mirror of
https://github.com/openjdk/jdk.git
synced 2025-08-27 23:04:50 +02:00
8263779: SSLEngine reports NEED_WRAP continuously without producing any further output
Reviewed-by: wetmore
This commit is contained in:
Xue-Lei Andrew Fan
parent
889d246681
commit
1a37bce5af
4 changed files with 40 additions and 44 deletions
|
|
@ -174,7 +174,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
// May need to deliver cached records.
|
||||
if (isOutboundDone()) {
|
||||
return new SSLEngineResult(
|
||||
Status.CLOSED, getHandshakeStatus(), 0, 0);
|
||||
Status.CLOSED, conContext.getHandshakeStatus(), 0, 0);
|
||||
}
|
||||
|
||||
HandshakeContext hc = conContext.handshakeContext;
|
||||
|
|
@ -184,7 +184,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
!conContext.isOutboundClosed()) {
|
||||
conContext.kickstart();
|
||||
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
if (hsStatus == HandshakeStatus.NEED_UNWRAP) {
|
||||
/*
|
||||
* For DTLS, if the handshake state is
|
||||
|
|
@ -202,7 +202,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
}
|
||||
|
||||
if (hsStatus == null) {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -226,7 +226,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
// now, force it to be large enough to handle any valid record.
|
||||
if (dstsRemains < conContext.conSession.getPacketBufferSize()) {
|
||||
return new SSLEngineResult(
|
||||
Status.BUFFER_OVERFLOW, getHandshakeStatus(), 0, 0);
|
||||
Status.BUFFER_OVERFLOW, conContext.getHandshakeStatus(), 0, 0);
|
||||
}
|
||||
|
||||
int srcsRemains = 0;
|
||||
|
|
@ -266,7 +266,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
if (ciphertext != null && ciphertext.handshakeStatus != null) {
|
||||
hsStatus = ciphertext.handshakeStatus;
|
||||
} else {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
if (ciphertext == null && !conContext.isNegotiated &&
|
||||
conContext.isInboundClosed() &&
|
||||
hsStatus == HandshakeStatus.NEED_WRAP) {
|
||||
|
|
@ -536,7 +536,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
*/
|
||||
if (isInboundDone()) {
|
||||
return new SSLEngineResult(
|
||||
Status.CLOSED, getHandshakeStatus(), 0, 0);
|
||||
Status.CLOSED, conContext.getHandshakeStatus(), 0, 0);
|
||||
}
|
||||
|
||||
HandshakeStatus hsStatus = null;
|
||||
|
|
@ -549,14 +549,14 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
* If there's still outbound data to flush, we
|
||||
* can return without trying to unwrap anything.
|
||||
*/
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
if (hsStatus == HandshakeStatus.NEED_WRAP) {
|
||||
return new SSLEngineResult(Status.OK, hsStatus, 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
if (hsStatus == null) {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -586,7 +586,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
if (plainText.handshakeStatus != null) {
|
||||
hsStatus = plainText.handshakeStatus;
|
||||
} else {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
}
|
||||
|
||||
return new SSLEngineResult(
|
||||
|
|
@ -625,7 +625,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
|
||||
Status status = (isInboundDone() ? Status.CLOSED : Status.OK);
|
||||
if (hsStatus == null) {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
}
|
||||
|
||||
return new SSLEngineResult(status, hsStatus, srcsRemains, 0, -1L);
|
||||
|
|
@ -712,7 +712,7 @@ final class SSLEngineImpl extends SSLEngine implements SSLTransport {
|
|||
if (plainText.handshakeStatus != null) {
|
||||
hsStatus = plainText.handshakeStatus;
|
||||
} else {
|
||||
hsStatus = getHandshakeStatus();
|
||||
hsStatus = conContext.getHandshakeStatus();
|
||||
}
|
||||
|
||||
int deltaNet = srcsRemains;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 1996, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -55,7 +55,7 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
|
|||
recordLock.lock();
|
||||
try {
|
||||
if (!isClosed) {
|
||||
if (fragmenter != null && fragmenter.hasAlert()) {
|
||||
if (fragmenter != null && !fragmenter.isEmpty()) {
|
||||
isCloseWaiting = true;
|
||||
} else {
|
||||
super.close();
|
||||
|
|
@ -533,33 +533,24 @@ final class SSLEngineOutputRecord extends OutputRecord implements SSLRecord {
|
|||
dstBuf.limit(dstLim);
|
||||
|
||||
// Reset the fragmentation offset.
|
||||
if (hsMemo != null) {
|
||||
return new Ciphertext(hsMemo.contentType,
|
||||
hsMemo.handshakeType, recordSN);
|
||||
} else {
|
||||
if (isCloseWaiting &&
|
||||
memo.contentType == ContentType.ALERT.id) {
|
||||
try {
|
||||
if (hsMemo != null) {
|
||||
return new Ciphertext(hsMemo.contentType,
|
||||
hsMemo.handshakeType, recordSN);
|
||||
} else {
|
||||
return new Ciphertext(memo.contentType,
|
||||
SSLHandshake.NOT_APPLICABLE.id, recordSN);
|
||||
}
|
||||
} finally {
|
||||
if (isCloseWaiting && isEmpty()) {
|
||||
close();
|
||||
}
|
||||
|
||||
return new Ciphertext(memo.contentType,
|
||||
SSLHandshake.NOT_APPLICABLE.id, recordSN);
|
||||
}
|
||||
}
|
||||
|
||||
boolean isEmpty() {
|
||||
return handshakeMemos.isEmpty();
|
||||
}
|
||||
|
||||
boolean hasAlert() {
|
||||
for (RecordMemo memo : handshakeMemos) {
|
||||
if (memo.contentType == ContentType.ALERT.id) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -1417,8 +1417,10 @@ public final class SSLSocketImpl
|
|||
conContext.isNegotiated) {
|
||||
return 0;
|
||||
}
|
||||
} catch (SSLException | InterruptedIOException | SocketException se) {
|
||||
// don't change exception in case of timeouts or interrupts or SocketException
|
||||
} catch (SSLException |
|
||||
InterruptedIOException | SocketException se) {
|
||||
// Don't change exception in case of timeouts or interrupts
|
||||
// or SocketException.
|
||||
throw se;
|
||||
} catch (IOException ioe) {
|
||||
throw new SSLException("readHandshakeRecord", ioe);
|
||||
|
|
@ -1474,8 +1476,10 @@ public final class SSLSocketImpl
|
|||
buffer.position() > 0) {
|
||||
return buffer;
|
||||
}
|
||||
} catch (SSLException | InterruptedIOException | SocketException se) {
|
||||
// don't change exception in case of timeouts or interrupts or SocketException.
|
||||
} catch (SSLException |
|
||||
InterruptedIOException | SocketException se) {
|
||||
// Don't change exception in case of timeouts or interrupts
|
||||
// or SocketException.
|
||||
throw se;
|
||||
} catch (IOException ioe) {
|
||||
throw new SSLException("readApplicationRecord", ioe);
|
||||
|
|
@ -1483,7 +1487,8 @@ public final class SSLSocketImpl
|
|||
}
|
||||
|
||||
//
|
||||
// couldn't read, due to some kind of error
|
||||
// Couldn't read, due to some kind of error or inbound
|
||||
// has been closed.
|
||||
//
|
||||
return null;
|
||||
}
|
||||
|
|
@ -1686,7 +1691,7 @@ public final class SSLSocketImpl
|
|||
|
||||
if (cause instanceof SocketException) {
|
||||
try {
|
||||
conContext.fatal(alert, cause);
|
||||
throw conContext.fatal(alert, cause);
|
||||
} catch (Exception e) {
|
||||
// Just delivering the fatal alert, re-throw the socket exception instead.
|
||||
}
|
||||
|
|
@ -1748,7 +1753,8 @@ public final class SSLSocketImpl
|
|||
// If conContext.isInputCloseNotified is false, close the
|
||||
// connection, no wait for more peer response. Otherwise,
|
||||
// may wait for peer close_notify.
|
||||
closeSocket(!conContext.isInputCloseNotified);
|
||||
closeSocket(conContext.isNegotiated &&
|
||||
!conContext.isInputCloseNotified);
|
||||
} finally {
|
||||
tlsIsClosed = true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
|
|
@ -584,10 +584,10 @@ final class TransportContext implements ConnectionContext {
|
|||
closeNotify(useUserCanceled);
|
||||
}
|
||||
|
||||
// Note; HandshakeStatus.FINISHED status is retrieved in other places.
|
||||
// Note: HandshakeStatus.FINISHED status is retrieved in other places.
|
||||
HandshakeStatus getHandshakeStatus() {
|
||||
if (!outputRecord.isEmpty()) {
|
||||
// If no handshaking, special case to wrap alters or
|
||||
// If not handshaking, special case to wrap alerts or
|
||||
// post-handshake messages.
|
||||
return HandshakeStatus.NEED_WRAP;
|
||||
} else if (isOutboundClosed() && isInboundClosed()) {
|
||||
|
|
@ -596,8 +596,7 @@ final class TransportContext implements ConnectionContext {
|
|||
if (!handshakeContext.delegatedActions.isEmpty()) {
|
||||
return HandshakeStatus.NEED_TASK;
|
||||
} else if (!isInboundClosed()) {
|
||||
if (sslContext.isDTLS() &&
|
||||
!inputRecord.isEmpty()) {
|
||||
if (sslContext.isDTLS() && !inputRecord.isEmpty()) {
|
||||
return HandshakeStatus.NEED_UNWRAP_AGAIN;
|
||||
} else {
|
||||
return HandshakeStatus.NEED_UNWRAP;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue