Code Review Request: TLS 1.3 Implementation

Xuelei Fan xuelei.fan at oracle.com
Fri Jun 1 05:04:33 UTC 2018


 > http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00

AlpnExtension.java
------------------
Looks fine to me.


CertificateRequest.java
-----------------------
Looks fine to me.


CertificateStatus.java
----------------------
- 42  * Pack of the CertificateStatus handshake message.
+ 42  * Pack of the CertificateStatus handshake message. [RFC 6066]

May be nice if adding the RFC number that defines this handshake 
message.  Otherwise, looks fine to me.


CertificateVerify.java
----------------------
-129  if (x509Credentials == null) {
+129  if (x509Credentials == null ||
              x509Credentials.popPublicKey == null) {
  130      shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
  131         "No X509 credentials negotiated for CertificateVerify");
  132  }

May be safe to check the x509Credentials.popPublicKey as well.  Similar 
to line 357-360, 607-610, 916-919.


-233  if (x509Possession == null) {
+233  if (x509Possession == null ||
               x509Possession.popPrivateKey == null) {
  234      if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
  235         SSLLogger.fine(
  236         "No X.509 credentials negotiated for CertificateVerify");
  237      }
  238
  239     return null;
  240  }

May be safe to check the x509Possession.popPrivateKey as well. Similar 
to line 458-466, 697-704, 1021-1027.

Otherwise, looks fine to me.

CertStatusExtension.java
------------------------
  326         private final int encodedLen;

Looks like this field is not used.  Remove it?

  425       if (!responderIds.isEmpty()) {
  426           ridStr = responderIds.toString();
-427
  428      }
One unnecessary blank line.  Otherwise, looks fine to me.

Xuelei

On 5/25/2018 4:45 PM, Xuelei Fan wrote:
> Hi,
> 
> I'd like to invite you to review the TLS 1.3 implementation.  I 
> appreciate it if I could have compatibility and specification feedback 
> before May 31, 2018, and implementation feedback before June 7, 2018.
> 
> Here is the webrev:
>      http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
> 
> The formal TLS 1.3 specification is not finalized yet, although it had 
> been approved to be a standard.  The implementation is based on the 
> draft version 28:
>      https://tools.ietf.org/html/draft-ietf-tls-tls13-28
> 
> For the overall description of this enhancement, please refer to JEP 332:
>      http://openjdk.java.net/jeps/332
> 
> For the compatibility and specification update, please refer to CSR 
> 8202625:
>      https://bugs.openjdk.java.net/browse/JDK-8202625
> 
> Note that we are using the sandbox for the development right now.  For 
> more information, please refer to Bradford's previous email:
> 
> http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017139.html
> 
> Thanks & Regards,
> Xuelei


More information about the security-dev mailing list