8182621: JSSE should reject empty TLS plaintexts

mpdonova · XueleiFan · commit 39398075b719 · 2023-04-11T04:21:17.000Z
Reviewed-by: xuelei
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -263,6 +263,12 @@ private Plaintext[] decodeInputRecord(ByteBuffer packet)
         // parse handshake messages
         //
         if (contentType == ContentType.HANDSHAKE.id) {
+            if (contentLen == 0) {
+                // From RFC 8446: "Implementations MUST NOT send zero-length fragments
+                // of Handshake types, even if those fragments contain padding."
+                throw new SSLProtocolException("Handshake packets must not be zero-length");
+            }
+
             ByteBuffer handshakeFrag = fragment;
             if ((handshakeBuffer != null) &&
                     (handshakeBuffer.remaining() != 0)) {
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java b/src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2023, Oracle and/or its affiliates. All rights reserved.
  * Copyright (c) 2020, Azul Systems, Inc. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
@@ -284,6 +284,12 @@ private Plaintext[] decodeInputRecord() throws IOException, BadPaddingException
         //
         if (contentType == ContentType.HANDSHAKE.id) {
             ByteBuffer handshakeFrag = fragment;
+            if (contentLen == 0) {
+                // From RFC 8446: "Implementations MUST NOT send zero-length fragments
+                // of Handshake types, even if those fragments contain padding."
+                throw new SSLProtocolException("Handshake fragments must not be zero length.");
+            }
+
             if ((handshakeBuffer != null) &&
                     (handshakeBuffer.remaining() != 0)) {
                 ByteBuffer bb = ByteBuffer.wrap(new byte[
diff --git a/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineEmptyFragments.java b/test/jdk/sun/security/ssl/SSLEngineImpl/SSLEngineEmptyFragments.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8182621
+ * @summary Verify the SSLEngine rejects empty Handshake, Alert, and ChangeCipherSpec messages.
+ * @library /javax/net/ssl/templates
+ * @run main SSLEngineEmptyFragments
+ */
+import java.nio.ByteBuffer;
+import java.security.NoSuchAlgorithmException;
+import javax.net.ssl.*;
+
+public class SSLEngineEmptyFragments extends SSLContextTemplate {
+    private static final byte HANDSHAKE_TYPE = 22;
+    private static final byte ALERT_TYPE = 21;
+    private static final byte CHANGE_CIPHERSPEC_TYPE = 20;
+    private static final String TLSv12 = "TLSv1.2";
+    private static final String TLSv13 = "TLSv1.3";
+
+    private SSLEngine serverEngine;
+    private SSLEngine clientEngine;
+    private ByteBuffer clientIn;
+    private ByteBuffer serverIn;
+    private ByteBuffer clientToServer;
+    private ByteBuffer serverToClient;
+    private ByteBuffer clientOut;
+    private ByteBuffer serverOut;
+
+    private final String protocol;
+
+    public SSLEngineEmptyFragments(String protocol) {
+        this.protocol = protocol;
+    }
+
+    private void initialize() throws Exception {
+        initialize(null);
+    }
+
+    private void initialize(String [] protocols) throws Exception {
+        serverEngine = createServerSSLContext().createSSLEngine();
+        clientEngine = createClientSSLContext().createSSLEngine();
+
+        serverEngine.setUseClientMode(false);
+        clientEngine.setUseClientMode(true);
+
+        if (protocols != null) {
+            clientEngine.setEnabledProtocols(protocols);
+            serverEngine.setEnabledProtocols(protocols);
+        }
+
+        // do one legitimate handshake packet, then send a zero-length alert.
+        SSLSession session = clientEngine.getSession();
+        int appBufferMax = session.getApplicationBufferSize();
+        int netBufferMax = session.getPacketBufferSize();
+
+        // We'll make the input buffers a bit bigger than the max needed
+        // size, so that unwrap()s following a successful data transfer
+        // won't generate BUFFER_OVERFLOWS.
+        //
+        // We'll use a mix of direct and indirect ByteBuffers for
+        // tutorial purposes only.  In reality, only use direct
+        // ByteBuffers when they give a clear performance enhancement.
+        clientIn = ByteBuffer.allocate(appBufferMax + 50);
+        serverIn = ByteBuffer.allocate(appBufferMax + 50);
+
+        clientToServer = ByteBuffer.allocateDirect(netBufferMax);
+        serverToClient = ByteBuffer.allocateDirect(netBufferMax);
+
+        clientOut = ByteBuffer.wrap("Hi Server, I'm Client".getBytes());
+        serverOut = ByteBuffer.wrap("Hello Client, I'm Server".getBytes());
+    }
+
+    private void testAlertPacketNotHandshaking() throws Exception {
+        log("**** Empty alert packet/not handshaking");
+        initialize();
+
+        ByteBuffer alert = ByteBuffer.allocate(5);
+        alert.put(new byte[]{ALERT_TYPE, 3, 3, 0, 0});
+        alert.flip();
+
+        try {
+            unwrap(serverEngine, alert, serverIn);
+            throw new RuntimeException("Expected exception was not thrown.");
+        } catch (SSLHandshakeException exc) {
+            log("Got the exception I wanted.");
+        }
+    }
+
+    private void testAlertPacketMidHandshake() throws Exception {
+        log("**** Empty alert packet during handshake.");
+        initialize(new String[]{protocol});
+
+        wrap(clientEngine, clientOut, clientToServer);
+        runDelegatedTasks(clientEngine);
+        clientToServer.flip();
+
+        unwrap(serverEngine, clientToServer, serverIn);
+        runDelegatedTasks(serverEngine);
+
+        while(serverEngine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_WRAP) {
+            wrap(serverEngine, serverOut, serverToClient);
+            runDelegatedTasks(serverEngine);
+            serverToClient.flip();
+        }
+
+        ByteBuffer alert = ByteBuffer.allocate(5);
+        alert.put(new byte[]{ALERT_TYPE, 3, 3, 0, 0});
+        alert.flip();
+
+        try {
+            unwrap(serverEngine, alert, serverIn);
+            log("Server unwrap was successful when it should have failed.");
+            throw new RuntimeException("Expected exception was not thrown.");
+        } catch (SSLHandshakeException exc) {
+            log("Got the exception I wanted.");
+        }
+    }
+
+    private void testHandshakePacket() throws NoSuchAlgorithmException, SSLException {
+        log("**** Empty handshake package.");
+        SSLContext ctx = SSLContext.getDefault();
+        SSLEngine engine = ctx.createSSLEngine();
+        engine.setUseClientMode(false);
+
+        try {
+            ByteBuffer bb = ByteBuffer.allocate(5);
+            bb.put(new byte[]{HANDSHAKE_TYPE, 3, 3, 0, 0});
+            bb.flip();
+            ByteBuffer out = ByteBuffer.allocate(engine.getSession().getPacketBufferSize());
+            engine.unwrap(bb, out);
+            throw new RuntimeException("SSLEngine did not throw an exception for a zero-length fragment.");
+        } catch (SSLProtocolException exc) {
+            log("Received expected exception");
+        }
+    }
+
+    private void testEmptyChangeCipherSpec() throws Exception {
+        initialize(new String[]{protocol});
+
+        boolean foundCipherSpecMsg = false;
+        do {
+            log("Client wrap");
+            wrap(clientEngine, clientOut, clientToServer);
+            runDelegatedTasks(clientEngine);
+
+            if(clientToServer.get(0) == CHANGE_CIPHERSPEC_TYPE) {
+                foundCipherSpecMsg = true;
+                break;
+            }
+
+            log("server wrap");
+            wrap(serverEngine, serverOut, serverToClient);
+            runDelegatedTasks(serverEngine);
+
+            clientToServer.flip();
+            serverToClient.flip();
+
+            log("client unwrap");
+            unwrap(clientEngine, serverToClient, clientIn);
+            runDelegatedTasks(clientEngine);
+
+            log("server unwrap");
+            unwrap(serverEngine, clientToServer, serverIn);
+            runDelegatedTasks(serverEngine);
+
+            clientToServer.compact();
+            serverToClient.compact();
+        } while(clientEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED
+            && serverEngine.getHandshakeStatus() != SSLEngineResult.HandshakeStatus.FINISHED);
+
+        if (!foundCipherSpecMsg) {
+            // performed TLS handshaking but didn't catch change-cipherspec message.
+            throw new RuntimeException("Did not intercept ChangeCipherSpec message.");
+        }
+
+        ByteBuffer changeCipher = ByteBuffer.allocate(5);
+        changeCipher.put(new byte[]{CHANGE_CIPHERSPEC_TYPE, 3, 3, 0, 0});
+        changeCipher.flip();
+        try {
+            unwrap(serverEngine, changeCipher, serverIn);
+            throw new RuntimeException("Didn't get the expected SSL exception");
+        } catch (SSLProtocolException exc) {
+            log("Received expected exception.");
+        }
+    }
+
+    private SSLEngineResult wrap(SSLEngine engine, ByteBuffer src, ByteBuffer dst) throws SSLException {
+        SSLEngineResult result = engine.wrap(src, dst);
+        logEngineStatus(engine, result);
+        return result;
+    }
+
+    private SSLEngineResult unwrap(SSLEngine engine, ByteBuffer src, ByteBuffer dst) throws SSLException {
+        SSLEngineResult result = engine.unwrap(src, dst);
+        logEngineStatus(engine, result);
+        return result;
+    }
+
+    protected void runDelegatedTasks(SSLEngine engine) throws Exception {
+        if (engine.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_TASK) {
+            Runnable runnable;
+            while ((runnable = engine.getDelegatedTask()) != null) {
+                log("    running delegated task...");
+                runnable.run();
+            }
+            SSLEngineResult.HandshakeStatus hsStatus = engine.getHandshakeStatus();
+            if (hsStatus == SSLEngineResult.HandshakeStatus.NEED_TASK) {
+                throw new Exception(
+                        "handshake shouldn't need additional tasks");
+            }
+            logEngineStatus(engine);
+        }
+    }
+
+    private void logEngineStatus(SSLEngine engine) {
+        log("\tCurrent HS State: " + engine.getHandshakeStatus());
+        log("\tisInboundDone() : " + engine.isInboundDone());
+        log("\tisOutboundDone(): " + engine.isOutboundDone());
+    }
+
+    private void logEngineStatus(
+            SSLEngine engine, SSLEngineResult result) {
+        log("\tResult Status    : " + result.getStatus());
+        log("\tResult HS Status : " + result.getHandshakeStatus());
+        log("\tEngine HS Status : " + engine.getHandshakeStatus());
+        log("\tisInboundDone()  : " + engine.isInboundDone());
+        log("\tisOutboundDone() : " + engine.isOutboundDone());
+        log("\tMore Result      : " + result);
+    }
+
+    private void log(String message) {
+        System.err.println(message);
+    }
+
+    public static void main(String [] args) throws Exception {
+        SSLEngineEmptyFragments tests = new SSLEngineEmptyFragments(TLSv12);
+        tests.testHandshakePacket();
+        tests.testAlertPacketNotHandshaking();
+        tests.testAlertPacketMidHandshake();
+        tests.testEmptyChangeCipherSpec();
+
+        tests = new SSLEngineEmptyFragments(TLSv13);
+        tests.testHandshakePacket();
+        tests.testAlertPacketNotHandshaking();
+    }
+}
diff --git a/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketEmptyFragments.java b/test/jdk/sun/security/ssl/SSLSocketImpl/SSLSocketEmptyFragments.java
