RFR: 8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
Daniel Jeliński
djelinski at openjdk.org
Tue Oct 11 16:10:44 UTC 2022
This patch fixes the issue where a thread doing SSLSocket.close() could destroy the read cipher while it was used by another thread doing SSLSocket.read().
The reported issue was triggered by SSLSocket.close() calling inputRecord.close() -> readCipher.dispose() -> cipher.doFinal() on an AES/GCM cipher between `updateAAD` and `doFinal`; this changed the cipher state and caused the doFinal call to fail.
The issue for AES/GCM (and all other AEAD ciphers) was fixed by JDK-8294848; this patch addresses the non-AEAD ciphers.
Tier1-3 clean. Also, no failures after 1200 repetitions of NoInvalidateSocketException.
-------------
Commit messages:
- Ensure we do not destroy cipher while using it
Changes: https://git.openjdk.org/jdk/pull/10657/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=10657&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8277970
Stats: 7 lines in 2 files changed: 6 ins; 1 del; 0 mod
Patch: https://git.openjdk.org/jdk/pull/10657.diff
Fetch: git fetch https://git.openjdk.org/jdk pull/10657/head:pull/10657
PR: https://git.openjdk.org/jdk/pull/10657
More information about the security-dev
mailing list