Author: mturk
Date: Sat Aug 20 15:37:55 2011
New Revision: 1159885
URL: http://svn.apache.org/viewvc?rev=1159885&view=rev
Log:
Check for openssl fips support
Modified:
commons/sandbox/runtime/trunk/src/main/native/configure
commons/sandbox/runtime/trunk/src/main/native/configure.bat
commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw
commons/sandbox/runtime/trunk/src/main/native/shared/error.c
Modified: commons/sandbox/runtime/trunk/src/main/native/configure
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/configure?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/configure (original)
+++ commons/sandbox/runtime/trunk/src/main/native/configure Sat Aug 20 15:37:55
2011
@@ -1268,6 +1268,7 @@ else
varadds cppopts -DUSE_FCNTL_MUTEX
fi
+have_fips=0
have_ocsp=0
have_openssl=0
have_openssl_static=0
@@ -1279,6 +1280,7 @@ if [ ".$has_openssl" = .yes ]; then
have_openssl_static=1
fi
have_openssl=1
+ have_fips=`have_include openssl/fips`
have_ocsp=`have_include openssl/ocsp`
varadds modules '??(SSLOBJECTS)'
else
@@ -1301,6 +1303,7 @@ else
fi
has_openssl=yes
have_openssl=1
+ have_fips=`have_include w $openssl_home/openssl/fips`
have_ocsp=`have_include w $openssl_home/openssl/ocsp`
varadds modules '??(SSLOBJECTS)'
fi
@@ -1477,6 +1480,7 @@ extern "C" {
#define HAVE_OPENSSL $have_openssl
#define HAVE_OPENSSL_STATIC $have_openssl_static
+#define HAVE_FIPS $have_fips
#define HAVE_OCSP $have_ocsp
#define HAVE_KSTAT $have_kstat
#define HAVE_PORT_H $have_port_h
Modified: commons/sandbox/runtime/trunk/src/main/native/configure.bat
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/configure.bat?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/configure.bat (original)
+++ commons/sandbox/runtime/trunk/src/main/native/configure.bat Sat Aug 20
15:37:55 2011
@@ -97,6 +97,8 @@ goto TargetAll
set ENABLE_TESTP=0
set ENABLE_DEBUG=0
set HAVE_OPENSSL=0
+set HAVE_FIPS=0
+set HAVE_OCSP=0
set HAVE_INTRIN_H=0
set WITH_OPENSSL=
set MODULES=
@@ -148,6 +150,8 @@ if %HAVE_OPENSSL% == 1 (
echo Make sure you set the correct path using /with-openssl
echo.
)
+ if exist "%WITH_OPENSSL%\openssl\fips.h" set HAVE_FIPS=1
+ if exist "%WITH_OPENSSL%\openssl\ocsp.h" set HAVE_OCSP=1
set "INCLUDES=%INCLUDES% -I%WITH_OPENSSL%"
set "MODULES=$(SSLOBJECTS)"
)
@@ -218,6 +222,8 @@ type .\os\win32\config.hw >>%CCI%
echo #define HAVE_INTRIN_H ^%HAVE_INTRIN_H%>>%CCI%
echo #define HAVE_OPENSSL ^%HAVE_OPENSSL%>>%CCI%
+echo #define HAVE_FIPS ^%HAVE_FIPS%>>%CCI%
+echo #define HAVE_OCSP ^%HAVE_OCSP%>>%CCI%
echo.>>%CCI%
echo #define PACKAGE_NAME "%NAME%">>%CCI%
echo #define PACKAGE_PRINT "%PNAME%">>%CCI%
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/error.h Sat Aug
20 15:37:55 2011
@@ -1645,6 +1645,8 @@ AcrThrowByName(JNI_STDENV, const char *c
void
AcrThrow(JNI_STDENV, int cls, const char *msg);
void
+AcrThrowEx(JNI_STDENV, int cls, const char *msg, ...);
+void
AcrThrowByError(JNI_STDENV, int def, int err, const char *msg);
void
AcrThrowClass(JNI_STDENV, const char *clazz, const char *msg);
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Sat Aug
20 15:37:55 2011
@@ -55,7 +55,17 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
SSLapi.fp##fN = AcrGetProcAddress(cryptodso, fname); \
if (SSLapi.fp##fN == 0) goto failed
+#define LIBSSL_LDDOPT(fN) \
+ fname = #fN; \
+ SSLopt.fp##fN = AcrGetProcAddress(libssldso, fname)
+
+#define CRYPTO_LDDOPT(fN) \
+ fname = #fN; \
+ SSLopt.fp##fN = AcrGetProcAddress(cryptodso, fname)
+
#define SSLAPI_LINK(fN) (*SSLapi.fp##fN)
+#define SSLOPT_LINK(fN) (*SSLopt.fp##fN)
+#define SSLOPT_HAVE(fN) (SSLopt.fp##fN != 0)
struct SSLAPIst {
unsigned long (*fpSSLeay)(void);
@@ -64,18 +74,31 @@ struct SSLAPIst {
SSL_CTX* (*fpSSL_CTX_new)(const SSL_METHOD *);
void (*fpSSL_CTX_free)(SSL_CTX *);
+ void (*fpNULL)(void);
+};
+
+struct SSLOPTst {
+#if HAVE_FIPS
+ int (*fpFIPS_mode)(void);
+#endif
+#if HAVE_OCSP
+
+#endif
+ void (*fpNULL)(void);
};
static struct SSLAPIst SSLapi;
+static struct SSLOPTst SSLopt;
static acr_dso_t libssldso;
static acr_dso_t cryptodso;
ACR_JNI_EXPORT(jboolean, Native, ldopenssl0)(JNI_STDARGS)
{
- char b[512];
const char *fname = "";
const char *dname = SSL_DSO_NAME;
+ memset(&SSLapi, 0, sizeof(SSLapi));
+ memset(&SSLopt, 0, sizeof(SSLopt));
if ((cryptodso = AcrDsoLoad(CRYPTO_DSO_NAME)) == 0) {
ACR_THROW_SYS_ERRNO();
return JNI_FALSE;
@@ -93,11 +116,18 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
}
LIBSSL_FPLOAD(SSL_CTX_new);
LIBSSL_FPLOAD(SSL_CTX_free);
-
+
+
+ /* Optional functions
+ * We could compile with the HAVE_FIPS, but target OpenSSL might not
+ * have FIPS support for example.
+ */
+#if HAVE_FIPS
+ LIBSSL_LDDOPT(FIPS_mode);
+#endif
return JNI_TRUE;
failed:
- snprintf(b, sizeof(b), "Cannot find %s::%s()", dname, fname);
- AcrThrow(env, ACR_EX_ENOENT, b);
+ AcrThrowEx(env, ACR_EX_ENOENT, "Cannot find %s::%s()", dname, fname);
return JNI_FALSE;
}
@@ -130,4 +160,13 @@ void SSL_CTX_free(SSL_CTX *ctx)
SSLAPI_LINK(SSL_CTX_free)(ctx);
}
+#if HAVE_FIPS
+int FIPS_mode()
+{
+ if (SSLOPT_HAVE(FIPS_mode))
+ return SSLOPT_LINK(FIPS_mode)();
+ else
+ return 0;
+}
+#endif /* HAVE_FIPS */
#endif /* HAVE_OPENSSL_STATIC */
Modified: commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/win32/config.hw Sat Aug 20
15:37:55 2011
@@ -147,7 +147,7 @@
#define HAVE_SO_RCVTIMEO 1
#define HAVE_SO_SNDTIMEO 1
-#define HAVE_OCSP 0
+#define HAVE_OPENSSL_STATIC 1
#define HAVE_KSTAT 0
#define HAVE_PORT_H 0
Modified: commons/sandbox/runtime/trunk/src/main/native/shared/error.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/shared/error.c?rev=1159885&r1=1159884&r2=1159885&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/shared/error.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/shared/error.c Sat Aug 20
15:37:55 2011
@@ -692,6 +692,22 @@ AcrThrow(JNI_STDENV, int cls, const char
}
void
+AcrThrowEx(JNI_STDENV, int cls, const char *msg, ...)
+{
+ if (msg == 0)
+ AcrThrow(env, cls, 0);
+ else {
+ char buf[1024];
+ va_list ap;
+
+ va_start(ap, msg);
+ vsnprintf(buf, sizeof(buf), msg, ap);
+ va_end(ap);
+ AcrThrow(env, cls, buf);
+ }
+}
+
+void
AcrDebugThrowException(JNI_STDENV,
const char *file, const char *func, int line,
int cls, int err)
