-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Link libthemis_jni.so dynamically #552
Conversation
Do not embed Themis, Soter, and cryptographic backend (if present) into libthemis_jni shared object. Instead, link it dynamically against Themis like a proper library. It has been a nice experiment to provide self-contained library for Java. However, we are going to distribute the library as a proper system package and for that we will need to have it properly linked against its dependencies. Themis Core will be installed by the package manager so all dependencies are going to be satisfied.
These are currently used by Themin JNI wrapper in order to operate secure_session_load() correctly. Strictly speaking, we should not be using these functions, but currently there is no way to allocate Secure Sesssion instance suitable for secure_session_load() without using private header <themis/secure_sesssion_t.h>. These functions are exported from the shared library, but we make no commitment to keeping them exported. The should be hidden back once secure_session_load() gets a better API.
Also, export some private functions to make dynamic linkage possible. These are currently used by Themis JNI wrapper in order to operate secure_session_load() correctly. Strictly speaking, we should not be using these functions, but currently there is no way to allocate Secure Session instance suitable for secure_session_load() without using private header <themis/secure_session_t.h>. These functions are exported from the shared library, but we make no commitment to keeping them exported. They should be hidden back once secure_session_load() gets a better API. |
Changes LGTM, but need to test that building process works on different machines. |
On the other hand, why not? It's not that hard to implement and this *is* a wart in the API. Let's mark these private functions as such so that there is no confusion.
can you explain why we need to export |
Sure. They need to be exported because JNI library uses them here: Lines 533 to 538 in 0d97f5b
and here: Lines 575 to 576 in 0d97f5b
Note that JNI library does not use secure_session_create() and secure_session_destroy(), and it stores Lines 40 to 45 in 0d97f5b
All of this is because secure_session_load() accepts a pointer to an allocated instance of secure_session_t. We need to allocate enough memory for Secure Session object in order to use that function, and currently the only way to do this is to include a private header This is problematic because:
This PR exports the functions as an easy way out and maintains status quo. A proper solution would involve hiding the implementation details and reengineering secure_session_load() so that it does not depend on those details to be known by the users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
discussed with @ilammy that will be better if we will add a new function which will create secure session from the dumped buffer and return a pointer. after that, we will update jni to use this new function without usage of private api secure session to be consistent with other public api and deprecate old function. |
Do not embed Themis, Soter, and cryptographic backend (if present) into libthemis_jni shared object. Instead, link it dynamically against Themis like a proper library.
It has been a nice experiment to provide self-contained library for Java. However, we are going to distribute the library as a proper system package and for that we will need to have it properly linked against its dependencies. Themis Core will be installed by the package manager so all dependencies are going to be satisfied.
Checklist
Benchmark results are attached (if applicable)Changelog is updated if neededminor change, will be included into packaging PR