RFR: 8263779: SSLEngine reports NEED_WRAP continuously without producing any further output [v2]
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Thu Apr 22 04:13:54 UTC 2021
> As described in the bug, by connecting the SSLEngine with a misbehaving peer SSL implementation, it can get into a state where it calling `wrap` reports getStatus == OK, getHandshakeStatus === NEED_WRAP but still doesn't produce any further output. It happens when the output bound is not empty.
>
> The handshake status could have more precise status if the out bound. The patch was confirmed by the bug submitter.
Xue-Lei Andrew Fan has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision:
- Merge
- improved fix
- 8263779: SSLEngine reports NEED_WRAP continuously without producing any further output
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/3292/files
- new: https://git.openjdk.java.net/jdk/pull/3292/files/5f01932b..989e9ad3
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=3292&range=01
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=3292&range=00-01
Stats: 103794 lines in 2432 files changed: 57154 ins; 38351 del; 8289 mod
Patch: https://git.openjdk.java.net/jdk/pull/3292.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/3292/head:pull/3292
PR: https://git.openjdk.java.net/jdk/pull/3292
More information about the security-dev
mailing list