You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Jason Mathison (Jira)" <ji...@apache.org> on 2021/11/04 03:14:00 UTC
[jira] [Updated] (HTTPCORE-694) Endless loop when encrypted buffer
larger than plaintext buffer
[ https://issues.apache.org/jira/browse/HTTPCORE-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Mathison updated HTTPCORE-694:
------------------------------------
Description:
We are having an issue where SSLIOSession::decryptData will effectively become an endless loop when the size of the inEncryptedBuf buffer is larger than the size of the inPlainBuf.
In this scenario the doUnwrap completely fills up the inPlainBuf. This causes the
if (inPlainBuf.hasRemaining())
to return false and never clear anything out of the inPlainBuf buffer.
From what we can tell the
if (inPlainBuf.hasRemaining()) {
should be removed, as it is in error. There is no reason that this buffer being full should prevent it from being emptied.
We verified that removing this code from 5.1.2 resolved the issue we were facing, along with all tests continuing to pass. There does not appear to be any change to this code in 5.2 alpha.
This issue shows up when we use BouncyCastle for FIPS validated TLS, as it creates a larger inEncryptedBuf then the SUN stack. This issue is completely reproducible when we get a large response from our endpoint.
was:
We are having an issue where SSLIOSession::decryptData will effectively become an endless loop when the size of the inEncryptedBuf buffer is larger than the size of the inPlainBuf.
In this scenario the doUnwrap completely fills up the inPlainBuf. This causes the
if (inPlainBuf.hasRemaining())
to return false and never clear anything out of the inPlainBuf buffer.
From what we can tell the
if (inPlainBuf.hasRemaining()) {
This issue shows up when we use BouncyCastle for FIPS validated TLS, along with an intentionally large response.
> Endless loop when encrypted buffer larger than plaintext buffer
> ---------------------------------------------------------------
>
> Key: HTTPCORE-694
> URL: https://issues.apache.org/jira/browse/HTTPCORE-694
> Project: HttpComponents HttpCore
> Issue Type: Bug
> Components: HttpCore
> Affects Versions: 5.1.2, 5.2-alpha1
> Reporter: Jason Mathison
> Priority: Major
>
> We are having an issue where SSLIOSession::decryptData will effectively become an endless loop when the size of the inEncryptedBuf buffer is larger than the size of the inPlainBuf.
> In this scenario the doUnwrap completely fills up the inPlainBuf. This causes the
> if (inPlainBuf.hasRemaining())
> to return false and never clear anything out of the inPlainBuf buffer.
> From what we can tell the
> if (inPlainBuf.hasRemaining()) {
> should be removed, as it is in error. There is no reason that this buffer being full should prevent it from being emptied.
> We verified that removing this code from 5.1.2 resolved the issue we were facing, along with all tests continuing to pass. There does not appear to be any change to this code in 5.2 alpha.
> This issue shows up when we use BouncyCastle for FIPS validated TLS, as it creates a larger inEncryptedBuf then the SUN stack. This issue is completely reproducible when we get a large response from our endpoint.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org