Initially report in https://issues.apache.org/bugzilla/show_bug.cgi?id=56027 On a RHEL6 system configured to be in FIPS 140 mode at boot time the Tomcat Native library will not start, due to the inability to generate a 512 bit RSA temporary key. Commenting out the SSL_TMP_KEY_INIT_RSA(512) line in the SSL_TMP_KEYS_INIT() macro and rebuilding allows TCN to successfully start in FIPS mode. The logic used in the SSL_TMP_KEYS_INIT() macro will cause the startup to fail if any of the temporary keys being generated fails. Should this be changed to pass if at least one key generates, or one key of each type (RSA,DH, etc...)? The following note is taken from the comments on the original 56027 bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=56027#c14
When you say at boot time, this means started as a service? This looks like a blocked read from /dev/urandom due to not enough entropy. Think there are some solutions to that. Google.
I think we should just drop support for RSA-512, anyway. It should be considered insecure, which is probably why ken-generation fails (due to FIPS restrictions).
OK. Think I get more clearer picture now. There are two things we should do inside ssl_tmp_key_init_rsa function 1. Use RSA_generate_key_ex function 2. Be tolerant on keys < 1024 bits if OPENSSL_FIPS is defined because they are supposed to fail as per fips-140 spec.
Note that there is a long-standing bug in httpd for what appears to be the same issue: bug #51186.
Please verify if the patch in SVN fixes the issue https://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/native/src/ssl.c?r1=1559182&r2=1587896&view=patch Also verify if everything is working as expected, not just if it boots so I can resolve this issue.
Mladen, Confirm, your patch resolves the issue with Tomcat Native failing to start in FIPS mode. Pulled the stock 1.1.30 TCN source, applied your patch, and built/installed TCN. On our RHEL6 box with FIPS enabled at boot, our webapp started just fine and performed as expected. I think a case could be made for also tweaking the logic in SSL_TMP_KEYS_INIT() so that things should continue if at least one temporary key can be created. There may be reasons for aborting if all 'required' keys are not able to be created. Not familiar with the Tomcat BZ system for closing bugs - do I need to mark as resolved?
OK, Thanks for confirming the fix. I think that this is special issue caused by FIPS standard which rejects all RSA keys less then 1024 bit, so no further tweaking is needed thought. Closing the issue.