Bug 1039105

Summary: Disable RSA and DSA key generation for keys <2048 bits in the FIPS mode
Product: Red Hat Enterprise Linux 6 Reporter: Tomas Mraz <tmraz>
Component: opensslAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: Alicja Kario <hkario>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.5CC: arubin, hkario, pwouters, sgrubb, tlavigne, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openssl-1.0.1e-21.el6 Doc Type: Enhancement
Doc Text:
It is now possible to disable generation of RSA and DSA key lengths that do not conform to NIST SP800-131a specification in the FIPS mode. If this variable is present in the environment the RSA and DSA keys and the OpenSSL library runs in the FIPS mode the RSA and DSA keys smaller than 2048 bits cannot be generated.
 Story Points: ---
Clone Of:
: 1088154 (view as bug list) Environment:
Last Closed: 2014-10-14 07:18:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1013077, 1064978, 1088154, 1741317    

Description Tomas Mraz 2013-12-06 16:20:57 UTC 
We need to disable the key generation of RSA and DSA keys < 2048 bits in the FIPS mode.

This is needed to fulfill the NIST SP800-131a specification. It is not strictly required for FIPS-140-2 conformance but we want to make it easier to not break the SP800-131a inadvertently by customers and applications.
Comment 1 Paul Wouters 2013-12-06 21:10:11 UTC 
libreswan does not allow anything smaller than 2192.

openswan does allow that, unless the limitation is enforced by nss, as it is using the PK11_GenerateKeyPair() call for these. If this should be enforced within openswan, please let me know and/or create a bug for it.
Comment 2 Tomas Mraz 2013-12-09 07:59:41 UTC 
Paul, it is not necessary to enforce in the code. It is sufficient to document that for compliance with SP800-131a RSA and DSA keys >= 2048 bits must be used.
Comment 3 Paul Wouters 2013-12-09 17:29:54 UTC 
Well, as upstream I also would like to only allow secure features in security software. But I'll mark it as a bug in the upstream libreswan tracker :)
Comment 7 Alicja Kario 2014-06-17 09:40:13 UTC 
To enforce this key generation limits, the environment variable OPENSSL_ENFORCE_MODULUS_BITS must be set.
Comment 13 errata-xmlrpc 2014-10-14 07:18:42 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1525.html