From 20befbc3683eb7b0d766e87beb26a7de375285db Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Thu, 19 Dec 2024 15:43:49 +0100 Subject: [PATCH 1/2] Added check for legacy DHE keys (for cipher suites using keys less than 1024 bits) --- .../wolfssl/provider/jsse/WolfSSLEngine.java | 8 ++- .../provider/jsse/WolfSSLEngineHelper.java | 52 ++++++++++++++++++- .../provider/jsse/WolfSSLServerSocket.java | 1 + .../wolfssl/provider/jsse/WolfSSLSocket.java | 6 ++- 4 files changed, 64 insertions(+), 3 deletions(-) diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java index 368a3dd5..8091c293 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java @@ -1552,7 +1552,13 @@ else if (!this.needInit && !this.handshakeFinished) { try { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "calling engineHelper.doHandshake()"); - int ret = this.engineHelper.doHandshake(1, 0); + + int ret; + try { + ret = this.engineHelper.doHandshake(1, 0); + } catch (WolfSSLException e) { + throw new SSLException("Handshake failed: " + e.getMessage(), e); + } SetHandshakeStatus(ret); /* Mark that the user has explicitly started the handshake diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index 5a31cf8a..83caa312 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -1255,9 +1255,11 @@ private void initHandshakeInternal(SSLSocket socket, SSLEngine engine) * @throws SSLException if setUseClientMode() has not been called or * on native socket error * @throws SocketTimeoutException if socket timed out + * + * @throws WolfSSLException if it fails to check the DH key size after the handshake. */ protected synchronized int doHandshake(int isSSLEngine, int timeout) - throws SSLException, SocketTimeoutException { + throws SSLException, SocketTimeoutException, WolfSSLException { int ret, err; byte[] serverId = null; @@ -1343,10 +1345,13 @@ else if (peerAddr != null) { /* may throw SocketTimeoutException on socket timeout */ ret = this.ssl.connect(timeout); + checkKeySize(ssl, this.clientMode); } else { WolfSSLDebug.log(getClass(), WolfSSLDebug.INFO, "calling native wolfSSL_accept()"); ret = this.ssl.accept(timeout); + + checkKeySize(ssl, this.clientMode); } err = ssl.getError(ret); @@ -1369,6 +1374,51 @@ else if (peerAddr != null) { return ret; } + private void checkKeySize(WolfSSLSession ssl, boolean clientMode) throws SSLException, WolfSSLException { + int keySize = this.ssl.getKeySize(); + + // Before we update the cached values, and return from the handshake, we + // check if we are running a legacy cipher suite, if so, we make sure + // that the actual key size is at least 1024 bits. + String[] cipherSuites = getCiphers(); + + if (containsDHECiphers(cipherSuites)) { + // Get the minimum DH key size from security settings + int minDHEKeySize; + try { + minDHEKeySize = WolfSSLUtil.getDisabledAlgorithmsKeySizeLimit("DH"); + + // If we're trying to use DHE with insufficient key size, throw early + if (isLegacyDHEnabled() && keySize < minDHEKeySize) { + if (clientMode) { + throw new SSLHandshakeException( + "DH ServerKeyExchange does not comply to algorithm constraints"); + } else { + throw new SSLHandshakeException( + "Received fatal alert: insufficient_security"); + } + } + } catch (WolfSSLException e) { + throw new WolfSSLException("Failed to check DH key size constraints: ", e); + } + } + } + + private boolean containsDHECiphers(String[] cipherSuites) { + for (String suite : cipherSuites) { + if (suite.contains("_DHE_")) { + return true; + } + } + return false; + } + + private boolean isLegacyDHEnabled() { + // Check if legacy DH is enabled through system properties + String dhKeySize = System.getProperty("jdk.tls.ephemeralDHKeySize"); + return "legacy".equals(dhKeySize); + } + /** * Unset the native verify callback and reset internal verify * callback state. diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java index a1efd043..6deb696d 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLServerSocket.java @@ -240,6 +240,7 @@ synchronized public void setEnabledProtocols(String[] protocols) /* sanitize protocol array for unsupported strings */ List supported; + supported = Arrays.asList( WolfSSLUtil.sanitizeProtocols(WolfSSL.getProtocols())); diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java index d6eea669..f30532ab 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java @@ -1572,7 +1572,11 @@ public synchronized void startHandshake() throws IOException { err + ", TID " + Thread.currentThread().getId() + ")"); close(); throw e; - } + } catch (WolfSSLException e) { + /* close socket if the handshake is unsuccessful */ + close(); + throw new SSLException("Handshake failed: " + e.getMessage(), e); + } if (ret != WolfSSL.SSL_SUCCESS) { close(); From 967f75e84b5062198af19c987c96f8d0bee2bdda Mon Sep 17 00:00:00 2001 From: Reda Chouk Date: Mon, 23 Dec 2024 23:37:16 +0100 Subject: [PATCH 2/2] Proper styling for comments to match code standards (WolfSSLEngineHelper.java) and fixed identation (WolfSSLSocket.java) --- .../provider/jsse/WolfSSLEngineHelper.java | 16 ++++++++++------ .../com/wolfssl/provider/jsse/WolfSSLSocket.java | 4 ++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java index 83caa312..2b433189 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java @@ -1377,18 +1377,22 @@ else if (peerAddr != null) { private void checkKeySize(WolfSSLSession ssl, boolean clientMode) throws SSLException, WolfSSLException { int keySize = this.ssl.getKeySize(); - // Before we update the cached values, and return from the handshake, we - // check if we are running a legacy cipher suite, if so, we make sure - // that the actual key size is at least 1024 bits. + /* + * Before we update the cached values, and return from the handshake, + * we check if we are running a legacy cipher suite, if so, we make sure + * that the actual key size is at least 1024 bits. + */ String[] cipherSuites = getCiphers(); if (containsDHECiphers(cipherSuites)) { - // Get the minimum DH key size from security settings + /* Get the minimum DH key size from security settings. */ int minDHEKeySize; try { minDHEKeySize = WolfSSLUtil.getDisabledAlgorithmsKeySizeLimit("DH"); - // If we're trying to use DHE with insufficient key size, throw early + /* + * If we're trying to use DHE with + * insufficient key size, throw early. */ if (isLegacyDHEnabled() && keySize < minDHEKeySize) { if (clientMode) { throw new SSLHandshakeException( @@ -1414,7 +1418,7 @@ private boolean containsDHECiphers(String[] cipherSuites) { } private boolean isLegacyDHEnabled() { - // Check if legacy DH is enabled through system properties + /* Check if legacy DH is enabled through system properties. */ String dhKeySize = System.getProperty("jdk.tls.ephemeralDHKeySize"); return "legacy".equals(dhKeySize); } diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java index f30532ab..12b83256 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLSocket.java @@ -1573,10 +1573,10 @@ public synchronized void startHandshake() throws IOException { close(); throw e; } catch (WolfSSLException e) { - /* close socket if the handshake is unsuccessful */ + /* close socket if the handshake is unsuccessful */ close(); throw new SSLException("Handshake failed: " + e.getMessage(), e); - } + } if (ret != WolfSSL.SSL_SUCCESS) { close();