bugzilla at apache
Apr 30, 2012, 12:26 PM
Post #1 of 1
(58 views)
Permalink
|
|
[Bug 53166] New: FIPS Mode temporary key generation error
|
|
https://issues.apache.org/bugzilla/show_bug.cgi?id=53166
Priority: P2
Bug ID: 53166
Assignee: bugs [at] httpd
Summary: FIPS Mode temporary key generation error
Severity: normal
Classification: Unclassified
OS: FreeBSD
Reporter: kpapagno [at] gmail
Hardware: PC
Status: NEW
Version: 2.2.22
Component: mod_ssl
Product: Apache httpd-2
When operating in fips mode (SSLFIPS on) the httpd-error-log contains two
entries that are stated as errors.
[Mon Apr 30 18:23:57 2012] [notice] Operating in SSL FIPS mode
[Mon Apr 30 18:23:57 2012] [error] Init: Skipping generating temporary 512 bit
RSA private key in FIPS mode
[Mon Apr 30 18:23:57 2012] [error] Init: Skipping generating temporary 512 bit
DH parameters in FIPS mode
Examining the code in modules/ssl/ssl_engine_init.c where the message is
generated shows the error being generated
if (FIPS_mode() && bits < 1024) {
mc->pTmpKeys[idx] = NULL;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Skipping generating temporary "
"%d bit RSA private key in FIPS mode", bits);
return OK;
}
The message is marked as an error (APLOG_ERR), however the function returns
with an OK. If the bits < 1024 is truely a FIPS error than the function should
return !OK.
If the bits < 1024 is OK, and this is not an error than the log message should
not be flagged with the APLOG_ERR, and should be flagged with NOTICE or
similar.
--
You are receiving this mail because:
You are the assignee for the bug.
|
