RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

[Amit Pande]

Thank you George for letting us know on 
-Dorg.bouncycastle.rsa.allow_multi_use=true" JVM option. Will explore this 
further and update the document 
(https://github.com/amitlpande/tomcat-9-fips/blob/master/README.md) 
appropriately. 

Albeit reluctantly, we have given in to use BCFIPS (over PKCS12) for our key 
stores as it is the only format meeting our FIPS requirements.

Thanks,
Amit

-----Original Message-----
From: George Stanchev <george.stanc...@microfocus.com> 
Sent: Saturday, December 5, 2020 11:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: RE: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

Chris

-----Original Message-----
From: Christopher Schultz <ch...@christopherschultz.net>
Sent: Friday, December 04, 2020 1:20 PM
To: users@tomcat.apache.org
Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?

<snip>

> With the pluggability of Java's crypto interface, I seriously doubt 
> Oracle is going to certify a JCE module in the future, esp. with free 
> 3rd party solutions such as BCFIPS.

Is BC actually certified? It seems unlikely to me that a group of volunteers 
from Australia are going to bother to go through that module-certification 
process.

GS: While the project is open sourced they had a company (Crypto Workshop) that 
earned a living through paid support and consulting. They were recently 
acquired 
(https://www.prnewswire.com/news-releases/primekey-acquires-crypto-workshop-300988188.html).
 And yes they are certified 
(https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2768)
 and currently working on the next certification, expected out next year.

<snip>


> I found it non-trivial and the toolsets to be very specific, and even 
> after following all instructions from several wikis and web pages I 
> kept running into issues resulting in overall failure.

Yes, the build process for OpenSSL is horrible. I have no idea why they decided 
to use Perl as their build system. On Windows? I have only tried to build the 
OpenSSL binary, not the FIPS-compliant module. Having done it on Linux (where 
it's "easy") I can say I'm glad I'm not responsible for doing it on Windows.

GS: Sadly, OpenSSL and the FIPS module built just fine. I forgot the details 
but it was the ARP or the tcnative itself that failed me. There is also a bug 
in OpenSSL or tomcat's glue code that if cacerts contain more than a certain 
number of certificates to fail the handshake with timeout 
(http://tomcat.10.x6.nabble.com/Client-Cert-TLS-issue-td5090609.html)

> Also, keep in mind that OpenSSL 1.0.1 is EOLed and the FIPS module is 
> only available for that version line. OpenSSL still produces security 
> fixes to paid support subscribers (we are) but they are not available 
> for the general public. OpenSSL 3.0 will have a refreshed re-certified 
> FIPS module but it is not due until later next year, so for now 
> general public is left hanging with the last public version of 
> 1.0.1+FIPS.

:(

This is why we can't have nice things.

<snap>

> The workaround could be to use a different password based key 
> derivation function - PBKDF2. However, there is nothing in the PKCS12 
> spec that allows to encode another algorithm OID in MacData. In 
> essence, you cannot use any other algorithm other than the one defined 
> in spec which is not FIPS compliant.

And something which is ironically FIPS-compliant is to use a PEM file with no 
protection whatsoever.

GS: Well, the keys in the PEM files are still encrypted but you're right no 
protection of the overall container like in BCFKS or PKCS12

George

B KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKCB  [  
X  ܚX KK[XZ[
 \ \  ][  X  ܚX P X ]
 \X K ܙ B  ܈Y][ۘ[  [X[  K[XZ[
 \ \  Z[ X ]
 \X K ܙ B 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org