commons-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject svn commit: r1170067 - in /commons/sandbox/runtime/trunk/src/main/native: Makefile.unx.in include/acr/ssl.h modules/openssl/api.c modules/openssl/bio.c modules/openssl/ctx.c
Date Tue, 13 Sep 2011 07:36:53 GMT
Author: mturk
Date: Tue Sep 13 07:36:52 2011
New Revision: 1170067

URL: http://svn.apache.org/viewvc?rev=1170067&view=rev
Log:
Add ssl BIO wrapper and missing api

Added:
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c   (with props)
Modified:
    commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
    commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
    commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c

Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in Tue Sep 13 07:36:52 2011
@@ -150,6 +150,7 @@ LIBSOURCES=\
 
 SSLSOURCES=\
 	$(TOPDIR)/modules/openssl/api.c \
+	$(TOPDIR)/modules/openssl/bio.c \
 	$(TOPDIR)/modules/openssl/ctx.c \
 	$(TOPDIR)/modules/openssl/init.c \
 	$(TOPDIR)/modules/openssl/password.c \

Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 13 07:36:52 2011
@@ -278,8 +278,6 @@ typedef struct acr_ssl_ctxt_t {
     X509_STORE      *crl;
     /* pointer to the context verify store */
     X509_STORE      *store;
-    const char      *cert_files[SSL_AIDX_MAX];
-    const char      *key_files[SSL_AIDX_MAX];
     X509            *certs[SSL_AIDX_MAX];
     EVP_PKEY        *keys[SSL_AIDX_MAX];
 
@@ -287,7 +285,6 @@ typedef struct acr_ssl_ctxt_t {
     int              shutdown_type;
     char            *rand_file;
 
-    const char      *cipher_suite;
     /* for client or downstream server authentication */
     int              verify_depth;
     int              verify_mode;
@@ -301,14 +298,14 @@ typedef struct acr_ssl_ctxt_t {
     int              stapling_fake_trylater;
     int              stapling_errcache_timeout;
     acr_time_t       stapling_responder_timeout;
-    const char      *stapling_force_url;
+    char            *stapling_force_url;
 #endif
 
     int              ocsp_enabled;       /* true if OCSP verification enabled */
     int              ocsp_force_default; /* true if the default responder URL is
                                           * used regardless of per-cert URL
                                           */
-    const char      *ocsp_responder;     /* default responder URL */
+    char            *ocsp_responder;     /* default responder URL */
     long             ocsp_resptime_skew;
     long             ocsp_resp_maxage;
     acr_time_t       ocsp_responder_timeout;

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Tue Sep 13 07:36:52
2011
@@ -86,9 +86,13 @@ struct SSLAPIst {
     /*** BIO      ***/
     long                (*fpBIO_ctrl)(BIO *, int, long, void *);
     int                 (*fpBIO_free)(BIO *);
+    void                (*fpBIO_free_all)(BIO *);
     BIO*                (*fpBIO_new)(BIO_METHOD *);
     BIO*                (*fpBIO_new_file)(const char *, const char *);
     BIO*                (*fpBIO_new_fp)(FILE *, int);
+    BIO*                (*fpBIO_push)(BIO *, BIO *);
+    
+    BIO_METHOD*         (*fpBIO_f_base64)(void);
     BIO_METHOD*         (*fpBIO_s_file)(void);
     BIO_METHOD*         (*fpBIO_s_mem)(void);
     int                 (*fpBIO_printf)(BIO *, const char *, ...);
@@ -98,6 +102,8 @@ struct SSLAPIst {
     BIGNUM*             (*fpBN_bin2bn)(const unsigned char *, int, BIGNUM *);
 
     /*** CRYPTO   ***/
+    void                (*fpCRYPTO_free)(void *);    
+    void*               (*fpCRYPTO_malloc)(int, const char *, int);
     int                 (*fpCRYPTO_num_locks)(void);
     void                (*fpCRYPTO_set_dynlock_create_callback)(struct CRYPTO_dynlock_value
*(*)(const char *, int));
     void                (*fpCRYPTO_set_dynlock_lock_callback)(void (*)(int, struct CRYPTO_dynlock_value
*, const char *, int));
@@ -111,11 +117,15 @@ struct SSLAPIst {
     void                (*fpDH_free)(DH *dh);
 
     /*** ERR      ***/
+    void                (*fpERR_clear_error)(void);
     void                (*fpERR_error_string_n)(unsigned long, char *, size_t);
     unsigned long       (*fpERR_get_error)(void);
     void                (*fpERR_load_crypto_strings)(void);
     unsigned long       (*fpERR_peek_error)(void);
 
+    /*** EVP      ***/
+    void                (*fpEVP_PKEY_free)(EVP_PKEY *);
+    
     /*** MD5      ***/
     int                 (*fpMD5_Final)(unsigned char *, MD5_CTX *);
     int                 (*fpMD5_Init)(MD5_CTX *);
@@ -172,6 +182,7 @@ struct SSLAPIst {
 
     /*** X509     ***/
     void                (*fpX509_free)(X509 *);
+    void                (*fpX509_STORE_free)(X509_STORE *);
     void                (*fpNULL)(void);
 
     /*** _STACK   ***/
@@ -271,9 +282,12 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     /*** BIO      ***/
     CRYPTO_FPLOAD(BIO_ctrl);
     CRYPTO_FPLOAD(BIO_free);
+    CRYPTO_FPLOAD(BIO_free_all);
     CRYPTO_FPLOAD(BIO_new);
     CRYPTO_FPLOAD(BIO_new_file);
     CRYPTO_FPLOAD(BIO_new_fp);
+    CRYPTO_FPLOAD(BIO_push);
+    CRYPTO_FPLOAD(BIO_f_base64);
     CRYPTO_FPLOAD(BIO_s_file);
     CRYPTO_FPLOAD(BIO_s_mem);
     CRYPTO_FPLOAD(BIO_printf);
@@ -296,11 +310,15 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
     CRYPTO_FPLOAD(DH_free);
 
     /*** ERR      ***/
+    CRYPTO_FPLOAD(ERR_clear_error);
     CRYPTO_FPLOAD(ERR_error_string_n);
     CRYPTO_FPLOAD(ERR_get_error);
     CRYPTO_FPLOAD(ERR_load_crypto_strings);
     CRYPTO_FPLOAD(ERR_peek_error);
 
+    /*** EVP      ***/
+    CRYPTO_FPLOAD(EVP_PKEY_free);
+    
     /*** MD5      ***/
     CRYPTO_FPLOAD(MD5_Final);
     CRYPTO_FPLOAD(MD5_Init);
@@ -396,6 +414,11 @@ int  BIO_free(BIO *a)
     return SSLAPI_CALL(BIO_free)(a);
 }
 
+void  BIO_free_all(BIO *a)
+{
+    SSLAPI_CALL(BIO_free_all)(a);
+}
+
 BIO *BIO_new_file(const char *filename, const char *mode)
 {
     return SSLAPI_CALL(BIO_new_file)(filename, mode);
@@ -406,6 +429,16 @@ BIO *BIO_new_fp(FILE *stream, int close_
     return SSLAPI_CALL(BIO_new_fp)(stream, close_flag);
 }
 
+BIO *BIO_push(BIO *b, BIO *append)
+{
+    return SSLAPI_CALL(BIO_push)(b, append);
+}
+
+BIO_METHOD *BIO_f_base64(void)
+{
+    return SSLAPI_CALL(BIO_f_base64)();
+}
+
 BIO_METHOD *BIO_s_file(void)
 {
     return SSLAPI_CALL(BIO_s_file)();
@@ -437,6 +470,16 @@ BIGNUM *BN_bin2bn(const unsigned char *s
     return SSLAPI_CALL(BN_bin2bn)(s, len, ret);
 }
 
+void CRYPTO_free(void *p)
+{
+    SSLAPI_CALL(CRYPTO_free)(p);
+}
+
+void *CRYPTO_malloc(int num, const char *file, int line)
+{
+    return SSLAPI_CALL(CRYPTO_malloc)(num, file, line);
+}
+
 int CRYPTO_num_locks(void)
 {
     return SSLAPI_CALL(CRYPTO_num_locks)();
@@ -558,6 +601,11 @@ int RAND_set_rand_engine(ENGINE *engine)
 
 #endif  /* OPENSSL_NO_ENGINE */
 
+void ERR_clear_error(void)
+{
+    SSLAPI_CALL(ERR_clear_error)();
+}
+
 void ERR_error_string_n(unsigned long e, char *buf, size_t len)
 {
     return SSLAPI_CALL(ERR_error_string_n)(e, buf, len);
@@ -578,6 +626,11 @@ unsigned long ERR_peek_error(void)
     return SSLAPI_CALL(ERR_peek_error)();
 }
 
+void EVP_PKEY_free(EVP_PKEY *pkey)
+{
+    SSLAPI_CALL(EVP_PKEY_free)(pkey);
+}
+
 int MD5_Init(MD5_CTX *c)
 {
     return SSLAPI_CALL(MD5_Init)(c);
@@ -737,6 +790,11 @@ void X509_free(X509 *x)
     SSLAPI_CALL(X509_free)(x);
 }
 
+void X509_STORE_free(X509_STORE *v)
+{
+    SSLAPI_CALL(X509_STORE_free)(v);
+}
+
 void sk_pop_free(SSLAPI_STACK *st, void (*func)(void *))
 {
     SSLAPI_CALL(sk_pop_free)(st, func);

Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1170067&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Tue Sep 13 07:36:52
2011
@@ -0,0 +1,188 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+J_DECLARE_CLAZZ = {
+    INVALID_FIELD_OFFSET,
+    0,
+    0,
+    0,
+    ACR_SSL_CP "SSLBio"
+};
+
+J_DECLARE_M_ID(0000) = {
+    0,
+    "<init>",
+    "(J)V"
+};
+
+J_DECLARE_M_ID(0001) = {
+    0,
+    "write",
+    "([B)I"
+};
+
+J_DECLARE_M_ID(0002) = {
+    0,
+    "read",
+    "([B)I"
+};
+
+J_DECLARE_M_ID(0003) = {
+    0,
+    "puts",
+    "(Ljava/lang/String;)I"
+};
+
+J_DECLARE_M_ID(0004) = {
+    0,
+    "gets",
+    "(I)Ljava/lang/String;"
+};
+
+typedef struct acr_bio_t {
+    volatile acr_atomic32_t refs;
+    jobject                 obj;
+} acr_bio_t;
+
+ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS)
+{
+    if (_clazzn.u == 0) {
+        if (AcrLoadClass(env, &_clazzn, 0) == JNI_FALSE)
+            return;
+        V_LOAD_METHOD(0000);
+        V_LOAD_METHOD(0001);
+        V_LOAD_METHOD(0002);
+        V_LOAD_METHOD(0003);
+        V_LOAD_METHOD(0004);
+        _clazzn.u = 1;
+    }
+}
+
+void ssl_bio_close(BIO *bi)
+{
+    if (bi == 0)
+        return;
+    if (bi->ptr != 0 && (bi->flags & SSL_BIO_FLAG_CALLBACK)) {
+        acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+        if (AcrAtomic32Dec(&bp->refs) == 0) {
+            OPENSSL_free(bp);
+            BIO_free(bi);
+        }
+    }
+    else
+        BIO_free(bi);
+}
+
+void ssl_bio_doref(BIO *bi)
+{
+    if (bi == 0)
+        return;
+    if (bi->ptr != 0 && (bi->flags & SSL_BIO_FLAG_CALLBACK)) {
+        acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+        AcrAtomic32Inc(&bp->refs);
+    }
+}
+
+static int bio_j_new(BIO *bi)
+{
+    acr_bio_t *bp;
+
+    if ((bp = OPENSSL_malloc(sizeof(acr_bio_t))) == 0)
+        return 0;
+    bp->refs     =  1;
+    bi->shutdown =  1;
+    bi->init     =  0;
+    bi->num      = -1;
+    bi->ptr      = (char *)bp;
+
+    return 1;
+}
+
+static int bio_j_free(BIO *bi)
+{
+    if (bi == 0)
+        return 0;
+    if (bi->ptr != NULL) {
+        acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+        if (bi->init) {
+            bi->init = 0;
+            if (bp->obj != 0) {
+                JNIEnv *env = AcrGetJNIEnv();
+                if (env != 0)
+                    (*env)->DeleteWeakGlobalRef(env, bp->obj);
+                bp->obj = 0;
+            }
+        }
+        OPENSSL_free(bi->ptr);
+    }
+    bi->ptr = 0;
+    return 1;
+}
+
+static long bio_j_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    return 0;
+}
+
+static BIO_METHOD bio_j_methods = {
+    BIO_TYPE_FILE,
+    "Java OpenSSL BIO",
+    0,
+    0,
+    0,
+    0,
+    bio_j_ctrl,
+    bio_j_new,
+    bio_j_free,
+    0
+};
+
+static BIO_METHOD *BIO_j_file()
+{
+    return &bio_j_methods;
+}
+
+ACR_SSL_EXPORT(jlong, SSLBio, new0)(JNI_STDARGS, jobject cb)
+{
+    BIO *bi;
+    acr_bio_t *bp;
+
+    if ((bi = BIO_new(BIO_j_file())) == 0) {
+        ACR_THROW(ACR_EX_ENOMEM, 0);
+        return 0;
+    }
+    bp = (acr_bio_t *)bi->ptr;
+    bp->obj = (*env)->NewWeakGlobalRef(env, cb);
+    if (bp->obj == 0) {
+        ssl_bio_close(bi);
+        ACR_THROW(ACR_EX_ENOMEM, 0);
+        return 0;
+    }
+
+    return P2J(bi);
+}

Propchange: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep 13 07:36:52
2011
@@ -37,3 +37,30 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
     return P2J(ctx);
 }
 
+ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
+{
+    int i;
+    acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+
+    if (c == 0)
+        return;
+    if (c->crl != 0)
+        X509_STORE_free(c->crl);
+    if (c->ctx != 0)
+        SSL_CTX_free(c->ctx);
+    for (i = 0; i < SSL_AIDX_MAX; i++) {
+        if (c->certs[i] != 0)
+            X509_free(c->certs[i]);
+        if (c->keys[i] != 0)
+            EVP_PKEY_free(c->keys[i]);
+    }
+#ifdef HAVE_OCSP_STAPLING
+    AcrFree(c->stapling_force_url);
+#endif    
+    AcrFree(c->ocsp_responder);
+    AcrFree(c->rand_file);
+    ssl_bio_close(c->bio_is);
+    ssl_bio_close(c->bio_os);
+    AcrFree(c);
+}
+



Mime
View raw message