Forum

Private RSA key files load properly, and work, under Hiawatha 7.8.2 and older. However under 8.4 and 8.3.2, using either the official source tarball and building the .deb, or using the unofficial Debian package for 8.4 from http://files.tuxhelp.org/hiawatha/ the key fails to load, resulting in hiawatha failing to start.

The RSA keyfile is generated per the instruction at http://hiawatha-webserver.org/howto/bindings , both self signed and registrar signed keys fails.

With 8.4 and 8.3.2, disabling the "SSLcertFile = /etc/hiawatha/serverkey.pem" line allows Hiawatha to start normally without TLS/SSL support.

Error Message
---
Starting webserver: Error loading RSA private key (-16896).
error!
---

No other error messages are generated.

Hiawatha version: 8.4 and 8.3.2 AMD64
Operating System: Ubuntu 12.04 (precise) LTS, Linux 3.2.0-25-generic x86_64

The errorcode -16896 stands for POLARSSL_ERR_RSA_KEY_CHECK_FAILED. This means that for some reason, PolarSSL detected an error while reading the private key. Are you sure the file access rights are oke and the file contains a valid certificate in PEM format?

During testing I granted unrestricted access to the file. If the file is not found a different errorcode is generated.

I believe the file contains a valid certificate in PEM format.

* A test file was generated following the directions on Hiawatha's HowTo Bindings page.
* It functions properly with Hiawatha 7.8.2 and older.
* The current signed certificate I now have in place with 7.8.2, which also does not work under 8.4, passes http://www.sslshopper.com/ssl-checker.html
* The key looks sensible when viewed with "openssl x509 -in serverkey.pem -text -noout".
* "openssl rsa -in serverkey.pem -check" responds with "RSA key ok".

I have found the problem.

Hiawatha 7.8.2 and older support RSA keys up to 8192 bytes. Hiawatha 8.4 and 8.3.2 only handle up to 4096 bytes.

Ah, that's true. If you want to change that, take a look at polarssl/include/polarssl/bignum.h (at your own risk of course).

A better error message would be good. "RSA private key exceeds 4096 bytes. Make a smaller RSA key, or adjust polarssl/include/polarssl/bignum.h (at your own risk)."

The polarssl bug is here: http://polarssl.org/trac/ticket/44

POLARSSL_ERR_RSA_KEY_CHECK_FAILED is all I get back from the PolarSSL library. That's not enough to determine that the bit size is the cause.

For others experiencing this problem...

As a workaround until PolarSSL fixes their default to be compatible with OpenSSL:

In polarssl/include/polarssl/bignum.h change:
#define POLARSSL_MPI_MAX_SIZE 512 /**< Maximum number of bytes for usable MPIs. */
to:
#define POLARSSL_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */

And change:
#define POLARSSL_MPI_READ_BUFFER_SIZE 1250
to:
#define POLARSSL_MPI_READ_BUFFER_SIZE 2484

I have tested this against Hiawatha 8.4 with PolarSSL updated to the latest release, 1.1.4, but believe it will also work with 8.4 as-is.

I have submitted a patch upstream to make POLARSSL_MPI_READ_BUFFER_SIZE auto-sized at compile time, so in the future, the second change should not be necessary.