JDK-8193783 : Late calls to server setNeedClientAuth not updating HandshakeHash pool
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.net.ssl
  • Priority: P2
  • Status: Closed
  • Resolution: Not an Issue
  • Submitted: 2017-12-19
  • Updated: 2020-03-17
  • Resolved: 2020-03-17
Related Reports
Relates :  
JDK-8193683 - Increase the number of clones in the CloneableDigest
Description
This is a followup to JDK-8193683.  

There is a bug currently in the way ServerHandshakers creates HandshakeHashes.  If we do the following valid API pattern:

    SSLServerSocket sslServerSocket =
        (SSLServerSocket) sslssf.createServerSocket(serverPort);
    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();

    // This is *AFTER* a SSLSocketImpl was created!!!
    sslSocket.setNeedClientAuth(true);

    InputStream sslIS = sslSocket.getInputStream();
    sslIS.read();

The SSLSocketImpl is initialized with no clientauth required, which creates a ServerHandshaker with no auth, which creates a HandshakeHash(false), which only creates 3 clones.  Now return to the app's setNeedClientAuth call, which updates the ServerHandshaker to require the client auth, but it doesn't update HandshakeHash to now require 4 digests.

Actually, this bug could be updated to better calculate the exact number of HandshakeHash clones that are needed.  

 102     /**
 103      * Create a new HandshakeHash. 
 104      * The number of necessary digest clones is calculated in Handshaker
 105      */
 106     HandshakeHash(int numDigests) {
 107         clonesNeeded = numDigests;
 108     }

 228         try {
 229             finMD = CloneableDigest.getDigest(normalizeAlgName(s), 4);
 230         } catch (NoSuchAlgorithmException e) {
 231             throw new Error(e);
 232         }

and in Handshaker.java

 555         // We accumulate digests of the handshake messages so that
 556         // we can read/write CertificateVerify and Finished messages,
 557         // getting assurance against some particular active attacks.
 558         int numDigests = 2;
 559         if (needCertVerify) {
 560             numDigests++;
 561         }
 562         if (useExtendedMasterSecret) {
 563             numDigests++;
 564         }
 565         handshakeHash = new HandshakeHash(numDigests);

Note that this code also needs a way to update the HandshakeHash if clientAuth is turned on after the Handshaker has been created.
Comments
Per the bug description and creation time, it sound like an bug in the old code, before TLS 1.3 implementation. I would like close it as we are now on TLS 1.3 code base now.
17-03-2020