1039105 – Disable RSA and DSA key generation for keys <2048 bits in the FIPS mode

Bug 1039105 - Disable RSA and DSA key generation for keys <2048 bits in the FIPS mode

Summary: Disable RSA and DSA key generation for keys <2048 bits in the FIPS mode

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	openssl
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:	Hubert Kario
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHEL6.6FIPS140 1064978 1088154 1741317
TreeView+	depends on / blocked

Reported:	2013-12-06 16:20 UTC by Tomas Mraz
Modified:	2019-08-14 18:28 UTC (History)
CC List:	6 users (show)
Fixed In Version:	openssl-1.0.1e-21.el6
Doc Type:	Enhancement
Doc Text:	It is now possible to disable generation of RSA and DSA key lengths that do not conform to NIST SP800-131a specification in the FIPS mode. If this variable is present in the environment the RSA and DSA keys and the OpenSSL library runs in the FIPS mode the RSA and DSA keys smaller than 2048 bits cannot be generated.
Clone Of:
Clones:	1088154 (view as bug list)
Environment:
Last Closed:	2014-10-14 07:18:42 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1525	0	normal	SHIPPED_LIVE	openssl bug fix and enhancement update	2014-10-14 01:22:05 UTC

Description Tomas Mraz 2013-12-06 16:20:57 UTC

We need to disable the key generation of RSA and DSA keys < 2048 bits in the FIPS mode.

This is needed to fulfill the NIST SP800-131a specification. It is not strictly required for FIPS-140-2 conformance but we want to make it easier to not break the SP800-131a inadvertently by customers and applications.

Comment 1 Paul Wouters 2013-12-06 21:10:11 UTC

libreswan does not allow anything smaller than 2192.

openswan does allow that, unless the limitation is enforced by nss, as it is using the PK11_GenerateKeyPair() call for these. If this should be enforced within openswan, please let me know and/or create a bug for it.

Comment 2 Tomas Mraz 2013-12-09 07:59:41 UTC

Paul, it is not necessary to enforce in the code. It is sufficient to document that for compliance with SP800-131a RSA and DSA keys >= 2048 bits must be used.

Comment 3 Paul Wouters 2013-12-09 17:29:54 UTC

Well, as upstream I also would like to only allow secure features in security software. But I'll mark it as a bug in the upstream libreswan tracker :)

Comment 7 Hubert Kario 2014-06-17 09:40:13 UTC

To enforce this key generation limits, the environment variable OPENSSL_ENFORCE_MODULUS_BITS must be set.

Comment 13 errata-xmlrpc 2014-10-14 07:18:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1525.html

Note You need to log in before you can comment on or make changes to this bug.