tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [tomcat] branch 8.5.x updated: Refactor read and write methods
Date Mon, 15 Mar 2021 09:34:47 GMT
This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 3caab53  Refactor read and write methods
3caab53 is described below

commit 3caab53c8e48e9d9fc680f696c42f90461676482
Author: remm <remm@apache.org>
AuthorDate: Mon Mar 15 10:31:58 2021 +0100

    Refactor read and write methods
    
    Remove static to allow including the OpenSSL call error checking on all
    <= 0 results, as this is much less error prone this way.
---
 .../tomcat/util/net/openssl/OpenSSLEngine.java     | 55 +++++++++++++---------
 1 file changed, 32 insertions(+), 23 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 99720f3..a12074a 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -234,8 +234,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
      * Write plain text data to the OpenSSL internal BIO
      *
      * Calling this function with src.remaining == 0 is undefined.
+     * @throws SSLException if the OpenSSL error check fails
      */
-    private static int writePlaintextData(final long ssl, final ByteBuffer src) {
+    private int writePlaintextData(final long ssl, final ByteBuffer src) throws SSLException
{
+        clearLastError();
         final int pos = src.position();
         final int limit = src.limit();
         final int len = Math.min(limit - pos, MAX_PLAINTEXT_LENGTH);
@@ -244,6 +246,9 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
         if (src.isDirect()) {
             final long addr = Buffer.address(src) + pos;
             sslWrote = SSL.writeToSSL(ssl, addr, len);
+            if (sslWrote <= 0) {
+                checkLastError();
+            }
             if (sslWrote >= 0) {
                 src.position(pos + sslWrote);
                 return sslWrote;
@@ -259,6 +264,9 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                 src.limit(limit);
 
                 sslWrote = SSL.writeToSSL(ssl, addr, len);
+                if (sslWrote <= 0) {
+                    checkLastError();
+                }
                 if (sslWrote >= 0) {
                     src.position(pos + sslWrote);
                     return sslWrote;
@@ -277,13 +285,18 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
 
     /**
      * Write encrypted data to the OpenSSL network BIO.
+     * @throws SSLException if the OpenSSL error check fails
      */
-    private static int writeEncryptedData(final long networkBIO, final ByteBuffer src) {
+    private int writeEncryptedData(final long networkBIO, final ByteBuffer src) throws SSLException
{
+        clearLastError();
         final int pos = src.position();
         final int len = src.remaining();
         if (src.isDirect()) {
             final long addr = Buffer.address(src) + pos;
             final int netWrote = SSL.writeToBIO(networkBIO, addr, len);
+            if (netWrote <= 0) {
+                checkLastError();
+            }
             if (netWrote >= 0) {
                 src.position(pos + netWrote);
                 return netWrote;
@@ -296,6 +309,9 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                 buf.put(src);
 
                 final int netWrote = SSL.writeToBIO(networkBIO, addr, len);
+                if (netWrote <= 0) {
+                    checkLastError();
+                }
                 if (netWrote >= 0) {
                     src.position(pos + netWrote);
                     return netWrote;
@@ -313,8 +329,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
 
     /**
      * Read plain text data from the OpenSSL internal BIO
+     * @throws SSLException if the OpenSSL error check fails
      */
-    private static int readPlaintextData(final long ssl, final ByteBuffer dst) {
+    private int readPlaintextData(final long ssl, final ByteBuffer dst) throws SSLException
{
+        clearLastError();
         if (dst.isDirect()) {
             final int pos = dst.position();
             final long addr = Buffer.address(dst) + pos;
@@ -323,6 +341,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
             if (sslRead > 0) {
                 dst.position(pos + sslRead);
                 return sslRead;
+            } else {
+                checkLastError();
             }
         } else {
             final int pos = dst.position();
@@ -339,6 +359,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                     dst.put(buf);
                     dst.limit(limit);
                     return sslRead;
+                } else {
+                    checkLastError();
                 }
             } finally {
                 buf.clear();
@@ -351,8 +373,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
 
     /**
      * Read encrypted data from the OpenSSL network BIO
+     * @throws SSLException if the OpenSSL error check fails
      */
-    private static int readEncryptedData(final long networkBIO, final ByteBuffer dst, final
int pending) {
+    private int readEncryptedData(final long networkBIO, final ByteBuffer dst, final int
pending) throws SSLException {
+        clearLastError();
         if (dst.isDirect() && dst.remaining() >= pending) {
             final int pos = dst.position();
             final long addr = Buffer.address(dst) + pos;
@@ -360,6 +384,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
             if (bioRead > 0) {
                 dst.position(pos + bioRead);
                 return bioRead;
+            } else {
+                checkLastError();
             }
         } else {
             final ByteBuffer buf = ByteBuffer.allocateDirect(pending);
@@ -374,6 +400,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                     dst.put(buf);
                     dst.limit(oldLimit);
                     return bioRead;
+                } else {
+                    checkLastError();
                 }
             } finally {
                 buf.clear();
@@ -430,16 +458,12 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                 return new SSLEngineResult(SSLEngineResult.Status.BUFFER_OVERFLOW, handshakeStatus,
0, 0);
             }
 
-            clearLastError();
             // Write the pending data from the network BIO into the dst buffer
             try {
                 bytesProduced = readEncryptedData(networkBIO, dst, pendingNet);
             } catch (Exception e) {
                 throw new SSLException(e);
             }
-            if (bytesProduced == 0) {
-                checkLastError();
-            }
 
             // If isOutboundDone is set, then the data from the network BIO
             // was the close_notify message -- we are not required to wait
@@ -461,16 +485,12 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
             }
             while (src.hasRemaining()) {
 
-                clearLastError();
                 // Write plain text application data to the SSL engine
                 try {
                     bytesConsumed += writePlaintextData(ssl, src);
                 } catch (Exception e) {
                     throw new SSLException(e);
                 }
-                if (bytesConsumed == 0) {
-                    checkLastError();
-                }
 
                 // Check to see if the engine wrote data into the network BIO
                 pendingNet = SSL.pendingWrittenBytesInBIO(networkBIO);
@@ -482,16 +502,12 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                                 SSLEngineResult.Status.BUFFER_OVERFLOW, getHandshakeStatus(),
bytesConsumed, bytesProduced);
                     }
 
-                    clearLastError();
                     // Write the pending data from the network BIO into the dst buffer
                     try {
                         bytesProduced += readEncryptedData(networkBIO, dst, pendingNet);
                     } catch (Exception e) {
                         throw new SSLException(e);
                     }
-                    if (bytesProduced == 0) {
-                        checkLastError();
-                    }
 
                     return new SSLEngineResult(getEngineStatus(), getHandshakeStatus(), bytesConsumed,
bytesProduced);
                 }
@@ -553,17 +569,12 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
         }
 
         // Write encrypted data to network BIO
-        clearLastError();
         int written = 0;
         try {
             written = writeEncryptedData(networkBIO, src);
         } catch (Exception e) {
             throw new SSLException(e);
         }
-        // OpenSSL can return 0 or -1 to these calls if nothing was written
-        if (written == 0) {
-            checkLastError();
-        }
 
         // There won't be any application data until we're done handshaking
         //
@@ -597,7 +608,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                     break;
                 }
 
-                clearLastError();
                 int bytesRead;
                 try {
                     bytesRead = readPlaintextData(ssl, dst);
@@ -606,7 +616,6 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
                 }
 
                 if (bytesRead == 0) {
-                    checkLastError();
                     // This should not be possible. pendingApp is positive
                     // therefore the read should have read at least one byte.
                     throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message