jdk-sandbox: src/java.base/share/classes/sun/security/ssl/RenegoInfoExtension.java@25178bb3e8f5 (annotated)

14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	4	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	10	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	15	* accompanied this code).
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	16	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	20	*
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	23	* questions.
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	24	*/
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	25
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	26	package sun.security.ssl;
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	27
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	28	import java.io.IOException;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	30	import java.text.MessageFormat;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	31	import java.util.Arrays;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.util.Locale;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	33	import javax.net.ssl.SSLProtocolException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	34	import sun.security.ssl.ClientHello.ClientHelloMessage;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	35	import static sun.security.ssl.SSLExtension.CH_RENEGOTIATION_INFO;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	36	import sun.security.ssl.SSLExtension.ExtensionConsumer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	37	import static sun.security.ssl.SSLExtension.SH_RENEGOTIATION_INFO;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	38	import sun.security.ssl.SSLExtension.SSLExtensionSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	39	import sun.security.ssl.SSLHandshake.HandshakeMessage;
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	40
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	41	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	42	* Pack of the "renegotiation_info" extensions [RFC 5746].
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	43	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	44	final class RenegoInfoExtension {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	45	static final HandshakeProducer chNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	46	new CHRenegotiationInfoProducer();
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56542 diff changeset	47	static final ExtensionConsumer chOnLoadConsumer =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	48	new CHRenegotiationInfoConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	49	static final HandshakeAbsence chOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	50	new CHRenegotiationInfoAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	51
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	52	static final HandshakeProducer shNetworkProducer =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	53	new SHRenegotiationInfoProducer();
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56542 diff changeset	54	static final ExtensionConsumer shOnLoadConsumer =
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	55	new SHRenegotiationInfoConsumer();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	56	static final HandshakeAbsence shOnLoadAbsence =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	57	new SHRenegotiationInfoAbsence();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	58
56708 25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	59	static final SSLStringizer rniStringizer =
25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	60	new RenegotiationInfoStringizer();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	61
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	62	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	63	* The "renegotiation_info" extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	64	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	65	static final class RenegotiationInfoSpec implements SSLExtensionSpec {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	66	// A nominal object that does not holding any real renegotiation info.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	67	static final RenegotiationInfoSpec NOMINAL =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	68	new RenegotiationInfoSpec(new byte[0]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	69
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	70	private final byte[] renegotiatedConnection;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	71
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	72	private RenegotiationInfoSpec(byte[] renegotiatedConnection) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	73	this.renegotiatedConnection = Arrays.copyOf(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	74	renegotiatedConnection, renegotiatedConnection.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	75	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	76
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	77	private RenegotiationInfoSpec(ByteBuffer m) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	78	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	79	if (!m.hasRemaining() \|\| m.remaining() < 1) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	80	throw new SSLProtocolException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	81	"Invalid renegotiation_info extension data: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	82	"insufficient data");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	83	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	84	this.renegotiatedConnection = Record.getBytes8(m);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	85	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	86
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	87	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	88	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	89	MessageFormat messageFormat = new MessageFormat(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	90	"\"renegotiated connection\": '['{0}']'", Locale.ENGLISH);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	91	if (renegotiatedConnection.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	92	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	93	"<no renegotiated connection>"
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	94	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	95	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	96	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	97	Object[] messageFields = {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	98	Utilities.toHexString(renegotiatedConnection)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	99	};
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	100	return messageFormat.format(messageFields);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	101	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	102	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	103	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	104
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	105	private static final
56708 25178bb3e8f5 Rename Stringize to Stringizer xuelei parents: 56704 diff changeset	106	class RenegotiationInfoStringizer implements SSLStringizer {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	107	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	108	public String toString(ByteBuffer buffer) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	109	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	110	return (new RenegotiationInfoSpec(buffer)).toString();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	111	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	// For debug logging only, so please swallow exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	113	return ioe.getMessage();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	114	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	115	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	118	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	119	* Network data producer of a "renegotiation_info" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	120	* the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	121	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	122	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	123	class CHRenegotiationInfoProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	124	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	125	private CHRenegotiationInfoProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	126	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	127	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	128
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	129	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	130	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	131	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	132	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	133	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	134
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	135	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	136	if (!chc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	137	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	139	"Ignore unavailable renegotiation_info extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	140	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	141
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	142	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	143	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	144
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	145	if (!chc.conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	146	if (chc.activeCipherSuites.contains(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	147	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	148	// Using the the TLS_EMPTY_RENEGOTIATION_INFO_SCSV instead.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	149	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	150	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	151
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	152	// initial handshaking.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	153	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	// If this is the initial handshake for a connection, then the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155	// "renegotiated_connection" field is of zero length in both
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	156	// the ClientHello and the ServerHello. [RFC 5746]
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	157	byte[] extData = new byte[] { 0x00 };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	158	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	CH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	161	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	162	} else if (chc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	163	// secure renegotiation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	164	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	165	// For ClientHello handshake message in renegotiation, this
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	166	// field contains the "client_verify_data".
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	167	byte[] extData =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	168	new byte[chc.conContext.clientVerifyData.length + 1];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	169	ByteBuffer m = ByteBuffer.wrap(extData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	170	Record.putBytes8(m, chc.conContext.clientVerifyData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	171
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	172	// The conContext.clientVerifyData will be used for further
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	173	// processing, so it does not matter to save whatever in the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	// RenegotiationInfoSpec object.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	175	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	176	CH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	177
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	178	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	179	} else { // not secure renegotiation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	180	if (HandshakeContext.allowUnsafeRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	181	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	SSLLogger.warning("Using insecure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	184
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	185	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	187	// terminate the session.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	188	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	189	"insecure renegotiation is not allowed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	190	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	191	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	192
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	193	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	194	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	195	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	196
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	197	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	198	* Network data producer of a "renegotiation_info" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	199	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	200	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	201	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	202	class CHRenegotiationInfoConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	203	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	204	private CHRenegotiationInfoConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	205	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	206	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	209	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	210	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	211
56704 c3ee22c3a0f6 Minor nits and cleanup across SSLExtension classes jnimeh parents: 56542 diff changeset	212	// The consuming happens in server side only.
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	213	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	214
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	215	// Is it a supported and enabled extension?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	216	if (!shc.sslConfig.isAvailable(CH_RENEGOTIATION_INFO)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	217	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	218	SSLLogger.fine("Ignore unavailable extension: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	219	CH_RENEGOTIATION_INFO.name);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	220	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	221	return; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	222	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	223
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	224	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	225	RenegotiationInfoSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	226	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	227	spec = new RenegotiationInfoSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	228	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	229	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	230	return; // fatal() always throws, make the compiler happy.
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	231	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	232
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	233	if (!shc.conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	234	// initial handshaking.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	235	if (spec.renegotiatedConnection.length != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	236	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	237	"Invalid renegotiation_info extension data: not empty");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	238	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	239	shc.conContext.secureRenegotiation = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	240	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	241	if (!shc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	242	// Unexpected RI extension for insecure renegotiation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	243	// abort the handshake with a fatal handshake_failure alert.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	244	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	245	"The renegotiation_info is present in a insecure " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	246	"renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	247	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	248	// verify the client_verify_data value
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	249	if (!Arrays.equals(shc.conContext.clientVerifyData,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	250	spec.renegotiatedConnection)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	251	shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	252	"Invalid renegotiation_info extension data: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	253	"incorrect verify data in ClientHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	254	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	255	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	256	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	258	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	259	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	260	// The conContext.clientVerifyData will be used for further
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	261	// processing, so it does not matter to save whatever in the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	262	// RenegotiationInfoSpec object.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	263	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	264	CH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	265
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	266	// No impact on session resumption.
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	267	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	268	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	269
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	270	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	271	* The absence processing if a "renegotiation_info" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	272	* not present in the ClientHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	273	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	274	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	275	class CHRenegotiationInfoAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	277	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	281	ClientHelloMessage clientHello = (ClientHelloMessage)message;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	282
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	if (!shc.conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	284	// initial handshaking.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285	for (int id : clientHello.cipherSuiteIds) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	if (id ==
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	287	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.id) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	290	"Safe renegotiation, using the SCSV signgling");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	shc.conContext.secureRenegotiation = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	293	return;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	296
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	if (!HandshakeContext.allowLegacyHelloMessages) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	299	"Failed to negotiate the use of secure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300	} // otherwise, allow legacy hello message
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	301
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	302	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	SSLLogger.warning("Warning: No renegotiation " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	"indication in ClientHello, allow legacy ClientHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	307	shc.conContext.secureRenegotiation = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	308	} else if (shc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	309	// Require secure renegotiation, terminate the connection.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	310	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	311	"Inconsistent secure renegotiation indication");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	312	} else { // renegotiation, not secure
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	if (HandshakeContext.allowUnsafeRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	314	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	315	SSLLogger.warning("Using insecure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	316	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	317	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	318	// Unsafe renegotiation should have been aborted in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	319	// ealier processes.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	320	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	321	SSLLogger.fine("Terminate insecure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	322	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	323	shc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	324	"Unsafe renegotiation is not allowed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	325	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	326	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	327	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	328	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	329
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	330	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	331	* Network data producer of a "renegotiation_info" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	332	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	333	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	334	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	335	class SHRenegotiationInfoProducer implements HandshakeProducer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	336	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	337	private SHRenegotiationInfoProducer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	338	// blank
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	339	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	340
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	341	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	342	public byte[] produce(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	// The producing happens in server side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	345	ServerHandshakeContext shc = (ServerHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	346
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347	// In response to "renegotiation_info" extension request only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	348	RenegotiationInfoSpec requestedSpec = (RenegotiationInfoSpec)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	349	shc.handshakeExtensions.get(CH_RENEGOTIATION_INFO);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	350	if (requestedSpec == null && !shc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	351	// Ignore, no renegotiation_info extension or SCSV signgling
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	352	// requested.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	353	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	354	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	355	"Ignore unavailable renegotiation_info extension");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	356	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	357	return null; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	358	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	359
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	360	if (!shc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	361	// Ignore, no secure renegotiation is negotiated.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	362	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	363	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364	"No secure renegotiation has been negotiated");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	366	return null; // ignore the extension
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	367	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	368
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	369	if (!shc.conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	370	// initial handshaking.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	371	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	372	// If this is the initial handshake for a connection, then the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	373	// "renegotiated_connection" field is of zero length in both
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	374	// the ClientHello and the ServerHello. [RFC 5746]
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	375	byte[] extData = new byte[] { 0x00 };
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	376
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	377	// The conContext.client/serverVerifyData will be used for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	378	// further processing, so it does not matter to save whatever
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	379	// in the RenegotiationInfoSpec object.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	380	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	381	SH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	382
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	383	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	384	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	385	// secure renegotiation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	386	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	387	// For secure renegotiation, the server MUST include a
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	388	// "renegotiation_info" extension containing the saved
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	389	// client_verify_data and server_verify_data in the ServerHello.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	390	int infoLen = shc.conContext.clientVerifyData.length +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	391	shc.conContext.serverVerifyData.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	392	byte[] extData = new byte[infoLen + 1];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	393	ByteBuffer m = ByteBuffer.wrap(extData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	394	Record.putInt8(m, infoLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	395	m.put(shc.conContext.clientVerifyData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	396	m.put(shc.conContext.serverVerifyData);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	397
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	398	// The conContext.client/serverVerifyData will be used for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	399	// further processing, so it does not matter to save whatever
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	400	// in the RenegotiationInfoSpec object.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	401	shc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	402	SH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	403
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	404	return extData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	405	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	406	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	407	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	408
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	409	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	410	* Network data consumer of a "renegotiation_info" extension in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	411	* the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	412	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	413	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	414	class SHRenegotiationInfoConsumer implements ExtensionConsumer {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	415	// Prevent instantiation of this class.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	416	private SHRenegotiationInfoConsumer() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	417	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	418	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	419
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	420	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	421	public void consume(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	422	HandshakeMessage message, ByteBuffer buffer) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	423	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	424	ClientHandshakeContext chc = (ClientHandshakeContext)context;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	425
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	426	// In response to the client renegotiation_info extension request
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	427	// or SCSV signling, which is mandatory for ClientHello message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	428	RenegotiationInfoSpec requestedSpec = (RenegotiationInfoSpec)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	429	chc.handshakeExtensions.get(CH_RENEGOTIATION_INFO);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	430	if (requestedSpec == null &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	431	!chc.activeCipherSuites.contains(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	432	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	433	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	434	"Missing renegotiation_info and SCSV detected in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	435	"ClientHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	436	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	437
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	438	// Parse the extension.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	439	RenegotiationInfoSpec spec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	440	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	441	spec = new RenegotiationInfoSpec(buffer);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	442	} catch (IOException ioe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	443	chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	444	return; // fatal() always throws, make the compiler happy.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	445	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	446
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	447
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	448	if (!chc.conContext.isNegotiated) { // initial handshake
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	449	// If the extension is present, set the secure_renegotiation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	450	// flag to TRUE. The client MUST then verify that the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	451	// length of the "renegotiated_connection" field is zero,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	452	// and if it is not, MUST abort the handshake (by sending
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	453	// a fatal handshake_failure alert). [RFC 5746]
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	454	if (spec.renegotiatedConnection.length != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	455	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	456	"Invalid renegotiation_info in ServerHello: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	457	"not empty renegotiated_connection");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	458	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	459
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	460	chc.conContext.secureRenegotiation = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	461	} else { // renegotiation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	462	// The client MUST then verify that the first half of the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	463	// "renegotiated_connection" field is equal to the saved
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	464	// client_verify_data value, and the second half is equal to the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	465	// saved server_verify_data value. If they are not, the client
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	466	// MUST abort the handshake. [RFC 5746]
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	467	int infoLen = chc.conContext.clientVerifyData.length +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	468	chc.conContext.serverVerifyData.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	469	if (spec.renegotiatedConnection.length != infoLen) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	470	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	471	"Invalid renegotiation_info in ServerHello: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	472	"invalid renegotiated_connection length (" +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	473	spec.renegotiatedConnection.length + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	474	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	475
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	476	byte[] cvd = chc.conContext.clientVerifyData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	477	if (!Arrays.equals(spec.renegotiatedConnection,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	478	0, cvd.length, cvd, 0, cvd.length)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	479	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	480	"Invalid renegotiation_info in ServerHello: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	481	"unmatched client_verify_data value");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	482	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	483	byte[] svd = chc.conContext.serverVerifyData;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	484	if (!Arrays.equals(spec.renegotiatedConnection,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	485	cvd.length, infoLen, svd, 0, svd.length)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	486	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	487	"Invalid renegotiation_info in ServerHello: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	488	"unmatched server_verify_data value");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	489	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	490	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	491
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	492	// Update the context.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	493	chc.handshakeExtensions.put(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	494	SH_RENEGOTIATION_INFO, RenegotiationInfoSpec.NOMINAL);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	495
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	496	// No impact on session resumption.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	497	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	498	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	499
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	500	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	501	* The absence processing if a "renegotiation_info" extension is
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	502	* not present in the ServerHello handshake message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	503	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	504	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	505	class SHRenegotiationInfoAbsence implements HandshakeAbsence {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	506	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	507	public void absent(ConnectionContext context,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	508	HandshakeMessage message) throws IOException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	509	// The producing happens in client side only.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	510	ClientHandshakeContext chc = (ClientHandshakeContext)context;
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	511
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	512	// In response to the client renegotiation_info extension request
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	513	// or SCSV signling, which is mandatory for ClientHello message.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	514	RenegotiationInfoSpec requestedSpec = (RenegotiationInfoSpec)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	515	chc.handshakeExtensions.get(CH_RENEGOTIATION_INFO);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	516	if (requestedSpec == null &&
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	517	!chc.activeCipherSuites.contains(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	518	CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	519	chc.conContext.fatal(Alert.INTERNAL_ERROR,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	520	"Missing renegotiation_info and SCSV detected in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	521	"ClientHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	522	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	523
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	524	if (!chc.conContext.isNegotiated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	525	// initial handshaking.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	526	if (!HandshakeContext.allowLegacyHelloMessages) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	527	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	528	"Failed to negotiate the use of secure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	529	} // otherwise, allow legacy hello message
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	530
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	531	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	532	SSLLogger.warning("Warning: No renegotiation " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	533	"indication in ServerHello, allow legacy ServerHello");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	534	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	535
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	536	chc.conContext.secureRenegotiation = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	537	} else if (chc.conContext.secureRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	538	// Require secure renegotiation, terminate the connection.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	539	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	540	"Inconsistent secure renegotiation indication");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	541	} else { // renegotiation, not secure
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	542	if (HandshakeContext.allowUnsafeRenegotiation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	543	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	544	SSLLogger.warning("Using insecure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	545	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	546	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	547	// Unsafe renegotiation should have been aborted in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	548	// ealier processes.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	549	if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	550	SSLLogger.fine("Terminate insecure renegotiation");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	551	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	552	chc.conContext.fatal(Alert.HANDSHAKE_FAILURE,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	553	"Unsafe renegotiation is not allowed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	554	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	555	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	556	}
14330 e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	557	}
e4cb78065603 8000970: break out auxiliary classes that will prevent multi-core compilation of the JDK ohrstrom parents: diff changeset	558	}

author	xuelei
	Fri, 08 Jun 2018 11:59:34 -0700
branch	JDK-8145252-TLS13-branch
changeset 56708	25178bb3e8f5
parent 56704	c3ee22c3a0f6
permissions	-rw-r--r--