[Rpm-maint] Porting RPM to Sequoia PGP
Justus Winter
justus at sequoia-pgp.org
Tue Nov 2 14:47:52 UTC 2021
Michael Schroeder <mls at suse.de> writes:
> On Mon, Nov 01, 2021 at 04:37:21PM +0100, Justus Winter wrote:
>> Pointing to openssl or gcrypt doesn't really fly. gcrypt and openssl
>> (at least the interface that RPM uses) are providing mechanisms without
>> policy.
>
> Most distros have patches that make the crypto libraries read
> /proc/sys/crypto/fips_enabled and enforce restrictions in FIPS mode.
I understand that. I also know how to programmatically put gcrypt
and openssl into FIPS mode. Please see my test program:
https://sequoia-pgp.org/tmp/fipstest.c
My point is the following. If RPM relies on policies enforced by the
underlying crypto libraries, such as FIPS, and there is no additional
mechanism in RPM, then RPM is unfortunately not following best practices
when it comes to sunsetting insecure hash algorithms.
Again, if there is an additional mechanism that I haven't found yet, I'm
sorry for the noise. Then again, noone pointed me to that.
These are my findings for openSUSE 15.3:
linux at localhost:~> ./fipstest
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl allows MD5
openssl has SHA1
openssl allows SHA1
linux at localhost:~> ./fipstest turn on fips mode please
WARN: Failed to get gcrypt into fips mode
WARN: The current version of OpenSSL is not FIPS-capable.
WARN: Failed to get openssl into FIPS mode
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl has SHA1
linux at localhost:~> sudo mkdir /etc/gcrypt
linux at localhost:~> sudo touch /etc/gcrypt/fips_enabled
linux at localhost:~> ./fipstest turn on fips mode please
WARN: Failed to get gcrypt into fips mode
WARN: The current version of OpenSSL is not FIPS-capable.
WARN: Failed to get openssl into FIPS mode
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl has SHA1
So indeed, if I enable FIPS mode, openssl no longer allows MD5 or SHA1
to be used. Unfortunately, that doesn't help RPM, because on openSUSE,
RPM links against gcrypt, which allows both MD5 and SHA1:
linux at localhost:~> ldd /bin/rpm | grep gcrypt
libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007f5f5ddcb000)
These are my findings for SLES 15sp3:
jj at localhost:~> ./fipstest
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl allows MD5
openssl has SHA1
openssl allows SHA1
jj at localhost:~> ./fipstest enable fips mode please
WARN: Failed to get gcrypt into fips mode
WARN: The current version of OpenSSL is not FIPS-capable.
WARN: Failed to get openssl into FIPS mode
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl has SHA1
jj at localhost:~> sudo mkdir /etc/gcrypt
[sudo] password for root:
jj at localhost:~> sudo touch /etc/gcrypt/fips_enabled
jj at localhost:~> ./fipstest enable fips mode please
WARN: Failed to get gcrypt into fips mode
WARN: The current version of OpenSSL is not FIPS-capable.
WARN: Failed to get openssl into FIPS mode
gcrypt allows MD5
gcrypt allows SHA1
openssl has MD5
openssl has SHA1
jj at localhost:~> ldd /bin/rpm | grep gcrypt
libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007fac0729a000)
So, same as openSUSE.
I conclude that both openSUSE's and SLES' RPM accept MD5 and SHA1
binding signatures and signatures over RPMs.
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211102/eeb2c355/attachment.asc>
More information about the Rpm-maint
mailing list