Thanks Max/Andrew!
On 10/17/2011 6:57 PM, Weijun Wang wrote:
src looks fine.
Not sure of test. So whenever you use socket on one side and engine on
another, this bug will jump out?
If you use a SSLsocket on side, and an SSLEngine on the other, and the
engine is using target ByteBuffers that are backed by a Java ByteArray
(i.e. ByteBuffer.hasArray() == true), this bug will jump out. At least
in the Oracle JDK in my basic testing, this includes "regular" byte
buffers (ByteBuffer.allocate(), but not ByteBuffer.allocateDirect())
Note this also only occurs on TLS 1.1/1.2, as the new IV field isn't
being properly handled.
Brad
-Max
On 10/15/2011 08:59 AM, Brad Wetmore wrote:
I'll need a second codereviewer for the 7u2 change. Valerie/Sean/Max?
Brad
On 10/14/2011 5:52 PM, Brad Wetmore wrote:
Hi Xuelei,
I need code reviews for the bug I mentioned to you earlier.
7031830: bad_record_mac failure on TLSv1.2 enabled connection with
SSLEngine
The MAC calculation was summing the wrong data range when using
non-direct byte buffers and TLS1.1/1.2.
The new regression test will now interop-test SSLEngine with SSLSockets
using both direct and non-direct ByteBuffers, over SSLv3, TLSv1,
TLSv1.1, and TLSv1.2.
http://cr.openjdk.java.net/~wetmore/7031830/
I plan to push this to both JDK 8 and 7u2, so there are 2 webrevs there.
They should be the same.
Brad
