This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 55aadf3929 Extract out some of the important macros for readability
55aadf3929 is described below
commit 55aadf3929996756282baf51f447097e38de6417
Author: remm <[email protected]>
AuthorDate: Wed Sep 6 21:07:51 2023 +0200
Extract out some of the important macros for readability
Also rename the compatibility class for consistency.
---
.../util/net/openssl/panama/OpenSSLContext.java | 22 ++--
.../util/net/openssl/panama/OpenSSLEngine.java | 2 +-
.../util/net/openssl/panama/OpenSSLLibrary.java | 3 +-
.../net/openssl/panama/OpenSSLSessionContext.java | 21 +---
..._compat_h.java => openssl_h_Compatibility.java} | 2 +-
.../tomcat/util/openssl/openssl_h_Macros.java | 136 +++++++++++++++++++++
6 files changed, 152 insertions(+), 34 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 480d289794..c0bb643e4f 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -52,8 +52,9 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
-import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Compatibility.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Macros.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.net.AbstractEndpoint;
@@ -280,9 +281,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
prot = SSL3_VERSION();
}
maxTlsVersion = prot;
- // # define SSL_CTX_set_max_proto_version(sslCtx, version) \
- // SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION,
version, NULL)
- SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION(), prot,
MemorySegment.NULL);
+ SSL_CTX_set_max_proto_version(sslCtx, prot);
if (prot == TLS1_3_VERSION() && (protocol & SSL_PROTOCOL_TLSV1_2)
> 0) {
prot = TLS1_2_VERSION();
}
@@ -296,9 +295,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
prot = SSL3_VERSION();
}
minTlsVersion = prot;
- //# define SSL_CTX_set_min_proto_version(sslCtx, version) \
- // SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION,
version, NULL)
- SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION(), prot,
MemorySegment.NULL);
+ SSL_CTX_set_min_proto_version(sslCtx, prot);
// Disable compression, usually unsafe
SSL_CTX_set_options(sslCtx, SSL_OP_NO_COMPRESSION());
@@ -311,14 +308,10 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
SSL_CTX_set_options(sslCtx, SSL_OP_SINGLE_ECDH_USE());
// Default session context id and cache size
- // # define SSL_CTX_sess_set_cache_size(sslCtx,t) \
- //
SSL_CTX_ctrl(sslCtx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
- SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_SIZE(), 256,
MemorySegment.NULL);
+ SSL_CTX_sess_set_cache_size(sslCtx, 256);
// Session cache is disabled by default
- // # define SSL_CTX_set_session_cache_mode(sslCtx,m) \
- //
SSL_CTX_ctrl(sslCtx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
- SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_MODE(),
SSL_SESS_CACHE_OFF(), MemorySegment.NULL);
+ SSL_CTX_set_session_cache_mode(sslCtx, SSL_SESS_CACHE_OFF());
// Longer session timeout
SSL_CTX_set_timeout(sslCtx, 14400);
@@ -1287,8 +1280,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
logLastError(localArena,
"openssl.errorLoadingCertificate");
return;
}
- // # define SSL_CTX_add0_chain_cert(sslCtx,x509)
SSL_CTX_ctrl(sslCtx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
- if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_CHAIN_CERT(), 0,
x509certChain) <= 0) {
+ if (SSL_CTX_add0_chain_cert(state.sslCtx, x509certChain) <= 0)
{
logLastError(localArena, "openssl.errorAddingCertificate");
return;
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index f002731dbd..a4af1edc5f 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -57,8 +57,8 @@ import javax.net.ssl.SSLSessionBindingEvent;
import javax.net.ssl.SSLSessionBindingListener;
import javax.net.ssl.SSLSessionContext;
-import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Compatibility.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.Asn1Parser;
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
index 5acc053016..ae1d2ff12c 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLibrary.java
@@ -24,9 +24,8 @@ import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
-import static org.apache.tomcat.util.openssl.openssl_compat_h.FIPS_mode;
-import static org.apache.tomcat.util.openssl.openssl_compat_h.FIPS_mode_set;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Compatibility.*;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import
org.apache.tomcat.util.net.openssl.ciphers.OpenSSLCipherConfigurationParser;
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
index b6583f6511..b14eb60d44 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
@@ -25,6 +25,7 @@ import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import static org.apache.tomcat.util.openssl.openssl_h.*;
+import static org.apache.tomcat.util.openssl.openssl_h_Macros.*;
import org.apache.tomcat.util.res.StringManager;
/**
@@ -68,9 +69,7 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
}
try (var memorySession = Arena.ofConfined()) {
var array = memorySession.allocateFrom(ValueLayout.JAVA_BYTE,
keys);
- // #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen)
- // SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
(keylen), (keys))
- SSL_CTX_ctrl(context.getSSLContext(),
SSL_CTRL_SET_TLSEXT_TICKET_KEYS(), TICKET_KEYS_SIZE, array);
+ SSL_CTX_set_tlsext_ticket_keys(context.getSSLContext(), array,
TICKET_KEYS_SIZE);
}
}
@@ -81,9 +80,7 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
*/
public void setSessionCacheEnabled(boolean enabled) {
long mode = enabled ? SSL_SESS_CACHE_SERVER() : SSL_SESS_CACHE_OFF();
- // # define SSL_CTX_set_session_cache_mode(ctx,m) \
- // SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
- SSL_CTX_ctrl(context.getSSLContext(), SSL_CTRL_SET_SESS_CACHE_MODE(),
mode, null);
+ SSL_CTX_set_session_cache_mode(context.getSSLContext(), mode);
}
/**
@@ -91,9 +88,7 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
* otherwise.
*/
public boolean isSessionCacheEnabled() {
- // # define SSL_CTX_get_session_cache_mode(ctx) \
- // SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
- return SSL_CTX_ctrl(context.getSSLContext(),
SSL_CTRL_GET_SESS_CACHE_MODE(), 0, null) == SSL_SESS_CACHE_SERVER();
+ return SSL_CTX_get_session_cache_mode(context.getSSLContext()) ==
SSL_SESS_CACHE_SERVER();
}
/**
@@ -121,16 +116,12 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
if (size < 0) {
throw new IllegalArgumentException();
}
- // # define SSL_CTX_sess_set_cache_size(ctx,t) \
- // SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
- SSL_CTX_ctrl(context.getSSLContext(), SSL_CTRL_SET_SESS_CACHE_SIZE(),
size, null);
+ SSL_CTX_sess_set_cache_size(context.getSSLContext(), size);
}
@Override
public int getSessionCacheSize() {
- // # define SSL_CTX_sess_get_cache_size(ctx) \
- // SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
- return (int) SSL_CTX_ctrl(context.getSSLContext(),
SSL_CTRL_GET_SESS_CACHE_SIZE(), 0, null);
+ return (int) SSL_CTX_sess_get_cache_size(context.getSSLContext());
}
/**
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
similarity index 99%
rename from
modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
rename to
modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
index 776ee9e06a..841a581ee8 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_compat_h.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Compatibility.java
@@ -24,7 +24,7 @@ import static java.lang.foreign.ValueLayout.*;
/**
* Methods used present in older OpenSSL versions but not in the current major
version.
*/
-public class openssl_compat_h {
+public class openssl_h_Compatibility {
// OpenSSL 1.1 FIPS_mode
static final FunctionDescriptor FIPS_mode$FUNC = FunctionDescriptor
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
new file mode 100644
index 0000000000..03f55e2a4b
--- /dev/null
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tomcat.util.openssl;
+
+import java.lang.foreign.MemorySegment;
+
+import static org.apache.tomcat.util.openssl.openssl_h.*;
+
+/**
+ * Functional macros not handled by jextract.
+ */
+public class openssl_h_Macros {
+
+
+ /**
+ * Set maximum protocol version on the given context.
+ * # define SSL_CTX_set_max_proto_version(sslCtx, version) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION, version,
NULL)
+ * @param sslCtx the SSL context
+ * @param version the maximum version
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set_max_proto_version(MemorySegment sslCtx,
long version) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MAX_PROTO_VERSION(), version,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Set minimum protocol version on the given context.
+ * # define SSL_CTX_set_min_proto_version(sslCtx, version) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION, version,
NULL)
+ * @param sslCtx the SSL context
+ * @param version the maximum version
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set_min_proto_version(MemorySegment sslCtx,
long version) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_MIN_PROTO_VERSION(), version,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Get the session cache size.
+ * # define SSL_CTX_sess_get_cache_size(sslCtx) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_SIZE, 0, NULL)
+ * @param sslCtx the SSL context
+ * @param cacheSize the session cache size
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_sess_get_cache_size(MemorySegment sslCtx) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_SIZE(), 0,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Set the session cache size.
+ * # define SSL_CTX_sess_set_cache_size(sslCtx, t) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_SIZE, t, NULL)
+ * @param sslCtx the SSL context
+ * @param cacheSize the session cache size
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_sess_set_cache_size(MemorySegment sslCtx, long
cacheSize) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_SIZE(), cacheSize,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Get the session cache mode.
+ * # define SSL_CTX_get_session_cache_mode(sslCtx) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_MODE, 0, NULL)
+ * @param sslCtx the SSL context
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_get_session_cache_mode(MemorySegment sslCtx) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_GET_SESS_CACHE_MODE(), 0,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Set the session cache mode.
+ * # define SSL_CTX_set_session_cache_mode(sslCtx, m) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_MODE, m, NULL)
+ * @param sslCtx the SSL context
+ * @param cacheMode the cache mode, SSL_SESS_CACHE_OFF to disable
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set_session_cache_mode(MemorySegment sslCtx,
long cacheMode) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_SESS_CACHE_MODE(), cacheMode,
MemorySegment.NULL);
+ }
+
+
+ /**
+ * Set the certificate.
+ * # define SSL_CTX_add0_chain_cert(sslCtx,x509) \
+ * SSL_CTX_ctrl(sslCtx, SSL_CTRL_CHAIN_CERT, 0, (char *)(x509))
+ * @param sslCtx the SSL context
+ * @param x509 the certificate
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_add0_chain_cert(MemorySegment sslCtx,
MemorySegment x509) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_CHAIN_CERT(), 0, x509);
+ }
+
+
+ /**
+ * Set ticket keys.
+ * # define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+ * SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen),
(keys))
+ * @param sslCtx the SSL context
+ * @param keys the keys
+ * @param keyLength the length
+ * @return > 0 if successful
+ */
+ public static long SSL_CTX_set_tlsext_ticket_keys(MemorySegment sslCtx,
MemorySegment keys, long keyLength) {
+ return SSL_CTX_ctrl(sslCtx, SSL_CTRL_SET_TLSEXT_TICKET_KEYS(),
keyLength, keys);
+ }
+
+
+}
+
+
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
