8232581: Improve TLS verification

Reviewed-by: xuelei, rhalade, mschoene

8232581: Improve TLS verification
Reviewed-by: xuelei, rhalade, mschoene
4008884e · jnimeh · a75facba · 4008884e · 4008884e · 4008884e
3 changed file
--- a/src/java.base/share/classes/sun/security/ssl/Alert.java
+++ b/src/java.base/share/classes/sun/security/ssl/Alert.java
@@ -265,7 +265,7 @@ enum Alert {
                    // It's OK to get a no_certificate alert from a client of
                    // which we requested client authentication.  However,
                    // if we required it, then this is not acceptable.
-                     if (tc.sslConfig.isClientMode ||
+                    if (tc.sslConfig.isClientMode ||
                            alert != Alert.NO_CERTIFICATE ||
                            (tc.sslConfig.clientAuthType !=
                                    ClientAuthType.CLIENT_AUTH_REQUESTED)) {
@@ -273,8 +273,10 @@ enum Alert {
                            "received handshake warning: " + alert.description);
                    } else {
                        // Otherwise ignore the warning but remove the
-                        // CertificateVerify handshake consumer so the state
-                        // machine doesn't expect it.
+                        // Certificate and CertificateVerify handshake
+                        // consumer so the state machine doesn't expect it.
+                        tc.handshakeContext.handshakeConsumers.remove(
+                                SSLHandshake.CERTIFICATE.id);
                        tc.handshakeContext.handshakeConsumers.remove(
                                SSLHandshake.CERTIFICATE_VERIFY.id);
                    }

--- a/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
@@ -90,6 +90,16 @@ final class ClientKeyExchange {
            ServerHandshakeContext shc = (ServerHandshakeContext)context;
            // clean up this consumer
            shc.handshakeConsumers.remove(SSLHandshake.CLIENT_KEY_EXCHANGE.id);
+
+            // Check for an unprocessed client Certificate message.  If that
+            // handshake consumer is still present then that expected message
+            // was not sent.
+            if (shc.handshakeConsumers.containsKey(
+                    SSLHandshake.CERTIFICATE.id)) {
+                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected ClientKeyExchange handshake message.");
+            }
+
            SSLKeyExchange ke = SSLKeyExchange.valueOf(
                    shc.negotiatedCipherSuite.keyExchange,
                    shc.negotiatedProtocol);

--- a/src/java.base/share/classes/sun/security/ssl/Finished.java
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java
@@ -885,6 +885,8 @@ final class Finished {
            // has been received and processed.
            if (!chc.isResumption) {
                if (chc.handshakeConsumers.containsKey(
+                        SSLHandshake.CERTIFICATE.id) ||
+                    chc.handshakeConsumers.containsKey(
                        SSLHandshake.CERTIFICATE_VERIFY.id)) {
                    throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                            "Unexpected Finished handshake message");
@@ -1017,6 +1019,8 @@ final class Finished {
            // has been received and processed.
            if (!shc.isResumption) {
                if (shc.handshakeConsumers.containsKey(
+                        SSLHandshake.CERTIFICATE.id) ||
+                    shc.handshakeConsumers.containsKey(
                        SSLHandshake.CERTIFICATE_VERIFY.id)) {
                    throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                            "Unexpected Finished handshake message");