Disable FIPS by application?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Disable FIPS by application?

Peter Wu-2
Hi,

Recently Wireshark has made Libgcrypt mandatory so we could drop the
bundled code for MD5, SHA1, DES, etc. Since some (older) protocols use
these algorithms, it must be supported.

However with FIPS mode enforced, these algorithms are not enabled. Is
there any workaround other than bundling the code again (sigh)? Like
requesting Libgcrypt not to enable FIPS mode from the application?

QEMU had a similar problem in the past with this mode:
https://lists.gnu.org/archive/html/gnutls-devel/2008-09/msg00063.html

Here is the output (from https://code.wireshark.org/review/20095):

    # echo 1 > /etc/gcrypt/fips_enabled
    $ ./run/capinfos -H /path/to/a.pcap
    error in libgcrypt, file fips.c, line 301, function _gcry_inactivate_fips_mode: MD5 used
    Ohhhh jeeee: ... this is a bug (md.c:809:md_read)
    fatal error in libgcrypt, file misc.c, line 140, function _gcry_logv: internal error (fatal or bug)
    Aborted (core dumped)
--
Kind regards,
Peter Wu
https://lekensteyn.nl

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Stephan Müller
Am Dienstag, 11. April 2017, 14:20:26 CEST schrieb Peter Wu:

Hi Peter,

> Hi,
>
> Recently Wireshark has made Libgcrypt mandatory so we could drop the
> bundled code for MD5, SHA1, DES, etc. Since some (older) protocols use
> these algorithms, it must be supported.
>
> However with FIPS mode enforced, these algorithms are not enabled. Is
> there any workaround other than bundling the code again (sigh)? Like
> requesting Libgcrypt not to enable FIPS mode from the application?

It is the idea of the FIPS mode to not allow MD5 and friends.

However, for FIPS 140-2 level 1 validations (this is the highest that can be
achieved by libgcrypt), there is *no* need for a techncial enforcement. I.e.
it is perfectly viable to drop all code that disallows ciphers when in FIPS
mode.

>
> QEMU had a similar problem in the past with this mode:
> https://lists.gnu.org/archive/html/gnutls-devel/2008-09/msg00063.html
>
> Here is the output (from https://code.wireshark.org/review/20095):
>
>     # echo 1 > /etc/gcrypt/fips_enabled
>     $ ./run/capinfos -H /path/to/a.pcap
>     error in libgcrypt, file fips.c, line 301, function
> _gcry_inactivate_fips_mode: MD5 used Ohhhh jeeee: ... this is a bug
> (md.c:809:md_read)
>     fatal error in libgcrypt, file misc.c, line 140, function _gcry_logv:
> internal error (fatal or bug) Aborted (core dumped)



Ciao
Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Peter Wu-2
On Tue, Apr 11, 2017 at 04:48:52PM +0200, Stephan Müller wrote:

> Am Dienstag, 11. April 2017, 14:20:26 CEST schrieb Peter Wu:
>
> Hi Peter,
>
> > Hi,
> >
> > Recently Wireshark has made Libgcrypt mandatory so we could drop the
> > bundled code for MD5, SHA1, DES, etc. Since some (older) protocols use
> > these algorithms, it must be supported.
> >
> > However with FIPS mode enforced, these algorithms are not enabled. Is
> > there any workaround other than bundling the code again (sigh)? Like
> > requesting Libgcrypt not to enable FIPS mode from the application?
>
> It is the idea of the FIPS mode to not allow MD5 and friends.

Yes, that's understood. The problem however is that the application is
not intended to be subject to this policy.

> However, for FIPS 140-2 level 1 validations (this is the highest that can be
> achieved by libgcrypt), there is *no* need for a techncial enforcement. I.e.
> it is perfectly viable to drop all code that disallows ciphers when in FIPS
> mode.

So is it possible to disable this enforcement in a Libgcrypt user?

Kind regards,
Peter

> >
> > QEMU had a similar problem in the past with this mode:
> > https://lists.gnu.org/archive/html/gnutls-devel/2008-09/msg00063.html
> >
> > Here is the output (from https://code.wireshark.org/review/20095):
> >
> >     # echo 1 > /etc/gcrypt/fips_enabled
> >     $ ./run/capinfos -H /path/to/a.pcap
> >     error in libgcrypt, file fips.c, line 301, function
> > _gcry_inactivate_fips_mode: MD5 used Ohhhh jeeee: ... this is a bug
> > (md.c:809:md_read)
> >     fatal error in libgcrypt, file misc.c, line 140, function _gcry_logv:
> > internal error (fatal or bug) Aborted (core dumped)
>
>
>
> Ciao
> Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Stephan Müller
Am Dienstag, 11. April 2017, 16:59:06 CEST schrieb Peter Wu:

Hi Peter,

> On Tue, Apr 11, 2017 at 04:48:52PM +0200, Stephan Müller wrote:
> > Am Dienstag, 11. April 2017, 14:20:26 CEST schrieb Peter Wu:
> >
> > Hi Peter,
> >
> > > Hi,
> > >
> > > Recently Wireshark has made Libgcrypt mandatory so we could drop the
> > > bundled code for MD5, SHA1, DES, etc. Since some (older) protocols use
> > > these algorithms, it must be supported.
> > >
> > > However with FIPS mode enforced, these algorithms are not enabled. Is
> > > there any workaround other than bundling the code again (sigh)? Like
> > > requesting Libgcrypt not to enable FIPS mode from the application?
> >
> > It is the idea of the FIPS mode to not allow MD5 and friends.
>
> Yes, that's understood. The problem however is that the application is
> not intended to be subject to this policy.

That is the common crux of the matter :-)
>
> > However, for FIPS 140-2 level 1 validations (this is the highest that can
> > be achieved by libgcrypt), there is *no* need for a techncial
> > enforcement. I.e. it is perfectly viable to drop all code that disallows
> > ciphers when in FIPS mode.
>
> So is it possible to disable this enforcement in a Libgcrypt user?

It is permissible to disable the enforcement of the cipher restrictions. Other
FIPS related enforcements cannot be removed.

Ciao
Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Peter Wu-2
On Tue, Apr 11, 2017 at 05:14:29PM +0200, Stephan Müller wrote:

> Am Dienstag, 11. April 2017, 16:59:06 CEST schrieb Peter Wu:
>
> Hi Peter,
>
> > On Tue, Apr 11, 2017 at 04:48:52PM +0200, Stephan Müller wrote:
> > > Am Dienstag, 11. April 2017, 14:20:26 CEST schrieb Peter Wu:
> > >
> > > Hi Peter,
> > >
> > > > Hi,
> > > >
> > > > Recently Wireshark has made Libgcrypt mandatory so we could drop the
> > > > bundled code for MD5, SHA1, DES, etc. Since some (older) protocols use
> > > > these algorithms, it must be supported.
> > > >
> > > > However with FIPS mode enforced, these algorithms are not enabled. Is
> > > > there any workaround other than bundling the code again (sigh)? Like
> > > > requesting Libgcrypt not to enable FIPS mode from the application?
> > >
> > > It is the idea of the FIPS mode to not allow MD5 and friends.
> >
> > Yes, that's understood. The problem however is that the application is
> > not intended to be subject to this policy.
>
> That is the common crux of the matter :-)
> >
> > > However, for FIPS 140-2 level 1 validations (this is the highest that can
> > > be achieved by libgcrypt), there is *no* need for a techncial
> > > enforcement. I.e. it is perfectly viable to drop all code that disallows
> > > ciphers when in FIPS mode.
> >
> > So is it possible to disable this enforcement in a Libgcrypt user?
>
> It is permissible to disable the enforcement of the cipher restrictions. Other
> FIPS related enforcements cannot be removed.

Hmm, that is unfortunate. So in order to (for example) support MD5 (for
verifying checksums or deriving keys for decryption and dissection), we
would have to use another crypto library *or*
require the administrator to keep FIPS enforcement disabled (by not
creating /etc/gcrypt/fips_enabled)?
--
Kind regards,
Peter Wu
https://lekensteyn.nl

PS. For some reason your messages are not appearing in the archives at
https://lists.gnupg.org/pipermail/gcrypt-devel/2017-April/

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Stephan Müller
Am Dienstag, 11. April 2017, 17:27:39 CEST schrieb Peter Wu:

Hi Peter,

> > > So is it possible to disable this enforcement in a Libgcrypt user?
> >
> > It is permissible to disable the enforcement of the cipher restrictions.
> > Other FIPS related enforcements cannot be removed.
>
> Hmm, that is unfortunate. So in order to (for example) support MD5 (for
> verifying checksums or deriving keys for decryption and dissection), we
> would have to use another crypto library *or*
> require the administrator to keep FIPS enforcement disabled (by not
> creating /etc/gcrypt/fips_enabled)?

Maybe I was not clear: you can remove the code that disables the non-approved
ciphers like MD5. I.e. you can technically use MD5 even though libgcrypt is in
FIPS mode.

Other FIPS changes (like the use of the SP800-90A DRBG or self tests) must not
be touched.

Ciao
Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Peter Wu-2
On Tue, Apr 11, 2017 at 05:43:35PM +0200, Stephan Müller wrote:

> Am Dienstag, 11. April 2017, 17:27:39 CEST schrieb Peter Wu:
>
> Hi Peter,
>
> > > > So is it possible to disable this enforcement in a Libgcrypt user?
> > >
> > > It is permissible to disable the enforcement of the cipher restrictions.
> > > Other FIPS related enforcements cannot be removed.
> >
> > Hmm, that is unfortunate. So in order to (for example) support MD5 (for
> > verifying checksums or deriving keys for decryption and dissection), we
> > would have to use another crypto library *or*
> > require the administrator to keep FIPS enforcement disabled (by not
> > creating /etc/gcrypt/fips_enabled)?
>
> Maybe I was not clear: you can remove the code that disables the non-approved
> ciphers like MD5.

Which code? Libgcrypt? We are not bundling Libgcrypt but use whatever is
installed on the system.

> you can technically use MD5 even though libgcrypt is in FIPS mode.

It seems possible to do this based on a look in src/fips.c, except when
FIPS enforcement is in effect (/etc/gcrypt/fips_enabled = 1).

> Other FIPS changes (like the use of the SP800-90A DRBG or self tests) must not
> be touched.
>
> Ciao
> Stephan
--
Kind regards,
Peter Wu
https://lekensteyn.nl

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Stephan Müller
Am Dienstag, 11. April 2017, 17:59:58 CEST schrieb Peter Wu:

Hi Peter,

> On Tue, Apr 11, 2017 at 05:43:35PM +0200, Stephan Müller wrote:
> > Am Dienstag, 11. April 2017, 17:27:39 CEST schrieb Peter Wu:
> >
> > Hi Peter,
> >
> > > > > So is it possible to disable this enforcement in a Libgcrypt user?
> > > >
> > > > It is permissible to disable the enforcement of the cipher
> > > > restrictions.
> > > > Other FIPS related enforcements cannot be removed.
> > >
> > > Hmm, that is unfortunate. So in order to (for example) support MD5 (for
> > > verifying checksums or deriving keys for decryption and dissection), we
> > > would have to use another crypto library *or*
> > > require the administrator to keep FIPS enforcement disabled (by not
> > > creating /etc/gcrypt/fips_enabled)?
> >
> > Maybe I was not clear: you can remove the code that disables the
> > non-approved ciphers like MD5.
>
> Which code? Libgcrypt? We are not bundling Libgcrypt but use whatever is
> installed on the system.

Exactly that is the problem. The current libgcrypt code disables ciphers like
MD5. This is not really needed and could be reverted in the libgcrypt code.
This though would not help you in the short run.

Ciao
Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Jussi Kivilinna-2
In reply to this post by Stephan Müller
Hello,

On 11.04.2017 17:48, Stephan Müller wrote:
> It is the idea of the FIPS mode to not allow MD5 and friends.
>
> However, for FIPS 140-2 level 1 validations (this is the highest that can be
> achieved by libgcrypt), there is *no* need for a techncial enforcement. I.e.
> it is perfectly viable to drop all code that disallows ciphers when in FIPS
> mode.
>

So, to clarify, following code in cipher.c (and similar piece in md.c) could be
removed altogether?

  gcry_err_code_t
  _gcry_cipher_init (void)
  {
    if (fips_mode())
      {
        /* disable algorithms that are disallowed in fips */
        int idx;
        gcry_cipher_spec_t *spec;

        for (idx = 0; (spec = cipher_list[idx]); idx++)
          if (!spec->flags.fips)
            spec->flags.disabled = 1;
      }

    return 0;
  }

-Jussi

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
Reply | Threaded
Open this post in threaded view
|

Re: Disable FIPS by application?

Stephan Müller
Am Samstag, 13. Mai 2017, 15:14:48 CEST schrieb Jussi Kivilinna:

Hi Jussi,

> Hello,
>
> On 11.04.2017 17:48, Stephan Müller wrote:
> > It is the idea of the FIPS mode to not allow MD5 and friends.
> >
> > However, for FIPS 140-2 level 1 validations (this is the highest that can
> > be achieved by libgcrypt), there is *no* need for a techncial
> > enforcement. I.e. it is perfectly viable to drop all code that disallows
> > ciphers when in FIPS mode.
>
> So, to clarify, following code in cipher.c (and similar piece in md.c) could
> be removed altogether?
>
>   gcry_err_code_t
>   _gcry_cipher_init (void)
>   {
>     if (fips_mode())
>       {
>         /* disable algorithms that are disallowed in fips */
>         int idx;
>         gcry_cipher_spec_t *spec;
>
>         for (idx = 0; (spec = cipher_list[idx]); idx++)
>           if (!spec->flags.fips)
>             spec->flags.disabled = 1;
>       }
>
>     return 0;
>   }

If I interpret that code snippet correctly, it disables ciphers that do not
have the fips flag.

If my interpretation of the code is correct, the code could be removed, but
can also stay.

Ciao
Stephan

_______________________________________________
Gcrypt-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel