jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package sun.security.ssl;
-import java.io.*;
+import java.io.IOException;
-import java.nio.*;
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
 import javax.crypto.BadPaddingException;
+import javax.net.ssl.SSLException;
-import javax.net.ssl.*;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLProtocolException;
-import sun.security.util.HexDumpEncoder;
+import sun.security.ssl.SSLCipher.SSLReadCipher;
+import sun.security.ssl.KeyUpdate.KeyUpdateMessage;
+import sun.security.ssl.KeyUpdate.KeyUpdateRequest;
 /**
 * {@code InputRecord} implementation for {@code SSLEngine}.
 */
 final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
-// used by handshake hash computation for handshake fragment
-private byte prevType = -1;
-private int hsMsgOff = 0;
-private int hsMsgLen = 0;
 private boolean formatVerified = false;     // SSLv2 ruled out?
-SSLEngineInputRecord() {
+// Cache for incomplete handshake messages.
-this.readAuthenticator = MAC.TLS_NULL;
+private ByteBuffer handshakeBuffer = null;
+SSLEngineInputRecord(HandshakeHash handshakeHash) {
+super(handshakeHash, SSLReadCipher.nullTlsReadCipher());
 }
 @Override
 int estimateFragmentSize(int packetSize) {
-int macLen = 0;
-if (readAuthenticator instanceof MAC) {
-macLen = ((MAC)readAuthenticator).MAClen();
-}
 if (packetSize > 0) {
-return readCipher.estimateFragmentSize(
+return readCipher.estimateFragmentSize(packetSize, headerSize);
-packetSize, macLen, headerSize);
 } else {
 return Record.maxDataSize;
 }
 }
 @Override
-int bytesInCompletePacket(ByteBuffer packet) throws SSLException {
+int bytesInCompletePacket(
+ByteBuffer[] srcs, int srcsOffset, int srcsLength) throws IOException {
+return bytesInCompletePacket(srcs[srcsOffset]);
+}
+private int bytesInCompletePacket(ByteBuffer packet) throws SSLException {
 /*
 * SSLv2 length field is in bytes 0/1
 * SSLv3/TLS length field is in bytes 3/4
 */
 if (packet.remaining() < 5) {
 int len = 0;
 /*
 * If we have already verified previous packets, we can
 * ignore the verifications steps, and jump right to the
-* determination.  Otherwise, try one last hueristic to
+* determination.  Otherwise, try one last heuristic to
 * see if it's SSL/TLS.
 */
 if (formatVerified ||
-(byteZero == ct_handshake) || (byteZero == ct_alert)) {
+(byteZero == ContentType.HANDSHAKE.id) ||
+(byteZero == ContentType.ALERT.id)) {
 /*
 * Last sanity check that it's not a wild record
 */
-ProtocolVersion recordVersion = ProtocolVersion.valueOf(
+byte majorVersion = packet.get(pos + 1);
-packet.get(pos + 1), packet.get(pos + 2));
+byte minorVersion = packet.get(pos + 2);
+if (!ProtocolVersion.isNegotiable(
-// check the record version
+majorVersion, minorVersion, false, false)) {
-checkRecordVersion(recordVersion, false);
+throw new SSLException("Unrecognized record version " +
+ProtocolVersion.nameOf(majorVersion, minorVersion) +
+" , plaintext connection?");
+}
 /*
 * Reasonably sure this is a V3, disable further checks.
 * We can't do the same in the v2 check below, because
 * read still needs to parse/handle the v2 clientHello.
 boolean isShort = ((byteZero & 0x80) != 0);
 if (isShort &&
 ((packet.get(pos + 2) == 1) || packet.get(pos + 2) == 4)) {
-ProtocolVersion recordVersion = ProtocolVersion.valueOf(
+byte majorVersion = packet.get(pos + 3);
-packet.get(pos + 3), packet.get(pos + 4));
+byte minorVersion = packet.get(pos + 4);
+if (!ProtocolVersion.isNegotiable(
-// check the record version
+majorVersion, minorVersion, false, false)) {
-checkRecordVersion(recordVersion, true);
+throw new SSLException("Unrecognized record version " +
+ProtocolVersion.nameOf(majorVersion, minorVersion) +
+" , plaintext connection?");
+}
 /*
 * Client or Server Hello
 */
 int mask = (isShort ? 0x7F : 0x3F);
 return len;
 }
 @Override
-void checkRecordVersion(ProtocolVersion recordVersion,
+Plaintext[] decode(ByteBuffer[] srcs, int srcsOffset,
-boolean allowSSL20Hello) throws SSLException {
+int srcsLength) throws IOException, BadPaddingException {
+if (srcs == null || srcs.length == 0 || srcsLength == 0) {
-if (recordVersion.maybeDTLSProtocol()) {
+return new Plaintext[0];
-throw new SSLException(
+} else if (srcsLength == 1) {
-"Unrecognized record version " + recordVersion +
+return decode(srcs[srcsOffset]);
-" , DTLS packet?");
+} else {
-}
+ByteBuffer packet = extract(srcs,
+srcsOffset, srcsLength, SSLRecord.headerSize);
-// Check if the record version is too old.
-if ((recordVersion.v < ProtocolVersion.MIN.v)) {
+return decode(packet);
-// if it's not SSLv2, we're out of here.
+}
-if (!allowSSL20Hello ||
+}
-(recordVersion.v != ProtocolVersion.SSL20Hello.v)) {
-throw new SSLException(
+private Plaintext[] decode(ByteBuffer packet)
-"Unsupported record version " + recordVersion);
-}
-}
-}
-@Override
-Plaintext decode(ByteBuffer packet)
 throws IOException, BadPaddingException {
 if (isClosed) {
 return null;
 }
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw read", packet);
-"[Raw read]: length = " + packet.remaining(), packet);
 }
 // The caller should have validated the record.
 if (!formatVerified) {
 formatVerified = true;
 * alert message. If it's not, it is either invalid or an
 * SSLv2 message.
 */
 int pos = packet.position();
 byte byteZero = packet.get(pos);
-if (byteZero != ct_handshake && byteZero != ct_alert) {
+if (byteZero != ContentType.HANDSHAKE.id &&
+byteZero != ContentType.ALERT.id) {
 return handleUnknownRecord(packet);
 }
 }
 return decodeInputRecord(packet);
 }
-private Plaintext decodeInputRecord(ByteBuffer packet)
+private Plaintext[] decodeInputRecord(ByteBuffer packet)
 throws IOException, BadPaddingException {
 //
 // The packet should be a complete record, or more.
 //
 int srcPos = packet.position();
 int srcLim = packet.limit();
 byte contentType = packet.get();                   // pos: 0
 byte majorVersion = packet.get();                  // pos: 1
 byte minorVersion = packet.get();                  // pos: 2
-int contentLen = ((packet.get() & 0xFF) << 8) +
+int contentLen = Record.getInt16(packet);          // pos: 3, 4
-(packet.get() & 0xFF);           // pos: 3, 4
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-if (debug != null && Debug.isOn("record")) {
+SSLLogger.fine(
-System.out.println(Thread.currentThread().getName() +
+"READ: " +
-", READ: " +
+ProtocolVersion.nameOf(majorVersion, minorVersion) +
-ProtocolVersion.valueOf(majorVersion, minorVersion) +
+" " + ContentType.nameOf(contentType) + ", length = " +
-" " + Record.contentName(contentType) + ", length = " +
 contentLen);
 }
 //
 // Check for upper bound.
 throw new SSLProtocolException(
 "Bad input record size, TLSCiphertext.length = " + contentLen);
 }
 //
-// check for handshake fragment
-//
-if ((contentType != ct_handshake) && (hsMsgOff != hsMsgLen)) {
-throw new SSLProtocolException(
-"Expected to get a handshake fragment");
-}
-//
 // Decrypt the fragment
 //
 int recLim = srcPos + SSLRecord.headerSize + contentLen;
 packet.limit(recLim);
 packet.position(srcPos + SSLRecord.headerSize);
-ByteBuffer plaintext;
+ByteBuffer fragment;
 try {
-plaintext =
+Plaintext plaintext =
-decrypt(readAuthenticator, readCipher, contentType, packet);
+readCipher.decrypt(contentType, packet, null);
+fragment = plaintext.fragment;
+contentType = plaintext.contentType;
+} catch (BadPaddingException bpe) {
+throw bpe;
+} catch (GeneralSecurityException gse) {
+throw (SSLProtocolException)(new SSLProtocolException(
+"Unexpected exception")).initCause(gse);
 } finally {
-// comsume a complete record
+// consume a complete record
 packet.limit(srcLim);
 packet.position(recLim);
 }
 //
-// handshake hashing
+// check for handshake fragment
 //
-if (contentType == ct_handshake) {
+if (contentType != ContentType.HANDSHAKE.id &&
-int pltPos = plaintext.position();
+handshakeBuffer != null && handshakeBuffer.hasRemaining()) {
-int pltLim = plaintext.limit();
+throw new SSLProtocolException(
-int frgPos = pltPos;
+"Expecting a handshake fragment, but received " +
-for (int remains = plaintext.remaining(); remains > 0;) {
+ContentType.nameOf(contentType));
-int howmuch;
+}
-byte handshakeType;
-if (hsMsgOff < hsMsgLen) {
+//
-// a fragment of the handshake message
+// parse handshake messages
-howmuch = Math.min((hsMsgLen - hsMsgOff), remains);
+//
-handshakeType = prevType;
+if (contentType == ContentType.HANDSHAKE.id) {
+ByteBuffer handshakeFrag = fragment;
-hsMsgOff += howmuch;
+if ((handshakeBuffer != null) &&
-if (hsMsgOff == hsMsgLen) {
+(handshakeBuffer.remaining() != 0)) {
-// Now is a complete handshake message.
+ByteBuffer bb = ByteBuffer.wrap(new byte[
-hsMsgOff = 0;
+handshakeBuffer.remaining() + fragment.remaining()]);
-hsMsgLen = 0;
+bb.put(handshakeBuffer);
+bb.put(fragment);
+handshakeFrag = bb.rewind();
+handshakeBuffer = null;
+}
+ArrayList<Plaintext> plaintexts = new ArrayList<>(5);
+while (handshakeFrag.hasRemaining()) {
+int remaining = handshakeFrag.remaining();
+if (remaining < handshakeHeaderSize) {
+handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
+handshakeBuffer.put(handshakeFrag);
+handshakeBuffer.rewind();
+break;
+}
+handshakeFrag.mark();
+// skip the first byte: handshake type
+byte handshakeType = handshakeFrag.get();
+int handshakeBodyLen = Record.getInt24(handshakeFrag);
+handshakeFrag.reset();
+int handshakeMessageLen =
+handshakeHeaderSize + handshakeBodyLen;
+if (remaining < handshakeMessageLen) {
+handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
+handshakeBuffer.put(handshakeFrag);
+handshakeBuffer.rewind();
+break;
+} if (remaining == handshakeMessageLen) {
+if (handshakeHash.isHashable(handshakeType)) {
+handshakeHash.receive(handshakeFrag);
 }
-} else {    // hsMsgOff == hsMsgLen, a new handshake message
-handshakeType = plaintext.get();
+plaintexts.add(
-int handshakeLen = ((plaintext.get() & 0xFF) << 16) |
+new Plaintext(contentType,
-((plaintext.get() & 0xFF) << 8) |
+majorVersion, minorVersion, -1, -1L, handshakeFrag)
-(plaintext.get() & 0xFF);
+);
-plaintext.position(frgPos);
+break;
-if (remains < (handshakeLen + 4)) { // 4: handshake header
+} else {
-// This handshake message is fragmented.
+int fragPos = handshakeFrag.position();
-prevType = handshakeType;
+int fragLim = handshakeFrag.limit();
-hsMsgOff = remains - 4;         // 4: handshake header
+int nextPos = fragPos + handshakeMessageLen;
-hsMsgLen = handshakeLen;
+handshakeFrag.limit(nextPos);
+if (handshakeHash.isHashable(handshakeType)) {
+handshakeHash.receive(handshakeFrag);
 }
-howmuch = Math.min(handshakeLen + 4, remains);
+plaintexts.add(
+new Plaintext(contentType, majorVersion, minorVersion,
+-1, -1L, handshakeFrag.slice())
+);
+handshakeFrag.position(nextPos);
+handshakeFrag.limit(fragLim);
 }
+}
-plaintext.limit(frgPos + howmuch);
+return plaintexts.toArray(new Plaintext[0]);
-if (handshakeType == HandshakeMessage.ht_hello_request) {
+}
-// omitted from handshake hash computation
-} else if ((handshakeType != HandshakeMessage.ht_finished) &&
+// KeyLimit check during application data.
-(handshakeType != HandshakeMessage.ht_certificate_verify)) {
+// atKeyLimit() inactive when limits not checked, tc set when limits
+// are active.
-if (handshakeHash == null) {
-// used for cache only
+if (readCipher.atKeyLimit()) {
-handshakeHash = new HandshakeHash(false);
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-}
+SSLLogger.fine("KeyUpdate: triggered, read side.");
-handshakeHash.update(plaintext);
+}
-} else {
-// Reserve until this handshake message has been processed.
+PostHandshakeContext p = new PostHandshakeContext(tc);
-if (handshakeHash == null) {
+KeyUpdate.handshakeProducer.produce(p,
-// used for cache only
+new KeyUpdateMessage(p, KeyUpdateRequest.REQUESTED));
-handshakeHash = new HandshakeHash(false);
+}
-}
-handshakeHash.reserve(plaintext);
+return new Plaintext[] {
-}
+new Plaintext(contentType,
+majorVersion, minorVersion, -1, -1L, fragment)
-plaintext.position(frgPos + howmuch);
+};
-plaintext.limit(pltLim);
+}
-frgPos += howmuch;
+private Plaintext[] handleUnknownRecord(ByteBuffer packet)
-remains -= howmuch;
-}
-plaintext.position(pltPos);
-}
-return new Plaintext(contentType,
-majorVersion, minorVersion, -1, -1L, plaintext);
-// recordEpoch, recordSeq, plaintext);
-}
-private Plaintext handleUnknownRecord(ByteBuffer packet)
 throws IOException, BadPaddingException {
 //
 // The packet should be a complete record.
 //
 int srcPos = packet.position();
 int srcLim = packet.limit();
 * Looks like a V2 client hello, but not one saying
 * "let's talk SSLv3".  So we need to send an SSLv2
 * error message, one that's treated as fatal by
 * clients (Otherwise we'll hang.)
 */
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
 "Requested to negotiate unsupported SSLv2!");
 }
 // hack code, the exception is caught in SSLEngineImpl
 // so that SSLv2 error message can be delivered properly.
 * If we can map this into a V3 ClientHello, read and
 * hash the rest of the V2 handshake, turn it into a
 * V3 ClientHello message, and pass it up.
 */
 packet.position(srcPos + 2);        // exclude the header
+handshakeHash.receive(packet);
-if (handshakeHash == null) {
-// used for cache only
-handshakeHash = new HandshakeHash(false);
-}
-handshakeHash.update(packet);
 packet.position(srcPos);
 ByteBuffer converted = convertToClientHello(packet);
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine(
 "[Converted] ClientHello", converted);
 }
-return new Plaintext(ct_handshake,
+return new Plaintext[] {
-majorVersion, minorVersion, -1, -1L, converted);
+new Plaintext(ContentType.HANDSHAKE.id,
+majorVersion, minorVersion, -1, -1L, converted)
+};
 } else {
 if (((firstByte & 0x80) != 0) && (thirdByte == 4)) {
 throw new SSLException("SSL V2.0 servers are not supported.");
 }
 throw new SSLException("Unsupported or unrecognized SSL message");
 }
 }
 }

changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 51407	910f7b56592f