You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by mt...@apache.org on 2013/01/25 07:30:15 UTC

svn commit: r1438344 - in /tomcat/native/branches/1.1.x/native: include/ssl_private.h src/sslcontext.c src/sslnetwork.c src/sslutils.c

Author: mturk
Date: Fri Jan 25 06:30:15 2013
New Revision: 1438344

URL: http://svn.apache.org/viewvc?rev=1438344&view=rev
Log:
BZ54468 - Apply Bill's patch for FIPS mode compliance

Modified:
    tomcat/native/branches/1.1.x/native/include/ssl_private.h
    tomcat/native/branches/1.1.x/native/src/sslcontext.c
    tomcat/native/branches/1.1.x/native/src/sslnetwork.c
    tomcat/native/branches/1.1.x/native/src/sslutils.c

Modified: tomcat/native/branches/1.1.x/native/include/ssl_private.h
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/include/ssl_private.h?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/include/ssl_private.h (original)
+++ tomcat/native/branches/1.1.x/native/include/ssl_private.h Fri Jan 25 06:30:15 2013
@@ -49,7 +49,6 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
-#include <openssl/md5.h>
 /* Avoid tripping over an engine build installed globally and detected
  * when the user points at an explicit non-engine flavor of OpenSSL
  */
@@ -234,7 +233,7 @@ struct tcn_ssl_ctxt_t {
     BIO             *bio_os;
     BIO             *bio_is;
 
-    unsigned char   context_id[MD5_DIGEST_LENGTH];
+    unsigned char   context_id[SHA_DIGEST_LENGTH];
 
     int             protocol;
     /* we are one or the other */
@@ -309,7 +308,6 @@ DH         *SSL_dh_get_param_from_file(c
 RSA        *SSL_callback_tmp_RSA(SSL *, int, int);
 DH         *SSL_callback_tmp_DH(SSL *, int, int);
 void        SSL_callback_handshake(const SSL *, int, int);
-void        SSL_vhost_algo_id(const unsigned char *, unsigned char *, int);
 int         SSL_CTX_use_certificate_chain(SSL_CTX *, const char *, int);
 int         SSL_callback_SSL_verify(int, X509_STORE_CTX *);
 int         SSL_rand_seed(const char *file);

Modified: tomcat/native/branches/1.1.x/native/src/sslcontext.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslcontext.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslcontext.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslcontext.c Fri Jan 25 06:30:15 2013
@@ -147,9 +147,9 @@ TCN_IMPLEMENT_CALL(jlong, SSLContext, ma
 #endif
     /* Default session context id and cache size */
     SSL_CTX_sess_set_cache_size(c->ctx, SSL_DEFAULT_CACHE_SIZE);
-    MD5((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
-        (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
-        &(c->context_id[0]));
+    EVP_Digest((const unsigned char *)SSL_DEFAULT_VHOST_NAME,
+               (unsigned long)(sizeof(SSL_DEFAULT_VHOST_NAME) - 1),
+               &(c->context_id[0]), NULL, EVP_sha1(), NULL);
     if (mode) {
         SSL_CTX_set_tmp_rsa_callback(c->ctx, SSL_callback_tmp_RSA);
         SSL_CTX_set_tmp_dh_callback(c->ctx,  SSL_callback_tmp_DH);
@@ -195,9 +195,9 @@ TCN_IMPLEMENT_CALL(void, SSLContext, set
     TCN_ASSERT(ctx != 0);
     UNREFERENCED(o);
     if (J2S(id)) {
-        MD5((const unsigned char *)J2S(id),
-            (unsigned long)strlen(J2S(id)),
-            &(c->context_id[0]));
+        EVP_Digest((const unsigned char *)J2S(id),
+                   (unsigned long)strlen(J2S(id)),
+                   &(c->context_id[0]), NULL, EVP_sha1(), NULL);
     }
     TCN_FREE_CSTRING(id);
 }

Modified: tomcat/native/branches/1.1.x/native/src/sslnetwork.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslnetwork.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslnetwork.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslnetwork.c Fri Jan 25 06:30:15 2013
@@ -151,7 +151,7 @@ static tcn_ssl_conn_t *ssl_create(JNIEnv
         SSL_set_tmp_rsa_callback(ssl, SSL_callback_tmp_RSA);
         SSL_set_tmp_dh_callback(ssl,  SSL_callback_tmp_DH);
         SSL_set_session_id_context(ssl, &(ctx->context_id[0]),
-                                   MD5_DIGEST_LENGTH);
+                                   sizeof(ctx->context_id));
     }
     SSL_set_verify_result(ssl, X509_V_OK);
     SSL_rand_seed(ctx->rand_file);

Modified: tomcat/native/branches/1.1.x/native/src/sslutils.c
URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/sslutils.c?rev=1438344&r1=1438343&r2=1438344&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/sslutils.c (original)
+++ tomcat/native/branches/1.1.x/native/src/sslutils.c Fri Jan 25 06:30:15 2013
@@ -404,25 +404,6 @@ DH *SSL_callback_tmp_DH(SSL *ssl, int ex
     return (DH *)SSL_temp_keys[idx];
 }
 
-void SSL_vhost_algo_id(const unsigned char *vhost_id, unsigned char *md, int algo)
-{
-    MD5_CTX c;
-    MD5_Init(&c);
-    MD5_Update(&c, vhost_id, MD5_DIGEST_LENGTH);
-    switch (algo) {
-        case SSL_ALGO_UNKNOWN:
-            MD5_Update(&c, "UNKNOWN", 7);
-        break;
-        case SSL_ALGO_RSA:
-            MD5_Update(&c, "RSA", 3);
-        break;
-        case SSL_ALGO_DSA:
-            MD5_Update(&c, "DSA", 3);
-        break;
-    }
-    MD5_Final(md, &c);
-}
-
 /*
  * Read a file that optionally contains the server certificate in PEM
  * format, possibly followed by a sequence of CA certificates that



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org