8275811: Incorrect instance to dispose

Reviewed-by: xuelei

Author: djelinski

Diff for: src/java.base/share/classes/sun/security/ssl/InputRecord.java

@@ -122,7 +122,7 @@ void changeReadCiphers(SSLReadCipher readCipher) {
          * Since MAC's doFinal() is called for every SSL/TLS packet, it's
          * not necessary to do the same with MAC's.
          */
-        readCipher.dispose();
+        this.readCipher.dispose();
 
         this.readCipher = readCipher;
     }

Diff for: src/java.base/share/classes/sun/security/ssl/OutputRecord.java

@@ -141,6 +141,11 @@ abstract void encodeHandshake(byte[] buffer,
     // SSLEngine and SSLSocket
     abstract void encodeChangeCipherSpec() throws IOException;
 
+    // SSLEngine and SSLSocket
+    void disposeWriteCipher() {
+        throw new UnsupportedOperationException();
+    }
+
     // apply to SSLEngine only
     Ciphertext encode(
         ByteBuffer[] srcs, int srcsOffset, int srcsLength,
@@ -190,7 +195,7 @@ void changeWriteCiphers(SSLWriteCipher writeCipher,
              * Since MAC's doFinal() is called for every SSL/TLS packet, it's
              * not necessary to do the same with MAC's.
              */
-            writeCipher.dispose();
+            disposeWriteCipher();
 
             this.writeCipher = writeCipher;
             this.isFirstAppOutputRecord = true;
@@ -219,7 +224,7 @@ void changeWriteCiphers(SSLWriteCipher writeCipher,
             flush();
 
             // Dispose of any intermediate state in the underlying cipher.
-            writeCipher.dispose();
+            disposeWriteCipher();
 
             this.writeCipher = writeCipher;
             this.isFirstAppOutputRecord = true;

Diff for: src/java.base/share/classes/sun/security/ssl/SSLEngineOutputRecord.java

@@ -151,6 +151,15 @@ void encodeChangeCipherSpec() throws IOException {
         fragmenter.queueUpChangeCipherSpec();
     }
 
+    @Override
+    void disposeWriteCipher() {
+        if (fragmenter == null) {
+            writeCipher.dispose();
+        } else {
+            fragmenter.queueUpCipherDispose();
+        }
+    }
+
     @Override
     void encodeV2NoCipher() throws IOException {
         isTalkingToV2 = true;
@@ -361,6 +370,7 @@ private static class RecordMemo {
         byte            majorVersion;
         byte            minorVersion;
         SSLWriteCipher  encodeCipher;
+        boolean         disposeCipher;
 
         byte[]          fragment;
     }
@@ -422,6 +432,15 @@ void queueUpAlert(byte level, byte description) {
             handshakeMemos.add(memo);
         }
 
+        void queueUpCipherDispose() {
+            RecordMemo lastMemo = handshakeMemos.peekLast();
+            if (lastMemo != null) {
+                lastMemo.disposeCipher = true;
+            } else {
+                writeCipher.dispose();
+            }
+        }
+
         Ciphertext acquireCiphertext(ByteBuffer dstBuf) throws IOException {
             if (isEmpty()) {
                 return null;
@@ -521,6 +540,9 @@ Ciphertext acquireCiphertext(ByteBuffer dstBuf) throws IOException {
                     dstPos, dstLim, headerSize,
                     ProtocolVersion.valueOf(memo.majorVersion,
                             memo.minorVersion));
+            if (memo.disposeCipher) {
+                memo.encodeCipher.dispose();
+            }
 
             if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
                 ByteBuffer temporary = dstBuf.duplicate();

Diff for: src/java.base/share/classes/sun/security/ssl/SSLSocketOutputRecord.java

@@ -243,6 +243,11 @@ void encodeChangeCipherSpec() throws IOException {
         }
     }
 
+    @Override
+    void disposeWriteCipher() {
+        writeCipher.dispose();
+    }
+
     @Override
     public void flush() throws IOException {
         recordLock.lock();