svn commit: r1175136 - in /commons/sandbox/runtime/trunk/src/main/native: include/acr/ssl.h modules/openssl/cert.c modules/openssl/key.c modules/openssl/util.c

Sat, 24 Sep 2011 02:35:44 -0700 

Author: mturk
Date: Sat Sep 24 09:35:15 2011
New Revision: 1175136

URL: http://svn.apache.org/viewvc?rev=1175136&view=rev
Log:
Add reference counting to core openssl objects

Modified:
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1175136&r1=1175135&r2=1175136&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Sat Sep 24 
09:35:15 2011
@@ -294,6 +294,24 @@ typedef struct ssl_pass_cb_t {
     char            buf[256];
 } ssl_pass_cb_t;
 
+#define ACR_SSL_OBJ_X509        1
+#define ACR_SSL_OBJ_EVP_PKEY    2
+#define ACR_SSL_OBJ_X509_STORE  3
+#define ACR_SSL_OBJ_X509_NAMES  4
+
+typedef struct ssl_obj_t {
+    acr_refcount_t               refs;
+    int                          type;
+    union {
+        X509                    *x509;
+        EVP_PKEY                *pkey;
+        X509_STORE              *store;
+        STACK_OF(X509_NAME)     *names;
+        void                    *any;
+    } u;
+} ssl_obj_t;
+
+
 /* Default password callback that
  * directly prompts the console
  */
@@ -303,14 +321,13 @@ typedef struct acr_ssl_srv_t    acr_ssl_
 
 /* SSL context */
 typedef struct acr_ssl_ctx_t {
+    acr_refcount_t   refs;
+    int              inited;
+    /* acr_ssl_obj_t */
     SSL_CTX         *ctx;
     /* Pointer to the context verify store */
     X509_STORE      *store;
-    volatile acr_atomic32_t refs;
-    /* Inited is set when the context is validated
-     * and ready to use.
-     */
-    int              inited;
+
     int              protocol;
     int              mode;
     int              ssl_proxy;
@@ -374,9 +391,10 @@ typedef struct acr_ssl_ctx_t {
 
 /* Server context */
 struct acr_ssl_srv_t {
+    acr_refcount_t  refs;
+    int             inited;
     acr_ssl_ctx_t   *ctx;
-    acr_ssl_ctx_t   *ctx2;
-    acr_refcount_t   refs;
+    acr_ssl_ctx_t   *ctx2;    
     char            *servname;
     char            *hostid;
     BIO             *bio;
@@ -462,6 +480,8 @@ int         ssl_rand_seed(const char *fi
 int         ssl_load_pkcs12(BIO *, ssl_pass_cb_t *, EVP_PKEY **, X509 **, 
STACK_OF(X509) **);
 void        ssl_throw_errno(JNI_STDENV, int cls);
 void        ssl_throw_errno_ex(JNI_STDENV, int cls, const char *fmt, ...);
+int         ssl_obj_release(ssl_obj_t *);
+ssl_obj_t  *ssl_obj_new(JNI_STDENV, int, void *);
 
 #endif
 #endif /* _ACR_SSL_H_ */

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c?rev=1175136&r1=1175135&r2=1175136&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c 
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/cert.c Sat 
Sep 24 09:35:15 2011
@@ -89,8 +89,8 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
             ssl_throw_errno(env, ACR_EX_ESSLBADCERT);
     } DONE_WITH_STR(desc);
     } DONE_WITH_STR(file);
-    
-    return P2J(cert);
+
+    return P2J(ssl_obj_new(env, ACR_SSL_OBJ_X509, cert));
 }
 
 ACR_SSL_EXPORT(jlong, SSLCertificate, load1)(JNI_STDARGS, jstring file,
@@ -113,10 +113,10 @@ ACR_SSL_EXPORT(jlong, SSLCertificate, lo
     } DONE_WITH_STR(password);
     } DONE_WITH_STR(file);
 
-    return P2J(cert);
+    return P2J(ssl_obj_new(env, ACR_SSL_OBJ_X509, cert));
 }
 
 ACR_SSL_EXPORT(void, SSLCertificate, free0)(JNI_STDARGS, jlong key)
 {
-    X509_free(J2P(key, X509 *));
+    ssl_obj_release(J2P(key, void *));
 }

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c?rev=1175136&r1=1175135&r2=1175136&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c 
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/key.c Sat Sep 
24 09:35:15 2011
@@ -91,7 +91,7 @@ ACR_SSL_EXPORT(jlong, SSLKey, load0)(JNI
     } DONE_WITH_STR(desc);
     } DONE_WITH_STR(file);
     
-    return P2J(key);
+    return P2J(ssl_obj_new(env, ACR_SSL_OBJ_EVP_PKEY, key));
 }
 
 ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI_STDARGS, jstring file,
@@ -114,10 +114,10 @@ ACR_SSL_EXPORT(jlong, SSLKey, load1)(JNI
     } DONE_WITH_STR(password);
     } DONE_WITH_STR(file);
 
-    return P2J(key);
+    return P2J(ssl_obj_new(env, ACR_SSL_OBJ_EVP_PKEY, key));
 }
 
 ACR_SSL_EXPORT(void, SSLKey, free0)(JNI_STDARGS, jlong key)
 {
-    EVP_PKEY_free(J2P(key, EVP_PKEY *));
+    ssl_obj_release(J2P(key, void *));
 }

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL: 
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1175136&r1=1175135&r2=1175136&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c 
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Sat 
Sep 24 09:35:15 2011
@@ -452,3 +452,58 @@ void ssl_throw_errno(JNI_STDENV, int cls
 {
     ssl_throw_errno_ex(env, cls, 0);
 }
+
+int  ssl_obj_release(ssl_obj_t *ob)
+{
+    if (ob == 0)
+        return 0;
+    if (AcrAtomic32Dec(&ob->refs) != 0)
+        return 0;
+    if (ob->u.any == 0)
+        ob->type = 0;
+    switch(ob->type) {
+        case ACR_SSL_OBJ_X509:
+            X509_free(ob->u.x509);
+        break;
+        case ACR_SSL_OBJ_EVP_PKEY:
+            EVP_PKEY_free(ob->u.pkey);
+        break;
+        case ACR_SSL_OBJ_X509_STORE:
+            X509_STORE_free(ob->u.store);
+        break;
+        default:
+        break;
+    }
+    AcrFree(ob);
+    return 1;
+}
+
+ssl_obj_t *ssl_obj_new(JNI_STDENV, int type, void *ctx)
+{
+    ssl_obj_t *o;
+
+    if (ctx == 0)
+        return 0;
+    o = ACR_TALLOC(ssl_obj_t);
+    if (o == 0) {
+        switch(type) {
+            case ACR_SSL_OBJ_X509:
+                X509_free(ctx);
+            break;
+            case ACR_SSL_OBJ_EVP_PKEY:
+                EVP_PKEY_free(ctx);
+            break;
+            case ACR_SSL_OBJ_X509_STORE:
+                X509_STORE_free(ctx);
+            break;
+            default:
+            break;
+        }
+    }
+    else {
+        o->refs  = 1;
+        o->type  = type;
+        o->u.any = ctx;
+    }
+    return o;
+}

Reply via email to