You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2013/01/25 07:30:15 UTC
svn commit: r1438344 - in /tomcat/native/branches/1.1.x/native:
include/ssl_private.h src/sslcontext.c src/sslnetwork.c src/sslutils.c
Author: mturk
Date: Fri Jan 25 06:30:15 2013
New Revision: 1438344
URL: http://svn.apache.org/viewvc?rev=1438344&view=rev
Log:
BZ54468 - Apply Bill's patch for FIPS mode compliance
Modified:
tomcat/native/branches/1.1.x/native/include/ssl_private.h
tomcat/native/branches/1.1.x/native/src/sslcontext.c
tomcat/native/branches/1.1.x/native/src/sslnetwork.c
tomcat/native/branches/1.1.x/native/src/sslutils.c
Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Fri Jan 25 06:30:15 2013
@@ -49,7 +49,6 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/x509v3.h>
-#include <openssl/md5.h>
/* Avoid tripping over an engine build installed globally and detected
* when the user points at an explicit non-engine flavor of OpenSSL
*/
@@ -234,7 +233,7 @@ struct tcn_ssl_ctxt_t {
BIO *bio_os;
BIO *bio_is;
- unsigned char context_id[MD5_DIGEST_LENGTH];
+ unsigned char context_id[SHA_DIGEST_LENGTH];
int protocol;
/* we are one or the other */
@@ -309,7 +308,6 @@ DH *SSL_dh_get_param_from_file(c
RSA *SSL_callback_tmp_RSA(SSL *, int, int);
DH *SSL_callback_tmp_DH(SSL *, int, int);
void SSL_callback_handshake(const SSL *, int, int);
-void SSL_vhost_algo_id(const unsigned char *, unsigned char *, int);
int SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
int SSL_callback_SSL_verify(int, X509_STORE_CTX *);
int SSL_rand_seed(const char *file);
Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Fri Jan 25 06:30:15 2013
@@ -147,9 +147,9 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
#endif
/* Default session context id and cache size */
SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
- MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
- (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
- &(c->context_id[0]));
+ EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
+ (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+ &(c->context_id[0]), NULL, EVP_sha1(), NULL);
if (mode) {
SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
SSL_CTX_set_tmp_dh_callback(c->ctx, SSL_callback_tmp_DH);
@@ -195,9 +195,9 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
TCN_ASSERT(ctx != 0);
UNREFERENCED(o);
if (J2S(id)) {
- MD5((const unsigned char *)J2S(id),
- (unsigned long)strlen(J2S(id)),
- &(c->context_id[0]));
+ EVP_Digest((const unsigned char *)J2S(id),
+ (unsigned long)strlen(J2S(id)),
+ &(c->context_id[0]), NULL, EVP_sha1(), NULL);
}
TCN_FREE_CSTRING(id);
}
Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Fri Jan 25 06:30:15 2013
@@ -151,7 +151,7 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
SSL_set_tmp_dh_callback(ssl, SSL_callback_tmp_DH);
SSL_set_session_id_context(ssl, &(ctx->context_id[0]),
- MD5_DIGEST_LENGTH);
+ sizeof(ctx->context_id));
}
SSL_set_verify_result(ssl, X509_V_OK);
SSL_rand_seed(ctx->rand_file);
Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Fri Jan 25 06:30:15 2013
@@ -404,25 +404,6 @@ DH *SSL_callback_tmp_DH(SSL *ssl, int ex
return (DH *)SSL_temp_keys[idx];
}
-void SSL_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo)
-{
- MD5_CTX c;
- MD5_Init(&c);
- MD5_Update(&c, vhost_id, MD5_DIGEST_LENGTH);
- switch (algo) {
- case SSL_ALGO_UNKNOWN:
- MD5_Update(&c, "UNKNOWN", 7);
- break;
- case SSL_ALGO_RSA:
- MD5_Update(&c, "RSA", 3);
- break;
- case SSL_ALGO_DSA:
- MD5_Update(&c, "DSA", 3);
- break;
- }
- MD5_Final(md, &c);
-}
-
/*
* Read a file that optionally contains the server certificate in PEM
* format, possibly followed by a sequence of CA certificates that
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org