Author: mturk
Date: Fri Sep 9 05:47:30 2011
New Revision: 1167009
URL: http://svn.apache.org/viewvc?rev=1167009&view=rev
Log:
Split RAND code from init.c and make engine as a non-global class
Added:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
(with props)
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Engine.java
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Engine.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Engine.java?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Engine.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Engine.java
Fri Sep 9 05:47:30 2011
@@ -25,32 +25,40 @@ import java.io.File;
/**
* OpenSSL Engine
*/
-public final class Engine
+public final class Engine extends NativePointer
{
- private static boolean inited = false;
private static Object lock;
+ private static Engine global;
private Engine()
{
// No instance
}
+ private Engine(long pointer)
+ {
+ super.pointer = pointer;
+ }
+
static {
- lock = new Object();
+ lock = new Object();
+ global = null;
}
- private static native int init0(String name);
+ // Hide NativePointer
+ private final long pointer = 0L;
+ private static native long init0(String name)
+ throws SystemException;
+ private static native void free0(long e);
public static void initialize(String name)
throws SystemException
{
synchronized(lock) {
- if (!inited) {
- int rc = init0(name);
- if (rc != 0)
- throw new SystemException(Status.describe(rc));
- inited = true;
+ if (global == null) {
+ // Create global Engine instance.
+ global = new Engine(init0(name));
}
}
}
@@ -58,9 +66,31 @@ public final class Engine
public static boolean initialized()
{
synchronized(lock) {
- return inited;
+ return global != null;
}
}
+ public Engine(String name)
+ throws SystemException
+ {
+ super.pointer = init0(name);
+ }
+
+ /**
+ * Called by the garbage collector when the object is destroyed.
+ * The class will free internal resources allocated by the
+ * Operating system only if there are no additional references
+ * to this object.
+ *
+ * @see Object#finalize()
+ * @throws Throwable the {@code Exception} raised by this method.
+ */
+ @Override
+ protected final void finalize()
+ throws Throwable
+ {
+ free0(super.pointer);
+ }
+
}
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/PasswordCallback.java
Fri Sep 9 05:47:30 2011
@@ -27,7 +27,8 @@ public abstract class PasswordCallback
// Hide NativePointer
private final long pointer = 0L;
-
+
+ private boolean echoOn;
private String prompt;
private native long new0();
private native void def0(long pointer);
@@ -45,23 +46,25 @@ public abstract class PasswordCallback
protected PasswordCallback()
{
super.pointer = new0();
- prompt = Local.sm.get("password.PROMPT");
+ prompt = Local.sm.get("password.PROMPT");
+ echoOn = false;
}
/**
* Creates a new object instance
*/
- protected PasswordCallback(String prompt)
+ protected PasswordCallback(String prompt, boolean echoOn)
{
super.pointer = new0();
this.prompt = prompt;
+ this.echoOn = echoOn;
}
@Override
public int handler(Object thiz, int code)
{
try {
- String pass = onPasswordPrompt(prompt);
+ String pass = getPassword();
set0(super.pointer, pass);
return 1;
} catch (Exception x) {
@@ -89,10 +92,20 @@ public abstract class PasswordCallback
set0(super.pointer, password);
}
+ public final String getPrompt()
+ {
+ return prompt;
+ }
+
+ public final boolean isEchoOn()
+ {
+ return echoOn;
+ }
+
/**
* Application provided handler method.
*/
- protected abstract String onPasswordPrompt(String prompt)
+ protected abstract String getPassword()
throws Exception;
/**
Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in Fri Sep 9
05:47:30 2011
@@ -152,6 +152,7 @@ SSLSOURCES=\
$(TOPDIR)/modules/openssl/api.c \
$(TOPDIR)/modules/openssl/init.c \
$(TOPDIR)/modules/openssl/password.c \
+ $(TOPDIR)/modules/openssl/rand.c \
$(TOPDIR)/modules/openssl/util.c
CXXSOURCES=
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/stdtypes.h Fri
Sep 9 05:47:30 2011
@@ -54,6 +54,7 @@ typedef unsigned int acr_u32_t;
typedef int acr_i32_t;
typedef unsigned int acr_size_t;
typedef int acr_ssize_t;
+typedef unsigned long acr_ulong_t;
#if defined(_MSC_VER)
typedef ptrdiff_t ssize_t;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Fri
Sep 9 05:47:30 2011
@@ -28,7 +28,6 @@
#endif
void *acr_ssl_temp_keys[SSL_TMP_KEY_MAX];
-static char ssl_global_rand_file[PATH_MAX] = { 0 };
/* Dynamic lock structure */
struct CRYPTO_dynlock_value {
@@ -119,23 +118,12 @@ static void ssl_thread_lock(int mode, in
}
}
-static unsigned long ssl_thread_id(void)
+unsigned long ssl_thread_id()
{
- /* OpenSSL needs this to return an unsigned long. On OS/390, the pthread
- * id is a structure twice that big. Use the TCB pointer instead as a
- * unique unsigned long.
- */
-#ifdef __MVS__
- struct PSA {
- char unmapped[540];
- unsigned long PSATOLD;
- } *psaptr = 0;
-
- return psaptr->PSATOLD;
-#elif defined(WIN32)
+#if defined(WINDOWS)
return (unsigned long)GetCurrentThreadId();
#else
- return (unsigned long)(pthread_self());
+ return (unsigned long)pthread_self();
#endif
}
@@ -187,75 +175,6 @@ static void ssl_dynlock_destroy(struct C
AcrFree(l);
}
-static int ssl_rand_choosenum(int l, int h)
-{
- int i;
- char buf[50];
-
- snprintf(buf, sizeof(buf), "%.0f", (((double)(_bsd_arc4random() %
RAND_MAX) / RAND_MAX) * (h - l)));
- i = atoi(buf) + 1;
- if (i < l) i = l;
- if (i > h) i = h;
- return i;
-}
-
-static int ssl_rand_load_file(const char *file)
-{
- char buffer[PATH_MAX];
- int n;
-
- if (file == 0)
- file = ssl_global_rand_file;
- if (strcmp(file, "builtin") == 0)
- return -1;
- if (*file == '\0')
- file = RAND_file_name(buffer, sizeof(buffer));
- if (file != 0 && *file != '\0') {
- if (strncmp(file, "egd:", 4) == 0) {
- if ((n = RAND_egd(file + 4)) > 0)
- return n;
- else
- return -1;
- }
- if ((n = RAND_load_file(file, -1)) > 0)
- return n;
- }
- return -1;
-}
-
-int ssl_rand_seed(const char *file)
-{
- unsigned char stackdata[256];
- static volatile unsigned int counter = 0;
-
- if (ssl_rand_load_file(file) < 0) {
- int n;
- struct {
- acr_time_t t;
- pid_t p;
- unsigned long i;
- unsigned int u;
- } _ssl_seed;
- if (counter == 0) {
- for (n = 0; n < 256; n++)
- stackdata[n] = (unsigned char)_bsd_arc4random();
- RAND_seed(stackdata, 128);
- }
- _ssl_seed.t = AcrTimeNow();
- _ssl_seed.p = getpid();
- _ssl_seed.i = ssl_thread_id();
- counter++;
- _ssl_seed.u = counter;
- RAND_seed((unsigned char *)&_ssl_seed, sizeof(_ssl_seed));
- /*
- * seed in some current state of the run-time stack (128 bytes)
- */
- n = ssl_rand_choosenum(0, 127);
- RAND_seed(stackdata + n, 128);
- }
- return RAND_status();
-}
-
static int ssl_initialized = 0;
ACR_SSL_EXPORT(jint, Library, init0)(JNI_STDARGS)
@@ -335,13 +254,13 @@ ACR_SSL_EXPORT(void, Library, fipsmode0)
#endif
}
-ACR_SSL_EXPORT(jint, Engine, init0)(JNI_STDARGS, jstring name)
+ACR_SSL_EXPORT(jlong, Engine, init0)(JNI_STDARGS, jstring name)
{
+ jlong ep = 0;
+ int rc = 0;
#ifndef OPENSSL_NO_ENGINE
- int rc = 0;
WITH_CSTR(name) {
ENGINE *ee = 0;
- rc = 0;
if (strcmp(J2S(name), "auto") == 0) {
ENGINE_register_all_complete();
}
@@ -355,63 +274,25 @@ ACR_SSL_EXPORT(jint, Engine, init0)(JNI_
if (!ENGINE_set_default(ee, ENGINE_METHOD_ALL))
rc = ACR_ENOTIMPL;
}
- /* Free our "structural" reference. */
if (ee != 0)
- ENGINE_free(ee);
+ ep = P2J(ee);
}
} DONE_WITH_STR(name);
- return rc;
#else
- return ACR_ENOTIMPL;
+ rc = ACR_ENOTIMPL;
#endif
+ if (rc != 0)
+ ACR_THROW_SYS_ERROR(rc);
+ return ep;
}
-ACR_SSL_EXPORT(jboolean, Random, seed0)(JNI_STDARGS, jstring file)
+ACR_SSL_EXPORT(void, Engine, free0)(JNI_STDARGS, jlong ep)
{
- int rc = 0;
- /* Initialize PRNG
- * This will in most cases call the builtin
- * low entropy seed.
- */
- WITH_CSTR(file) {
- rc = ssl_rand_seed(J2S(file));
- } DONE_WITH_STR(file);
- return rc == 0 ? JNI_FALSE : JNI_TRUE;
-}
-
-ACR_SSL_EXPORT(jboolean, Random, seed1)(JNI_STDARGS)
-{
- return ssl_rand_seed(0) == 0 ? JNI_FALSE : JNI_TRUE;
-}
-
-ACR_SSL_EXPORT(jboolean, Random, seed2)(JNI_STDARGS, jbyteArray ba,
- jint off, jint len)
-{
- jboolean rv = JNI_FALSE;
- jbyte *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
-
- if (sb) {
- RAND_seed(sb + off, len);
- if (RAND_status() > 0)
- rv = JNI_TRUE;
- }
- return rv;
-}
-
-ACR_SSL_EXPORT(jstring, Random, getdef0)(JNI_STDARGS)
-{
- char buffer[PATH_MAX];
- if (ssl_global_rand_file[0] != '\0')
- return AcrNewJavaStringA(env, ssl_global_rand_file);
- if (RAND_file_name(buffer, sizeof(buffer)) != 0)
- return AcrNewJavaStringA(env, buffer);
- else
- return 0;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *ee = J2P(ep, ENGINE *);
+ /* Free our "structural" reference. */
+ if (ee != 0)
+ ENGINE_free(ee);
+#endif
}
-ACR_SSL_EXPORT(void, Random, setdef0)(JNI_STDARGS, jstring path)
-{
- WITH_CSTR(path) {
- strlcpy(ssl_global_rand_file, J2S(path), PATH_MAX);
- } DONE_WITH_STR(path);
-}
Modified:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
Fri Sep 9 05:47:30 2011
@@ -77,6 +77,7 @@ ACR_SSL_EXPORT(void, PasswordCallback, d
/* XXX: Should we allow that ? */
acr_ssl_password_cb = 0;
}
+ AcrCallbackFree(env, pc->cb);
AcrMemCleanse(pc->password, 0);
AcrFree(pc->password);
AcrFree(pc);
@@ -106,7 +107,8 @@ ACR_SSL_EXPORT(int, TestOpenSSL, runPass
{
if (acr_ssl_password_cb != 0) {
AcrCallbackRun(0, acr_ssl_password_cb->cb, 0, 0, 0);
- if (acr_ssl_password_cb->password &&
strcmp(acr_ssl_password_cb->password, "secret") == 0)
+ if (acr_ssl_password_cb->password != 0 &&
+ strcmp(acr_ssl_password_cb->password, "secret") == 0)
return 0;
else
return ACR_EINVAL;
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c?rev=1167009&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c Fri
Sep 9 05:47:30 2011
@@ -0,0 +1,154 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+static char ssl_global_rand_file[PATH_MAX] = { 0 };
+static int ssl_rand_choosenum(int l, int h)
+{
+ int i;
+ char buf[50];
+
+ snprintf(buf, sizeof(buf), "%.0f", (((double)(_bsd_arc4random() %
RAND_MAX) / RAND_MAX) * (h - l)));
+ i = atoi(buf) + 1;
+ if (i < l) i = l;
+ if (i > h) i = h;
+ return i;
+}
+
+static int ssl_rand_load_file(const char *file)
+{
+ char buffer[PATH_MAX];
+ int n;
+
+ if (file == 0)
+ file = ssl_global_rand_file;
+ if (strcmp(file, "builtin") == 0)
+ return -1;
+ if (*file == '\0')
+ file = RAND_file_name(buffer, sizeof(buffer));
+ if (file != 0 && *file != '\0') {
+ if (strncmp(file, "egd:", 4) == 0) {
+ if ((n = RAND_egd(file + 4)) > 0)
+ return n;
+ else
+ return -1;
+ }
+ if ((n = RAND_load_file(file, -1)) > 0)
+ return n;
+ }
+ return -1;
+}
+
+int ssl_rand_seed(const char *file)
+{
+ unsigned char stackdata[256];
+ static volatile unsigned int counter = 0;
+
+ if (ssl_rand_load_file(file) < 0) {
+ int n;
+ struct {
+ acr_time_t t;
+ pid_t p;
+#if defined(WINDOWS)
+ DWORD i;
+#else
+ pthread_t i;
+#endif
+ unsigned int u;
+ } _ssl_seed;
+ if (counter == 0) {
+ for (n = 0; n < 256; n++)
+ stackdata[n] = (unsigned char)_bsd_arc4random();
+ RAND_seed(stackdata, 128);
+ }
+ _ssl_seed.t = AcrTimeNow();
+ _ssl_seed.p = getpid();
+#if defined(WINDOWS)
+ _ssl_seed.i = GetCurrentThreadId();
+#else
+ _ssl_seed.i = pthread_self();
+#endif
+ _ssl_seed.u = ++counter;
+ RAND_seed((unsigned char *)&_ssl_seed, sizeof(_ssl_seed));
+ /*
+ * seed in some current state of the run-time stack (128 bytes)
+ */
+ n = ssl_rand_choosenum(0, 127);
+ RAND_seed(stackdata + n, 128);
+ }
+ return RAND_status();
+}
+
+ACR_SSL_EXPORT(jboolean, Random, seed0)(JNI_STDARGS, jstring file)
+{
+ int rc = 0;
+ /* Initialize PRNG
+ * This will in most cases call the builtin
+ * low entropy seed.
+ */
+ WITH_CSTR(file) {
+ rc = ssl_rand_seed(J2S(file));
+ } DONE_WITH_STR(file);
+ return rc == 0 ? JNI_FALSE : JNI_TRUE;
+}
+
+ACR_SSL_EXPORT(jboolean, Random, seed1)(JNI_STDARGS)
+{
+ return ssl_rand_seed(0) == 0 ? JNI_FALSE : JNI_TRUE;
+}
+
+ACR_SSL_EXPORT(jboolean, Random, seed2)(JNI_STDARGS, jbyteArray ba,
+ jint off, jint len)
+{
+ jboolean rv = JNI_FALSE;
+ jbyte *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
+
+ if (sb) {
+ RAND_seed(sb + off, len);
+ if (RAND_status() > 0)
+ rv = JNI_TRUE;
+ }
+ return rv;
+}
+
+ACR_SSL_EXPORT(jstring, Random, getdef0)(JNI_STDARGS)
+{
+ char buffer[PATH_MAX];
+ if (ssl_global_rand_file[0] != '\0')
+ return AcrNewJavaStringA(env, ssl_global_rand_file);
+ if (RAND_file_name(buffer, sizeof(buffer)) != 0)
+ return AcrNewJavaStringA(env, buffer);
+ else
+ return 0;
+}
+
+ACR_SSL_EXPORT(void, Random, setdef0)(JNI_STDARGS, jstring path)
+{
+ WITH_CSTR(path) {
+ strlcpy(ssl_global_rand_file, J2S(path), PATH_MAX);
+ } DONE_WITH_STR(path);
+}
Propchange: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java?rev=1167009&r1=1167008&r2=1167009&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/test/org/apache/commons/runtime/TestOpenSSL.java
Fri Sep 9 05:47:30 2011
@@ -34,11 +34,14 @@ public class TestOpenSSL extends Assert
}
@Override
- public String onPasswordPrompt(String prompt)
+ public String getPassword()
throws Exception
{
- System.out.print(prompt);
+ System.out.print(getPrompt());
System.out.println();
+ // This would be the place where application
+ // would obtain the password from the user or
+ // from some configuration.
return "secret";
}
}
