[third-party] Netty fork of Tomcat Native

third_party/netty-tcnative/README.chromium

Index: third_party/netty-tcnative/README.chromium
diff --git a/third_party/netty-tcnative/README.chromium b/third_party/netty-tcnative/README.chromium
new file mode 100644
index 0000000000000000000000000000000000000000..681bb0d3e61f871ba168969ac365d8714cbd19f3
--- /dev/null
+++ b/third_party/netty-tcnative/README.chromium
@@ -0,0 +1,163 @@
+Name: Tomcat Native Fork for Netty
+Short Name: netty-tcnative
+URL: https://github.com/netty/netty-tcnative
+SHA: 856865181ca38c07b7d2be619903ee98f6f77a23 netty-tcnative-1.1.33.zip
+Version: 1.1.33
+Date: October 13, 2015
+Revision: 2aa47be27783ec31086ca9881402f845543de4e6
+License: Apache 2.0
+License File: NOT_SHIPPED
+Security Critical: no
+The library is not security critical because it is used for tests only.
+Do not link it into production code.
+
+Description:
+    netty-tcnative is a fork of Tomcat Native. It includes a set of changes contributed
+    by Twitter, Inc, such as:
+
+    Simplified distribution and linkage of native library
+    Complete mavenization of the project
+    Improved OpenSSL support
+
+Local Modifications:
+
+diff -ruN ./original/src/main/c/ssl.c ./src/third_party/netty-tcnative/src/c/ssl.c
+--- ./original/src/main/c/ssl.c	2015-10-13 08:36:59.000000000 -0400
++++ ./src/third_party/netty-tcnative/src/c/ssl.c	2016-01-04 10:18:31.729765992 -0500
+@@ -1821,7 +1821,7 @@
+     verify = SSL_VERIFY_NONE;
+
+     UNREFERENCED(o);
+-    TCN_ASSERT(ctx != 0);
++    TCN_ASSERT(c->ctx != 0);
+     c->verify_mode = level;
+
+     if (c->verify_mode == SSL_CVERIFY_UNSET)
+
+diff --git a/c/ssl.c b/c/ssl.c
+index 89e6cad..97c7982 100644
+--- a/c/ssl.c
++++ b/c/ssl.c
+@@ -231,26 +231,38 @@ static const jint supported_ssl_opts = 0
+
+ static int ssl_tmp_key_init_rsa(int bits, int idx)
+ {
+-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
+-    if (!(SSL_temp_keys[idx] =
+-          RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
++#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
++    return 0;
++#else
++
+ #ifdef OPENSSL_FIPS
+-        /**
+-         * With FIPS mode short RSA keys cannot be
+-         * generated.
+-         */
+-        if (bits < 1024)
+-            return 0;
+-        else
+-#endif
+-        return 1;
+-    }
+-    else {
++    /**
++     * Short RSA keys cannot be generated in FIPS mode.
++     */
++    if (bits < 1024)
+         return 0;
+-    }
+-#else
+-    return 0;
+ #endif
++
++    BIGNUM *e = BN_new();
++    RSA *rsa = RSA_new();
++    int ret = 1;
++
++    if (e == NULL ||
++        rsa == NULL ||
++        !BN_set_word(e, RSA_F4) ||
++        RSA_generate_key_ex(rsa, bits, e, NULL) != 1) {
++        goto err;
++    }
++
++    SSL_temp_keys[idx] = rsa;
++    rsa = NULL;
++    ret = 0;
++
++err:
++    BN_free(e);
++    RSA_free(rsa);
++    return ret;
++#endif  /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+ }
+
+ static int ssl_tmp_key_init_dh(int bits, int idx)
+@@ -610,45 +622,6 @@ int SSL_rand_seed(const char *file)
+     return RAND_status();
+ }
+
+-static int ssl_rand_make(const char *file, int len, int base64)
+-{
+-    int r;
+-    int num = len;
+-    BIO *out = NULL;
+-
+-    out = BIO_new(BIO_s_file());
+-    if (out == NULL)
+-        return 0;
+-    if ((r = BIO_write_filename(out, (char *)file)) < 0) {
+-        BIO_free_all(out);
+-        return 0;
+-    }
+-    if (base64) {
+-        BIO *b64 = BIO_new(BIO_f_base64());
+-        if (b64 == NULL) {
+-            BIO_free_all(out);
+-            return 0;
+-        }
+-        out = BIO_push(b64, out);
+-    }
+-    while (num > 0) {
+-        unsigned char buf[4096];
+-        int len = num;
+-        if (len > sizeof(buf))
+-            len = sizeof(buf);
+-        r = RAND_bytes(buf, len);
+-        if (r <= 0) {
+-            BIO_free_all(out);
+-            return 0;
+-        }
+-        BIO_write(out, buf, len);
+-        num -= len;
+-    }
+-    r = BIO_flush(out);
+-    BIO_free_all(out);
+-    return r > 0 ? 1 : 0;
+-}
+-
+ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
+ {
+     int r = 0;
+@@ -785,17 +758,6 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file)
+     return r ? JNI_TRUE : JNI_FALSE;
+ }
+
+-TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file,
+-                                            jint length, jboolean base64)
+-{
+-    TCN_ALLOC_CSTRING(file);
+-    int r;
+-    UNREFERENCED(o);
+-    r = ssl_rand_make(J2S(file), length, base64);
+-    TCN_FREE_CSTRING(file);
+-    return r ? JNI_TRUE : JNI_FALSE;
+-}
+-
+ TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file)
+ {
+     TCN_ALLOC_CSTRING(file);
+
+
+