Bug 2087121

Summary: ssh-keygen generates RSA keys of less than 2048 bits in FIPS mode
Product: Red Hat Enterprise Linux 9 Reporter: Ondrej Moriš <omoris>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED ERRATA QA Contact: Marek Havrila <mhavrila>
Severity: medium Docs Contact: Jan Fiala <jafiala>
Priority: medium    
Version: 9.0CC: dbelyavs, hkario, jafiala, jjelen, mhavrila, mjahoda
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
.OpenSSH key generation uses FIPS-compatible interfaces The OpenSSL cryptographic library, which is used by OpenSSH, provides two interfaces: legacy and modern. Previously, OpenSSH used the legacy interface for key generation, which did not comply with Federal Information Processing Standards (FIPS) requirements. With this update, the `ssh-keygen` utility uses the FIPS-compliant API instead of the low-level FIPS-incompatible API. As a result, OpenSSH key generation is FIPS-compliant.
 Story Points: ---
Clone Of:
: 2092504 (view as bug list) Environment:
Last Closed: 2022-11-15 11:21:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2092504    

Description Ondrej Moriš 2022-05-17 11:25:53 UTC 
Description of problem:

Based on NIST Special Publication 800-131A (Revision 2) the length of the modulus n shall be 2048 bits or more for RSA. This was enforced in RHEL-8 and ssh-keygen refused to generate RSA keys smaller than 2048 bits in FIPS. However, this no longer works in RHEL-9.0. 

Version-Release number of selected component (if applicable):

openssh-8.7p1-8.el9

How reproducible:

100% in FIPS mode

Steps to Reproduce:

1. Enable FIPS mode
   # fips-mode-setup --enable && reboot

2. Generate SSH RSA key of size smaller than 2048 bits.
   # ssh-keygen -b 1024 -t rsa -N '' -f /root/.ssh/id_rsa

Actual results:

Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:VEflCzzZ1uaM85mZn1z3uQakLRcnTJXN6br+rBEfCsc root.lab.eng.bos.redhat.com
The key's randomart image is:
+---[RSA 1024]----+
|          ..o.oo+|
|         . o = +o|
|        .   B = o|
|       .    .O O |
|        S  .+EO.o|
|           oo=+o*|
|            ooo*+|
|             .+.B|
|            .o+B+|
+----[SHA256]-----+

Expected results:

rsa_generate_private_key: the key length might be unsupported by FIPS mode approved key generation method
sshkey_generate failed
Comment 9 Dmitry Belyavskiy 2022-06-30 16:14:02 UTC 
We also should use the FIPS friendly method for EC keys.
Comment 18 errata-xmlrpc 2022-11-15 11:21:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8375