SSLEngine weird behavior in 11+21?

Simone Bordet simone.bordet at gmail.com
Tue Jul 31 19:13:01 UTC 2018


Hi,

On Tue, Jul 31, 2018 at 5:10 PM Xuelei Fan <xuelei.fan at oracle.com> wrote:
>
> Hi,
>
> On 7/31/2018 6:43 AM, Xuelei Fan wrote:
> > Current jdk11 tip with your patch:
> > 1. client.closeOutbound() then goes into NEED_WRAP.
> > 2. Client wraps 24 bytes, result is CLOSED, then goes into NEED_UNWRAP.
> > 3. Server unwraps 24 bytes, result is CLOSED, then goes into NEED_WRAP.
> > 4. Server wraps 0 bytes and stays in NEED_WRAP (?)
>
> In my testing (OpenJDK,
> test/jdk/javax/net/ssl/TLSv1/TLSEnginesClosureTest.java), for #4, the
> server could wrap the close_notify alert message for TLS 1.2 and prior
> versions (CLOSED/NOT_HANDSHAKING); and wrap data for TLS 1.3
> (OK/NOT_HANDSHAKING, half-close).
>
> Are you using TLS 1.3 with no data in your test case in #4?  Because of
> the half-close policy,  it may be the expected behavior if no
> application data can be delivered.

The problem with 4 between TLS 1.2 and your latest patch is that
before there was no need to call server.closeOutbound(): as the server
received the close_notify from the client, it was moving to NEED_WRAP
and if wrap() was called it would generate the close_notify reply.
With your latest patch, you _have_ to call server.closeOutbound()
otherwise 4 will always generate 0 bytes and spin loop.

That is why I prefer 2 to go into CLOSED+NOT_HANDSHAKING.
When it goes into CLOSE+NEED_UNWRAP, the application will follow the
instructions of SSLEngine and attempt an unwrap() immediately, while
instead it should stop wrapping/unwrapping and write the close_notify
to the server.

> For TLS 1.3
> ------------------------
> Trying to close engines from Client to Server
> Client wrapped 24 bytes.
> Client handshake status is NEED_UNWRAP Result is CLOSED
> Server unwrapping 24 bytes...
> Server handshake status is NEED_WRAP Result is CLOSED
> Server wrapped 16406 bytes.
> Server handshake status is NEED_WRAP Result is OK
> ------------------------

The above tells me that the server did not generate yet the
close_notify reply because it is still in NEED_WRAP.
Just to repeat myself I would prefer this:

> Client called closeOutbound() status is NEED_WRAP
> Client wrapped 24 bytes.
> Client handshake status is NOT_HANDSHAKING Result is CLOSED
> Server unwrapping 24 bytes...
> Server handshake status is NOT_HANDSHAKING Result is CLOSED
> Server wrapped 16406 bytes.
> Server handshake status is NOT_HANDSHAKING Result is OK
> Server called closeOutbound() status is NEED_WRAP
> Server wraps 24 bytes
> Server handshake status is NOT_HANDSHAKING Result is CLOSED

Thanks!

-- 
Simone Bordet
---
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz


More information about the security-dev mailing list