Code Review Request: TLS 1.3 full handshake (JDK-8196584)
Jamil Nimeh
jamil.j.nimeh at oracle.com
Thu Jun 7 00:56:03 UTC 2018
Yes, I'll delete that commented line and rework the absolute put later
tonight.
--Jamil
On 06/06/2018 05:44 PM, Xuelei Fan wrote:
> Hi Jamil,
>
> All good catches to me. Would you mind take care of the update as well?
>
> Thanks,
> Xuelei
>
> On 6/6/2018 3:19 PM, Jamil Nimeh wrote:
>> Hello, comments below, minor stuff for the most part:
>>
>> * KeyUpdate.java
>> o 128-129: Spelling nit: REQUSTED --> REQUESTED
>> o That change will have to get sprinkled throughout the code
>> * OutputRecord.java
>> o 291-295: It seems like using an absolute put would simplify this
>> code a bit: Just advance the destination limit by one like
>> you're already doing, then destination.put(destination.limit() -
>> 1, contentType); Or you can set an int variable to
>> destination.limit() before you make the limit one larger and
>> then use that as the first argument to the absolute put. Either
>> way you don't need to move your position marker forward and
>> backward.
>> + I know absolute puts are not guaranteed to be implemented,
>> but they are used further down on line 312, 317-318 so I
>> think we're safe here.
>> * SSLEngineOutputRecord.java
>> o Looks good to me
>> * SSLSocketOutputRecord.java
>> o 315: REQUSTED -> REQUESTED
>> o Looks okay otherwise
>> * DTLSOutputRecord
>> o 68: Do we need to hang onto this for now, or can we remove this
>> commented out line?
>> o Otherwise looks OK.
>>
>> More on the way...
>>
>> --Jamil
>>
>>
>> On 02/22/2018 12:29 PM, Xuelei Fan wrote:
>>> Updated to use package private HKDF implementation.
>>>
>>> webrev (based on JDK-8185576):
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.01
>>>
>>> webrev (including JDK-8185576):
>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.01
>>>
>>> Thanks,
>>> Xuelei
>>>
>>> On 2/20/2018 11:57 AM, Xuelei Fan wrote:
>>>> Hi,
>>>>
>>>> I'd like to invite you to review the TLS 1.3 full handshake
>>>> implementation. I appreciate it if I could have feedback before
>>>> March 9, 2018.
>>>>
>>>> In the "JDK-8185576: New handshake implementation" [1] code review
>>>> around, I was trying to re-org the TLS handshaking implementation
>>>> in the
>>>> SunJSSE provider. If you had reviewed that part, you can start
>>>> from the following webrev that based on the update of JDK-8185576:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-step.00
>>>>
>>>> If you would like start from earlier, here is the webrev that
>>>> contains the handshaking implementation re-org in JDK-8185576:
>>>> http://cr.openjdk.java.net/~xuelei/8196584/webrev-full.00
>>>>
>>>>
>>>> This changeset only implements the full handshake of TLS 1.3,
>>>> rather then a fully implementation of the latest TLS 1.3 draft [2].
>>>>
>>>> In this implementation, I removed:
>>>> 1. the KRB5 cipher suite implementation.
>>>> Please let me know if you are still using KRB5 cipher suite. I may
>>>> not add them back if no objections.
>>>>
>>>> 2. OCSP stapling.
>>>> This feature will be added back later.
>>>>
>>>> Resumption and key update, and more features may be added later.
>>>>
>>>> Thanks & Regards,
>>>> Xuelei
>>>>
>>>> [1]:
>>>> http://mail.openjdk.java.net/pipermail/security-dev/2017-December/016642.html
>>>>
>>>> [2]: https://tools.ietf.org/html/draft-ietf-tls-tls13-24
>>
More information about the security-dev
mailing list