Index: third_party/netty-tcnative/README.chromium |
diff --git a/third_party/netty-tcnative/README.chromium b/third_party/netty-tcnative/README.chromium |
index 0cc63a1f9ec435c96eebffa9d0328519bf567885..377ab584329ebf8dee03c74d94a397e75cee5f53 100644 |
--- a/third_party/netty-tcnative/README.chromium |
+++ b/third_party/netty-tcnative/README.chromium |
@@ -1,10 +1,9 @@ |
Name: Tomcat Native Fork for Netty |
Short Name: netty-tcnative |
-URL: https://github.com/netty/netty-tcnative |
-SHA: 856865181ca38c07b7d2be619903ee98f6f77a23 netty-tcnative-1.1.33.zip |
-Version: 1.1.33 |
-Date: October 13, 2015 |
-Revision: 2aa47be27783ec31086ca9881402f845543de4e6 |
+URL: https://github.com/netty/netty-tcnative.git |
+Version: 2.0.0.Final |
+Date: March 9, 2017 |
+Revision: 28d9d70090f1b18927f4554621648cc1922d6e05 |
License: Apache 2.0 |
License File: NOT_SHIPPED |
Security Critical: no |
@@ -21,161 +20,16 @@ Description: |
Local Modifications: |
-diff -ruN ./original/src/main/c/ssl.c ./src/third_party/netty-tcnative/src/c/ssl.c |
---- ./original/src/main/c/ssl.c 2015-10-13 08:36:59.000000000 -0400 |
-+++ ./src/third_party/netty-tcnative/src/c/ssl.c 2016-01-04 10:18:31.729765992 -0500 |
-@@ -1821,7 +1821,7 @@ |
- verify = SSL_VERIFY_NONE; |
- |
- UNREFERENCED(o); |
-- TCN_ASSERT(ctx != 0); |
-+ TCN_ASSERT(c->ctx != 0); |
- c->verify_mode = level; |
- |
- if (c->verify_mode == SSL_CVERIFY_UNSET) |
- |
-diff --git a/c/ssl.c b/c/ssl.c |
-index 89e6cad..97c7982 100644 |
---- a/c/ssl.c |
-+++ b/c/ssl.c |
-@@ -231,26 +231,38 @@ static const jint supported_ssl_opts = 0 |
- |
- static int ssl_tmp_key_init_rsa(int bits, int idx) |
- { |
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED) |
-- if (!(SSL_temp_keys[idx] = |
-- RSA_generate_key(bits, RSA_F4, NULL, NULL))) { |
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) |
-+ return 0; |
-+#else |
-+ |
- #ifdef OPENSSL_FIPS |
-- /** |
-- * With FIPS mode short RSA keys cannot be |
-- * generated. |
-- */ |
-- if (bits < 1024) |
-- return 0; |
-- else |
--#endif |
-- return 1; |
-- } |
-- else { |
-+ /** |
-+ * Short RSA keys cannot be generated in FIPS mode. |
-+ */ |
-+ if (bits < 1024) |
- return 0; |
-- } |
--#else |
-- return 0; |
- #endif |
-+ |
-+ BIGNUM *e = BN_new(); |
-+ RSA *rsa = RSA_new(); |
-+ int ret = 1; |
-+ |
-+ if (e == NULL || |
-+ rsa == NULL || |
-+ !BN_set_word(e, RSA_F4) || |
-+ RSA_generate_key_ex(rsa, bits, e, NULL) != 1) { |
-+ goto err; |
-+ } |
-+ |
-+ SSL_temp_keys[idx] = rsa; |
-+ rsa = NULL; |
-+ ret = 0; |
-+ |
-+err: |
-+ BN_free(e); |
-+ RSA_free(rsa); |
-+ return ret; |
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ |
- } |
- |
- static int ssl_tmp_key_init_dh(int bits, int idx) |
-@@ -610,45 +622,6 @@ int SSL_rand_seed(const char *file) |
- return RAND_status(); |
- } |
- |
--static int ssl_rand_make(const char *file, int len, int base64) |
--{ |
-- int r; |
-- int num = len; |
-- BIO *out = NULL; |
-- |
-- out = BIO_new(BIO_s_file()); |
-- if (out == NULL) |
-- return 0; |
-- if ((r = BIO_write_filename(out, (char *)file)) < 0) { |
-- BIO_free_all(out); |
-- return 0; |
-- } |
-- if (base64) { |
-- BIO *b64 = BIO_new(BIO_f_base64()); |
-- if (b64 == NULL) { |
-- BIO_free_all(out); |
-- return 0; |
-- } |
-- out = BIO_push(b64, out); |
-- } |
-- while (num > 0) { |
-- unsigned char buf[4096]; |
-- int len = num; |
-- if (len > sizeof(buf)) |
-- len = sizeof(buf); |
-- r = RAND_bytes(buf, len); |
-- if (r <= 0) { |
-- BIO_free_all(out); |
-- return 0; |
-- } |
-- BIO_write(out, buf, len); |
-- num -= len; |
-- } |
-- r = BIO_flush(out); |
-- BIO_free_all(out); |
-- return r > 0 ? 1 : 0; |
--} |
-- |
- TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) |
- { |
- int r = 0; |
-@@ -785,17 +758,6 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file) |
- return r ? JNI_TRUE : JNI_FALSE; |
- } |
- |
--TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file, |
-- jint length, jboolean base64) |
--{ |
-- TCN_ALLOC_CSTRING(file); |
-- int r; |
-- UNREFERENCED(o); |
-- r = ssl_rand_make(J2S(file), length, base64); |
-- TCN_FREE_CSTRING(file); |
-- return r ? JNI_TRUE : JNI_FALSE; |
--} |
-- |
- TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file) |
- { |
- TCN_ALLOC_CSTRING(file); |
- |
diff --git a/c/sslcontext.c b/c/sslcontext.c |
-index 925ca2a..78afe61 100644 |
+index 5668298..25bfb6e 100644 |
--- a/c/sslcontext.c |
+++ b/c/sslcontext.c |
-@@ -1464,7 +1464,11 @@ static const char* authentication_method(const SSL* ssl) { |
- case SSL2_VERSION: |
- return SSL_TXT_RSA; |
- default: |
-+#if defined(OPENSSL_IS_BORINGSSL) |
-+ return cipher_authentication_method(SSL_get_pending_cipher(ssl)); |
-+#else |
- return cipher_authentication_method(ssl->s3->tmp.new_cipher); |
-+#endif |
- } |
- } |
- } |
- |
- |
-025da0aad4f9c2fdeebb64bcebf11bbf2c12a2bd and |
-fd68c837b156ddb4b054e03d99a401e93068b34d were backported from upstream. |
+@@ -1178,7 +1178,7 @@ static int SSL_cert_verify(X509_STORE_CTX *ctx, void *arg) { |
+ tcn_ssl_ctxt_t *c = SSL_get_app_data2(ssl); |
+ TCN_ASSERT(c != NULL); |
+ tcn_ssl_verify_config_t* verify_config = SSL_get_app_data4(ssl); |
+- TCN_ASSERT(verify_confg != NULL); |
++ TCN_ASSERT(verify_config != NULL); |
+ |
+ // Get a stack of all certs in the chain |
+ STACK_OF(X509) *sk = ctx->untrusted; |