Postgres Pro
Downloads
Home   >   mailing lists

Re: scram-sha-256 authentication broken in FIPS mode - Mailing list pgsql-general

From Michael Paquier
Subject Re: scram-sha-256 authentication broken in FIPS mode
Date
Msg-id 20180911030250.GA27115@paquier.xyz
Whole thread Raw
In response to Re: scram-sha-256 authentication broken in FIPS mode  (Alessandro Gherardi <alessandro.gherardi@yahoo.com>)
Responses Re: scram-sha-256 authentication broken in FIPS mode  (Michael Paquier <michael@paquier.xyz>)
Re: scram-sha-256 authentication broken in FIPS mode  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
List pgsql-general
Tree view 
On Mon, Sep 10, 2018 at 02:52:00PM +0000, Alessandro Gherardi wrote:
> I changed the implementation of the other SHA digests to use EVP
> also.  I verified that, with these changes, scram-sha-256 works when
> FIPS is enabled.

Hm...  I have spent a couple of hours setting up a CentOS 7 VM with FIPS
enabled to track down if there is actually a problem.  Here is what I
have done to enable it:
1) yum install dracut-fips
dracut -v -f
2) Update boot loader, where it is necessary to update
GRUB_CMDLINE_LINUX by adding to it "fips=1 boot=UUID=$PARTITION_UUID"
into /etc/default/grub.  PARTITION_UUID can be found with "blkid=/boot"
(depends on the partition layer by the way).
3) Disable prelinking (requires installation of package prelink) by
adding PRELINKING=no to /etc/sysconfig/prelink, then remove existing
prelinks with "prelink -u -a".

After a reboot, it is possible to see /proc/sys/crypto/fips_enabled set
to 1.  Once I did that, unfortunately I have not been able to spot
deficiencies when calling the low-level SHA APIs from OpenSSL, where
both SCRAM and all the in-core SSL functions are proving to work
correctly.  Calling directly FIPS_mode() within Postgres backends also
prove that FIPS is effectively enabled.  Anyway, on top of the remark
Alessandro has done above, this line from the OpenSSL docs has caught my
eyes:
https://www.openssl.org/docs/man1.1.0/crypto/SHA512_Init.html
"Applications should use the higher level functions EVP_DigestInit
etc. instead of calling the hash functions directly."

This is present in OpenSSL docs for some time:
commit: 4facdbb5fa9d791fc72dc78b9c3512ea1384df33
author: Ulf Möller <ulf@openssl.org>
date: Sun, 6 Feb 2000 23:26:31 +0000

Hence, intrinsically, we are in contradiction with the upstream docs.  I
have worked on the problem with the patch, which works down to OpenSSL
0.9.8, and should fix your issue.  This is based on what you sent
previously, except that I was not able to apply what was sent, so I
reworked the whole.  Alessandro, does this fix your problems?  I would
like to apply that down to v10 where SCRAM has been introduced.
--
Michael
Attachment

pgsql-general by date:

Previous
From: Jeremy Schneider
Date:
Subject: survey: pg_stat_statements total_time and entry deallocation
Next
From: Michael Paquier
Date:
Subject: Re: scram-sha-256 authentication broken in FIPS mode