2087121 – ssh-keygen generates RSA keys of less than 2048 bits in FIPS mode

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2087121 - ssh-keygen generates RSA keys of less than 2048 bits in FIPS mode

Summary: ssh-keygen generates RSA keys of less than 2048 bits in FIPS mode

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	9.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Dmitry Belyavskiy
QA Contact:	Marek Havrila
Docs Contact:	Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:	2092504
TreeView+	depends on / blocked

Reported:	2022-05-17 11:25 UTC by Ondrej Moriš
Modified:	2022-11-15 13:18 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	.OpenSSH key generation uses FIPS-compatible interfaces The OpenSSL cryptographic library, which is used by OpenSSH, provides two interfaces: legacy and modern. Previously, OpenSSH used the legacy interface for key generation, which did not comply with Federal Information Processing Standards (FIPS) requirements. With this update, the `ssh-keygen` utility uses the FIPS-compliant API instead of the low-level FIPS-incompatible API. As a result, OpenSSH key generation is FIPS-compliant.
Clone Of:
Clones:	2092504 (view as bug list)
Environment:
Last Closed:	2022-11-15 11:21:44 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	CRYPTO-7254	None	None	None	2022-05-17 12:24:46 UTC
Red Hat Issue Tracker	RHELPLAN-122346	None	None	None	2022-05-17 11:42:44 UTC
Red Hat Product Errata	RHBA-2022:8375	None	None	None	2022-11-15 11:21:59 UTC

Description Ondrej Moriš 2022-05-17 11:25:53 UTC

Description of problem:

Based on NIST Special Publication 800-131A (Revision 2) the length of the modulus n shall be 2048 bits or more for RSA. This was enforced in RHEL-8 and ssh-keygen refused to generate RSA keys smaller than 2048 bits in FIPS. However, this no longer works in RHEL-9.0. 

Version-Release number of selected component (if applicable):

openssh-8.7p1-8.el9

How reproducible:

100% in FIPS mode

Steps to Reproduce:

1. Enable FIPS mode
   # fips-mode-setup --enable && reboot

2. Generate SSH RSA key of size smaller than 2048 bits.
   # ssh-keygen -b 1024 -t rsa -N '' -f /root/.ssh/id_rsa

Actual results:

Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:VEflCzzZ1uaM85mZn1z3uQakLRcnTJXN6br+rBEfCsc root.lab.eng.bos.redhat.com
The key's randomart image is:
+---[RSA 1024]----+
|          ..o.oo+|
|         . o = +o|
|        .   B = o|
|       .    .O O |
|        S  .+EO.o|
|           oo=+o*|
|            ooo*+|
|             .+.B|
|            .o+B+|
+----[SHA256]-----+

Expected results:

rsa_generate_private_key: the key length might be unsupported by FIPS mode approved key generation method
sshkey_generate failed

Comment 9 Dmitry Belyavskiy 2022-06-30 16:14:02 UTC

We also should use the FIPS friendly method for EC keys.

Comment 18 errata-xmlrpc 2022-11-15 11:21:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (openssh bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8375

Note You need to log in before you can comment on or make changes to this bug.