Tue, 25 Aug 2020 08:35:10 +0300
8245469: Remove DTLS protocol implementation
Reviewed-by: mbalao
1.1 --- a/src/share/classes/sun/security/ssl/Alert.java Tue Aug 25 08:31:35 2020 +0300 1.2 +++ b/src/share/classes/sun/security/ssl/Alert.java Tue Aug 25 08:35:10 2020 +0300 1.3 @@ -34,10 +34,10 @@ 1.4 import javax.net.ssl.SSLProtocolException; 1.5 1.6 /** 1.7 - * SSL/(D)TLS Alter description 1.8 + * SSL/TLS Alter description 1.9 */ 1.10 enum Alert { 1.11 - // Please refer to TLS Alert Registry for the latest (D)TLS Alert values: 1.12 + // Please refer to TLS Alert Registry for the latest TLS Alert values: 1.13 // https://www.iana.org/assignments/tls-parameters/ 1.14 CLOSE_NOTIFY ((byte)0, "close_notify", false), 1.15 UNEXPECTED_MESSAGE ((byte)10, "unexpected_message", false), 1.16 @@ -141,7 +141,7 @@ 1.17 } 1.18 1.19 /** 1.20 - * SSL/(D)TLS Alert level. 1.21 + * SSL/TLS Alert level. 1.22 */ 1.23 enum Level { 1.24 WARNING ((byte)1, "warning"),
2.1 --- a/src/share/classes/sun/security/ssl/Authenticator.java Tue Aug 25 08:31:35 2020 +0300 2.2 +++ b/src/share/classes/sun/security/ssl/Authenticator.java Tue Aug 25 08:35:10 2020 +0300 2.3 @@ -34,7 +34,7 @@ 2.4 import sun.security.ssl.CipherSuite.MacAlg; 2.5 2.6 /** 2.7 - * This class represents an SSL/TLS/DTLS message authentication token, 2.8 + * This class represents an SSL/TLS message authentication token, 2.9 * which encapsulates a sequence number and ensures that attempts to 2.10 * delete or reorder messages can be detected. 2.11 */ 2.12 @@ -52,20 +52,12 @@ 2.13 * SSL/TLS protocol. 2.14 */ 2.15 static Authenticator valueOf(ProtocolVersion protocolVersion) { 2.16 - if (protocolVersion.isDTLS) { 2.17 - if (protocolVersion.useTLS13PlusSpec()) { 2.18 - return new DTLS13Authenticator(protocolVersion); 2.19 - } else { 2.20 - return new DTLS10Authenticator(protocolVersion); 2.21 - } 2.22 + if (protocolVersion.useTLS13PlusSpec()) { 2.23 + return new TLS13Authenticator(protocolVersion); 2.24 + } else if (protocolVersion.useTLS10PlusSpec()) { 2.25 + return new TLS10Authenticator(protocolVersion); 2.26 } else { 2.27 - if (protocolVersion.useTLS13PlusSpec()) { 2.28 - return new TLS13Authenticator(protocolVersion); 2.29 - } else if (protocolVersion.useTLS10PlusSpec()) { 2.30 - return new TLS10Authenticator(protocolVersion); 2.31 - } else { 2.32 - return new SSL30Authenticator(); 2.33 - } 2.34 + return new SSL30Authenticator(); 2.35 } 2.36 } 2.37 2.38 @@ -74,20 +66,12 @@ 2.39 valueOf(ProtocolVersion protocolVersion, MacAlg macAlg, 2.40 SecretKey key) throws NoSuchAlgorithmException, 2.41 InvalidKeyException { 2.42 - if (protocolVersion.isDTLS) { 2.43 - if (protocolVersion.useTLS13PlusSpec()) { 2.44 - throw new RuntimeException("No MacAlg used in DTLS 1.3"); 2.45 - } else { 2.46 - return (T)(new DTLS10Mac(protocolVersion, macAlg, key)); 2.47 - } 2.48 + if (protocolVersion.useTLS13PlusSpec()) { 2.49 + throw new RuntimeException("No MacAlg used in TLS 1.3"); 2.50 + } else if (protocolVersion.useTLS10PlusSpec()) { 2.51 + return (T)(new TLS10Mac(protocolVersion, macAlg, key)); 2.52 } else { 2.53 - if (protocolVersion.useTLS13PlusSpec()) { 2.54 - throw new RuntimeException("No MacAlg used in TLS 1.3"); 2.55 - } else if (protocolVersion.useTLS10PlusSpec()) { 2.56 - return (T)(new TLS10Mac(protocolVersion, macAlg, key)); 2.57 - } else { 2.58 - return (T)(new SSL30Mac(protocolVersion, macAlg, key)); 2.59 - } 2.60 + return (T)(new SSL30Mac(protocolVersion, macAlg, key)); 2.61 } 2.62 } 2.63 2.64 @@ -95,10 +79,6 @@ 2.65 return new SSLNullMac(); 2.66 } 2.67 2.68 - static Authenticator nullDtlsMac() { 2.69 - return new DTLSNullMac(); 2.70 - } 2.71 - 2.72 /** 2.73 * Checks whether the sequence number is close to wrap. 2.74 * 2.75 @@ -123,8 +103,7 @@ 2.76 abstract boolean seqNumIsHuge(); 2.77 2.78 /** 2.79 - * Gets the current sequence number, including the epoch number for 2.80 - * DTLS protocols. 2.81 + * Gets the current sequence number. 2.82 * 2.83 * @return the byte array of the current sequence number 2.84 */ 2.85 @@ -133,14 +112,6 @@ 2.86 } 2.87 2.88 /** 2.89 - * Sets the epoch number (only apply to DTLS protocols). 2.90 - */ 2.91 - void setEpochNumber(int epoch) { 2.92 - throw new UnsupportedOperationException( 2.93 - "Epoch numbers apply to DTLS protocols only"); 2.94 - } 2.95 - 2.96 - /** 2.97 * Increase the sequence number. 2.98 */ 2.99 final void increaseSequenceNumber() { 2.100 @@ -293,116 +264,6 @@ 2.101 } 2.102 } 2.103 2.104 - private static class DTLSAuthenticator extends Authenticator { 2.105 - private DTLSAuthenticator(byte[] block) { 2.106 - super(block); 2.107 - } 2.108 - 2.109 - @Override 2.110 - boolean seqNumOverflow() { 2.111 - /* 2.112 - * Conservatively, we don't allow more records to be generated 2.113 - * when there are only 2^8 sequence numbers left. 2.114 - */ 2.115 - return (block.length != 0 && 2.116 - // no epoch bytes, block[0] and block[1] 2.117 - block[2] == (byte)0xFF && block[3] == (byte)0xFF && 2.118 - block[4] == (byte)0xFF && block[5] == (byte)0xFF && 2.119 - block[6] == (byte)0xFF); 2.120 - } 2.121 - 2.122 - @Override 2.123 - boolean seqNumIsHuge() { 2.124 - return (block.length != 0 && 2.125 - // no epoch bytes, block[0] and block[1] 2.126 - block[2] == (byte)0xFF && block[3] == (byte)0xFF); 2.127 - } 2.128 - 2.129 - @Override 2.130 - void setEpochNumber(int epoch) { 2.131 - block[0] = (byte)((epoch >> 8) & 0xFF); 2.132 - block[1] = (byte)(epoch & 0xFF); 2.133 - } 2.134 - } 2.135 - 2.136 - // For null MAC only. 2.137 - private static class DTLSNullAuthenticator extends DTLSAuthenticator { 2.138 - private DTLSNullAuthenticator() { 2.139 - // For DTLS protocols, plaintexts use explicit epoch and 2.140 - // sequence number in each record. The first 8 byte of 2.141 - // the block is initialized for null MAC so that the 2.142 - // epoch and sequence number can be acquired to generate 2.143 - // plaintext records. 2.144 - super(new byte[8]); 2.145 - } 2.146 - } 2.147 - 2.148 - // DTLS 1.0/1.2 2.149 - private static class DTLS10Authenticator extends DTLSAuthenticator { 2.150 - // Block size of DTLS v1.0 and later: 2.151 - // epoch + sequence number + 2.152 - // record type + protocol version + record length 2.153 - private static final int BLOCK_SIZE = 13; // 2 + 6 + 1 + 2 + 2; 2.154 - 2.155 - private DTLS10Authenticator(ProtocolVersion protocolVersion) { 2.156 - super(new byte[BLOCK_SIZE]); 2.157 - block[9] = protocolVersion.major; 2.158 - block[10] = protocolVersion.minor; 2.159 - } 2.160 - 2.161 - @Override 2.162 - byte[] acquireAuthenticationBytes( 2.163 - byte type, int length, byte[] sequence) { 2.164 - byte[] ad = block.clone(); 2.165 - if (sequence != null) { 2.166 - if (sequence.length != 8) { 2.167 - throw new RuntimeException( 2.168 - "Insufficient explicit sequence number bytes"); 2.169 - } 2.170 - 2.171 - System.arraycopy(sequence, 0, ad, 0, sequence.length); 2.172 - } else { // Otherwise, use the implicit sequence number. 2.173 - // Increase the implicit sequence number in the block array. 2.174 - increaseSequenceNumber(); 2.175 - } 2.176 - 2.177 - ad[8] = type; 2.178 - ad[11] = (byte)(length >> 8); 2.179 - ad[12] = (byte)(length); 2.180 - 2.181 - return ad; 2.182 - } 2.183 - } 2.184 - 2.185 - // DTLS 1.3 2.186 - private static final class DTLS13Authenticator extends DTLSAuthenticator { 2.187 - // Block size of DTLS v1.0 and later: 2.188 - // epoch + sequence number + 2.189 - // record type + protocol version + record length 2.190 - private static final int BLOCK_SIZE = 13; // 2 + 6 + 1 + 2 + 2; 2.191 - 2.192 - private DTLS13Authenticator(ProtocolVersion protocolVersion) { 2.193 - super(new byte[BLOCK_SIZE]); 2.194 - block[9] = ProtocolVersion.TLS12.major; 2.195 - block[10] = ProtocolVersion.TLS12.minor; 2.196 - } 2.197 - 2.198 - @Override 2.199 - byte[] acquireAuthenticationBytes( 2.200 - byte type, int length, byte[] sequence) { 2.201 - byte[] ad = Arrays.copyOfRange(block, 8, 13); 2.202 - 2.203 - // Increase the implicit sequence number in the block array. 2.204 - increaseSequenceNumber(); 2.205 - 2.206 - ad[0] = type; 2.207 - ad[3] = (byte)(length >> 8); 2.208 - ad[4] = (byte)(length & 0xFF); 2.209 - 2.210 - return ad; 2.211 - } 2.212 - } 2.213 - 2.214 interface MAC { 2.215 MacAlg macAlg(); 2.216 2.217 @@ -582,50 +443,6 @@ 2.218 } 2.219 } 2.220 2.221 - // NULL DTLS MAC 2.222 - private static final 2.223 - class DTLSNullMac extends DTLSNullAuthenticator implements MAC { 2.224 - private final MacImpl macImpl; 2.225 - public DTLSNullMac() { 2.226 - super(); 2.227 - this.macImpl = new MacImpl(); 2.228 - } 2.229 - 2.230 - @Override 2.231 - public MacAlg macAlg() { 2.232 - return macImpl.macAlg; 2.233 - } 2.234 - 2.235 - @Override 2.236 - public byte[] compute(byte type, ByteBuffer bb, 2.237 - byte[] sequence, boolean isSimulated) { 2.238 - return macImpl.compute(type, bb, sequence, isSimulated); 2.239 - } 2.240 - } 2.241 - 2.242 - // DTLS 1.0/1.2 2.243 - private static final class DTLS10Mac 2.244 - extends DTLS10Authenticator implements MAC { 2.245 - private final MacImpl macImpl; 2.246 - public DTLS10Mac(ProtocolVersion protocolVersion, 2.247 - MacAlg macAlg, SecretKey key) throws NoSuchAlgorithmException, 2.248 - InvalidKeyException { 2.249 - super(protocolVersion); 2.250 - this.macImpl = new MacImpl(protocolVersion, macAlg, key); 2.251 - } 2.252 - 2.253 - @Override 2.254 - public MacAlg macAlg() { 2.255 - return macImpl.macAlg; 2.256 - } 2.257 - 2.258 - @Override 2.259 - public byte[] compute(byte type, ByteBuffer bb, 2.260 - byte[] sequence, boolean isSimulated) { 2.261 - return macImpl.compute(type, bb, sequence, isSimulated); 2.262 - } 2.263 - } 2.264 - 2.265 static final long toLong(byte[] recordEnS) { 2.266 if (recordEnS != null && recordEnS.length == 8) { 2.267 return ((recordEnS[0] & 0xFFL) << 56) |
3.1 --- a/src/share/classes/sun/security/ssl/CipherSuite.java Tue Aug 25 08:31:35 2020 +0300 3.2 +++ b/src/share/classes/sun/security/ssl/CipherSuite.java Tue Aug 25 08:35:10 2020 +0300 3.3 @@ -1,5 +1,5 @@ 3.4 /* 3.5 - * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved. 3.6 + * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved. 3.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3.8 * 3.9 * This code is free software; you can redistribute it and/or modify it 3.10 @@ -39,7 +39,7 @@ 3.11 import static sun.security.ssl.SupportedGroupsExtension.NamedGroupType.*; 3.12 3.13 /** 3.14 - * Enum for SSL/(D)TLS cipher suites. 3.15 + * Enum for SSL/TLS cipher suites. 3.16 * 3.17 * Please refer to the "TLS Cipher Suite Registry" section for more details 3.18 * about each cipher suite: 3.19 @@ -952,7 +952,7 @@ 3.20 3.21 // See also SSLWriteCipher.calculatePacketSize(). 3.22 int calculatePacketSize(int fragmentSize, 3.23 - ProtocolVersion protocolVersion, boolean isDTLS) { 3.24 + ProtocolVersion protocolVersion) { 3.25 int packetSize = fragmentSize; 3.26 if (bulkCipher != null && bulkCipher != B_NULL) { 3.27 int blockSize = bulkCipher.ivSize; 3.28 @@ -968,8 +968,7 @@ 3.29 3.30 break; 3.31 case AEAD_CIPHER: 3.32 - if (protocolVersion == ProtocolVersion.TLS12 || 3.33 - protocolVersion == ProtocolVersion.DTLS12) { 3.34 + if (protocolVersion == ProtocolVersion.TLS12) { 3.35 packetSize += 3.36 bulkCipher.ivSize - bulkCipher.fixedIvSize; 3.37 } 3.38 @@ -981,15 +980,13 @@ 3.39 } 3.40 } 3.41 3.42 - return packetSize + 3.43 - (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 3.44 + return packetSize + SSLRecord.headerSize; 3.45 } 3.46 3.47 // See also CipherBox.calculateFragmentSize(). 3.48 int calculateFragSize(int packetLimit, 3.49 - ProtocolVersion protocolVersion, boolean isDTLS) { 3.50 - int fragSize = packetLimit - 3.51 - (isDTLS ? DTLSRecord.headerSize : SSLRecord.headerSize); 3.52 + ProtocolVersion protocolVersion) { 3.53 + int fragSize = packetLimit - SSLRecord.headerSize; 3.54 if (bulkCipher != null && bulkCipher != B_NULL) { 3.55 int blockSize = bulkCipher.ivSize; 3.56 switch (bulkCipher.cipherType) {
4.1 --- a/src/share/classes/sun/security/ssl/CipherType.java Tue Aug 25 08:31:35 2020 +0300 4.2 +++ b/src/share/classes/sun/security/ssl/CipherType.java Tue Aug 25 08:35:10 2020 +0300 4.3 @@ -26,7 +26,7 @@ 4.4 package sun.security.ssl; 4.5 4.6 /** 4.7 - * Enum for SSL/(D)TLS cipher types. 4.8 + * Enum for SSL/TLS cipher types. 4.9 */ 4.10 enum CipherType { 4.11 NULL_CIPHER, // null cipher
5.1 --- a/src/share/classes/sun/security/ssl/ClientHello.java Tue Aug 25 08:31:35 2020 +0300 5.2 +++ b/src/share/classes/sun/security/ssl/ClientHello.java Tue Aug 25 08:35:10 2020 +0300 5.3 @@ -59,10 +59,6 @@ 5.4 new T12ClientHelloConsumer(); 5.5 private static final HandshakeConsumer t13HandshakeConsumer = 5.6 new T13ClientHelloConsumer(); 5.7 - private static final HandshakeConsumer d12HandshakeConsumer = 5.8 - new D12ClientHelloConsumer(); 5.9 - private static final HandshakeConsumer d13HandshakeConsumer = 5.10 - new D13ClientHelloConsumer(); 5.11 5.12 /** 5.13 * The ClientHello handshake message. 5.14 @@ -70,12 +66,9 @@ 5.15 * See RFC 5264/4346/2246/6347 for the specifications. 5.16 */ 5.17 static final class ClientHelloMessage extends HandshakeMessage { 5.18 - private final boolean isDTLS; 5.19 - 5.20 final int clientVersion; 5.21 final RandomCookie clientRandom; 5.22 final SessionId sessionId; 5.23 - private byte[] cookie; // DTLS only 5.24 final int[] cipherSuiteIds; 5.25 final List<CipherSuite> cipherSuites; // known cipher suites only 5.26 final byte[] compressionMethod; 5.27 @@ -87,16 +80,10 @@ 5.28 int clientVersion, SessionId sessionId, 5.29 List<CipherSuite> cipherSuites, SecureRandom generator) { 5.30 super(handshakeContext); 5.31 - this.isDTLS = handshakeContext.sslContext.isDTLS(); 5.32 5.33 this.clientVersion = clientVersion; 5.34 this.clientRandom = new RandomCookie(generator); 5.35 this.sessionId = sessionId; 5.36 - if (isDTLS) { 5.37 - this.cookie = new byte[0]; 5.38 - } else { 5.39 - this.cookie = null; 5.40 - } 5.41 5.42 this.cipherSuites = cipherSuites; 5.43 this.cipherSuiteIds = getCipherSuiteIds(cipherSuites); 5.44 @@ -114,8 +101,6 @@ 5.45 */ 5.46 static void readPartial(TransportContext tc, 5.47 ByteBuffer m) throws IOException { 5.48 - boolean isDTLS = tc.sslContext.isDTLS(); 5.49 - 5.50 // version 5.51 Record.getInt16(m); 5.52 5.53 @@ -124,11 +109,6 @@ 5.54 // session ID 5.55 Record.getBytes8(m); 5.56 5.57 - // DTLS cookie 5.58 - if (isDTLS) { 5.59 - Record.getBytes8(m); 5.60 - } 5.61 - 5.62 // cipher suite IDs 5.63 Record.getBytes16(m); 5.64 // compression method 5.65 @@ -161,7 +141,6 @@ 5.66 ClientHelloMessage(HandshakeContext handshakeContext, ByteBuffer m, 5.67 SSLExtension[] supportedExtensions) throws IOException { 5.68 super(handshakeContext); 5.69 - this.isDTLS = handshakeContext.sslContext.isDTLS(); 5.70 5.71 this.clientVersion = ((m.get() & 0xFF) << 8) | (m.get() & 0xFF); 5.72 this.clientRandom = new RandomCookie(m); 5.73 @@ -172,12 +151,6 @@ 5.74 throw handshakeContext.conContext.fatal( 5.75 Alert.ILLEGAL_PARAMETER, ex); 5.76 } 5.77 - if (isDTLS) { 5.78 - this.cookie = Record.getBytes8(m); 5.79 - } else { 5.80 - this.cookie = null; 5.81 - } 5.82 - 5.83 byte[] encodedIds = Record.getBytes16(m); 5.84 if (encodedIds.length == 0 || (encodedIds.length & 0x01) != 0) { 5.85 throw handshakeContext.conContext.fatal( 5.86 @@ -202,32 +175,7 @@ 5.87 } 5.88 } 5.89 5.90 - void setHelloCookie(byte[] cookie) { 5.91 - this.cookie = cookie; 5.92 - } 5.93 - 5.94 - // DTLS 1.0/1.2, for cookie generation. 5.95 - byte[] getHelloCookieBytes() { 5.96 - HandshakeOutStream hos = new HandshakeOutStream(null); 5.97 - try { 5.98 - // copied from send() method 5.99 - hos.putInt8((byte)((clientVersion >>> 8) & 0xFF)); 5.100 - hos.putInt8((byte)(clientVersion & 0xFF)); 5.101 - hos.write(clientRandom.randomBytes, 0, 32); 5.102 - hos.putBytes8(sessionId.getId()); 5.103 - // ignore cookie 5.104 - hos.putBytes16(getEncodedCipherSuites()); 5.105 - hos.putBytes8(compressionMethod); 5.106 - extensions.send(hos); // In TLS 1.3, use of certain 5.107 - // extensions is mandatory. 5.108 - } catch (IOException ioe) { 5.109 - // unlikely 5.110 - } 5.111 - 5.112 - return hos.toByteArray(); 5.113 - } 5.114 - 5.115 - // (D)TLS 1.3, for cookie generation. 5.116 + // TLS 1.3, for cookie generation. 5.117 byte[] getHeaderBytes() { 5.118 HandshakeOutStream hos = new HandshakeOutStream(null); 5.119 try { 5.120 @@ -304,7 +252,6 @@ 5.121 */ 5.122 return (2 + 32 + 1 + 2 + 1 5.123 + sessionId.length() /* ... + variable parts */ 5.124 - + (isDTLS ? (1 + cookie.length) : 0) 5.125 + (cipherSuiteIds.length * 2) 5.126 + compressionMethod.length) 5.127 + extensions.length(); // In TLS 1.3, use of certain 5.128 @@ -323,64 +270,34 @@ 5.129 hos.putInt8((byte) clientVersion); 5.130 hos.write(clientRandom.randomBytes, 0, 32); 5.131 hos.putBytes8(sessionId.getId()); 5.132 - if (isDTLS) { 5.133 - hos.putBytes8(cookie); 5.134 - } 5.135 hos.putBytes16(getEncodedCipherSuites()); 5.136 hos.putBytes8(compressionMethod); 5.137 } 5.138 5.139 @Override 5.140 public String toString() { 5.141 - if (isDTLS) { 5.142 - MessageFormat messageFormat = new MessageFormat( 5.143 - "\"ClientHello\": '{'\n" + 5.144 - " \"client version\" : \"{0}\",\n" + 5.145 - " \"random\" : \"{1}\",\n" + 5.146 - " \"session id\" : \"{2}\",\n" + 5.147 - " \"cookie\" : \"{3}\",\n" + 5.148 - " \"cipher suites\" : \"{4}\",\n" + 5.149 - " \"compression methods\" : \"{5}\",\n" + 5.150 - " \"extensions\" : [\n" + 5.151 - "{6}\n" + 5.152 - " ]\n" + 5.153 - "'}'", 5.154 - Locale.ENGLISH); 5.155 - Object[] messageFields = { 5.156 - ProtocolVersion.nameOf(clientVersion), 5.157 - Utilities.toHexString(clientRandom.randomBytes), 5.158 - sessionId.toString(), 5.159 - Utilities.toHexString(cookie), 5.160 - getCipherSuiteNames().toString(), 5.161 - Utilities.toHexString(compressionMethod), 5.162 - Utilities.indent(Utilities.indent(extensions.toString())) 5.163 - }; 5.164 + MessageFormat messageFormat = new MessageFormat( 5.165 + "\"ClientHello\": '{'\n" + 5.166 + " \"client version\" : \"{0}\",\n" + 5.167 + " \"random\" : \"{1}\",\n" + 5.168 + " \"session id\" : \"{2}\",\n" + 5.169 + " \"cipher suites\" : \"{3}\",\n" + 5.170 + " \"compression methods\" : \"{4}\",\n" + 5.171 + " \"extensions\" : [\n" + 5.172 + "{5}\n" + 5.173 + " ]\n" + 5.174 + "'}'", 5.175 + Locale.ENGLISH); 5.176 + Object[] messageFields = { 5.177 + ProtocolVersion.nameOf(clientVersion), 5.178 + Utilities.toHexString(clientRandom.randomBytes), 5.179 + sessionId.toString(), 5.180 + getCipherSuiteNames().toString(), 5.181 + Utilities.toHexString(compressionMethod), 5.182 + Utilities.indent(Utilities.indent(extensions.toString())) 5.183 + }; 5.184 5.185 - return messageFormat.format(messageFields); 5.186 - } else { 5.187 - MessageFormat messageFormat = new MessageFormat( 5.188 - "\"ClientHello\": '{'\n" + 5.189 - " \"client version\" : \"{0}\",\n" + 5.190 - " \"random\" : \"{1}\",\n" + 5.191 - " \"session id\" : \"{2}\",\n" + 5.192 - " \"cipher suites\" : \"{3}\",\n" + 5.193 - " \"compression methods\" : \"{4}\",\n" + 5.194 - " \"extensions\" : [\n" + 5.195 - "{5}\n" + 5.196 - " ]\n" + 5.197 - "'}'", 5.198 - Locale.ENGLISH); 5.199 - Object[] messageFields = { 5.200 - ProtocolVersion.nameOf(clientVersion), 5.201 - Utilities.toHexString(clientRandom.randomBytes), 5.202 - sessionId.toString(), 5.203 - getCipherSuiteNames().toString(), 5.204 - Utilities.toHexString(compressionMethod), 5.205 - Utilities.indent(Utilities.indent(extensions.toString())) 5.206 - }; 5.207 - 5.208 - return messageFormat.format(messageFields); 5.209 - } 5.210 + return messageFormat.format(messageFields); 5.211 } 5.212 } 5.213 5.214 @@ -626,14 +543,10 @@ 5.215 // Create the handshake message. 5.216 ProtocolVersion clientHelloVersion = maxProtocolVersion; 5.217 if (clientHelloVersion.useTLS13PlusSpec()) { 5.218 - // In (D)TLS 1.3, the client indicates its version preferences 5.219 + // In TLS 1.3, the client indicates its version preferences 5.220 // in the "supported_versions" extension and the client_version 5.221 - // (legacy_version) field MUST be set to (D)TLS 1.2. 5.222 - if (clientHelloVersion.isDTLS) { 5.223 - clientHelloVersion = ProtocolVersion.DTLS12; 5.224 - } else { 5.225 - clientHelloVersion = ProtocolVersion.TLS12; 5.226 - } 5.227 + // (legacy_version) field MUST be set to TLS 1.2. 5.228 + clientHelloVersion = ProtocolVersion.TLS12; 5.229 } 5.230 5.231 ClientHelloMessage chm = new ClientHelloMessage(chc, 5.232 @@ -664,12 +577,6 @@ 5.233 // What's the expected response? 5.234 chc.handshakeConsumers.put( 5.235 SSLHandshake.SERVER_HELLO.id, SSLHandshake.SERVER_HELLO); 5.236 - if (chc.sslContext.isDTLS() && 5.237 - !minimumVersion.useTLS13PlusSpec()) { 5.238 - chc.handshakeConsumers.put( 5.239 - SSLHandshake.HELLO_VERIFY_REQUEST.id, 5.240 - SSLHandshake.HELLO_VERIFY_REQUEST); 5.241 - } 5.242 5.243 // The handshake message has been delivered. 5.244 return null; 5.245 @@ -686,7 +593,6 @@ 5.246 // Response to one of the following handshake message: 5.247 // HelloRequest (SSL 3.0/TLS 1.0/1.1/1.2) 5.248 // ServerHello(HelloRetryRequest) (TLS 1.3) 5.249 - // HelloVerifyRequest (DTLS 1.0/1.2) 5.250 @Override 5.251 public byte[] produce(ConnectionContext context, 5.252 HandshakeMessage message) throws IOException { 5.253 @@ -710,41 +616,6 @@ 5.254 5.255 // The handshake message has been delivered. 5.256 return null; 5.257 - case HELLO_VERIFY_REQUEST: 5.258 - // DTLS 1.0/1.2 5.259 - // 5.260 - // The HelloVerifyRequest consumer should have updated the 5.261 - // ClientHello handshake message with cookie. 5.262 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 5.263 - SSLLogger.fine( 5.264 - "Produced ClientHello(cookie) handshake message", 5.265 - chc.initialClientHelloMsg); 5.266 - } 5.267 - 5.268 - // Output the handshake message. 5.269 - chc.initialClientHelloMsg.write(chc.handshakeOutput); 5.270 - chc.handshakeOutput.flush(); 5.271 - 5.272 - // What's the expected response? 5.273 - chc.handshakeConsumers.put(SSLHandshake.SERVER_HELLO.id, 5.274 - SSLHandshake.SERVER_HELLO); 5.275 - 5.276 - ProtocolVersion minimumVersion = ProtocolVersion.NONE; 5.277 - for (ProtocolVersion pv : chc.activeProtocols) { 5.278 - if (minimumVersion == ProtocolVersion.NONE || 5.279 - pv.compare(minimumVersion) < 0) { 5.280 - minimumVersion = pv; 5.281 - } 5.282 - } 5.283 - if (chc.sslContext.isDTLS() && 5.284 - !minimumVersion.useTLS13PlusSpec()) { 5.285 - chc.handshakeConsumers.put( 5.286 - SSLHandshake.HELLO_VERIFY_REQUEST.id, 5.287 - SSLHandshake.HELLO_VERIFY_REQUEST); 5.288 - } 5.289 - 5.290 - // The handshake message has been delivered. 5.291 - return null; 5.292 case HELLO_RETRY_REQUEST: 5.293 // TLS 1.3 5.294 // The HelloRetryRequest consumer should have updated the 5.295 @@ -841,18 +712,10 @@ 5.296 } 5.297 5.298 // Consume the handshake message for the specific protocol version. 5.299 - if (negotiatedProtocol.isDTLS) { 5.300 - if (negotiatedProtocol.useTLS13PlusSpec()) { 5.301 - d13HandshakeConsumer.consume(context, clientHello); 5.302 - } else { 5.303 - d12HandshakeConsumer.consume(context, clientHello); 5.304 - } 5.305 + if (negotiatedProtocol.useTLS13PlusSpec()) { 5.306 + t13HandshakeConsumer.consume(context, clientHello); 5.307 } else { 5.308 - if (negotiatedProtocol.useTLS13PlusSpec()) { 5.309 - t13HandshakeConsumer.consume(context, clientHello); 5.310 - } else { 5.311 - t12HandshakeConsumer.consume(context, clientHello); 5.312 - } 5.313 + t12HandshakeConsumer.consume(context, clientHello); 5.314 } 5.315 } 5.316 5.317 @@ -865,14 +728,8 @@ 5.318 // Per TLS 1.3 specification, server MUST negotiate TLS 1.2 or prior 5.319 // even if ClientHello.client_version is 0x0304 or later. 5.320 int chv = clientHelloVersion; 5.321 - if (context.sslContext.isDTLS()) { 5.322 - if (chv < ProtocolVersion.DTLS12.id) { 5.323 - chv = ProtocolVersion.DTLS12.id; 5.324 - } 5.325 - } else { 5.326 - if (chv > ProtocolVersion.TLS12.id) { 5.327 - chv = ProtocolVersion.TLS12.id; 5.328 - } 5.329 + if (chv > ProtocolVersion.TLS12.id) { 5.330 + chv = ProtocolVersion.TLS12.id; 5.331 } 5.332 5.333 // Select a protocol version from the activated protocols. 5.334 @@ -1236,207 +1093,4 @@ 5.335 } 5.336 } 5.337 } 5.338 - 5.339 - /** 5.340 - * The "ClientHello" handshake message consumer for DTLS 1.2 and 5.341 - * previous DTLS protocol versions. 5.342 - */ 5.343 - private static final 5.344 - class D12ClientHelloConsumer implements HandshakeConsumer { 5.345 - // Prevent instantiation of this class. 5.346 - private D12ClientHelloConsumer() { 5.347 - // blank 5.348 - } 5.349 - 5.350 - @Override 5.351 - public void consume(ConnectionContext context, 5.352 - HandshakeMessage message) throws IOException { 5.353 - // The consuming happens in server side only. 5.354 - ServerHandshakeContext shc = (ServerHandshakeContext)context; 5.355 - ClientHelloMessage clientHello = (ClientHelloMessage)message; 5.356 - 5.357 - // 5.358 - // validate 5.359 - // 5.360 - 5.361 - // Reject client initiated renegotiation? 5.362 - // 5.363 - // If server side should reject client-initiated renegotiation, 5.364 - // send an Alert.HANDSHAKE_FAILURE fatal alert, not a 5.365 - // no_renegotiation warning alert (no_renegotiation must be a 5.366 - // warning: RFC 2246). no_renegotiation might seem more 5.367 - // natural at first, but warnings are not appropriate because 5.368 - // the sending party does not know how the receiving party 5.369 - // will behave. This state must be treated as a fatal server 5.370 - // condition. 5.371 - // 5.372 - // This will not have any impact on server initiated renegotiation. 5.373 - if (shc.conContext.isNegotiated) { 5.374 - if (!shc.conContext.secureRenegotiation && 5.375 - !HandshakeContext.allowUnsafeRenegotiation) { 5.376 - throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, 5.377 - "Unsafe renegotiation is not allowed"); 5.378 - } 5.379 - 5.380 - if (ServerHandshakeContext.rejectClientInitiatedRenego && 5.381 - !shc.kickstartMessageDelivered) { 5.382 - throw shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, 5.383 - "Client initiated renegotiation is not allowed"); 5.384 - } 5.385 - } 5.386 - 5.387 - // Is it an abbreviated handshake? 5.388 - if (clientHello.sessionId.length() != 0) { 5.389 - SSLSessionImpl previous = ((SSLSessionContextImpl)shc.sslContext 5.390 - .engineGetServerSessionContext()) 5.391 - .get(clientHello.sessionId.getId()); 5.392 - 5.393 - boolean resumingSession = 5.394 - (previous != null) && previous.isRejoinable(); 5.395 - if (!resumingSession) { 5.396 - if (SSLLogger.isOn && 5.397 - SSLLogger.isOn("ssl,handshake,verbose")) { 5.398 - SSLLogger.finest( 5.399 - "Can't resume, " + 5.400 - "the existing session is not rejoinable"); 5.401 - } 5.402 - } 5.403 - // Validate the negotiated protocol version. 5.404 - if (resumingSession) { 5.405 - ProtocolVersion sessionProtocol = 5.406 - previous.getProtocolVersion(); 5.407 - if (sessionProtocol != shc.negotiatedProtocol) { 5.408 - resumingSession = false; 5.409 - if (SSLLogger.isOn && 5.410 - SSLLogger.isOn("ssl,handshake,verbose")) { 5.411 - SSLLogger.finest( 5.412 - "Can't resume, not the same protocol version"); 5.413 - } 5.414 - } 5.415 - } 5.416 - 5.417 - // Validate the required client authentication. 5.418 - if (resumingSession && 5.419 - (shc.sslConfig.clientAuthType == CLIENT_AUTH_REQUIRED)) { 5.420 - 5.421 - try { 5.422 - previous.getPeerPrincipal(); 5.423 - } catch (SSLPeerUnverifiedException e) { 5.424 - resumingSession = false; 5.425 - if (SSLLogger.isOn && 5.426 - SSLLogger.isOn("ssl,handshake,verbose")) { 5.427 - SSLLogger.finest( 5.428 - "Can't resume, " + 5.429 - "client authentication is required"); 5.430 - } 5.431 - } 5.432 - } 5.433 - 5.434 - // Validate that the cached cipher suite. 5.435 - if (resumingSession) { 5.436 - CipherSuite suite = previous.getSuite(); 5.437 - if ((!shc.isNegotiable(suite)) || 5.438 - (!clientHello.cipherSuites.contains(suite))) { 5.439 - resumingSession = false; 5.440 - if (SSLLogger.isOn && 5.441 - SSLLogger.isOn("ssl,handshake,verbose")) { 5.442 - SSLLogger.finest( 5.443 - "Can't resume, " + 5.444 - "the session cipher suite is absent"); 5.445 - } 5.446 - } 5.447 - } 5.448 - 5.449 - // So far so good. Note that the handshake extensions may reset 5.450 - // the resuming options later. 5.451 - shc.isResumption = resumingSession; 5.452 - shc.resumingSession = resumingSession ? previous : null; 5.453 - } 5.454 - 5.455 - HelloCookieManager hcm = 5.456 - shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10); 5.457 - if (!shc.isResumption && 5.458 - !hcm.isCookieValid(shc, clientHello, clientHello.cookie)) { 5.459 - // 5.460 - // Perform cookie exchange for DTLS handshaking if no cookie 5.461 - // or the cookie is invalid in the ClientHello message. 5.462 - // 5.463 - // update the responders 5.464 - shc.handshakeProducers.put( 5.465 - SSLHandshake.HELLO_VERIFY_REQUEST.id, 5.466 - SSLHandshake.HELLO_VERIFY_REQUEST); 5.467 - 5.468 - // 5.469 - // produce response handshake message 5.470 - // 5.471 - SSLHandshake.HELLO_VERIFY_REQUEST.produce(context, clientHello); 5.472 - 5.473 - return; 5.474 - } 5.475 - 5.476 - // cache the client random number for further using 5.477 - shc.clientHelloRandom = clientHello.clientRandom; 5.478 - 5.479 - // Check and launch ClientHello extensions. 5.480 - SSLExtension[] extTypes = shc.sslConfig.getEnabledExtensions( 5.481 - SSLHandshake.CLIENT_HELLO); 5.482 - clientHello.extensions.consumeOnLoad(shc, extTypes); 5.483 - 5.484 - // 5.485 - // update 5.486 - // 5.487 - if (!shc.conContext.isNegotiated) { 5.488 - shc.conContext.protocolVersion = shc.negotiatedProtocol; 5.489 - shc.conContext.outputRecord.setVersion(shc.negotiatedProtocol); 5.490 - } 5.491 - 5.492 - // update the responders 5.493 - // 5.494 - // Only need to ServerHello, which may add more responders later. 5.495 - shc.handshakeProducers.put(SSLHandshake.SERVER_HELLO.id, 5.496 - SSLHandshake.SERVER_HELLO); 5.497 - 5.498 - // 5.499 - // produce 5.500 - // 5.501 - SSLHandshake[] probableHandshakeMessages = new SSLHandshake[] { 5.502 - SSLHandshake.SERVER_HELLO, 5.503 - 5.504 - // full handshake messages 5.505 - SSLHandshake.CERTIFICATE, 5.506 - SSLHandshake.CERTIFICATE_STATUS, 5.507 - SSLHandshake.SERVER_KEY_EXCHANGE, 5.508 - SSLHandshake.CERTIFICATE_REQUEST, 5.509 - SSLHandshake.SERVER_HELLO_DONE, 5.510 - 5.511 - // abbreviated handshake messages 5.512 - SSLHandshake.FINISHED 5.513 - }; 5.514 - 5.515 - for (SSLHandshake hs : probableHandshakeMessages) { 5.516 - HandshakeProducer handshakeProducer = 5.517 - shc.handshakeProducers.remove(hs.id); 5.518 - if (handshakeProducer != null) { 5.519 - handshakeProducer.produce(context, clientHello); 5.520 - } 5.521 - } 5.522 - } 5.523 - } 5.524 - 5.525 - /** 5.526 - * The "ClientHello" handshake message consumer for DTLS 1.3. 5.527 - */ 5.528 - private static final 5.529 - class D13ClientHelloConsumer implements HandshakeConsumer { 5.530 - // Prevent instantiation of this class. 5.531 - private D13ClientHelloConsumer() { 5.532 - // blank 5.533 - } 5.534 - 5.535 - @Override 5.536 - public void consume(ConnectionContext context, 5.537 - HandshakeMessage message) throws IOException { 5.538 - throw new UnsupportedOperationException("Not supported yet."); 5.539 - } 5.540 - } 5.541 }
6.1 --- a/src/share/classes/sun/security/ssl/ConnectionContext.java Tue Aug 25 08:31:35 2020 +0300 6.2 +++ b/src/share/classes/sun/security/ssl/ConnectionContext.java Tue Aug 25 08:35:10 2020 +0300 6.3 @@ -26,7 +26,7 @@ 6.4 package sun.security.ssl; 6.5 6.6 /** 6.7 - * SSL/(D)TLS connection context. 6.8 + * SSL/TLS connection context. 6.9 */ 6.10 interface ConnectionContext { 6.11 // blank
7.1 --- a/src/share/classes/sun/security/ssl/ContentType.java Tue Aug 25 08:31:35 2020 +0300 7.2 +++ b/src/share/classes/sun/security/ssl/ContentType.java Tue Aug 25 08:35:10 2020 +0300 7.3 @@ -26,7 +26,7 @@ 7.4 package sun.security.ssl; 7.5 7.6 /** 7.7 - * Enum for SSL/(D)TLS content types. 7.8 + * Enum for SSL/TLS content types. 7.9 */ 7.10 enum ContentType { 7.11 INVALID ((byte)0, "invalid",
8.1 --- a/src/share/classes/sun/security/ssl/DTLSInputRecord.java Tue Aug 25 08:31:35 2020 +0300 8.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 8.3 @@ -1,1575 +0,0 @@ 8.4 -/* 8.5 - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. 8.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 8.7 - * 8.8 - * This code is free software; you can redistribute it and/or modify it 8.9 - * under the terms of the GNU General Public License version 2 only, as 8.10 - * published by the Free Software Foundation. Oracle designates this 8.11 - * particular file as subject to the "Classpath" exception as provided 8.12 - * by Oracle in the LICENSE file that accompanied this code. 8.13 - * 8.14 - * This code is distributed in the hope that it will be useful, but WITHOUT 8.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 8.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 8.17 - * version 2 for more details (a copy is included in the LICENSE file that 8.18 - * accompanied this code). 8.19 - * 8.20 - * You should have received a copy of the GNU General Public License version 8.21 - * 2 along with this work; if not, write to the Free Software Foundation, 8.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 8.23 - * 8.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 9406+5 USA 8.25 - * or visit www.oracle.com if you need additional information or have any 8.26 - * questions. 8.27 - */ 8.28 - 8.29 -package sun.security.ssl; 8.30 - 8.31 -import java.io.IOException; 8.32 -import java.nio.ByteBuffer; 8.33 -import java.security.GeneralSecurityException; 8.34 -import java.util.Collections; 8.35 -import java.util.HashMap; 8.36 -import java.util.Iterator; 8.37 -import java.util.LinkedList; 8.38 -import java.util.List; 8.39 -import java.util.Set; 8.40 -import java.util.TreeSet; 8.41 -import javax.crypto.BadPaddingException; 8.42 -import javax.net.ssl.SSLException; 8.43 -import sun.security.ssl.SSLCipher.SSLReadCipher; 8.44 - 8.45 -/** 8.46 - * DTLS {@code InputRecord} implementation for {@code SSLEngine}. 8.47 - */ 8.48 -final class DTLSInputRecord extends InputRecord implements DTLSRecord { 8.49 - private DTLSReassembler reassembler = null; 8.50 - private int readEpoch; 8.51 - 8.52 - DTLSInputRecord(HandshakeHash handshakeHash) { 8.53 - super(handshakeHash, SSLReadCipher.nullDTlsReadCipher()); 8.54 - this.readEpoch = 0; 8.55 - } 8.56 - 8.57 - @Override 8.58 - void changeReadCiphers(SSLReadCipher readCipher) { 8.59 - this.readCipher = readCipher; 8.60 - this.readEpoch++; 8.61 - } 8.62 - 8.63 - @Override 8.64 - public synchronized void close() throws IOException { 8.65 - if (!isClosed) { 8.66 - super.close(); 8.67 - } 8.68 - } 8.69 - 8.70 - @Override 8.71 - boolean isEmpty() { 8.72 - return ((reassembler == null) || reassembler.isEmpty()); 8.73 - } 8.74 - 8.75 - @Override 8.76 - int estimateFragmentSize(int packetSize) { 8.77 - if (packetSize > 0) { 8.78 - return readCipher.estimateFragmentSize(packetSize, headerSize); 8.79 - } else { 8.80 - return Record.maxDataSize; 8.81 - } 8.82 - } 8.83 - 8.84 - @Override 8.85 - void expectingFinishFlight() { 8.86 - if (reassembler != null) { 8.87 - reassembler.expectingFinishFlight(); 8.88 - } 8.89 - } 8.90 - 8.91 - @Override 8.92 - void finishHandshake() { 8.93 - reassembler = null; 8.94 - } 8.95 - 8.96 - @Override 8.97 - Plaintext acquirePlaintext() { 8.98 - if (reassembler != null) { 8.99 - return reassembler.acquirePlaintext(); 8.100 - } 8.101 - 8.102 - return null; 8.103 - } 8.104 - 8.105 - @Override 8.106 - Plaintext[] decode(ByteBuffer[] srcs, int srcsOffset, 8.107 - int srcsLength) throws IOException, BadPaddingException { 8.108 - if (srcs == null || srcs.length == 0 || srcsLength == 0) { 8.109 - Plaintext pt = acquirePlaintext(); 8.110 - return pt == null ? new Plaintext[0] : new Plaintext[] { pt }; 8.111 - } else if (srcsLength == 1) { 8.112 - return decode(srcs[srcsOffset]); 8.113 - } else { 8.114 - ByteBuffer packet = extract(srcs, 8.115 - srcsOffset, srcsLength, DTLSRecord.headerSize); 8.116 - return decode(packet); 8.117 - } 8.118 - } 8.119 - 8.120 - Plaintext[] decode(ByteBuffer packet) { 8.121 - if (isClosed) { 8.122 - return null; 8.123 - } 8.124 - 8.125 - if (SSLLogger.isOn && SSLLogger.isOn("packet")) { 8.126 - SSLLogger.fine("Raw read", packet); 8.127 - } 8.128 - 8.129 - // The caller should have validated the record. 8.130 - int srcPos = packet.position(); 8.131 - int srcLim = packet.limit(); 8.132 - 8.133 - byte contentType = packet.get(); // pos: 0 8.134 - byte majorVersion = packet.get(); // pos: 1 8.135 - byte minorVersion = packet.get(); // pos: 2 8.136 - byte[] recordEnS = new byte[8]; // epoch + seqence 8.137 - packet.get(recordEnS); 8.138 - int recordEpoch = ((recordEnS[0] & 0xFF) << 8) | 8.139 - (recordEnS[1] & 0xFF); // pos: 3, 4 8.140 - long recordSeq = ((recordEnS[2] & 0xFFL) << 40) | 8.141 - ((recordEnS[3] & 0xFFL) << 32) | 8.142 - ((recordEnS[4] & 0xFFL) << 24) | 8.143 - ((recordEnS[5] & 0xFFL) << 16) | 8.144 - ((recordEnS[6] & 0xFFL) << 8) | 8.145 - (recordEnS[7] & 0xFFL); // pos: 5-10 8.146 - 8.147 - int contentLen = ((packet.get() & 0xFF) << 8) | 8.148 - (packet.get() & 0xFF); // pos: 11, 12 8.149 - 8.150 - if (SSLLogger.isOn && SSLLogger.isOn("record")) { 8.151 - SSLLogger.fine("READ: " + 8.152 - ProtocolVersion.nameOf(majorVersion, minorVersion) + 8.153 - " " + ContentType.nameOf(contentType) + ", length = " + 8.154 - contentLen); 8.155 - } 8.156 - 8.157 - int recLim = Math.addExact(srcPos, DTLSRecord.headerSize + contentLen); 8.158 - 8.159 - if (this.readEpoch > recordEpoch) { 8.160 - // Reset the position of the packet buffer. 8.161 - packet.position(recLim); 8.162 - if (SSLLogger.isOn && SSLLogger.isOn("record")) { 8.163 - SSLLogger.fine("READ: discard this old record", recordEnS); 8.164 - } 8.165 - return null; 8.166 - } 8.167 - 8.168 - // Buffer next epoch message if necessary. 8.169 - if (this.readEpoch < recordEpoch) { 8.170 - // Discard the record younger than the current epcoh if: 8.171 - // 1. it is not a handshake message, or 8.172 - // 3. it is not of next epoch. 8.173 - if ((contentType != ContentType.HANDSHAKE.id && 8.174 - contentType != ContentType.CHANGE_CIPHER_SPEC.id) || 8.175 - (reassembler == null && 8.176 - contentType != ContentType.HANDSHAKE.id) || 8.177 - (this.readEpoch < (recordEpoch - 1))) { 8.178 - 8.179 - packet.position(recLim); 8.180 - 8.181 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.182 - SSLLogger.fine("Premature record (epoch), discard it."); 8.183 - } 8.184 - 8.185 - return null; 8.186 - } 8.187 - 8.188 - 8.189 - // Not ready to decrypt this record, may be an encrypted Finished 8.190 - // message, need to buffer it. 8.191 - byte[] fragment = new byte[contentLen]; 8.192 - packet.get(fragment); // copy the fragment 8.193 - RecordFragment buffered = new RecordFragment(fragment, contentType, 8.194 - majorVersion, minorVersion, 8.195 - recordEnS, recordEpoch, recordSeq, true); 8.196 - 8.197 - if (reassembler == null) { 8.198 - reassembler = new DTLSReassembler(recordEpoch); 8.199 - } 8.200 - reassembler.queueUpFragment(buffered); 8.201 - 8.202 - // consume the full record in the packet buffer. 8.203 - packet.position(recLim); 8.204 - 8.205 - Plaintext pt = reassembler.acquirePlaintext(); 8.206 - return pt == null ? null : new Plaintext[] { pt }; 8.207 - } 8.208 - 8.209 - // 8.210 - // Now, the message is of this epoch. 8.211 - // 8.212 - // decrypt the fragment 8.213 - packet.limit(recLim); 8.214 - packet.position(srcPos + DTLSRecord.headerSize); 8.215 - 8.216 - ByteBuffer plaintextFragment; 8.217 - try { 8.218 - Plaintext plaintext = 8.219 - readCipher.decrypt(contentType, packet, recordEnS); 8.220 - plaintextFragment = plaintext.fragment; 8.221 - contentType = plaintext.contentType; 8.222 - } catch (GeneralSecurityException gse) { 8.223 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 8.224 - SSLLogger.fine("Discard invalid record: " + gse); 8.225 - } 8.226 - 8.227 - // invalid, discard this record [section 4.1.2.7, RFC 6347] 8.228 - return null; 8.229 - } finally { 8.230 - // consume a complete record 8.231 - packet.limit(srcLim); 8.232 - packet.position(recLim); 8.233 - } 8.234 - 8.235 - if (contentType != ContentType.CHANGE_CIPHER_SPEC.id && 8.236 - contentType != ContentType.HANDSHAKE.id) { // app data or alert 8.237 - // no retransmission 8.238 - // Cleanup the handshake reassembler if necessary. 8.239 - if ((reassembler != null) && 8.240 - (reassembler.handshakeEpoch < recordEpoch)) { 8.241 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.242 - SSLLogger.fine("Cleanup the handshake reassembler"); 8.243 - } 8.244 - 8.245 - reassembler = null; 8.246 - } 8.247 - 8.248 - return new Plaintext[] { 8.249 - new Plaintext(contentType, majorVersion, minorVersion, 8.250 - recordEpoch, Authenticator.toLong(recordEnS), 8.251 - plaintextFragment)}; 8.252 - } 8.253 - 8.254 - if (contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.255 - if (reassembler == null) { 8.256 - reassembler = new DTLSReassembler(recordEpoch); 8.257 - } 8.258 - 8.259 - reassembler.queueUpChangeCipherSpec( 8.260 - new RecordFragment(plaintextFragment, contentType, 8.261 - majorVersion, minorVersion, 8.262 - recordEnS, recordEpoch, recordSeq, false)); 8.263 - } else { // handshake record 8.264 - // One record may contain 1+ more handshake messages. 8.265 - while (plaintextFragment.remaining() > 0) { 8.266 - 8.267 - HandshakeFragment hsFrag = parseHandshakeMessage( 8.268 - contentType, majorVersion, minorVersion, 8.269 - recordEnS, recordEpoch, recordSeq, plaintextFragment); 8.270 - 8.271 - if (hsFrag == null) { 8.272 - // invalid, discard this record 8.273 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.274 - SSLLogger.fine( 8.275 - "Invalid handshake message, discard it."); 8.276 - } 8.277 - 8.278 - return null; 8.279 - } 8.280 - 8.281 - if (reassembler == null) { 8.282 - reassembler = new DTLSReassembler(recordEpoch); 8.283 - } 8.284 - 8.285 - reassembler.queueUpHandshake(hsFrag); 8.286 - } 8.287 - } 8.288 - 8.289 - // Completed the read of the full record. Acquire the reassembled 8.290 - // messages. 8.291 - if (reassembler != null) { 8.292 - Plaintext pt = reassembler.acquirePlaintext(); 8.293 - return pt == null ? null : new Plaintext[] { pt }; 8.294 - } 8.295 - 8.296 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.297 - SSLLogger.fine("The reassembler is not initialized yet."); 8.298 - } 8.299 - 8.300 - return null; 8.301 - } 8.302 - 8.303 - @Override 8.304 - int bytesInCompletePacket( 8.305 - ByteBuffer[] srcs, int srcsOffset, int srcsLength) throws IOException { 8.306 - 8.307 - return bytesInCompletePacket(srcs[srcsOffset]); 8.308 - } 8.309 - 8.310 - private int bytesInCompletePacket(ByteBuffer packet) throws SSLException { 8.311 - 8.312 - // DTLS length field is in bytes 11/12 8.313 - if (packet.remaining() < headerSize) { 8.314 - return -1; 8.315 - } 8.316 - 8.317 - // Last sanity check that it's not a wild record 8.318 - int pos = packet.position(); 8.319 - 8.320 - // Check the content type of the record. 8.321 - byte contentType = packet.get(pos); 8.322 - if (ContentType.valueOf(contentType) == null) { 8.323 - throw new SSLException( 8.324 - "Unrecognized SSL message, plaintext connection?"); 8.325 - } 8.326 - 8.327 - // Check the protocol version of the record. 8.328 - byte majorVersion = packet.get(pos + 1); 8.329 - byte minorVersion = packet.get(pos + 2); 8.330 - if (!ProtocolVersion.isNegotiable( 8.331 - majorVersion, minorVersion, true, false)) { 8.332 - throw new SSLException("Unrecognized record version " + 8.333 - ProtocolVersion.nameOf(majorVersion, minorVersion) + 8.334 - " , plaintext connection?"); 8.335 - } 8.336 - 8.337 - // Get the fragment length of the record. 8.338 - int fragLen = ((packet.get(pos + 11) & 0xFF) << 8) + 8.339 - (packet.get(pos + 12) & 0xFF) + headerSize; 8.340 - if (fragLen > Record.maxFragmentSize) { 8.341 - throw new SSLException( 8.342 - "Record overflow, fragment length (" + fragLen + 8.343 - ") MUST not exceed " + Record.maxFragmentSize); 8.344 - } 8.345 - 8.346 - return fragLen; 8.347 - } 8.348 - 8.349 - private static HandshakeFragment parseHandshakeMessage( 8.350 - byte contentType, byte majorVersion, byte minorVersion, 8.351 - byte[] recordEnS, int recordEpoch, long recordSeq, 8.352 - ByteBuffer plaintextFragment) { 8.353 - 8.354 - int remaining = plaintextFragment.remaining(); 8.355 - if (remaining < handshakeHeaderSize) { 8.356 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 8.357 - SSLLogger.fine("Discard invalid record: " + 8.358 - "too small record to hold a handshake fragment"); 8.359 - } 8.360 - 8.361 - // invalid, discard this record [section 4.1.2.7, RFC 6347] 8.362 - return null; 8.363 - } 8.364 - 8.365 - byte handshakeType = plaintextFragment.get(); // pos: 0 8.366 - int messageLength = 8.367 - ((plaintextFragment.get() & 0xFF) << 16) | 8.368 - ((plaintextFragment.get() & 0xFF) << 8) | 8.369 - (plaintextFragment.get() & 0xFF); // pos: 1-3 8.370 - int messageSeq = 8.371 - ((plaintextFragment.get() & 0xFF) << 8) | 8.372 - (plaintextFragment.get() & 0xFF); // pos: 4/5 8.373 - int fragmentOffset = 8.374 - ((plaintextFragment.get() & 0xFF) << 16) | 8.375 - ((plaintextFragment.get() & 0xFF) << 8) | 8.376 - (plaintextFragment.get() & 0xFF); // pos: 6-8 8.377 - int fragmentLength = 8.378 - ((plaintextFragment.get() & 0xFF) << 16) | 8.379 - ((plaintextFragment.get() & 0xFF) << 8) | 8.380 - (plaintextFragment.get() & 0xFF); // pos: 9-11 8.381 - if ((remaining - handshakeHeaderSize) < fragmentLength) { 8.382 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 8.383 - SSLLogger.fine("Discard invalid record: " + 8.384 - "not a complete handshake fragment in the record"); 8.385 - } 8.386 - 8.387 - // invalid, discard this record [section 4.1.2.7, RFC 6347] 8.388 - return null; 8.389 - } 8.390 - 8.391 - byte[] fragment = new byte[fragmentLength]; 8.392 - plaintextFragment.get(fragment); 8.393 - 8.394 - return new HandshakeFragment(fragment, contentType, 8.395 - majorVersion, minorVersion, 8.396 - recordEnS, recordEpoch, recordSeq, 8.397 - handshakeType, messageLength, 8.398 - messageSeq, fragmentOffset, fragmentLength); 8.399 - } 8.400 - 8.401 - // buffered record fragment 8.402 - private static class RecordFragment implements Comparable<RecordFragment> { 8.403 - boolean isCiphertext; 8.404 - 8.405 - byte contentType; 8.406 - byte majorVersion; 8.407 - byte minorVersion; 8.408 - int recordEpoch; 8.409 - long recordSeq; 8.410 - byte[] recordEnS; 8.411 - byte[] fragment; 8.412 - 8.413 - RecordFragment(ByteBuffer fragBuf, byte contentType, 8.414 - byte majorVersion, byte minorVersion, byte[] recordEnS, 8.415 - int recordEpoch, long recordSeq, boolean isCiphertext) { 8.416 - this((byte[])null, contentType, majorVersion, minorVersion, 8.417 - recordEnS, recordEpoch, recordSeq, isCiphertext); 8.418 - 8.419 - this.fragment = new byte[fragBuf.remaining()]; 8.420 - fragBuf.get(this.fragment); 8.421 - } 8.422 - 8.423 - RecordFragment(byte[] fragment, byte contentType, 8.424 - byte majorVersion, byte minorVersion, byte[] recordEnS, 8.425 - int recordEpoch, long recordSeq, boolean isCiphertext) { 8.426 - this.isCiphertext = isCiphertext; 8.427 - 8.428 - this.contentType = contentType; 8.429 - this.majorVersion = majorVersion; 8.430 - this.minorVersion = minorVersion; 8.431 - this.recordEpoch = recordEpoch; 8.432 - this.recordSeq = recordSeq; 8.433 - this.recordEnS = recordEnS; 8.434 - this.fragment = fragment; // The caller should have cloned 8.435 - // the buffer if necessary. 8.436 - } 8.437 - 8.438 - @Override 8.439 - public int compareTo(RecordFragment o) { 8.440 - if (this.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.441 - if (o.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.442 - // Only one incoming ChangeCipherSpec message for an epoch. 8.443 - // 8.444 - // Ignore duplicated ChangeCipherSpec messages. 8.445 - return Integer.compare(this.recordEpoch, o.recordEpoch); 8.446 - } else if ((this.recordEpoch == o.recordEpoch) && 8.447 - (o.contentType == ContentType.HANDSHAKE.id)) { 8.448 - // ChangeCipherSpec is the latest message of an epoch. 8.449 - return 1; 8.450 - } 8.451 - } else if (o.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.452 - if ((this.recordEpoch == o.recordEpoch) && 8.453 - (this.contentType == ContentType.HANDSHAKE.id)) { 8.454 - // ChangeCipherSpec is the latest message of an epoch. 8.455 - return -1; 8.456 - } else { 8.457 - // different epoch or this is not a handshake message 8.458 - return compareToSequence(o.recordEpoch, o.recordSeq); 8.459 - } 8.460 - } 8.461 - 8.462 - return compareToSequence(o.recordEpoch, o.recordSeq); 8.463 - } 8.464 - 8.465 - int compareToSequence(int epoch, long seq) { 8.466 - if (this.recordEpoch > epoch) { 8.467 - return 1; 8.468 - } else if (this.recordEpoch == epoch) { 8.469 - return Long.compare(this.recordSeq, seq); 8.470 - } else { 8.471 - return -1; 8.472 - } 8.473 - } 8.474 - } 8.475 - 8.476 - // buffered handshake message 8.477 - private static final class HandshakeFragment extends RecordFragment { 8.478 - 8.479 - byte handshakeType; // handshake msg_type 8.480 - int messageSeq; // message_seq 8.481 - int messageLength; // Handshake body length 8.482 - int fragmentOffset; // fragment_offset 8.483 - int fragmentLength; // fragment_length 8.484 - 8.485 - HandshakeFragment(byte[] fragment, byte contentType, 8.486 - byte majorVersion, byte minorVersion, byte[] recordEnS, 8.487 - int recordEpoch, long recordSeq, 8.488 - byte handshakeType, int messageLength, 8.489 - int messageSeq, int fragmentOffset, int fragmentLength) { 8.490 - 8.491 - super(fragment, contentType, majorVersion, minorVersion, 8.492 - recordEnS, recordEpoch , recordSeq, false); 8.493 - 8.494 - this.handshakeType = handshakeType; 8.495 - this.messageSeq = messageSeq; 8.496 - this.messageLength = messageLength; 8.497 - this.fragmentOffset = fragmentOffset; 8.498 - this.fragmentLength = fragmentLength; 8.499 - } 8.500 - 8.501 - @Override 8.502 - public int compareTo(RecordFragment o) { 8.503 - if (o instanceof HandshakeFragment) { 8.504 - HandshakeFragment other = (HandshakeFragment)o; 8.505 - if (this.messageSeq != other.messageSeq) { 8.506 - // keep the insertion order of handshake messages 8.507 - return this.messageSeq - other.messageSeq; 8.508 - } else if (this.fragmentOffset != other.fragmentOffset) { 8.509 - // small fragment offset was transmitted first 8.510 - return this.fragmentOffset - other.fragmentOffset; 8.511 - } else if (this.fragmentLength == other.fragmentLength) { 8.512 - // retransmissions, ignore duplicated messages. 8.513 - return 0; 8.514 - } 8.515 - 8.516 - // Should be repacked for suitable fragment length. 8.517 - // 8.518 - // Note that the acquiring processes will reassemble 8.519 - // the fragments later. 8.520 - return compareToSequence(o.recordEpoch, o.recordSeq); 8.521 - } 8.522 - 8.523 - return super.compareTo(o); 8.524 - } 8.525 - } 8.526 - 8.527 - private static final class HoleDescriptor { 8.528 - int offset; // fragment_offset 8.529 - int limit; // fragment_offset + fragment_length 8.530 - 8.531 - HoleDescriptor(int offset, int limit) { 8.532 - this.offset = offset; 8.533 - this.limit = limit; 8.534 - } 8.535 - } 8.536 - 8.537 - private static final class HandshakeFlight implements Cloneable { 8.538 - static final byte HF_UNKNOWN = SSLHandshake.NOT_APPLICABLE.id; 8.539 - 8.540 - byte handshakeType; // handshake type 8.541 - int flightEpoch; // the epoch of the first message 8.542 - int minMessageSeq; // minimal message sequence 8.543 - 8.544 - int maxMessageSeq; // maximum message sequence 8.545 - int maxRecordEpoch; // maximum record sequence number 8.546 - long maxRecordSeq; // maximum record sequence number 8.547 - 8.548 - HashMap<Byte, List<HoleDescriptor>> holesMap; 8.549 - 8.550 - HandshakeFlight() { 8.551 - this.handshakeType = HF_UNKNOWN; 8.552 - this.flightEpoch = 0; 8.553 - this.minMessageSeq = 0; 8.554 - 8.555 - this.maxMessageSeq = 0; 8.556 - this.maxRecordEpoch = 0; 8.557 - this.maxRecordSeq = -1; 8.558 - 8.559 - this.holesMap = new HashMap<>(5); 8.560 - } 8.561 - 8.562 - boolean isRetransmitOf(HandshakeFlight hs) { 8.563 - return (hs != null) && 8.564 - (this.handshakeType == hs.handshakeType) && 8.565 - (this.minMessageSeq == hs.minMessageSeq); 8.566 - } 8.567 - 8.568 - @Override 8.569 - public Object clone() { 8.570 - HandshakeFlight hf = new HandshakeFlight(); 8.571 - 8.572 - hf.handshakeType = this.handshakeType; 8.573 - hf.flightEpoch = this.flightEpoch; 8.574 - hf.minMessageSeq = this.minMessageSeq; 8.575 - 8.576 - hf.maxMessageSeq = this.maxMessageSeq; 8.577 - hf.maxRecordEpoch = this.maxRecordEpoch; 8.578 - hf.maxRecordSeq = this.maxRecordSeq; 8.579 - 8.580 - hf.holesMap = new HashMap<>(this.holesMap); 8.581 - 8.582 - return hf; 8.583 - } 8.584 - } 8.585 - 8.586 - final class DTLSReassembler { 8.587 - // The handshake epoch. 8.588 - final int handshakeEpoch; 8.589 - 8.590 - // The buffered fragments. 8.591 - TreeSet<RecordFragment> bufferedFragments = new TreeSet<>(); 8.592 - 8.593 - // The handshake flight in progress. 8.594 - HandshakeFlight handshakeFlight = new HandshakeFlight(); 8.595 - 8.596 - // The preceding handshake flight. 8.597 - HandshakeFlight precedingFlight = null; 8.598 - 8.599 - // Epoch, sequence number and handshake message sequence of the 8.600 - // next message acquisition of a flight. 8.601 - int nextRecordEpoch; // next record epoch 8.602 - long nextRecordSeq = 0; // next record sequence number 8.603 - 8.604 - // Expect ChangeCipherSpec and Finished messages for the final flight. 8.605 - boolean expectCCSFlight = false; 8.606 - 8.607 - // Ready to process this flight if received all messages of the flight. 8.608 - boolean flightIsReady = false; 8.609 - boolean needToCheckFlight = false; 8.610 - 8.611 - DTLSReassembler(int handshakeEpoch) { 8.612 - this.handshakeEpoch = handshakeEpoch; 8.613 - this.nextRecordEpoch = handshakeEpoch; 8.614 - 8.615 - this.handshakeFlight.flightEpoch = handshakeEpoch; 8.616 - } 8.617 - 8.618 - void expectingFinishFlight() { 8.619 - expectCCSFlight = true; 8.620 - } 8.621 - 8.622 - // Queue up a handshake message. 8.623 - void queueUpHandshake(HandshakeFragment hsf) { 8.624 - if (!isDesirable(hsf)) { 8.625 - // Not a dedired record, discard it. 8.626 - return; 8.627 - } 8.628 - 8.629 - // Clean up the retransmission messages if necessary. 8.630 - cleanUpRetransmit(hsf); 8.631 - 8.632 - // Is it the first message of next flight? 8.633 - // 8.634 - // Note: the Finished message is handled in the final CCS flight. 8.635 - boolean isMinimalFlightMessage = false; 8.636 - if (handshakeFlight.minMessageSeq == hsf.messageSeq) { 8.637 - isMinimalFlightMessage = true; 8.638 - } else if ((precedingFlight != null) && 8.639 - (precedingFlight.minMessageSeq == hsf.messageSeq)) { 8.640 - isMinimalFlightMessage = true; 8.641 - } 8.642 - 8.643 - if (isMinimalFlightMessage && (hsf.fragmentOffset == 0) && 8.644 - (hsf.handshakeType != SSLHandshake.FINISHED.id)) { 8.645 - 8.646 - // reset the handshake flight 8.647 - handshakeFlight.handshakeType = hsf.handshakeType; 8.648 - handshakeFlight.flightEpoch = hsf.recordEpoch; 8.649 - handshakeFlight.minMessageSeq = hsf.messageSeq; 8.650 - } 8.651 - 8.652 - if (hsf.handshakeType == SSLHandshake.FINISHED.id) { 8.653 - handshakeFlight.maxMessageSeq = hsf.messageSeq; 8.654 - handshakeFlight.maxRecordEpoch = hsf.recordEpoch; 8.655 - handshakeFlight.maxRecordSeq = hsf.recordSeq; 8.656 - } else { 8.657 - if (handshakeFlight.maxMessageSeq < hsf.messageSeq) { 8.658 - handshakeFlight.maxMessageSeq = hsf.messageSeq; 8.659 - } 8.660 - 8.661 - int n = (hsf.recordEpoch - handshakeFlight.maxRecordEpoch); 8.662 - if (n > 0) { 8.663 - handshakeFlight.maxRecordEpoch = hsf.recordEpoch; 8.664 - handshakeFlight.maxRecordSeq = hsf.recordSeq; 8.665 - } else if (n == 0) { 8.666 - // the same epoch 8.667 - if (handshakeFlight.maxRecordSeq < hsf.recordSeq) { 8.668 - handshakeFlight.maxRecordSeq = hsf.recordSeq; 8.669 - } 8.670 - } // Otherwise, it is unlikely to happen. 8.671 - } 8.672 - 8.673 - boolean fragmented = false; 8.674 - if ((hsf.fragmentOffset) != 0 || 8.675 - (hsf.fragmentLength != hsf.messageLength)) { 8.676 - 8.677 - fragmented = true; 8.678 - } 8.679 - 8.680 - List<HoleDescriptor> holes = 8.681 - handshakeFlight.holesMap.get(hsf.handshakeType); 8.682 - if (holes == null) { 8.683 - if (!fragmented) { 8.684 - holes = Collections.emptyList(); 8.685 - } else { 8.686 - holes = new LinkedList<HoleDescriptor>(); 8.687 - holes.add(new HoleDescriptor(0, hsf.messageLength)); 8.688 - } 8.689 - handshakeFlight.holesMap.put(hsf.handshakeType, holes); 8.690 - } else if (holes.isEmpty()) { 8.691 - // Have got the full handshake message. This record may be 8.692 - // a handshake message retransmission. Discard this record. 8.693 - // 8.694 - // It's OK to discard retransmission as the handshake hash 8.695 - // is computed as if each handshake message had been sent 8.696 - // as a single fragment. 8.697 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.698 - SSLLogger.fine("Have got the full message, discard it."); 8.699 - } 8.700 - 8.701 - return; 8.702 - } 8.703 - 8.704 - if (fragmented) { 8.705 - int fragmentLimit = hsf.fragmentOffset + hsf.fragmentLength; 8.706 - for (int i = 0; i < holes.size(); i++) { 8.707 - 8.708 - HoleDescriptor hole = holes.get(i); 8.709 - if ((hole.limit <= hsf.fragmentOffset) || 8.710 - (hole.offset >= fragmentLimit)) { 8.711 - // Also discard overlapping handshake retransmissions. 8.712 - continue; 8.713 - } 8.714 - 8.715 - // The ranges SHOULD NOT overlap. 8.716 - if (((hole.offset > hsf.fragmentOffset) && 8.717 - (hole.offset < fragmentLimit)) || 8.718 - ((hole.limit > hsf.fragmentOffset) && 8.719 - (hole.limit < fragmentLimit))) { 8.720 - 8.721 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 8.722 - SSLLogger.fine("Discard invalid record: " + 8.723 - "handshake fragment ranges are overlapping"); 8.724 - } 8.725 - 8.726 - // invalid, discard it [section 4.1.2.7, RFC 6347] 8.727 - return; 8.728 - } 8.729 - 8.730 - // This record interacts with this hole, fill the hole. 8.731 - holes.remove(i); 8.732 - // i--; 8.733 - 8.734 - if (hsf.fragmentOffset > hole.offset) { 8.735 - holes.add(new HoleDescriptor( 8.736 - hole.offset, hsf.fragmentOffset)); 8.737 - // i++; 8.738 - } 8.739 - 8.740 - if (fragmentLimit < hole.limit) { 8.741 - holes.add(new HoleDescriptor( 8.742 - fragmentLimit, hole.limit)); 8.743 - // i++; 8.744 - } 8.745 - 8.746 - // As no ranges overlap, no interact with other holes. 8.747 - break; 8.748 - } 8.749 - } 8.750 - 8.751 - // buffer this fragment 8.752 - if (hsf.handshakeType == SSLHandshake.FINISHED.id) { 8.753 - // Need no status update. 8.754 - bufferedFragments.add(hsf); 8.755 - } else { 8.756 - bufferFragment(hsf); 8.757 - } 8.758 - } 8.759 - 8.760 - // Queue up a ChangeCipherSpec message 8.761 - void queueUpChangeCipherSpec(RecordFragment rf) { 8.762 - if (!isDesirable(rf)) { 8.763 - // Not a dedired record, discard it. 8.764 - return; 8.765 - } 8.766 - 8.767 - // Clean up the retransmission messages if necessary. 8.768 - cleanUpRetransmit(rf); 8.769 - 8.770 - // Is it the first message of this flight? 8.771 - // 8.772 - // Note: the first message of the final flight is ChangeCipherSpec. 8.773 - if (expectCCSFlight) { 8.774 - handshakeFlight.handshakeType = HandshakeFlight.HF_UNKNOWN; 8.775 - handshakeFlight.flightEpoch = rf.recordEpoch; 8.776 - } 8.777 - 8.778 - // The epoch should be the same as the first message of the flight. 8.779 - if (handshakeFlight.maxRecordSeq < rf.recordSeq) { 8.780 - handshakeFlight.maxRecordSeq = rf.recordSeq; 8.781 - } 8.782 - 8.783 - // buffer this fragment 8.784 - bufferFragment(rf); 8.785 - } 8.786 - 8.787 - // Queue up a ciphertext message. 8.788 - // 8.789 - // Note: not yet be able to decrypt the message. 8.790 - void queueUpFragment(RecordFragment rf) { 8.791 - if (!isDesirable(rf)) { 8.792 - // Not a dedired record, discard it. 8.793 - return; 8.794 - } 8.795 - 8.796 - // Clean up the retransmission messages if necessary. 8.797 - cleanUpRetransmit(rf); 8.798 - 8.799 - // buffer this fragment 8.800 - bufferFragment(rf); 8.801 - } 8.802 - 8.803 - private void bufferFragment(RecordFragment rf) { 8.804 - // append this fragment 8.805 - bufferedFragments.add(rf); 8.806 - 8.807 - if (flightIsReady) { 8.808 - flightIsReady = false; 8.809 - } 8.810 - 8.811 - if (!needToCheckFlight) { 8.812 - needToCheckFlight = true; 8.813 - } 8.814 - } 8.815 - 8.816 - private void cleanUpRetransmit(RecordFragment rf) { 8.817 - // Does the next flight start? 8.818 - boolean isNewFlight = false; 8.819 - if (precedingFlight != null) { 8.820 - if (precedingFlight.flightEpoch < rf.recordEpoch) { 8.821 - isNewFlight = true; 8.822 - } else { 8.823 - if (rf instanceof HandshakeFragment) { 8.824 - HandshakeFragment hsf = (HandshakeFragment)rf; 8.825 - if (precedingFlight.maxMessageSeq < hsf.messageSeq) { 8.826 - isNewFlight = true; 8.827 - } 8.828 - } else if ( 8.829 - rf.contentType != ContentType.CHANGE_CIPHER_SPEC.id) { 8.830 - 8.831 - // ciphertext 8.832 - if (precedingFlight.maxRecordEpoch < rf.recordEpoch) { 8.833 - isNewFlight = true; 8.834 - } 8.835 - } 8.836 - } 8.837 - } 8.838 - 8.839 - if (!isNewFlight) { 8.840 - // Need no cleanup. 8.841 - return; 8.842 - } 8.843 - 8.844 - // clean up the buffer 8.845 - for (Iterator<RecordFragment> it = bufferedFragments.iterator(); 8.846 - it.hasNext();) { 8.847 - 8.848 - RecordFragment frag = it.next(); 8.849 - boolean isOld = false; 8.850 - if (frag.recordEpoch < precedingFlight.maxRecordEpoch) { 8.851 - isOld = true; 8.852 - } else if (frag.recordEpoch == precedingFlight.maxRecordEpoch) { 8.853 - if (frag.recordSeq <= precedingFlight.maxRecordSeq) { 8.854 - isOld = true; 8.855 - } 8.856 - } 8.857 - 8.858 - if (!isOld && (frag instanceof HandshakeFragment)) { 8.859 - HandshakeFragment hsf = (HandshakeFragment)frag; 8.860 - isOld = (hsf.messageSeq <= precedingFlight.maxMessageSeq); 8.861 - } 8.862 - 8.863 - if (isOld) { 8.864 - it.remove(); 8.865 - } else { 8.866 - // Safe to break as items in the buffer are ordered. 8.867 - break; 8.868 - } 8.869 - } 8.870 - 8.871 - // discard retransmissions of the previous flight if any. 8.872 - precedingFlight = null; 8.873 - } 8.874 - 8.875 - // Is a desired record? 8.876 - // 8.877 - // Check for retransmission and lost records. 8.878 - private boolean isDesirable(RecordFragment rf) { 8.879 - // 8.880 - // Discard records old than the previous epoch. 8.881 - // 8.882 - int previousEpoch = nextRecordEpoch - 1; 8.883 - if (rf.recordEpoch < previousEpoch) { 8.884 - // Too old to use, discard this record. 8.885 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.886 - SSLLogger.fine( 8.887 - "Too old epoch to use this record, discard it."); 8.888 - } 8.889 - 8.890 - return false; 8.891 - } 8.892 - 8.893 - // 8.894 - // Allow retransmission of last flight of the previous epoch 8.895 - // 8.896 - // For example, the last server delivered flight for session 8.897 - // resuming abbreviated handshaking consist three messages: 8.898 - // ServerHello 8.899 - // [ChangeCipherSpec] 8.900 - // Finished 8.901 - // 8.902 - // The epoch number is incremented and the sequence number is reset 8.903 - // if the ChangeCipherSpec is sent. 8.904 - if (rf.recordEpoch == previousEpoch) { 8.905 - boolean isDesired = true; 8.906 - if (precedingFlight == null) { 8.907 - isDesired = false; 8.908 - } else { 8.909 - if (rf instanceof HandshakeFragment) { 8.910 - HandshakeFragment hsf = (HandshakeFragment)rf; 8.911 - if (precedingFlight.minMessageSeq > hsf.messageSeq) { 8.912 - isDesired = false; 8.913 - } 8.914 - } else if ( 8.915 - rf.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.916 - 8.917 - // ChangeCipherSpec 8.918 - if (precedingFlight.flightEpoch != rf.recordEpoch) { 8.919 - isDesired = false; 8.920 - } 8.921 - } else { // ciphertext 8.922 - if ((rf.recordEpoch < precedingFlight.maxRecordEpoch) || 8.923 - (rf.recordEpoch == precedingFlight.maxRecordEpoch && 8.924 - rf.recordSeq <= precedingFlight.maxRecordSeq)) { 8.925 - isDesired = false; 8.926 - } 8.927 - } 8.928 - } 8.929 - 8.930 - if (!isDesired) { 8.931 - // Too old to use, discard this retransmitted record 8.932 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.933 - SSLLogger.fine( 8.934 - "Too old retransmission to use, discard it."); 8.935 - } 8.936 - 8.937 - return false; 8.938 - } 8.939 - } else if ((rf.recordEpoch == nextRecordEpoch) && 8.940 - (nextRecordSeq > rf.recordSeq)) { 8.941 - 8.942 - // Previously disordered record for the current epoch. 8.943 - // 8.944 - // Should has been retransmitted. Discard this record. 8.945 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.946 - SSLLogger.fine( 8.947 - "Lagging behind record (sequence), discard it."); 8.948 - } 8.949 - 8.950 - return false; 8.951 - } 8.952 - 8.953 - return true; 8.954 - } 8.955 - 8.956 - private boolean isEmpty() { 8.957 - return (bufferedFragments.isEmpty() || 8.958 - (!flightIsReady && !needToCheckFlight) || 8.959 - (needToCheckFlight && !flightIsReady())); 8.960 - } 8.961 - 8.962 - Plaintext acquirePlaintext() { 8.963 - if (bufferedFragments.isEmpty()) { 8.964 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.965 - SSLLogger.fine("No received handshake messages"); 8.966 - } 8.967 - return null; 8.968 - } 8.969 - 8.970 - if (!flightIsReady && needToCheckFlight) { 8.971 - // check the fligth status 8.972 - flightIsReady = flightIsReady(); 8.973 - 8.974 - // Reset if this flight is ready. 8.975 - if (flightIsReady) { 8.976 - // Retransmitted handshake messages are not needed for 8.977 - // further handshaking processing. 8.978 - if (handshakeFlight.isRetransmitOf(precedingFlight)) { 8.979 - // cleanup 8.980 - bufferedFragments.clear(); 8.981 - 8.982 - // Reset the next handshake flight. 8.983 - resetHandshakeFlight(precedingFlight); 8.984 - 8.985 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.986 - SSLLogger.fine("Received a retransmission flight."); 8.987 - } 8.988 - 8.989 - return Plaintext.PLAINTEXT_NULL; 8.990 - } 8.991 - } 8.992 - 8.993 - needToCheckFlight = false; 8.994 - } 8.995 - 8.996 - if (!flightIsReady) { 8.997 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.998 - SSLLogger.fine( 8.999 - "The handshake flight is not ready to use: " + 8.1000 - handshakeFlight.handshakeType); 8.1001 - } 8.1002 - return null; 8.1003 - } 8.1004 - 8.1005 - RecordFragment rFrag = bufferedFragments.first(); 8.1006 - Plaintext plaintext; 8.1007 - if (!rFrag.isCiphertext) { 8.1008 - // handshake message, or ChangeCipherSpec message 8.1009 - plaintext = acquireHandshakeMessage(); 8.1010 - 8.1011 - // Reset the handshake flight. 8.1012 - if (bufferedFragments.isEmpty()) { 8.1013 - // Need not to backup the holes map. Clear up it at first. 8.1014 - handshakeFlight.holesMap.clear(); // cleanup holes map 8.1015 - 8.1016 - // Update the preceding flight. 8.1017 - precedingFlight = (HandshakeFlight)handshakeFlight.clone(); 8.1018 - 8.1019 - // Reset the next handshake flight. 8.1020 - resetHandshakeFlight(precedingFlight); 8.1021 - 8.1022 - if (expectCCSFlight && 8.1023 - (precedingFlight.handshakeType == 8.1024 - HandshakeFlight.HF_UNKNOWN)) { 8.1025 - expectCCSFlight = false; 8.1026 - } 8.1027 - } 8.1028 - } else { 8.1029 - // a Finished message or other ciphertexts 8.1030 - plaintext = acquireCachedMessage(); 8.1031 - } 8.1032 - 8.1033 - return plaintext; 8.1034 - } 8.1035 - 8.1036 - // 8.1037 - // Reset the handshake flight from a previous one. 8.1038 - // 8.1039 - private void resetHandshakeFlight(HandshakeFlight prev) { 8.1040 - // Reset the next handshake flight. 8.1041 - handshakeFlight.handshakeType = HandshakeFlight.HF_UNKNOWN; 8.1042 - handshakeFlight.flightEpoch = prev.maxRecordEpoch; 8.1043 - if (prev.flightEpoch != prev.maxRecordEpoch) { 8.1044 - // a new epoch starts 8.1045 - handshakeFlight.minMessageSeq = 0; 8.1046 - } else { 8.1047 - // stay at the same epoch 8.1048 - // 8.1049 - // The minimal message sequence number will get updated if 8.1050 - // a flight retransmission happens. 8.1051 - handshakeFlight.minMessageSeq = prev.maxMessageSeq + 1; 8.1052 - } 8.1053 - 8.1054 - // cleanup the maximum sequence number and epoch number. 8.1055 - // 8.1056 - // Note: actually, we need to do nothing because the reassembler 8.1057 - // of handshake messages will reset them properly even for 8.1058 - // retransmissions. 8.1059 - // 8.1060 - handshakeFlight.maxMessageSeq = 0; 8.1061 - handshakeFlight.maxRecordEpoch = handshakeFlight.flightEpoch; 8.1062 - 8.1063 - // Record sequence number cannot wrap even for retransmissions. 8.1064 - handshakeFlight.maxRecordSeq = prev.maxRecordSeq + 1; 8.1065 - 8.1066 - // cleanup holes map 8.1067 - handshakeFlight.holesMap.clear(); 8.1068 - 8.1069 - // Ready to accept new input record. 8.1070 - flightIsReady = false; 8.1071 - needToCheckFlight = false; 8.1072 - } 8.1073 - 8.1074 - private Plaintext acquireCachedMessage() { 8.1075 - RecordFragment rFrag = bufferedFragments.first(); 8.1076 - if (readEpoch != rFrag.recordEpoch) { 8.1077 - if (readEpoch > rFrag.recordEpoch) { 8.1078 - // discard old records 8.1079 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1080 - SSLLogger.fine( 8.1081 - "Discard old buffered ciphertext fragments."); 8.1082 - } 8.1083 - bufferedFragments.remove(rFrag); // popup the fragment 8.1084 - } 8.1085 - 8.1086 - // reset the flight 8.1087 - if (flightIsReady) { 8.1088 - flightIsReady = false; 8.1089 - } 8.1090 - 8.1091 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1092 - SSLLogger.fine( 8.1093 - "Not yet ready to decrypt the cached fragments."); 8.1094 - } 8.1095 - return null; 8.1096 - } 8.1097 - 8.1098 - bufferedFragments.remove(rFrag); // popup the fragment 8.1099 - 8.1100 - ByteBuffer fragment = ByteBuffer.wrap(rFrag.fragment); 8.1101 - ByteBuffer plaintextFragment = null; 8.1102 - try { 8.1103 - Plaintext plaintext = readCipher.decrypt( 8.1104 - rFrag.contentType, fragment, rFrag.recordEnS); 8.1105 - plaintextFragment = plaintext.fragment; 8.1106 - rFrag.contentType = plaintext.contentType; 8.1107 - } catch (GeneralSecurityException gse) { 8.1108 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1109 - SSLLogger.fine("Discard invalid record: ", gse); 8.1110 - } 8.1111 - 8.1112 - // invalid, discard this record [section 4.1.2.7, RFC 6347] 8.1113 - return null; 8.1114 - } 8.1115 - 8.1116 - // The ciphtext handshake message can only be Finished (the 8.1117 - // end of this flight), ClinetHello or HelloRequest (the 8.1118 - // beginning of the next flight) message. Need not to check 8.1119 - // any ChangeCipherSpec message. 8.1120 - if (rFrag.contentType == ContentType.HANDSHAKE.id) { 8.1121 - while (plaintextFragment.remaining() > 0) { 8.1122 - HandshakeFragment hsFrag = parseHandshakeMessage( 8.1123 - rFrag.contentType, 8.1124 - rFrag.majorVersion, rFrag.minorVersion, 8.1125 - rFrag.recordEnS, rFrag.recordEpoch, rFrag.recordSeq, 8.1126 - plaintextFragment); 8.1127 - 8.1128 - if (hsFrag == null) { 8.1129 - // invalid, discard this record 8.1130 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1131 - SSLLogger.fine( 8.1132 - "Invalid handshake fragment, discard it", 8.1133 - plaintextFragment); 8.1134 - } 8.1135 - return null; 8.1136 - } 8.1137 - 8.1138 - queueUpHandshake(hsFrag); 8.1139 - // The flight ready status (flightIsReady) should have 8.1140 - // been checked and updated for the Finished handshake 8.1141 - // message before the decryption. Please don't update 8.1142 - // flightIsReady for Finished messages. 8.1143 - if (hsFrag.handshakeType != SSLHandshake.FINISHED.id) { 8.1144 - flightIsReady = false; 8.1145 - needToCheckFlight = true; 8.1146 - } 8.1147 - } 8.1148 - 8.1149 - return acquirePlaintext(); 8.1150 - } else { 8.1151 - return new Plaintext(rFrag.contentType, 8.1152 - rFrag.majorVersion, rFrag.minorVersion, 8.1153 - rFrag.recordEpoch, 8.1154 - Authenticator.toLong(rFrag.recordEnS), 8.1155 - plaintextFragment); 8.1156 - } 8.1157 - } 8.1158 - 8.1159 - private Plaintext acquireHandshakeMessage() { 8.1160 - 8.1161 - RecordFragment rFrag = bufferedFragments.first(); 8.1162 - if (rFrag.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.1163 - this.nextRecordEpoch = rFrag.recordEpoch + 1; 8.1164 - 8.1165 - // For retransmissions, the next record sequence number is a 8.1166 - // positive value. Don't worry about it as the acquiring of 8.1167 - // the immediately followed Finished handshake message will 8.1168 - // reset the next record sequence number correctly. 8.1169 - this.nextRecordSeq = 0; 8.1170 - 8.1171 - // Popup the fragment. 8.1172 - bufferedFragments.remove(rFrag); 8.1173 - return new Plaintext(rFrag.contentType, 8.1174 - rFrag.majorVersion, rFrag.minorVersion, 8.1175 - rFrag.recordEpoch, 8.1176 - Authenticator.toLong(rFrag.recordEnS), 8.1177 - ByteBuffer.wrap(rFrag.fragment)); 8.1178 - } else { // rFrag.contentType == ContentType.HANDSHAKE.id 8.1179 - HandshakeFragment hsFrag = (HandshakeFragment)rFrag; 8.1180 - if ((hsFrag.messageLength == hsFrag.fragmentLength) && 8.1181 - (hsFrag.fragmentOffset == 0)) { // no fragmentation 8.1182 - 8.1183 - bufferedFragments.remove(rFrag); // popup the fragment 8.1184 - 8.1185 - // this.nextRecordEpoch = hsFrag.recordEpoch; 8.1186 - this.nextRecordSeq = hsFrag.recordSeq + 1; 8.1187 - 8.1188 - // Note: may try to avoid byte array copy in the future. 8.1189 - byte[] recordFrag = new byte[hsFrag.messageLength + 4]; 8.1190 - Plaintext plaintext = new Plaintext( 8.1191 - hsFrag.contentType, 8.1192 - hsFrag.majorVersion, hsFrag.minorVersion, 8.1193 - hsFrag.recordEpoch, 8.1194 - Authenticator.toLong(hsFrag.recordEnS), 8.1195 - ByteBuffer.wrap(recordFrag)); 8.1196 - 8.1197 - // fill the handshake fragment of the record 8.1198 - recordFrag[0] = hsFrag.handshakeType; 8.1199 - recordFrag[1] = 8.1200 - (byte)((hsFrag.messageLength >>> 16) & 0xFF); 8.1201 - recordFrag[2] = 8.1202 - (byte)((hsFrag.messageLength >>> 8) & 0xFF); 8.1203 - recordFrag[3] = (byte)(hsFrag.messageLength & 0xFF); 8.1204 - 8.1205 - System.arraycopy(hsFrag.fragment, 0, 8.1206 - recordFrag, 4, hsFrag.fragmentLength); 8.1207 - 8.1208 - // handshake hashing 8.1209 - handshakeHashing(hsFrag, plaintext); 8.1210 - 8.1211 - return plaintext; 8.1212 - } else { // fragmented handshake message 8.1213 - // the first record 8.1214 - // 8.1215 - // Note: may try to avoid byte array copy in the future. 8.1216 - byte[] recordFrag = new byte[hsFrag.messageLength + 4]; 8.1217 - Plaintext plaintext = new Plaintext( 8.1218 - hsFrag.contentType, 8.1219 - hsFrag.majorVersion, hsFrag.minorVersion, 8.1220 - hsFrag.recordEpoch, 8.1221 - Authenticator.toLong(hsFrag.recordEnS), 8.1222 - ByteBuffer.wrap(recordFrag)); 8.1223 - 8.1224 - // fill the handshake fragment of the record 8.1225 - recordFrag[0] = hsFrag.handshakeType; 8.1226 - recordFrag[1] = 8.1227 - (byte)((hsFrag.messageLength >>> 16) & 0xFF); 8.1228 - recordFrag[2] = 8.1229 - (byte)((hsFrag.messageLength >>> 8) & 0xFF); 8.1230 - recordFrag[3] = (byte)(hsFrag.messageLength & 0xFF); 8.1231 - 8.1232 - int msgSeq = hsFrag.messageSeq; 8.1233 - long maxRecodeSN = hsFrag.recordSeq; 8.1234 - HandshakeFragment hmFrag = hsFrag; 8.1235 - do { 8.1236 - System.arraycopy(hmFrag.fragment, 0, 8.1237 - recordFrag, hmFrag.fragmentOffset + 4, 8.1238 - hmFrag.fragmentLength); 8.1239 - // popup the fragment 8.1240 - bufferedFragments.remove(rFrag); 8.1241 - 8.1242 - if (maxRecodeSN < hmFrag.recordSeq) { 8.1243 - maxRecodeSN = hmFrag.recordSeq; 8.1244 - } 8.1245 - 8.1246 - // Note: may buffer retransmitted fragments in order to 8.1247 - // speed up the reassembly in the future. 8.1248 - 8.1249 - // read the next buffered record 8.1250 - if (!bufferedFragments.isEmpty()) { 8.1251 - rFrag = bufferedFragments.first(); 8.1252 - if (rFrag.contentType != ContentType.HANDSHAKE.id) { 8.1253 - break; 8.1254 - } else { 8.1255 - hmFrag = (HandshakeFragment)rFrag; 8.1256 - } 8.1257 - } 8.1258 - } while (!bufferedFragments.isEmpty() && 8.1259 - (msgSeq == hmFrag.messageSeq)); 8.1260 - 8.1261 - // handshake hashing 8.1262 - handshakeHashing(hsFrag, plaintext); 8.1263 - 8.1264 - this.nextRecordSeq = maxRecodeSN + 1; 8.1265 - 8.1266 - return plaintext; 8.1267 - } 8.1268 - } 8.1269 - } 8.1270 - 8.1271 - boolean flightIsReady() { 8.1272 - 8.1273 - byte flightType = handshakeFlight.handshakeType; 8.1274 - if (flightType == HandshakeFlight.HF_UNKNOWN) { 8.1275 - // 8.1276 - // the ChangeCipherSpec/Finished flight 8.1277 - // 8.1278 - if (expectCCSFlight) { 8.1279 - // Have the ChangeCipherSpec/Finished flight been received? 8.1280 - boolean isReady = hasFinishedMessage(bufferedFragments); 8.1281 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1282 - SSLLogger.fine( 8.1283 - "Has the final flight been received? " + isReady); 8.1284 - } 8.1285 - 8.1286 - return isReady; 8.1287 - } 8.1288 - 8.1289 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1290 - SSLLogger.fine("No flight is received yet."); 8.1291 - } 8.1292 - 8.1293 - return false; 8.1294 - } 8.1295 - 8.1296 - if ((flightType == SSLHandshake.CLIENT_HELLO.id) || 8.1297 - (flightType == SSLHandshake.HELLO_REQUEST.id) || 8.1298 - (flightType == SSLHandshake.HELLO_VERIFY_REQUEST.id)) { 8.1299 - 8.1300 - // single handshake message flight 8.1301 - boolean isReady = hasCompleted(flightType); 8.1302 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1303 - SSLLogger.fine( 8.1304 - "Is the handshake message completed? " + isReady); 8.1305 - } 8.1306 - 8.1307 - return isReady; 8.1308 - } 8.1309 - 8.1310 - // 8.1311 - // the ServerHello flight 8.1312 - // 8.1313 - if (flightType == SSLHandshake.SERVER_HELLO.id) { 8.1314 - // Firstly, check the first flight handshake message. 8.1315 - if (!hasCompleted(flightType)) { 8.1316 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1317 - SSLLogger.fine( 8.1318 - "The ServerHello message is not completed yet."); 8.1319 - } 8.1320 - 8.1321 - return false; 8.1322 - } 8.1323 - 8.1324 - // 8.1325 - // an abbreviated handshake 8.1326 - // 8.1327 - if (hasFinishedMessage(bufferedFragments)) { 8.1328 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1329 - SSLLogger.fine("It's an abbreviated handshake."); 8.1330 - } 8.1331 - 8.1332 - return true; 8.1333 - } 8.1334 - 8.1335 - // 8.1336 - // a full handshake 8.1337 - // 8.1338 - List<HoleDescriptor> holes = handshakeFlight.holesMap.get( 8.1339 - SSLHandshake.SERVER_HELLO_DONE.id); 8.1340 - if ((holes == null) || !holes.isEmpty()) { 8.1341 - // Not yet got the final message of the flight. 8.1342 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1343 - SSLLogger.fine( 8.1344 - "Not yet got the ServerHelloDone message"); 8.1345 - } 8.1346 - 8.1347 - return false; 8.1348 - } 8.1349 - 8.1350 - // Have all handshake message been received? 8.1351 - boolean isReady = hasCompleted(bufferedFragments, 8.1352 - handshakeFlight.minMessageSeq, 8.1353 - handshakeFlight.maxMessageSeq); 8.1354 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1355 - SSLLogger.fine( 8.1356 - "Is the ServerHello flight (message " + 8.1357 - handshakeFlight.minMessageSeq + "-" + 8.1358 - handshakeFlight.maxMessageSeq + 8.1359 - ") completed? " + isReady); 8.1360 - } 8.1361 - 8.1362 - return isReady; 8.1363 - } 8.1364 - 8.1365 - // 8.1366 - // the ClientKeyExchange flight 8.1367 - // 8.1368 - // Note: need to consider more messages in this flight if 8.1369 - // ht_supplemental_data and ht_certificate_url are 8.1370 - // suppported in the future. 8.1371 - // 8.1372 - if ((flightType == SSLHandshake.CERTIFICATE.id) || 8.1373 - (flightType == SSLHandshake.CLIENT_KEY_EXCHANGE.id)) { 8.1374 - 8.1375 - // Firstly, check the first flight handshake message. 8.1376 - if (!hasCompleted(flightType)) { 8.1377 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1378 - SSLLogger.fine( 8.1379 - "The ClientKeyExchange or client Certificate " + 8.1380 - "message is not completed yet."); 8.1381 - } 8.1382 - 8.1383 - return false; 8.1384 - } 8.1385 - 8.1386 - // Is client CertificateVerify a mandatory message? 8.1387 - if (flightType == SSLHandshake.CERTIFICATE.id) { 8.1388 - if (needClientVerify(bufferedFragments) && 8.1389 - !hasCompleted(SSLHandshake.CERTIFICATE_VERIFY.id)) { 8.1390 - 8.1391 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1392 - SSLLogger.fine( 8.1393 - "Not yet have the CertificateVerify message"); 8.1394 - } 8.1395 - 8.1396 - return false; 8.1397 - } 8.1398 - } 8.1399 - 8.1400 - if (!hasFinishedMessage(bufferedFragments)) { 8.1401 - // not yet have the ChangeCipherSpec/Finished messages 8.1402 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1403 - SSLLogger.fine( 8.1404 - "Not yet have the ChangeCipherSpec and " + 8.1405 - "Finished messages"); 8.1406 - } 8.1407 - 8.1408 - return false; 8.1409 - } 8.1410 - 8.1411 - // Have all handshake message been received? 8.1412 - boolean isReady = hasCompleted(bufferedFragments, 8.1413 - handshakeFlight.minMessageSeq, 8.1414 - handshakeFlight.maxMessageSeq); 8.1415 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1416 - SSLLogger.fine( 8.1417 - "Is the ClientKeyExchange flight (message " + 8.1418 - handshakeFlight.minMessageSeq + "-" + 8.1419 - handshakeFlight.maxMessageSeq + 8.1420 - ") completed? " + isReady); 8.1421 - } 8.1422 - 8.1423 - return isReady; 8.1424 - } 8.1425 - 8.1426 - // 8.1427 - // Otherwise, need to receive more handshake messages. 8.1428 - // 8.1429 - if (SSLLogger.isOn && SSLLogger.isOn("verbose")) { 8.1430 - SSLLogger.fine("Need to receive more handshake messages"); 8.1431 - } 8.1432 - 8.1433 - return false; 8.1434 - } 8.1435 - 8.1436 - // Looking for the ChangeCipherSpec and Finished messages. 8.1437 - // 8.1438 - // As the cached Finished message should be a ciphertext, we don't 8.1439 - // exactly know a ciphertext is a Finished message or not. According 8.1440 - // to the spec of TLS/DTLS handshaking, a Finished message is always 8.1441 - // sent immediately after a ChangeCipherSpec message. The first 8.1442 - // ciphertext handshake message should be the expected Finished message. 8.1443 - private boolean hasFinishedMessage(Set<RecordFragment> fragments) { 8.1444 - 8.1445 - boolean hasCCS = false; 8.1446 - boolean hasFin = false; 8.1447 - for (RecordFragment fragment : fragments) { 8.1448 - if (fragment.contentType == ContentType.CHANGE_CIPHER_SPEC.id) { 8.1449 - if (hasFin) { 8.1450 - return true; 8.1451 - } 8.1452 - hasCCS = true; 8.1453 - } else if (fragment.contentType == ContentType.HANDSHAKE.id) { 8.1454 - // Finished is the first expected message of a new epoch. 8.1455 - if (fragment.isCiphertext) { 8.1456 - if (hasCCS) { 8.1457 - return true; 8.1458 - } 8.1459 - hasFin = true; 8.1460 - } 8.1461 - } 8.1462 - } 8.1463 - 8.1464 - return hasFin && hasCCS; 8.1465 - } 8.1466 - 8.1467 - // Is client CertificateVerify a mandatory message? 8.1468 - // 8.1469 - // In the current implementation, client CertificateVerify is a 8.1470 - // mandatory message if the client Certificate is not empty. 8.1471 - private boolean needClientVerify(Set<RecordFragment> fragments) { 8.1472 - 8.1473 - // The caller should have checked the completion of the first 8.1474 - // present handshake message. Need not to check it again. 8.1475 - for (RecordFragment rFrag : fragments) { 8.1476 - if ((rFrag.contentType != ContentType.HANDSHAKE.id) || 8.1477 - rFrag.isCiphertext) { 8.1478 - break; 8.1479 - } 8.1480 - 8.1481 - HandshakeFragment hsFrag = (HandshakeFragment)rFrag; 8.1482 - if (hsFrag.handshakeType != SSLHandshake.CERTIFICATE.id) { 8.1483 - continue; 8.1484 - } 8.1485 - 8.1486 - return (rFrag.fragment != null) && 8.1487 - (rFrag.fragment.length > DTLSRecord.minCertPlaintextSize); 8.1488 - } 8.1489 - 8.1490 - return false; 8.1491 - } 8.1492 - 8.1493 - private boolean hasCompleted(byte handshakeType) { 8.1494 - List<HoleDescriptor> holes = 8.1495 - handshakeFlight.holesMap.get(handshakeType); 8.1496 - if (holes == null) { 8.1497 - // not yet received this kind of handshake message 8.1498 - return false; 8.1499 - } 8.1500 - 8.1501 - return holes.isEmpty(); // no fragment hole for complete message 8.1502 - } 8.1503 - 8.1504 - private boolean hasCompleted( 8.1505 - Set<RecordFragment> fragments, 8.1506 - int presentMsgSeq, int endMsgSeq) { 8.1507 - 8.1508 - // The caller should have checked the completion of the first 8.1509 - // present handshake message. Need not to check it again. 8.1510 - for (RecordFragment rFrag : fragments) { 8.1511 - if ((rFrag.contentType != ContentType.HANDSHAKE.id) || 8.1512 - rFrag.isCiphertext) { 8.1513 - break; 8.1514 - } 8.1515 - 8.1516 - HandshakeFragment hsFrag = (HandshakeFragment)rFrag; 8.1517 - if (hsFrag.messageSeq == presentMsgSeq) { 8.1518 - continue; 8.1519 - } else if (hsFrag.messageSeq == (presentMsgSeq + 1)) { 8.1520 - // check the completion of the handshake message 8.1521 - if (!hasCompleted(hsFrag.handshakeType)) { 8.1522 - return false; 8.1523 - } 8.1524 - 8.1525 - presentMsgSeq = hsFrag.messageSeq; 8.1526 - } else { 8.1527 - // not yet got handshake message next to presentMsgSeq 8.1528 - break; 8.1529 - } 8.1530 - } 8.1531 - 8.1532 - return (presentMsgSeq >= endMsgSeq); 8.1533 - // false: if not yet got all messages of the flight. 8.1534 - } 8.1535 - 8.1536 - private void handshakeHashing( 8.1537 - HandshakeFragment hsFrag, Plaintext plaintext) { 8.1538 - byte hsType = hsFrag.handshakeType; 8.1539 - if (!handshakeHash.isHashable(hsType)) { 8.1540 - // omitted from handshake hash computation 8.1541 - return; 8.1542 - } 8.1543 - 8.1544 - // calculate the DTLS header and reserve the handshake message 8.1545 - plaintext.fragment.position(4); // ignore the TLS header 8.1546 - byte[] temporary = new byte[plaintext.fragment.remaining() + 12]; 8.1547 - // 12: handshake header size 8.1548 - 8.1549 - // Handshake.msg_type 8.1550 - temporary[0] = hsFrag.handshakeType; 8.1551 - 8.1552 - // Handshake.length 8.1553 - temporary[1] = (byte)((hsFrag.messageLength >> 16) & 0xFF); 8.1554 - temporary[2] = (byte)((hsFrag.messageLength >> 8) & 0xFF); 8.1555 - temporary[3] = (byte)(hsFrag.messageLength & 0xFF); 8.1556 - 8.1557 - // Handshake.message_seq 8.1558 - temporary[4] = (byte)((hsFrag.messageSeq >> 8) & 0xFF); 8.1559 - temporary[5] = (byte)(hsFrag.messageSeq & 0xFF); 8.1560 - 8.1561 - // Handshake.fragment_offset 8.1562 - temporary[6] = 0; 8.1563 - temporary[7] = 0; 8.1564 - temporary[8] = 0; 8.1565 - 8.1566 - // Handshake.fragment_length 8.1567 - temporary[9] = temporary[1]; 8.1568 - temporary[10] = temporary[2]; 8.1569 - temporary[11] = temporary[3]; 8.1570 - 8.1571 - plaintext.fragment.get(temporary, 8.1572 - 12, plaintext.fragment.remaining()); 8.1573 - handshakeHash.receive(temporary); 8.1574 - plaintext.fragment.position(0); // restore the position 8.1575 - } 8.1576 - } 8.1577 -} 8.1578 -
9.1 --- a/src/share/classes/sun/security/ssl/DTLSOutputRecord.java Tue Aug 25 08:31:35 2020 +0300 9.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 9.3 @@ -1,629 +0,0 @@ 9.4 -/* 9.5 - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. 9.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 9.7 - * 9.8 - * This code is free software; you can redistribute it and/or modify it 9.9 - * under the terms of the GNU General Public License version 2 only, as 9.10 - * published by the Free Software Foundation. Oracle designates this 9.11 - * particular file as subject to the "Classpath" exception as provided 9.12 - * by Oracle in the LICENSE file that accompanied this code. 9.13 - * 9.14 - * This code is distributed in the hope that it will be useful, but WITHOUT 9.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 9.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 9.17 - * version 2 for more details (a copy is included in the LICENSE file that 9.18 - * accompanied this code). 9.19 - * 9.20 - * You should have received a copy of the GNU General Public License version 9.21 - * 2 along with this work; if not, write to the Free Software Foundation, 9.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 9.23 - * 9.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 9.25 - * or visit www.oracle.com if you need additional information or have any 9.26 - * questions. 9.27 - */ 9.28 - 9.29 -package sun.security.ssl; 9.30 - 9.31 -import java.io.*; 9.32 -import java.nio.*; 9.33 -import java.util.*; 9.34 -import javax.net.ssl.*; 9.35 -import sun.security.ssl.SSLCipher.SSLWriteCipher; 9.36 - 9.37 -/** 9.38 - * DTLS {@code OutputRecord} implementation for {@code SSLEngine}. 9.39 - */ 9.40 -final class DTLSOutputRecord extends OutputRecord implements DTLSRecord { 9.41 - 9.42 - private DTLSFragmenter fragmenter = null; 9.43 - 9.44 - int writeEpoch; 9.45 - 9.46 - int prevWriteEpoch; 9.47 - Authenticator prevWriteAuthenticator; 9.48 - SSLWriteCipher prevWriteCipher; 9.49 - 9.50 - private volatile boolean isCloseWaiting = false; 9.51 - 9.52 - DTLSOutputRecord(HandshakeHash handshakeHash) { 9.53 - super(handshakeHash, SSLWriteCipher.nullDTlsWriteCipher()); 9.54 - 9.55 - this.writeEpoch = 0; 9.56 - this.prevWriteEpoch = 0; 9.57 - this.prevWriteCipher = SSLWriteCipher.nullDTlsWriteCipher(); 9.58 - 9.59 - this.packetSize = DTLSRecord.maxRecordSize; 9.60 - this.protocolVersion = ProtocolVersion.NONE; 9.61 - } 9.62 - 9.63 - @Override 9.64 - public synchronized void close() throws IOException { 9.65 - if (!isClosed) { 9.66 - if (fragmenter != null && fragmenter.hasAlert()) { 9.67 - isCloseWaiting = true; 9.68 - } else { 9.69 - super.close(); 9.70 - } 9.71 - } 9.72 - } 9.73 - 9.74 - boolean isClosed() { 9.75 - return isClosed || isCloseWaiting; 9.76 - } 9.77 - 9.78 - @Override 9.79 - void initHandshaker() { 9.80 - // clean up 9.81 - fragmenter = null; 9.82 - } 9.83 - 9.84 - @Override 9.85 - void finishHandshake() { 9.86 - // Nothing to do here currently. 9.87 - } 9.88 - 9.89 - @Override 9.90 - void changeWriteCiphers(SSLWriteCipher writeCipher, 9.91 - boolean useChangeCipherSpec) throws IOException { 9.92 - if (isClosed()) { 9.93 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.94 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.95 - "change_cipher_spec message"); 9.96 - } 9.97 - return; 9.98 - } 9.99 - 9.100 - if (useChangeCipherSpec) { 9.101 - encodeChangeCipherSpec(); 9.102 - } 9.103 - 9.104 - prevWriteCipher.dispose(); 9.105 - 9.106 - this.prevWriteCipher = this.writeCipher; 9.107 - this.prevWriteEpoch = this.writeEpoch; 9.108 - 9.109 - this.writeCipher = writeCipher; 9.110 - this.writeEpoch++; 9.111 - 9.112 - this.isFirstAppOutputRecord = true; 9.113 - 9.114 - // set the epoch number 9.115 - this.writeCipher.authenticator.setEpochNumber(this.writeEpoch); 9.116 - } 9.117 - 9.118 - @Override 9.119 - void encodeAlert(byte level, byte description) throws IOException { 9.120 - if (isClosed()) { 9.121 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.122 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.123 - "alert message: " + Alert.nameOf(description)); 9.124 - } 9.125 - return; 9.126 - } 9.127 - 9.128 - if (fragmenter == null) { 9.129 - fragmenter = new DTLSFragmenter(); 9.130 - } 9.131 - 9.132 - fragmenter.queueUpAlert(level, description); 9.133 - } 9.134 - 9.135 - @Override 9.136 - void encodeChangeCipherSpec() throws IOException { 9.137 - if (isClosed()) { 9.138 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.139 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.140 - "change_cipher_spec message"); 9.141 - } 9.142 - return; 9.143 - } 9.144 - 9.145 - if (fragmenter == null) { 9.146 - fragmenter = new DTLSFragmenter(); 9.147 - } 9.148 - fragmenter.queueUpChangeCipherSpec(); 9.149 - } 9.150 - 9.151 - @Override 9.152 - void encodeHandshake(byte[] source, 9.153 - int offset, int length) throws IOException { 9.154 - if (isClosed()) { 9.155 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.156 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.157 - "handshake message", 9.158 - ByteBuffer.wrap(source, offset, length)); 9.159 - } 9.160 - return; 9.161 - } 9.162 - 9.163 - if (firstMessage) { 9.164 - firstMessage = false; 9.165 - } 9.166 - 9.167 - if (fragmenter == null) { 9.168 - fragmenter = new DTLSFragmenter(); 9.169 - } 9.170 - 9.171 - fragmenter.queueUpHandshake(source, offset, length); 9.172 - } 9.173 - 9.174 - @Override 9.175 - Ciphertext encode( 9.176 - ByteBuffer[] srcs, int srcsOffset, int srcsLength, 9.177 - ByteBuffer[] dsts, int dstsOffset, int dstsLength) throws IOException { 9.178 - 9.179 - if (isClosed) { 9.180 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.181 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.182 - "application data or cached messages"); 9.183 - } 9.184 - 9.185 - return null; 9.186 - } else if (isCloseWaiting) { 9.187 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.188 - SSLLogger.warning("outbound has closed, ignore outbound " + 9.189 - "application data"); 9.190 - } 9.191 - 9.192 - srcs = null; // use no application data. 9.193 - } 9.194 - 9.195 - return encode(srcs, srcsOffset, srcsLength, dsts[0]); 9.196 - } 9.197 - 9.198 - private Ciphertext encode(ByteBuffer[] sources, int offset, int length, 9.199 - ByteBuffer destination) throws IOException { 9.200 - 9.201 - if (writeCipher.authenticator.seqNumOverflow()) { 9.202 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 9.203 - SSLLogger.fine( 9.204 - "sequence number extremely close to overflow " + 9.205 - "(2^64-1 packets). Closing connection."); 9.206 - } 9.207 - 9.208 - throw new SSLHandshakeException("sequence number overflow"); 9.209 - } 9.210 - 9.211 - // Don't process the incoming record until all of the buffered records 9.212 - // get handled. May need retransmission if no sources specified. 9.213 - if (!isEmpty() || sources == null || sources.length == 0) { 9.214 - Ciphertext ct = acquireCiphertext(destination); 9.215 - if (ct != null) { 9.216 - return ct; 9.217 - } 9.218 - } 9.219 - 9.220 - if (sources == null || sources.length == 0) { 9.221 - return null; 9.222 - } 9.223 - 9.224 - int srcsRemains = 0; 9.225 - for (int i = offset; i < offset + length; i++) { 9.226 - srcsRemains += sources[i].remaining(); 9.227 - } 9.228 - 9.229 - if (srcsRemains == 0) { 9.230 - return null; 9.231 - } 9.232 - 9.233 - // not apply to handshake message 9.234 - int fragLen; 9.235 - if (packetSize > 0) { 9.236 - fragLen = Math.min(maxRecordSize, packetSize); 9.237 - fragLen = writeCipher.calculateFragmentSize( 9.238 - fragLen, headerSize); 9.239 - 9.240 - fragLen = Math.min(fragLen, Record.maxDataSize); 9.241 - } else { 9.242 - fragLen = Record.maxDataSize; 9.243 - } 9.244 - 9.245 - // Calculate more impact, for example TLS 1.3 padding. 9.246 - fragLen = calculateFragmentSize(fragLen); 9.247 - 9.248 - int dstPos = destination.position(); 9.249 - int dstLim = destination.limit(); 9.250 - int dstContent = dstPos + headerSize + 9.251 - writeCipher.getExplicitNonceSize(); 9.252 - destination.position(dstContent); 9.253 - 9.254 - int remains = Math.min(fragLen, destination.remaining()); 9.255 - fragLen = 0; 9.256 - int srcsLen = offset + length; 9.257 - for (int i = offset; (i < srcsLen) && (remains > 0); i++) { 9.258 - int amount = Math.min(sources[i].remaining(), remains); 9.259 - int srcLimit = sources[i].limit(); 9.260 - sources[i].limit(sources[i].position() + amount); 9.261 - destination.put(sources[i]); 9.262 - sources[i].limit(srcLimit); // restore the limit 9.263 - remains -= amount; 9.264 - fragLen += amount; 9.265 - } 9.266 - 9.267 - destination.limit(destination.position()); 9.268 - destination.position(dstContent); 9.269 - 9.270 - if (SSLLogger.isOn && SSLLogger.isOn("record")) { 9.271 - SSLLogger.fine( 9.272 - "WRITE: " + protocolVersion + " " + 9.273 - ContentType.APPLICATION_DATA.name + 9.274 - ", length = " + destination.remaining()); 9.275 - } 9.276 - 9.277 - // Encrypt the fragment and wrap up a record. 9.278 - long recordSN = encrypt(writeCipher, 9.279 - ContentType.APPLICATION_DATA.id, destination, 9.280 - dstPos, dstLim, headerSize, 9.281 - protocolVersion); 9.282 - 9.283 - if (SSLLogger.isOn && SSLLogger.isOn("packet")) { 9.284 - ByteBuffer temporary = destination.duplicate(); 9.285 - temporary.limit(temporary.position()); 9.286 - temporary.position(dstPos); 9.287 - SSLLogger.fine("Raw write", temporary); 9.288 - } 9.289 - 9.290 - // remain the limit unchanged 9.291 - destination.limit(dstLim); 9.292 - 9.293 - return new Ciphertext(ContentType.APPLICATION_DATA.id, 9.294 - SSLHandshake.NOT_APPLICABLE.id, recordSN); 9.295 - } 9.296 - 9.297 - private Ciphertext acquireCiphertext( 9.298 - ByteBuffer destination) throws IOException { 9.299 - if (fragmenter != null) { 9.300 - return fragmenter.acquireCiphertext(destination); 9.301 - } 9.302 - 9.303 - return null; 9.304 - } 9.305 - 9.306 - @Override 9.307 - boolean isEmpty() { 9.308 - return (fragmenter == null) || fragmenter.isEmpty(); 9.309 - } 9.310 - 9.311 - @Override 9.312 - void launchRetransmission() { 9.313 - // Note: Please don't retransmit if there are handshake messages 9.314 - // or alerts waiting in the queue. 9.315 - if ((fragmenter != null) && fragmenter.isRetransmittable()) { 9.316 - fragmenter.setRetransmission(); 9.317 - } 9.318 - } 9.319 - 9.320 - // buffered record fragment 9.321 - private static class RecordMemo { 9.322 - byte contentType; 9.323 - byte majorVersion; 9.324 - byte minorVersion; 9.325 - int encodeEpoch; 9.326 - SSLWriteCipher encodeCipher; 9.327 - 9.328 - byte[] fragment; 9.329 - } 9.330 - 9.331 - private static class HandshakeMemo extends RecordMemo { 9.332 - byte handshakeType; 9.333 - int messageSequence; 9.334 - int acquireOffset; 9.335 - } 9.336 - 9.337 - private final class DTLSFragmenter { 9.338 - private final LinkedList<RecordMemo> handshakeMemos = 9.339 - new LinkedList<>(); 9.340 - private int acquireIndex = 0; 9.341 - private int messageSequence = 0; 9.342 - private boolean flightIsReady = false; 9.343 - 9.344 - // Per section 4.1.1, RFC 6347: 9.345 - // 9.346 - // If repeated retransmissions do not result in a response, and the 9.347 - // PMTU is unknown, subsequent retransmissions SHOULD back off to a 9.348 - // smaller record size, fragmenting the handshake message as 9.349 - // appropriate. 9.350 - // 9.351 - // In this implementation, two times of retransmits would be attempted 9.352 - // before backing off. The back off is supported only if the packet 9.353 - // size is bigger than 256 bytes. 9.354 - private int retransmits = 2; // attemps of retransmits 9.355 - 9.356 - void queueUpHandshake(byte[] buf, 9.357 - int offset, int length) throws IOException { 9.358 - 9.359 - // Cleanup if a new flight starts. 9.360 - if (flightIsReady) { 9.361 - handshakeMemos.clear(); 9.362 - acquireIndex = 0; 9.363 - flightIsReady = false; 9.364 - } 9.365 - 9.366 - HandshakeMemo memo = new HandshakeMemo(); 9.367 - 9.368 - memo.contentType = ContentType.HANDSHAKE.id; 9.369 - memo.majorVersion = protocolVersion.major; 9.370 - memo.minorVersion = protocolVersion.minor; 9.371 - memo.encodeEpoch = writeEpoch; 9.372 - memo.encodeCipher = writeCipher; 9.373 - 9.374 - memo.handshakeType = buf[offset]; 9.375 - memo.messageSequence = messageSequence++; 9.376 - memo.acquireOffset = 0; 9.377 - memo.fragment = new byte[length - 4]; // 4: header size 9.378 - // 1: HandshakeType 9.379 - // 3: message length 9.380 - System.arraycopy(buf, offset + 4, memo.fragment, 0, length - 4); 9.381 - 9.382 - handshakeHashing(memo, memo.fragment); 9.383 - handshakeMemos.add(memo); 9.384 - 9.385 - if ((memo.handshakeType == SSLHandshake.CLIENT_HELLO.id) || 9.386 - (memo.handshakeType == SSLHandshake.HELLO_REQUEST.id) || 9.387 - (memo.handshakeType == 9.388 - SSLHandshake.HELLO_VERIFY_REQUEST.id) || 9.389 - (memo.handshakeType == SSLHandshake.SERVER_HELLO_DONE.id) || 9.390 - (memo.handshakeType == SSLHandshake.FINISHED.id)) { 9.391 - 9.392 - flightIsReady = true; 9.393 - } 9.394 - } 9.395 - 9.396 - void queueUpChangeCipherSpec() { 9.397 - 9.398 - // Cleanup if a new flight starts. 9.399 - if (flightIsReady) { 9.400 - handshakeMemos.clear(); 9.401 - acquireIndex = 0; 9.402 - flightIsReady = false; 9.403 - } 9.404 - 9.405 - RecordMemo memo = new RecordMemo(); 9.406 - 9.407 - memo.contentType = ContentType.CHANGE_CIPHER_SPEC.id; 9.408 - memo.majorVersion = protocolVersion.major; 9.409 - memo.minorVersion = protocolVersion.minor; 9.410 - memo.encodeEpoch = writeEpoch; 9.411 - memo.encodeCipher = writeCipher; 9.412 - 9.413 - memo.fragment = new byte[1]; 9.414 - memo.fragment[0] = 1; 9.415 - 9.416 - handshakeMemos.add(memo); 9.417 - } 9.418 - 9.419 - void queueUpAlert(byte level, byte description) throws IOException { 9.420 - RecordMemo memo = new RecordMemo(); 9.421 - 9.422 - memo.contentType = ContentType.ALERT.id; 9.423 - memo.majorVersion = protocolVersion.major; 9.424 - memo.minorVersion = protocolVersion.minor; 9.425 - memo.encodeEpoch = writeEpoch; 9.426 - memo.encodeCipher = writeCipher; 9.427 - 9.428 - memo.fragment = new byte[2]; 9.429 - memo.fragment[0] = level; 9.430 - memo.fragment[1] = description; 9.431 - 9.432 - handshakeMemos.add(memo); 9.433 - } 9.434 - 9.435 - Ciphertext acquireCiphertext(ByteBuffer dstBuf) throws IOException { 9.436 - if (isEmpty()) { 9.437 - if (isRetransmittable()) { 9.438 - setRetransmission(); // configure for retransmission 9.439 - } else { 9.440 - return null; 9.441 - } 9.442 - } 9.443 - 9.444 - RecordMemo memo = handshakeMemos.get(acquireIndex); 9.445 - HandshakeMemo hsMemo = null; 9.446 - if (memo.contentType == ContentType.HANDSHAKE.id) { 9.447 - hsMemo = (HandshakeMemo)memo; 9.448 - } 9.449 - 9.450 - // ChangeCipherSpec message is pretty small. Don't worry about 9.451 - // the fragmentation of ChangeCipherSpec record. 9.452 - int fragLen; 9.453 - if (packetSize > 0) { 9.454 - fragLen = Math.min(maxRecordSize, packetSize); 9.455 - fragLen = memo.encodeCipher.calculateFragmentSize( 9.456 - fragLen, 25); // 25: header size 9.457 - // 13: DTLS record 9.458 - // 12: DTLS handshake message 9.459 - fragLen = Math.min(fragLen, Record.maxDataSize); 9.460 - } else { 9.461 - fragLen = Record.maxDataSize; 9.462 - } 9.463 - 9.464 - // Calculate more impact, for example TLS 1.3 padding. 9.465 - fragLen = calculateFragmentSize(fragLen); 9.466 - 9.467 - int dstPos = dstBuf.position(); 9.468 - int dstLim = dstBuf.limit(); 9.469 - int dstContent = dstPos + headerSize + 9.470 - memo.encodeCipher.getExplicitNonceSize(); 9.471 - dstBuf.position(dstContent); 9.472 - 9.473 - if (hsMemo != null) { 9.474 - fragLen = Math.min(fragLen, 9.475 - (hsMemo.fragment.length - hsMemo.acquireOffset)); 9.476 - 9.477 - dstBuf.put(hsMemo.handshakeType); 9.478 - dstBuf.put((byte)((hsMemo.fragment.length >> 16) & 0xFF)); 9.479 - dstBuf.put((byte)((hsMemo.fragment.length >> 8) & 0xFF)); 9.480 - dstBuf.put((byte)(hsMemo.fragment.length & 0xFF)); 9.481 - dstBuf.put((byte)((hsMemo.messageSequence >> 8) & 0xFF)); 9.482 - dstBuf.put((byte)(hsMemo.messageSequence & 0xFF)); 9.483 - dstBuf.put((byte)((hsMemo.acquireOffset >> 16) & 0xFF)); 9.484 - dstBuf.put((byte)((hsMemo.acquireOffset >> 8) & 0xFF)); 9.485 - dstBuf.put((byte)(hsMemo.acquireOffset & 0xFF)); 9.486 - dstBuf.put((byte)((fragLen >> 16) & 0xFF)); 9.487 - dstBuf.put((byte)((fragLen >> 8) & 0xFF)); 9.488 - dstBuf.put((byte)(fragLen & 0xFF)); 9.489 - dstBuf.put(hsMemo.fragment, hsMemo.acquireOffset, fragLen); 9.490 - } else { 9.491 - fragLen = Math.min(fragLen, memo.fragment.length); 9.492 - dstBuf.put(memo.fragment, 0, fragLen); 9.493 - } 9.494 - 9.495 - dstBuf.limit(dstBuf.position()); 9.496 - dstBuf.position(dstContent); 9.497 - 9.498 - if (SSLLogger.isOn && SSLLogger.isOn("record")) { 9.499 - SSLLogger.fine( 9.500 - "WRITE: " + protocolVersion + " " + 9.501 - ContentType.nameOf(memo.contentType) + 9.502 - ", length = " + dstBuf.remaining()); 9.503 - } 9.504 - 9.505 - // Encrypt the fragment and wrap up a record. 9.506 - long recordSN = encrypt(memo.encodeCipher, 9.507 - memo.contentType, dstBuf, 9.508 - dstPos, dstLim, headerSize, 9.509 - ProtocolVersion.valueOf(memo.majorVersion, 9.510 - memo.minorVersion)); 9.511 - 9.512 - if (SSLLogger.isOn && SSLLogger.isOn("packet")) { 9.513 - ByteBuffer temporary = dstBuf.duplicate(); 9.514 - temporary.limit(temporary.position()); 9.515 - temporary.position(dstPos); 9.516 - SSLLogger.fine( 9.517 - "Raw write (" + temporary.remaining() + ")", temporary); 9.518 - } 9.519 - 9.520 - // remain the limit unchanged 9.521 - dstBuf.limit(dstLim); 9.522 - 9.523 - // Reset the fragmentation offset. 9.524 - if (hsMemo != null) { 9.525 - hsMemo.acquireOffset += fragLen; 9.526 - if (hsMemo.acquireOffset == hsMemo.fragment.length) { 9.527 - acquireIndex++; 9.528 - } 9.529 - 9.530 - return new Ciphertext(hsMemo.contentType, 9.531 - hsMemo.handshakeType, recordSN); 9.532 - } else { 9.533 - if (isCloseWaiting && 9.534 - memo.contentType == ContentType.ALERT.id) { 9.535 - close(); 9.536 - } 9.537 - 9.538 - acquireIndex++; 9.539 - return new Ciphertext(memo.contentType, 9.540 - SSLHandshake.NOT_APPLICABLE.id, recordSN); 9.541 - } 9.542 - } 9.543 - 9.544 - private void handshakeHashing(HandshakeMemo hsFrag, byte[] hsBody) { 9.545 - 9.546 - byte hsType = hsFrag.handshakeType; 9.547 - if (!handshakeHash.isHashable(hsType)) { 9.548 - // omitted from handshake hash computation 9.549 - return; 9.550 - } 9.551 - 9.552 - // calculate the DTLS header 9.553 - byte[] temporary = new byte[12]; // 12: handshake header size 9.554 - 9.555 - // Handshake.msg_type 9.556 - temporary[0] = hsFrag.handshakeType; 9.557 - 9.558 - // Handshake.length 9.559 - temporary[1] = (byte)((hsBody.length >> 16) & 0xFF); 9.560 - temporary[2] = (byte)((hsBody.length >> 8) & 0xFF); 9.561 - temporary[3] = (byte)(hsBody.length & 0xFF); 9.562 - 9.563 - // Handshake.message_seq 9.564 - temporary[4] = (byte)((hsFrag.messageSequence >> 8) & 0xFF); 9.565 - temporary[5] = (byte)(hsFrag.messageSequence & 0xFF); 9.566 - 9.567 - // Handshake.fragment_offset 9.568 - temporary[6] = 0; 9.569 - temporary[7] = 0; 9.570 - temporary[8] = 0; 9.571 - 9.572 - // Handshake.fragment_length 9.573 - temporary[9] = temporary[1]; 9.574 - temporary[10] = temporary[2]; 9.575 - temporary[11] = temporary[3]; 9.576 - 9.577 - handshakeHash.deliver(temporary, 0, 12); 9.578 - handshakeHash.deliver(hsBody, 0, hsBody.length); 9.579 - } 9.580 - 9.581 - boolean isEmpty() { 9.582 - if (!flightIsReady || handshakeMemos.isEmpty() || 9.583 - acquireIndex >= handshakeMemos.size()) { 9.584 - return true; 9.585 - } 9.586 - 9.587 - return false; 9.588 - } 9.589 - 9.590 - boolean hasAlert() { 9.591 - for (RecordMemo memo : handshakeMemos) { 9.592 - if (memo.contentType == ContentType.ALERT.id) { 9.593 - return true; 9.594 - } 9.595 - } 9.596 - 9.597 - return false; 9.598 - } 9.599 - 9.600 - boolean isRetransmittable() { 9.601 - return (flightIsReady && !handshakeMemos.isEmpty() && 9.602 - (acquireIndex >= handshakeMemos.size())); 9.603 - } 9.604 - 9.605 - private void setRetransmission() { 9.606 - acquireIndex = 0; 9.607 - for (RecordMemo memo : handshakeMemos) { 9.608 - if (memo instanceof HandshakeMemo) { 9.609 - HandshakeMemo hmemo = (HandshakeMemo)memo; 9.610 - hmemo.acquireOffset = 0; 9.611 - } 9.612 - } 9.613 - 9.614 - // Shrink packet size if: 9.615 - // 1. maximum fragment size is allowed, in which case the packet 9.616 - // size is configured bigger than maxRecordSize; 9.617 - // 2. maximum packet is bigger than 256 bytes; 9.618 - // 3. two times of retransmits have been attempted. 9.619 - if ((packetSize <= maxRecordSize) && 9.620 - (packetSize > 256) && ((retransmits--) <= 0)) { 9.621 - 9.622 - // shrink packet size 9.623 - shrinkPacketSize(); 9.624 - retransmits = 2; // attemps of retransmits 9.625 - } 9.626 - } 9.627 - 9.628 - private void shrinkPacketSize() { 9.629 - packetSize = Math.max(256, packetSize / 2); 9.630 - } 9.631 - } 9.632 -}
10.1 --- a/src/share/classes/sun/security/ssl/DTLSRecord.java Tue Aug 25 08:31:35 2020 +0300 10.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 10.3 @@ -1,77 +0,0 @@ 10.4 -/* 10.5 - * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. 10.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 10.7 - * 10.8 - * This code is free software; you can redistribute it and/or modify it 10.9 - * under the terms of the GNU General Public License version 2 only, as 10.10 - * published by the Free Software Foundation. Oracle designates this 10.11 - * particular file as subject to the "Classpath" exception as provided 10.12 - * by Oracle in the LICENSE file that accompanied this code. 10.13 - * 10.14 - * This code is distributed in the hope that it will be useful, but WITHOUT 10.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 10.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 10.17 - * version 2 for more details (a copy is included in the LICENSE file that 10.18 - * accompanied this code). 10.19 - * 10.20 - * You should have received a copy of the GNU General Public License version 10.21 - * 2 along with this work; if not, write to the Free Software Foundation, 10.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 10.23 - * 10.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 10.25 - * or visit www.oracle.com if you need additional information or have any 10.26 - * questions. 10.27 - */ 10.28 - 10.29 -package sun.security.ssl; 10.30 - 10.31 -/** 10.32 - * DTLS record 10.33 - */ 10.34 -interface DTLSRecord extends Record { 10.35 - 10.36 - static final int headerSize = 13; // DTLS record header 10.37 - 10.38 - static final int handshakeHeaderSize = 12; // DTLS handshake header 10.39 - 10.40 - /* 10.41 - * The size of the header plus the max IV length 10.42 - */ 10.43 - static final int headerPlusMaxIVSize = 10.44 - headerSize // header 10.45 - + maxIVLength; // iv 10.46 - 10.47 - /* 10.48 - * The maximum size that may be increased when translating plaintext to 10.49 - * ciphertext fragment. 10.50 - */ 10.51 - static final int maxPlaintextPlusSize = 10.52 - headerSize // header 10.53 - + maxIVLength // iv 10.54 - + maxMacSize // MAC or AEAD tag 10.55 - + maxPadding; // block cipher padding 10.56 - 10.57 - /* 10.58 - * the maximum record size 10.59 - */ 10.60 - static final int maxRecordSize = 10.61 - headerPlusMaxIVSize // header + iv 10.62 - + maxDataSize // data 10.63 - + maxPadding // padding 10.64 - + maxMacSize; // MAC or AEAD tag 10.65 - 10.66 - /* 10.67 - * Minimum record size of Certificate handshake message. 10.68 - * Client sends a certificate message containing no certificates if no 10.69 - * suitable certificate is available. That is, the certificate_list 10.70 - * structure has a length of zero. 10.71 - * 10.72 - * struct { 10.73 - * ASN.1Cert certificate_list<0..2^24-1>; 10.74 - * } Certificate; 10.75 - */ 10.76 - static final int minCertPlaintextSize = 10.77 - headerSize // record header 10.78 - + handshakeHeaderSize // handshake header 10.79 - + 3; // cert list length 10.80 -}
11.1 --- a/src/share/classes/sun/security/ssl/Finished.java Tue Aug 25 08:31:35 2020 +0300 11.2 +++ b/src/share/classes/sun/security/ssl/Finished.java Tue Aug 25 08:35:10 2020 +0300 11.3 @@ -183,10 +183,8 @@ 11.4 return VerifyDataScheme.SSL30; 11.5 case TLS10: 11.6 case TLS11: 11.7 - case DTLS10: 11.8 return VerifyDataScheme.TLS10; 11.9 case TLS12: 11.10 - case DTLS12: 11.11 return VerifyDataScheme.TLS12; 11.12 case TLS13: 11.13 return VerifyDataScheme.TLS13; 11.14 @@ -222,7 +220,7 @@ 11.15 } 11.16 } 11.17 11.18 - // TLS 1.0, TLS 1.1, DTLS 1.0 11.19 + // TLS 1.0, TLS 1.1 11.20 private static final 11.21 class T10VerifyDataGenerator implements VerifyDataGenerator { 11.22 @Override 11.23 @@ -416,7 +414,6 @@ 11.24 ChangeCipherSpec.t10Consumer); 11.25 chc.handshakeConsumers.put( 11.26 SSLHandshake.FINISHED.id, SSLHandshake.FINISHED); 11.27 - chc.conContext.inputRecord.expectingFinishFlight(); 11.28 } else { 11.29 if (chc.handshakeSession.isRejoinable()) { 11.30 ((SSLSessionContextImpl)chc.sslContext. 11.31 @@ -429,10 +426,7 @@ 11.32 // handshake context cleanup. 11.33 chc.handshakeFinished = true; 11.34 11.35 - // May need to retransmit the last flight for DTLS. 11.36 - if (!chc.sslContext.isDTLS()) { 11.37 - chc.conContext.finishHandshake(); 11.38 - } 11.39 + chc.conContext.finishHandshake(); 11.40 } 11.41 11.42 // The handshake message has been delivered. 11.43 @@ -471,7 +465,6 @@ 11.44 ChangeCipherSpec.t10Consumer); 11.45 shc.handshakeConsumers.put( 11.46 SSLHandshake.FINISHED.id, SSLHandshake.FINISHED); 11.47 - shc.conContext.inputRecord.expectingFinishFlight(); 11.48 } else { 11.49 if (shc.handshakeSession.isRejoinable()) { 11.50 ((SSLSessionContextImpl)shc.sslContext. 11.51 @@ -484,10 +477,7 @@ 11.52 // handshake context cleanup. 11.53 shc.handshakeFinished = true; 11.54 11.55 - // May need to retransmit the last flight for DTLS. 11.56 - if (!shc.sslContext.isDTLS()) { 11.57 - shc.conContext.finishHandshake(); 11.58 - } 11.59 + shc.conContext.finishHandshake(); 11.60 } 11.61 11.62 // The handshake message has been delivered. 11.63 @@ -553,10 +543,7 @@ 11.64 chc.handshakeFinished = true; 11.65 recordEvent(chc.conContext.conSession); 11.66 11.67 - // May need to retransmit the last flight for DTLS. 11.68 - if (!chc.sslContext.isDTLS()) { 11.69 - chc.conContext.finishHandshake(); 11.70 - } 11.71 + chc.conContext.finishHandshake(); 11.72 } else { 11.73 chc.handshakeProducers.put(SSLHandshake.FINISHED.id, 11.74 SSLHandshake.FINISHED); 11.75 @@ -613,10 +600,7 @@ 11.76 shc.handshakeFinished = true; 11.77 recordEvent(shc.conContext.conSession); 11.78 11.79 - // May need to retransmit the last flight for DTLS. 11.80 - if (!shc.sslContext.isDTLS()) { 11.81 - shc.conContext.finishHandshake(); 11.82 - } 11.83 + shc.conContext.finishHandshake(); 11.84 } else { 11.85 shc.handshakeProducers.put(SSLHandshake.FINISHED.id, 11.86 SSLHandshake.FINISHED); 11.87 @@ -1119,10 +1103,7 @@ 11.88 // handshake context cleanup. 11.89 shc.handshakeFinished = true; 11.90 11.91 - // May need to retransmit the last flight for DTLS. 11.92 - if (!shc.sslContext.isDTLS()) { 11.93 - shc.conContext.finishHandshake(); 11.94 - } 11.95 + shc.conContext.finishHandshake(); 11.96 recordEvent(shc.conContext.conSession); 11.97 11.98 //
12.1 --- a/src/share/classes/sun/security/ssl/HandshakeHash.java Tue Aug 25 08:31:35 2020 +0300 12.2 +++ b/src/share/classes/sun/security/ssl/HandshakeHash.java Tue Aug 25 08:35:10 2020 +0300 12.3 @@ -207,8 +207,7 @@ 12.4 } 12.5 12.6 public boolean isHashable(byte handshakeType) { 12.7 - return handshakeType != SSLHandshake.HELLO_REQUEST.id && 12.8 - handshakeType != SSLHandshake.HELLO_VERIFY_REQUEST.id; 12.9 + return handshakeType != SSLHandshake.HELLO_REQUEST.id; 12.10 } 12.11 12.12 interface TranscriptHash {
13.1 --- a/src/share/classes/sun/security/ssl/HelloCookieManager.java Tue Aug 25 08:31:35 2020 +0300 13.2 +++ b/src/share/classes/sun/security/ssl/HelloCookieManager.java Tue Aug 25 08:35:10 2020 +0300 13.3 @@ -32,7 +32,7 @@ 13.4 import static sun.security.ssl.ClientHello.ClientHelloMessage; 13.5 13.6 /** 13.7 - * (D)TLS handshake cookie manager 13.8 + * TLS handshake cookie manager 13.9 */ 13.10 abstract class HelloCookieManager { 13.11 13.12 @@ -40,8 +40,6 @@ 13.13 13.14 final SecureRandom secureRandom; 13.15 13.16 - private volatile D10HelloCookieManager d10HelloCookieManager; 13.17 - private volatile D13HelloCookieManager d13HelloCookieManager; 13.18 private volatile T13HelloCookieManager t13HelloCookieManager; 13.19 13.20 Builder(SecureRandom secureRandom) { 13.21 @@ -49,49 +47,19 @@ 13.22 } 13.23 13.24 HelloCookieManager valueOf(ProtocolVersion protocolVersion) { 13.25 - if (protocolVersion.isDTLS) { 13.26 - if (protocolVersion.useTLS13PlusSpec()) { 13.27 - if (d13HelloCookieManager != null) { 13.28 - return d13HelloCookieManager; 13.29 - } 13.30 - 13.31 - synchronized (this) { 13.32 - if (d13HelloCookieManager == null) { 13.33 - d13HelloCookieManager = 13.34 - new D13HelloCookieManager(secureRandom); 13.35 - } 13.36 - } 13.37 - 13.38 - return d13HelloCookieManager; 13.39 - } else { 13.40 - if (d10HelloCookieManager != null) { 13.41 - return d10HelloCookieManager; 13.42 - } 13.43 - 13.44 - synchronized (this) { 13.45 - if (d10HelloCookieManager == null) { 13.46 - d10HelloCookieManager = 13.47 - new D10HelloCookieManager(secureRandom); 13.48 - } 13.49 - } 13.50 - 13.51 - return d10HelloCookieManager; 13.52 - } 13.53 - } else { 13.54 - if (protocolVersion.useTLS13PlusSpec()) { 13.55 - if (t13HelloCookieManager != null) { 13.56 - return t13HelloCookieManager; 13.57 - } 13.58 - 13.59 - synchronized (this) { 13.60 - if (t13HelloCookieManager == null) { 13.61 - t13HelloCookieManager = 13.62 - new T13HelloCookieManager(secureRandom); 13.63 - } 13.64 - } 13.65 - 13.66 + if (protocolVersion.useTLS13PlusSpec()) { 13.67 + if (t13HelloCookieManager != null) { 13.68 return t13HelloCookieManager; 13.69 } 13.70 + 13.71 + synchronized (this) { 13.72 + if (t13HelloCookieManager == null) { 13.73 + t13HelloCookieManager = 13.74 + new T13HelloCookieManager(secureRandom); 13.75 + } 13.76 + } 13.77 + 13.78 + return t13HelloCookieManager; 13.79 } 13.80 13.81 return null; 13.82 @@ -104,99 +72,6 @@ 13.83 abstract boolean isCookieValid(ServerHandshakeContext context, 13.84 ClientHelloMessage clientHello, byte[] cookie) throws IOException; 13.85 13.86 - // DTLS 1.0/1.2 13.87 - private static final 13.88 - class D10HelloCookieManager extends HelloCookieManager { 13.89 - 13.90 - final SecureRandom secureRandom; 13.91 - private int cookieVersion; // allow to wrap, version + sequence 13.92 - private byte[] cookieSecret; 13.93 - private byte[] legacySecret; 13.94 - 13.95 - D10HelloCookieManager(SecureRandom secureRandom) { 13.96 - this.secureRandom = secureRandom; 13.97 - 13.98 - this.cookieVersion = secureRandom.nextInt(); 13.99 - this.cookieSecret = new byte[32]; 13.100 - this.legacySecret = new byte[32]; 13.101 - 13.102 - secureRandom.nextBytes(cookieSecret); 13.103 - System.arraycopy(cookieSecret, 0, legacySecret, 0, 32); 13.104 - } 13.105 - 13.106 - @Override 13.107 - byte[] createCookie(ServerHandshakeContext context, 13.108 - ClientHelloMessage clientHello) throws IOException { 13.109 - int version; 13.110 - byte[] secret; 13.111 - 13.112 - synchronized (this) { 13.113 - version = cookieVersion; 13.114 - secret = cookieSecret; 13.115 - 13.116 - // the cookie secret usage limit is 2^24 13.117 - if ((cookieVersion & 0xFFFFFF) == 0) { // reset the secret 13.118 - System.arraycopy(cookieSecret, 0, legacySecret, 0, 32); 13.119 - secureRandom.nextBytes(cookieSecret); 13.120 - } 13.121 - 13.122 - cookieVersion++; 13.123 - } 13.124 - 13.125 - MessageDigest md = JsseJce.getMessageDigest("SHA-256"); 13.126 - byte[] helloBytes = clientHello.getHelloCookieBytes(); 13.127 - md.update(helloBytes); 13.128 - byte[] cookie = md.digest(secret); // 32 bytes 13.129 - cookie[0] = (byte)((version >> 24) & 0xFF); 13.130 - 13.131 - return cookie; 13.132 - } 13.133 - 13.134 - @Override 13.135 - boolean isCookieValid(ServerHandshakeContext context, 13.136 - ClientHelloMessage clientHello, byte[] cookie) throws IOException { 13.137 - // no cookie exchange or not a valid cookie length 13.138 - if ((cookie == null) || (cookie.length != 32)) { 13.139 - return false; 13.140 - } 13.141 - 13.142 - byte[] secret; 13.143 - synchronized (this) { 13.144 - if (((cookieVersion >> 24) & 0xFF) == cookie[0]) { 13.145 - secret = cookieSecret; 13.146 - } else { 13.147 - secret = legacySecret; // including out of window cookies 13.148 - } 13.149 - } 13.150 - 13.151 - MessageDigest md = JsseJce.getMessageDigest("SHA-256"); 13.152 - byte[] helloBytes = clientHello.getHelloCookieBytes(); 13.153 - md.update(helloBytes); 13.154 - byte[] target = md.digest(secret); // 32 bytes 13.155 - target[0] = cookie[0]; 13.156 - 13.157 - return Arrays.equals(target, cookie); 13.158 - } 13.159 - } 13.160 - 13.161 - private static final 13.162 - class D13HelloCookieManager extends HelloCookieManager { 13.163 - D13HelloCookieManager(SecureRandom secureRandom) { 13.164 - } 13.165 - 13.166 - @Override 13.167 - byte[] createCookie(ServerHandshakeContext context, 13.168 - ClientHelloMessage clientHello) throws IOException { 13.169 - throw new UnsupportedOperationException("Not supported yet."); 13.170 - } 13.171 - 13.172 - @Override 13.173 - boolean isCookieValid(ServerHandshakeContext context, 13.174 - ClientHelloMessage clientHello, byte[] cookie) throws IOException { 13.175 - throw new UnsupportedOperationException("Not supported yet."); 13.176 - } 13.177 - } 13.178 - 13.179 private static final 13.180 class T13HelloCookieManager extends HelloCookieManager { 13.181
14.1 --- a/src/share/classes/sun/security/ssl/HelloVerifyRequest.java Tue Aug 25 08:31:35 2020 +0300 14.2 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 14.3 @@ -1,217 +0,0 @@ 14.4 -/* 14.5 - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. 14.6 - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 14.7 - * 14.8 - * This code is free software; you can redistribute it and/or modify it 14.9 - * under the terms of the GNU General Public License version 2 only, as 14.10 - * published by the Free Software Foundation. Oracle designates this 14.11 - * particular file as subject to the "Classpath" exception as provided 14.12 - * by Oracle in the LICENSE file that accompanied this code. 14.13 - * 14.14 - * This code is distributed in the hope that it will be useful, but WITHOUT 14.15 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14.16 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14.17 - * version 2 for more details (a copy is included in the LICENSE file that 14.18 - * accompanied this code). 14.19 - * 14.20 - * You should have received a copy of the GNU General Public License version 14.21 - * 2 along with this work; if not, write to the Free Software Foundation, 14.22 - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 14.23 - * 14.24 - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 14.25 - * or visit www.oracle.com if you need additional information or have any 14.26 - * questions. 14.27 - */ 14.28 - 14.29 -package sun.security.ssl; 14.30 - 14.31 -import java.io.IOException; 14.32 -import java.nio.ByteBuffer; 14.33 -import java.text.MessageFormat; 14.34 -import java.util.Locale; 14.35 -import sun.security.ssl.ClientHello.ClientHelloMessage; 14.36 -import sun.security.ssl.SSLHandshake.HandshakeMessage; 14.37 - 14.38 -/** 14.39 - * Pack of the HelloVerifyRequest handshake message. 14.40 - */ 14.41 -final class HelloVerifyRequest { 14.42 - static final SSLConsumer handshakeConsumer = 14.43 - new HelloVerifyRequestConsumer(); 14.44 - static final HandshakeProducer handshakeProducer = 14.45 - new HelloVerifyRequestProducer(); 14.46 - 14.47 - /** 14.48 - * The HelloVerifyRequest handshake message [RFC 6347]. 14.49 - */ 14.50 - static final class HelloVerifyRequestMessage extends HandshakeMessage { 14.51 - final int serverVersion; 14.52 - final byte[] cookie; 14.53 - 14.54 - HelloVerifyRequestMessage(HandshakeContext context, 14.55 - HandshakeMessage message) throws IOException { 14.56 - super(context); 14.57 - // This happens in server side only. 14.58 - ServerHandshakeContext shc = 14.59 - (ServerHandshakeContext)context; 14.60 - ClientHelloMessage clientHello = (ClientHelloMessage)message; 14.61 - 14.62 - HelloCookieManager hcMgr = 14.63 - shc.sslContext.getHelloCookieManager(ProtocolVersion.DTLS10); 14.64 - this.serverVersion = shc.clientHelloVersion; 14.65 - this.cookie = hcMgr.createCookie(shc, clientHello); 14.66 - } 14.67 - 14.68 - HelloVerifyRequestMessage(HandshakeContext context, 14.69 - ByteBuffer m) throws IOException { 14.70 - super(context); 14.71 - // This happens in client side only. 14.72 - ClientHandshakeContext chc = (ClientHandshakeContext)context; 14.73 - 14.74 - // struct { 14.75 - // ProtocolVersion server_version; 14.76 - // opaque cookie<0..2^8-1>; 14.77 - // } HelloVerifyRequest; 14.78 - if (m.remaining() < 3) { 14.79 - throw chc.conContext.fatal(Alert.ILLEGAL_PARAMETER, 14.80 - "Invalid HelloVerifyRequest: no sufficient data"); 14.81 - } 14.82 - 14.83 - byte major = m.get(); 14.84 - byte minor = m.get(); 14.85 - this.serverVersion = ((major & 0xFF) << 8) | (minor & 0xFF); 14.86 - this.cookie = Record.getBytes8(m); 14.87 - } 14.88 - 14.89 - @Override 14.90 - public SSLHandshake handshakeType() { 14.91 - return SSLHandshake.HELLO_VERIFY_REQUEST; 14.92 - } 14.93 - 14.94 - @Override 14.95 - public int messageLength() { 14.96 - return 3 + cookie.length; // 2: the length of protocol version 14.97 - // +1: the cookie length 14.98 - } 14.99 - 14.100 - @Override 14.101 - public void send(HandshakeOutStream hos) throws IOException { 14.102 - hos.putInt8((byte)((serverVersion >>> 8) & 0xFF)); 14.103 - hos.putInt8((byte)(serverVersion & 0xFF)); 14.104 - hos.putBytes8(cookie); 14.105 - } 14.106 - 14.107 - @Override 14.108 - public String toString() { 14.109 - MessageFormat messageFormat = new MessageFormat( 14.110 - "\"HelloVerifyRequest\": '{'\n" + 14.111 - " \"server version\" : \"{0}\",\n" + 14.112 - " \"cookie\" : \"{1}\",\n" + 14.113 - "'}'", 14.114 - Locale.ENGLISH); 14.115 - Object[] messageFields = { 14.116 - ProtocolVersion.nameOf(serverVersion), 14.117 - Utilities.toHexString(cookie), 14.118 - }; 14.119 - 14.120 - return messageFormat.format(messageFields); 14.121 - } 14.122 - } 14.123 - 14.124 - /** 14.125 - * The "HelloVerifyRequest" handshake message producer. 14.126 - */ 14.127 - private static final 14.128 - class HelloVerifyRequestProducer implements HandshakeProducer { 14.129 - // Prevent instantiation of this class. 14.130 - private HelloVerifyRequestProducer() { 14.131 - // blank 14.132 - } 14.133 - 14.134 - @Override 14.135 - public byte[] produce(ConnectionContext context, 14.136 - HandshakeMessage message) throws IOException { 14.137 - // The producing happens in server side only. 14.138 - ServerHandshakeContext shc = (ServerHandshakeContext)context; 14.139 - 14.140 - // clean up this producer 14.141 - shc.handshakeProducers.remove(SSLHandshake.HELLO_VERIFY_REQUEST.id); 14.142 - 14.143 - HelloVerifyRequestMessage hvrm = 14.144 - new HelloVerifyRequestMessage(shc, message); 14.145 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 14.146 - SSLLogger.fine( 14.147 - "Produced HelloVerifyRequest handshake message", hvrm); 14.148 - } 14.149 - 14.150 - // Output the handshake message. 14.151 - hvrm.write(shc.handshakeOutput); 14.152 - shc.handshakeOutput.flush(); 14.153 - 14.154 - // update the context 14.155 - 14.156 - // Stateless, clean up the handshake context as well? 14.157 - shc.handshakeHash.finish(); // forgot about the handshake hash 14.158 - shc.handshakeExtensions.clear(); 14.159 - 14.160 - // What's the expected response? 14.161 - shc.handshakeConsumers.put( 14.162 - SSLHandshake.CLIENT_HELLO.id, SSLHandshake.CLIENT_HELLO); 14.163 - 14.164 - // The handshake message has been delivered. 14.165 - return null; 14.166 - } 14.167 - } 14.168 - 14.169 - /** 14.170 - * The "HelloVerifyRequest" handshake message consumer. 14.171 - */ 14.172 - private static final class HelloVerifyRequestConsumer 14.173 - implements SSLConsumer { 14.174 - 14.175 - // Prevent instantiation of this class. 14.176 - private HelloVerifyRequestConsumer() { 14.177 - // blank 14.178 - } 14.179 - 14.180 - @Override 14.181 - public void consume(ConnectionContext context, 14.182 - ByteBuffer message) throws IOException { 14.183 - // The consuming happens in client side only. 14.184 - ClientHandshakeContext chc = (ClientHandshakeContext)context; 14.185 - 14.186 - // clean up this consumer 14.187 - chc.handshakeConsumers.remove(SSLHandshake.HELLO_VERIFY_REQUEST.id); 14.188 - if (!chc.handshakeConsumers.isEmpty()) { 14.189 - chc.handshakeConsumers.remove(SSLHandshake.SERVER_HELLO.id); 14.190 - } 14.191 - if (!chc.handshakeConsumers.isEmpty()) { 14.192 - throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, 14.193 - "No more message expected before " + 14.194 - "HelloVerifyRequest is processed"); 14.195 - } 14.196 - 14.197 - // Refresh handshake hash. 14.198 - chc.handshakeHash.finish(); // forgot about the handshake hash 14.199 - 14.200 - HelloVerifyRequestMessage hvrm = 14.201 - new HelloVerifyRequestMessage(chc, message); 14.202 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { 14.203 - SSLLogger.fine( 14.204 - "Consuming HelloVerifyRequest handshake message", hvrm); 14.205 - } 14.206 - 14.207 - // Note that HelloVerifyRequest.server_version is used solely to 14.208 - // indicate packet formatting, and not as part of version 14.209 - // negotiation. Need not to check version values match for 14.210 - // HelloVerifyRequest message. 14.211 - chc.initialClientHelloMsg.setHelloCookie(hvrm.cookie); 14.212 - 14.213 - // 14.214 - // produce response handshake message 14.215 - // 14.216 - SSLHandshake.CLIENT_HELLO.produce(context, hvrm); 14.217 - } 14.218 - } 14.219 -} 14.220 -
15.1 --- a/src/share/classes/sun/security/ssl/InputRecord.java Tue Aug 25 08:31:35 2020 +0300 15.2 +++ b/src/share/classes/sun/security/ssl/InputRecord.java Tue Aug 25 08:35:10 2020 +0300 15.3 @@ -35,7 +35,7 @@ 15.4 import sun.security.ssl.SSLCipher.SSLReadCipher; 15.5 15.6 /** 15.7 - * {@code InputRecord} takes care of the management of SSL/TLS/DTLS input 15.8 + * {@code InputRecord} takes care of the management of SSL/TLS input 15.9 * records, including buffering, decryption, handshake messages marshal, etc. 15.10 * 15.11 * @author David Brownell 15.12 @@ -73,20 +73,6 @@ 15.13 readCipher.authenticator.seqNumIsHuge(); 15.14 } 15.15 15.16 - boolean isEmpty() { 15.17 - return false; 15.18 - } 15.19 - 15.20 - // apply to DTLS SSLEngine 15.21 - void expectingFinishFlight() { 15.22 - // blank 15.23 - } 15.24 - 15.25 - // apply to DTLS SSLEngine 15.26 - void finishHandshake() { 15.27 - // blank 15.28 - } 15.29 - 15.30 /** 15.31 * Prevent any more data from being read into this record, 15.32 * and flag the record as holding no data. 15.33 @@ -147,12 +133,6 @@ 15.34 throw new UnsupportedOperationException(); 15.35 } 15.36 15.37 - // apply to DTLS SSLEngine only 15.38 - Plaintext acquirePlaintext() 15.39 - throws IOException, BadPaddingException { 15.40 - throw new UnsupportedOperationException(); 15.41 - } 15.42 - 15.43 // read, decrypt and decompress the network record. 15.44 // 15.45 abstract Plaintext[] decode(ByteBuffer[] srcs, int srcsOffset, 15.46 @@ -174,7 +154,6 @@ 15.47 // shared helpers 15.48 // 15.49 15.50 - // Not apply to DTLS 15.51 static ByteBuffer convertToClientHello(ByteBuffer packet) { 15.52 int srcPos = packet.position(); 15.53 15.54 @@ -330,7 +309,7 @@ 15.55 return ByteBuffer.wrap(converted, 5, pointer - 5); // 5: header size 15.56 } 15.57 15.58 - // Extract an SSL/(D)TLS record from the specified source buffers. 15.59 + // Extract an SSL/TLS record from the specified source buffers. 15.60 static ByteBuffer extract( 15.61 ByteBuffer[] buffers, int offset, int length, int headerSize) { 15.62
16.1 --- a/src/share/classes/sun/security/ssl/MaxFragExtension.java Tue Aug 25 08:31:35 2020 +0300 16.2 +++ b/src/share/classes/sun/security/ssl/MaxFragExtension.java Tue Aug 25 08:35:10 2020 +0300 16.3 @@ -190,12 +190,8 @@ 16.4 } else if (chc.sslConfig.maximumPacketSize != 0) { 16.5 // Maybe we can calculate the fragment size more accurate 16.6 // by condering the enabled cipher suites in the future. 16.7 - requestedMFLength = chc.sslConfig.maximumPacketSize; 16.8 - if (chc.sslContext.isDTLS()) { 16.9 - requestedMFLength -= DTLSRecord.maxPlaintextPlusSize; 16.10 - } else { 16.11 - requestedMFLength -= SSLRecord.maxPlaintextPlusSize; 16.12 - } 16.13 + requestedMFLength = chc.sslConfig.maximumPacketSize - 16.14 + SSLRecord.maxPlaintextPlusSize; 16.15 } else { 16.16 // Need no max_fragment_length extension. 16.17 requestedMFLength = -1; 16.18 @@ -303,8 +299,7 @@ 16.19 (shc.sslConfig.maximumPacketSize != 0)) { 16.20 int estimatedMaxFragSize = 16.21 shc.negotiatedCipherSuite.calculatePacketSize( 16.22 - shc.maxFragmentLength, shc.negotiatedProtocol, 16.23 - shc.sslContext.isDTLS()); 16.24 + shc.maxFragmentLength, shc.negotiatedProtocol); 16.25 if (estimatedMaxFragSize > shc.sslConfig.maximumPacketSize) { 16.26 // For better interoperability, abort the maximum 16.27 // fragment length negotiation, rather than terminate 16.28 @@ -417,8 +412,7 @@ 16.29 (chc.sslConfig.maximumPacketSize != 0)) { 16.30 int estimatedMaxFragSize = 16.31 chc.negotiatedCipherSuite.calculatePacketSize( 16.32 - chc.maxFragmentLength, chc.negotiatedProtocol, 16.33 - chc.sslContext.isDTLS()); 16.34 + chc.maxFragmentLength, chc.negotiatedProtocol); 16.35 if (estimatedMaxFragSize > chc.sslConfig.maximumPacketSize) { 16.36 // For better interoperability, abort the maximum 16.37 // fragment length negotiation, rather than terminate 16.38 @@ -476,8 +470,7 @@ 16.39 (shc.sslConfig.maximumPacketSize != 0)) { 16.40 int estimatedMaxFragSize = 16.41 shc.negotiatedCipherSuite.calculatePacketSize( 16.42 - shc.maxFragmentLength, shc.negotiatedProtocol, 16.43 - shc.sslContext.isDTLS()); 16.44 + shc.maxFragmentLength, shc.negotiatedProtocol); 16.45 if (estimatedMaxFragSize > shc.sslConfig.maximumPacketSize) { 16.46 // For better interoperability, abort the maximum 16.47 // fragment length negotiation, rather than terminate 16.48 @@ -588,8 +581,7 @@ 16.49 (chc.sslConfig.maximumPacketSize != 0)) { 16.50 int estimatedMaxFragSize = 16.51 chc.negotiatedCipherSuite.calculatePacketSize( 16.52 - chc.maxFragmentLength, chc.negotiatedProtocol, 16.53 - chc.sslContext.isDTLS()); 16.54 + chc.maxFragmentLength, chc.negotiatedProtocol); 16.55 if (estimatedMaxFragSize > chc.sslConfig.maximumPacketSize) { 16.56 // For better interoperability, abort the maximum 16.57 // fragment length negotiation, rather than terminate
17.1 --- a/src/share/classes/sun/security/ssl/OutputRecord.java Tue Aug 25 08:31:35 2020 +0300 17.2 +++ b/src/share/classes/sun/security/ssl/OutputRecord.java Tue Aug 25 08:35:10 2020 +0300 17.3 @@ -33,7 +33,7 @@ 17.4 import sun.security.ssl.SSLCipher.SSLWriteCipher; 17.5 17.6 /** 17.7 - * {@code OutputRecord} takes care of the management of SSL/(D)TLS 17.8 + * {@code OutputRecord} takes care of the management of SSL/TLS 17.9 * output records, including buffering, encryption, handshake 17.10 * messages marshal, etc. 17.11 * 17.12 @@ -212,21 +212,6 @@ 17.13 return packetSize; 17.14 } 17.15 17.16 - // apply to DTLS SSLEngine 17.17 - void initHandshaker() { 17.18 - // blank 17.19 - } 17.20 - 17.21 - // apply to DTLS SSLEngine 17.22 - void finishHandshake() { 17.23 - // blank 17.24 - } 17.25 - 17.26 - // apply to DTLS SSLEngine 17.27 - void launchRetransmission() { 17.28 - // blank 17.29 - } 17.30 - 17.31 @Override 17.32 public synchronized void close() throws IOException { 17.33 if (isClosed) { 17.34 @@ -272,71 +257,17 @@ 17.35 SSLWriteCipher encCipher, byte contentType, ByteBuffer destination, 17.36 int headerOffset, int dstLim, int headerSize, 17.37 ProtocolVersion protocolVersion) { 17.38 - boolean isDTLS = protocolVersion.isDTLS; 17.39 - if (isDTLS) { 17.40 - if (protocolVersion.useTLS13PlusSpec()) { 17.41 - return d13Encrypt(encCipher, 17.42 - contentType, destination, headerOffset, 17.43 - dstLim, headerSize, protocolVersion); 17.44 - } else { 17.45 - return d10Encrypt(encCipher, 17.46 - contentType, destination, headerOffset, 17.47 - dstLim, headerSize, protocolVersion); 17.48 - } 17.49 + if (protocolVersion.useTLS13PlusSpec()) { 17.50 + return t13Encrypt(encCipher, 17.51 + contentType, destination, headerOffset, 17.52 + dstLim, headerSize, protocolVersion); 17.53 } else { 17.54 - if (protocolVersion.useTLS13PlusSpec()) { 17.55 - return t13Encrypt(encCipher, 17.56 - contentType, destination, headerOffset, 17.57 - dstLim, headerSize, protocolVersion); 17.58 - } else { 17.59 - return t10Encrypt(encCipher, 17.60 - contentType, destination, headerOffset, 17.61 - dstLim, headerSize, protocolVersion); 17.62 - } 17.63 + return t10Encrypt(encCipher, 17.64 + contentType, destination, headerOffset, 17.65 + dstLim, headerSize, protocolVersion); 17.66 } 17.67 } 17.68 17.69 - private static long d13Encrypt( 17.70 - SSLWriteCipher encCipher, byte contentType, ByteBuffer destination, 17.71 - int headerOffset, int dstLim, int headerSize, 17.72 - ProtocolVersion protocolVersion) { 17.73 - throw new UnsupportedOperationException("Not supported yet."); 17.74 - } 17.75 - 17.76 - private static long d10Encrypt( 17.77 - SSLWriteCipher encCipher, byte contentType, ByteBuffer destination, 17.78 - int headerOffset, int dstLim, int headerSize, 17.79 - ProtocolVersion protocolVersion) { 17.80 - byte[] sequenceNumber = encCipher.authenticator.sequenceNumber(); 17.81 - encCipher.encrypt(contentType, destination); 17.82 - 17.83 - // Finish out the record header. 17.84 - int fragLen = destination.limit() - headerOffset - headerSize; 17.85 - 17.86 - destination.put(headerOffset, contentType); // content type 17.87 - destination.put(headerOffset + 1, protocolVersion.major); 17.88 - destination.put(headerOffset + 2, protocolVersion.minor); 17.89 - 17.90 - // epoch and sequence_number 17.91 - destination.put(headerOffset + 3, sequenceNumber[0]); 17.92 - destination.put(headerOffset + 4, sequenceNumber[1]); 17.93 - destination.put(headerOffset + 5, sequenceNumber[2]); 17.94 - destination.put(headerOffset + 6, sequenceNumber[3]); 17.95 - destination.put(headerOffset + 7, sequenceNumber[4]); 17.96 - destination.put(headerOffset + 8, sequenceNumber[5]); 17.97 - destination.put(headerOffset + 9, sequenceNumber[6]); 17.98 - destination.put(headerOffset + 10, sequenceNumber[7]); 17.99 - 17.100 - // fragment length 17.101 - destination.put(headerOffset + 11, (byte)(fragLen >> 8)); 17.102 - destination.put(headerOffset + 12, (byte)fragLen); 17.103 - 17.104 - // Update destination position to reflect the amount of data produced. 17.105 - destination.position(destination.limit()); 17.106 - 17.107 - return Authenticator.toLong(sequenceNumber); 17.108 - } 17.109 - 17.110 private static long t13Encrypt( 17.111 SSLWriteCipher encCipher, byte contentType, ByteBuffer destination, 17.112 int headerOffset, int dstLim, int headerSize,
18.1 --- a/src/share/classes/sun/security/ssl/ProtocolVersion.java Tue Aug 25 08:31:35 2020 +0300 18.2 +++ b/src/share/classes/sun/security/ssl/ProtocolVersion.java Tue Aug 25 08:35:10 2020 +0300 18.3 @@ -32,29 +32,25 @@ 18.4 import java.util.List; 18.5 18.6 /** 18.7 - * Enum for an SSL/TLS/DTLS protocol version. 18.8 + * Enum for an SSL/TLS protocol version. 18.9 * 18.10 * @author Andreas Sterbenz 18.11 * @since 1.4.1 18.12 */ 18.13 -enum ProtocolVersion { 18.14 - TLS13 (0x0304, "TLSv1.3", false), 18.15 - TLS12 (0x0303, "TLSv1.2", false), 18.16 - TLS11 (0x0302, "TLSv1.1", false), 18.17 - TLS10 (0x0301, "TLSv1", false), 18.18 - SSL30 (0x0300, "SSLv3", false), 18.19 - SSL20Hello (0x0002, "SSLv2Hello", false), 18.20 - 18.21 - DTLS12 (0xFEFD, "DTLSv1.2", true), 18.22 - DTLS10 (0xFEFF, "DTLSv1.0", true), 18.23 +public enum ProtocolVersion { 18.24 + TLS13 (0x0304, "TLSv1.3"), 18.25 + TLS12 (0x0303, "TLSv1.2"), 18.26 + TLS11 (0x0302, "TLSv1.1"), 18.27 + TLS10 (0x0301, "TLSv1"), 18.28 + SSL30 (0x0300, "SSLv3"), 18.29 + SSL20Hello (0x0002, "SSLv2Hello"), 18.30 18.31 // Dummy protocol version value for invalid SSLSession 18.32 - NONE (-1, "NONE", false); 18.33 + NONE (-1, "NONE"); 18.34 18.35 18.36 final int id; 18.37 final String name; 18.38 - final boolean isDTLS; 18.39 final byte major; 18.40 final byte minor; 18.41 final boolean isAvailable; 18.42 @@ -65,24 +61,24 @@ 18.43 // The limit of minimum protocol version 18.44 static final int LIMIT_MIN_VALUE = 0x0000; 18.45 18.46 - // (D)TLS ProtocolVersion array for TLS 1.0 and previous versions. 18.47 + // TLS ProtocolVersion array for TLS 1.0 and previous versions. 18.48 static final ProtocolVersion[] PROTOCOLS_TO_10 = new ProtocolVersion[] { 18.49 TLS10, SSL30 18.50 }; 18.51 18.52 - // (D)TLS ProtocolVersion array for TLS 1.1/DTLS 1.0 and previous versions. 18.53 + // TLS ProtocolVersion array for TLS 1.1 and previous versions. 18.54 static final ProtocolVersion[] PROTOCOLS_TO_11 = new ProtocolVersion[] { 18.55 - TLS11, TLS10, SSL30, DTLS10 18.56 + TLS11, TLS10, SSL30 18.57 }; 18.58 18.59 - // (D)TLS ProtocolVersion array for (D)TLS 1.2 and previous versions. 18.60 + // TLS ProtocolVersion array for TLS 1.2 and previous versions. 18.61 static final ProtocolVersion[] PROTOCOLS_TO_12 = new ProtocolVersion[] { 18.62 - TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 18.63 + TLS12, TLS11, TLS10, SSL30 18.64 }; 18.65 18.66 - // (D)TLS ProtocolVersion array for (D)TLS 1.3 and previous versions. 18.67 + // TLS ProtocolVersion array for TLS 1.3 and previous versions. 18.68 static final ProtocolVersion[] PROTOCOLS_TO_13 = new ProtocolVersion[] { 18.69 - TLS13, TLS12, TLS11, TLS10, SSL30, DTLS12, DTLS10 18.70 + TLS13, TLS12, TLS11, TLS10, SSL30 18.71 }; 18.72 18.73 // No protocol version specified. 18.74 @@ -90,44 +86,44 @@ 18.75 NONE 18.76 }; 18.77 18.78 - // (D)TLS ProtocolVersion array for SSL 3.0. 18.79 + // TLS ProtocolVersion array for SSL 3.0. 18.80 static final ProtocolVersion[] PROTOCOLS_OF_30 = new ProtocolVersion[] { 18.81 SSL30 18.82 }; 18.83 18.84 - // (D)TLS ProtocolVersion array for TLS 1.1/DTSL 1.0. 18.85 + // TLS ProtocolVersion array for TLS 1.1. 18.86 static final ProtocolVersion[] PROTOCOLS_OF_11 = new ProtocolVersion[] { 18.87 - TLS11, DTLS10 18.88 + TLS11 18.89 }; 18.90 18.91 - // (D)TLS ProtocolVersion array for (D)TLS 1.2. 18.92 + // TLS ProtocolVersion array for TLS 1.2. 18.93 static final ProtocolVersion[] PROTOCOLS_OF_12 = new ProtocolVersion[] { 18.94 - TLS12, DTLS12 18.95 + TLS12 18.96 }; 18.97 18.98 - // (D)TLS ProtocolVersion array for (D)TLS 1.3. 18.99 + // TLS ProtocolVersion array for TLS 1.3. 18.100 static final ProtocolVersion[] PROTOCOLS_OF_13 = new ProtocolVersion[] { 18.101 TLS13 18.102 }; 18.103 18.104 - // (D)TLS ProtocolVersion array for TSL 1.0/1.1 and DTLS 1.0. 18.105 + // TLS ProtocolVersion array for TSL 1.0/1.1. 18.106 static final ProtocolVersion[] PROTOCOLS_10_11 = new ProtocolVersion[] { 18.107 - TLS11, TLS10, DTLS10 18.108 + TLS11, TLS10 18.109 }; 18.110 18.111 - // (D)TLS ProtocolVersion array for TSL 1.1/1.2 and DTLS 1.0/1.2. 18.112 + // TLS ProtocolVersion array for TSL 1.1/1.2. 18.113 static final ProtocolVersion[] PROTOCOLS_11_12 = new ProtocolVersion[] { 18.114 - TLS12, TLS11, DTLS12, DTLS10 18.115 + TLS12, TLS11 18.116 }; 18.117 18.118 - // (D)TLS ProtocolVersion array for TSL 1.2/1.3 and DTLS 1.2/1.3. 18.119 + // TLS ProtocolVersion array for TSL 1.2/1.3. 18.120 static final ProtocolVersion[] PROTOCOLS_12_13 = new ProtocolVersion[] { 18.121 - TLS13, TLS12, DTLS12 18.122 + TLS13, TLS12 18.123 }; 18.124 18.125 - // (D)TLS ProtocolVersion array for TSL 1.0/1.1/1.2 and DTLS 1.0/1.2. 18.126 + // TLS ProtocolVersion array for TSL 1.0/1.1/1.2. 18.127 static final ProtocolVersion[] PROTOCOLS_10_12 = new ProtocolVersion[] { 18.128 - TLS12, TLS11, TLS10, DTLS12, DTLS10 18.129 + TLS12, TLS11, TLS10 18.130 }; 18.131 18.132 // TLS ProtocolVersion array for TLS 1.2 and previous versions. 18.133 @@ -148,10 +144,9 @@ 18.134 // Empty ProtocolVersion array 18.135 static final ProtocolVersion[] PROTOCOLS_EMPTY = new ProtocolVersion[0]; 18.136 18.137 - private ProtocolVersion(int id, String name, boolean isDTLS) { 18.138 + private ProtocolVersion(int id, String name) { 18.139 this.id = id; 18.140 this.name = name; 18.141 - this.isDTLS = isDTLS; 18.142 this.major = (byte)((id >>> 8) & 0xFF); 18.143 this.minor = (byte)(id & 0xFF); 18.144 18.145 @@ -188,7 +183,7 @@ 18.146 } 18.147 18.148 /** 18.149 - * Return name of a (D)TLS protocol specified by major and 18.150 + * Return name of a TLS protocol specified by major and 18.151 * minor version numbers. 18.152 */ 18.153 static String nameOf(byte major, byte minor) { 18.154 @@ -198,18 +193,18 @@ 18.155 } 18.156 } 18.157 18.158 - return "(D)TLS-" + major + "." + minor; 18.159 + return "TLS-" + major + "." + minor; 18.160 } 18.161 18.162 /** 18.163 - * Return name of a (D)TLS protocol specified by a protocol number. 18.164 + * Return name of a TLS protocol specified by a protocol number. 18.165 */ 18.166 static String nameOf(int id) { 18.167 return nameOf((byte)((id >>> 8) & 0xFF), (byte)(id & 0xFF)); 18.168 } 18.169 18.170 /** 18.171 - * Return a ProtocolVersion for the given (D)TLS protocol name. 18.172 + * Return a ProtocolVersion for the given TLS protocol name. 18.173 */ 18.174 static ProtocolVersion nameOf(String name) { 18.175 for (ProtocolVersion pv : ProtocolVersion.values()) { 18.176 @@ -222,24 +217,20 @@ 18.177 } 18.178 18.179 /** 18.180 - * Return true if the specific (D)TLS protocol is negotiable. 18.181 + * Return true if the specific TLS protocol is negotiable. 18.182 * 18.183 * Used to filter out SSLv2Hello and protocol numbers less than the 18.184 * minimal supported protocol versions. 18.185 */ 18.186 static boolean isNegotiable( 18.187 - byte major, byte minor, boolean isDTLS, boolean allowSSL20Hello) { 18.188 + byte major, byte minor, boolean allowSSL20Hello) { 18.189 int v = ((major & 0xFF) << 8) | (minor & 0xFF); 18.190 - if (isDTLS) { 18.191 - return v <= DTLS10.id; 18.192 - } else { 18.193 - if (v < SSL30.id) { 18.194 - if (!allowSSL20Hello || (v != SSL20Hello.id)) { 18.195 - return false; 18.196 - } 18.197 - } 18.198 - return true; 18.199 + if (v < SSL30.id) { 18.200 + if (!allowSSL20Hello || (v != SSL20Hello.id)) { 18.201 + return false; 18.202 + } 18.203 } 18.204 + return true; 18.205 } 18.206 18.207 /** 18.208 @@ -301,12 +292,12 @@ 18.209 18.210 /** 18.211 * Return true if the specific protocol version name is 18.212 - * of (D)TLS 1.2 or newer version. 18.213 + * of TLS 1.2 or newer version. 18.214 */ 18.215 static boolean useTLS12PlusSpec(String name) { 18.216 ProtocolVersion pv = ProtocolVersion.nameOf(name); 18.217 if (pv != null && pv != NONE) { 18.218 - return pv.isDTLS ? (pv.id <= DTLS12.id) : (pv.id >= TLS12.id); 18.219 + return pv.id >= TLS12.id; 18.220 } 18.221 18.222 return false; 18.223 @@ -328,35 +319,31 @@ 18.224 return 1; 18.225 } 18.226 18.227 - if (isDTLS) { 18.228 - return that.id - this.id; 18.229 - } else { 18.230 - return this.id - that.id; 18.231 - } 18.232 + return this.id - that.id; 18.233 } 18.234 18.235 /** 18.236 - * Return true if this ProtocolVersion object is of (D)TLS 1.3 or 18.237 + * Return true if this ProtocolVersion object is of TLS 1.3 or 18.238 * newer version. 18.239 */ 18.240 boolean useTLS13PlusSpec() { 18.241 - return isDTLS ? (this.id < DTLS12.id) : (this.id >= TLS13.id); 18.242 + return this.id >= TLS13.id; 18.243 } 18.244 18.245 /** 18.246 - * Return true if this ProtocolVersion object is of (D)TLS 1.2 or 18.247 + * Return true if this ProtocolVersion object is of TLS 1.2 or 18.248 * newer version. 18.249 */ 18.250 boolean useTLS12PlusSpec() { 18.251 - return isDTLS ? (this.id <= DTLS12.id) : (this.id >= TLS12.id); 18.252 + return this.id >= TLS12.id; 18.253 } 18.254 18.255 /** 18.256 * Return true if this ProtocolVersion object is of 18.257 - * TLS 1.1/DTLS 1.0 or newer version. 18.258 + * TLS 1.1 or newer version. 18.259 */ 18.260 boolean useTLS11PlusSpec() { 18.261 - return isDTLS ? true : (this.id >= TLS11.id); 18.262 + return this.id >= TLS11.id; 18.263 } 18.264 18.265 /** 18.266 @@ -364,23 +351,23 @@ 18.267 * newer version. 18.268 */ 18.269 boolean useTLS10PlusSpec() { 18.270 - return isDTLS ? true : (this.id >= TLS10.id); 18.271 + return this.id >= TLS10.id; 18.272 } 18.273 18.274 /** 18.275 * Return true if this ProtocolVersion object is of TLS 1.0 or 18.276 * newer version. 18.277 */ 18.278 - static boolean useTLS10PlusSpec(int id, boolean isDTLS) { 18.279 - return isDTLS ? true : (id >= TLS10.id); 18.280 + static boolean useTLS10PlusSpec(int id) { 18.281 + return id >= TLS10.id; 18.282 } 18.283 18.284 /** 18.285 - * Return true if this ProtocolVersion object is of (D)TLS 1.3 or 18.286 + * Return true if this ProtocolVersion object is of TLS 1.3 or 18.287 * newer version. 18.288 */ 18.289 - static boolean useTLS13PlusSpec(int id, boolean isDTLS) { 18.290 - return isDTLS ? (id < DTLS12.id) : (id >= TLS13.id); 18.291 + static boolean useTLS13PlusSpec(int id) { 18.292 + return id >= TLS13.id; 18.293 } 18.294 18.295 /** 18.296 @@ -396,10 +383,6 @@ 18.297 for (ProtocolVersion pv : listedVersions) { 18.298 if (pv.id == suggestedVersion) { 18.299 return pv; 18.300 - } else if (pv.isDTLS) { 18.301 - if (pv.id > suggestedVersion && pv.id < selectedVersion.id) { 18.302 - selectedVersion = pv; 18.303 - } 18.304 } else { 18.305 if (pv.id < suggestedVersion && pv.id > selectedVersion.id) { 18.306 selectedVersion = pv;
19.1 --- a/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Aug 25 08:31:35 2020 +0300 19.2 +++ b/src/share/classes/sun/security/ssl/RSAClientKeyExchange.java Tue Aug 25 08:35:10 2020 +0300 19.3 @@ -67,7 +67,7 @@ 19.4 this.encrypted = premaster.getEncoded( 19.5 publicKey, context.sslContext.getSecureRandom()); 19.6 this.useTLS10PlusSpec = ProtocolVersion.useTLS10PlusSpec( 19.7 - protocolVersion, context.sslContext.isDTLS()); 19.8 + protocolVersion); 19.9 } 19.10 19.11 RSAClientKeyExchangeMessage(HandshakeContext context, 19.12 @@ -81,7 +81,7 @@ 19.13 19.14 this.protocolVersion = context.clientHelloVersion; 19.15 this.useTLS10PlusSpec = ProtocolVersion.useTLS10PlusSpec( 19.16 - protocolVersion, context.sslContext.isDTLS()); 19.17 + protocolVersion); 19.18 if (useTLS10PlusSpec) { 19.19 this.encrypted = Record.getBytes16(m); 19.20 } else { // SSL 3.0
20.1 --- a/src/share/classes/sun/security/ssl/Record.java Tue Aug 25 08:31:35 2020 +0300 20.2 +++ b/src/share/classes/sun/security/ssl/Record.java Tue Aug 25 08:35:10 2020 +0300 20.3 @@ -30,7 +30,7 @@ 20.4 import javax.net.ssl.SSLException; 20.5 20.6 /** 20.7 - * SSL/(D)TLS record. 20.8 + * SSL/TLS record. 20.9 * 20.10 * This is the base interface, which defines common information and interfaces 20.11 * used by both Input and Output records.
21.1 --- a/src/share/classes/sun/security/ssl/SSLCipher.java Tue Aug 25 08:31:35 2020 +0300 21.2 +++ b/src/share/classes/sun/security/ssl/SSLCipher.java Tue Aug 25 08:35:10 2020 +0300 21.3 @@ -602,17 +602,6 @@ 21.4 } 21.5 } 21.6 21.7 - static final SSLReadCipher nullDTlsReadCipher() { 21.8 - try { 21.9 - return B_NULL.createReadCipher( 21.10 - Authenticator.nullDtlsMac(), 21.11 - ProtocolVersion.NONE, null, null, null); 21.12 - } catch (GeneralSecurityException gse) { 21.13 - // unlikely 21.14 - throw new RuntimeException("Cannot create NULL SSLCipher", gse); 21.15 - } 21.16 - } 21.17 - 21.18 abstract Plaintext decrypt(byte contentType, ByteBuffer bb, 21.19 byte[] sequence) throws GeneralSecurityException; 21.20 21.21 @@ -676,18 +665,6 @@ 21.22 } 21.23 } 21.24 21.25 - static final SSLWriteCipher nullDTlsWriteCipher() { 21.26 - try { 21.27 - return B_NULL.createWriteCipher( 21.28 - Authenticator.nullDtlsMac(), 21.29 - ProtocolVersion.NONE, null, null, null); 21.30 - } catch (GeneralSecurityException gse) { 21.31 - // unlikely 21.32 - throw new RuntimeException( 21.33 - "Cannot create NULL SSL write Cipher", gse); 21.34 - } 21.35 - } 21.36 - 21.37 void dispose() { 21.38 // blank 21.39 }
22.1 --- a/src/share/classes/sun/security/ssl/SSLConfiguration.java Tue Aug 25 08:31:35 2020 +0300 22.2 +++ b/src/share/classes/sun/security/ssl/SSLConfiguration.java Tue Aug 25 08:35:10 2020 +0300 22.3 @@ -48,7 +48,7 @@ 22.4 import sun.security.ssl.SSLExtension.ServerExtensions; 22.5 22.6 /** 22.7 - * SSL/(D)TLS configuration. 22.8 + * SSL/TLS configuration. 22.9 */ 22.10 final class SSLConfiguration implements Cloneable { 22.11 // configurations with SSLParameters 22.12 @@ -61,8 +61,7 @@ 22.13 Collection<SNIMatcher> sniMatchers; 22.14 String[] applicationProtocols; 22.15 boolean preferLocalCipherSuites; 22.16 - boolean enableRetransmissions; 22.17 - int maximumPacketSize; 22.18 + int maximumPacketSize = 0; 22.19 22.20 // the maximum protocol version of enabled protocols 22.21 ProtocolVersion maximumProtocolVersion; 22.22 @@ -131,8 +130,6 @@ 22.23 this.preferLocalCipherSuites = false; 22.24 22.25 this.applicationProtocols = new String[0]; 22.26 - this.enableRetransmissions = sslContext.isDTLS(); 22.27 - this.maximumPacketSize = 0; // please reset it explicitly later 22.28 22.29 this.maximumProtocolVersion = ProtocolVersion.NONE; 22.30 for (ProtocolVersion pv : enabledProtocols) { 22.31 @@ -186,8 +183,6 @@ 22.32 22.33 params.setApplicationProtocols(this.applicationProtocols); 22.34 params.setUseCipherSuitesOrder(this.preferLocalCipherSuites); 22.35 - params.setEnableRetransmissions(this.enableRetransmissions); 22.36 - params.setMaximumPacketSize(this.maximumPacketSize); 22.37 22.38 return params; 22.39 } 22.40 @@ -246,8 +241,6 @@ 22.41 } // otherwise, use the default values 22.42 22.43 this.preferLocalCipherSuites = params.getUseCipherSuitesOrder(); 22.44 - this.enableRetransmissions = params.getEnableRetransmissions(); 22.45 - this.maximumPacketSize = params.getMaximumPacketSize(); 22.46 } 22.47 22.48 // SSLSocket only
23.1 --- a/src/share/classes/sun/security/ssl/SSLContextImpl.java Tue Aug 25 08:31:35 2020 +0300 23.2 +++ b/src/share/classes/sun/security/ssl/SSLContextImpl.java Tue Aug 25 08:35:10 2020 +0300 23.3 @@ -292,9 +292,6 @@ 23.4 // Get default CipherSuite list for client mode. 23.5 abstract List<CipherSuite> getClientDefaultCipherSuites(); 23.6 23.7 - // Is the context for DTLS protocols? 23.8 - abstract boolean isDTLS(); 23.9 - 23.10 // Get default protocols. 23.11 List<ProtocolVersion> getDefaultProtocolVersions(boolean roleIsServer) { 23.12 return roleIsServer ? getServerDefaultProtocolVersions() 23.13 @@ -496,7 +493,7 @@ 23.14 } 23.15 23.16 /* 23.17 - * The SSLContext implementation for SSL/(D)TLS algorithm 23.18 + * The SSLContext implementation for SSL/TLS algorithm 23.19 * 23.20 * SSL/TLS protocols specify the forward compatibility and version 23.21 * roll-back attack protections, however, a number of SSL/TLS server 23.22 @@ -613,11 +610,6 @@ 23.23 return new SSLEngineImpl(this, host, port); 23.24 } 23.25 23.26 - @Override 23.27 - boolean isDTLS() { 23.28 - return false; 23.29 - } 23.30 - 23.31 static ProtocolVersion[] getSupportedProtocols() { 23.32 if (SunJSSE.isFIPS()) { 23.33 return new ProtocolVersion[] { 23.34 @@ -805,7 +797,7 @@ 23.35 } 23.36 23.37 /* 23.38 - * The interface for the customized SSL/(D)TLS SSLContext. 23.39 + * The interface for the customized SSL/TLS SSLContext. 23.40 * 23.41 * @see SSLContext 23.42 */ 23.43 @@ -925,9 +917,7 @@ 23.44 boolean client, List<ProtocolVersion> customized) { 23.45 List<ProtocolVersion> refactored = new ArrayList<>(); 23.46 for (ProtocolVersion pv : customized) { 23.47 - if (!pv.isDTLS) { 23.48 - refactored.add(pv); 23.49 - } 23.50 + refactored.add(pv); 23.51 } 23.52 23.53 // Use the default enabled protocols if no customization 23.54 @@ -1226,248 +1216,6 @@ 23.55 } 23.56 } 23.57 23.58 - /* 23.59 - * The base abstract SSLContext implementation for the Datagram Transport 23.60 - * Layer Security (DTLS) protocols. 23.61 - * 23.62 - * This abstract class encapsulates supported and the default server DTLS 23.63 - * parameters. 23.64 - * 23.65 - * @see SSLContext 23.66 - */ 23.67 - private abstract static class AbstractDTLSContext extends SSLContextImpl { 23.68 - private static final List<ProtocolVersion> supportedProtocols; 23.69 - private static final List<ProtocolVersion> serverDefaultProtocols; 23.70 - 23.71 - private static final List<CipherSuite> supportedCipherSuites; 23.72 - private static final List<CipherSuite> serverDefaultCipherSuites; 23.73 - 23.74 - static { 23.75 - // Both DTLSv1.0 and DTLSv1.2 can be used in FIPS mode. 23.76 - supportedProtocols = Arrays.asList( 23.77 - ProtocolVersion.DTLS12, 23.78 - ProtocolVersion.DTLS10 23.79 - ); 23.80 - 23.81 - // available protocols for server mode 23.82 - serverDefaultProtocols = getAvailableProtocols( 23.83 - new ProtocolVersion[] { 23.84 - ProtocolVersion.DTLS12, 23.85 - ProtocolVersion.DTLS10 23.86 - }); 23.87 - 23.88 - supportedCipherSuites = getApplicableSupportedCipherSuites( 23.89 - supportedProtocols); 23.90 - serverDefaultCipherSuites = getApplicableEnabledCipherSuites( 23.91 - serverDefaultProtocols, false); 23.92 - } 23.93 - 23.94 - @Override 23.95 - List<ProtocolVersion> getSupportedProtocolVersions() { 23.96 - return supportedProtocols; 23.97 - } 23.98 - 23.99 - @Override 23.100 - List<CipherSuite> getSupportedCipherSuites() { 23.101 - return supportedCipherSuites; 23.102 - } 23.103 - 23.104 - @Override 23.105 - List<ProtocolVersion> getServerDefaultProtocolVersions() { 23.106 - return serverDefaultProtocols; 23.107 - } 23.108 - 23.109 - @Override 23.110 - List<CipherSuite> getServerDefaultCipherSuites() { 23.111 - return serverDefaultCipherSuites; 23.112 - } 23.113 - 23.114 - @Override 23.115 - SSLEngine createSSLEngineImpl() { 23.116 - return new SSLEngineImpl(this); 23.117 - } 23.118 - 23.119 - @Override 23.120 - SSLEngine createSSLEngineImpl(String host, int port) { 23.121 - return new SSLEngineImpl(this, host, port); 23.122 - } 23.123 - 23.124 - @Override 23.125 - boolean isDTLS() { 23.126 - return true; 23.127 - } 23.128 - } 23.129 - 23.130 - /* 23.131 - * The SSLContext implementation for DTLSv1.0 algorithm. 23.132 - * 23.133 - * @see SSLContext 23.134 - */ 23.135 - public static final class DTLS10Context extends AbstractDTLSContext { 23.136 - private static final List<ProtocolVersion> clientDefaultProtocols; 23.137 - private static final List<CipherSuite> clientDefaultCipherSuites; 23.138 - 23.139 - static { 23.140 - // available protocols for client mode 23.141 - clientDefaultProtocols = getAvailableProtocols( 23.142 - new ProtocolVersion[] { 23.143 - ProtocolVersion.DTLS10 23.144 - }); 23.145 - 23.146 - clientDefaultCipherSuites = getApplicableEnabledCipherSuites( 23.147 - clientDefaultProtocols, true); 23.148 - } 23.149 - 23.150 - @Override 23.151 - List<ProtocolVersion> getClientDefaultProtocolVersions() { 23.152 - return clientDefaultProtocols; 23.153 - } 23.154 - 23.155 - @Override 23.156 - List<CipherSuite> getClientDefaultCipherSuites() { 23.157 - return clientDefaultCipherSuites; 23.158 - } 23.159 - } 23.160 - 23.161 - /* 23.162 - * The SSLContext implementation for DTLSv1.2 algorithm. 23.163 - * 23.164 - * @see SSLContext 23.165 - */ 23.166 - public static final class DTLS12Context extends AbstractDTLSContext { 23.167 - private static final List<ProtocolVersion> clientDefaultProtocols; 23.168 - private static final List<CipherSuite> clientDefaultCipherSuites; 23.169 - 23.170 - static { 23.171 - // available protocols for client mode 23.172 - clientDefaultProtocols = getAvailableProtocols( 23.173 - new ProtocolVersion[] { 23.174 - ProtocolVersion.DTLS12, 23.175 - ProtocolVersion.DTLS10 23.176 - }); 23.177 - 23.178 - clientDefaultCipherSuites = getApplicableEnabledCipherSuites( 23.179 - clientDefaultProtocols, true); 23.180 - } 23.181 - 23.182 - @Override 23.183 - List<ProtocolVersion> getClientDefaultProtocolVersions() { 23.184 - return clientDefaultProtocols; 23.185 - } 23.186 - 23.187 - @Override 23.188 - List<CipherSuite> getClientDefaultCipherSuites() { 23.189 - return clientDefaultCipherSuites; 23.190 - } 23.191 - } 23.192 - 23.193 - /* 23.194 - * The SSLContext implementation for customized TLS protocols 23.195 - * 23.196 - * @see SSLContext 23.197 - */ 23.198 - private static class CustomizedDTLSContext extends AbstractDTLSContext { 23.199 - private static final List<ProtocolVersion> clientDefaultProtocols; 23.200 - private static final List<ProtocolVersion> serverDefaultProtocols; 23.201 - private static final List<CipherSuite> clientDefaultCipherSuites; 23.202 - private static final List<CipherSuite> serverDefaultCipherSuites; 23.203 - 23.204 - private static IllegalArgumentException reservedException = null; 23.205 - 23.206 - // Don't want a java.lang.LinkageError for illegal system property. 23.207 - // 23.208 - // Please don't throw exception in this static block. Otherwise, 23.209 - // java.lang.LinkageError may be thrown during the instantiation of 23.210 - // the provider service. Instead, let's handle the initialization 23.211 - // exception in constructor. 23.212 - static { 23.213 - reservedException = CustomizedSSLProtocols.reservedException; 23.214 - if (reservedException == null) { 23.215 - clientDefaultProtocols = customizedProtocols(true, 23.216 - CustomizedSSLProtocols.customizedClientProtocols); 23.217 - serverDefaultProtocols = customizedProtocols(false, 23.218 - CustomizedSSLProtocols.customizedServerProtocols); 23.219 - 23.220 - clientDefaultCipherSuites = 23.221 - getApplicableEnabledCipherSuites( 23.222 - clientDefaultProtocols, true); 23.223 - serverDefaultCipherSuites = 23.224 - getApplicableEnabledCipherSuites( 23.225 - serverDefaultProtocols, false); 23.226 - 23.227 - } else { 23.228 - // unlikely to be used 23.229 - clientDefaultProtocols = null; 23.230 - serverDefaultProtocols = null; 23.231 - clientDefaultCipherSuites = null; 23.232 - serverDefaultCipherSuites = null; 23.233 - } 23.234 - } 23.235 - 23.236 - private static List<ProtocolVersion> customizedProtocols(boolean client, 23.237 - List<ProtocolVersion> customized) { 23.238 - List<ProtocolVersion> refactored = new ArrayList<>(); 23.239 - for (ProtocolVersion pv : customized) { 23.240 - if (pv.isDTLS) { 23.241 - refactored.add(pv); 23.242 - } 23.243 - } 23.244 - 23.245 - ProtocolVersion[] candidates; 23.246 - // Use the default enabled protocols if no customization 23.247 - if (refactored.isEmpty()) { 23.248 - candidates = new ProtocolVersion[]{ 23.249 - ProtocolVersion.DTLS12, 23.250 - ProtocolVersion.DTLS10 23.251 - }; 23.252 - if (!client) 23.253 - return Arrays.asList(candidates); 23.254 - } else { 23.255 - // Use the customized TLS protocols. 23.256 - candidates = 23.257 - new ProtocolVersion[customized.size()]; 23.258 - candidates = customized.toArray(candidates); 23.259 - } 23.260 - 23.261 - return getAvailableProtocols(candidates); 23.262 - } 23.263 - 23.264 - protected CustomizedDTLSContext() { 23.265 - if (reservedException != null) { 23.266 - throw reservedException; 23.267 - } 23.268 - } 23.269 - 23.270 - @Override 23.271 - List<ProtocolVersion> getClientDefaultProtocolVersions() { 23.272 - return clientDefaultProtocols; 23.273 - } 23.274 - 23.275 - @Override 23.276 - List<ProtocolVersion> getServerDefaultProtocolVersions() { 23.277 - return serverDefaultProtocols; 23.278 - } 23.279 - 23.280 - @Override 23.281 - List<CipherSuite> getClientDefaultCipherSuites() { 23.282 - return clientDefaultCipherSuites; 23.283 - } 23.284 - 23.285 - @Override 23.286 - List<CipherSuite> getServerDefaultCipherSuites() { 23.287 - return serverDefaultCipherSuites; 23.288 - } 23.289 - } 23.290 - 23.291 - /* 23.292 - * The SSLContext implementation for default "DTLS" algorithm 23.293 - * 23.294 - * @see SSLContext 23.295 - */ 23.296 - public static final class DTLSContext extends CustomizedDTLSContext { 23.297 - // use the default constructor and methods 23.298 - } 23.299 - 23.300 } 23.301 23.302 final class AbstractTrustManagerWrapper extends X509ExtendedTrustManager
24.1 --- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java Tue Aug 25 08:31:35 2020 +0300 24.2 +++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java Tue Aug 25 08:35:10 2020 +0300 24.3 @@ -1,5 +1,5 @@ 24.4 /* 24.5 - * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. 24.6 + * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. 24.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 24.8 * 24.9 * This code is free software; you can redistribute it and/or modify it 24.10 @@ -74,15 +74,9 @@ 24.11 super(host, port); 24.12 this.sslContext = sslContext; 24.13 HandshakeHash handshakeHash = new HandshakeHash(); 24.14 - if (sslContext.isDTLS()) { 24.15 - this.conContext = new TransportContext(sslContext, this, 24.16 - new DTLSInputRecord(handshakeHash), 24.17 - new DTLSOutputRecord(handshakeHash)); 24.18 - } else { 24.19 - this.conContext = new TransportContext(sslContext, this, 24.20 - new SSLEngineInputRecord(handshakeHash), 24.21 - new SSLEngineOutputRecord(handshakeHash)); 24.22 - } 24.23 + this.conContext = new TransportContext(sslContext, this, 24.24 + new SSLEngineInputRecord(handshakeHash), 24.25 + new SSLEngineOutputRecord(handshakeHash)); 24.26 24.27 // Server name indication is a connection scope extension. 24.28 if (host != null) { 24.29 @@ -166,18 +160,7 @@ 24.30 24.31 hsStatus = getHandshakeStatus(); 24.32 if (hsStatus == HandshakeStatus.NEED_UNWRAP) { 24.33 - /* 24.34 - * For DTLS, if the handshake state is 24.35 - * HandshakeStatus.NEED_UNWRAP, a call to SSLEngine.wrap() 24.36 - * means that the previous handshake packets (if delivered) 24.37 - * get lost, and need retransmit the handshake messages. 24.38 - */ 24.39 - if (!sslContext.isDTLS() || hc == null || 24.40 - !hc.sslConfig.enableRetransmissions || 24.41 - conContext.outputRecord.firstMessage) { 24.42 - 24.43 - return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 24.44 - } // otherwise, need retransmission 24.45 + return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 24.46 } 24.47 } 24.48 24.49 @@ -218,11 +201,8 @@ 24.50 try { 24.51 // Acquire the buffered to-be-delivered records or retransmissions. 24.52 // 24.53 - // May have buffered records, or need retransmission if handshaking. 24.54 - if (!conContext.outputRecord.isEmpty() || (hc != null && 24.55 - hc.sslConfig.enableRetransmissions && 24.56 - hc.sslContext.isDTLS() && 24.57 - hsStatus == HandshakeStatus.NEED_UNWRAP)) { 24.58 + // May have buffered records. 24.59 + if (!conContext.outputRecord.isEmpty()) { 24.60 ciphertext = encode(null, 0, 0, 24.61 dsts, dstsOffset, dstsLength); 24.62 } 24.63 @@ -259,8 +239,7 @@ 24.64 deltaDsts -= dsts[i].remaining(); 24.65 } 24.66 24.67 - return new SSLEngineResult(status, hsStatus, deltaSrcs, deltaDsts, 24.68 - ciphertext != null ? ciphertext.recordSN : -1L); 24.69 + return new SSLEngineResult(status, hsStatus, deltaSrcs, deltaDsts); 24.70 } 24.71 24.72 private Ciphertext encode( 24.73 @@ -283,30 +262,8 @@ 24.74 } 24.75 24.76 // Is the handshake completed? 24.77 - boolean needRetransmission = 24.78 - conContext.sslContext.isDTLS() && 24.79 - conContext.handshakeContext != null && 24.80 - conContext.handshakeContext.sslConfig.enableRetransmissions; 24.81 HandshakeStatus hsStatus = 24.82 tryToFinishHandshake(ciphertext.contentType); 24.83 - if (needRetransmission && 24.84 - hsStatus == HandshakeStatus.FINISHED && 24.85 - conContext.sslContext.isDTLS() && 24.86 - ciphertext.handshakeType == SSLHandshake.FINISHED.id) { 24.87 - // Retransmit the last flight for DTLS. 24.88 - // 24.89 - // The application data transactions may begin immediately 24.90 - // after the last flight. If the last flight get lost, the 24.91 - // application data may be discarded accordingly. As could 24.92 - // be an issue for some applications. This impact can be 24.93 - // mitigated by sending the last fligth twice. 24.94 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { 24.95 - SSLLogger.finest("retransmit the last flight messages"); 24.96 - } 24.97 - 24.98 - conContext.outputRecord.launchRetransmission(); 24.99 - hsStatus = HandshakeStatus.NEED_WRAP; 24.100 - } 24.101 24.102 if (hsStatus == null) { 24.103 hsStatus = conContext.getHandshakeStatus(); 24.104 @@ -501,30 +458,6 @@ 24.105 return new SSLEngineResult(Status.OK, hsStatus, 0, 0); 24.106 } 24.107 24.108 - if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_UNWRAP_AGAIN) { 24.109 - Plaintext plainText = null; 24.110 - try { 24.111 - plainText = decode(null, 0, 0, 24.112 - dsts, dstsOffset, dstsLength); 24.113 - } catch (IOException ioe) { 24.114 - if (ioe instanceof SSLException) { 24.115 - throw ioe; 24.116 - } else { 24.117 - throw new SSLException("readRecord", ioe); 24.118 - } 24.119 - } 24.120 - 24.121 - Status status = (isInboundDone() ? Status.CLOSED : Status.OK); 24.122 - if (plainText.handshakeStatus != null) { 24.123 - hsStatus = plainText.handshakeStatus; 24.124 - } else { 24.125 - hsStatus = getHandshakeStatus(); 24.126 - } 24.127 - 24.128 - return new SSLEngineResult( 24.129 - status, hsStatus, 0, 0, plainText.recordSN); 24.130 - } 24.131 - 24.132 int srcsRemains = 0; 24.133 for (int i = srcsOffset; i < srcsOffset + srcsLength; i++) { 24.134 srcsRemains += srcs[i].remaining(); 24.135 @@ -539,38 +472,13 @@ 24.136 * Check the packet to make sure enough is here. 24.137 * This will also indirectly check for 0 len packets. 24.138 */ 24.139 - int packetLen = 0; 24.140 - try { 24.141 - packetLen = conContext.inputRecord.bytesInCompletePacket( 24.142 - srcs, srcsOffset, srcsLength); 24.143 - } catch (SSLException ssle) { 24.144 - // Need to discard invalid records for DTLS protocols. 24.145 - if (sslContext.isDTLS()) { 24.146 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { 24.147 - SSLLogger.finest("Discard invalid DTLS records", ssle); 24.148 - } 24.149 - 24.150 - // invalid, discard the entire data [section 4.1.2.7, RFC 6347] 24.151 - int deltaNet = 0; 24.152 - // int deltaNet = netData.remaining(); 24.153 - // netData.position(netData.limit()); 24.154 - 24.155 - Status status = (isInboundDone() ? Status.CLOSED : Status.OK); 24.156 - if (hsStatus == null) { 24.157 - hsStatus = getHandshakeStatus(); 24.158 - } 24.159 - 24.160 - return new SSLEngineResult(status, hsStatus, deltaNet, 0, -1L); 24.161 - } else { 24.162 - throw ssle; 24.163 - } 24.164 - } 24.165 + int packetLen = conContext.inputRecord.bytesInCompletePacket( 24.166 + srcs, srcsOffset, srcsLength); 24.167 24.168 // Is this packet bigger than SSL/TLS normally allows? 24.169 if (packetLen > conContext.conSession.getPacketBufferSize()) { 24.170 - int largestRecordSize = sslContext.isDTLS() ? 24.171 - DTLSRecord.maxRecordSize : SSLRecord.maxLargeRecordSize; 24.172 - if ((packetLen <= largestRecordSize) && !sslContext.isDTLS()) { 24.173 + int largestRecordSize = SSLRecord.maxLargeRecordSize; 24.174 + if (packetLen <= largestRecordSize) { 24.175 // Expand the expected maximum packet/application buffer 24.176 // sizes. 24.177 // 24.178 @@ -657,8 +565,7 @@ 24.179 deltaApp -= dsts[i].remaining(); 24.180 } 24.181 24.182 - return new SSLEngineResult( 24.183 - status, hsStatus, deltaNet, deltaApp, plainText.recordSN); 24.184 + return new SSLEngineResult(status, hsStatus, deltaNet, deltaApp); 24.185 } 24.186 24.187 private Plaintext decode(
25.1 --- a/src/share/classes/sun/security/ssl/SSLEngineInputRecord.java Tue Aug 25 08:31:35 2020 +0300 25.2 +++ b/src/share/classes/sun/security/ssl/SSLEngineInputRecord.java Tue Aug 25 08:35:10 2020 +0300 25.3 @@ -93,7 +93,7 @@ 25.4 byte majorVersion = packet.get(pos + 1); 25.5 byte minorVersion = packet.get(pos + 2); 25.6 if (!ProtocolVersion.isNegotiable( 25.7 - majorVersion, minorVersion, false, false)) { 25.8 + majorVersion, minorVersion, false)) { 25.9 throw new SSLException("Unrecognized record version " + 25.10 ProtocolVersion.nameOf(majorVersion, minorVersion) + 25.11 " , plaintext connection?"); 25.12 @@ -128,7 +128,7 @@ 25.13 byte majorVersion = packet.get(pos + 3); 25.14 byte minorVersion = packet.get(pos + 4); 25.15 if (!ProtocolVersion.isNegotiable( 25.16 - majorVersion, minorVersion, false, false)) { 25.17 + majorVersion, minorVersion, false)) { 25.18 throw new SSLException("Unrecognized record version " + 25.19 ProtocolVersion.nameOf(majorVersion, minorVersion) + 25.20 " , plaintext connection?");
26.1 --- a/src/share/classes/sun/security/ssl/SSLExtensions.java Tue Aug 25 08:31:35 2020 +0300 26.2 +++ b/src/share/classes/sun/security/ssl/SSLExtensions.java Tue Aug 25 08:35:10 2020 +0300 26.3 @@ -34,7 +34,7 @@ 26.4 import sun.security.util.HexDumpEncoder; 26.5 26.6 /** 26.7 - * SSL/(D)TLS extensions in a handshake message. 26.8 + * SSL/TLS extensions in a handshake message. 26.9 */ 26.10 final class SSLExtensions { 26.11 private final HandshakeMessage handshakeMessage;
27.1 --- a/src/share/classes/sun/security/ssl/SSLHandshake.java Tue Aug 25 08:31:35 2020 +0300 27.2 +++ b/src/share/classes/sun/security/ssl/SSLHandshake.java Tue Aug 25 08:35:10 2020 +0300 27.3 @@ -97,21 +97,6 @@ 27.4 })), 27.5 27.6 @SuppressWarnings({"unchecked", "rawtypes"}) 27.7 - HELLO_VERIFY_REQUEST ((byte)0x03, "hello_verify_request", 27.8 - (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 27.9 - new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 27.10 - HelloVerifyRequest.handshakeConsumer, 27.11 - ProtocolVersion.PROTOCOLS_TO_12 27.12 - ) 27.13 - }), 27.14 - (Map.Entry<HandshakeProducer, ProtocolVersion[]>[])(new Map.Entry[] { 27.15 - new SimpleImmutableEntry<HandshakeProducer, ProtocolVersion[]>( 27.16 - HelloVerifyRequest.handshakeProducer, 27.17 - ProtocolVersion.PROTOCOLS_TO_12 27.18 - ) 27.19 - })), 27.20 - 27.21 - @SuppressWarnings({"unchecked", "rawtypes"}) 27.22 NEW_SESSION_TICKET ((byte)0x04, "new_session_ticket", 27.23 (Map.Entry<SSLConsumer, ProtocolVersion[]>[])(new Map.Entry[] { 27.24 new SimpleImmutableEntry<SSLConsumer, ProtocolVersion[]>( 27.25 @@ -498,11 +483,11 @@ 27.26 // For initial handshaking, including session resumption, 27.27 // ClientHello message is used as the kickstart message. 27.28 // 27.29 - // (D)TLS 1.2 and older protocols support renegotiation on existing 27.30 + // TLS 1.2 and older protocols support renegotiation on existing 27.31 // connections. A ClientHello messages is used to kickstart the 27.32 // renegotiation. 27.33 // 27.34 - // (D)TLS 1.3 forbids renegotiation. The post-handshake KeyUpdate 27.35 + // TLS 1.3 forbids renegotiation. The post-handshake KeyUpdate 27.36 // message is used to update the sending cryptographic keys. 27.37 if (context.conContext.isNegotiated && 27.38 context.conContext.protocolVersion.useTLS13PlusSpec()) { 27.39 @@ -518,10 +503,10 @@ 27.40 // The server side can delivering kickstart message after the 27.41 // connection has established. 27.42 // 27.43 - // (D)TLS 1.2 and older protocols use HelloRequest to begin a 27.44 + // TLS 1.2 and older protocols use HelloRequest to begin a 27.45 // negotiation process anew. 27.46 // 27.47 - // While (D)TLS 1.3 uses the post-handshake KeyUpdate message 27.48 + // While TLS 1.3 uses the post-handshake KeyUpdate message 27.49 // to update the sending cryptographic keys. 27.50 if (context.conContext.protocolVersion.useTLS13PlusSpec()) { 27.51 // Use KeyUpdate message for renegotiation.
28.1 --- a/src/share/classes/sun/security/ssl/SSLKeyExchange.java Tue Aug 25 08:31:35 2020 +0300 28.2 +++ b/src/share/classes/sun/security/ssl/SSLKeyExchange.java Tue Aug 25 08:35:10 2020 +0300 28.3 @@ -191,7 +191,7 @@ 28.4 } 28.5 } 28.6 28.7 - // SSL 3.0 - (D)TLS 1.2 28.8 + // SSL 3.0 - TLS 1.2 28.9 static SSLKeyExchange valueOf( 28.10 CipherSuite.KeyExchange keyExchange, 28.11 ProtocolVersion protocolVersion) { 28.12 @@ -209,7 +209,7 @@ 28.13 case K_DHE_DSS_EXPORT: 28.14 return SSLKeyExDHEDSSExport.KE; 28.15 case K_DHE_RSA: 28.16 - if (protocolVersion.useTLS12PlusSpec()) { // (D)TLS 1.2 28.17 + if (protocolVersion.useTLS12PlusSpec()) { // TLS 1.2 28.18 return SSLKeyExDHERSAOrPSS.KE; 28.19 } else { // SSL 3.0, TLS 1.0/1.1 28.20 return SSLKeyExDHERSA.KE; 28.21 @@ -227,7 +227,7 @@ 28.22 case K_ECDHE_ECDSA: 28.23 return SSLKeyExECDHEECDSA.KE; 28.24 case K_ECDHE_RSA: 28.25 - if (protocolVersion.useTLS12PlusSpec()) { // (D)TLS 1.2 28.26 + if (protocolVersion.useTLS12PlusSpec()) { // TLS 1.2 28.27 return SSLKeyExECDHERSAOrPSS.KE; 28.28 } else { // SSL 3.0, TLS 1.0/1.1 28.29 return SSLKeyExECDHERSA.KE;
29.1 --- a/src/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Tue Aug 25 08:31:35 2020 +0300 29.2 +++ b/src/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java Tue Aug 25 08:35:10 2020 +0300 29.3 @@ -53,10 +53,8 @@ 29.4 return SSLMasterKeyDerivation.SSL30; 29.5 case TLS10: 29.6 case TLS11: 29.7 - case DTLS10: 29.8 return SSLMasterKeyDerivation.TLS10; 29.9 case TLS12: 29.10 - case DTLS12: 29.11 return SSLMasterKeyDerivation.TLS12; 29.12 default: 29.13 return null; 29.14 @@ -96,29 +94,12 @@ 29.15 29.16 byte majorVersion = protocolVersion.major; 29.17 byte minorVersion = protocolVersion.minor; 29.18 - if (protocolVersion.isDTLS) { 29.19 - // Use TLS version number for DTLS key calculation 29.20 - if (protocolVersion.id == ProtocolVersion.DTLS10.id) { 29.21 - majorVersion = ProtocolVersion.TLS11.major; 29.22 - minorVersion = ProtocolVersion.TLS11.minor; 29.23 - 29.24 - masterAlg = "SunTlsMasterSecret"; 29.25 - hashAlg = H_NONE; 29.26 - } else { // DTLS 1.2 29.27 - majorVersion = ProtocolVersion.TLS12.major; 29.28 - minorVersion = ProtocolVersion.TLS12.minor; 29.29 - 29.30 - masterAlg = "SunTls12MasterSecret"; 29.31 - hashAlg = cipherSuite.hashAlg; 29.32 - } 29.33 + if (protocolVersion.id >= ProtocolVersion.TLS12.id) { 29.34 + masterAlg = "SunTls12MasterSecret"; 29.35 + hashAlg = cipherSuite.hashAlg; 29.36 } else { 29.37 - if (protocolVersion.id >= ProtocolVersion.TLS12.id) { 29.38 - masterAlg = "SunTls12MasterSecret"; 29.39 - hashAlg = cipherSuite.hashAlg; 29.40 - } else { 29.41 - masterAlg = "SunTlsMasterSecret"; 29.42 - hashAlg = H_NONE; 29.43 - } 29.44 + masterAlg = "SunTlsMasterSecret"; 29.45 + hashAlg = H_NONE; 29.46 } 29.47 29.48 TlsMasterSecretParameterSpec spec;
30.1 --- a/src/share/classes/sun/security/ssl/SSLSessionImpl.java Tue Aug 25 08:31:35 2020 +0300 30.2 +++ b/src/share/classes/sun/security/ssl/SSLSessionImpl.java Tue Aug 25 08:35:10 2020 +0300 30.3 @@ -912,8 +912,7 @@ 30.4 int packetSize = 0; 30.5 if (negotiatedMaxFragLen > 0) { 30.6 packetSize = cipherSuite.calculatePacketSize( 30.7 - negotiatedMaxFragLen, protocolVersion, 30.8 - protocolVersion.isDTLS); 30.9 + negotiatedMaxFragLen, protocolVersion); 30.10 } 30.11 30.12 if (maximumPacketSize > 0) { 30.13 @@ -925,12 +924,8 @@ 30.14 return packetSize; 30.15 } 30.16 30.17 - if (protocolVersion.isDTLS) { 30.18 - return DTLSRecord.maxRecordSize; 30.19 - } else { 30.20 - return acceptLargeFragments ? 30.21 - SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; 30.22 - } 30.23 + return acceptLargeFragments ? 30.24 + SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; 30.25 } 30.26 30.27 /** 30.28 @@ -944,8 +939,7 @@ 30.29 int fragmentSize = 0; 30.30 if (maximumPacketSize > 0) { 30.31 fragmentSize = cipherSuite.calculateFragSize( 30.32 - maximumPacketSize, protocolVersion, 30.33 - protocolVersion.isDTLS); 30.34 + maximumPacketSize, protocolVersion); 30.35 } 30.36 30.37 if (negotiatedMaxFragLen > 0) { 30.38 @@ -957,13 +951,9 @@ 30.39 return fragmentSize; 30.40 } 30.41 30.42 - if (protocolVersion.isDTLS) { 30.43 - return Record.maxDataSize; 30.44 - } else { 30.45 - int maxPacketSize = acceptLargeFragments ? 30.46 - SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; 30.47 - return (maxPacketSize - SSLRecord.headerSize); 30.48 - } 30.49 + int maxPacketSize = acceptLargeFragments ? 30.50 + SSLRecord.maxLargeRecordSize : SSLRecord.maxRecordSize; 30.51 + return (maxPacketSize - SSLRecord.headerSize); 30.52 } 30.53 30.54 /**
31.1 --- a/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Tue Aug 25 08:31:35 2020 +0300 31.2 +++ b/src/share/classes/sun/security/ssl/SSLSocketInputRecord.java Tue Aug 25 08:35:10 2020 +0300 31.3 @@ -93,7 +93,7 @@ 31.4 * Last sanity check that it's not a wild record 31.5 */ 31.6 if (!ProtocolVersion.isNegotiable( 31.7 - temporary[1], temporary[2], false, false)) { 31.8 + temporary[1], temporary[2], false)) { 31.9 throw new SSLException("Unrecognized record version " + 31.10 ProtocolVersion.nameOf(temporary[1], temporary[2]) + 31.11 " , plaintext connection?"); 31.12 @@ -123,7 +123,7 @@ 31.13 31.14 if (isShort && ((temporary[2] == 1) || (temporary[2] == 4))) { 31.15 if (!ProtocolVersion.isNegotiable( 31.16 - temporary[3], temporary[4], false, false)) { 31.17 + temporary[3], temporary[4], false)) { 31.18 throw new SSLException("Unrecognized record version " + 31.19 ProtocolVersion.nameOf(temporary[3], temporary[4]) + 31.20 " , plaintext connection?");
32.1 --- a/src/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Tue Aug 25 08:31:35 2020 +0300 32.2 +++ b/src/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java Tue Aug 25 08:35:10 2020 +0300 32.3 @@ -61,10 +61,8 @@ 32.4 return SSLTrafficKeyDerivation.SSL30; 32.5 case TLS10: 32.6 case TLS11: 32.7 - case DTLS10: 32.8 return SSLTrafficKeyDerivation.TLS10; 32.9 case TLS12: 32.10 - case DTLS12: 32.11 return SSLTrafficKeyDerivation.TLS12; 32.12 case TLS13: 32.13 return SSLTrafficKeyDerivation.TLS13; 32.14 @@ -233,32 +231,15 @@ 32.15 32.16 byte majorVersion = protocolVersion.major; 32.17 byte minorVersion = protocolVersion.minor; 32.18 - if (protocolVersion.isDTLS) { 32.19 - // Use TLS version number for DTLS key calculation 32.20 - if (protocolVersion.id == ProtocolVersion.DTLS10.id) { 32.21 - majorVersion = ProtocolVersion.TLS11.major; 32.22 - minorVersion = ProtocolVersion.TLS11.minor; 32.23 - 32.24 - keyMaterialAlg = "SunTlsKeyMaterial"; 32.25 - hashAlg = H_NONE; 32.26 - } else { // DTLS 1.2+ 32.27 - majorVersion = ProtocolVersion.TLS12.major; 32.28 - minorVersion = ProtocolVersion.TLS12.minor; 32.29 - 32.30 - keyMaterialAlg = "SunTls12KeyMaterial"; 32.31 - hashAlg = cipherSuite.hashAlg; 32.32 - } 32.33 + if (protocolVersion.id >= ProtocolVersion.TLS12.id) { 32.34 + keyMaterialAlg = "SunTls12KeyMaterial"; 32.35 + hashAlg = cipherSuite.hashAlg; 32.36 } else { 32.37 - if (protocolVersion.id >= ProtocolVersion.TLS12.id) { 32.38 - keyMaterialAlg = "SunTls12KeyMaterial"; 32.39 - hashAlg = cipherSuite.hashAlg; 32.40 - } else { 32.41 - keyMaterialAlg = "SunTlsKeyMaterial"; 32.42 - hashAlg = H_NONE; 32.43 - } 32.44 + keyMaterialAlg = "SunTlsKeyMaterial"; 32.45 + hashAlg = H_NONE; 32.46 } 32.47 32.48 - // TLS v1.1+ and DTLS use an explicit IV in CBC cipher suites to 32.49 + // TLS v1.1+ use an explicit IV in CBC cipher suites to 32.50 // protect against the CBC attacks. AEAD/GCM cipher suites in 32.51 // TLS v1.2 or later use a fixed IV as the implicit part of the 32.52 // partially implicit nonce technique described in RFC 5116.
33.1 --- a/src/share/classes/sun/security/ssl/SSLTransport.java Tue Aug 25 08:31:35 2020 +0300 33.2 +++ b/src/share/classes/sun/security/ssl/SSLTransport.java Tue Aug 25 08:35:10 2020 +0300 33.3 @@ -32,7 +32,7 @@ 33.4 import javax.net.ssl.SSLHandshakeException; 33.5 33.6 /** 33.7 - * Interface for SSL/(D)TLS transportation. 33.8 + * Interface for SSL/TLS transportation. 33.9 */ 33.10 interface SSLTransport { 33.11 33.12 @@ -67,7 +67,7 @@ 33.13 boolean useDelegatedTask(); 33.14 33.15 /** 33.16 - * Decodes an array of SSL/(D)TLS network source data into the 33.17 + * Decodes an array of SSL/TLS network source data into the 33.18 * destination application data buffers. 33.19 * 33.20 * For SSL/TLS connections, if no source data, the network data may be 33.21 @@ -108,11 +108,9 @@ 33.22 context.inputRecord.decode(srcs, srcsOffset, srcsLength); 33.23 } catch (UnsupportedOperationException unsoe) { // SSLv2Hello 33.24 // Hack code to deliver SSLv2 error message for SSL/TLS connections. 33.25 - if (!context.sslContext.isDTLS()) { 33.26 - context.outputRecord.encodeV2NoCipher(); 33.27 - if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 33.28 - SSLLogger.finest("may be talking to SSLv2"); 33.29 - } 33.30 + context.outputRecord.encodeV2NoCipher(); 33.31 + if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { 33.32 + SSLLogger.finest("may be talking to SSLv2"); 33.33 } 33.34 33.35 throw context.fatal(Alert.UNEXPECTED_MESSAGE, unsoe); 33.36 @@ -145,21 +143,8 @@ 33.37 Plaintext finalPlaintext = Plaintext.PLAINTEXT_NULL; 33.38 for (Plaintext plainText : plaintexts) { 33.39 // plainText should never be null for TLS protocols 33.40 - if (plainText == Plaintext.PLAINTEXT_NULL) { 33.41 - // Only happens for DTLS protocols. 33.42 - // 33.43 - // Received a retransmitted flight, and need to retransmit the 33.44 - // previous delivered handshake flight messages. 33.45 - if (context.handshakeContext != null && 33.46 - context.handshakeContext.sslConfig.enableRetransmissions && 33.47 - context.sslContext.isDTLS()) { 33.48 - if (SSLLogger.isOn && SSLLogger.isOn("ssl,verbose")) { 33.49 - SSLLogger.finest("retransmited handshake flight"); 33.50 - } 33.51 - 33.52 - context.outputRecord.launchRetransmission(); 33.53 - } // Otherwise, discard the retransmitted flight. 33.54 - } else if (plainText != null && 33.55 + if (plainText != null && 33.56 + plainText != Plaintext.PLAINTEXT_NULL && 33.57 plainText.contentType != ContentType.APPLICATION_DATA.id) { 33.58 context.dispatch(plainText); 33.59 }
34.1 --- a/src/share/classes/sun/security/ssl/ServerHello.java Tue Aug 25 08:31:35 2020 +0300 34.2 +++ b/src/share/classes/sun/security/ssl/ServerHello.java Tue Aug 25 08:35:10 2020 +0300 34.3 @@ -68,15 +68,8 @@ 34.4 private static final HandshakeConsumer t13HandshakeConsumer = 34.5 new T13ServerHelloConsumer(); 34.6 34.7 - private static final HandshakeConsumer d12HandshakeConsumer = 34.8 - new T12ServerHelloConsumer(); 34.9 - private static final HandshakeConsumer d13HandshakeConsumer = 34.10 - new T13ServerHelloConsumer(); 34.11 - 34.12 private static final HandshakeConsumer t13HrrHandshakeConsumer = 34.13 new T13HelloRetryRequestConsumer(); 34.14 - private static final HandshakeConsumer d13HrrHandshakeConsumer = 34.15 - new T13HelloRetryRequestConsumer(); 34.16 34.17 /** 34.18 * The ServerHello handshake message. 34.19 @@ -856,11 +849,6 @@ 34.20 // clean up this consumer 34.21 chc.handshakeConsumers.remove(SSLHandshake.SERVER_HELLO.id); 34.22 if (!chc.handshakeConsumers.isEmpty()) { 34.23 - // DTLS 1.0/1.2 34.24 - chc.handshakeConsumers.remove( 34.25 - SSLHandshake.HELLO_VERIFY_REQUEST.id); 34.26 - } 34.27 - if (!chc.handshakeConsumers.isEmpty()) { 34.28 throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, 34.29 "No more message expected before ServerHello is processed"); 34.30 } 34.31 @@ -922,11 +910,7 @@ 34.32 // Clean up before producing new client key share possessions. 34.33 chc.handshakePossessions.clear(); 34.34 34.35 - if (serverVersion.isDTLS) { 34.36 - d13HrrHandshakeConsumer.consume(chc, helloRetryRequest); 34.37 - } else { 34.38 - t13HrrHandshakeConsumer.consume(chc, helloRetryRequest); 34.39 - } 34.40 + t13HrrHandshakeConsumer.consume(chc, helloRetryRequest); 34.41 } 34.42 34.43 private void onServerHello(ClientHandshakeContext chc, 34.44 @@ -973,26 +957,14 @@ 34.45 } 34.46 34.47 // Consume the handshake message for the specific protocol version. 34.48 - if (serverVersion.isDTLS) { 34.49 - if (serverVersion.useTLS13PlusSpec()) { 34.50 - d13HandshakeConsumer.consume(chc, serverHello); 34.51 - } else { 34.52 - // TLS 1.3 key share extension may have produced client 34.53 - // possessions for TLS 1.3 key exchanges. 34.54 - chc.handshakePossessions.clear(); 34.55 + if (serverVersion.useTLS13PlusSpec()) { 34.56 + t13HandshakeConsumer.consume(chc, serverHello); 34.57 + } else { 34.58 + // TLS 1.3 key share extension may have produced client 34.59 + // possessions for TLS 1.3 key exchanges. 34.60 + chc.handshakePossessions.clear(); 34.61 34.62 - d12HandshakeConsumer.consume(chc, serverHello); 34.63 - } 34.64 - } else { 34.65 - if (serverVersion.useTLS13PlusSpec()) { 34.66 - t13HandshakeConsumer.consume(chc, serverHello); 34.67 - } else { 34.68 - // TLS 1.3 key share extension may have produced client 34.69 - // possessions for TLS 1.3 key exchanges. 34.70 - chc.handshakePossessions.clear(); 34.71 - 34.72 - t12HandshakeConsumer.consume(chc, serverHello); 34.73 - } 34.74 + t12HandshakeConsumer.consume(chc, serverHello); 34.75 } 34.76 } 34.77 }
35.1 --- a/src/share/classes/sun/security/ssl/StatusResponseManager.java Tue Aug 25 08:31:35 2020 +0300 35.2 +++ b/src/share/classes/sun/security/ssl/StatusResponseManager.java Tue Aug 25 08:35:10 2020 +0300 35.3 @@ -780,7 +780,7 @@ 35.4 // If multiple ocsp or ocsp_multi types exist, select the first 35.5 // instance of a given type. Also since we don't support ResponderId 35.6 // selection yet, only accept a request if the ResponderId field 35.7 - // is empty. Finally, we'll only do this in (D)TLS 1.2 or earlier. 35.8 + // is empty. Finally, we'll only do this in TLS 1.2 or earlier. 35.9 if (statReqV2 != null && !shc.negotiatedProtocol.useTLS13PlusSpec()) { 35.10 if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake,verbose")) { 35.11 SSLLogger.fine("SH Processing status_request_v2 extension");
36.1 --- a/src/share/classes/sun/security/ssl/TransportContext.java Tue Aug 25 08:31:35 2020 +0300 36.2 +++ b/src/share/classes/sun/security/ssl/TransportContext.java Tue Aug 25 08:35:10 2020 +0300 36.3 @@ -42,7 +42,7 @@ 36.4 import sun.security.ssl.SupportedGroupsExtension.NamedGroup; 36.5 36.6 /** 36.7 - * SSL/(D)TLS transportation context. 36.8 + * SSL/TLS transportation context. 36.9 */ 36.10 class TransportContext implements ConnectionContext { 36.11 final SSLTransport transport; 36.12 @@ -177,7 +177,6 @@ 36.13 handshakeContext = sslConfig.isClientMode ? 36.14 new ClientHandshakeContext(sslContext, this) : 36.15 new ServerHandshakeContext(sslContext, this); 36.16 - outputRecord.initHandshaker(); 36.17 } 36.18 } 36.19 handshakeContext.dispatch(type, plaintext); 36.20 @@ -221,7 +220,6 @@ 36.21 handshakeContext = sslConfig.isClientMode ? 36.22 new ClientHandshakeContext(sslContext, this) : 36.23 new ServerHandshakeContext(sslContext, this); 36.24 - outputRecord.initHandshaker(); 36.25 } 36.26 } 36.27 36.28 @@ -574,12 +572,7 @@ 36.29 if (!handshakeContext.delegatedActions.isEmpty()) { 36.30 return HandshakeStatus.NEED_TASK; 36.31 } else if (!isInboundClosed()) { 36.32 - if (sslContext.isDTLS() && 36.33 - !inputRecord.isEmpty()) { 36.34 - return HandshakeStatus.NEED_UNWRAP_AGAIN; 36.35 - } else { 36.36 - return HandshakeStatus.NEED_UNWRAP; 36.37 - } 36.38 + return HandshakeStatus.NEED_UNWRAP; 36.39 } else if (!isOutboundClosed()) { 36.40 // Special case that the inbound was closed, but outbound open. 36.41 return HandshakeStatus.NEED_WRAP; 36.42 @@ -608,8 +601,6 @@ 36.43 36.44 handshakeContext = null; 36.45 outputRecord.handshakeHash.finish(); 36.46 - inputRecord.finishHandshake(); 36.47 - outputRecord.finishHandshake(); 36.48 isNegotiated = true; 36.49 36.50 // Tell folk about handshake completion, but do it in a separate thread.