'SSLEngine.wrap(...) returns NOT_HANDSHAKING even when the alert was not consumed yet in latest JDK12'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-security-dev
Subject:    SSLEngine.wrap(...) returns NOT_HANDSHAKING even when the alert was not consumed yet in latest JDK12
From:       Norman Maurer <norman.maurer () googlemail ! com>
Date:       2019-02-28 8:24:49
Message-ID: F2454990-F28C-4295-93EB-149A1F392F06 () googlemail ! com
[Download RAW message or body]

Hi all,

I think I found a possible regression / bug in the latest JDK12 release when trying \
to upgrade the Netty CI server to test with the latest JDK12 release. The problem is \
that SSLEngine.wrap(…) returns NOT_HANDSHAKING even when there are bytes left that \
should be consumed (the alert itself). My understanding is that it should only return \
"NOT_HANDSHAKING" once we also consumed the alert. Please correct me if I wrong tho.

I pushed a reproducer for this here:

https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug \
<https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug>

When running this on the latest JDK12 release (and later JDK versions) it will fail \
with an AssertionError, while everything works as expected when using earlier Java \
versions.

Here is the Java version I used to reproduce:

# java -version
openjdk version "12" 2019-03-19
OpenJDK Runtime Environment (build 12+33)
OpenJDK 64-Bit Server VM (build 12+33, mixed mode, sharing)


It seems like this was not always the case for Java12 tho, as I can not reproduce it \
with this version:

#java -version
openjdk version "12-ea" 2019-03-19
OpenJDK Runtime Environment (build 12-ea+27)
OpenJDK 64-Bit Server VM (build 12-ea+27, mixed mode, sharing)

I don't have all the "in between" releases on my machine atm so I can not tell \
exactly on which release this "broke" :/

Thanks
Norman


[Attachment #3 (unknown)]

<html><head><meta http-equiv="Content-Type" content="text/html; \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
line-break: after-white-space;" class="">Hi all,<div class=""><br class=""></div><div \
class="">I think I found a possible regression / bug in the latest JDK12 release when \
trying to upgrade the Netty CI server to test with the latest JDK12 release. The \
problem is that SSLEngine.wrap(…) returns NOT_HANDSHAKING even when there are bytes \
left that should be consumed (the alert itself). My understanding is that it should \
only return "NOT_HANDSHAKING" once we also consumed the alert. Please correct me if I \
wrong tho.</div><div class=""><br class=""></div><div class="">I pushed a reproducer \
for this here:</div><div class=""><br class=""></div><div class=""><a \
href="https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug" \
class="">https://github.com/normanmaurer/jdk12_ssl_engine_unwrap_bug</a></div><div \
class=""><br class=""></div><div class="">When running this on the latest JDK12 \
release (and later JDK versions) it will fail with an AssertionError, while \
everything works as expected when using earlier Java versions.</div><div class=""><br \
class=""></div><div class="">Here is the Java version I used to reproduce:</div><div \
class=""><br class=""></div><div class=""><div class=""># java -version</div><div \
class="">openjdk version "12" 2019-03-19</div><div class="">OpenJDK Runtime \
Environment (build 12+33)</div><div class="">OpenJDK 64-Bit Server VM (build 12+33, \
mixed mode, sharing)</div></div><div class=""><br class=""></div><div class=""><br \
class=""></div><div class="">It seems like this was not always the case for Java12 \
tho, as I can not reproduce it with this version:</div><div class=""><br \
class=""></div><div class=""><div class="">#java -version</div><div class="">openjdk \
version "12-ea" 2019-03-19</div><div class="">OpenJDK Runtime Environment (build \
12-ea+27)</div><div class="">OpenJDK 64-Bit Server VM (build 12-ea+27, mixed mode, \
sharing)</div></div><div class=""><br class=""></div><div class="">I don't have all \
the "in between" releases on my machine atm so I can not tell exactly on which \
release this "broke" :/</div><div class=""><br class=""></div><div \
class="">Thanks</div><div class="">Norman</div><div class=""><br class=""></div><div \
class=""><br class=""></div><div class=""><br class=""></div></body></html>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic