This is an automated email from the ASF dual-hosted git repository. michaelo pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push: new 2e865ff87 Bug 66666: Remove non-reachable functions from ssl.c 2e865ff87 is described below commit 2e865ff8788b3c738170713771ba5a2ec0e2e364 Author: Michael Osipov <micha...@apache.org> AuthorDate: Fri Jun 23 11:09:58 2023 +0200 Bug 66666: Remove non-reachable functions from ssl.c --- native/include/ssl_private.h | 1 - native/src/ssl.c | 156 +------------------------------------- native/src/sslutils.c | 27 +------ xdocs/miscellaneous/changelog.xml | 3 + 4 files changed, 8 insertions(+), 179 deletions(-) diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h index 242ab4dd4..6c5c9d297 100644 --- a/native/include/ssl_private.h +++ b/native/include/ssl_private.h @@ -232,7 +232,6 @@ typedef struct tcn_ssl_ctxt_t tcn_ssl_ctxt_t; typedef struct { char password[SSL_MAX_PASSWORD_LEN]; const char *prompt; - tcn_callback_t cb; } tcn_pass_cb_t; extern tcn_pass_cb_t tcn_password_callback; diff --git a/native/src/ssl.c b/native/src/ssl.c index 53ae4b4a9..a1ab58fa0 100644 --- a/native/src/ssl.c +++ b/native/src/ssl.c @@ -45,8 +45,7 @@ static jclass stringClass; /* * supported_ssl_opts is a bitmask that contains all supported SSL_OP_* - * options at compile-time. This is used in hasOp to determine which - * SSL_OP_* options are available at runtime. + * options at compile-time. * * Note that at least up through OpenSSL 0.9.8o, checking SSL_OP_ALL will * return JNI_FALSE because SSL_OP_ALL is a mask that covers all bug @@ -301,13 +300,6 @@ static apr_status_t ssl_init_cleanup(void *data) return APR_SUCCESS; ssl_initialized = 0; - if (tcn_password_callback.cb.obj) { - JNIEnv *env; - tcn_get_java_env(&env); - TCN_UNLOAD_CLASS(env, - tcn_password_callback.cb.obj); - } - free_bio_methods(); free_dh_params(); @@ -600,37 +592,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) return (jint)APR_SUCCESS; } -TCN_IMPLEMENT_CALL(jboolean, SSL, randLoad)(TCN_STDARGS, jstring file) -{ - TCN_ALLOC_CSTRING(file); - int r; - UNREFERENCED(o); - r = SSL_rand_seed(J2S(file)); - TCN_FREE_CSTRING(file); - return r ? JNI_TRUE : JNI_FALSE; -} - -TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file) -{ - TCN_ALLOC_CSTRING(file); - int r; - UNREFERENCED(o); - r = ssl_rand_save_file(J2S(file)); - TCN_FREE_CSTRING(file); - return r ? JNI_TRUE : JNI_FALSE; -} - -TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file, - jint length, jboolean base64) -{ - TCN_ALLOC_CSTRING(file); - int r; - UNREFERENCED(o); - r = ssl_rand_make(J2S(file), length, base64); - TCN_FREE_CSTRING(file); - return r ? JNI_TRUE : JNI_FALSE; -} - TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file) { TCN_ALLOC_CSTRING(file); @@ -894,96 +855,6 @@ static BIO_METHOD *BIO_jbs() return jbs_methods; } -TCN_IMPLEMENT_CALL(jlong, SSL, newBIO)(TCN_STDARGS, jlong pool, - jobject callback) -{ - BIO *bio = NULL; - BIO_JAVA *j; - jclass cls; - - UNREFERENCED(o); - - if ((bio = BIO_new(BIO_jbs())) == NULL) { - tcn_ThrowException(e, "Create BIO failed"); - goto init_failed; - } - j = (BIO_JAVA *)BIO_get_data(bio); - if (j == NULL) { - tcn_ThrowException(e, "Create BIO failed"); - goto init_failed; - } - j->pool = J2P(pool, apr_pool_t *); - if (j->pool) { - apr_pool_cleanup_register(j->pool, (const void *)bio, - generic_bio_cleanup, - apr_pool_cleanup_null); - } - - cls = (*e)->GetObjectClass(e, callback); - j->cb.mid[0] = (*e)->GetMethodID(e, cls, "write", "([B)I"); - j->cb.mid[1] = (*e)->GetMethodID(e, cls, "read", "([B)I"); - j->cb.mid[2] = (*e)->GetMethodID(e, cls, "puts", "(Ljava/lang/String;)I"); - j->cb.mid[3] = (*e)->GetMethodID(e, cls, "gets", "(I)Ljava/lang/String;"); - /* TODO: Check if method id's are valid */ - j->cb.obj = (*e)->NewGlobalRef(e, callback); - - BIO_set_init(bio, 1); - BIO_set_flags(bio, SSL_BIO_FLAG_CALLBACK); - return P2J(bio); -init_failed: - return 0; -} - -TCN_IMPLEMENT_CALL(jint, SSL, closeBIO)(TCN_STDARGS, jlong bio) -{ - BIO *b = J2P(bio, BIO *); - UNREFERENCED_STDARGS; - SSL_BIO_close(b); - return APR_SUCCESS; -} - -TCN_IMPLEMENT_CALL(void, SSL, setPasswordCallback)(TCN_STDARGS, - jobject callback) -{ - jclass cls; - - UNREFERENCED(o); - if (tcn_password_callback.cb.obj) { - TCN_UNLOAD_CLASS(e, - tcn_password_callback.cb.obj); - } - cls = (*e)->GetObjectClass(e, callback); - tcn_password_callback.cb.mid[0] = (*e)->GetMethodID(e, cls, "callback", - "(Ljava/lang/String;)Ljava/lang/String;"); - /* TODO: Check if method id is valid */ - tcn_password_callback.cb.obj = (*e)->NewGlobalRef(e, callback); - -} - -TCN_IMPLEMENT_CALL(void, SSL, setPassword)(TCN_STDARGS, jstring password) -{ - TCN_ALLOC_CSTRING(password); - UNREFERENCED(o); - if (J2S(password)) { - strncpy(tcn_password_callback.password, J2S(password), SSL_MAX_PASSWORD_LEN); - tcn_password_callback.password[SSL_MAX_PASSWORD_LEN-1] = '\0'; - } - TCN_FREE_CSTRING(password); -} - -TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) -{ - char buf[256]; - UNREFERENCED(o); - ERR_error_string(SSL_ERR_get(), buf); - return tcn_new_string(e, buf); -} - -TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op) -{ - return op == (op & supported_ssl_opts) ? JNI_TRUE : JNI_FALSE; -} - /*** Begin Twitter 1:1 API addition ***/ TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) { UNREFERENCED_STDARGS; @@ -1091,22 +962,6 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS, return P2J(ssl); } -TCN_IMPLEMENT_CALL(void, SSL, setBIO)(TCN_STDARGS, - jlong ssl /* SSL * */, - jlong rbio /* BIO * */, - jlong wbio /* BIO * */) { - UNREFERENCED_STDARGS; - SSL_set_bio(J2P(ssl, SSL *), J2P(rbio, BIO *), J2P(wbio, BIO *)); - return; -} - -TCN_IMPLEMENT_CALL(jint, SSL, getError)(TCN_STDARGS, - jlong ssl /* SSL * */, - jint ret) { - UNREFERENCED_STDARGS; - return SSL_get_error(J2P(ssl, SSL*), ret); -} - /* How much did SSL write into this BIO? */ TCN_IMPLEMENT_CALL(jint /* nbytes */, SSL, pendingWrittenBytesInBIO)(TCN_STDARGS, jlong bio /* BIO * */) { @@ -1171,15 +1026,6 @@ TCN_IMPLEMENT_CALL(jint /* status */, SSL, getShutdown)(TCN_STDARGS, return SSL_get_shutdown(J2P(ssl, SSL *)); } -/* Called when the peer closes the connection */ -TCN_IMPLEMENT_CALL(void, SSL, setShutdown)(TCN_STDARGS, - jlong ssl /* SSL * */, - jint mode) { - UNREFERENCED_STDARGS; - - SSL_set_shutdown(J2P(ssl, SSL *), mode); -} - /* Free the SSL * and its associated internal BIO */ TCN_IMPLEMENT_CALL(void, SSL, freeSSL)(TCN_STDARGS, jlong ssl /* SSL * */) { diff --git a/native/src/sslutils.c b/native/src/sslutils.c index 2194aac11..2af4d2504 100644 --- a/native/src/sslutils.c +++ b/native/src/sslutils.c @@ -126,32 +126,13 @@ int SSL_password_prompt(tcn_pass_cb_t *data) { int rv = 0; data->password[0] = '\0'; - if (data->cb.obj) { - JNIEnv *e; - jobject o; - jstring prompt; - tcn_get_java_env(&e); - prompt = AJP_TO_JSTRING(data->prompt); - if ((o = (*e)->CallObjectMethod(e, data->cb.obj, - data->cb.mid[0], prompt))) { - TCN_ALLOC_CSTRING(o); - if (J2S(o)) { - strncpy(data->password, J2S(o), SSL_MAX_PASSWORD_LEN); - data->password[SSL_MAX_PASSWORD_LEN-1] = '\0'; - rv = (int)strlen(data->password); - } - TCN_FREE_CSTRING(o); - } - } - else { #ifdef WIN32 - rv = WIN32_SSL_password_prompt(data); + rv = WIN32_SSL_password_prompt(data); #else - EVP_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN, - data->prompt, 0); + EVP_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN, + data->prompt, 0); #endif - rv = (int)strlen(data->password); - } + rv = (int)strlen(data->password); if (rv > 0) { /* Remove LF char if present */ char *r = strchr(data->password, '\n'); diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index 76d06de91..7ef27121a 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,6 +33,9 @@ </section> <section name="Changes in 2.0.5"> <changelog> + <update> + <bug>66666</bug>: Remove non-reachable functions from ssl.c. (michaelo) + </update> <update> Align default pass phrase prompt with HTTPd. (michaelo) </update> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org