jdk-sandbox: jdk/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java@052d130b84ed (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	2	* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 2 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
90ce3da70b43 Initial load duke parents: diff changeset	28	import java.io.*;
90ce3da70b43 Initial load duke parents: diff changeset	29	import java.nio.*;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	30
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	31	import javax.crypto.BadPaddingException;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	32
2 90ce3da70b43 Initial load duke parents: diff changeset	33	import javax.net.ssl.*;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	34
2 90ce3da70b43 Initial load duke parents: diff changeset	35	import sun.misc.HexDumpEncoder;
90ce3da70b43 Initial load duke parents: diff changeset	36
90ce3da70b43 Initial load duke parents: diff changeset	37
90ce3da70b43 Initial load duke parents: diff changeset	38	/**
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	39	* {@code InputRecord} implementation for {@code SSLEngine}.
2 90ce3da70b43 Initial load duke parents: diff changeset	40	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	41	final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	42	// used by handshake hash computation for handshake fragment
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	43	private byte prevType = -1;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	44	private int hsMsgOff = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	45	private int hsMsgLen = 0;
2 90ce3da70b43 Initial load duke parents: diff changeset	46
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	47	private boolean formatVerified = false; // SSLv2 ruled out?
2 90ce3da70b43 Initial load duke parents: diff changeset	48
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	49	SSLEngineInputRecord() {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	50	this.readAuthenticator = MAC.TLS_NULL;
2 90ce3da70b43 Initial load duke parents: diff changeset	51	}
90ce3da70b43 Initial load duke parents: diff changeset	52
14664 e71aa0962e70 8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl xuelei parents: 5506 diff changeset	53	@Override
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	54	int estimateFragmentSize(int packetSize) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	55	int macLen = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	56	if (readAuthenticator instanceof MAC) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	57	macLen = ((MAC)readAuthenticator).MAClen();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	58	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	59
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	60	if (packetSize > 0) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	61	return readCipher.estimateFragmentSize(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	62	packetSize, macLen, headerSize);
2 90ce3da70b43 Initial load duke parents: diff changeset	63	} else {
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	64	return Record.maxDataSize;
2 90ce3da70b43 Initial load duke parents: diff changeset	65	}
90ce3da70b43 Initial load duke parents: diff changeset	66	}
90ce3da70b43 Initial load duke parents: diff changeset	67
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	68	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	69	int bytesInCompletePacket(ByteBuffer packet) throws SSLException {
2 90ce3da70b43 Initial load duke parents: diff changeset	70	/*
90ce3da70b43 Initial load duke parents: diff changeset	71	* SSLv2 length field is in bytes 0/1
90ce3da70b43 Initial load duke parents: diff changeset	72	* SSLv3/TLS length field is in bytes 3/4
90ce3da70b43 Initial load duke parents: diff changeset	73	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	74	if (packet.remaining() < 5) {
2 90ce3da70b43 Initial load duke parents: diff changeset	75	return -1;
90ce3da70b43 Initial load duke parents: diff changeset	76	}
90ce3da70b43 Initial load duke parents: diff changeset	77
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	78	int pos = packet.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	79	byte byteZero = packet.get(pos);
2 90ce3da70b43 Initial load duke parents: diff changeset	80
90ce3da70b43 Initial load duke parents: diff changeset	81	int len = 0;
90ce3da70b43 Initial load duke parents: diff changeset	82
90ce3da70b43 Initial load duke parents: diff changeset	83	/*
90ce3da70b43 Initial load duke parents: diff changeset	84	* If we have already verified previous packets, we can
90ce3da70b43 Initial load duke parents: diff changeset	85	* ignore the verifications steps, and jump right to the
90ce3da70b43 Initial load duke parents: diff changeset	86	* determination. Otherwise, try one last hueristic to
90ce3da70b43 Initial load duke parents: diff changeset	87	* see if it's SSL/TLS.
90ce3da70b43 Initial load duke parents: diff changeset	88	*/
90ce3da70b43 Initial load duke parents: diff changeset	89	if (formatVerified \|\|
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	90	(byteZero == ct_handshake) \|\| (byteZero == ct_alert)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	91	/*
90ce3da70b43 Initial load duke parents: diff changeset	92	* Last sanity check that it's not a wild record
90ce3da70b43 Initial load duke parents: diff changeset	93	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	94	ProtocolVersion recordVersion = ProtocolVersion.valueOf(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	95	packet.get(pos + 1), packet.get(pos + 2));
2 90ce3da70b43 Initial load duke parents: diff changeset	96
24263 f95477ce56e4 8042449: Issue for negative byte major record version xuelei parents: 16913 diff changeset	97	// check the record version
f95477ce56e4 8042449: Issue for negative byte major record version xuelei parents: 16913 diff changeset	98	checkRecordVersion(recordVersion, false);
2 90ce3da70b43 Initial load duke parents: diff changeset	99
90ce3da70b43 Initial load duke parents: diff changeset	100	/*
90ce3da70b43 Initial load duke parents: diff changeset	101	* Reasonably sure this is a V3, disable further checks.
90ce3da70b43 Initial load duke parents: diff changeset	102	* We can't do the same in the v2 check below, because
90ce3da70b43 Initial load duke parents: diff changeset	103	* read still needs to parse/handle the v2 clientHello.
90ce3da70b43 Initial load duke parents: diff changeset	104	*/
90ce3da70b43 Initial load duke parents: diff changeset	105	formatVerified = true;
90ce3da70b43 Initial load duke parents: diff changeset	106
90ce3da70b43 Initial load duke parents: diff changeset	107	/*
90ce3da70b43 Initial load duke parents: diff changeset	108	* One of the SSLv3/TLS message types.
90ce3da70b43 Initial load duke parents: diff changeset	109	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	110	len = ((packet.get(pos + 3) & 0xFF) << 8) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	111	(packet.get(pos + 4) & 0xFF) + headerSize;
2 90ce3da70b43 Initial load duke parents: diff changeset	112
90ce3da70b43 Initial load duke parents: diff changeset	113	} else {
90ce3da70b43 Initial load duke parents: diff changeset	114	/*
90ce3da70b43 Initial load duke parents: diff changeset	115	* Must be SSLv2 or something unknown.
90ce3da70b43 Initial load duke parents: diff changeset	116	* Check if it's short (2 bytes) or
90ce3da70b43 Initial load duke parents: diff changeset	117	* long (3) header.
90ce3da70b43 Initial load duke parents: diff changeset	118	*
90ce3da70b43 Initial load duke parents: diff changeset	119	* Internals can warn about unsupported SSLv2
90ce3da70b43 Initial load duke parents: diff changeset	120	*/
90ce3da70b43 Initial load duke parents: diff changeset	121	boolean isShort = ((byteZero & 0x80) != 0);
90ce3da70b43 Initial load duke parents: diff changeset	122
90ce3da70b43 Initial load duke parents: diff changeset	123	if (isShort &&
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	124	((packet.get(pos + 2) == 1) \|\| packet.get(pos + 2) == 4)) {
2 90ce3da70b43 Initial load duke parents: diff changeset	125
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	126	ProtocolVersion recordVersion = ProtocolVersion.valueOf(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	127	packet.get(pos + 3), packet.get(pos + 4));
2 90ce3da70b43 Initial load duke parents: diff changeset	128
24263 f95477ce56e4 8042449: Issue for negative byte major record version xuelei parents: 16913 diff changeset	129	// check the record version
f95477ce56e4 8042449: Issue for negative byte major record version xuelei parents: 16913 diff changeset	130	checkRecordVersion(recordVersion, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	131
90ce3da70b43 Initial load duke parents: diff changeset	132	/*
90ce3da70b43 Initial load duke parents: diff changeset	133	* Client or Server Hello
90ce3da70b43 Initial load duke parents: diff changeset	134	*/
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	135	int mask = (isShort ? 0x7F : 0x3F);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	136	len = ((byteZero & mask) << 8) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	137	(packet.get(pos + 1) & 0xFF) + (isShort ? 2 : 3);
2 90ce3da70b43 Initial load duke parents: diff changeset	138
90ce3da70b43 Initial load duke parents: diff changeset	139	} else {
90ce3da70b43 Initial load duke parents: diff changeset	140	// Gobblygook!
90ce3da70b43 Initial load duke parents: diff changeset	141	throw new SSLException(
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	142	"Unrecognized SSL message, plaintext connection?");
2 90ce3da70b43 Initial load duke parents: diff changeset	143	}
90ce3da70b43 Initial load duke parents: diff changeset	144	}
90ce3da70b43 Initial load duke parents: diff changeset	145
90ce3da70b43 Initial load duke parents: diff changeset	146	return len;
90ce3da70b43 Initial load duke parents: diff changeset	147	}
90ce3da70b43 Initial load duke parents: diff changeset	148
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	149	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	150	void checkRecordVersion(ProtocolVersion recordVersion,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	151	boolean allowSSL20Hello) throws SSLException {
2 90ce3da70b43 Initial load duke parents: diff changeset	152
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	153	if (recordVersion.maybeDTLSProtocol()) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	154	throw new SSLException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	155	"Unrecognized record version " + recordVersion +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	156	" , DTLS packet?");
2 90ce3da70b43 Initial load duke parents: diff changeset	157	}
90ce3da70b43 Initial load duke parents: diff changeset	158
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	159	// Check if the record version is too old.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	160	if ((recordVersion.v < ProtocolVersion.MIN.v)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	161	// if it's not SSLv2, we're out of here.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	162	if (!allowSSL20Hello \|\|
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	163	(recordVersion.v != ProtocolVersion.SSL20Hello.v)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	164	throw new SSLException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	165	"Unsupported record version " + recordVersion);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	166	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	167	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	168	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	169
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	170	@Override
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	171	Plaintext decode(ByteBuffer packet)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	172	throws IOException, BadPaddingException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	173
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	174	if (isClosed) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	175	return null;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	176	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	177
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	178	if (debug != null && Debug.isOn("packet")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	179	Debug.printHex(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	180	"[Raw read]: length = " + packet.remaining(), packet);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	181	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	182
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	183	// The caller should have validated the record.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	184	if (!formatVerified) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	185	formatVerified = true;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	186
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	187	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	188	* The first record must either be a handshake record or an
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	189	* alert message. If it's not, it is either invalid or an
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	190	* SSLv2 message.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	191	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	192	int pos = packet.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	193	byte byteZero = packet.get(pos);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	194	if (byteZero != ct_handshake && byteZero != ct_alert) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	195	return handleUnknownRecord(packet);
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	196	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	197	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	198
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	199	return decodeInputRecord(packet);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	200	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	201
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	202	private Plaintext decodeInputRecord(ByteBuffer packet)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	203	throws IOException, BadPaddingException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	204
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	205	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	206	// The packet should be a complete record, or more.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	207	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	208
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	209	int srcPos = packet.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	210	int srcLim = packet.limit();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	211
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	212	byte contentType = packet.get(); // pos: 0
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	213	byte majorVersion = packet.get(); // pos: 1
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	214	byte minorVersion = packet.get(); // pos: 2
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	215	int contentLen = ((packet.get() & 0xFF) << 8) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	216	(packet.get() & 0xFF); // pos: 3, 4
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	217
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	218	if (debug != null && Debug.isOn("record")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	219	System.out.println(Thread.currentThread().getName() +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	220	", READ: " +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	221	ProtocolVersion.valueOf(majorVersion, minorVersion) +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	222	" " + Record.contentName(contentType) + ", length = " +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	223	contentLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	224	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	225
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	226	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	227	// Check for upper bound.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	228	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	229	// Note: May check packetSize limit in the future.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	230	if (contentLen < 0 \|\| contentLen > maxLargeRecordSize - headerSize) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	231	throw new SSLProtocolException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	232	"Bad input record size, TLSCiphertext.length = " + contentLen);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	233	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	234
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	235	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	236	// check for handshake fragment
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	237	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	238	if ((contentType != ct_handshake) && (hsMsgOff != hsMsgLen)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	239	throw new SSLProtocolException(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	240	"Expected to get a handshake fragment");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	241	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	242
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	243	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	244	// Decrypt the fragment
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	245	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	246	int recLim = srcPos + SSLRecord.headerSize + contentLen;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	247	packet.limit(recLim);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	248	packet.position(srcPos + SSLRecord.headerSize);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	249
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	250	ByteBuffer plaintext;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	251	try {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	252	plaintext =
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	253	decrypt(readAuthenticator, readCipher, contentType, packet);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	254	} finally {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	255	// comsume a complete record
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	256	packet.limit(srcLim);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	257	packet.position(recLim);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	258	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	259
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	260	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	261	// handshake hashing
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	262	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	263	if (contentType == ct_handshake) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	264	int pltPos = plaintext.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	265	int pltLim = plaintext.limit();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	266	int frgPos = pltPos;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	267	for (int remains = plaintext.remaining(); remains > 0;) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	268	int howmuch;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	269	byte handshakeType;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	270	if (hsMsgOff < hsMsgLen) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	271	// a fragment of the handshake message
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	272	howmuch = Math.min((hsMsgLen - hsMsgOff), remains);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	273	handshakeType = prevType;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	274
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	275	hsMsgOff += howmuch;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	276	if (hsMsgOff == hsMsgLen) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	277	// Now is a complete handshake message.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	278	hsMsgOff = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	279	hsMsgLen = 0;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	280	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	281	} else { // hsMsgOff == hsMsgLen, a new handshake message
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	282	handshakeType = plaintext.get();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	283	int handshakeLen = ((plaintext.get() & 0xFF) << 16) \|
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	284	((plaintext.get() & 0xFF) << 8) \|
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	285	(plaintext.get() & 0xFF);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	286	plaintext.position(frgPos);
33295 052d130b84ed 8081760: Better group dynamics xuelei parents: 30904 diff changeset	287	if (remains < (handshakeLen + 4)) { // 4: handshake header
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	288	// This handshake message is fragmented.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	289	prevType = handshakeType;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	290	hsMsgOff = remains - 4; // 4: handshake header
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	291	hsMsgLen = handshakeLen;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	292	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	293
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	294	howmuch = Math.min(handshakeLen + 4, remains);
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	295	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	296
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	297	plaintext.limit(frgPos + howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	298
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	299	if (handshakeType == HandshakeMessage.ht_hello_request) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	300	// omitted from handshake hash computation
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	301	} else if ((handshakeType != HandshakeMessage.ht_finished) &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	302	(handshakeType != HandshakeMessage.ht_certificate_verify)) {
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	303
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	304	if (handshakeHash == null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	305	// used for cache only
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	306	handshakeHash = new HandshakeHash(false);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	307	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	308	handshakeHash.update(plaintext);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	309	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	310	// Reserve until this handshake message has been processed.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	311	if (handshakeHash == null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	312	// used for cache only
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	313	handshakeHash = new HandshakeHash(false);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	314	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	315	handshakeHash.reserve(plaintext);
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	316	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	317
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	318	plaintext.position(frgPos + howmuch);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	319	plaintext.limit(pltLim);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	320
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	321	frgPos += howmuch;
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	322	remains -= howmuch;
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	323	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	324
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	325	plaintext.position(pltPos);
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	326	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	327
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	328	return new Plaintext(contentType,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	329	majorVersion, minorVersion, -1, -1L, plaintext);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	330	// recordEpoch, recordSeq, plaintext);
2 90ce3da70b43 Initial load duke parents: diff changeset	331	}
90ce3da70b43 Initial load duke parents: diff changeset	332
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	333	private Plaintext handleUnknownRecord(ByteBuffer packet)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	334	throws IOException, BadPaddingException {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	335
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	336	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	337	// The packet should be a complete record.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	338	//
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	339	int srcPos = packet.position();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	340	int srcLim = packet.limit();
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	341
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	342	byte firstByte = packet.get(srcPos);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	343	byte thirdByte = packet.get(srcPos + 2);
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	344
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	345	// Does it look like a Version 2 client hello (V2ClientHello)?
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	346	if (((firstByte & 0x80) != 0) && (thirdByte == 1)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	347	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	348	* If SSLv2Hello is not enabled, throw an exception.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	349	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	350	if (helloVersion != ProtocolVersion.SSL20Hello) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	351	throw new SSLHandshakeException("SSLv2Hello is not enabled");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	352	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	353
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	354	byte majorVersion = packet.get(srcPos + 3);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	355	byte minorVersion = packet.get(srcPos + 4);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	356
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	357	if ((majorVersion == ProtocolVersion.SSL20Hello.major) &&
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	358	(minorVersion == ProtocolVersion.SSL20Hello.minor)) {
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	359
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	360	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	361	* Looks like a V2 client hello, but not one saying
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	362	* "let's talk SSLv3". So we need to send an SSLv2
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	363	* error message, one that's treated as fatal by
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	364	* clients (Otherwise we'll hang.)
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	365	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	366	if (debug != null && Debug.isOn("record")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	367	System.out.println(Thread.currentThread().getName() +
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	368	"Requested to negotiate unsupported SSLv2!");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	369	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	370
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	371	// hack code, the exception is caught in SSLEngineImpl
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	372	// so that SSLv2 error message can be delivered properly.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	373	throw new UnsupportedOperationException( // SSLv2Hello
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	374	"Unsupported SSL v2.0 ClientHello");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	375	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	376
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	377	/*
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	378	* If we can map this into a V3 ClientHello, read and
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	379	* hash the rest of the V2 handshake, turn it into a
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	380	* V3 ClientHello message, and pass it up.
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	381	*/
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	382	packet.position(srcPos + 2); // exclude the header
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	383
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	384	if (handshakeHash == null) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	385	// used for cache only
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	386	handshakeHash = new HandshakeHash(false);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	387	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	388	handshakeHash.update(packet);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	389	packet.position(srcPos);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	390
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	391	ByteBuffer converted = convertToClientHello(packet);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	392
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	393	if (debug != null && Debug.isOn("packet")) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	394	Debug.printHex(
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	395	"[Converted] ClientHello", converted);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	396	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	397
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	398	return new Plaintext(ct_handshake,
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	399	majorVersion, minorVersion, -1, -1L, converted);
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	400	} else {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	401	if (((firstByte & 0x80) != 0) && (thirdByte == 4)) {
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	402	throw new SSLException("SSL V2.0 servers are not supported.");
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	403	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	404
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 27292 diff changeset	405	throw new SSLException("Unsupported or unrecognized SSL message");
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	406	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	407	}
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	408
2 90ce3da70b43 Initial load duke parents: diff changeset	409	}

author	xuelei
	Mon, 20 Jul 2015 01:45:23 +0000
changeset 33295	052d130b84ed
parent 30904	ec0224270f90
child 34687	d302ed125dc9
permissions	-rw-r--r--