Chris -----Original Message----- From: Christopher Schultz <ch...@christopherschultz.net> Sent: Friday, December 04, 2020 1:20 PM To: users@tomcat.apache.org Subject: Re: [EXTERNAL] Re: Can Tomcat 9 be FIPS compliant without OpenSSL?
<snip> > With the pluggability of Java's crypto interface, I seriously doubt > Oracle is going to certify a JCE module in the future, esp. with free > 3rd party solutions such as BCFIPS. Is BC actually certified? It seems unlikely to me that a group of volunteers from Australia are going to bother to go through that module-certification process. GS: While the project is open sourced they had a company (Crypto Workshop) that earned a living through paid support and consulting. They were recently acquired (https://www.prnewswire.com/news-releases/primekey-acquires-crypto-workshop-300988188.html). And yes they are certified (https://csrc.nist.gov/projects/cryptographic-module-validation-program/Certificate/2768) and currently working on the next certification, expected out next year. <snip> > I found it non-trivial and the toolsets to be very specific, and even > after following all instructions from several wikis and web pages I > kept running into issues resulting in overall failure. Yes, the build process for OpenSSL is horrible. I have no idea why they decided to use Perl as their build system. On Windows? I have only tried to build the OpenSSL binary, not the FIPS-compliant module. Having done it on Linux (where it's "easy") I can say I'm glad I'm not responsible for doing it on Windows. GS: Sadly, OpenSSL and the FIPS module built just fine. I forgot the details but it was the ARP or the tcnative itself that failed me. There is also a bug in OpenSSL or tomcat's glue code that if cacerts contain more than a certain number of certificates to fail the handshake with timeout (http://tomcat.10.x6.nabble.com/Client-Cert-TLS-issue-td5090609.html) > Also, keep in mind that OpenSSL 1.0.1 is EOLed and the FIPS module is > only available for that version line. OpenSSL still produces security > fixes to paid support subscribers (we are) but they are not available > for the general public. OpenSSL 3.0 will have a refreshed re-certified > FIPS module but it is not due until later next year, so for now > general public is left hanging with the last public version of > 1.0.1+FIPS. :( This is why we can't have nice things. <snap> > The workaround could be to use a different password based key > derivation function - PBKDF2. However, there is nothing in the PKCS12 > spec that allows to encode another algorithm OID in MacData. In > essence, you cannot use any other algorithm other than the one defined > in spec which is not FIPS compliant. And something which is ironically FIPS-compliant is to use a PEM file with no protection whatsoever. GS: Well, the keys in the PEM files are still encrypted but you're right no protection of the overall container like in BCFKS or PKCS12 George