vanzin commented on a change in pull request #92: OpenSSL 1.1.0 updates with
backward compatibility for OpenSSL 1.0.2 and 1.0.1
URL: https://github.com/apache/commons-crypto/pull/92#discussion_r257357843
##########
File path:
src/main/native/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.c
##########
@@ -294,49 +280,57 @@ static unsigned long pthreads_thread_id(void)
* If using an Intel chipset with RDRAND, the high-performance hardware
* random number generator will be used.
*/
-static ENGINE * openssl_rand_init(void)
+static ENGINE * openssl_rand_init(JNIEnv *env)
{
- locks_setup();
+ if (dlsym_OpenSSL_version_num() < VERSION_1_1_X) {
+ locks_setup(env);
+ static void (*dlsym_ENGINE_load_rdrand) (void);
+ dlsym_ENGINE_load_rdrand = do_dlsym(env, openssl, "ENGINE_load_rdrand");
+ dlsym_ENGINE_load_rdrand();
+ }
- dlsym_ENGINE_load_rdrand();
ENGINE *eng = dlsym_ENGINE_by_id("rdrand");
- int ret = -1;
- do {
- if (NULL == eng) {
- break;
- }
+ int ret = -1;
+ do {
+ if (NULL == eng) {
+ break;
+ }
- int rc = dlsym_ENGINE_init(eng);
- if (0 == rc) {
- break;
- }
+ int rc = dlsym_ENGINE_init(eng);
+ if (0 == rc) {
+ break;
+ }
- rc = dlsym_ENGINE_set_default(eng, ENGINE_METHOD_RAND);
- if (0 == rc) {
- break;
- }
+ rc = dlsym_ENGINE_set_default(eng, ENGINE_METHOD_RAND);
+ if (0 == rc) {
+ break;
+ }
- ret = 0;
- } while(0);
+ ret = 0;
+ } while(0);
- if (ret == -1) {
- openssl_rand_clean(eng, 0);
- }
+ if (ret == -1) {
+ openssl_rand_clean(env, eng, 0);
+ }
- return eng;
+ return eng;
}
-static void openssl_rand_clean(ENGINE *eng, int clean_locks)
+static void openssl_rand_clean(JNIEnv *env, ENGINE *eng, int clean_locks)
{
if (NULL != eng) {
- dlsym_ENGINE_finish(eng);
- dlsym_ENGINE_free(eng);
+ dlsym_ENGINE_finish(eng);
+ dlsym_ENGINE_free(eng);
}
- dlsym_ENGINE_cleanup();
- if (clean_locks) {
- locks_cleanup();
+ if(dlsym_OpenSSL_version_num() < VERSION_1_1_X) {
+ static void (*dlsym_ENGINE_cleanup) (void);
+ dlsym_ENGINE_cleanup = do_dlsym(env, openssl, "ENGINE_cleanup");
Review comment:
I know this probably will never fail, yet it would be nice to have a null
check here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
