You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/11/08 09:33:53 UTC
[tomcat] branch main updated: Another round of Panama API updates for Java 20
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3d1d990fb4 Another round of Panama API updates for Java 20
3d1d990fb4 is described below
commit 3d1d990fb469add362eeb51ab468d2a9eb23be0e
Author: remm <re...@apache.org>
AuthorDate: Tue Nov 8 10:33:24 2022 +0100
Another round of Panama API updates for Java 20
The session now hides its lifecycle from segments.
Back to using the cleaner since the close action is removed (there is a
close action on unsafe segments instead).
---
.../util/net/openssl/panama/OpenSSLContext.java | 54 +++++++++++-----------
.../util/net/openssl/panama/OpenSSLEngine.java | 51 +++++++++++---------
.../openssl/panama/OpenSSLLifecycleListener.java | 4 +-
.../net/openssl/panama/OpenSSLSessionContext.java | 6 +--
.../apache/tomcat/util/openssl/RuntimeHelper.java | 2 +-
5 files changed, 61 insertions(+), 56 deletions(-)
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 47d2f5aaca..fa336091a8 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -20,10 +20,10 @@ import static org.apache.tomcat.util.openssl.openssl_h.*;
import static org.apache.tomcat.util.openssl.openssl_compat_h.*;
import java.io.File;
+import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.MemorySession;
import java.lang.foreign.SegmentAllocator;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
@@ -205,7 +205,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
this.sslHostConfig = certificate.getSSLHostConfig();
this.certificate = certificate;
- MemorySession contextMemorySession = MemorySession.openShared();
+ Arena contextMemorySession = Arena.openShared();
MemorySegment sslCtx = MemorySegment.NULL;
MemorySegment confCtx = MemorySegment.NULL;
@@ -222,7 +222,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
confCtx = SSL_CONF_CTX_new();
long errCode = ERR_get_error();
if (errCode != 0) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("openssl.errorLoadingCertificate", buf.getUtf8String(0)));
@@ -329,7 +329,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// Set int pem_password_cb(char *buf, int size, int rwflag, void *u) callback
openSSLCallbackPassword =
Linker.nativeLinker().upcallStub(openSSLCallbackPasswordHandle,
- openSSLCallbackPasswordFunctionDescriptor, contextMemorySession);
+ openSSLCallbackPasswordFunctionDescriptor, contextMemorySession.session());
SSL_CTX_set_default_passwd_cb(sslCtx, openSSLCallbackPassword);
alpn = (negotiableProtocols != null && negotiableProtocols.size() > 0);
@@ -400,7 +400,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.checkCommand", name, value));
}
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
// rc = SSLConf.check(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
rc = 1;
@@ -475,7 +475,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.applyCommand", name, value));
}
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
// rc = SSLConf.apply(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
noOcspCheck = Boolean.valueOf(value);
@@ -533,7 +533,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("openssl.doubleInit"));
return;
}
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
if (sslHostConfig.getInsecureRenegotiation()) {
SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION());
} else {
@@ -608,7 +608,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
- openSSLCallbackVerifyFunctionDescriptor, state.contextMemorySession);
+ openSSLCallbackVerifyFunctionDescriptor, state.contextMemorySession.session());
// Leave this just in case but in Tomcat this is always set again by the engine
SSL_CTX_set_verify(state.sslCtx, value, openSSLCallbackVerify);
@@ -618,7 +618,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
state.x509TrustManager = chooseTrustManager(tms);
var openSSLCallbackCertVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackCertVerifyHandle,
- openSSLCallbackCertVerifyFunctionDescriptor, state.contextMemorySession);
+ openSSLCallbackCertVerifyFunctionDescriptor, state.contextMemorySession.session());
SSL_CTX_set_cert_verify_callback(state.sslCtx, openSSLCallbackCertVerify, state.sslCtx);
// Pass along the DER encoded certificates of the accepted client
@@ -676,7 +676,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// MemoryAddress in, int inlen, MemoryAddress arg
var openSSLCallbackAlpnSelectProto =
Linker.nativeLinker().upcallStub(openSSLCallbackAlpnSelectProtoHandle,
- openSSLCallbackAlpnSelectProtoFunctionDescriptor, state.contextMemorySession);
+ openSSLCallbackAlpnSelectProtoFunctionDescriptor, state.contextMemorySession.session());
SSL_CTX_set_alpn_select_cb(state.sslCtx, openSSLCallbackAlpnSelectProto, state.sslCtx);
}
@@ -792,8 +792,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("context.noSSL", Long.valueOf(arg.address())));
return SSL_TLSEXT_ERR_NOACK();
}
- try (var memorySession = MemorySession.openConfined()) {
- MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, memorySession);
+ try (var memorySession = Arena.openConfined()) {
+ MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, memorySession.session());
byte[] advertisedBytes = inSeg.toArray(ValueLayout.JAVA_BYTE);
for (byte[] negotiableProtocolBytes : state.negotiableProtocols) {
for (int i = 0; i <= advertisedBytes.length - negotiableProtocolBytes.length; i++) {
@@ -802,9 +802,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (advertisedBytes[i + j] == negotiableProtocolBytes[j]) {
if (j == negotiableProtocolBytes.length - 1) {
// Match
- MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), memorySession);
+ MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), memorySession.session());
outSeg.set(ValueLayout.ADDRESS, 0, inSeg.asSlice(i));
- MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), memorySession);
+ MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), memorySession.session());
outlenSeg.set(ValueLayout.JAVA_BYTE, 0, (byte) negotiableProtocolBytes.length);
return SSL_TLSEXT_ERR_OK();
}
@@ -840,7 +840,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
MemorySegment /*STACK_OF(X509)*/ sk = X509_STORE_CTX_get0_untrusted(x509_ctx);
int len = OPENSSL_sk_num(sk);
byte[][] certificateChain = new byte[len][];
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
@@ -850,7 +850,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
MemorySegment cipher = SSL_get_current_cipher(ssl);
@@ -958,13 +958,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
String callbackPassword = callbackPasswordTheadLocal.get();
if (callbackPassword != null && callbackPassword.length() > 0) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
MemorySegment callbackPasswordNative = memorySession.allocateUtf8String(callbackPassword);
if (callbackPasswordNative.byteSize() > bufsiz) {
// The password is too long
log.error(sm.getString("openssl.passwordTooLong"));
} else {
- MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, memorySession);
+ MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, memorySession.session());
bufSegment.copyFrom(callbackPasswordNative);
return (int) callbackPasswordNative.byteSize();
}
@@ -974,7 +974,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
- private void addCertificate(SSLHostConfigCertificate certificate, MemorySession memorySession) throws Exception {
+ private void addCertificate(SSLHostConfigCertificate certificate, Arena memorySession) throws Exception {
int index = getCertificateIndex(certificate);
// Load Server key and certificate
if (certificate.getCertificateFile() != null) {
@@ -1137,7 +1137,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
// Set callback for DH parameters
var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, state.contextMemorySession);
+ openSSLCallbackTmpDHFunctionDescriptor, state.contextMemorySession.session());
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
@@ -1225,7 +1225,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
// Set callback for DH parameters
var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, state.contextMemorySession);
+ openSSLCallbackTmpDHFunctionDescriptor, state.contextMemorySession.session());
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
for (int i = 1; i < chain.length; i++) {
//SSLContext.addChainCertificateRaw(state.ctx, chain[i].getEncoded());
@@ -1323,7 +1323,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
@Override
public synchronized SSLEngine createSSLEngine() {
- return new OpenSSLEngine(state.sslCtx, defaultProtocol, false, sessionContext,
+ return new OpenSSLEngine(cleaner, state.sslCtx, defaultProtocol, false, sessionContext,
alpn, initialized,
sslHostConfig.getCertificateVerificationDepth(),
sslHostConfig.getCertificateVerification() == CertificateVerification.OPTIONAL_NO_CA,
@@ -1370,22 +1370,22 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
private static class ContextState implements Runnable {
- private final MemorySession contextMemorySession;
- private final MemorySession stateSession = MemorySession.openShared();
+ private final Arena contextMemorySession;
+ private final Arena stateSession = Arena.openShared();
private final MemorySegment sslCtx;
private final MemorySegment confCtx;
private final List<byte[]> negotiableProtocols;
private X509TrustManager x509TrustManager = null;
- private ContextState(MemorySession contextMemorySession, MemorySegment sslCtx,
+ private ContextState(Arena contextMemorySession, MemorySegment sslCtx,
MemorySegment confCtx, List<byte[]> negotiableProtocols) {
states.put(Long.valueOf(sslCtx.address()), this);
this.contextMemorySession = contextMemorySession;
// Allocate another session to avoid keeping a reference through segments
- this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession);
+ this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
if (!MemorySegment.NULL.equals(confCtx)) {
- this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession);
+ this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
} else {
this.confCtx = null;
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index f389d74a00..370283b2d7 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -18,6 +18,7 @@ package org.apache.tomcat.util.net.openssl.panama;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
+import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
@@ -26,6 +27,8 @@ import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
+import java.lang.ref.Cleaner;
+import java.lang.ref.Cleaner.Cleanable;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
@@ -102,7 +105,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
OpenSSLLifecycleListener.initLibrary();
final Set<String> availableCipherSuites = new LinkedHashSet<>(128);
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
var sslCtx = SSL_CTX_new(TLS_server_method());
try {
SSL_CTX_set_options(sslCtx, SSL_OP_ALL());
@@ -181,6 +184,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
private final EngineState state;
private final MemorySession engineMemorySession;
+ private final Cleanable cleanable;
private MemorySegment bufSegment = null;
private enum Accepted { NOT, IMPLICIT, EXPLICIT }
@@ -236,15 +240,15 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
* @param certificateVerificationOptionalNoCA Skip CA verification in
* optional mode
*/
- OpenSSLEngine(MemorySegment sslCtx, String fallbackApplicationProtocol,
+ OpenSSLEngine(Cleaner cleaner, MemorySegment sslCtx, String fallbackApplicationProtocol,
boolean clientMode, OpenSSLSessionContext sessionContext, boolean alpn,
boolean initialized, int certificateVerificationDepth,
boolean certificateVerificationOptionalNoCA, boolean noOcspCheck) {
if (sslCtx == null) {
throw new IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
- engineMemorySession = MemorySession.openImplicit();
- bufSegment = engineMemorySession.allocateArray(ValueLayout.JAVA_BYTE, MAX_ENCRYPTED_PACKET_LENGTH);
+ engineMemorySession = MemorySession.implicit();
+ bufSegment = MemorySegment.allocateNative(MAX_ENCRYPTED_PACKET_LENGTH, engineMemorySession);
session = new OpenSSLSession();
var ssl = SSL_new(sslCtx);
// Set ssl_info_callback
@@ -257,7 +261,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
SSL_set_accept_state(ssl);
}
SSL_set_verify_result(ssl, X509_V_OK());
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
var internalBIOPointer = memorySession.allocate(ValueLayout.ADDRESS);
var networkBIOPointer = memorySession.allocate(ValueLayout.ADDRESS);
BIO_new_bio_pair(internalBIOPointer, 0, networkBIOPointer, 0);
@@ -266,13 +270,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
SSL_set_bio(ssl, internalBIO, internalBIO);
state = new EngineState(ssl, networkBIO, certificateVerificationDepth, noOcspCheck);
}
- engineMemorySession.addCloseAction(state);
this.fallbackApplicationProtocol = fallbackApplicationProtocol;
this.clientMode = clientMode;
this.sessionContext = sessionContext;
this.alpn = alpn;
this.initialized = initialized;
this.certificateVerificationOptionalNoCA = certificateVerificationOptionalNoCA;
+ cleanable = cleaner.register(this, state);
}
@Override
@@ -286,6 +290,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
public synchronized void shutdown() {
if (!destroyed) {
destroyed = true;
+ cleanable.clean();
// internal errors can cause shutdown without marking the engine closed
isInboundDone = isOutboundDone = engineClosed = true;
bufSegment = null;
@@ -763,7 +768,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
buf.setLength(buf.length() - 1);
final String cipherSuiteSpec = buf.toString();
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
SSL_set_cipher_list(state.ssl, memorySession.allocateUtf8String(cipherSuiteSpec));
} catch (Exception e) {
throw new IllegalStateException(sm.getString("engine.failedCipherSuite", cipherSuiteSpec), e);
@@ -900,7 +905,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private byte[] getPeerCertificate() {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
MemorySegment/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ? SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl));
MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
@@ -908,7 +913,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
return null;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
X509_free(x509);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
return certificate;
@@ -922,7 +927,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
return null;
}
byte[][] certificateChain = new byte[len][];
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
@@ -932,7 +937,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
certificateChain[i] = certificate;
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
@@ -941,7 +946,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private String getProtocolNegotiated() {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
MemorySegment lenAddress = memorySession.allocate(ValueLayout.JAVA_INT, 0);
MemorySegment protocolPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
SSL_get0_alpn_selected(state.ssl, protocolPointer, lenAddress);
@@ -953,7 +958,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
return null;
}
MemorySegment protocolAddress = protocolPointer.get(ValueLayout.ADDRESS, 0);
- byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
if (log.isDebugEnabled()) {
log.debug("Protocol negotiated [" + new String(name) + "]");
}
@@ -1041,7 +1046,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
String sslError = null;
long error = ERR_get_error();
if (error != SSL_ERROR_NONE()) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
do {
// Loop until getLastErrorNumber() returns SSL_ERROR_NONE
var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
@@ -1317,13 +1322,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// sslutils.c ssl_ocsp_request(x509, issuer, x509ctx);
int nid = X509_get_ext_by_NID(x509, NID_info_access(), -1);
if (nid >= 0) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
MemorySegment ext = X509_get_ext(x509, nid);
MemorySegment os = X509_EXTENSION_get_data(ext);
int length = ASN1_STRING_length(os);
MemorySegment data = ASN1_STRING_get0_data(os);
// ocsp_urls = decode_OCSP_url(os);
- byte[] asn1String = MemorySegment.ofAddress(data.address(), length, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ byte[] asn1String = MemorySegment.ofAddress(data.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
Asn1Parser parser = new Asn1Parser(asn1String);
// Parse the byte sequence
ArrayList<String> urls = new ArrayList<>();
@@ -1387,7 +1392,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private static int processOCSPRequest(URL url, MemorySegment issuer, MemorySegment x509,
- MemorySegment /*X509_STORE_CTX*/ x509ctx, MemorySession memorySession) {
+ MemorySegment /*X509_STORE_CTX*/ x509ctx, Arena memorySession) {
MemorySegment ocspRequest = MemorySegment.NULL;
MemorySegment ocspResponse = MemorySegment.NULL;
MemorySegment id = MemorySegment.NULL;
@@ -1419,7 +1424,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// Host: urlHost:urlPort
// Content-Type: application/ocsp-request
// Content-Length: ocspRequestData.length
- byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
@@ -1500,7 +1505,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
byte[] id = null;
synchronized (OpenSSLEngine.this) {
if (!destroyed) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
MemorySegment lenPointer = memorySession.allocate(ValueLayout.ADDRESS);
var session = SSL_get_session(state.ssl);
if (MemorySegment.NULL.equals(session)) {
@@ -1509,7 +1514,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
MemorySegment sessionId = SSL_SESSION_get_id(session, lenPointer);
int len = lenPointer.get(ValueLayout.JAVA_INT, 0);
id = (len == 0) ? new byte[0]
- : MemorySegment.ofAddress(sessionId.address(), len, memorySession).toArray(ValueLayout.JAVA_BYTE);
+ : MemorySegment.ofAddress(sessionId.address(), len, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
}
}
}
@@ -1791,7 +1796,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
private static class EngineState implements Runnable {
- private final MemorySession stateSession = MemorySession.openShared();
+ private final Arena stateSession = Arena.openShared();
private final MemorySegment ssl;
private final MemorySegment networkBIO;
private final int certificateVerificationDepth;
@@ -1805,8 +1810,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
int certificateVerificationDepth, boolean noOcspCheck) {
states.put(Long.valueOf(ssl.address()), this);
// Allocate another session to avoid keeping a reference through segments
- this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateSession);
- this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateSession);
+ this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
+ this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
this.certificateVerificationDepth = certificateVerificationDepth;
this.noOcspCheck = noOcspCheck;
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
index 57b427031c..b5d2802886 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLLifecycleListener.java
@@ -21,7 +21,7 @@ import static org.apache.tomcat.util.openssl.openssl_compat_h.FIPS_mode;
import static org.apache.tomcat.util.openssl.openssl_compat_h.FIPS_mode_set;
import static org.apache.tomcat.util.openssl.openssl_h.*;
-import java.lang.foreign.MemorySession;
+import java.lang.foreign.Arena;
import java.lang.foreign.MemorySegment;
import java.lang.foreign.ValueLayout;
import java.security.SecureRandom;
@@ -229,7 +229,7 @@ public class OpenSSLLifecycleListener implements LifecycleListener {
return;
}
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
// Main library init
initLibrary();
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
index 6ff2b93d52..a5f99c5e16 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLSessionContext.java
@@ -16,7 +16,7 @@
*/
package org.apache.tomcat.util.net.openssl.panama;
-import java.lang.foreign.MemorySession;
+import java.lang.foreign.Arena;
import java.lang.foreign.ValueLayout;
import java.util.Enumeration;
import java.util.NoSuchElementException;
@@ -67,7 +67,7 @@ public class OpenSSLSessionContext implements SSLSessionContext {
if (keys.length != TICKET_KEYS_SIZE) {
throw new IllegalArgumentException(sm.getString("sessionContext.invalidTicketKeysLength", keys.length));
}
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE, keys);
// #define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen)
// SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS, (keylen), (keys))
@@ -144,7 +144,7 @@ public class OpenSSLSessionContext implements SSLSessionContext {
* @return {@code true} if success, {@code false} otherwise.
*/
public boolean setSessionIdContext(byte[] sidCtx) {
- try (var memorySession = MemorySession.openConfined()) {
+ try (var memorySession = Arena.openConfined()) {
var array = memorySession.allocateArray(ValueLayout.JAVA_BYTE, sidCtx);
return (SSL_CTX_set_session_id_context(context.getSSLContext(), array, sidCtx.length) == 1);
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
index e6af7c8fb3..f8454eb105 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
@@ -49,7 +49,7 @@ final class RuntimeHelper {
private final static SymbolLookup SYMBOL_LOOKUP;
final static SegmentAllocator CONSTANT_ALLOCATOR =
- (size, align) -> MemorySegment.allocateNative(size, align);
+ (size, align) -> MemorySegment.allocateNative(size, align, MemorySession.implicit());
static {
System.loadLibrary("ssl");
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org