< prev index next >

src/java.base/share/classes/sun/security/ssl/HelloCookieManager.java

Print this page

        

*** 28,38 **** import java.io.IOException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Arrays; - import java.util.concurrent.locks.ReentrantLock; import static sun.security.ssl.ClientHello.ClientHelloMessage; /** * (D)TLS handshake cookie manager */ --- 28,37 ----
*** 44,55 **** private volatile D10HelloCookieManager d10HelloCookieManager; private volatile D13HelloCookieManager d13HelloCookieManager; private volatile T13HelloCookieManager t13HelloCookieManager; - private final ReentrantLock managerLock = new ReentrantLock(); - Builder(SecureRandom secureRandom) { this.secureRandom = secureRandom; } HelloCookieManager valueOf(ProtocolVersion protocolVersion) { --- 43,52 ----
*** 57,108 **** if (protocolVersion.useTLS13PlusSpec()) { if (d13HelloCookieManager != null) { return d13HelloCookieManager; } ! managerLock.lock(); ! try { if (d13HelloCookieManager == null) { d13HelloCookieManager = new D13HelloCookieManager(secureRandom); } - } finally { - managerLock.unlock(); } return d13HelloCookieManager; } else { if (d10HelloCookieManager != null) { return d10HelloCookieManager; } ! managerLock.lock(); ! try { if (d10HelloCookieManager == null) { d10HelloCookieManager = new D10HelloCookieManager(secureRandom); } - } finally { - managerLock.unlock(); } return d10HelloCookieManager; } } else { if (protocolVersion.useTLS13PlusSpec()) { if (t13HelloCookieManager != null) { return t13HelloCookieManager; } ! managerLock.lock(); ! try { if (t13HelloCookieManager == null) { t13HelloCookieManager = new T13HelloCookieManager(secureRandom); } - } finally { - managerLock.unlock(); } return t13HelloCookieManager; } } --- 54,96 ---- if (protocolVersion.useTLS13PlusSpec()) { if (d13HelloCookieManager != null) { return d13HelloCookieManager; } ! synchronized (this) { if (d13HelloCookieManager == null) { d13HelloCookieManager = new D13HelloCookieManager(secureRandom); } } return d13HelloCookieManager; } else { if (d10HelloCookieManager != null) { return d10HelloCookieManager; } ! synchronized (this) { if (d10HelloCookieManager == null) { d10HelloCookieManager = new D10HelloCookieManager(secureRandom); } } return d10HelloCookieManager; } } else { if (protocolVersion.useTLS13PlusSpec()) { if (t13HelloCookieManager != null) { return t13HelloCookieManager; } ! synchronized (this) { if (t13HelloCookieManager == null) { t13HelloCookieManager = new T13HelloCookieManager(secureRandom); } } return t13HelloCookieManager; } }
*** 124,135 **** final SecureRandom secureRandom; private int cookieVersion; // allow to wrap, version + sequence private byte[] cookieSecret; private byte[] legacySecret; - private final ReentrantLock d10ManagerLock = new ReentrantLock(); - D10HelloCookieManager(SecureRandom secureRandom) { this.secureRandom = secureRandom; this.cookieVersion = secureRandom.nextInt(); this.cookieSecret = new byte[32]; --- 112,121 ----
*** 143,166 **** byte[] createCookie(ServerHandshakeContext context, ClientHelloMessage clientHello) throws IOException { int version; byte[] secret; ! d10ManagerLock.lock(); ! try { version = cookieVersion; secret = cookieSecret; // the cookie secret usage limit is 2^24 if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret System.arraycopy(cookieSecret, 0, legacySecret, 0, 32); secureRandom.nextBytes(cookieSecret); } cookieVersion++; - } finally { - d10ManagerLock.unlock(); } MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); --- 129,149 ---- byte[] createCookie(ServerHandshakeContext context, ClientHelloMessage clientHello) throws IOException { int version; byte[] secret; ! synchronized (this) { version = cookieVersion; secret = cookieSecret; // the cookie secret usage limit is 2^24 if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret System.arraycopy(cookieSecret, 0, legacySecret, 0, 32); secureRandom.nextBytes(cookieSecret); } cookieVersion++; } MessageDigest md; try { md = MessageDigest.getInstance("SHA-256");
*** 183,201 **** if ((cookie == null) || (cookie.length != 32)) { return false; } byte[] secret; ! d10ManagerLock.lock(); ! try { if (((cookieVersion >> 24) & 0xFF) == cookie[0]) { secret = cookieSecret; } else { secret = legacySecret; // including out of window cookies } - } finally { - d10ManagerLock.unlock(); } MessageDigest md; try { md = MessageDigest.getInstance("SHA-256"); --- 166,181 ---- if ((cookie == null) || (cookie.length != 32)) { return false; } byte[] secret; ! synchronized (this) { if (((cookieVersion >> 24) & 0xFF) == cookie[0]) { secret = cookieSecret; } else { secret = legacySecret; // including out of window cookies } } MessageDigest md; try { md = MessageDigest.getInstance("SHA-256");
*** 236,247 **** final SecureRandom secureRandom; private int cookieVersion; // version + sequence private final byte[] cookieSecret; private final byte[] legacySecret; - private final ReentrantLock t13ManagerLock = new ReentrantLock(); - T13HelloCookieManager(SecureRandom secureRandom) { this.secureRandom = secureRandom; this.cookieVersion = secureRandom.nextInt(); this.cookieSecret = new byte[64]; this.legacySecret = new byte[64]; --- 216,225 ----
*** 254,277 **** byte[] createCookie(ServerHandshakeContext context, ClientHelloMessage clientHello) throws IOException { int version; byte[] secret; ! t13ManagerLock.lock(); ! try { version = cookieVersion; secret = cookieSecret; // the cookie secret usage limit is 2^24 if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret System.arraycopy(cookieSecret, 0, legacySecret, 0, 64); secureRandom.nextBytes(cookieSecret); } cookieVersion++; // allow wrapped version number - } finally { - t13ManagerLock.unlock(); } MessageDigest md; try { md = MessageDigest.getInstance( --- 232,252 ---- byte[] createCookie(ServerHandshakeContext context, ClientHelloMessage clientHello) throws IOException { int version; byte[] secret; ! synchronized (this) { version = cookieVersion; secret = cookieSecret; // the cookie secret usage limit is 2^24 if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret System.arraycopy(cookieSecret, 0, legacySecret, 0, 64); secureRandom.nextBytes(cookieSecret); } cookieVersion++; // allow wrapped version number } MessageDigest md; try { md = MessageDigest.getInstance(
*** 336,354 **** Arrays.copyOfRange(cookie, 3, 3 + hashLen); byte[] prevClientHelloHash = Arrays.copyOfRange(cookie, 3 + hashLen, cookie.length); byte[] secret; ! t13ManagerLock.lock(); ! try { if ((byte)((cookieVersion >> 24) & 0xFF) == cookie[2]) { secret = cookieSecret; } else { secret = legacySecret; // including out of window cookies } - } finally { - t13ManagerLock.unlock(); } MessageDigest md; try { md = MessageDigest.getInstance(cs.hashAlg.name); --- 311,326 ---- Arrays.copyOfRange(cookie, 3, 3 + hashLen); byte[] prevClientHelloHash = Arrays.copyOfRange(cookie, 3 + hashLen, cookie.length); byte[] secret; ! synchronized (this) { if ((byte)((cookieVersion >> 24) & 0xFF) == cookie[2]) { secret = cookieSecret; } else { secret = legacySecret; // including out of window cookies } } MessageDigest md; try { md = MessageDigest.getInstance(cs.hashAlg.name);
< prev index next >