1 /*
2 * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8148421 8193683 8234728
32 * @summary Transport Layer Security (TLS) Session Hash and Extended
33 * Master Secret Extension
34 * @summary Increase the number of clones in the CloneableDigest
35 * @library /javax/net/ssl/templates
36 * @compile DigestBase.java
37 * @run main/othervm -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
38 * HandshakeHashCloneExhaustion TLSv1.3 TLS_AES_128_GCM_SHA256
39 * @run main/othervm HandshakeHashCloneExhaustion
40 * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
41 * @run main/othervm HandshakeHashCloneExhaustion
42 * TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
43 */
44
45 import java.io.InputStream;
46 import java.io.OutputStream;
47 import java.security.MessageDigest;
48 import java.security.Security;
49 import javax.net.ssl.SSLSocket;
50
51 public class HandshakeHashCloneExhaustion extends SSLSocketTemplate {
52
53 private static String[] protocol;
54 private static String[] ciphersuite;
55 private static String[] mds = { "SHA", "MD5", "SHA-256" };
62 // Add in a non-cloneable MD5/SHA1/SHA-256 implementation
63 Security.insertProviderAt(new MyProvider(), 1);
64 // make sure our provider is functioning
65 for (String s : mds) {
66 MessageDigest md = MessageDigest.getInstance(s);
67 String p = md.getProvider().getName();
68 if (!p.equals("MyProvider")) {
69 throw new RuntimeException("Unexpected provider: " + p);
70 }
71 }
72
73 if (args.length != 2) {
74 throw new Exception(
75 "Usage: HandshakeHashCloneExhaustion protocol ciphersuite");
76 }
77
78 System.out.println("Testing: " + args[0] + " " + args[1]);
79 protocol = new String [] { args[0] };
80 ciphersuite = new String[] { args[1] };
81
82 (new HandshakeHashCloneExhaustion()).run();
83 }
84
85 @Override
86 protected void runServerApplication(SSLSocket socket) throws Exception {
87 socket.setNeedClientAuth(true);
88 socket.setEnabledProtocols(protocol);
89 socket.setEnabledCipherSuites(ciphersuite);
90
91 // here comes the test logic
92 InputStream sslIS = socket.getInputStream();
93 OutputStream sslOS = socket.getOutputStream();
94
95 sslIS.read();
96 sslOS.write(85);
97 sslOS.flush();
98 }
99
100 @Override
101 protected void runClientApplication(SSLSocket socket) throws Exception {
|
1 /*
2 * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8148421 8193683 8234728
32 * @summary Transport Layer Security (TLS) Session Hash and Extended
33 * Master Secret Extension
34 * @summary Increase the number of clones in the CloneableDigest
35 * @library /javax/net/ssl/templates
36 * @library /lib/security
37 * @compile DigestBase.java
38 * @run main/othervm -Djdk.tls.client.protocols="TLSv1.3,TLSv1.2,TLSv1.1,TLSv1,SSLv3"
39 * HandshakeHashCloneExhaustion TLSv1.3 TLS_AES_128_GCM_SHA256
40 * @run main/othervm HandshakeHashCloneExhaustion
41 * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
42 * @run main/othervm HandshakeHashCloneExhaustion
43 * TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
44 */
45
46 import java.io.InputStream;
47 import java.io.OutputStream;
48 import java.security.MessageDigest;
49 import java.security.Security;
50 import javax.net.ssl.SSLSocket;
51
52 public class HandshakeHashCloneExhaustion extends SSLSocketTemplate {
53
54 private static String[] protocol;
55 private static String[] ciphersuite;
56 private static String[] mds = { "SHA", "MD5", "SHA-256" };
63 // Add in a non-cloneable MD5/SHA1/SHA-256 implementation
64 Security.insertProviderAt(new MyProvider(), 1);
65 // make sure our provider is functioning
66 for (String s : mds) {
67 MessageDigest md = MessageDigest.getInstance(s);
68 String p = md.getProvider().getName();
69 if (!p.equals("MyProvider")) {
70 throw new RuntimeException("Unexpected provider: " + p);
71 }
72 }
73
74 if (args.length != 2) {
75 throw new Exception(
76 "Usage: HandshakeHashCloneExhaustion protocol ciphersuite");
77 }
78
79 System.out.println("Testing: " + args[0] + " " + args[1]);
80 protocol = new String [] { args[0] };
81 ciphersuite = new String[] { args[1] };
82
83 // Re-enable TLSv1.1 when test depends on it.
84 if (protocol[0].equals("TLSv1.1")) {
85 SecurityUtils.removeFromDisabledTlsAlgs(protocol[0]);
86 }
87 (new HandshakeHashCloneExhaustion()).run();
88 }
89
90 @Override
91 protected void runServerApplication(SSLSocket socket) throws Exception {
92 socket.setNeedClientAuth(true);
93 socket.setEnabledProtocols(protocol);
94 socket.setEnabledCipherSuites(ciphersuite);
95
96 // here comes the test logic
97 InputStream sslIS = socket.getInputStream();
98 OutputStream sslOS = socket.getOutputStream();
99
100 sslIS.read();
101 sslOS.write(85);
102 sslOS.flush();
103 }
104
105 @Override
106 protected void runClientApplication(SSLSocket socket) throws Exception {
|