Home > mailing lists

scram-sha-256 authentication broken in FIPS mode - Mailing list pgsql-general

From	Alessandro Gherardi
Subject	scram-sha-256 authentication broken in FIPS mode
Date	September 5, 2018 09:29:31
Msg-id	898098721.1290085.1536118171911@mail.yahoo.com Whole thread Raw
Responses	Re: scram-sha-256 authentication broken in FIPS mode (Michael Paquier <michael@paquier.xyz>)
List	pgsql-general

Tree view

It looks like scram-sha-256 doesn't work when postgres is linked against FIPS-enabled OpenSSL and FIPS mode is turned on.

Specifically, all login attempts fail with an OpenSSL error saying something along the lines of "Low level API call to digest SHA256 forbidden in fips mode".

I think this issue could be solved by refactoring the code in sha2_openssl.c to use the OpenSSL EVP interface (see https://wiki.openssl.org/index.php/EVP_Message_Digests ).

Any thoughts? Is this a known issue?

Thank you in advance.

Alessandro

pgsql-general by date:

From: Dimitri Maziuk
Date: 05 September 2018, 00:46:06
Subject: Re: PostgreSQL: Copy from File missing data error

From: Michael Paquier
Date: 05 September 2018, 10:27:17
Subject: Re: scram-sha-256 authentication broken in FIPS mode

scram-sha-256 authentication broken in FIPS mode - Mailing list pgsql-general

Previous

Next