Author: mturk
Date: Fri Sep 9 08:36:07 2011
New Revision: 1167041
URL: http://svn.apache.org/viewvc?rev=1167041&view=rev
Log:
Make all engine code optional on load time
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Random.java
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
Modified:
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Random.java
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Random.java?rev=1167041&r1=1167040&r2=1167041&view=diff
==============================================================================
---
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Random.java
(original)
+++
commons/sandbox/runtime/trunk/src/main/java/org/apache/commons/runtime/ssl/Random.java
Fri Sep 9 08:36:07 2011
@@ -21,6 +21,7 @@ import org.apache.commons.runtime.Status
import org.apache.commons.runtime.SystemException;
import java.io.File;
+import java.nio.ByteBuffer;
/**
* Random number gererator
@@ -30,6 +31,7 @@ public final class Random
private byte buf[];
private int pos;
+ private int siz;
/**
* Creates a new random number generator.
@@ -38,6 +40,7 @@ public final class Random
{
buf = new byte[1024];
pos = 0;
+ siz = 0;
}
private static native boolean seed0(String path);
@@ -46,6 +49,10 @@ public final class Random
private static native String getdef0();
private static native void setdef0(String path);
+ private static native int bytes0(byte[] b, int off, int len);
+ private static native int bytes1(ByteBuffer b, int off, int len);
+ private static native boolean seteng0(long ep);
+
public static boolean seed(String path)
{
return seed0(path);
@@ -57,6 +64,7 @@ public final class Random
}
private static boolean seed(byte[] b, int off, int len)
+ throws IndexOutOfBoundsException
{
if (off < 0 || off + len > b.length)
throw new IndexOutOfBoundsException();
@@ -81,6 +89,66 @@ public final class Random
return new File(path);
}
+ public void nextBytes(byte[] bytes, int off, int len)
+ throws IndexOutOfBoundsException
+ {
+ if (off < 0 || off + len > bytes.length)
+ throw new IndexOutOfBoundsException();
+ synchronized(buf) {
+ if (siz > 0) {
+ int n = siz > len ? len : pos;
+ System.arraycopy(buf, pos, bytes, off, n);
+ off += n;
+ len -= n;
+ pos += n;
+ siz -= n;
+ }
+ }
+ if (len > 0)
+ bytes0(bytes, off, len);
+ }
+
+ public void nextBytes(byte[] bytes)
+ throws IndexOutOfBoundsException
+ {
+ nextBytes(bytes, 0, bytes.length);
+ }
+
+ public void nextBytes(ByteBuffer buffer)
+ throws NullPointerException
+ {
+ if (buffer == null)
+ throw new NullPointerException();
+ synchronized(buf) {
+ if (siz > 0) {
+ int s = buffer.remaining();
+ int n = siz > s ? s : pos;
+ buffer.put(buf, pos, n);
+ pos += n;
+ siz -= n;
+ }
+ }
+ if (buffer.remaining() > 0)
+ bytes1(buffer, buffer.position(), buffer.remaining());
+ }
+
+ public byte nextByte()
+ {
+ synchronized(buf) {
+ if (siz == 0) {
+ bytes0(buf, 0, buf.length);
+ pos = 0;
+ siz = buf.length;
+ }
+ siz--;
+ return buf[pos++];
+ }
+ }
+ public boolean setEngine(Engine e)
+ {
+ // TODO: Throw error if fails
+ return seteng0(((NativePointer)e).pointer);
+ }
}
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1167041&r1=1167040&r2=1167041&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Fri Sep
9 08:36:07 2011
@@ -107,17 +107,6 @@ struct SSLAPIst {
DH* (*fpDH_new)(void);
void (*fpDH_free)(DH *dh);
- /*** ENGINE ***/
- ENGINE* (*fpENGINE_by_id)(const char *);
- int (*fpENGINE_ctrl)(ENGINE *, int, long, void *, void
(*)(void));
- int (*fpENGINE_ctrl_cmd)(ENGINE *, const char *, long,
void *, void (*)(void), int);
- int (*fpENGINE_ctrl_cmd_string)(ENGINE *, const char *,
const char *, int);
-
- int (*fpENGINE_free)(ENGINE *);
- void (*fpENGINE_load_builtin_engines)(void);
- int (*fpENGINE_register_all_complete)(void);
- int (*fpENGINE_set_default)(ENGINE *, unsigned int);
-
/*** ERR ***/
void (*fpERR_error_string_n)(unsigned long, char *, size_t);
unsigned long (*fpERR_get_error)(void);
@@ -137,6 +126,7 @@ struct SSLAPIst {
X509* (*fpPEM_read_bio_X509)(BIO *, X509 **, pem_password_cb
*, void *);
/*** RAND ***/
+ int (*fpRAND_bytes)(unsigned char *, int);
int (*fpRAND_egd)(const char *);
const char* (*fpRAND_file_name)(char *, size_t);
int (*fpRAND_load_file)(const char *, long);
@@ -161,6 +151,10 @@ struct SSLAPIst {
/*** X509 ***/
void (*fpX509_free)(X509 *);
void (*fpNULL)(void);
+
+ /*** _STACK ***/
+ void (*fpsk_pop_free)(_STACK *, void (*)(void *));
+
};
struct SSLOPTst {
@@ -171,6 +165,21 @@ struct SSLOPTst {
#if HAVE_OCSP
#endif
+#ifndef OPENSSL_NO_ENGINE
+ /*** ENGINE ***/
+ ENGINE* (*fpENGINE_by_id)(const char *);
+ int (*fpENGINE_ctrl)(ENGINE *, int, long, void *, void
(*)(void));
+ int (*fpENGINE_ctrl_cmd)(ENGINE *, const char *, long,
void *, void (*)(void), int);
+ int (*fpENGINE_ctrl_cmd_string)(ENGINE *, const char *,
const char *, int);
+
+ int (*fpENGINE_free)(ENGINE *);
+ void (*fpENGINE_load_builtin_engines)(void);
+ int (*fpENGINE_register_all_complete)(void);
+ int (*fpENGINE_set_default)(ENGINE *, unsigned int);
+
+ /*** RAND ***/
+ int (*fpRAND_set_rand_engine)(ENGINE *);
+#endif
void (*fpNULL)(void);
};
@@ -238,16 +247,6 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
CRYPTO_FPLOAD(DH_new);
CRYPTO_FPLOAD(DH_free);
- /*** ENGINE ***/
- CRYPTO_FPLOAD(ENGINE_by_id);
- CRYPTO_FPLOAD(ENGINE_ctrl);
- CRYPTO_FPLOAD(ENGINE_ctrl_cmd);
- CRYPTO_FPLOAD(ENGINE_ctrl_cmd_string);
- CRYPTO_FPLOAD(ENGINE_free);
- CRYPTO_FPLOAD(ENGINE_load_builtin_engines);
- CRYPTO_FPLOAD(ENGINE_register_all_complete);
- CRYPTO_FPLOAD(ENGINE_set_default);
-
/*** ERR ***/
CRYPTO_FPLOAD(ERR_error_string_n);
CRYPTO_FPLOAD(ERR_get_error);
@@ -267,6 +266,7 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
CRYPTO_FPLOAD(PEM_read_bio_X509);
/*** RAND ***/
+ CRYPTO_FPLOAD(RAND_bytes);
CRYPTO_FPLOAD(RAND_egd);
CRYPTO_FPLOAD(RAND_file_name);
CRYPTO_FPLOAD(RAND_load_file);
@@ -279,6 +279,9 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
/*** X509 ***/
CRYPTO_FPLOAD(X509_free);
+ /*** _STACK ***/
+ CRYPTO_FPLOAD(sk_pop_free);
+
/* Optional functions
* We could compile with the HAVE_FIPS, but target OpenSSL might not
* have FIPS support for example.
@@ -288,6 +291,18 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
LIBSSL_LDDOPT(FIPS_mode_set);
#endif
+#ifndef OPENSSL_NO_ENGINE
+ /*** ENGINE ***/
+ CRYPTO_LDDOPT(ENGINE_by_id);
+ CRYPTO_LDDOPT(ENGINE_ctrl);
+ CRYPTO_LDDOPT(ENGINE_ctrl_cmd);
+ CRYPTO_LDDOPT(ENGINE_ctrl_cmd_string);
+ CRYPTO_LDDOPT(ENGINE_free);
+ CRYPTO_LDDOPT(ENGINE_load_builtin_engines);
+ CRYPTO_LDDOPT(ENGINE_register_all_complete);
+ CRYPTO_LDDOPT(ENGINE_set_default);
+ CRYPTO_LDDOPT(RAND_set_rand_engine);
+#endif
return JNI_TRUE;
failed:
AcrThrowEx(env, ACR_EX_ENOENT, "Cannot find %s::%s()", dname, fname);
@@ -394,48 +409,81 @@ void DH_free(DH *dh)
SSLAPI_CALL(DH_free)(dh);
}
+#ifndef OPENSSL_NO_ENGINE
ENGINE *ENGINE_by_id(const char *id)
{
- return SSLAPI_CALL(ENGINE_by_id)(id);
+ if (SSLOPT_HAVE(ENGINE_by_id))
+ return SSLOPT_CALL(ENGINE_by_id)(id);
+ else
+ return 0;
}
int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
{
- return SSLAPI_CALL(ENGINE_ctrl)(e, cmd, i, p, f);
+ if (SSLOPT_HAVE(ENGINE_ctrl))
+ return SSLOPT_CALL(ENGINE_ctrl)(e, cmd, i, p, f);
+ else
+ return 0;
}
int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
long i, void *p, void (*f)(void), int cmd_optional)
{
- return SSLAPI_CALL(ENGINE_ctrl_cmd)(e, cmd_name, i, p, f, cmd_optional);
+ if (SSLOPT_HAVE(ENGINE_ctrl_cmd))
+ return SSLOPT_CALL(ENGINE_ctrl_cmd)(e, cmd_name, i, p, f,
cmd_optional);
+ else
+ return 0;
}
int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
int cmd_optional)
{
- return SSLAPI_CALL(ENGINE_ctrl_cmd_string)(e, cmd_name, arg, cmd_optional);
+ if (SSLOPT_HAVE(ENGINE_ctrl_cmd_string))
+ return SSLOPT_CALL(ENGINE_ctrl_cmd_string)(e, cmd_name, arg,
cmd_optional);
+ else
+ return 0;
}
int ENGINE_free(ENGINE *e)
{
- return SSLAPI_CALL(ENGINE_free)(e);
+ if (SSLOPT_HAVE(ENGINE_free))
+ return SSLOPT_CALL(ENGINE_free)(e);
+ else
+ return 0;
}
void ENGINE_load_builtin_engines(void)
{
- SSLAPI_CALL(ENGINE_load_builtin_engines)();
+ if (SSLOPT_HAVE(ENGINE_load_builtin_engines))
+ SSLOPT_CALL(ENGINE_load_builtin_engines)();
}
int ENGINE_register_all_complete(void)
{
- return SSLAPI_CALL(ENGINE_register_all_complete)();
+ if (SSLOPT_HAVE(ENGINE_register_all_complete))
+ return SSLOPT_CALL(ENGINE_register_all_complete)();
+ else
+ return 0;
}
int ENGINE_set_default(ENGINE *e, unsigned int flags)
{
- return SSLAPI_CALL(ENGINE_set_default)(e, flags);
+ if (SSLOPT_HAVE(ENGINE_set_default))
+ return SSLOPT_CALL(ENGINE_set_default)(e, flags);
+ else
+ return 0;
}
+int RAND_set_rand_engine(ENGINE *engine)
+{
+ if (SSLOPT_HAVE(RAND_set_rand_engine))
+ return SSLOPT_CALL(RAND_set_rand_engine)(engine);
+ else
+ return 0;
+}
+
+#endif /* OPENSSL_NO_ENGINE */
+
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
return SSLAPI_CALL(ERR_error_string_n)(e, buf, len);
@@ -486,6 +534,11 @@ X509 *PEM_read_bio_X509(BIO *bp, X509 **
return SSLAPI_CALL(PEM_read_bio_X509)(bp, x, cb, u);
}
+int RAND_bytes(unsigned char *buf, int num)
+{
+ return SSLAPI_CALL(RAND_bytes)(buf, num);
+}
+
int RAND_egd(const char *path)
{
return SSLAPI_CALL(RAND_egd)(path);
@@ -563,6 +616,11 @@ void X509_free(X509 *x)
SSLAPI_CALL(X509_free)(x);
}
+void sk_pop_free(_STACK *st, void (*func)(void *))
+{
+ SSLAPI_CALL(sk_pop_free)(st, func);
+}
+
#if HAVE_FIPS
int FIPS_mode(void)
{
@@ -581,4 +639,9 @@ int FIPS_mode_set(int onoff)
}
#endif /* HAVE_FIPS */
+
+#ifndef OPENSSL_NO_ENGINE
+
+#endif /* HAVE_ENGINE */
+
#endif /* HAVE_OPENSSL_STATIC */
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c?rev=1167041&r1=1167040&r2=1167041&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/rand.c Fri
Sep 9 08:36:07 2011
@@ -127,10 +127,11 @@ ACR_SSL_EXPORT(jboolean, Random, seed2)(
jboolean rv = JNI_FALSE;
jbyte *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
- if (sb) {
+ if (sb != 0) {
RAND_seed(sb + off, len);
if (RAND_status() > 0)
rv = JNI_TRUE;
+ (*env)->ReleasePrimitiveArrayCritical(env, ba, sb, 0);
}
return rv;
}
@@ -152,3 +153,39 @@ ACR_SSL_EXPORT(void, Random, setdef0)(JN
strlcpy(ssl_global_rand_file, J2S(path), PATH_MAX);
} DONE_WITH_STR(path);
}
+
+ACR_SSL_EXPORT(jint, Random, bytes0)(JNI_STDARGS, jbyteArray ba,
+ jint off, jint len)
+{
+ jint rv = -1;
+ unsigned char *sb = (*env)->GetPrimitiveArrayCritical(env, ba, 0);
+
+ if (sb != 0) {
+ rv = RAND_bytes(sb + off, len);
+ (*env)->ReleasePrimitiveArrayCritical(env, ba, sb, 0);
+ }
+ return rv;
+}
+
+ACR_SSL_EXPORT(jint, Random, bytes1)(JNI_STDARGS, jobject bb,
+ jint off, jint len)
+{
+ jint rv = -1;
+ unsigned char *sb = (*env)->GetDirectBufferAddress(env, bb);
+
+ if (sb != 0) {
+ rv = RAND_bytes(sb + off, len);
+ }
+ return rv;
+}
+
+ACR_SSL_EXPORT(jboolean, Random, seteng0)(JNI_STDARGS, jlong ep)
+{
+ jboolean rv = JNI_FALSE;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *ee = J2P(ep, ENGINE*);
+ if (ee != 0 && RAND_set_rand_engine(ee))
+ rv = JNI_TRUE;
+#endif
+ return rv;
+}
