You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by "Paul Donohue (JIRA)" <ji...@apache.org> on 2012/11/15 18:06:12 UTC

[jira] [Commented] (HTTPCORE-322) SSLIOSession infinite loop after alert during handshake

    [ https://issues.apache.org/jira/browse/HTTPCORE-322?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498138#comment-13498138 ] 

Paul Donohue commented on HTTPCORE-322:
---------------------------------------

I believe the root of the problem lies in SSLIOSession.isAppInputReady(), which calls:
        doHandshake();
        decryptData();

In the above case, I believe what happened is:
- Connection was established, then isAppInputReady() was called before the full ClientHello was received
- isAppInputReady() called doHandshake(), which got NEED_UNWRAP and called doUnwrap()
- Since the full ClientHello hadn't been received yet, SSLEngineImpl.readNetRecord() returned Status.BUFFER_UNDERFLOW (which propagated back up and was returned by doUnwrap()), causing doHandshake() to return
- isAppInputReady() called decryptData()
- Somewhere after the underflow check in readNetRecord() and before the "this.inEncrypted.position() > 0" check in decryptData(), we finished receiving the ClientHello message and the CloseNotify Alert
- decryptData() called doUnwrap(), which read the ClientHello and (since it was resuming a session) generated ServerHello, ChangeCipherSpec, and Finished messages, then doUnwrap() returned
- Due to the unprocessed Alert still in the buffer, decryptData() called doUnwrap() again
- doUnwrap() calls SSLEngine.unwrap() calls SSLEngineImpl.readNetRecord() calls SSLEngineImpl.getHSStatus(), which returns NEED_WRAP due to the pending messages that need to be written out, which causes doUnwrap() to return with Status.OK
- decryptData() loops forever calling doUnwrap(), which keeps returning NEED_WRAP
                
> SSLIOSession infinite loop after alert during handshake
> -------------------------------------------------------
>
>                 Key: HTTPCORE-322
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-322
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>          Components: HttpCore NIO
>            Reporter: Paul Donohue
>            Priority: Critical
>
> I have an application using httpcore-nio that occasionally gets stuck in an infinite loop in SSLIOSession:
> "I/O dispatcher 1" prio=10 tid=0x00002aaab82da000 nid=0x5448 runnable [0x000000004271c000]
>    java.lang.Thread.State: RUNNABLE
>         at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:767)
>         - locked <0x00000000a4f03420> (a sun.security.ssl.SSLEngineImpl)
>         at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:719)
>         - locked <0x00000000a51faaa0> (a java.lang.Object)
>         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
>         at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:228)
>         at org.apache.http.nio.reactor.ssl.SSLIOSession.decryptData(SSLIOSession.java:348)
>         at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:371)
>         - locked <0x00000000a4f03498> (a org.apache.http.nio.reactor.ssl.SSLIOSession)
>         at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:118)
>         at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:160)
>         at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:342)
>         at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:320)
>         at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:280)
>         at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106)
>         at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:604)
>         at java.lang.Thread.run(Thread.java:636)
> In the above example, I was able to determine that this behavior was caused by a client sending a ClientHello that resumed an established session, immediately followed by a CloseNotify Alert.  This sequence only sometimes triggers the infinite loop, so the problem appears to be timing related.  I get the feeling that there are other sequences that may trigger this, but I don't have any other concrete examples at the moment.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org