Align buffer use pattern with the FFM code

This uses 18KB of memory per connection.

Author: markt-asf

java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java

@@ -135,6 +135,7 @@ enum ClientAuthMode {
     private final long ssl;
     private final long networkBIO;
     private final long aprGeneration;
+    private ByteBuffer buf = ByteBuffer.allocateDirect(MAX_ENCRYPTED_PACKET_LENGTH);
 
     private enum Accepted {
         NOT,
@@ -234,6 +235,7 @@ public synchronized void shutdown() {
                     Library.returnCleanUpLock();
                 }
             }
+            ByteBufferUtils.cleanDirectBuffer(buf);
         }
     }
 
@@ -260,7 +262,6 @@ private int writePlaintextData(final long ssl, final ByteBuffer src) throws SSLE
                 return sslWrote;
             }
         } else {
-            ByteBuffer buf = ByteBuffer.allocateDirect(len);
             try {
                 final long addr = Buffer.address(buf);
 
@@ -281,7 +282,6 @@ private int writePlaintextData(final long ssl, final ByteBuffer src) throws SSLE
                 }
             } finally {
                 buf.clear();
-                ByteBufferUtils.cleanDirectBuffer(buf);
             }
         }
 
@@ -308,7 +308,6 @@ private int writeEncryptedData(final long networkBIO, final ByteBuffer src) thro
                 return netWrote;
             }
         } else {
-            ByteBuffer buf = ByteBuffer.allocateDirect(len);
             try {
                 final long addr = Buffer.address(buf);
 
@@ -326,7 +325,6 @@ private int writeEncryptedData(final long networkBIO, final ByteBuffer src) thro
                 }
             } finally {
                 buf.clear();
-                ByteBufferUtils.cleanDirectBuffer(buf);
             }
         }
 
@@ -355,7 +353,6 @@ private int readPlaintextData(final long ssl, final ByteBuffer dst) throws SSLEx
             final int pos = dst.position();
             final int limit = dst.limit();
             final int len = Math.min(MAX_ENCRYPTED_PACKET_LENGTH, limit - pos);
-            final ByteBuffer buf = ByteBuffer.allocateDirect(len);
             try {
                 final long addr = Buffer.address(buf);
 
@@ -371,7 +368,6 @@ private int readPlaintextData(final long ssl, final ByteBuffer dst) throws SSLEx
                 }
             } finally {
                 buf.clear();
-                ByteBufferUtils.cleanDirectBuffer(buf);
             }
         }
 
@@ -396,7 +392,6 @@ private int readEncryptedData(final long networkBIO, final ByteBuffer dst, final
                 checkLastError();
             }
         } else {
-            final ByteBuffer buf = ByteBuffer.allocateDirect(pending);
             try {
                 final long addr = Buffer.address(buf);
 
@@ -413,7 +408,6 @@ private int readEncryptedData(final long networkBIO, final ByteBuffer dst, final
                 }
             } finally {
                 buf.clear();
-                ByteBufferUtils.cleanDirectBuffer(buf);
             }
         }
 

webapps/docs/changelog.xml

@@ -105,6 +105,14 @@
   issues do not "pop up" wrt. others).
 -->
 <section name="Tomcat 9.0.117 (remm)" rtext="in development">
+  <subsection name="Coyote">
+    <changelog>
+      <update>
+        Align buffer reuse of the OpenSSLEngine for tomcat-native with the FFM
+        code. (remm)
+      </update>
+    </changelog>
+  </subsection>
 </section>
 <section name="Tomcat 9.0.116 (remm)" rtext="release in progress">
   <subsection name="Catalina">