commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1159885 - in /commons/sandbox/runtime/trunk/src/main/native: configure configure.bat include/acr/error.h modules/openssl/api.c os/win32/config.hw shared/error.c
Date Sat, 20 Aug 2011 15:37:56 GMT
Author: mturk
Date: Sat Aug 20 15:37:55 2011
New Revision: 1159885

URL: http://svn.apache.org/viewvc?rev=1159885&view=rev
Log:
Check for openssl fips support

Modified:
    commons/sandbox/runtime/trunk/src/main/native/configure
    commons/sandbox/runtime/trunk/src/main/native/configure.bat
    commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw
    commons/sandbox/runtime/trunk/src/main/native/shared/error.c

Modified: commons/sandbox/runtime/trunk/src/main/native/configure
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/configure?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/configure (original)
+++ commons/sandbox/runtime/trunk/src/main/native/configure Sat Aug 20 15:37:55 2011
@@ -1268,6 +1268,7 @@ else
     varadds cppopts -DUSE_FCNTL_MUTEX
 fi
 
+have_fips=0
 have_ocsp=0
 have_openssl=0
 have_openssl_static=0
@@ -1279,6 +1280,7 @@ if [ ".$has_openssl" = .yes ]; then
         have_openssl_static=1
     fi
     have_openssl=1
+    have_fips=`have_include openssl/fips`
     have_ocsp=`have_include openssl/ocsp`
     varadds modules '??(SSLOBJECTS)'
 else
@@ -1301,6 +1303,7 @@ else
         fi
         has_openssl=yes
         have_openssl=1
+        have_fips=`have_include w $openssl_home/openssl/fips`
         have_ocsp=`have_include w $openssl_home/openssl/ocsp`
         varadds modules '??(SSLOBJECTS)'
     fi
@@ -1477,6 +1480,7 @@ extern "C" {
 
 #define HAVE_OPENSSL            $have_openssl
 #define HAVE_OPENSSL_STATIC     $have_openssl_static
+#define HAVE_FIPS               $have_fips
 #define HAVE_OCSP               $have_ocsp
 #define HAVE_KSTAT              $have_kstat
 #define HAVE_PORT_H             $have_port_h

Modified: commons/sandbox/runtime/trunk/src/main/native/configure.bat
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/configure.bat?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/configure.bat (original)
+++ commons/sandbox/runtime/trunk/src/main/native/configure.bat Sat Aug 20 15:37:55 2011
@@ -97,6 +97,8 @@ goto TargetAll
 set ENABLE_TESTP=0
 set ENABLE_DEBUG=0
 set HAVE_OPENSSL=0
+set HAVE_FIPS=0
+set HAVE_OCSP=0
 set HAVE_INTRIN_H=0
 set WITH_OPENSSL=
 set MODULES=
@@ -148,6 +150,8 @@ if %HAVE_OPENSSL% == 1 (
      echo Make sure you set the correct path using /with-openssl
      echo.
   )
+  if exist "%WITH_OPENSSL%\openssl\fips.h" set HAVE_FIPS=1
+  if exist "%WITH_OPENSSL%\openssl\ocsp.h" set HAVE_OCSP=1
   set "INCLUDES=%INCLUDES% -I%WITH_OPENSSL%"
   set "MODULES=$(SSLOBJECTS)"
 )
@@ -218,6 +222,8 @@ type .\os\win32\config.hw >>%CCI%
 
 echo #define HAVE_INTRIN_H           ^%HAVE_INTRIN_H%>>%CCI%
 echo #define HAVE_OPENSSL            ^%HAVE_OPENSSL%>>%CCI%
+echo #define HAVE_FIPS               ^%HAVE_FIPS%>>%CCI%
+echo #define HAVE_OCSP               ^%HAVE_OCSP%>>%CCI%
 echo.>>%CCI%
 echo #define PACKAGE_NAME            "%NAME%">>%CCI%
 echo #define PACKAGE_PRINT           "%PNAME%">>%CCI%

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h Sat Aug 20 15:37:55
2011
@@ -1645,6 +1645,8 @@ AcrThrowByName(JNI_STDENV, const char *c
 void
 AcrThrow(JNI_STDENV, int cls, const char *msg);
 void
+AcrThrowEx(JNI_STDENV, int cls, const char *msg, ...);
+void
 AcrThrowByError(JNI_STDENV, int def, int err, const char *msg);
 void
 AcrThrowClass(JNI_STDENV, const char *clazz, const char *msg);

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Aug 20 15:37:55
2011
@@ -55,7 +55,17 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     SSLapi.fp##fN = AcrGetProcAddress(cryptodso, fname);        \
     if (SSLapi.fp##fN == 0) goto failed
 
+#define LIBSSL_LDDOPT(fN)                                       \
+    fname  = #fN;                                               \
+    SSLopt.fp##fN = AcrGetProcAddress(libssldso, fname)
+
+#define CRYPTO_LDDOPT(fN)                                       \
+    fname  = #fN;                                               \
+    SSLopt.fp##fN = AcrGetProcAddress(cryptodso, fname)
+        
 #define SSLAPI_LINK(fN) (*SSLapi.fp##fN)
+#define SSLOPT_LINK(fN) (*SSLopt.fp##fN)
+#define SSLOPT_HAVE(fN) (SSLopt.fp##fN != 0)
 
 struct SSLAPIst {
     unsigned long       (*fpSSLeay)(void);
@@ -64,18 +74,31 @@ struct SSLAPIst {
     SSL_CTX*            (*fpSSL_CTX_new)(const SSL_METHOD *);
     void                (*fpSSL_CTX_free)(SSL_CTX *);
 
+    void                (*fpNULL)(void);
+};
+
+struct SSLOPTst {
+#if HAVE_FIPS
+    int                 (*fpFIPS_mode)(void);
+#endif
+#if HAVE_OCSP
+
+#endif
+    void                (*fpNULL)(void);
 };
 
 static struct SSLAPIst SSLapi;
+static struct SSLOPTst SSLopt;
 static acr_dso_t       libssldso;
 static acr_dso_t       cryptodso;
 
 ACR_JNI_EXPORT(jboolean, Native, ldopenssl0)(JNI_STDARGS)
 {
-    char b[512];
     const char *fname = "";
     const char *dname = SSL_DSO_NAME;
 
+    memset(&SSLapi, 0, sizeof(SSLapi));
+    memset(&SSLopt, 0, sizeof(SSLopt));
     if ((cryptodso = AcrDsoLoad(CRYPTO_DSO_NAME)) == 0) {
         ACR_THROW_SYS_ERRNO();
         return JNI_FALSE;
@@ -93,11 +116,18 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     }
     LIBSSL_FPLOAD(SSL_CTX_new);
     LIBSSL_FPLOAD(SSL_CTX_free);
-    
+
+
+    /* Optional functions
+     * We could compile with the HAVE_FIPS, but target OpenSSL might not
+     * have FIPS support for example.
+     */
+#if HAVE_FIPS
+    LIBSSL_LDDOPT(FIPS_mode);
+#endif
     return JNI_TRUE;
 failed:
-    snprintf(b, sizeof(b), "Cannot find %s::%s()", dname, fname);
-    AcrThrow(env, ACR_EX_ENOENT, b);
+    AcrThrowEx(env, ACR_EX_ENOENT, "Cannot find %s::%s()", dname, fname);
     return JNI_FALSE;
 }
 
@@ -130,4 +160,13 @@ void SSL_CTX_free(SSL_CTX *ctx)
     SSLAPI_LINK(SSL_CTX_free)(ctx);
 }
 
+#if HAVE_FIPS
+int FIPS_mode()
+{
+    if (SSLOPT_HAVE(FIPS_mode))
+        return SSLOPT_LINK(FIPS_mode)();
+    else
+        return 0;
+}
+#endif /* HAVE_FIPS */
 #endif /* HAVE_OPENSSL_STATIC */

Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw Sat Aug 20 15:37:55 2011
@@ -147,7 +147,7 @@
 #define HAVE_SO_RCVTIMEO        1
 #define HAVE_SO_SNDTIMEO        1
 
-#define HAVE_OCSP               0
+#define HAVE_OPENSSL_STATIC     1
 #define HAVE_KSTAT              0
 #define HAVE_PORT_H             0
 

Modified: commons/sandbox/runtime/trunk/src/main/native/shared/error.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/error.c?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/shared/error.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/shared/error.c Sat Aug 20 15:37:55 2011
@@ -692,6 +692,22 @@ AcrThrow(JNI_STDENV, int cls, const char
 }
 
 void
+AcrThrowEx(JNI_STDENV, int cls, const char *msg, ...)
+{
+    if (msg == 0)
+        AcrThrow(env, cls, 0);
+    else {
+        char    buf[1024];
+        va_list ap;
+
+        va_start(ap, msg);
+        vsnprintf(buf, sizeof(buf), msg, ap);
+        va_end(ap);
+        AcrThrow(env, cls, buf);
+    }
+}
+
+void
 AcrDebugThrowException(JNI_STDENV,
                        const char *file, const char *func, int line,
                        int cls, int err)



Mime
View raw message