tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mt...@apache.org
Subject cvs commit: jakarta-tomcat-connectors/jni/native/src ssl.c sslutils.c
Date Tue, 07 Jun 2005 18:22:22 GMT
mturk       2005/06/07 11:22:22

  Modified:    jni/java/org/apache/tomcat/jni SSL.java
               jni/native/include ssl_private.h
               jni/native/src ssl.c sslutils.c
  Log:
  Use global RSA and DSA temp keys.
  Also do not initialize 2048 bit key at startup unless explicitly
  asked by a new function for generating temp keys.
  
  Revision  Changes    Path
  1.11      +39 -4     jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java
  
  Index: SSL.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/java/org/apache/tomcat/jni/SSL.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- SSL.java	7 Jun 2005 11:14:21 -0000	1.10
  +++ SSL.java	7 Jun 2005 18:22:21 -0000	1.11
  @@ -45,9 +45,13 @@
   
       public static final int SSL_TMP_KEY_RSA_512  = 0;
       public static final int SSL_TMP_KEY_RSA_1024 = 1;
  -    public static final int SSL_TMP_KEY_DH_512   = 2;
  -    public static final int SSL_TMP_KEY_DH_1024  = 3;
  -    public static final int SSL_TMP_KEY_MAX      = 4;
  +    public static final int SSL_TMP_KEY_RSA_2048 = 2;
  +    public static final int SSL_TMP_KEY_RSA_4096 = 3;
  +    public static final int SSL_TMP_KEY_DH_512   = 4;
  +    public static final int SSL_TMP_KEY_DH_1024  = 5;
  +    public static final int SSL_TMP_KEY_DH_2048  = 6;
  +    public static final int SSL_TMP_KEY_DH_4096  = 7;
  +    public static final int SSL_TMP_KEY_MAX      = 8;
   
       /*
        * Define the SSL options
  @@ -217,4 +221,35 @@
        */
        public static native void setPasswordBIO(long bio);
   
  +    /**
  +     * Generate temporary RSA key.
  +     * <br />
  +     * Index can be one of:
  +     * <PRE>
  +     * SSL_TMP_KEY_RSA_512
  +     * SSL_TMP_KEY_RSA_1024
  +     * SSL_TMP_KEY_RSA_2048
  +     * SSL_TMP_KEY_RSA_4096
  +     * </PRE>
  +     * By default 512 and 1024 keys are generated on startup.
  +     * You can use a low priority thread to generate them on the fly.
  +     * @param idx temporary key index.
  +     */
  +    public static native boolean generateRSATempKey(int idx);
  +
  +    /**
  +     * Load temporary DSA key from file
  +     * <br />
  +     * Index can be one of:
  +     * <PRE>
  +     * SSL_TMP_KEY_DSA_512
  +     * SSL_TMP_KEY_DSA_1024
  +     * SSL_TMP_KEY_DSA_2048
  +     * SSL_TMP_KEY_DSA_4096
  +     * </PRE>
  +     * @param idx temporary key index.
  +     * @param file File contatining DH params.
  +     */
  +    public static native boolean loadDSATempKey(int idx, String file);
  +
   }
  
  
  
  1.19      +1 -2      jakarta-tomcat-connectors/jni/native/include/ssl_private.h
  
  Index: ssl_private.h
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- ssl_private.h	7 Jun 2005 11:05:07 -0000	1.18
  +++ ssl_private.h	7 Jun 2005 18:22:21 -0000	1.19
  @@ -167,7 +167,6 @@
       /* for client or downstream server authentication */
       int             verify_depth;
       int             verify_mode;
  -    void            *temp_keys[SSL_TMP_KEY_MAX];
       tcn_pass_cb_t   *cb_data;
   };
   
  
  
  
  1.23      +42 -2     jakarta-tomcat-connectors/jni/native/src/ssl.c
  
  Index: ssl.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/ssl.c,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- ssl.c	7 Jun 2005 11:14:21 -0000	1.22
  +++ ssl.c	7 Jun 2005 18:22:21 -0000	1.23
  @@ -64,7 +64,6 @@
   #define SSL_TMP_KEYS_INIT(R)            \
       R |= SSL_TMP_KEY_INIT_RSA(512);     \
       R |= SSL_TMP_KEY_INIT_RSA(1024);    \
  -    R |= SSL_TMP_KEY_INIT_RSA(2048);    \
       R |= SSL_TMP_KEY_INIT_DH(512);      \
       R |= SSL_TMP_KEY_INIT_DH(1024);     \
       R |= SSL_TMP_KEY_INIT_DH(2048);     \
  @@ -702,6 +701,47 @@
       SSL_BIO_doref(bio_handle);
   }
   
  +TCN_IMPLEMENT_CALL(jboolean, SSL, generateRSATempKey)(TCN_STDARGS, jint idx)
  +{
  +    int r = 1;
  +    UNREFERENCED_STDARGS;
  +    SSL_TMP_KEY_FREE(RSA, idx);
  +    switch (idx) {
  +        case SSL_TMP_KEY_RSA_512:
  +            r = SSL_TMP_KEY_INIT_RSA(512);
  +        break;
  +        case SSL_TMP_KEY_RSA_1024:
  +            r = SSL_TMP_KEY_INIT_RSA(1024);
  +        break;
  +        case SSL_TMP_KEY_RSA_2048:
  +            r = SSL_TMP_KEY_INIT_RSA(2048);
  +        break;
  +        case SSL_TMP_KEY_RSA_4096:
  +            r = SSL_TMP_KEY_INIT_RSA(4096);
  +        break;
  +    }
  +    return r ? JNI_FALSE : JNI_TRUE;
  +}
  +
  +TCN_IMPLEMENT_CALL(jboolean, SSL, loadDSATempKey)(TCN_STDARGS, jint idx,
  +                                                  jstring file)
  +{
  +    jboolean r = JNI_FALSE;
  +    TCN_ALLOC_CSTRING(file);
  +    DH *dh;
  +    UNREFERENCED(o);
  +
  +    if (!J2S(file))
  +        return JNI_FALSE;
  +    SSL_TMP_KEY_FREE(DSA, idx);
  +    if ((dh = SSL_dh_get_param_from_file(J2S(file)))) {
  +        SSL_temp_keys[idx] = dh;
  +        r = JNI_TRUE;
  +    }
  +    TCN_FREE_CSTRING(file);
  +    return r;
  +}
  +
   #else
   /* OpenSSL is not supported
    * If someday we make OpenSSL optional
  
  
  
  1.22      +5 -5      jakarta-tomcat-connectors/jni/native/src/sslutils.c
  
  Index: sslutils.c
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -u -r1.21 -r1.22
  --- sslutils.c	7 Jun 2005 12:41:44 -0000	1.21
  +++ sslutils.c	7 Jun 2005 18:22:22 -0000	1.22
  @@ -346,12 +346,12 @@
           break;
           case 2048:
               idx = SSL_TMP_KEY_RSA_2048;
  -            if (conn->ctx->temp_keys[idx] == NULL)
  +            if (SSL_temp_keys[idx] == NULL)
                   idx = SSL_TMP_KEY_RSA_1024;
           break;
           case 4096:
               idx = SSL_TMP_KEY_RSA_4096;
  -            if (conn->ctx->temp_keys[idx] == NULL)
  +            if (SSL_temp_keys[idx] == NULL)
                   idx = SSL_TMP_KEY_RSA_2048;
           break;
           case 1024:
  @@ -359,7 +359,7 @@
               idx = SSL_TMP_KEY_RSA_1024;
           break;
       }
  -    return (RSA *)conn->ctx->temp_keys[idx];
  +    return (RSA *)SSL_temp_keys[idx];
   }
   
   /*
  @@ -384,7 +384,7 @@
               idx = SSL_TMP_KEY_DH_1024;
           break;
       }
  -    return (DH *)conn->ctx->temp_keys[idx];
  +    return (DH *)SSL_temp_keys[idx];
   }
   
   void SSL_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo)
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message