[PING] RE: [8u] RFR: 8214418 half-closed SSLEngine status may cause application dead loop
kiriyama.takuya at fujitsu.com
kiriyama.takuya at fujitsu.com
Fri Jun 25 11:52:11 UTC 2021
Hi Andrew,
I understand you are occupied,
but I would appreciate it if you would update me on this matter.
Regards,
Takuya Kiriyama
-----Original Message-----
From: Kiriyama, Takuya/桐山 卓弥
Sent: Thursday, June 10, 2021 5:50 PM
To: 'Andrew Hughes' <gnu.andrew at redhat.com>
Cc: 'jdk8u-dev at openjdk.java.net' <jdk8u-dev at openjdk.java.net>
Subject: RE: [PING] RE: [8u] RFR: 8214418 half-closed SSLEngine status may cause application dead loop
Hi Andrew,
Thank you for your reply.
> Please post the patch for review and I can handle the JBS side for you.
Please consider the following code:
diff -r -u a/src/share/classes/sun/security/ssl/Ciphertext.java b/src/share/classes/sun/security/ssl/Ciphertext.java
--- a/src/share/classes/sun/security/ssl/Ciphertext.java 2021-06-09 21:26:26.762180800 +0900
+++ b/src/share/classes/sun/security/ssl/Ciphertext.java 2021-06-10 09:00:33.660574600 +0900
@@ -31,7 +31,6 @@
* Ciphertext
*/
final class Ciphertext {
- static final Ciphertext CIPHERTEXT_NULL = new Ciphertext();
final byte contentType;
final byte handshakeType;
diff -r -u a/src/share/classes/sun/security/ssl/SSLEngineImpl.java b/src/share/classes/sun/security/ssl/SSLEngineImpl.java
--- a/src/share/classes/sun/security/ssl/SSLEngineImpl.java 2021-06-09 21:26:26.763148800 +0900
+++ b/src/share/classes/sun/security/ssl/SSLEngineImpl.java 2021-06-10 09:19:42.665488000 +0900
@@ -227,6 +227,19 @@
hsStatus = ciphertext.handshakeStatus;
} else {
hsStatus = getHandshakeStatus();
+ if (ciphertext == null && !conContext.isNegotiated &&
+ conContext.isInboundClosed() &&
+ hsStatus == HandshakeStatus.NEED_WRAP) {
+ // Even the outboud is open, no futher data could be wrapped as:
+ // 1. the outbound is empty
+ // 2. no negotiated connection
+ // 3. the inbound has closed, cannot complete the handshake
+ //
+ // Mark the engine as closed if the handshake status is
+ // NEED_WRAP. Otherwise, it could lead to dead loops in
+ // applications.
+ status = Status.CLOSED;
+ }
}
int deltaSrcs = srcsRemains;
@@ -258,7 +271,7 @@
}
if (ciphertext == null) {
- return Ciphertext.CIPHERTEXT_NULL;
+ return null;
}
// Is the handshake completed?
diff -r -u a/src/share/classes/sun/security/ssl/TransportContext.java b/src/share/classes/sun/security/ssl/TransportContext.java
--- a/src/share/classes/sun/security/ssl/TransportContext.java 2021-06-09 21:26:26.766062300 +0900
+++ b/src/share/classes/sun/security/ssl/TransportContext.java 2021-06-10 09:14:04.842253500 +0900
@@ -577,13 +577,7 @@
// Special case that the inbound was closed, but outbound open.
return HandshakeStatus.NEED_WRAP;
}
- } else if (isOutboundClosed() && !isInboundClosed()) {
- // Special case that the outbound was closed, but inbound open.
- return HandshakeStatus.NEED_UNWRAP;
- } else if (!isOutboundClosed() && isInboundClosed()) {
- // Special case that the inbound was closed, but outbound open.
- return HandshakeStatus.NEED_WRAP;
- }
+ } // Otherwise, both inbound and outbound are closed
return HandshakeStatus.NOT_HANDSHAKING;
}
> I am confused with what you mean about the copyright year as
>
> https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/6852be0de227
>
> contains no copyright year changes.
I'm sorry, I was mistaken.
It contains no copyright year changes.
Regards,
Takuya Kiriyama
> -----Original Message-----
> From: Andrew Hughes <gnu.andrew at redhat.com>
> Sent: Wednesday, June 9, 2021 12:58 PM
> To: Kiriyama, Takuya/桐山 卓弥 <kiriyama.takuya at fujitsu.com>
> Cc: 'jdk8u-dev at openjdk.java.net' <jdk8u-dev at openjdk.java.net>
> Subject: Re: [PING] RE: [8u] RFR: 8214418 half-closed SSLEngine status
> may cause application dead loop
>
> On 08:59 Mon 07 Jun , kiriyama.takuya at fujitsu.com wrote:
> > Hello,
> >
> > Please reply if anyone can be a sponsor.
> >
> > Regards,
> > Takuya Kiriyama
> >
> > > -----Original Message-----
> > > From: Kiriyama, Takuya/桐山 卓弥
> > > Sent: Monday, May 31, 2021 5:58 PM
> > > To: 'jdk8u-dev at openjdk.java.net' <jdk8u-dev at openjdk.java.net>
> > > Subject: [8u] RFR: 8214418 half-closed SSLEngine status may cause
> > > application dead loop
> > >
> > > Hi all,
> > >
> > > The problem reported by JDK-8214418 occurs on JDK8.
> > > I would like to backport 8214418 patch to 8u. But I don't have a
> > > JBS
> account.
> > > Could anybody help me as a sponsor of this backporting ?
> > >
> > > https://bugs.openjdk.java.net/browse/JDK-8214418
> > > https://hg.openjdk.java.net/jdk/jdk/rev/5022a4915fe9
> > >
> > > I don't have access permission to
> > > https://bugs.openjdk.java.net/browse/JDK-8214418.
>
> Neither do I. It looks like the bug is closed. We'll use 8241054 instead.
>
> > > I can confirm that 8214418 has been backported to JDK11.
> > > https://bugs.openjdk.java.net/browse/JDK-8241054
> > > https://hg.openjdk.java.net/jdk-updates/jdk11u/rev/6852be0de227
> > >
> > > Original patch applied almost clean except for copyright year.
> > > I have confirmed that the problem does not occur after backporting
> > > with
> 8u.
>
> Please post the patch for review and I can handle the JBS side for you.
>
> I am confused with what you mean about the copyright year as
>
> https://hg.openjdk.java.net/jdk-updates/jdk11u-dev/rev/6852be0de227
>
> contains no copyright year changes.
>
> > >
> > > Regards,
> > > Takuya Kiriyama
> >
>
> Thanks,
> --
> Andrew :)
>
> Senior Free Java Software Engineer
> OpenJDK Package Owner
> Red Hat, Inc. (http://www.redhat.com)
>
> PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint
> = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222
More information about the jdk8u-dev
mailing list