[tomcat] branch main updated: Simplify with new API cleanups from Java 19 preview
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 1687b13e90 Simplify with new API cleanups from Java 19 preview
1687b13e90 is described below
commit 1687b13e908e807b71074ad1857a6a31ca4dc862
Author: remm
AuthorDate: Wed Jun 22 09:52:11 2022 +0200
Simplify with new API cleanups from Java 19 preview
The new API is less verbose so encourages allocating from the most
appropriate memory session. As a result the main memory sessions are now
only used for the upcalls, and of course cleanup of the OpenSSL
resources for contexts and engines. Trivial local allocations are from
confined sessions with single allocations.
Review by Maurizio Cimadamore.
---
.../util/net/openssl/panama/OpenSSLContext.java| 195 -
.../util/net/openssl/panama/OpenSSLEngine.java | 168 +++---
.../openssl/panama/OpenSSLLifecycleListener.java | 243 ++---
.../net/openssl/panama/OpenSSLSessionContext.java | 5 +-
4 files changed, 301 insertions(+), 310 deletions(-)
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 020b90009c..ebf5bc6086 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -217,7 +217,6 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Create OpenSSLConfCmd context if used
OpenSSLConf openSslConf = sslHostConfig.getOpenSslConf();
if (openSslConf != null) {
-var allocator =
SegmentAllocator.newNativeArena(contextMemorySession);
try {
if (log.isDebugEnabled()) {
log.debug(sm.getString("openssl.makeConf"));
@@ -225,9 +224,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
confCtx = SSL_CONF_CTX_new();
long errCode = ERR_get_error();
if (errCode != 0) {
-var buf =
allocator.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
-ERR_error_string(errCode, buf);
-
log.error(sm.getString("openssl.errorLoadingCertificate",
buf.getUtf8String(0)));
+try (var memorySession = MemorySession.openConfined())
{
+var buf =
memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+ERR_error_string(errCode, buf);
+
log.error(sm.getString("openssl.errorLoadingCertificate",
buf.getUtf8String(0)));
+}
}
SSL_CONF_CTX_set_flags(confCtx, SSL_CONF_FLAG_FILE() |
SSL_CONF_FLAG_SERVER() |
@@ -355,7 +356,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
* OpenSSLSessionContext) to ensure that the OpenSSLContext remains
* ineligible for GC while those connections are alive. Once those
* connections complete, the OpenSSLContext will become eligible
for GC
- * and the implicit scope will ensure that the associated native
+ * and the memory session will ensure that the associated native
* resources are cleaned up.
*/
cleanable = cleaner.register(this, state);
@@ -406,12 +407,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (name.equals("NO_OCSP_CHECK")) {
rc = 1;
} else {
-var allocator =
SegmentAllocator.newNativeArena(memorySession);
-int code = SSL_CONF_cmd_value_type(state.confCtx,
allocator.allocateUtf8String(name));
+int code = SSL_CONF_cmd_value_type(state.confCtx,
memorySession.allocateUtf8String(name));
rc = 1;
long errCode = ERR_get_error();
if (errCode != 0) {
-var buf =
allocator.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+var buf =
memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("opensslconf.checkFailed",
buf.getUtf8String(0)));
rc = 0;
@@ -483,12 +483,11 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
[tomcat-native] branch main updated: Fix compilation issue on Windows
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 884ccafde Fix compilation issue on Windows
884ccafde is described below
commit 884ccafde57794155ee6f1c4d6685fea425de643
Author: Mark Thomas
AuthorDate: Wed Jun 22 12:41:18 2022 +0100
Fix compilation issue on Windows
---
native/src/ssl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 9fe4d9980..8e155e81b 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -912,15 +912,16 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS,
jstring file)
TCN_IMPLEMENT_CALL(jint, SSL, fipsModeGet)(TCN_STDARGS)
{
-UNREFERENCED(o);
#if defined(LIBRESSL_VERSION_NUMBER)
+UNREFERENCED(o);
/* LibreSSL doesn't support FIPS */
return 0;
#else
EVP_MD *md;
const OSSL_PROVIDER *provider;
const char *name;
+UNREFERENCED(o);
// Maps the OpenSSL 3. x onwards behaviour to theOpenSSL 1.x API
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Tomcat Native and OpenSSL 3.0.x
Mark, On 6/21/22 11:42, Mark Thomas wrote: On 16/06/2022 11:10, Mark Thomas wrote: OpenSSL will be producing security releases on 21st June. This will include 3.0.4. The security issue affects a script distributed with OpenSSL. The binaries for Windows that Tomcat distributes are not affected. OpenSSL 3.0.3 won't build for Windows using our build tool chain because of a dependency on a method that doesn't exist in the runtime libraries we build against. The fix will be in 3.0.4. I have been able to build OpenSSL 3.0.x HEAD for Windows using our build tool chain. Given all of the above, my plan for Tomcat Native 2.0.0 is as follows: - test the build once OpenSSL 3.0.4 is released, including running the 10.1.x unit tests with it I'll be doing this later today. - tag and release Tomcat Native 2.0.0 - update Tomcat 10.1.x to use Tomcat Native 2.0.x - tag and release Tomcat 10.1.x A separate question is do we want to continue building Tomcat Native 1.2.x with OpenSSL 1.1.1 or do we want to switch to OpenSSL 3.0.x? I'm on the fence on this one. I have configured Gump to build Tomcat Native 1.2.x with both OpenSSL 1.1.1 and 3.0.x. I am heading (one step at a time) towards: Test 10.1.x with Tomcat Native 2.0.x and OpenSSL 3.0.x Test 10.0.x with Tomcat Native 1.2.x and OpenSSL 3.0.x Test 9.0.x with Tomcat Native 1.2.x and OpenSSL 3.0.x Test 8.5.x with Tomcat Native 1.2.x and OpenSSL 1.1.1 Assuming the tests pass (I expect they will) then we can decide which version of OpenSSL to use for the Windows binaries. Personally, I am leaning towards using 3.0.x as that makes a FIPS solution a possibility (once the FIPS module is certified). You mean "building the statically-linked native library for inclusion in Windows distributions" right? If so, I think switching to OpenSSL 3.0 is okay. There may be some who don't want / can't take the upgrade, even just because auditing the dependency-change is a giant hassle. Would it be terribly difficult to produce two binaries? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/03: Restore Windows specific system.c as it contains password prompt methods
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit 1d727eaad90eb87e2a34f29c7cee045f193d60dd
Author: Mark Thomas
AuthorDate: Wed Jun 22 12:44:08 2022 +0100
Restore Windows specific system.c as it contains password prompt methods
---
native/NMAKEmakefile | 1 +
native/libtcnative.dsp | 4 +
native/os/win32/system.c | 458 +++
native/tcnative.dsp | 4 +
4 files changed, 467 insertions(+)
diff --git a/native/NMAKEmakefile b/native/NMAKEmakefile
index 530e6a339..224d1352a 100644
--- a/native/NMAKEmakefile
+++ b/native/NMAKEmakefile
@@ -96,6 +96,7 @@ OBJECTS = \
$(WORKDIR)\sslcontext.obj \
$(WORKDIR)\sslconf.obj \
$(WORKDIR)\sslutils.obj \
+$(WORKDIR)\system.obj
!IF DEFINED(WITH_FIPS)
OBJECTS = $(OBJECTS) srclib\openssl\tmp32\fips_premain.obj
!ENDIF
diff --git a/native/libtcnative.dsp b/native/libtcnative.dsp
index 214370f70..1e88b7c57 100644
--- a/native/libtcnative.dsp
+++ b/native/libtcnative.dsp
@@ -150,6 +150,10 @@ SOURCE=.\include\tcn_version.h
# Begin Group "Platform Files"
# PROP Default_Filter ""
+# Begin Source File
+
+SOURCE=.\os\win32\system.c
+# End Source File
# End Group
# Begin Source File
diff --git a/native/os/win32/system.c b/native/os/win32/system.c
new file mode 100644
index 0..42adf611f
--- /dev/null
+++ b/native/os/win32/system.c
@@ -0,0 +1,458 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _WIN32_WINNT
+#define _WIN32_WINNT 0x0500
+#endif
+#include
+#include
+#include
+#include
+
+#include "apr.h"
+#include "apr_pools.h"
+#include "apr_poll.h"
+#include "apr_network_io.h"
+#include "apr_arch_misc.h" /* for apr_os_level */
+#include "apr_arch_atime.h" /* for FileTimeToAprTime */
+
+#include "tcn.h"
+#include "ssl_private.h"
+
+#pragma warning(push)
+#pragma warning(disable : 4201)
+#if (_WIN32_WINNT < 0x0501)
+#include
+#endif
+#include
+#pragma warning(pop)
+
+
+static CRITICAL_SECTION dll_critical_section; /* dll's critical section */
+static HINSTANCEdll_instance = NULL;
+static SYSTEM_INFO dll_system_info;
+static HANDLE h_kernel = NULL;
+static HANDLE h_ntdll = NULL;
+static char dll_file_name[MAX_PATH];
+
+typedef BOOL (WINAPI *pfnGetSystemTimes)(LPFILETIME, LPFILETIME, LPFILETIME);
+static pfnGetSystemTimes fnGetSystemTimes = NULL;
+#if (_WIN32_WINNT < 0x0501)
+typedef NTSTATUS (WINAPI
*pfnNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+static pfnNtQuerySystemInformation fnNtQuerySystemInformation = NULL;
+#endif
+
+BOOL
+WINAPI
+DllMain(
+HINSTANCE instance,
+DWORD reason,
+LPVOID reserved)
+{
+
+switch (reason) {
+/** The DLL is loading due to process
+ * initialization or a call to LoadLibrary.
+ */
+case DLL_PROCESS_ATTACH:
+InitializeCriticalSection(&dll_critical_section);
+dll_instance = instance;
+GetSystemInfo(&dll_system_info);
+if ((h_kernel = LoadLibrary("kernel32.dll")) != NULL)
+fnGetSystemTimes = (pfnGetSystemTimes)GetProcAddress(h_kernel,
+"GetSystemTimes");
+if (fnGetSystemTimes == NULL) {
+FreeLibrary(h_kernel);
+h_kernel = NULL;
+#if (_WIN32_WINNT < 0x0501)
+if ((h_ntdll = LoadLibrary("ntdll.dll")) != NULL)
+fnNtQuerySystemInformation =
+(pfnNtQuerySystemInformation)GetProcAddress(h_ntdll,
+"NtQuerySystemInformation");
+
+if (fnNtQuerySystemInformation == NULL) {
+FreeLibrary(h_ntdll);
+h_ntdll = NULL;
+}
+#endif
+}
+GetModuleFileName(instance, dll_file_name, sizeof(dll_file_name));
+break;
+/** The attached process creates a new thread.
+ */
+case DLL_THREAD_ATTACH:
+break;
+
+/** The thread of the att
[tomcat-native] branch main updated (884ccafde -> ae1b33453)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git from 884ccafde Fix compilation issue on Windows new 1d727eaad Restore Windows specific system.c as it contains password prompt methods new c1687eca3 Improve the ignore file new ae1b33453 Remove unnecessary / unused code The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .gitignore | 7 ++ native/NMAKEmakefile| 1 + native/libtcnative.dsp | 4 + native/os/win32/libtcnative.rc | 1 - native/os/win32/logmessages.bin | Bin 224 -> 0 bytes native/os/win32/logmessages.mc | 41 native/os/win32/system.c| 203 native/tcnative.dsp | 4 + 8 files changed, 219 insertions(+), 42 deletions(-) delete mode 100644 native/os/win32/logmessages.bin delete mode 100644 native/os/win32/logmessages.mc create mode 100644 native/os/win32/system.c - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 02/03: Improve the ignore file
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit c1687eca370b97897e203db122981efe8f326b6a Author: Mark Thomas AuthorDate: Wed Jun 22 12:48:12 2022 +0100 Improve the ignore file --- .gitignore | 7 +++ 1 file changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index 5239107b6..3bb76e787 100644 --- a/.gitignore +++ b/.gitignore @@ -24,6 +24,13 @@ /native/tcnative.pc /native/tcnative.spec +/native/srclib/apr/* +!/native/srclib/apr/NMAKEmakefile + +/native/srclib/openssl/* +!/native/srclib/openssl/openssl-mscvrt* + +/native/*RELEASE /tomcat-native-* /tomcat-native-*/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 03/03: Remove unnecessary / unused code
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
commit ae1b334538a3575370ac527cfb5679bd0c95730c
Author: Mark Thomas
AuthorDate: Wed Jun 22 12:51:44 2022 +0100
Remove unnecessary / unused code
---
native/os/win32/libtcnative.rc | 1 -
native/os/win32/logmessages.bin | Bin 224 -> 0 bytes
native/os/win32/logmessages.mc | 41 ---
native/os/win32/system.c| 255
4 files changed, 297 deletions(-)
diff --git a/native/os/win32/libtcnative.rc b/native/os/win32/libtcnative.rc
index 841d8ea3e..f9ea95975 100644
--- a/native/os/win32/libtcnative.rc
+++ b/native/os/win32/libtcnative.rc
@@ -1,7 +1,6 @@
#include
LANGUAGE 0x9,0x1
-1 11 logmessages.bin
#define TCN_COPYRIGHT "Licensed to the Apache Software Foundation (ASF) under
" \
"one or more contributor license agreements. See the " \
diff --git a/native/os/win32/logmessages.bin b/native/os/win32/logmessages.bin
deleted file mode 100644
index 44ce98505..0
Binary files a/native/os/win32/logmessages.bin and /dev/null differ
diff --git a/native/os/win32/logmessages.mc b/native/os/win32/logmessages.mc
deleted file mode 100644
index 68f86f644..0
--- a/native/os/win32/logmessages.mc
+++ /dev/null
@@ -1,41 +0,0 @@
-MessageId=0x1
-Severity=Error
-SymbolicName=LOG_MSG_EMERG
-Language=English
-Emerg: %1
-.
-
-MessageId=0x2
-Severity=Error
-SymbolicName=LOG_MSG_ERROR
-Language=English
-Error: %1
-.
-
-MessageId=0x3
-Severity=Warning
-SymbolicName=LOG_MSG_NOTICE
-Language=English
-Notice: %1
-.
-
-MessageId=0x4
-Severity=Warning
-SymbolicName=LOG_MSG_WARN
-Language=English
-Warn: %1
-.
-
-MessageId=0x5
-Severity=Informational
-SymbolicName=LOG_MSG_INFO
-Language=English
-Info: %1
-.
-
-MessageId=0x6
-Severity=Success
-SymbolicName=LOG_MSG_DEBUG
-Language=English
-Debug: %1
-.
diff --git a/native/os/win32/system.c b/native/os/win32/system.c
index 42adf611f..ad9c58ae4 100644
--- a/native/os/win32/system.c
+++ b/native/os/win32/system.c
@@ -14,9 +14,6 @@
* limitations under the License.
*/
-#ifndef _WIN32_WINNT
-#define _WIN32_WINNT 0x0500
-#endif
#include
#include
#include
@@ -34,9 +31,6 @@
#pragma warning(push)
#pragma warning(disable : 4201)
-#if (_WIN32_WINNT < 0x0501)
-#include
-#endif
#include
#pragma warning(pop)
@@ -50,10 +44,6 @@ static char dll_file_name[MAX_PATH];
typedef BOOL (WINAPI *pfnGetSystemTimes)(LPFILETIME, LPFILETIME, LPFILETIME);
static pfnGetSystemTimes fnGetSystemTimes = NULL;
-#if (_WIN32_WINNT < 0x0501)
-typedef NTSTATUS (WINAPI
*pfnNtQuerySystemInformation)(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
-static pfnNtQuerySystemInformation fnNtQuerySystemInformation = NULL;
-#endif
BOOL
WINAPI
@@ -122,251 +112,6 @@ DllMain(
}
-TCN_IMPLEMENT_CALL(jstring, OS, syserror)(TCN_STDARGS, jint err)
-{
-jstring str;
-void *buf;
-
-UNREFERENCED(o);
-if (!FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
- FORMAT_MESSAGE_FROM_SYSTEM |
- FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL,
- err,
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
- (LPTSTR)&buf,
- 0,
- NULL)) {
-str = AJP_TO_JSTRING("Unknown Error");
-}
-else {
-str = AJP_TO_JSTRING((const char *)buf);
-LocalFree(buf);
-}
-return str;
-}
-
-TCN_IMPLEMENT_CALL(jstring, OS, expand)(TCN_STDARGS, jstring val)
-{
-jstring str;
-jchar buf[TCN_BUFFER_SZ] = L"";
-DWORD len;
-TCN_ALLOC_WSTRING(val);
-
-UNREFERENCED(o);
-TCN_INIT_WSTRING(val);
-
-len = ExpandEnvironmentStringsW(J2W(val), buf, TCN_BUFFER_SZ - 1);
-if (len > (TCN_BUFFER_SZ - 1)) {
-jchar *dbuf = malloc((len + 1) * 2);
-ExpandEnvironmentStringsW(J2W(val), dbuf, len);
-str = (*e)->NewString(e, dbuf, lstrlenW(dbuf));
-free(dbuf);
-}
-else
-str = (*e)->NewString(e, buf, lstrlenW(buf));
-
-TCN_FREE_WSTRING(val);
-return str;
-}
-
-#define LOG_MSG_EMERG0xC001L
-#define LOG_MSG_ERROR0xC002L
-#define LOG_MSG_NOTICE 0x8003L
-#define LOG_MSG_WARN 0x8004L
-#define LOG_MSG_INFO 0x4005L
-#define LOG_MSG_DEBUG0x0006L
-#define LOG_MSG_DOMAIN "Native"
-
-static char log_domain[MAX_PATH] = "Native";
-
-static void init_log_source(const char *domain)
-{
-HKEY key;
-DWORD ts;
-char event_key[MAX_PATH];
-
-strcpy(event_key,
"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\");
-strcat(event_key, domain);
-if (!RegCreateKey(HKEY_LOCAL_MACHINE, event_key, &key)) {
-RegSetValueEx(key, "EventMe
