From d873adf2a33864b3157caba94228aec23965d50b Mon Sep 17 00:00:00 2001 From: Norman Maurer Date: Wed, 8 Feb 2017 21:55:10 +0100 Subject: [PATCH] Allow to unwrap ByteBuffer > MAX_ENCRYPTED_PACKET_LENGTH Motivation: We should remove the restriction to only allow to call unwrap with a ByteBuffer[] whose cumulative length exceeds MAX_ENCRYPTED_PACKET_LENGTH. Modifications: Remove guard. Result: Fixes [#6335]. --- .../ssl/ReferenceCountedOpenSslEngine.java | 6 --- .../io/netty/handler/ssl/SSLEngineTest.java | 50 +++++++++++++++++++ 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java index 52535961fb..da6ed196aa 100644 --- a/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java +++ b/handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngine.java @@ -783,12 +783,6 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc return isOutboundDone() || isDestroyed() ? CLOSED_NOT_HANDSHAKING : NEED_WRAP_CLOSED; } - // protect against protocol overflow attack vector - if (len > MAX_ENCRYPTED_PACKET_LENGTH) { - shutdown(); - throw ENCRYPTED_PACKET_OVERSIZED; - } - SSLEngineResult.HandshakeStatus status = NOT_HANDSHAKING; // Prepare OpenSSL to work in server mode and receive handshake if (handshakeState != HandshakeState.FINISHED) { diff --git a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java index dd6071ec78..d872a2dfd8 100644 --- a/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java +++ b/handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java @@ -1696,6 +1696,56 @@ public abstract class SSLEngineTest { } } + @Test + public void testMultipleRecordsInOneBufferBiggerThenPacketBufferSize() throws Exception { + SelfSignedCertificate cert = new SelfSignedCertificate(); + + clientSslCtx = SslContextBuilder + .forClient() + .trustManager(cert.cert()) + .sslProvider(sslClientProvider()) + .build(); + SSLEngine client = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); + + serverSslCtx = SslContextBuilder + .forServer(cert.certificate(), cert.privateKey()) + .sslProvider(sslServerProvider()) + .build(); + SSLEngine server = serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT); + + try { + ByteBuffer plainClientOut = allocateBuffer(4096); + ByteBuffer plainServerOut = allocateBuffer(server.getSession().getApplicationBufferSize()); + + ByteBuffer encClientToServer = allocateBuffer(server.getSession().getPacketBufferSize() * 2); + + handshake(client, server); + + int srcLen = plainClientOut.remaining(); + SSLEngineResult result; + + while (encClientToServer.position() <= server.getSession().getPacketBufferSize()) { + result = client.wrap(plainClientOut, encClientToServer); + assertEquals(SSLEngineResult.Status.OK, result.getStatus()); + assertEquals(srcLen, result.bytesConsumed()); + assertTrue(result.bytesProduced() > 0); + + plainClientOut.clear(); + } + + encClientToServer.flip(); + + result = server.unwrap(encClientToServer, plainServerOut); + assertEquals(SSLEngineResult.Status.OK, result.getStatus()); + assertTrue(result.bytesConsumed() > 0); + assertTrue(result.bytesProduced() > 0); + } finally { + cert.delete(); + cleanupClientSslEngine(client); + cleanupServerSslEngine(server); + } + } + @Test public void testBufferUnderFlow() throws Exception { SelfSignedCertificate cert = new SelfSignedCertificate();