Author: rjung Date: Fri May 22 14:24:35 2015 New Revision: 1681126 URL: http://svn.apache.org/r1681126 Log: Port mod_ssl improvements to tcnative/ssl:
Partial backport of r1526168 from httpd/mod_ssl: Streamline ephemeral key handling: - drop support for ephemeral RSA keys (only allowed/needed for export ciphers) - drop pTmpKeys from the per-process SSLModConfigRec, and remove the temp key generation at startup (unnecessary for DHE/ECDHE) - do not configure per-connection SSL_tmp_*_callbacks, as it is sufficient to set them for the SSL_CTX For additional background, see https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3c52358ed1.2070...@velox.ch%3E Modified: tomcat/native/trunk/native/include/ssl_private.h tomcat/native/trunk/native/src/ssl.c tomcat/native/trunk/native/src/sslcontext.c tomcat/native/trunk/native/src/sslnetwork.c tomcat/native/trunk/native/src/sslutils.c Modified: tomcat/native/trunk/native/include/ssl_private.h URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/include/ssl_private.h?rev=1681126&r1=1681125&r2=1681126&view=diff ============================================================================== --- tomcat/native/trunk/native/include/ssl_private.h (original) +++ tomcat/native/trunk/native/include/ssl_private.h Fri May 22 14:24:35 2015 @@ -216,8 +216,6 @@ #define HAVE_ECC 1 #endif -extern void *SSL_temp_keys[SSL_TMP_KEY_MAX]; - typedef struct { /* client can have any number of cert/key pairs */ const char *cert_file; @@ -319,7 +317,6 @@ void SSL_BIO_close(BIO *); void SSL_BIO_doref(BIO *); DH *SSL_dh_get_tmp_param(int); DH *SSL_dh_get_param_from_file(const char *); -RSA *SSL_callback_tmp_RSA(SSL *, int, int); DH *SSL_callback_tmp_DH(SSL *, int, int); void SSL_callback_handshake(const SSL *, int, int); int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int); Modified: tomcat/native/trunk/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1681126&r1=1681125&r2=1681126&view=diff ============================================================================== --- tomcat/native/trunk/native/src/ssl.c (original) +++ tomcat/native/trunk/native/src/ssl.c Fri May 22 14:24:35 2015 @@ -34,7 +34,6 @@ static char *ssl_global_rand_file = NULL extern apr_pool_t *tcn_global_pool; ENGINE *tcn_ssl_engine = NULL; -void *SSL_temp_keys[SSL_TMP_KEY_MAX]; tcn_pass_cb_t tcn_password_callback; /* Global reference to the pool used by the dynamic mutexes */ @@ -48,43 +47,6 @@ struct CRYPTO_dynlock_value { apr_thread_mutex_t *mutex; }; - -/* - * Handle the Temporary RSA Keys and DH Params - */ - -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED) -#define SSL_TMP_KEY_FREE(type, idx) \ - if (SSL_temp_keys[idx]) { \ - type##_free((type *)SSL_temp_keys[idx]); \ - SSL_temp_keys[idx] = NULL; \ - } else (void)(0) -#else -#define SSL_TMP_KEY_FREE(type, idx) SSL_temp_keys[idx] = NULL -#endif - -#define SSL_TMP_KEYS_FREE(type) \ - SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_512); \ - SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_1024); \ - SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_2048); \ - SSL_TMP_KEY_FREE(type, SSL_TMP_KEY_##type##_4096) - -#define SSL_TMP_KEY_INIT_RSA(bits) \ - ssl_tmp_key_init_rsa(bits, SSL_TMP_KEY_RSA_##bits) - -#define SSL_TMP_KEY_INIT_DH(bits) \ - ssl_tmp_key_init_dh(bits, SSL_TMP_KEY_DH_##bits) - -#define SSL_TMP_KEYS_INIT(R) \ - SSL_temp_keys[SSL_TMP_KEY_RSA_2048] = NULL; \ - SSL_temp_keys[SSL_TMP_KEY_RSA_4096] = NULL; \ - R |= SSL_TMP_KEY_INIT_RSA(512); \ - R |= SSL_TMP_KEY_INIT_RSA(1024); \ - R |= SSL_TMP_KEY_INIT_DH(512); \ - R |= SSL_TMP_KEY_INIT_DH(1024); \ - R |= SSL_TMP_KEY_INIT_DH(2048); \ - R |= SSL_TMP_KEY_INIT_DH(4096) - /* * supported_ssl_opts is a bitmask that contains all supported SSL_OP_* * options at compile-time. This is used in hasOp to determine which @@ -231,44 +193,6 @@ static const jint supported_ssl_opts = 0 #endif | 0; -static int ssl_tmp_key_init_rsa(int bits, int idx) -{ -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED) - if (!(SSL_temp_keys[idx] = - RSA_generate_key(bits, RSA_F4, NULL, NULL))) { -#ifdef OPENSSL_FIPS - /** - * With FIPS mode short RSA keys cannot be - * generated. - */ - if (bits < 1024) - return 0; - else -#endif - return 1; - } - else { - return 0; - } -#else - return 0; -#endif -} - -static int ssl_tmp_key_init_dh(int bits, int idx) -{ -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(OPENSSL_USE_DEPRECATED) - if (!(SSL_temp_keys[idx] = - SSL_dh_get_tmp_param(bits))) - return 1; - else - return 0; -#else - return 0; -#endif -} - - TCN_IMPLEMENT_CALL(jint, SSL, version)(TCN_STDARGS) { UNREFERENCED_STDARGS; @@ -299,8 +223,6 @@ static apr_status_t ssl_init_cleanup(voi tcn_password_callback.cb.obj); } - SSL_TMP_KEYS_FREE(RSA); - SSL_TMP_KEYS_FREE(DH); /* * Try to kill the internals of the SSL library. */ @@ -646,7 +568,6 @@ static int ssl_rand_make(const char *fil TCN_IMPLEMENT_CALL(jint, SSL, initialize)(TCN_STDARGS, jstring engine) { - int r = 0; TCN_ALLOC_CSTRING(engine); UNREFERENCED(o); @@ -722,13 +643,6 @@ TCN_IMPLEMENT_CALL(jint, SSL, initialize /* For SSL_get_app_data2() at request time */ SSL_init_app_data2_idx(); - SSL_TMP_KEYS_INIT(r); - if (r) { - TCN_FREE_CSTRING(engine); - ssl_init_cleanup(NULL); - tcn_ThrowAPRException(e, APR_ENOTIMPL); - return APR_ENOTIMPL; - } /* * Let us cleanup the ssl library when the library is unloaded */ @@ -1081,28 +995,8 @@ TCN_IMPLEMENT_CALL(void, SSL, setPasswor TCN_FREE_CSTRING(password); } -TCN_IMPLEMENT_CALL(jboolean, SSL, generateRSATempKey)(TCN_STDARGS, jint idx) -{ - int r = 1; - UNREFERENCED_STDARGS; - SSL_TMP_KEY_FREE(RSA, idx); - switch (idx) { - case SSL_TMP_KEY_RSA_512: - r = SSL_TMP_KEY_INIT_RSA(512); - break; - case SSL_TMP_KEY_RSA_1024: - r = SSL_TMP_KEY_INIT_RSA(1024); - break; - case SSL_TMP_KEY_RSA_2048: - r = SSL_TMP_KEY_INIT_RSA(2048); - break; - case SSL_TMP_KEY_RSA_4096: - r = SSL_TMP_KEY_INIT_RSA(4096); - break; - } - return r ? JNI_FALSE : JNI_TRUE; -} - +// Commented out but might get reused later +#if 0 TCN_IMPLEMENT_CALL(jboolean, SSL, loadDSATempKey)(TCN_STDARGS, jint idx, jstring file) { @@ -1113,14 +1007,17 @@ TCN_IMPLEMENT_CALL(jboolean, SSL, loadDS if (!J2S(file)) return JNI_FALSE; + /* Removed */ SSL_TMP_KEY_FREE(DSA, idx); if ((dh = SSL_dh_get_param_from_file(J2S(file)))) { + /* Removed */ SSL_temp_keys[idx] = dh; r = JNI_TRUE; } TCN_FREE_CSTRING(file); return r; } +#endif TCN_IMPLEMENT_CALL(jstring, SSL, getLastError)(TCN_STDARGS) { Modified: tomcat/native/trunk/native/src/sslcontext.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslcontext.c?rev=1681126&r1=1681125&r2=1681126&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslcontext.c (original) +++ tomcat/native/trunk/native/src/sslcontext.c Fri May 22 14:24:35 2015 @@ -248,7 +248,6 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma SSL_CTX_set_tmp_ecdh(c->ctx, ecdh); EC_KEY_free(ecdh); #endif - SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA); SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH); } /* Set default Certificate verification level Modified: tomcat/native/trunk/native/src/sslnetwork.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslnetwork.c?rev=1681126&r1=1681125&r2=1681126&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslnetwork.c (original) +++ tomcat/native/trunk/native/src/sslnetwork.c Fri May 22 14:24:35 2015 @@ -148,8 +148,6 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv /* * Configure callbacks for SSL connection */ - SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA); - SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH); SSL_set_session_id_context(ssl, &(ctx->context_id[0]), sizeof ctx->context_id); } Modified: tomcat/native/trunk/native/src/sslutils.c URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/sslutils.c?rev=1681126&r1=1681125&r2=1681126&view=diff ============================================================================== --- tomcat/native/trunk/native/src/sslutils.c (original) +++ tomcat/native/trunk/native/src/sslutils.c Fri May 22 14:24:35 2015 @@ -315,97 +315,11 @@ DH *SSL_dh_get_param_from_file(const cha } /* - * Handle out temporary RSA private keys on demand - * - * The background of this as the TLSv1 standard explains it: - * - * | D.1. Temporary RSA keys - * | - * | US Export restrictions limit RSA keys used for encryption to 512 - * | bits, but do not place any limit on lengths of RSA keys used for - * | signing operations. Certificates often need to be larger than 512 - * | bits, since 512-bit RSA keys are not secure enough for high-value - * | transactions or for applications requiring long-term security. Some - * | certificates are also designated signing-only, in which case they - * | cannot be used for key exchange. - * | - * | When the public key in the certificate cannot be used for encryption, - * | the server signs a temporary RSA key, which is then exchanged. In - * | exportable applications, the temporary RSA key should be the maximum - * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are - * | relatively insecure, they should be changed often. For typical - * | electronic commerce applications, it is suggested that keys be - * | changed daily or every 500 transactions, and more often if possible. - * | Note that while it is acceptable to use the same temporary key for - * | multiple transactions, it must be signed each time it is used. - * | - * | RSA key generation is a time-consuming process. In many cases, a - * | low-priority process can be assigned the task of key generation. - * | Whenever a new key is completed, the existing temporary key can be - * | replaced with the new one. - * - * XXX: base on comment above, if thread support is enabled, - * we should spawn a low-priority thread to generate new keys - * on the fly. - * - * So we generated 512 and 1024 bit temporary keys on startup - * which we now just hand out on demand.... - */ - -RSA *SSL_callback_tmp_RSA(SSL *ssl, int export, int keylen) -{ - int idx; - - /* doesn't matter if export flag is on, - * we won't be asked for keylen > 512 in that case. - * if we are asked for a keylen > 1024, it is too expensive - * to generate on the fly. - */ - - switch (keylen) { - case 512: - idx = SSL_TMP_KEY_RSA_512; - break; - case 2048: - idx = SSL_TMP_KEY_RSA_2048; - if (SSL_temp_keys[idx] == NULL) - idx = SSL_TMP_KEY_RSA_1024; - break; - case 4096: - idx = SSL_TMP_KEY_RSA_4096; - if (SSL_temp_keys[idx] == NULL) - idx = SSL_TMP_KEY_RSA_2048; - break; - case 1024: - default: - idx = SSL_TMP_KEY_RSA_1024; - break; - } - return (RSA *)SSL_temp_keys[idx]; -} - -/* * Hand out the already generated DH parameters... */ DH *SSL_callback_tmp_DH(SSL *ssl, int export, int keylen) { - int idx; - switch (keylen) { - case 512: - idx = SSL_TMP_KEY_DH_512; - break; - case 2048: - idx = SSL_TMP_KEY_DH_2048; - break; - case 4096: - idx = SSL_TMP_KEY_DH_4096; - break; - case 1024: - default: - idx = SSL_TMP_KEY_DH_1024; - break; - } - return (DH *)SSL_temp_keys[idx]; + return SSL_dh_get_tmp_param(keylen); } /* --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
