This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fe073bc124 Fix bad symbol lookup use
fe073bc124 is described below
commit fe073bc1247e71b21417f2026c30a134100e2887
Author: remm <r...@apache.org>
AuthorDate: Fri Feb 23 12:45:35 2024 +0100
Fix bad symbol lookup use
Depending on how OpenSSL is available in the system, this could cause a
failure since one lookup is different from the others.
---
.../apache/tomcat/util/net/openssl/panama/OpenSSLContext.java | 4 ++--
java/org/apache/tomcat/util/openssl/openssl_h_Macros.java | 10 ++++++++++
webapps/docs/changelog.xml | 7 +++++++
3 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index f156f1951f..961d2a76cf 100644
--- a/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -22,7 +22,6 @@ import java.io.IOException;
import java.io.InputStreamReader;
import java.lang.foreign.Arena;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.SymbolLookup;
import java.lang.foreign.ValueLayout;
import java.lang.ref.Cleaner;
import java.lang.ref.Cleaner.Cleanable;
@@ -68,6 +67,7 @@ import
org.apache.tomcat.util.openssl.SSL_CTX_set_alpn_select_cb$cb;
import org.apache.tomcat.util.openssl.SSL_CTX_set_cert_verify_callback$cb;
import org.apache.tomcat.util.openssl.SSL_CTX_set_tmp_dh_callback$dh;
import org.apache.tomcat.util.openssl.SSL_CTX_set_verify$callback;
+import org.apache.tomcat.util.openssl.openssl_h_Macros;
import org.apache.tomcat.util.openssl.pem_password_cb;
import org.apache.tomcat.util.res.StringManager;
@@ -1081,7 +1081,7 @@ public class OpenSSLContext implements
org.apache.tomcat.util.net.SSLContext {
// Set callback for DH parameters
SSL_CTX_set_tmp_dh_callback(state.sslCtx,
SSL_CTX_set_tmp_dh_callback$dh.allocate(new TmpDHCallback(), contextArena));
} else {
- var d2i_ECPKParameters =
SymbolLookup.loaderLookup().find("d2i_ECPKParameters").get();
+ var d2i_ECPKParameters =
openssl_h_Macros.findOrThrow("d2i_ECPKParameters");
var ecparams = PEM_ASN1_read_bio(d2i_ECPKParameters,
PEM_STRING_ECPARAMETERS(), certificateBIO,
MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL);
if (!MemorySegment.NULL.equals(ecparams)) {
diff --git a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
index e84d50b27b..acae96ac72 100644
--- a/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
+++ b/java/org/apache/tomcat/util/openssl/openssl_h_Macros.java
@@ -28,6 +28,16 @@ import static org.apache.tomcat.util.openssl.openssl_h.*;
public class openssl_h_Macros {
+ /**
+ * Publicly accessible find.
+ * @param symbol the symbol to find
+ * @return the symbol
+ */
+ public static MemorySegment findOrThrow(String symbol) {
+ return openssl_h.findOrThrow(symbol);
+ }
+
+
/**
* Set maximum protocol version on the given context.
* {@snippet lang = c : # define SSL_CTX_set_max_proto_version(sslCtx,
version) \
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 241ac0f4bc..89e5be6a97 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,13 @@
</update>
</changelog>
</subsection>
+ <subsection name="Coyote">
+ <changelog>
+ <fix>
+ Fix bad symbol lookup use in the OpenSSL FFM code. (remm)
+ </fix>
+ </changelog>
+ </subsection>
<subsection name="Jasper">
<changelog>
<add>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
