Re: F41 Change Proposal: Make OpenSSL distrust SHA-1 signatures by default (system-wide)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

> On 5. Jul 2024, at 14:49, Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:
> 
> On Fri, Jul 05, 2024 at 02:37:41PM +0200, Clemens Lang wrote:
>> 
>> 
>> Please start addressing this with whoever maintains the TPM specification.
> 
> The TPM spec is maintained by the Trusted Computing Group, and I have
> no influence there.

You could try to bring it up with them, on a mailing list, for example. Have you tried?


>> SHA-1 already doesn’t work in FIPS mode, so anything that breaks with this
>> change is already broken in FIPS mode, and the deprecation of SHA-1 will
>> only continue to cause more and more problems.
> 
> swtpm works around that be unconditionally disabling FIPS mode in openssl
> already.
> 
> This is fine, because the guest OS can put itself in FIPS mode, which
> will prevent it from using the undesirable algorithms, even if the TPM
> exposes them.

No, this is a misconception. FIPS mode does not just disable algorithms, it also enables additional selftests and code paths, and changes the behavior of random number generators and key generation.

If your guest OS is in FIPS mode and uses cryptography from swtpm, that cryptography is still not FIPS compliant, and you should not misrepresent it to be. In fact, we should probably add it to the list of packages that do not use FIPS compliant cryptography in RHEL at [1, 2] if it isn’t on there yet.

Please don’t make such decisions (for RHEL) without talking to the crypto team. On Fedora, we don’t make any claims as to FIPS-ness of the operating system, so it’s fine there, but probably also not a great idea.


>> An alternative is to run swtpm with OPENSSL_CONF in the environment
>> pointing to an alternative openssl configuration file that re-enables
>> SHA-1. You could maintain this configuration file together with swtpm.
> 
> Can custom openssl config files "inherit"  from the primary one.
> ie can we have a config file that just references the primary,
> while toggling only the sha1 setting, so we're not overriding
> all the openssl config settings ?

The OpenSSL configuration file format has an include directive, so you may be able to set this up.


[1]: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#ref_list-of-rhel-applications-using-cryptography-that-is-not-compliant-with-fips-140-2_using-the-system-wide-cryptographic-policies
[2]: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#ref_list-of-rhel-applications-using-cryptography-that-is-not-compliant-with-fips-140-3_using-the-system-wide-cryptographic-policies



-- 
Clemens Lang
RHEL Crypto Team
Red Hat



-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux