RFR: 8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
Jamil Nimeh
jnimeh at openjdk.org
Tue Oct 11 16:46:14 UTC 2022
On Tue, 11 Oct 2022 14:38:35 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> This patch fixes the issue where a thread doing SSLSocket.close() could destroy the read cipher while it was used by another thread doing SSLSocket.read().
>
> The reported issue was triggered by SSLSocket.close() calling inputRecord.close() -> readCipher.dispose() -> cipher.doFinal() on an AES/GCM cipher between `updateAAD` and `doFinal`; this changed the cipher state and caused the doFinal call to fail.
>
> The issue for AES/GCM (and all other AEAD ciphers) was fixed by JDK-8294848; this patch addresses the non-AEAD ciphers.
>
> Tier1-3 clean. Also, no failures after 1200 repetitions of NoInvalidateSocketException.
Overall the changes look clean. Thanks for taking care of this. A couple notes:
- Per our side discussion, can you please remove noreg-self from the bug and add this bug ID to NoInvalidateSocketException.java
- Can you please do a large-iteration run on test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java
I'll approve once that multi-iteration run comes back clean.
-------------
PR: https://git.openjdk.org/jdk/pull/10657
More information about the security-dev
mailing list