56396 – TCN fails FIPS mode initialization if unable to generate 512 bit RSA temporary key

Bug 56396 - TCN fails FIPS mode initialization if unable to generate 512 bit RSA temporary key

Summary: TCN fails FIPS mode initialization if unable to generate 512 bit RSA temporar...

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat Native
Classification:	Unclassified
Component:	Library (show other bugs)
Version:	1.1.29
Hardware:	All Linux

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-04-11 18:45 UTC by Rob Sanders
Modified:	2014-04-16 15:34 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Rob Sanders 2014-04-11 18:45:14 UTC

Initially report in https://issues.apache.org/bugzilla/show_bug.cgi?id=56027
  On a RHEL6 system configured to be in FIPS 140 mode at boot time the Tomcat Native library will not start, due to the inability to generate a 512 bit RSA temporary key.  Commenting out the SSL_TMP_KEY_INIT_RSA(512) line in the SSL_TMP_KEYS_INIT() macro and rebuilding allows TCN to successfully start in FIPS mode.

  The logic used in the SSL_TMP_KEYS_INIT() macro will cause the startup to fail if any of the temporary keys being generated fails.  Should this be changed to pass if at least one key generates, or one key of each type (RSA,DH, etc...)?  The following note is taken from the comments on the original 56027 bug:

https://issues.apache.org/bugzilla/show_bug.cgi?id=56027#c14

Comment 1 Mladen Turk 2014-04-11 19:15:14 UTC

When you say at boot time, this means started as a service?
This looks like a blocked read from /dev/urandom due to not enough entropy.

Think there are some solutions to that. Google.

Comment 2 Christopher Schultz 2014-04-11 20:10:12 UTC

I think we should just drop support for RSA-512, anyway. It should be considered insecure, which is probably why ken-generation fails (due to FIPS restrictions).

Comment 3 Mladen Turk 2014-04-11 20:32:43 UTC

OK. Think I get more clearer picture now.

There are two things we should do inside
ssl_tmp_key_init_rsa function

1. Use RSA_generate_key_ex function
2. Be tolerant on keys < 1024 bits if OPENSSL_FIPS is defined
   because they are supposed to fail as per fips-140 spec.

Comment 4 Christopher Schultz 2014-04-15 01:14:05 UTC

Note that there is a long-standing bug in httpd for what appears to be the same issue: bug #51186.

Comment 5 Mladen Turk 2014-04-16 12:54:37 UTC

Please verify if the patch in SVN fixes the issue
https://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?r1=1559182&r2=1587896&view=patch

Also verify if everything is working as expected, not just if it boots so I can resolve this issue.

Comment 6 Rob Sanders 2014-04-16 15:01:28 UTC

Mladen,
  Confirm, your patch resolves the issue with Tomcat Native failing to start in FIPS mode.  Pulled the stock 1.1.30 TCN source, applied your patch, and built/installed TCN.  On our RHEL6 box with FIPS enabled at boot, our webapp started just fine and performed as expected.  
  I think a case could be made for also tweaking the logic in SSL_TMP_KEYS_INIT() so that things should continue if at least one temporary key can be created.  There may be reasons for aborting if all 'required' keys are not able to be created.  
  Not familiar with the Tomcat BZ system for closing bugs - do I need to mark as resolved?

Comment 7 Mladen Turk 2014-04-16 15:34:27 UTC

OK, Thanks for confirming the fix.
I think that this is special issue caused by FIPS standard which rejects all RSA keys less then 1024 bit, so no further tweaking is needed thought.

Closing the issue.