Author: mturk Date: Wed Apr 16 12:52:16 2014 New Revision: 1587896 URL: http://svn.apache.org/r1587896 Log: Fix Bz56396. Be tolerant on RSA keys < 1024 bits
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/branches/1.1.x/native/src/ssl.c URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1587896&r1=1587895&r2=1587896&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/native/src/ssl.c (original) +++ tomcat/native/branches/1.1.x/native/src/ssl.c Wed Apr 16 12:52:16 2014 @@ -221,6 +221,14 @@ static const jint supported_ssl_opts = 0 static int ssl_tmp_key_init_rsa(int bits, int idx) { +#ifdef OPENSSL_FIPS + /** + * With FIPS mode short RSA keys cannot be + * generated. + */ + if (bits < 1024) + return 0; +#endif if (!(SSL_temp_keys[idx] = RSA_generate_key(bits, RSA_F4, NULL, NULL))) return 1; Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1587896&r1=1587895&r2=1587896&view=diff ============================================================================== --- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Wed Apr 16 12:52:16 2014 @@ -36,6 +36,14 @@ new documentation project for Tomcat Native was started. </p> </section> +<section name="Changes between 1.1.30 and 1.1.31"> + <changelog> + <fix> + <bug>56396</bug>: Do not create RSA keys shorter the 1024 bits + if inside FIPS mode. (mturk) + </fix> + </changelog> +</section> <section name="Changes between 1.1.29 and 1.1.30"> <changelog> <fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org