diff --git a/native/com_wolfssl_WolfSSLSession.c b/native/com_wolfssl_WolfSSLSession.c index ed9d909e..5b34262a 100644 --- a/native/com_wolfssl_WolfSSLSession.c +++ b/native/com_wolfssl_WolfSSLSession.c @@ -1002,16 +1002,104 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_write } } -JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read - (JNIEnv* jenv, jobject jcl, jlong sslPtr, jbyteArray raw, jint offset, - jint length, jint timeout) +/** + * Read len bytes from wolfSSL_read() back into provided output buffer. + * + * Internal function called by WolfSSLSession.read() calls. + * + * If wolfSSL_get_fd(ssl) returns a socket descriptor, try to wait for + * data with select()/poll() up to provided timeout. + * + * Returns number of bytes read on success, or negative on error. + */ +static int SSLReadNonblockingWithSelectPoll(WOLFSSL* ssl, byte* out, + int length, int timeout) { - byte* data = NULL; - int size = 0, ret, err, sockfd; + int size, ret, err, sockfd; int pollRx = 0; int pollTx = 0; wolfSSL_Mutex* jniSessLock = NULL; SSLAppData* appData = NULL; + + if (ssl == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + /* get session mutex from SSL app data */ + appData = (SSLAppData*)wolfSSL_get_app_data(ssl); + if (appData == NULL) { + return WOLFSSL_FAILURE; + } + + jniSessLock = appData->jniSessLock; + if (jniSessLock == NULL) { + return WOLFSSL_FAILURE; + } + + do { + /* lock mutex around session I/O before read attempt */ + if (wc_LockMutex(jniSessLock) != 0) { + size = WOLFSSL_FAILURE; + break; + } + + size = wolfSSL_read(ssl, out, length); + err = wolfSSL_get_error(ssl, size); + + /* unlock mutex around session I/O after read attempt */ + if (wc_UnLockMutex(jniSessLock) != 0) { + size = WOLFSSL_FAILURE; + break; + } + + if (size < 0 && + ((err == SSL_ERROR_WANT_READ) || (err == SSL_ERROR_WANT_WRITE))) { + + sockfd = wolfSSL_get_fd(ssl); + if (sockfd == -1) { + /* For I/O that does not use sockets, sockfd may be -1, + * skip try to call select() */ + break; + } + + if (err == SSL_ERROR_WANT_READ) { + pollRx = 1; + } + else if (err == SSL_ERROR_WANT_WRITE) { + pollTx = 1; + } + + #if defined(WOLFJNI_USE_IO_SELECT) || defined(USE_WINDOWS_API) + ret = socketSelect(sockfd, timeout, pollRx); + #else + ret = socketPoll(sockfd, timeout, pollRx, pollTx); + #endif + if ((ret == WOLFJNI_IO_EVENT_RECV_READY) || + (ret == WOLFJNI_IO_EVENT_SEND_READY)) { + /* loop around and try wolfSSL_read() again */ + continue; + } else { + /* Java will throw SocketTimeoutException or + * SocketException if ret equals + * WOLFJNI_IO_EVENT_TIMEOUT, WOLFJNI_IO_EVENT_FD_CLOSED + * WOLFJNI_IO_EVENT_ERROR, WOLFJNI_IO_EVENT_POLLHUP or + * WOLFJNI_IO_EVENT_FAIL */ + size = ret; + break; + } + } + + } while (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ); + + return size; +} + +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__J_3BIII + (JNIEnv* jenv, jobject jcl, jlong sslPtr, jbyteArray raw, jint offset, + jint length, jint timeout) +{ + int size = 0; + byte* data = NULL; WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; (void)jcl; @@ -1027,79 +1115,178 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read return SSL_FAILURE; } - /* get session mutex from SSL app data */ - appData = (SSLAppData*)wolfSSL_get_app_data(ssl); - if (appData == NULL) { + size = SSLReadNonblockingWithSelectPoll(ssl, data + offset, + (int)length, (int)timeout); + + if (size < 0) { (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, - JNI_ABORT); - return WOLFSSL_FAILURE; + JNI_ABORT); } + else { + /* JNI_COMMIT commits the data but does not free the local array + * 0 is used here to both commit and free */ + (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, 0); + } + } - jniSessLock = appData->jniSessLock; - if (jniSessLock == NULL) { - (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, - JNI_ABORT); - return WOLFSSL_FAILURE; + return size; +} + +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__JLjava_nio_ByteBuffer_2II + (JNIEnv* jenv, jobject jcl, jlong sslPtr, jobject buf, jint length, jint timeout) +{ + int size = 0; + int maxOutputSz; + int outSz = length; + byte* data = NULL; + WOLFSSL* ssl = (WOLFSSL*)(uintptr_t)sslPtr; + + jclass excClass; + jclass buffClass; + jmethodID positionMeth; + jmethodID limitMeth; + jmethodID hasArrayMeth; + jmethodID arrayMeth; + jmethodID setPositionMeth; + + jint position; + jint limit; + jboolean hasArray; + jbyteArray bufArr; + + (void)jcl; + + if (jenv == NULL || ssl == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + if (length > 0) { + /* Get WolfSSLException class */ + excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLException"); + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + return -1; } - do { - /* lock mutex around session I/O before read attempt */ - if (wc_LockMutex(jniSessLock) != 0) { - size = WOLFSSL_FAILURE; - break; - } + /* Get ByteBuffer class */ + buffClass = (*jenv)->GetObjectClass(jenv, buf); + if (buffClass == NULL) { + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer class in native read()"); + return -1; + } - size = wolfSSL_read(ssl, data + offset, length); - err = wolfSSL_get_error(ssl, size); + /* Get ByteBuffer position */ + positionMeth = (*jenv)->GetMethodID(jenv, buffClass, "position", "()I"); + if (positionMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer position() method in native read()"); + return -1; + } + position = (*jenv)->CallIntMethod(jenv, buf, positionMeth); - /* unlock mutex around session I/O after read attempt */ - if (wc_UnLockMutex(jniSessLock) != 0) { - size = WOLFSSL_FAILURE; - break; + /* Get ByteBuffer limit */ + limitMeth = (*jenv)->GetMethodID(jenv, buffClass, "limit", "()I"); + if (limitMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer limit() method in native read()"); + return -1; + } + limit = (*jenv)->CallIntMethod(jenv, buf, limitMeth); - if (size < 0 && ((err == SSL_ERROR_WANT_READ) || \ - (err == SSL_ERROR_WANT_WRITE))) { + /* Get and call ByteBuffer.hasArray() before calling array() */ + hasArrayMeth = (*jenv)->GetMethodID(jenv, buffClass, "hasArray", "()Z"); + if (hasArrayMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer hasArray() method in native read()"); + return -1; + } - sockfd = wolfSSL_get_fd(ssl); - if (sockfd == -1) { - /* For I/O that does not use sockets, sockfd may be -1, - * skip try to call select() */ - break; - } + /* ByteBuffer.hasArray() does not throw any exceptions */ + hasArray = (*jenv)->CallBooleanMethod(jenv, buf, hasArrayMeth); + if (!hasArray) { + (*jenv)->ThrowNew(jenv, excClass, + "ByteBuffer.hasArray() is false in native read()"); + return BAD_FUNC_ARG; + } - if (err == SSL_ERROR_WANT_READ) { - pollRx = 1; - } - else if (err == SSL_ERROR_WANT_WRITE) { - pollTx = 1; - } + /* Only read up to maximum space we have in this ByteBuffer */ + maxOutputSz = (limit - position); + if (outSz > maxOutputSz) { + outSz = maxOutputSz; + } - #if defined(WOLFJNI_USE_IO_SELECT) || defined(USE_WINDOWS_API) - ret = socketSelect(sockfd, (int)timeout, pollRx); - #else - ret = socketPoll(sockfd, (int)timeout, pollRx, pollTx); - #endif - if ((ret == WOLFJNI_IO_EVENT_RECV_READY) || - (ret == WOLFJNI_IO_EVENT_SEND_READY)) { - /* loop around and try wolfSSL_read() again */ - continue; - } else { - /* Java will throw SocketTimeoutException or - * SocketException if ret equals - * WOLFJNI_IO_EVENT_TIMEOUT, WOLFJNI_IO_EVENT_FD_CLOSED - * WOLFJNI_IO_EVENT_ERROR, WOLFJNI_IO_EVENT_POLLHUP or - * WOLFJNI_IO_EVENT_FAIL */ - size = ret; - break; - } + /* Get reference to underlying byte[] from ByteBuffer */ + arrayMeth = (*jenv)->GetMethodID(jenv, buffClass, "array", "()[B"); + if (arrayMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to find ByteBuffer array() method in native read()"); + return -1; + } + bufArr = (jbyteArray)(*jenv)->CallObjectMethod(jenv, buf, arrayMeth); - } while (err == SSL_ERROR_WANT_WRITE || err == SSL_ERROR_WANT_READ); + /* Get array elements */ + data = (byte*)(*jenv)->GetByteArrayElements(jenv, bufArr, NULL); + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + (*jenv)->ThrowNew(jenv, excClass, + "Exception when calling ByteBuffer.array() in native read()"); + return -1; + } + + + if (data != NULL) { + size = SSLReadNonblockingWithSelectPoll(ssl, data + position, + maxOutputSz, (int)timeout); - /* JNI_COMMIT commits the data but does not free the local array - * 0 is used here to both commit and free */ - (*jenv)->ReleaseByteArrayElements(jenv, raw, (jbyte*)data, 0); + /* Relase array elements */ + if (size < 0) { + (*jenv)->ReleaseByteArrayElements(jenv, bufArr, (jbyte*)data, + JNI_ABORT); + } + else { + /* JNI_COMMIT commits the data but does not free the local array + * 0 is used here to both commit and free */ + (*jenv)->ReleaseByteArrayElements(jenv, bufArr, + (jbyte*)data, 0); + + /* Update ByteBuffer position() based on bytes written */ + setPositionMeth = (*jenv)->GetMethodID(jenv, buffClass, + "position", "(I)Ljava/nio/Buffer;"); + if (setPositionMeth == NULL) { + if ((*jenv)->ExceptionOccurred(jenv)) { + (*jenv)->ExceptionDescribe(jenv); + (*jenv)->ExceptionClear(jenv); + } + (*jenv)->ThrowNew(jenv, excClass, + "Failed to set ByteBuffer position() from " + "native read()"); + size = -1; + } + else { + (*jenv)->CallVoidMethod(jenv, buf, setPositionMeth, + position + size); + } + } + } } return size; diff --git a/native/com_wolfssl_WolfSSLSession.h b/native/com_wolfssl_WolfSSLSession.h index e7941971..639db768 100644 --- a/native/com_wolfssl_WolfSSLSession.h +++ b/native/com_wolfssl_WolfSSLSession.h @@ -100,9 +100,17 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_write * Method: read * Signature: (J[BIII)I */ -JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__J_3BIII (JNIEnv *, jobject, jlong, jbyteArray, jint, jint, jint); +/* + * Class: com_wolfssl_WolfSSLSession + * Method: read + * Signature: (JLjava/nio/ByteBuffer;II)I + */ +JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLSession_read__JLjava_nio_ByteBuffer_2II + (JNIEnv *, jobject, jlong, jobject, jint, jint); + /* * Class: com_wolfssl_WolfSSLSession * Method: accept diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java index cb5d2a05..659f1ce1 100644 --- a/src/java/com/wolfssl/WolfSSLSession.java +++ b/src/java/com/wolfssl/WolfSSLSession.java @@ -28,6 +28,7 @@ import java.net.SocketException; import java.net.SocketTimeoutException; import java.lang.StringBuilder; +import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import com.wolfssl.WolfSSLException; @@ -253,6 +254,8 @@ private native int write(long ssl, byte[] data, int offset, int length, int timeout); private native int read(long ssl, byte[] data, int offset, int sz, int timeout); + private native int read(long ssl, ByteBuffer data, int sz, int timeout) + throws WolfSSLException; private native int accept(long ssl, int timeout); private native void freeSSL(long ssl); private native int shutdownSSL(long ssl, int timeout); @@ -1112,6 +1115,86 @@ public int read(byte[] data, int offset, int sz, int timeout) return ret; } + /** + * Reads bytes from the SSL session and returns the read bytes into + * the provided ByteBuffer, using socket timeout value in milliseconds. + * + * The bytes read are removed from the internal receive buffer. + *

+ * If necessary, read() will negotiate an SSL/TLS session + * if the handshake has not already been performed yet by connect() + * or accept(). + *

+ * The SSL/TLS protocol uses SSL records which have a maximum size of + * 16kB. As such, wolfSSL needs to read an entire SSL record internally + * before it is able to process and decrypt the record. Because of this, + * a call to read() will only be able to return the + * maximum buffer size which has been decrypted at the time of calling. + * There may be additional not-yet-decrypted data waiting in the internal + * wolfSSL receive buffer which will be retrieved and decrypted with the + * next call to read(). + * + * @param data ByteBuffer where the data read from the SSL connection + * will be placed. position() will be updated after this + * method writes data to the ByteBuffer. + * @param sz number of bytes to read into data, + * may be adjusted to the maximum space in data if that is + * smaller than this size. + * @param timeout read timeout, milliseconds. + * @return the number of bytes read upon success. SSL_FAILURE + * will be returned upon failure which may be caused + * by either a clean (close notify alert) shutdown or just + * that the peer closed the connection. + * SSL_FATAL_ERROR upon failure when either an error + * occurred or, when using non-blocking sockets, the + * SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE + * error was received and the application needs to call + * read() again. Use getError to + * get a specific error code. + * BAD_FUNC_ARC when bad arguments are used. + * @throws IllegalStateException WolfSSLContext has been freed + * @throws SocketTimeoutException if socket timeout occurs + * @throws SocketException Native socket select/poll() failed + */ + public int read(ByteBuffer data, int sz, int timeout) + throws IllegalStateException, SocketTimeoutException, SocketException { + + int ret; + long localPtr; + + confirmObjectIsActive(); + + /* Fix for Infer scan, since not synchronizing on sslLock for + * access to this.sslPtr, see note below */ + synchronized (sslLock) { + localPtr = this.sslPtr; + } + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "entered read(ByteBuffer, " + + "sz: " + sz + ", timeout: " + timeout + ")"); + + /* not synchronizing on sslLock here since JNI read() locks + * session mutex around native wolfSSL_read() call. If sslLock + * is locked here, since we call select() inside native JNI we + * could timeout waiting for corresponding write() operation to + * occur if needed */ + try { + ret = read(localPtr, data, sz, timeout); + } catch (WolfSSLException e) { + /* JNI code may throw WolfSSLException on JNI specific errors */ + throw new SocketException(e.getMessage()); + } + + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, localPtr, "read() ret: " + ret + + ", err: " + getError(ret)); + + throwExceptionFromIOReturnValue(ret, "wolfSSL_read()"); + + return ret; + } + /** * Waits for an SSL client to initiate the SSL/TLS handshake. * This method is called on the server side. When it is called, the diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java index 8091c293..7f6a4573 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java @@ -818,15 +818,23 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length) int ret = 0; int idx = 0; /* index into out[] array */ int err = 0; - byte[] tmp; + byte[] tmp = null; - /* create read buffer of max output size */ + /* Calculate maximum output size across ByteBuffer arrays */ maxOutSz = getTotalOutputSize(out, ofst, length); - tmp = new byte[maxOutSz]; synchronized (ioLock) { try { - ret = this.ssl.read(tmp, maxOutSz); + /* If we only have one ByteBuffer, skip allocating + * separate intermediate byte[] and write directly to underlying + * ByteBuffer array */ + if (out.length == 1) { + ret = this.ssl.read(out[0], maxOutSz, 0); + } + else { + tmp = new byte[maxOutSz]; + ret = this.ssl.read(tmp, maxOutSz); + } } catch (SocketTimeoutException | SocketException e) { throw new SSLException(e); } @@ -883,27 +891,32 @@ private synchronized int RecvAppData(ByteBuffer[] out, int ofst, int length) } } else { - /* write processed data into output buffers */ - for (i = 0; i < ret;) { - if (idx + ofst >= length) { - /* no more output buffers left */ - break; - } + if (out.length == 1) { + totalRead = ret; + } + else { + /* write processed data into output buffers */ + for (i = 0; i < ret;) { + if (idx + ofst >= length) { + /* no more output buffers left */ + break; + } - bufSpace = out[idx + ofst].remaining(); - if (bufSpace == 0) { - /* no more space in current out buffer, advance */ - idx++; - continue; - } + bufSpace = out[idx + ofst].remaining(); + if (bufSpace == 0) { + /* no more space in current out buffer, advance */ + idx++; + continue; + } - sz = (bufSpace >= (ret - i)) ? (ret - i) : bufSpace; - out[idx + ofst].put(tmp, i, sz); - i += sz; - totalRead += sz; + sz = (bufSpace >= (ret - i)) ? (ret - i) : bufSpace; + out[idx + ofst].put(tmp, i, sz); + i += sz; + totalRead += sz; - if ((ret - i) > 0) { - idx++; /* go to next output buffer */ + if ((ret - i) > 0) { + idx++; /* go to next output buffer */ + } } } }