# HG changeset patch # User xuelei # Date 1526915784 25200 # Node ID a0f3377c58c78b30048e54493ef2f35ae065ad3f # Parent fb93f16d20fac75464af0f9699945931739660cb Use default signature algorithms for TLS 1.2 diff -r fb93f16d20fa -r a0f3377c58c7 src/java.base/share/classes/sun/security/ssl/Finished.java --- a/src/java.base/share/classes/sun/security/ssl/Finished.java Mon May 21 15:40:25 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/Finished.java Mon May 21 08:16:24 2018 -0700 @@ -421,7 +421,7 @@ engineGetClientSessionContext()).put( chc.handshakeSession); } - chc.conContext.conSession = chc.handshakeSession; + chc.conContext.conSession = chc.handshakeSession.finish(); chc.conContext.protocolVersion = chc.negotiatedProtocol; // handshake context cleanup. @@ -476,7 +476,7 @@ engineGetServerSessionContext()).put( shc.handshakeSession); } - shc.conContext.conSession = shc.handshakeSession; + shc.conContext.conSession = shc.handshakeSession.finish(); shc.conContext.protocolVersion = shc.negotiatedProtocol; // handshake context cleanup. @@ -544,7 +544,7 @@ engineGetClientSessionContext()).put( chc.handshakeSession); } - chc.conContext.conSession = chc.handshakeSession; + chc.conContext.conSession = chc.handshakeSession.finish(); chc.conContext.protocolVersion = chc.negotiatedProtocol; // handshake context cleanup. @@ -593,7 +593,7 @@ engineGetServerSessionContext()).put( shc.handshakeSession); } - shc.conContext.conSession = shc.handshakeSession; + shc.conContext.conSession = shc.handshakeSession.finish(); shc.conContext.protocolVersion = shc.negotiatedProtocol; // handshake context cleanup. @@ -725,7 +725,7 @@ "TlsResumptionMasterSecret", null); chc.handshakeSession.setResumptionMasterSecret(resumptionMasterSecret); - chc.conContext.conSession = chc.handshakeSession; + chc.conContext.conSession = chc.handshakeSession.finish(); chc.conContext.protocolVersion = chc.negotiatedProtocol; // handshake context cleanup. @@ -1058,7 +1058,7 @@ } // update connection context - shc.conContext.conSession = shc.handshakeSession; + shc.conContext.conSession = shc.handshakeSession.finish(); shc.conContext.protocolVersion = shc.negotiatedProtocol; // handshake context cleanup. diff -r fb93f16d20fa -r a0f3377c58c7 src/java.base/share/classes/sun/security/ssl/SSLExtension.java --- a/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Mon May 21 15:40:25 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtension.java Mon May 21 08:16:24 2018 -0700 @@ -44,6 +44,7 @@ ServerNameExtension.chOnLoadConcumer, null, null, + null, ServerNameExtension.chStringize), SH_SERVER_NAME (0x0000, "server_name", SSLHandshake.SERVER_HELLO, @@ -52,6 +53,7 @@ ServerNameExtension.shOnLoadConcumer, null, null, + null, ServerNameExtension.shStringize), EE_SERVER_NAME (0x0000, "server_name", SSLHandshake.ENCRYPTED_EXTENSIONS, @@ -60,6 +62,7 @@ ServerNameExtension.eeOnLoadConcumer, null, null, + null, ServerNameExtension.shStringize), CH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", SSLHandshake.CLIENT_HELLO, @@ -68,6 +71,7 @@ MaxFragExtension.chOnLoadConcumer, null, null, + null, MaxFragExtension.maxFragLenStringize), SH_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", SSLHandshake.SERVER_HELLO, @@ -76,6 +80,7 @@ MaxFragExtension.shOnLoadConcumer, null, MaxFragExtension.shOnTradeConsumer, + null, MaxFragExtension.maxFragLenStringize), EE_MAX_FRAGMENT_LENGTH (0x0001, "max_fragment_length", SSLHandshake.ENCRYPTED_EXTENSIONS, @@ -84,6 +89,7 @@ MaxFragExtension.eeOnLoadConcumer, null, MaxFragExtension.eeOnTradeConsumer, + null, MaxFragExtension.maxFragLenStringize), CLIENT_CERTIFICATE_URL (0x0002, "client_certificate_url"), TRUSTED_CA_KEYS (0x0003, "trusted_ca_keys"), @@ -96,6 +102,7 @@ CertStatusExtension.chOnLoadConsumer, null, null, + null, CertStatusExtension.certStatusReqStringize), SH_STATUS_REQUEST (0x0005, "status_request", SSLHandshake.SERVER_HELLO, @@ -104,6 +111,7 @@ CertStatusExtension.shOnLoadConsumer, null, null, + null, CertStatusExtension.certStatusReqStringize), CR_STATUS_REQUEST (0x0005, "status_request"), @@ -114,6 +122,7 @@ CertStatusExtension.ctOnLoadConsumer, null, null, + null, CertStatusExtension.certStatusRespStringize), // extensions defined in RFC 4681 USER_MAPPING (0x0006, "user_mapping"), @@ -133,6 +142,7 @@ SupportedGroupsExtension.chOnLoadConcumer, null, null, + null, SupportedGroupsExtension.sgsStringize), EE_SUPPORTED_GROUPS (0x000A, "supported_groups", SSLHandshake.ENCRYPTED_EXTENSIONS, @@ -141,6 +151,7 @@ SupportedGroupsExtension.eeOnLoadConcumer, null, null, + null, SupportedGroupsExtension.sgsStringize), CH_EC_POINT_FORMATS (0x000B, "ec_point_formats", @@ -150,6 +161,7 @@ ECPointFormatsExtension.chOnLoadConcumer, null, null, + null, ECPointFormatsExtension.epfStringize), SH_EC_POINT_FORMATS (0x000B, "ec_point_formats", SSLHandshake.SERVER_HELLO, @@ -158,6 +170,7 @@ ECPointFormatsExtension.shOnLoadConcumer, null, null, + null, ECPointFormatsExtension.epfStringize), // extensions defined in RFC 5054 @@ -171,6 +184,7 @@ SignatureAlgorithmsExtension.chOnLoadConcumer, SignatureAlgorithmsExtension.chOnLoadAbsence, SignatureAlgorithmsExtension.chOnTradeConsumer, + SignatureAlgorithmsExtension.chOnTradeAbsence, SignatureAlgorithmsExtension.ssStringize), CR_SIGNATURE_ALGORITHMS (0x000D, "signature_algorithms", SSLHandshake.CERTIFICATE_REQUEST, @@ -179,6 +193,7 @@ SignatureAlgorithmsExtension.crOnLoadConcumer, SignatureAlgorithmsExtension.crOnLoadAbsence, SignatureAlgorithmsExtension.crOnTradeConsumer, + null, SignatureAlgorithmsExtension.ssStringize), CH_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", @@ -188,6 +203,7 @@ CertSignAlgsExtension.chOnLoadConcumer, null, CertSignAlgsExtension.chOnTradeConsumer, + null, CertSignAlgsExtension.ssStringize), CR_SIGNATURE_ALGORITHMS_CERT (0x0032, "signature_algorithms_cert", SSLHandshake.CERTIFICATE_REQUEST, @@ -196,6 +212,7 @@ CertSignAlgsExtension.crOnLoadConcumer, null, CertSignAlgsExtension.crOnTradeConsumer, + null, CertSignAlgsExtension.ssStringize), // extensions defined in RFC 5764 @@ -212,6 +229,7 @@ AlpnExtension.chOnLoadConcumer, AlpnExtension.chOnLoadAbsence, null, + null, AlpnExtension.alpnStringize), SH_ALPN (0x0010, "application_layer_protocol_negotiation", SSLHandshake.SERVER_HELLO, @@ -220,6 +238,7 @@ AlpnExtension.shOnLoadConcumer, AlpnExtension.shOnLoadAbsence, null, + null, AlpnExtension.alpnStringize), EE_ALPN (0x0010, "application_layer_protocol_negotiation", SSLHandshake.ENCRYPTED_EXTENSIONS, @@ -228,6 +247,7 @@ AlpnExtension.shOnLoadConcumer, AlpnExtension.shOnLoadAbsence, null, + null, AlpnExtension.alpnStringize), // extensions defined in RFC 6961 @@ -238,6 +258,7 @@ CertStatusExtension.chV2OnLoadConsumer, null, null, + null, CertStatusExtension.certStatusReqV2Stringize), SH_STATUS_REQUEST_V2 (0x0011, "status_request_v2", SSLHandshake.SERVER_HELLO, @@ -246,6 +267,7 @@ CertStatusExtension.shV2OnLoadConsumer, null, null, + null, CertStatusExtension.certStatusReqV2Stringize), // extensions defined in RFC 6962 @@ -269,6 +291,7 @@ ExtendedMasterSecretExtension.chOnLoadConcumer, ExtendedMasterSecretExtension.chOnLoadAbsence, null, + null, ExtendedMasterSecretExtension.emsStringize), SH_EXTENDED_MASTER_SECRET (0x0017, "extended_master_secret", SSLHandshake.SERVER_HELLO, @@ -277,6 +300,7 @@ ExtendedMasterSecretExtension.shOnLoadConcumer, ExtendedMasterSecretExtension.shOnLoadAbsence, null, + null, ExtendedMasterSecretExtension.emsStringize), // extensions defined in RFC draft-ietf-tokbind-negotiation @@ -300,6 +324,7 @@ SupportedVersionsExtension.chOnLoadConcumer, null, null, + null, SupportedVersionsExtension.chStringize), SH_SUPPORTED_VERSIONS (0x002B, "supported_versions", SSLHandshake.SERVER_HELLO, @@ -309,6 +334,7 @@ SupportedVersionsExtension.shOnLoadConcumer, null, null, + null, SupportedVersionsExtension.shStringize), HRR_SUPPORTED_VERSIONS (0x002B, "supported_versions", SSLHandshake.HELLO_RETRY_REQUEST, @@ -317,12 +343,14 @@ SupportedVersionsExtension.hrrOnLoadConcumer, null, null, + null, SupportedVersionsExtension.hrrStringize), MH_SUPPORTED_VERSIONS (0x002B, "supported_versions", SSLHandshake.MESSAGE_HASH, ProtocolVersion.PROTOCOLS_OF_13, SupportedVersionsExtension.hrrReproducer, null, null, null, + null, SupportedVersionsExtension.hrrStringize), CH_COOKIE (0x002C, "cookie", @@ -332,6 +360,7 @@ CookieExtension.chOnLoadConcumer, null, CookieExtension.chOnTradeConsumer, + null, CookieExtension.cookieStringize), HRR_COOKIE (0x002C, "cookie", SSLHandshake.HELLO_RETRY_REQUEST, @@ -339,12 +368,14 @@ CookieExtension.hrrNetworkProducer, CookieExtension.hrrOnLoadConcumer, null, null, + null, CookieExtension.cookieStringize), MH_COOKIE (0x002C, "cookie", SSLHandshake.MESSAGE_HASH, ProtocolVersion.PROTOCOLS_OF_13, CookieExtension.hrrNetworkReproducer, null, null, null, + null, CookieExtension.cookieStringize), PSK_KEY_EXCHANGE_MODES (0x002D, "psk_key_exchange_modes", @@ -352,7 +383,7 @@ ProtocolVersion.PROTOCOLS_OF_13, PskKeyExchangeModesExtension.chNetworkProducer, PskKeyExchangeModesExtension.chOnLoadConsumer, - null, null, null), + null, null, null, null), CERTIFICATE_AUTHORITIES (0x002F, "certificate_authorities"), OID_FILTERS (0x0030, "oid_filters"), POST_HANDSHAKE_AUTH (0x0030, "post_handshake_auth"), @@ -362,7 +393,7 @@ ProtocolVersion.PROTOCOLS_OF_13, KeyShareExtension.chNetworkProducer, KeyShareExtension.chOnLoadConcumer, - null, null, + null, null, null, KeyShareExtension.chStringize), SH_KEY_SHARE (0x0033, "key_share", SSLHandshake.SERVER_HELLO, @@ -371,19 +402,20 @@ KeyShareExtension.shOnLoadConcumer, KeyShareExtension.shOnLoadAbsence, null, + null, KeyShareExtension.shStringize), HRR_KEY_SHARE (0x0033, "key_share", SSLHandshake.HELLO_RETRY_REQUEST, ProtocolVersion.PROTOCOLS_OF_13, KeyShareExtension.hrrNetworkProducer, KeyShareExtension.hrrOnLoadConcumer, - null, null, + null, null, null, KeyShareExtension.hrrStringize), MH_KEY_SHARE (0x0033, "key_share", SSLHandshake.MESSAGE_HASH, ProtocolVersion.PROTOCOLS_OF_13, KeyShareExtension.hrrNetworkReproducer, - null, null, null, + null, null, null, null, KeyShareExtension.hrrStringize), // Extensions defined in RFC 5746 @@ -394,6 +426,7 @@ RenegoInfoExtension.chOnLoadConcumer, RenegoInfoExtension.chOnLoadAbsence, null, + null, RenegoInfoExtension.rniStringize), SH_RENEGOTIATION_INFO (0xff01, "renegotiation_info", SSLHandshake.SERVER_HELLO, @@ -402,24 +435,25 @@ RenegoInfoExtension.shOnLoadConcumer, RenegoInfoExtension.shOnLoadAbsence, null, + null, RenegoInfoExtension.rniStringize), // TLS 1.3 PSK extension must be last CH_PRE_SHARED_KEY (0x0029, "pre_shared_key", - SSLHandshake.CLIENT_HELLO, - ProtocolVersion.PROTOCOLS_OF_13, - PreSharedKeyExtension.chNetworkProducer, - PreSharedKeyExtension.chOnLoadConsumer, - PreSharedKeyExtension.chOnLoadAbsence, - PreSharedKeyExtension.chOnTradeConsumer, - null), + SSLHandshake.CLIENT_HELLO, + ProtocolVersion.PROTOCOLS_OF_13, + PreSharedKeyExtension.chNetworkProducer, + PreSharedKeyExtension.chOnLoadConsumer, + PreSharedKeyExtension.chOnLoadAbsence, + PreSharedKeyExtension.chOnTradeConsumer, + null, null), SH_PRE_SHARED_KEY (0x0029, "pre_shared_key", - SSLHandshake.SERVER_HELLO, - ProtocolVersion.PROTOCOLS_OF_13, - PreSharedKeyExtension.shNetworkProducer, - PreSharedKeyExtension.shOnLoadConsumer, - PreSharedKeyExtension.shOnLoadAbsence, - null, null); + SSLHandshake.SERVER_HELLO, + ProtocolVersion.PROTOCOLS_OF_13, + PreSharedKeyExtension.shNetworkProducer, + PreSharedKeyExtension.shOnLoadConsumer, + PreSharedKeyExtension.shOnLoadAbsence, + null, null, null); final int id; final SSLHandshake handshakeType; @@ -429,6 +463,7 @@ final ExtensionConsumer onLoadConcumer; final HandshakeAbsence onLoadAbsence; final HandshakeConsumer onTradeConsumer; + final HandshakeAbsence onTradeAbsence; final SSLStringize stringize; // known but unsupported extension @@ -441,6 +476,7 @@ this.onLoadConcumer = null; this.onLoadAbsence = null; this.onTradeConsumer = null; + this.onTradeAbsence = null; this.stringize = null; } @@ -449,8 +485,8 @@ ProtocolVersion[] supportedProtocols, HandshakeProducer producer, ExtensionConsumer onLoadConcumer, HandshakeAbsence onLoadAbsence, - HandshakeConsumer onTradeConsumer, SSLStringize stringize) { - + HandshakeConsumer onTradeConsumer, HandshakeAbsence onTradeAbsence, + SSLStringize stringize) { this.id = id; this.handshakeType = handshakeType; this.name = name; @@ -459,6 +495,7 @@ this.onLoadConcumer = onLoadConcumer; this.onLoadAbsence = onLoadAbsence; this.onTradeConsumer = onTradeConsumer; + this.onTradeAbsence = onTradeAbsence; this.stringize = stringize; } @@ -514,7 +551,7 @@ } } - void absent(ConnectionContext context, + void absentOnLoad(ConnectionContext context, HandshakeMessage message) throws IOException { if (onLoadAbsence != null) { onLoadAbsence.absent(context, message); @@ -524,6 +561,16 @@ } } + void absentOnTrade(ConnectionContext context, + HandshakeMessage message) throws IOException { + if (onTradeAbsence != null) { + onTradeAbsence.absent(context, message); + } else { + throw new UnsupportedOperationException( + "Not yet supported extension absence processing."); + } + } + public boolean isAvailable(ProtocolVersion protocolVersion) { /* for (ProtocolVersion pv : supportedProtocols) { diff -r fb93f16d20fa -r a0f3377c58c7 src/java.base/share/classes/sun/security/ssl/SSLExtensions.java --- a/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java Mon May 21 15:40:25 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLExtensions.java Mon May 21 08:16:24 2018 -0700 @@ -146,7 +146,7 @@ if (!extMap.containsKey(extension)) { if (extension.onLoadAbsence != null) { - extension.absent(context, handshakeMessage); + extension.absentOnLoad(context, handshakeMessage); } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { SSLLogger.fine( "Ignore unavailable extension: " + extension.name); @@ -179,7 +179,12 @@ SSLExtension[] extensions) throws IOException { for (SSLExtension extension : extensions) { if (!extMap.containsKey(extension)) { - // No impact could be expected, so just ignore the absence. + if (extension.onTradeAbsence != null) { + extension.absentOnTrade(context, handshakeMessage); + } else if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { + SSLLogger.fine( + "Ignore unavailable extension: " + extension.name); + } continue; } diff -r fb93f16d20fa -r a0f3377c58c7 src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java --- a/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Mon May 21 15:40:25 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SSLSessionImpl.java Mon May 21 08:16:24 2018 -0700 @@ -104,6 +104,7 @@ private PrivateKey localPrivateKey; private final String[] localSupportedSignAlgs; private String[] peerSupportedSignAlgs; + private boolean useDefaultPeerSignAlgs = false; private List statusResponses; private SecretKey resumptionMasterSecret; private SecretKey preSharedKey; @@ -332,6 +333,32 @@ SignatureScheme.getAlgorithmNames(signatureSchemes); } + // TLS 1.2 only + // + // Per RFC 5246, If the client supports only the default hash + // and signature algorithms, it MAY omit the + // signature_algorithms extension. If the client does not + // support the default algorithms, or supports other hash + // and signature algorithms (and it is willing to use them + // for verifying messages sent by the server, i.e., server + // certificates and server key exchange), it MUST send the + // signature_algorithms extension, listing the algorithms it + // is willing to accept. + void setUseDefaultPeerSignAlgs() { + useDefaultPeerSignAlgs = true; + peerSupportedSignAlgs = new String[] { + "SHA1withRSA", "SHA1withDSA", "SHA1withECDSA"}; + } + + // Returns the connection session. + SSLSessionImpl finish() { + if (useDefaultPeerSignAlgs) { + this.peerSupportedSignAlgs = new String[0]; + } + + return this; + } + /** * Provide status response data obtained during the SSL handshake. * diff -r fb93f16d20fa -r a0f3377c58c7 src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java --- a/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Mon May 21 15:40:25 2018 +0800 +++ b/src/java.base/share/classes/sun/security/ssl/SignatureAlgorithmsExtension.java Mon May 21 08:16:24 2018 -0700 @@ -28,6 +28,7 @@ import java.io.IOException; import java.nio.ByteBuffer; import java.text.MessageFormat; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import java.util.Locale; @@ -45,9 +46,11 @@ static final ExtensionConsumer chOnLoadConcumer = new CHSignatureSchemesConsumer(); static final HandshakeAbsence chOnLoadAbsence = - new CHSignatureSchemesAbsence(); + new CHSignatureSchemesOnLoadAbsence(); static final HandshakeConsumer chOnTradeConsumer = new CHSignatureSchemesUpdate(); + static final HandshakeAbsence chOnTradeAbsence = + new CHSignatureSchemesOnTradeAbsence(); static final HandshakeProducer crNetworkProducer = new CRSignatureSchemesProducer(); @@ -313,7 +316,7 @@ * not present in the ClientHello handshake message. */ private static final - class CHSignatureSchemesAbsence implements HandshakeAbsence { + class CHSignatureSchemesOnLoadAbsence implements HandshakeAbsence { @Override public void absent(ConnectionContext context, HandshakeMessage message) throws IOException { @@ -334,6 +337,50 @@ } /** + * The absence processing if a "signature_algorithms" extension is + * not present in the ClientHello handshake message. + */ + private static final + class CHSignatureSchemesOnTradeAbsence implements HandshakeAbsence { + @Override + public void absent(ConnectionContext context, + HandshakeMessage message) throws IOException { + // The comsuming happens in server side only. + ServerHandshakeContext shc = (ServerHandshakeContext)context; + + if (shc.negotiatedProtocol.useTLS12PlusSpec()) { + // Use default hash and signature algorithm: + // {sha1,rsa} + // {sha1,dsa} + // {sha1,ecdsa} + // Per RFC 5246, If the client supports only the default hash + // and signature algorithms, it MAY omit the + // signature_algorithms extension. If the client does not + // support the default algorithms, or supports other hash + // and signature algorithms (and it is willing to use them + // for verifying messages sent by the server, i.e., server + // certificates and server key exchange), it MUST send the + // signature_algorithms extension, listing the algorithms it + // is willing to accept. + List shemes = Arrays.asList( + SignatureScheme.RSA_PKCS1_SHA1, + SignatureScheme.DSA_SHA1, + SignatureScheme.ECDSA_SHA1 + ); + + shc.peerRequestedSignatureSchemes = shemes; + if (shc.peerRequestedCertSignSchemes == null || + shc.peerRequestedCertSignSchemes.isEmpty()) { + shc.peerRequestedCertSignSchemes = shemes; + } + + // Use the default peer signature algorithms. + shc.handshakeSession.setUseDefaultPeerSignAlgs(); + } + } + } + + /** * Network data producer of a "signature_algorithms" extension in * the CertificateRequest handshake message. */