Author: schultz
Date: Sat Jul 9 02:05:06 2011
New Revision: 1144573
URL: http://svn.apache.org/viewvc?rev=1144573&view=rev
Log:
Added function to enter FIPS mode.
Modified:
tomcat/native/trunk/native/src/ssl.c
Modified: tomcat/native/trunk/native/src/ssl.c
URL:
http://svn.apache.org/viewvc/tomcat/native/trunk/native/src/ssl.c?rev=1144573&r1=1144572&r2=1144573&view=diff
==============================================================================
--- tomcat/native/trunk/native/src/ssl.c (original)
+++ tomcat/native/trunk/native/src/ssl.c Sat Jul 9 02:05:06 2011
@@ -503,6 +503,32 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(T
}
TCN_FREE_CSTRING(file);
}
+
+TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode)
+{
+ int r = 0;
+ UNREFERENCED(o);
+
+#ifdef OPENSSL_FIPS
+ if(1 != (r = (jint)FIPS_mode_set((int)mode))) {
+ /* arrange to get a human-readable error message */
+ unsigned long err = ERR_get_error();
+ char msg[256];
+
+ /* ERR_load_crypto_strings() already called in initialize() */
+
+ ERR_error_string_n(err, msg, 256);
+
+ tcn_ThrowException(e, msg);
+ }
+#else
+ /* FIPS is unavailable */
+ tcn_ThrowException(e, "FIPS was not available to tcnative at build time.
You will need to re-build tcnative against an OpenSSL with FIPS.");
+#endif
+
+ return r;
+}
+
/* OpenSSL Java Stream BIO */
typedef struct {
@@ -876,6 +902,14 @@ TCN_IMPLEMENT_CALL(void, SSL, randSet)(T
UNREFERENCED(file);
}
+TCN_IMPLEMENT_CALL(jint, SSL, fipsModeSet)(TCN_STDARGS, jint mode)
+{
+ UNREFERENCED_STDARGS;
+ UNREFERENCED(mode);
+
+ return 0;
+}
+
TCN_IMPLEMENT_CALL(jlong, SSL, newBIO)(TCN_STDARGS, jlong pool,
jobject callback)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
