WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

SSLEngine: correctly mark inbound and outbound closed when receiving alerts

pull/197/head
Chris Conlon 2024-05-30 17:35:47 -06:00
parent 267a8d2c24
commit 5b31cf2306
3 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
native/com_wolfssl_WolfSSL.h
View File

@ -79,6 +79,8 @@ extern "C" {
#define com_wolfssl_WolfSSL_SSL_ERROR_ZERO_RETURN 6L #define com_wolfssl_WolfSSL_SSL_ERROR_ZERO_RETURN 6L
#undef com_wolfssl_WolfSSL_SSL_ERROR_SSL #undef com_wolfssl_WolfSSL_SSL_ERROR_SSL
#define com_wolfssl_WolfSSL_SSL_ERROR_SSL 85L #define com_wolfssl_WolfSSL_SSL_ERROR_SSL 85L
#undef com_wolfssl_WolfSSL_FATAL_ERROR
#define com_wolfssl_WolfSSL_FATAL_ERROR -313L
#undef com_wolfssl_WolfSSL_SSL_ERROR_SOCKET_PEER_CLOSED #undef com_wolfssl_WolfSSL_SSL_ERROR_SOCKET_PEER_CLOSED
#define com_wolfssl_WolfSSL_SSL_ERROR_SOCKET_PEER_CLOSED -397L #define com_wolfssl_WolfSSL_SSL_ERROR_SOCKET_PEER_CLOSED -397L
#undef com_wolfssl_WolfSSL_UNKNOWN_ALPN_PROTOCOL_NAME_E #undef com_wolfssl_WolfSSL_UNKNOWN_ALPN_PROTOCOL_NAME_E

2
src/java/com/wolfssl/WolfSSL.java
View File

@ -172,6 +172,8 @@ public class WolfSSL {
public static final int SSL_ERROR_ZERO_RETURN = 6; public static final int SSL_ERROR_ZERO_RETURN = 6;
/** Generatl SSL error */ /** Generatl SSL error */
public static final int SSL_ERROR_SSL = 85; public static final int SSL_ERROR_SSL = 85;
/** Received fatal alert error */
public static final int FATAL_ERROR = -313;
/** Peer closed socket */ /** Peer closed socket */
public static final int SSL_ERROR_SOCKET_PEER_CLOSED = -397; public static final int SSL_ERROR_SOCKET_PEER_CLOSED = -397;
/** Unrecognized ALPN protocol name */ /** Unrecognized ALPN protocol name */

21
src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java
View File

@ -634,6 +634,14 @@ public class WolfSSLEngine extends SSLEngine {
} }
produced += CopyOutPacket(out); produced += CopyOutPacket(out);
} }
else if ((produced > 0) && !inBoundOpen &&
(!this.closeNotifySent && !this.closeNotifyReceived)) {
/* We had buffered data to send, but inbound was already closed.
* Most likely this is because we needed to send an alert to
* the peer. We should now mark outbound as closed since we
* won't be sending anything after the alert went out. */
this.outBoundOpen = false;
}
else if (produced == 0) { else if (produced == 0) {
/* continue handshake or application data */ /* continue handshake or application data */
if (!this.handshakeFinished) { if (!this.handshakeFinished) {
@ -1076,6 +1084,16 @@ public class WolfSSLEngine extends SSLEngine {
ret + " : " + err); ret + " : " + err);
} }
else { else {
/* Native wolfSSL threw an exception when unwrapping
* data, close inbound since we can't receive more
* data */
this.inBoundOpen = false;
if (err == WolfSSL.FATAL_ERROR) {
/* If client side and we received fatal alert,
* close outbound since we won't be receiving
* any more data */
this.outBoundOpen = false;
}
throw new SSLException( throw new SSLException(
"wolfSSL error, ret:err = " + ret + " : " + err); "wolfSSL error, ret:err = " + ret + " : " + err);
} }
@ -1241,7 +1259,8 @@ public class WolfSSLEngine extends SSLEngine {
hs = SSLEngineResult.HandshakeStatus.NEED_WRAP; hs = SSLEngineResult.HandshakeStatus.NEED_WRAP;
} }
else if (this.netData != null && else if (this.netData != null &&
this.netData.remaining() > 0) { this.netData.remaining() > 0 &&
this.inBoundOpen == true) {
hs = SSLEngineResult.HandshakeStatus.NEED_UNWRAP; hs = SSLEngineResult.HandshakeStatus.NEED_UNWRAP;
} }
else if (err == WolfSSL.SSL_ERROR_WANT_READ) { else if (err == WolfSSL.SSL_ERROR_WANT_READ) {