Bug / performance problem in changeCipherSuite
Daniel Jeliński
djelinski1 at gmail.com
Fri Oct 22 15:14:31 UTC 2021
Hi all,
During routine examination of thread dumps I noticed a stack trace you
may find interesting. Relevant part:
java.lang.Thread.State: RUNNABLE
...
at java.lang.IllegalStateException.<init>(java.base at 11.0.11/Unknown Source)
at javax.crypto.Cipher.checkCipherState(java.base at 11.0.11/Unknown Source)
at javax.crypto.Cipher.doFinal(java.base at 11.0.11/Unknown Source)
at sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.dispose(java.base at 11.0.11/Unknown
Source)
at sun.security.ssl.InputRecord.changeReadCiphers(java.base at 11.0.11/Unknown
Source)
at sun.security.ssl.ChangeCipherSpec$T10ChangeCipherSpecConsumer.consume(java.base at 11.0.11/Unknown
Source)
...
All handshakes that negotiate GCM ciphers throw and catch an
exception, because the newly created cipher is disposed before use.
I believe this is caused by this line of code:
https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L125
I think it should read as follows:
this.readCipher.dispose();
I can file a PR, just need help with JBS ID.
Regards,
Daniel
More information about the security-dev
mailing list