SSLEngine.wrap(...) returns NOT_HANDSHAKING even when the alert was not consumed yet in latest JDK12 release (possible regression).

Norman Maurer norman.maurer at googlemail.com
Wed Mar 13 06:31:06 UTC 2019 

Is there anything else I can do to have anyone look into this? 

I just want to make sure this does not fall through before the final JDK 12 release is done. 

Bye
Norman


> On 4. Mar 2019, at 21:15, Norman Maurer <norman.maurer at googlemail.com> wrote:
> 
> Any comments here ?
> 
> Bye
> Norman
> 
> 
>> On 28. Feb 2019, at 09:24, Norman Maurer <norman.maurer at googlemail.com <mailto:norman.maurer at googlemail.com>> wrote:
>> 
>> Hi all,
>> 
>> I think I found a possible regression / bug in the latest JDK12 release when trying to upgrade the Netty CI server to test with the latest JDK12 release. The problem is that SSLEngine.wrap(…) returns NOT_HANDSHAKING even when there are bytes left that should be consumed (the alert itself). My understanding is that it should only return “NOT_HANDSHAKING” once we also consumed the alert. Please correct me if I wrong tho.
>> 
>> I pushed a reproducer for this here:
>> 
>> https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug <https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug>
>> 
>> When running this on the latest JDK12 release (and later JDK versions) it will fail with an AssertionError, while everything works as expected when using earlier Java versions.
>> 
>> Here is the Java version I used to reproduce:
>> 
>> # java -version
>> openjdk version "12" 2019-03-19
>> OpenJDK Runtime Environment (build 12+33)
>> OpenJDK 64-Bit Server VM (build 12+33, mixed mode, sharing)
>> 
>> 
>> It seems like this was not always the case for Java12 tho, as I can not reproduce it with this version:
>> 
>> #java -version
>> openjdk version "12-ea" 2019-03-19
>> OpenJDK Runtime Environment (build 12-ea+27)
>> OpenJDK 64-Bit Server VM (build 12-ea+27, mixed mode, sharing)
>> 
>> I don't have all the “in between” releases on my machine atm so I can not tell exactly on which release this “broke” :/
>> 
>> Thanks
>> Norman
>> 
>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190313/8f8ce68d/attachment.htm>

More information about the security-dev mailing list