Re: scram-sha-256 authentication broken in FIPS mode

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Alessandro Gherardi <alessandro(dot)gherardi(at)yahoo(dot)com>
Cc: "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: scram-sha-256 authentication broken in FIPS mode
Date: 2018-09-11 03:02:50
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-general

On Mon, Sep 10, 2018 at 02:52:00PM +0000, Alessandro Gherardi wrote:
> I changed the implementation of the other SHA digests to use EVP
> also. I verified that, with these changes, scram-sha-256 works when
> FIPS is enabled.

Hm... I have spent a couple of hours setting up a CentOS 7 VM with FIPS
enabled to track down if there is actually a problem. Here is what I
have done to enable it:
1) yum install dracut-fips
dracut -v -f
2) Update boot loader, where it is necessary to update
GRUB_CMDLINE_LINUX by adding to it "fips=1 boot=UUID=$PARTITION_UUID"
into /etc/default/grub. PARTITION_UUID can be found with "blkid=/boot"
(depends on the partition layer by the way).
3) Disable prelinking (requires installation of package prelink) by
adding PRELINKING=no to /etc/sysconfig/prelink, then remove existing
prelinks with "prelink -u -a".

After a reboot, it is possible to see /proc/sys/crypto/fips_enabled set
to 1. Once I did that, unfortunately I have not been able to spot
deficiencies when calling the low-level SHA APIs from OpenSSL, where
both SCRAM and all the in-core SSL functions are proving to work
correctly. Calling directly FIPS_mode() within Postgres backends also
prove that FIPS is effectively enabled. Anyway, on top of the remark
Alessandro has done above, this line from the OpenSSL docs has caught my
"Applications should use the higher level functions EVP_DigestInit
etc. instead of calling the hash functions directly."

This is present in OpenSSL docs for some time:
commit: 4facdbb5fa9d791fc72dc78b9c3512ea1384df33
author: Ulf Möller <ulf(at)openssl(dot)org>
date: Sun, 6 Feb 2000 23:26:31 +0000

Hence, intrinsically, we are in contradiction with the upstream docs. I
have worked on the problem with the patch, which works down to OpenSSL
0.9.8, and should fix your issue. This is based on what you sent
previously, except that I was not able to apply what was sent, so I
reworked the whole. Alessandro, does this fix your problems? I would
like to apply that down to v10 where SCRAM has been introduced.

In response to


Browse pgsql-general by date

  From Date Subject
Next Message Michael Paquier 2018-09-11 03:09:00 Re: scram-sha-256 authentication broken in FIPS mode
Previous Message Jeremy Schneider 2018-09-10 22:57:09 survey: pg_stat_statements total_time and entry deallocation