = outputRecord.writeCipher.atKeyLimit() ?
(outputRecord.isClosed() || isBroken) :
(outputRecord.isClosed() || inputRecord.isClosed() || isBroken);
if (isNotUsable) {
if (closeReason != null) {
throw new SSLException(
"Cannot kickstart, the connection is broken or closed",
Expand Down Expand Up @@ -247,7 +254,7 @@ void kickstart() throws IOException {
//
// Need no kickstart message on server side unless the connection
// has been established.
if(isNegotiated || sslConfig.isClientMode) {
if (isNegotiated || sslConfig.isClientMode) {
handshakeContext.kickstart();
}
}
Expand Down

0 comments on commit 13a9069

Please sign in to comment.