8228757: Fail fast if the handshake type is unknown

Reviewed-by: jnimeh

src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java

@@ -359,7 +359,19 @@ final class DTLSInputRecord extends InputRecord implements DTLSRecord {
             return null;
         }
 
+        // Fail fast for unknown handshake message.
         byte handshakeType = plaintextFragment.get();       // pos: 0
+        if (!SSLHandshake.isKnown(handshakeType)) {
+            if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
+                SSLLogger.fine("Discard invalid record: " +
+                        "unknown handshake type size, Handshake.msg_type = " +
+                        (handshakeType & 0xFF));
+            }
+
+            // invalid, discard this record [section 4.1.2.7, RFC 6347]
+            return null;
+        }
+
         int messageLength =
                 ((plaintextFragment.get() & 0xFF) << 16) |
                 ((plaintextFragment.get() & 0xFF) << 8) |

src/java.base/share/classes/sun/security/ssl/SSLEngineInputRecord.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -287,8 +287,15 @@ final class SSLEngineInputRecord extends InputRecord implements SSLRecord {
                 }
 
                 handshakeFrag.mark();
-                // skip the first byte: handshake type
+
+                // Fail fast for unknown handshake message.
                 byte handshakeType = handshakeFrag.get();
+                if (!SSLHandshake.isKnown(handshakeType)) {
+                    throw new SSLProtocolException(
+                        "Unknown handshake type size, Handshake.msg_type = " +
+                        (handshakeType & 0xFF));
+                }
+
                 int handshakeBodyLen = Record.getInt24(handshakeFrag);
                 handshakeFrag.reset();
                 int handshakeMessageLen =

src/java.base/share/classes/sun/security/ssl/SSLHandshake.java

@@ -497,6 +497,16 @@ enum SSLHandshake implements SSLConsumer, HandshakeProducer {
         return "UNKNOWN-HANDSHAKE-MESSAGE(" + id + ")";
     }
 
+    static boolean isKnown(byte id) {
+        for (SSLHandshake hs : SSLHandshake.values()) {
+            if (hs.id == id && id != NOT_APPLICABLE.id) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
     static final void kickstart(HandshakeContext context) throws IOException {
         if (context instanceof ClientHandshakeContext) {
             // For initial handshaking, including session resumption,

src/java.base/share/classes/sun/security/ssl/SSLSocketInputRecord.java

@@ -302,8 +302,15 @@ final class SSLSocketInputRecord extends InputRecord implements SSLRecord {
                 }
 
                 handshakeFrag.mark();
-                // skip the first byte: handshake type
+
+                // Fail fast for unknown handshake message.
                 byte handshakeType = handshakeFrag.get();
+                if (!SSLHandshake.isKnown(handshakeType)) {
+                    throw new SSLProtocolException(
+                        "Unknown handshake type size, Handshake.msg_type = " +
+                        (handshakeType & 0xFF));
+                }
+
                 int handshakeBodyLen = Record.getInt24(handshakeFrag);
                 handshakeFrag.reset();
                 int handshakeMessageLen =