You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mi...@apache.org on 2023/06/29 07:08:55 UTC
[tomcat-native] branch main updated: Bug 66666: Remove non-reachable functions from ssl.c
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/main by this push:
new 2e865ff87 Bug 66666: Remove non-reachable functions from ssl.c
2e865ff87 is described below
commit 2e865ff8788b3c738170713771ba5a2ec0e2e364
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Fri Jun 23 11:09:58 2023 +0200
Bug 66666: Remove non-reachable functions from ssl.c
---
native/include/ssl_private.h | 1 -
native/src/ssl.c | 156 +-------------------------------------
native/src/sslutils.c | 27 +------
xdocs/miscellaneous/changelog.xml | 3 +
4 files changed, 8 insertions(+), 179 deletions(-)
diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index 242ab4dd4..6c5c9d297 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -232,7 +232,6 @@ typedef struct tcn_ssl_ctxt_t tcn_ssl_ctxt_t;
typedef struct {
char password[SSL_MAX_PASSWORD_LEN];
const char *prompt;
- tcn_callback_t cb;
} tcn_pass_cb_t;
extern tcn_pass_cb_t tcn_password_callback;
diff --git a/native/src/ssl.c b/native/src/ssl.c
index 53ae4b4a9..a1ab58fa0 100644
--- a/native/src/ssl.c
+++ b/native/src/ssl.c
@@ -45,8 +45,7 @@ static jclass stringClass;
/*
* supported_ssl_opts is a bitmask that contains all supported SSL_OP_*
- * options at compile-time. This is used in hasOp to determine which
- * SSL_OP_* options are available at runtime.
+ * options at compile-time.
*
* Note that at least up through OpenSSL 0.9.8o, checking SSL_OP_ALL will
* return JNI_FALSE because SSL_OP_ALL is a mask that covers all bug
@@ -301,13 +300,6 @@ static apr_status_t ssl_init_cleanup(void *data)
return APR_SUCCESS;
ssl_initialized = 0;
- if (tcn_password_callback.cb.obj) {
- JNIEnv *env;
- tcn_get_java_env(&env);
- TCN_UNLOAD_CLASS(env,
- tcn_password_callback.cb.obj);
- }
-
free_bio_methods();
free_dh_params();
@@ -600,37 +592,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine)
return (jint)APR_SUCCESS;
}
-TCN_IMPLEMENT_CALL(jboolean, SSL, randLoad)(TCN_STDARGS, jstring file)
-{
- TCN_ALLOC_CSTRING(file);
- int r;
- UNREFERENCED(o);
- r = SSL_rand_seed(J2S(file));
- TCN_FREE_CSTRING(file);
- return r ? JNI_TRUE : JNI_FALSE;
-}
-
-TCN_IMPLEMENT_CALL(jboolean, SSL, randSave)(TCN_STDARGS, jstring file)
-{
- TCN_ALLOC_CSTRING(file);
- int r;
- UNREFERENCED(o);
- r = ssl_rand_save_file(J2S(file));
- TCN_FREE_CSTRING(file);
- return r ? JNI_TRUE : JNI_FALSE;
-}
-
-TCN_IMPLEMENT_CALL(jboolean, SSL, randMake)(TCN_STDARGS, jstring file,
- jint length, jboolean base64)
-{
- TCN_ALLOC_CSTRING(file);
- int r;
- UNREFERENCED(o);
- r = ssl_rand_make(J2S(file), length, base64);
- TCN_FREE_CSTRING(file);
- return r ? JNI_TRUE : JNI_FALSE;
-}
-
TCN_IMPLEMENT_CALL(void, SSL, randSet)(TCN_STDARGS, jstring file)
{
TCN_ALLOC_CSTRING(file);
@@ -894,96 +855,6 @@ static BIO_METHOD *BIO_jbs()
return jbs_methods;
}
-TCN_IMPLEMENT_CALL(jlong, SSL, newBIO)(TCN_STDARGS, jlong pool,
- jobject callback)
-{
- BIO *bio = NULL;
- BIO_JAVA *j;
- jclass cls;
-
- UNREFERENCED(o);
-
- if ((bio = BIO_new(BIO_jbs())) == NULL) {
- tcn_ThrowException(e, "Create BIO failed");
- goto init_failed;
- }
- j = (BIO_JAVA *)BIO_get_data(bio);
- if (j == NULL) {
- tcn_ThrowException(e, "Create BIO failed");
- goto init_failed;
- }
- j->pool = J2P(pool, apr_pool_t *);
- if (j->pool) {
- apr_pool_cleanup_register(j->pool, (const void *)bio,
- generic_bio_cleanup,
- apr_pool_cleanup_null);
- }
-
- cls = (*e)->GetObjectClass(e, callback);
- j->cb.mid[0] = (*e)->GetMethodID(e, cls, "write", "([B)I");
- j->cb.mid[1] = (*e)->GetMethodID(e, cls, "read", "([B)I");
- j->cb.mid[2] = (*e)->GetMethodID(e, cls, "puts", "(Ljava/lang/String;)I");
- j->cb.mid[3] = (*e)->GetMethodID(e, cls, "gets", "(I)Ljava/lang/String;");
- /* TODO: Check if method id's are valid */
- j->cb.obj = (*e)->NewGlobalRef(e, callback);
-
- BIO_set_init(bio, 1);
- BIO_set_flags(bio, SSL_BIO_FLAG_CALLBACK);
- return P2J(bio);
-init_failed:
- return 0;
-}
-
-TCN_IMPLEMENT_CALL(jint, SSL, closeBIO)(TCN_STDARGS, jlong bio)
-{
- BIO *b = J2P(bio, BIO *);
- UNREFERENCED_STDARGS;
- SSL_BIO_close(b);
- return APR_SUCCESS;
-}
-
-TCN_IMPLEMENT_CALL(void, SSL, setPasswordCallback)(TCN_STDARGS,
- jobject callback)
-{
- jclass cls;
-
- UNREFERENCED(o);
- if (tcn_password_callback.cb.obj) {
- TCN_UNLOAD_CLASS(e,
- tcn_password_callback.cb.obj);
- }
- cls = (*e)->GetObjectClass(e, callback);
- tcn_password_callback.cb.mid[0] = (*e)->GetMethodID(e, cls, "callback",
- "(Ljava/lang/String;)Ljava/lang/String;");
- /* TODO: Check if method id is valid */
- tcn_password_callback.cb.obj = (*e)->NewGlobalRef(e, callback);
-
-}
-
-TCN_IMPLEMENT_CALL(void, SSL, setPassword)(TCN_STDARGS, jstring password)
-{
- TCN_ALLOC_CSTRING(password);
- UNREFERENCED(o);
- if (J2S(password)) {
- strncpy(tcn_password_callback.password, J2S(password), SSL_MAX_PASSWORD_LEN);
- tcn_password_callback.password[SSL_MAX_PASSWORD_LEN-1] = '\0';
- }
- TCN_FREE_CSTRING(password);
-}
-
-TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS)
-{
- char buf[256];
- UNREFERENCED(o);
- ERR_error_string(SSL_ERR_get(), buf);
- return tcn_new_string(e, buf);
-}
-
-TCN_IMPLEMENT_CALL(jboolean, SSL, hasOp)(TCN_STDARGS, jint op)
-{
- return op == (op & supported_ssl_opts) ? JNI_TRUE : JNI_FALSE;
-}
-
/*** Begin Twitter 1:1 API addition ***/
TCN_IMPLEMENT_CALL(jint, SSL, getLastErrorNumber)(TCN_STDARGS) {
UNREFERENCED_STDARGS;
@@ -1091,22 +962,6 @@ TCN_IMPLEMENT_CALL(jlong /* SSL * */, SSL, newSSL)(TCN_STDARGS,
return P2J(ssl);
}
-TCN_IMPLEMENT_CALL(void, SSL, setBIO)(TCN_STDARGS,
- jlong ssl /* SSL * */,
- jlong rbio /* BIO * */,
- jlong wbio /* BIO * */) {
- UNREFERENCED_STDARGS;
- SSL_set_bio(J2P(ssl, SSL *), J2P(rbio, BIO *), J2P(wbio, BIO *));
- return;
-}
-
-TCN_IMPLEMENT_CALL(jint, SSL, getError)(TCN_STDARGS,
- jlong ssl /* SSL * */,
- jint ret) {
- UNREFERENCED_STDARGS;
- return SSL_get_error(J2P(ssl, SSL*), ret);
-}
-
/* How much did SSL write into this BIO? */
TCN_IMPLEMENT_CALL(jint /* nbytes */, SSL, pendingWrittenBytesInBIO)(TCN_STDARGS,
jlong bio /* BIO * */) {
@@ -1171,15 +1026,6 @@ TCN_IMPLEMENT_CALL(jint /* status */, SSL, getShutdown)(TCN_STDARGS,
return SSL_get_shutdown(J2P(ssl, SSL *));
}
-/* Called when the peer closes the connection */
-TCN_IMPLEMENT_CALL(void, SSL, setShutdown)(TCN_STDARGS,
- jlong ssl /* SSL * */,
- jint mode) {
- UNREFERENCED_STDARGS;
-
- SSL_set_shutdown(J2P(ssl, SSL *), mode);
-}
-
/* Free the SSL * and its associated internal BIO */
TCN_IMPLEMENT_CALL(void, SSL, freeSSL)(TCN_STDARGS,
jlong ssl /* SSL * */) {
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 2194aac11..2af4d2504 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -126,32 +126,13 @@ int SSL_password_prompt(tcn_pass_cb_t *data)
{
int rv = 0;
data->password[0] = '\0';
- if (data->cb.obj) {
- JNIEnv *e;
- jobject o;
- jstring prompt;
- tcn_get_java_env(&e);
- prompt = AJP_TO_JSTRING(data->prompt);
- if ((o = (*e)->CallObjectMethod(e, data->cb.obj,
- data->cb.mid[0], prompt))) {
- TCN_ALLOC_CSTRING(o);
- if (J2S(o)) {
- strncpy(data->password, J2S(o), SSL_MAX_PASSWORD_LEN);
- data->password[SSL_MAX_PASSWORD_LEN-1] = '\0';
- rv = (int)strlen(data->password);
- }
- TCN_FREE_CSTRING(o);
- }
- }
- else {
#ifdef WIN32
- rv = WIN32_SSL_password_prompt(data);
+ rv = WIN32_SSL_password_prompt(data);
#else
- EVP_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN,
- data->prompt, 0);
+ EVP_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN,
+ data->prompt, 0);
#endif
- rv = (int)strlen(data->password);
- }
+ rv = (int)strlen(data->password);
if (rv > 0) {
/* Remove LF char if present */
char *r = strchr(data->password, '\n');
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 76d06de91..7ef27121a 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -33,6 +33,9 @@
</section>
<section name="Changes in 2.0.5">
<changelog>
+ <update>
+ <bug>66666</bug>: Remove non-reachable functions from ssl.c. (michaelo)
+ </update>
<update>
Align default pass phrase prompt with HTTPd. (michaelo)
</update>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org