Author: mturk
Date: Tue Sep 13 07:36:52 2011
New Revision: 1170067
URL: http://svn.apache.org/viewvc?rev=1170067&view=rev
Log:
Add ssl BIO wrapper and missing api
Added:
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (with
props)
Modified:
commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
Modified: commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in (original)
+++ commons/sandbox/runtime/trunk/src/main/native/Makefile.unx.in Tue Sep 13
07:36:52 2011
@@ -150,6 +150,7 @@ LIBSOURCES=\
SSLSOURCES=\
$(TOPDIR)/modules/openssl/api.c \
+ $(TOPDIR)/modules/openssl/bio.c \
$(TOPDIR)/modules/openssl/ctx.c \
$(TOPDIR)/modules/openssl/init.c \
$(TOPDIR)/modules/openssl/password.c \
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Tue Sep 13
07:36:52 2011
@@ -278,8 +278,6 @@ typedef struct acr_ssl_ctxt_t {
X509_STORE *crl;
/* pointer to the context verify store */
X509_STORE *store;
- const char *cert_files[SSL_AIDX_MAX];
- const char *key_files[SSL_AIDX_MAX];
X509 *certs[SSL_AIDX_MAX];
EVP_PKEY *keys[SSL_AIDX_MAX];
@@ -287,7 +285,6 @@ typedef struct acr_ssl_ctxt_t {
int shutdown_type;
char *rand_file;
- const char *cipher_suite;
/* for client or downstream server authentication */
int verify_depth;
int verify_mode;
@@ -301,14 +298,14 @@ typedef struct acr_ssl_ctxt_t {
int stapling_fake_trylater;
int stapling_errcache_timeout;
acr_time_t stapling_responder_timeout;
- const char *stapling_force_url;
+ char *stapling_force_url;
#endif
int ocsp_enabled; /* true if OCSP verification enabled
*/
int ocsp_force_default; /* true if the default responder URL
is
* used regardless of per-cert URL
*/
- const char *ocsp_responder; /* default responder URL */
+ char *ocsp_responder; /* default responder URL */
long ocsp_resptime_skew;
long ocsp_resp_maxage;
acr_time_t ocsp_responder_timeout;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/api.c Tue Sep
13 07:36:52 2011
@@ -86,9 +86,13 @@ struct SSLAPIst {
/*** BIO ***/
long (*fpBIO_ctrl)(BIO *, int, long, void *);
int (*fpBIO_free)(BIO *);
+ void (*fpBIO_free_all)(BIO *);
BIO* (*fpBIO_new)(BIO_METHOD *);
BIO* (*fpBIO_new_file)(const char *, const char *);
BIO* (*fpBIO_new_fp)(FILE *, int);
+ BIO* (*fpBIO_push)(BIO *, BIO *);
+
+ BIO_METHOD* (*fpBIO_f_base64)(void);
BIO_METHOD* (*fpBIO_s_file)(void);
BIO_METHOD* (*fpBIO_s_mem)(void);
int (*fpBIO_printf)(BIO *, const char *, ...);
@@ -98,6 +102,8 @@ struct SSLAPIst {
BIGNUM* (*fpBN_bin2bn)(const unsigned char *, int, BIGNUM *);
/*** CRYPTO ***/
+ void (*fpCRYPTO_free)(void *);
+ void* (*fpCRYPTO_malloc)(int, const char *, int);
int (*fpCRYPTO_num_locks)(void);
void (*fpCRYPTO_set_dynlock_create_callback)(struct
CRYPTO_dynlock_value *(*)(const char *, int));
void (*fpCRYPTO_set_dynlock_lock_callback)(void (*)(int,
struct CRYPTO_dynlock_value *, const char *, int));
@@ -111,11 +117,15 @@ struct SSLAPIst {
void (*fpDH_free)(DH *dh);
/*** ERR ***/
+ void (*fpERR_clear_error)(void);
void (*fpERR_error_string_n)(unsigned long, char *, size_t);
unsigned long (*fpERR_get_error)(void);
void (*fpERR_load_crypto_strings)(void);
unsigned long (*fpERR_peek_error)(void);
+ /*** EVP ***/
+ void (*fpEVP_PKEY_free)(EVP_PKEY *);
+
/*** MD5 ***/
int (*fpMD5_Final)(unsigned char *, MD5_CTX *);
int (*fpMD5_Init)(MD5_CTX *);
@@ -172,6 +182,7 @@ struct SSLAPIst {
/*** X509 ***/
void (*fpX509_free)(X509 *);
+ void (*fpX509_STORE_free)(X509_STORE *);
void (*fpNULL)(void);
/*** _STACK ***/
@@ -271,9 +282,12 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
/*** BIO ***/
CRYPTO_FPLOAD(BIO_ctrl);
CRYPTO_FPLOAD(BIO_free);
+ CRYPTO_FPLOAD(BIO_free_all);
CRYPTO_FPLOAD(BIO_new);
CRYPTO_FPLOAD(BIO_new_file);
CRYPTO_FPLOAD(BIO_new_fp);
+ CRYPTO_FPLOAD(BIO_push);
+ CRYPTO_FPLOAD(BIO_f_base64);
CRYPTO_FPLOAD(BIO_s_file);
CRYPTO_FPLOAD(BIO_s_mem);
CRYPTO_FPLOAD(BIO_printf);
@@ -296,11 +310,15 @@ ACR_JNI_EXPORT(jboolean, Native, ldopens
CRYPTO_FPLOAD(DH_free);
/*** ERR ***/
+ CRYPTO_FPLOAD(ERR_clear_error);
CRYPTO_FPLOAD(ERR_error_string_n);
CRYPTO_FPLOAD(ERR_get_error);
CRYPTO_FPLOAD(ERR_load_crypto_strings);
CRYPTO_FPLOAD(ERR_peek_error);
+ /*** EVP ***/
+ CRYPTO_FPLOAD(EVP_PKEY_free);
+
/*** MD5 ***/
CRYPTO_FPLOAD(MD5_Final);
CRYPTO_FPLOAD(MD5_Init);
@@ -396,6 +414,11 @@ int BIO_free(BIO *a)
return SSLAPI_CALL(BIO_free)(a);
}
+void BIO_free_all(BIO *a)
+{
+ SSLAPI_CALL(BIO_free_all)(a);
+}
+
BIO *BIO_new_file(const char *filename, const char *mode)
{
return SSLAPI_CALL(BIO_new_file)(filename, mode);
@@ -406,6 +429,16 @@ BIO *BIO_new_fp(FILE *stream, int close_
return SSLAPI_CALL(BIO_new_fp)(stream, close_flag);
}
+BIO *BIO_push(BIO *b, BIO *append)
+{
+ return SSLAPI_CALL(BIO_push)(b, append);
+}
+
+BIO_METHOD *BIO_f_base64(void)
+{
+ return SSLAPI_CALL(BIO_f_base64)();
+}
+
BIO_METHOD *BIO_s_file(void)
{
return SSLAPI_CALL(BIO_s_file)();
@@ -437,6 +470,16 @@ BIGNUM *BN_bin2bn(const unsigned char *s
return SSLAPI_CALL(BN_bin2bn)(s, len, ret);
}
+void CRYPTO_free(void *p)
+{
+ SSLAPI_CALL(CRYPTO_free)(p);
+}
+
+void *CRYPTO_malloc(int num, const char *file, int line)
+{
+ return SSLAPI_CALL(CRYPTO_malloc)(num, file, line);
+}
+
int CRYPTO_num_locks(void)
{
return SSLAPI_CALL(CRYPTO_num_locks)();
@@ -558,6 +601,11 @@ int RAND_set_rand_engine(ENGINE *engine)
#endif /* OPENSSL_NO_ENGINE */
+void ERR_clear_error(void)
+{
+ SSLAPI_CALL(ERR_clear_error)();
+}
+
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
{
return SSLAPI_CALL(ERR_error_string_n)(e, buf, len);
@@ -578,6 +626,11 @@ unsigned long ERR_peek_error(void)
return SSLAPI_CALL(ERR_peek_error)();
}
+void EVP_PKEY_free(EVP_PKEY *pkey)
+{
+ SSLAPI_CALL(EVP_PKEY_free)(pkey);
+}
+
int MD5_Init(MD5_CTX *c)
{
return SSLAPI_CALL(MD5_Init)(c);
@@ -737,6 +790,11 @@ void X509_free(X509 *x)
SSLAPI_CALL(X509_free)(x);
}
+void X509_STORE_free(X509_STORE *v)
+{
+ SSLAPI_CALL(X509_STORE_free)(v);
+}
+
void sk_pop_free(SSLAPI_STACK *st, void (*func)(void *))
{
SSLAPI_CALL(sk_pop_free)(st, func);
Added: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c?rev=1170067&view=auto
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c (added)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c Tue Sep
13 07:36:52 2011
@@ -0,0 +1,188 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "acr/clazz.h"
+#include "acr/error.h"
+#include "acr/misc.h"
+#include "acr/string.h"
+#include "acr/port.h"
+#include "acr/ssl.h"
+#include "arch_sync.h"
+
+#if !HAVE_OPENSSL
+#error "Cannot compile this file without HAVE_OPENSSL defined"
+#endif
+
+J_DECLARE_CLAZZ = {
+ INVALID_FIELD_OFFSET,
+ 0,
+ 0,
+ 0,
+ ACR_SSL_CP "SSLBio"
+};
+
+J_DECLARE_M_ID(0000) = {
+ 0,
+ "<init>",
+ "(J)V"
+};
+
+J_DECLARE_M_ID(0001) = {
+ 0,
+ "write",
+ "([B)I"
+};
+
+J_DECLARE_M_ID(0002) = {
+ 0,
+ "read",
+ "([B)I"
+};
+
+J_DECLARE_M_ID(0003) = {
+ 0,
+ "puts",
+ "(Ljava/lang/String;)I"
+};
+
+J_DECLARE_M_ID(0004) = {
+ 0,
+ "gets",
+ "(I)Ljava/lang/String;"
+};
+
+typedef struct acr_bio_t {
+ volatile acr_atomic32_t refs;
+ jobject obj;
+} acr_bio_t;
+
+ACR_SSL_EXPORT(void, SSLBio, init0)(JNI_STDARGS)
+{
+ if (_clazzn.u == 0) {
+ if (AcrLoadClass(env, &_clazzn, 0) == JNI_FALSE)
+ return;
+ V_LOAD_METHOD(0000);
+ V_LOAD_METHOD(0001);
+ V_LOAD_METHOD(0002);
+ V_LOAD_METHOD(0003);
+ V_LOAD_METHOD(0004);
+ _clazzn.u = 1;
+ }
+}
+
+void ssl_bio_close(BIO *bi)
+{
+ if (bi == 0)
+ return;
+ if (bi->ptr != 0 && (bi->flags & SSL_BIO_FLAG_CALLBACK)) {
+ acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+ if (AcrAtomic32Dec(&bp->refs) == 0) {
+ OPENSSL_free(bp);
+ BIO_free(bi);
+ }
+ }
+ else
+ BIO_free(bi);
+}
+
+void ssl_bio_doref(BIO *bi)
+{
+ if (bi == 0)
+ return;
+ if (bi->ptr != 0 && (bi->flags & SSL_BIO_FLAG_CALLBACK)) {
+ acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+ AcrAtomic32Inc(&bp->refs);
+ }
+}
+
+static int bio_j_new(BIO *bi)
+{
+ acr_bio_t *bp;
+
+ if ((bp = OPENSSL_malloc(sizeof(acr_bio_t))) == 0)
+ return 0;
+ bp->refs = 1;
+ bi->shutdown = 1;
+ bi->init = 0;
+ bi->num = -1;
+ bi->ptr = (char *)bp;
+
+ return 1;
+}
+
+static int bio_j_free(BIO *bi)
+{
+ if (bi == 0)
+ return 0;
+ if (bi->ptr != NULL) {
+ acr_bio_t *bp = (acr_bio_t *)bi->ptr;
+ if (bi->init) {
+ bi->init = 0;
+ if (bp->obj != 0) {
+ JNIEnv *env = AcrGetJNIEnv();
+ if (env != 0)
+ (*env)->DeleteWeakGlobalRef(env, bp->obj);
+ bp->obj = 0;
+ }
+ }
+ OPENSSL_free(bi->ptr);
+ }
+ bi->ptr = 0;
+ return 1;
+}
+
+static long bio_j_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+ return 0;
+}
+
+static BIO_METHOD bio_j_methods = {
+ BIO_TYPE_FILE,
+ "Java OpenSSL BIO",
+ 0,
+ 0,
+ 0,
+ 0,
+ bio_j_ctrl,
+ bio_j_new,
+ bio_j_free,
+ 0
+};
+
+static BIO_METHOD *BIO_j_file()
+{
+ return &bio_j_methods;
+}
+
+ACR_SSL_EXPORT(jlong, SSLBio, new0)(JNI_STDARGS, jobject cb)
+{
+ BIO *bi;
+ acr_bio_t *bp;
+
+ if ((bi = BIO_new(BIO_j_file())) == 0) {
+ ACR_THROW(ACR_EX_ENOMEM, 0);
+ return 0;
+ }
+ bp = (acr_bio_t *)bi->ptr;
+ bp->obj = (*env)->NewWeakGlobalRef(env, cb);
+ if (bp->obj == 0) {
+ ssl_bio_close(bi);
+ ACR_THROW(ACR_EX_ENOMEM, 0);
+ return 0;
+ }
+
+ return P2J(bi);
+}
Propchange: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/bio.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c?rev=1170067&r1=1170066&r2=1170067&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c
(original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/ctx.c Tue Sep
13 07:36:52 2011
@@ -37,3 +37,30 @@ ACR_SSL_EXPORT(jlong, SSLContext, new0)(
return P2J(ctx);
}
+ACR_SSL_EXPORT(void, SSLContext, free0)(JNI_STDARGS, jlong ctx)
+{
+ int i;
+ acr_ssl_ctxt_t *c = J2P(ctx, acr_ssl_ctxt_t *);
+
+ if (c == 0)
+ return;
+ if (c->crl != 0)
+ X509_STORE_free(c->crl);
+ if (c->ctx != 0)
+ SSL_CTX_free(c->ctx);
+ for (i = 0; i < SSL_AIDX_MAX; i++) {
+ if (c->certs[i] != 0)
+ X509_free(c->certs[i]);
+ if (c->keys[i] != 0)
+ EVP_PKEY_free(c->keys[i]);
+ }
+#ifdef HAVE_OCSP_STAPLING
+ AcrFree(c->stapling_force_url);
+#endif
+ AcrFree(c->ocsp_responder);
+ AcrFree(c->rand_file);
+ ssl_bio_close(c->bio_is);
+ ssl_bio_close(c->bio_os);
+ AcrFree(c);
+}
+
