Michael Schroeder <m...@suse.de> writes: > On Mon, Nov 01, 2021 at 04:37:21PM +0100, Justus Winter wrote: >> Pointing to openssl or gcrypt doesn't really fly. gcrypt and openssl >> (at least the interface that RPM uses) are providing mechanisms without >> policy. > > Most distros have patches that make the crypto libraries read > /proc/sys/crypto/fips_enabled and enforce restrictions in FIPS mode.
I understand that. I also know how to programmatically put gcrypt and openssl into FIPS mode. Please see my test program: https://sequoia-pgp.org/tmp/fipstest.c My point is the following. If RPM relies on policies enforced by the underlying crypto libraries, such as FIPS, and there is no additional mechanism in RPM, then RPM is unfortunately not following best practices when it comes to sunsetting insecure hash algorithms. Again, if there is an additional mechanism that I haven't found yet, I'm sorry for the noise. Then again, noone pointed me to that. These are my findings for openSUSE 15.3: linux@localhost:~> ./fipstest gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl allows MD5 openssl has SHA1 openssl allows SHA1 linux@localhost:~> ./fipstest turn on fips mode please WARN: Failed to get gcrypt into fips mode WARN: The current version of OpenSSL is not FIPS-capable. WARN: Failed to get openssl into FIPS mode gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl has SHA1 linux@localhost:~> sudo mkdir /etc/gcrypt linux@localhost:~> sudo touch /etc/gcrypt/fips_enabled linux@localhost:~> ./fipstest turn on fips mode please WARN: Failed to get gcrypt into fips mode WARN: The current version of OpenSSL is not FIPS-capable. WARN: Failed to get openssl into FIPS mode gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl has SHA1 So indeed, if I enable FIPS mode, openssl no longer allows MD5 or SHA1 to be used. Unfortunately, that doesn't help RPM, because on openSUSE, RPM links against gcrypt, which allows both MD5 and SHA1: linux@localhost:~> ldd /bin/rpm | grep gcrypt libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007f5f5ddcb000) These are my findings for SLES 15sp3: jj@localhost:~> ./fipstest gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl allows MD5 openssl has SHA1 openssl allows SHA1 jj@localhost:~> ./fipstest enable fips mode please WARN: Failed to get gcrypt into fips mode WARN: The current version of OpenSSL is not FIPS-capable. WARN: Failed to get openssl into FIPS mode gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl has SHA1 jj@localhost:~> sudo mkdir /etc/gcrypt [sudo] password for root: jj@localhost:~> sudo touch /etc/gcrypt/fips_enabled jj@localhost:~> ./fipstest enable fips mode please WARN: Failed to get gcrypt into fips mode WARN: The current version of OpenSSL is not FIPS-capable. WARN: Failed to get openssl into FIPS mode gcrypt allows MD5 gcrypt allows SHA1 openssl has MD5 openssl has SHA1 jj@localhost:~> ldd /bin/rpm | grep gcrypt libgcrypt.so.20 => /usr/lib64/libgcrypt.so.20 (0x00007fac0729a000) So, same as openSUSE. I conclude that both openSUSE's and SLES' RPM accept MD5 and SHA1 binding signatures and signatures over RPMs. Justus
signature.asc
Description: PGP signature
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint