jdk-sandbox: comparison src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java

equal deleted inserted replaced

-:356eaea05bf0
+:68fa3d4026ea
 /*
-* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * questions.
 */
 package sun.security.ssl;
-import java.io.*;
+import java.io.EOFException;
-import java.nio.*;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
 import javax.crypto.BadPaddingException;
+import javax.net.ssl.SSLException;
-import javax.net.ssl.*;
+import javax.net.ssl.SSLHandshakeException;
+import javax.net.ssl.SSLProtocolException;
-import sun.security.util.HexDumpEncoder;
+import sun.security.ssl.SSLCipher.SSLReadCipher;
+import sun.security.ssl.KeyUpdate.KeyUpdateMessage;
+import sun.security.ssl.KeyUpdate.KeyUpdateRequest;
 /**
 * {@code InputRecord} implementation for {@code SSLSocket}.
 *
 * @author David Brownell
 */
 final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
-private OutputStream deliverStream = null;
+private InputStream is = null;
-private byte[] temporary = new byte[1024];
+private OutputStream os = null;
+private final byte[] temporary = new byte[1024];
-// used by handshake hash computation for handshake fragment
-private byte prevType = -1;
-private int hsMsgOff = 0;
-private int hsMsgLen = 0;
 private boolean formatVerified = false;     // SSLv2 ruled out?
+// Cache for incomplete handshake messages.
+private ByteBuffer handshakeBuffer = null;
 private boolean hasHeader = false;          // Had read the record header
-SSLSocketInputRecord() {
+SSLSocketInputRecord(HandshakeHash handshakeHash) {
-this.readAuthenticator = MAC.TLS_NULL;
+super(handshakeHash, SSLReadCipher.nullTlsReadCipher());
 }
 @Override
-int bytesInCompletePacket(InputStream is) throws IOException {
+int bytesInCompletePacket() throws IOException {
 if (!hasHeader) {
 // read exactly one record
-int really = read(is, temporary, 0, headerSize);
+try {
-if (really < 0) {
+int really = read(is, temporary, 0, headerSize);
-throw new EOFException("SSL peer shut down incorrectly");
+if (really < 0) {
+// EOF: peer shut down incorrectly
+return -1;
+}
+} catch (EOFException eofe) {
+// The caller will handle EOF.
+return -1;
 }
 hasHeader = true;
 }
 byte byteZero = temporary[0];
 int len = 0;
 /*
 * If we have already verified previous packets, we can
 * ignore the verifications steps, and jump right to the
-* determination.  Otherwise, try one last hueristic to
+* determination.  Otherwise, try one last heuristic to
 * see if it's SSL/TLS.
 */
 if (formatVerified ||
-(byteZero == ct_handshake) || (byteZero == ct_alert)) {
+(byteZero == ContentType.HANDSHAKE.id) ||
+(byteZero == ContentType.ALERT.id)) {
 /*
 * Last sanity check that it's not a wild record
 */
-ProtocolVersion recordVersion =
+if (!ProtocolVersion.isNegotiable(
-ProtocolVersion.valueOf(temporary[1], temporary[2]);
+temporary[1], temporary[2], false, false)) {
+throw new SSLException("Unrecognized record version " +
-// check the record version
+ProtocolVersion.nameOf(temporary[1], temporary[2]) +
-checkRecordVersion(recordVersion, false);
+" , plaintext connection?");
+}
 /*
 * Reasonably sure this is a V3, disable further checks.
 * We can't do the same in the v2 check below, because
 * read still needs to parse/handle the v2 clientHello.
 * Internals can warn about unsupported SSLv2
 */
 boolean isShort = ((byteZero & 0x80) != 0);
 if (isShort && ((temporary[2] == 1) || (temporary[2] == 4))) {
-ProtocolVersion recordVersion =
+if (!ProtocolVersion.isNegotiable(
-ProtocolVersion.valueOf(temporary[3], temporary[4]);
+temporary[3], temporary[4], false, false)) {
+throw new SSLException("Unrecognized record version " +
-// check the record version
+ProtocolVersion.nameOf(temporary[3], temporary[4]) +
-checkRecordVersion(recordVersion, true);
+" , plaintext connection?");
+}
 /*
 * Client or Server Hello
 */
 //
 }
 return len;
 }
-// destination.position() is zero.
+// Note that the input arguments are not used actually.
 @Override
-Plaintext decode(InputStream is, ByteBuffer destination)
+Plaintext[] decode(ByteBuffer[] srcs, int srcsOffset,
-throws IOException, BadPaddingException {
+int srcsLength) throws IOException, BadPaddingException {
 if (isClosed) {
 return null;
 }
 /*
 * The first record must either be a handshake record or an
 * alert message. If it's not, it is either invalid or an
 * SSLv2 message.
 */
-if ((temporary[0] != ct_handshake) &&
+if ((temporary[0] != ContentType.HANDSHAKE.id) &&
-(temporary[0] != ct_alert)) {
+(temporary[0] != ContentType.ALERT.id)) {
+hasHeader = false;
-plaintext = handleUnknownRecord(is, temporary, destination);
+return handleUnknownRecord(temporary);
 }
 }
-if (plaintext == null) {
+// The record header should has consumed.
-plaintext = decodeInputRecord(is, temporary, destination);
-}
-// The record header should has comsumed.
 hasHeader = false;
+return decodeInputRecord(temporary);
-return plaintext;
+}
+@Override
+void setReceiverStream(InputStream inputStream) {
+this.is = inputStream;
 }
 @Override
 void setDeliverStream(OutputStream outputStream) {
-this.deliverStream = outputStream;
+this.os = outputStream;
 }
 // Note that destination may be null
-private Plaintext decodeInputRecord(InputStream is, byte[] header,
+private Plaintext[] decodeInputRecord(
-ByteBuffer destination) throws IOException, BadPaddingException {
+byte[] header) throws IOException, BadPaddingException {
+byte contentType = header[0];                   // pos: 0
-byte contentType = header[0];
+byte majorVersion = header[1];                  // pos: 1
-byte majorVersion = header[1];
+byte minorVersion = header[2];                  // pos: 2
-byte minorVersion = header[2];
+int contentLen = ((header[3] & 0xFF) << 8) +
-int contentLen = ((header[3] & 0xFF) << 8) + (header[4] & 0xFF);
+(header[4] & 0xFF);          // pos: 3, 4
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
+SSLLogger.fine(
+"READ: " +
+ProtocolVersion.nameOf(majorVersion, minorVersion) +
+" " + ContentType.nameOf(contentType) + ", length = " +
+contentLen);
+}
 //
 // Check for upper bound.
 //
 // Note: May check packetSize limit in the future.
 }
 //
 // Read a complete record.
 //
-if (destination == null) {
+ByteBuffer destination = ByteBuffer.allocate(headerSize + contentLen);
-destination = ByteBuffer.allocate(headerSize + contentLen);
-}  // Otherwise, the destination buffer should have enough room.
 int dstPos = destination.position();
 destination.put(temporary, 0, headerSize);
 while (contentLen > 0) {
 int howmuch = Math.min(temporary.length, contentLen);
 int really = read(is, temporary, 0, howmuch);
 contentLen -= howmuch;
 }
 destination.flip();
 destination.position(dstPos + headerSize);
-if (debug != null && Debug.isOn("record")) {
+if (SSLLogger.isOn && SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
-", READ: " +
+"READ: " +
-ProtocolVersion.valueOf(majorVersion, minorVersion) +
+ProtocolVersion.nameOf(majorVersion, minorVersion) +
-" " + Record.contentName(contentType) + ", length = " +
+" " + ContentType.nameOf(contentType) + ", length = " +
 destination.remaining());
 }
 //
 // Decrypt the fragment
 //
-ByteBuffer plaintext =
+ByteBuffer fragment;
-decrypt(readAuthenticator, readCipher, contentType, destination);
+try {
+Plaintext plaintext =
-if ((contentType != ct_handshake) && (hsMsgOff != hsMsgLen)) {
+readCipher.decrypt(contentType, destination, null);
+fragment = plaintext.fragment;
+contentType = plaintext.contentType;
+} catch (BadPaddingException bpe) {
+throw bpe;
+} catch (GeneralSecurityException gse) {
+throw (SSLProtocolException)(new SSLProtocolException(
+"Unexpected exception")).initCause(gse);
+}
+if (contentType != ContentType.HANDSHAKE.id &&
+handshakeBuffer != null && handshakeBuffer.hasRemaining()) {
 throw new SSLProtocolException(
-"Expected to get a handshake fragment");
+"Expecting a handshake fragment, but received " +
-}
+ContentType.nameOf(contentType));
+}
-//
-// handshake hashing
+//
-//
+// parse handshake messages
-if (contentType == ct_handshake) {
+//
-int pltPos = plaintext.position();
+if (contentType == ContentType.HANDSHAKE.id) {
-int pltLim = plaintext.limit();
+ByteBuffer handshakeFrag = fragment;
-int frgPos = pltPos;
+if ((handshakeBuffer != null) &&
-for (int remains = plaintext.remaining(); remains > 0;) {
+(handshakeBuffer.remaining() != 0)) {
-int howmuch;
+ByteBuffer bb = ByteBuffer.wrap(new byte[
-byte handshakeType;
+handshakeBuffer.remaining() + fragment.remaining()]);
-if (hsMsgOff < hsMsgLen) {
+bb.put(handshakeBuffer);
-// a fragment of the handshake message
+bb.put(fragment);
-howmuch = Math.min((hsMsgLen - hsMsgOff), remains);
+handshakeFrag = bb.rewind();
-handshakeType = prevType;
+handshakeBuffer = null;
+}
-hsMsgOff += howmuch;
-if (hsMsgOff == hsMsgLen) {
+ArrayList<Plaintext> plaintexts = new ArrayList<>(5);
-// Now is a complete handshake message.
+while (handshakeFrag.hasRemaining()) {
-hsMsgOff = 0;
+int remaining = handshakeFrag.remaining();
-hsMsgLen = 0;
+if (remaining < handshakeHeaderSize) {
+handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
+handshakeBuffer.put(handshakeFrag);
+handshakeBuffer.rewind();
+break;
+}
+handshakeFrag.mark();
+// skip the first byte: handshake type
+byte handshakeType = handshakeFrag.get();
+int handshakeBodyLen = Record.getInt24(handshakeFrag);
+handshakeFrag.reset();
+int handshakeMessageLen =
+handshakeHeaderSize + handshakeBodyLen;
+if (remaining < handshakeMessageLen) {
+handshakeBuffer = ByteBuffer.wrap(new byte[remaining]);
+handshakeBuffer.put(handshakeFrag);
+handshakeBuffer.rewind();
+break;
+} if (remaining == handshakeMessageLen) {
+if (handshakeHash.isHashable(handshakeType)) {
+handshakeHash.receive(handshakeFrag);
 }
-} else {    // hsMsgOff == hsMsgLen, a new handshake message
-handshakeType = plaintext.get();
+plaintexts.add(
-int handshakeLen = ((plaintext.get() & 0xFF) << 16) |
+new Plaintext(contentType,
-((plaintext.get() & 0xFF) << 8) |
+majorVersion, minorVersion, -1, -1L, handshakeFrag)
-(plaintext.get() & 0xFF);
+);
-plaintext.position(frgPos);
+break;
-if (remains < (handshakeLen + 1)) { // 1: handshake type
+} else {
-// This handshake message is fragmented.
+int fragPos = handshakeFrag.position();
-prevType = handshakeType;
+int fragLim = handshakeFrag.limit();
-hsMsgOff = remains - 4;         // 4: handshake header
+int nextPos = fragPos + handshakeMessageLen;
-hsMsgLen = handshakeLen;
+handshakeFrag.limit(nextPos);
+if (handshakeHash.isHashable(handshakeType)) {
+handshakeHash.receive(handshakeFrag);
 }
-howmuch = Math.min(handshakeLen + 4, remains);
+plaintexts.add(
-}
+new Plaintext(contentType, majorVersion, minorVersion,
+-1, -1L, handshakeFrag.slice())
-plaintext.limit(frgPos + howmuch);
+);
-if (handshakeType == HandshakeMessage.ht_hello_request) {
+handshakeFrag.position(nextPos);
-// omitted from handshake hash computation
+handshakeFrag.limit(fragLim);
-} else if ((handshakeType != HandshakeMessage.ht_finished) &&
+}
-(handshakeType != HandshakeMessage.ht_certificate_verify)) {
+}
-if (handshakeHash == null) {
+return plaintexts.toArray(new Plaintext[0]);
-// used for cache only
+}
-handshakeHash = new HandshakeHash(false);
-}
+// KeyLimit check during application data.
-handshakeHash.update(plaintext);
+// atKeyLimit() inactive when limits not checked, tc set when limits
-} else {
+// are active.
-// Reserve until this handshake message has been processed.
-if (handshakeHash == null) {
+if (readCipher.atKeyLimit()) {
-// used for cache only
+if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
-handshakeHash = new HandshakeHash(false);
+SSLLogger.fine("KeyUpdate: triggered, read side.");
 }
-handshakeHash.reserve(plaintext);
-}
+PostHandshakeContext p = new PostHandshakeContext(tc);
+KeyUpdate.handshakeProducer.produce(p,
-plaintext.position(frgPos + howmuch);
+new KeyUpdateMessage(p, KeyUpdateRequest.REQUESTED));
-plaintext.limit(pltLim);
+}
-frgPos += howmuch;
+return new Plaintext[] {
-remains -= howmuch;
+new Plaintext(contentType,
-}
+majorVersion, minorVersion, -1, -1L, fragment)
-plaintext.position(pltPos);
+};
 }
-return new Plaintext(contentType,
+private Plaintext[] handleUnknownRecord(
-majorVersion, minorVersion, -1, -1L, plaintext);
+byte[] header) throws IOException, BadPaddingException {
-// recordEpoch, recordSeq, plaintext);
-}
-private Plaintext handleUnknownRecord(InputStream is, byte[] header,
-ByteBuffer destination) throws IOException, BadPaddingException {
 byte firstByte = header[0];
 byte thirdByte = header[2];
 // Does it look like a Version 2 client hello (V2ClientHello)?
 if (((firstByte & 0x80) != 0) && (thirdByte == 1)) {
 * Looks like a V2 client hello, but not one saying
 * "let's talk SSLv3".  So we need to send an SSLv2
 * error message, one that's treated as fatal by
 * clients (Otherwise we'll hang.)
 */
-deliverStream.write(SSLRecord.v2NoCipher);      // SSLv2Hello
+os.write(SSLRecord.v2NoCipher);      // SSLv2Hello
-if (debug != null) {
+if (SSLLogger.isOn) {
-if (Debug.isOn("record")) {
+if (SSLLogger.isOn("record")) {
-System.out.println(Thread.currentThread().getName() +
+SSLLogger.fine(
 "Requested to negotiate unsupported SSLv2!");
 }
-if (Debug.isOn("packet")) {
+if (SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine("Raw write", SSLRecord.v2NoCipher);
-"[Raw write]: length = " +
-SSLRecord.v2NoCipher.length,
-SSLRecord.v2NoCipher);
 }
 }
 throw new SSLException("Unsupported SSL v2.0 ClientHello");
 }
 int msgLen = ((header[0] & 0x7F) << 8) | (header[1] & 0xFF);
-if (destination == null) {
+ByteBuffer destination = ByteBuffer.allocate(headerSize + msgLen);
-destination = ByteBuffer.allocate(headerSize + msgLen);
-}
 destination.put(temporary, 0, headerSize);
 msgLen -= 3;            // had read 3 bytes of content as header
 while (msgLen > 0) {
 int howmuch = Math.min(temporary.length, msgLen);
 int really = read(is, temporary, 0, howmuch);
 * If we can map this into a V3 ClientHello, read and
 * hash the rest of the V2 handshake, turn it into a
 * V3 ClientHello message, and pass it up.
 */
 destination.position(2);     // exclude the header
+handshakeHash.receive(destination);
-if (handshakeHash == null) {
-// used for cache only
-handshakeHash = new HandshakeHash(false);
-}
-handshakeHash.update(destination);
 destination.position(0);
 ByteBuffer converted = convertToClientHello(destination);
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+SSLLogger.fine(
 "[Converted] ClientHello", converted);
 }
-return new Plaintext(ct_handshake,
+return new Plaintext[] {
-majorVersion, minorVersion, -1, -1L, converted);
+new Plaintext(ContentType.HANDSHAKE.id,
+majorVersion, minorVersion, -1, -1L, converted)
+};
 } else {
 if (((firstByte & 0x80) != 0) && (thirdByte == 4)) {
 throw new SSLException("SSL V2.0 servers are not supported.");
 }
 byte[] buffer, int offset, int len) throws IOException {
 int n = 0;
 while (n < len) {
 int readLen = is.read(buffer, offset + n, len - n);
 if (readLen < 0) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
+SSLLogger.fine("Raw read: EOF");
+}
 return -1;
 }
-if (debug != null && Debug.isOn("packet")) {
+if (SSLLogger.isOn && SSLLogger.isOn("packet")) {
-Debug.printHex(
+ByteBuffer bb = ByteBuffer.wrap(buffer, offset + n, readLen);
-"[Raw read]: length = " + readLen,
+SSLLogger.fine("Raw read", bb);
-buffer, offset + n, readLen);
 }
 n += readLen;
 }

changeset 50768	68fa3d4026ea
parent 47216	71c04702a3d5
child 51407	910f7b56592f