Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2736

TLS OpenSSL library: hang with large application data frames

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • proton-c-0.38.0
    • proton-c-0.39.0
    • proton-c
    • None

    Description

      OpenSSL maintains a buffer large enough for the largest possible TLS protocol record + 1K.  The Proton TLS decrypt loop is unaware of record boundaries and repeatedly adds encrypted bytes at one end and takes out decrypted bytes at the other, stopping when there is no more to decrypt or no more application buffer space to move decrypted content into.

      It also tests if there are remaining decrypted bytes available should the application provide additional buffers.  This test can fail in the case that the OpenSSL buffer is completely filled with:

       handshake record > 1K followed by
       partial max sized application data record

      The SSL_peek operation will not see any application data and Proton "remembers" the full buffer without allowing that the handshake record has been processed and the buffer is no longer full.

      Attachments

        Activity

          People

            cliffjansen Clifford Jansen
            cliffjansen Clifford Jansen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: