You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "Clifford Jansen (Jira)" <ji...@apache.org> on 2023/05/14 18:29:00 UTC

[jira] [Created] (PROTON-2736) TLS OpenSSL library: hang with large application data frames

Clifford Jansen created PROTON-2736:
---------------------------------------

             Summary: TLS OpenSSL library: hang with large application data frames
                 Key: PROTON-2736
                 URL: https://issues.apache.org/jira/browse/PROTON-2736
             Project: Qpid Proton
          Issue Type: Bug
          Components: proton-c
    Affects Versions: proton-c-0.38.0
            Reporter: Clifford Jansen
            Assignee: Clifford Jansen


OpenSSL maintains a buffer large enough for the largest possible TLS protocol record + 1K.  The Proton TLS decrypt loop is unaware of record boundaries and repeatedly adds encrypted bytes at one end and takes out decrypted bytes at the other, stopping when there is no more to decrypt or no more application buffer space to move decrypted content into.

It also tests if there are remaining decrypted bytes available should the application provide additional buffers.  This test can fail in the case that the OpenSSL buffer is completely filled with:

 handshake record > 1K followed by
 partial max sized application data record

The SSL_peek operation will not see any application data and Proton "remembers" the full buffer without allowing that the handshake record has been processed and the buffer is no longer full.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org