Code Review Request: TLS 1.3 Implementation
Anthony Scarpino
anthony.scarpino at oracle.com
Wed Jun 6 20:11:56 UTC 2018
I can make the below changes if they are accepted.
Tony
------
InputRecord.java
- Optimize Imports
- fragmentSize appears not to be used. It is constructed,
it can be set by changeFragmentSize. MaxFragExtension even calls these
methods, but no where can I find that uses the fragmentSize. It appears
the fragment sizes are either calculated in the SSLCipher or the
negotiatedMaxFragLen is used in the handshakeSession.
65: getHelloVersion() is unused
- For the below, I would assume integer overflow isn't an issue since
these are all internal APIs and the worse we would see is an Out of
Bounds exception
337: for (int i = offset, j = 0;
338: i < (offset + length) && j < headerSize; i++) {
359: for (int i = offset; i < offset + length; i++) {
373: for (int i = offset; i < offset + length; i++) {
DTLSInputRecord.java
- Optimize Imports
102 } else if (srcsLength == 1) {
103 return decode(srcs[srcsOffset]);
shouldn't it be decode(srcs[0]); otherwise it could be out of bounds.
SSLEngineInputRecord.java
- Optimize Imports
41: prevType never used
347: srcLimit never used
42 & 43: hsMsgOff and hsMsgLim are set to 0 and never change, later
they are used in a check with themselves:
232: if ( ... && hsMsgOff != hsMsgLen) {
SSLSocketInputRecord.java
- Optimize Imports
47: prevType never used
48 & 49: nsMsgOff and hsMsgLim are set to 0 and never change, later
they are used in a check with themselves:
266: if ( ... && hsMsgOff != hsMsgLen) {
More information about the security-dev
mailing list