8268193: Improve requests of certificates

Reviewed-by: xuelei, rhalade, ahgross
2021-07-08 16:14:37 +00:00 · 2021-07-08 16:14:37 +00:00 · 9c4988daeb
commit 9c4988daeb
parent c714707eac
3 changed files with 47 additions and 2 deletions
--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
@ -333,6 +333,16 @@ final class CertificateRequest {

            // clean up this consumer
            chc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_REQUEST.id);
+            chc.receivedCertReq = true;
+
+            // If we're processing this message and the server's certificate
+            // message consumer has not already run then this is a state
+            // machine violation.
+            if (chc.handshakeConsumers.containsKey(
+                    SSLHandshake.CERTIFICATE.id)) {
+                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected CertificateRequest handshake message");
+            }

            SSLConsumer certStatCons = chc.handshakeConsumers.remove(
                    SSLHandshake.CERTIFICATE_STATUS.id);
@ -659,6 +669,16 @@ final class CertificateRequest {

            // clean up this consumer
            chc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_REQUEST.id);
+            chc.receivedCertReq = true;
+
+            // If we're processing this message and the server's certificate
+            // message consumer has not already run then this is a state
+            // machine violation.
+            if (chc.handshakeConsumers.containsKey(
+                    SSLHandshake.CERTIFICATE.id)) {
+                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected CertificateRequest handshake message");
+            }

            SSLConsumer certStatCons = chc.handshakeConsumers.remove(
                    SSLHandshake.CERTIFICATE_STATUS.id);
@ -920,6 +940,15 @@ final class CertificateRequest {

            // clean up this consumer
            chc.handshakeConsumers.remove(SSLHandshake.CERTIFICATE_REQUEST.id);
+            chc.receivedCertReq = true;
+
+            // Ensure that the CertificateRequest has not been sent prior
+            // to EncryptedExtensions
+            if (chc.handshakeConsumers.containsKey(
+                    SSLHandshake.ENCRYPTED_EXTENSIONS.id)) {
+                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected CertificateRequest handshake message");
+            }

            T13CertificateRequestMessage crm =
                    new T13CertificateRequestMessage(chc, message);
--- a/src/java.base/share/classes/sun/security/ssl/ClientHandshakeContext.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientHandshakeContext.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -90,6 +90,11 @@ class ClientHandshakeContext extends HandshakeContext {

    ClientHelloMessage initialClientHelloMsg = null;

+    // Flag to indicate receipt of a CertificateRequest message from
+    // the server.  Because this is optional, we cannot guarantee
+    // the handshakeConsumers Map will always have it present there.
+    boolean receivedCertReq = false;
+
    // PSK identity is selected in first Hello and used again after HRR
    byte[] pskIdentity;

--- a/src/java.base/share/classes/sun/security/ssl/ServerKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ServerKeyExchange.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2018, 20121, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -92,6 +92,17 @@ final class ServerKeyExchange {
            // clean up this consumer
            chc.handshakeConsumers.remove(SSLHandshake.SERVER_KEY_EXCHANGE.id);

+            // Any receipt/consumption of the CertificateRequest before
+            // ServerKeyExchange is a state machine violation.  We may not
+            // know for sure if an early CR message is a violation though until
+            // we have reached this point, due to other TLS features and
+            // optional messages.
+            if (chc.receivedCertReq) {
+                chc.receivedCertReq = false;    // Reset flag
+                throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected ServerKeyExchange handshake message");
+            }
+
            SSLConsumer certStatCons = chc.handshakeConsumers.remove(
                    SSLHandshake.CERTIFICATE_STATUS.id);
            if (certStatCons != null) {