This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new 4ec9c80bfd Move to the dev Panama API 4ec9c80bfd is described below commit 4ec9c80bfde9f4126d70768f739215330e25e3b9 Author: remm <r...@apache.org> AuthorDate: Mon Feb 13 13:36:02 2023 +0100 Move to the dev Panama API For now SegmentScope -> Arena. This is obviously simpler to use, but some Arenas cannot be closed. Will refresh the jextract sources soon (a manual quick hack should be enough for now). --- modules/openssl-foreign/README.md | 23 ++++++---- modules/openssl-foreign/pom.xml | 4 +- .../util/net/openssl/panama/OpenSSLContext.java | 47 ++++++++++---------- .../util/net/openssl/panama/OpenSSLEngine.java | 47 ++++++++++---------- .../openssl/panama/OpenSSLLifecycleListener.java | 2 +- .../net/openssl/panama/OpenSSLSessionContext.java | 4 +- .../apache/tomcat/util/openssl/Constants$root.java | 2 +- .../apache/tomcat/util/openssl/RuntimeHelper.java | 12 +++--- .../SSL_CTX_set_cert_verify_callback$cb.java | 50 ---------------------- .../openssl/SSL_CTX_set_tmp_dh_callback$dh.java | 50 ---------------------- .../util/openssl/SSL_set_info_callback$cb.java | 50 ---------------------- 11 files changed, 73 insertions(+), 218 deletions(-) diff --git a/modules/openssl-foreign/README.md b/modules/openssl-foreign/README.md index a57db35620..bbc365b3fb 100644 --- a/modules/openssl-foreign/README.md +++ b/modules/openssl-foreign/README.md @@ -2,14 +2,20 @@ ## This module is experimental -It uses the JEP 434 API. More details on this API are available -at `https://openjdk.java.net/jeps/434`. +It uses the JEP XXX API. More details on this API are available +at `https://openjdk.java.net/jeps/XXX`. -## Building +## Building Java 21 with the JEP XXX API -The module can be built using Java 20. This will be the only Java version that -is supported as the JEP 434 API is incubating and will continue to evolve. -It can be built and run with Apache Tomcat 9.0 or newer. +Clone `https://github.com/openjdk/panama-foreign/` in some location and +checkout the main branch. This is a Java 21 development JVM +with the JEP XXX API. It may fail to build. When this happens, step back +one commit at a time until it does. + +``` +bash configure +make images +``` ## Running @@ -54,8 +60,9 @@ export JAVA_OPTS="--enable-preview --enable-native-access=ALL-UNNAMED" jextract is now available in its own standalone repository. Clone `https://github.com/openjdk/jextract` in some location and -checkout the branch that supports Java 20. Please refer to the -instructions from the repository for building. +checkout the branch that supports Java 21. Please refer to the +instructions from the repository for building. It should be the +`panama` branch. This step is only useful to be able to use additional native APIs from OpenSSL or stdlib. diff --git a/modules/openssl-foreign/pom.xml b/modules/openssl-foreign/pom.xml index bbd08a8664..26fa4978e6 100644 --- a/modules/openssl-foreign/pom.xml +++ b/modules/openssl-foreign/pom.xml @@ -78,8 +78,8 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>20</source> - <target>20</target> + <source>21</source> + <target>21</target> <compilerArgs> <arg>--enable-preview</arg> </compilerArgs> diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java index 1b73870194..c958c09f8a 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java @@ -25,7 +25,6 @@ import java.lang.foreign.FunctionDescriptor; import java.lang.foreign.Linker; import java.lang.foreign.MemorySegment; import java.lang.foreign.SegmentAllocator; -import java.lang.foreign.SegmentScope; import java.lang.foreign.ValueLayout; import java.lang.invoke.MethodHandle; import java.lang.invoke.MethodHandles; @@ -175,7 +174,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } private final ContextState state; - private final SegmentScope contextScope; + private final Arena contextArena; private final Cleanable cleanable; private static String[] getCiphers(MemorySegment sslCtx) { @@ -207,7 +206,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { this.sslHostConfig = certificate.getSSLHostConfig(); this.certificate = certificate; - contextScope = SegmentScope.auto(); + contextArena = Arena.ofAuto(); MemorySegment sslCtx = MemorySegment.NULL; MemorySegment confCtx = MemorySegment.NULL; @@ -224,7 +223,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { confCtx = SSL_CONF_CTX_new(); long errCode = ERR_get_error(); if (errCode != 0) { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]); ERR_error_string(errCode, buf); log.error(sm.getString("openssl.errorLoadingCertificate", buf.getUtf8String(0))); @@ -331,7 +330,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { // Set int pem_password_cb(char *buf, int size, int rwflag, void *u) callback openSSLCallbackPassword = Linker.nativeLinker().upcallStub(openSSLCallbackPasswordHandle, - openSSLCallbackPasswordFunctionDescriptor, contextScope); + openSSLCallbackPasswordFunctionDescriptor, contextArena); SSL_CTX_set_default_passwd_cb(sslCtx, openSSLCallbackPassword); alpn = (negotiableProtocols != null && negotiableProtocols.size() > 0); @@ -402,7 +401,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { if (log.isDebugEnabled()) { log.debug(sm.getString("opensslconf.checkCommand", name, value)); } - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { // rc = SSLConf.check(confCtx, name, value); if (name.equals("NO_OCSP_CHECK")) { rc = 1; @@ -477,7 +476,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { if (log.isDebugEnabled()) { log.debug(sm.getString("opensslconf.applyCommand", name, value)); } - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { // rc = SSLConf.apply(confCtx, name, value); if (name.equals("NO_OCSP_CHECK")) { noOcspCheck = Boolean.valueOf(value); @@ -535,7 +534,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { log.warn(sm.getString("openssl.doubleInit")); return; } - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { if (sslHostConfig.getInsecureRenegotiation()) { SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION()); } else { @@ -610,7 +609,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { // Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback var openSSLCallbackVerify = Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle, - openSSLCallbackVerifyFunctionDescriptor, contextScope); + openSSLCallbackVerifyFunctionDescriptor, contextArena); // Leave this just in case but in Tomcat this is always set again by the engine SSL_CTX_set_verify(state.sslCtx, value, openSSLCallbackVerify); @@ -620,7 +619,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { state.x509TrustManager = chooseTrustManager(tms); var openSSLCallbackCertVerify = Linker.nativeLinker().upcallStub(openSSLCallbackCertVerifyHandle, - openSSLCallbackCertVerifyFunctionDescriptor, contextScope); + openSSLCallbackCertVerifyFunctionDescriptor, contextArena); SSL_CTX_set_cert_verify_callback(state.sslCtx, openSSLCallbackCertVerify, state.sslCtx); // Pass along the DER encoded certificates of the accepted client @@ -678,7 +677,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { // MemoryAddress in, int inlen, MemoryAddress arg var openSSLCallbackAlpnSelectProto = Linker.nativeLinker().upcallStub(openSSLCallbackAlpnSelectProtoHandle, - openSSLCallbackAlpnSelectProtoFunctionDescriptor, contextScope); + openSSLCallbackAlpnSelectProtoFunctionDescriptor, contextArena); SSL_CTX_set_alpn_select_cb(state.sslCtx, openSSLCallbackAlpnSelectProto, state.sslCtx); } @@ -794,8 +793,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { log.warn(sm.getString("context.noSSL", Long.valueOf(arg.address()))); return SSL_TLSEXT_ERR_NOACK(); } - try (var localArena = Arena.openConfined()) { - MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, localArena.scope()); + try (var localArena = Arena.ofConfined()) { + MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, localArena); byte[] advertisedBytes = inSeg.toArray(ValueLayout.JAVA_BYTE); for (byte[] negotiableProtocolBytes : state.negotiableProtocols) { for (int i = 0; i <= advertisedBytes.length - negotiableProtocolBytes.length; i++) { @@ -804,9 +803,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { if (advertisedBytes[i + j] == negotiableProtocolBytes[j]) { if (j == negotiableProtocolBytes.length - 1) { // Match - MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), localArena.scope()); + MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), localArena); outSeg.set(ValueLayout.ADDRESS, 0, inSeg.asSlice(i)); - MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), localArena.scope()); + MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), localArena); outlenSeg.set(ValueLayout.JAVA_BYTE, 0, (byte) negotiableProtocolBytes.length); return SSL_TLSEXT_ERR_OK(); } @@ -842,7 +841,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { MemorySegment /*STACK_OF(X509)*/ sk = X509_STORE_CTX_get0_untrusted(x509_ctx); int len = OPENSSL_sk_num(sk); byte[][] certificateChain = new byte[len][]; - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { for (int i = 0; i < len; i++) { MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i); MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL); @@ -852,7 +851,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { continue; } MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0); - certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, localArena).toArray(ValueLayout.JAVA_BYTE); CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro } MemorySegment cipher = SSL_get_current_cipher(ssl); @@ -960,13 +959,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } String callbackPassword = callbackPasswordTheadLocal.get(); if (callbackPassword != null && callbackPassword.length() > 0) { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { MemorySegment callbackPasswordNative = localArena.allocateUtf8String(callbackPassword); if (callbackPasswordNative.byteSize() > bufsiz) { // The password is too long log.error(sm.getString("openssl.passwordTooLong")); } else { - MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, localArena.scope()); + MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, localArena); bufSegment.copyFrom(callbackPasswordNative); return (int) callbackPasswordNative.byteSize(); } @@ -1139,7 +1138,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } // Set callback for DH parameters var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle, - openSSLCallbackTmpDHFunctionDescriptor, contextScope); + openSSLCallbackTmpDHFunctionDescriptor, contextArena); SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH); // Set certificate chain file if (certificate.getCertificateChainFile() != null) { @@ -1227,7 +1226,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { } // Set callback for DH parameters var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle, - openSSLCallbackTmpDHFunctionDescriptor, contextScope); + openSSLCallbackTmpDHFunctionDescriptor, contextArena); SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH); for (int i = 1; i < chain.length; i++) { //SSLContext.addChainCertificateRaw(state.ctx, chain[i].getEncoded()); @@ -1372,7 +1371,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { private static class ContextState implements Runnable { - private final Arena stateArena = Arena.openShared(); + private final Arena stateArena = Arena.ofShared(); private final MemorySegment sslCtx; private final MemorySegment confCtx; private final List<byte[]> negotiableProtocols; @@ -1384,9 +1383,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext { this.negotiableProtocols = negotiableProtocols; // Use another arena to avoid keeping a reference through segments // This also allows making further accesses to the main pointers safer - this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope()); + this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena); if (!MemorySegment.NULL.equals(confCtx)) { - this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope()); + this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena); } else { this.confCtx = null; } diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java index 88ecc5822b..bff4228faf 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java @@ -22,7 +22,6 @@ import java.lang.foreign.Arena; import java.lang.foreign.FunctionDescriptor; import java.lang.foreign.Linker; import java.lang.foreign.MemorySegment; -import java.lang.foreign.SegmentScope; import java.lang.foreign.ValueLayout; import java.lang.invoke.MethodHandle; import java.lang.invoke.MethodHandles; @@ -107,7 +106,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn OpenSSLLifecycleListener.initLibrary(); final Set<String> availableCipherSuites = new LinkedHashSet<>(128); - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { var sslCtx = SSL_CTX_new(TLS_server_method()); try { SSL_CTX_set_options(sslCtx, SSL_OP_ALL()); @@ -185,7 +184,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } private final EngineState state; - private final SegmentScope engineScope; + private final Arena engineArena; private final Cleanable cleanable; private MemorySegment bufSegment = null; @@ -249,13 +248,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn if (sslCtx == null) { throw new IllegalArgumentException(sm.getString("engine.noSSLContext")); } - engineScope = SegmentScope.auto(); - bufSegment = MemorySegment.allocateNative(MAX_ENCRYPTED_PACKET_LENGTH, engineScope); + engineArena = Arena.ofAuto(); + bufSegment = engineArena.allocate(MAX_ENCRYPTED_PACKET_LENGTH); session = new OpenSSLSession(); var ssl = SSL_new(sslCtx); // Set ssl_info_callback var openSSLCallbackInfo = Linker.nativeLinker().upcallStub(openSSLCallbackInfoHandle, - openSSLCallbackInfoFunctionDescriptor, engineScope); + openSSLCallbackInfoFunctionDescriptor, engineArena); SSL_set_info_callback(ssl, openSSLCallbackInfo); if (clientMode) { SSL_set_connect_state(ssl); @@ -263,7 +262,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn SSL_set_accept_state(ssl); } SSL_set_verify_result(ssl, X509_V_OK()); - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { var internalBIOPointer = localArena.allocate(ValueLayout.ADDRESS); var networkBIOPointer = localArena.allocate(ValueLayout.ADDRESS); BIO_new_bio_pair(internalBIOPointer, 0, networkBIOPointer, 0); @@ -770,7 +769,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn buf.setLength(buf.length() - 1); final String cipherSuiteSpec = buf.toString(); - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { SSL_set_cipher_list(state.ssl, localArena.allocateUtf8String(cipherSuiteSpec)); } catch (Exception e) { throw new IllegalStateException(sm.getString("engine.failedCipherSuite", cipherSuiteSpec), e); @@ -907,7 +906,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } private byte[] getPeerCertificate() { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { MemorySegment/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ? SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl)); MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL); int length = i2d_X509(x509, bufPointer); @@ -915,7 +914,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn return null; } MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0); - byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena).toArray(ValueLayout.JAVA_BYTE); X509_free(x509); CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro return certificate; @@ -929,7 +928,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn return null; } byte[][] certificateChain = new byte[len][]; - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { for (int i = 0; i < len; i++) { MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i); MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL); @@ -939,7 +938,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn continue; } MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0); - byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena).toArray(ValueLayout.JAVA_BYTE); certificateChain[i] = certificate; CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro } @@ -948,7 +947,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } private String getProtocolNegotiated() { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { MemorySegment lenAddress = localArena.allocate(ValueLayout.JAVA_INT, 0); MemorySegment protocolPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL); SSL_get0_alpn_selected(state.ssl, protocolPointer, lenAddress); @@ -960,7 +959,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn return null; } MemorySegment protocolAddress = protocolPointer.get(ValueLayout.ADDRESS, 0); - byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, localArena).toArray(ValueLayout.JAVA_BYTE); if (log.isDebugEnabled()) { log.debug("Protocol negotiated [" + new String(name) + "]"); } @@ -1048,7 +1047,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn String sslError = null; long error = ERR_get_error(); if (error != SSL_ERROR_NONE()) { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { do { // Loop until getLastErrorNumber() returns SSL_ERROR_NONE var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]); @@ -1204,7 +1203,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn // Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback var openSSLCallbackVerify = Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle, - openSSLCallbackVerifyFunctionDescriptor, engineScope); + openSSLCallbackVerifyFunctionDescriptor, engineArena); int value = switch (mode) { case NONE -> SSL_VERIFY_NONE(); case REQUIRE -> SSL_VERIFY_PEER() | SSL_VERIFY_FAIL_IF_NO_PEER_CERT(); @@ -1324,13 +1323,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn // sslutils.c ssl_ocsp_request(x509, issuer, x509ctx); int nid = X509_get_ext_by_NID(x509, NID_info_access(), -1); if (nid >= 0) { - try (var localArenal = Arena.openConfined()) { + try (var localArenal = Arena.ofConfined()) { MemorySegment ext = X509_get_ext(x509, nid); MemorySegment os = X509_EXTENSION_get_data(ext); int length = ASN1_STRING_length(os); MemorySegment data = ASN1_STRING_get0_data(os); // ocsp_urls = decode_OCSP_url(os); - byte[] asn1String = MemorySegment.ofAddress(data.address(), length, localArenal.scope()).toArray(ValueLayout.JAVA_BYTE); + byte[] asn1String = MemorySegment.ofAddress(data.address(), length, localArenal).toArray(ValueLayout.JAVA_BYTE); Asn1Parser parser = new Asn1Parser(asn1String); // Parse the byte sequence ArrayList<String> urls = new ArrayList<>(); @@ -1426,7 +1425,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn // Host: urlHost:urlPort // Content-Type: application/ocsp-request // Content-Length: ocspRequestData.length - byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, localArena).toArray(ValueLayout.JAVA_BYTE); connection = (HttpURLConnection) url.openConnection(); connection.setRequestMethod("POST"); connection.setDoInput(true); @@ -1507,7 +1506,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn byte[] id = null; synchronized (OpenSSLEngine.this) { if (!destroyed) { - try (var localArena = Arena.openConfined()) { + try (var localArena = Arena.ofConfined()) { MemorySegment lenPointer = localArena.allocate(ValueLayout.ADDRESS); var session = SSL_get_session(state.ssl); if (MemorySegment.NULL.equals(session)) { @@ -1516,7 +1515,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn MemorySegment sessionId = SSL_SESSION_get_id(session, lenPointer); int len = lenPointer.get(ValueLayout.JAVA_INT, 0); id = (len == 0) ? new byte[0] - : MemorySegment.ofAddress(sessionId.address(), len, localArena.scope()).toArray(ValueLayout.JAVA_BYTE); + : MemorySegment.ofAddress(sessionId.address(), len, localArena).toArray(ValueLayout.JAVA_BYTE); } } } @@ -1798,7 +1797,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn private static class EngineState implements Runnable { - private final Arena stateArena = Arena.openShared(); + private final Arena stateArena = Arena.ofShared(); private final MemorySegment ssl; private final MemorySegment networkBIO; private final int certificateVerificationDepth; @@ -1815,8 +1814,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn this.noOcspCheck = noOcspCheck; // Use another arena to avoid keeping a reference through segments // This also allows making further accesses to the main pointers safer - this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope()); - this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope()); + this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateArena); + this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateArena); } @Override diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java index b5d2802886..65b9f7394b 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java @@ -229,7 +229,7 @@ public class OpenSSLLifecycleListener implements LifecycleListener { return; } - try (var memorySession = Arena.openConfined()) { + try (var memorySession = Arena.ofConfined()) { // Main library init initLibrary(); diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java index a5f99c5e16..7b66e17b69 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java @@ -67,7 +67,7 @@ public class OpenSSLSessionContext implements SSLSessionContext { if (keys.length != TICKET_KEYS_SIZE) { throw new IllegalArgumentException(sm.getString("sessionContext.invalidTicketKeysLength", keys.length)); } - try (var memorySession = Arena.openConfined()) { + try (var memorySession = Arena.ofConfined()) { var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE, keys); // #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) // SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys)) @@ -144,7 +144,7 @@ public class OpenSSLSessionContext implements SSLSessionContext { * @return {@code true} if success, {@code false} otherwise. */ public boolean setSessionIdContext(byte[] sidCtx) { - try (var memorySession = Arena.openConfined()) { + try (var memorySession = Arena.ofConfined()) { var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE, sidCtx); return (SSL_CTX_set_session_id_context(context.getSSLContext(), array, sidCtx.length) == 1); } diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java index 5727b52eb3..5e154ba8b3 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java @@ -36,7 +36,7 @@ final class Constants$root { static final OfLong C_LONG_LONG$LAYOUT = JAVA_LONG; static final OfFloat C_FLOAT$LAYOUT = JAVA_FLOAT; static final OfDouble C_DOUBLE$LAYOUT = JAVA_DOUBLE; - static final OfAddress C_POINTER$LAYOUT = ADDRESS.withBitAlignment(64).asUnbounded(); + static final OfAddress C_POINTER$LAYOUT = ADDRESS.withBitAlignment(64); } diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java index c277588251..2d67ac9dfa 100644 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java +++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java @@ -19,12 +19,12 @@ package org.apache.tomcat.util.openssl; // Generated by jextract import java.lang.foreign.Linker; +import java.lang.foreign.Arena; import java.lang.foreign.FunctionDescriptor; import java.lang.foreign.GroupLayout; import java.lang.foreign.SymbolLookup; import java.lang.foreign.MemoryLayout; import java.lang.foreign.MemorySegment; -import java.lang.foreign.SegmentScope; import java.lang.foreign.SegmentAllocator; import java.lang.foreign.ValueLayout; import java.lang.invoke.MethodHandle; @@ -49,7 +49,7 @@ final class RuntimeHelper { private static final SegmentAllocator THROWING_ALLOCATOR = (x, y) -> { throw new AssertionError("should not reach here"); }; final static SegmentAllocator CONSTANT_ALLOCATOR = - (size, align) -> MemorySegment.allocateNative(size, align, SegmentScope.auto()); + (size, align) -> Arena.ofAuto().allocate(size, align); static { System.loadLibrary("ssl"); @@ -67,9 +67,9 @@ final class RuntimeHelper { return obj; } - static MemorySegment lookupGlobalVariable(String name, MemoryLayout layout) { + /*static MemorySegment lookupGlobalVariable(String name, MemoryLayout layout) { return SYMBOL_LOOKUP.find(name).map(symbol -> MemorySegment.ofAddress(symbol.address(), layout.byteSize(), symbol.scope())).orElse(null); - } + }*/ static MethodHandle downcallHandle(String name, FunctionDescriptor fdesc) { return SYMBOL_LOOKUP.find(name). @@ -87,7 +87,7 @@ final class RuntimeHelper { orElse(null); } - static <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor fdesc, SegmentScope scope) { + static <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor fdesc, Arena scope) { try { MethodHandle handle = MH_LOOKUP.findVirtual(fi, "apply", fdesc.toMethodType()); handle = handle.bindTo(z); @@ -97,7 +97,7 @@ final class RuntimeHelper { } } - static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int numElements, SegmentScope scope) { + static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int numElements, Arena scope) { return MemorySegment.ofAddress(addr.address(), numElements * layout.byteSize(), scope); } diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java deleted file mode 100644 index a8196b12ec..0000000000 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// Generated by jextract - -package org.apache.tomcat.util.openssl; - -import java.lang.invoke.MethodHandle; -import java.lang.invoke.VarHandle; -import java.nio.ByteOrder; -import java.lang.foreign.*; -import static java.lang.foreign.ValueLayout.*; -/** - * {@snippet : - * int (*SSL_CTX_set_cert_verify_callback$cb)(X509_STORE_CTX*,void*); - * } - */ -public interface SSL_CTX_set_cert_verify_callback$cb { - - int apply(java.lang.foreign.MemorySegment _x0, java.lang.foreign.MemorySegment _x1); - static MemorySegment allocate(SSL_CTX_set_cert_verify_callback$cb fi, SegmentScope scope) { - return RuntimeHelper.upcallStub(SSL_CTX_set_cert_verify_callback$cb.class, fi, constants$15.SSL_CTX_set_cert_verify_callback$cb$FUNC, scope); - } - static SSL_CTX_set_cert_verify_callback$cb ofAddress(MemorySegment addr, SegmentScope scope) { - MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, scope); - return (java.lang.foreign.MemorySegment __x0, java.lang.foreign.MemorySegment __x1) -> { - try { - return (int)constants$15.SSL_CTX_set_cert_verify_callback$cb$MH.invokeExact(symbol, __x0, __x1); - } catch (Throwable ex$) { - throw new AssertionError("should not reach here", ex$); - } - }; - } -} - - diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java deleted file mode 100644 index f0c64eee7b..0000000000 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// Generated by jextract - -package org.apache.tomcat.util.openssl; - -import java.lang.invoke.MethodHandle; -import java.lang.invoke.VarHandle; -import java.nio.ByteOrder; -import java.lang.foreign.*; -import static java.lang.foreign.ValueLayout.*; -/** - * {@snippet : - * DH* (*SSL_CTX_set_tmp_dh_callback$dh)(SSL*,int,int); - * } - */ -public interface SSL_CTX_set_tmp_dh_callback$dh { - - java.lang.foreign.MemorySegment apply(java.lang.foreign.MemorySegment _x0, int _x1, int _x2); - static MemorySegment allocate(SSL_CTX_set_tmp_dh_callback$dh fi, SegmentScope scope) { - return RuntimeHelper.upcallStub(SSL_CTX_set_tmp_dh_callback$dh.class, fi, constants$21.SSL_CTX_set_tmp_dh_callback$dh$FUNC, scope); - } - static SSL_CTX_set_tmp_dh_callback$dh ofAddress(MemorySegment addr, SegmentScope scope) { - MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, scope); - return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> { - try { - return (java.lang.foreign.MemorySegment)constants$22.SSL_CTX_set_tmp_dh_callback$dh$MH.invokeExact(symbol, __x0, __x1, __x2); - } catch (Throwable ex$) { - throw new AssertionError("should not reach here", ex$); - } - }; - } -} - - diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java deleted file mode 100644 index 6008ac05af..0000000000 --- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// Generated by jextract - -package org.apache.tomcat.util.openssl; - -import java.lang.invoke.MethodHandle; -import java.lang.invoke.VarHandle; -import java.nio.ByteOrder; -import java.lang.foreign.*; -import static java.lang.foreign.ValueLayout.*; -/** - * {@snippet : - * void (*SSL_set_info_callback$cb)(const SSL*,int,int); - * } - */ -public interface SSL_set_info_callback$cb { - - void apply(java.lang.foreign.MemorySegment _x0, int _x1, int _x2); - static MemorySegment allocate(SSL_set_info_callback$cb fi, SegmentScope scope) { - return RuntimeHelper.upcallStub(SSL_set_info_callback$cb.class, fi, constants$21.SSL_set_info_callback$cb$FUNC, scope); - } - static SSL_set_info_callback$cb ofAddress(MemorySegment addr, SegmentScope scope) { - MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, scope); - return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> { - try { - constants$21.SSL_set_info_callback$cb$MH.invokeExact(symbol, __x0, __x1, __x2); - } catch (Throwable ex$) { - throw new AssertionError("should not reach here", ex$); - } - }; - } -} - - --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org