You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by re...@apache.org on 2022/12/08 14:44:56 UTC
[tomcat] branch main updated: JEP code is now in Java 20
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 66a4bcab40 JEP code is now in Java 20
66a4bcab40 is described below
commit 66a4bcab40ba28b8b0ead1d360575b19fc383da7
Author: remm <re...@apache.org>
AuthorDate: Thu Dec 8 15:44:28 2022 +0100
JEP code is now in Java 20
Fix bad NULL check in engine (leftover from Java 19 conversion).
More API renaming, MemorySession -> SegmentScope.
Cleanup variable names.
Update docs since using the experimental JVM is not needed.
I suppose there will be many more API changes ;)
---
modules/openssl-foreign/README.md | 23 +---
.../util/net/openssl/panama/OpenSSLContext.java | 140 ++++++++++-----------
.../util/net/openssl/panama/OpenSSLEngine.java | 88 ++++++-------
.../apache/tomcat/util/openssl/RuntimeHelper.java | 10 +-
.../SSL_CTX_set_cert_verify_callback$cb.java | 4 +-
.../openssl/SSL_CTX_set_tmp_dh_callback$dh.java | 4 +-
.../util/openssl/SSL_set_info_callback$cb.java | 4 +-
7 files changed, 130 insertions(+), 143 deletions(-)
diff --git a/modules/openssl-foreign/README.md b/modules/openssl-foreign/README.md
index 9c65cbb4e8..a57db35620 100644
--- a/modules/openssl-foreign/README.md
+++ b/modules/openssl-foreign/README.md
@@ -5,26 +5,11 @@
It uses the JEP 434 API. More details on this API are available
at `https://openjdk.java.net/jeps/434`.
-## Building Java 20 with the JEP 434 API
-
-Clone `https://github.com/openjdk/panama-foreign/` in some location and
-checkout the main branch. This is a Java 20 development JVM
-with the JEP 434 API. It may fail to build. When this happens, step back
-one commit at a time until it does.
-
-```
-bash configure
-make images
-```
-
## Building
-The module can now be built.
-```
-export JAVA_HOME=<pathto>/panama-foreign/build/linux-x86_64-server-release/images/jdk
-mvn package
-```
-Note: The build path for the JDK will be different on other platforms.
+The module can be built using Java 20. This will be the only Java version that
+is supported as the JEP 434 API is incubating and will continue to evolve.
+It can be built and run with Apache Tomcat 9.0 or newer.
## Running
@@ -69,7 +54,7 @@ export JAVA_OPTS="--enable-preview --enable-native-access=ALL-UNNAMED"
jextract is now available in its own standalone repository. Clone
`https://github.com/openjdk/jextract` in some location and
-checkout the `panama` branch. Please refer to the
+checkout the branch that supports Java 20. Please refer to the
instructions from the repository for building.
This step is only useful to be able to use additional native APIs from OpenSSL
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 579bdec9f2..255c3765e1 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -24,8 +24,8 @@ import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.MemorySession;
import java.lang.foreign.SegmentAllocator;
+import java.lang.foreign.SegmentScope;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -171,11 +171,11 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
private static final ConcurrentHashMap<Long, ContextState> states = new ConcurrentHashMap<>();
static ContextState getState(MemorySegment ctx) {
- return states.get(Long.valueOf(Long.valueOf(ctx.address())));
+ return states.get(Long.valueOf(ctx.address()));
}
private final ContextState state;
- private final MemorySession contextMemorySession;
+ private final SegmentScope contextScope;
private final Cleanable cleanable;
private static String[] getCiphers(MemorySegment sslCtx) {
@@ -207,7 +207,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
this.sslHostConfig = certificate.getSSLHostConfig();
this.certificate = certificate;
- contextMemorySession = MemorySession.implicit();
+ contextScope = SegmentScope.auto();
MemorySegment sslCtx = MemorySegment.NULL;
MemorySegment confCtx = MemorySegment.NULL;
@@ -224,8 +224,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
confCtx = SSL_CONF_CTX_new();
long errCode = ERR_get_error();
if (errCode != 0) {
- try (var memorySession = Arena.openConfined()) {
- var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+ try (var localArena = Arena.openConfined()) {
+ var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("openssl.errorLoadingCertificate", buf.getUtf8String(0)));
}
@@ -331,7 +331,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// Set int pem_password_cb(char *buf, int size, int rwflag, void *u) callback
openSSLCallbackPassword =
Linker.nativeLinker().upcallStub(openSSLCallbackPasswordHandle,
- openSSLCallbackPasswordFunctionDescriptor, contextMemorySession);
+ openSSLCallbackPasswordFunctionDescriptor, contextScope);
SSL_CTX_set_default_passwd_cb(sslCtx, openSSLCallbackPassword);
alpn = (negotiableProtocols != null && negotiableProtocols.size() > 0);
@@ -402,16 +402,16 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.checkCommand", name, value));
}
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
// rc = SSLConf.check(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
rc = 1;
} else {
- int code = SSL_CONF_cmd_value_type(state.confCtx, memorySession.allocateUtf8String(name));
+ int code = SSL_CONF_cmd_value_type(state.confCtx, localArena.allocateUtf8String(name));
rc = 1;
long errCode = ERR_get_error();
if (errCode != 0) {
- var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+ var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("opensslconf.checkFailed", buf.getUtf8String(0)));
rc = 0;
@@ -477,17 +477,17 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (log.isDebugEnabled()) {
log.debug(sm.getString("opensslconf.applyCommand", name, value));
}
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
// rc = SSLConf.apply(confCtx, name, value);
if (name.equals("NO_OCSP_CHECK")) {
noOcspCheck = Boolean.valueOf(value);
rc = 1;
} else {
- rc = SSL_CONF_cmd(state.confCtx, memorySession.allocateUtf8String(name),
- memorySession.allocateUtf8String(value));
+ rc = SSL_CONF_cmd(state.confCtx, localArena.allocateUtf8String(name),
+ localArena.allocateUtf8String(value));
long errCode = ERR_get_error();
if (rc <= 0 || errCode != 0) {
- var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+ var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(errCode, buf);
log.error(sm.getString("opensslconf.commandError", name, value, buf.getUtf8String(0)));
rc = 0;
@@ -535,7 +535,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("openssl.doubleInit"));
return;
}
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
if (sslHostConfig.getInsecureRenegotiation()) {
SSL_CTX_set_options(state.sslCtx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION());
} else {
@@ -567,13 +567,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// List the ciphers that the client is permitted to negotiate
if (minTlsVersion <= TLS1_2_VERSION()) {
if (SSL_CTX_set_cipher_list(state.sslCtx,
- memorySession.allocateUtf8String(sslHostConfig.getCiphers())) <= 0) {
+ localArena.allocateUtf8String(sslHostConfig.getCiphers())) <= 0) {
log.warn(sm.getString("engine.failedCipherList", sslHostConfig.getCiphers()));
}
}
if (maxTlsVersion >= TLS1_3_VERSION() && (sslHostConfig.getCiphers() != SSLHostConfig.DEFAULT_TLS_CIPHERS)) {
if (SSL_CTX_set_ciphersuites(state.sslCtx,
- memorySession.allocateUtf8String(sslHostConfig.getCiphers())) <= 0) {
+ localArena.allocateUtf8String(sslHostConfig.getCiphers())) <= 0) {
log.warn(sm.getString("engine.failedCipherSuite", sslHostConfig.getCiphers()));
}
}
@@ -582,7 +582,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));
}
- addCertificate(certificate, memorySession);
+ addCertificate(certificate, localArena);
// Client certificate verification
int value = 0;
@@ -610,7 +610,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
- openSSLCallbackVerifyFunctionDescriptor, contextMemorySession);
+ openSSLCallbackVerifyFunctionDescriptor, contextScope);
// Leave this just in case but in Tomcat this is always set again by the engine
SSL_CTX_set_verify(state.sslCtx, value, openSSLCallbackVerify);
@@ -620,7 +620,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
state.x509TrustManager = chooseTrustManager(tms);
var openSSLCallbackCertVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackCertVerifyHandle,
- openSSLCallbackCertVerifyFunctionDescriptor, contextMemorySession);
+ openSSLCallbackCertVerifyFunctionDescriptor, contextScope);
SSL_CTX_set_cert_verify_callback(state.sslCtx, openSSLCallbackCertVerify, state.sslCtx);
// Pass along the DER encoded certificates of the accepted client
@@ -629,13 +629,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// an acceptable certificate
for (X509Certificate caCert : state.x509TrustManager.getAcceptedIssuers()) {
//SSLContext.addClientCACertificateRaw(state.ctx, caCert.getEncoded());
- var rawCACertificate = memorySession.allocateArray(ValueLayout.JAVA_BYTE, caCert.getEncoded());
- var rawCACertificatePointer = memorySession.allocate(ValueLayout.ADDRESS, rawCACertificate);
+ var rawCACertificate = localArena.allocateArray(ValueLayout.JAVA_BYTE, caCert.getEncoded());
+ var rawCACertificatePointer = localArena.allocate(ValueLayout.ADDRESS, rawCACertificate);
var x509CACert = d2i_X509(MemorySegment.NULL, rawCACertificatePointer, rawCACertificate.byteSize());
if (MemorySegment.NULL.equals(x509CACert)) {
- logLastError(memorySession, "openssl.errorLoadingCertificate");
+ logLastError(localArena, "openssl.errorLoadingCertificate");
} else if (SSL_CTX_add_client_CA(state.sslCtx, x509CACert) <= 0) {
- logLastError(memorySession, "openssl.errorAddingCertificate");
+ logLastError(localArena, "openssl.errorAddingCertificate");
} else if (log.isDebugEnabled()) {
log.debug(sm.getString("openssl.addedClientCaCert", caCert.toString()));
}
@@ -646,14 +646,14 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile()),
// SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath()));
MemorySegment caCertificateFileNative = sslHostConfig.getCaCertificateFile() != null
- ? memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile())) : null;
+ ? localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificateFile())) : null;
MemorySegment caCertificatePathNative = sslHostConfig.getCaCertificatePath() != null
- ? memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())) : null;
+ ? localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCaCertificatePath())) : null;
if ((sslHostConfig.getCaCertificateFile() != null || sslHostConfig.getCaCertificatePath() != null)
&& SSL_CTX_load_verify_locations(state.sslCtx,
caCertificateFileNative == null ? MemorySegment.NULL : caCertificateFileNative,
caCertificatePathNative == null ? MemorySegment.NULL : caCertificatePathNative) <= 0) {
- logLastError(memorySession, "openssl.errorConfiguringLocations");
+ logLastError(localArena, "openssl.errorConfiguringLocations");
} else {
var caCerts = SSL_CTX_get_client_CA_list(state.sslCtx);
if (MemorySegment.NULL.equals(caCerts)) {
@@ -678,7 +678,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// MemoryAddress in, int inlen, MemoryAddress arg
var openSSLCallbackAlpnSelectProto =
Linker.nativeLinker().upcallStub(openSSLCallbackAlpnSelectProtoHandle,
- openSSLCallbackAlpnSelectProtoFunctionDescriptor, contextMemorySession);
+ openSSLCallbackAlpnSelectProtoFunctionDescriptor, contextScope);
SSL_CTX_set_alpn_select_cb(state.sslCtx, openSSLCallbackAlpnSelectProto, state.sslCtx);
}
@@ -794,8 +794,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
log.warn(sm.getString("context.noSSL", Long.valueOf(arg.address())));
return SSL_TLSEXT_ERR_NOACK();
}
- try (var memorySession = Arena.openConfined()) {
- MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, memorySession.session());
+ try (var localArena = Arena.openConfined()) {
+ MemorySegment inSeg = MemorySegment.ofAddress(in.address(), inlen, localArena.scope());
byte[] advertisedBytes = inSeg.toArray(ValueLayout.JAVA_BYTE);
for (byte[] negotiableProtocolBytes : state.negotiableProtocols) {
for (int i = 0; i <= advertisedBytes.length - negotiableProtocolBytes.length; i++) {
@@ -804,9 +804,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (advertisedBytes[i + j] == negotiableProtocolBytes[j]) {
if (j == negotiableProtocolBytes.length - 1) {
// Match
- MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), memorySession.session());
+ MemorySegment outSeg = MemorySegment.ofAddress(out.address(), ValueLayout.ADDRESS.byteSize(), localArena.scope());
outSeg.set(ValueLayout.ADDRESS, 0, inSeg.asSlice(i));
- MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), memorySession.session());
+ MemorySegment outlenSeg = MemorySegment.ofAddress(outlen.address(), ValueLayout.JAVA_BYTE.byteSize(), localArena.scope());
outlenSeg.set(ValueLayout.JAVA_BYTE, 0, (byte) negotiableProtocolBytes.length);
return SSL_TLSEXT_ERR_OK();
}
@@ -842,17 +842,17 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
MemorySegment /*STACK_OF(X509)*/ sk = X509_STORE_CTX_get0_untrusted(x509_ctx);
int len = OPENSSL_sk_num(sk);
byte[][] certificateChain = new byte[len][];
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
- MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
+ MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
if (length < 0) {
certificateChain[i] = new byte[0];
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ certificateChain[i] = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
MemorySegment cipher = SSL_get_current_cipher(ssl);
@@ -960,13 +960,13 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
String callbackPassword = callbackPasswordTheadLocal.get();
if (callbackPassword != null && callbackPassword.length() > 0) {
- try (var memorySession = Arena.openConfined()) {
- MemorySegment callbackPasswordNative = memorySession.allocateUtf8String(callbackPassword);
+ try (var localArena = Arena.openConfined()) {
+ MemorySegment callbackPasswordNative = localArena.allocateUtf8String(callbackPassword);
if (callbackPasswordNative.byteSize() > bufsiz) {
// The password is too long
log.error(sm.getString("openssl.passwordTooLong"));
} else {
- MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, memorySession.session());
+ MemorySegment bufSegment = MemorySegment.ofAddress(buf.address(), bufsiz, localArena.scope());
bufSegment.copyFrom(callbackPasswordNative);
return (int) callbackPasswordNative.byteSize();
}
@@ -976,7 +976,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
- private void addCertificate(SSLHostConfigCertificate certificate, Arena memorySession) throws Exception {
+ private void addCertificate(SSLHostConfigCertificate certificate, Arena localArena) throws Exception {
int index = getCertificateIndex(certificate);
// Load Server key and certificate
if (certificate.getCertificateFile() != null) {
@@ -985,9 +985,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
// SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
// SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()),
// certificate.getCertificateKeyPassword(), getCertificateIndex(certificate));
- var certificateFileNative = memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()));
+ var certificateFileNative = localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()));
var certificateKeyFileNative = (certificate.getCertificateKeyFile() == null) ? certificateFileNative
- : memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()));
+ : localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()));
MemorySegment bio;
MemorySegment cert = MemorySegment.NULL;
MemorySegment key = MemorySegment.NULL;
@@ -1011,7 +1011,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
int passwordLength = 0;
String callbackPassword = certificate.getCertificateKeyPassword();
if (callbackPassword != null && callbackPassword.length() > 0) {
- passwordAddress = memorySession.allocateUtf8String(callbackPassword);
+ passwordAddress = localArena.allocateUtf8String(callbackPassword);
passwordLength = (int) (passwordAddress.byteSize() - 1);
}
if (PKCS12_verify_mac(p12, passwordAddress, passwordLength) <= 0) {
@@ -1020,8 +1020,8 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
PKCS12_free(p12);
return;
}
- MemorySegment certPointer = memorySession.allocate(ValueLayout.ADDRESS);
- MemorySegment keyPointer = memorySession.allocate(ValueLayout.ADDRESS);
+ MemorySegment certPointer = localArena.allocate(ValueLayout.ADDRESS);
+ MemorySegment keyPointer = localArena.allocate(ValueLayout.ADDRESS);
if (PKCS12_parse(p12, passwordAddress, keyPointer, certPointer, MemorySegment.NULL) <= 0) {
log.error(sm.getString("openssl.errorLoadingCertificate", "[3]:" + certificate.getCertificateFile()));
PKCS12_free(p12);
@@ -1101,20 +1101,20 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
}
if (SSL_CTX_use_certificate(state.sslCtx, cert) <= 0) {
- logLastError(memorySession, "openssl.errorLoadingCertificate");
+ logLastError(localArena, "openssl.errorLoadingCertificate");
return;
}
if (SSL_CTX_use_PrivateKey(state.sslCtx, key) <= 0) {
- logLastError(memorySession, "openssl.errorLoadingPrivateKey");
+ logLastError(localArena, "openssl.errorLoadingPrivateKey");
return;
}
if (SSL_CTX_check_private_key(state.sslCtx) <= 0) {
- logLastError(memorySession, "openssl.errorPrivateKeyCheck");
+ logLastError(localArena, "openssl.errorPrivateKeyCheck");
return;
}
// Try to read DH parameters from the (first) SSLCertificateFile
if (index == SSL_AIDX_RSA) {
- bio = BIO_new_file(certificateFileNative, memorySession.allocateUtf8String("r"));
+ bio = BIO_new_file(certificateFileNative, localArena.allocateUtf8String("r"));
var dh = PEM_read_bio_DHparams(bio, MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL);
BIO_free(bio);
// # define SSL_CTX_set_tmp_dh(sslCtx,dh) \
@@ -1125,7 +1125,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
}
// Similarly, try to read the ECDH curve name from SSLCertificateFile...
- bio = BIO_new_file(certificateFileNative, memorySession.allocateUtf8String("r"));
+ bio = BIO_new_file(certificateFileNative, localArena.allocateUtf8String("r"));
var ecparams = PEM_read_bio_ECPKParameters(bio, MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL);
BIO_free(bio);
if (!MemorySegment.NULL.equals(ecparams)) {
@@ -1139,12 +1139,12 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
}
// Set callback for DH parameters
var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, contextMemorySession);
+ openSSLCallbackTmpDHFunctionDescriptor, contextScope);
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
// Set certificate chain file
if (certificate.getCertificateChainFile() != null) {
var certificateChainFileNative =
- memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
+ localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()));
// SSLContext.setCertificateChainFile(state.ctx,
// SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()), false);
if (SSL_CTX_use_certificate_chain_file(state.sslCtx, certificateChainFileNative) <= 0) {
@@ -1161,7 +1161,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (sslHostConfig.getCertificateRevocationListFile() != null) {
MemorySegment x509Lookup = X509_STORE_add_lookup(certificateStore, X509_LOOKUP_file());
var certificateRevocationListFileNative =
- memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
+ localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListFile()));
//X509_LOOKUP_ctrl(lookup,X509_L_FILE_LOAD,file,type,NULL)
if (X509_LOOKUP_ctrl(x509Lookup, X509_L_FILE_LOAD(), certificateRevocationListFileNative,
X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
@@ -1171,7 +1171,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
if (sslHostConfig.getCertificateRevocationListPath() != null) {
MemorySegment x509Lookup = X509_STORE_add_lookup(certificateStore, X509_LOOKUP_hash_dir());
var certificateRevocationListPathNative =
- memorySession.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
+ localArena.allocateUtf8String(SSLHostConfig.adjustRelativePath(sslHostConfig.getCertificateRevocationListPath()));
//X509_LOOKUP_ctrl(lookup,X509_L_ADD_DIR,path,type,NULL)
if (X509_LOOKUP_ctrl(x509Lookup, X509_L_ADD_DIR(), certificateRevocationListPathNative,
X509_FILETYPE_PEM(), MemorySegment.NULL) <= 0) {
@@ -1197,12 +1197,12 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
//SSLContext.setCertificateRaw(state.ctx, chain[0].getEncoded(),
// sb.toString().getBytes(StandardCharsets.US_ASCII),
// getCertificateIndex(certificate));
- var rawCertificate = memorySession.allocateArray(ValueLayout.JAVA_BYTE, chain[0].getEncoded());
- var rawCertificatePointer = memorySession.allocate(ValueLayout.ADDRESS, rawCertificate);
- var rawKey = memorySession.allocateArray(ValueLayout.JAVA_BYTE, sb.toString().getBytes(StandardCharsets.US_ASCII));
+ var rawCertificate = localArena.allocateArray(ValueLayout.JAVA_BYTE, chain[0].getEncoded());
+ var rawCertificatePointer = localArena.allocate(ValueLayout.ADDRESS, rawCertificate);
+ var rawKey = localArena.allocateArray(ValueLayout.JAVA_BYTE, sb.toString().getBytes(StandardCharsets.US_ASCII));
var x509cert = d2i_X509(MemorySegment.NULL, rawCertificatePointer, rawCertificate.byteSize());
if (MemorySegment.NULL.equals(x509cert)) {
- logLastError(memorySession, "openssl.errorLoadingCertificate");
+ logLastError(localArena, "openssl.errorLoadingCertificate");
return;
}
var bio = BIO_new(BIO_s_mem());
@@ -1210,37 +1210,37 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
MemorySegment privateKeyAddress = PEM_read_bio_PrivateKey(bio, MemorySegment.NULL, MemorySegment.NULL, MemorySegment.NULL);
BIO_free(bio);
if (MemorySegment.NULL.equals(privateKeyAddress)) {
- logLastError(memorySession, "openssl.errorLoadingPrivateKey");
+ logLastError(localArena, "openssl.errorLoadingPrivateKey");
return;
}
if (SSL_CTX_use_certificate(state.sslCtx, x509cert) <= 0) {
- logLastError(memorySession, "openssl.errorLoadingCertificate");
+ logLastError(localArena, "openssl.errorLoadingCertificate");
return;
}
if (SSL_CTX_use_PrivateKey(state.sslCtx, privateKeyAddress) <= 0) {
- logLastError(memorySession, "openssl.errorLoadingPrivateKey");
+ logLastError(localArena, "openssl.errorLoadingPrivateKey");
return;
}
if (SSL_CTX_check_private_key(state.sslCtx) <= 0) {
- logLastError(memorySession, "openssl.errorPrivateKeyCheck");
+ logLastError(localArena, "openssl.errorPrivateKeyCheck");
return;
}
// Set callback for DH parameters
var openSSLCallbackTmpDH = Linker.nativeLinker().upcallStub(openSSLCallbackTmpDHHandle,
- openSSLCallbackTmpDHFunctionDescriptor, contextMemorySession);
+ openSSLCallbackTmpDHFunctionDescriptor, contextScope);
SSL_CTX_set_tmp_dh_callback(state.sslCtx, openSSLCallbackTmpDH);
for (int i = 1; i < chain.length; i++) {
//SSLContext.addChainCertificateRaw(state.ctx, chain[i].getEncoded());
- var rawCertificateChain = memorySession.allocateArray(ValueLayout.JAVA_BYTE, chain[i].getEncoded());
- var rawCertificateChainPointer = memorySession.allocate(ValueLayout.ADDRESS, rawCertificateChain);
+ var rawCertificateChain = localArena.allocateArray(ValueLayout.JAVA_BYTE, chain[i].getEncoded());
+ var rawCertificateChainPointer = localArena.allocate(ValueLayout.ADDRESS, rawCertificateChain);
var x509certChain = d2i_X509(MemorySegment.NULL, rawCertificateChainPointer, rawCertificateChain.byteSize());
if (MemorySegment.NULL.equals(x509certChain)) {
- logLastError(memorySession, "openssl.errorLoadingCertificate");
+ logLastError(localArena, "openssl.errorLoadingCertificate");
return;
}
// # define SSL_CTX_add0_chain_cert(sslCtx,x509) SSL_CTX_ctrl(sslCtx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
if (SSL_CTX_ctrl(state.sslCtx, SSL_CTRL_CHAIN_CERT(), 0, x509certChain) <= 0) {
- logLastError(memorySession, "openssl.errorAddingCertificate");
+ logLastError(localArena, "openssl.errorAddingCertificate");
return;
}
}
@@ -1372,7 +1372,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
private static class ContextState implements Runnable {
- private final Arena stateSession = Arena.openShared();
+ private final Arena stateArena = Arena.openShared();
private final MemorySegment sslCtx;
private final MemorySegment confCtx;
private final List<byte[]> negotiableProtocols;
@@ -1384,9 +1384,9 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
this.negotiableProtocols = negotiableProtocols;
// Allocate another session to avoid keeping a reference through segments
// This also allows making further accesses to the main pointers safer
- this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
+ this.sslCtx = MemorySegment.ofAddress(sslCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope());
if (!MemorySegment.NULL.equals(confCtx)) {
- this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
+ this.confCtx = MemorySegment.ofAddress(confCtx.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope());
} else {
this.confCtx = null;
}
@@ -1401,7 +1401,7 @@ public class OpenSSLContext implements org.apache.tomcat.util.net.SSLContext {
SSL_CONF_CTX_free(confCtx);
}
} finally {
- stateSession.close();
+ stateArena.close();
}
}
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 028d52828c..7ce5d6bd12 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -22,7 +22,7 @@ import java.lang.foreign.Arena;
import java.lang.foreign.FunctionDescriptor;
import java.lang.foreign.Linker;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.MemorySession;
+import java.lang.foreign.SegmentScope;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -31,6 +31,8 @@ import java.lang.ref.Cleaner;
import java.lang.ref.Cleaner.Cleanable;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.ReadOnlyBufferException;
@@ -105,11 +107,11 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
OpenSSLLifecycleListener.initLibrary();
final Set<String> availableCipherSuites = new LinkedHashSet<>(128);
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
var sslCtx = SSL_CTX_new(TLS_server_method());
try {
SSL_CTX_set_options(sslCtx, SSL_OP_ALL());
- SSL_CTX_set_cipher_list(sslCtx, memorySession.allocateUtf8String("ALL"));
+ SSL_CTX_set_cipher_list(sslCtx, localArena.allocateUtf8String("ALL"));
var ssl = SSL_new(sslCtx);
SSL_set_accept_state(ssl);
try {
@@ -183,7 +185,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private final EngineState state;
- private final MemorySession engineMemorySession;
+ private final SegmentScope engineScope;
private final Cleanable cleanable;
private MemorySegment bufSegment = null;
@@ -247,13 +249,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
if (sslCtx == null) {
throw new IllegalArgumentException(sm.getString("engine.noSSLContext"));
}
- engineMemorySession = MemorySession.implicit();
- bufSegment = MemorySegment.allocateNative(MAX_ENCRYPTED_PACKET_LENGTH, engineMemorySession);
+ engineScope = SegmentScope.auto();
+ bufSegment = MemorySegment.allocateNative(MAX_ENCRYPTED_PACKET_LENGTH, engineScope);
session = new OpenSSLSession();
var ssl = SSL_new(sslCtx);
// Set ssl_info_callback
var openSSLCallbackInfo = Linker.nativeLinker().upcallStub(openSSLCallbackInfoHandle,
- openSSLCallbackInfoFunctionDescriptor, engineMemorySession);
+ openSSLCallbackInfoFunctionDescriptor, engineScope);
SSL_set_info_callback(ssl, openSSLCallbackInfo);
if (clientMode) {
SSL_set_connect_state(ssl);
@@ -261,9 +263,9 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
SSL_set_accept_state(ssl);
}
SSL_set_verify_result(ssl, X509_V_OK());
- try (var memorySession = Arena.openConfined()) {
- var internalBIOPointer = memorySession.allocate(ValueLayout.ADDRESS);
- var networkBIOPointer = memorySession.allocate(ValueLayout.ADDRESS);
+ try (var localArena = Arena.openConfined()) {
+ var internalBIOPointer = localArena.allocate(ValueLayout.ADDRESS);
+ var networkBIOPointer = localArena.allocate(ValueLayout.ADDRESS);
BIO_new_bio_pair(internalBIOPointer, 0, networkBIOPointer, 0);
var internalBIO = internalBIOPointer.get(ValueLayout.ADDRESS, 0);
var networkBIO = networkBIOPointer.get(ValueLayout.ADDRESS, 0);
@@ -768,8 +770,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
buf.setLength(buf.length() - 1);
final String cipherSuiteSpec = buf.toString();
- try (var memorySession = Arena.openConfined()) {
- SSL_set_cipher_list(state.ssl, memorySession.allocateUtf8String(cipherSuiteSpec));
+ try (var localArena = Arena.openConfined()) {
+ SSL_set_cipher_list(state.ssl, localArena.allocateUtf8String(cipherSuiteSpec));
} catch (Exception e) {
throw new IllegalStateException(sm.getString("engine.failedCipherSuite", cipherSuiteSpec), e);
}
@@ -905,15 +907,15 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private byte[] getPeerCertificate() {
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
MemorySegment/*(X509*)*/ x509 = (OpenSSLContext.OPENSSL_3 ? SSL_get1_peer_certificate(state.ssl) : SSL_get_peer_certificate(state.ssl));
- MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
+ MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
if (length <= 0) {
return null;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
X509_free(x509);
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
return certificate;
@@ -927,17 +929,17 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
return null;
}
byte[][] certificateChain = new byte[len][];
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
for (int i = 0; i < len; i++) {
MemorySegment/*(X509*)*/ x509 = OPENSSL_sk_value(sk, i);
- MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
+ MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int length = i2d_X509(x509, bufPointer);
if (length < 0) {
certificateChain[i] = new byte[0];
continue;
}
MemorySegment buf = bufPointer.get(ValueLayout.ADDRESS, 0);
- byte[] certificate = MemorySegment.ofAddress(buf.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] certificate = MemorySegment.ofAddress(buf.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
certificateChain[i] = certificate;
CRYPTO_free(buf, MemorySegment.NULL, 0); // OPENSSL_free macro
}
@@ -946,11 +948,11 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private String getProtocolNegotiated() {
- try (var memorySession = Arena.openConfined()) {
- MemorySegment lenAddress = memorySession.allocate(ValueLayout.JAVA_INT, 0);
- MemorySegment protocolPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
+ try (var localArena = Arena.openConfined()) {
+ MemorySegment lenAddress = localArena.allocate(ValueLayout.JAVA_INT, 0);
+ MemorySegment protocolPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
SSL_get0_alpn_selected(state.ssl, protocolPointer, lenAddress);
- if (MemorySegment.NULL.equals(protocolPointer.address())) {
+ if (MemorySegment.NULL.equals(protocolPointer)) {
return null;
}
int length = lenAddress.get(ValueLayout.JAVA_INT, 0);
@@ -958,7 +960,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
return null;
}
MemorySegment protocolAddress = protocolPointer.get(ValueLayout.ADDRESS, 0);
- byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] name = MemorySegment.ofAddress(protocolAddress.address(), length, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
if (log.isDebugEnabled()) {
log.debug("Protocol negotiated [" + new String(name) + "]");
}
@@ -1046,10 +1048,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
String sslError = null;
long error = ERR_get_error();
if (error != SSL_ERROR_NONE()) {
- try (var memorySession = Arena.openConfined()) {
+ try (var localArena = Arena.openConfined()) {
do {
// Loop until getLastErrorNumber() returns SSL_ERROR_NONE
- var buf = memorySession.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
+ var buf = localArena.allocateArray(ValueLayout.JAVA_BYTE, new byte[128]);
ERR_error_string(error, buf);
String err = buf.getUtf8String(0);
if (sslError == null) {
@@ -1202,7 +1204,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// Set int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) callback
var openSSLCallbackVerify =
Linker.nativeLinker().upcallStub(openSSLCallbackVerifyHandle,
- openSSLCallbackVerifyFunctionDescriptor, engineMemorySession);
+ openSSLCallbackVerifyFunctionDescriptor, engineScope);
int value = switch (mode) {
case NONE -> SSL_VERIFY_NONE();
case REQUIRE -> SSL_VERIFY_PEER() | SSL_VERIFY_FAIL_IF_NO_PEER_CERT();
@@ -1322,13 +1324,13 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// sslutils.c ssl_ocsp_request(x509, issuer, x509ctx);
int nid = X509_get_ext_by_NID(x509, NID_info_access(), -1);
if (nid >= 0) {
- try (var memorySession = Arena.openConfined()) {
+ try (var localArenal = Arena.openConfined()) {
MemorySegment ext = X509_get_ext(x509, nid);
MemorySegment os = X509_EXTENSION_get_data(ext);
int length = ASN1_STRING_length(os);
MemorySegment data = ASN1_STRING_get0_data(os);
// ocsp_urls = decode_OCSP_url(os);
- byte[] asn1String = MemorySegment.ofAddress(data.address(), length, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] asn1String = MemorySegment.ofAddress(data.address(), length, localArenal.scope()).toArray(ValueLayout.JAVA_BYTE);
Asn1Parser parser = new Asn1Parser(asn1String);
// Parse the byte sequence
ArrayList<String> urls = new ArrayList<>();
@@ -1341,12 +1343,12 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// Use OpenSSL to build OCSP request
for (String urlString : urls) {
try {
- URL url = new URL(urlString);
- ocspResponse = processOCSPRequest(url, issuer, x509, x509ctx, memorySession);
+ URL url = (new URI(urlString)).toURL();
+ ocspResponse = processOCSPRequest(url, issuer, x509, x509ctx, localArenal);
if (log.isDebugEnabled()) {
log.debug("OCSP response for URL: " + urlString + " was " + ocspResponse);
}
- } catch (MalformedURLException e) {
+ } catch (MalformedURLException | URISyntaxException e) {
log.warn(sm.getString("engine.invalidOCSPURL", urlString));
}
if (ocspResponse != V_OCSP_CERTSTATUS_UNKNOWN()) {
@@ -1392,7 +1394,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
}
private static int processOCSPRequest(URL url, MemorySegment issuer, MemorySegment x509,
- MemorySegment /*X509_STORE_CTX*/ x509ctx, Arena memorySession) {
+ MemorySegment /*X509_STORE_CTX*/ x509ctx, Arena localArena) {
MemorySegment ocspRequest = MemorySegment.NULL;
MemorySegment ocspResponse = MemorySegment.NULL;
MemorySegment id = MemorySegment.NULL;
@@ -1413,7 +1415,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
if (MemorySegment.NULL.equals(ocspOneReq)) {
return V_OCSP_CERTSTATUS_UNKNOWN();
}
- MemorySegment bufPointer = memorySession.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
+ MemorySegment bufPointer = localArena.allocate(ValueLayout.ADDRESS, MemorySegment.NULL);
int requestLength = i2d_OCSP_REQUEST(ocspRequest, bufPointer);
if (requestLength <= 0) {
return V_OCSP_CERTSTATUS_UNKNOWN();
@@ -1424,7 +1426,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
// Host: urlHost:urlPort
// Content-Type: application/ocsp-request
// Content-Length: ocspRequestData.length
- byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ byte[] ocspRequestData = MemorySegment.ofAddress(buf.address(), requestLength, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
@@ -1444,8 +1446,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
baos.write(responseBuf, 0, read);
}
byte[] responseData = baos.toByteArray();
- var nativeResponseData = memorySession.allocateArray(ValueLayout.JAVA_BYTE, responseData);
- var nativeResponseDataPointer = memorySession.allocate(ValueLayout.ADDRESS, nativeResponseData);
+ var nativeResponseData = localArena.allocateArray(ValueLayout.JAVA_BYTE, responseData);
+ var nativeResponseDataPointer = localArena.allocate(ValueLayout.ADDRESS, nativeResponseData);
ocspResponse = d2i_OCSP_RESPONSE(MemorySegment.NULL, nativeResponseDataPointer, responseData.length);
if (!MemorySegment.NULL.equals(ocspResponse)) {
if (OCSP_response_status(ocspResponse) == OCSP_RESPONSE_STATUS_SUCCESSFUL()) {
@@ -1505,8 +1507,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
byte[] id = null;
synchronized (OpenSSLEngine.this) {
if (!destroyed) {
- try (var memorySession = Arena.openConfined()) {
- MemorySegment lenPointer = memorySession.allocate(ValueLayout.ADDRESS);
+ try (var localArena = Arena.openConfined()) {
+ MemorySegment lenPointer = localArena.allocate(ValueLayout.ADDRESS);
var session = SSL_get_session(state.ssl);
if (MemorySegment.NULL.equals(session)) {
return new byte[0];
@@ -1514,7 +1516,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
MemorySegment sessionId = SSL_SESSION_get_id(session, lenPointer);
int len = lenPointer.get(ValueLayout.JAVA_INT, 0);
id = (len == 0) ? new byte[0]
- : MemorySegment.ofAddress(sessionId.address(), len, memorySession.session()).toArray(ValueLayout.JAVA_BYTE);
+ : MemorySegment.ofAddress(sessionId.address(), len, localArena.scope()).toArray(ValueLayout.JAVA_BYTE);
}
}
}
@@ -1796,7 +1798,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
private static class EngineState implements Runnable {
- private final Arena stateSession = Arena.openShared();
+ private final Arena stateArena = Arena.openShared();
private final MemorySegment ssl;
private final MemorySegment networkBIO;
private final int certificateVerificationDepth;
@@ -1813,8 +1815,8 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
this.noOcspCheck = noOcspCheck;
// Allocate another session to avoid keeping a reference through segments
// This also allows making further accesses to the main pointers safer
- this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
- this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateSession.session());
+ this.ssl = MemorySegment.ofAddress(ssl.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope());
+ this.networkBIO = MemorySegment.ofAddress(networkBIO.address(), ValueLayout.ADDRESS.byteSize(), stateArena.scope());
}
@Override
@@ -1824,7 +1826,7 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
BIO_free(networkBIO);
SSL_free(ssl);
} finally {
- stateSession.close();
+ stateArena.close();
}
}
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
index f8454eb105..313e14f08b 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/RuntimeHelper.java
@@ -24,8 +24,8 @@ import java.lang.foreign.GroupLayout;
import java.lang.foreign.SymbolLookup;
import java.lang.foreign.MemoryLayout;
import java.lang.foreign.MemorySegment;
-import java.lang.foreign.MemorySession;
import java.lang.foreign.SegmentAllocator;
+import java.lang.foreign.SegmentScope;
import java.lang.foreign.ValueLayout;
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
@@ -49,7 +49,7 @@ final class RuntimeHelper {
private final static SymbolLookup SYMBOL_LOOKUP;
final static SegmentAllocator CONSTANT_ALLOCATOR =
- (size, align) -> MemorySegment.allocateNative(size, align, MemorySession.implicit());
+ (size, align) -> MemorySegment.allocateNative(size, align, SegmentScope.auto());
static {
System.loadLibrary("ssl");
@@ -67,7 +67,7 @@ final class RuntimeHelper {
private final static SegmentAllocator THROWING_ALLOCATOR = (x, y) -> { throw new AssertionError("should not reach here"); };
static final MemorySegment lookupGlobalVariable(String name, MemoryLayout layout) {
- return SYMBOL_LOOKUP.find(name).map(symbol -> MemorySegment.ofAddress(symbol.address(), layout.byteSize(), symbol.session())).orElse(null);
+ return SYMBOL_LOOKUP.find(name).map(symbol -> MemorySegment.ofAddress(symbol.address(), layout.byteSize(), symbol.scope())).orElse(null);
}
static final MethodHandle downcallHandle(String name, FunctionDescriptor fdesc) {
@@ -86,7 +86,7 @@ final class RuntimeHelper {
orElse(null);
}
- static final <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor fdesc, MemorySession session) {
+ static final <Z> MemorySegment upcallStub(Class<Z> fi, Z z, FunctionDescriptor fdesc, SegmentScope session) {
try {
MethodHandle handle = MH_LOOKUP.findVirtual(fi, "apply", fdesc.toMethodType());
handle = handle.bindTo(z);
@@ -96,7 +96,7 @@ final class RuntimeHelper {
}
}
- static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int numElements, MemorySession session) {
+ static MemorySegment asArray(MemorySegment addr, MemoryLayout layout, int numElements, SegmentScope session) {
return MemorySegment.ofAddress(addr.address(), numElements * layout.byteSize(), session);
}
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
index c45dc449a7..1b7d27bb80 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_cert_verify_callback$cb.java
@@ -27,10 +27,10 @@ import static java.lang.foreign.ValueLayout.*;
public interface SSL_CTX_set_cert_verify_callback$cb {
int apply(java.lang.foreign.MemorySegment _x0, java.lang.foreign.MemorySegment _x1);
- static MemorySegment allocate(SSL_CTX_set_cert_verify_callback$cb fi, MemorySession session) {
+ static MemorySegment allocate(SSL_CTX_set_cert_verify_callback$cb fi, SegmentScope session) {
return RuntimeHelper.upcallStub(SSL_CTX_set_cert_verify_callback$cb.class, fi, constants$15.SSL_CTX_set_cert_verify_callback$cb$FUNC, session);
}
- static SSL_CTX_set_cert_verify_callback$cb ofAddress(MemorySegment addr, MemorySession session) {
+ static SSL_CTX_set_cert_verify_callback$cb ofAddress(MemorySegment addr, SegmentScope session) {
MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, session);
return (java.lang.foreign.MemorySegment __x0, java.lang.foreign.MemorySegment __x1) -> {
try {
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
index 431dfe320a..2d61016be3 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_CTX_set_tmp_dh_callback$dh.java
@@ -27,10 +27,10 @@ import static java.lang.foreign.ValueLayout.*;
public interface SSL_CTX_set_tmp_dh_callback$dh {
java.lang.foreign.MemorySegment apply(java.lang.foreign.MemorySegment _x0, int _x1, int _x2);
- static MemorySegment allocate(SSL_CTX_set_tmp_dh_callback$dh fi, MemorySession session) {
+ static MemorySegment allocate(SSL_CTX_set_tmp_dh_callback$dh fi, SegmentScope session) {
return RuntimeHelper.upcallStub(SSL_CTX_set_tmp_dh_callback$dh.class, fi, constants$21.SSL_CTX_set_tmp_dh_callback$dh$FUNC, session);
}
- static SSL_CTX_set_tmp_dh_callback$dh ofAddress(MemorySegment addr, MemorySession session) {
+ static SSL_CTX_set_tmp_dh_callback$dh ofAddress(MemorySegment addr, SegmentScope session) {
MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, session);
return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> {
try {
diff --git a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
index d1a2fdb57f..f853d20995 100644
--- a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
+++ b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/openssl/SSL_set_info_callback$cb.java
@@ -27,10 +27,10 @@ import static java.lang.foreign.ValueLayout.*;
public interface SSL_set_info_callback$cb {
void apply(java.lang.foreign.MemorySegment _x0, int _x1, int _x2);
- static MemorySegment allocate(SSL_set_info_callback$cb fi, MemorySession session) {
+ static MemorySegment allocate(SSL_set_info_callback$cb fi, SegmentScope session) {
return RuntimeHelper.upcallStub(SSL_set_info_callback$cb.class, fi, constants$21.SSL_set_info_callback$cb$FUNC, session);
}
- static SSL_set_info_callback$cb ofAddress(MemorySegment addr, MemorySession session) {
+ static SSL_set_info_callback$cb ofAddress(MemorySegment addr, SegmentScope session) {
MemorySegment symbol = MemorySegment.ofAddress(addr.address(), 0, session);
return (java.lang.foreign.MemorySegment __x0, int __x1, int __x2) -> {
try {
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org