On Mon, Sep 10, 2018 at 02:52:00PM +0000, Alessandro Gherardi wrote: > I changed the implementation of the other SHA digests to use EVP > also. I verified that, with these changes, scram-sha-256 works when > FIPS is enabled. Hm... I have spent a couple of hours setting up a CentOS 7 VM with FIPS enabled to track down if there is actually a problem. Here is what I have done to enable it: 1) yum install dracut-fips dracut -v -f 2) Update boot loader, where it is necessary to update GRUB_CMDLINE_LINUX by adding to it "fips=1 boot=UUID=$PARTITION_UUID" into /etc/default/grub. PARTITION_UUID can be found with "blkid=/boot" (depends on the partition layer by the way). 3) Disable prelinking (requires installation of package prelink) by adding PRELINKING=no to /etc/sysconfig/prelink, then remove existing prelinks with "prelink -u -a". After a reboot, it is possible to see /proc/sys/crypto/fips_enabled set to 1. Once I did that, unfortunately I have not been able to spot deficiencies when calling the low-level SHA APIs from OpenSSL, where both SCRAM and all the in-core SSL functions are proving to work correctly. Calling directly FIPS_mode() within Postgres backends also prove that FIPS is effectively enabled. Anyway, on top of the remark Alessandro has done above, this line from the OpenSSL docs has caught my eyes: https://www.openssl.org/docs/man1.1.0/crypto/SHA512_Init.html "Applications should use the higher level functions EVP_DigestInit etc. instead of calling the hash functions directly." This is present in OpenSSL docs for some time: commit: 4facdbb5fa9d791fc72dc78b9c3512ea1384df33 author: Ulf Möller <ulf@xxxxxxxxxxx> date: Sun, 6 Feb 2000 23:26:31 +0000 Hence, intrinsically, we are in contradiction with the upstream docs. I have worked on the problem with the patch, which works down to OpenSSL 0.9.8, and should fix your issue. This is based on what you sent previously, except that I was not able to apply what was sent, so I reworked the whole. Alessandro, does this fix your problems? I would like to apply that down to v10 where SCRAM has been introduced. -- Michael
Attachment:
signature.asc
Description: PGP signature
