| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Alessandro Gherardi <alessandro(dot)gherardi(at)yahoo(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: scram-sha-256 authentication broken in FIPS mode |
| Date: | 2018-09-11 03:02:50 |
| Message-ID: | 20180911030250.GA27115@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Sep 10, 2018 at 02:52:00PM +0000, Alessandro Gherardi wrote:
> I changed the implementation of the other SHA digests to use EVP
> also. I verified that, with these changes, scram-sha-256 works when
> FIPS is enabled.
Hm... I have spent a couple of hours setting up a CentOS 7 VM with FIPS
enabled to track down if there is actually a problem. Here is what I
have done to enable it:
1) yum install dracut-fips
dracut -v -f
2) Update boot loader, where it is necessary to update
GRUB_CMDLINE_LINUX by adding to it "fips=1 boot=UUID=$PARTITION_UUID"
into /etc/default/grub. PARTITION_UUID can be found with "blkid=/boot"
(depends on the partition layer by the way).
3) Disable prelinking (requires installation of package prelink) by
adding PRELINKING=no to /etc/sysconfig/prelink, then remove existing
prelinks with "prelink -u -a".
After a reboot, it is possible to see /proc/sys/crypto/fips_enabled set
to 1. Once I did that, unfortunately I have not been able to spot
deficiencies when calling the low-level SHA APIs from OpenSSL, where
both SCRAM and all the in-core SSL functions are proving to work
correctly. Calling directly FIPS_mode() within Postgres backends also
prove that FIPS is effectively enabled. Anyway, on top of the remark
Alessandro has done above, this line from the OpenSSL docs has caught my
eyes:
https://www.openssl.org/docs/man1.1.0/crypto/SHA512_Init.html
"Applications should use the higher level functions EVP_DigestInit
etc. instead of calling the hash functions directly."
This is present in OpenSSL docs for some time:
commit: 4facdbb5fa9d791fc72dc78b9c3512ea1384df33
author: Ulf Möller <ulf(at)openssl(dot)org>
date: Sun, 6 Feb 2000 23:26:31 +0000
Hence, intrinsically, we are in contradiction with the upstream docs. I
have worked on the problem with the patch, which works down to OpenSSL
0.9.8, and should fix your issue. This is based on what you sent
previously, except that I was not able to apply what was sent, so I
reworked the whole. Alessandro, does this fix your problems? I would
like to apply that down to v10 where SCRAM has been introduced.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2018-09-11 03:09:00 | Re: scram-sha-256 authentication broken in FIPS mode |
| Previous Message | Jeremy Schneider | 2018-09-10 22:57:09 | survey: pg_stat_statements total_time and entry deallocation |