jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java
Print this page
rev 5680 : 7192393: Better Checking of order of TLS Messages
Summary: Also reviewed by Andrew Gross<Andrew.Gross@Oracle.COM>
Reviewed-by: weijun
@@ -148,11 +148,11 @@
throws IOException {
//
// In SSLv3 and TLS, messages follow strictly increasing
// numerical order _except_ for one annoying special case.
//
- if ((state > type)
+ if ((state >= type)
&& (state != HandshakeMessage.ht_client_key_exchange
&& type != HandshakeMessage.ht_certificate_verify)) {
throw new SSLProtocolException(
"Handshake message sequence violation, state = " + state
+ ", type = " + type);
@@ -248,19 +248,21 @@
throw new SSLProtocolException(
"Illegal server handshake msg, " + type);
}
//
- // Move the state machine forward except for that annoying
- // special case. This means that clients could send extra
- // cert verify messages; not a problem so long as all of
- // them actually check out.
+ // Move state machine forward if the message handling
+ // code didn't already do so
//
- if (state < type && type != HandshakeMessage.ht_certificate_verify) {
+ if (state < type) {
+ if(type == HandshakeMessage.ht_certificate_verify) {
+ state = type + 2; // an annoying special case
+ } else {
state = type;
}
}
+ }
/*
* ClientHello presents the server with a bunch of options, to which the
* server replies with a ServerHello listing the ones which this session
@@ -1361,11 +1363,11 @@
throws IOException {
if (debug != null && Debug.isOn("handshake")) {
mesg.print(System.out);
}
- return dh.getAgreedSecret(mesg.getClientPublicKey());
+ return dh.getAgreedSecret(mesg.getClientPublicKey(), false);
}
private SecretKey clientKeyExchange(ECDHClientKeyExchange mesg)
throws IOException {