1 /*
2 * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8148421 8193683
32 * @summary Transport Layer Security (TLS) Session Hash and Extended
33 * Master Secret Extension
34 * @summary Increase the number of clones in the CloneableDigest
35 * @library /javax/net/ssl/templates
36 * @compile DigestBase.java
37 * @run main/othervm HandshakeHashCloneExhaustion
38 * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
39 * @run main/othervm HandshakeHashCloneExhaustion
40 * TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
41 */
42
43 import java.io.InputStream;
44 import java.io.OutputStream;
45 import java.security.MessageDigest;
46 import java.security.Security;
47 import javax.net.ssl.SSLSocket;
48
49 public class HandshakeHashCloneExhaustion extends SSLSocketTemplate {
50
51 private static String[] protocol;
52 private static String[] ciphersuite;
53 private static String[] mds = { "SHA", "MD5", "SHA-256" };
54
55 /*
60 // Add in a non-cloneable MD5/SHA1/SHA-256 implementation
61 Security.insertProviderAt(new MyProvider(), 1);
62 // make sure our provider is functioning
63 for (String s : mds) {
64 MessageDigest md = MessageDigest.getInstance(s);
65 String p = md.getProvider().getName();
66 if (!p.equals("MyProvider")) {
67 throw new RuntimeException("Unexpected provider: " + p);
68 }
69 }
70
71 if (args.length != 2) {
72 throw new Exception(
73 "Usage: HandshakeHashCloneExhaustion protocol ciphersuite");
74 }
75
76 System.out.println("Testing: " + args[0] + " " + args[1]);
77 protocol = new String [] { args[0] };
78 ciphersuite = new String[] { args[1] };
79
80 (new HandshakeHashCloneExhaustion()).run();
81 }
82
83 @Override
84 protected void runServerApplication(SSLSocket socket) throws Exception {
85 socket.setNeedClientAuth(true);
86 socket.setEnabledProtocols(protocol);
87 socket.setEnabledCipherSuites(ciphersuite);
88
89 // here comes the test logic
90 InputStream sslIS = socket.getInputStream();
91 OutputStream sslOS = socket.getOutputStream();
92
93 sslIS.read();
94 sslOS.write(85);
95 sslOS.flush();
96 }
97
98 @Override
99 protected void runClientApplication(SSLSocket socket) throws Exception {
|
1 /*
2 * Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 //
25 // Please run in othervm mode. SunJSSE does not support dynamic system
26 // properties, no way to re-use system properties in samevm/agentvm mode.
27 //
28
29 /*
30 * @test
31 * @bug 8148421 8193683
32 * @summary Transport Layer Security (TLS) Session Hash and Extended
33 * Master Secret Extension
34 * @summary Increase the number of clones in the CloneableDigest
35 * @library /javax/net/ssl/templates
36 * @library /lib/security
37 * @compile DigestBase.java
38 * @run main/othervm HandshakeHashCloneExhaustion
39 * TLSv1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
40 * @run main/othervm HandshakeHashCloneExhaustion
41 * TLSv1.1 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
42 */
43
44 import java.io.InputStream;
45 import java.io.OutputStream;
46 import java.security.MessageDigest;
47 import java.security.Security;
48 import javax.net.ssl.SSLSocket;
49
50 public class HandshakeHashCloneExhaustion extends SSLSocketTemplate {
51
52 private static String[] protocol;
53 private static String[] ciphersuite;
54 private static String[] mds = { "SHA", "MD5", "SHA-256" };
55
56 /*
61 // Add in a non-cloneable MD5/SHA1/SHA-256 implementation
62 Security.insertProviderAt(new MyProvider(), 1);
63 // make sure our provider is functioning
64 for (String s : mds) {
65 MessageDigest md = MessageDigest.getInstance(s);
66 String p = md.getProvider().getName();
67 if (!p.equals("MyProvider")) {
68 throw new RuntimeException("Unexpected provider: " + p);
69 }
70 }
71
72 if (args.length != 2) {
73 throw new Exception(
74 "Usage: HandshakeHashCloneExhaustion protocol ciphersuite");
75 }
76
77 System.out.println("Testing: " + args[0] + " " + args[1]);
78 protocol = new String [] { args[0] };
79 ciphersuite = new String[] { args[1] };
80
81 // Re-enable TLSv1.1 when test depends on it.
82 if (protocol[0].equals("TLSv1.1")) {
83 SecurityUtils.removeFromDisabledTlsAlgs(protocol[0]);
84 }
85 (new HandshakeHashCloneExhaustion()).run();
86 }
87
88 @Override
89 protected void runServerApplication(SSLSocket socket) throws Exception {
90 socket.setNeedClientAuth(true);
91 socket.setEnabledProtocols(protocol);
92 socket.setEnabledCipherSuites(ciphersuite);
93
94 // here comes the test logic
95 InputStream sslIS = socket.getInputStream();
96 OutputStream sslOS = socket.getOutputStream();
97
98 sslIS.read();
99 sslOS.write(85);
100 sslOS.flush();
101 }
102
103 @Override
104 protected void runClientApplication(SSLSocket socket) throws Exception {
|