RFR: 8283577: SSLEngine.unwrap on read-only input ByteBuffer
Anthony Scarpino
ascarpino at openjdk.java.net
Wed May 11 22:41:47 UTC 2022
On Mon, 9 May 2022 23:48:24 GMT, Bradford Wetmore <wetmore at openjdk.org> wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used with SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher operation when a read-only buffer is passed. If the 'src' is read-write, there is no effect on the current operation
>>
>> The PR also includes a CSR for an API implementation note to the SSLEngine.unwrap. The 'src' buffer may be modified during the decryption operation. 'unwrap()' has had this behavior forever, so there is no compatibility issue with this note. Using the 'src' buffer for in-place decryption was a performance decision.
>>
>> Tony
>
> test/jdk/javax/net/ssl/SSLSession/ReadOnlyEngine.java line 157:
>
>> 155: // Do TLS handshake
>> 156: do {
>> 157: statusClient = doHandshake(client, out, in);
>
> It's potentially a little inefficient returning after each wrap/unwrap() instead of doing the task right away, but it works. No need to change.
>
> Is this style something you copied from another test? The SSLEngineTemplate in the templates directory is what I often use.
I got it from somewhere that I don't remember off hand. I'm just trying to get through the handshake.
> test/jdk/javax/net/ssl/SSLSession/ReadOnlyEngine.java line 162:
>
>> 160: statusServer != HandshakeStatus.NOT_HANDSHAKING);
>> 161:
>> 162: // Read NST
>
> What is NST?
New Session Ticket
-------------
PR: https://git.openjdk.java.net/jdk/pull/8462
More information about the security-dev
mailing list