Rewrite ProvSSLEngine.wrap to be record-aligned for app data

peterdettman · peterdettman · commit 615ab75e13b1 · 2017-11-22T23:15:51.000+07:00
- avoids any internal buffering of app data b/w calls
- never produce any output when returning BUFFER_OVERFLOW
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLEngine.java b/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLEngine.java
@@ -342,7 +342,7 @@ public synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, in
                 {
                     resultStatus = Status.BUFFER_UNDERFLOW;
                 }
-                else if (getTotalRemaining(dsts) < (long)preview.getApplicationDataLimit())
+                else if (hasInsufficientSpace(dsts, offset, length, preview.getApplicationDataLimit()))
                 {
                     resultStatus = Status.BUFFER_OVERFLOW;
                 }
@@ -357,7 +357,7 @@ else if (getTotalRemaining(dsts) < (long)preview.getApplicationDataLimit())
                     int appDataAvailable = protocol.getAvailableInputBytes();
                     for (int dstIndex = 0; dstIndex < length && appDataAvailable > 0; ++dstIndex)
                     {
-                        ByteBuffer dst = dsts[dstIndex];
+                        ByteBuffer dst = dsts[offset + dstIndex];
                         int count = Math.min(dst.remaining(), appDataAvailable);
                         if (count > 0)
                         {
@@ -469,36 +469,56 @@ public synchronized SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int leng
             {
                 resultStatus = Status.CLOSED;
             }
-            else
+            else if (protocol.getAvailableOutputBytes() > 0)
             {
                 /*
-                 * Limit the app data that we will process in one call
+                 * Handle any buffered handshake data fully before sending application data.
                  */
-                int srcLimit = ProvSSLSessionImpl.NULL_SESSION.getApplicationBufferSize();
-
-                for (int srcIndex = 0; srcIndex < length && srcLimit > 0; ++srcIndex)
+            }
+            else
+            {
+                try
                 {
-                    ByteBuffer src = srcs[srcIndex];
-                    int count = Math.min(src.remaining(), srcLimit);
-                    if (count > 0)
+                    /*
+                     * Generate at most one maximum-sized application data record per call.
+                     */
+                    int srcRemaining = getTotalRemaining(srcs, offset, length, protocol.getApplicationDataLimit());
+                    if (srcRemaining > 0)
                     {
-                        byte[] input = new byte[count];
-                        src.get(input);
-        
-                        try
+                        RecordPreview preview = protocol.previewOutputRecord(srcRemaining);
+
+                        int srcLimit = preview.getApplicationDataLimit();
+                        int dstLimit = preview.getRecordSize();
+
+                        if (dst.remaining() < dstLimit)
                         {
-                            protocol.writeApplicationData(input, 0, count);
+                            resultStatus = Status.BUFFER_OVERFLOW;
                         }
-                        catch (IOException e)
+                        else
                         {
-                            // TODO[jsse] Throw a subclass of SSLException?
-                            throw new SSLException(e);
+                            for (int srcIndex = 0; srcIndex < length && srcLimit > 0; ++srcIndex)
+                            {
+                                ByteBuffer src = srcs[offset + srcIndex];
+                                int count = Math.min(src.remaining(), srcLimit);
+                                if (count > 0)
+                                {
+                                    byte[] input = new byte[count];
+                                    src.get(input);
+    
+                                    protocol.writeApplicationData(input, 0, count);
+    
+                                    bytesConsumed += count;
+                                    srcLimit -= count;
+                                }
+                            }
                         }
-
-                        bytesConsumed += count;
-                        srcLimit -= count;
                     }
                 }
+                catch (IOException e)
+                {
+                    // TODO[jsse] Throw a subclass of SSLException?
+                    throw new SSLException(e);
+                }
             }
         }
 
@@ -520,8 +540,7 @@ public synchronized SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int leng
                 bytesProduced += count;
                 outputAvailable -= count;
             }
-
-            if (outputAvailable > 0)
+            else
             {
                 resultStatus = Status.BUFFER_OVERFLOW;
             }
@@ -628,13 +647,24 @@ private RecordPreview getRecordPreview(ByteBuffer src)
         return protocol.previewInputRecord(recordHeader);
     }
 
-    private long getTotalRemaining(ByteBuffer[] buffers)
+    private int getTotalRemaining(ByteBuffer[] bufs, int off, int len, int limit)
     {
-        long result = 0;
-        for (ByteBuffer buffer : buffers)
+        int result = 0;
+        for (int i = 0; i < len; ++i)
         {
-            result += buffer.remaining();
+            ByteBuffer buf = bufs[off + i];
+            int next = buf.remaining();
+            if (next >= (limit - result))
+            {
+                return limit;
+            }
+            result += next;
         }
         return result;
     }
+
+    private boolean hasInsufficientSpace(ByteBuffer[] dsts, int off, int len, int amount)
+    {
+        return getTotalRemaining(dsts, off, len, amount) < amount;
+    }
 }
diff --git a/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionImpl.java b/tls/src/main/java/org/bouncycastle/jsse/provider/ProvSSLSessionImpl.java
@@ -179,7 +179,12 @@ public int getPacketBufferSize()
          * when the max_fragment_length extension has been negotiated, or when no compression was negotiated).
          */
         // Header size + Fragment length limit + Compression expansion + Cipher expansion
-        return RecordFormat.FRAGMENT_OFFSET + (1 << 14) + 1024 + 1024; 
+//        return RecordFormat.FRAGMENT_OFFSET + (1 << 14) + 1024 + 1024;
+
+        /*
+         * Worst case accounts for possible application data splitting (before TLS 1.1)
+         */
+        return (1 << 14) + 1 + 2 * (RecordFormat.FRAGMENT_OFFSET + 1024 + 1024);
     }
 
     public javax.security.cert.X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException
diff --git a/tls/src/main/java/org/bouncycastle/tls/RecordPreview.java b/tls/src/main/java/org/bouncycastle/tls/RecordPreview.java
@@ -5,6 +5,13 @@ public final class RecordPreview
     private final int recordSize;
     private final int applicationDataLimit;
 
+    static RecordPreview combine(RecordPreview a, RecordPreview b)
+    {
+        return new RecordPreview(
+            a.getRecordSize() + b.getRecordSize(),
+            a.getApplicationDataLimit() + b.getApplicationDataLimit());
+    }
+
     RecordPreview(int recordSize, int applicationDataLimit)
     {
         this.recordSize = recordSize;
diff --git a/tls/src/main/java/org/bouncycastle/tls/RecordStream.java b/tls/src/main/java/org/bouncycastle/tls/RecordStream.java
@@ -192,6 +192,21 @@ else if (!version.equals(readVersion))
         return new RecordPreview(recordSize, applicationDataLimit);
     }
 
+    RecordPreview previewOutputRecord(int applicationDataSize)
+    {
+        int applicationDataLimit = Math.max(0, Math.min(getPlaintextLimit(), applicationDataSize));
+
+        int recordSize = applicationDataLimit;
+        if (writeCompression.getClass() != TlsNullCompression.class)
+        {
+            recordSize += 1024;
+        }
+
+        recordSize = writeCipher.getCiphertextLimit(recordSize) + RecordFormat.FRAGMENT_OFFSET;
+
+        return new RecordPreview(recordSize, applicationDataLimit);
+    }
+
     boolean readFullRecord(byte[] record)
         throws IOException
     {
diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsProtocol.java
@@ -840,7 +840,7 @@ public RecordPreview previewInputRecord(byte[] recordHeader) throws IOException
     {
         if (blocking)
         {
-            throw new IllegalStateException("Cannot use previewInputRecord() in blocking mode! Use getInputStream() instead.");
+            throw new IllegalStateException("Cannot use previewInputRecord() in blocking mode!");
         }
         if (inputBuffers.available() != 0)
         {
@@ -855,6 +855,57 @@ public RecordPreview previewInputRecord(byte[] recordHeader) throws IOException
         return safePreviewRecordHeader(recordHeader);
     }
 
+    public RecordPreview previewOutputRecord(int applicationDataSize) throws IOException
+    {
+        if (blocking)
+        {
+            throw new IllegalStateException("Cannot use previewOutputRecord() in blocking mode!");
+        }
+        if (outputBuffer.getBuffer().available() != 0)
+        {
+            throw new IllegalStateException("Can only use previewOutputRecord() for record-aligned output.");
+        }
+
+        if (closed)
+        {
+            throw new IOException("Connection is closed, cannot produce any more output");
+        }
+
+        if (applicationDataSize < 1)
+        {
+            return new RecordPreview(0, 0);
+        }
+
+        if (this.appDataSplitEnabled)
+        {
+            switch (appDataSplitMode)
+            {
+                case ADS_MODE_0_N_FIRSTONLY:
+                case ADS_MODE_0_N:
+                {
+                    RecordPreview a = recordStream.previewOutputRecord(0);
+                    RecordPreview b = recordStream.previewOutputRecord(applicationDataSize);
+                    return RecordPreview.combine(a, b);
+                }
+                case ADS_MODE_1_Nsub1:
+                default:
+                {
+                    RecordPreview a = recordStream.previewOutputRecord(1);
+                    if (applicationDataSize > 1)
+                    {
+                        RecordPreview b = recordStream.previewOutputRecord(applicationDataSize - 1);
+                        a = RecordPreview.combine(a, b);
+                    }
+                    return a;
+                }
+            }
+        }
+        else
+        {
+            return recordStream.previewOutputRecord(applicationDataSize);
+        }
+    }
+
     /**
      * Offer input from an arbitrary source. Only allowed in non-blocking mode.<br>
      * <br>
@@ -928,6 +979,11 @@ public void offerInput(byte[] input) throws IOException
         }
     }
 
+    public int getApplicationDataLimit()
+    {
+        return recordStream.getPlaintextLimit();
+    }
+
     /**
      * Gets the amount of received application data. A call to {@link #readInput(byte[], int, int)}
      * is guaranteed to be able to return at least this much data.<br>

Original file line number	Diff line number	Diff line change
`@@ -342,7 +342,7 @@ public synchronized SSLEngineResult unwrap(ByteBuffer src, ByteBuffer[] dsts, in`
`342`	`342`	`{`
`343`	`343`	`resultStatus = Status.BUFFER_UNDERFLOW;`
`344`	`344`	`}`
`345`		`- else if (getTotalRemaining(dsts) < (long)preview.getApplicationDataLimit())`
	`345`	`+ else if (hasInsufficientSpace(dsts, offset, length, preview.getApplicationDataLimit()))`
`346`	`346`	`{`
`347`	`347`	`resultStatus = Status.BUFFER_OVERFLOW;`
`348`	`348`	`}`
`@@ -357,7 +357,7 @@ else if (getTotalRemaining(dsts) < (long)preview.getApplicationDataLimit())`
`357`	`357`	`int appDataAvailable = protocol.getAvailableInputBytes();`
`358`	`358`	`for (int dstIndex = 0; dstIndex < length && appDataAvailable > 0; ++dstIndex)`
`359`	`359`	`{`
`360`		`- ByteBuffer dst = dsts[dstIndex];`
	`360`	`+ ByteBuffer dst = dsts[offset + dstIndex];`
`361`	`361`	`int count = Math.min(dst.remaining(), appDataAvailable);`
`362`	`362`	`if (count > 0)`
`363`	`363`	`{`
`@@ -469,36 +469,56 @@ public synchronized SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int leng`
`469`	`469`	`{`
`470`	`470`	`resultStatus = Status.CLOSED;`
`471`	`471`	`}`
`472`		`- else`
	`472`	`+ else if (protocol.getAvailableOutputBytes() > 0)`
`473`	`473`	`{`
`474`	`474`	`/*`
`475`		`- * Limit the app data that we will process in one call`
	`475`	`+ * Handle any buffered handshake data fully before sending application data.`
`476`	`476`	`*/`
`477`		`- int srcLimit = ProvSSLSessionImpl.NULL_SESSION.getApplicationBufferSize();`
`478`		`-`
`479`		`- for (int srcIndex = 0; srcIndex < length && srcLimit > 0; ++srcIndex)`
	`477`	`+ }`
	`478`	`+ else`
	`479`	`+ {`
	`480`	`+ try`
`480`	`481`	`{`
`481`		`- ByteBuffer src = srcs[srcIndex];`
`482`		`- int count = Math.min(src.remaining(), srcLimit);`
`483`		`- if (count > 0)`
	`482`	`+ /*`
	`483`	`+ * Generate at most one maximum-sized application data record per call.`
	`484`	`+ */`
	`485`	`+ int srcRemaining = getTotalRemaining(srcs, offset, length, protocol.getApplicationDataLimit());`
	`486`	`+ if (srcRemaining > 0)`
`484`	`487`	`{`
`485`		`- byte[] input = new byte[count];`
`486`		`- src.get(input);`
`487`		`-`
`488`		`- try`
	`488`	`+ RecordPreview preview = protocol.previewOutputRecord(srcRemaining);`
	`489`	`+`
	`490`	`+ int srcLimit = preview.getApplicationDataLimit();`
	`491`	`+ int dstLimit = preview.getRecordSize();`
	`492`	`+`
	`493`	`+ if (dst.remaining() < dstLimit)`
`489`	`494`	`{`
`490`		`- protocol.writeApplicationData(input, 0, count);`
	`495`	`+ resultStatus = Status.BUFFER_OVERFLOW;`
`491`	`496`	`}`
`492`		`- catch (IOException e)`
	`497`	`+ else`
`493`	`498`	`{`
`494`		`- // TODO[jsse] Throw a subclass of SSLException?`
`495`		`- throw new SSLException(e);`
	`499`	`+ for (int srcIndex = 0; srcIndex < length && srcLimit > 0; ++srcIndex)`
	`500`	`+ {`
	`501`	`+ ByteBuffer src = srcs[offset + srcIndex];`
	`502`	`+ int count = Math.min(src.remaining(), srcLimit);`
	`503`	`+ if (count > 0)`
	`504`	`+ {`
	`505`	`+ byte[] input = new byte[count];`
	`506`	`+ src.get(input);`
	`507`	`+`
	`508`	`+ protocol.writeApplicationData(input, 0, count);`
	`509`	`+`
	`510`	`+ bytesConsumed += count;`
	`511`	`+ srcLimit -= count;`
	`512`	`+ }`
	`513`	`+ }`
`496`	`514`	`}`
`497`		`-`
`498`		`- bytesConsumed += count;`
`499`		`- srcLimit -= count;`
`500`	`515`	`}`
`501`	`516`	`}`
	`517`	`+ catch (IOException e)`
	`518`	`+ {`
	`519`	`+ // TODO[jsse] Throw a subclass of SSLException?`
	`520`	`+ throw new SSLException(e);`
	`521`	`+ }`
`502`	`522`	`}`
`503`	`523`	`}`
`504`	`524`
`@@ -520,8 +540,7 @@ public synchronized SSLEngineResult wrap(ByteBuffer[] srcs, int offset, int leng`
`520`	`540`	`bytesProduced += count;`
`521`	`541`	`outputAvailable -= count;`
`522`	`542`	`}`
`523`		`-`
`524`		`- if (outputAvailable > 0)`
	`543`	`+ else`
`525`	`544`	`{`
`526`	`545`	`resultStatus = Status.BUFFER_OVERFLOW;`
`527`	`546`	`}`
`@@ -628,13 +647,24 @@ private RecordPreview getRecordPreview(ByteBuffer src)`
`628`	`647`	`return protocol.previewInputRecord(recordHeader);`
`629`	`648`	`}`
`630`	`649`
`631`		`- private long getTotalRemaining(ByteBuffer[] buffers)`
	`650`	`+ private int getTotalRemaining(ByteBuffer[] bufs, int off, int len, int limit)`
`632`	`651`	`{`
`633`		`- long result = 0;`
`634`		`- for (ByteBuffer buffer : buffers)`
	`652`	`+ int result = 0;`
	`653`	`+ for (int i = 0; i < len; ++i)`
`635`	`654`	`{`
`636`		`- result += buffer.remaining();`
	`655`	`+ ByteBuffer buf = bufs[off + i];`
	`656`	`+ int next = buf.remaining();`
	`657`	`+ if (next >= (limit - result))`
	`658`	`+ {`
	`659`	`+ return limit;`
	`660`	`+ }`
	`661`	`+ result += next;`
`637`	`662`	`}`
`638`	`663`	`return result;`
`639`	`664`	`}`
	`665`	`+`
	`666`	`+ private boolean hasInsufficientSpace(ByteBuffer[] dsts, int off, int len, int amount)`
	`667`	`+ {`
	`668`	`+ return getTotalRemaining(dsts, off, len, amount) < amount;`
	`669`	`+ }`
`640`	`670`	`}`