On Sat, 14 May 2022 03:29:14 GMT, Anthony Scarpino
wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src'
68ce4a0b4f5c3131f4e4626a5a55b7f2f61f
Stats: 393 lines in 3 files changed: 291 ins; 20 del; 82 mod
8283577: SSLEngine.unwrap on read-only input ByteBuffer
Reviewed-by: wetmore
-
PR: https://git.openjdk.java.net/jdk/pull/8462
On Mon, 16 May 2022 21:08:48 GMT, Anthony Scarpino
wrote:
> There is too much grey area. It says the src buffer maybe modified, which one
> could interpret it cannot be a read-only, but that would still need
> clarification to explicitly say "no read only buffers". And other than these
>
On Sat, 14 May 2022 03:29:14 GMT, Anthony Scarpino
wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src'
On Sat, 14 May 2022 03:29:14 GMT, Anthony Scarpino
wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src'
> Hi,
>
> I need a review of this fix to allow a read-only 'src' buffer to be used with
> SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
> operation when a read-only buffer is passed. If the 'src' is read-write,
> there is no effect on the current operation
>
>
On Wed, 11 May 2022 22:38:04 GMT, Anthony Scarpino
wrote:
>> test/jdk/javax/net/ssl/SSLSession/ReadOnlyEngine.java line 162:
>>
>>> 160: statusServer != HandshakeStatus.NOT_HANDSHAKING);
>>> 161:
>>> 162: // Read NST
>>
>> What is NST?
>
> New Session Ticket
Duh, of
On Wed, 11 May 2022 23:03:27 GMT, Anthony Scarpino
wrote:
>> test/jdk/javax/net/ssl/SSLSession/ReadOnlyEngine.java line 172:
>>
>>> 170: out.clear();
>>> 171: String testString = "ASDF";
>>> 172: in.put(testString.getBytes()).flip();
>>
>> If you're going to convert
On Wed, 11 May 2022 22:25:43 GMT, Anthony Scarpino
wrote:
>> test/jdk/javax/net/ssl/SSLSession/ReadOnlyEngine.java line 1:
>>
>>> 1: /*
>>
>> Wondering why this is in javax/net/ssl/SSLSession instead of
>> sun/security/ssl/SSLCipher.
>
> I can move it.. I created it from another test which
On Wed, 11 May 2022 22:49:02 GMT, Anthony Scarpino
wrote:
>> src/java.base/share/classes/javax/net/ssl/SSLEngine.java line 677:
>>
>>> 675: * @see #unwrap(ByteBuffer, ByteBuffer[], int, int)
>>> 676: *
>>> 677: * @implNote The data in {@code src} may be modified during the
On Wed, 11 May 2022 00:31:23 GMT, Bradford Wetmore wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src' is
On Wed, 11 May 2022 05:52:38 GMT, Xue-Lei Andrew Fan wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src'
On Mon, 9 May 2022 23:48:24 GMT, Bradford Wetmore wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src' is
On Mon, 9 May 2022 23:15:40 GMT, Bradford Wetmore wrote:
>> Hi,
>>
>> I need a review of this fix to allow a read-only 'src' buffer to be used
>> with SSLEngine.unwrap(). A temporary read-write buffer is created in the
>> SSLCipher operation when a read-only buffer is passed. If the 'src' is
On Fri, 29 Apr 2022 03:58:57 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this fix to allow a read-only 'src' buffer to be used with
> SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
> operation when a read-only buffer is passed. If the 'src' is
On Fri, 29 Apr 2022 03:58:57 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this fix to allow a read-only 'src' buffer to be used with
> SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
> operation when a read-only buffer is passed. If the 'src' is
On Fri, 29 Apr 2022 03:58:57 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this fix to allow a read-only 'src' buffer to be used with
> SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
> operation when a read-only buffer is passed. If the 'src' is
On Fri, 29 Apr 2022 03:58:57 GMT, Anthony Scarpino
wrote:
> Hi,
>
> I need a review of this fix to allow a read-only 'src' buffer to be used with
> SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
> operation when a read-only buffer is passed. If the 'src' is
Hi,
I need a review of this fix to allow a read-only 'src' buffer to be used with
SSLEngine.unwrap(). A temporary read-write buffer is created in the SSLCipher
operation when a read-only buffer is passed. If the 'src' is read-write, there
is no effect on the current operation
The PR also
I agree with Chris here that doing in-place modification of the source buffer
is really surprising even if it’s not read-only. This really sounds like
something I would consider a „breaking change“ as I can’t imagine users would
expect this at all (nothing was ever in the javadocs that would
Problem easily duplicated, thanks for the reproducer.
I've updated the bug with the info.
Brad
On 3/24/2022 9:13 AM, Chris Vest wrote:
On Wed, Mar 23, 2022 at 10:38 AM Bradford Wetmore
mailto:bradford.wetm...@oracle.com>> wrote:
Offhand, sounds like a bug to me. I've filed:
On Wed, Mar 23, 2022 at 10:38 AM Bradford Wetmore <
bradford.wetm...@oracle.com> wrote:
> Offhand, sounds like a bug to me. I've filed:
>
> https://bugs.openjdk.java.net/browse/JDK-8283577
Thanks. The in-place use of the input buffer might also be unexpected even
when the buffer is not
Offhand, sounds like a bug to me. I've filed:
https://bugs.openjdk.java.net/browse/JDK-8283577
to track.
It's possible an optimization might have been done using an in-place
en/decryption, but it should work.
By chance, do you have a simple reproducer handy? If not, we should be
able to
Hi,
In Netty we've been trying to design some safer APIs, and attempted to make
more use of read-only ByteBuffers.
We discovered that SSLEngine.unwrap does not like read-only input buffers,
even though the input buffers should in theory only be read from. We
obviously make sure that the output
24 matches
Mail list logo
