Skip to content

Commit

Permalink
use RetainableByteBuffer for encrypted input buffer
Browse files Browse the repository at this point in the history 
Signed-off-by: Ludovic Orban <lorban@bitronix.be>
  • Loading branch information
@lorban
lorban committed Jun 1, 2021
1 parent 98a1a47 commit 6119f2f
Showing 1 changed file with 15 additions and 14 deletions.
29 changes: 15 additions & 14 deletions jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
View file
Expand Up @@ -34,6 +34,7 @@
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.RetainableByteBuffer;
import org.eclipse.jetty.io.WriteFlusher;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.Callback;
Expand Down Expand Up @@ -106,7 +107,7 @@ private enum FlushState
private final SSLEngine _sslEngine;
private final DecryptedEndPoint _decryptedEndPoint;
private ByteBuffer _decryptedInput;
private ByteBuffer _encryptedInput;
private RetainableByteBuffer _encryptedInput;
private ByteBuffer _encryptedOutput;
private final boolean _encryptedDirectBuffers;
private final boolean _decryptedDirectBuffers;
Expand Down Expand Up @@ -311,7 +312,7 @@ private int getBufferSize(ToIntFunction<SSLSession> bufferSizeFn)
private void acquireEncryptedInput()
{
if (_encryptedInput == null)
_encryptedInput = _bufferPool.acquire(getPacketBufferSize(), _encryptedDirectBuffers);
_encryptedInput = new RetainableByteBuffer(_bufferPool, getPacketBufferSize(), _encryptedDirectBuffers);
}

private void acquireEncryptedOutput()
Expand All @@ -324,7 +325,7 @@ private void acquireEncryptedOutput()
public void onUpgradeTo(ByteBuffer buffer)
{
acquireEncryptedInput();
BufferUtil.append(_encryptedInput, buffer);
BufferUtil.append(_encryptedInput.getBuffer(), buffer);
}

@Override
Expand Down Expand Up @@ -394,7 +395,7 @@ protected SSLEngineResult unwrap(SSLEngine sslEngine, ByteBuffer input, ByteBuff
@Override
public String toConnectionString()
{
ByteBuffer b = _encryptedInput;
ByteBuffer b = _encryptedInput == null ? null : _encryptedInput.getBuffer();
int ei = b == null ? -1 : b.remaining();
b = _encryptedOutput;
int eo = b == null ? -1 : b.remaining();
Expand All @@ -416,7 +417,7 @@ private void releaseEncryptedInputBuffer()
{
if (_encryptedInput != null && !_encryptedInput.hasRemaining())
{
_bufferPool.release(_encryptedInput);
_encryptedInput.release();
_encryptedInput = null;
}
}
Expand Down Expand Up @@ -657,12 +658,12 @@ public int fill(ByteBuffer buffer) throws IOException
}

// Let's try reading some encrypted data... even if we have some already.
int netFilled = networkFill(_encryptedInput);
int netFilled = networkFill(_encryptedInput.getBuffer());
if (LOG.isDebugEnabled())
LOG.debug("net filled={}", netFilled);

// Workaround for Java 11 behavior.
if (netFilled < 0 && isHandshakeInitial() && BufferUtil.isEmpty(_encryptedInput))
if (netFilled < 0 && isHandshakeInitial() && (_encryptedInput == null || _encryptedInput.isEmpty()))
closeInbound();

if (netFilled > 0 && !isHandshakeComplete() && isOutboundDone())
Expand All @@ -681,7 +682,7 @@ public int fill(ByteBuffer buffer) throws IOException
try
{
_underflown = false;
unwrapResult = SslConnection.this.unwrap(_sslEngine, _encryptedInput, appIn);
unwrapResult = SslConnection.this.unwrap(_sslEngine, _encryptedInput.getBuffer(), appIn);
}
finally
{
Expand All @@ -691,7 +692,7 @@ public int fill(ByteBuffer buffer) throws IOException
LOG.debug("unwrap net_filled={} {} encryptedBuffer={} unwrapBuffer={} appBuffer={}",
netFilled,
StringUtil.replace(unwrapResult.toString(), '\n', ' '),
BufferUtil.toSummaryString(_encryptedInput),
_encryptedInput,
BufferUtil.toDetailString(appIn),
BufferUtil.toDetailString(buffer));

Expand All @@ -712,13 +713,13 @@ public int fill(ByteBuffer buffer) throws IOException

case BUFFER_UNDERFLOW:
// Continue if we can compact?
if (BufferUtil.compact(_encryptedInput))
if (BufferUtil.compact(_encryptedInput.getBuffer()))
continue;

// Are we out of space?
if (BufferUtil.space(_encryptedInput) == 0)
if (BufferUtil.space(_encryptedInput.getBuffer()) == 0)
{
BufferUtil.clear(_encryptedInput);
BufferUtil.clear(_encryptedInput.getBuffer());
throw new SSLHandshakeException("Encrypted buffer max length exceeded");
}

Expand Down Expand Up @@ -830,15 +831,15 @@ protected void needsFillInterest()
_flushState,
_fillState,
_underflown,
BufferUtil.toDetailString(_encryptedInput),
_encryptedInput,
BufferUtil.toDetailString(_decryptedInput),
SslConnection.this);

if (_fillState != FillState.IDLE)
return;

// Fillable if we have decrypted input OR enough encrypted input.
fillable = BufferUtil.hasContent(_decryptedInput) || (BufferUtil.hasContent(_encryptedInput) && !_underflown);
fillable = BufferUtil.hasContent(_decryptedInput) || (_encryptedInput != null && _encryptedInput.hasRemaining() && !_underflown);

HandshakeStatus status = _sslEngine.getHandshakeStatus();
switch (status)
Expand Down

0 comments on commit 6119f2f

Please sign in to comment.