From ad76f31ded689630a8f1f662b667107e366b1e06 Mon Sep 17 00:00:00 2001
From: Xue-Lei Andrew Fan <xuelei@openjdk.org>
Date: Fri, 6 Jan 2017 01:09:03 +0000
Subject: [PATCH] 8172273: SSLEngine.unwrap fails with
 ArrayIndexOutOfBoundsException

Reviewed-by: wetmore
---
 .../classes/sun/security/ssl/InputRecord.java   |  3 ++-
 .../net/ssl/TLS/TestJSSEClientProtocol.java     | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/jdk/src/java.base/share/classes/sun/security/ssl/InputRecord.java b/jdk/src/java.base/share/classes/sun/security/ssl/InputRecord.java
index fec0b1c4d90..82e81e2b48f 100644
--- a/jdk/src/java.base/share/classes/sun/security/ssl/InputRecord.java
+++ b/jdk/src/java.base/share/classes/sun/security/ssl/InputRecord.java
@@ -242,8 +242,9 @@ class InputRecord implements Record, Closeable {
         //  2: ClientHello.client_version
         // 32: ClientHello.random
         //  1: length byte of ClientHello.session_id
+        //  2: length bytes of ClientHello.cipher_suites
         //  2: empty ClientHello.compression_methods
-        int requiredSize = 46 + sessionIdLen + ((cipherSpecLen * 2 ) / 3 );
+        int requiredSize = 48 + sessionIdLen + ((cipherSpecLen * 2 ) / 3 );
         byte[] converted = new byte[requiredSize];
 
         /*
diff --git a/jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java b/jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java
index bae6ea6c822..2668d9f8dac 100644
--- a/jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java
+++ b/jdk/test/javax/net/ssl/TLS/TestJSSEClientProtocol.java
@@ -22,7 +22,7 @@
 
 /*
  * @test
- * @bug 8049429
+ * @bug 8049429 8172273
  * @modules java.management
  *          jdk.crypto.ec/sun.security.ec
  * @summary Test that all cipher suites work in all versions and all client
@@ -30,6 +30,21 @@
  *          and all checking is done on the client side.
  * @compile CipherTestUtils.java JSSEClient.java JSSEServer.java
  * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *          TestJSSE
+ * @run main/othervm
+ *              -DSERVER_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCLIENT_PROTOCOL=SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
+ *              -DCIPHER=TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *          TestJSSE
+ * @run main/othervm
  *              -DSERVER_PROTOCOL=SSLv3
  *              -DCLIENT_PROTOCOL=SSLv3
  *              -DCIPHER=SSL_RSA_WITH_RC4_128_MD5