[tomcat] branch main updated: Improve sync

remm Tue, 23 Nov 2021 00:32:52 -0800

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git



The following commit(s) were added to refs/heads/main by this push:
     new 31ff886  Improve sync
31ff886 is described below

commit 31ff8866831bcc9759bc798eb6e09f1b867c5029
Author: remm <r...@apache.org>
AuthorDate: Tue Nov 23 09:27:48 2021 +0100

    Improve sync
---
 .../openssl/panama/OpenSSLLifecycleListener.java   | 287 +++++++++++----------
 1 file changed, 148 insertions(+), 139 deletions(-)

diff --git 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index 06831ca..03c4540 100644
--- 
a/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++ 
b/modules/openssl-java17/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -77,6 +77,15 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
 
     protected static final Object lock = new Object();
 
+    public static boolean isAvailable() {
+        if (OpenSSLStatus.isInstanceCreated()) {
+            synchronized (lock) {
+                init();
+            }
+        }
+        return OpenSSLStatus.isAvailable();
+    }
+
     public OpenSSLLifecycleListener() {
         OpenSSLStatus.setInstanceCreated(true);
     }
@@ -97,35 +106,31 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
                 log.warn(sm.getString("listener.notServer",
                         event.getLifecycle().getClass().getSimpleName()));
             }
-            synchronized (lock) {
-                try {
-                    init();
-                } catch (Throwable t) {
-                    t = ExceptionUtils.unwrapInvocationTargetException(t);
-                    ExceptionUtils.handleThrowable(t);
-                    log.error(sm.getString("listener.sslInit"), t);
-                    initError = true;
-                }
-                // Failure to initialize FIPS mode is fatal
-                if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode)) && 
!isFIPSModeActive()) {
-                    String errorMessage = 
sm.getString("listener.initializeFIPSFailed");
-                    Error e = new Error(errorMessage);
-                    // Log here, because thrown error might be not logged
-                    log.fatal(errorMessage, e);
-                    initError = true;
-                }
+            try {
+                init();
+            } catch (Throwable t) {
+                t = ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(t);
+                log.error(sm.getString("listener.sslInit"), t);
+                initError = true;
+            }
+            // Failure to initialize FIPS mode is fatal
+            if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode)) && 
!isFIPSModeActive()) {
+                String errorMessage = 
sm.getString("listener.initializeFIPSFailed");
+                Error e = new Error(errorMessage);
+                // Log here, because thrown error might be not logged
+                log.fatal(errorMessage, e);
+                initError = true;
             }
         }
         if (initError || 
Lifecycle.AFTER_DESTROY_EVENT.equals(event.getType())) {
             // Note: Without the listener, destroy will never be called (which 
is not a significant problem)
-            synchronized (lock) {
-                try {
-                    destroy();
-                } catch (Throwable t) {
-                    t = ExceptionUtils.unwrapInvocationTargetException(t);
-                    ExceptionUtils.handleThrowable(t);
-                    log.info(sm.getString("listener.destroy"));
-                }
+            try {
+                destroy();
+            } catch (Throwable t) {
+                t = ExceptionUtils.unwrapInvocationTargetException(t);
+                ExceptionUtils.handleThrowable(t);
+                log.info(sm.getString("listener.destroy"));
             }
         }
 
@@ -134,12 +139,12 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
     static MemoryAddress enginePointer = MemoryAddress.NULL;
 
     static void initLibrary() {
-        synchronized (OpenSSLStatus.class) {
+        synchronized (lock) {
             if (OpenSSLStatus.isLibraryInitialized()) {
                 return;
             }
-            OpenSSLStatus.setLibraryInitialized(true);
             OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN(), 
MemoryAddress.NULL);
+            OpenSSLStatus.setLibraryInitialized(true);
         }
     }
 
@@ -212,148 +217,152 @@ public class OpenSSLLifecycleListener implements 
LifecycleListener {
         }
     }
 
-    static void init() throws Exception {
+    static void init() {
+        synchronized (lock) {
 
-        if (OpenSSLStatus.isInitialized()) {
-            return;
-        }
-        OpenSSLStatus.setInitialized(true);
+            if (OpenSSLStatus.isInitialized()) {
+                return;
+            }
+            OpenSSLStatus.setInitialized(true);
 
-        if ("off".equalsIgnoreCase(SSLEngine)) {
-            return;
-        }
+            if ("off".equalsIgnoreCase(SSLEngine)) {
+                return;
+            }
+
+            var scope = ResourceScope.globalScope();
+            var allocator = SegmentAllocator.ofScope(scope);
+
+            // Main library init
+            initLibrary();
 
-        var scope = ResourceScope.globalScope();
-        var allocator = SegmentAllocator.ofScope(scope);
-
-        // Main library init
-        initLibrary();
-
-        // Setup engine
-        String engineName = "on".equalsIgnoreCase(SSLEngine) ? null : 
SSLEngine;
-        if (engineName != null) {
-            if ("auto".equals(engineName)) {
-                ENGINE_register_all_complete();
-            } else {
-                var engine = CLinker.toCString(engineName, scope);
-                enginePointer = ENGINE_by_id(engine);
-                if (MemoryAddress.NULL.equals(enginePointer)) {
-                    enginePointer = ENGINE_by_id(CLinker.toCString("dynamic", 
scope));
-                    if (enginePointer != null) {
-                        if (ENGINE_ctrl_cmd_string(enginePointer, 
CLinker.toCString("SO_PATH", scope), engine, 0) == 0
-                                || ENGINE_ctrl_cmd_string(enginePointer, 
CLinker.toCString("LOAD", scope),
-                                        MemoryAddress.NULL, 0) == 0) {
+            // Setup engine
+            String engineName = "on".equalsIgnoreCase(SSLEngine) ? null : 
SSLEngine;
+            if (engineName != null) {
+                if ("auto".equals(engineName)) {
+                    ENGINE_register_all_complete();
+                } else {
+                    var engine = CLinker.toCString(engineName, scope);
+                    enginePointer = ENGINE_by_id(engine);
+                    if (MemoryAddress.NULL.equals(enginePointer)) {
+                        enginePointer = 
ENGINE_by_id(CLinker.toCString("dynamic", scope));
+                        if (enginePointer != null) {
+                            if (ENGINE_ctrl_cmd_string(enginePointer, 
CLinker.toCString("SO_PATH", scope), engine, 0) == 0
+                                    || ENGINE_ctrl_cmd_string(enginePointer, 
CLinker.toCString("LOAD", scope),
+                                            MemoryAddress.NULL, 0) == 0) {
+                                // Engine load error
+                                ENGINE_free(enginePointer);
+                                enginePointer = MemoryAddress.NULL;
+                            }
+                        }
+                    }
+                    if (!MemoryAddress.NULL.equals(enginePointer)) {
+                        if (ENGINE_set_default(enginePointer, 
ENGINE_METHOD_ALL()) == 0) {
                             // Engine load error
                             ENGINE_free(enginePointer);
                             enginePointer = MemoryAddress.NULL;
                         }
                     }
-                }
-                if (!MemoryAddress.NULL.equals(enginePointer)) {
-                    if (ENGINE_set_default(enginePointer, ENGINE_METHOD_ALL()) 
== 0) {
-                        // Engine load error
-                        ENGINE_free(enginePointer);
-                        enginePointer = MemoryAddress.NULL;
+                    if (MemoryAddress.NULL.equals(enginePointer)) {
+                        throw new 
IllegalStateException(sm.getString("listener.engineError"));
                     }
                 }
-                if (MemoryAddress.NULL.equals(enginePointer)) {
-                    throw new 
IllegalStateException(sm.getString("listener.engineError"));
-                }
             }
-        }
 
-        // Set the random seed, translated to the Java way
-        boolean seedDone = false;
-        if (SSLRandomSeed != null || SSLRandomSeed.length() != 0 || 
!"builtin".equals(SSLRandomSeed)) {
-            var randomSeed = CLinker.toCString(SSLRandomSeed, scope);
-            seedDone = RAND_load_file(randomSeed, 128) > 0;
-        }
-        if (!seedDone) {
-            // Use a regular random to get some bytes
-            SecureRandom random = new SecureRandom();
-            byte[] randomBytes = random.generateSeed(128);
-            RAND_seed(allocator.allocateArray(CLinker.C_CHAR, randomBytes), 
128);
-        }
-
-        initDHParameters();
+            // Set the random seed, translated to the Java way
+            boolean seedDone = false;
+            if (SSLRandomSeed != null || SSLRandomSeed.length() != 0 || 
!"builtin".equals(SSLRandomSeed)) {
+                var randomSeed = CLinker.toCString(SSLRandomSeed, scope);
+                seedDone = RAND_load_file(randomSeed, 128) > 0;
+            }
+            if (!seedDone) {
+                // Use a regular random to get some bytes
+                SecureRandom random = new SecureRandom();
+                byte[] randomBytes = random.generateSeed(128);
+                RAND_seed(allocator.allocateArray(CLinker.C_CHAR, 
randomBytes), 128);
+            }
 
-        if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) {
+            initDHParameters();
 
-            fipsModeActive = false;
+            if (!(null == FIPSMode || "off".equalsIgnoreCase(FIPSMode))) {
 
-            final boolean enterFipsMode;
-            int fipsModeState = FIPS_mode();
+                fipsModeActive = false;
 
-            if(log.isDebugEnabled()) {
-                log.debug(sm.getString("listener.currentFIPSMode",
-                        Integer.valueOf(fipsModeState)));
-            }
+                final boolean enterFipsMode;
+                int fipsModeState = FIPS_mode();
 
-            if ("on".equalsIgnoreCase(FIPSMode)) {
-                if (fipsModeState == FIPS_ON) {
-                    log.info(sm.getString("listener.skipFIPSInitialization"));
-                    fipsModeActive = true;
-                    enterFipsMode = false;
-                } else {
-                    enterFipsMode = true;
-                }
-            } else if ("require".equalsIgnoreCase(FIPSMode)) {
-                if (fipsModeState == FIPS_ON) {
-                    fipsModeActive = true;
-                    enterFipsMode = false;
-                } else {
-                    throw new IllegalStateException(
-                            sm.getString("listener.requireNotInFIPSMode"));
+                if(log.isDebugEnabled()) {
+                    log.debug(sm.getString("listener.currentFIPSMode",
+                            Integer.valueOf(fipsModeState)));
                 }
-            } else if ("enter".equalsIgnoreCase(FIPSMode)) {
-                if (fipsModeState == FIPS_OFF) {
-                    enterFipsMode = true;
+
+                if ("on".equalsIgnoreCase(FIPSMode)) {
+                    if (fipsModeState == FIPS_ON) {
+                        
log.info(sm.getString("listener.skipFIPSInitialization"));
+                        fipsModeActive = true;
+                        enterFipsMode = false;
+                    } else {
+                        enterFipsMode = true;
+                    }
+                } else if ("require".equalsIgnoreCase(FIPSMode)) {
+                    if (fipsModeState == FIPS_ON) {
+                        fipsModeActive = true;
+                        enterFipsMode = false;
+                    } else {
+                        throw new IllegalStateException(
+                                sm.getString("listener.requireNotInFIPSMode"));
+                    }
+                } else if ("enter".equalsIgnoreCase(FIPSMode)) {
+                    if (fipsModeState == FIPS_OFF) {
+                        enterFipsMode = true;
+                    } else {
+                        throw new IllegalStateException(sm.getString(
+                                "listener.enterAlreadyInFIPSMode",
+                                Integer.valueOf(fipsModeState)));
+                    }
                 } else {
-                    throw new IllegalStateException(sm.getString(
-                            "listener.enterAlreadyInFIPSMode",
-                            Integer.valueOf(fipsModeState)));
+                    throw new IllegalArgumentException(sm.getString(
+                            "listener.wrongFIPSMode", FIPSMode));
                 }
-            } else {
-                throw new IllegalArgumentException(sm.getString(
-                        "listener.wrongFIPSMode", FIPSMode));
-            }
 
-            if (enterFipsMode) {
-                log.info(sm.getString("listener.initializingFIPS"));
+                if (enterFipsMode) {
+                    log.info(sm.getString("listener.initializingFIPS"));
 
-                fipsModeState = FIPS_mode_set(FIPS_ON);
-                if (fipsModeState != FIPS_ON) {
-                    // This case should be handled by the native method,
-                    // but we'll make absolutely sure, here.
-                    String message = 
sm.getString("listener.initializeFIPSFailed");
-                    log.error(message);
-                    throw new IllegalStateException(message);
-                }
+                    fipsModeState = FIPS_mode_set(FIPS_ON);
+                    if (fipsModeState != FIPS_ON) {
+                        // This case should be handled by the native method,
+                        // but we'll make absolutely sure, here.
+                        String message = 
sm.getString("listener.initializeFIPSFailed");
+                        log.error(message);
+                        throw new IllegalStateException(message);
+                    }
 
-                fipsModeActive = true;
-                log.info(sm.getString("listener.initializeFIPSSuccess"));
+                    fipsModeActive = true;
+                    log.info(sm.getString("listener.initializeFIPSSuccess"));
+                }
             }
-        }
 
-        log.info(sm.getString("listener.initializedOpenSSL", 
CLinker.toJavaString(OpenSSL_version(0))));
-        OpenSSLStatus.setAvailable(true);
+            log.info(sm.getString("listener.initializedOpenSSL", 
CLinker.toJavaString(OpenSSL_version(0))));
+            OpenSSLStatus.setAvailable(true);
+        }
     }
 
     static void destroy() {
-        if (!OpenSSLStatus.isInitialized()) {
-            return;
-        }
-        OpenSSLStatus.setAvailable(false);
+        synchronized (lock) {
+            if (!OpenSSLStatus.isInitialized()) {
+                return;
+            }
+            OpenSSLStatus.setAvailable(false);
 
-        try {
-            freeDHParameters();
-            if (!MemoryAddress.NULL.equals(enginePointer)) {
-                ENGINE_free(enginePointer);
+            try {
+                freeDHParameters();
+                if (!MemoryAddress.NULL.equals(enginePointer)) {
+                    ENGINE_free(enginePointer);
+                }
+                FIPS_mode_set(0);
+            } finally {
+                OpenSSLStatus.setInitialized(false);
+                fipsModeActive = false;
             }
-            FIPS_mode_set(0);
-        } finally {
-            OpenSSLStatus.setInitialized(false);
-            fipsModeActive = false;
         }
     }
 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Improve sync

Reply via email to