| Index: third_party/netty-tcnative/README.chromium
|
| diff --git a/third_party/netty-tcnative/README.chromium b/third_party/netty-tcnative/README.chromium
|
| index 0cc63a1f9ec435c96eebffa9d0328519bf567885..377ab584329ebf8dee03c74d94a397e75cee5f53 100644
|
| --- a/third_party/netty-tcnative/README.chromium
|
| +++ b/third_party/netty-tcnative/README.chromium
|
| @@ -1,10 +1,9 @@
|
| Name: Tomcat Native Fork for Netty
|
| Short Name: netty-tcnative
|
| -URL: https://github.com/netty/netty-tcnative
|
| -SHA: 856865181ca38c07b7d2be619903ee98f6f77a23 netty-tcnative-1.1.33.zip
|
| -Version: 1.1.33
|
| -Date: October 13, 2015
|
| -Revision: 2aa47be27783ec31086ca9881402f845543de4e6
|
| +URL: https://github.com/netty/netty-tcnative.git
|
| +Version: 2.0.0.Final
|
| +Date: March 9, 2017
|
| +Revision: 28d9d70090f1b18927f4554621648cc1922d6e05
|
| License: Apache 2.0
|
| License File: NOT_SHIPPED
|
| Security Critical: no
|
| @@ -21,161 +20,16 @@ Description:
|
|
|
| Local Modifications:
|
|
|
| -diff -ruN ./original/src/main/c/ssl.c ./src/third_party/netty-tcnative/src/c/ssl.c
|
| ---- ./original/src/main/c/ssl.c 2015-10-13 08:36:59.000000000 -0400
|
| -+++ ./src/third_party/netty-tcnative/src/c/ssl.c 2016-01-04 10:18:31.729765992 -0500
|
| -@@ -1821,7 +1821,7 @@
|
| - verify = SSL_VERIFY_NONE;
|
| -
|
| - UNREFERENCED(o);
|
| -- TCN_ASSERT(ctx != 0);
|
| -+ TCN_ASSERT(c->ctx != 0);
|
| - c->verify_mode = level;
|
| -
|
| - if (c->verify_mode == SSL_CVERIFY_UNSET)
|
| -
|
| -diff --git a/c/ssl.c b/c/ssl.c
|
| -index 89e6cad..97c7982 100644
|
| ---- a/c/ssl.c
|
| -+++ b/c/ssl.c
|
| -@@ -231,26 +231,38 @@ static const jint supported_ssl_opts = 0
|
| -
|
| - static int ssl_tmp_key_init_rsa(int bits, int idx)
|
| - {
|
| --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED)
|
| -- if (!(SSL_temp_keys[idx] =
|
| -- RSA_generate_key(bits, RSA_F4, NULL, NULL))) {
|
| -+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
|
| -+ return 0;
|
| -+#else
|
| -+
|
| - #ifdef OPENSSL_FIPS
|
| -- /**
|
| -- * With FIPS mode short RSA keys cannot be
|
| -- * generated.
|
| -- */
|
| -- if (bits < 1024)
|
| -- return 0;
|
| -- else
|
| --#endif
|
| -- return 1;
|
| -- }
|
| -- else {
|
| -+ /**
|
| -+ * Short RSA keys cannot be generated in FIPS mode.
|
| -+ */
|
| -+ if (bits < 1024)
|
| - return 0;
|
| -- }
|
| --#else
|
| -- return 0;
|
| - #endif
|
| -+
|
| -+ BIGNUM *e = BN_new();
|
| -+ RSA *rsa = RSA_new();
|
| -+ int ret = 1;
|
| -+
|
| -+ if (e == NULL ||
|
| -+ rsa == NULL ||
|
| -+ !BN_set_word(e, RSA_F4) ||
|
| -+ RSA_generate_key_ex(rsa, bits, e, NULL) != 1) {
|
| -+ goto err;
|
| -+ }
|
| -+
|
| -+ SSL_temp_keys[idx] = rsa;
|
| -+ rsa = NULL;
|
| -+ ret = 0;
|
| -+
|
| -+err:
|
| -+ BN_free(e);
|
| -+ RSA_free(rsa);
|
| -+ return ret;
|
| -+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
| - }
|
| -
|
| - static int ssl_tmp_key_init_dh(int bits, int idx)
|
| -@@ -610,45 +622,6 @@ int SSL_rand_seed(const char *file)
|
| - return RAND_status();
|
| - }
|
| -
|
| --static int ssl_rand_make(const char *file, int len, int base64)
|
| --{
|
| -- int r;
|
| -- int num = len;
|
| -- BIO *out = NULL;
|
| --
|
| -- out = BIO_new(BIO_s_file());
|
| -- if (out == NULL)
|
| -- return 0;
|
| -- if ((r = BIO_write_filename(out, (char *)file)) < 0) {
|
| -- BIO_free_all(out);
|
| -- return 0;
|
| -- }
|
| -- if (base64) {
|
| -- BIO *b64 = BIO_new(BIO_f_base64());
|
| -- if (b64 == NULL) {
|
| -- BIO_free_all(out);
|
| -- return 0;
|
| -- }
|
| -- out = BIO_push(b64, out);
|
| -- }
|
| -- while (num > 0) {
|
| -- unsigned char buf[4096];
|
| -- int len = num;
|
| -- if (len > sizeof(buf))
|
| -- len = sizeof(buf);
|
| -- r = RAND_bytes(buf, len);
|
| -- if (r <= 0) {
|
| -- BIO_free_all(out);
|
| -- return 0;
|
| -- }
|
| -- BIO_write(out, buf, len);
|
| -- num -= len;
|
| -- }
|
| -- r = BIO_flush(out);
|
| -- BIO_free_all(out);
|
| -- return r > 0 ? 1 : 0;
|
| --}
|
| --
|
| - TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
|
| - {
|
| - int r = 0;
|
| -@@ -785,17 +758,6 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file)
|
| - return r ? JNI_TRUE : JNI_FALSE;
|
| - }
|
| -
|
| --TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file,
|
| -- jint length, jboolean base64)
|
| --{
|
| -- TCN_ALLOC_CSTRING(file);
|
| -- int r;
|
| -- UNREFERENCED(o);
|
| -- r = ssl_rand_make(J2S(file), length, base64);
|
| -- TCN_FREE_CSTRING(file);
|
| -- return r ? JNI_TRUE : JNI_FALSE;
|
| --}
|
| --
|
| - TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file)
|
| - {
|
| - TCN_ALLOC_CSTRING(file);
|
| -
|
| diff --git a/c/sslcontext.c b/c/sslcontext.c
|
| -index 925ca2a..78afe61 100644
|
| +index 5668298..25bfb6e 100644
|
| --- a/c/sslcontext.c
|
| +++ b/c/sslcontext.c
|
| -@@ -1464,7 +1464,11 @@ static const char* authentication_method(const SSL* ssl) {
|
| - case SSL2_VERSION:
|
| - return SSL_TXT_RSA;
|
| - default:
|
| -+#if defined(OPENSSL_IS_BORINGSSL)
|
| -+ return cipher_authentication_method(SSL_get_pending_cipher(ssl));
|
| -+#else
|
| - return cipher_authentication_method(ssl->s3->tmp.new_cipher);
|
| -+#endif
|
| - }
|
| - }
|
| - }
|
| -
|
| -
|
| -025da0aad4f9c2fdeebb64bcebf11bbf2c12a2bd and
|
| -fd68c837b156ddb4b054e03d99a401e93068b34d were backported from upstream.
|
| +@@ -1178,7 +1178,7 @@ static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) {
|
| + tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl);
|
| + TCN_ASSERT(c != NULL);
|
| + tcn_ssl_verify_config_t* verify_config = SSL_get_app_data4(ssl);
|
| +- TCN_ASSERT(verify_confg != NULL);
|
| ++ TCN_ASSERT(verify_config != NULL);
|
| +
|
| + // Get a stack of all certs in the chain
|
| + STACK_OF(X509) *sk = ctx->untrusted;
|
|
|
Chromium Code Reviews
Issue 2843293002:
Switched to new versions of netty and tcnative (Closed)
