RFR: 8254631: Better support ALPN byte wire values in SunJSSE

Bradford Wetmore wetmore at openjdk.java.net
Tue Dec 1 21:27:12 UTC 2020 

On Thu, 26 Nov 2020 10:33:26 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:

>> Certain TLS ALPN values can't be properly read or written by the SunJSSE provider. This is due to the choice of Strings as the API interface and the undocumented internal use of the UTF-8 Character Set which converts characters larger than U+00007F into multi-byte arrays that may not be expected by a peer.
>> 
>> Full details are available in:
>> 
>> - Bug:  https://bugs.openjdk.java.net/browse/JDK-8254631
>> - CSR:  https://bugs.openjdk.java.net/browse/JDK-8256817
>
> src/java.base/share/classes/javax/net/ssl/SSLEngine.java line 353:
> 
>> 351:  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
>> 352:  *     if (unicodeString.equals("\uabcd\uabce\uabcf") {
>> 353:  *         ...
> 
> Hi Brad,
> 
> There's a missing closing parenthesis here on line 352. 
> 
> Additionally - the unicode characters in the string above will be substituted by the compiler before the API documentation is generated. I am suspecting that this is not what you want. If you want to see the literal unicode escape in the generated documentation, you will need to employ some tricks. One of them could be to use the unicode escape of \ instead of \ to prevent the compiler from interpreting \uabcd as a unicode escape.
> 
> Something like:
> 
>  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
>  *     if (unicodeString.equals("\u005cuabcd\u005cuabce\u005cuabcf")) {
> 
> would do the trick. Alternatively - this would probably work too:
> 
>  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
>  *     {@code if (unicodeString.equals("}{@code uabcd}{@code uabce}{@code uabcf"))} {
> 
> I realize none of these alternatives are ideal - maybe someone knows a better trick...

I made this change in SSLParameters, and forgot that I had a similar change to make in SSLEngine/SSLSocket.

> src/java.base/share/classes/javax/net/ssl/SSLSocket.java line 146:
> 
>> 144:  *
>> 145:  *     // MEETEI MAYEK LETTERS HUK UN I (Unicode 0xabcd->0xabcf)
>> 146:  *     if (unicodeString.equals("\uabcd\uabce\uabcf") {
> 
> Same remark here

Also fixed using \u005c.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1440

More information about the security-dev mailing list