Author: remm
Date: Wed Feb 14 08:30:28 2018
New Revision: 1824201

URL: http://svn.apache.org/viewvc?rev=1824201&view=rev
Log:
Follow up for 61751 as underflow should be returned when no app bytes are 
produced but all encrypted input bytes have been consumed. Handshake remains 
specific as app bytes are never produced.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java?rev=1824201&r1=1824200&r2=1824201&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java Wed 
Feb 14 08:30:28 2018
@@ -621,8 +621,8 @@ public final class OpenSSLEngine extends
             closeOutbound();
             closeInbound();
         }
-        if (bytesProduced == 0 && written == 0) {
-            return new 
SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), 
0, 0);
+        if (bytesProduced == 0 && (written == 0 || (written > 0 && 
!src.hasRemaining() && handshakeFinished))) {
+            return new 
SSLEngineResult(SSLEngineResult.Status.BUFFER_UNDERFLOW, getHandshakeStatus(), 
written, 0);
         } else {
             return new SSLEngineResult(getEngineStatus(), 
getHandshakeStatus(), written, bytesProduced);
         }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1824201&r1=1824200&r2=1824201&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Feb 14 08:30:28 2018
@@ -65,6 +65,11 @@
       <fix>
         Add minor HPACK fixes, based on fixes by Stuart Douglas. (remm)
       </fix>
+      <fix>
+        <bug>61751</bug>: Follow up fix so that OpenSSL engine returns
+        underflow when unwrapping if no bytes were produced and the input is
+        empty. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Web applications">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to