author | ascarpino |
Wed, 08 Feb 2017 12:08:28 -0800 | |
changeset 43701 | fe8c324ba97c |
parent 34687 | d302ed125dc9 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
30904 | 2 |
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package sun.security.ssl; |
|
27 |
||
28 |
import java.io.*; |
|
29 |
import java.nio.*; |
|
30904 | 30 |
|
31 |
import javax.crypto.BadPaddingException; |
|
32 |
||
2 | 33 |
import javax.net.ssl.*; |
30904 | 34 |
|
34687
d302ed125dc9
8144995: Move sun.misc.HexDumpEncoder to sun.security.util
chegar
parents:
33295
diff
changeset
|
35 |
import sun.security.util.HexDumpEncoder; |
2 | 36 |
|
37 |
||
38 |
/** |
|
30904 | 39 |
* {@code InputRecord} implementation for {@code SSLEngine}. |
2 | 40 |
*/ |
30904 | 41 |
final class SSLEngineInputRecord extends InputRecord implements SSLRecord { |
42 |
// used by handshake hash computation for handshake fragment |
|
43 |
private byte prevType = -1; |
|
44 |
private int hsMsgOff = 0; |
|
45 |
private int hsMsgLen = 0; |
|
2 | 46 |
|
30904 | 47 |
private boolean formatVerified = false; // SSLv2 ruled out? |
2 | 48 |
|
30904 | 49 |
SSLEngineInputRecord() { |
50 |
this.readAuthenticator = MAC.TLS_NULL; |
|
2 | 51 |
} |
52 |
||
14664
e71aa0962e70
8003950: Adds missing Override annotations and removes unnecessary imports in sun.security.ssl
xuelei
parents:
5506
diff
changeset
|
53 |
@Override |
30904 | 54 |
int estimateFragmentSize(int packetSize) { |
55 |
int macLen = 0; |
|
56 |
if (readAuthenticator instanceof MAC) { |
|
57 |
macLen = ((MAC)readAuthenticator).MAClen(); |
|
58 |
} |
|
59 |
||
60 |
if (packetSize > 0) { |
|
61 |
return readCipher.estimateFragmentSize( |
|
62 |
packetSize, macLen, headerSize); |
|
2 | 63 |
} else { |
30904 | 64 |
return Record.maxDataSize; |
2 | 65 |
} |
66 |
} |
|
67 |
||
30904 | 68 |
@Override |
69 |
int bytesInCompletePacket(ByteBuffer packet) throws SSLException { |
|
2 | 70 |
/* |
71 |
* SSLv2 length field is in bytes 0/1 |
|
72 |
* SSLv3/TLS length field is in bytes 3/4 |
|
73 |
*/ |
|
30904 | 74 |
if (packet.remaining() < 5) { |
2 | 75 |
return -1; |
76 |
} |
|
77 |
||
30904 | 78 |
int pos = packet.position(); |
79 |
byte byteZero = packet.get(pos); |
|
2 | 80 |
|
81 |
int len = 0; |
|
82 |
||
83 |
/* |
|
84 |
* If we have already verified previous packets, we can |
|
85 |
* ignore the verifications steps, and jump right to the |
|
86 |
* determination. Otherwise, try one last hueristic to |
|
87 |
* see if it's SSL/TLS. |
|
88 |
*/ |
|
89 |
if (formatVerified || |
|
30904 | 90 |
(byteZero == ct_handshake) || (byteZero == ct_alert)) { |
2 | 91 |
/* |
92 |
* Last sanity check that it's not a wild record |
|
93 |
*/ |
|
30904 | 94 |
ProtocolVersion recordVersion = ProtocolVersion.valueOf( |
95 |
packet.get(pos + 1), packet.get(pos + 2)); |
|
2 | 96 |
|
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
16913
diff
changeset
|
97 |
// check the record version |
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
16913
diff
changeset
|
98 |
checkRecordVersion(recordVersion, false); |
2 | 99 |
|
100 |
/* |
|
101 |
* Reasonably sure this is a V3, disable further checks. |
|
102 |
* We can't do the same in the v2 check below, because |
|
103 |
* read still needs to parse/handle the v2 clientHello. |
|
104 |
*/ |
|
105 |
formatVerified = true; |
|
106 |
||
107 |
/* |
|
108 |
* One of the SSLv3/TLS message types. |
|
109 |
*/ |
|
30904 | 110 |
len = ((packet.get(pos + 3) & 0xFF) << 8) + |
111 |
(packet.get(pos + 4) & 0xFF) + headerSize; |
|
2 | 112 |
|
113 |
} else { |
|
114 |
/* |
|
115 |
* Must be SSLv2 or something unknown. |
|
116 |
* Check if it's short (2 bytes) or |
|
117 |
* long (3) header. |
|
118 |
* |
|
119 |
* Internals can warn about unsupported SSLv2 |
|
120 |
*/ |
|
121 |
boolean isShort = ((byteZero & 0x80) != 0); |
|
122 |
||
123 |
if (isShort && |
|
30904 | 124 |
((packet.get(pos + 2) == 1) || packet.get(pos + 2) == 4)) { |
2 | 125 |
|
30904 | 126 |
ProtocolVersion recordVersion = ProtocolVersion.valueOf( |
127 |
packet.get(pos + 3), packet.get(pos + 4)); |
|
2 | 128 |
|
24263
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
16913
diff
changeset
|
129 |
// check the record version |
f95477ce56e4
8042449: Issue for negative byte major record version
xuelei
parents:
16913
diff
changeset
|
130 |
checkRecordVersion(recordVersion, true); |
2 | 131 |
|
132 |
/* |
|
133 |
* Client or Server Hello |
|
134 |
*/ |
|
30904 | 135 |
int mask = (isShort ? 0x7F : 0x3F); |
136 |
len = ((byteZero & mask) << 8) + |
|
137 |
(packet.get(pos + 1) & 0xFF) + (isShort ? 2 : 3); |
|
2 | 138 |
|
139 |
} else { |
|
140 |
// Gobblygook! |
|
141 |
throw new SSLException( |
|
30904 | 142 |
"Unrecognized SSL message, plaintext connection?"); |
2 | 143 |
} |
144 |
} |
|
145 |
||
146 |
return len; |
|
147 |
} |
|
148 |
||
30904 | 149 |
@Override |
150 |
void checkRecordVersion(ProtocolVersion recordVersion, |
|
151 |
boolean allowSSL20Hello) throws SSLException { |
|
2 | 152 |
|
30904 | 153 |
if (recordVersion.maybeDTLSProtocol()) { |
154 |
throw new SSLException( |
|
155 |
"Unrecognized record version " + recordVersion + |
|
156 |
" , DTLS packet?"); |
|
2 | 157 |
} |
158 |
||
30904 | 159 |
// Check if the record version is too old. |
160 |
if ((recordVersion.v < ProtocolVersion.MIN.v)) { |
|
161 |
// if it's not SSLv2, we're out of here. |
|
162 |
if (!allowSSL20Hello || |
|
163 |
(recordVersion.v != ProtocolVersion.SSL20Hello.v)) { |
|
164 |
throw new SSLException( |
|
165 |
"Unsupported record version " + recordVersion); |
|
166 |
} |
|
167 |
} |
|
168 |
} |
|
16113 | 169 |
|
30904 | 170 |
@Override |
171 |
Plaintext decode(ByteBuffer packet) |
|
172 |
throws IOException, BadPaddingException { |
|
173 |
||
174 |
if (isClosed) { |
|
175 |
return null; |
|
176 |
} |
|
16113 | 177 |
|
30904 | 178 |
if (debug != null && Debug.isOn("packet")) { |
179 |
Debug.printHex( |
|
180 |
"[Raw read]: length = " + packet.remaining(), packet); |
|
181 |
} |
|
182 |
||
183 |
// The caller should have validated the record. |
|
184 |
if (!formatVerified) { |
|
185 |
formatVerified = true; |
|
16913 | 186 |
|
30904 | 187 |
/* |
188 |
* The first record must either be a handshake record or an |
|
189 |
* alert message. If it's not, it is either invalid or an |
|
190 |
* SSLv2 message. |
|
191 |
*/ |
|
192 |
int pos = packet.position(); |
|
193 |
byte byteZero = packet.get(pos); |
|
194 |
if (byteZero != ct_handshake && byteZero != ct_alert) { |
|
195 |
return handleUnknownRecord(packet); |
|
16113 | 196 |
} |
197 |
} |
|
198 |
||
30904 | 199 |
return decodeInputRecord(packet); |
200 |
} |
|
201 |
||
202 |
private Plaintext decodeInputRecord(ByteBuffer packet) |
|
203 |
throws IOException, BadPaddingException { |
|
204 |
||
205 |
// |
|
206 |
// The packet should be a complete record, or more. |
|
207 |
// |
|
208 |
||
209 |
int srcPos = packet.position(); |
|
210 |
int srcLim = packet.limit(); |
|
211 |
||
212 |
byte contentType = packet.get(); // pos: 0 |
|
213 |
byte majorVersion = packet.get(); // pos: 1 |
|
214 |
byte minorVersion = packet.get(); // pos: 2 |
|
215 |
int contentLen = ((packet.get() & 0xFF) << 8) + |
|
216 |
(packet.get() & 0xFF); // pos: 3, 4 |
|
217 |
||
218 |
if (debug != null && Debug.isOn("record")) { |
|
219 |
System.out.println(Thread.currentThread().getName() + |
|
220 |
", READ: " + |
|
221 |
ProtocolVersion.valueOf(majorVersion, minorVersion) + |
|
222 |
" " + Record.contentName(contentType) + ", length = " + |
|
223 |
contentLen); |
|
224 |
} |
|
225 |
||
226 |
// |
|
227 |
// Check for upper bound. |
|
228 |
// |
|
229 |
// Note: May check packetSize limit in the future. |
|
230 |
if (contentLen < 0 || contentLen > maxLargeRecordSize - headerSize) { |
|
231 |
throw new SSLProtocolException( |
|
232 |
"Bad input record size, TLSCiphertext.length = " + contentLen); |
|
233 |
} |
|
234 |
||
235 |
// |
|
236 |
// check for handshake fragment |
|
237 |
// |
|
238 |
if ((contentType != ct_handshake) && (hsMsgOff != hsMsgLen)) { |
|
239 |
throw new SSLProtocolException( |
|
240 |
"Expected to get a handshake fragment"); |
|
241 |
} |
|
16113 | 242 |
|
30904 | 243 |
// |
244 |
// Decrypt the fragment |
|
245 |
// |
|
246 |
int recLim = srcPos + SSLRecord.headerSize + contentLen; |
|
247 |
packet.limit(recLim); |
|
248 |
packet.position(srcPos + SSLRecord.headerSize); |
|
249 |
||
250 |
ByteBuffer plaintext; |
|
251 |
try { |
|
252 |
plaintext = |
|
253 |
decrypt(readAuthenticator, readCipher, contentType, packet); |
|
254 |
} finally { |
|
255 |
// comsume a complete record |
|
256 |
packet.limit(srcLim); |
|
257 |
packet.position(recLim); |
|
258 |
} |
|
259 |
||
260 |
// |
|
261 |
// handshake hashing |
|
262 |
// |
|
263 |
if (contentType == ct_handshake) { |
|
264 |
int pltPos = plaintext.position(); |
|
265 |
int pltLim = plaintext.limit(); |
|
266 |
int frgPos = pltPos; |
|
267 |
for (int remains = plaintext.remaining(); remains > 0;) { |
|
268 |
int howmuch; |
|
269 |
byte handshakeType; |
|
270 |
if (hsMsgOff < hsMsgLen) { |
|
271 |
// a fragment of the handshake message |
|
272 |
howmuch = Math.min((hsMsgLen - hsMsgOff), remains); |
|
273 |
handshakeType = prevType; |
|
274 |
||
275 |
hsMsgOff += howmuch; |
|
276 |
if (hsMsgOff == hsMsgLen) { |
|
277 |
// Now is a complete handshake message. |
|
278 |
hsMsgOff = 0; |
|
279 |
hsMsgLen = 0; |
|
280 |
} |
|
281 |
} else { // hsMsgOff == hsMsgLen, a new handshake message |
|
282 |
handshakeType = plaintext.get(); |
|
283 |
int handshakeLen = ((plaintext.get() & 0xFF) << 16) | |
|
284 |
((plaintext.get() & 0xFF) << 8) | |
|
285 |
(plaintext.get() & 0xFF); |
|
286 |
plaintext.position(frgPos); |
|
33295 | 287 |
if (remains < (handshakeLen + 4)) { // 4: handshake header |
30904 | 288 |
// This handshake message is fragmented. |
289 |
prevType = handshakeType; |
|
290 |
hsMsgOff = remains - 4; // 4: handshake header |
|
291 |
hsMsgLen = handshakeLen; |
|
292 |
} |
|
293 |
||
294 |
howmuch = Math.min(handshakeLen + 4, remains); |
|
16113 | 295 |
} |
296 |
||
30904 | 297 |
plaintext.limit(frgPos + howmuch); |
298 |
||
299 |
if (handshakeType == HandshakeMessage.ht_hello_request) { |
|
300 |
// omitted from handshake hash computation |
|
301 |
} else if ((handshakeType != HandshakeMessage.ht_finished) && |
|
302 |
(handshakeType != HandshakeMessage.ht_certificate_verify)) { |
|
16113 | 303 |
|
30904 | 304 |
if (handshakeHash == null) { |
305 |
// used for cache only |
|
306 |
handshakeHash = new HandshakeHash(false); |
|
307 |
} |
|
308 |
handshakeHash.update(plaintext); |
|
309 |
} else { |
|
310 |
// Reserve until this handshake message has been processed. |
|
311 |
if (handshakeHash == null) { |
|
312 |
// used for cache only |
|
313 |
handshakeHash = new HandshakeHash(false); |
|
314 |
} |
|
315 |
handshakeHash.reserve(plaintext); |
|
16113 | 316 |
} |
30904 | 317 |
|
318 |
plaintext.position(frgPos + howmuch); |
|
319 |
plaintext.limit(pltLim); |
|
320 |
||
321 |
frgPos += howmuch; |
|
322 |
remains -= howmuch; |
|
16113 | 323 |
} |
324 |
||
30904 | 325 |
plaintext.position(pltPos); |
16113 | 326 |
} |
327 |
||
30904 | 328 |
return new Plaintext(contentType, |
329 |
majorVersion, minorVersion, -1, -1L, plaintext); |
|
330 |
// recordEpoch, recordSeq, plaintext); |
|
2 | 331 |
} |
332 |
||
30904 | 333 |
private Plaintext handleUnknownRecord(ByteBuffer packet) |
334 |
throws IOException, BadPaddingException { |
|
335 |
||
336 |
// |
|
337 |
// The packet should be a complete record. |
|
338 |
// |
|
339 |
int srcPos = packet.position(); |
|
340 |
int srcLim = packet.limit(); |
|
341 |
||
342 |
byte firstByte = packet.get(srcPos); |
|
343 |
byte thirdByte = packet.get(srcPos + 2); |
|
16113 | 344 |
|
30904 | 345 |
// Does it look like a Version 2 client hello (V2ClientHello)? |
346 |
if (((firstByte & 0x80) != 0) && (thirdByte == 1)) { |
|
347 |
/* |
|
348 |
* If SSLv2Hello is not enabled, throw an exception. |
|
349 |
*/ |
|
350 |
if (helloVersion != ProtocolVersion.SSL20Hello) { |
|
351 |
throw new SSLHandshakeException("SSLv2Hello is not enabled"); |
|
352 |
} |
|
353 |
||
354 |
byte majorVersion = packet.get(srcPos + 3); |
|
355 |
byte minorVersion = packet.get(srcPos + 4); |
|
356 |
||
357 |
if ((majorVersion == ProtocolVersion.SSL20Hello.major) && |
|
358 |
(minorVersion == ProtocolVersion.SSL20Hello.minor)) { |
|
16113 | 359 |
|
30904 | 360 |
/* |
361 |
* Looks like a V2 client hello, but not one saying |
|
362 |
* "let's talk SSLv3". So we need to send an SSLv2 |
|
363 |
* error message, one that's treated as fatal by |
|
364 |
* clients (Otherwise we'll hang.) |
|
365 |
*/ |
|
366 |
if (debug != null && Debug.isOn("record")) { |
|
367 |
System.out.println(Thread.currentThread().getName() + |
|
368 |
"Requested to negotiate unsupported SSLv2!"); |
|
369 |
} |
|
370 |
||
371 |
// hack code, the exception is caught in SSLEngineImpl |
|
372 |
// so that SSLv2 error message can be delivered properly. |
|
373 |
throw new UnsupportedOperationException( // SSLv2Hello |
|
374 |
"Unsupported SSL v2.0 ClientHello"); |
|
375 |
} |
|
16113 | 376 |
|
30904 | 377 |
/* |
378 |
* If we can map this into a V3 ClientHello, read and |
|
379 |
* hash the rest of the V2 handshake, turn it into a |
|
380 |
* V3 ClientHello message, and pass it up. |
|
381 |
*/ |
|
382 |
packet.position(srcPos + 2); // exclude the header |
|
383 |
||
384 |
if (handshakeHash == null) { |
|
385 |
// used for cache only |
|
386 |
handshakeHash = new HandshakeHash(false); |
|
387 |
} |
|
388 |
handshakeHash.update(packet); |
|
389 |
packet.position(srcPos); |
|
390 |
||
391 |
ByteBuffer converted = convertToClientHello(packet); |
|
392 |
||
393 |
if (debug != null && Debug.isOn("packet")) { |
|
394 |
Debug.printHex( |
|
395 |
"[Converted] ClientHello", converted); |
|
396 |
} |
|
397 |
||
398 |
return new Plaintext(ct_handshake, |
|
399 |
majorVersion, minorVersion, -1, -1L, converted); |
|
400 |
} else { |
|
401 |
if (((firstByte & 0x80) != 0) && (thirdByte == 4)) { |
|
402 |
throw new SSLException("SSL V2.0 servers are not supported."); |
|
403 |
} |
|
404 |
||
405 |
throw new SSLException("Unsupported or unrecognized SSL message"); |
|
16113 | 406 |
} |
407 |
} |
|
408 |
||
2 | 409 |
} |