@@ -617,29 +617,22 @@ load_crypto_library(jboolean traceEnabled, const char *libName)
617617static void *
618618find_crypto_library (jboolean traceEnabled , const char * chomepath )
619619{
620- /* Library names for OpenSSL 1.1.1, 1.1.0 and symbolic links:
620+ /* Library names for OpenSSL 3.x, 1.1.1, 1.1.0 and symbolic links:
621621 * It is important to preserve the order!!!
622622 *
623- * Since there is no indication of the version of a symlink,
624- * they have to be loaded first, so as to compare with other
625- * available options.
626623 * Note: On macOS 11 or later, loading the general symlink causes
627624 * a fatal warning and associated abort by default, so it is
628625 * omitted.
629626 *
630- * The rest of the libraries are listed in descending order,
627+ * The libraries are listed in a specific order,
631628 * which allows us to do two things:
632- * - Stop if a general symlink is loaded and we then find a
633- * specific version that is higher.
634629 * - Stop immediately if a specific version is loaded, as
635- * anything after that will be a lower version.
630+ * anything after that will be a lower version or general symlink.
631+ * - Allow the loading of a general symlink as a fallback
632+ * option, in case a versioned library is not discovered.
636633 */
637634 static const char * const libNames [] = {
638635#if defined(_AIX )
639- "libcrypto.a(libcrypto64.so)" , /* general symlink library name from archive file */
640- "libcrypto64.so" , /* general symlink library name */
641- "libcrypto.a(libcrypto.so)" , /* general symlink library name from archive file */
642- "libcrypto.so" , /* general symlink library name */
643636 "libcrypto.a(libcrypto64.so.3)" , /* 3.x library name from archive file */
644637 "libcrypto64.so.3" , /* 3.x library name */
645638 "libcrypto.a(libcrypto.so.3)" , /* 3.x library name from archive file */
@@ -648,6 +641,10 @@ find_crypto_library(jboolean traceEnabled, const char *chomepath)
648641 "libcrypto.so.1.1" , /* 1.1.x library name */
649642 "libcrypto.a(libcrypto.so.1.0.0)" , /* 1.0.x library name from archive file */
650643 "libcrypto.so.1.0.0" , /* 1.0.x library name */
644+ "libcrypto.a(libcrypto64.so)" , /* general symlink library name from archive file */
645+ "libcrypto64.so" , /* general symlink library name */
646+ "libcrypto.a(libcrypto.so)" , /* general symlink library name from archive file */
647+ "libcrypto.so" , /* general symlink library name */
651648#elif defined(__APPLE__ ) /* defined(_AIX) */
652649 "libcrypto.3.dylib" , /* 3.x library name */
653650 "libcrypto.1.1.dylib" , /* 1.1.x library name */
@@ -657,28 +654,18 @@ find_crypto_library(jboolean traceEnabled, const char *chomepath)
657654 "libcrypto-1_1-x64.dll" , /* 1.1.x library name */
658655 "libeay32.dll" , /* old library name */
659656#else /* defined(_WIN32) */
660- "libcrypto.so" , /* general symlink library name */
661657 "libcrypto.so.3" , /* 3.x library name */
662658 "libcrypto.so.1.1" , /* 1.1.x library name */
663659 "libcrypto.so.1.0.0" , /* 1.0.x library name */
664660 "libcrypto.so.10" , /* old library name */
661+ "libcrypto.so" , /* general symlink library name */
665662#endif /* defined(_AIX) */
666663 };
667664
668665 const size_t numOfLibs = sizeof (libNames ) / sizeof (libNames [0 ]);
669- #if defined(_AIX )
670- const size_t num_of_generic = 4 ;
671- #elif defined(__linux__ ) /* defined(_AIX) */
672- const size_t num_of_generic = 1 ;
673- #else /* defined(__linux__) */
674- const size_t num_of_generic = 0 ;
675- #endif /* defined(_AIX) */
676-
677666 void * result = NULL ;
678- void * prevResult = NULL ;
679667 size_t i = 0 ;
680668 long tempVersion = 0 ;
681- long previousVersion = 0 ;
682669
683670 /* If JAVA_HOME is not null or empty and no library has been loaded yet, try there. */
684671 if ((NULL != chomepath ) && ('\0' != * chomepath ) && (NULL == crypto_library )) {
@@ -749,7 +736,7 @@ find_crypto_library(jboolean traceEnabled, const char *chomepath)
749736 }
750737
751738 /* The attempt to load from property and OpenSSL bundled with JDK failed.
752- * Try loading the libraries in the order set out above, and retain the latest library .
739+ * Try loading the libraries in the order set out above.
753740 */
754741 for (i = 0 ; i < numOfLibs ; i ++ ) {
755742 if (traceEnabled ) {
@@ -764,35 +751,20 @@ find_crypto_library(jboolean traceEnabled, const char *chomepath)
764751 /* Identify and load the latest version from the available libraries.
765752 * This logic depends upon the order in which libnames are defined.
766753 * It only loads the libraries which can possibly be the latest versions.
754+ * Once any library is loaded, everything after it will be a lower version
755+ * due to the order so we can stop.
767756 */
768- log_crypto_library_path (traceEnabled , result , "\tLibrary to be potentially used was loaded from" );
769757 tempVersion = get_crypto_library_version (traceEnabled , result , "\tLoaded OpenSSL version" );
770-
771- if (tempVersion <= 0 ) {
772- continue ;
773- }
774-
775- if (tempVersion > previousVersion ) {
776- if (0 != previousVersion ) {
777- unload_crypto_library (prevResult );
778- }
779- previousVersion = tempVersion ;
780- prevResult = result ;
781- } else {
782- unload_crypto_library (result );
783- }
784-
785- /* If library checked is not a generic one, there is no need to check further. */
786- if (i >= num_of_generic ) {
787- break ;
758+ if (tempVersion > 0 ) {
759+ return result ;
788760 }
789761 }
790762
791763 /* If we reach here, it means that none of the non-generic libraries
792764 * where found. However, a generic one might have been found in the
793765 * process and, if so, it will be in the prevResult variable.
794766 */
795- return prevResult ;
767+ return NULL ;
796768}
797769
798770/*
0 commit comments