This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 5523d58eda Actual testing with OpenSSL 1.1
5523d58eda is described below
commit 5523d58eda59b41404d024bf187b620f10024846
Author: remm <r...@apache.org>
AuthorDate: Mon Jun 20 15:38:04 2022 +0200
Actual testing with OpenSSL 1.1
The bottom line is that it should work, but without access to the macros
that are used in OpenSSL for the compatibility, this is rather painful
and annoying to maintain. As long as not too many renamed or replaced
APIs are used, it is possible to keep on supporting older OpenSSL
versions along with the current one.
---
modules/openssl-foreign/README.md | 2 +-
.../util/net/openssl/panama/OpenSSLContext.java | 8 +-
.../util/net/openssl/panama/OpenSSLEngine.java | 3 +-
.../openssl/panama/OpenSSLLifecycleListener.java | 2 +-
.../tomcat/util/openssl/openssl_compat_h.java | 90 +++++++++++++++-----
modules/openssl-java17/README.md | 2 +-
.../util/net/openssl/panama/OpenSSLContext.java | 8 +-
.../util/net/openssl/panama/OpenSSLEngine.java | 3 +-
.../openssl/panama/OpenSSLLifecycleListener.java | 2 +-
.../tomcat/util/openssl/openssl_compat_h.java | 99 +++++++++++++++++-----
10 files changed, 170 insertions(+), 49 deletions(-)
diff --git a/modules/openssl-foreign/README.md
b/modules/openssl-foreign/README.md
index 32a9816e51..0ee967b515 100644
--- a/modules/openssl-foreign/README.md
+++ b/modules/openssl-foreign/README.md
@@ -30,7 +30,7 @@ Note: The build path for the JDK will be different on other
platforms.
The module uses the OpenSSL 3.0 API. It requires an API compatible version of
OpenSSL or a compatible alternative library, that can be loaded from the JVM
-library path.
+library path. OpenSSL 1.1 is also supported.
Copy `tomcat-coyote-openssl-1.0.jar` to the Apache Tomcat `lib` folder.
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 5f85266d2c..a16f1dc37c 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -17,6 +17,7 @@
package org.apache.tomcat.util.net.openssl.panama;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import java.io.File;
import java.lang.foreign.Addressable;
@@ -151,6 +152,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
+ static final boolean OPENSSL_3 = (OpenSSL_version_num() >= 0x3000000fL);
+
private final SSLHostConfig sslHostConfig;
private final SSLHostConfigCertificate certificate;
private final boolean alpn;
@@ -760,7 +763,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)
public static Addressable openSSLCallbackTmpDH(MemoryAddress ssl, int
isExport, int keylength) {
var pkey = SSL_get_privatekey(ssl);
- int type = (MemoryAddress.NULL.equals(pkey)) ? EVP_PKEY_NONE() :
EVP_PKEY_get_base_id(pkey);
+ int type = (MemoryAddress.NULL.equals(pkey)) ? EVP_PKEY_NONE()
+ : (OPENSSL_3 ? EVP_PKEY_get_base_id(pkey) :
EVP_PKEY_base_id(pkey));
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
@@ -775,7 +779,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
*/
int keylen = 0;
if ((type == EVP_PKEY_RSA()) || (type == EVP_PKEY_DSA())) {
- keylen = EVP_PKEY_get_bits(pkey);
+ keylen = (OPENSSL_3 ? EVP_PKEY_get_bits(pkey) :
EVP_PKEY_bits(pkey));
}
for (int i = 0; i < OpenSSLLifecycleListener.dhParameters.length; i++)
{
if (keylen >= OpenSSLLifecycleListener.dhParameters[i].min) {
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index c64e8e19c1..c486226ae2 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -56,6 +56,7 @@ import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -966,7 +967,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private byte[] getPeerCertificate() {
var allocator = SegmentAllocator.newNativeArena(engineMemorySession);
- MemoryAddress/*(X509*)*/ x509 = SSL_get1_peer_certificate(state.ssl);
+ MemoryAddress/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ?
SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl));
MemorySegment bufPointer = allocator.allocate(ValueLayout.ADDRESS,
MemoryAddress.NULL);
int length = i2d_X509(x509, bufPointer);
if (length <= 0) {
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index 5f0359d26d..50882bc3b8 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -285,7 +285,7 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
initDHParameters();
// OpenSSL 3 onwards uses providers
- boolean usingProviders = (OpenSSL_version_num() & 0xF0000000L) > 2;
+ boolean usingProviders = (OpenSSL_version_num() >= 0x3000000fL);
if (usingProviders || !(null == FIPSMode ||
"off".equalsIgnoreCase(FIPSMode))) {
fipsModeActive = false;
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
index 38d8a2d2fc..563820cd4e 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
@@ -27,38 +27,90 @@ import static java.lang.foreign.ValueLayout.*;
public class openssl_compat_h {
// OpenSSL 1.1 FIPS_mode
- static final FunctionDescriptor FIPS_mode$FUNC =
FunctionDescriptor.of(JAVA_INT);
- static final MethodHandle FIPS_mode$MH = RuntimeHelper.downcallHandle(
- "FIPS_mode",
- FIPS_mode$FUNC
- );
+ static final FunctionDescriptor FIPS_mode$FUNC = FunctionDescriptor
+ .of(JAVA_INT);
+ static final MethodHandle FIPS_mode$MH = RuntimeHelper
+ .downcallHandle("FIPS_mode", FIPS_mode$FUNC);
public static MethodHandle FIPS_mode$MH() {
- return RuntimeHelper.requireNonNull(FIPS_mode$MH,"FIPS_mode");
+ return RuntimeHelper.requireNonNull(FIPS_mode$MH, "FIPS_mode");
}
- public static int FIPS_mode () {
+ public static int FIPS_mode() {
var mh$ = RuntimeHelper.requireNonNull(FIPS_mode$MH, "FIPS_mode");
try {
- return (int)mh$.invokeExact();
+ return (int) mh$.invokeExact();
} catch (Throwable ex$) {
throw new AssertionError("should not reach here", ex$);
}
}
// OpenSSL 1.1 FIPS_mode_set
- static final FunctionDescriptor FIPS_mode_set$FUNC =
FunctionDescriptor.of(JAVA_INT,
- JAVA_INT
- );
- static final MethodHandle FIPS_mode_set$MH = RuntimeHelper.downcallHandle(
- "FIPS_mode_set",
- FIPS_mode_set$FUNC
- );
+ static final FunctionDescriptor FIPS_mode_set$FUNC = FunctionDescriptor
+ .of(JAVA_INT, JAVA_INT);
+ static final MethodHandle FIPS_mode_set$MH = RuntimeHelper
+ .downcallHandle("FIPS_mode_set", FIPS_mode_set$FUNC);
public static MethodHandle FIPS_mode_set$MH() {
- return RuntimeHelper.requireNonNull(FIPS_mode_set$MH,"FIPS_mode_set");
+ return RuntimeHelper.requireNonNull(FIPS_mode_set$MH, "FIPS_mode_set");
}
- public static int FIPS_mode_set ( int r) {
- var mh$ = RuntimeHelper.requireNonNull(FIPS_mode_set$MH,
"FIPS_mode_set");
+ public static int FIPS_mode_set(int r) {
+ var mh$ = RuntimeHelper.requireNonNull(FIPS_mode_set$MH,
+ "FIPS_mode_set");
try {
- return (int)mh$.invokeExact(r);
+ return (int) mh$.invokeExact(r);
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 EVP_PKEY_base_id
+ static final FunctionDescriptor EVP_PKEY_base_id$FUNC = FunctionDescriptor
+ .of(Constants$root.C_INT$LAYOUT, Constants$root.C_POINTER$LAYOUT);
+ static final MethodHandle EVP_PKEY_base_id$MH = RuntimeHelper
+ .downcallHandle("EVP_PKEY_base_id", EVP_PKEY_base_id$FUNC);
+ public static MethodHandle EVP_PKEY_base_id$MH() {
+ return RuntimeHelper.requireNonNull(EVP_PKEY_base_id$MH,
+ "EVP_PKEY_base_id");
+ }
+ public static int EVP_PKEY_base_id(Addressable pkey) {
+ var mh$ = EVP_PKEY_base_id$MH();
+ try {
+ return (int) mh$.invokeExact(pkey);
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 EVP_PKEY_bits
+ static final FunctionDescriptor EVP_PKEY_bits$FUNC = FunctionDescriptor
+ .of(Constants$root.C_INT$LAYOUT, Constants$root.C_POINTER$LAYOUT);
+ static final MethodHandle EVP_PKEY_bits$MH = RuntimeHelper
+ .downcallHandle("EVP_PKEY_bits", EVP_PKEY_bits$FUNC);
+ public static MethodHandle EVP_PKEY_bits$MH() {
+ return RuntimeHelper.requireNonNull(EVP_PKEY_bits$MH, "EVP_PKEY_bits");
+ }
+ public static int EVP_PKEY_bits(Addressable pkey) {
+ var mh$ = EVP_PKEY_bits$MH();
+ try {
+ return (int) mh$.invokeExact(pkey);
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 SSL_get_peer_certificate
+ static final FunctionDescriptor SSL_get_peer_certificate$FUNC =
FunctionDescriptor
+ .of(Constants$root.C_POINTER$LAYOUT,
+ Constants$root.C_POINTER$LAYOUT);
+ static final MethodHandle SSL_get_peer_certificate$MH = RuntimeHelper
+ .downcallHandle("SSL_get_peer_certificate",
+ SSL_get_peer_certificate$FUNC);
+ public static MethodHandle SSL_get_peer_certificate$MH() {
+ return RuntimeHelper.requireNonNull(SSL_get_peer_certificate$MH,
+ "SSL_get_peer_certificate");
+ }
+ public static MemoryAddress SSL_get_peer_certificate(Addressable s) {
+ var mh$ = SSL_get_peer_certificate$MH();
+ try {
+ return (java.lang.foreign.MemoryAddress) mh$.invokeExact(s);
} catch (Throwable ex$) {
throw new AssertionError("should not reach here", ex$);
}
diff --git a/modules/openssl-java17/README.md b/modules/openssl-java17/README.md
index 41c638c656..0707ca8039 100644
--- a/modules/openssl-java17/README.md
+++ b/modules/openssl-java17/README.md
@@ -15,7 +15,7 @@ It can be built and run with Apache Tomcat 9.0 or newer.
The module uses the OpenSSL 3.0 API. It requires an API compatible version of
OpenSSL or a compatible alternative library, that can be loaded from the JVM
-library path.
+library path. OpenSSL 1.1 is also supported.
Copy `tomcat-coyote-openssl-java17-1.0.jar` to the Apache Tomcat `lib` folder.
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index d710cbc1be..5aba20ae5a 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -25,6 +25,7 @@ import jdk.incubator.foreign.ResourceScope;
import jdk.incubator.foreign.SegmentAllocator;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import java.io.File;
import java.lang.invoke.MethodHandle;
@@ -151,6 +152,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
}
+ static final boolean OPENSSL_3 = (OpenSSL_version_num() >= 0x3000000fL);
+
private final int minTlsVersion;
private final int maxTlsVersion;
@@ -757,7 +760,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)
public static MemoryAddress openSSLCallbackTmpDH(MemoryAddress ssl, int
isExport, int keylength) {
var pkey = SSL_get_privatekey(ssl);
- int type = (MemoryAddress.NULL.equals(pkey)) ? EVP_PKEY_NONE() :
EVP_PKEY_get_base_id(pkey);
+ int type = (MemoryAddress.NULL.equals(pkey)) ? EVP_PKEY_NONE()
+ : (OPENSSL_3 ? EVP_PKEY_get_base_id(pkey) :
EVP_PKEY_base_id(pkey));
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
@@ -772,7 +776,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
*/
int keylen = 0;
if ((type == EVP_PKEY_RSA()) || (type == EVP_PKEY_DSA())) {
- keylen = EVP_PKEY_get_bits(pkey);
+ keylen = (OPENSSL_3 ? EVP_PKEY_get_bits(pkey) :
EVP_PKEY_bits(pkey));
}
for (int i = 0; i < OpenSSLLifecycleListener.dhParameters.length; i++)
{
if (keylen >= OpenSSLLifecycleListener.dhParameters[i].min) {
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 3942e37a3c..6691a14835 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -57,6 +57,7 @@ import jdk.incubator.foreign.ResourceScope;
import jdk.incubator.foreign.SegmentAllocator;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
@@ -966,7 +967,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private byte[] getPeerCertificate() {
var allocator = SegmentAllocator.ofScope(engineScope);
- MemoryAddress/*(X509*)*/ x509 = SSL_get1_peer_certificate(state.ssl);
+ MemoryAddress/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ?
SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl));
MemorySegment bufPointer = allocator.allocate(CLinker.C_POINTER,
MemoryAddress.NULL);
int length = i2d_X509(x509, bufPointer);
if (length <= 0) {
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index fdb28bfa77..9da964d8e6 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -285,7 +285,7 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
initDHParameters();
// OpenSSL 3 onwards uses providers
- boolean usingProviders = (OpenSSL_version_num() & 0xF0000000L) > 2;
+ boolean usingProviders = (OpenSSL_version_num() >= 0x3000000fL);
if (usingProviders || !(null == FIPSMode ||
"off".equalsIgnoreCase(FIPSMode))) {
fipsModeActive = false;
diff --git
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
index b5ecb82a4c..c5762fbf19 100644
---
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
+++
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
@@ -27,40 +27,99 @@ import static jdk.incubator.foreign.CLinker.*;
public class openssl_compat_h {
// OpenSSL 1.1 FIPS_mode
- static final FunctionDescriptor FIPS_mode$FUNC =
FunctionDescriptor.of(C_INT);
+ static final FunctionDescriptor FIPS_mode$FUNC = FunctionDescriptor
+ .of(C_INT);
static final MethodHandle FIPS_mode$MH = RuntimeHelper.downcallHandle(
- openssl_h.LIBRARIES, "FIPS_mode",
- "()I",
- FIPS_mode$FUNC, false
- );
+ openssl_h.LIBRARIES, "FIPS_mode", "()I", FIPS_mode$FUNC, false);
public static MethodHandle FIPS_mode$MH() {
- return RuntimeHelper.requireNonNull(FIPS_mode$MH,"FIPS_mode");
+ return RuntimeHelper.requireNonNull(FIPS_mode$MH, "FIPS_mode");
}
- public static int FIPS_mode () {
+ public static int FIPS_mode() {
var mh$ = RuntimeHelper.requireNonNull(FIPS_mode$MH, "FIPS_mode");
try {
- return (int)mh$.invokeExact();
+ return (int) mh$.invokeExact();
} catch (Throwable ex$) {
throw new AssertionError("should not reach here", ex$);
}
}
// OpenSSL 1.1 FIPS_mode_set
- static final FunctionDescriptor FIPS_mode_set$FUNC =
FunctionDescriptor.of(C_INT,
- C_INT
- );
- static final MethodHandle FIPS_mode_set$MH =
RuntimeHelper.downcallHandle(
- openssl_h.LIBRARIES, "FIPS_mode_set",
- "(I)I",
- FIPS_mode_set$FUNC, false
- );
+ static final FunctionDescriptor FIPS_mode_set$FUNC = FunctionDescriptor
+ .of(C_INT, C_INT);
+ static final MethodHandle FIPS_mode_set$MH = RuntimeHelper.downcallHandle(
+ openssl_h.LIBRARIES, "FIPS_mode_set", "(I)I", FIPS_mode_set$FUNC,
+ false);
public static MethodHandle FIPS_mode_set$MH() {
- return RuntimeHelper.requireNonNull(FIPS_mode_set$MH,"FIPS_mode_set");
+ return RuntimeHelper.requireNonNull(FIPS_mode_set$MH, "FIPS_mode_set");
}
- public static int FIPS_mode_set ( int r) {
- var mh$ = RuntimeHelper.requireNonNull(FIPS_mode_set$MH,
"FIPS_mode_set");
+ public static int FIPS_mode_set(int r) {
+ var mh$ = RuntimeHelper.requireNonNull(FIPS_mode_set$MH,
+ "FIPS_mode_set");
try {
- return (int)mh$.invokeExact(r);
+ return (int) mh$.invokeExact(r);
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 EVP_PKEY_base_id
+ static final FunctionDescriptor EVP_PKEY_base_id$FUNC = FunctionDescriptor
+ .of(C_INT, C_POINTER);
+ static final MethodHandle EVP_PKEY_base_id$MH = RuntimeHelper
+ .downcallHandle(openssl_h.LIBRARIES, "EVP_PKEY_base_id",
+ "(Ljdk/incubator/foreign/MemoryAddress;)I",
+ EVP_PKEY_base_id$FUNC, false);
+ public static MethodHandle EVP_PKEY_base_id$MH() {
+ return RuntimeHelper.requireNonNull(EVP_PKEY_base_id$MH,
+ "EVP_PKEY_base_id");
+ }
+ public static int EVP_PKEY_base_id(Addressable pkey) {
+ var mh$ = RuntimeHelper.requireNonNull(EVP_PKEY_base_id$MH,
+ "EVP_PKEY_base_id");
+ try {
+ return (int) mh$.invokeExact(pkey.address());
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 EVP_PKEY_bits
+ static final FunctionDescriptor EVP_PKEY_bits$FUNC = FunctionDescriptor
+ .of(C_INT, C_POINTER);
+ static final MethodHandle EVP_PKEY_bits$MH = RuntimeHelper.downcallHandle(
+ openssl_h.LIBRARIES, "EVP_PKEY_bits",
+ "(Ljdk/incubator/foreign/MemoryAddress;)I", EVP_PKEY_bits$FUNC,
+ false);
+ public static MethodHandle EVP_PKEY_bits$MH() {
+ return RuntimeHelper.requireNonNull(EVP_PKEY_bits$MH, "EVP_PKEY_bits");
+ }
+ public static int EVP_PKEY_bits(Addressable pkey) {
+ var mh$ = RuntimeHelper.requireNonNull(EVP_PKEY_bits$MH,
+ "EVP_PKEY_bits");
+ try {
+ return (int) mh$.invokeExact(pkey.address());
+ } catch (Throwable ex$) {
+ throw new AssertionError("should not reach here", ex$);
+ }
+ }
+
+ // OpenSSL 1.1 SSL_get_peer_certificate
+ static final FunctionDescriptor SSL_get_peer_certificate$FUNC =
FunctionDescriptor
+ .of(C_POINTER, C_POINTER);
+ static final MethodHandle SSL_get_peer_certificate$MH = RuntimeHelper
+ .downcallHandle(openssl_h.LIBRARIES, "SSL_get_peer_certificate",
+
"(Ljdk/incubator/foreign/MemoryAddress;)Ljdk/incubator/foreign/MemoryAddress;",
+ SSL_get_peer_certificate$FUNC, false);
+ public static MethodHandle SSL_get_peer_certificate$MH() {
+ return RuntimeHelper.requireNonNull(SSL_get_peer_certificate$MH,
+ "SSL_get_peer_certificate");
+ }
+ public static MemoryAddress SSL_get_peer_certificate(Addressable s) {
+ var mh$ = RuntimeHelper.requireNonNull(SSL_get_peer_certificate$MH,
+ "SSL_get_peer_certificate");
+ try {
+ return (jdk.incubator.foreign.MemoryAddress) mh$
+ .invokeExact(s.address());
} catch (Throwable ex$) {
throw new AssertionError("should not reach here", ex$);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
