diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c index ed9d909e..5b34262a 100644 --- a/native/com_wolfssl_WolfSSLSession.c +++ b/native/com_wolfssl_WolfSSLSession.c @@ -1002,16 +1002,104 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_write } } -JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read - (JNIEnv* jenv, jobject jcl, jlong sslPtr, jbyteArray raw, jint offset, - jint length, jint timeout) +/** + * Read len bytes from wolfSSL_read() back into provided output buffer. + * + * Internal function called by WolfSSLSession.read() calls. + * + * If wolfSSL_get_fd(ssl) returns a socket descriptor, try to wait for + * data with select()/poll() up to provided timeout. + * + * Returns number of bytes read on success, or negative on error. + */ +static int SSLReadNonblockingWithSelectPoll(WOLFSSL* ssl, byte* out, + int length, int timeout) { - byte* data = NULL; - int size = 0, ret, err, sockfd; + int size, ret, err, sockfd; int pollRx = 0; int pollTx = 0; wolfSSL_Mutex* jniSessLock = NULL; SSLAppData* appData = NULL; + + if (ssl == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + /* get session mutex from SSL app data */ + appData = (SSLAppData*)wolfSSL_get_app_data(ssl); + if (appData == NULL) { + return WOLFSSL_FAILURE; + } + + jniSessLock = appData->jniSessLock; + if (jniSessLock == NULL) { + return WOLFSSL_FAILURE; + } + + do { + /* lock mutex around session I/O before read attempt */ + if (wc_LockMutex(jniSessLock) != 0) { + size = WOLFSSL_FAILURE; + break; + } + + size = wolfSSL_read(ssl, out, length); + err = wolfSSL_get_error(ssl, size); + + /* unlock mutex around session I/O after read attempt */ + if (wc_UnLockMutex(jniSessLock) != 0) { + size = WOLFSSL_FAILURE; + break; + } + + if (size < 0 && + ((err == SSL_ERROR_WANT_READ) || (err == SSL_ERROR_WANT_WRITE))) { + + sockfd = wolfSSL_get_fd(ssl); + if (sockfd == -1) { + /* For I/O that does not use sockets, sockfd may be -1, + * skip try to call select() */ + break; + } + + if (err == SSL_ERROR_WANT_READ) { + pollRx = 1; + } + else if (err == SSL_ERROR_WANT_WRITE) { + pollTx = 1; + } + + #if defined(WOLFJNI_USE_IO_SELECT) || defined(USE_WINDOWS_API) + ret = socketSelect(sockfd, timeout, pollRx); + #else + ret = socketPoll(sockfd, timeout, pollRx, pollTx); + #endif + if ((ret == WOLFJNI_IO_EVENT_RECV_READY) || + (ret == WOLFJNI_IO_EVENT_SEND_READY)) { + /* loop around and try wolfSSL_read() again */ + continue; + } else { + /* Java will throw SocketTimeoutException or + * SocketException if ret equals + * WOLFJNI_IO_EVENT_TIMEOUT, WOLFJNI_IO_EVENT_FD_CLOSED + * WOLFJNI_IO_EVENT_ERROR, WOLFJNI_IO_EVENT_POLLHUP or + * WOLFJNI_IO_EVENT_FAIL */ + size = ret; + break; + } + } + + } while (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ); + + return size; +} + +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__J_3BIII + (JNIEnv* jenv, jobject jcl, jlong sslPtr, jbyteArray raw, jint offset, + jint length, jint timeout) +{ + int size = 0; + byte* data = NULL; WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; (void)jcl; @@ -1027,79 +1115,178 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read return SSL_FAILURE; } - /* get session mutex from SSL app data */ - appData = (SSLAppData*)wolfSSL_get_app_data(ssl); - if (appData == NULL) { + size = SSLReadNonblockingWithSelectPoll(ssl, data + offset, + (int)length, (int)timeout); + + if (size < 0) { (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, - JNI_ABORT); - return WOLFSSL_FAILURE; + JNI_ABORT); } + else { + /* JNI_COMMIT commits the data but does not free the local array + * 0 is used here to both commit and free */ + (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, 0); + } + } - jniSessLock = appData->jniSessLock; - if (jniSessLock == NULL) { - (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, - JNI_ABORT); - return WOLFSSL_FAILURE; + return size; +} + +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__JLjava_nio_ByteBuffer_2II + (JNIEnv* jenv, jobject jcl, jlong sslPtr, jobject buf, jint length, jint timeout) +{ + int size = 0; + int maxOutputSz; + int outSz = length; + byte* data = NULL; + WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; + + jclass excClass; + jclass buffClass; + jmethodID positionMeth; + jmethodID limitMeth; + jmethodID hasArrayMeth; + jmethodID arrayMeth; + jmethodID setPositionMeth; + + jint position; + jint limit; + jboolean hasArray; + jbyteArray bufArr; + + (void)jcl; + + if (jenv == NULL || ssl == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + if (length > 0) { + /* Get WolfSSLException class */ + excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + return -1; } - do { - /* lock mutex around session I/O before read attempt */ - if (wc_LockMutex(jniSessLock) != 0) { - size = WOLFSSL_FAILURE; - break; - } + /* Get ByteBuffer class */ + buffClass = (*jenv)->GetObjectClass(jenv, buf); + if (buffClass == NULL) { + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer class in native read()"); + return -1; + } - size = wolfSSL_read(ssl, data + offset, length); - err = wolfSSL_get_error(ssl, size); + /* Get ByteBuffer position */ + positionMeth = (*jenv)->GetMethodID(jenv, buffClass, "position", "()I"); + if (positionMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer position() method in native read()"); + return -1; + } + position = (*jenv)->CallIntMethod(jenv, buf, positionMeth); - /* unlock mutex around session I/O after read attempt */ - if (wc_UnLockMutex(jniSessLock) != 0) { - size = WOLFSSL_FAILURE; - break; + /* Get ByteBuffer limit */ + limitMeth = (*jenv)->GetMethodID(jenv, buffClass, "limit", "()I"); + if (limitMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer limit() method in native read()"); + return -1; + } + limit = (*jenv)->CallIntMethod(jenv, buf, limitMeth); - if (size < 0 && ((err == SSL_ERROR_WANT_READ) || \ - (err == SSL_ERROR_WANT_WRITE))) { + /* Get and call ByteBuffer.hasArray() before calling array() */ + hasArrayMeth = (*jenv)->GetMethodID(jenv, buffClass, "hasArray", "()Z"); + if (hasArrayMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer hasArray() method in native read()"); + return -1; + } - sockfd = wolfSSL_get_fd(ssl); - if (sockfd == -1) { - /* For I/O that does not use sockets, sockfd may be -1, - * skip try to call select() */ - break; - } + /* ByteBuffer.hasArray() does not throw any exceptions */ + hasArray = (*jenv)->CallBooleanMethod(jenv, buf, hasArrayMeth); + if (!hasArray) { + (*jenv)->ThrowNew(jenv, excClass, + "ByteBuffer.hasArray() is false in native read()"); + return BAD_FUNC_ARG; + } - if (err == SSL_ERROR_WANT_READ) { - pollRx = 1; - } - else if (err == SSL_ERROR_WANT_WRITE) { - pollTx = 1; - } + /* Only read up to maximum space we have in this ByteBuffer */ + maxOutputSz = (limit - position); + if (outSz > maxOutputSz) { + outSz = maxOutputSz; + } - #if defined(WOLFJNI_USE_IO_SELECT) || defined(USE_WINDOWS_API) - ret = socketSelect(sockfd, (int)timeout, pollRx); - #else - ret = socketPoll(sockfd, (int)timeout, pollRx, pollTx); - #endif - if ((ret == WOLFJNI_IO_EVENT_RECV_READY) || - (ret == WOLFJNI_IO_EVENT_SEND_READY)) { - /* loop around and try wolfSSL_read() again */ - continue; - } else { - /* Java will throw SocketTimeoutException or - * SocketException if ret equals - * WOLFJNI_IO_EVENT_TIMEOUT, WOLFJNI_IO_EVENT_FD_CLOSED - * WOLFJNI_IO_EVENT_ERROR, WOLFJNI_IO_EVENT_POLLHUP or - * WOLFJNI_IO_EVENT_FAIL */ - size = ret; - break; - } + /* Get reference to underlying byte[] from ByteBuffer */ + arrayMeth = (*jenv)->GetMethodID(jenv, buffClass, "array", "()[B"); + if (arrayMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer array() method in native read()"); + return -1; + } + bufArr = (jbyteArray)(*jenv)->CallObjectMethod(jenv, buf, arrayMeth); - } while (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ); + /* Get array elements */ + data = (byte*)(*jenv)->GetByteArrayElements(jenv, bufArr, NULL); + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + (*jenv)->ThrowNew(jenv, excClass, + "Exception when calling ByteBuffer.array() in native read()"); + return -1; + } + + + if (data != NULL) { + size = SSLReadNonblockingWithSelectPoll(ssl, data + position, + maxOutputSz, (int)timeout); - /* JNI_COMMIT commits the data but does not free the local array - * 0 is used here to both commit and free */ - (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, 0); + /* Relase array elements */ + if (size < 0) { + (*jenv)->ReleaseByteArrayElements(jenv, bufArr, (jbyte*)data, + JNI_ABORT); + } + else { + /* JNI_COMMIT commits the data but does not free the local array + * 0 is used here to both commit and free */ + (*jenv)->ReleaseByteArrayElements(jenv, bufArr, + (jbyte*)data, 0); + + /* Update ByteBuffer position() based on bytes written */ + setPositionMeth = (*jenv)->GetMethodID(jenv, buffClass, + "position", "(I)Ljava/nio/Buffer;"); + if (setPositionMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to set ByteBuffer position() from " + "native read()"); + size = -1; + } + else { + (*jenv)->CallVoidMethod(jenv, buf, setPositionMeth, + position + size); + } + } + } } return size; diff --git a/native/com_wolfssl_WolfSSLSession.h b/native/com_wolfssl_WolfSSLSession.h index e7941971..639db768 100644 --- a/native/com_wolfssl_WolfSSLSession.h +++ b/native/com_wolfssl_WolfSSLSession.h @@ -100,9 +100,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_write * Method: read * Signature: (J[BIII)I */ -JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__J_3BIII (JNIEnv *, jobject, jlong, jbyteArray, jint, jint, jint); +/* + * Class: com_wolfssl_WolfSSLSession + * Method: read + * Signature: (JLjava/nio/ByteBuffer;II)I + */ +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__JLjava_nio_ByteBuffer_2II + (JNIEnv *, jobject, jlong, jobject, jint, jint); + /* * Class: com_wolfssl_WolfSSLSession * Method: accept diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java index cb5d2a05..659f1ce1 100644 --- a/src/java/com/wolfssl/WolfSSLSession.java +++ b/src/java/com/wolfssl/WolfSSLSession.java @@ -28,6 +28,7 @@ import java.net.SocketException; import java.net.SocketTimeoutException; import java.lang.StringBuilder; +import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import com.wolfssl.WolfSSLException; @@ -253,6 +254,8 @@ private native int write(long ssl, byte[] data, int offset, int length, int timeout); private native int read(long ssl, byte[] data, int offset, int sz, int timeout); + private native int read(long ssl, ByteBuffer data, int sz, int timeout) + throws WolfSSLException; private native int accept(long ssl, int timeout); private native void freeSSL(long ssl); private native int shutdownSSL(long ssl, int timeout); @@ -1112,6 +1115,86 @@ public int read(byte[] data, int offset, int sz, int timeout) return ret; } + /** + * Reads bytes from the SSL session and returns the read bytes into + * the provided ByteBuffer, using socket timeout value in milliseconds. + * + * The bytes read are removed from the internal receive buffer. + *
+ * If necessary, read()
will negotiate an SSL/TLS session
+ * if the handshake has not already been performed yet by connect()
+ *
or accept()
.
+ *
+ * The SSL/TLS protocol uses SSL records which have a maximum size of
+ * 16kB. As such, wolfSSL needs to read an entire SSL record internally
+ * before it is able to process and decrypt the record. Because of this,
+ * a call to read()
will only be able to return the
+ * maximum buffer size which has been decrypted at the time of calling.
+ * There may be additional not-yet-decrypted data waiting in the internal
+ * wolfSSL receive buffer which will be retrieved and decrypted with the
+ * next call to read()
.
+ *
+ * @param data ByteBuffer where the data read from the SSL connection
+ * will be placed. position() will be updated after this
+ * method writes data to the ByteBuffer.
+ * @param sz number of bytes to read into data
,
+ * may be adjusted to the maximum space in data if that is
+ * smaller than this size.
+ * @param timeout read timeout, milliseconds.
+ * @return the number of bytes read upon success. SSL_FAILURE
+ *
will be returned upon failure which may be caused
+ * by either a clean (close notify alert) shutdown or just
+ * that the peer closed the connection.
+ * SSL_FATAL_ERROR
upon failure when either an error
+ * occurred or, when using non-blocking sockets, the
+ * SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE
+ * error was received and the application needs to call
+ * read()
again. Use getError
to
+ * get a specific error code.
+ * BAD_FUNC_ARC
when bad arguments are used.
+ * @throws IllegalStateException WolfSSLContext has been freed
+ * @throws SocketTimeoutException if socket timeout occurs
+ * @throws SocketException Native socket select/poll() failed
+ */
+ public int read(ByteBuffer data, int sz, int timeout)
+ throws IllegalStateException, SocketTimeoutException, SocketException {
+
+ int ret;
+ long localPtr;
+
+ confirmObjectIsActive();
+
+ /* Fix for Infer scan, since not synchronizing on sslLock for
+ * access to this.sslPtr, see note below */
+ synchronized (sslLock) {
+ localPtr = this.sslPtr;
+ }
+
+ WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
+ WolfSSLDebug.INFO, localPtr, "entered read(ByteBuffer, " +
+ "sz: " + sz + ", timeout: " + timeout + ")");
+
+ /* not synchronizing on sslLock here since JNI read() locks
+ * session mutex around native wolfSSL_read() call. If sslLock
+ * is locked here, since we call select() inside native JNI we
+ * could timeout waiting for corresponding write() operation to
+ * occur if needed */
+ try {
+ ret = read(localPtr, data, sz, timeout);
+ } catch (WolfSSLException e) {
+ /* JNI code may throw WolfSSLException on JNI specific errors */
+ throw new SocketException(e.getMessage());
+ }
+
+ WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI,
+ WolfSSLDebug.INFO, localPtr, "read() ret: " + ret +
+ ", err: " + getError(ret));
+
+ throwExceptionFromIOReturnValue(ret, "wolfSSL_read()");
+
+ return ret;
+ }
+
/**
* Waits for an SSL client to initiate the SSL/TLS handshake.
* This method is called on the server side. When it is called, the
diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
index 8091c293..7f6a4573 100644
--- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
+++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
@@ -818,15 +818,23 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
int ret = 0;
int idx = 0; /* index into out[] array */
int err = 0;
- byte[] tmp;
+ byte[] tmp = null;
- /* create read buffer of max output size */
+ /* Calculate maximum output size across ByteBuffer arrays */
maxOutSz = getTotalOutputSize(out, ofst, length);
- tmp = new byte[maxOutSz];
synchronized (ioLock) {
try {
- ret = this.ssl.read(tmp, maxOutSz);
+ /* If we only have one ByteBuffer, skip allocating
+ * separate intermediate byte[] and write directly to underlying
+ * ByteBuffer array */
+ if (out.length == 1) {
+ ret = this.ssl.read(out[0], maxOutSz, 0);
+ }
+ else {
+ tmp = new byte[maxOutSz];
+ ret = this.ssl.read(tmp, maxOutSz);
+ }
} catch (SocketTimeoutException | SocketException e) {
throw new SSLException(e);
}
@@ -883,27 +891,32 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length)
}
}
else {
- /* write processed data into output buffers */
- for (i = 0; i < ret;) {
- if (idx + ofst >= length) {
- /* no more output buffers left */
- break;
- }
+ if (out.length == 1) {
+ totalRead = ret;
+ }
+ else {
+ /* write processed data into output buffers */
+ for (i = 0; i < ret;) {
+ if (idx + ofst >= length) {
+ /* no more output buffers left */
+ break;
+ }
- bufSpace = out[idx + ofst].remaining();
- if (bufSpace == 0) {
- /* no more space in current out buffer, advance */
- idx++;
- continue;
- }
+ bufSpace = out[idx + ofst].remaining();
+ if (bufSpace == 0) {
+ /* no more space in current out buffer, advance */
+ idx++;
+ continue;
+ }
- sz = (bufSpace >= (ret - i)) ? (ret - i) : bufSpace;
- out[idx + ofst].put(tmp, i, sz);
- i += sz;
- totalRead += sz;
+ sz = (bufSpace >= (ret - i)) ? (ret - i) : bufSpace;
+ out[idx + ofst].put(tmp, i, sz);
+ i += sz;
+ totalRead += sz;
- if ((ret - i) > 0) {
- idx++; /* go to next output buffer */
+ if ((ret - i) > 0) {
+ idx++; /* go to next output buffer */
+ }
}
}
}