Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 9b6a4623 编写于 作者: W wetmore
浏览文件
操作

6750401: SSL stress test with GF leads to 32 bit max process size in less than... 

6750401: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider
Summary: This is the JSSE portion of the fix. Main part is in PKCS11.
Reviewed-by: valeriep, xuelei
上级 fba7e5b5
隐藏空白更改
内联 并排
Showing with 73 addition and 2 deletion
src/share/classes/sun/security/ssl/CipherBox.java
浏览文件 @ 9b6a4623
/* /*
* Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved. * Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -486,4 +486,21 @@ final class CipherBox { ...@@ -486,4 +486,21 @@ final class CipherBox {
return newlen; return newlen;
} }
/*
* Dispose of any intermediate state in the underlying cipher.
* For PKCS11 ciphers, this will release any attached sessions, and
* thus make finalization faster.
*/
void dispose() {
try {
if (cipher != null) {
// ignore return value.
cipher.doFinal();
}
} catch (GeneralSecurityException e) {
// swallow for now.
}
}
} }
src/share/classes/sun/security/ssl/SSLEngineImpl.java
浏览文件 @ 9b6a4623
/* /*
* Copyright 2003-2007 Sun Microsystems, Inc. All Rights Reserved. * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -547,6 +547,8 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -547,6 +547,8 @@ final public class SSLEngineImpl extends SSLEngine {
// ... create decompressor // ... create decompressor
CipherBox oldCipher = readCipher;
try { try {
readCipher = handshaker.newReadCipher(); readCipher = handshaker.newReadCipher();
readMAC = handshaker.newReadMAC(); readMAC = handshaker.newReadMAC();
...@@ -555,6 +557,16 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -555,6 +557,16 @@ final public class SSLEngineImpl extends SSLEngine {
throw (SSLException)new SSLException throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e); ("Algorithm missing: ").initCause(e);
} }
/*
* Dispose of any intermediate state in the underlying cipher.
* For PKCS11 ciphers, this will release any attached sessions,
* and thus make finalization faster.
*
* Since MAC's doFinal() is called for every SSL/TLS packet, it's
* not necessary to do the same with MAC's.
*/
oldCipher.dispose();
} }
/* /*
...@@ -572,6 +584,8 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -572,6 +584,8 @@ final public class SSLEngineImpl extends SSLEngine {
// ... create compressor // ... create compressor
CipherBox oldCipher = writeCipher;
try { try {
writeCipher = handshaker.newWriteCipher(); writeCipher = handshaker.newWriteCipher();
writeMAC = handshaker.newWriteMAC(); writeMAC = handshaker.newWriteMAC();
...@@ -580,6 +594,9 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -580,6 +594,9 @@ final public class SSLEngineImpl extends SSLEngine {
throw (SSLException)new SSLException throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e); ("Algorithm missing: ").initCause(e);
} }
// See comment above.
oldCipher.dispose();
} }
/* /*
...@@ -1231,6 +1248,9 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -1231,6 +1248,9 @@ final public class SSLEngineImpl extends SSLEngine {
break; break;
} }
// See comment in changeReadCiphers()
writeCipher.dispose();
connectionState = cs_CLOSED; connectionState = cs_CLOSED;
} }
...@@ -1271,6 +1291,10 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -1271,6 +1291,10 @@ final public class SSLEngineImpl extends SSLEngine {
closeOutboundInternal(); closeOutboundInternal();
inboundDone = true; inboundDone = true;
// See comment in changeReadCiphers()
readCipher.dispose();
connectionState = cs_CLOSED; connectionState = cs_CLOSED;
} }
...@@ -1457,6 +1481,10 @@ final public class SSLEngineImpl extends SSLEngine { ...@@ -1457,6 +1481,10 @@ final public class SSLEngineImpl extends SSLEngine {
connectionState = cs_CLOSED; connectionState = cs_CLOSED;
// See comment in changeReadCiphers()
readCipher.dispose();
writeCipher.dispose();
if (cause instanceof RuntimeException) { if (cause instanceof RuntimeException) {
throw (RuntimeException)cause; throw (RuntimeException)cause;
} else { } else {
......
src/share/classes/sun/security/ssl/SSLSocketImpl.java
浏览文件 @ 9b6a4623
...@@ -1427,6 +1427,10 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1427,6 +1427,10 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
waitForClose(false); waitForClose(false);
} }
// See comment in changeReadCiphers()
readCipher.dispose();
writeCipher.dispose();
// state will be set to cs_CLOSED in the finally block below // state will be set to cs_CLOSED in the finally block below
break; break;
...@@ -1633,6 +1637,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1633,6 +1637,11 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
* Clean up our side. * Clean up our side.
*/ */
closeSocket(); closeSocket();
// See comment in changeReadCiphers()
readCipher.dispose();
writeCipher.dispose();
connectionState = (oldState == cs_APP_CLOSED) ? cs_APP_CLOSED connectionState = (oldState == cs_APP_CLOSED) ? cs_APP_CLOSED
: cs_CLOSED; : cs_CLOSED;
throw closeReason; throw closeReason;
...@@ -1763,6 +1772,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1763,6 +1772,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
// ... create decompressor // ... create decompressor
CipherBox oldCipher = readCipher;
try { try {
readCipher = handshaker.newReadCipher(); readCipher = handshaker.newReadCipher();
readMAC = handshaker.newReadMAC(); readMAC = handshaker.newReadMAC();
...@@ -1771,6 +1782,16 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1771,6 +1782,16 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
throw (SSLException)new SSLException throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e); ("Algorithm missing: ").initCause(e);
} }
/*
* Dispose of any intermediate state in the underlying cipher.
* For PKCS11 ciphers, this will release any attached sessions,
* and thus make finalization faster.
*
* Since MAC's doFinal() is called for every SSL/TLS packet, it's
* not necessary to do the same with MAC's.
*/
oldCipher.dispose();
} }
// used by Handshaker // used by Handshaker
...@@ -1783,6 +1804,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1783,6 +1804,8 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
// ... create compressor // ... create compressor
CipherBox oldCipher = writeCipher;
try { try {
writeCipher = handshaker.newWriteCipher(); writeCipher = handshaker.newWriteCipher();
writeMAC = handshaker.newWriteMAC(); writeMAC = handshaker.newWriteMAC();
...@@ -1791,6 +1814,9 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl { ...@@ -1791,6 +1814,9 @@ final public class SSLSocketImpl extends BaseSSLSocketImpl {
throw (SSLException)new SSLException throw (SSLException)new SSLException
("Algorithm missing: ").initCause(e); ("Algorithm missing: ").initCause(e);
} }
// See comment above.
oldCipher.dispose();
} }
/* /*
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册