andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Revert JDK GCM direct buffer crash workaround

Browse Source 
Motivation:
Commit 108dc23cab13eea074397f0ade80859da4744323 introduced a workaround due to a JDK crash when GCM cipher was used during an unwrap operation. Attempting to reproduce this issue with the latest JDK (1.8.0_72-b15) demonstrate that this issue no longer exists while it can be reliably reproduced on earlier JDKs (1.8.0_25-b17 and earlier)

Modifications:
- Remove the copy-to-heap-buffer workaround for JDK engine

Result:
Fixes https://github.com/netty/netty/issues/3256
This commit is contained in:
Scott Mitchell 2016-02-10 15:43:51 -08:00 committed by Norman Maurer
parent 0b1c82b254
commit 839e2ca508
1 changed files with 1 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
handler/src/main/java/io/netty/handler/ssl/SslHandler.java
View File

@ -214,12 +214,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
* </p> * </p>
*/ */
private final boolean wantsLargeOutboundNetworkBuffer; private final boolean wantsLargeOutboundNetworkBuffer;
/**
* {@code true} if and only if {@link SSLEngine#unwrap(ByteBuffer, ByteBuffer)} expects a heap buffer rather than
* a direct buffer. For an unknown reason, JDK8 SSLEngine causes JVM to crash when its cipher suite uses Galois
* Counter Mode (GCM).
*/
private boolean wantsInboundHeapBuffer;
// END Platform-dependent flags // END Platform-dependent flags
@ -898,19 +892,7 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
// See https://github.com/netty/netty/issues/1534 // See https://github.com/netty/netty/issues/1534
in.skipBytes(totalLength); in.skipBytes(totalLength);
decoded = unwrap(ctx, in, startOffset, totalLength);
// If SSLEngine expects a heap buffer for unwrapping, do the conversion.
if (in.isDirect() && wantsInboundHeapBuffer) {
ByteBuf copy = ctx.alloc().heapBuffer(totalLength);
try {
copy.writeBytes(in, startOffset, totalLength);
decoded = unwrap(ctx, copy, 0, totalLength);
} finally {
copy.release();
}
} else {
decoded = unwrap(ctx, in, startOffset, totalLength);
}
if (!firedChannelRead) { if (!firedChannelRead) {
// Check first if firedChannelRead is not set yet as it may have been set in a // Check first if firedChannelRead is not set yet as it may have been set in a
@ -1189,12 +1171,6 @@ public class SslHandler extends ByteToMessageDecoder implements ChannelOutboundH
* Notify all the handshake futures about the successfully handshake * Notify all the handshake futures about the successfully handshake
*/ */
private void setHandshakeSuccess() { private void setHandshakeSuccess() {
// Work around the JVM crash which occurs when a cipher suite with GCM enabled.
final String cipherSuite = String.valueOf(engine.getSession().getCipherSuite());
if (!wantsDirectBuffer && (cipherSuite.contains("_GCM_") || cipherSuite.contains("-GCM-"))) {
wantsInboundHeapBuffer = true;
}
handshakePromise.trySuccess(ctx.channel()); handshakePromise.trySuccess(ctx.channel());
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {