Code Review Request: CR 6976118, version number tolerance in the PreMasterSecret

Xuelei Fan xuelei.fan at oracle.com
Thu Dec 30 14:28:52 UTC 2010 

On 12/30/2010 10:06 PM, Weijun Wang wrote:
> 
> 
> On 12/30/2010 06:07 PM, Xuelei Fan wrote:
>> On 12/30/2010 9:39 AM, Weijun Wang wrote:
>>> Hi Xuelei
>>>
>>> Are you sure these 3 files all need to be changed? Hopefully you can
>>> change as few as possible.
>>>
>> Yes, we need to change all 3 files. As we discussed before, we'd better
>> to check the version number attack in all 3 files, see the comments
>> around line 1090 of Handshaker.java:
> 
> If you're sure that if any one of these 3 files is not updated, and IE
> has a problem accessing JSSE server, I'm OK with the webrev.
> 
I have to say that we only need to modify one file to tolerate the IE
issue that we know for now (at least for the default provider). What we
do not know is what's the behaviors of MS implementation for Kerberos or
other actions, and what the other providers implementation. I think even
if we have allowed such behaviors (to tolerate the illegal version
number), we should do it consistently across our implementation.

> Still, I somehow wish only one change will do, say, when
> ClientKeyExchange message is received, you secretly modify something
> inside.
I can understand when one such message is received, we modify one place
inside. But it does not means we only need to update ONE file. For RSA,
we need to modify one place in one file (RSA implementation); for KRB5,
we need to modify another place in another file (KRB5 implementation);
for 3rd party's provider, we need to ensure it is modified in the 3rd
place in the 3rd file. Does it make sense to you?

Thanks,
Xuelei

> Of course, if this makes HandshakeHash computing error or any
> other inconvenience/confusing, don't do it.
> 
> Thanks
> Max
> 
> 
>>
>>    // we have checked the ClientKeyExchange message when reading TLS
>>    // record, the following check is necessary to ensure that
>>    // JCE provider does not ignore the checking, or the previous
>>    // checking process bypassed the premaster secret version checking.
>>
>>
>>> Also, the message name is not "PreMasterSecret message". I know it
>>> should be "ClientKeyExchange" for RSAClientKeyExchange.java.
>>>
>> OK, I change the word to "... version number of PreMasterSecret in a
>> ClientKeyExchange".
>>
>>> and, "tolerate" is the verb, "tolerant" is an adjective.
>>>
>> Good.
>>
>> webrev updated: http://cr.openjdk.java.net/~xuelei/6976118/webrev.01/
>>
>> Thanks,
>> Xuelei
>>
>>> Thanks
>>> Max
>>>
>>>
>>> On 12/27/2010 05:46 PM, Xuelei Fan wrote:
>>>> Hi Weijun,
>>>>
>>>> A simple fix for version number tolerance.
>>>>
>>>> webrev: http://cr.openjdk.java.net/~xuelei/6976118/webrev.00/
>>>>
>>>> Thanks,
>>>> Xuelei
>>

More information about the security-dev mailing list