Re: scram-sha-256 authentication broken in FIPS mode

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Alessandro Gherardi <alessandro(dot)gherardi(at)yahoo(dot)com>
Cc: "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: scram-sha-256 authentication broken in FIPS mode
Date: 2018-09-11 03:02:50
Message-ID: 20180911030250.GA27115@paquier.xyz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Mon, Sep 10, 2018 at 02:52:00PM +0000, Alessandro Gherardi wrote:
> I changed the implementation of the other SHA digests to use EVP
> also. I verified that, with these changes, scram-sha-256 works when
> FIPS is enabled.

Hm... I have spent a couple of hours setting up a CentOS 7 VM with FIPS
enabled to track down if there is actually a problem. Here is what I
have done to enable it:
1) yum install dracut-fips
dracut -v -f
2) Update boot loader, where it is necessary to update
GRUB_CMDLINE_LINUX by adding to it "fips=1 boot=UUID=$PARTITION_UUID"
into /etc/default/grub. PARTITION_UUID can be found with "blkid=/boot"
(depends on the partition layer by the way).
3) Disable prelinking (requires installation of package prelink) by
adding PRELINKING=no to /etc/sysconfig/prelink, then remove existing
prelinks with "prelink -u -a".

After a reboot, it is possible to see /proc/sys/crypto/fips_enabled set
to 1. Once I did that, unfortunately I have not been able to spot
deficiencies when calling the low-level SHA APIs from OpenSSL, where
both SCRAM and all the in-core SSL functions are proving to work
correctly. Calling directly FIPS_mode() within Postgres backends also
prove that FIPS is effectively enabled. Anyway, on top of the remark
Alessandro has done above, this line from the OpenSSL docs has caught my
eyes:
https://www.openssl.org/docs/man1.1.0/crypto/SHA512_Init.html
"Applications should use the higher level functions EVP_DigestInit
etc. instead of calling the hash functions directly."

This is present in OpenSSL docs for some time:
commit: 4facdbb5fa9d791fc72dc78b9c3512ea1384df33
author: Ulf Möller <ulf(at)openssl(dot)org>
date: Sun, 6 Feb 2000 23:26:31 +0000

Hence, intrinsically, we are in contradiction with the upstream docs. I
have worked on the problem with the patch, which works down to OpenSSL
0.9.8, and should fix your issue. This is based on what you sent
previously, except that I was not able to apply what was sent, so I
reworked the whole. Alessandro, does this fix your problems? I would
like to apply that down to v10 where SCRAM has been introduced.
--
Michael

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Michael Paquier 2018-09-11 03:09:00 Re: scram-sha-256 authentication broken in FIPS mode
Previous Message Jeremy Schneider 2018-09-10 22:57:09 survey: pg_stat_statements total_time and entry deallocation