From: markt Date: Sat, 27 Nov 2010 11:41:10 +0000 (+0000) Subject: Drop the entropy attribute. SecureRandom has a sufficiently secure self-seeding mecha... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=7270ec91db6761cfdacf1bd85dce0571469e8a22;p=tomcat7.0 Drop the entropy attribute. SecureRandom has a sufficiently secure self-seeding mechanism. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1039657 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/session/ManagerBase.java b/java/org/apache/catalina/session/ManagerBase.java index 779ffe6a2..a44643131 100644 --- a/java/org/apache/catalina/session/ManagerBase.java +++ b/java/org/apache/catalina/session/ManagerBase.java @@ -28,7 +28,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.lang.reflect.Method; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.SecureRandom; @@ -55,11 +54,9 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.Manager; import org.apache.catalina.Session; import org.apache.catalina.mbeans.MBeanUtils; -import org.apache.catalina.util.Base64; import org.apache.catalina.util.LifecycleMBeanBase; import org.apache.juli.logging.Log; import org.apache.juli.logging.LogFactory; -import org.apache.tomcat.util.ExceptionUtils; import org.apache.tomcat.util.res.StringManager; @@ -100,13 +97,6 @@ public abstract class ManagerBase extends LifecycleMBeanBase /** - * A String initialization parameter used to increase the entropy of - * the initialization of our random number generator. - */ - protected String entropy = null; - - - /** * The descriptive information string for this implementation. */ private static final String info = "ManagerBase/1.0"; @@ -339,58 +329,6 @@ public abstract class ManagerBase extends LifecycleMBeanBase /** - * Return the entropy increaser value, or compute a semi-useful value - * if this String has not yet been set. - */ - public String getEntropy() { - - // Calculate a semi-useful value if this has not been set - if (this.entropy == null) { - // Use APR to get a crypto secure entropy value - byte[] result = new byte[32]; - boolean apr = false; - try { - String methodName = "random"; - Class paramTypes[] = new Class[2]; - paramTypes[0] = result.getClass(); - paramTypes[1] = int.class; - Object paramValues[] = new Object[2]; - paramValues[0] = result; - paramValues[1] = Integer.valueOf(32); - Method method = Class.forName("org.apache.tomcat.jni.OS") - .getMethod(methodName, paramTypes); - method.invoke(null, paramValues); - apr = true; - } catch (Throwable t) { - ExceptionUtils.handleThrowable(t); - } - if (apr) { - setEntropy(Base64.encode(result)); - } else { - setEntropy(this.toString()); - } - } - - return (this.entropy); - - } - - - /** - * Set the entropy increaser value. - * - * @param entropy The new entropy increaser value - */ - public void setEntropy(String entropy) { - - String oldEntropy = entropy; - this.entropy = entropy; - support.firePropertyChange("entropy", oldEntropy, this.entropy); - - } - - - /** * Return descriptive information about this Manager implementation and * the corresponding version number, in the format * <description>/<version>. @@ -619,11 +557,6 @@ public abstract class ManagerBase extends LifecycleMBeanBase long seed = System.currentTimeMillis(); long t1 = seed; - char entropy[] = getEntropy().toCharArray(); - for (int i = 0; i < entropy.length; i++) { - long update = ((byte) entropy[i]) << ((i % 8) * 8); - seed ^= update; - } // Construct and seed a new random number generator SecureRandom result = new SecureRandom(); diff --git a/java/org/apache/catalina/session/mbeans-descriptors.xml b/java/org/apache/catalina/session/mbeans-descriptors.xml index 447adadc0..6e792204a 100644 --- a/java/org/apache/catalina/session/mbeans-descriptors.xml +++ b/java/org/apache/catalina/session/mbeans-descriptors.xml @@ -42,12 +42,6 @@ description="Number of duplicated session ids generated" type="int" /> - - @@ -235,12 +229,6 @@ description="Number of duplicated session ids generated" type="int" /> - - diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0edd3d302..dbbe446dd 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -54,6 +54,10 @@ 50106: Correct several MBean descriptors. Patch provided by Eiji Takahashi. (markt) + + Further performance improvements to session ID generation. Remove legacy + configuration options that are no longer required. + diff --git a/webapps/docs/config/manager.xml b/webapps/docs/config/manager.xml index 4c354b110..63d9a263f 100644 --- a/webapps/docs/config/manager.xml +++ b/webapps/docs/config/manager.xml @@ -99,14 +99,6 @@ - -

A String value that is utilized when seeding the random number - generator used to create session identifiers for this Manager. - If not specified, a semi-useful value is calculated, but a long - String value should be specified in security-conscious - environments.

- -

The maximum number of active sessions that will be created by this Manager, or -1 (the default) for no limit.