[
https://issues.apache.org/jira/browse/PROTON-2736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17722599#comment-17722599
]
ASF subversion and git services commented on PROTON-2736:
---------------------------------------------------------
Commit 939a48f420aa4c68123132d582c7217625e20d38 in qpid-proton's branch
refs/heads/main from Clifford Jansen
[ https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=939a48f42 ]
PROTON-2736: tls library - catch unblocking of decrypt stream for processed
non-application records
> TLS OpenSSL library: hang with large application data frames
> ------------------------------------------------------------
>
> Key: PROTON-2736
> URL: https://issues.apache.org/jira/browse/PROTON-2736
> Project: Qpid Proton
> Issue Type: Bug
> Components: proton-c
> Affects Versions: proton-c-0.38.0
> Reporter: Clifford Jansen
> Assignee: Clifford Jansen
> Priority: Major
>
> OpenSSL maintains a buffer large enough for the largest possible TLS protocol
> record + 1K. The Proton TLS decrypt loop is unaware of record boundaries and
> repeatedly adds encrypted bytes at one end and takes out decrypted bytes at
> the other, stopping when there is no more to decrypt or no more application
> buffer space to move decrypted content into.
> It also tests if there are remaining decrypted bytes available should the
> application provide additional buffers. This test can fail in the case that
> the OpenSSL buffer is completely filled with:
> handshake record > 1K followed by
> partial max sized application data record
> The SSL_peek operation will not see any application data and Proton
> "remembers" the full buffer without allowing that the handshake record has
> been processed and the buffer is no longer full.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
