This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4ec9c80bfd Move to the dev Panama API
4ec9c80bfd is described below
commit 4ec9c80bfde9f4126d70768f739215330e25e3b9
Author: remm <r...@apache.org>
AuthorDate: Mon Feb 13 13:36:02 2023 +0100
Move to the dev Panama API
For now SegmentScope -> Arena. This is obviously simpler to use, but
some Arenas cannot be closed.
Will refresh the jextract sources soon (a manual quick hack should be
enough for now).
---
modules/openssl-foreign/README.md | 23 ++++++----
modules/openssl-foreign/pom.xml | 4 +-
.../util/net/openssl/panama/OpenSSLContext.java | 47 ++++++++++----------
.../util/net/openssl/panama/OpenSSLEngine.java | 47 ++++++++++----------
.../openssl/panama/OpenSSLLifecycleListener.java | 2 +-
.../net/openssl/panama/OpenSSLSessionContext.java | 4 +-
.../apache/tomcat/util/openssl/Constants$root.java | 2 +-
.../apache/tomcat/util/openssl/RuntimeHelper.java | 12 +++---
.../SSL_CTX_set_cert_verify_callback$cb.java | 50 ----------------------
.../openssl/SSL_CTX_set_tmp_dh_callback$dh.java | 50 ----------------------
.../util/openssl/SSL_set_info_callback$cb.java | 50 ----------------------
11 files changed, 73 insertions(+), 218 deletions(-)
diff --git a/modules/openssl-foreign/README.md
b/modules/openssl-foreign/README.md
index a57db35620..bbc365b3fb 100644
--- a/modules/openssl-foreign/README.md
+++ b/modules/openssl-foreign/README.md
@@ -2,14 +2,20 @@
## This module is experimental
-It uses the JEP 434 API. More details on this API are available
-at `https://openjdk.java.net/jeps/434`.
+It uses the JEP XXX API. More details on this API are available
+at `https://openjdk.java.net/jeps/XXX`.
-## Building
+## Building Java 21 with the JEP XXX API
-The module can be built using Java 20. This will be the only Java version that
-is supported as the JEP 434 API is incubating and will continue to evolve.
-It can be built and run with Apache Tomcat 9.0 or newer.
+Clone `https://github.com/openjdk/panama-foreign/` in some location and
+checkout the main branch. This is a Java 21 development JVM
+with the JEP XXX API. It may fail to build. When this happens, step back
+one commit at a time until it does.
+
+```
+bash configure
+make images
+```
## Running
@@ -54,8 +60,9 @@ export JAVA_OPTS="--enable-preview
--enable-native-access=ALL-UNNAMED"
jextract is now available in its own standalone repository. Clone
`https://github.com/openjdk/jextract` in some location and
-checkout the branch that supports Java 20. Please refer to the
-instructions from the repository for building.
+checkout the branch that supports Java 21. Please refer to the
+instructions from the repository for building. It should be the
+`panama` branch.
This step is only useful to be able to use additional native APIs from OpenSSL
or stdlib.
diff --git a/modules/openssl-foreign/pom.xml b/modules/openssl-foreign/pom.xml
index bbd08a8664..26fa4978e6 100644
--- a/modules/openssl-foreign/pom.xml
+++ b/modules/openssl-foreign/pom.xml
@@ -78,8 +78,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>20</source>
- <target>20</target>
+ <source>21</source>
+ <target>21</target>
<compilerArgs>
<arg>--enable-preview</arg>
</compilerArgs>
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 1b73870194..c958c09f8a 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -25,7 +25,6 @@ import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
import java.lang.foreign.SegmentAllocator;
-import java.lang.foreign.SegmentScope;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -175,7 +174,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
private final ContextState state;
- private final SegmentScope contextScope;
+ private final Arena contextArena;
private final Cleanable cleanable;
private static String[] getCiphers(MemorySegment sslCtx) {
@@ -207,7 +206,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.sslHostConfig = certificate.getSSLHostConfig();
this.certificate = certificate;
- contextScope = SegmentScope.auto();
+ contextArena = Arena.ofAuto();
MemorySegment sslCtx = MemorySegment.NULL;
MemorySegment confCtx = MemorySegment.NULL;
@@ -224,7 +223,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
confCtx = SSL_CONF_CTX_new();
long errCode = ERR_get_error();
if (errCode != 0) {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
var buf =
localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("openssl.errorLoadingCertificate",
buf.getUtf8String(0)));
@@ -331,7 +330,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Set int pem_password_cb(char *buf, int size, int rwflag, void
*u) callback
openSSLCallbackPassword =
Linker.nativeLinker().upcallStub(openSSLCallbackPasswordHandle,
- openSSLCallbackPasswordFunctionDescriptor, contextScope);
+ openSSLCallbackPasswordFunctionDescriptor, contextArena);
SSL_CTX_set_default_passwd_cb(sslCtx, openSSLCallbackPassword);
alpn = (negotiableProtocols != null && negotiableProtocols.size()
> 0);
@@ -402,7 +401,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.checkCommand", name,
value));
}
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
// rc = SSLConf.check(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
rc = 1;
@@ -477,7 +476,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.applyCommand", name,
value));
}
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
// rc = SSLConf.apply(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
noOcspCheck = Boolean.valueOf(value);
@@ -535,7 +534,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("openssl.doubleInit"));
return;
}
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
if (sslHostConfig.getInsecureRenegotiation()) {
SSL_CTX_set_options(state.sslCtx,
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION());
} else {
@@ -610,7 +609,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Set int verify_callback(int preverify_ok, X509_STORE_CTX
*x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
- openSSLCallbackVerifyFunctionDescriptor, contextScope);
+ openSSLCallbackVerifyFunctionDescriptor, contextArena);
// Leave this just in case but in Tomcat this is always set again
by the engine
SSL_CTX_set_verify(state.sslCtx, value, openSSLCallbackVerify);
@@ -620,7 +619,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
state.x509TrustManager = chooseTrustManager(tms);
var openSSLCallbackCertVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackCertVerifyHandle,
- openSSLCallbackCertVerifyFunctionDescriptor,
contextScope);
+ openSSLCallbackCertVerifyFunctionDescriptor,
contextArena);
SSL_CTX_set_cert_verify_callback(state.sslCtx,
openSSLCallbackCertVerify, state.sslCtx);
// Pass along the DER encoded certificates of the accepted
client
@@ -678,7 +677,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// MemoryAddress in, int inlen, MemoryAddress arg
var openSSLCallbackAlpnSelectProto =
Linker.nativeLinker().upcallStub(openSSLCallbackAlpnSelectProtoHandle,
- openSSLCallbackAlpnSelectProtoFunctionDescriptor,
contextScope);
+ openSSLCallbackAlpnSelectProtoFunctionDescriptor,
contextArena);
SSL_CTX_set_alpn_select_cb(state.sslCtx,
openSSLCallbackAlpnSelectProto, state.sslCtx);
}
@@ -794,8 +793,8 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("context.noSSL",
Long.valueOf(arg.address())));
return SSL_TLSEXT_ERR_NOACK();
}
- try (var localArena = Arena.openConfined()) {
- MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen,
localArena.scope());
+ try (var localArena = Arena.ofConfined()) {
+ MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen,
localArena);
byte[] advertisedBytes = inSeg.toArray(ValueLayout.JAVA_BYTE);
for (byte[] negotiableProtocolBytes : state.negotiableProtocols) {
for (int i = 0; i <= advertisedBytes.length -
negotiableProtocolBytes.length; i++) {
@@ -804,9 +803,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
if (advertisedBytes[i + j] ==
negotiableProtocolBytes[j]) {
if (j == negotiableProtocolBytes.length - 1) {
// Match
- MemorySegment outSeg =
MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(),
localArena.scope());
+ MemorySegment outSeg =
MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(),
localArena);
outSeg.set(ValueLayout.ADDRESS, 0,
inSeg.asSlice(i));
- MemorySegment outlenSeg =
MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(),
localArena.scope());
+ MemorySegment outlenSeg =
MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(),
localArena);
outlenSeg.set(ValueLayout.JAVA_BYTE, 0,
(byte) negotiableProtocolBytes.length);
return SSL_TLSEXT_ERR_OK();
}
@@ -842,7 +841,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
MemorySegment /*STACK_OF(X509)*/ sk =
X509_STORE_CTX_get0_untrusted(x509_ctx);
int len = OPENSSL_sk_num(sk);
byte[][] certificateChain = new byte[len][];
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
MemorySegment bufPointer =
localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
@@ -852,7 +851,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- certificateChain[i] = MemorySegment.ofAddress(buf.address(),
length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ certificateChain[i] = MemorySegment.ofAddress(buf.address(),
length, localArena).toArray(ValueLayout.JAVA_BYTE);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
MemorySegment cipher = SSL_get_current_cipher(ssl);
@@ -960,13 +959,13 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
String callbackPassword = callbackPasswordTheadLocal.get();
if (callbackPassword != null && callbackPassword.length() > 0) {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
MemorySegment callbackPasswordNative =
localArena.allocateUtf8String(callbackPassword);
if (callbackPasswordNative.byteSize() > bufsiz) {
// The password is too long
log.error(sm.getString("openssl.passwordTooLong"));
} else {
- MemorySegment bufSegment =
MemorySegment.ofAddress(buf.address(), bufsiz, localArena.scope());
+ MemorySegment bufSegment =
MemorySegment.ofAddress(buf.address(), bufsiz, localArena);
bufSegment.copyFrom(callbackPasswordNative);
return (int) callbackPasswordNative.byteSize();
}
@@ -1139,7 +1138,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
// Set callback for DH parameters
var openSSLCallbackTmpDH =
Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, contextScope);
+ openSSLCallbackTmpDHFunctionDescriptor, contextArena);
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
@@ -1227,7 +1226,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
}
// Set callback for DH parameters
var openSSLCallbackTmpDH =
Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, contextScope);
+ openSSLCallbackTmpDHFunctionDescriptor, contextArena);
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
for (int i = 1; i < chain.length; i++) {
//SSLContext.addChainCertificateRaw(state.ctx,
chain[i].getEncoded());
@@ -1372,7 +1371,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
private static class ContextState implements Runnable {
- private final Arena stateArena = Arena.openShared();
+ private final Arena stateArena = Arena.ofShared();
private final MemorySegment sslCtx;
private final MemorySegment confCtx;
private final List<byte[]> negotiableProtocols;
@@ -1384,9 +1383,9 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
this.negotiableProtocols = negotiableProtocols;
// Use another arena to avoid keeping a reference through segments
// This also allows making further accesses to the main pointers
safer
- this.sslCtx = MemorySegment.ofAddress(sslCtx.address(),
ValueLayout.ADDRESS.byteSize(), stateArena.scope());
+ this.sslCtx = MemorySegment.ofAddress(sslCtx.address(),
ValueLayout.ADDRESS.byteSize(), stateArena);
if (!MemorySegment.NULL.equals(confCtx)) {
- this.confCtx = MemorySegment.ofAddress(confCtx.address(),
ValueLayout.ADDRESS.byteSize(), stateArena.scope());
+ this.confCtx = MemorySegment.ofAddress(confCtx.address(),
ValueLayout.ADDRESS.byteSize(), stateArena);
} else {
this.confCtx = null;
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 88ecc5822b..bff4228faf 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -22,7 +22,6 @@ import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.SegmentScope;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -107,7 +106,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
OpenSSLLifecycleListener.initLibrary();
final Set<String> availableCipherSuites = new LinkedHashSet<>(128);
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
var sslCtx = SSL_CTX_new(TLS_server_method());
try {
SSL_CTX_set_options(sslCtx, SSL_OP_ALL());
@@ -185,7 +184,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
private final EngineState state;
- private final SegmentScope engineScope;
+ private final Arena engineArena;
private final Cleanable cleanable;
private MemorySegment bufSegment = null;
@@ -249,13 +248,13 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
if (sslCtx == null) {
throw new
IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
- engineScope = SegmentScope.auto();
- bufSegment = MemorySegment.allocateNative(MAX_ENCRYPTED_PACKET_LENGTH,
engineScope);
+ engineArena = Arena.ofAuto();
+ bufSegment = engineArena.allocate(MAX_ENCRYPTED_PACKET_LENGTH);
session = new OpenSSLSession();
var ssl = SSL_new(sslCtx);
// Set ssl_info_callback
var openSSLCallbackInfo =
Linker.nativeLinker().upcallStub(openSSLCallbackInfoHandle,
- openSSLCallbackInfoFunctionDescriptor, engineScope);
+ openSSLCallbackInfoFunctionDescriptor, engineArena);
SSL_set_info_callback(ssl, openSSLCallbackInfo);
if (clientMode) {
SSL_set_connect_state(ssl);
@@ -263,7 +262,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
SSL_set_accept_state(ssl);
}
SSL_set_verify_result(ssl, X509_V_OK());
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
var internalBIOPointer = localArena.allocate(ValueLayout.ADDRESS);
var networkBIOPointer = localArena.allocate(ValueLayout.ADDRESS);
BIO_new_bio_pair(internalBIOPointer, 0, networkBIOPointer, 0);
@@ -770,7 +769,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
buf.setLength(buf.length() - 1);
final String cipherSuiteSpec = buf.toString();
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
SSL_set_cipher_list(state.ssl,
localArena.allocateUtf8String(cipherSuiteSpec));
} catch (Exception e) {
throw new
IllegalStateException(sm.getString("engine.failedCipherSuite",
cipherSuiteSpec), e);
@@ -907,7 +906,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
private byte[] getPeerCertificate() {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
MemorySegment/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ?
SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl));
MemorySegment bufPointer =
localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
@@ -915,7 +914,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return null;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(),
length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(),
length, localArena).toArray(ValueLayout.JAVA_BYTE);
X509_free(x509);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
return certificate;
@@ -929,7 +928,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return null;
}
byte[][] certificateChain = new byte[len][];
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
MemorySegment bufPointer =
localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
@@ -939,7 +938,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(),
length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(),
length, localArena).toArray(ValueLayout.JAVA_BYTE);
certificateChain[i] = certificate;
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
@@ -948,7 +947,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
private String getProtocolNegotiated() {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
MemorySegment lenAddress =
localArena.allocate(ValueLayout.JAVA_INT, 0);
MemorySegment protocolPointer =
localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
SSL_get0_alpn_selected(state.ssl, protocolPointer, lenAddress);
@@ -960,7 +959,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
return null;
}
MemorySegment protocolAddress =
protocolPointer.get(ValueLayout.ADDRESS, 0);
- byte[] name = MemorySegment.ofAddress(protocolAddress.address(),
length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] name = MemorySegment.ofAddress(protocolAddress.address(),
length, localArena).toArray(ValueLayout.JAVA_BYTE);
if (log.isDebugEnabled()) {
log.debug("Protocol negotiated [" + new String(name) + "]");
}
@@ -1048,7 +1047,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
String sslError = null;
long error = ERR_get_error();
if (error != SSL_ERROR_NONE()) {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
do {
// Loop until getLastErrorNumber() returns SSL_ERROR_NONE
var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE,
new byte[128]);
@@ -1204,7 +1203,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Set int verify_callback(int preverify_ok, X509_STORE_CTX
*x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
- openSSLCallbackVerifyFunctionDescriptor, engineScope);
+ openSSLCallbackVerifyFunctionDescriptor, engineArena);
int value = switch (mode) {
case NONE -> SSL_VERIFY_NONE();
case REQUIRE -> SSL_VERIFY_PEER() |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT();
@@ -1324,13 +1323,13 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// sslutils.c ssl_ocsp_request(x509, issuer, x509ctx);
int nid = X509_get_ext_by_NID(x509, NID_info_access(), -1);
if (nid >= 0) {
- try (var localArenal = Arena.openConfined()) {
+ try (var localArenal = Arena.ofConfined()) {
MemorySegment ext = X509_get_ext(x509, nid);
MemorySegment os = X509_EXTENSION_get_data(ext);
int length = ASN1_STRING_length(os);
MemorySegment data = ASN1_STRING_get0_data(os);
// ocsp_urls = decode_OCSP_url(os);
- byte[] asn1String =
MemorySegment.ofAddress(data.address(), length,
localArenal.scope()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] asn1String =
MemorySegment.ofAddress(data.address(), length,
localArenal).toArray(ValueLayout.JAVA_BYTE);
Asn1Parser parser = new Asn1Parser(asn1String);
// Parse the byte sequence
ArrayList<String> urls = new ArrayList<>();
@@ -1426,7 +1425,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
// Host: urlHost:urlPort
// Content-Type: application/ocsp-request
// Content-Length: ocspRequestData.length
- byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(),
requestLength, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(),
requestLength, localArena).toArray(ValueLayout.JAVA_BYTE);
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
@@ -1507,7 +1506,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
byte[] id = null;
synchronized (OpenSSLEngine.this) {
if (!destroyed) {
- try (var localArena = Arena.openConfined()) {
+ try (var localArena = Arena.ofConfined()) {
MemorySegment lenPointer =
localArena.allocate(ValueLayout.ADDRESS);
var session = SSL_get_session(state.ssl);
if (MemorySegment.NULL.equals(session)) {
@@ -1516,7 +1515,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
MemorySegment sessionId = SSL_SESSION_get_id(session,
lenPointer);
int len = lenPointer.get(ValueLayout.JAVA_INT, 0);
id = (len == 0) ? new byte[0]
- : MemorySegment.ofAddress(sessionId.address(),
len, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
+ : MemorySegment.ofAddress(sessionId.address(),
len, localArena).toArray(ValueLayout.JAVA_BYTE);
}
}
}
@@ -1798,7 +1797,7 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private static class EngineState implements Runnable {
- private final Arena stateArena = Arena.openShared();
+ private final Arena stateArena = Arena.ofShared();
private final MemorySegment ssl;
private final MemorySegment networkBIO;
private final int certificateVerificationDepth;
@@ -1815,8 +1814,8 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
this.noOcspCheck = noOcspCheck;
// Use another arena to avoid keeping a reference through segments
// This also allows making further accesses to the main pointers
safer
- this.ssl = MemorySegment.ofAddress(ssl.address(),
ValueLayout.ADDRESS.byteSize(), stateArena.scope());
- this.networkBIO = MemorySegment.ofAddress(networkBIO.address(),
ValueLayout.ADDRESS.byteSize(), stateArena.scope());
+ this.ssl = MemorySegment.ofAddress(ssl.address(),
ValueLayout.ADDRESS.byteSize(), stateArena);
+ this.networkBIO = MemorySegment.ofAddress(networkBIO.address(),
ValueLayout.ADDRESS.byteSize(), stateArena);
}
@Override
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index b5d2802886..65b9f7394b 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -229,7 +229,7 @@ public class OpenSSLLifecycleListener implements
LifecycleListener {
return;
}
- try (var memorySession = Arena.openConfined()) {
+ try (var memorySession = Arena.ofConfined()) {
// Main library init
initLibrary();
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
index a5f99c5e16..7b66e17b69 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
@@ -67,7 +67,7 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
if (keys.length != TICKET_KEYS_SIZE) {
throw new
IllegalArgumentException(sm.getString("sessionContext.invalidTicketKeysLength",
keys.length));
}
- try (var memorySession = Arena.openConfined()) {
+ try (var memorySession = Arena.ofConfined()) {
var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE,
keys);
// #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen)
// SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
(keylen), (keys))
@@ -144,7 +144,7 @@ public class OpenSSLSessionContext implements
SSLSessionContext {
* @return {@code true} if success, {@code false} otherwise.
*/
public boolean setSessionIdContext(byte[] sidCtx) {
- try (var memorySession = Arena.openConfined()) {
+ try (var memorySession = Arena.ofConfined()) {
var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE,
sidCtx);
return (SSL_CTX_set_session_id_context(context.getSSLContext(),
array, sidCtx.length) == 1);
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java
index 5727b52eb3..5e154ba8b3 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/Constants$root.java
@@ -36,7 +36,7 @@ final class Constants$root {
static final OfLong C_LONG_LONG$LAYOUT = JAVA_LONG;
static final OfFloat C_FLOAT$LAYOUT = JAVA_FLOAT;
static final OfDouble C_DOUBLE$LAYOUT = JAVA_DOUBLE;
- static final OfAddress C_POINTER$LAYOUT =
ADDRESS.withBitAlignment(64).asUnbounded();
+ static final OfAddress C_POINTER$LAYOUT = ADDRESS.withBitAlignment(64);
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
index c277588251..2d67ac9dfa 100644
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
+++
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
@@ -19,12 +19,12 @@ package org.apache.tomcat.util.openssl;
// Generated by jextract
import java.lang.foreign.Linker;
+import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.GroupLayout;
import java.lang.foreign.SymbolLookup;
import java.lang.foreign.MemoryLayout;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.SegmentScope;
import java.lang.foreign.SegmentAllocator;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
@@ -49,7 +49,7 @@ final class RuntimeHelper {
private static final SegmentAllocator THROWING_ALLOCATOR = (x, y) -> {
throw new AssertionError("should not reach here"); };
final static SegmentAllocator CONSTANT_ALLOCATOR =
- (size, align) -> MemorySegment.allocateNative(size, align,
SegmentScope.auto());
+ (size, align) -> Arena.ofAuto().allocate(size, align);
static {
System.loadLibrary("ssl");
@@ -67,9 +67,9 @@ final class RuntimeHelper {
return obj;
}
- static MemorySegment lookupGlobalVariable(String name, MemoryLayout
layout) {
+ /*static MemorySegment lookupGlobalVariable(String name, MemoryLayout
layout) {
return SYMBOL_LOOKUP.find(name).map(symbol ->
MemorySegment.ofAddress(symbol.address(), layout.byteSize(),
symbol.scope())).orElse(null);
- }
+ }*/
static MethodHandle downcallHandle(String name, FunctionDescriptor fdesc) {
return SYMBOL_LOOKUP.find(name).
@@ -87,7 +87,7 @@ final class RuntimeHelper {
orElse(null);
}
- static <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor
fdesc, SegmentScope scope) {
+ static <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor
fdesc, Arena scope) {
try {
MethodHandle handle = MH_LOOKUP.findVirtual(fi, "apply",
fdesc.toMethodType());
handle = handle.bindTo(z);
@@ -97,7 +97,7 @@ final class RuntimeHelper {
}
}
- static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int
numElements, SegmentScope scope) {
+ static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int
numElements, Arena scope) {
return MemorySegment.ofAddress(addr.address(), numElements *
layout.byteSize(), scope);
}
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
deleted file mode 100644
index a8196b12ec..0000000000
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// Generated by jextract
-
-package org.apache.tomcat.util.openssl;
-
-import java.lang.invoke.MethodHandle;
-import java.lang.invoke.VarHandle;
-import java.nio.ByteOrder;
-import java.lang.foreign.*;
-import static java.lang.foreign.ValueLayout.*;
-/**
- * {@snippet :
- * int (*SSL_CTX_set_cert_verify_callback$cb)(X509_STORE_CTX*,void*);
- * }
- */
-public interface SSL_CTX_set_cert_verify_callback$cb {
-
- int apply(java.lang.foreign.MemorySegment _x0,
java.lang.foreign.MemorySegment _x1);
- static MemorySegment allocate(SSL_CTX_set_cert_verify_callback$cb fi,
SegmentScope scope) {
- return
RuntimeHelper.upcallStub(SSL_CTX_set_cert_verify_callback$cb.class, fi,
constants$15.SSL_CTX_set_cert_verify_callback$cb$FUNC, scope);
- }
- static SSL_CTX_set_cert_verify_callback$cb ofAddress(MemorySegment addr,
SegmentScope scope) {
- MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0,
scope);
- return (java.lang.foreign.MemorySegment __x0,
java.lang.foreign.MemorySegment __x1) -> {
- try {
- return
(int)constants$15.SSL_CTX_set_cert_verify_callback$cb$MH.invokeExact(symbol,
__x0, __x1);
- } catch (Throwable ex$) {
- throw new AssertionError("should not reach here", ex$);
- }
- };
- }
-}
-
-
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
deleted file mode 100644
index f0c64eee7b..0000000000
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// Generated by jextract
-
-package org.apache.tomcat.util.openssl;
-
-import java.lang.invoke.MethodHandle;
-import java.lang.invoke.VarHandle;
-import java.nio.ByteOrder;
-import java.lang.foreign.*;
-import static java.lang.foreign.ValueLayout.*;
-/**
- * {@snippet :
- * DH* (*SSL_CTX_set_tmp_dh_callback$dh)(SSL*,int,int);
- * }
- */
-public interface SSL_CTX_set_tmp_dh_callback$dh {
-
- java.lang.foreign.MemorySegment apply(java.lang.foreign.MemorySegment _x0,
int _x1, int _x2);
- static MemorySegment allocate(SSL_CTX_set_tmp_dh_callback$dh fi,
SegmentScope scope) {
- return RuntimeHelper.upcallStub(SSL_CTX_set_tmp_dh_callback$dh.class,
fi, constants$21.SSL_CTX_set_tmp_dh_callback$dh$FUNC, scope);
- }
- static SSL_CTX_set_tmp_dh_callback$dh ofAddress(MemorySegment addr,
SegmentScope scope) {
- MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0,
scope);
- return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> {
- try {
- return
(java.lang.foreign.MemorySegment)constants$22.SSL_CTX_set_tmp_dh_callback$dh$MH.invokeExact(symbol,
__x0, __x1, __x2);
- } catch (Throwable ex$) {
- throw new AssertionError("should not reach here", ex$);
- }
- };
- }
-}
-
-
diff --git
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
deleted file mode 100644
index 6008ac05af..0000000000
---
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// Generated by jextract
-
-package org.apache.tomcat.util.openssl;
-
-import java.lang.invoke.MethodHandle;
-import java.lang.invoke.VarHandle;
-import java.nio.ByteOrder;
-import java.lang.foreign.*;
-import static java.lang.foreign.ValueLayout.*;
-/**
- * {@snippet :
- * void (*SSL_set_info_callback$cb)(const SSL*,int,int);
- * }
- */
-public interface SSL_set_info_callback$cb {
-
- void apply(java.lang.foreign.MemorySegment _x0, int _x1, int _x2);
- static MemorySegment allocate(SSL_set_info_callback$cb fi, SegmentScope
scope) {
- return RuntimeHelper.upcallStub(SSL_set_info_callback$cb.class, fi,
constants$21.SSL_set_info_callback$cb$FUNC, scope);
- }
- static SSL_set_info_callback$cb ofAddress(MemorySegment addr, SegmentScope
scope) {
- MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0,
scope);
- return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> {
- try {
- constants$21.SSL_set_info_callback$cb$MH.invokeExact(symbol,
__x0, __x1, __x2);
- } catch (Throwable ex$) {
- throw new AssertionError("should not reach here", ex$);
- }
- };
- }
-}
-
-
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
