| OLD | NEW |
|---|
| (Empty) |
| 1 Name: Tomcat Native Fork for Netty | |
| 2 Short Name: netty-tcnative | |
| 3 URL: https://github.com/netty/netty-tcnative | |
| 4 SHA: 856865181ca38c07b7d2be619903ee98f6f77a23 netty-tcnative-1.1.33.zip | |
| 5 Version: 1.1.33 | |
| 6 Date: October 13, 2015 | |
| 7 Revision: 2aa47be27783ec31086ca9881402f845543de4e6 | |
| 8 License: Apache 2.0 | |
| 9 License File: NOT_SHIPPED | |
| 10 Security Critical: no | |
| 11 The library is not security critical because it is used for tests only. | |
| 12 Do not link it into production code. | |
| 13 | |
| 14 Description: | |
| 15 netty-tcnative is a fork of Tomcat Native. It includes a set of changes cont
ributed | |
| 16 by Twitter, Inc, such as: | |
| 17 | |
| 18 Simplified distribution and linkage of native library | |
| 19 Complete mavenization of the project | |
| 20 Improved OpenSSL support | |
| 21 | |
| 22 Local Modifications: | |
| 23 | |
| 24 diff -ruN ./original/src/main/c/ssl.c ./src/third_party/netty-tcnative/src/c/ssl
.c | |
| 25 --- ./original/src/main/c/ssl.c 2015-10-13 08:36:59.000000000 -0400 | |
| 26 +++ ./src/third_party/netty-tcnative/src/c/ssl.c 2016-01-04 10:18:31.7297
65992 -0500 | |
| 27 @@ -1821,7 +1821,7 @@ | |
| 28 verify = SSL_VERIFY_NONE; | |
| 29 | |
| 30 UNREFERENCED(o); | |
| 31 - TCN_ASSERT(ctx != 0); | |
| 32 + TCN_ASSERT(c->ctx != 0); | |
| 33 c->verify_mode = level; | |
| 34 | |
| 35 if (c->verify_mode == SSL_CVERIFY_UNSET) | |
| 36 | |
| 37 diff --git a/c/ssl.c b/c/ssl.c | |
| 38 index 89e6cad..97c7982 100644 | |
| 39 --- a/c/ssl.c | |
| 40 +++ b/c/ssl.c | |
| 41 @@ -231,26 +231,38 @@ static const jint supported_ssl_opts = 0 | |
| 42 | |
| 43 static int ssl_tmp_key_init_rsa(int bits, int idx) | |
| 44 { | |
| 45 -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED) | |
| 46 - if (!(SSL_temp_keys[idx] = | |
| 47 - RSA_generate_key(bits, RSA_F4, NULL, NULL))) { | |
| 48 +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) | |
| 49 + return 0; | |
| 50 +#else | |
| 51 + | |
| 52 #ifdef OPENSSL_FIPS | |
| 53 - /** | |
| 54 - * With FIPS mode short RSA keys cannot be | |
| 55 - * generated. | |
| 56 - */ | |
| 57 - if (bits < 1024) | |
| 58 - return 0; | |
| 59 - else | |
| 60 -#endif | |
| 61 - return 1; | |
| 62 - } | |
| 63 - else { | |
| 64 + /** | |
| 65 + * Short RSA keys cannot be generated in FIPS mode. | |
| 66 + */ | |
| 67 + if (bits < 1024) | |
| 68 return 0; | |
| 69 - } | |
| 70 -#else | |
| 71 - return 0; | |
| 72 #endif | |
| 73 + | |
| 74 + BIGNUM *e = BN_new(); | |
| 75 + RSA *rsa = RSA_new(); | |
| 76 + int ret = 1; | |
| 77 + | |
| 78 + if (e == NULL || | |
| 79 + rsa == NULL || | |
| 80 + !BN_set_word(e, RSA_F4) || | |
| 81 + RSA_generate_key_ex(rsa, bits, e, NULL) != 1) { | |
| 82 + goto err; | |
| 83 + } | |
| 84 + | |
| 85 + SSL_temp_keys[idx] = rsa; | |
| 86 + rsa = NULL; | |
| 87 + ret = 0; | |
| 88 + | |
| 89 +err: | |
| 90 + BN_free(e); | |
| 91 + RSA_free(rsa); | |
| 92 + return ret; | |
| 93 +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ | |
| 94 } | |
| 95 | |
| 96 static int ssl_tmp_key_init_dh(int bits, int idx) | |
| 97 @@ -610,45 +622,6 @@ int SSL_rand_seed(const char *file) | |
| 98 return RAND_status(); | |
| 99 } | |
| 100 | |
| 101 -static int ssl_rand_make(const char *file, int len, int base64) | |
| 102 -{ | |
| 103 - int r; | |
| 104 - int num = len; | |
| 105 - BIO *out = NULL; | |
| 106 - | |
| 107 - out = BIO_new(BIO_s_file()); | |
| 108 - if (out == NULL) | |
| 109 - return 0; | |
| 110 - if ((r = BIO_write_filename(out, (char *)file)) < 0) { | |
| 111 - BIO_free_all(out); | |
| 112 - return 0; | |
| 113 - } | |
| 114 - if (base64) { | |
| 115 - BIO *b64 = BIO_new(BIO_f_base64()); | |
| 116 - if (b64 == NULL) { | |
| 117 - BIO_free_all(out); | |
| 118 - return 0; | |
| 119 - } | |
| 120 - out = BIO_push(b64, out); | |
| 121 - } | |
| 122 - while (num > 0) { | |
| 123 - unsigned char buf[4096]; | |
| 124 - int len = num; | |
| 125 - if (len > sizeof(buf)) | |
| 126 - len = sizeof(buf); | |
| 127 - r = RAND_bytes(buf, len); | |
| 128 - if (r <= 0) { | |
| 129 - BIO_free_all(out); | |
| 130 - return 0; | |
| 131 - } | |
| 132 - BIO_write(out, buf, len); | |
| 133 - num -= len; | |
| 134 - } | |
| 135 - r = BIO_flush(out); | |
| 136 - BIO_free_all(out); | |
| 137 - return r > 0 ? 1 : 0; | |
| 138 -} | |
| 139 - | |
| 140 TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) | |
| 141 { | |
| 142 int r = 0; | |
| 143 @@ -785,17 +758,6 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, js
tring file) | |
| 144 return r ? JNI_TRUE : JNI_FALSE; | |
| 145 } | |
| 146 | |
| 147 -TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file, | |
| 148 - jint length, jboolean base64) | |
| 149 -{ | |
| 150 - TCN_ALLOC_CSTRING(file); | |
| 151 - int r; | |
| 152 - UNREFERENCED(o); | |
| 153 - r = ssl_rand_make(J2S(file), length, base64); | |
| 154 - TCN_FREE_CSTRING(file); | |
| 155 - return r ? JNI_TRUE : JNI_FALSE; | |
| 156 -} | |
| 157 - | |
| 158 TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file) | |
| 159 { | |
| 160 TCN_ALLOC_CSTRING(file); | |
| 161 | |
| 162 | |
| 163 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1612863004:
Revert of [third-party] Netty fork of Tomcat Native (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master