tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat/FIPS mode on HEL6
Date Thu, 16 Jan 2014 21:23:54 GMT
Robert,

On 1/16/14, 1:59 PM, Robert Sanders wrote:
> I posted this on Monday from my home account, and have some followups
> from my work account:
> 
> Recap: On a RHEL6 box with FIPS enabled at boot time Tomcat 6.0.37
> and Tomcat Native Library 1.1.29 will not start if the APR listener
> is configured with 'FIPSMode="on".
> 
> There appear to be two places that are causing an abort during
> initialization:
> 
> 1) TCN ssl.c in fipsModeSet - the return from FIPS_mode_set() is 0,
> which triggers a exception

What exception is generated -- including the detail message?

I can't seem to find the reference, but I thought that FIPS_mode_set(1)
when already in FIPS mode would not cause an error. It may not actually
return 1 which is easily fixed if that's the problem.

If it /is/ the problem, I'd be curious why OpenSSL is already in FIPS
mode, since Tomcat should be initializing the library and it shouldn't
be in FIPS mode until that happens.

(There also seems to be a bug in tcnative: when calling FIPS_mode_set,
we should expect the return value to be the same as the input value on
success, not always (int)1).

> 2) If I explicitly check for the current mode and skip the call to
> FIPS_mode_set() if already set to one then the code which
> pregenerates the temporary keys fails in 'initialize'.

This seems like a weird state to me... I'd like to hear the explanation.

> Specifically, the call to generate the RSA 512 bit key fails, which
> causes the routine to abort.  A coworker here indicated that the 512
> bit RSA key is invalid for FIPS mode.

My understanding is that FIPS mode as implemented has worked in other
environments, and OpenSSL's FIPS implementation has not changed in quite
a while. Why does this work in other environments and not yours?

> My initial fix to this was to have the JNI call in the
> AprLifecycleListener code try and see if FIPS was already enabled
> before calling fipsModeSet so it could log a suitable message.  I
> don't know if there is a way for the TCN ssl.c code to return a
> non-error message back to the AprLifecycleListener startup or not.
> This solved issue #1

What would you return if you could?

> For issue #2 I just removed the  line in the SSL_TMP_KEYS_INIT macro
> in TCN ssl.c generating the 512 bit RSA key.  Might need to put some
> logic there so that in FIPS mode only FIPS legal key lengths are
> generated...

I'd like to know what the "legal key lengths" are in the first place.
Recent FIPS documents suggest that, for instance, 1024-bit keys are also
unacceptable.

I read-through the code in ssl.c for performing that RSA key generation
and none of it makes any sense to me, honestly: the SSL_temp_keys array
is consulted for values, but does not ever appear to have anything put
into it. RSA keys are created but then ignored. DSA temp keys are
actually inserted into that structure, but RSA keys don't seem to
interact with it at all. :(

-chris


Mime
View raw message