'(tomcat) branch 9.0.x updated: Port add macros'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-dev
Subject:    (tomcat) branch 9.0.x updated: Port add macros
From:       remm () apache ! org
Date:       2023-10-31 11:30:18
Message-ID: 169875181815.1741426.13189853111629609685 () gitbox2-he-fi ! apache ! org
[Download RAW message or body]

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 313062eca9 Port add macros
313062eca9 is described below

commit 313062eca91e7049a132ae0fa4ce92d599fdc242
Author: remm <remm@apache.org>
AuthorDate: Tue Oct 31 12:25:06 2023 +0100

    Port add macros
---
 .../util/net/openssl/panama/OpenSSLContext.java    | 14 ++++----
 .../tomcat/util/openssl/openssl_h_Macros.java      | 42 ++++++++++++++++++++++
 2 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java \
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 index 90b2a97047..2168196575 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
                
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 @@ -1180,8 +1180,7 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext {  if (!MemorySegment.NULL.equals(ecparams)) {
                         int curveNid = EC_GROUP_get_curve_name(ecparams);
                         var curveNidAddress = \
                localArena.allocateFrom(ValueLayout.JAVA_INT, curveNid);
-                        // SSL_CTX_set1_curves(state.sslCtx, &curveNid, 1)
-                        if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_SET_GROUPS(), 1, \
curveNidAddress) <= 0) { +                        if \
(SSL_CTX_set1_groups(state.sslCtx, curveNidAddress, 1) <= 0) {  curveNid = 0;
                         }
                         if (log.isDebugEnabled()) {
@@ -1190,6 +1189,7 @@ public class OpenSSLContext implements \
org.apache.tomcat.util.net.SSLContext {  EC_GROUP_free(ecparams);
                     }
                 }
+                // FIXME: Ideally these should be loaded in Java but still processed \
through OpenSSL  // Set certificate chain file
                 if (certificate.getCertificateChainFile() != null) {
                     var certificateChainFileNative =
@@ -1211,9 +1211,8 @@ public class OpenSSLContext implements \
                org.apache.tomcat.util.net.SSLContext {
                     MemorySegment x509Lookup = \
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());  var \
                certificateRevocationListFileNative =
                             \
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
                
-                    //X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
-                    if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), \
                certificateRevocationListFileNative,
-                            X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+                    if (X509_LOOKUP_load_file(x509Lookup, \
certificateRevocationListFileNative, +                            \
                X509_FILETYPE_PEM()) <= 0) {
                         \
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList", \
sslHostConfig.getCertificateRevocationListFile()));  }
                 }
@@ -1221,9 +1220,8 @@ public class OpenSSLContext implements \
                org.apache.tomcat.util.net.SSLContext {
                     MemorySegment x509Lookup = \
X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());  var \
                certificateRevocationListPathNative =
                             \
localArena.allocateFrom(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
                
-                    //X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
-                    if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), \
                certificateRevocationListPathNative,
-                            X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
+                    if (X509_LOOKUP_add_dir(x509Lookup, \
certificateRevocationListPathNative, +                            \
                X509_FILETYPE_PEM()) <= 0) {
                         \
log.error(sm.getString("openssl.errorLoadingCertificateRevocationList", \
sslHostConfig.getCertificateRevocationListPath()));  }
                 }
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java \
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
 index 139addb2ba..de8cf7e079 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
                
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
 @@ -189,6 +189,48 @@ public class openssl_h_Macros {
         return BIO_ctrl(bio, BIO_CTRL_RESET(), 0, MemorySegment.NULL);
     }
 
+
+    /**
+     * Set NIDs of groups in preference order. 
+     * # define SSL_CTX_set1_curves           SSL_CTX_set1_groups
+     * # define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+     *          SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+     * @param sslCtx the SSL context
+     * @param groupsList the groups list
+     * @param listLength the list length
+     * @return > 0 if successful
+     */
+    public static long SSL_CTX_set1_groups(MemorySegment sslCtx, MemorySegment \
groupsList, int listLength) { +        return SSL_CTX_ctrl(sslCtx, \
SSL_CTRL_SET_GROUPS(), listLength, groupsList); +    }
+
+
+    /**
+     * Pass a path from which certificates are loaded into the store.
+     * # define X509_LOOKUP_add_dir(x,name,type) \
+     *          X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+     * @param x509Lookup the X509 lookup
+     * @param name the path name
+     * @param type the type used
+     * @return > 0 if successful
+     */
+    public static long X509_LOOKUP_add_dir(MemorySegment x509Lookup, MemorySegment \
name, long type) { +        return X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), \
name, X509_FILETYPE_PEM(), MemorySegment.NULL); +    }
+
+    /**
+     * Pass a file which will be loaded into the store.
+     * # define X509_LOOKUP_load_file(x,name,type) \
+     *          X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+     * @param x509Lookup
+     * @param name
+     * @param type
+     * @return
+     */
+    public static long X509_LOOKUP_load_file(MemorySegment x509Lookup, MemorySegment \
name, long type) { +        return X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), \
name, X509_FILETYPE_PEM(), MemorySegment.NULL); +    }
+
 }
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic