You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by mt...@apache.org on 2011/09/08 19:59:14 UTC
svn commit: r1166827 - in /commons/sandbox/runtime/trunk/src/main/native:
include/acr/ssl.h modules/openssl/init.c modules/openssl/password.c
modules/openssl/util.c
Author: mturk
Date: Thu Sep 8 17:59:14 2011
New Revision: 1166827
URL: http://svn.apache.org/viewvc?rev=1166827&view=rev
Log:
Use the same function namimg rules like with mod_ssl
Modified:
commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
Modified: commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h?rev=1166827&r1=1166826&r2=1166827&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h (original)
+++ commons/sandbox/runtime/trunk/src/main/native/include/acr/ssl.h Thu Sep 8 17:59:14 2011
@@ -201,7 +201,7 @@
"In order to read them you have to provide the pass phrases.\n" \
"Enter password :"
-extern void *ACRSSL_temp_keys[SSL_TMP_KEY_MAX];
+extern void *acr_ssl_temp_keys[SSL_TMP_KEY_MAX];
typedef struct ssl_pkc_t {
/* client can have any number of cert/key pairs */
@@ -218,7 +218,7 @@ typedef struct ssl_pass_cb_t {
/* Default password callback that
* directly prompts the console
*/
-extern ssl_pass_cb_t *ACRSSL_password_cb;
+extern ssl_pass_cb_t *acr_ssl_password_cb;
/* Server context */
typedef struct acr_ssl_ctxt_t {
@@ -261,8 +261,8 @@ typedef struct acr_ssl_ctxt_t {
} acr_ssl_ctxt_t;
-#define ACRSSL_CTX_get_extra_certs(ctx) ((ctx)->extra_certs)
-#define ACRSSL_CTX_set_extra_certs(ctx, value) \
+#define ssl_ctx_get_extra_certs(ctx) ((ctx)->extra_certs)
+#define ssl_ctx_set_extra_certs(ctx, value) \
do { \
(ctx)->extra_certs = (value); \
} while (0)
@@ -271,22 +271,21 @@ typedef struct acr_ssl_ctxt_t {
/**
* Additional Functions
*/
-void ACRSSL_init_app_data2_idx(void);
-void *ACRSSL_get_app_data2(SSL *);
-void ACRSSL_set_app_data2(SSL *, void *);
-int ACRSSL_password_prompt(ssl_pass_cb_t *);
-int ACRSSL_password_callback(char *, int, int, void *);
-void ACRSSL_BIO_close(BIO *);
-void ACRSSL_BIO_doref(BIO *);
-DH *ACRSSL_dh_get_tmp_param(int);
-DH *ACRSSL_dh_get_param_from_file(const char *);
-RSA *ACRSSL_callback_tmp_RSA(SSL *, int, int);
-DH *ACRSSL_callback_tmp_DH(SSL *, int, int);
-void ACRSSL_callback_handshake(const SSL *, int, int);
-void ACRSSL_vhost_algo_id(const unsigned char *, unsigned char *, int);
-int ACRSSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
-int ACRSSL_callback_SSL_verify(int, X509_STORE_CTX *);
-int ACRSSL_rand_seed(const char *file);
+void ssl_init_app_data2_idx(void);
+void *ssl_get_app_data2(SSL *);
+void ssl_set_app_data2(SSL *, void *);
+int ssl_password_callback(char *, int, int, void *);
+void ssl_BIO_close(BIO *);
+void ssl_BIO_doref(BIO *);
+DH *ssl_dh_get_tmp_param(int);
+DH *ssl_dh_get_param_from_file(const char *);
+RSA *ssl_callback_tmp_RSA(SSL *, int, int);
+DH *ssl_callback_tmp_DH(SSL *, int, int);
+void ssl_callback_handshake(const SSL *, int, int);
+void ssl_vhost_algo_id(const unsigned char *, unsigned char *, int);
+int ssl_ctx_use_certificate_chain(SSL_CTX *, const char *, int);
+int ssl_callback_SSL_verify(int, X509_STORE_CTX *);
+int ssl_rand_seed(const char *file);
#endif
#endif /* _ACR_SSL_H_ */
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c?rev=1166827&r1=1166826&r2=1166827&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/init.c Thu Sep 8 17:59:14 2011
@@ -27,7 +27,7 @@
#error "Cannot compile this file without HAVE_OPENSSL defined"
#endif
-void *ACRSSL_temp_keys[SSL_TMP_KEY_MAX];
+void *acr_ssl_temp_keys[SSL_TMP_KEY_MAX];
static char ssl_global_rand_file[PATH_MAX] = { 0 };
/* Dynamic lock structure */
@@ -42,9 +42,9 @@ struct CRYPTO_dynlock_value {
*/
#define SSL_TMP_KEY_FREE(type, idx) \
- if (ACRSSL_temp_keys[idx]) { \
- type##_free((type *)ACRSSL_temp_keys[idx]); \
- ACRSSL_temp_keys[idx] = 0; \
+ if (acr_ssl_temp_keys[idx]) { \
+ type##_free((type *)acr_ssl_temp_keys[idx]); \
+ acr_ssl_temp_keys[idx] = 0; \
} else (void)(0)
#define SSL_TMP_KEYS_FREE(type) \
@@ -60,8 +60,8 @@ struct CRYPTO_dynlock_value {
ssl_tmp_key_init_dh(bits, SSL_TMP_KEY_DH_##bits)
#define SSL_TMP_KEYS_INIT(R) \
- ACRSSL_temp_keys[SSL_TMP_KEY_RSA_2048] = 0; \
- ACRSSL_temp_keys[SSL_TMP_KEY_RSA_4096] = 0; \
+ acr_ssl_temp_keys[SSL_TMP_KEY_RSA_2048] = 0; \
+ acr_ssl_temp_keys[SSL_TMP_KEY_RSA_4096] = 0; \
R |= SSL_TMP_KEY_INIT_RSA(512); \
R |= SSL_TMP_KEY_INIT_RSA(1024); \
R |= SSL_TMP_KEY_INIT_DH(512); \
@@ -71,7 +71,7 @@ struct CRYPTO_dynlock_value {
static int ssl_tmp_key_init_rsa(int bits, int idx)
{
- if ((ACRSSL_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, 0, 0)) == 0)
+ if ((acr_ssl_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, 0, 0)) == 0)
return 1;
else
return 0;
@@ -79,7 +79,7 @@ static int ssl_tmp_key_init_rsa(int bits
static int ssl_tmp_key_init_dh(int bits, int idx)
{
- if ((ACRSSL_temp_keys[idx] = ACRSSL_dh_get_tmp_param(bits)) == 0)
+ if ((acr_ssl_temp_keys[idx] = ssl_dh_get_tmp_param(bits)) == 0)
return 1;
else
return 0;
@@ -223,7 +223,7 @@ static int ssl_rand_load_file(const char
return -1;
}
-int ACRSSL_rand_seed(const char *file)
+int ssl_rand_seed(const char *file)
{
unsigned char stackdata[256];
static volatile unsigned int counter = 0;
@@ -264,7 +264,7 @@ ACR_SSL_EXPORT(jint, Library, init0)(JNI
if (ssl_initialized != 0)
return 0;
- memset(&ACRSSL_password_cb, 0, sizeof(ssl_pass_cb_t));
+ memset(&acr_ssl_password_cb, 0, sizeof(ssl_pass_cb_t));
/* We must register the library in full, to ensure our configuration
* code can successfully test the SSL environment.
*/
@@ -300,7 +300,7 @@ ACR_SSL_EXPORT(jint, Library, init0)(JNI
CRYPTO_set_dynlock_destroy_callback(ssl_dynlock_destroy);
/* For SSL_get_app_data2() at request time */
- ACRSSL_init_app_data2_idx();
+ ssl_init_app_data2_idx();
SSL_TMP_KEYS_INIT(rc);
if (rc != 0) {
/* One of the inits failed
@@ -374,14 +374,14 @@ ACR_SSL_EXPORT(jboolean, Random, seed0)(
* low entropy seed.
*/
WITH_CSTR(file) {
- rc = ACRSSL_rand_seed(J2S(file));
+ rc = ssl_rand_seed(J2S(file));
} DONE_WITH_STR(file);
return rc == 0 ? JNI_FALSE : JNI_TRUE;
}
ACR_SSL_EXPORT(jboolean, Random, seed1)(JNI_STDARGS)
{
- return ACRSSL_rand_seed(0) == 0 ? JNI_FALSE : JNI_TRUE;
+ return ssl_rand_seed(0) == 0 ? JNI_FALSE : JNI_TRUE;
}
ACR_SSL_EXPORT(jboolean, Random, seed2)(JNI_STDARGS, jbyteArray ba,
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c?rev=1166827&r1=1166826&r2=1166827&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/password.c Thu Sep 8 17:59:14 2011
@@ -18,15 +18,40 @@
#include "acr/error.h"
#include "acr/misc.h"
#include "acr/string.h"
-#include "arch_sync.h"
+#include "acr/port.h"
#include "acr/ssl.h"
+#include "arch_sync.h"
#if !HAVE_OPENSSL
#error "Cannot compile this file without HAVE_OPENSSL defined"
#endif
/* Global password callback */
-ssl_pass_cb_t *ACRSSL_password_cb;
+ssl_pass_cb_t *acr_ssl_password_cb;
+
+int ssl_password_callback(char *buf, int bufsiz, int verify, void *cb)
+{
+ ssl_pass_cb_t *pcb = (ssl_pass_cb_t *)cb;
+
+ if (buf == 0)
+ return 0;
+ buf[0] = '\0';
+ if (pcb == 0)
+ pcb = acr_ssl_password_cb;
+ if (pcb == 0)
+ return 0;
+ if (pcb->password == 0) {
+ /* Call PasswordCallback.handler()
+ */
+ AcrCallbackRun(0, pcb->cb, 0, 0, 0);
+ }
+ if (pcb->password != 0) {
+ /* Return already obtained password */
+ strlcpy(buf, pcb->password, bufsiz);
+ return (int)strlen(buf);
+ }
+ return 0;
+}
ACR_SSL_EXPORT(jlong, PasswordCallback, new0)(JNI_STDARGS)
{
@@ -48,9 +73,9 @@ ACR_SSL_EXPORT(void, PasswordCallback, d
ssl_pass_cb_t *pc = J2P(ph, ssl_pass_cb_t *);
if (pc != 0) {
- if (pc == ACRSSL_password_cb) {
+ if (pc == acr_ssl_password_cb) {
/* XXX: Should we allow that ? */
- ACRSSL_password_cb = 0;
+ acr_ssl_password_cb = 0;
}
AcrMemCleanse(pc->password, 0);
AcrFree(pc->password);
@@ -61,7 +86,7 @@ ACR_SSL_EXPORT(void, PasswordCallback, d
ACR_SSL_EXPORT(void, PasswordCallback, def0)(JNI_STDARGS, jlong ph)
{
ssl_pass_cb_t *pc = J2P(ph, ssl_pass_cb_t *);
- ACRSSL_password_cb = pc;
+ acr_ssl_password_cb = pc;
}
ACR_SSL_EXPORT(void, PasswordCallback, set0)(JNI_STDARGS, jlong ph, jstring password)
@@ -79,9 +104,9 @@ ACR_SSL_EXPORT(void, PasswordCallback, s
#if defined(ENABLE_TEST_PRIVATE)
ACR_SSL_EXPORT(int, TestOpenSSL, runPasswordCallback)(JNI_STDARGS)
{
- if (ACRSSL_password_cb != 0) {
- AcrCallbackRun(0, ACRSSL_password_cb->cb, 0, 0, 0);
- if (ACRSSL_password_cb->password && strcmp(ACRSSL_password_cb->password, "secret") == 0)
+ if (acr_ssl_password_cb != 0) {
+ AcrCallbackRun(0, acr_ssl_password_cb->cb, 0, 0, 0);
+ if (acr_ssl_password_cb->password && strcmp(acr_ssl_password_cb->password, "secret") == 0)
return 0;
else
return ACR_EINVAL;
Modified: commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c
URL: http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c?rev=1166827&r1=1166826&r2=1166827&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/modules/openssl/util.c Thu Sep 8 17:59:14 2011
@@ -37,29 +37,29 @@
* also note that OpenSSL increments at static variable when
* SSL_get_ex_new_index() is called, so we _must_ do this at startup.
*/
-static int ssl_app_data2_idx = -1;
+static int app_data2_idx = -1;
-void ACRSSL_init_app_data2_idx(void)
+void ssl_init_app_data2_idx(void)
{
int i;
- if (ssl_app_data2_idx > -1) {
+ if (app_data2_idx > -1) {
return;
}
/* we _do_ need to call this twice */
for (i = 0; i <= 1; i++) {
- ssl_app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", 0, 0, 0);
+ app_data2_idx = SSL_get_ex_new_index(0, "Second Application Data for SSL", 0, 0, 0);
}
}
-void *ACRSSL_get_app_data2(SSL *ssl)
+void *ssl_get_app_data2(SSL *ssl)
{
- return (void *)SSL_get_ex_data(ssl, ssl_app_data2_idx);
+ return (void *)SSL_get_ex_data(ssl, app_data2_idx);
}
-void ACRSSL_set_app_data2(SSL *ssl, void *arg)
+void ssl_set_app_data2(SSL *ssl, void *arg)
{
- SSL_set_ex_data(ssl, ssl_app_data2_idx, (char *)arg);
+ SSL_set_ex_data(ssl, app_data2_idx, (char *)arg);
return;
}
@@ -190,7 +190,7 @@ static DH *get_dh(int idx)
return dh;
}
-DH *ACRSSL_dh_get_tmp_param(int key_len)
+DH *ssl_dh_get_tmp_param(int key_len)
{
DH *dh;
@@ -207,7 +207,7 @@ DH *ACRSSL_dh_get_tmp_param(int key_len)
return dh;
}
-DH *ACRSSL_dh_get_param_from_file(const char *file)
+DH *ssl_dh_get_param_from_file(const char *file)
{
DH *dh = 0;
BIO *bio;
@@ -257,7 +257,7 @@ DH *ACRSSL_dh_get_param_from_file(const
* which we now just hand out on demand....
*/
-RSA *ACRSSL_callback_tmp_RSA(SSL *ssl, int export, int keylen)
+RSA *ssl_callback_tmp_RSA(SSL *ssl, int export, int keylen)
{
int idx;
@@ -273,12 +273,12 @@ RSA *ACRSSL_callback_tmp_RSA(SSL *ssl, i
break;
case 2048:
idx = SSL_TMP_KEY_RSA_2048;
- if (ACRSSL_temp_keys[idx] == 0)
+ if (acr_ssl_temp_keys[idx] == 0)
idx = SSL_TMP_KEY_RSA_1024;
break;
case 4096:
idx = SSL_TMP_KEY_RSA_4096;
- if (ACRSSL_temp_keys[idx] == 0)
+ if (acr_ssl_temp_keys[idx] == 0)
idx = SSL_TMP_KEY_RSA_2048;
break;
case 1024:
@@ -286,13 +286,13 @@ RSA *ACRSSL_callback_tmp_RSA(SSL *ssl, i
idx = SSL_TMP_KEY_RSA_1024;
break;
}
- return (RSA *)ACRSSL_temp_keys[idx];
+ return (RSA *)acr_ssl_temp_keys[idx];
}
/*
* Hand out the already generated DH parameters...
*/
-DH *ACRSSL_callback_tmp_DH(SSL *ssl, int export, int keylen)
+DH *ssl_callback_tmp_DH(SSL *ssl, int export, int keylen)
{
int idx;
switch (keylen) {
@@ -310,10 +310,10 @@ DH *ACRSSL_callback_tmp_DH(SSL *ssl, int
idx = SSL_TMP_KEY_DH_1024;
break;
}
- return (DH *)ACRSSL_temp_keys[idx];
+ return (DH *)acr_ssl_temp_keys[idx];
}
-void ACRSSL_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo)
+void ssl_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo)
{
MD5_CTX c;
@@ -343,8 +343,8 @@ void ACRSSL_vhost_algo_id(const unsigned
* format, possibly followed by a sequence of CA certificates that
* should be sent to the peer in the SSL Certificate message.
*/
-int ACRSSL_CTX_use_certificate_chain(SSL_CTX *ctx, const char *file,
- int skipfirst)
+int ssl_ctx_use_certificate_chain(SSL_CTX *ctx, const char *file,
+ int skipfirst)
{
BIO *bio;
X509 *x509;
@@ -367,10 +367,10 @@ int ACRSSL_CTX_use_certificate_chain(SSL
X509_free(x509);
}
/* free a perhaps already configured extra chain */
- extra_certs = ACRSSL_CTX_get_extra_certs(ctx);
+ extra_certs = ssl_ctx_get_extra_certs(ctx);
if (extra_certs != 0) {
sk_X509_pop_free(extra_certs, X509_free);
- ACRSSL_CTX_set_extra_certs(ctx, 0);
+ ssl_ctx_set_extra_certs(ctx, 0);
}
/* create new extra chain by loading the certs */
n = 0;