8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"

[djelinski]

This patch fixes the issue where a thread doing SSLSocket.close() could destroy the read cipher while it was used by another thread doing SSLSocket.read().

The reported issue was triggered by SSLSocket.close() calling inputRecord.close() -> readCipher.dispose() -> cipher.doFinal() on an AES/GCM cipher between updateAAD and doFinal; this changed the cipher state and caused the doFinal call to fail.

The issue for AES/GCM (and all other AEAD ciphers) was fixed by JDK-8294848; this patch addresses the non-AEAD ciphers.

Tier1-3 clean. Also, no failures after 1200 repetitions of NoInvalidateSocketException.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"

Reviewers

• Jamil Nimeh (@jnimeh - Reviewer)
• Xue-Lei Andrew Fan (@XueleiFan - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/10657/head:pull/10657
$ git checkout pull/10657

Update a local copy of the PR:
$ git checkout pull/10657
$ git pull https://git.openjdk.org/jdk pull/10657/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 10657

View PR using the GUI difftool:
$ git pr show -t 10657

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/10657.diff

[bridgekeeper]

👋 Welcome back djelinski! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@djelinski The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (c518ab09)
• 00: Full (be7d6ae1)

[jnimeh]

Overall the changes look clean. Thanks for taking care of this. A couple notes:

• Per our side discussion, can you please remove noreg-self from the bug and add this bug ID to NoInvalidateSocketException.java
• Can you please do a large-iteration run on test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java

I'll approve once that multi-iteration run comes back clean.

[djelinski]

Bug ID added, JBS updated.
Finished running 1200 iterations (300*4 platforms) of test/jdk/sun/security/ssl/SSLSocketImpl/ClientSocketCloseHang.java, all passed.

[jnimeh]

Thanks for doing that additional focused test on the other closure/read specific test. This looks good to me.

[openjdk]

@djelinski This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"

Reviewed-by: jnimeh, xuelei

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 15 new commits pushed to the master branch:

• 3a980b9: 8295168: Remove superfluous period in @throws tag description
• 9bb932c: 8295154: Documentation for RemoteExecutionControl.invoke(Method) inherits non-existent documentation
• 945950d: 8295069: [PPC64] Performance regression after JDK-8290025
• d362e16: 8294689: The SA transported_core.html file needs quite a bit of work
• 07946aa: 8289552: Make intrinsic conversions between bit representations of half precision values and floats
• 2586b1a: 8295155: Incorrect javadoc of java.base module
• e1a77cf: 8295163: Remove old hsdis Makefile
• 3c7ae12: 8294821: Class load improvement for AES crypto engine
• 619cd82: 8294702: BufferedInputStream uses undefined value range for markpos
• 9d0009e: 6777156: GTK L&F: JFileChooser can jump beyond root directory in combobox and selection textarea.
• ... and 5 more: https://git.openjdk.org/jdk/compare/fe70487d0bc53149150c23d39287d9856c5a0e95...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[djelinski]

/integrate

[openjdk]

Going to push as commit d125265.
Since your change was applied there have been 34 commits pushed to the master branch:

• 0475c34: 8292386: jvmti/thread/SuspendThread/suspendthrd03 failed with "FAIL: Status is 2"
• 760a260: 8295213: Run GHA manually with user-specified make and configure arguments
• 8402260: 8295198: Update more openjdk.java.net => openjdk.org URLs
• c357b59: 8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals"
• 8607842: 8295205: Add jcheck whitespace checking for markdown files
• cb62f1c: 8295218: New KeepAliveTest.java has invalid copyright notice
• 9cf6651: 8294238: ZGC: Move CLD claimed mark clearing
• adaff7d: 8294900: Refactor ZObjArrayAllocator
• 86ec158: 8291226: Create Test Cases to cover scenarios for JDK-8278067
• 94ec729: 8263044: jdk/jfr/jvm/TestDumpOnCrash.java timed out
• ... and 24 more: https://git.openjdk.org/jdk/compare/fe70487d0bc53149150c23d39287d9856c5a0e95...master

Your commit was automatically rebased without conflicts.

[openjdk]

@djelinski Pushed as commit d125265.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.