(tomcat) branch main updated: Fix reflection for calling OpenSSL FFM

remm Wed, 19 Mar 2025 03:17:00 -0700

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/main by this push:
     new c1e24efe18 Fix reflection for calling OpenSSL FFM
c1e24efe18 is described below

commit c1e24efe184d840d2a0e683d9a06dfbef87772a9
Author: remm <r...@apache.org>
AuthorDate: Wed Mar 19 11:16:46 2025 +0100

    Fix reflection for calling OpenSSL FFM
---
 .../catalina/core/OpenSSLLifecycleListener.java    | 50 +++++++++++-----------
 webapps/docs/changelog.xml                         |  4 ++
 2 files changed, 29 insertions(+), 25 deletions(-)

diff --git a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java 
b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
index 5b0ea02531..c8360a55fc 100644
--- a/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
+++ b/java/org/apache/catalina/core/OpenSSLLifecycleListener.java
@@ -57,9 +57,9 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                                 
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                         openSSLLibraryClass.getMethod("init").invoke(null);
                     } catch (Throwable t) {
-                        t = ExceptionUtils.unwrapInvocationTargetException(t);
-                        ExceptionUtils.handleThrowable(t);
-                        log.error(sm.getString("openssllistener.sslInit"), t);
+                        Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                        ExceptionUtils.handleThrowable(throwable);
+                        log.error(sm.getString("openssllistener.sslInit"), 
throwable);
                     }
                 }
             }
@@ -97,9 +97,9 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                             
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                     openSSLLibraryClass.getMethod("init").invoke(null);
                 } catch (Throwable t) {
-                    t = ExceptionUtils.unwrapInvocationTargetException(t);
-                    ExceptionUtils.handleThrowable(t);
-                    log.error(sm.getString("openssllistener.sslInit"), t);
+                    Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                    ExceptionUtils.handleThrowable(throwable);
+                    log.error(sm.getString("openssllistener.sslInit"), 
throwable);
                     initError = true;
                 }
                 // Failure to initialize FIPS mode is fatal
@@ -123,8 +123,8 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                             
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                     openSSLLibraryClass.getMethod("destroy").invoke(null);
                 } catch (Throwable t) {
-                    t = ExceptionUtils.unwrapInvocationTargetException(t);
-                    ExceptionUtils.handleThrowable(t);
+                    Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                    ExceptionUtils.handleThrowable(throwable);
                     log.info(sm.getString("openssllistener.destroy"));
                 }
             }
@@ -139,8 +139,8 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                 return (String) 
openSSLLibraryClass.getMethod("getSSLEngine").invoke(null);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
         return null;
@@ -151,10 +151,10 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
             try {
                 Class<?> openSSLLibraryClass =
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
-                openSSLLibraryClass.getMethod("setSSLEngine").invoke(null, 
SSLEngine);
+                openSSLLibraryClass.getMethod("setSSLEngine", 
String.class).invoke(null, SSLEngine);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
     }
@@ -166,8 +166,8 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                 return (String) 
openSSLLibraryClass.getMethod("getSSLRandomSeed").invoke(null);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
         return null;
@@ -178,10 +178,10 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
             try {
                 Class<?> openSSLLibraryClass =
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
-                openSSLLibraryClass.getMethod("setSSLRandomSeed").invoke(null, 
SSLRandomSeed);
+                openSSLLibraryClass.getMethod("setSSLRandomSeed", 
String.class).invoke(null, SSLRandomSeed);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
     }
@@ -193,8 +193,8 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                 return (String) 
openSSLLibraryClass.getMethod("getFIPSMode").invoke(null);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
         return null;
@@ -205,10 +205,10 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
             try {
                 Class<?> openSSLLibraryClass =
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
-                openSSLLibraryClass.getMethod("setFIPSMode").invoke(null, 
FIPSMode);
+                openSSLLibraryClass.getMethod("setFIPSMode", 
String.class).invoke(null, FIPSMode);
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
     }
@@ -220,8 +220,8 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                         
Class.forName("org.apache.tomcat.util.net.openssl.panama.OpenSSLLibrary");
                 return ((Boolean) 
openSSLLibraryClass.getMethod("isFIPSModeActive").invoke(null)).booleanValue();
             } catch (Throwable t) {
-                t = ExceptionUtils.unwrapInvocationTargetException(t);
-                ExceptionUtils.handleThrowable(t);
+                Throwable throwable = 
ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(throwable);
             }
         }
         return false;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ffd6d26fa5..dce8c06ce8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -165,6 +165,10 @@
         Fix parsing of the <code>time-taken</code> token in the
         <code>ExtendedAccessLogValve</code>. (remm)
       </fix>
+      <fix>
+        Fix invocation of the FFM OpenSSL code for setting a SSL engine and
+        FIPS mode. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

(tomcat) branch main updated: Fix reflection for calling OpenSSL FFM

Reply via email to