Bug / performance problem in changeCipherSuite

Daniel Jeliński djelinski1 at gmail.com
Fri Oct 22 18:40:19 UTC 2021


Thanks Xuelei for the JBS ticket and the hint. PR is on its way.
Regards,
Daniel

pt., 22 paź 2021 o 19:28 Xuelei Fan <xuelei.fan at oracle.com> napisał(a):
>
> Hi Daniel,
>
> Thank you for the nice catch!  I filed a JBS bug:
>     https://bugs.openjdk.java.net/browse/JDK-8275811
>
> It would be nice if you could also update similar issues in (DTLS)OutRecord files.
>
> Thanks,
> Xuelei
>
> On Oct 22, 2021, at 8:14 AM, Daniel Jeliński <djelinski1 at gmail.com> wrote:
>
> Hi all,
> During routine examination of thread dumps I noticed a stack trace you
> may find interesting. Relevant part:
>
>   java.lang.Thread.State: RUNNABLE
> ...
> at java.lang.IllegalStateException.<init>(java.base at 11.0.11/Unknown Source)
> at javax.crypto.Cipher.checkCipherState(java.base at 11.0.11/Unknown Source)
> at javax.crypto.Cipher.doFinal(java.base at 11.0.11/Unknown Source)
> at sun.security.ssl.SSLCipher$T12GcmReadCipherGenerator$GcmReadCipher.dispose(java.base at 11.0.11/Unknown
> Source)
> at sun.security.ssl.InputRecord.changeReadCiphers(java.base at 11.0.11/Unknown
> Source)
> at sun.security.ssl.ChangeCipherSpec$T10ChangeCipherSpecConsumer.consume(java.base at 11.0.11/Unknown
> Source)
> ...
>
> All handshakes that negotiate GCM ciphers throw and catch an
> exception, because the newly created cipher is disposed before use.
>
> I believe this is caused by this line of code:
> https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/InputRecord.java#L125
>
> I think it should read as follows:
> this.readCipher.dispose();
>
> I can file a PR, just need help with JBS ID.
> Regards,
> Daniel
>
>


More information about the security-dev mailing list