8232581: Improve TLS verification

Reviewed-by: xuelei, rhalade, mschoene
2025-08-28 15:24:43 +02:00 · 2019-10-30 13:15:21 -07:00 · 2019-10-30 13:15:21 -07:00 · 740e70ba17
commit 740e70ba17
parent e6304dcaad
3 changed files with 19 additions and 3 deletions
--- a/src/java.base/share/classes/sun/security/ssl/Alert.java
+++ b/src/java.base/share/classes/sun/security/ssl/Alert.java
@ -265,7 +265,7 @@ enum Alert {
                    // It's OK to get a no_certificate alert from a client of
                    // which we requested client authentication.  However,
                    // if we required it, then this is not acceptable.
-                     if (tc.sslConfig.isClientMode ||
+                    if (tc.sslConfig.isClientMode ||
                            alert != Alert.NO_CERTIFICATE ||
                            (tc.sslConfig.clientAuthType !=
                                    ClientAuthType.CLIENT_AUTH_REQUESTED)) {
@ -273,8 +273,10 @@ enum Alert {
                            "received handshake warning: " + alert.description);
                    } else {
                        // Otherwise ignore the warning but remove the
-                        // CertificateVerify handshake consumer so the state
-                        // machine doesn't expect it.
+                        // Certificate and CertificateVerify handshake
+                        // consumer so the state machine doesn't expect it.
+                        tc.handshakeContext.handshakeConsumers.remove(
+                                SSLHandshake.CERTIFICATE.id);
                        tc.handshakeContext.handshakeConsumers.remove(
                                SSLHandshake.CERTIFICATE_VERIFY.id);
                    }
--- a/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
+++ b/src/java.base/share/classes/sun/security/ssl/ClientKeyExchange.java
@ -90,6 +90,16 @@ final class ClientKeyExchange {
            ServerHandshakeContext shc = (ServerHandshakeContext)context;
            // clean up this consumer
            shc.handshakeConsumers.remove(SSLHandshake.CLIENT_KEY_EXCHANGE.id);
+
+            // Check for an unprocessed client Certificate message.  If that
+            // handshake consumer is still present then that expected message
+            // was not sent.
+            if (shc.handshakeConsumers.containsKey(
+                    SSLHandshake.CERTIFICATE.id)) {
+                throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
+                        "Unexpected ClientKeyExchange handshake message.");
+            }
+
            SSLKeyExchange ke = SSLKeyExchange.valueOf(
                    shc.negotiatedCipherSuite.keyExchange,
                    shc.negotiatedProtocol);
--- a/src/java.base/share/classes/sun/security/ssl/Finished.java
+++ b/src/java.base/share/classes/sun/security/ssl/Finished.java
@ -897,6 +897,8 @@ final class Finished {
            // has been received and processed.
            if (!chc.isResumption) {
                if (chc.handshakeConsumers.containsKey(
+                        SSLHandshake.CERTIFICATE.id) ||
+                    chc.handshakeConsumers.containsKey(
                        SSLHandshake.CERTIFICATE_VERIFY.id)) {
                    throw chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                            "Unexpected Finished handshake message");
@ -1029,6 +1031,8 @@ final class Finished {
            // has been received and processed.
            if (!shc.isResumption) {
                if (shc.handshakeConsumers.containsKey(
+                        SSLHandshake.CERTIFICATE.id) ||
+                    shc.handshakeConsumers.containsKey(
                        SSLHandshake.CERTIFICATE_VERIFY.id)) {
                    throw shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE,
                            "Unexpected Finished handshake message");