Use ByteBufAllocator used by the ReferenceCountedOpenSslEngine when build key-material. (#7952)

Motivation:

When we build the key-material we should use the ByteBufAllocator used by the ReferenceCountedOpenSslEngine when possible.

Modifications:

Whenever we have access to the ReferenceCountedOpenSslEngine we use its allocator.

Result:

Use correct allocator
This commit is contained in:
Norman Maurer 2018-05-18 19:36:57 +02:00 committed by GitHub
parent 7727649b2c
commit 987c443888
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 16 additions and 17 deletions

View File

@ -17,6 +17,7 @@
package io.netty.handler.ssl;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.internal.tcnative.Buffer;
import io.netty.internal.tcnative.Library;
@ -33,7 +34,6 @@ import io.netty.util.internal.logging.InternalLoggerFactory;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
@ -157,7 +157,7 @@ public final class OpenSsl {
}
try {
cert = new SelfSignedCertificate();
certBio = ReferenceCountedOpenSslContext.toBIO(cert.cert());
certBio = ReferenceCountedOpenSslContext.toBIO(ByteBufAllocator.DEFAULT, cert.cert());
SSL.setCertificateChainBio(ssl, certBio, false);
supportsKeyManagerFactory = true;
try {

View File

@ -79,7 +79,7 @@ class OpenSslKeyMaterialManager {
if (type != null) {
String alias = chooseServerAlias(engine, type);
if (alias != null && aliases.add(alias)) {
setKeyMaterial(ssl, alias);
setKeyMaterial(ssl, alias, engine.alloc);
}
}
}
@ -101,10 +101,10 @@ class OpenSslKeyMaterialManager {
}
PrivateKey key = keyManager.getPrivateKey(alias);
keyCertChainBio = toBIO(certificates);
keyCertChainBio = toBIO(engine.alloc, certificates);
certChain = SSL.parseX509Chain(keyCertChainBio);
if (key != null) {
keyBio = toBIO(key);
keyBio = toBIO(engine.alloc, key);
pkey = SSL.parsePrivateKey(keyBio, password);
}
CertificateRequestedCallback.KeyMaterial material = new CertificateRequestedCallback.KeyMaterial(
@ -127,7 +127,7 @@ class OpenSslKeyMaterialManager {
}
}
private void setKeyMaterial(long ssl, String alias) throws SSLException {
private void setKeyMaterial(long ssl, String alias, ByteBufAllocator allocator) throws SSLException {
long keyBio = 0;
long keyCertChainBio = 0;
long keyCertChainBio2 = 0;
@ -142,13 +142,13 @@ class OpenSslKeyMaterialManager {
PrivateKey key = keyManager.getPrivateKey(alias);
// Only encode one time
PemEncoded encoded = PemX509Certificate.toPEM(ByteBufAllocator.DEFAULT, true, certificates);
PemEncoded encoded = PemX509Certificate.toPEM(allocator, true, certificates);
try {
keyCertChainBio = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
keyCertChainBio = toBIO(allocator, encoded.retain());
keyCertChainBio2 = toBIO(allocator, encoded.retain());
if (key != null) {
keyBio = toBIO(key);
keyBio = toBIO(allocator, key);
}
SSL.setCertificateBio(ssl, keyCertChainBio, keyBio, password);

View File

@ -710,7 +710,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
keyCertChainBio2 = toBIO(ByteBufAllocator.DEFAULT, encoded.retain());
if (key != null) {
keyBio = toBIO(key);
keyBio = toBIO(ByteBufAllocator.DEFAULT, key);
}
SSLContext.setCertificateBio(
@ -742,12 +742,11 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
* Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
* or {@code 0} if the {@code key} is {@code null}. The BIO contains the content of the {@code key}.
*/
static long toBIO(PrivateKey key) throws Exception {
static long toBIO(ByteBufAllocator allocator, PrivateKey key) throws Exception {
if (key == null) {
return 0;
}
ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
PemEncoded pem = PemPrivateKey.toPEM(allocator, true, key);
try {
return toBIO(allocator, pem.retain());
@ -760,7 +759,7 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
* Return the pointer to a <a href="https://www.openssl.org/docs/crypto/BIO_get_mem_ptr.html">in-memory BIO</a>
* or {@code 0} if the {@code certChain} is {@code null}. The BIO contains the content of the {@code certChain}.
*/
static long toBIO(X509Certificate... certChain) throws Exception {
static long toBIO(ByteBufAllocator allocator, X509Certificate... certChain) throws Exception {
if (certChain == null) {
return 0;
}
@ -769,7 +768,6 @@ public abstract class ReferenceCountedOpenSslContext extends SslContext implemen
throw new IllegalArgumentException("certChain can't be empty");
}
ByteBufAllocator allocator = ByteBufAllocator.DEFAULT;
PemEncoded pem = PemX509Certificate.toPEM(allocator, true, certChain);
try {
return toBIO(allocator, pem.retain());

View File

@ -209,7 +209,7 @@ public class ReferenceCountedOpenSslEngine extends SSLEngine implements Referenc
final boolean jdkCompatibilityMode;
private final boolean clientMode;
private final ByteBufAllocator alloc;
final ByteBufAllocator alloc;
private final OpenSslEngineMap engineMap;
private final OpenSslApplicationProtocolNegotiator apn;
private final OpenSslSession session;

View File

@ -15,6 +15,7 @@
*/
package io.netty.handler.ssl;
import io.netty.buffer.ByteBufAllocator;
import io.netty.internal.tcnative.SSL;
import io.netty.internal.tcnative.SSLContext;
import io.netty.internal.tcnative.SniHostNameMatcher;
@ -162,7 +163,7 @@ public final class ReferenceCountedOpenSslServerContext extends ReferenceCounted
if (issuers != null && issuers.length > 0) {
long bio = 0;
try {
bio = toBIO(issuers);
bio = toBIO(ByteBufAllocator.DEFAULT, issuers);
if (!SSLContext.setCACertificateBio(ctx, bio)) {
throw new SSLException("unable to setup accepted issuers for trustmanager " + manager);
}