gosubpl
Johannes Rudolph
parent
7646506af0
commit
83bafb48a2
8 changed files with 10 additions and 182 deletions
|
|
@ -619,14 +619,9 @@ akka {
|
|||
# "SHA1PRNG" => Can be slow because of blocking issues on Linux
|
||||
# "AES128CounterSecureRNG" => fastest startup and based on AES encryption
|
||||
# algorithm
|
||||
# "AES256CounterSecureRNG"
|
||||
#
|
||||
# The following are deprecated in Akka 2.4. They use one of 3 possible
|
||||
# seed sources, depending on availability: /dev/random, random.org and
|
||||
# SecureRandom (provided by Java)
|
||||
# "AES128CounterInetRNG"
|
||||
# "AES256CounterInetRNG" (Install JCE Unlimited Strength Jurisdiction
|
||||
# "AES256CounterSecureRNG" (Install JCE Unlimited Strength Jurisdiction
|
||||
# Policy Files first)
|
||||
#
|
||||
# Setting a value here may require you to supply the appropriate cipher
|
||||
# suite (see enabled-algorithms section above)
|
||||
random-number-generator = ""
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
/**
|
||||
* Copyright (C) 2009-2016 Lightbend Inc. <http://www.lightbend.com>
|
||||
*/
|
||||
package akka.remote.security.provider
|
||||
|
||||
import org.uncommons.maths.random.{ AESCounterRNG }
|
||||
import SeedSize.Seed128
|
||||
|
||||
/**
|
||||
* INTERNAL API
|
||||
* This class is a wrapper around the 128-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
|
||||
* It uses the default seed generator which uses one of the following 3 random seed sources:
|
||||
* Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
|
||||
* The only method used by netty ssl is engineNextBytes(bytes)
|
||||
*/
|
||||
@deprecated("Use AES128CounterSecureRNG instead", "2.4")
|
||||
class AES128CounterInetRNG extends java.security.SecureRandomSpi {
|
||||
private val rng = new AESCounterRNG(engineGenerateSeed(Seed128))
|
||||
|
||||
/**
|
||||
* This is managed internally by AESCounterRNG
|
||||
*/
|
||||
override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
|
||||
|
||||
/**
|
||||
* Generates a user-specified number of random bytes.
|
||||
*
|
||||
* @param bytes the array to be filled in with random bytes.
|
||||
*/
|
||||
override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
|
||||
|
||||
/**
|
||||
* Unused method
|
||||
* Returns the given number of seed bytes. This call may be used to
|
||||
* seed other random number generators.
|
||||
*
|
||||
* @param numBytes the number of seed bytes to generate.
|
||||
* @return the seed bytes.
|
||||
*/
|
||||
override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = InternetSeedGenerator.getInstance.generateSeed(numBytes)
|
||||
}
|
||||
|
||||
|
|
@ -1,42 +0,0 @@
|
|||
/**
|
||||
* Copyright (C) 2009-2016 Lightbend Inc. <http://www.lightbend.com>
|
||||
*/
|
||||
package akka.remote.security.provider
|
||||
|
||||
import org.uncommons.maths.random.{ AESCounterRNG }
|
||||
import SeedSize.Seed256
|
||||
|
||||
/**
|
||||
* INTERNAL API
|
||||
* This class is a wrapper around the 256-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
|
||||
* It uses the default seed generator which uses one of the following 3 random seed sources:
|
||||
* Depending on availability: random.org, /dev/random, and SecureRandom (provided by Java)
|
||||
* The only method used by netty ssl is engineNextBytes(bytes)
|
||||
*/
|
||||
@deprecated("Use AES256CounterSecureRNG instead", "2.4")
|
||||
class AES256CounterInetRNG extends java.security.SecureRandomSpi {
|
||||
private val rng = new AESCounterRNG(engineGenerateSeed(Seed256))
|
||||
|
||||
/**
|
||||
* This is managed internally by AESCounterRNG
|
||||
*/
|
||||
override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
|
||||
|
||||
/**
|
||||
* Generates a user-specified number of random bytes.
|
||||
*
|
||||
* @param bytes the array to be filled in with random bytes.
|
||||
*/
|
||||
override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
|
||||
|
||||
/**
|
||||
* Unused method
|
||||
* Returns the given number of seed bytes. This call may be used to
|
||||
* seed other random number generators.
|
||||
*
|
||||
* @param numBytes the number of seed bytes to generate.
|
||||
* @return the seed bytes.
|
||||
*/
|
||||
override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = InternetSeedGenerator.getInstance.generateSeed(numBytes)
|
||||
}
|
||||
|
||||
|
|
@ -14,14 +14,10 @@ object AkkaProvider extends Provider("Akka", 1.0, "Akka provider 1.0 that implem
|
|||
//SecureRandom
|
||||
put("SecureRandom.AES128CounterSecureRNG", classOf[AES128CounterSecureRNG].getName)
|
||||
put("SecureRandom.AES256CounterSecureRNG", classOf[AES256CounterSecureRNG].getName)
|
||||
put("SecureRandom.AES128CounterInetRNG", classOf[AES128CounterInetRNG].getName)
|
||||
put("SecureRandom.AES256CounterInetRNG", classOf[AES256CounterInetRNG].getName)
|
||||
|
||||
//Implementation type: software or hardware
|
||||
put("SecureRandom.AES128CounterSecureRNG ImplementedIn", "Software")
|
||||
put("SecureRandom.AES256CounterSecureRNG ImplementedIn", "Software")
|
||||
put("SecureRandom.AES128CounterInetRNG ImplementedIn", "Software")
|
||||
put("SecureRandom.AES256CounterInetRNG ImplementedIn", "Software")
|
||||
null //Magic null is magic
|
||||
}
|
||||
})
|
||||
|
|
|
|||
|
|
@ -1,56 +0,0 @@
|
|||
// ============================================================================
|
||||
// Copyright 2006-2010 Daniel W. Dyer
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
// ============================================================================
|
||||
package akka.remote.security.provider
|
||||
|
||||
import org.uncommons.maths.random.{ SeedGenerator, SeedException, SecureRandomSeedGenerator, RandomDotOrgSeedGenerator }
|
||||
import scala.collection.immutable
|
||||
|
||||
/**
|
||||
* INTERNAL API
|
||||
* Seed generator that maintains multiple strategies for seed
|
||||
* generation and will delegate to the best one available for the
|
||||
* current operating environment.
|
||||
* @author Daniel Dyer
|
||||
*/
|
||||
@deprecated("Use another seed generator instead", "2.4")
|
||||
object InternetSeedGenerator {
|
||||
/**
|
||||
* @return The singleton instance of this class.
|
||||
*/
|
||||
def getInstance: InternetSeedGenerator = Instance
|
||||
|
||||
/**Singleton instance. */
|
||||
private final val Instance: InternetSeedGenerator = new InternetSeedGenerator
|
||||
/**Delegate generators. */
|
||||
private final val Generators: immutable.Seq[SeedGenerator] =
|
||||
List(
|
||||
new RandomDotOrgSeedGenerator, // first try the Internet seed generator
|
||||
new SecureRandomSeedGenerator) // this is last because it always works
|
||||
}
|
||||
|
||||
final class InternetSeedGenerator extends SeedGenerator {
|
||||
/**
|
||||
* Generates a seed by trying each of the available strategies in
|
||||
* turn until one succeeds. Tries the most suitable strategy first
|
||||
* and eventually degrades to the least suitable (but guaranteed to
|
||||
* work) strategy.
|
||||
* @param length The length (in bytes) of the seed.
|
||||
* @return A random seed of the requested length.
|
||||
*/
|
||||
def generateSeed(length: Int): Array[Byte] = InternetSeedGenerator.Generators.view.flatMap(
|
||||
g ⇒ try Option(g.generateSeed(length)) catch { case _: SeedException ⇒ None }).headOption.getOrElse(throw new IllegalStateException("All available seed generation strategies failed."))
|
||||
}
|
||||
|
||||
|
|
@ -85,10 +85,6 @@ private[akka] class SSLSettings(config: Config) {
|
|||
case r @ ("AES128CounterSecureRNG" | "AES256CounterSecureRNG") ⇒
|
||||
log.debug("SSL random number generator set to: {}", r)
|
||||
SecureRandom.getInstance(r, AkkaProvider)
|
||||
case r @ ("AES128CounterInetRNG" | "AES256CounterInetRNG") ⇒
|
||||
log.warning(LogMarker.Security, "SSL random number generator {} is deprecated, " +
|
||||
"use AES128CounterSecureRNG or AES256CounterSecureRNG instead", r)
|
||||
SecureRandom.getInstance(r, AkkaProvider)
|
||||
case s @ ("SHA1PRNG" | "NativePRNG") ⇒
|
||||
log.debug("SSL random number generator set to: {}", s)
|
||||
// SHA1PRNG needs /dev/urandom to be the source on Linux to prevent problems with /dev/random blocking
|
||||
|
|
|
|||
|
|
@ -91,31 +91,6 @@ class Ticket1978AES128CounterSecureRNGSpec extends Ticket1978CommunicationSpec(g
|
|||
|
||||
class Ticket1978AES256CounterSecureRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterSecureRNG", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
|
||||
|
||||
/**
|
||||
* Both of the `Inet` variants require access to the Internet to access random.org.
|
||||
*/
|
||||
class Ticket1978AES128CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterInetRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
|
||||
with InetRNGSpec
|
||||
|
||||
/**
|
||||
* Both of the `Inet` variants require access to the Internet to access random.org.
|
||||
*/
|
||||
class Ticket1978AES256CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterInetRNG", "TLS_RSA_WITH_AES_256_CBC_SHA"))
|
||||
with InetRNGSpec
|
||||
|
||||
trait InetRNGSpec { this: Ticket1978CommunicationSpec ⇒
|
||||
override def preCondition = try {
|
||||
(new RandomDotOrgSeedGenerator).generateSeed(128)
|
||||
true
|
||||
} catch {
|
||||
case NonFatal(e) ⇒
|
||||
log.warning("random.org not available: {}", e.getMessage())
|
||||
false
|
||||
}
|
||||
|
||||
override implicit val timeout: Timeout = Timeout(90.seconds)
|
||||
}
|
||||
|
||||
class Ticket1978DefaultRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "TLS_RSA_WITH_AES_128_CBC_SHA"))
|
||||
|
||||
class Ticket1978CrappyRSAWithMD5OnlyHereToMakeSureThingsWorkSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "SSL_RSA_WITH_NULL_MD5"))
|
||||
|
|
|
|||
|
|
@ -129,7 +129,13 @@ object MiMa extends AutoPlugin {
|
|||
ProblemFilters.exclude[MissingClassProblem]("akka.persistence.AbstractPersistentView"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.persistence.UntypedPersistentView"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$ScheduledUpdate$"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$State")
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.persistence.PersistentView$State"),
|
||||
|
||||
// #22015 removal of deprecated AESCounterSecureInetRNGs
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.AES128CounterInetRNG"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.AES256CounterInetRNG"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.InternetSeedGenerator"),
|
||||
ProblemFilters.exclude[MissingClassProblem]("akka.remote.security.provider.InternetSeedGenerator$")
|
||||
)
|
||||
|
||||
Map(
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue