Author: mturk
Date: Wed Apr 16 12:52:16 2014
New Revision: 1587896
URL: http://svn.apache.org/r1587896
Log:
Fix Bz56396. Be tolerant on RSA keys < 1024 bits
Modified:
tomcat/native/branches/1.1.x/native/src/ssl.c
tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
Modified: tomcat/native/branches/1.1.x/native/src/ssl.c
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?rev=1587896&r1=1587895&r2=1587896&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/native/src/ssl.c (original)
+++ tomcat/native/branches/1.1.x/native/src/ssl.c Wed Apr 16 12:52:16 2014
@@ -221,6 +221,14 @@ static const jint supported_ssl_opts = 0
static int ssl_tmp_key_init_rsa(int bits, int idx)
{
+#ifdef OPENSSL_FIPS
+ /**
+ * With FIPS mode short RSA keys cannot be
+ * generated.
+ */
+ if (bits < 1024)
+ return 0;
+#endif
if (!(SSL_temp_keys[idx] =
RSA_generate_key(bits, RSA_F4, NULL, NULL)))
return 1;
Modified: tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml?rev=1587896&r1=1587895&r2=1587896&view=diff
==============================================================================
--- tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/branches/1.1.x/xdocs/miscellaneous/changelog.xml Wed Apr 16
12:52:16 2014
@@ -36,6 +36,14 @@
new documentation project for Tomcat Native was started.
</p>
</section>
+<section name="Changes between 1.1.30 and 1.1.31">
+ <changelog>
+ <fix>
+ <bug>56396</bug>: Do not create RSA keys shorter the 1024 bits
+ if inside FIPS mode. (mturk)
+ </fix>
+ </changelog>
+</section>
<section name="Changes between 1.1.29 and 1.1.30">
<changelog>
<fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
