Refine search
/** * performs the unwrap operation by unwrapping from {@link #inCrypt} to {@link #inData} **/ private synchronized ByteBuffer unwrap() throws SSLException { int rem; //There are some ssl test suites, which get around the selector.select() call, which cause an infinite unwrap and 100% cpu usage (see #459 and #458) if(readEngineResult.getStatus() == SSLEngineResult.Status.CLOSED && sslEngine.getHandshakeStatus() == HandshakeStatus.NOT_HANDSHAKING){ try { close(); } catch (IOException e) { //Not really interesting } } do { rem = inData.remaining(); readEngineResult = sslEngine.unwrap( inCrypt, inData ); } while ( readEngineResult.getStatus() == SSLEngineResult.Status.OK && ( rem != inData.remaining() || sslEngine.getHandshakeStatus() == HandshakeStatus.NEED_UNWRAP ) ); inData.flip(); return inData; }
result = sslEngine.unwrap(netReadBuffer, appReadBuffer); netReadBuffer.compact(); handshakeStatus = result.getHandshakeStatus(); if (result.getStatus() == SSLEngineResult.Status.OK && result.getHandshakeStatus() == HandshakeStatus.NEED_TASK) { handshakeStatus = runDelegatedTasks(); cont = (result.getStatus() == SSLEngineResult.Status.OK && handshakeStatus == HandshakeStatus.NEED_UNWRAP) || (ignoreHandshakeStatus && netReadBuffer.position() != position); log.trace("SSLHandshake handshakeUnwrap: handshakeStatus {} status {}", handshakeStatus, result.getStatus()); } while (netReadBuffer.position() != 0 && cont);
case NEED_WRAP: handshakeResult = sslEngine.wrap(EMPTY_BUF, netBuffer); switch (handshakeResult.getStatus()) { case OK: break; case BUFFER_OVERFLOW: case CLOSED: default: throw new SSLException("Unexpected handshake status: " + handshakeResult.getStatus()); return; handshakeResult = sslEngine.unwrap(peerEngine.netBuffer, appBuffer); peerEngine.netBuffer.compact(); handshakeStatus = handshakeResult.getHandshakeStatus(); switch (handshakeResult.getStatus()) { case OK: break; case BUFFER_OVERFLOW:
@Override public synchronized ByteBuffer unwrap(ByteBuffer wrappedBuffer) throws IOException { checkClosed(); // note that we do not clear peerAppData as it may hold a partial // message. TcpConduit, for instance, uses message chunking to // transmit large payloads and we may have read a partial chunk // during the previous unwrap // it's better to be pro-active about avoiding buffer overflows expandPeerAppData(wrappedBuffer); peerAppData.limit(peerAppData.capacity()); while (wrappedBuffer.hasRemaining()) { SSLEngineResult unwrapResult = engine.unwrap(wrappedBuffer, peerAppData); switch (unwrapResult.getStatus()) { case BUFFER_OVERFLOW: expandPeerAppData(wrappedBuffer); break; case BUFFER_UNDERFLOW: // partial data - need to read more. When this happens the SSLEngine will not have // changed the buffer position wrappedBuffer.compact(); return peerAppData; case OK: break; default: throw new SSLException("Error decrypting data: " + unwrapResult); } } wrappedBuffer.clear(); return peerAppData; }
SSLEngineResult result; try { result = engine.unwrap( peerNetData, peerAppData ); } catch ( SSLException e ) { log.error("SSLExcpetion during unwrap", e); throw e; switch(result.getStatus()) { case OK: peerAppData.flip(); return -1; default: throw new IllegalStateException( "Invalid SSL status: " + result.getStatus() );
@Override SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out) throws SSLException { int writerIndex = out.writerIndex(); ByteBuffer inNioBuffer = toByteBuffer(in, readerIndex, len); int position = inNioBuffer.position(); final SSLEngineResult result = handler.engine.unwrap(inNioBuffer, toByteBuffer(out, writerIndex, out.writableBytes())); out.writerIndex(writerIndex + result.bytesProduced()); // This is a workaround for a bug in Android 5.0. Android 5.0 does not correctly update the // SSLEngineResult.bytesConsumed() in some cases and just return 0. // // See: // - https://android-review.googlesource.com/c/platform/external/conscrypt/+/122080 // - https://github.com/netty/netty/issues/7758 if (result.bytesConsumed() == 0) { int consumed = inNioBuffer.position() - position; if (consumed != result.bytesConsumed()) { // Create a new SSLEngineResult with the correct bytesConsumed(). return new SSLEngineResult( result.getStatus(), result.getHandshakeStatus(), consumed, result.bytesProduced()); } } return result; }
SSLEngineResult unwrapResult = sslEngine.unwrap(netReadBuffer, appReadBuffer); netReadBuffer.compact(); if (unwrapResult.getHandshakeStatus() != HandshakeStatus.NOT_HANDSHAKING && unwrapResult.getStatus() == Status.OK) { log.trace("Renegotiation requested, but it is not supported, channelId {}, " + "appReadBuffer pos {}, netReadBuffer pos {}, netWriteBuffer pos {}", channelId, if (unwrapResult.getStatus() == Status.OK) { read += readFromAppBuffer(dst); } else if (unwrapResult.getStatus() == Status.BUFFER_OVERFLOW) { int currentApplicationBufferSize = applicationBufferSize(); appReadBuffer = Utils.ensureCapacity(appReadBuffer, currentApplicationBufferSize);
/** * Performs raw unwrap from network read buffer. * * @return Result. * @throws SSLException If SSL exception occurs. */ private SSLEngineResult unwrap0() throws SSLException { SSLEngineResult res; do { res = sslEngine.unwrap(inNetBuf, appBuf); if (log.isDebugEnabled()) log.debug("Unwrapped raw data [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ", ses=" + ses + ']'); if (res.getStatus() == Status.BUFFER_OVERFLOW) appBuf = expandBuffer(appBuf, appBuf.capacity() * 2); } while ((res.getStatus() == Status.OK || res.getStatus() == Status.BUFFER_OVERFLOW) && (handshakeFinished && res.getHandshakeStatus() == NOT_HANDSHAKING || res.getHandshakeStatus() == NEED_UNWRAP)); return res; }
/** * Performs raw unwrap from network read buffer. * * @return Result. * @throws SSLException If SSL exception occurs. */ private SSLEngineResult unwrap0() throws SSLException { SSLEngineResult res; do { res = sslEngine.unwrap(inNetBuf, appBuf); if (log.isDebugEnabled()) log.debug("Unwrapped raw data [status=" + res.getStatus() + ", handshakeStatus=" + res.getHandshakeStatus() + ']'); if (res.getStatus() == Status.BUFFER_OVERFLOW) appBuf = expandBuffer(appBuf, appBuf.capacity() * 2); } while ((res.getStatus() == OK || res.getStatus() == Status.BUFFER_OVERFLOW) && (handshakeFinished && res.getHandshakeStatus() == NOT_HANDSHAKING || res.getHandshakeStatus() == NEED_UNWRAP)); return res; }
engineResult = engine.unwrap(handshakeBuffer, peerAppData); handshakeBuffer.compact(); status = engineResult.getHandshakeStatus(); if (engineResult.getStatus() == BUFFER_OVERFLOW) { peerAppData = expandWriteBuffer(TRACKED_RECEIVER, peerAppData, peerAppData.capacity() * 2, switch (engineResult.getStatus()) { case BUFFER_OVERFLOW: myNetData = logger.info("handshake terminated with illegal state due to {}", status); throw new IllegalStateException( "Unknown SSLEngineResult status: " + engineResult.getStatus());
@Override SSLEngineResult unwrap(SslHandler handler, ByteBuf in, int readerIndex, int len, ByteBuf out) throws SSLException { int writerIndex = out.writerIndex(); ByteBuffer inNioBuffer = toByteBuffer(in, readerIndex, len); int position = inNioBuffer.position(); final SSLEngineResult result = handler.engine.unwrap(inNioBuffer, toByteBuffer(out, writerIndex, out.writableBytes())); out.writerIndex(writerIndex + result.bytesProduced()); // This is a workaround for a bug in Android 5.0. Android 5.0 does not correctly update the // SSLEngineResult.bytesConsumed() in some cases and just return 0. // // See: // - https://android-review.googlesource.com/c/platform/external/conscrypt/+/122080 // - https://github.com/netty/netty/issues/7758 if (result.bytesConsumed() == 0) { int consumed = inNioBuffer.position() - position; if (consumed != result.bytesConsumed()) { // Create a new SSLEngineResult with the correct bytesConsumed(). return new SSLEngineResult( result.getStatus(), result.getHandshakeStatus(), consumed, result.bytesProduced()); } } return result; }
result = engine.unwrap( peerNetData, peerAppData ); peerNetData.compact(); handshakeStatus = result.getHandshakeStatus(); break; switch(result.getStatus()) { case OK: break; throw new IllegalStateException( "Invalid SSL status: " + result.getStatus() ); break; switch(result.getStatus()) { case OK: myNetData.flip();
final ByteBuffer appDataBuffer = appDataManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); try { SSLEngineResult unwrapResponse = engine.unwrap(streamInBuffer, appDataBuffer); logger.trace("{} When checking if closed, (handshake={}) Unwrap response: {}", this, handshaking, unwrapResponse); if (unwrapResponse.getStatus().equals(Status.CLOSED)) {
if (wrapHelloResult.getStatus() == Status.BUFFER_OVERFLOW) { streamOutManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); continue; if (wrapHelloResult.getStatus() != Status.OK) { throw new SSLHandshakeException("Could not generate SSL Handshake information: SSLEngineResult: " + wrapHelloResult.toString()); SSLEngineResult handshakeResponseResult = engine.unwrap(readableDataIn, appData); logger.trace("{} Handshake response after unwrapping: {}", this, handshakeResponseResult); if (handshakeResponseResult.getStatus() == Status.BUFFER_UNDERFLOW) { final ByteBuffer writableDataIn = streamInManager.prepareForWrite(engine.getSession().getPacketBufferSize()); final int bytesRead = readData(writableDataIn);
SSLEngineResult unwrapResponse = null; final ByteBuffer appDataBuffer = appDataManager.prepareForWrite(engine.getSession().getApplicationBufferSize()); unwrapResponse = engine.unwrap(streamInBuffer, appDataBuffer); logger.trace("{} When reading data, (handshake={}) Unwrap response: {}", this, handshaking, unwrapResponse); switch (unwrapResponse.getStatus()) { case BUFFER_OVERFLOW: throw new SSLHandshakeException("Buffer Overflow, which is not allowed to happen from an unwrap");