Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8215712

Parsing extension failure may alert decode_error

    Details

      Description

      If JSSE server fails on parsing extension, a unexpected_message error is alerted.
      javax.net.ssl|DEBUG|01|main|2018-12-20 21:26:54.871 CST|ClientHello.java:809|Consuming ClientHello handshake message (
      "ClientHello": {
        "client version" : "TLSv1.2",
        "random" : "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00",
        "session id" : "C2 85 94 0A 66 43 62 11 E2 39 CE 64 BF 9C A9 E0 89 77 F5 3F BF 1D 22 85 00 C2 05 43 59 43 76 44",
        "cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
        "compression methods" : "00",
        "extensions" : [
          "key_share (51)": {
            Invalid key_share extension: insufficient data (length=0)
          },
          "supported_versions (43)": {
            "versions": [TLSv1.3, TLSv1.2]
          },
          "supported_groups (10)": {
            "versions": [secp256r1]
          },
          "psk_key_exchange_modes (45)": {
            "ke_modes": [psk_ke, psk_dhe_ke]
          },
          "signature_algorithms (13)": {
            "signature schemes": [rsa_pss_rsae_sha256, rsa_pss_pss_sha256]
          },
          "signature_algorithms_cert (50)": {
            "signature schemes": [rsa_pkcs1_sha512, rsa_pkcs1_sha384, rsa_pkcs1_sha256, rsa_sha224, rsa_pkcs1_sha1, rsa_md5, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512]
          }
        ]
      }
      )
      ... ...
      javax.net.ssl|ERROR|01|main|2018-12-20 21:26:54.877 CST|TransportContext.java:312|Fatal (UNEXPECTED_MESSAGE): Invalid key_share extension: insufficient data (length=0) (
      "throwable" : {
        javax.net.ssl.SSLProtocolException: Invalid key_share extension: insufficient data (length=0)
         at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareSpec.<init>(KeyShareExtension.java:155)
         at java.base/sun.security.ssl.KeyShareExtension$CHKeyShareConsumer.consume(KeyShareExtension.java:338)
         at java.base/sun.security.ssl.SSLExtension.consumeOnLoad(SSLExtension.java:542)
         at java.base/sun.security.ssl.SSLExtensions.consumeOnLoad(SSLExtensions.java:186)
         at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1155)
         at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:852)
         at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:813)
         at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
         at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441)
         at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:419)
         at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:177)
         at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
         at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1180)
         at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1091)
         at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
         at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:721)
         at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:804)
         at java.base/java.io.InputStream.read(InputStream.java:213)
         at SimpleJSSEServer.readIn(SimpleJSSEServer.java:37)
         at SimpleJSSEServer.main(SimpleJSSEServer.java:24)}

      )

      Although the message is out of expect, the root cause is checking the message length failed [1]. It would be better to alert decode_error.

      In RFC 8446 section 6.2,
      decode_error: A message could not be decoded because some field was out of the specified range or the length of the message was incorrect. This alert is used for errors where the message does not conform to the formal protocol syntax. This alert should never be observed in communication between proper implementations, except when messages were corrupted in the network.

      [1] http://hg.openjdk.java.net/jdk/jdk/file/22295070fcd3/src/java.base/share/classes/sun/security/ssl/KeyShareExtension.java#l152

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xuelei Xue-Lei Fan
                Reporter:
                jjiang John Jiang
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: